From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-4323.protonmail.ch (mail-4323.protonmail.ch [185.70.43.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E9CD233D85 for ; Wed, 2 Apr 2025 10:25:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.70.43.23 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743589506; cv=none; b=IcdI2IxISb2hxHVTRBOrOyvfodlrdI7wAKpO8k3fN2Y9KU93bPnUwlTm0UonydQurc8QAwZAfmbdpGkpO37okrU1AMbfM5nmYuaBCDT3vzfWSRQMm5zJNbmgUei7+Olu7BAAc9CX82i8A/lEdN8/4weaYJ09opqKJkrf7XFwx0Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743589506; c=relaxed/simple; bh=6Lx2kwblF1fVSOk40PPMNwVsTegikVuvtp5NKNsSIgo=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=n79DWArMtDAtzS/mr381EHVX/IxHb0JktE2Fadc0vh54Gf4nby2D2+Sgl3gkB7ERQGUDo7a66acjrxxSs4TCIX4DObvj+TvPv9earRg7bXua+GJPmV3jazJ9awVgVysInfGmjOiF6P0zbt5cARgounwvUTG6nCrFWTYruERXkso= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=metaspace.dk; spf=pass smtp.mailfrom=metaspace.dk; dkim=pass (2048-bit key) header.d=metaspace.dk header.i=@metaspace.dk header.b=FfaeQEeg; arc=none smtp.client-ip=185.70.43.23 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=metaspace.dk Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=metaspace.dk Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=metaspace.dk header.i=@metaspace.dk header.b="FfaeQEeg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaspace.dk; s=protonmail2; t=1743589493; x=1743848693; bh=lWjjEesIYPd9TesoymYHQgD/naWgV3XkpIAOQIJzoi8=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=FfaeQEegYPzulMzVf8wYUbDwxYA0v+I5zRDIOPcZVIeQ1oz84It48cTzDy5LJzkJt 9HJ04UkpHjjLjuaC9Rg8pqRffVGIbsHWog4UQgquFNdMjLz+Oi8lG7ESPELfj/nuOj l/hqgoYHUsTA74RlO67QULjEzG9m9Q0xEzm9IDadyQlnMnBgJWEhQTyd+PkLGyhyF2 YkdZ4ABbnAKftSXGtoP9qUpbvHwq/z7MHnk+l+NwxBcSz5Q1FD24T8QJA9TVxIq+jq JQQnGLL7e22arUXP2h2KTlpEuwLXD1xdY8/5nhUnAqwAhYy4IPVKLTOzzYeHXC8xXT xdZR2M3xW/1gA== Date: Wed, 02 Apr 2025 10:24:50 +0000 To: Daniel Gomez From: Andreas Hindborg Cc: Luis Chamberlain , kdevops@lists.linux.dev, Joel Granados Subject: Re: [RFC] bringup: add semantics to start NixOS support Message-ID: <87semqc13x.fsf@metaspace.dk> In-Reply-To: References: <20250331100928.5284-1-mcgrof@kernel.org> Feedback-ID: 113830118:user:proton X-Pm-Message-ID: a4502473c04963ad1416bc6b5c92eae45d139b63 Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable "Daniel Gomez" writes: > On Tue, Apr 01, 2025 at 02:17:09PM +0100, Luis Chamberlain wrote: >> On Tue, Apr 01, 2025 at 01:30:30PM +0200, Daniel Gomez wrote: >> > On Mon, Mar 31, 2025 at 03:09:28AM +0100, Luis Chamberlain wrote: >> > > Tons still left to do... but hey, at least we get to trim clutter ou= t >> > > and can aim for a simple setup. TODO: >> > > >> > > - playbooks/bringup_nixos.yml >> > > - playbooks/update_ssh_config_nixos.yml >> > > >> > > We can probably just trim nixos.nix.j2 so to at least bring up >> > > a libvirt guest first, and then the second step is to use process >> > > a set of target nodes under a simple workflow. >> > > >> > > So the only thing here this does is show how we need to first >> > > add tons of "support" bools and make terraform and guestfs to select >> > > them. That should probably just be its own patch before all this. >> > > >> > > Then the makefile shows the bare bones bringup we need. But we can >> > > probably simplify that more. >> > > >> > > Signed-off-by: Luis Chamberlain >> > >> > I have a WIP branch with some cleanup needed for this: >> > >> > https://github.com/dkruces/kdevops/commits/nixos/ >> >> OK that and this patch can likely get us going somewhere fast. >> >> > * kdevops: add nixos support >> > This simply makes kdevops runnable in NixOS by >> > chaning all the shebangs in scripts/. >> > >> > * Makefile.kdevops: drop ansible_python_intepreter >> > Once ansible cfg series are merged, I think we an get rid of the pytho= n >> > interperter in the ansible calls and configure that in Kconfig -> ansi= ble.cfg. >> > >> > * shell.nix >> > Just to launch a Nix shell with all kdevops dependencies. >> > >> > * libvirt_user: add nixos support >> > Generates a kdevops/ in your Nix configuration/ folder. Output: >> > https://github.com/dkruces/nixos-config/tree/main/kdevops >> > >> > My initial idea was to generate NixOS configuration with Ansible [1]. >> >> If folks don't want to use libvirt they can just a config yaml entry >> describing their qemu junk, and Kconfig should be able then to read that >> in and populate pool crap and all that. Do nixos users with >> virtualization who are on debian use session URI or system URI? I ask >> as system URI crap requires privileges, which is why we do tons of >> hoops with sudo for system URI. >> >> Fedora based distros use session URI by default >> Debian based distros use system URI by default > > My feedback and patches aim to enable kdevops on NixOS hosts, but I now r= ealize > this changes are for guests. > > Sorry for the noise. > >> >> What do we want to assume for nix os users? >> >> > But Joel >> > tried something different with flakes I think. Adding him to get more = feeback >> > on it. >> > >> > One thing he found was the need of a hack to be able to launch virt-bu= ilder [2]: >> >> Hrm, so the use case was to use virt-builder with nix? Is that the nixy >> way to deal with things? > > I can't generalize, but nix approach, whether host or guest, it's quite > different. For packages, user, groups etc, it would be enough to add a fi= le in > kdevops repository to statically define package dependencies and permissi= ons > needed. No need for virt-builder or similar tools with nix virtual machines. You can simply mount the nix store into the vm with virtiofs and go. No image r= equired. You probably want to generate a nix expression describing your vm from your kconfig settings. Seems like you might want to use ansible to do this, but really a small piece of shell script or python could do this for you. If you need any input on how to make this work, I can give you some input. I am booting a nixos vm in this way for my development workflow. Best regards, Andreas Hindborg