Reorganize modules to match ghaf mainline stucture

.github/actions/build-action/entrypoint.sh

@@ -10,7 +10,7 @@ RA_TOKEN=$3
 SSH_DIR="/root/.ssh/"
 RESULT_DIR="result/iso/"
 RESULT_NAME="nixos.iso"
-RESULT_COPY_DIR="./result_to_upload/"
+RESULT_COPY_DIR="./"
 SYS_USER_NAME="root"
 
 err_print() {

.github/actions/upload-action-harbor/upload.sh

@@ -14,6 +14,8 @@ err_exit() {
   exit "$rc"
 }
 
+cd $GITHUB_WORKSPACE
+
 echo "::group::Input validation"
 
 [ ! "$HARBOR_URL" ] && err_exit 1 "HARBOR_URL undefined"
@@ -41,7 +43,7 @@ for input in $INPUT_PATHS; do
 
   UPLOAD_DIR=$SOURCE_DIR
   echo "oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR"
-  oras push --disable-path-validation "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR
+  oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR
 done
 
 echo "::endgroup::"

.github/actions/upload-action-jfrog/upload.sh

@@ -14,6 +14,8 @@ err_exit() {
   exit "$rc"
 }
 
+cd $GITHUB_WORKSPACE
+
 echo "::group::Input validation"
 
 [ ! "$JFROG_URL" ] && err_exit 1 "JFROG_URL undefined"

.github/workflows/build.yml

@@ -56,13 +56,13 @@ jobs:
           JFROG_TOKEN: ${{ secrets.JFROG_TOKEN }}
           JFROG_URL: ${{ secrets.JFROG_URL }}
           input-paths:  |
-            ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso
+            ${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso
       - name: Push to Harbor artifactory
         uses: ./.github/actions/upload-action-harbor
         with:
           HARBOR_UNAME: ${{ secrets.HARBOR_UNAME }}
           HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }}
           HARBOR_URL: ${{ secrets.HARBOR_URL }}
           input-paths:  |
-            ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }}
+            ${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }}
 

config-processor-hardware.nix

@@ -14,6 +14,7 @@
 }:
 let
   updateAttrs = (import ./utils/updateAttrs.nix).updateAttrs;
+  updateHostConfig = (import ./utils/updateHostConfig.nix).updateHostConfig;
 
   targetconf = if lib.hasAttr "extend" sysconf
                then updateAttrs false (import (lib.path.append ./hardware sysconf.extend) ).sysconf sysconf
@@ -23,7 +24,7 @@ let
   system = "x86_64-linux";
   vms = targetconf.vms;
 
-  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf;});
+  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf self;});
   enablevm = vm: {
     virtualization.microvm.${vm.name} = {
       enable = true;
@@ -41,6 +42,8 @@ let
       modules =
         [
           microvm.nixosModules.host
+          self.nixosModules.fmo-configs
+
           (import "${ghafOS}/modules/host")
           (import "${ghafOS}/modules/virtualization/microvm/microvm-host.nix")
           {
@@ -76,9 +79,9 @@ let
             ];
           }
         ]
+        ++ updateHostConfig {inherit lib; inherit targetconf;}
         ++ map (vm: importvm vms.${vm}) (builtins.attrNames vms)
         ++ (import "${ghafOS}/modules/module-list.nix")
-        ++ (import ./modules/fmo-module-list.nix)
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" targetconf then targetconf.extraModules else []);
     };
@@ -93,10 +96,12 @@ let
     (target "release" [])
   ];
 in {
-  nixosConfigurations =
-    builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
-  packages = {
-    x86_64-linux =
-      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+  flake = {
+    nixosConfigurations =
+      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
+    packages = {
+      x86_64-linux =
+        builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+    };
   };
 }

config-processor-installers.nix

@@ -42,6 +42,7 @@ let
       specialArgs = {inherit lib; inherit ghafOS;};
       modules =
         [
+          self.nixosModules.installer
           (import "${ghafOS}/modules/host")
           ({modulesPath, lib, config, ...}: {
             imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
@@ -50,12 +51,30 @@ let
             nixpkgs.config.allowUnfree = true;
 
             hardware.enableAllFirmware = true;
+
+            # Installer system profile
+            # Use less privileged ghaf user
+            users.users.ghaf = {
+              isNormalUser = true;
+              extraGroups = ["wheel" "networkmanager" "video"];
+              # Allow the graphical user to login without password
+              initialHashedPassword = "";
+            };
+
+            # Allow the user to log in as root without a password.
+            users.users.root.initialHashedPassword = "";
 
-            ghaf = {
-              profiles.installer.enable = true;
+            # Allow passwordless sudo from ghaf user
+            security.sudo = {
+              enable = lib.mkDefault true;
+              wheelNeedsPassword = lib.mkImageMediaOverride false;
             };
+
+            # Automatically log in at the virtual consoles.
+            services.getty.autologinUser = lib.mkDefault "ghaf";
           })
 
+          # Configs for installation
           {
             installer.includeOSS = {
               enable = lib.mkDefault true;
@@ -66,6 +85,7 @@ let
             };
           }
 
+          # Installer app
           {
             installer.${installerconf.installer.name} = installerApp installerconf.installer;
           }
@@ -77,7 +97,6 @@ let
             isoImage.squashfsCompression = "lz4"; 
           }
         ]
-        ++ (import ./modules/fmo-module-list.nix)
         ++ (import "${ghafOS}/modules/module-list.nix")
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" installerconf then installerconf.extraModules else []);
@@ -93,7 +112,9 @@ let
     (installer "release" [])
   ];
 in {
-  packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
-    ${system}.${name} = installerImgDrv;
-  }) targets);
+  flake = {
+    packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
+      ${system}.${name} = installerImgDrv;
+    }) targets);
+  };
 }

flake.nix

@@ -16,12 +16,18 @@
 
   inputs = rec {
     ghafOS.url = "github:tiiuae/ghaf";
+
+    #
+    # Flake and repo structuring configurations
+    #
+    # Allows us to structure the flake with the NixOS module system
+    flake-parts = {
+      url = "github:hercules-ci/flake-parts";
+    };
+
   };
 
-  outputs = {
-    self,
-    ghafOS,
-  }: let
+  outputs = inputs @ {ghafOS, flake-parts, self, ...}: let
     # Retrieve inputs from Ghaf
     nixpkgs = ghafOS.inputs.nixpkgs;
     flake-utils = ghafOS.inputs.flake-utils;
@@ -43,35 +49,32 @@
     generateHwConfig = import ./config-processor-hardware.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;};
     generateInstConfig = import ./config-processor-installers.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;};
   in
-    # Combine list of attribute sets together
-    lib.foldr lib.recursiveUpdate {} ([
-      (flake-utils.lib.eachSystem systems (system: let
-        pkgs = nixpkgs.legacyPackages.${system};
-      in {
-        hydraJobs = {
-          packages = {
-            x86_64-linux = {
-              fmo-os-installer-public-debug = self.packages.x86_64-linux.fmo-os-installer-public-debug;
-              fmo-os-installer-public-release = self.packages.x86_64-linux.fmo-os-installer-public-release;
-              fmo-os-rugged-laptop-7330-public-debug = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug;
-              fmo-os-rugged-laptop-7330-public-release = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release;
-              fmo-os-rugged-tablet-7230-public-debug = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug;
-              fmo-os-rugged-tablet-7230-public-release = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release;
-            };
-          };
-        };
 
-        formatter = pkgs.alejandra;
-      }))
-    ]
-    ++ map generateHwConfig [
-      (import ./hardware/fmo-os-rugged-laptop-7330.nix)
-      (import ./hardware/fmo-os-rugged-laptop-7330-public.nix)
-      (import ./hardware/fmo-os-rugged-tablet-7230.nix)
-      (import ./hardware/fmo-os-rugged-tablet-7230-public.nix)
-    ]
-    ++ map generateInstConfig [
-      (import ./installers/fmo-os-installer.nix)
-      (import ./installers/fmo-os-installer-public.nix)
-    ]);
+    flake-parts.lib.mkFlake
+    {
+      inherit inputs;
+    } {
+      # Toggle this to allow debugging in the repl
+      # see:https://flake.parts/debug
+      debug = false;
+
+      systems = [
+        "x86_64-linux"
+      ];
+
+      imports = [
+        ./hydrajobs/flake-module.nix
+        ./modules/flake-module.nix
+      ] ++ map generateHwConfig [
+        (import ./hardware/fmo-os-rugged-laptop-7330.nix)
+        (import ./hardware/fmo-os-rugged-laptop-7330-public.nix)
+        (import ./hardware/fmo-os-rugged-tablet-7230.nix)
+        (import ./hardware/fmo-os-rugged-tablet-7230-public.nix)
+      ] ++ map generateInstConfig [
+        (import ./installers/fmo-os-installer.nix)
+        (import ./installers/fmo-os-installer-public.nix)
+      ];
+
+      flake.lib = lib;
+    };
 }

hardware/fmo-os-rugged-laptop-7330.nix

@@ -5,6 +5,9 @@
 {
   sysconf = {
     name = "fmo-os-rugged-laptop-7330";
+    ipaddr = "192.168.101.2";
+    defaultgw = "192.168.101.1";
+
     systemPackages = [
       "vim"
       "tcpdump"
@@ -249,8 +252,12 @@
             fmo-dci = {
               enable = true;
               compose-path = "/var/lib/fogdata/docker-compose.yml";
+              update-path = "/var/lib/fogdata/docker-compose.yml.new";
+              backup-path = "/var/lib/fogdata/docker-compose.yml.backup";
               pat-path = "/var/lib/fogdata/PAT.pat";
               preloaded-images = "tii-offline-map-data-loader.tar.gz";
+              docker-url = "cr.airoplatform.com";
+              docker-url-path = "/var/lib/fogdata/cr.url";
             }; # services.fmo-dci
             avahi = {
               enable = true;

hardware/fmo-os-rugged-tablet-7230.nix

@@ -5,6 +5,9 @@
 {
   sysconf = {
     name = "fmo-os-rugged-tablet-7230";
+    ipaddr = "192.168.101.2";
+    defaultgw = "192.168.101.1";
+
     systemPackages = [
       "vim"
       "tcpdump"
@@ -229,8 +232,12 @@
             fmo-dci = {
               enable = true;
               compose-path = "/var/lib/fogdata/docker-compose.yml";
+              update-path = "/var/lib/fogdata/docker-compose.yml.new";
+              backup-path = "/var/lib/fogdata/docker-compose.yml.backup";
               pat-path = "/var/lib/fogdata/PAT.pat";
               preloaded-images = "tii-offline-map-data-loader.tar.gz";
+              docker-url = "cr.airoplatform.com";
+              docker-url-path = "/var/lib/fogdata/cr.url";
             }; # services.fmo-dci
             avahi = {
               enable = true;

hydrajobs/flake-module.nix

@@ -0,0 +1,13 @@
+# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+{self, ...}: 
+{  
+  flake.hydraJobs = {
+    fmo-os-installer-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-debug;
+    fmo-os-installer-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-release;
+    fmo-os-rugged-laptop-7330-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug;
+    fmo-os-rugged-laptop-7330-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release;
+    fmo-os-rugged-tablet-7230-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug;
+    fmo-os-rugged-tablet-7230-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release;
+  };
+}

installers/fmo-os-installer.nix

@@ -46,6 +46,11 @@
       run_on_boot = true;
       welcome_msg = "Welcome to FMO-OS installer";
       mount_path = "/home/ghaf/root";
+      docker_urls = [
+        "ghcr.io"
+        "cr.airoplatform.com"
+      ];
+      docker_url_path = "/var/fogdata/cr.url";
       custom_script_path = "registration-agent-laptop";
       custom_script_env_path = [
         "/home/ghaf/root/var/fogdata"

modules/desktop/default.nix

@@ -0,0 +1,12 @@
+# Copyright 2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Ghaf Desktop Experience
+#
+{
+  imports = [
+    ./launchers
+    ./graphics
+    ./profiles
+  ];
+}