Rebase ghaf release 2403

.github/actions/build-action/entrypoint.sh

@@ -10,7 +10,7 @@ RA_TOKEN=$3
 SSH_DIR="/root/.ssh/"
 RESULT_DIR="result/iso/"
 RESULT_NAME="nixos.iso"
-RESULT_COPY_DIR="./result_to_upload/"
+RESULT_COPY_DIR="./"
 SYS_USER_NAME="root"
 
 err_print() {

.github/actions/upload-action-harbor/upload.sh

@@ -14,6 +14,8 @@ err_exit() {
   exit "$rc"
 }
 
+cd $GITHUB_WORKSPACE
+
 echo "::group::Input validation"
 
 [ ! "$HARBOR_URL" ] && err_exit 1 "HARBOR_URL undefined"
@@ -41,7 +43,7 @@ for input in $INPUT_PATHS; do
 
   UPLOAD_DIR=$SOURCE_DIR
   echo "oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR"
-  oras push --disable-path-validation "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR
+  oras push "$HARBOR_URL/$DEST_DIR:$TAG" $UPLOAD_DIR
 done
 
 echo "::endgroup::"

.github/actions/upload-action-jfrog/upload.sh

@@ -14,6 +14,8 @@ err_exit() {
   exit "$rc"
 }
 
+cd $GITHUB_WORKSPACE
+
 echo "::group::Input validation"
 
 [ ! "$JFROG_URL" ] && err_exit 1 "JFROG_URL undefined"

.github/workflows/build.yml

@@ -56,13 +56,13 @@ jobs:
           JFROG_TOKEN: ${{ secrets.JFROG_TOKEN }}
           JFROG_URL: ${{ secrets.JFROG_URL }}
           input-paths:  |
-            ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso
+            ${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso
       - name: Push to Harbor artifactory
         uses: ./.github/actions/upload-action-harbor
         with:
           HARBOR_UNAME: ${{ secrets.HARBOR_UNAME }}
           HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }}
           HARBOR_URL: ${{ secrets.HARBOR_URL }}
           input-paths:  |
-            ${{ github.workspace }}/${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }}
+            ${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }}
 

config-processor-hardware.nix

@@ -14,6 +14,7 @@
 }:
 let
   updateAttrs = (import ./utils/updateAttrs.nix).updateAttrs;
+  updateHostConfig = (import ./utils/updateHostConfig.nix).updateHostConfig;
 
   targetconf = if lib.hasAttr "extend" sysconf
                then updateAttrs false (import (lib.path.append ./hardware sysconf.extend) ).sysconf sysconf
@@ -23,7 +24,7 @@ let
   system = "x86_64-linux";
   vms = targetconf.vms;
 
-  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf;});
+  importvm = vmconf: (import ./modules/virtualization/microvm/vm.nix {inherit ghafOS vmconf self;});
   enablevm = vm: {
     virtualization.microvm.${vm.name} = {
       enable = true;
@@ -41,15 +42,20 @@ let
       modules =
         [
           microvm.nixosModules.host
-          (import "${ghafOS}/modules/host")
-          (import "${ghafOS}/modules/virtualization/microvm/microvm-host.nix")
+          self.nixosModules.fmo-configs
+          self.nixosModules.ghaf-common
+          ghafOS.nixosModules.host
+
+          (import "${ghafOS}/modules/microvm/networking.nix")
+          (import "${ghafOS}/modules/microvm/virtualization/microvm/microvm-host.nix")
           {
             ghaf = lib.mkMerge (
               [
                 {
                   hardware.x86_64.common.enable = true;
 
                   virtualization.microvm-host.enable = true;
+                  virtualization.microvm-host.hostNetworkSupport = true;
                   host.networking.enable = true;
 
                   # Enable all the default UI applications
@@ -76,9 +82,8 @@ let
             ];
           }
         ]
+        ++ updateHostConfig {inherit lib; inherit targetconf;}
         ++ map (vm: importvm vms.${vm}) (builtins.attrNames vms)
-        ++ (import "${ghafOS}/modules/module-list.nix")
-        ++ (import ./modules/fmo-module-list.nix)
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" targetconf then targetconf.extraModules else []);
     };
@@ -87,16 +92,18 @@ let
     name = "${name}-${variant}";
     package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr};
   };
-  debugModules = [(import "${ghafOS}/modules/development/usb-serial.nix") {ghaf.development.usb-serial.enable = true;}];
+  debugModules = [{ghaf.development.usb-serial.enable = true;}];
   targets = [
     (target "debug" debugModules)
     (target "release" [])
   ];
 in {
-  nixosConfigurations =
-    builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
-  packages = {
-    x86_64-linux =
-      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+  flake = {
+    nixosConfigurations =
+      builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets);
+    packages = {
+      x86_64-linux =
+        builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets);
+    };
   };
 }

config-processor-installers.nix

@@ -42,20 +42,40 @@ let
       specialArgs = {inherit lib; inherit ghafOS;};
       modules =
         [
-          (import "${ghafOS}/modules/host")
+          self.nixosModules.installer
+          self.nixosModules.ghaf-common
+
           ({modulesPath, lib, config, ...}: {
             imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
 
             nixpkgs.hostPlatform.system = system;
             nixpkgs.config.allowUnfree = true;
 
             hardware.enableAllFirmware = true;
+
+            # Installer system profile
+            # Use less privileged ghaf user
+            users.users.ghaf = {
+              isNormalUser = true;
+              extraGroups = ["wheel" "networkmanager" "video"];
+              # Allow the graphical user to login without password
+              initialHashedPassword = "";
+            };
+
+            # Allow the user to log in as root without a password.
+            users.users.root.initialHashedPassword = "";
 
-            ghaf = {
-              profiles.installer.enable = true;
+            # Allow passwordless sudo from ghaf user
+            security.sudo = {
+              enable = lib.mkDefault true;
+              wheelNeedsPassword = lib.mkImageMediaOverride false;
             };
+
+            # Automatically log in at the virtual consoles.
+            services.getty.autologinUser = lib.mkDefault "ghaf";
           })
 
+          # Configs for installation
           {
             installer.includeOSS = {
               enable = lib.mkDefault true;
@@ -66,6 +86,7 @@ let
             };
           }
 
+          # Installer app
           {
             installer.${installerconf.installer.name} = installerApp installerconf.installer;
           }
@@ -77,8 +98,7 @@ let
             isoImage.squashfsCompression = "lz4"; 
           }
         ]
-        ++ (import ./modules/fmo-module-list.nix)
-        ++ (import "${ghafOS}/modules/module-list.nix")
+        #++ (import "${ghafOS}/modules/module-list.nix")
         ++ extraModules
         ++ (if lib.hasAttr "extraModules" installerconf then installerconf.extraModules else []);
     };
@@ -87,13 +107,15 @@ let
     inherit installerImgCfg system;
     installerImgDrv = installerImgCfg.config.system.build.${installerImgCfg.config.formatAttr};
   };
-  debugModules = [(import "${ghafOS}/modules/development/usb-serial.nix") {ghaf.development.usb-serial.enable = true;}];
+  debugModules = [{ghaf.development.usb-serial.enable = true;}];
   targets = [
     (installer "debug" debugModules)
     (installer "release" [])
   ];
 in {
-  packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
-    ${system}.${name} = installerImgDrv;
-  }) targets);
+  flake = {
+    packages = lib.foldr lib.recursiveUpdate {} (map ({name, system, installerImgDrv, ...}: {
+      ${system}.${name} = installerImgDrv;
+    }) targets);
+  };
 }