azure: init nixos/maintainers/scripts/azure-new

2020-03-26 06:11:54 +00:00 · 2020-03-26 06:11:54 +00:00 · 20f981de08
parent a5a6d77508
commit 20f981de08
9 changed files with 195 additions and 0 deletions
--- a/nixos/maintainers/scripts/azure-new/.gitignore
+++ b/nixos/maintainers/scripts/azure-new/.gitignore
@ -0,0 +1 @@
 azure
--- a/nixos/maintainers/scripts/azure-new/README.md
+++ b/nixos/maintainers/scripts/azure-new/README.md
@ -0,0 +1,30 @@
 # azure
 ## Demo
 Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp
 ## Usage
 Build and upload the image
 ```shell
 $ ./upload-image.sh ./examples/basic/image.nix
 ...
 + attr=azbasic
 + nix-build ./examples/basic/image.nix --out-link azure
 /nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image
 ...
 95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565 
 ...
 /subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter
 ```
 Take the output, boot an Azure VM:
 ```
 img="/subscriptions/.../..." # use output from last command
 ./boot-vm.sh "${img}"
 ...
 => booted
 ```
--- a/nixos/maintainers/scripts/azure-new/boot-vm.sh
+++ b/nixos/maintainers/scripts/azure-new/boot-vm.sh
@ -0,0 +1,36 @@
 #!/usr/bin/env bash
 set -euo pipefail
 set -x
 image="${1}"
 location="westus2"
 group="nixos-test-vm"
 vm_size="Standard_D2s_v3";  os_size=42;
 # ensure group
 az group create --location "westus2" --name "${group}"
 group_id="$(az group show --name "${group}" -o tsv --query "[id]")"
 # (optional) identity
 if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then
  az identity create --name "${group}-identity" --resource-group "${group}"
 fi
 # (optional) role assignment, to the resource group, bad but not really great alternatives
 identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")"
 principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")"
 until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done
 # boot vm
 az vm create \
  --name "${group}-vm" \
  --resource-group "${group}" \
  --assign-identity "${identity_id}" \
  --size "${vm_size}" \
  --os-disk-size-gb "${os_size}" \
  --image "${image}" \
  --admin-username "${USER}" \
  --location "westus2" \
  --storage-sku "Premium_LRS" \
  --ssh-key-values "$(ssh-add -L)"
--- a/nixos/maintainers/scripts/azure-new/common.sh
+++ b/nixos/maintainers/scripts/azure-new/common.sh
@ -0,0 +1,7 @@
 export group="${AZURE_RESOURCE_GROUP:-"azure"}"
 export location="${AZURE_LOCATION:-"westus2"}"
 img_file=$(echo azure/*.vhd)
 img_name="$(basename "${img_file}")"
 img_name="${img_name%".vhd"}"
 export img_name="${img_name//[._]/-}"
--- a/nixos/maintainers/scripts/azure-new/examples/basic/image.nix
+++ b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix
@ -0,0 +1,10 @@
 let
  pkgs = (import <nixpkgs> {});
  machine = import "${pkgs.path}/nixos/lib/eval-config.nix" {
    system = "x86_64-linux";
    modules = [
      ({config, ...}: { imports = [ ./system.nix ]; })
    ];
  };
 in
  machine.config.system.build.azureImage
--- a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
+++ b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix
@ -0,0 +1,42 @@
 { pkgs, modulesPath, ... }:
 {
  imports = [
    "${modulesPath}/virtualisation/azure-common.nix"
    "${modulesPath}/virtualisation/azure-image.nix"
  ];
  ##### test user ######
  users.extraGroups."cole".gid = 1000;
    users.extraUsers."cole" = {
      isNormalUser = true;
      home = "/home/cole";
      description = "Cole Mickens";
      openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9YAN+P0umXeSP/Cgd5ZvoD5gpmkdcrOjmHdonvBbptbMUbI/Zm0WahBDK0jO5vfJ/C6A1ci4quMGCRh98LRoFKFRoWdwlGFcFYcLkuG/AbE8ObNLHUxAwqrdNfIV6z0+zYi3XwVjxrEqyJ/auZRZ4JDDBha2y6Wpru8v9yg41ogeKDPgHwKOf/CKX77gCVnvkXiG5ltcEZAamEitSS8Mv8Rg/JfsUUwULb6yYGh+H6RECKriUAl9M+V11SOfv8MAdkXlYRrcqqwuDAheKxNGHEoGLBk+Fm+orRChckW1QcP89x6ioxpjN9VbJV0JARF+GgHObvvV+dGHZZL1N3jr8WtpHeJWxHPdBgTupDIA5HeL0OCoxgSyyfJncMl8odCyUqE+lqXVz+oURGeRxnIbgJ07dNnX6rFWRgQKrmdV4lt1i1F5Uux9IooYs/42sKKMUQZuBLTN4UzipPQM/DyDO01F0pdcaPEcIO+tp2U6gVytjHhZqEeqAMaUbq7a6ucAuYzczGZvkApc85nIo9jjW+4cfKZqV8BQfJM1YnflhAAplIq6b4Tzayvw1DLXd2c5rae+GlVCsVgpmOFyT6bftSon/HfxwBE4wKFYF7fo7/j6UbAeXwLafDhX+S5zSNR6so1epYlwcMLshXqyJePJNhtsRhpGLd9M3UqyGDAFoOQ== (none)"];
      #mkpasswd -m sha-512
      hashedPassword = "$6$k.vT0coFt3$BbZN9jqp6Yw75v9H/wgFs9MZfd5Ycsfthzt3Jdw8G93YhaiFjkmpY5vCvJ.HYtw0PZOye6N9tBjNS698tM3i/1";
      uid = 1000;
      group = "cole";
    };
    nix.trustedUsers = [ "cole" ];
  ##### test user ######
  virtualisation.azureImage.diskSize = 2500;
  system.stateVersion = "20.03";
  networking.hostName = "azbuildworld";
  boot.kernelPackages = pkgs.linuxPackages_latest;
  #environment.noXlibs = true;
  #documentation.enable = false;
  #documentation.nixos.enable = false;
  services.openssh.passwordAuthentication = false;
  programs.mosh.enable = true;
  security.sudo.wheelNeedsPassword = false;
  environment.systemPackages = with pkgs; [
    git neovim jq file htop ripgrep cachix wget curl tmux zsh
  ];
 }
--- a/nixos/maintainers/scripts/azure-new/shell.nix
+++ b/nixos/maintainers/scripts/azure-new/shell.nix
@ -0,0 +1,13 @@
 with (import ../../../../default.nix {});
 stdenv.mkDerivation {
  name = "nixcfg-azure-devenv";
  nativeBuildInputs = [
    azure-cli
    bash
    cacert
    azure-storage-azcopy
  ];
  AZURE_CONFIG_DIR="/tmp/azure-cli/.azure";
 }
--- a/nixos/maintainers/scripts/azure-new/upload-image.sh
+++ b/nixos/maintainers/scripts/azure-new/upload-image.sh
@ -0,0 +1,55 @@
 #!/usr/bin/env bash
 set -euo pipefail
 set -x
 attr="${1:-"azbasic"}"
 nix-build ./examples/basic/image.nix --out-link "azure"
 group="nixos-images"
 location="westus2"
 img_name="azure-image-todo-makethisbetter" # TODO: clean this up
 img_file="$(readlink -f ./azure/disk.vhd)" # TODO: this doesn't feel great either
 if ! az group show -n "${group}" &>/dev/null; then
  az group create --name "${group}" --location "${location}"
 fi
 if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then
  bytes="$(stat -c %s ${img_file})"
  size="30"
  az disk create \
    --resource-group "${group}" \
    --name "${img_name}" \
    --for-upload true --upload-size-bytes "${bytes}"
  timeout=$(( 60 * 60 )) # disk access token timeout
  sasurl="$(\
    az disk grant-access \
      --access-level Write \
      --resource-group "${group}" \
      --name "${img_name}" \
      --duration-in-seconds ${timeout} \
        | jq -r '.accessSas'
  )"
  azcopy copy "${img_file}" "${sasurl}" \
    --blob-type PageBlob 
  az disk revoke-access \
    --resource-group "${group}" \
    --name "${img_name}"
 fi
 if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then
  diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
  az image create \
    --resource-group "${group}" \
    --name "${img_name}" \
    --source "${diskid}" \
    --os-type "linux" >/dev/null
 fi
 imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
 echo "${imageid}"
--- a/nixos/modules/virtualisation/azure-image.nix
+++ b/nixos/modules/virtualisation/azure-image.nix
@ -21,6 +21,7 @@ in
      name = "azure-image";
      postVM = ''
        ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd
        rm $diskImage
      '';
      configFile = ./azure-config-user.nix;
      format = "raw";