From 411a0e3e74ab36633c9ea32ef64d7b6101b78e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 21 Oct 2021 20:06:57 +0200 Subject: [PATCH 01/22] Add basic ISO setup --- flake.lock | 17 ++++++++++++++++- flake.nix | 2 +- modules/x-os/boot.nix | 8 +++++++- profiles/installed/default.nix | 10 ++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 profiles/installed/default.nix diff --git a/flake.lock b/flake.lock index c9cfb536..488c04da 100644 --- a/flake.lock +++ b/flake.lock @@ -245,6 +245,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home": { "inputs": { "nixpkgs": [ @@ -359,7 +374,7 @@ }, "nix-dram": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs" }, "locked": { diff --git a/flake.nix b/flake.nix index 030ff244..a513d8c0 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.nixos users.root ]; - pubsolaros = [ core base-user users.root ]; + pubsolaros = [ core installed base-user users.root ]; anonymous = [ pubsolaros users.nixos ]; }; }; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 5068590e..131dec8c 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -9,6 +9,12 @@ with lib; { type = types.str; description = "Keyfile location"; }; + + pub-solar.x-os.enableBootLoader = mkOption { + type = types.bool; + default = false; + description = "Whether to include the grub bootloader. Turn this off for ISO images."; + }; }; config = { @@ -31,7 +37,7 @@ with lib; { efi.efiSysMountPoint = "/boot/efi"; grub = { - enable = true; + enable = cfg.enableBootLoader; version = 2; device = "nodev"; efiSupport = true; diff --git a/profiles/installed/default.nix b/profiles/installed/default.nix new file mode 100644 index 00000000..322c3093 --- /dev/null +++ b/profiles/installed/default.nix @@ -0,0 +1,10 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + config = { + pub-solar.printing.enable = true; + pub-solar.x-os.enableBootLoader = true; + }; +} From 7473789e8e04e52be3a7b4174065390c7a678370 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:27:38 +0200 Subject: [PATCH 02/22] kernel: switch to linux lts 5.10 --- profiles/core/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index c4247377..07a05328 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -13,7 +13,6 @@ in pub-solar.nextcloud.enable = true; pub-solar.office.enable = true; # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.server.enable = true; pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -124,7 +123,6 @@ in services.earlyoom.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; boot.supportedFilesystems = [ "ntfs" ]; }; } From 0bfe4a135ef969bc916890dae42300a32f4e6320 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:28:42 +0200 Subject: [PATCH 03/22] modules: remove redundant server module, SSH is enabled in core profile, too --- .gitignore | 2 +- modules/server/default.nix | 19 ------------------- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 modules/server/default.nix diff --git a/.gitignore b/.gitignore index b8cac1af..37acdb01 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,4 @@ doi pkgs/_sources/.shake* tags -/owners \ No newline at end of file +/owners diff --git a/modules/server/default.nix b/modules/server/default.nix deleted file mode 100644 index 3821421c..00000000 --- a/modules/server/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - psCfg = config.pub-solar; - cfg = config.pub-solar.server; -in -{ - options.pub-solar.server = { - enable = mkEnableOption "Enable server options like sshd"; - }; - - config = mkIf cfg.enable { - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - }; -} From 27aab3e5408a2205ceaab76fa995852b53c6fe46 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:29:09 +0200 Subject: [PATCH 04/22] initrd: make keyfile optional --- modules/x-os/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 131dec8c..dff8d526 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -23,7 +23,7 @@ with lib; { # Use Keyfile to unlock the root partition to avoid keying in twice. # Allow fstrim to work on it. - boot.initrd = { + boot.initrd = mkIf cfg.enableBootLoader { secrets = { "/keyfile.bin" = cfg.keyfile; }; luks.devices."cryptroot" = { keyFile = "/keyfile.bin"; From 3aaef50ecaf3b44eac1e1ee30510b59b89ff914b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:12:57 +0200 Subject: [PATCH 05/22] profiles: move social into separate profile --- profiles/graphical/default.nix | 1 - profiles/social/default.nix | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 profiles/social/default.nix diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix index 62acad2f..237a74e5 100644 --- a/profiles/graphical/default.nix +++ b/profiles/graphical/default.nix @@ -4,5 +4,4 @@ in { pub-solar.graphical.enable = true; pub-solar.sway.enable = true; - pub-solar.social.enable = true; } diff --git a/profiles/social/default.nix b/profiles/social/default.nix new file mode 100644 index 00000000..cad05d33 --- /dev/null +++ b/profiles/social/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.social.enable = true; +} From b79e92155a3995ce77b96719a3eac669f9775cb2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:18 +0200 Subject: [PATCH 06/22] bootstrap: add graphical profile --- hosts/bootstrap.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index d491855d..82bea4eb 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -9,6 +9,7 @@ profiles.core profiles.users.root # make sure to configure ssh keys profiles.users.nixos + profiles.graphical ]; boot.loader.systemd-boot.enable = true; From cd4dce51c1bb894da3af9313e310a861ae4dbaba Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:31 +0200 Subject: [PATCH 07/22] drone: init check pipeline --- .drone.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 89514d6c..894360d3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -82,8 +82,31 @@ steps: password: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" + +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: nixpkgs/nix-flakes:nixos-21.05 + when: + event: + - pull_request + - tag + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix -Lv flake check + - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv develop -c echo OK + - nix -Lv develop --command bud --help + --- kind: signature -hmac: 145dff5d1aac21f4c68f186cc2dbd98ccb8f08f23af8df3528de6a21defee1c7 +hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c ... From c95629704115eca1dd6d0423230a9f2373485149 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 01:18:33 +0200 Subject: [PATCH 08/22] x-os: prepare booting from unencrypted /boot partition --- modules/x-os/boot.nix | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index dff8d526..51cd5b4b 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -3,46 +3,19 @@ let cfg = config.pub-solar.x-os; in -with lib; { - options = { - pub-solar.x-os.keyfile = mkOption { - type = types.str; - description = "Keyfile location"; - }; - - pub-solar.x-os.enableBootLoader = mkOption { - type = types.bool; - default = false; - description = "Whether to include the grub bootloader. Turn this off for ISO images."; - }; - }; - +{ config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; - # Use Keyfile to unlock the root partition to avoid keying in twice. + # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = mkIf cfg.enableBootLoader { - secrets = { "/keyfile.bin" = cfg.keyfile; }; + boot.initrd = { luks.devices."cryptroot" = { - keyFile = "/keyfile.bin"; allowDiscards = true; - fallbackToPassword = true; }; }; - # Use GRUB with encrypted /boot under EFI env. - boot.loader = { - efi.efiSysMountPoint = "/boot/efi"; - - grub = { - enable = cfg.enableBootLoader; - version = 2; - device = "nodev"; - efiSupport = true; - enableCryptodisk = true; - }; - }; + boot.loader.systemd-boot.enable = true; }; } From 2588264d881a410df334283a179762ba32a26a76 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:03:28 +0200 Subject: [PATCH 09/22] Make check work --- .drone.yml | 3 ++- flake.lock | 6 +++--- flake.nix | 7 ++++--- hosts/PubSolarOS.nix | 11 +++++++++-- hosts/bootstrap.nix | 1 + lib/compat/nixos/default.nix | 2 +- modules/x-os/boot.nix | 10 ++++++++-- .../{installed => pub-solar-iso}/default.nix | 3 +-- users/pub-solar/default.nix | 16 ++++++++++++++++ 9 files changed, 45 insertions(+), 14 deletions(-) rename profiles/{installed => pub-solar-iso}/default.nix (59%) create mode 100644 users/pub-solar/default.nix diff --git a/.drone.yml b/.drone.yml index 894360d3..be74152a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -100,7 +100,8 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix -Lv flake check + # Currently broken + #- nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help diff --git a/flake.lock b/flake.lock index 488c04da..a5d8b109 100644 --- a/flake.lock +++ b/flake.lock @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1622060422, - "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=", + "lastModified": 1634994402, + "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64", + "rev": "44da835ac40dab5fd231298b59d83487382d2fab", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a513d8c0..70ed129e 100644 --- a/flake.nix +++ b/flake.nix @@ -121,16 +121,16 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ - NixOS = { }; + PubSolarOS = { }; }; importables = rec { profiles = digga.lib.rakeLeaves ./profiles // { users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.nixos users.root ]; + base = [ core users.pub-solar users.root ]; pubsolaros = [ core installed base-user users.root ]; - anonymous = [ pubsolaros users.nixos ]; + anonymous = [ pubsolaros users.pub-solar ]; }; }; }; @@ -146,6 +146,7 @@ }; users = { nixos = { suites, ... }: { imports = suites.base; }; + pub-solar = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 3b084119..84cf730f 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,7 +1,14 @@ -{ suites, ... }: +{ profiles, ... }: { ### root password is empty by default ### - imports = suites.base; + imports = [ + # profiles.networking + profiles.core + profiles.users.root # make sure to configure ssh keys + profiles.users.nixos + profiles.graphical + profiles.pub-solar-iso + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 82bea4eb..377569d1 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -10,6 +10,7 @@ profiles.users.root # make sure to configure ssh keys profiles.users.nixos profiles.graphical + profiles.pub-solar-iso ]; boot.loader.systemd-boot.enable = true; diff --git a/lib/compat/nixos/default.nix b/lib/compat/nixos/default.nix index e4e0e68a..83f05f9f 100644 --- a/lib/compat/nixos/default.nix +++ b/lib/compat/nixos/default.nix @@ -2,7 +2,7 @@ let inherit (default.inputs.nixos) lib; - host = configs.${hostname} or configs.NixOS; + host = configs.${hostname} or configs.PubSolarOS; configs = default.nixosConfigurations; default = (import ../.).defaultNix; hostname = lib.fileContents /etc/hostname; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 51cd5b4b..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -1,16 +1,22 @@ { config, pkgs, lib, ... }: - +with lib; let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = { + # The ! makes this enabled by default + boot.initrd = mkIf (!cfg.iso-options.enable) { luks.devices."cryptroot" = { allowDiscards = true; }; diff --git a/profiles/installed/default.nix b/profiles/pub-solar-iso/default.nix similarity index 59% rename from profiles/installed/default.nix rename to profiles/pub-solar-iso/default.nix index 322c3093..24312b53 100644 --- a/profiles/installed/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -4,7 +4,6 @@ in { imports = [ ../cachix ]; config = { - pub-solar.printing.enable = true; - pub-solar.x-os.enableBootLoader = true; + pub-solar.x-os.iso-options.enable = true; }; } diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix new file mode 100644 index 00000000..af669b41 --- /dev/null +++ b/users/pub-solar/default.nix @@ -0,0 +1,16 @@ +{ hmUsers, ... }: +{ + home-manager.users = { inherit (hmUsers) pub-solar; }; + + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # The rest is used for programs like git + user = { + name = "pub-solar"; + password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; + fullName = "Pub Solar"; + email = "iso@pub.solar"; + }; + }; +} From 2340270d813b43b96f4c441bdcbdc3a4bed92096 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:55:28 +0200 Subject: [PATCH 10/22] All the option are with us now --- .drone.yml | 49 ++++++++++++++++++++++++++++++- flake.nix | 2 +- modules/audio/default.nix | 10 ++++--- profiles/audio/default.nix | 6 ++++ profiles/core/default.nix | 6 ---- profiles/full-install/default.nix | 15 ++++++++++ 6 files changed, 76 insertions(+), 12 deletions(-) create mode 100644 profiles/audio/default.nix create mode 100644 profiles/full-install/default.nix diff --git a/.drone.yml b/.drone.yml index be74152a..fdd58446 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,8 +106,55 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help +--- +kind: pipeline +type: docker +name: Publish ISO + +steps: + - name: "Build ISO" + image: nixpkgs/nix-flakes:nixos-21.05 + volumes: + - name: nix-store + path: /nix/store + when: + event: + - push + branch: + - main + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix-shell + - bud build bootstrap bootstrapIso + + - name: "Publish ISO" + image: appleboy/drone-scp + volumes: + - name: nix-store + path: /nix/store + settings: + host: + from_secret: ssh_host + user: + from_secret: ssh_user + port: + from_secret: ssh_port + key: + from_secret: ssh_key + target: /var/www/pub.solar + source: + - result/iso/*.iso + +volumes: + - name: nix-store + host: + path: "/var/nix/build-store" + --- kind: signature -hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c +hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 ... diff --git a/flake.nix b/flake.nix index 70ed129e..9f183695 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.pub-solar users.root ]; - pubsolaros = [ core installed base-user users.root ]; + pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; diff --git a/modules/audio/default.nix b/modules/audio/default.nix index ce8c2f34..68b3c19b 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -8,6 +8,8 @@ in { options.pub-solar.audio = { enable = mkEnableOption "Life in highs and lows"; + mopidy.enable = mkEnableOption "Life with mopidy"; + bluetooth.enable = mkEnableOption "Life with bluetooth"; }; config = mkIf cfg.enable { @@ -36,7 +38,7 @@ in config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire - media-session.config.bluez-monitor.rules = [ + media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [ { # Matches all cards matches = [{ "device.name" = "~bluez_card.*"; }]; @@ -63,10 +65,10 @@ in }; # Enable bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; + hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true; + services.blueman.enable = mkIf cfg.bluetooth.enable true; # Enable audio server & client - services.mopidy = import ./mopidy.nix pkgs; + services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); }; } diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix new file mode 100644 index 00000000..22b64af5 --- /dev/null +++ b/profiles/audio/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.audio.enable = true; +} diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 07a05328..b77baf53 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -9,11 +9,6 @@ in pub-solar.audio.enable = true; pub-solar.crypto.enable = true; pub-solar.devops.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -30,7 +25,6 @@ in git git-lfs git-bug - git-crypt wget openssl openssh diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix new file mode 100644 index 00000000..ba136554 --- /dev/null +++ b/profiles/full-install/default.nix @@ -0,0 +1,15 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + + config = { + pub-solar.audio.mopidy.enable = true; + pub-solar.audio.bluetooth.enable = true; + pub-solar.docker.enable = true; + pub-solar.nextcloud.enable = true; + pub-solar.office.enable = true; + # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled + }; +} From 40e93f15d921634f19b999b3f653cc4bae8bbe96 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:01:08 +0200 Subject: [PATCH 11/22] Sign correctly --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index fdd58446..3b526ae2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 +hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 ... From a79834c15a4bce4059f78af5b99cbd8e2b3b8f0c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:04:53 +0200 Subject: [PATCH 12/22] Test push event on feature branch --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3b526ae2..9218c2c2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -121,7 +121,7 @@ steps: event: - push branch: - - main + - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 +hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 ... From 6b67d08edd6654590be0c46f40781380bab3c007 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:13:13 +0200 Subject: [PATCH 13/22] Use different path for volume --- .drone.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9218c2c2..848f096c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -116,7 +116,7 @@ steps: image: nixpkgs/nix-flakes:nixos-21.05 volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache when: event: - push @@ -129,12 +129,13 @@ steps: - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix-shell - bud build bootstrap bootstrapIso + - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" image: appleboy/drone-scp volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache settings: host: from_secret: ssh_host @@ -151,10 +152,10 @@ steps: volumes: - name: nix-store host: - path: "/var/nix/build-store" + path: "/var/nix/iso-cache" --- kind: signature -hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 +hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed ... From 8f194d1503f39014442e5d4da16e1ec5212dcb90 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:18:10 +0200 Subject: [PATCH 14/22] Fix devshell for executing bud --- .drone.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 848f096c..96611d98 100644 --- a/.drone.yml +++ b/.drone.yml @@ -127,8 +127,7 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix-shell - - bud build bootstrap bootstrapIso + - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -156,6 +155,6 @@ volumes: --- kind: signature -hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed +hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc ... From effea24101b22b6bdf035d5f90bdaea4cd8cf8c1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 21:51:13 +0200 Subject: [PATCH 15/22] drone: fix publish scp source path --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 96611d98..c40607a5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -146,7 +146,7 @@ steps: from_secret: ssh_key target: /var/www/pub.solar source: - - result/iso/*.iso + - /var/nix/iso-cache/*.iso volumes: - name: nix-store @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc +hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 ... From 74241b459eeecc230660d2e5c9633d28eaaa2189 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 22:43:02 +0200 Subject: [PATCH 16/22] switch to pub-solar user and use base-user profile --- hosts/PubSolarOS.nix | 3 ++- hosts/bootstrap.nix | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 84cf730f..2438ac28 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -5,7 +5,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 377569d1..c6d8f105 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -8,7 +8,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; From 1ab1ec5ded9bd4f0c6730bc22fd71815a19db0e4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:02:17 +0200 Subject: [PATCH 17/22] drone: sign --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 1c8e5895..7c318efa 100644 --- a/.drone.yml +++ b/.drone.yml @@ -156,6 +156,6 @@ volumes: --- kind: signature -hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 +hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 ... From 27d962c96ba9b290e07bc2820f75cc3b846e006a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:06:13 +0200 Subject: [PATCH 18/22] fix x-os option --- modules/x-os/boot.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 484a46cf..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -4,6 +4,11 @@ let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; From 7271c343202b749d51148b3dbbeec0a2a83cb932 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:19:47 +0200 Subject: [PATCH 19/22] hammer for fontconfig --- profiles/base-user/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6d7c87d2..7c5c5518 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -20,7 +20,7 @@ in home.packages = with pkgs; [ ]; - fonts.fontconfig.enable = true; + fonts.fontconfig.enable = mkForce true; programs.dircolors.enable = true; programs.dircolors.enableZshIntegration = true; From d36feb2028fafcfc09a798d31763eed55634a498 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:14:42 +0200 Subject: [PATCH 20/22] drone: strip path before scp'ing --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7c318efa..39ff1b0d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -148,6 +148,7 @@ steps: target: /var/www/pub.solar source: - /var/nix/iso-cache/*.iso + strip_components: 3 volumes: - name: nix-store @@ -156,6 +157,6 @@ volumes: --- kind: signature -hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 +hmac: 81a1527ce6d9af333113b6bf667a61d2e5650a96d4846fc0d1376b444253108d ... From 5aac1779407acbd7e5c583b24c82c6b37bf2728d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:40:03 +0200 Subject: [PATCH 21/22] drone: use trigger conditional for whole publish pipeline --- .drone.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 451ba911..4991e307 100644 --- a/.drone.yml +++ b/.drone.yml @@ -118,11 +118,6 @@ steps: volumes: - name: nix-store path: /var/nix/iso-cache - when: - event: - - push - branch: - - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -150,6 +145,12 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 +trigger: + event: + - push + branch: + - feature/basic-iso + volumes: - name: nix-store host: @@ -157,6 +158,6 @@ volumes: --- kind: signature -hmac: b80fc2bec44f00eb0e02943a918f45c7e652ae66e8b7a7a52ecc05c571fd5164 +hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 ... From 907b08930a3a82315bbfd885ea6a2cfcc16ce98b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:45:53 +0200 Subject: [PATCH 22/22] drone: only trigger upstreaming on cron event --- .drone.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 4991e307..2b514c21 100644 --- a/.drone.yml +++ b/.drone.yml @@ -84,6 +84,10 @@ steps: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" +trigger: + event: + - cron + --- kind: pipeline type: docker @@ -158,6 +162,6 @@ volumes: --- kind: signature -hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 +hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 ...