Revert "nixosModules,pkgs: remove installer. clanModules: init installer module"

This reverts commit 1090e36cf1.

clanModules/flake-module.nix

@@ -11,7 +11,6 @@
     golem-provider = ./golem-provider;
     heisenbridge = ./heisenbridge;
     iwd = ./iwd;
-    installer = ./installer;
     localbackup = ./localbackup;
     localsend = ./localsend;
     matrix-synapse = ./matrix-synapse;

clanModules/installer/README.md

@@ -1,3 +0,0 @@
----
-description = "Module to convert machine to an installer image"
----

clanModules/installer/default.nix

@@ -1,22 +0,0 @@
-{
-  config,
-  ...
-}:
-
-{
-  options.clan.installer =
-    {
-    };
-
-  imports = [
-    ../iwd
-    ./bcachefs.nix
-    ./zfs.nix
-    ./hidden-ssh-announce.nix
-    ../trusted-nix-caches
-  ];
-
-  config = {
-    system.stateVersion = config.system.nixos.version;
-  };
-}

docs/mkdocs.yml

@@ -67,7 +67,6 @@ nav:
           - reference/clanModules/golem-provider.md
           - reference/clanModules/index.md
           - reference/clanModules/iwd.md
-          - reference/clanModules/installer.md
           - reference/clanModules/localbackup.md
           - reference/clanModules/localsend.md
           - reference/clanModules/matrix-synapse.md

nixosModules/flake-module.nix

@@ -1,6 +1,15 @@
 { inputs, self, ... }:
 {
   flake.nixosModules = {
+    hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ];
+    bcachefs.imports = [ ./bcachefs.nix ];
+    zfs.imports = [ ./zfs.nix ];
+    installer.imports = [
+      ./installer
+      self.nixosModules.hidden-ssh-announce
+      self.nixosModules.bcachefs
+      self.nixosModules.zfs
+    ];
     clanCore.imports = [
       inputs.sops-nix.nixosModules.sops
       inputs.disko.nixosModules.default

nixosModules/installer/default.nix

@@ -0,0 +1,125 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+let
+  network-status = pkgs.writeShellScript "network-status" ''
+    export PATH=${
+      lib.makeBinPath (
+        with pkgs;
+        [
+          iproute2
+          coreutils
+          gnugrep
+          nettools
+          gum
+        ]
+      )
+    }
+    set -efu -o pipefail
+    msgs=()
+    if [[ -e /var/shared/qrcode.utf8 ]]; then
+      qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)")
+      msgs+=("$qrcode")
+    fi
+    network_status="Local network addresses:
+    $(ip -brief -color addr | grep -v 127.0.0.1)
+    $([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...")
+    Multicast DNS: $(hostname).local"
+    network_status=$(gum style --border-foreground 240 --border normal "$network_status")
+    msgs+=("$network_status")
+    msgs+=("Press 'Ctrl-C' for console access")
+
+    gum join --vertical "''${msgs[@]}"
+  '';
+in
+{
+  ############################################
+  #                                          #
+  # For install image debugging execute:     #
+  # $ qemu-kvm result/stick.raw -snapshot    #
+  #                                          #
+  ############################################
+  imports = [
+    (modulesPath + "/profiles/installation-device.nix")
+    (modulesPath + "/profiles/all-hardware.nix")
+    (modulesPath + "/profiles/base.nix")
+  ];
+
+  ########################################################################################################
+  #                                                                                                      #
+  # Copied from:                                                                                         #
+  # https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6  #
+  #                                                                                                      #
+  ########################################################################################################
+  systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ];
+  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
+
+  hidden-ssh-announce = {
+    enable = true;
+    script = pkgs.writeShellScript "write-hostname" ''
+      set -efu
+      export PATH=${
+        lib.makeBinPath (
+          with pkgs;
+          [
+            iproute2
+            coreutils
+            jq
+            qrencode
+          ]
+        )
+      }
+
+      mkdir -p /var/shared
+      echo "$1" > /var/shared/onion-hostname
+      local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]')
+      jq -nc \
+        --arg onion_address "$(cat /var/shared/onion-hostname)" \
+        --argjson local_addrs "$local_addrs" \
+        '{ pass: null, tor: $onion_address, addrs: $local_addrs }' \
+        > /var/shared/login.json
+      cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8
+    '';
+  };
+
+  services.getty.autologinUser = lib.mkForce "root";
+
+  console.earlySetup = true;
+  console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz";
+
+  # Less ipv6 addresses to reduce the noise
+  networking.tempAddresses = "disabled";
+
+  # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
+  console.colors = lib.mkDefault [
+    "000000"
+    "CC0000"
+    "4E9A06"
+    "C4A000"
+    "3465A4"
+    "75507B"
+    "06989A"
+    "D3D7CF"
+    "555753"
+    "EF2929"
+    "8AE234"
+    "FCE94F"
+    "739FCF"
+    "AD7FA8"
+    "34E2E2"
+    "EEEEEC"
+  ];
+
+  programs.bash.interactiveShellInit = ''
+    if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then
+      # workaround for https://github.com/NixOS/nixpkgs/issues/219239
+      systemctl restart systemd-vconsole-setup.service
+
+      watch --no-title --color ${network-status}
+    fi
+  '';
+}

pkgs/flake-module.nix

@@ -5,6 +5,7 @@
     ./clan-cli/flake-module.nix
     ./clan-app/flake-module.nix
     ./clan-vm-manager/flake-module.nix
+    ./installer/flake-module.nix
     ./schemas/flake-module.nix
     ./webview-ui/flake-module.nix
     ./distro-packages/flake-module.nix

pkgs/installer/base64.nix

@@ -0,0 +1,60 @@
+{ lib, ... }:
+{
+  toBase64 =
+    text:
+    let
+      inherit (lib)
+        sublist
+        mod
+        stringToCharacters
+        concatMapStrings
+        ;
+      inherit (lib.strings) charToInt;
+      inherit (builtins)
+        substring
+        foldl'
+        genList
+        elemAt
+        length
+        concatStringsSep
+        stringLength
+        ;
+      lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+      sliceN =
+        size: list: n:
+        sublist (n * size) size list;
+      pows = [
+        (64 * 64 * 64)
+        (64 * 64)
+        64
+        1
+      ];
+      intSextets = i: map (j: mod (i / j) 64) pows;
+      compose =
+        f: g: x:
+        f (g x);
+      intToChar = elemAt lookup;
+      convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
+      sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
+      convertTriplet = compose convertTripletInt sliceToInt;
+      join = concatStringsSep "";
+      convertLastSlice =
+        slice:
+        let
+          len = length slice;
+        in
+        if len == 1 then
+          (substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
+        else if len == 2 then
+          (substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
+        else
+          "";
+      len = stringLength text;
+      nFullSlices = len / 3;
+      bytes = map charToInt (stringToCharacters text);
+      tripletAt = sliceN 3 bytes;
+      head = genList (compose convertTriplet tripletAt) nFullSlices;
+      tail = convertLastSlice (tripletAt nFullSlices);
+    in
+    join (head ++ [ tail ]);
+}

pkgs/installer/flake-module.nix

@@ -0,0 +1,71 @@
+{ self, lib, ... }:
+
+let
+
+  flashInstallerModule =
+    { config, ... }:
+    {
+      imports = [
+        ./iwd.nix
+        self.nixosModules.installer
+        # Allow to download pre-build binaries from our nix caches
+        self.clanModules.trusted-nix-caches
+      ];
+
+      system.stateVersion = config.system.nixos.version;
+      nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
+    }
+    // flashDiskoConfig;
+
+  # Important: The partition names need to be different to the clan install
+  flashDiskoConfig = {
+    boot.loader.grub.efiSupport = lib.mkDefault true;
+    boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
+    disko.devices = {
+      disk = {
+        main = {
+          type = "disk";
+          device = lib.mkDefault "/dev/null";
+          content = {
+            type = "gpt";
+            partitions = {
+              installer-boot = {
+                size = "1M";
+                type = "EF02"; # for grub MBR
+                priority = 1;
+              };
+              installer-ESP = {
+                size = "512M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                };
+              };
+              installer-root = {
+                size = "100%";
+                content = {
+                  type = "filesystem";
+                  format = "ext4";
+                  mountpoint = "/";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+in
+{
+  clan = {
+    # To directly flash the installer to a disk, use the following command:
+    # $ clan flash flash-installer --disk main /dev/sdX --yes
+    # This will include your ssh public keys in the installer.
+    machines.flash-installer = {
+      imports = [ flashInstallerModule ];
+      boot.loader.grub.enable = lib.mkDefault true;
+    };
+  };
+}

pkgs/installer/iwd.nix

@@ -0,0 +1,67 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+let
+  cfg = config.clan.iwd;
+  toBase64 = (pkgs.callPackage ./base64.nix { inherit lib; }).toBase64;
+  wifi_config = password: ''
+    [Security]
+      Passphrase=${password}
+  '';
+in
+{
+  options.clan.iwd = {
+    networks = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule (
+          { name, ... }:
+          {
+            options = {
+              ssid = lib.mkOption {
+                type = lib.types.strMatching "^[a-zA-Z0-9._-]+$";
+                default = name;
+                description = "The name of the wifi network";
+              };
+              password = lib.mkOption {
+                type = lib.types.str;
+                description = "The password of the wifi network";
+              };
+            };
+          }
+        )
+      );
+      default = { };
+      description = "Wifi networks to predefine";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.networks != { }) {
+      # Systemd tmpfiles rule to create /var/lib/iwd/example.psk file
+      systemd.tmpfiles.rules = lib.mapAttrsToList (
+        _: value:
+        "f+~ /var/lib/iwd/${value.ssid}.psk 0600 root root - ${toBase64 (wifi_config value.password)}"
+      ) cfg.networks;
+
+    })
+    {
+      # disable wpa supplicant
+      networking.wireless.enable = false;
+
+      # Use iwd instead of wpa_supplicant. It has a user friendly CLI
+      networking.wireless.iwd = {
+        enable = true;
+        settings = {
+          Network = {
+            EnableIPv6 = true;
+            RoutePriorityOffset = 300;
+          };
+          Settings.AutoConnect = true;
+        };
+      };
+    }
+  ];
+}