feat ✨: ci push kaasix close #161

Signed-off-by: Victor Hang <[email protected]>
didactiklabs · Jan 25, 2025 · 86f932e · 86f932e
1 parent db8b886
commit 86f932e
Show file tree

Hide file tree

Showing 7 changed files with 180 additions and 61 deletions.
diff --git a/.github/workflows/build-kaasix.yaml b/.github/workflows/build-kaasix.yaml
@@ -0,0 +1,74 @@
+name: Build KaaSix
+on:
+  push:
+    tags:
+      - 'kaasix-v*.*.*'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+jobs:
+  pre_job:
+    # continue-on-error: true # Uncomment once integration is finished
+    runs-on: didactiklabs-runners
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@master
+        with:
+          # All of these options are optional, so you can remove them if you are happy with the defaults
+          concurrent_skipping: 'never'
+          skip_after_successful_duplicate: 'true'
+          paths_ignore: '["**/README.md", "**/docs/**"]'
+          do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
+  build:
+    needs: pre_job
+    if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: false
+          large-packages: false
+          docker-images: false
+          swap-storage: true
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Set output
+        id: vars
+        run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
+      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+        with:
+          nix_path: nixpkgs=${{ env.url }}
+          extra_nix_config: |
+            fallback = true
+            trusted-public-keys = didactiklabs-nixcache:PxLKN0+ZkP07M8g8/B6xbP6A4MYpqQg6LH7V3muiy/0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+            substituters = https://s3.didactiklabs.io/nix-cache https://cache.nixos.org/
+      - name: Auth to s3 cache
+        run: |
+          aws --profile default configure set aws_access_key_id "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          aws --profile default configure set aws_secret_access_key "${{ secrets.AWS_SECRET_ACCESS_KEY_ID }}"
+      - name: 'Set up skopeo'
+        uses: warjiang/[email protected]
+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          credentials_json: '${{ secrets.GCLOUD_AUTH_CREDENTIAL_FILE }}'
+      - name: Build and Push
+        run: |
+          nix-shell shell.nix --run "buildOciQcow2 kaasix"
+          gcloud auth configure-docker gcr.io --quiet
+          skopeo --version
+          skopeo copy --authfile keyfile.json \
+          docker-archive:output/kaasix-qcow2-oci.tar \
+          docker://gcr.io/${{ secrets.GCLOUD_PROJECT }}/kaasix-$(nix eval --raw -f . nixosSystem.config.customNixOSModules.kubernetes.version.kubeadm --argstr profile kaasix):${{ steps.vars.outputs.tag }}
diff --git a/default.nix b/default.nix
@@ -1,6 +1,7 @@
 {
   cloud ? false,
   partition ? "default60G",
+  profile ? "kaasix",
   ...
 }:
 let
@@ -15,9 +16,22 @@ let
     ];
     specialArgs = { inherit disko partition cloud; };
   };
+  nixosSystem = import (sources.nixpkgs + "/nixos") {
+    configuration = ./profiles/${profile}/configuration.nix;
+  };
+  buildQcow2 = import <nixpkgs/nixos/lib/make-disk-image.nix> {
+    inherit lib pkgs;
+    inherit (nixosSystem) config;
+    inherit (nixosSystem.config.virtualisation) diskSize;
+    format = "qcow2";
+    configFile = ./profiles/${profile}/configuration.nix;
+    partitionTableType = "hybrid";
+  };
+  inherit (pkgs) lib;
 in
 {
   imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> ];
+  inherit lib nixosSystem buildQcow2;
   buildIso =
     (isoInstall.extendModules {
       modules = [
@@ -27,4 +41,12 @@ in
         }
       ];
     }).config.system.build.isoImage;
+  ociQcow2 = pkgs.dockerTools.streamLayeredImage {
+    name = "${profile}-${nixosSystem.config.customNixOSModules.kubernetes.version.kubeadm}";
+    includeStorePaths = false;
+    fakeRootCommands = ''
+      mkdir -p ./disk
+      cp -L ${buildQcow2}/nixos.qcow2 ./disk/${profile}.qcow2
+    '';
+  };
 }
diff --git a/nixosModules/kubernetes/default.nix b/nixosModules/kubernetes/default.nix
@@ -141,25 +141,68 @@ in
     };
     # kubelet systemd unit is heavily inspired by official image-builder unit
     systemd = {
-      services.cloud-final = {
-        path = [
-          "${kubeadm-bin}"
-          "${kubelet-bin}"
-          pkgs.cri-tools
-        ];
-        after = [ "containerd.service" ];
-        wants = [ "containerd.service" ];
-      };
-      services.kubeadm-upgrade = {
-        enable = true;
-        path = [
-          "${kubeadm-bin}"
-          pkgs.jq
-        ];
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig = {
-          ExecStart = "${pkgs.bash}/bin/bash -c '${kubeadm-upgrade}/bin/kubeadm-upgrade'";
-          Restart = "on-failure";
+      services = {
+        cloud-final = {
+          path = [
+            "${kubeadm-bin}"
+            "${kubelet-bin}"
+            pkgs.cri-tools
+            pkgs.ethtool
+            pkgs.conntrack-tools
+            pkgs.iptables
+            pkgs.iproute2
+            pkgs.socat
+          ];
+          after = [ "containerd.service" ];
+          wants = [ "containerd.service" ];
+        };
+        kubeadm-upgrade = {
+          enable = true;
+          path = [
+            "${kubeadm-bin}"
+            pkgs.jq
+          ];
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            ExecStart = "${pkgs.bash}/bin/bash -c '${kubeadm-upgrade}/bin/kubeadm-upgrade'";
+            Restart = "on-failure";
+          };
+        };
+        kubelet = {
+          enable = true;
+          description = "kubelet: The Kubernetes Node Agent";
+          documentation = [ "https://kubernetes.io/docs/home/" ];
+          path = [
+            "/opt/cni/bin"
+            pkgs.mount
+            pkgs.umount
+            pkgs.util-linux
+            pkgs.file
+            pkgs.iproute2
+            pkgs.iptables
+            pkgs.socat
+            pkgs.ethtool
+            pkgs.conntrack-tools
+            pkgs.multipath-tools
+            pkgs.openiscsi
+            pkgs.lsscsi
+          ];
+          serviceConfig = {
+            Restart = "always";
+            RestartSec = 10;
+            Environment = [
+              ''KUBELET_KUBECONFIG_ARGS="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"''
+              ''KUBELET_CONFIG_ARGS="--config=/var/lib/kubelet/config.yaml --config-dir=/etc/kubernetes/kubelet/config.d"''
+            ];
+            EnvironmentFile = [
+              "-/var/lib/kubelet/kubeadm-flags.env"
+              "-/etc/sysconfig/kubelet"
+            ];
+            ExecStart = [
+              "${kubelet-bin}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
+            ];
+          };
+          wantedBy = [ "multi-user.target" ];
         };
       };
       timers.kubeadm-upgrade-timer = {
@@ -172,42 +215,6 @@ in
           Unit = "kubeadm-upgrade.service";
         };
       };
-      services.kubelet = {
-        enable = true;
-        description = "kubelet: The Kubernetes Node Agent";
-        documentation = [ "https://kubernetes.io/docs/home/" ];
-        path = [
-          "/opt/cni/bin"
-          pkgs.mount
-          pkgs.umount
-          pkgs.util-linux
-          pkgs.file
-          pkgs.iproute2
-          pkgs.iptables
-          pkgs.socat
-          pkgs.ethtool
-          pkgs.conntrack-tools
-          pkgs.multipath-tools
-          pkgs.openiscsi
-          pkgs.lsscsi
-        ];
-        serviceConfig = {
-          Restart = "always";
-          RestartSec = 10;
-          Environment = [
-            ''KUBELET_KUBECONFIG_ARGS="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"''
-            ''KUBELET_CONFIG_ARGS="--config=/var/lib/kubelet/config.yaml --config-dir=/etc/kubernetes/kubelet/config.d"''
-          ];
-          EnvironmentFile = [
-            "-/var/lib/kubelet/kubeadm-flags.env"
-            "-/etc/sysconfig/kubelet"
-          ];
-          ExecStart = [
-            "${kubelet-bin}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
-          ];
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
 
       # we need cacert to be a real file to be mounted in kube's pods using hostPath volumes
       tmpfiles.rules = [

diff --git a/profiles/rintaro/configuration.nix → profiles/kaasix/configuration.nix b/profiles/rintaro/configuration.nix → profiles/kaasix/configuration.nix
diff --git a/profiles/rintaro/default.nix → profiles/kaasix/default.nix b/profiles/rintaro/default.nix → profiles/kaasix/default.nix
@@ -22,14 +22,29 @@ in
       timeout = 0;
       grub = {
         enable = true;
+        devices = [ "/dev/vda" ];
       };
     };
+    growPartition = true;
   };
   networking = {
     hostName = lib.mkForce "";
   };
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
   networking.useDHCP = lib.mkDefault true;
-  services.cloud-init.enable = true;
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+    settings = {
+      network = {
+        config = "disabled";
+      };
+    };
+  };
   customNixOSModules = {
     kubernetes = {
       enable = true;

diff --git a/profiles/rintaro/fastfetchConfig.nix → profiles/kaasix/fastfetchConfig.nix b/profiles/rintaro/fastfetchConfig.nix → profiles/kaasix/fastfetchConfig.nix
@@ -9,8 +9,8 @@ let
   logo =
     let
       image = pkgs.fetchurl {
-        url = "https://i.imgur.com/TTA9fgg.jpeg";
-        sha256 = "sha256-+9/6Dei+k8e7MjsLYsQUF9njW8sRPqAxw9wCEFrzeFM=";
+        url = "https://i.imgur.com/YAndRSL.jpeg";
+        sha256 = "sha256-6rn4xPmEbvv5BS29HWVbK2rDXgvXzS9iArg/2nZObrM=";
       };
     in
     "${image}";

diff --git a/shell.nix b/shell.nix
@@ -6,6 +6,7 @@ pkgs.mkShell {
 
   packages = [
     pkgs.qemu
+    pkgs.docker
     (pkgs.writeShellScriptBin "buildIso" ''
       #!/bin/bash
       set -euo pipefail
@@ -17,14 +18,14 @@ pkgs.mkShell {
       set -euo pipefail
       mkdir -p output
       chmod +w output -R
-      cp $(${pkgs.nixos-generators}/bin/nixos-generate -f qcow -c profiles/$1/configuration.nix -I nixpkgs=$(nix eval --raw -f npins nixpkgs.outPath)) output/$1.qcow2
+      cp $(nix-build default.nix -A buildQcow2 --argstr profile $1)/$1.qcow2 output/$1.qcow2
     '')
-    (pkgs.writeShellScriptBin "runQcow2" ''
+    (pkgs.writeShellScriptBin "buildOciQcow2" ''
       #!/bin/bash
       set -euo pipefail
       mkdir -p output
       chmod +w output -R
-      ${pkgs.nixos-generators}/bin/nixos-generate -f vm --run -c profiles/$1/configuration.nix -I nixpkgs=$(nix eval --raw -f npins nixpkgs.outPath)
+      $(nix-build default.nix -A ociQcow2 --argstr profile $1) > output/$1-qcow2-oci.tar
     '')
     (pkgs.writeShellScriptBin "runIso" ''
       #!/bin/bash