Merge branch 'main' into b12f
This commit is contained in:
commit
2c5b015e7d
13
.drone.yml
13
.drone.yml
|
@ -98,7 +98,14 @@ steps:
|
|||
- |
|
||||
nix $$NIX_FLAGS build \
|
||||
'.#nixosConfigurations.bootstrap.config.system.build.isoImage'
|
||||
- cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
|
||||
- cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
|
||||
- nix shell nixpkgs#findutils
|
||||
- cd /var/nix/iso-cache/
|
||||
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
|
||||
- sha256sum $ISO_NAME > $ISO_NAME.sha256
|
||||
- ln -s $ISO_NAME PubSolarOS-latest.iso
|
||||
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
|
||||
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
|
||||
|
||||
- name: "Publish ISO"
|
||||
image: appleboy/drone-scp
|
||||
|
@ -117,6 +124,8 @@ steps:
|
|||
target: /srv/os
|
||||
source:
|
||||
- /var/nix/iso-cache/*.iso
|
||||
- /var/nix/iso-cache/*.iso.sha256
|
||||
overwrite: true
|
||||
strip_components: 3
|
||||
|
||||
depends_on:
|
||||
|
@ -134,6 +143,6 @@ volumes:
|
|||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db
|
||||
hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6
|
||||
|
||||
...
|
||||
|
|
60
flake.lock
60
flake.lock
|
@ -7,11 +7,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1652712410,
|
||||
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
|
||||
"lastModified": 1664140963,
|
||||
"narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
|
||||
"rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -42,11 +42,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1661329936,
|
||||
"narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=",
|
||||
"lastModified": 1664210064,
|
||||
"narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=",
|
||||
"owner": "LnL7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9",
|
||||
"rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -192,11 +192,11 @@
|
|||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1648199409,
|
||||
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -256,11 +256,11 @@
|
|||
},
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1649676176,
|
||||
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -308,11 +308,11 @@
|
|||
},
|
||||
"latest_2": {
|
||||
"locked": {
|
||||
"lastModified": 1661361016,
|
||||
"narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=",
|
||||
"lastModified": 1664687381,
|
||||
"narHash": "sha256-9czSuDzS+OGGwq2kC4KXBLXWfYaup+oLB+AA1Md25U4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887",
|
||||
"rev": "59d2991d4256cdca1c0cda45d876c80a0fe45c31",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -329,11 +329,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1659610603,
|
||||
"narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=",
|
||||
"lastModified": 1662220400,
|
||||
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "c6a45e4277fa58abd524681466d3450f896dc094",
|
||||
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -359,11 +359,11 @@
|
|||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1661427965,
|
||||
"narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=",
|
||||
"lastModified": 1664594436,
|
||||
"narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "058de3818577db19d1965c21e2479916a3eaaf95",
|
||||
"rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -394,11 +394,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1660291411,
|
||||
"narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=",
|
||||
"lastModified": 1664628729,
|
||||
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6",
|
||||
"rev": "3024c67a2e9a35450558426c42e7419ab37efd95",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -460,11 +460,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1654975372,
|
||||
"narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=",
|
||||
"lastModified": 1664550666,
|
||||
"narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=",
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"rev": "d4b237c10f14f72f8266b0f658faad822e491e55",
|
||||
"rev": "9763ad40d59a044e90726653d9253efaeeb053b2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -475,11 +475,11 @@
|
|||
},
|
||||
"pub-solar": {
|
||||
"locked": {
|
||||
"lastModified": 1654369474,
|
||||
"narHash": "sha256-omGF0Ws0l/HE+S08hDObnNptPwM+dVhnA8ya+TAKBHI=",
|
||||
"lastModified": 1654372286,
|
||||
"narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
|
||||
"owner": "pub-solar",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0b509c42845cea8389e02dcb589eec1c8a165f10",
|
||||
"rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,4 +1,18 @@
|
|||
{ profiles, ... }:
|
||||
{ config, lib, pkgs, profiles, ... }:
|
||||
with lib;
|
||||
let
|
||||
# Gets hostname of host to be bundled inside iso
|
||||
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
|
||||
getFqdn = config:
|
||||
let
|
||||
net = config.networking;
|
||||
fqdn =
|
||||
if (net ? domain) && (net.domain != null)
|
||||
then "${net.hostName}.${net.domain}"
|
||||
else net.hostName;
|
||||
in
|
||||
fqdn;
|
||||
in
|
||||
{
|
||||
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
|
||||
imports = [
|
||||
|
@ -10,11 +24,22 @@
|
|||
profiles.pub-solar-iso
|
||||
];
|
||||
|
||||
config = {
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# will be overridden by the bootstrapIso instrumentation
|
||||
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; };
|
||||
|
||||
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
|
||||
|
||||
# mkForce because a similar transformation gets double applied otherwise
|
||||
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
|
||||
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
|
||||
isoImage = {
|
||||
isoBaseName = mkForce (getFqdn config);
|
||||
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
@ -22,4 +47,5 @@
|
|||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
};
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ with lib;
|
|||
config = {
|
||||
boot = {
|
||||
# Enable plymouth for better experience of booting
|
||||
plymouth.enable = true;
|
||||
plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
|
||||
|
||||
# Mount / luks device in initrd
|
||||
# Allow fstrim to work on it.
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
with lib;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.core;
|
||||
in
|
||||
{
|
||||
|
@ -29,12 +28,12 @@ in
|
|||
|
||||
config = {
|
||||
pub-solar = {
|
||||
audio.enable = lib.mkIf (!cfg.lite) true;
|
||||
crypto.enable = lib.mkIf (!cfg.lite) true;
|
||||
devops.enable = lib.mkIf (!cfg.lite) true;
|
||||
audio.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
crypto.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
devops.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
|
||||
terminal-life = {
|
||||
enable = true;
|
||||
enable = mkDefault true;
|
||||
lite = cfg.lite;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -6,6 +6,15 @@ let cfg = config.pub-solar.core;
|
|||
in
|
||||
{
|
||||
options.pub-solar.core = {
|
||||
enableCaddy = mkOption {
|
||||
type = types.bool;
|
||||
default = !cfg.lite;
|
||||
};
|
||||
enableHelp = mkOption {
|
||||
type = types.bool;
|
||||
default = !cfg.lite;
|
||||
};
|
||||
|
||||
binaryCaches = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
|
@ -16,11 +25,6 @@ in
|
|||
default = [ ];
|
||||
description = "Public keys of binary caches.";
|
||||
};
|
||||
iwdConfig = mkOption {
|
||||
type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ])));
|
||||
default = null;
|
||||
description = "Configuration of iNet Wireless Daemon.";
|
||||
};
|
||||
};
|
||||
config = {
|
||||
# disable NetworkManager-wait-online by default
|
||||
|
@ -38,27 +42,38 @@ in
|
|||
|
||||
# These entries get added to /etc/hosts
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ];
|
||||
"127.0.0.1" = [ ]
|
||||
++ lib.optionals cfg.enableCaddy [ "caddy.local" ]
|
||||
++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ]
|
||||
++ lib.optionals cfg.enableHelp [ "help.local" ];
|
||||
};
|
||||
|
||||
# Caddy reverse proxy for local services like cups
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
enable = cfg.enableCaddy;
|
||||
globalConfig = ''
|
||||
default_bind 127.0.0.1
|
||||
auto_https off
|
||||
'';
|
||||
extraConfig = ''
|
||||
extraConfig = concatStringsSep "\n" [
|
||||
(lib.optionalString
|
||||
config.pub-solar.printing.enable
|
||||
''
|
||||
cups.local:80 {
|
||||
request_header Host localhost:631
|
||||
reverse_proxy unix//run/cups/cups.sock
|
||||
}
|
||||
'')
|
||||
|
||||
(lib.optionalString
|
||||
cfg.enableHelp
|
||||
''
|
||||
help.local:80 {
|
||||
root * ${pkgs.psos-docs}/lib/html
|
||||
file_server
|
||||
}
|
||||
'';
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,13 @@
|
|||
{ psCfg, ... }: ''
|
||||
{ pkgs, psCfg, ... }: ''
|
||||
# Set shut down, restart and locking features
|
||||
'' + (if psCfg.core.hibernation.enable && !psCfg.paranoia.enable then ''
|
||||
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
|
||||
'' else if psCfg.paranoia.enable then ''
|
||||
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
|
||||
'' else ''
|
||||
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
|
||||
'')
|
||||
+ ''
|
||||
bindsym $mod+0 mode "$mode_system"
|
||||
mode "$mode_system" {
|
||||
bindsym e exec swaymsg exit, mode "default"
|
||||
|
@ -8,7 +15,7 @@
|
|||
bindsym h exec systemctl hibernate, mode "default"
|
||||
'' else "")
|
||||
+ (if !psCfg.paranoia.enable then ''
|
||||
bindsym l exec swaylock-bg, mode "default"
|
||||
bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
|
||||
bindsym s exec systemctl suspend, mode "default"
|
||||
'' else "") + ''
|
||||
bindsym r exec systemctl reboot, mode "default"
|
||||
|
|
|
@ -102,7 +102,7 @@ in
|
|||
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
||||
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
|
||||
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
|
||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; };
|
||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
|
||||
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
||||
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
||||
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
};
|
||||
Service = {
|
||||
Type = "simple";
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin";
|
||||
ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
|
||||
ExecStart = ''swayidle -w \
|
||||
after-resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \
|
||||
before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \
|
||||
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
|
||||
timeout 150 'systemctl hibernate'
|
||||
'' else '' \
|
||||
timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \
|
||||
timeout 600 'swaylock-bg' \
|
||||
timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
|
||||
'');
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue