diff --git a/.drone.yml b/.drone.yml index 7da733c4..b9718b8c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -98,7 +98,14 @@ steps: - | nix $$NIX_FLAGS build \ '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ + - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/ + - nix shell nixpkgs#findutils + - cd /var/nix/iso-cache/ + - export ISO_NAME=$(find . -name '*.iso' -printf "%f\n") + - sha256sum $ISO_NAME > $ISO_NAME.sha256 + - ln -s $ISO_NAME PubSolarOS-latest.iso + - cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256 + - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256 - name: "Publish ISO" image: appleboy/drone-scp @@ -117,6 +124,8 @@ steps: target: /srv/os source: - /var/nix/iso-cache/*.iso + - /var/nix/iso-cache/*.iso.sha256 + overwrite: true strip_components: 3 depends_on: @@ -134,6 +143,6 @@ volumes: --- kind: signature -hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db +hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6 ... diff --git a/flake.lock b/flake.lock index 21e6d20c..805e68ba 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1661329936, - "narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=", + "lastModified": 1664210064, + "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9", + "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "type": "github" }, "original": { @@ -192,11 +192,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1648199409, - "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "latest_2": { "locked": { - "lastModified": 1661361016, - "narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=", + "lastModified": 1664687381, + "narHash": "sha256-9czSuDzS+OGGwq2kC4KXBLXWfYaup+oLB+AA1Md25U4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887", + "rev": "59d2991d4256cdca1c0cda45d876c80a0fe45c31", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1659610603, - "narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", + "lastModified": 1662220400, + "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", "owner": "nmattia", "repo": "naersk", - "rev": "c6a45e4277fa58abd524681466d3450f896dc094", + "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", "type": "github" }, "original": { @@ -359,11 +359,11 @@ }, "nixos": { "locked": { - "lastModified": 1661427965, - "narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=", + "lastModified": 1664594436, + "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "058de3818577db19d1965c21e2479916a3eaaf95", + "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660291411, - "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", + "lastModified": 1664628729, + "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", + "rev": "3024c67a2e9a35450558426c42e7419ab37efd95", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1654975372, - "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", + "lastModified": 1664550666, + "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "owner": "berberman", "repo": "nvfetcher", - "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", + "rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "type": "github" }, "original": { @@ -475,11 +475,11 @@ }, "pub-solar": { "locked": { - "lastModified": 1654369474, - "narHash": "sha256-omGF0Ws0l/HE+S08hDObnNptPwM+dVhnA8ya+TAKBHI=", + "lastModified": 1654372286, + "narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=", "owner": "pub-solar", "repo": "nixpkgs", - "rev": "0b509c42845cea8389e02dcb589eec1c8a165f10", + "rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b", "type": "github" }, "original": { diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 7772b0f1..49422675 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,4 +1,18 @@ -{ profiles, ... }: +{ config, lib, pkgs, profiles, ... }: +with lib; +let + # Gets hostname of host to be bundled inside iso + # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 + getFqdn = config: + let + net = config.networking; + fqdn = + if (net ? domain) && (net.domain != null) + then "${net.hostName}.${net.domain}" + else net.hostName; + in + fqdn; +in { # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` imports = [ @@ -10,16 +24,28 @@ profiles.pub-solar-iso ]; - boot.loader.systemd-boot.enable = true; + config = { + boot.loader.systemd-boot.enable = true; - # will be overridden by the bootstrapIso instrumentation - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; + # will be overridden by the bootstrapIso instrumentation + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? + system.nixos.label = "PubSolarOS-" + config.system.nixos.version; + + # mkForce because a similar transformation gets double applied otherwise + # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17 + # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22 + isoImage = { + isoBaseName = mkForce (getFqdn config); + isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; } diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 8b94f5a3..0d631251 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -19,7 +19,7 @@ with lib; config = { boot = { # Enable plymouth for better experience of booting - plymouth.enable = true; + plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true); # Mount / luks device in initrd # Allow fstrim to work on it. diff --git a/modules/core/default.nix b/modules/core/default.nix index 80ca4926..4f74b46d 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,7 +2,6 @@ with lib; let - psCfg = config.pub-solar; cfg = config.pub-solar.core; in { @@ -29,12 +28,12 @@ in config = { pub-solar = { - audio.enable = lib.mkIf (!cfg.lite) true; - crypto.enable = lib.mkIf (!cfg.lite) true; - devops.enable = lib.mkIf (!cfg.lite) true; + audio.enable = mkIf (!cfg.lite) (mkDefault true); + crypto.enable = mkIf (!cfg.lite) (mkDefault true); + devops.enable = mkIf (!cfg.lite) (mkDefault true); terminal-life = { - enable = true; + enable = mkDefault true; lite = cfg.lite; }; }; diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 22f18903..edfef42d 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -6,6 +6,15 @@ let cfg = config.pub-solar.core; in { options.pub-solar.core = { + enableCaddy = mkOption { + type = types.bool; + default = !cfg.lite; + }; + enableHelp = mkOption { + type = types.bool; + default = !cfg.lite; + }; + binaryCaches = mkOption { type = types.listOf types.str; default = [ ]; @@ -16,11 +25,6 @@ in default = [ ]; description = "Public keys of binary caches."; }; - iwdConfig = mkOption { - type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ]))); - default = null; - description = "Configuration of iNet Wireless Daemon."; - }; }; config = { # disable NetworkManager-wait-online by default @@ -38,27 +42,38 @@ in # These entries get added to /etc/hosts networking.hosts = { - "127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ]; + "127.0.0.1" = [ ] + ++ lib.optionals cfg.enableCaddy [ "caddy.local" ] + ++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ] + ++ lib.optionals cfg.enableHelp [ "help.local" ]; }; # Caddy reverse proxy for local services like cups services.caddy = { - enable = true; + enable = cfg.enableCaddy; globalConfig = '' default_bind 127.0.0.1 auto_https off ''; - extraConfig = '' - cups.local:80 { - request_header Host localhost:631 - reverse_proxy unix//run/cups/cups.sock - } + extraConfig = concatStringsSep "\n" [ + (lib.optionalString + config.pub-solar.printing.enable + '' + cups.local:80 { + request_header Host localhost:631 + reverse_proxy unix//run/cups/cups.sock + } + '') - help.local:80 { - root * ${pkgs.psos-docs}/lib/html - file_server - } - ''; + (lib.optionalString + cfg.enableHelp + '' + help.local:80 { + root * ${pkgs.psos-docs}/lib/html + file_server + } + '') + ]; }; }; } diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index f34ecc57..f01921c4 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -1,15 +1,22 @@ -{ psCfg, ... }: '' +{ pkgs, psCfg, ... }: '' # Set shut down, restart and locking features +'' + (if psCfg.core.hibernation.enable && !psCfg.paranoia.enable then '' + set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'' else if psCfg.paranoia.enable then '' set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +'' else '' + set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'') ++ '' bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym e exec swaymsg exit, mode "default" '' + (if psCfg.core.hibernation.enable then '' - bindsym h exec systemctl hibernate, mode "default" + bindsym h exec systemctl hibernate, mode "default" '' else "") + (if !psCfg.paranoia.enable then '' - bindsym l exec swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" + bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" '' else "") + '' bindsym r exec systemctl reboot, mode "default" bindsym Shift+s exec systemctl poweroff, mode "default" diff --git a/modules/sway/default.nix b/modules/sway/default.nix index b237c527..e6c43b14 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -102,7 +102,7 @@ in xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; }; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 685d0f1d..80a04518 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,14 +9,14 @@ }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; + ExecStart = ''swayidle -w \ after-resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ + before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ timeout 150 'systemctl hibernate' '' else '' \ - timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \ + timeout 600 'swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' ''); };