From 535a39cff325daae112be83bed6217facf300d48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 3 Sep 2024 07:04:34 +0200 Subject: [PATCH] Revert "nixosModules,pkgs: remove installer. clanModules: init installer module" This reverts commit 1090e36cf11212664ab18cdb470d8fce6f531dec. --- clanModules/flake-module.nix | 1 - clanModules/installer/README.md | 3 - clanModules/installer/default.nix | 22 --- docs/mkdocs.yml | 1 - .../installer => nixosModules}/bcachefs.nix | 0 nixosModules/flake-module.nix | 9 ++ .../hidden-ssh-announce.nix | 0 nixosModules/installer/default.nix | 125 ++++++++++++++++++ .../installer => nixosModules}/zfs.nix | 0 pkgs/flake-module.nix | 1 + pkgs/installer/base64.nix | 60 +++++++++ pkgs/installer/flake-module.nix | 71 ++++++++++ pkgs/installer/iwd.nix | 67 ++++++++++ 13 files changed, 333 insertions(+), 27 deletions(-) delete mode 100644 clanModules/installer/README.md delete mode 100644 clanModules/installer/default.nix rename {clanModules/installer => nixosModules}/bcachefs.nix (100%) rename {clanModules/installer => nixosModules}/hidden-ssh-announce.nix (100%) create mode 100644 nixosModules/installer/default.nix rename {clanModules/installer => nixosModules}/zfs.nix (100%) create mode 100644 pkgs/installer/base64.nix create mode 100644 pkgs/installer/flake-module.nix create mode 100644 pkgs/installer/iwd.nix diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index ca7f2f525..648e91b47 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -11,7 +11,6 @@ golem-provider = ./golem-provider; heisenbridge = ./heisenbridge; iwd = ./iwd; - installer = ./installer; localbackup = ./localbackup; localsend = ./localsend; matrix-synapse = ./matrix-synapse; diff --git a/clanModules/installer/README.md b/clanModules/installer/README.md deleted file mode 100644 index 126ee4cf4..000000000 --- a/clanModules/installer/README.md +++ /dev/null @@ -1,3 +0,0 @@ ---- -description = "Module to convert machine to an installer image" ---- diff --git a/clanModules/installer/default.nix b/clanModules/installer/default.nix deleted file mode 100644 index 7ce4fd572..000000000 --- a/clanModules/installer/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - ... -}: - -{ - options.clan.installer = - { - }; - - imports = [ - ../iwd - ./bcachefs.nix - ./zfs.nix - ./hidden-ssh-announce.nix - ../trusted-nix-caches - ]; - - config = { - system.stateVersion = config.system.nixos.version; - }; -} diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index cf84e2f59..eaee14bac 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -67,7 +67,6 @@ nav: - reference/clanModules/golem-provider.md - reference/clanModules/index.md - reference/clanModules/iwd.md - - reference/clanModules/installer.md - reference/clanModules/localbackup.md - reference/clanModules/localsend.md - reference/clanModules/matrix-synapse.md diff --git a/clanModules/installer/bcachefs.nix b/nixosModules/bcachefs.nix similarity index 100% rename from clanModules/installer/bcachefs.nix rename to nixosModules/bcachefs.nix diff --git a/nixosModules/flake-module.nix b/nixosModules/flake-module.nix index 8294c45a0..1977b9bf3 100644 --- a/nixosModules/flake-module.nix +++ b/nixosModules/flake-module.nix @@ -1,6 +1,15 @@ { inputs, self, ... }: { flake.nixosModules = { + hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ]; + bcachefs.imports = [ ./bcachefs.nix ]; + zfs.imports = [ ./zfs.nix ]; + installer.imports = [ + ./installer + self.nixosModules.hidden-ssh-announce + self.nixosModules.bcachefs + self.nixosModules.zfs + ]; clanCore.imports = [ inputs.sops-nix.nixosModules.sops inputs.disko.nixosModules.default diff --git a/clanModules/installer/hidden-ssh-announce.nix b/nixosModules/hidden-ssh-announce.nix similarity index 100% rename from clanModules/installer/hidden-ssh-announce.nix rename to nixosModules/hidden-ssh-announce.nix diff --git a/nixosModules/installer/default.nix b/nixosModules/installer/default.nix new file mode 100644 index 000000000..e80484d36 --- /dev/null +++ b/nixosModules/installer/default.nix @@ -0,0 +1,125 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: + +let + network-status = pkgs.writeShellScript "network-status" '' + export PATH=${ + lib.makeBinPath ( + with pkgs; + [ + iproute2 + coreutils + gnugrep + nettools + gum + ] + ) + } + set -efu -o pipefail + msgs=() + if [[ -e /var/shared/qrcode.utf8 ]]; then + qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)") + msgs+=("$qrcode") + fi + network_status="Local network addresses: + $(ip -brief -color addr | grep -v 127.0.0.1) + $([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...") + Multicast DNS: $(hostname).local" + network_status=$(gum style --border-foreground 240 --border normal "$network_status") + msgs+=("$network_status") + msgs+=("Press 'Ctrl-C' for console access") + + gum join --vertical "''${msgs[@]}" + ''; +in +{ + ############################################ + # # + # For install image debugging execute: # + # $ qemu-kvm result/stick.raw -snapshot # + # # + ############################################ + imports = [ + (modulesPath + "/profiles/installation-device.nix") + (modulesPath + "/profiles/all-hardware.nix") + (modulesPath + "/profiles/base.nix") + ]; + + ######################################################################################################## + # # + # Copied from: # + # https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6 # + # # + ######################################################################################################## + systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ]; + services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; + + hidden-ssh-announce = { + enable = true; + script = pkgs.writeShellScript "write-hostname" '' + set -efu + export PATH=${ + lib.makeBinPath ( + with pkgs; + [ + iproute2 + coreutils + jq + qrencode + ] + ) + } + + mkdir -p /var/shared + echo "$1" > /var/shared/onion-hostname + local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]') + jq -nc \ + --arg onion_address "$(cat /var/shared/onion-hostname)" \ + --argjson local_addrs "$local_addrs" \ + '{ pass: null, tor: $onion_address, addrs: $local_addrs }' \ + > /var/shared/login.json + cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8 + ''; + }; + + services.getty.autologinUser = lib.mkForce "root"; + + console.earlySetup = true; + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz"; + + # Less ipv6 addresses to reduce the noise + networking.tempAddresses = "disabled"; + + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; + + programs.bash.interactiveShellInit = '' + if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then + # workaround for https://github.com/NixOS/nixpkgs/issues/219239 + systemctl restart systemd-vconsole-setup.service + + watch --no-title --color ${network-status} + fi + ''; +} diff --git a/clanModules/installer/zfs.nix b/nixosModules/zfs.nix similarity index 100% rename from clanModules/installer/zfs.nix rename to nixosModules/zfs.nix diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix index 74e67fcc7..841f4a179 100644 --- a/pkgs/flake-module.nix +++ b/pkgs/flake-module.nix @@ -5,6 +5,7 @@ ./clan-cli/flake-module.nix ./clan-app/flake-module.nix ./clan-vm-manager/flake-module.nix + ./installer/flake-module.nix ./schemas/flake-module.nix ./webview-ui/flake-module.nix ./distro-packages/flake-module.nix diff --git a/pkgs/installer/base64.nix b/pkgs/installer/base64.nix new file mode 100644 index 000000000..588d1dfd1 --- /dev/null +++ b/pkgs/installer/base64.nix @@ -0,0 +1,60 @@ +{ lib, ... }: +{ + toBase64 = + text: + let + inherit (lib) + sublist + mod + stringToCharacters + concatMapStrings + ; + inherit (lib.strings) charToInt; + inherit (builtins) + substring + foldl' + genList + elemAt + length + concatStringsSep + stringLength + ; + lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + sliceN = + size: list: n: + sublist (n * size) size list; + pows = [ + (64 * 64 * 64) + (64 * 64) + 64 + 1 + ]; + intSextets = i: map (j: mod (i / j) 64) pows; + compose = + f: g: x: + f (g x); + intToChar = elemAt lookup; + convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt); + sliceToInt = foldl' (acc: val: acc * 256 + val) 0; + convertTriplet = compose convertTripletInt sliceToInt; + join = concatStringsSep ""; + convertLastSlice = + slice: + let + len = length slice; + in + if len == 1 then + (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "==" + else if len == 2 then + (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "=" + else + ""; + len = stringLength text; + nFullSlices = len / 3; + bytes = map charToInt (stringToCharacters text); + tripletAt = sliceN 3 bytes; + head = genList (compose convertTriplet tripletAt) nFullSlices; + tail = convertLastSlice (tripletAt nFullSlices); + in + join (head ++ [ tail ]); +} diff --git a/pkgs/installer/flake-module.nix b/pkgs/installer/flake-module.nix new file mode 100644 index 000000000..04cfb96ce --- /dev/null +++ b/pkgs/installer/flake-module.nix @@ -0,0 +1,71 @@ +{ self, lib, ... }: + +let + + flashInstallerModule = + { config, ... }: + { + imports = [ + ./iwd.nix + self.nixosModules.installer + # Allow to download pre-build binaries from our nix caches + self.clanModules.trusted-nix-caches + ]; + + system.stateVersion = config.system.nixos.version; + nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; + } + // flashDiskoConfig; + + # Important: The partition names need to be different to the clan install + flashDiskoConfig = { + boot.loader.grub.efiSupport = lib.mkDefault true; + boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; + disko.devices = { + disk = { + main = { + type = "disk"; + device = lib.mkDefault "/dev/null"; + content = { + type = "gpt"; + partitions = { + installer-boot = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + installer-ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + installer-root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + }; +in +{ + clan = { + # To directly flash the installer to a disk, use the following command: + # $ clan flash flash-installer --disk main /dev/sdX --yes + # This will include your ssh public keys in the installer. + machines.flash-installer = { + imports = [ flashInstallerModule ]; + boot.loader.grub.enable = lib.mkDefault true; + }; + }; +} diff --git a/pkgs/installer/iwd.nix b/pkgs/installer/iwd.nix new file mode 100644 index 000000000..8717a1c38 --- /dev/null +++ b/pkgs/installer/iwd.nix @@ -0,0 +1,67 @@ +{ + lib, + pkgs, + config, + ... +}: + +let + cfg = config.clan.iwd; + toBase64 = (pkgs.callPackage ./base64.nix { inherit lib; }).toBase64; + wifi_config = password: '' + [Security] + Passphrase=${password} + ''; +in +{ + options.clan.iwd = { + networks = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, ... }: + { + options = { + ssid = lib.mkOption { + type = lib.types.strMatching "^[a-zA-Z0-9._-]+$"; + default = name; + description = "The name of the wifi network"; + }; + password = lib.mkOption { + type = lib.types.str; + description = "The password of the wifi network"; + }; + }; + } + ) + ); + default = { }; + description = "Wifi networks to predefine"; + }; + }; + config = lib.mkMerge [ + (lib.mkIf (cfg.networks != { }) { + # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file + systemd.tmpfiles.rules = lib.mapAttrsToList ( + _: value: + "f+~ /var/lib/iwd/${value.ssid}.psk 0600 root root - ${toBase64 (wifi_config value.password)}" + ) cfg.networks; + + }) + { + # disable wpa supplicant + networking.wireless.enable = false; + + # Use iwd instead of wpa_supplicant. It has a user friendly CLI + networking.wireless.iwd = { + enable = true; + settings = { + Network = { + EnableIPv6 = true; + RoutePriorityOffset = 300; + }; + Settings.AutoConnect = true; + }; + }; + } + ]; +}