Merge branch 'main' into b12f

This commit is contained in:
Benjamin Bädorf 2022-10-03 02:49:55 +02:00
commit 2c5b015e7d
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
9 changed files with 131 additions and 75 deletions

View file

@ -98,7 +98,14 @@ steps:
- | - |
nix $$NIX_FLAGS build \ nix $$NIX_FLAGS build \
'.#nixosConfigurations.bootstrap.config.system.build.isoImage' '.#nixosConfigurations.bootstrap.config.system.build.isoImage'
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
- nix shell nixpkgs#findutils
- cd /var/nix/iso-cache/
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
- sha256sum $ISO_NAME > $ISO_NAME.sha256
- ln -s $ISO_NAME PubSolarOS-latest.iso
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
- name: "Publish ISO" - name: "Publish ISO"
image: appleboy/drone-scp image: appleboy/drone-scp
@ -117,6 +124,8 @@ steps:
target: /srv/os target: /srv/os
source: source:
- /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256
overwrite: true
strip_components: 3 strip_components: 3
depends_on: depends_on:
@ -134,6 +143,6 @@ volumes:
--- ---
kind: signature kind: signature
hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6
... ...

View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1652712410, "lastModified": 1664140963,
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -42,11 +42,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1661329936, "lastModified": 1664210064,
"narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=", "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9", "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -192,11 +192,11 @@
"flake-compat_3": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1648199409, "lastModified": 1650374568,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -256,11 +256,11 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1649676176, "lastModified": 1659877975,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +308,11 @@
}, },
"latest_2": { "latest_2": {
"locked": { "locked": {
"lastModified": 1661361016, "lastModified": 1664687381,
"narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=", "narHash": "sha256-9czSuDzS+OGGwq2kC4KXBLXWfYaup+oLB+AA1Md25U4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887", "rev": "59d2991d4256cdca1c0cda45d876c80a0fe45c31",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -329,11 +329,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1659610603, "lastModified": 1662220400,
"narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
"owner": "nmattia", "owner": "nmattia",
"repo": "naersk", "repo": "naersk",
"rev": "c6a45e4277fa58abd524681466d3450f896dc094", "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -359,11 +359,11 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1661427965, "lastModified": 1664594436,
"narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=", "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "058de3818577db19d1965c21e2479916a3eaaf95", "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -394,11 +394,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1660291411, "lastModified": 1664628729,
"narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", "rev": "3024c67a2e9a35450558426c42e7419ab37efd95",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -460,11 +460,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1654975372, "lastModified": 1664550666,
"narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
"owner": "berberman", "owner": "berberman",
"repo": "nvfetcher", "repo": "nvfetcher",
"rev": "d4b237c10f14f72f8266b0f658faad822e491e55", "rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -475,11 +475,11 @@
}, },
"pub-solar": { "pub-solar": {
"locked": { "locked": {
"lastModified": 1654369474, "lastModified": 1654372286,
"narHash": "sha256-omGF0Ws0l/HE+S08hDObnNptPwM+dVhnA8ya+TAKBHI=", "narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
"owner": "pub-solar", "owner": "pub-solar",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0b509c42845cea8389e02dcb589eec1c8a165f10", "rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,4 +1,18 @@
{ profiles, ... }: { config, lib, pkgs, profiles, ... }:
with lib;
let
# Gets hostname of host to be bundled inside iso
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
getFqdn = config:
let
net = config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
in
fqdn;
in
{ {
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
imports = [ imports = [
@ -10,11 +24,22 @@
profiles.pub-solar-iso profiles.pub-solar-iso
]; ];
config = {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation # will be overridden by the bootstrapIso instrumentation
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
# mkForce because a similar transformation gets double applied otherwise
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
isoImage = {
isoBaseName = mkForce (getFqdn config);
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
@ -22,4 +47,5 @@
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
};
} }

View file

@ -19,7 +19,7 @@ with lib;
config = { config = {
boot = { boot = {
# Enable plymouth for better experience of booting # Enable plymouth for better experience of booting
plymouth.enable = true; plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
# Mount / luks device in initrd # Mount / luks device in initrd
# Allow fstrim to work on it. # Allow fstrim to work on it.

View file

@ -2,7 +2,6 @@
with lib; with lib;
let let
psCfg = config.pub-solar;
cfg = config.pub-solar.core; cfg = config.pub-solar.core;
in in
{ {
@ -29,12 +28,12 @@ in
config = { config = {
pub-solar = { pub-solar = {
audio.enable = lib.mkIf (!cfg.lite) true; audio.enable = mkIf (!cfg.lite) (mkDefault true);
crypto.enable = lib.mkIf (!cfg.lite) true; crypto.enable = mkIf (!cfg.lite) (mkDefault true);
devops.enable = lib.mkIf (!cfg.lite) true; devops.enable = mkIf (!cfg.lite) (mkDefault true);
terminal-life = { terminal-life = {
enable = true; enable = mkDefault true;
lite = cfg.lite; lite = cfg.lite;
}; };
}; };

View file

@ -6,6 +6,15 @@ let cfg = config.pub-solar.core;
in in
{ {
options.pub-solar.core = { options.pub-solar.core = {
enableCaddy = mkOption {
type = types.bool;
default = !cfg.lite;
};
enableHelp = mkOption {
type = types.bool;
default = !cfg.lite;
};
binaryCaches = mkOption { binaryCaches = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
@ -16,11 +25,6 @@ in
default = [ ]; default = [ ];
description = "Public keys of binary caches."; description = "Public keys of binary caches.";
}; };
iwdConfig = mkOption {
type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ])));
default = null;
description = "Configuration of iNet Wireless Daemon.";
};
}; };
config = { config = {
# disable NetworkManager-wait-online by default # disable NetworkManager-wait-online by default
@ -38,27 +42,38 @@ in
# These entries get added to /etc/hosts # These entries get added to /etc/hosts
networking.hosts = { networking.hosts = {
"127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ]; "127.0.0.1" = [ ]
++ lib.optionals cfg.enableCaddy [ "caddy.local" ]
++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ]
++ lib.optionals cfg.enableHelp [ "help.local" ];
}; };
# Caddy reverse proxy for local services like cups # Caddy reverse proxy for local services like cups
services.caddy = { services.caddy = {
enable = true; enable = cfg.enableCaddy;
globalConfig = '' globalConfig = ''
default_bind 127.0.0.1 default_bind 127.0.0.1
auto_https off auto_https off
''; '';
extraConfig = '' extraConfig = concatStringsSep "\n" [
(lib.optionalString
config.pub-solar.printing.enable
''
cups.local:80 { cups.local:80 {
request_header Host localhost:631 request_header Host localhost:631
reverse_proxy unix//run/cups/cups.sock reverse_proxy unix//run/cups/cups.sock
} }
'')
(lib.optionalString
cfg.enableHelp
''
help.local:80 { help.local:80 {
root * ${pkgs.psos-docs}/lib/html root * ${pkgs.psos-docs}/lib/html
file_server file_server
} }
''; '')
];
}; };
}; };
} }

View file

@ -1,6 +1,13 @@
{ psCfg, ... }: '' { pkgs, psCfg, ... }: ''
# Set shut down, restart and locking features # Set shut down, restart and locking features
'' + (if psCfg.core.hibernation.enable && !psCfg.paranoia.enable then ''
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
'' else if psCfg.paranoia.enable then ''
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
'' else ''
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
'')
+ ''
bindsym $mod+0 mode "$mode_system" bindsym $mod+0 mode "$mode_system"
mode "$mode_system" { mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default" bindsym e exec swaymsg exit, mode "default"
@ -8,7 +15,7 @@
bindsym h exec systemctl hibernate, mode "default" bindsym h exec systemctl hibernate, mode "default"
'' else "") '' else "")
+ (if !psCfg.paranoia.enable then '' + (if !psCfg.paranoia.enable then ''
bindsym l exec swaylock-bg, mode "default" bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
bindsym s exec systemctl suspend, mode "default" bindsym s exec systemctl suspend, mode "default"
'' else "") + '' '' else "") + ''
bindsym r exec systemctl reboot, mode "default" bindsym r exec systemctl reboot, mode "default"

View file

@ -102,7 +102,7 @@ in
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; }; xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };

View file

@ -9,14 +9,14 @@
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ ExecStart = ''swayidle -w \
after-resume 'swaymsg "output * dpms on"' \ after-resume 'swaymsg "output * dpms on"' \
before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
timeout 150 'systemctl hibernate' timeout 150 'systemctl hibernate'
'' else '' \ '' else '' \
timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \ timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
''); '');
}; };