From 612e5e35c0cab9ed9f836d1dc861a815d3921bbe Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 1 Oct 2022 23:12:48 +0200 Subject: [PATCH 1/4] Fix swayidle, lock, waybar menu --- modules/sway/config/config.d/mode_system.conf.nix | 15 +++++++++++---- modules/sway/default.nix | 2 +- modules/sway/swayidle.service.nix | 8 ++++---- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index f34ecc57..f01921c4 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -1,15 +1,22 @@ -{ psCfg, ... }: '' +{ pkgs, psCfg, ... }: '' # Set shut down, restart and locking features +'' + (if psCfg.core.hibernation.enable && !psCfg.paranoia.enable then '' + set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'' else if psCfg.paranoia.enable then '' set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +'' else '' + set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'') ++ '' bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym e exec swaymsg exit, mode "default" '' + (if psCfg.core.hibernation.enable then '' - bindsym h exec systemctl hibernate, mode "default" + bindsym h exec systemctl hibernate, mode "default" '' else "") + (if !psCfg.paranoia.enable then '' - bindsym l exec swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" + bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" '' else "") + '' bindsym r exec systemctl reboot, mode "default" bindsym Shift+s exec systemctl poweroff, mode "default" diff --git a/modules/sway/default.nix b/modules/sway/default.nix index dd0e6055..c173e9ce 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -98,7 +98,7 @@ in xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 685d0f1d..80a04518 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,14 +9,14 @@ }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; + ExecStart = ''swayidle -w \ after-resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ + before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ timeout 150 'systemctl hibernate' '' else '' \ - timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \ + timeout 600 'swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' ''); }; From 1181cd6feafb4b7a3778fc8dc2a7434bfe2b4b54 Mon Sep 17 00:00:00 2001 From: hensoko Date: Sun, 2 Oct 2022 01:17:34 +0000 Subject: [PATCH 2/4] Improve core module (#132) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/132 Reviewed-by: Benjamin Bädorf --- modules/core/boot.nix | 2 +- modules/core/default.nix | 8 +++--- modules/core/networking.nix | 49 ++++++++++++++++++++++++------------- 3 files changed, 37 insertions(+), 22 deletions(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 10f67dc4..cb16865d 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -19,7 +19,7 @@ in config = { boot = { # Enable plymouth for better experience of booting - plymouth.enable = true; + plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true); # Mount / luks device in initrd # Allow fstrim to work on it. diff --git a/modules/core/default.nix b/modules/core/default.nix index 80ca4926..9a3ea0fe 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -29,12 +29,12 @@ in config = { pub-solar = { - audio.enable = lib.mkIf (!cfg.lite) true; - crypto.enable = lib.mkIf (!cfg.lite) true; - devops.enable = lib.mkIf (!cfg.lite) true; + audio.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + crypto.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + devops.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); terminal-life = { - enable = true; + enable = lib.mkDefault true; lite = cfg.lite; }; }; diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 5774f7eb..edfef42d 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -6,6 +6,15 @@ let cfg = config.pub-solar.core; in { options.pub-solar.core = { + enableCaddy = mkOption { + type = types.bool; + default = !cfg.lite; + }; + enableHelp = mkOption { + type = types.bool; + default = !cfg.lite; + }; + binaryCaches = mkOption { type = types.listOf types.str; default = [ ]; @@ -16,11 +25,6 @@ in default = [ ]; description = "Public keys of binary caches."; }; - iwdConfig = mkOption { - type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ]))); - default = null; - description = "Configuratoin of iNet Wireless Daemon."; - }; }; config = { # disable NetworkManager-wait-online by default @@ -38,27 +42,38 @@ in # These entries get added to /etc/hosts networking.hosts = { - "127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ]; + "127.0.0.1" = [ ] + ++ lib.optionals cfg.enableCaddy [ "caddy.local" ] + ++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ] + ++ lib.optionals cfg.enableHelp [ "help.local" ]; }; # Caddy reverse proxy for local services like cups services.caddy = { - enable = true; + enable = cfg.enableCaddy; globalConfig = '' default_bind 127.0.0.1 auto_https off ''; - extraConfig = '' - cups.local:80 { - request_header Host localhost:631 - reverse_proxy unix//run/cups/cups.sock - } + extraConfig = concatStringsSep "\n" [ + (lib.optionalString + config.pub-solar.printing.enable + '' + cups.local:80 { + request_header Host localhost:631 + reverse_proxy unix//run/cups/cups.sock + } + '') - help.local:80 { - root * ${pkgs.psos-docs}/lib/html - file_server - } - ''; + (lib.optionalString + cfg.enableHelp + '' + help.local:80 { + root * ${pkgs.psos-docs}/lib/html + file_server + } + '') + ]; }; }; } From e80195849422055e52d3e447cb92428cc88fca19 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 2 Oct 2022 04:10:50 +0200 Subject: [PATCH 3/4] Update inputs in flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 794fd6d0..4e02f07a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1661329936, - "narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=", + "lastModified": 1664210064, + "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9", + "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "type": "github" }, "original": { @@ -192,11 +192,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1648199409, - "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "latest_2": { "locked": { - "lastModified": 1661361016, - "narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=", + "lastModified": 1664538465, + "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887", + "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1659610603, - "narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", + "lastModified": 1662220400, + "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", "owner": "nmattia", "repo": "naersk", - "rev": "c6a45e4277fa58abd524681466d3450f896dc094", + "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", "type": "github" }, "original": { @@ -359,11 +359,11 @@ }, "nixos": { "locked": { - "lastModified": 1661427965, - "narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=", + "lastModified": 1664594436, + "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "058de3818577db19d1965c21e2479916a3eaaf95", + "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660407119, - "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", + "lastModified": 1664628729, + "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", + "rev": "3024c67a2e9a35450558426c42e7419ab37efd95", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1654975372, - "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", + "lastModified": 1664550666, + "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "owner": "berberman", "repo": "nvfetcher", - "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", + "rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "type": "github" }, "original": { From 986680cc26e75217b9365935f379581b84b26007 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 2 Oct 2022 23:59:08 +0200 Subject: [PATCH 4/4] bootstrap iso: add PubSolarOS naming, drone pipeline adjustments to include a symlink to the latest iso built --- .drone.yml | 13 +++++++++-- hosts/bootstrap.nix | 48 +++++++++++++++++++++++++++++++--------- modules/core/default.nix | 9 ++++---- 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/.drone.yml b/.drone.yml index 7da733c4..b9718b8c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -98,7 +98,14 @@ steps: - | nix $$NIX_FLAGS build \ '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ + - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/ + - nix shell nixpkgs#findutils + - cd /var/nix/iso-cache/ + - export ISO_NAME=$(find . -name '*.iso' -printf "%f\n") + - sha256sum $ISO_NAME > $ISO_NAME.sha256 + - ln -s $ISO_NAME PubSolarOS-latest.iso + - cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256 + - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256 - name: "Publish ISO" image: appleboy/drone-scp @@ -117,6 +124,8 @@ steps: target: /srv/os source: - /var/nix/iso-cache/*.iso + - /var/nix/iso-cache/*.iso.sha256 + overwrite: true strip_components: 3 depends_on: @@ -134,6 +143,6 @@ volumes: --- kind: signature -hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db +hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6 ... diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 7772b0f1..49422675 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,4 +1,18 @@ -{ profiles, ... }: +{ config, lib, pkgs, profiles, ... }: +with lib; +let + # Gets hostname of host to be bundled inside iso + # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 + getFqdn = config: + let + net = config.networking; + fqdn = + if (net ? domain) && (net.domain != null) + then "${net.hostName}.${net.domain}" + else net.hostName; + in + fqdn; +in { # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` imports = [ @@ -10,16 +24,28 @@ profiles.pub-solar-iso ]; - boot.loader.systemd-boot.enable = true; + config = { + boot.loader.systemd-boot.enable = true; - # will be overridden by the bootstrapIso instrumentation - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; + # will be overridden by the bootstrapIso instrumentation + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? + system.nixos.label = "PubSolarOS-" + config.system.nixos.version; + + # mkForce because a similar transformation gets double applied otherwise + # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17 + # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22 + isoImage = { + isoBaseName = mkForce (getFqdn config); + isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; } diff --git a/modules/core/default.nix b/modules/core/default.nix index 9a3ea0fe..4f74b46d 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,7 +2,6 @@ with lib; let - psCfg = config.pub-solar; cfg = config.pub-solar.core; in { @@ -29,12 +28,12 @@ in config = { pub-solar = { - audio.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); - crypto.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); - devops.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + audio.enable = mkIf (!cfg.lite) (mkDefault true); + crypto.enable = mkIf (!cfg.lite) (mkDefault true); + devops.enable = mkIf (!cfg.lite) (mkDefault true); terminal-life = { - enable = lib.mkDefault true; + enable = mkDefault true; lite = cfg.lite; }; };