diff --git a/nixosModules/installer/default.nix b/nixosModules/installer/default.nix index 5dab8a960..328d32423 100644 --- a/nixosModules/installer/default.nix +++ b/nixosModules/installer/default.nix @@ -4,6 +4,39 @@ modulesPath, ... }: + +let + network-status = pkgs.writeShellScript "network-status" '' + export PATH=${ + lib.makeBinPath ( + with pkgs; + [ + iproute2 + coreutils + gnugrep + nettools + gum + ] + ) + } + set -efu -o pipefail + msgs=() + if [[ -e /var/shared/qrcode.utf8 ]]; then + qrcode=$(gum style --border-foreground 240 --border normal "$(< /var/shared/qrcode.utf8)") + msgs+=("$qrcode") + fi + network_status="Root password: $(cat /var/shared/root-password) + Local network addresses: + $(ip -brief -color addr | grep -v 127.0.0.1) + $([[ -e /var/shared/onion-hostname ]] && echo "Onion address: $(cat /var/shared/onion-hostname)" || echo "Onion address: Waiting for tor network to be ready...") + Multicast DNS: $(hostname).local" + network_status=$(gum style --border-foreground 240 --border normal "$network_status") + msgs+=("$network_status") + msgs+=("Press 'Ctrl-C' for console access") + + gum join --vertical "''${msgs[@]}" + ''; +in { ############################################ # # @@ -11,17 +44,23 @@ # $ qemu-kvm result/stick.raw -snapshot # # # ############################################ - systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ]; imports = [ (modulesPath + "/profiles/installation-device.nix") (modulesPath + "/profiles/all-hardware.nix") (modulesPath + "/profiles/base.nix") - #(modulesPath + "/installer/cd-dvd/iso-image.nix") ]; + + ######################################################################################################## + # # + # Copied from: # + # https://github.com/nix-community/nixos-images/blob/main/nix/image-installer/module.nix#L46C3-L117C6 # + # # + ######################################################################################################## + systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ]; services.openssh.settings.PermitRootLogin = "yes"; system.activationScripts.root-password = '' mkdir -p /var/shared - ${pkgs.pwgen}/bin/pwgen -s 16 1 > /var/shared/root-password + ${pkgs.xkcdpass}/bin/xkcdpass --numwords 3 --delimiter - --count 1 > /var/shared/root-password echo "root:$(cat /var/shared/root-password)" | chpasswd ''; hidden-ssh-announce = { @@ -47,23 +86,46 @@ --arg password "$(cat /var/shared/root-password)" \ --arg onion_address "$(cat /var/shared/onion-hostname)" \ --argjson local_addrs "$local_addrs" \ - '{ pass: $password, onion_address: $onion_address, addrs: $local_addrs }' \ + '{ pass: $password, tor: $onion_address, addrs: $local_addrs }' \ > /var/shared/login.json - cat /var/shared/login.json | qrencode -t utf8 -o /var/shared/qrcode.utf8 + cat /var/shared/login.json | qrencode -s 2 -m 2 -t utf8 -o /var/shared/qrcode.utf8 ''; }; + services.getty.autologinUser = lib.mkForce "root"; + + console.earlySetup = true; + console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz"; + + # Less ipv6 addresses to reduce the noise + networking.tempAddresses = "disabled"; + + # Tango theme: https://yayachiken.net/en/posts/tango-colors-in-terminal/ + console.colors = lib.mkDefault [ + "000000" + "CC0000" + "4E9A06" + "C4A000" + "3465A4" + "75507B" + "06989A" + "D3D7CF" + "555753" + "EF2929" + "8AE234" + "FCE94F" + "739FCF" + "AD7FA8" + "34E2E2" + "EEEEEC" + ]; + programs.bash.interactiveShellInit = '' if [[ "$(tty)" =~ /dev/(tty1|hvc0|ttyS0)$ ]]; then - echo -n 'waiting for tor to generate the hidden service' - until test -e /var/shared/qrcode.utf8; do echo -n .; sleep 1; done - echo - echo "Root password: $(cat /var/shared/root-password)" - echo "Onion address: $(cat /var/shared/onion-hostname)" - echo "Local network addresses:" - ${pkgs.iproute}/bin/ip -brief -color addr | grep -v 127.0.0.1 - cat /var/shared/qrcode.utf8 + # workaround for https://github.com/NixOS/nixpkgs/issues/219239 + systemctl restart systemd-vconsole-setup.service + + watch --no-title --color ${network-status} fi ''; - #isoImage.squashfsCompression = "zstd"; } diff --git a/pkgs/clan-cli/clan_cli/flash.py b/pkgs/clan-cli/clan_cli/flash.py index 8b8ab224e..2f8bd25c1 100644 --- a/pkgs/clan-cli/clan_cli/flash.py +++ b/pkgs/clan-cli/clan_cli/flash.py @@ -106,7 +106,7 @@ def flash_machine( ) cmd = nix_shell( - ["nixpkgs#disko"], + ["/home/lhebendanz/Projects/disko"], disko_install, ) run(cmd, log=Log.BOTH, error_msg=f"Failed to flash {machine}") diff --git a/pkgs/installer/flake-module.nix b/pkgs/installer/flake-module.nix index 6889060bb..7f503b1b8 100644 --- a/pkgs/installer/flake-module.nix +++ b/pkgs/installer/flake-module.nix @@ -1,5 +1,24 @@ { self, lib, ... }: + let + wifiModule = + { ... }: + { + # use iwd instead of wpa_supplicant + networking.wireless.enable = false; + + # Use iwd instead of wpa_supplicant. It has a user friendly CLI + networking.wireless.iwd = { + enable = true; + settings = { + Network = { + EnableIPv6 = true; + RoutePriorityOffset = 300; + }; + Settings.AutoConnect = true; + }; + }; + }; installerModule = { config, @@ -9,6 +28,7 @@ let }: { imports = [ + wifiModule self.nixosModules.installer self.inputs.nixos-generators.nixosModules.all-formats self.inputs.disko.nixosModules.disko @@ -17,27 +37,11 @@ let isoImage.squashfsCompression = "zstd"; - # Provide convenience for connecting to wifi - networking.wireless.enable = false; - - # Use iwd instead of wpa_supplicant. It has a user friendly CLI - networking.wireless.iwd = { - settings = { - Network = { - EnableIPv6 = true; - RoutePriorityOffset = 300; - }; - Settings = { - AutoConnect = true; - }; - }; - enable = true; - }; system.stateVersion = config.system.nixos.version; nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; }; - installer = lib.nixosSystem { + installerSystem = lib.nixosSystem { modules = [ self.inputs.disko.nixosModules.default installerModule @@ -49,25 +53,10 @@ let { config, pkgs, ... }: { imports = [ + wifiModule self.nixosModules.installer self.clanModules.diskLayouts ]; - # Provide convenience for connecting to wifi - networking.wireless.enable = false; - - # Use iwd instead of wpa_supplicant. It has a user friendly CLI - networking.wireless.iwd = { - settings = { - Network = { - EnableIPv6 = true; - RoutePriorityOffset = 300; - }; - Settings = { - AutoConnect = true; - }; - }; - enable = true; - }; system.stateVersion = config.system.nixos.version; nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; }; @@ -76,17 +65,25 @@ in clan = { clanName = "clan-core"; directory = self; - machines.installer = { + + # To build a generic installer image (without ssh pubkeys), + # use the following command: + # $ nix build .#iso-installer + machines.iso-installer = { imports = [ installerModule ]; fileSystems."/".device = lib.mkDefault "/dev/null"; }; + + # To directly flash the installer to a disk, use the following command: + # $ clan flash flash-installer --disk main /dev/sdX --yes + # This will include your ssh public keys in the installer. machines.flash-installer = { imports = [ flashInstallerModule ]; - clan.diskLayouts.singleDiskExt4.device = "/dev/sda"; - boot.loader.grub.enable = lib.mkForce true; + clan.diskLayouts.singleDiskExt4.device = lib.mkDefault "/dev/null"; + boot.loader.grub.enable = lib.mkDefault true; }; }; - flake.packages.x86_64-linux.install-iso = installer.config.formats.iso; - flake.apps.x86_64-linux.install-vm.program = installer.config.formats.vm.outPath; - flake.apps.x86_64-linux.install-vm-nogui.program = installer.config.formats.vm-nogui.outPath; + flake.packages.x86_64-linux.iso-installer = installerSystem.config.formats.iso; + flake.apps.x86_64-linux.install-vm.program = installerSystem.config.formats.vm.outPath; + flake.apps.x86_64-linux.install-vm-nogui.program = installerSystem.config.formats.vm-nogui.outPath; }