Merge pull request 'nixosModules,pkgs: remove installer. clanModules: init installer module' (#2026) from Qubasa/clan-core:Qubasa-main into main

2024-09-02 22:30:13 +00:00
parent 30e8c527de 1090e36cf1
commit 06c820bded
13 changed files with 27 additions and 333 deletions
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -11,6 +11,7 @@
    golem-provider = ./golem-provider;
    heisenbridge = ./heisenbridge;
    iwd = ./iwd;
    installer = ./installer;
    localbackup = ./localbackup;
    localsend = ./localsend;
    matrix-synapse = ./matrix-synapse;
--- a/clanModules/installer/README.md
+++ b/clanModules/installer/README.md
@@ -0,0 +1,3 @@
 ---
 description = "Module to convert machine to an installer image"
 ---
--- a/clanModules/installer/bcachefs.nix
+++ b/clanModules/installer/bcachefs.nix
--- a/clanModules/installer/default.nix
+++ b/clanModules/installer/default.nix
@@ -0,0 +1,22 @@
 {
  config,
  ...
 }:
 {
  options.clan.installer =
    {
    };
  imports = [
    ../iwd
    ./bcachefs.nix
    ./zfs.nix
    ./hidden-ssh-announce.nix
    ../trusted-nix-caches
  ];
  config = {
    system.stateVersion = config.system.nixos.version;
  };
 }
--- a/clanModules/installer/hidden-ssh-announce.nix
+++ b/clanModules/installer/hidden-ssh-announce.nix
--- a/clanModules/installer/zfs.nix
+++ b/clanModules/installer/zfs.nix
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -67,6 +67,7 @@ nav:
          - reference/clanModules/golem-provider.md
          - reference/clanModules/index.md
          - reference/clanModules/iwd.md
          - reference/clanModules/installer.md
          - reference/clanModules/localbackup.md
          - reference/clanModules/localsend.md
          - reference/clanModules/matrix-synapse.md
--- a/nixosModules/flake-module.nix
+++ b/nixosModules/flake-module.nix
@@ -1,15 +1,6 @@
 { inputs, self, ... }:
 {
  flake.nixosModules = {
    hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ];
    bcachefs.imports = [ ./bcachefs.nix ];
    zfs.imports = [ ./zfs.nix ];
    installer.imports = [
      ./installer
      self.nixosModules.hidden-ssh-announce
      self.nixosModules.bcachefs
      self.nixosModules.zfs
    ];
    clanCore.imports = [
      inputs.sops-nix.nixosModules.sops
      inputs.disko.nixosModules.default
--- a/nixosModules/installer/default.nix
+++ b/nixosModules/installer/default.nix
@@ -1,125 +0,0 @@
 {
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 let
  network-status = pkgs.writeShellScript "network-status" ''
    export PATH=${
      lib.makeBinPath (
        with pkgs;
        [
          iproute2
          coreutils
          gnugrep
          nettools
          gum
        ]
      )
    }
    set -efu -o pipefail
    msgs=()
    if [[ -e /var/shared/qrcode.utf8 ]]; then
      qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)")
      msgs+=("$qrcode")
    fi
    network_status="Local network addresses:
    $(ip -brief -color addr | grep -v 127.0.0.1)
    $([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...")
    Multicast DNS: $(hostname).local"
    network_status=$(gum style --border-foreground 240 --border normal "$network_status")
    msgs+=("$network_status")
    msgs+=("Press 'Ctrl-C' for console access")
    gum join --vertical "''${msgs[@]}"
  '';
 in
 {
  ############################################
  #                                          #
  # For install image debugging execute:     #
  # $ qemu-kvm result/stick.raw -snapshot    #
  #                                          #
  ############################################
  imports = [
    (modulesPath + "/profiles/installation-device.nix")
    (modulesPath + "/profiles/all-hardware.nix")
    (modulesPath + "/profiles/base.nix")
  ];
  ########################################################################################################
  #                                                                                                      #
  # Copied from:                                                                                         #
  # https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6  #
  #                                                                                                      #
  ########################################################################################################
  systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ];
  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
  hidden-ssh-announce = {
    enable = true;
    script = pkgs.writeShellScript "write-hostname" ''
      set -efu
      export PATH=${
        lib.makeBinPath (
          with pkgs;
          [
            iproute2
            coreutils
            jq
            qrencode
          ]
        )
      }
      mkdir -p /var/shared
      echo "$1" > /var/shared/onion-hostname
      local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]')
      jq -nc \
        --arg onion_address "$(cat /var/shared/onion-hostname)" \
        --argjson local_addrs "$local_addrs" \
        '{ pass: null, tor: $onion_address, addrs: $local_addrs }' \
        > /var/shared/login.json
      cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8
    '';
  };
  services.getty.autologinUser = lib.mkForce "root";
  console.earlySetup = true;
  console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz";
  # Less ipv6 addresses to reduce the noise
  networking.tempAddresses = "disabled";
  # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
  console.colors = lib.mkDefault [
    "000000"
    "CC0000"
    "4E9A06"
    "C4A000"
    "3465A4"
    "75507B"
    "06989A"
    "D3D7CF"
    "555753"
    "EF2929"
    "8AE234"
    "FCE94F"
    "739FCF"
    "AD7FA8"
    "34E2E2"
    "EEEEEC"
  ];
  programs.bash.interactiveShellInit = ''
    if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then
      # workaround for https://github.com/NixOS/nixpkgs/issues/219239
      systemctl restart systemd-vconsole-setup.service
      watch --no-title --color ${network-status}
    fi
  '';
 }
--- a/pkgs/flake-module.nix
+++ b/pkgs/flake-module.nix
@@ -5,7 +5,6 @@
    ./clan-cli/flake-module.nix
    ./clan-app/flake-module.nix
    ./clan-vm-manager/flake-module.nix
    ./installer/flake-module.nix
    ./schemas/flake-module.nix
    ./webview-ui/flake-module.nix
    ./distro-packages/flake-module.nix
--- a/pkgs/installer/base64.nix
+++ b/pkgs/installer/base64.nix
@@ -1,60 +0,0 @@
 { lib, ... }:
 {
  toBase64 =
    text:
    let
      inherit (lib)
        sublist
        mod
        stringToCharacters
        concatMapStrings
        ;
      inherit (lib.strings) charToInt;
      inherit (builtins)
        substring
        foldl'
        genList
        elemAt
        length
        concatStringsSep
        stringLength
        ;
      lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
      sliceN =
        size: list: n:
        sublist (n * size) size list;
      pows = [
        (64 * 64 * 64)
        (64 * 64)
        64
        1
      ];
      intSextets = i: map (j: mod (i / j) 64) pows;
      compose =
        f: g: x:
        f (g x);
      intToChar = elemAt lookup;
      convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
      sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
      convertTriplet = compose convertTripletInt sliceToInt;
      join = concatStringsSep "";
      convertLastSlice =
        slice:
        let
          len = length slice;
        in
        if len == 1 then
          (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
        else if len == 2 then
          (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
        else
          "";
      len = stringLength text;
      nFullSlices = len / 3;
      bytes = map charToInt (stringToCharacters text);
      tripletAt = sliceN 3 bytes;
      head = genList (compose convertTriplet tripletAt) nFullSlices;
      tail = convertLastSlice (tripletAt nFullSlices);
    in
    join (head ++ [ tail ]);
 }
--- a/pkgs/installer/flake-module.nix
+++ b/pkgs/installer/flake-module.nix
@@ -1,71 +0,0 @@
 { self, lib, ... }:
 let
  flashInstallerModule =
    { config, ... }:
    {
      imports = [
        ./iwd.nix
        self.nixosModules.installer
        # Allow to download pre-build binaries from our nix caches
        self.clanModules.trusted-nix-caches
      ];
      system.stateVersion = config.system.nixos.version;
      nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
    }
    // flashDiskoConfig;
  # Important: The partition names need to be different to the clan install
  flashDiskoConfig = {
    boot.loader.grub.efiSupport = lib.mkDefault true;
    boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
    disko.devices = {
      disk = {
        main = {
          type = "disk";
          device = lib.mkDefault "/dev/null";
          content = {
            type = "gpt";
            partitions = {
              installer-boot = {
                size = "1M";
                type = "EF02"; # for grub MBR
                priority = 1;
              };
              installer-ESP = {
                size = "512M";
                type = "EF00";
                content = {
                  type = "filesystem";
                  format = "vfat";
                  mountpoint = "/boot";
                };
              };
              installer-root = {
                size = "100%";
                content = {
                  type = "filesystem";
                  format = "ext4";
                  mountpoint = "/";
                };
              };
            };
          };
        };
      };
    };
  };
 in
 {
  clan = {
    # To directly flash the installer to a disk, use the following command:
    # $ clan flash flash-installer --disk main /dev/sdX --yes
    # This will include your ssh public keys in the installer.
    machines.flash-installer = {
      imports = [ flashInstallerModule ];
      boot.loader.grub.enable = lib.mkDefault true;
    };
  };
 }
--- a/pkgs/installer/iwd.nix
+++ b/pkgs/installer/iwd.nix
@@ -1,67 +0,0 @@
 {
  lib,
  pkgs,
  config,
  ...
 }:
 let
  cfg = config.clan.iwd;
  toBase64 = (pkgs.callPackage ./base64.nix { inherit lib; }).toBase64;
  wifi_config = password: ''
    [Security]
      Passphrase=${password}
  '';
 in
 {
  options.clan.iwd = {
    networks = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule (
          { name, ... }:
          {
            options = {
              ssid = lib.mkOption {
                type = lib.types.strMatching "^[a-zA-Z0-9._-]+$";
                default = name;
                description = "The name of the wifi network";
              };
              password = lib.mkOption {
                type = lib.types.str;
                description = "The password of the wifi network";
              };
            };
          }
        )
      );
      default = { };
      description = "Wifi networks to predefine";
    };
  };
  config = lib.mkMerge [
    (lib.mkIf (cfg.networks != { }) {
      # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file
      systemd.tmpfiles.rules = lib.mapAttrsToList (
        _: value:
        "f+~ /var/lib/iwd/${value.ssid}.psk 0600 root root - ${toBase64 (wifi_config value.password)}"
      ) cfg.networks;
    })
    {
      # disable wpa supplicant
      networking.wireless.enable = false;
      # Use iwd instead of wpa_supplicant. It has a user friendly CLI
      networking.wireless.iwd = {
        enable = true;
        settings = {
          Network = {
            EnableIPv6 = true;
            RoutePriorityOffset = 300;
          };
          Settings.AutoConnect = true;
        };
      };
    }
  ];
 }