Skip to content

Rebuildable system & appliance#263462

Merged
roberth merged 5 commits intoNixOS:masterfrom
nikstur:rebuildable-system
Oct 29, 2023
Merged

Rebuildable system & appliance#263462
roberth merged 5 commits intoNixOS:masterfrom
nikstur:rebuildable-system

Conversation

@nikstur
Copy link
Contributor

@nikstur nikstur commented Oct 25, 2023
edited
Loading

Description of changes

Add system.rebuildable flag

This flag allows the user to optionally exclude
switch-to-confguration.pl from toplevel.

This is interesting for appliance images where you don't want to re-build
the system. This flag is called rebuildable because the standard
interface to do this is nixos-rebuild which will not work anymore with
this change.

When #263295 lands, environment.defaultPackages = mkDefault [ ]; can be removed from the minimal profile.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@nikstur nikstur requested a review from dasJ as a code owner October 25, 2023 23:14
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Oct 25, 2023
@nikstur nikstur changed the title Rebuildable system Rebuildable system & appliance Oct 25, 2023
@nikstur nikstur requested review from blitz and lheckemann October 25, 2023 23:21
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Oct 26, 2023
roberth
roberth reviewed Oct 26, 2023
View reviewed changes
Copy link
Member

@roberth roberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really cool, but I think this needs to distinguish between general appliances and virtual appliances. I'll have some more thoughts regarding the distinction, but first I'll lazily quote Wikipedia Software appliance:

A software appliance is a software application combined with just enough operating system (JeOS) to run optimally on industry-standard hardware (typically a server) or in a virtual machine.

This PR elaborates what is just enough, and it seems to get it right for virtual appliances. However, for a hardware appliance you probably want to have more drivers and some upgrade mechanism.

By default the upgrade mechanism should probably be SSH + Nix store. Emphasis on store because it only has to work for root, and does not have to come with an interpreter.

@nikstur
Copy link
Contributor Author

nikstur commented Oct 26, 2023

However, for a hardware appliance you probably want to have more drivers and some upgrade mechanism.

I should've made this clearer: the update mechanism I envision is image-based A/B booting via the systemd toolchain. At the center of this is systemd-sysupdate for which I have added a module in a previous PR #243995 In this universe you would receive a completely new store image instead of only a new store closure, so Nix isn't necessary at all.

You would build images with the repart builder which I have also already added in a previous PR: #245250

Hardware and virtual appliance in this world are the same, you can update them the same way. However with a virtual appliance, you can also just completely exchange the disk image (but then you don't get the automatic fallback from systemd-boot and systemd-bless-boot)

@roberth
Copy link
Member

roberth commented Oct 26, 2023

via the systemd toolchain

How about systemd-sysupdate-appliance.nix then?

I'd be happy to start with very specific profiles and consider factoring this out into common profiles only when the other use cases have profiles and the commonality is "proven".

@nikstur nikstur force-pushed the rebuildable-system branch from a713590 to 4f6d2ef Compare October 26, 2023 12:06
@nikstur
Copy link
Contributor Author

nikstur commented Oct 26, 2023

How about systemd-sysupdate-appliance.nix then?

I called it image-based-appliance because that's the differentiating factor between our approaches in my mind. If you do image based updates, you do not need Nix.

@roberth
Copy link
Member

roberth commented Oct 26, 2023

I called it image-based-appliance

If systemd-sysupdate doesn't require overly specific changes to the config, then that sounds great to me, and if that changes, you can always add an extra profile specifically for it.

@nikstur nikstur force-pushed the rebuildable-system branch from 4f6d2ef to f4e05f1 Compare October 26, 2023 15:10
@nikstur
Copy link
Contributor Author

nikstur commented Oct 26, 2023

This should be good to go now.

@ofborg test non-switchable-system switchTest

@nikstur nikstur requested a review from roberth October 26, 2023 15:20
roberth
roberth reviewed Oct 26, 2023
View reviewed changes
Copy link
Member

@roberth roberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation lgtm.

Needs documentation and maybe promote it with a release note?

@nikstur
nixos: add system.switch.enable flag
b3c1d8c 
This flag allows the user to optionally exclude
switch-to-confguration.pl from toplevel.

This is interesting for appliance images where you don't want to re-build
the system. This flag is called `rebuildable` because the standard
interface to do this is `nixos-rebuild` which will not work anymore with
this change.
@nikstur nikstur force-pushed the rebuildable-system branch from f4e05f1 to d17a647 Compare October 26, 2023 15:47
dasJ
dasJ reviewed Oct 26, 2023
View reviewed changes
@nikstur nikstur force-pushed the rebuildable-system branch from d17a647 to 9dc4d68 Compare October 26, 2023 16:16
@github-actions github-actions bot added 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes labels Oct 26, 2023
@nikstur nikstur force-pushed the rebuildable-system branch 2 times, most recently from 959ea19 to 0b823c5 Compare October 26, 2023 16:26
@nikstur
Copy link
Contributor Author

nikstur commented Oct 26, 2023

Added docs and release notes.

@ofborg test non-switchable-system switchTest

roberth
roberth reviewed Oct 26, 2023
View reviewed changes
@nikstur nikstur force-pushed the rebuildable-system branch from 0b823c5 to a9d1495 Compare October 26, 2023 17:54
@nikstur nikstur requested review from dasJ and roberth October 26, 2023 18:47
lheckemann
lheckemann reviewed Oct 28, 2023
View reviewed changes
lheckemann
lheckemann reviewed Oct 28, 2023
View reviewed changes
@lheckemann
Copy link
Member

lheckemann commented Oct 28, 2023

nixos-rebuild should probably detect when it's built a system that can't be switched to, and provide a helpful error message in such a case. I'm not sure how important that is for this PR though.

@nikstur nikstur force-pushed the rebuildable-system branch from a9d1495 to e8bed1e Compare October 28, 2023 11:28
@nikstur
Copy link
Contributor Author

nikstur commented Oct 28, 2023

nixos-rebuild should probably detect when it's built a system that can't be switched to, and provide a helpful error message in such a case. I'm not sure how important that is for this PR though.

That would be nice, however, I think it's not needed for this PR.

@nikstur nikstur requested a review from lheckemann October 28, 2023 11:29
@roberth
Copy link
Member

roberth commented Oct 29, 2023

nixos-rebuild should probably detect

I feel like nixos-rebuild, in the state it is currently in, is saturated with all sorts of complexity.
switch-to-configuration: No such file or directory doesn't seem all that bad for this rather specialized use case.

I would love to have such a check after nixos-rebuild is refactored, but until then, let's keep it simple.

@roberth roberth merged commit 8b385c9 into NixOS:master Oct 29, 2023
@blitz blitz mentioned this pull request Oct 29, 2023
Closed
13 tasks
emilylange
emilylange reviewed Nov 5, 2023
View reviewed changes
nixos/modules/profiles/minimal.nix
Comment on lines +21 to +29
# Perl is a default package.
environment.defaultPackages = mkDefault [ ];

# The lessopen package pulls in Perl.
programs.less.lessopen = mkDefault null;

# This pulls in nixos-containers which depends on Perl.
boot.enableContainers = mkDefault false;

Copy link
Member

@emilylange emilylange Nov 5, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please add a release note entry for boot.enableContainers?

https://discourse.nixos.org/t/breaking-changes-announcement-for-unstable/17574 would have been fitting as well.

Copy link
Member

@emilylange emilylange Nov 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #269970 for a simple eval warning when containers are used but disabled (e.g. by importing the minimal profile).

@RaitoBezarius RaitoBezarius mentioned this pull request Nov 5, 2023
Open
@nikstur nikstur mentioned this pull request Nov 16, 2023
Closed
@emilylange emilylange mentioned this pull request Nov 25, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emilylange emilylange emilylange left review comments

@roberth roberth roberth approved these changes

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

@blitz blitz Awaiting requested review from blitz

@dasJ dasJ Awaiting requested review from dasJ

@lheckemann lheckemann Awaiting requested review from lheckemann

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@nikstur @roberth @lheckemann @dasJ @emilylange @blitz