From ca735e8bf4aa2fd921c96cec7edbe6e3484053e5 Mon Sep 17 00:00:00 2001 From: xenia Date: Sat, 14 Sep 2024 15:56:09 -0400 Subject: [PATCH] add hpc stuff --- README.md | 17 +++++ default.nix | 3 + lib/make-hpc-dist/default.nix | 119 ++++++++++++++++++++++++++++++++++ lib/make-squashfs/default.nix | 23 +++++++ 4 files changed, 162 insertions(+) create mode 100644 lib/make-hpc-dist/default.nix create mode 100644 lib/make-squashfs/default.nix diff --git a/README.md b/README.md index 4b1a25b..519ed4c 100644 --- a/README.md +++ b/README.md @@ -236,6 +236,23 @@ stdenv.mkDerivation { } ``` +### [`makeSquashFs`](./lib/make-squashfs) + +builds a squashfs image from the given derivations + +example +```nix +makeSquashFs { + filename = "my-image"; # optional + storeContents = [ foo bar ]; +} +``` + +### [`makeHpcDist`](./lib/make-hpc-dist) + +create a packaged nix distribution with the given packages in it for weird HPC systems. go read the +source to find out what it does; i don't recommend using this if you're not me + ## development structure of this repo diff --git a/default.nix b/default.nix index 02d6a1a..45ce5d8 100644 --- a/default.nix +++ b/default.nix @@ -12,6 +12,9 @@ gitSource = prev.callPackage ./lib/git-source {}; + makeSquashFs = prev.callPackage ./lib/make-squashfs {}; + makeHpcDist = final.callPackage ./lib/make-hpc-dist {}; + ghidra_headless = prev.ghidra.override { openjdk17 = prev.openjdk17_headless; }; diff --git a/lib/make-hpc-dist/default.nix b/lib/make-hpc-dist/default.nix new file mode 100644 index 0000000..ad5e7d7 --- /dev/null +++ b/lib/make-hpc-dist/default.nix @@ -0,0 +1,119 @@ +{ + mkShell, + runCommand, + stdenvNoCC, + vmTools, + writeClosure, + writeText, + + bash, + cacert, + coreutils, + lix, + singularity, + + makeSquashFs, + + diskSize ? 1024, + memSize ? 1024 +}: +{ + contents, + startupScript ? "exec ${bash}/bin/bash -i" +}: +let + base-container = runCommand "empty.sif.d" { + buildInputs = [ coreutils ]; + } '' + mkdir "$out" + cd "$out" + mkdir -p proc sys dev nix etc bin usr/bin .singularity.d + ln -s /etc/sh bin/sh + ln -s /etc/env usr/bin/env + ln -s /etc/runscript .singularity.d/runscript + ''; + container-image = vmTools.runInLinuxVM ( + runCommand "singularity-empty-image" { + buildInputs = [ base-container singularity ]; + } '' + export HOME=/tmp + cp -r "${base-container}" "/tmp/container" + cd "/tmp" + find container -type d -exec chmod 755 {} \; + + mkdir -p /var/lib/singularity/mnt/session + echo "root:x:0:0:System administrator:/root:/bin/sh" > /etc/passwd + echo > /etc/resolv.conf + ${singularity}/bin/singularity build "$out/empty.sif" "container/" + ''); + + deps = [ coreutils bash cacert ]; + + startupScriptFile = writeText "singularity-startup-script" startupScript; + + shell = stdenvNoCC.mkDerivation { + name = "shell"; + propagatedBuildInputs = deps ++ contents; + unpackPhase = "true"; + installPhase = '' + mkdir -p "$out/bin" + printf '#!${bash}/bin/bash\n' > "$out/bin/startup.sh" + export >> "$out/bin/startup.sh" + cat "${startupScriptFile}" >> "$out/bin/startup.sh" + chmod +x "$out/bin/startup.sh" + ''; + }; + + base-etc = runCommand "singularity-etc" { + buildInputs = [ coreutils bash cacert ]; + } '' + mkdir "$out" + ln -s "${shell}/bin/startup.sh" "$out/runscript" + ln -s "${bash}/bin/bash" "$out/sh" + ln -s "${coreutils}/bin/env" "$out/env" + + mkdir -p "$out/ssl/certs" + ln -s "${cacert}/etc/ssl/certs/ca-bundle.crt" "$out/ssl/certs/ca-bundle.crt" + ln -s "${cacert}/etc/ssl/certs/ca-bundle.crt" "$out/ssl/certs/ca-certificates.crt" + + touch "$out/localtime" + touch "$out/resolv.conf" + ''; + + + squashfs = makeSquashFs { filename = "nix-store"; storeContents = [ shell ]; }; + + startCommand = writeText "run-container.sh" '' + #!/usr/bin/env bash + set -euo pipefail + + module load singularity/3.10.3 + + temp_dir="$(mktemp -d)" + mkdir -p "$TMPDIR/empty" + function __cleanup { + echo cleaning up + rsync -r --delete -- "$TMPDIR/empty/." "$temp_dir/." + rmdir "$temp_dir" + echo done + } + trap __cleanup EXIT + + cp -r etc nix-store.squashfs "$temp_dir" + + chmod +w "$temp_dir/etc" + chmod +w "$temp_dir/etc/resolv.conf" + chmod +w "$temp_dir/etc/localtime" + cat /etc/localtime > $temp_dir/etc/localtime + cat /etc/resolv.conf > $temp_dir/etc/resolv.conf + + singularity run -B "/work:/work,/scratch:/scratch,$temp_dir/nix-store.squashfs:/nix/store:image-src=/,$temp_dir/etc:/etc" --pid --uts --ipc container-base.sif + ''; +in runCommand "hpc-files.d" {} '' + mkdir "$out" + cp "${squashfs}" "$out/nix-store.squashfs" + cp -r "${base-etc}" "$out/etc" + cp "${container-image}/empty.sif" "$out/container-base.sif" + cp "${startCommand}" "$out/run-container.sh" + chmod +x "$out/run-container.sh" +'' diff --git a/lib/make-squashfs/default.nix b/lib/make-squashfs/default.nix new file mode 100644 index 0000000..724401f --- /dev/null +++ b/lib/make-squashfs/default.nix @@ -0,0 +1,23 @@ +{ + squashfsTools, + + closureInfo, + runCommand +}: +{ + filename ? "image", + storeContents ? [], + comp ? "xz -Xdict-size 100%" +}: +let + compFlag = if comp == null then "-no-compression" else "-comp ${comp}"; +in runCommand "${filename}.squashfs" { + nativeBuildInputs = [ squashfsTools ]; +} '' + closureInfo=${closureInfo { rootPaths = storeContents; }} + cp $closureInfo/registration nix-path-registration + + mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \ + -no-hardlinks -keep-as-directory -all-root -b 1048576 ${compFlag} \ + -processors $NIX_BUILD_CORES +''