yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'nixosModules,pkgs: remove installer. clanModules: init installer module' (#2026) from Qubasa/clan-core:Qubasa-main into main

Browse Source
This commit is contained in:
clan-bot
2024-09-02 22:30:13 +00:00
parent 3cc7b0ce84 29a7f0312b
commit e87a8ade5d
13 changed files with 27 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clanModules/flake-module.nix
View File

@@ -11,6 +11,7 @@
golem-provider = ./golem-provider;
heisenbridge = ./heisenbridge;
iwd = ./iwd;
installer = ./installer;
localbackup = ./localbackup;
localsend = ./localsend;
matrix-synapse = ./matrix-synapse;

3
clanModules/installer/README.md Normal file
View File

@@ -0,0 +1,3 @@
---
description = "Module to convert machine to an installer image"
---

0
nixosModules/bcachefs.nix → clanModules/installer/bcachefs.nix
View File

22
clanModules/installer/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
config,
...
}:
{
options.clan.installer =
{
};
imports = [
../iwd
./bcachefs.nix
./zfs.nix
./hidden-ssh-announce.nix
../trusted-nix-caches
];
config = {
system.stateVersion = config.system.nixos.version;
};
}

0
nixosModules/hidden-ssh-announce.nix → clanModules/installer/hidden-ssh-announce.nix
View File

0
nixosModules/zfs.nix → clanModules/installer/zfs.nix
View File

1
docs/mkdocs.yml
View File

@@ -67,6 +67,7 @@ nav:
- reference/clanModules/golem-provider.md
- reference/clanModules/index.md
- reference/clanModules/iwd.md
- reference/clanModules/installer.md
- reference/clanModules/localbackup.md
- reference/clanModules/localsend.md
- reference/clanModules/matrix-synapse.md

9
nixosModules/flake-module.nix
View File

@@ -1,15 +1,6 @@
{ inputs, self, ... }:
{
flake.nixosModules = {
hidden-ssh-announce.imports = [ ./hidden-ssh-announce.nix ];
bcachefs.imports = [ ./bcachefs.nix ];
zfs.imports = [ ./zfs.nix ];
installer.imports = [
./installer
self.nixosModules.hidden-ssh-announce
self.nixosModules.bcachefs
self.nixosModules.zfs
];
clanCore.imports = [
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.default

125
nixosModules/installer/default.nix
View File

@@ -1,125 +0,0 @@
{
lib,
pkgs,
modulesPath,
...
}:
let
network-status = pkgs.writeShellScript "network-status" ''
export PATH=${
lib.makeBinPath (
with pkgs;
[
iproute2
coreutils
gnugrep
nettools
gum
]
)
}
set -efu -o pipefail
msgs=()
if [[ -e /var/shared/qrcode.utf8 ]]; then
qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)")
msgs+=("$qrcode")
fi
network_status="Local network addresses:
$(ip -brief -color addr | grep -v 127.0.0.1)
$([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...")
Multicast DNS: $(hostname).local"
network_status=$(gum style --border-foreground 240 --border normal "$network_status")
msgs+=("$network_status")
msgs+=("Press 'Ctrl-C' for console access")
gum join --vertical "''${msgs[@]}"
'';
in
{
############################################
# #
# For install image debugging execute: #
# $ qemu-kvm result/stick.raw -snapshot #
# #
############################################
imports = [
(modulesPath + "/profiles/installation-device.nix")
(modulesPath + "/profiles/all-hardware.nix")
(modulesPath + "/profiles/base.nix")
];
########################################################################################################
# #
# Copied from: #
# https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6 #
# #
########################################################################################################
systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ];
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
hidden-ssh-announce = {
enable = true;
script = pkgs.writeShellScript "write-hostname" ''
set -efu
export PATH=${
lib.makeBinPath (
with pkgs;
[
iproute2
coreutils
jq
qrencode
]
)
}
mkdir -p /var/shared
echo "$1" > /var/shared/onion-hostname
local_addrs=$(ip -json addr | jq '[map(.addr_info) | flatten | .[] | select(.scope == "global") | .local]')
jq -nc \
--arg onion_address "$(cat /var/shared/onion-hostname)" \
--argjson local_addrs "$local_addrs" \
'{ pass: null, tor: $onion_address, addrs: $local_addrs }' \
> /var/shared/login.json
cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8
'';
};
services.getty.autologinUser = lib.mkForce "root";
console.earlySetup = true;
console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz";
# Less ipv6 addresses to reduce the noise
networking.tempAddresses = "disabled";
# Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/
console.colors = lib.mkDefault [
"000000"
"CC0000"
"4E9A06"
"C4A000"
"3465A4"
"75507B"
"06989A"
"D3D7CF"
"555753"
"EF2929"
"8AE234"
"FCE94F"
"739FCF"
"AD7FA8"
"34E2E2"
"EEEEEC"
];
programs.bash.interactiveShellInit = ''
if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then
# workaround for https://github.com/NixOS/nixpkgs/issues/219239
systemctl restart systemd-vconsole-setup.service
watch --no-title --color ${network-status}
fi
'';
}

1
pkgs/flake-module.nix
View File

@@ -5,7 +5,6 @@
./clan-cli/flake-module.nix
./clan-app/flake-module.nix
./clan-vm-manager/flake-module.nix
./installer/flake-module.nix
./schemas/flake-module.nix
./webview-ui/flake-module.nix
./distro-packages/flake-module.nix

60
pkgs/installer/base64.nix
View File

@@ -1,60 +0,0 @@
{ lib, ... }:
{
toBase64 =
text:
let
inherit (lib)
sublist
mod
stringToCharacters
concatMapStrings
;
inherit (lib.strings) charToInt;
inherit (builtins)
substring
foldl'
genList
elemAt
length
concatStringsSep
stringLength
;
lookup = stringToCharacters "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
sliceN =
size: list: n:
sublist (n * size) size list;
pows = [
(64 * 64 * 64)
(64 * 64)
64
1
];
intSextets = i: map (j: mod (i / j) 64) pows;
compose =
f: g: x:
f (g x);
intToChar = elemAt lookup;
convertTripletInt = sliceInt: concatMapStrings intToChar (intSextets sliceInt);
sliceToInt = foldl' (acc: val: acc * 256 + val) 0;
convertTriplet = compose convertTripletInt sliceToInt;
join = concatStringsSep "";
convertLastSlice =
slice:
let
len = length slice;
in
if len == 1 then
(substring 0 2 (convertTripletInt ((sliceToInt slice) * 256 * 256))) + "=="
else if len == 2 then
(substring 0 3 (convertTripletInt ((sliceToInt slice) * 256))) + "="
else
"";
len = stringLength text;
nFullSlices = len / 3;
bytes = map charToInt (stringToCharacters text);
tripletAt = sliceN 3 bytes;
head = genList (compose convertTriplet tripletAt) nFullSlices;
tail = convertLastSlice (tripletAt nFullSlices);
in
join (head ++ [ tail ]);
}

71
pkgs/installer/flake-module.nix
View File

@@ -1,71 +0,0 @@
{ self, lib, ... }:
let
flashInstallerModule =
{ config, ... }:
{
imports = [
./iwd.nix
self.nixosModules.installer
# Allow to download pre-build binaries from our nix caches
self.clanModules.trusted-nix-caches
];
system.stateVersion = config.system.nixos.version;
nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
}
// flashDiskoConfig;
# Important: The partition names need to be different to the clan install
flashDiskoConfig = {
boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
disko.devices = {
disk = {
main = {
type = "disk";
device = lib.mkDefault "/dev/null";
content = {
type = "gpt";
partitions = {
installer-boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
installer-ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
installer-root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
in
{
clan = {
# To directly flash the installer to a disk, use the following command:
# $ clan flash flash-installer --disk main /dev/sdX --yes
# This will include your ssh public keys in the installer.
machines.flash-installer = {
imports = [ flashInstallerModule ];
boot.loader.grub.enable = lib.mkDefault true;
};
};
}

67
pkgs/installer/iwd.nix
View File

@@ -1,67 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.clan.iwd;
toBase64 = (pkgs.callPackage ./base64.nix { inherit lib; }).toBase64;
wifi_config = password: ''
[Security]
Passphrase=${password}
'';
in
{
options.clan.iwd = {
networks = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
ssid = lib.mkOption {
type = lib.types.strMatching "^[a-zA-Z0-9._-]+$";
default = name;
description = "The name of the wifi network";
};
password = lib.mkOption {
type = lib.types.str;
description = "The password of the wifi network";
};
};
}
)
);
default = { };
description = "Wifi networks to predefine";
};
};
config = lib.mkMerge [
(lib.mkIf (cfg.networks != { }) {
# Systemd tmpfiles rule to create /var/lib/iwd/example.psk file
systemd.tmpfiles.rules = lib.mapAttrsToList (
_: value:
"f+~ /var/lib/iwd/${value.ssid}.psk 0600 root root - ${toBase64 (wifi_config value.password)}"
) cfg.networks;
})
{
# disable wpa supplicant
networking.wireless.enable = false;
# Use iwd instead of wpa_supplicant. It has a user friendly CLI
networking.wireless.iwd = {
enable = true;
settings = {
Network = {
EnableIPv6 = true;
RoutePriorityOffset = 300;
};
Settings.AutoConnect = true;
};
};
}
];
}