Merge branch 'feature/basic-iso' into teutat3s-init-fae

2022-01-19 01:16:35 +01:00 · 2022-01-19 01:16:35 +01:00 · e19388f99b
parent 082e33c1ed 907b08930a
commit e19388f99b
15 changed files with 157 additions and 41 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -82,8 +82,85 @@ steps:
      password:
        from_secret: matrix_password
      template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
+
+trigger:
+  event:
+    - cron
+
+---
+kind: pipeline
+type: docker
+name: Check
+
+steps:
+  - name: "Check"
+    image: nixpkgs/nix-flakes:nixos-21.05
+    when:
+      event:
+        - pull_request
+        - tag
+    commands:
+      - echo "" >> /etc/nix/nix.conf
+      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
+      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
+      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
+      # Currently broken
+      #- nix -Lv flake check
+      - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
+      - nix -Lv develop -c echo OK
+      - nix -Lv develop --command bud --help
+
+---
+kind: pipeline
+type: docker
+name: Publish ISO
+
+steps:
+  - name: "Build ISO"
+    image: nixpkgs/nix-flakes:nixos-21.05
+    volumes:
+      - name: nix-store
+        path: /var/nix/iso-cache
+    commands:
+      - echo "" >> /etc/nix/nix.conf
+      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
+      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
+      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
+      - nix -Lv develop --command bud build bootstrap bootstrapIso
+      - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
+
+  - name: "Publish ISO"
+    image: appleboy/drone-scp
+    volumes:
+      - name: nix-store
+        path: /var/nix/iso-cache
+    settings:
+      host:
+        from_secret: ssh_host
+      user:
+        from_secret: ssh_user
+      port:
+        from_secret: ssh_port
+      key:
+        from_secret: ssh_key
+      target: /var/www/pub.solar
+      source:
+        - /var/nix/iso-cache/*.iso
+      strip_components: 3
+
+trigger:
+  event:
+    - push
+  branch:
+    - feature/basic-iso
+
+volumes:
+  - name: nix-store
+    host:
+      path: "/var/nix/iso-cache"
+
 ---
 kind: signature
-hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167
+hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7

 ...
--- a/flake.nix
+++ b/flake.nix
@ -107,7 +107,7 @@
          imports = [ (digga.lib.importHosts ./hosts) ];
          hosts = {
            /* set host specific properties here */
-            NixOS = { };
+            PubSolarOS = { };
            fae = {
              system = "aarch64-linux";
            };
@ -117,9 +117,9 @@
              users = digga.lib.rakeLeaves ./users;
            };
            suites = with profiles; rec {
-              base = [ core users.nixos users.root ];
-              pubsolaros = [ core base-user users.root ];
-              anonymous = [ pubsolaros users.nixos ];
+              base = [ core users.pub-solar users.root ];
+              pubsolaros = [ core full-install base-user users.root ];
+              anonymous = [ pubsolaros users.pub-solar ];
              teutat3s = pubsolaros ++ [ users.teutat3s ];
              con = teutat3s ++ [ graphical ];
              dumpyourvms = teutat3s ++ [ graphical ];
@ -138,8 +138,8 @@
            };
          };
          users = {
-            nixos = { suites, ... }: { imports = suites.base; };
            teutat3s = { suites, ... }: { imports = suites.base; };
+            pub-solar = { suites, ... }: { imports = suites.base; };
          }; # digga.lib.importers.rakeLeaves ./users/hm;
        };

--- a/hosts/PubSolarOS.nix
+++ b/hosts/PubSolarOS.nix
@ -1,7 +1,15 @@
-{ suites, ... }:
+{ profiles, ... }:
 {
  ### root password is empty by default ###
-  imports = suites.base;
+  imports = [
+    # profiles.networking
+    profiles.core
+    profiles.users.root # make sure to configure ssh keys
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.graphical
+    profiles.pub-solar-iso
+  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/hosts/bootstrap.nix
+++ b/hosts/bootstrap.nix
@ -8,7 +8,10 @@
    # profiles.networking
    profiles.core
    profiles.users.root # make sure to configure ssh keys
-    profiles.users.nixos
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.graphical
+    profiles.pub-solar-iso
  ];

  boot.loader.systemd-boot.enable = true;
--- a/lib/compat/nixos/default.nix
+++ b/lib/compat/nixos/default.nix
@ -2,7 +2,7 @@
 let
  inherit (default.inputs.nixos) lib;

-  host = configs.${hostname} or configs.NixOS;
+  host = configs.${hostname} or configs.PubSolarOS;
  configs = default.nixosConfigurations;
  default = (import ../.).defaultNix;
  hostname = lib.fileContents /etc/hostname;
--- a/modules/audio/default.nix
+++ b/modules/audio/default.nix
@ -8,6 +8,8 @@ in
 {
  options.pub-solar.audio = {
    enable = mkEnableOption "Life in highs and lows";
+    mopidy.enable = mkEnableOption "Life with mopidy";
+    bluetooth.enable = mkEnableOption "Life with bluetooth";
  };

  config = mkIf cfg.enable {
@ -43,7 +45,7 @@ in
      config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);

      # Bluetooth configuration for pipewire
-      media-session.config.bluez-monitor.rules = [
+      media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [
        {
          # Matches all cards
          matches = [{ "device.name" = "~bluez_card.*"; }];
@ -70,10 +72,10 @@ in
    };

    # Enable bluetooth
-    hardware.bluetooth.enable = true;
-    services.blueman.enable = true;
+    hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
+    services.blueman.enable = mkIf cfg.bluetooth.enable true;

    # Enable audio server & client
-    #services.mopidy = import ./mopidy.nix pkgs;
+    services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
  };
 }
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -1,19 +0,0 @@
-{ lib, config, pkgs, ... }:
-with lib;
-let
-  psCfg = config.pub-solar;
-  cfg = config.pub-solar.server;
-in
-{
-  options.pub-solar.server = {
-    enable = mkEnableOption "Enable server options like sshd";
-  };
-
-  config = mkIf cfg.enable {
-    services.openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
-  };
-}
--- a/profiles/audio/default.nix
+++ b/profiles/audio/default.nix
@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.audio.enable = true;
+}
--- a/profiles/base-user/home.nix
+++ b/profiles/base-user/home.nix
@ -20,7 +20,7 @@ in

    home.packages = with pkgs; [ ];

-    fonts.fontconfig.enable = true;
+    fonts.fontconfig.enable = mkForce true;

    programs.dircolors.enable = true;
    programs.dircolors.enableZshIntegration = true;
--- a/profiles/core/default.nix
+++ b/profiles/core/default.nix
@ -9,12 +9,6 @@ in
    pub-solar.audio.enable = true;
    pub-solar.crypto.enable = true;
    pub-solar.devops.enable = true;
-    pub-solar.docker.enable = true;
-    pub-solar.nextcloud.enable = true;
-    pub-solar.office.enable = true;
-    # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
-    pub-solar.server.enable = true;
-    pub-solar.printing.enable = true;

    nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];

--- a/profiles/full-install/default.nix
+++ b/profiles/full-install/default.nix
@ -0,0 +1,15 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  imports = [ ../cachix ];
+
+  config = {
+    pub-solar.audio.mopidy.enable = true;
+    pub-solar.audio.bluetooth.enable = true;
+    pub-solar.docker.enable = true;
+    pub-solar.nextcloud.enable = true;
+    pub-solar.office.enable = true;
+    # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
+  };
+}
--- a/profiles/graphical/default.nix
+++ b/profiles/graphical/default.nix
@ -4,5 +4,4 @@ in
 {
  pub-solar.graphical.enable = true;
  pub-solar.sway.enable = true;
-  pub-solar.social.enable = true;
 }
--- a/profiles/pub-solar-iso/default.nix
+++ b/profiles/pub-solar-iso/default.nix
@ -0,0 +1,9 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  imports = [ ../cachix ];
+  config = {
+    pub-solar.x-os.iso-options.enable = true;
+  };
+}
--- a/profiles/social/default.nix
+++ b/profiles/social/default.nix
@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.social.enable = true;
+}
--- a/users/pub-solar/default.nix
+++ b/users/pub-solar/default.nix
@ -0,0 +1,16 @@
+{ hmUsers, ... }:
+{
+  home-manager.users = { inherit (hmUsers) pub-solar; };
+
+  pub-solar = {
+    # These are your personal settings
+    # The only required settings are `name` and `password`,
+    # The rest is used for programs like git
+    user = {
+      name = "pub-solar";
+      password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
+      fullName = "Pub Solar";
+      email = "iso@pub.solar";
+    };
+  };
+}