Merge branch 'feature/basic-iso' into teutat3s-init-fae

.drone.yml

@@ -82,8 +82,85 @@ steps:
       password:
         from_secret: matrix_password
       template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"
+
+trigger:
+  event:
+    - cron
+
+---
+kind: pipeline
+type: docker
+name: Check
+
+steps:
+  - name: "Check"
+    image: nixpkgs/nix-flakes:nixos-21.05
+    when:
+      event:
+        - pull_request
+        - tag
+    commands:
+      - echo "" >> /etc/nix/nix.conf
+      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
+      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
+      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
+      # Currently broken
+      #- nix -Lv flake check
+      - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
+      - nix -Lv develop -c echo OK
+      - nix -Lv develop --command bud --help
+
+---
+kind: pipeline
+type: docker
+name: Publish ISO
+
+steps:
+  - name: "Build ISO"
+    image: nixpkgs/nix-flakes:nixos-21.05
+    volumes:
+      - name: nix-store
+        path: /var/nix/iso-cache
+    commands:
+      - echo "" >> /etc/nix/nix.conf
+      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
+      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
+      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
+      - nix -Lv develop --command bud build bootstrap bootstrapIso
+      - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/
+
+  - name: "Publish ISO"
+    image: appleboy/drone-scp
+    volumes:
+      - name: nix-store
+        path: /var/nix/iso-cache
+    settings:
+      host:
+        from_secret: ssh_host
+      user:
+        from_secret: ssh_user
+      port:
+        from_secret: ssh_port
+      key:
+        from_secret: ssh_key
+      target: /var/www/pub.solar
+      source:
+        - /var/nix/iso-cache/*.iso
+      strip_components: 3
+
+trigger:
+  event:
+    - push
+  branch:
+    - feature/basic-iso
+
+volumes:
+  - name: nix-store
+    host:
+      path: "/var/nix/iso-cache"
+
 ---
 kind: signature
-hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167
+hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7
 
 ...

flake.nix

@@ -107,7 +107,7 @@
           imports = [ (digga.lib.importHosts ./hosts) ];
           hosts = {
             /* set host specific properties here */
-            NixOS = { };
+            PubSolarOS = { };
             fae = {
               system = "aarch64-linux";
             };
@@ -117,9 +117,9 @@
               users = digga.lib.rakeLeaves ./users;
             };
             suites = with profiles; rec {
-              base = [ core users.nixos users.root ];
+              base = [ core users.pub-solar users.root ];
-              pubsolaros = [ core base-user users.root ];
+              pubsolaros = [ core full-install base-user users.root ];
-              anonymous = [ pubsolaros users.nixos ];
+              anonymous = [ pubsolaros users.pub-solar ];
               teutat3s = pubsolaros ++ [ users.teutat3s ];
               con = teutat3s ++ [ graphical ];
               dumpyourvms = teutat3s ++ [ graphical ];
@@ -138,8 +138,8 @@
             };
           };
           users = {
-            nixos = { suites, ... }: { imports = suites.base; };
             teutat3s = { suites, ... }: { imports = suites.base; };
+            pub-solar = { suites, ... }: { imports = suites.base; };
           }; # digga.lib.importers.rakeLeaves ./users/hm;
         };
 

hosts/PubSolarOS.nix

@@ -1,7 +1,15 @@
-{ suites, ... }:
+{ profiles, ... }:
 {
   ### root password is empty by default ###
-  imports = suites.base;
+  imports = [
+    # profiles.networking
+    profiles.core
+    profiles.users.root # make sure to configure ssh keys
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.graphical
+    profiles.pub-solar-iso
+  ];
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

hosts/bootstrap.nix

@@ -8,7 +8,10 @@
     # profiles.networking
     profiles.core
     profiles.users.root # make sure to configure ssh keys
-    profiles.users.nixos
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.graphical
+    profiles.pub-solar-iso
   ];
 
   boot.loader.systemd-boot.enable = true;

lib/compat/nixos/default.nix

@@ -2,7 +2,7 @@
 let
   inherit (default.inputs.nixos) lib;
 
-  host = configs.${hostname} or configs.NixOS;
+  host = configs.${hostname} or configs.PubSolarOS;
   configs = default.nixosConfigurations;
   default = (import ../.).defaultNix;
   hostname = lib.fileContents /etc/hostname;

modules/audio/default.nix

@@ -8,6 +8,8 @@ in
 {
   options.pub-solar.audio = {
     enable = mkEnableOption "Life in highs and lows";
+    mopidy.enable = mkEnableOption "Life with mopidy";
+    bluetooth.enable = mkEnableOption "Life with bluetooth";
   };
 
   config = mkIf cfg.enable {
@@ -43,7 +45,7 @@ in
       config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);
 
       # Bluetooth configuration for pipewire
-      media-session.config.bluez-monitor.rules = [
+      media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [
         {
           # Matches all cards
           matches = [{ "device.name" = "~bluez_card.*"; }];
@@ -70,10 +72,10 @@ in
     };
 
     # Enable bluetooth
-    hardware.bluetooth.enable = true;
+    hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true;
-    services.blueman.enable = true;
+    services.blueman.enable = mkIf cfg.bluetooth.enable true;
 
     # Enable audio server & client
-    #services.mopidy = import ./mopidy.nix pkgs;
+    services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
   };
 }

modules/server/default.nix

@@ -1,19 +0,0 @@
-{ lib, config, pkgs, ... }:
-with lib;
-let
-  psCfg = config.pub-solar;
-  cfg = config.pub-solar.server;
-in
-{
-  options.pub-solar.server = {
-    enable = mkEnableOption "Enable server options like sshd";
-  };
-
-  config = mkIf cfg.enable {
-    services.openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
-  };
-}

profiles/audio/default.nix

@@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.audio.enable = true;
+}

profiles/base-user/home.nix

@@ -20,7 +20,7 @@ in
 
     home.packages = with pkgs; [ ];
 
-    fonts.fontconfig.enable = true;
+    fonts.fontconfig.enable = mkForce true;
 
     programs.dircolors.enable = true;
     programs.dircolors.enableZshIntegration = true;

profiles/core/default.nix

@@ -9,12 +9,6 @@ in
     pub-solar.audio.enable = true;
     pub-solar.crypto.enable = true;
     pub-solar.devops.enable = true;
-    pub-solar.docker.enable = true;
-    pub-solar.nextcloud.enable = true;
-    pub-solar.office.enable = true;
-    # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
-    pub-solar.server.enable = true;
-    pub-solar.printing.enable = true;
 
     nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
 

profiles/full-install/default.nix

@@ -0,0 +1,15 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  imports = [ ../cachix ];
+
+  config = {
+    pub-solar.audio.mopidy.enable = true;
+    pub-solar.audio.bluetooth.enable = true;
+    pub-solar.docker.enable = true;
+    pub-solar.nextcloud.enable = true;
+    pub-solar.office.enable = true;
+    # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled
+  };
+}

profiles/graphical/default.nix

@@ -4,5 +4,4 @@ in
 {
   pub-solar.graphical.enable = true;
   pub-solar.sway.enable = true;
-  pub-solar.social.enable = true;
 }

profiles/pub-solar-iso/default.nix

@@ -0,0 +1,9 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  imports = [ ../cachix ];
+  config = {
+    pub-solar.x-os.iso-options.enable = true;
+  };
+}

profiles/social/default.nix

@@ -0,0 +1,6 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.social.enable = true;
+}

users/pub-solar/default.nix

@@ -0,0 +1,16 @@
+{ hmUsers, ... }:
+{
+  home-manager.users = { inherit (hmUsers) pub-solar; };
+
+  pub-solar = {
+    # These are your personal settings
+    # The only required settings are `name` and `password`,
+    # The rest is used for programs like git
+    user = {
+      name = "pub-solar";
+      password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
+      fullName = "Pub Solar";
+      email = "iso@pub.solar";
+    };
+  };
+}