Modularize services with flake-parts

- Move and rename some modules matching ghaf mainline structure
- Create separate folder for hydrajobs
- Modularize with flake-parts
- Rewrite target config with flake-part modules

Signed-off-by: Anh Huy Bui <[email protected]>

config-processor-hardware.nix

@@ -23,7 +23,7 @@ let
   system = "x86_64-linux";
   vms = targetconf.vms;
 
-  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf;});
+  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf self;});
   enablevm = vm: {
     virtualization.microvm.${vm.name} = {
       enable = true;
@@ -41,6 +41,8 @@ let
       modules =
         [
           microvm.nixosModules.host
+          self.nixosModules.fmo-configs
+
           (import "${ghafOS}/modules/host")
           (import "${ghafOS}/modules/virtualization/microvm/microvm-host.nix")
           {
@@ -78,7 +80,6 @@ let
         ]
         ++ map (vm: importvm vms.${vm}) (builtins.attrNames vms)
         ++ (import "${ghafOS}/modules/module-list.nix")
-        ++ (import ./modules/fmo-module-list.nix)
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" targetconf then targetconf.extraModules else []);
     };
@@ -93,10 +94,12 @@ let
     (target "release" [])
   ];
 in {
-  nixosConfigurations =
-    builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
-  packages = {
-    x86_64-linux =
-      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+  flake = {
+    nixosConfigurations =
+      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
+    packages = {
+      x86_64-linux =
+        builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+    };
   };
 }

config-processor-installers.nix

@@ -42,6 +42,7 @@ let
       specialArgs = {inherit lib; inherit ghafOS;};
       modules =
         [
+          self.nixosModules.installer
           (import "${ghafOS}/modules/host")
           ({modulesPath, lib, config, ...}: {
             imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
@@ -50,12 +51,30 @@ let
             nixpkgs.config.allowUnfree = true;
 
             hardware.enableAllFirmware = true;
+
+            # Installer system profile
+            # Use less privileged ghaf user
+            users.users.ghaf = {
+              isNormalUser = true;
+              extraGroups = ["wheel" "networkmanager" "video"];
+              # Allow the graphical user to login without password
+              initialHashedPassword = "";
+            };
+
+            # Allow the user to log in as root without a password.
+            users.users.root.initialHashedPassword = "";
 
-            ghaf = {
-              profiles.installer.enable = true;
+            # Allow passwordless sudo from ghaf user
+            security.sudo = {
+              enable = lib.mkDefault true;
+              wheelNeedsPassword = lib.mkImageMediaOverride false;
             };
+
+            # Automatically log in at the virtual consoles.
+            services.getty.autologinUser = lib.mkDefault "ghaf";
           })
 
+          # Configs for installation
           {
             installer.includeOSS = {
               enable = lib.mkDefault true;
@@ -66,6 +85,7 @@ let
             };
           }
 
+          # Installer app
           {
             installer.${installerconf.installer.name} = installerApp installerconf.installer;
           }
@@ -77,7 +97,6 @@ let
             isoImage.squashfsCompression = "lz4"; 
           }
         ]
-        ++ (import ./modules/fmo-module-list.nix)
         ++ (import "${ghafOS}/modules/module-list.nix")
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" installerconf then installerconf.extraModules else []);
@@ -93,7 +112,9 @@ let
     (installer "release" [])
   ];
 in {
-  packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
-    ${system}.${name} = installerImgDrv;
-  }) targets);
+  flake = {
+    packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
+      ${system}.${name} = installerImgDrv;
+    }) targets);
+  };
 }

flake.nix

@@ -16,12 +16,18 @@
 
   inputs = rec {
     ghafOS.url = "github:tiiuae/ghaf";
+
+    #
+    # Flake and repo structuring configurations
+    #
+    # Allows us to structure the flake with the NixOS module system
+    flake-parts = {
+      url = "github:hercules-ci/flake-parts";
+    };
+
   };
 
-  outputs = {
-    self,
-    ghafOS,
-  }: let
+  outputs = inputs @ {ghafOS, flake-parts, self, ...}: let
     # Retrieve inputs from Ghaf
     nixpkgs = ghafOS.inputs.nixpkgs;
     flake-utils = ghafOS.inputs.flake-utils;
@@ -43,35 +49,37 @@
     generateHwConfig = import ./config-processor-hardware.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;};
     generateInstConfig = import ./config-processor-installers.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;};
   in
-    # Combine list of attribute sets together
-    lib.foldr lib.recursiveUpdate {} ([
-      (flake-utils.lib.eachSystem systems (system: let
-        pkgs = nixpkgs.legacyPackages.${system};
-      in {
-        hydraJobs = {
-          packages = {
-            x86_64-linux = {
-              fmo-os-installer-public-debug = self.packages.x86_64-linux.fmo-os-installer-public-debug;
-              fmo-os-installer-public-release = self.packages.x86_64-linux.fmo-os-installer-public-release;
-              fmo-os-rugged-laptop-7330-public-debug = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug;
-              fmo-os-rugged-laptop-7330-public-release = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release;
-              fmo-os-rugged-tablet-7230-public-debug = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug;
-              fmo-os-rugged-tablet-7230-public-release = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release;
-            };
-          };
-        };
 
-        formatter = pkgs.alejandra;
-      }))
-    ]
-    ++ map generateHwConfig [
-      (import ./hardware/fmo-os-rugged-laptop-7330.nix)
-      (import ./hardware/fmo-os-rugged-laptop-7330-public.nix)
-      (import ./hardware/fmo-os-rugged-tablet-7230.nix)
-      (import ./hardware/fmo-os-rugged-tablet-7230-public.nix)
-    ]
-    ++ map generateInstConfig [
-      (import ./installers/fmo-os-installer.nix)
-      (import ./installers/fmo-os-installer-public.nix)
-    ]);
+    flake-parts.lib.mkFlake
+    {
+      inherit inputs;
+    } {
+      # Toggle this to allow debugging in the repl
+      # see:https://flake.parts/debug
+      debug = false;
+
+      systems = [
+        "x86_64-linux"
+      ];
+
+      imports = [
+        ./hydrajobs/flake-module.nix
+        ./modules/flake-module.nix
+      ] ++ map generateHwConfig [
+        (import ./hardware/fmo-os-rugged-laptop-7330.nix)
+        (import ./hardware/fmo-os-rugged-laptop-7330-public.nix)
+        (import ./hardware/fmo-os-rugged-tablet-7230.nix)
+        (import ./hardware/fmo-os-rugged-tablet-7230-public.nix)
+      ] ++ map generateInstConfig [
+        (import ./installers/fmo-os-installer.nix)
+        (import ./installers/fmo-os-installer-public.nix)
+      ];
+
+      #TODO Fix this
+      #flake.nixosModules = with lib;
+      #  mapAttrs (_: import)
+      #  (flattenTree (rakeLeaves ./modules));
+
+      flake.lib = lib;
+    };
 }

hydrajobs/flake-module.nix

@@ -0,0 +1,13 @@
+# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+{self, ...}: 
+{  
+  flake.hydraJobs = {
+    fmo-os-installer-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-debug;
+    fmo-os-installer-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-release;
+    fmo-os-rugged-laptop-7330-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug;
+    fmo-os-rugged-laptop-7330-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release;
+    fmo-os-rugged-tablet-7230-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug;
+    fmo-os-rugged-tablet-7230-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release;
+  };
+}

modules/desktop/default.nix

@@ -0,0 +1,12 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Ghaf Desktop Experience
+#
+{
+  imports = [
+    ./launchers
+    ./graphics
+    ./profiles
+  ];
+}

modules/desktop/profiles/default.nix

@@ -0,0 +1,10 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Ghaf Graphic Profiles
+#
+{
+  imports = [
+    ./applications.nix
+  ];
+}

modules/flake-module.nix

@@ -0,0 +1,20 @@
+# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+{inputs, ...}: {   
+  flake.nixosModules = {
+    fmo-configs.imports = [
+      ./packages
+      ./fmo-services
+      ./desktop
+      ../utils/write-to-file
+    ];
+    installer.imports = [
+      ./packages
+      ./installers
+      ./fmo-services
+      ../utils/write-to-file
+      ];
+  };
+}

modules/fmo-services/default.nix

@@ -0,0 +1,15 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Services for FMO
+#
+{
+  imports = [
+    ./dci-service
+    ./hostname-service
+    ./portforwarding-service
+    ./psk-distribution-host
+    ./psk-distribution-vm
+    ./registration-agent-laptop
+  ];
+}

modules/installers/default.nix

@@ -0,0 +1,12 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Installers for FMO
+#
+{
+  imports = [
+    ./includeOSS
+    ./pterm-installer
+    ./simple-installer
+  ];
+}