From 1090e36cf11212664ab18cdb470d8fce6f531dec Mon Sep 17 00:00:00 2001 From: Qubasa Date: Tue, 3 Sep 2024 00:25:16 +0200 Subject: [PATCH] nixosModules,pkgs: remove installer. clanModules: init installer module --- clanModules/flake-module.nix | 1 + clanModules/installer/README.md | 3 + .../installer}/bcachefs.nix | 0 clanModules/installer/default.nix | 22 +++ .../installer}/hidden-ssh-announce.nix | 0 .../installer}/zfs.nix | 0 docs/mkdocs.yml | 1 + nixosModules/flake-module.nix | 9 -- nixosModules/installer/default.nix | 125 ------------------ pkgs/flake-module.nix | 1 - pkgs/installer/base64.nix | 60 --------- pkgs/installer/flake-module.nix | 71 ---------- pkgs/installer/iwd.nix | 67 ---------- 13 files changed, 27 insertions(+), 333 deletions(-) create mode 100644 clanModules/installer/README.md rename {nixosModules => clanModules/installer}/bcachefs.nix (100%) create mode 100644 clanModules/installer/default.nix rename {nixosModules => clanModules/installer}/hidden-ssh-announce.nix (100%) rename {nixosModules => clanModules/installer}/zfs.nix (100%) delete mode 100644 nixosModules/installer/default.nix delete mode 100644 pkgs/installer/base64.nix delete mode 100644 pkgs/installer/flake-module.nix delete mode 100644 pkgs/installer/iwd.nix diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index 648e91b47..ca7f2f525 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -11,6 +11,7 @@ golem-provider = ./golem-provider; heisenbridge = ./heisenbridge; iwd = ./iwd; + installer = ./installer; localbackup = ./localbackup; localsend = ./localsend; matrix-synapse = ./matrix-synapse; diff --git a/clanModules/installer/README.md b/clanModules/installer/README.md new file mode 100644 index 000000000..126ee4cf4 --- /dev/null +++ b/clanModules/installer/README.md @@ -0,0 +1,3 @@ +--- +description = "Module to convert machine to an installer image" +--- diff --git a/nixosModules/bcachefs.nix b/clanModules/installer/bcachefs.nix similarity index 100% rename from nixosModules/bcachefs.nix rename to clanModules/installer/bcachefs.nix diff --git a/clanModules/installer/default.nix b/clanModules/installer/default.nix new file mode 100644 index 000000000..7ce4fd572 --- /dev/null +++ b/clanModules/installer/default.nix @@ -0,0 +1,22 @@ +{ + config, + ... +}: + +{ + options.clan.installer = + { + }; + + imports = [ + ../iwd + ./bcachefs.nix + ./zfs.nix + ./hidden-ssh-announce.nix + ../trusted-nix-caches + ]; + + config = { + system.stateVersion = config.system.nixos.version; + }; +} diff --git a/nixosModules/hidden-ssh-announce.nix b/clanModules/installer/hidden-ssh-announce.nix similarity index 100% rename from nixosModules/hidden-ssh-announce.nix rename to clanModules/installer/hidden-ssh-announce.nix diff --git a/nixosModules/zfs.nix b/clanModules/installer/zfs.nix similarity index 100% rename from nixosModules/zfs.nix rename to clanModules/installer/zfs.nix diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index eaee14bac..cf84e2f59 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -67,6 +67,7 @@ nav: - reference/clanModules/golem-provider.md - reference/clanModules/index.md - reference/clanModules/iwd.md + - reference/clanModules/installer.md - reference/clanModules/localbackup.md - reference/clanModules/localsend.md - reference/clanModules/matrix-synapse.md diff --git a/nixosModules/flake-module.nix b/nixosModules/flake-module.nix index 1977b9bf3..8294c45a0 100644 --- a/nixosModules/flake-module.nix +++ b/nixosModules/flake-module.nix @@ -1,15 +1,6 @@ { inputs, self, ... }: { flake.nixosModules = { - hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ]; - bcachefs.imports = [ ./bcachefs.nix ]; - zfs.imports = [ ./zfs.nix ]; - installer.imports = [ - ./installer - self.nixosModules.hidden-ssh-announce - self.nixosModules.bcachefs - self.nixosModules.zfs - ]; clanCore.imports = [ inputs.sops-nix.nixosModules.sops inputs.disko.nixosModules.default diff --git a/nixosModules/installer/default.nix b/nixosModules/installer/default.nix deleted file mode 100644 index e80484d36..000000000 --- a/nixosModules/installer/default.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ - lib, - pkgs, - modulesPath, - ... -}: - -let - network-status = pkgs.writeShellScript "network-status" '' - export PATH=${ - lib.makeBinPath ( - with pkgs; - [ - iproute2 - coreutils - gnugrep - nettools - gum - ] - ) - } - set -efu -o pipefail - msgs=() - if [[ -e /var/shared/qrcode.utf8 ]]; then - qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)") - msgs+=("$qrcode") - fi - network_status="Local network addresses: - $(ip -brief -color addr | grep -v 127.0.0.1) - $([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...") - Multicast DNS: $(hostname).local" - network_status=$(gum style --border-foreground 240 --border normal "$network_status") - msgs+=("$network_status") - msgs+=("Press 'Ctrl-C' for console access") - - gum join --vertical "''${msgs[@]}" - ''; -in -{ - ############################################ - # # - # For install image debugging execute: # - # $ qemu-kvm result/stick.raw -snapshot # - # # - ############################################ - imports = [ - (modulesPath + "/profiles/installation-device.nix") - (modulesPath + "/profiles/all-hardware.nix") - (modulesPath + "/profiles/base.nix") - ]; - - ######################################################################################################## - # # - # Copied from: # - # https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6 # - # # - ######################################################################################################## - systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ]; - services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; - - hidden-ssh-announce = { - enable = true; - script = pkgs.writeShellScript "write-hostname" '' - set -efu - export PATH=${ - lib.makeBinPath ( - with pkgs; - [ - iproute2 - coreutils - jq - qrencode - ] - ) - } - - mkdir -p /var/shared - echo "$1" > /var/shared/onion-hostname - local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]') - jq -nc \ - --arg onion_address "$(cat /var/shared/onion-hostname)" \ - --argjson local_addrs "$local_addrs" \ - '{ pass: null, tor: $onion_address, addrs: $local_addrs }' \ - > /var/shared/login.json - cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8 - ''; - }; - - services.getty.autologinUser = lib.mkForce "root"; - - console.earlySetup = true; - console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz"; - - # Less ipv6 addresses to reduce the noise - networking.tempAddresses = "disabled"; - - # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ - console.colors = lib.mkDefault [ - "000000" - "CC0000" - "4E9A06" - "C4A000" - "3465A4" - "75507B" - "06989A" - "D3D7CF" - "555753" - "EF2929" - "8AE234" - "FCE94F" - "739FCF" - "AD7FA8" - "34E2E2" - "EEEEEC" - ]; - - programs.bash.interactiveShellInit = '' - if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then - # workaround for https://github.com/NixOS/nixpkgs/issues/219239 - systemctl restart systemd-vconsole-setup.service - - watch --no-title --color ${network-status} - fi - ''; -} diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix index 841f4a179..74e67fcc7 100644 --- a/pkgs/flake-module.nix +++ b/pkgs/flake-module.nix @@ -5,7 +5,6 @@ ./clan-cli/flake-module.nix ./clan-app/flake-module.nix ./clan-vm-manager/flake-module.nix - ./installer/flake-module.nix ./schemas/flake-module.nix ./webview-ui/flake-module.nix ./distro-packages/flake-module.nix diff --git a/pkgs/installer/base64.nix b/pkgs/installer/base64.nix deleted file mode 100644 index 588d1dfd1..000000000 --- a/pkgs/installer/base64.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, ... }: -{ - toBase64 = - text: - let - inherit (lib) - sublist - mod - stringToCharacters - concatMapStrings - ; - inherit (lib.strings) charToInt; - inherit (builtins) - substring - foldl' - genList - elemAt - length - concatStringsSep - stringLength - ; - lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - sliceN = - size: list: n: - sublist (n * size) size list; - pows = [ - (64 * 64 * 64) - (64 * 64) - 64 - 1 - ]; - intSextets = i: map (j: mod (i / j) 64) pows; - compose = - f: g: x: - f (g x); - intToChar = elemAt lookup; - convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt); - sliceToInt = foldl' (acc: val: acc * 256 + val) 0; - convertTriplet = compose convertTripletInt sliceToInt; - join = concatStringsSep ""; - convertLastSlice = - slice: - let - len = length slice; - in - if len == 1 then - (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "==" - else if len == 2 then - (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "=" - else - ""; - len = stringLength text; - nFullSlices = len / 3; - bytes = map charToInt (stringToCharacters text); - tripletAt = sliceN 3 bytes; - head = genList (compose convertTriplet tripletAt) nFullSlices; - tail = convertLastSlice (tripletAt nFullSlices); - in - join (head ++ [ tail ]); -} diff --git a/pkgs/installer/flake-module.nix b/pkgs/installer/flake-module.nix deleted file mode 100644 index 04cfb96ce..000000000 --- a/pkgs/installer/flake-module.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ self, lib, ... }: - -let - - flashInstallerModule = - { config, ... }: - { - imports = [ - ./iwd.nix - self.nixosModules.installer - # Allow to download pre-build binaries from our nix caches - self.clanModules.trusted-nix-caches - ]; - - system.stateVersion = config.system.nixos.version; - nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; - } - // flashDiskoConfig; - - # Important: The partition names need to be different to the clan install - flashDiskoConfig = { - boot.loader.grub.efiSupport = lib.mkDefault true; - boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; - disko.devices = { - disk = { - main = { - type = "disk"; - device = lib.mkDefault "/dev/null"; - content = { - type = "gpt"; - partitions = { - installer-boot = { - size = "1M"; - type = "EF02"; # for grub MBR - priority = 1; - }; - installer-ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - installer-root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - }; -in -{ - clan = { - # To directly flash the installer to a disk, use the following command: - # $ clan flash flash-installer --disk main /dev/sdX --yes - # This will include your ssh public keys in the installer. - machines.flash-installer = { - imports = [ flashInstallerModule ]; - boot.loader.grub.enable = lib.mkDefault true; - }; - }; -} diff --git a/pkgs/installer/iwd.nix b/pkgs/installer/iwd.nix deleted file mode 100644 index 8717a1c38..000000000 --- a/pkgs/installer/iwd.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: - -let - cfg = config.clan.iwd; - toBase64 = (pkgs.callPackage ./base64.nix { inherit lib; }).toBase64; - wifi_config = password: '' - [Security] - Passphrase=${password} - ''; -in -{ - options.clan.iwd = { - networks = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule ( - { name, ... }: - { - options = { - ssid = lib.mkOption { - type = lib.types.strMatching "^[a-zA-Z0-9._-]+$"; - default = name; - description = "The name of the wifi network"; - }; - password = lib.mkOption { - type = lib.types.str; - description = "The password of the wifi network"; - }; - }; - } - ) - ); - default = { }; - description = "Wifi networks to predefine"; - }; - }; - config = lib.mkMerge [ - (lib.mkIf (cfg.networks != { }) { - # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file - systemd.tmpfiles.rules = lib.mapAttrsToList ( - _: value: - "f+~ /var/lib/iwd/${value.ssid}.psk 0600 root root - ${toBase64 (wifi_config value.password)}" - ) cfg.networks; - - }) - { - # disable wpa supplicant - networking.wireless.enable = false; - - # Use iwd instead of wpa_supplicant. It has a user friendly CLI - networking.wireless.iwd = { - enable = true; - settings = { - Network = { - EnableIPv6 = true; - RoutePriorityOffset = 300; - }; - Settings.AutoConnect = true; - }; - }; - } - ]; -}