Merge pull request 'clan flash: Remove root requirement for flash, add a flash-template' (#2165) from Qubasa/clan-core:Qubasa-main into main

2024-09-24 11:48:57 +00:00
parent cef290b135 1b0b111f03
commit 728cb60295
10 changed files with 191 additions and 73 deletions
--- a/pkgs/clan-cli/clan_cli/flash/automount.py
+++ b/pkgs/clan-cli/clan_cli/flash/automount.py
@@ -1,27 +1,21 @@
 import logging
 import os
 import shutil
 from collections.abc import Generator
 from contextlib import contextmanager
 from pathlib import Path
-from clan_cli.cmd import run
+from clan_cli.cmd import Log, run
 from clan_cli.errors import ClanError
 log = logging.getLogger(__name__)
@contextmanager
-def pause_automounting(
+def pause_automounting(devices: list[Path]) -> Generator[None, None, None]:
    devices: list[Path], no_udev: bool
 ) -> Generator[None, None, None]:
    """
    Pause automounting on the device for the duration of this context
    manager
    """
    if no_udev:
        yield None
        return
    if shutil.which("udevadm") is None:
        msg = "udev is required to disable automounting"
@@ -29,37 +23,18 @@ def pause_automounting(
        yield None
        return
-    if os.geteuid() != 0:
+    inhibit_path = Path(__file__).parent / "inhibit.sh"
-        msg = "root privileges are required to disable automounting"
+    if not inhibit_path.exists():
        msg = f"{inhibit_path} not found"
        raise ClanError(msg)
    try:
        # See /usr/lib/udisks2/udisks2-inhibit
        rules_dir = Path("/run/udev/rules.d")
        rules_dir.mkdir(exist_ok=True)
        rule_files: list[Path] = []
        for device in devices:
            devpath: str = str(device)
            rule_file: Path = (
                rules_dir / f"90-udisks-inhibit-{devpath.replace('/', '_')}.rules"
            )
            with rule_file.open("w") as fd:
                print(
                    'SUBSYSTEM=="block", ENV{DEVNAME}=="'
                    + devpath
                    + '*", ENV{UDISKS_IGNORE}="1"',
                    file=fd,
                )
                fd.flush()
                os.fsync(fd.fileno())
            rule_files.append(rule_file)
        run(["udevadm", "control", "--reload"])
        run(["udevadm", "trigger", "--settle", "--subsystem-match=block"])
    str_devs = [str(dev) for dev in devices]
    cmd = ["sudo", str(inhibit_path), "enable", *str_devs]
    result = run(cmd, log=Log.BOTH, check=False)
    if result.returncode != 0:
        log.error("Failed to inhibit automounting")
    yield None
-    except Exception as ex:
+    cmd = ["sudo", str(inhibit_path), "disable", *str_devs]
-        log.fatal(ex)
+    result = run(cmd, log=Log.BOTH, check=False)
-    finally:
+    if result.returncode != 0:
-        for rule_file in rule_files:
+        log.error("Failed to re-enable automounting")
            rule_file.unlink(missing_ok=True)
        run(["udevadm", "control", "--reload"], check=False)
        run(["udevadm", "trigger", "--settle", "--subsystem-match=block"], check=False)
--- a/pkgs/clan-cli/clan_cli/flash/flash.py
+++ b/pkgs/clan-cli/clan_cli/flash/flash.py
@@ -11,9 +11,11 @@ from typing import Any
 from clan_cli.api import API
 from clan_cli.cmd import Log, run
 from clan_cli.errors import ClanError
 from clan_cli.facts.generate import generate_facts
 from clan_cli.facts.secret_modules import SecretStoreBase
 from clan_cli.machines.machines import Machine
 from clan_cli.nix import nix_shell
 from clan_cli.vars.generate import generate_vars_for_machine
 from .automount import pause_automounting
 from .list import list_possible_keymaps, list_possible_languages
@@ -24,7 +26,6 @@ log = logging.getLogger(__name__)
@dataclass
 class WifiConfig:
    ssid: str
    password: str
@dataclass
@@ -51,19 +52,21 @@ def flash_machine(
    dry_run: bool,
    write_efi_boot_entries: bool,
    debug: bool,
    no_udev: bool = False,
    extra_args: list[str] | None = None,
 ) -> None:
    devices = [Path(disk.device) for disk in disks]
-    with pause_automounting(devices, no_udev):
+    with pause_automounting(devices):
        if extra_args is None:
            extra_args = []
        system_config_nix: dict[str, Any] = {}
        generate_vars_for_machine(machine, generator_name=None, regenerate=False)
        generate_facts([machine], service=None, regenerate=False)
        if system_config.wifi_settings:
-            wifi_settings = {}
+            wifi_settings: dict[str, dict[str, str]] = {}
            for wifi in system_config.wifi_settings:
-                wifi_settings[wifi.ssid] = {"password": wifi.password}
+                wifi_settings[wifi.ssid] = {}
            system_config_nix["clan"] = {"iwd": {"networks": wifi_settings}}
        if system_config.language:
--- a/pkgs/clan-cli/clan_cli/flash/flash_cmd.py
+++ b/pkgs/clan-cli/clan_cli/flash/flash_cmd.py
@@ -26,7 +26,6 @@ class FlashOptions:
    mode: str
    write_efi_boot_entries: bool
    nix_options: list[str]
    no_udev: bool
    system_config: SystemConfig
@@ -73,15 +72,11 @@ def flash_command(args: argparse.Namespace) -> None:
            wifi_settings=None,
        ),
        write_efi_boot_entries=args.write_efi_boot_entries,
        no_udev=args.no_udev,
        nix_options=args.option,
    )
    if args.wifi:
-        opts.system_config.wifi_settings = [
+        opts.system_config.wifi_settings = [WifiConfig(ssid=ssid) for ssid in args.wifi]
            WifiConfig(ssid=ssid, password=password)
            for ssid, password in args.wifi.items()
        ]
    machine = Machine(opts.machine, flake=opts.flake)
    if opts.confirm and not opts.dry_run:
@@ -102,7 +97,6 @@ def flash_command(args: argparse.Namespace) -> None:
        dry_run=opts.dry_run,
        debug=opts.debug,
        write_efi_boot_entries=opts.write_efi_boot_entries,
        no_udev=opts.no_udev,
        extra_args=opts.nix_options,
    )
@@ -135,11 +129,9 @@ def register_flash_apply_parser(parser: argparse.ArgumentParser) -> None:
    parser.add_argument(
        "--wifi",
        type=str,
-        nargs=2,
+        action="append",
-        metavar=("ssid", "password"),
+        help="wifi ssid to connect to",
-        action=AppendDiskAction,
+        default=[],
        help="wifi network to connect to",
        default={},
    )
    parser.add_argument(
        "--mode",
@@ -160,12 +152,6 @@ def register_flash_apply_parser(parser: argparse.ArgumentParser) -> None:
        type=str,
        help="system language",
    )
    parser.add_argument(
        "--no-udev",
        help="Disable udev rules to block automounting",
        default=False,
        action="store_true",
    )
    parser.add_argument(
        "--keymap",
        type=str,
--- a/pkgs/clan-cli/clan_cli/flash/inhibit.sh
+++ b/pkgs/clan-cli/clan_cli/flash/inhibit.sh
@@ -0,0 +1,78 @@
 #!/usr/bin/env bash
 # A function to log error messages
 log_fatal() {
  echo "FATAL: $*" >&2
 }
 # A function to log warning messages
 log_warning() {
  echo "WARNING: $*" >&2
 }
 # Function to enable inhibition (pause automounting)
 enable_inhibition() {
  local devices=("$@")
  if ! command -v udevadm &> /dev/null; then
    log_fatal "udev is required to disable automounting"
    exit 1
  fi
  if [ "$EUID" -ne 0 ]; then
    log_fatal "Root privileges are required to disable automounting"
    exit 1
  fi
  local rules_dir="/run/udev/rules.d"
  mkdir -p "$rules_dir"
  for device in "${devices[@]}"; do
    local devpath="$device"
    local rule_file="$rules_dir/90-udisks-inhibit-${devpath//\//_}.rules"
    echo 'SUBSYSTEM=="block", ENV{DEVNAME}=="'"$devpath"'*", ENV{UDISKS_IGNORE}="1"' > "$rule_file"
    sync
  done
  udevadm control --reload
  udevadm trigger --settle --subsystem-match=block
 }
 # Function to disable inhibition (cleanup)
 disable_inhibition() {
  local devices=("$@")
  local rules_dir="/run/udev/rules.d"
  for device in "${devices[@]}"; do
    local devpath="$device"
    local rule_file="$rules_dir/90-udisks-inhibit-${devpath//\//_}.rules"
    rm -f "$rule_file" || log_warning "Could not remove file: $rule_file"
  done
  udevadm control --reload || log_warning "Could not reload udev rules"
  udevadm trigger --settle --subsystem-match=block || log_warning "Could not trigger udev settle"
 }
 if [ "$#" -lt 2 ]; then
  echo "Usage: $0 [enable|disable] /dev/sdX ..."
  exit 1
 fi
 action=$1
 shift
 devices=("$@")
 case "$action" in
  enable)
    enable_inhibition "${devices[@]}"
    ;;
  disable)
    disable_inhibition "${devices[@]}"
    ;;
  *)
    echo "Invalid action: $action"
    echo "Usage: $0 [enable|disable] /dev/sdX ..."
    exit 1
    ;;
 esac
--- a/pkgs/clan-cli/clan_cli/inventory/init.py
+++ b/pkgs/clan-cli/clan_cli/inventory/init.py
@@ -171,24 +171,25 @@ def merge_template_inventory(
            )
            raise ClanError(msg, description=description)
-        # Get the service config without knowing instance name
+        # services.<service_name>.<instance_name>.config
-        service_conf = next((v for v in instance.values() if "config" in v), None)
+        config = next((v for v in instance.values() if "config" in v), None)
-
+        if not config:
        if not service_conf:
            msg = f"Service {service_name} in template inventory has no config"
            description = "Invalid inventory configuration"
            raise ClanError(msg, description=description)
-        if "machines" in service_conf:
+        # Disallow "config.machines" key
        if "machines" in config:
            msg = f"Service {service_name} in template inventory has machines"
            description = "The 'machines' key is not allowed in template inventory"
            raise ClanError(msg, description=description)
-        if "roles" not in service_conf:
+        # Require "config.roles" key
        if "roles" not in config:
            msg = f"Service {service_name} in template inventory has no roles"
            description = "roles key is required in template inventory"
            raise ClanError(msg, description=description)
-        # TODO: We need a MachineReference type in nix before we can implement this properly
+        # TODO: Implement merging of template inventory
        msg = "Merge template inventory is not implemented yet"
        raise NotImplementedError(msg)
--- a/pkgs/clan-cli/clan_cli/vars/graph.py
+++ b/pkgs/clan-cli/clan_cli/vars/graph.py
@@ -3,11 +3,16 @@ from dataclasses import dataclass
 from functools import cached_property
 from graphlib import TopologicalSorter
 from clan_cli.errors import ClanError
 from clan_cli.machines.machines import Machine
 from .check import check_vars
 class GeneratorNotFoundError(ClanError):
    pass
@dataclass
 class Generator:
    name: str
@@ -28,6 +33,11 @@ def missing_dependency_closure(
    queue = list(closure)
    while queue:
        gen_name = queue.pop(0)
        if gen_name not in generators:
            msg = f"Requested generator {gen_name} not found"
            raise GeneratorNotFoundError(msg)
        for dep in generators[gen_name].dependencies:
            if dep not in closure and not generators[dep].exists:
                dep_closure.add(dep)
--- a/pkgs/clan-cli/pyproject.toml
+++ b/pkgs/clan-cli/pyproject.toml
@@ -25,6 +25,7 @@ clan_cli = [
  "templates/**/*",
  "vms/mimetypes/**/*",
  "webui/assets/**/*",
  "flash/*.sh"
 ]
 [tool.pytest.ini_options]
--- a/pkgs/webview-ui/app/src/routes/flash/view.tsx
+++ b/pkgs/webview-ui/app/src/routes/flash/view.tsx
@@ -160,7 +160,6 @@ export const Flash = () => {
        dry_run: false,
        write_efi_boot_entries: false,
        debug: false,
        no_udev: true,
      });
    } catch (error) {
      toast.error(`Error could not flash disk: ${error}`);
--- a/templates/machineTemplates/machines/flash-installer/configuration.nix
+++ b/templates/machineTemplates/machines/flash-installer/configuration.nix
@@ -1,7 +1,18 @@
 {
  config,
  clan-core,
  inputs,
  ...
 }:
 {
  imports = [
-
+    ./disko.nix
    clan-core.nixosModules.installer
    clan-core.clanModules.trusted-nix-caches
    clan-core.clanModules.disk-id
    clan-core.clanModules.iwd
  ];
-  # Flash machine template
+  nixpkgs.pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
  system.stateVersion = config.system.nixos.version;
 }
--- a/templates/machineTemplates/machines/flash-installer/disko.nix
+++ b/templates/machineTemplates/machines/flash-installer/disko.nix
@@ -0,0 +1,54 @@
 { config, lib, ... }:
 let
  suffix = config.clan.core.vars.generators.disk-id.files.diskId.value;
 in
 {
  boot.loader.grub.efiSupport = lib.mkDefault true;
  boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
  disko.devices = {
    disk = {
      "main" = {
        name = "main-" + suffix;
        type = "disk";
        device = lib.mkDefault "/dev/null";
        content = {
          type = "gpt";
          partitions = {
            "boot" = {
              size = "1M";
              type = "EF02"; # for grub MBR
              priority = 1;
            };
            "ESP" = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            root = {
              name = "root";
              end = "-0";
              content = {
                type = "filesystem";
                format = "f2fs";
                mountpoint = "/";
                extraArgs = [
                  "-O"
                  "extra_attr,inode_checksum,sb_checksum,compression"
                ];
                # Recommendations for flash: https://wiki.archlinux.org/title/F2FS#Recommended_mount_options
                mountOptions = [
                  "compress_algorithm=zstd:6,compress_chksum,atgc,gc_merge,lazytime,nodiscard"
                ];
              };
            };
          };
        };
      };
    };
  };
 }