diff --git a/hosts/azure-common-2.nix b/hosts/azure-common-2.nix index 3e76ac83..41ba9dfb 100644 --- a/hosts/azure-common-2.nix +++ b/hosts/azure-common-2.nix @@ -4,32 +4,11 @@ # # Profile to import for Azure VMs. Imports azure-common.nix from nixpkgs, # and configures cloud-init. -{ - modulesPath, - pkgs, - ... -}: { +{modulesPath, ...}: { imports = [ "${modulesPath}/virtualisation/azure-config.nix" ]; - nixpkgs.overlays = [ - (_self: super: { - cloud-init = super.cloud-init.overrideAttrs (old: { - patches = - old.patches - or [] - ++ [ - # Add support for timeout in disk_setup: https://github.com/canonical/cloud-init/pull/4673 - (pkgs.fetchpatch { - url = "https://github.com/canonical/cloud-init/pull/4673/commits/9b2e3dc907dc06d0a2abdaae6f0b1f0612c5c5dc.patch"; - hash = "sha256-KAd+4YT+dgzIoEq5qZj6y4peclIb3rvnuY6QIQObAiY="; - }) - ]; - }); - }) - ]; - # enable cloud-init, so instance metadata is set accordingly and we can use # cloud-config for ssh key management. services.cloud-init.enable = true; @@ -42,9 +21,4 @@ # but the way nixpkgs configures cloud-init prevents it from picking up DNS # settings from elsewhere. # services.resolved.enable = false; - - # Add filesystem-related tools to cloud-inits path, so it can format data disks. - services.cloud-init.btrfs.enable = true; - services.cloud-init.ext4.enable = true; - services.cloud-init.xfs.enable = true; } diff --git a/hosts/binary-cache/configuration.nix b/hosts/binary-cache/configuration.nix index 1213159b..faa4a5af 100644 --- a/hosts/binary-cache/configuration.nix +++ b/hosts/binary-cache/configuration.nix @@ -15,6 +15,22 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + # Configure /var/lib/caddy in /etc/fstab. + # Due to an implicit RequiresMountsFor=$state-dir, systemd + # will block starting the service until this mounted. + fileSystems."/var/lib/caddy" = { + device = "/dev/disk/by-lun/10"; + fsType = "ext4"; + options = [ + # Due to https://github.com/hashicorp/terraform-provider-azurerm/issues/6117 + # disks get attached later during boot. + # The default of 90s doesn't seem to be sufficient. + "x-systemd.device-timeout=5min" + "x-systemd.makefs" + "x-systemd.growfs" + ]; + }; + # Run a read-only HTTP webserver proxying to the "binary-cache-v1" storage # container at a unix socket. # This relies on IAM to grant access to the storage container. @@ -77,10 +93,6 @@ "${pkgs.caddy}/bin/caddy run --environ --config ${config.services.caddy.configFile}/Caddyfile" ]; - # Wait for cloud-init mounting before we start caddy. - systemd.services.caddy.after = ["cloud-init.service"]; - systemd.services.caddy.requires = ["cloud-init.service"]; - # Expose the HTTP and HTTPS port. networking.firewall.allowedTCPPorts = [80 443]; diff --git a/hosts/jenkins-controller/configuration.nix b/hosts/jenkins-controller/configuration.nix index b71c68e9..4d0c7566 100644 --- a/hosts/jenkins-controller/configuration.nix +++ b/hosts/jenkins-controller/configuration.nix @@ -11,6 +11,22 @@ self.nixosModules.service-openssh ]; + # Configure /var/lib/jenkins in /etc/fstab. + # Due to an implicit RequiresMountsFor=$state-dir, systemd + # will block starting the service until this mounted. + fileSystems."/var/lib/jenkins" = { + device = "/dev/disk/by-lun/10"; + fsType = "ext4"; + options = [ + # Due to https://github.com/hashicorp/terraform-provider-azurerm/issues/6117 + # disks get attached later during boot. + # The default of 90s doesn't seem to be sufficient. + "x-systemd.device-timeout=5min" + "x-systemd.makefs" + "x-systemd.growfs" + ]; + }; + services.jenkins = { enable = true; listenAddress = "localhost"; @@ -19,13 +35,10 @@ }; # set StateDirectory=jenkins, so state volume has the right permissions + # and we wait on the mountpoint to appear. # https://github.com/NixOS/nixpkgs/pull/272679 systemd.services.jenkins.serviceConfig.StateDirectory = "jenkins"; - # Wait for cloud-init mounting before we start jenkins. - systemd.services.jenkins.after = ["cloud-init.service"]; - systemd.services.jenkins.requires = ["cloud-init.service"]; - # TODO: deploy reverse proxy, sort out authentication (SSO?) nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/terraform/jenkins/binary_cache.tf b/terraform/jenkins/binary_cache.tf index f2d79714..0cc5c285 100644 --- a/terraform/jenkins/binary_cache.tf +++ b/terraform/jenkins/binary_cache.tf @@ -35,24 +35,6 @@ module "binary_cache_vm" { ssh_authorized_keys = local.ssh_keys[user] } ] - # mount /dev/disk/by-lun/10 to /var/lib/caddy - disk_setup = { - "/dev/disk/by-lun/10" = { - layout = false # don't partition - timeout = 60 # wait for device to appear - } - } - fs_setup = [ - { - filesystem = "ext4" - partition = "auto" - device = "/dev/disk/by-lun/10" - label = "caddy" - } - ] - mounts = [ - ["/dev/disk/by-label/caddy", "/var/lib/caddy"] - ] # TODO: this should be EnvironmentFile, so we don't need to restart write_files = [ { diff --git a/terraform/jenkins/jenkins_controller.tf b/terraform/jenkins/jenkins_controller.tf index 0d53b914..1b780f5b 100644 --- a/terraform/jenkins/jenkins_controller.tf +++ b/terraform/jenkins/jenkins_controller.tf @@ -37,24 +37,6 @@ module "jenkins_controller_vm" { ssh_authorized_keys = local.ssh_keys[user] } ] - # mount /dev/disk/by-lun/10 to /var/lib/jenkins - disk_setup = { - "/dev/disk/by-lun/10" = { - layout = false # don't partition - timeout = 60 # wait for device to appear - } - } - fs_setup = [ - { - filesystem = "ext4" - partition = "auto" - device = "/dev/disk/by-lun/10" - label = "jenkins" - } - ] - mounts = [ - ["/dev/disk/by-label/jenkins", "/var/lib/jenkins"] - ] })]) subnet_id = azurerm_subnet.jenkins.id