feat ✨: ci push kaasix close #161

Signed-off-by: Victor Hang <[email protected]>

.github/workflows/build-kaasix.yaml

@@ -0,0 +1,74 @@
+name: Build KaaSix
+on:
+  push:
+    tags:
+      - 'kaasix-v*.*.*'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+jobs:
+  pre_job:
+    # continue-on-error: true # Uncomment once integration is finished
+    runs-on: didactiklabs-runners
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@master
+        with:
+          # All of these options are optional, so you can remove them if you are happy with the defaults
+          concurrent_skipping: 'never'
+          skip_after_successful_duplicate: 'true'
+          paths_ignore: '["**/README.md", "**/docs/**"]'
+          do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
+  build:
+    needs: pre_job
+    if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: false
+          large-packages: false
+          docker-images: false
+          swap-storage: true
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Set output
+        id: vars
+        run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
+      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+        with:
+          nix_path: nixpkgs=${{ env.url }}
+          extra_nix_config: |
+            fallback = true
+            trusted-public-keys = didactiklabs-nixcache:PxLKN0+ZkP07M8g8/B6xbP6A4MYpqQg6LH7V3muiy/0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+            substituters = https://s3.didactiklabs.io/nix-cache https://cache.nixos.org/
+      - name: Auth to s3 cache
+        run: |
+          aws --profile default configure set aws_access_key_id "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          aws --profile default configure set aws_secret_access_key "${{ secrets.AWS_SECRET_ACCESS_KEY_ID }}"
+      - name: 'Set up skopeo'
+        uses: warjiang/[email protected]
+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          credentials_json: '${{ secrets.GCLOUD_AUTH_CREDENTIAL_FILE }}'
+      - name: Build and Push
+        run: |
+          nix-shell shell.nix --run "buildOciQcow2 kaasix"
+          gcloud auth configure-docker gcr.io --quiet
+          skopeo --version
+          skopeo copy \
+          docker-archive:output/kaasix-qcow2-oci.tar \
+          docker://gcr.io/${{ secrets.GCLOUD_PROJECT }}/kaasix-$(nix eval --raw -f . nixosSystem.config.customNixOSModules.kubernetes.version.kubeadm --argstr profile kaasix):${{ steps.vars.outputs.tag }}

default.nix

@@ -1,6 +1,7 @@
 {
   cloud ? false,
   partition ? "default60G",
+  profile ? "kaasix",
   ...
 }:
 let
@@ -15,9 +16,23 @@ let
     ];
     specialArgs = { inherit disko partition cloud; };
   };
+  nixosSystem = import (sources.nixpkgs + "/nixos") {
+    configuration = ./profiles/${profile}/configuration.nix;
+  };
+  buildQcow2 = import <nixpkgs/nixos/lib/make-disk-image.nix> {
+    inherit lib pkgs;
+    inherit (nixosSystem) config;
+    inherit (nixosSystem.config.virtualisation) diskSize;
+    format = "qcow2";
+    configFile = ./profiles/${profile}/configuration.nix;
+    partitionTableType = "hybrid";
+    additionalSpace = "100G";
+  };
+  inherit (pkgs) lib;
 in
 {
   imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> ];
+  inherit lib nixosSystem buildQcow2;
   buildIso =
     (isoInstall.extendModules {
       modules = [
@@ -27,4 +42,12 @@ in
         }
       ];
     }).config.system.build.isoImage;
+  ociQcow2 = pkgs.dockerTools.streamLayeredImage {
+    name = "${profile}-${nixosSystem.config.customNixOSModules.kubernetes.version.kubeadm}";
+    includeStorePaths = false;
+    fakeRootCommands = ''
+      mkdir -p ./disk
+      cp -L ${buildQcow2}/nixos.qcow2 ./disk/${profile}.qcow2
+    '';
+  };
 }

nixosModules/kubernetes/default.nix

@@ -141,25 +141,68 @@ in
     };
     # kubelet systemd unit is heavily inspired by official image-builder unit
     systemd = {
-      services.cloud-final = {
-        path = [
-          "${kubeadm-bin}"
-          "${kubelet-bin}"
-          pkgs.cri-tools
-        ];
-        after = [ "containerd.service" ];
-        wants = [ "containerd.service" ];
-      };
-      services.kubeadm-upgrade = {
-        enable = true;
-        path = [
-          "${kubeadm-bin}"
-          pkgs.jq
-        ];
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig = {
-          ExecStart = "${pkgs.bash}/bin/bash -c '${kubeadm-upgrade}/bin/kubeadm-upgrade'";
-          Restart = "on-failure";
+      services = {
+        cloud-final = {
+          path = [
+            "${kubeadm-bin}"
+            "${kubelet-bin}"
+            pkgs.cri-tools
+            pkgs.ethtool
+            pkgs.conntrack-tools
+            pkgs.iptables
+            pkgs.iproute2
+            pkgs.socat
+          ];
+          after = [ "containerd.service" ];
+          wants = [ "containerd.service" ];
+        };
+        kubeadm-upgrade = {
+          enable = true;
+          path = [
+            "${kubeadm-bin}"
+            pkgs.jq
+          ];
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            ExecStart = "${pkgs.bash}/bin/bash -c '${kubeadm-upgrade}/bin/kubeadm-upgrade'";
+            Restart = "on-failure";
+          };
+        };
+        kubelet = {
+          enable = true;
+          description = "kubelet: The Kubernetes Node Agent";
+          documentation = [ "https://kubernetes.io/docs/home/" ];
+          path = [
+            "/opt/cni/bin"
+            pkgs.mount
+            pkgs.umount
+            pkgs.util-linux
+            pkgs.file
+            pkgs.iproute2
+            pkgs.iptables
+            pkgs.socat
+            pkgs.ethtool
+            pkgs.conntrack-tools
+            pkgs.multipath-tools
+            pkgs.openiscsi
+            pkgs.lsscsi
+          ];
+          serviceConfig = {
+            Restart = "always";
+            RestartSec = 10;
+            Environment = [
+              ''KUBELET_KUBECONFIG_ARGS="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"''
+              ''KUBELET_CONFIG_ARGS="--config=/var/lib/kubelet/config.yaml --config-dir=/etc/kubernetes/kubelet/config.d"''
+            ];
+            EnvironmentFile = [
+              "-/var/lib/kubelet/kubeadm-flags.env"
+              "-/etc/sysconfig/kubelet"
+            ];
+            ExecStart = [
+              "${kubelet-bin}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
+            ];
+          };
+          wantedBy = [ "multi-user.target" ];
         };
       };
       timers.kubeadm-upgrade-timer = {
@@ -172,42 +215,6 @@ in
           Unit = "kubeadm-upgrade.service";
         };
       };
-      services.kubelet = {
-        enable = true;
-        description = "kubelet: The Kubernetes Node Agent";
-        documentation = [ "https://kubernetes.io/docs/home/" ];
-        path = [
-          "/opt/cni/bin"
-          pkgs.mount
-          pkgs.umount
-          pkgs.util-linux
-          pkgs.file
-          pkgs.iproute2
-          pkgs.iptables
-          pkgs.socat
-          pkgs.ethtool
-          pkgs.conntrack-tools
-          pkgs.multipath-tools
-          pkgs.openiscsi
-          pkgs.lsscsi
-        ];
-        serviceConfig = {
-          Restart = "always";
-          RestartSec = 10;
-          Environment = [
-            ''KUBELET_KUBECONFIG_ARGS="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"''
-            ''KUBELET_CONFIG_ARGS="--config=/var/lib/kubelet/config.yaml --config-dir=/etc/kubernetes/kubelet/config.d"''
-          ];
-          EnvironmentFile = [
-            "-/var/lib/kubelet/kubeadm-flags.env"
-            "-/etc/sysconfig/kubelet"
-          ];
-          ExecStart = [
-            "${kubelet-bin}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS"
-          ];
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
 
       # we need cacert to be a real file to be mounted in kube's pods using hostPath volumes
       tmpfiles.rules = [

profiles/kaasix/default.nix

@@ -0,0 +1,109 @@
+{
+  config,
+  pkgs,
+  lib,
+  sources,
+  ...
+}:
+let
+  overrides = {
+    customHomeManagerModules = { };
+    imports = [ ./fastfetchConfig.nix ];
+  };
+in
+{
+  boot = {
+    kernelParams = [
+      "consoleblank=0"
+      "console=ttyS0,115200n8"
+    ];
+    loader = {
+      systemd-boot.configurationLimit = 0;
+      timeout = 0;
+      grub = {
+        enable = true;
+        devices = [ "/dev/vda" ];
+      };
+    };
+    growPartition = true;
+  };
+  networking = {
+    hostName = lib.mkForce "";
+  };
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    autoResize = true;
+    fsType = "ext4";
+  };
+  networking = {
+    useDHCP = false;
+    dhcpcd.enable = false;
+  };
+  services = {
+    cloud-init = {
+      enable = true;
+      network.enable = true;
+      settings = {
+        network = {
+          config = "disabled";
+        };
+      };
+    };
+    resolved = {
+      enable = true;
+      llmnr = "false"; # allow shotdns resolution in kubevirt
+      extraConfig = ''
+        ResolveUnicastSingleLabel=true # allow shotdns resolution in kubevirt
+      '';
+    };
+  };
+  security = {
+    polkit.enable = true;
+  };
+  systemd = {
+    network = {
+      networks = {
+        "10-enp1s0" = {
+          matchConfig = {
+            Name = "en*";
+          };
+          linkConfig.RequiredForOnline = "routable";
+          networkConfig = {
+            DHCP = "yes";
+          };
+          dhcpV4Config = {
+            UseDNS = true;
+            UseDomains = true;
+            UseHostname = true;
+          };
+        };
+      };
+    };
+  };
+  customNixOSModules = {
+    kubernetes = {
+      enable = true;
+      version = {
+        kubeadm = "v1.31.4";
+        kubelet = "v1.31.4";
+      };
+    };
+    caCertificates = {
+      didactiklabs.enable = true;
+      bealv.enable = true;
+    };
+    ginx.enable = false;
+  };
+  imports = [
+    (import ../../users {
+      inherit
+        config
+        pkgs
+        lib
+        sources
+        overrides
+        ;
+    })
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+}

profiles/rintaro/fastfetchConfig.nix → profiles/kaasix/fastfetchConfig.nix

@@ -9,8 +9,8 @@ let
   logo =
     let
       image = pkgs.fetchurl {
-        url = "https://i.imgur.com/TTA9fgg.jpeg";
-        sha256 = "sha256-+9/6Dei+k8e7MjsLYsQUF9njW8sRPqAxw9wCEFrzeFM=";
+        url = "https://i.imgur.com/YAndRSL.jpeg";
+        sha256 = "sha256-6rn4xPmEbvv5BS29HWVbK2rDXgvXzS9iArg/2nZObrM=";
       };
     in
     "${image}";