Merge branch 'feature/basic-iso' into teutat3s-init-fae

This commit is contained in:
teutat3s 2022-01-19 01:16:35 +01:00
commit e19388f99b
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
15 changed files with 157 additions and 41 deletions

View file

@ -82,8 +82,85 @@ steps:
password:
from_secret: matrix_password
template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
trigger:
event:
- cron
---
kind: pipeline
type: docker
name: Check
steps:
- name: "Check"
image: nixpkgs/nix-flakes:nixos-21.05
when:
event:
- pull_request
- tag
commands:
- echo "" >> /etc/nix/nix.conf
- echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
- echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
- echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
# Currently broken
#- nix -Lv flake check
- nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
- nix -Lv develop -c echo OK
- nix -Lv develop --command bud --help
---
kind: pipeline
type: docker
name: Publish ISO
steps:
- name: "Build ISO"
image: nixpkgs/nix-flakes:nixos-21.05
volumes:
- name: nix-store
path: /var/nix/iso-cache
commands:
- echo "" >> /etc/nix/nix.conf
- echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
- echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
- echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
- nix -Lv develop --command bud build bootstrap bootstrapIso
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
- name: "Publish ISO"
image: appleboy/drone-scp
volumes:
- name: nix-store
path: /var/nix/iso-cache
settings:
host:
from_secret: ssh_host
user:
from_secret: ssh_user
port:
from_secret: ssh_port
key:
from_secret: ssh_key
target: /var/www/pub.solar
source:
- /var/nix/iso-cache/*.iso
strip_components: 3
trigger:
event:
- push
branch:
- feature/basic-iso
volumes:
- name: nix-store
host:
path: "/var/nix/iso-cache"
---
kind: signature
hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167
hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7
...

View file

@ -107,7 +107,7 @@
imports = [ (digga.lib.importHosts ./hosts) ];
hosts = {
/* set host specific properties here */
NixOS = { };
PubSolarOS = { };
fae = {
system = "aarch64-linux";
};
@ -117,9 +117,9 @@
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
base = [ core users.nixos users.root ];
pubsolaros = [ core base-user users.root ];
anonymous = [ pubsolaros users.nixos ];
base = [ core users.pub-solar users.root ];
pubsolaros = [ core full-install base-user users.root ];
anonymous = [ pubsolaros users.pub-solar ];
teutat3s = pubsolaros ++ [ users.teutat3s ];
con = teutat3s ++ [ graphical ];
dumpyourvms = teutat3s ++ [ graphical ];
@ -138,8 +138,8 @@
};
};
users = {
nixos = { suites, ... }: { imports = suites.base; };
teutat3s = { suites, ... }: { imports = suites.base; };
pub-solar = { suites, ... }: { imports = suites.base; };
}; # digga.lib.importers.rakeLeaves ./users/hm;
};

View file

@ -1,7 +1,15 @@
{ suites, ... }:
{ profiles, ... }:
{
### root password is empty by default ###
imports = suites.base;
imports = [
# profiles.networking
profiles.core
profiles.users.root # make sure to configure ssh keys
profiles.users.pub-solar
profiles.base-user
profiles.graphical
profiles.pub-solar-iso
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

View file

@ -8,7 +8,10 @@
# profiles.networking
profiles.core
profiles.users.root # make sure to configure ssh keys
profiles.users.nixos
profiles.users.pub-solar
profiles.base-user
profiles.graphical
profiles.pub-solar-iso
];
boot.loader.systemd-boot.enable = true;

View file

@ -2,7 +2,7 @@
let
inherit (default.inputs.nixos) lib;
host = configs.${hostname} or configs.NixOS;
host = configs.${hostname} or configs.PubSolarOS;
configs = default.nixosConfigurations;
default = (import ../.).defaultNix;
hostname = lib.fileContents /etc/hostname;

View file

@ -8,6 +8,8 @@ in
{
options.pub-solar.audio = {
enable = mkEnableOption "Life in highs and lows";
mopidy.enable = mkEnableOption "Life with mopidy";
bluetooth.enable = mkEnableOption "Life with bluetooth";
};
config = mkIf cfg.enable {
@ -43,7 +45,7 @@ in
config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);
# Bluetooth configuration for pipewire
media-session.config.bluez-monitor.rules = [
media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [
{
# Matches all cards
matches = [{ "device.name" = "~bluez_card.*"; }];
@ -70,10 +72,10 @@ in
};
# Enable bluetooth
hardware.bluetooth.enable = true;
services.blueman.enable = true;
hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
services.blueman.enable = mkIf cfg.bluetooth.enable true;
# Enable audio server & client
#services.mopidy = import ./mopidy.nix pkgs;
services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
};
}

View file

@ -1,19 +0,0 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.server;
in
{
options.pub-solar.server = {
enable = mkEnableOption "Enable server options like sshd";
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
};
}

View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.audio.enable = true;
}

View file

@ -20,7 +20,7 @@ in
home.packages = with pkgs; [ ];
fonts.fontconfig.enable = true;
fonts.fontconfig.enable = mkForce true;
programs.dircolors.enable = true;
programs.dircolors.enableZshIntegration = true;

View file

@ -9,12 +9,6 @@ in
pub-solar.audio.enable = true;
pub-solar.crypto.enable = true;
pub-solar.devops.enable = true;
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.office.enable = true;
# pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
pub-solar.server.enable = true;
pub-solar.printing.enable = true;
nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];

View file

@ -0,0 +1,15 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
imports = [ ../cachix ];
config = {
pub-solar.audio.mopidy.enable = true;
pub-solar.audio.bluetooth.enable = true;
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.office.enable = true;
# pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
};
}

View file

@ -4,5 +4,4 @@ in
{
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.social.enable = true;
}

View file

@ -0,0 +1,9 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
imports = [ ../cachix ];
config = {
pub-solar.x-os.iso-options.enable = true;
};
}

View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.social.enable = true;
}

View file

@ -0,0 +1,16 @@
{ hmUsers, ... }:
{
home-manager.users = { inherit (hmUsers) pub-solar; };
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
# The rest is used for programs like git
user = {
name = "pub-solar";
password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
fullName = "Pub Solar";
email = "iso@pub.solar";
};
};
}