diff --git a/.github/actions/build-action/entrypoint.sh b/.github/actions/build-action/entrypoint.sh index 35ef80e..cfc13d5 100755 --- a/.github/actions/build-action/entrypoint.sh +++ b/.github/actions/build-action/entrypoint.sh @@ -10,7 +10,7 @@ RA_TOKEN=$3 SSH_DIR="/root/.ssh/" RESULT_DIR="result/iso/" RESULT_NAME="nixos.iso" -RESULT_COPY_DIR="./result_to_upload/" +RESULT_COPY_DIR="./" SYS_USER_NAME="root" err_print() { diff --git a/.github/actions/upload-action-harbor/upload.sh b/.github/actions/upload-action-harbor/upload.sh index a92a7f9..93b74e1 100755 --- a/.github/actions/upload-action-harbor/upload.sh +++ b/.github/actions/upload-action-harbor/upload.sh @@ -14,6 +14,8 @@ err_exit() { exit "$rc" } +cd $GITHUB_WORKSPACE + echo "::group::Input validation" [ ! "$HARBOR_URL" ] && err_exit 1 "HARBOR_URL undefined" @@ -41,7 +43,7 @@ for input in $INPUT_PATHS; do UPLOAD_DIR=$SOURCE_DIR echo "oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR" - oras push --disable-path-validation "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR + oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR done echo "::endgroup::" diff --git a/.github/actions/upload-action-jfrog/upload.sh b/.github/actions/upload-action-jfrog/upload.sh index 847d082..5912247 100755 --- a/.github/actions/upload-action-jfrog/upload.sh +++ b/.github/actions/upload-action-jfrog/upload.sh @@ -14,6 +14,8 @@ err_exit() { exit "$rc" } +cd $GITHUB_WORKSPACE + echo "::group::Input validation" [ ! "$JFROG_URL" ] && err_exit 1 "JFROG_URL undefined" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f947167..707f005 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,7 +56,7 @@ jobs: JFROG_TOKEN: ${{ secrets.JFROG_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} input-paths: | - ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso + ${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso - name: Push to Harbor artifactory uses: ./.github/actions/upload-action-harbor with: @@ -64,5 +64,5 @@ jobs: HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }} HARBOR_URL: ${{ secrets.HARBOR_URL }} input-paths: | - ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }} + ${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }} diff --git a/config-processor-hardware.nix b/config-processor-hardware.nix index 6720b09..5e38fcc 100644 --- a/config-processor-hardware.nix +++ b/config-processor-hardware.nix @@ -14,6 +14,7 @@ }: let updateAttrs = (import ./utils/updateAttrs.nix).updateAttrs; + updateHostConfig = (import ./utils/updateHostConfig.nix).updateHostConfig; targetconf = if lib.hasAttr "extend" sysconf then updateAttrs false (import (lib.path.append ./hardware sysconf.extend) ).sysconf sysconf @@ -23,7 +24,7 @@ let system = "x86_64-linux"; vms = targetconf.vms; - importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf;}); + importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf self;}); enablevm = vm: { virtualization.microvm.${vm.name} = { enable = true; @@ -41,8 +42,12 @@ let modules = [ microvm.nixosModules.host - (import "${ghafOS}/modules/host") - (import "${ghafOS}/modules/virtualization/microvm/microvm-host.nix") + self.nixosModules.fmo-configs + self.nixosModules.ghaf-common + ghafOS.nixosModules.host + + (import "${ghafOS}/modules/microvm/networking.nix") + (import "${ghafOS}/modules/microvm/virtualization/microvm/microvm-host.nix") { ghaf = lib.mkMerge ( [ @@ -50,6 +55,7 @@ let hardware.x86_64.common.enable = true; virtualization.microvm-host.enable = true; + virtualization.microvm-host.hostNetworkSupport = true; host.networking.enable = true; # Enable all the default UI applications @@ -76,9 +82,8 @@ let ]; } ] + ++ updateHostConfig {inherit lib; inherit targetconf;} ++ map (vm: importvm vms.${vm}) (builtins.attrNames vms) - ++ (import "${ghafOS}/modules/module-list.nix") - ++ (import ./modules/fmo-module-list.nix) ++ extraModules ++ (if lib.hasAttr "extraModules" targetconf then targetconf.extraModules else []); }; @@ -87,16 +92,18 @@ let name = "${name}-${variant}"; package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr}; }; - debugModules = [(import "${ghafOS}/modules/development/usb-serial.nix") {ghaf.development.usb-serial.enable = true;}]; + debugModules = [{ghaf.development.usb-serial.enable = true;}]; targets = [ (target "debug" debugModules) (target "release" []) ]; in { - nixosConfigurations = - builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets); - packages = { - x86_64-linux = - builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets); + flake = { + nixosConfigurations = + builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets); + packages = { + x86_64-linux = + builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets); + }; }; } diff --git a/config-processor-installers.nix b/config-processor-installers.nix index 8c7e5b8..4dc4147 100644 --- a/config-processor-installers.nix +++ b/config-processor-installers.nix @@ -42,7 +42,9 @@ let specialArgs = {inherit lib; inherit ghafOS;}; modules = [ - (import "${ghafOS}/modules/host") + self.nixosModules.installer + self.nixosModules.ghaf-common + ({modulesPath, lib, config, ...}: { imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; @@ -50,12 +52,30 @@ let nixpkgs.config.allowUnfree = true; hardware.enableAllFirmware = true; + + # Installer system profile + # Use less privileged ghaf user + users.users.ghaf = { + isNormalUser = true; + extraGroups = ["wheel" "networkmanager" "video"]; + # Allow the graphical user to login without password + initialHashedPassword = ""; + }; + + # Allow the user to log in as root without a password. + users.users.root.initialHashedPassword = ""; - ghaf = { - profiles.installer.enable = true; + # Allow passwordless sudo from ghaf user + security.sudo = { + enable = lib.mkDefault true; + wheelNeedsPassword = lib.mkImageMediaOverride false; }; + + # Automatically log in at the virtual consoles. + services.getty.autologinUser = lib.mkDefault "ghaf"; }) + # Configs for installation { installer.includeOSS = { enable = lib.mkDefault true; @@ -66,6 +86,7 @@ let }; } + # Installer app { installer.${installerconf.installer.name} = installerApp installerconf.installer; } @@ -77,8 +98,7 @@ let isoImage.squashfsCompression = "lz4"; } ] - ++ (import ./modules/fmo-module-list.nix) - ++ (import "${ghafOS}/modules/module-list.nix") + #++ (import "${ghafOS}/modules/module-list.nix") ++ extraModules ++ (if lib.hasAttr "extraModules" installerconf then installerconf.extraModules else []); }; @@ -87,13 +107,15 @@ let inherit installerImgCfg system; installerImgDrv = installerImgCfg.config.system.build.${installerImgCfg.config.formatAttr}; }; - debugModules = [(import "${ghafOS}/modules/development/usb-serial.nix") {ghaf.development.usb-serial.enable = true;}]; + debugModules = [{ghaf.development.usb-serial.enable = true;}]; targets = [ (installer "debug" debugModules) (installer "release" []) ]; in { - packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: { - ${system}.${name} = installerImgDrv; - }) targets); + flake = { + packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: { + ${system}.${name} = installerImgDrv; + }) targets); + }; } diff --git a/flake.lock b/flake.lock index 046f001..6b1fe9d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,15 +1,185 @@ { "nodes": { + "crane": { + "inputs": { + "flake-compat": [ + "ghafOS", + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "ghafOS", + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "ghafOS", + "lanzaboote", + "nixpkgs" + ], + "rust-overlay": [ + "ghafOS", + "lanzaboote", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devour-flake": { + "flake": false, + "locked": { + "lastModified": 1699722684, + "narHash": "sha256-LapKkHNZ8D3k/uLaJjmGxx7GuYRinGBxEkIAGb/8pCo=", + "owner": "srid", + "repo": "devour-flake", + "rev": "c89ad7a611caef31899292bc8f9aae9e7aa251cb", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "devour-flake", + "type": "github" + } + }, + "devshell": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705332421, + "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", + "owner": "numtide", + "repo": "devshell", + "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706491084, + "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "owner": "nix-community", + "repo": "disko", + "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "ghafOS", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-root": { + "locked": { + "lastModified": 1692742795, + "narHash": "sha256-f+Y0YhVCIJ06LemO+3Xx00lIcqQxSKJHXT/yk1RTKxw=", + "owner": "srid", + "repo": "flake-root", + "rev": "d9a70d9c7a5fd7f3258ccf48da9335e9b47c3937", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "flake-root", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": [ + "ghafOS", + "systems" + ] + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -20,19 +190,30 @@ }, "ghafOS": { "inputs": { - "flake-utils": "flake-utils", + "devour-flake": "devour-flake", + "devshell": "devshell", + "disko": "disko", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-root": "flake-root", + "flake-utils": "flake-utils_2", "jetpack-nixos": "jetpack-nixos", + "lanzaboote": "lanzaboote", "microvm": "microvm", + "nix-fast-build": "nix-fast-build", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1689110953, - "narHash": "sha256-oHA0ZCTSzQYZO/KbOxIFTSj0eBy3kJPdN7KONZyyUKc=", + "lastModified": 1710696276, + "narHash": "sha256-q/kETMHnJG7SrZdCn5r8M2t9PT2aRb+o3KCd2ABiBTc=", "owner": "tiiuae", "repo": "ghaf", - "rev": "9638a163542b939735bf34de483a9999a27e55ac", + "rev": "d888db4835c2152702d1a8bc3ccda0150e9643b9", "type": "github" }, "original": { @@ -41,6 +222,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "ghafOS", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "jetpack-nixos": { "inputs": { "nixpkgs": [ @@ -49,11 +252,11 @@ ] }, "locked": { - "lastModified": 1686967443, - "narHash": "sha256-PXIDBOVM8JpMBo/oYrfDHD08AfO/rJKredz3yO/gDeA=", + "lastModified": 1707323143, + "narHash": "sha256-Mfj2l2aE+3Vu/u1M1PtQTvIoOZfCkINgtCQagSZFU6Q=", "owner": "anduril", "repo": "jetpack-nixos", - "rev": "ddaff1bfceafb93ea67cb4ef953ba8eff5cf942b", + "rev": "6ae4ce1d368fb56235a8b15ef926db28c4643eb8", "type": "github" }, "original": { @@ -62,6 +265,46 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": [ + "ghafOS", + "flake-compat" + ], + "flake-parts": [ + "ghafOS", + "flake-parts" + ], + "flake-utils": [ + "ghafOS", + "flake-utils" + ], + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ], + "pre-commit-hooks-nix": [ + "ghafOS", + "pre-commit-hooks-nix" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1682802423, + "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "64b903ca87d18cef2752c19c098af275c6e51d63", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.3.0", + "repo": "lanzaboote", + "type": "github" + } + }, "microvm": { "inputs": { "flake-utils": [ @@ -74,11 +317,11 @@ ] }, "locked": { - "lastModified": 1688933605, - "narHash": "sha256-eux5CjKmO+6GFoovtckoVo0es1FZ2mzupehDyHuCaCk=", + "lastModified": 1701202812, + "narHash": "sha256-ym/Rd4tR4i2d1WdPNKaeeIz/UoyfnCe5UBZbUl1M0PM=", "owner": "astro", "repo": "microvm.nix", - "rev": "018691bf86a70b7e5d24eb37d6aad05ce1c1b12e", + "rev": "89bb7a5230a4820736a43e058c8d2a2c560d672b", "type": "github" }, "original": { @@ -87,13 +330,42 @@ "type": "github" } }, + "nix-fast-build": { + "inputs": { + "flake-parts": [ + "ghafOS", + "flake-parts" + ], + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ], + "treefmt-nix": [ + "ghafOS", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1703607026, + "narHash": "sha256-Emh0BPoqlS4ntp2UJrwydXfIP4qIMF0VBB2FUE3/M/E=", + "owner": "Mic92", + "repo": "nix-fast-build", + "rev": "4376b8a33b217ee2f78ba3dcff01a3e464d13a46", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-fast-build", + "type": "github" + } + }, "nixlib": { "locked": { - "lastModified": 1688259758, - "narHash": "sha256-CYVbYQfIm3vwciCf6CCYE+WOOLE3vcfxfEfNHIfKUJQ=", + "lastModified": 1693701915, + "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a92befce80a487380ea5e92ae515fe33cebd3ac6", + "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", "type": "github" }, "original": { @@ -111,11 +383,11 @@ ] }, "locked": { - "lastModified": 1688738567, - "narHash": "sha256-yax5BYOfpE0+95kyJmEcfKEdZBaFvCENDogBB4VQB3Q=", + "lastModified": 1705400161, + "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "9191c85aab6b1a7ad395c13d340f2aa0e3ddf552", + "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234", "type": "github" }, "original": { @@ -126,40 +398,101 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1689060619, - "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", - "owner": "nixos", + "lastModified": 1705312285, + "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", + "owner": "NixOS", "repo": "nixos-hardware", - "rev": "44bc025007e5fcc10dbc3d9f96dcbf06fc0e8c1c", + "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "repo": "nixos-hardware", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1689048911, - "narHash": "sha256-pODI2CkjWbSLo5nPMZoLtkRNJU/Nr3VSITXZqqmNtIk=", - "owner": "nixos", + "lastModified": 1702914124, + "narHash": "sha256-EjmBJGB6DOdJnMoUKkNVMvJOYN11KU+U3IJcuGlhi38=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "8163a64662b43848802092d52015ef60777d6129", + "rev": "3a9928df838d1470a0e308cef74c251e90fc83a8", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.05", + "owner": "NixOS", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "ghafOS", + "flake-compat" + ], + "flake-utils": [ + "ghafOS", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ], + "nixpkgs-stable": [ + "ghafOS", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705229514, + "narHash": "sha256-itILy0zimR/iyUGq5Dgg0fiW8plRDyxF153LWGsg3Cw=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "ffa9a5b90b0acfaa03b1533b83eaf5dead819a05", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "ghafOS": "ghafOS" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "ghafOS", + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "ghafOS", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682129965, + "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2c417c0460b788328220120c698630947547ee83", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -174,6 +507,42 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "ghafOS", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705659004, + "narHash": "sha256-XQsZudrb9u5Pw631U0tFYZkjq49CcwF24XT01vz2jPk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8cd95da6c30852adb2a06c4b6bdacfe8b64a0a35", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8725008..b32b291 100644 --- a/flake.nix +++ b/flake.nix @@ -18,17 +18,14 @@ ghafOS.url = "github:tiiuae/ghaf"; }; - outputs = { - self, - ghafOS, - }: let + outputs = inputs @ {ghafOS, self, ...}: let # Retrieve inputs from Ghaf nixpkgs = ghafOS.inputs.nixpkgs; flake-utils = ghafOS.inputs.flake-utils; nixos-generators = ghafOS.inputs.nixos-generators; nixos-hardware = ghafOS.inputs.nixos-hardware; microvm = ghafOS.inputs.microvm; - + flake-parts = ghafOS.inputs.flake-parts; systems = with flake-utils.lib.system; [ x86_64-linux ]; @@ -43,35 +40,37 @@ generateHwConfig = import ./config-processor-hardware.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;}; generateInstConfig = import ./config-processor-installers.nix {inherit nixpkgs ghafOS self nixos-hardware nixos-generators lib microvm;}; in - # Combine list of attribute sets together - lib.foldr lib.recursiveUpdate {} ([ - (flake-utils.lib.eachSystem systems (system: let - pkgs = nixpkgs.legacyPackages.${system}; - in { - hydraJobs = { - packages = { - x86_64-linux = { - fmo-os-installer-public-debug = self.packages.x86_64-linux.fmo-os-installer-public-debug; - fmo-os-installer-public-release = self.packages.x86_64-linux.fmo-os-installer-public-release; - fmo-os-rugged-laptop-7330-public-debug = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug; - fmo-os-rugged-laptop-7330-public-release = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release; - fmo-os-rugged-tablet-7230-public-debug = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug; - fmo-os-rugged-tablet-7230-public-release = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release; - }; - }; - }; - formatter = pkgs.alejandra; - })) - ] - ++ map generateHwConfig [ - (import ./hardware/fmo-os-rugged-laptop-7330.nix) - (import ./hardware/fmo-os-rugged-laptop-7330-public.nix) - (import ./hardware/fmo-os-rugged-tablet-7230.nix) - (import ./hardware/fmo-os-rugged-tablet-7230-public.nix) - ] - ++ map generateInstConfig [ - (import ./installers/fmo-os-installer.nix) - (import ./installers/fmo-os-installer-public.nix) - ]); + flake-parts.lib.mkFlake + { + inherit inputs; + } { + # Toggle this to allow debugging in the repl + # see:https://flake.parts/debug + debug = false; + + systems = [ + "x86_64-linux" + ]; + + imports = [ + ./hydrajobs/flake-module.nix + ./modules/flake-module.nix + ] ++ map generateHwConfig [ + (import ./hardware/fmo-os-rugged-laptop-7330.nix) + (import ./hardware/fmo-os-rugged-laptop-7330-public.nix) + (import ./hardware/fmo-os-rugged-tablet-7230.nix) + (import ./hardware/fmo-os-rugged-tablet-7230-public.nix) + ] ++ map generateInstConfig [ + (import ./installers/fmo-os-installer.nix) + (import ./installers/fmo-os-installer-public.nix) + ]; + + #TODO Fix this + #flake.nixosModules = with lib; + # mapAttrs (_: import) + # (flattenTree (rakeLeaves ./modules)); + + flake.lib = lib; + }; } diff --git a/hardware/fmo-os-rugged-laptop-7330.nix b/hardware/fmo-os-rugged-laptop-7330.nix index 4569ee1..1272730 100644 --- a/hardware/fmo-os-rugged-laptop-7330.nix +++ b/hardware/fmo-os-rugged-laptop-7330.nix @@ -5,6 +5,9 @@ { sysconf = { name = "fmo-os-rugged-laptop-7330"; + ipaddr = "192.168.101.2"; + defaultgw = "192.168.101.1"; + systemPackages = [ "vim" "tcpdump" @@ -168,16 +171,12 @@ bus = "pci"; path = "0000:00:1f.6"; } + { + bus = "usb"; + path = "vendorid=0x0525,productid=0xa4a2"; + } ]; # microvm.devices - # WAR: Default microvm's way to passthrough usb devices is not working - # Lets use qemu.extraArgs for that - qemu.extraArgs = [ - "-usb" - "-device" - "usb-host,vendorid=0x0525,productid=0xa4a2" - ]; # microvm.qemu.extraArgs - shares = [ { source = "/var/netvm/netconf"; @@ -217,13 +216,12 @@ microvm = { mem = 4096; vcpu = 2; - # WAR: Default microvm's way to passthrough usb devices is not working - # Lets use qemu.extraArgs for that - qemu.extraArgs = [ - "-usb" - "-device" - "usb-host,vendorid=0x1546,productid=0x01a9" - ]; # microvm.qemu.extraArgs + devices = [ + { + bus = "usb"; + path = "vendorid=0x1546,productid=0x01a9"; + } + ]; # microvm.devices volumes = [{ image = "/var/tmp/dockervm.img"; mountPoint = "/var/lib/docker"; @@ -249,8 +247,12 @@ fmo-dci = { enable = true; compose-path = "/var/lib/fogdata/docker-compose.yml"; + update-path = "/var/lib/fogdata/docker-compose.yml.new"; + backup-path = "/var/lib/fogdata/docker-compose.yml.backup"; pat-path = "/var/lib/fogdata/PAT.pat"; preloaded-images = "tii-offline-map-data-loader.tar.gz"; + docker-url = "cr.airoplatform.com"; + docker-url-path = "/var/lib/fogdata/cr.url"; }; # services.fmo-dci avahi = { enable = true; diff --git a/hardware/fmo-os-rugged-tablet-7230.nix b/hardware/fmo-os-rugged-tablet-7230.nix index 5a124b8..a38cef0 100644 --- a/hardware/fmo-os-rugged-tablet-7230.nix +++ b/hardware/fmo-os-rugged-tablet-7230.nix @@ -5,6 +5,9 @@ { sysconf = { name = "fmo-os-rugged-tablet-7230"; + ipaddr = "192.168.101.2"; + defaultgw = "192.168.101.1"; + systemPackages = [ "vim" "tcpdump" @@ -148,16 +151,11 @@ bus = "pci"; path = "0000:00:14.3"; } + { + bus = "usb"; + path = "vendorid=0x0525,productid=0xa4a2"; + } ]; # microvm.devices - - # WAR: Default microvm's way to passthrough usb devices is not working - # Lets use qemu.extraArgs for that - qemu.extraArgs = [ - "-usb" - "-device" - "usb-host,vendorid=0x0525,productid=0xa4a2" - ]; # microvm.qemu.extraArgs - shares = [ { source = "/var/netvm/netconf"; @@ -197,13 +195,12 @@ microvm = { mem = 4096; vcpu = 2; - # WAR: Default microvm's way to passthrough usb devices is not working - # Lets use qemu.extraArgs for that - qemu.extraArgs = [ - "-usb" - "-device" - "usb-host,vendorid=0x1546,productid=0x01a9" - ]; # microvm.qemu.extraArgs + devices = [ + { + bus = "usb"; + path = "vendorid=0x1546,productid=0x01a9"; + } + ]; # microvm.devices volumes = [{ image = "/var/tmp/dockervm.img"; mountPoint = "/var/lib/docker"; @@ -229,8 +226,12 @@ fmo-dci = { enable = true; compose-path = "/var/lib/fogdata/docker-compose.yml"; + update-path = "/var/lib/fogdata/docker-compose.yml.new"; + backup-path = "/var/lib/fogdata/docker-compose.yml.backup"; pat-path = "/var/lib/fogdata/PAT.pat"; preloaded-images = "tii-offline-map-data-loader.tar.gz"; + docker-url = "cr.airoplatform.com"; + docker-url-path = "/var/lib/fogdata/cr.url"; }; # services.fmo-dci avahi = { enable = true; diff --git a/hydrajobs/flake-module.nix b/hydrajobs/flake-module.nix new file mode 100644 index 0000000..a6fa7a1 --- /dev/null +++ b/hydrajobs/flake-module.nix @@ -0,0 +1,13 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{self, ...}: +{ + flake.hydraJobs = { + fmo-os-installer-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-debug; + fmo-os-installer-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-installer-public-release; + fmo-os-rugged-laptop-7330-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-debug; + fmo-os-rugged-laptop-7330-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-laptop-7330-public-release; + fmo-os-rugged-tablet-7230-public-debug.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-debug; + fmo-os-rugged-tablet-7230-public-release.x86_64-linux = self.packages.x86_64-linux.fmo-os-rugged-tablet-7230-public-release; + }; +} diff --git a/installers/fmo-os-installer.nix b/installers/fmo-os-installer.nix index 7446d80..55d3d1a 100644 --- a/installers/fmo-os-installer.nix +++ b/installers/fmo-os-installer.nix @@ -46,6 +46,11 @@ run_on_boot = true; welcome_msg = "Welcome to FMO-OS installer"; mount_path = "/home/ghaf/root"; + docker_urls = [ + "ghcr.io" + "cr.airoplatform.com" + ]; + docker_url_path = "/var/fogdata/cr.url"; custom_script_path = "registration-agent-laptop"; custom_script_env_path = [ "/home/ghaf/root/var/fogdata" diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix new file mode 100644 index 0000000..3d8934b --- /dev/null +++ b/modules/desktop/default.nix @@ -0,0 +1,12 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Ghaf Desktop Experience +# +{ + imports = [ + ./launchers + ./graphics + ./profiles + ]; +} diff --git a/modules/graphics/assets/arrow-circle-left-svgrepo-com.svg b/modules/desktop/graphics/assets/arrow-circle-left-svgrepo-com.svg similarity index 100% rename from modules/graphics/assets/arrow-circle-left-svgrepo-com.svg rename to modules/desktop/graphics/assets/arrow-circle-left-svgrepo-com.svg diff --git a/modules/graphics/assets/arrow-circle-right-svgrepo-com.svg b/modules/desktop/graphics/assets/arrow-circle-right-svgrepo-com.svg similarity index 100% rename from modules/graphics/assets/arrow-circle-right-svgrepo-com.svg rename to modules/desktop/graphics/assets/arrow-circle-right-svgrepo-com.svg diff --git a/modules/graphics/assets/close-circle-svgrepo-com.svg b/modules/desktop/graphics/assets/close-circle-svgrepo-com.svg similarity index 100% rename from modules/graphics/assets/close-circle-svgrepo-com.svg rename to modules/desktop/graphics/assets/close-circle-svgrepo-com.svg diff --git a/modules/graphics/assets/keyboard.png b/modules/desktop/graphics/assets/keyboard.png similarity index 100% rename from modules/graphics/assets/keyboard.png rename to modules/desktop/graphics/assets/keyboard.png diff --git a/modules/graphics/assets/system-shutdown-symbolic.svg b/modules/desktop/graphics/assets/system-shutdown-symbolic.svg similarity index 100% rename from modules/graphics/assets/system-shutdown-symbolic.svg rename to modules/desktop/graphics/assets/system-shutdown-symbolic.svg diff --git a/modules/graphics/assets/wallpaper.jpg b/modules/desktop/graphics/assets/wallpaper.jpg similarity index 100% rename from modules/graphics/assets/wallpaper.jpg rename to modules/desktop/graphics/assets/wallpaper.jpg diff --git a/modules/graphics/default.nix b/modules/desktop/graphics/default.nix similarity index 89% rename from modules/graphics/default.nix rename to modules/desktop/graphics/default.nix index ba490b4..4eefef5 100644 --- a/modules/graphics/default.nix +++ b/modules/desktop/graphics/default.nix @@ -10,6 +10,5 @@ ./sway/sway.nix ./sway/sway.ini.nix ./fonts.nix - ./window-manager.nix ]; } diff --git a/modules/graphics/fonts.nix b/modules/desktop/graphics/fonts.nix similarity index 90% rename from modules/graphics/fonts.nix rename to modules/desktop/graphics/fonts.nix index 01ce5aa..09e9140 100644 --- a/modules/graphics/fonts.nix +++ b/modules/desktop/graphics/fonts.nix @@ -9,7 +9,7 @@ sway = config.ghaf.graphics.sway; in { config = { - fonts.fonts = with pkgs; + fonts.packages = with pkgs; lib.lists.optionals sway.enable [ font-awesome_5 font-awesome diff --git a/modules/graphics/sway/config b/modules/desktop/graphics/sway/config similarity index 100% rename from modules/graphics/sway/config rename to modules/desktop/graphics/sway/config diff --git a/modules/graphics/sway/lisgd/config b/modules/desktop/graphics/sway/lisgd/config similarity index 100% rename from modules/graphics/sway/lisgd/config rename to modules/desktop/graphics/sway/lisgd/config diff --git a/modules/graphics/sway/lisgd/default.nix b/modules/desktop/graphics/sway/lisgd/default.nix similarity index 100% rename from modules/graphics/sway/lisgd/default.nix rename to modules/desktop/graphics/sway/lisgd/default.nix diff --git a/modules/graphics/sway/nwg-panel/config b/modules/desktop/graphics/sway/nwg-panel/config similarity index 100% rename from modules/graphics/sway/nwg-panel/config rename to modules/desktop/graphics/sway/nwg-panel/config diff --git a/modules/graphics/sway/nwg-panel/default.nix b/modules/desktop/graphics/sway/nwg-panel/default.nix similarity index 100% rename from modules/graphics/sway/nwg-panel/default.nix rename to modules/desktop/graphics/sway/nwg-panel/default.nix diff --git a/modules/graphics/sway/nwg-panel/style.css b/modules/desktop/graphics/sway/nwg-panel/style.css similarity index 100% rename from modules/graphics/sway/nwg-panel/style.css rename to modules/desktop/graphics/sway/nwg-panel/style.css diff --git a/modules/graphics/sway/sway.ini.nix b/modules/desktop/graphics/sway/sway.ini.nix similarity index 100% rename from modules/graphics/sway/sway.ini.nix rename to modules/desktop/graphics/sway/sway.ini.nix diff --git a/modules/graphics/sway/sway.nix b/modules/desktop/graphics/sway/sway.nix similarity index 100% rename from modules/graphics/sway/sway.nix rename to modules/desktop/graphics/sway/sway.nix diff --git a/modules/app-launchers/default.nix b/modules/desktop/launchers/default.nix similarity index 100% rename from modules/app-launchers/default.nix rename to modules/desktop/launchers/default.nix diff --git a/modules/desktop/profiles/applications.nix b/modules/desktop/profiles/applications.nix new file mode 100644 index 0000000..d09e5cf --- /dev/null +++ b/modules/desktop/profiles/applications.nix @@ -0,0 +1,16 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +{ + config, + lib, + ... +}: let + cfg = config.ghaf.profiles.applications; +in + with lib; { + config.ghaf = mkIf cfg.enable { + graphics.enableDemoApplications = lib.mkForce false; + graphics.app-launchers.enableAppLaunchers = true; + }; + } diff --git a/modules/desktop/profiles/default.nix b/modules/desktop/profiles/default.nix new file mode 100644 index 0000000..893eb39 --- /dev/null +++ b/modules/desktop/profiles/default.nix @@ -0,0 +1,11 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Ghaf Graphic Profiles +# +{ + imports = [ + ./applications.nix + ./graphics.nix + ]; +} diff --git a/modules/desktop/profiles/graphics.nix b/modules/desktop/profiles/graphics.nix new file mode 100644 index 0000000..3e78085 --- /dev/null +++ b/modules/desktop/profiles/graphics.nix @@ -0,0 +1,16 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +{ + config, + lib, + ... +}: let + cfg = config.ghaf.profiles.graphics; +in + with lib; { + config.ghaf.graphics = mkIf cfg.enable { + weston.enable = lib.mkForce false; + sway.enable = true; + }; + } diff --git a/modules/flake-module.nix b/modules/flake-module.nix new file mode 100644 index 0000000..e228ba8 --- /dev/null +++ b/modules/flake-module.nix @@ -0,0 +1,24 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# +{inputs, ...}: { + flake.nixosModules = { + fmo-configs.imports = [ + ./packages + ./fmo-services + ./desktop + ../utils/write-to-file + ]; + installer.imports = [ + ./packages + ./installers + ./fmo-services + ../utils/write-to-file + ]; + ghaf-common.imports = [ + inputs.ghafOS.nixosModules.desktop + inputs.ghafOS.nixosModules.common + ]; + }; +} diff --git a/modules/fmo-module-list.nix b/modules/fmo-module-list.nix deleted file mode 100644 index 7d0796c..0000000 --- a/modules/fmo-module-list.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -# -# -[ - ./app-launchers - ./custom-packages - ./graphics - ./includeOSS - ./fmo-dci-service - ./simple-installer - ./pterm-installer - ./fmo-hostname-service - ./profiles/applications.nix - ./profiles/installer.nix - ./portforwarding-service - ./registration-agent-laptop - ../utils/write-to-file - ./fmo-psk-distribution-host - ./fmo-psk-distribution-vm -] diff --git a/modules/fmo-dci-service/default.nix b/modules/fmo-services/dci-service/default.nix similarity index 66% rename from modules/fmo-dci-service/default.nix rename to modules/fmo-services/dci-service/default.nix index 77563ee..531dc0f 100644 --- a/modules/fmo-dci-service/default.nix +++ b/modules/fmo-services/dci-service/default.nix @@ -17,11 +17,24 @@ in { type = types.str; description = "Path to docker-compose's .yml file"; }; + update-path = mkOption { + type = types.str; + description = "Path to docker-compose's .yml file for update"; + }; + backup-path = mkOption { + type = types.str; + description = "Path to docker-compose's .yml file for backup"; + }; preloaded-images = mkOption { type = types.str; description = "Preloaded docker images file names separated by spaces"; }; docker-url = mkOption { + type = types.str; + default = ""; + description = "Default container repository URL to use"; + }; + docker-url-path = mkOption { type = types.str; default = ""; description = "Path to docker url file"; @@ -39,13 +52,36 @@ in { script = '' USR=$(${pkgs.gawk}/bin/gawk '{print $1}' ${cfg.pat-path} || echo "") PAT=$(${pkgs.gawk}/bin/gawk '{print $2}' ${cfg.pat-path} || echo "") - DCPATH=$(echo ${cfg.compose-path} ) + DCPATH=$(echo ${cfg.compose-path}) + UPDPATH=$(echo ${cfg.update-path}) + BCPPATH=$(echo ${cfg.backup-path}) PRELOAD_PATH=$(echo ${preload_path}) DOCKER_URL=$(echo ${cfg.docker-url}) - if [ -z "$DOCKER_URL" ]; then - DOCKER_URL="cr.airoplatform.com" + DOCKER_URL_PATH=$(echo ${cfg.docker-url-path}) + + if [ -e "$DOCKER_URL_PATH" ]; then + DOCKER_URL=$(cat $DOCKER_URL_PATH) fi - + + # Check if the update file exists + if [ -e "$UPDPATH" ]; then + echo "Update file exists. Proceeding with backup and update operations" + + # Backup the original file if it exists + if [ -e "$DCPATH" ]; then + echo "Backing up the original file" + mv "$DCPATH" "$BCPPATH" + else + echo "No original file to backup" + fi + + # Move the new file to replace the original file + mv "$UPDPATH" "$DCPATH" + echo "Move completed successfully" + else + echo "Update file does not exist. No operations performed" + fi + echo "Login $DOCKER_URL" echo $PAT | ${pkgs.docker}/bin/docker login $DOCKER_URL -u $USR --password-stdin || echo "login to $DOCKER_URL failed continue as is" diff --git a/modules/fmo-dci-service/images/.placeholder b/modules/fmo-services/dci-service/images/.placeholder similarity index 100% rename from modules/fmo-dci-service/images/.placeholder rename to modules/fmo-services/dci-service/images/.placeholder diff --git a/modules/fmo-services/default.nix b/modules/fmo-services/default.nix new file mode 100644 index 0000000..fa9694f --- /dev/null +++ b/modules/fmo-services/default.nix @@ -0,0 +1,15 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Services for FMO +# +{ + imports = [ + ./dci-service + ./hostname-service + ./portforwarding-service + ./psk-distribution-host + ./psk-distribution-vm + ./registration-agent-laptop + ]; +} diff --git a/modules/fmo-hostname-service/default.nix b/modules/fmo-services/hostname-service/default.nix similarity index 100% rename from modules/fmo-hostname-service/default.nix rename to modules/fmo-services/hostname-service/default.nix diff --git a/modules/portforwarding-service/default.nix b/modules/fmo-services/portforwarding-service/default.nix similarity index 100% rename from modules/portforwarding-service/default.nix rename to modules/fmo-services/portforwarding-service/default.nix diff --git a/modules/fmo-psk-distribution-host/default.nix b/modules/fmo-services/psk-distribution-host/default.nix similarity index 100% rename from modules/fmo-psk-distribution-host/default.nix rename to modules/fmo-services/psk-distribution-host/default.nix diff --git a/modules/fmo-psk-distribution-vm/default.nix b/modules/fmo-services/psk-distribution-vm/default.nix similarity index 100% rename from modules/fmo-psk-distribution-vm/default.nix rename to modules/fmo-services/psk-distribution-vm/default.nix diff --git a/modules/registration-agent-laptop/default.nix b/modules/fmo-services/registration-agent-laptop/default.nix similarity index 100% rename from modules/registration-agent-laptop/default.nix rename to modules/fmo-services/registration-agent-laptop/default.nix diff --git a/modules/graphics/window-manager.nix b/modules/graphics/window-manager.nix deleted file mode 100644 index b818863..0000000 --- a/modules/graphics/window-manager.nix +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -{ - lib, - pkgs, - config, - ... -}: let - cfg = config.ghaf.graphics.window-manager-common; -in { - options.ghaf.graphics.window-manager-common = with lib; { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Common parts for every wlroots-based window manager/compositor. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - hardware.opengl = { - enable = true; - driSupport = true; - }; - - environment.noXlibs = false; - - environment.systemPackages = with pkgs; [ - # Seatd is needed to manage log-in process for wayland sessions - seatd - ]; - - # Allow to execute reboot and shutdown without password - security.sudo = { - enable = true; - extraRules = [{ - commands = [ - { - command = "${config.system.path}/bin/shutdown"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/shutdown"; - options = [ "NOPASSWD" ]; - } - ]; - users = [ "ghaf" ]; - }]; - }; - - systemd.user.targets."ghaf-session" = { - description = "Ghaf graphical session"; - bindsTo = ["ghaf-session.target"]; - before = ["ghaf-session.target"]; - }; - - systemd.services."ghaf-session" = { - description = "Ghaf graphical session"; - - # Make sure we are started after logins are permitted. - after = ["systemd-user-sessions.service"]; - - # if you want you can make it part of the graphical session - #Before=graphical.target - - # not necessary but just in case - #ConditionPathExists=/dev/tty7 - - serviceConfig = { - Type = "simple"; - Environment = "XDG_SESSION_TYPE=wayland"; - ExecStart = "${pkgs.systemd}/bin/systemctl --wait --user start ghaf-session.target"; - - # The user to run the session as. Pick one! - User = config.ghaf.users.accounts.user; - Group = config.ghaf.users.accounts.user; - - # Set up a full user session for the user, required by desktop environment. - PAMName = "${pkgs.shadow}/bin/login"; - - # A virtual terminal is needed. - TTYPath = "/dev/tty7"; - TTYReset = "yes"; - TTYVHangup = "yes"; - TTYVTDisallocate = "yes"; - - # Try to grab tty . - StandardInput = "tty-force"; - - # Defaults to journal, in case it doesn't adjust it accordingly - #StandardOutput=journal - StandardError = "journal"; - - # Log this user with utmp, letting it show up with commands 'w' and 'who'. - UtmpIdentifier = "tty7"; - UtmpMode = "user"; - - Restart = "always"; - RestartSec = "5"; - }; - wantedBy = ["multi-user.target"]; - }; - - # systemd service for seatd - systemd.services."seatd" = { - description = "Seat management daemon"; - documentation = ["man:seatd(1)"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.seatd}/bin/seatd -g video"; - Restart = "always"; - RestartSec = "1"; - }; - wantedBy = ["multi-user.target"]; - }; - }; -} diff --git a/modules/installers/default.nix b/modules/installers/default.nix new file mode 100644 index 0000000..2493ce6 --- /dev/null +++ b/modules/installers/default.nix @@ -0,0 +1,12 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Installers for FMO +# +{ + imports = [ + ./includeOSS + ./pterm-installer + ./simple-installer + ]; +} diff --git a/modules/includeOSS/default.nix b/modules/installers/includeOSS/default.nix similarity index 100% rename from modules/includeOSS/default.nix rename to modules/installers/includeOSS/default.nix diff --git a/modules/pterm-installer/default.nix b/modules/installers/pterm-installer/default.nix similarity index 78% rename from modules/pterm-installer/default.nix rename to modules/installers/pterm-installer/default.nix index d22d307..215da12 100644 --- a/modules/pterm-installer/default.nix +++ b/modules/installers/pterm-installer/default.nix @@ -50,6 +50,18 @@ in description = "Folders created for custom script to run"; default = []; }; + + docker_urls = mkOption { + type = types.listOf types.str; + default = ["ghcr.io" "cr.airoplatform.com"]; + description = "List of docker url to select from"; + }; + + docker_url_path = mkOption { + type = types.str; + default = ""; + description = "Path to docker url file"; + }; }; config.environment = mkIf (cfg.enable) ( @@ -58,19 +70,22 @@ in ((lib.optional config.services.registration-agent-laptop.enable (config.services.registration-agent-laptop.env_path + "/.env")) ++ cfg.custom_script_env_path)); - installerGoScript = pkgs.buildGo120Module { + dockerUrlList = builtins.concatStringsSep "*" cfg.docker_urls; + installerGoScript = pkgs.buildGoModule { name = "ghaf-installer"; src = builtins.fetchGit { url = "https://github.com/tiiuae/FMO-OS-Installer.git"; - rev = "688dd34da9f57a9cbf99ef57c43dcdfd5e7c50a2"; + rev = "0a12c7f3288f7019adc7781310f02f47f61444f1"; ref = "refs/heads/main"; }; - vendorSha256 = "sha256-MKMsvIP8wMV86dh9Y5CWhgTQD0iRpzxk7+0diHkYBUo="; + vendorHash = "sha256-MKMsvIP8wMV86dh9Y5CWhgTQD0iRpzxk7+0diHkYBUo="; proxyVendor=true; ldflags = [ "-X 'ghaf-installer/global.OSSfile=${cfg.oss_path}'" "-X 'ghaf-installer/global.WelcomeMsg=${cfg.welcome_msg}'" "-X 'ghaf-installer/screen.mountPoint=${cfg.mount_path}'" + "-X 'ghaf-installer/screen.dockerURLs=${dockerUrlList}'" + "-X 'ghaf-installer/screen.dockerURLPath=${cfg.docker_url_path}'" "-X 'ghaf-installer/screen.sourceDir=${installerGoScript.src.outPath}'" ] ++ lib.optionals (cfg.custom_script_path != "") [ "-X ghaf-installer/screen.folderPaths=${scriptEnvPath}" diff --git a/modules/simple-installer/default.nix b/modules/installers/simple-installer/default.nix similarity index 100% rename from modules/simple-installer/default.nix rename to modules/installers/simple-installer/default.nix diff --git a/modules/custom-packages/default.nix b/modules/packages/default.nix similarity index 76% rename from modules/custom-packages/default.nix rename to modules/packages/default.nix index 9d61fd0..2793a25 100644 --- a/modules/custom-packages/default.nix +++ b/modules/packages/default.nix @@ -5,8 +5,6 @@ # _: { nixpkgs.overlays = [ - # WAR: libsecret should be removed when the upstream error is fixed - (import ./libsecret) (import ./nmLauncher) (import ./nwg-bar) (import ./nwg-panel) @@ -14,5 +12,7 @@ _: { (import ./squeekboard) (import ./sway-scripts) (import ./terminator) - ]; + ] ++ + # WAR: these packages should be removed when the upstream error is fixed + (import ./fixed-packages); } diff --git a/modules/packages/fixed-packages/default.nix b/modules/packages/fixed-packages/default.nix new file mode 100644 index 0000000..69125be --- /dev/null +++ b/modules/packages/fixed-packages/default.nix @@ -0,0 +1,7 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +[ + (import ./libsecret) + (import ./python3-afdko) +] diff --git a/modules/custom-packages/libsecret/default.nix b/modules/packages/fixed-packages/libsecret/default.nix similarity index 100% rename from modules/custom-packages/libsecret/default.nix rename to modules/packages/fixed-packages/libsecret/default.nix diff --git a/modules/packages/fixed-packages/python3-afdko/default.nix b/modules/packages/fixed-packages/python3-afdko/default.nix new file mode 100644 index 0000000..11dfda7 --- /dev/null +++ b/modules/packages/fixed-packages/python3-afdko/default.nix @@ -0,0 +1,16 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# This overlay customizes python311 - see comments for details +# +(final: prev: { + python311 = prev.python311.override { + packageOverrides = (python-self: python-super: { + afdko = python-super.afdko.overridePythonAttrs (oldAttrs: { + disabledTests = [ + "test_alt_missing_glyph" + ]; + }); + }); + }; +}) diff --git a/modules/custom-packages/nmLauncher/default.nix b/modules/packages/nmLauncher/default.nix similarity index 100% rename from modules/custom-packages/nmLauncher/default.nix rename to modules/packages/nmLauncher/default.nix diff --git a/modules/custom-packages/nwg-bar/default.nix b/modules/packages/nwg-bar/default.nix similarity index 100% rename from modules/custom-packages/nwg-bar/default.nix rename to modules/packages/nwg-bar/default.nix diff --git a/modules/custom-packages/nwg-bar/fix-paths.patch b/modules/packages/nwg-bar/fix-paths.patch similarity index 100% rename from modules/custom-packages/nwg-bar/fix-paths.patch rename to modules/packages/nwg-bar/fix-paths.patch diff --git a/modules/custom-packages/nwg-bar/nwg-bar.nix b/modules/packages/nwg-bar/nwg-bar.nix similarity index 100% rename from modules/custom-packages/nwg-bar/nwg-bar.nix rename to modules/packages/nwg-bar/nwg-bar.nix diff --git a/modules/custom-packages/nwg-panel/default.nix b/modules/packages/nwg-panel/default.nix similarity index 100% rename from modules/custom-packages/nwg-panel/default.nix rename to modules/packages/nwg-panel/default.nix diff --git a/modules/custom-packages/registration-agent/default.nix b/modules/packages/registration-agent/default.nix similarity index 100% rename from modules/custom-packages/registration-agent/default.nix rename to modules/packages/registration-agent/default.nix diff --git a/modules/custom-packages/registration-agent/registration-agent-laptop-with-env.nix b/modules/packages/registration-agent/registration-agent-laptop-with-env.nix similarity index 100% rename from modules/custom-packages/registration-agent/registration-agent-laptop-with-env.nix rename to modules/packages/registration-agent/registration-agent-laptop-with-env.nix diff --git a/modules/custom-packages/registration-agent/registration-agent-laptop.nix b/modules/packages/registration-agent/registration-agent-laptop.nix similarity index 54% rename from modules/custom-packages/registration-agent/registration-agent-laptop.nix rename to modules/packages/registration-agent/registration-agent-laptop.nix index 23a3749..710d608 100644 --- a/modules/custom-packages/registration-agent/registration-agent-laptop.nix +++ b/modules/packages/registration-agent/registration-agent-laptop.nix @@ -2,17 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 {pkgs,lib}: -let - buildGo121Module = pkgs.darwin.apple_sdk_11_0.callPackage ../../../utils/golang/module.nix { - go = go_1_21; - }; - go_1_21= pkgs.darwin.apple_sdk_11_0.callPackage ../../../utils/golang/1.21.nix { - inherit (pkgs.darwin.apple_sdk_11_0.frameworks) Foundation Security; - buildGo121Module = buildGo121Module; - }; - -in -buildGo121Module { +pkgs.buildGoModule { name = "registration-agent-laptop"; src = builtins.fetchGit { url = "git@github.com:tiiuae/registration-agent-laptop.git"; @@ -21,12 +11,9 @@ buildGo121Module { }; tags = [ "prod" ]; patches = [./remove-test.patch]; - vendorSha256 = "sha256-9/twQyt6SVXWTRypt1FIWsRQxQEWFBkdi8eR+/xYNqg=="; + vendorHash = "sha256-9/twQyt6SVXWTRypt1FIWsRQxQEWFBkdi8eR+/xYNqg=="; proxyVendor=true; - - postInstall = '' mv $out/bin/registration-agent-laptop $out/bin/registration-agent-laptop-orig ''; - # ... } diff --git a/modules/custom-packages/registration-agent/remove-test.patch b/modules/packages/registration-agent/remove-test.patch similarity index 100% rename from modules/custom-packages/registration-agent/remove-test.patch rename to modules/packages/registration-agent/remove-test.patch diff --git a/modules/custom-packages/squeekboard/default.nix b/modules/packages/squeekboard/default.nix similarity index 100% rename from modules/custom-packages/squeekboard/default.nix rename to modules/packages/squeekboard/default.nix diff --git a/modules/custom-packages/squeekboard/squeekboard.nix b/modules/packages/squeekboard/squeekboard.nix similarity index 100% rename from modules/custom-packages/squeekboard/squeekboard.nix rename to modules/packages/squeekboard/squeekboard.nix diff --git a/modules/custom-packages/squeekboard/us_wide.patch b/modules/packages/squeekboard/us_wide.patch similarity index 100% rename from modules/custom-packages/squeekboard/us_wide.patch rename to modules/packages/squeekboard/us_wide.patch diff --git a/modules/custom-packages/sway-scripts/default.nix b/modules/packages/sway-scripts/default.nix similarity index 100% rename from modules/custom-packages/sway-scripts/default.nix rename to modules/packages/sway-scripts/default.nix diff --git a/modules/custom-packages/sway-scripts/workspace-switch.nix b/modules/packages/sway-scripts/workspace-switch.nix similarity index 100% rename from modules/custom-packages/sway-scripts/workspace-switch.nix rename to modules/packages/sway-scripts/workspace-switch.nix diff --git a/modules/custom-packages/terminator/config.patch b/modules/packages/terminator/config.patch similarity index 100% rename from modules/custom-packages/terminator/config.patch rename to modules/packages/terminator/config.patch diff --git a/modules/custom-packages/terminator/default.nix b/modules/packages/terminator/default.nix similarity index 100% rename from modules/custom-packages/terminator/default.nix rename to modules/packages/terminator/default.nix diff --git a/modules/profiles/applications.nix b/modules/profiles/applications.nix deleted file mode 100644 index cdce781..0000000 --- a/modules/profiles/applications.nix +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -# -{ - config, - lib, - ... -}: let - cfg = config.ghaf.profiles.applications; - compositors = ["weston" "sway"]; -in - with lib; { - options.ghaf.profiles.applications = { - compositor = mkOption { - type = types.enum compositors; - default = "sway"; - description = '' - Which Wayland compositor to use. - - Choose one of: ${lib.concatStringsSep "," compositors} - ''; - }; - }; - - config.ghaf.graphics = mkIf cfg.enable { - weston.enable = lib.mkForce (cfg.compositor == "weston"); - sway.enable = cfg.compositor == "sway"; - app-launchers.enableAppLaunchers = true; - }; - } diff --git a/modules/profiles/installer.nix b/modules/profiles/installer.nix deleted file mode 100644 index a4c6d96..0000000 --- a/modules/profiles/installer.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -# -{ - config, - lib, - ... -}: let - cfg = config.ghaf.profiles.installer; -in - with lib; { - options.ghaf.profiles.installer.enable = mkEnableOption "installer profile"; - - config = mkIf cfg.enable { - # Use less privileged ghaf user - users.users.ghaf = { - isNormalUser = true; - extraGroups = ["wheel" "networkmanager" "video"]; - # Allow the graphical user to login without password - initialHashedPassword = ""; - }; - - # Allow the user to log in as root without a password. - users.users.root.initialHashedPassword = ""; - - # Allow passwordless sudo from ghaf user - security.sudo = { - enable = mkDefault true; - wheelNeedsPassword = mkImageMediaOverride false; - }; - - # Automatically log in at the virtual consoles. - services.getty.autologinUser = mkDefault "ghaf"; - }; - } diff --git a/modules/virtualization/microvm/vm.nix b/modules/virtualization/microvm/vm.nix index 559cee7..40828ac 100644 --- a/modules/virtualization/microvm/vm.nix +++ b/modules/virtualization/microvm/vm.nix @@ -3,6 +3,7 @@ { ghafOS, vmconf, + self, }:{ config, lib, @@ -22,6 +23,9 @@ }; }; + # noXlibs=false; needed for NetworkManager stuff + environment.noXlibs = false; + networking.hostName = vmconf.name; system.stateVersion = lib.trivial.release; @@ -42,7 +46,7 @@ microvm.interfaces = [ { type = "tap"; - id = "vm-${vmconf.name}"; + id = "tap-${vmconf.name}"; mac = "${vmconf.macaddr}"; } ]; @@ -75,26 +79,26 @@ networks."10-ethint0" = { matchConfig.MACAddress = "${vmconf.macaddr}"; addresses = [ - { - # IP-address for debugging subnet - addressConfig.Address = "${vmconf.ipaddr}/24"; - } - ]; + { + # IP-address for debugging subnet + addressConfig.Address = "${vmconf.ipaddr}/24"; + } + ]; routes = lib.mkIf (lib.hasAttr "defaultgw" vmconf) - [ - { routeConfig.Gateway = "${vmconf.defaultgw}"; } + [ + { routeConfig.Gateway = "${vmconf.defaultgw}"; } ]; - linkConfig.RequiredForOnline = "routable"; + linkConfig.RequiredForOnline = "routable"; linkConfig.ActivationPolicy = "always-up"; }; }; - microvm.qemu.bios.enable = false; microvm.storeDiskType = "squashfs"; - - imports = (import "${ghafOS}/modules/module-list.nix") ++ (import ../../fmo-module-list.nix); + }) addSystemPackages + self.nixosModules.fmo-configs + self.nixosModules.ghaf-common ]; }; cfg = config.ghaf.virtualization.microvm.${vmconf.name}; diff --git a/utils/golang/1.21.nix b/utils/golang/1.21.nix deleted file mode 100644 index 6fca091..0000000 --- a/utils/golang/1.21.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ lib -, stdenv -, fetchurl -, tzdata -, substituteAll -, iana-etc -, Security -, Foundation -, xcbuild -, mailcap -, buildPackages -, pkgsBuildTarget -, threadsCross -, testers -, skopeo -, buildGo121Module -}: - -let - useGccGoBootstrap = stdenv.buildPlatform.isMusl; - goBootstrap = if useGccGoBootstrap then buildPackages.gccgo12 else buildPackages.callPackage ./bootstrap121.nix { }; - - skopeoTest = skopeo.override { buildGoModule = buildGo121Module; }; - - goarch = platform: { - "aarch64" = "arm64"; - "arm" = "arm"; - "armv5tel" = "arm"; - "armv6l" = "arm"; - "armv7l" = "arm"; - "i686" = "386"; - "mips" = "mips"; - "mips64el" = "mips64le"; - "mipsel" = "mipsle"; - "powerpc64le" = "ppc64le"; - "riscv64" = "riscv64"; - "s390x" = "s390x"; - "x86_64" = "amd64"; - }.${platform.parsed.cpu.name} or (throw "Unsupported system: ${platform.parsed.cpu.name}"); - - # We need a target compiler which is still runnable at build time, - # to handle the cross-building case where build != host == target - targetCC = pkgsBuildTarget.targetPackages.stdenv.cc; - - isCross = stdenv.buildPlatform != stdenv.targetPlatform; -in -stdenv.mkDerivation (finalAttrs: { - pname = "go"; - version = "1.21.1"; - - src = fetchurl { - url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-v6Nr916aHpy725q8+dFwfkeb06B4gKiuNWTK7lcRy5k="; - }; - - strictDeps = true; - buildInputs = [ ] - ++ lib.optionals stdenv.isLinux [ stdenv.cc.libc.out ] - ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ stdenv.cc.libc.static ]; - - depsTargetTargetPropagated = lib.optionals stdenv.targetPlatform.isDarwin [ Foundation Security xcbuild ]; - - depsBuildTarget = lib.optional isCross targetCC; - - depsTargetTarget = lib.optional stdenv.targetPlatform.isWindows threadsCross.package; - - patches = [ - (substituteAll { - src = ./iana-etc-1.17.patch; - iana = iana-etc; - }) - # Patch the mimetype database location which is missing on NixOS. - # but also allow static binaries built with NixOS to run outside nix - (substituteAll { - src = ./mailcap-1.17.patch; - inherit mailcap; - }) - # prepend the nix path to the zoneinfo files but also leave the original value for static binaries - # that run outside a nix server - (substituteAll { - src = ./tzdata-1.19.patch; - inherit tzdata; - }) - ./remove-tools-1.11.patch - ./go_no_vendor_checks-1.21.patch - ]; - - GOOS = stdenv.targetPlatform.parsed.kernel.name; - GOARCH = goarch stdenv.targetPlatform; - # GOHOSTOS/GOHOSTARCH must match the building system, not the host system. - GOHOSTOS = stdenv.buildPlatform.parsed.kernel.name; - GOHOSTARCH = goarch stdenv.buildPlatform; - - # {CC,CXX}_FOR_TARGET must be only set for cross compilation case as go expect those - # to be different from CC/CXX - CC_FOR_TARGET = - if isCross then - "${targetCC}/bin/${targetCC.targetPrefix}cc" - else - null; - CXX_FOR_TARGET = - if isCross then - "${targetCC}/bin/${targetCC.targetPrefix}c++" - else - null; - - GOARM = toString (lib.intersectLists [ (stdenv.hostPlatform.parsed.cpu.version or "") ] [ "5" "6" "7" ]); - GO386 = "softfloat"; # from Arch: don't assume sse2 on i686 - CGO_ENABLED = 1; - - GOROOT_BOOTSTRAP = if useGccGoBootstrap then goBootstrap else "${goBootstrap}/share/go"; - - # Note that we use distpack to avoid moving around cross-compiled binaries. - # The paths are slightly different when buildPlatform != hostPlatform and - # distpack handles assembling outputs in the right place, same as the official - # Go binary releases. See also https://pkg.go.dev/cmd/distpack - buildPhase = '' - runHook preBuild - export GOCACHE=$TMPDIR/go-cache - # this is compiled into the binary - export GOROOT_FINAL=$out/share/go - - ${lib.optionalString isCross '' - # Independent from host/target, CC should produce code for the building system. - # We only set it when cross-compiling. - export CC=${buildPackages.stdenv.cc}/bin/cc - ''} - ulimit -a - - pushd src - bash make.bash -no-banner -distpack - popd - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - mkdir -p $out/{share,bin} - tar -C $out/share -x -z -f "pkg/distpack/go${finalAttrs.version}.$GOOS-$GOARCH.tar.gz" - ln -s $out/share/go/bin/* $out/bin - runHook postInstall - ''; - - disallowedReferences = [ goBootstrap ]; - - passthru = { - inherit goBootstrap skopeoTest; - tests = { - skopeo = testers.testVersion { package = skopeoTest; }; - version = testers.testVersion { - package = finalAttrs.finalPackage; - command = "go version"; - version = "go${finalAttrs.version}"; - }; - }; - }; - - meta = with lib; { - changelog = "https://go.dev/doc/devel/release#go${lib.versions.majorMinor finalAttrs.version}"; - description = "The Go Programming language"; - homepage = "https://go.dev/"; - license = licenses.bsd3; - maintainers = teams.golang.members; - platforms = platforms.darwin ++ platforms.linux; - }; -}) diff --git a/utils/golang/binary.nix b/utils/golang/binary.nix deleted file mode 100644 index 3b4e801..0000000 --- a/utils/golang/binary.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib, stdenv, fetchurl, version, hashes, autoPatchelfHook }: -let - toGoKernel = platform: - if platform.isDarwin then "darwin" - else platform.parsed.kernel.name; - - toGoCPU = platform: { - "i686" = "386"; - "x86_64" = "amd64"; - "aarch64" = "arm64"; - "armv6l" = "armv6l"; - "armv7l" = "armv6l"; - "powerpc64le" = "ppc64le"; - "riscv64" = "riscv64"; - }.${platform.parsed.cpu.name} or (throw "Unsupported CPU ${platform.parsed.cpu.name}"); - - toGoPlatform = platform: "${toGoKernel platform}-${toGoCPU platform}"; - - platform = toGoPlatform stdenv.hostPlatform; -in -stdenv.mkDerivation rec { - name = "go-${version}-${platform}-bootstrap"; - - src = fetchurl { - url = "https://go.dev/dl/go${version}.${platform}.tar.gz"; - sha256 = hashes.${platform} or (throw "Missing Go bootstrap hash for platform ${platform}"); - }; - - nativeBuildInputs = lib.optionals stdenv.isLinux [ autoPatchelfHook ]; - - # We must preserve the signature on Darwin - dontStrip = stdenv.hostPlatform.isDarwin; - - installPhase = '' - runHook preInstall - mkdir -p $out/share/go $out/bin - cp -r . $out/share/go - ln -s $out/share/go/bin/go $out/bin/go - runHook postInstall - ''; -} diff --git a/utils/golang/bootstrap121.nix b/utils/golang/bootstrap121.nix deleted file mode 100644 index f243ca3..0000000 --- a/utils/golang/bootstrap121.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ callPackage }: -callPackage ./binary.nix { - version = "1.21.0"; - hashes = { - # Use `print-hashes.sh ${version}` to generate the list below - darwin-amd64 = "b314de9f704ab122c077d2ec8e67e3670affe8865479d1f01991e7ac55d65e70"; - darwin-arm64 = "3aca44de55c5e098de2f406e98aba328898b05d509a2e2a356416faacf2c4566"; - linux-386 = "0e6f378d9b072fab0a3d9ff4d5e990d98487d47252dba8160015a61e6bd0bcba"; - linux-amd64 = "d0398903a16ba2232b389fb31032ddf57cac34efda306a0eebac34f0965a0742"; - linux-arm64 = "f3d4548edf9b22f26bbd49720350bbfe59d75b7090a1a2bff1afad8214febaf3"; - linux-armv6l = "e377a0004957c8c560a3ff99601bce612330a3d95ba3b0a2ae144165fc87deb1"; - linux-loong64 = "e484cdc55221f7e7853666ed4f0ef462eef46b52253f84df60a7b908416060cb"; - linux-mips = "6311d8ccd6ff9ce3cc8ecc72017d651d23e7325943fa72f4b65cd750be8aacd8"; - linux-mips64 = "6d9cb425dc61f60bff41e2dec873abbcc5b8dbd1d32997f994d707b662f3c363"; - linux-mips64le = "92f7933d997c589b4f506c6b3cc5b27ff43b294c3a2d40bf4d7eeaf375f92afb"; - linux-mipsle = "9bb9f938457411042074a57284d40a086e63f7778f86e1632e018bbc38948c92"; - linux-ppc64 = "e34dcc1df804bf8bac035ace3304f23696a9138a79a398dce981d89072d3ae23"; - linux-ppc64le = "e938ffc81d8ebe5efc179240960ba22da6a841ff05d5cab7ce2547112b14a47f"; - linux-riscv64 = "87b21c06573617842ca9e00b954bc9f534066736a0778eae594ac54b45a9e8b7"; - linux-s390x = "be7338df8e5d5472dfa307b0df2b446d85d001b0a2a3cdb1a14048d751b70481"; - }; -} diff --git a/utils/golang/default.nix b/utils/golang/default.nix deleted file mode 100644 index e69de29..0000000 diff --git a/utils/golang/go_no_vendor_checks-1.21.patch b/utils/golang/go_no_vendor_checks-1.21.patch deleted file mode 100644 index 1adbf46..0000000 --- a/utils/golang/go_no_vendor_checks-1.21.patch +++ /dev/null @@ -1,23 +0,0 @@ -Starting from go1.14, go verifes that vendor/modules.txt matches the requirements -and replacements listed in the main module go.mod file, and it is a hard failure if -vendor/modules.txt is missing. - -Relax module consistency checks and switch back to pre go1.14 behaviour if -vendor/modules.txt is missing regardless of go version requirement in go.mod. - -This has been ported from FreeBSD: https://reviews.freebsd.org/D24122 -See https://github.com/golang/go/issues/37948 for discussion. - -diff --git a/src/cmd/go/internal/modload/vendor.go b/src/cmd/go/internal/modload/vendor.go -index ffc79bb93f..2d0311975d 100644 ---- a/src/cmd/go/internal/modload/vendor.go -+++ b/src/cmd/go/internal/modload/vendor.go -@@ -144,7 +144,7 @@ func checkVendorConsistency(index *modFileIndex, modFile *modfile.File) { - readVendorList(MainModules.mustGetSingleMainModule()) - - pre114 := false -- if gover.Compare(index.goVersion, "1.14") < 0 { -+ if gover.Compare(index.goVersion, "1.14") < 0 || (os.Getenv("GO_NO_VENDOR_CHECKS") == "1" && len(vendorMeta) == 0) { - // Go versions before 1.14 did not include enough information in - // vendor/modules.txt to check for consistency. - // If we know that we're on an earlier version, relax the consistency check. diff --git a/utils/golang/iana-etc-1.17.patch b/utils/golang/iana-etc-1.17.patch deleted file mode 100644 index 6f13827..0000000 --- a/utils/golang/iana-etc-1.17.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/src/net/lookup_unix.go b/src/net/lookup_unix.go -index 8030e3d99e..5a7472d933 100644 ---- a/src/net/lookup_unix.go -+++ b/src/net/lookup_unix.go -@@ -21,7 +21,7 @@ var onceReadProtocols sync.Once - // readProtocols loads contents of /etc/protocols into protocols map - // for quick access. - func readProtocols() { -- file, err := open("/etc/protocols") -+ file, err := open("@iana@/etc/protocols") - if err != nil { - return - } -diff --git a/src/net/port_unix.go b/src/net/port_unix.go -index a9a96a2323..0df6efe9e5 100644 ---- a/src/net/port_unix.go -+++ b/src/net/port_unix.go -@@ -17,7 +17,7 @@ import ( - var onceReadServices sync.Once - - func readServices() { -- file, err := open("/etc/services") -+ file, err := open("@iana@/etc/services") - if err != nil { - return - } diff --git a/utils/golang/mailcap-1.17.patch b/utils/golang/mailcap-1.17.patch deleted file mode 100644 index 6e4302a..0000000 --- a/utils/golang/mailcap-1.17.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/mime/type_unix.go b/src/mime/type_unix.go -index f954bc8a1f..06d897bfbf 100644 ---- a/src/mime/type_unix.go -+++ b/src/mime/type_unix.go -@@ -26,6 +26,7 @@ var mimeGlobs = []string{ - - // Common locations for mime.types files on unix. - var typeFiles = []string{ -+ "@mailcap@/etc/mime.types", - "/etc/mime.types", - "/etc/apache2/mime.types", - "/etc/apache/mime.types", diff --git a/utils/golang/module.nix b/utils/golang/module.nix deleted file mode 100644 index 58a3944..0000000 --- a/utils/golang/module.nix +++ /dev/null @@ -1,302 +0,0 @@ -{ go, cacert, git, lib, stdenv }: - -{ name ? "${args'.pname}-${args'.version}" -, src -, nativeBuildInputs ? [ ] -, passthru ? { } -, patches ? [ ] - - # A function to override the goModules derivation -, overrideModAttrs ? (_oldAttrs: { }) - - # path to go.mod and go.sum directory -, modRoot ? "./" - - # vendorHash is the SRI hash of the vendored dependencies - # - # if vendorHash is null, then we won't fetch any dependencies and - # rely on the vendor folder within the source. -, vendorHash ? args'.vendorSha256 or (throw "buildGoModule: vendorHash is missing") - # Whether to delete the vendor folder supplied with the source. -, deleteVendor ? false - # Whether to fetch (go mod download) and proxy the vendor directory. - # This is useful if your code depends on c code and go mod tidy does not - # include the needed sources to build or if any dependency has case-insensitive - # conflicts which will produce platform dependant `vendorHash` checksums. -, proxyVendor ? false - - # We want parallel builds by default -, enableParallelBuilding ? true - - # Do not enable this without good reason - # IE: programs coupled with the compiler -, allowGoReference ? false - -, CGO_ENABLED ? go.CGO_ENABLED - -, meta ? { } - - # Not needed with buildGoModule -, goPackagePath ? "" - - # needed for buildFlags{,Array} warning -, buildFlags ? "" -, buildFlagsArray ? "" - -, ... -}@args': - -assert goPackagePath != "" -> throw "`goPackagePath` is not needed with `buildGoModule`"; -assert (args' ? vendorHash && args' ? vendorSha256) -> throw "both `vendorHash` and `vendorSha256` set. only one can be set."; - -let - args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ]; - - GO111MODULE = "on"; - GOTOOLCHAIN = "local"; - - goModules = if (vendorHash == null) then "" else - (stdenv.mkDerivation { - name = "${name}-go-modules"; - - nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ go git cacert ]; - - inherit (args) src; - inherit (go) GOOS GOARCH; - inherit GO111MODULE GOTOOLCHAIN; - - # The following inheritence behavior is not trivial to expect, and some may - # argue it's not ideal. Changing it may break vendor hashes in Nixpkgs and - # out in the wild. In anycase, it's documented in: - # doc/languages-frameworks/go.section.md - prePatch = args.prePatch or ""; - patches = args.patches or [ ]; - patchFlags = args.patchFlags or [ ]; - postPatch = args.postPatch or ""; - preBuild = args.preBuild or ""; - postBuild = args.modPostBuild or ""; - sourceRoot = args.sourceRoot or ""; - - impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ - "GIT_PROXY_COMMAND" - "SOCKS_SERVER" - "GOPROXY" - ]; - - configurePhase = args.modConfigurePhase or '' - runHook preConfigure - export GOCACHE=$TMPDIR/go-cache - export GOPATH="$TMPDIR/go" - cd "${modRoot}" - runHook postConfigure - ''; - - buildPhase = args.modBuildPhase or ('' - runHook preBuild - '' + lib.optionalString deleteVendor '' - if [ ! -d vendor ]; then - echo "vendor folder does not exist, 'deleteVendor' is not needed" - exit 10 - else - rm -rf vendor - fi - '' + '' - if [ -d vendor ]; then - echo "vendor folder exists, please set 'vendorHash = null;' in your expression" - exit 10 - fi - - ${if proxyVendor then '' - mkdir -p "''${GOPATH}/pkg/mod/cache/download" - go mod download - '' else '' - if (( "''${NIX_DEBUG:-0}" >= 1 )); then - goModVendorFlags+=(-v) - fi - go mod vendor "''${goModVendorFlags[@]}" - ''} - - mkdir -p vendor - - runHook postBuild - ''); - - installPhase = args.modInstallPhase or '' - runHook preInstall - - ${if proxyVendor then '' - rm -rf "''${GOPATH}/pkg/mod/cache/download/sumdb" - cp -r --reflink=auto "''${GOPATH}/pkg/mod/cache/download" $out - '' else '' - cp -r --reflink=auto vendor $out - ''} - - if ! [ "$(ls -A $out)" ]; then - echo "vendor folder is empty, please set 'vendorHash = null;' in your expression" - exit 10 - fi - - runHook postInstall - ''; - - dontFixup = true; - - outputHashMode = "recursive"; - outputHash = vendorHash; - outputHashAlgo = if args' ? vendorSha256 || vendorHash == "" then "sha256" else null; - }).overrideAttrs overrideModAttrs; - - package = stdenv.mkDerivation (args // { - nativeBuildInputs = [ go ] ++ nativeBuildInputs; - - inherit (go) GOOS GOARCH; - - GOFLAGS = lib.optionals (!proxyVendor) [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ]; - inherit CGO_ENABLED enableParallelBuilding GO111MODULE GOTOOLCHAIN; - - configurePhase = args.configurePhase or ('' - runHook preConfigure - - export GOCACHE=$TMPDIR/go-cache - export GOPATH="$TMPDIR/go" - export GOPROXY=off - export GOSUMDB=off - cd "$modRoot" - '' + lib.optionalString (vendorHash != null) '' - ${if proxyVendor then '' - export GOPROXY=file://${goModules} - '' else '' - rm -rf vendor - cp -r --reflink=auto ${goModules} vendor - ''} - '' + '' - - # currently pie is only enabled by default in pkgsMusl - # this will respect the `hardening{Disable,Enable}` flags if set - if [[ $NIX_HARDENING_ENABLE =~ "pie" ]]; then - export GOFLAGS="-buildmode=pie $GOFLAGS" - fi - - runHook postConfigure - ''); - - buildPhase = args.buildPhase or ('' - runHook preBuild - - exclude='\(/_\|examples\|Godeps\|testdata' - if [[ -n "$excludedPackages" ]]; then - IFS=' ' read -r -a excludedArr <<<$excludedPackages - printf -v excludedAlternates '%s\\|' "''${excludedArr[@]}" - excludedAlternates=''${excludedAlternates%\\|} # drop final \| added by printf - exclude+='\|'"$excludedAlternates" - fi - exclude+='\)' - - buildGoDir() { - local cmd="$1" dir="$2" - - . $TMPDIR/buildFlagsArray - - declare -a flags - flags+=($buildFlags "''${buildFlagsArray[@]}") - flags+=(''${tags:+-tags=''${tags// /,}}) - flags+=(''${ldflags:+-ldflags="$ldflags"}) - flags+=("-p" "$NIX_BUILD_CORES") - - if [ "$cmd" = "test" ]; then - flags+=(-vet=off) - flags+=($checkFlags) - fi - - local OUT - if ! OUT="$(go $cmd "''${flags[@]}" $dir 2>&1)"; then - if ! echo "$OUT" | grep -qE '(no( buildable| non-test)?|build constraints exclude all) Go (source )?files'; then - echo "$OUT" >&2 - return 1 - fi - fi - if [ -n "$OUT" ]; then - echo "$OUT" >&2 - fi - return 0 - } - - getGoDirs() { - local type; - type="$1" - if [ -n "$subPackages" ]; then - echo "$subPackages" | sed "s,\(^\| \),\1./,g" - else - find . -type f -name \*$type.go -exec dirname {} \; | grep -v "/vendor/" | sort --unique | grep -v "$exclude" - fi - } - - if (( "''${NIX_DEBUG:-0}" >= 1 )); then - buildFlagsArray+=(-x) - fi - - if [ ''${#buildFlagsArray[@]} -ne 0 ]; then - declare -p buildFlagsArray > $TMPDIR/buildFlagsArray - else - touch $TMPDIR/buildFlagsArray - fi - if [ -z "$enableParallelBuilding" ]; then - export NIX_BUILD_CORES=1 - fi - for pkg in $(getGoDirs ""); do - echo "Building subPackage $pkg" - buildGoDir install "$pkg" - done - '' + lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' - # normalize cross-compiled builds w.r.t. native builds - ( - dir=$GOPATH/bin/${go.GOOS}_${go.GOARCH} - if [[ -n "$(shopt -s nullglob; echo $dir/*)" ]]; then - mv $dir/* $dir/.. - fi - if [[ -d $dir ]]; then - rmdir $dir - fi - ) - '' + '' - runHook postBuild - ''); - - doCheck = args.doCheck or true; - checkPhase = args.checkPhase or '' - runHook preCheck - # We do not set trimpath for tests, in case they reference test assets - export GOFLAGS=''${GOFLAGS//-trimpath/} - - for pkg in $(getGoDirs test); do - buildGoDir test "$pkg" - done - - runHook postCheck - ''; - - installPhase = args.installPhase or '' - runHook preInstall - - mkdir -p $out - dir="$GOPATH/bin" - [ -e "$dir" ] && cp -r $dir $out - - runHook postInstall - ''; - - strictDeps = true; - - disallowedReferences = lib.optional (!allowGoReference) go; - - passthru = passthru // { inherit go goModules vendorHash; } // { inherit (args') vendorSha256; }; - - meta = { - # Add default meta information - platforms = go.meta.platforms or lib.platforms.all; - } // meta; - }); -in -lib.warnIf (buildFlags != "" || buildFlagsArray != "") - "Use the `ldflags` and/or `tags` attributes instead of `buildFlags`/`buildFlagsArray`" - package \ No newline at end of file diff --git a/utils/golang/remove-tools-1.11.patch b/utils/golang/remove-tools-1.11.patch deleted file mode 100644 index cff3599..0000000 --- a/utils/golang/remove-tools-1.11.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/src/go/build/build.go b/src/go/build/build.go -index b68a712..b60bf19 100644 ---- a/src/go/build/build.go -+++ b/src/go/build/build.go -@@ -1708,7 +1708,7 @@ func init() { - } - - // ToolDir is the directory containing build tools. --var ToolDir = getToolDir() -+var ToolDir = runtime.GOTOOLDIR() - - // IsLocalImport reports whether the import path is - // a local import path, like ".", "..", "./foo", or "../foo". -diff --git a/src/runtime/extern.go b/src/runtime/extern.go -index 7171b13..18a942c 100644 ---- a/src/runtime/extern.go -+++ b/src/runtime/extern.go -@@ -229,6 +229,17 @@ func GOROOT() string { - return sys.DefaultGoroot - } - -+// GOTOOLDIR returns the root of the Go tree. -+// It uses the GOTOOLDIR environment variable, if set, -+// or else the root used during the Go build. -+func GOTOOLDIR() string { -+ s := gogetenv("GOTOOLDIR") -+ if s != "" { -+ return s -+ } -+ return GOROOT() + "/pkg/tool/" + GOOS + "_" + GOARCH -+} -+ - // Version returns the Go tree's version string. - // It is either the commit hash and date at the time of the build or, - // when possible, a release tag like "go1.3". diff --git a/utils/golang/tzdata-1.19.patch b/utils/golang/tzdata-1.19.patch deleted file mode 100644 index f5b55d5..0000000 --- a/utils/golang/tzdata-1.19.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go -index 67b8beb47b..5cd1fb1759 100644 ---- a/src/time/zoneinfo_unix.go -+++ b/src/time/zoneinfo_unix.go -@@ -18,6 +18,7 @@ import ( - // Many systems use /usr/share/zoneinfo, Solaris 2 has - // /usr/share/lib/zoneinfo, IRIX 6 has /usr/lib/locale/TZ. - var platformZoneSources = []string{ -+ "@tzdata@/share/zoneinfo/", - "/usr/share/zoneinfo/", - "/usr/share/lib/zoneinfo/", - "/usr/lib/locale/TZ/", diff --git a/utils/updateHostConfig.nix b/utils/updateHostConfig.nix new file mode 100644 index 0000000..22013ed --- /dev/null +++ b/utils/updateHostConfig.nix @@ -0,0 +1,23 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +rec { + updateHostConfig = + {lib, targetconf}: + [ + { + systemd.network = { + networks."10-virbr0" = lib.mkIf (lib.hasAttr "ipaddr" targetconf) { + addresses = [ + { + addressConfig.Address = "${targetconf.ipaddr}/24"; + } + ]; + routes = lib.mkIf (lib.hasAttr "defaultgw" targetconf) + [ + { routeConfig.Gateway = "${targetconf.defaultgw}"; } + ]; + }; + }; + } + ]; +}