From 0911ef7efc7c4185c4c8ee28fb30f755631de0a0 Mon Sep 17 00:00:00 2001 From: Valentin Kharin Date: Mon, 30 Oct 2023 09:11:02 +0200 Subject: [PATCH] New installation approach Signed-off-by: Valentin Kharin --- README.md | 3 +- docs/default.nix | 2 +- docs/src/ref_impl/installer.md | 103 +++++++++--------- lib.nix | 2 + lib/default.nix | 70 ++++++------ lib/ghaf-modules.nix | 12 -- modules/development/ssh.nix | 19 +++- modules/hardware/x86_64-linux.nix | 70 +++++++++++- modules/installer/builtin/flush.nix | 14 --- modules/installer/default.nix | 99 +++-------------- modules/installer/installer.nix | 15 --- modules/installer/installer.sh | 29 ----- modules/profiles/installer.nix | 2 +- packages/default.nix | 24 ++-- targets/generic-x86_64.nix | 4 +- targets/imx8qm-mek.nix | 4 +- targets/lenovo-x1-carbon.nix | 25 +---- targets/vm.nix | 4 +- .../targets/aarch64/nvidia/orin-agx/flake.nix | 12 +- .../targets/aarch64/nvidia/orin-nx/flake.nix | 12 +- templates/targets/aarch64/nxp/imx8/flake.nix | 25 ++++- .../riscv64/microchip/polarfire/flake.nix | 13 ++- .../targets/x86_64/generic/disk-config.nix | 57 ++++++++++ templates/targets/x86_64/generic/flake.nix | 43 +++++++- 24 files changed, 358 insertions(+), 305 deletions(-) delete mode 100644 lib/ghaf-modules.nix delete mode 100644 modules/installer/builtin/flush.nix delete mode 100644 modules/installer/installer.nix delete mode 100644 modules/installer/installer.sh create mode 100644 templates/targets/x86_64/generic/disk-config.nix diff --git a/README.md b/README.md index 4d90fe46b..64d228f63 100644 --- a/README.md +++ b/README.md @@ -35,8 +35,9 @@ See the documentation overview under [README-docs.md](./docs/README-docs.md). Other repositories that are a part of the Ghaf project: -* [sbomnix](https://github.com/tiiuae/sbomnix): a utility that generates SBOM given Nix derivations or out paths +* [sbomnix](https://github.com/tiiuae/sbomnix): a utility that generates SBOMs given Nix derivations or out paths * [ghaf-infra](https://github.com/tiiuae/ghaf-infra), [ci-public](https://github.com/tiiuae/ci-public), [ci-test-automation](https://github.com/tiiuae/ci-test-automation), [ghafscan](https://github.com/tiiuae/ghafscan): CI/CD related files +* [ghaf-installation-wizard](https://github.com/tiiuae/ghaf-installation-wizard): helps you install Ghaf for the first time ## Build System diff --git a/docs/default.nix b/docs/default.nix index 92f8bc682..0346d7825 100644 --- a/docs/default.nix +++ b/docs/default.nix @@ -8,7 +8,7 @@ nixosOptionsDoc, mdbook, revision ? "", - options ? {}, + options, }: let optionsDocMd = (nixosOptionsDoc { diff --git a/docs/src/ref_impl/installer.md b/docs/src/ref_impl/installer.md index 585e10d6a..e68c49c34 100644 --- a/docs/src/ref_impl/installer.md +++ b/docs/src/ref_impl/installer.md @@ -5,67 +5,70 @@ # Installer -## Configuring and Building Installer for Ghaf - -You can obtain the installation image for your Ghaf configuration. To check possible configuration options, see [Modules Options](../ref_impl/modules_options.md#ghafinstallerenable). - -1. Set `ghaf.installer.enable` to `true`. -2. Add nixos-generators module to `ghaf.installer.imgModules` list to configure installer image type. -3. Choose installer modules from `ghaf.installer.installerModules` and set `ghaf.installer.enabledModules` to list of their names. -4. Write code for the installer in `ghaf.installer.installerCode`. - -```nix -{config, ...}: { - ghaf.installer = { - enable = true; - imgModules = [ - nixos-generators.nixosModules.raw-efi - ]; - enabledModules = ["flushImage"]; - installerCode = '' - echo "Starting flushing..." - if sudo dd if=${config.system.build.${config.formatAttr}} of=/dev/${config.ghaf.installer.installerModules.flushImage.providedVariables.deviceName} conv=sync bs=4K status=progress; then - sync - echo "Flushing finished successfully!" - echo "Now you can detach installation device and reboot to Ghaf." - else - echo "Some error occured during flushing process, exit code: $?." - exit - fi - ''; - }; -} -``` +Ghaf has a NixOS-like non-interactive, declarative installer instead of a +conventional (imperative, non-declarative) installer as in most conventional +Linux distributions. This is possible with the [Ghaf as +Library](https://github.com/tiiuae/ghaf/pull/ghaf-based-project.md) approach: +rather than clicking similar options during installation, you can configure the +system once and deploy this configuration to the desired machines. + + +To implement the pre-configured setting up approach, we used the +[nixos-anywhere](https://github.com/nix-community/nixos-anywhere) tool. + +There are two separate ways to use it: +* manually +* with the Ghaf installation wizard. +> NOTE: The Ghaf installation wizard is currently under development and cannot be used to create the required system configuration. -After that you can build an installer image using this command: +## Manual Installation + +To install Ghaf manually: + +1. Create your own flake using the Ghaf template: ```sh -nix build .#nixosConfigurations..config.system.build.installer +nix flake init -t github:tiiuae/ghaf#target-x86_64-generic ``` -## Adding Installer Modules +2. Edit it according to your preferences. + +3. Set the value of `ghaf.installer.sshKeys` to get an installer image. If you don't have ssh keys follow substeps: + + 3.1. Generate an SSH keypair as follows: + ``` + $ ssh-keygen -t ed25519 + Generating public/private ed25519 key pair. + Enter file in which to save the key (/home/user/.ssh/id_ed25519): /home/user/.ssh/id_ed25519_installer + Enter passphrase (empty for no passphrase): + Enter same passphrase again: + Your identification has been saved in /home/user/.ssh/id_ed25519_installer + Your public key has been saved in /home/user/.ssh/id_ed25519_installer.pub + ... + ``` -To add an installer module, replace the corresponding placeholders with your code and add this to your configuraiton: + 3.2. Copy public key from file (`id_ed25519_installer.pub` in an example above) in place of stub in `flake.nix` of your configuration. -```nix -ghaf.installer.installerModules. = { - requestCode = '' - # Your request code written in Bash - ''; - providedVariables = { - # Notice the dollar sign before the actual variable name in Bash. - = "$"; - }; -}; +4. Build the installer image: + +```sh +nix build .#nixosConfigurations.PROJ_NAME-ghaf-debug.config.system.build.installer ``` -## Built-in Installer Modules +5. Flash the installer image to your device (temporary storage which will be used to establish connection with the host machine): -Provided variables show variable names in Nix. For actual names of variables in Bash, see the sources of the module. +```sh +sudo dd if=./result/iso/nixos-...-linux.iso of=/dev/YOUR_DEVICE conv=sync && sync +``` -### flushImage +6. Run the image on the device. -Provided variables: +7. Connect the device to the network using `wifi-connector`. -- deviceName: name of the device on which image should be flushed (e.g. "sda", "nvme0n1") +8. Check the target block device name using the lsblk command and put it in the disk configuration option in `flake.nix`. +8. Install the NixOS configuration to the target device using the command: + +```sh +nix run github:nix-community/nixos-anywhere -- --flake .#CONFIGURATION_NAME root@IP_ADDRESS +``` diff --git a/lib.nix b/lib.nix index 5a1df99ac..87b85d46a 100644 --- a/lib.nix +++ b/lib.nix @@ -19,6 +19,8 @@ in # inherit ghaf-version; + ghaf = import ./lib {inherit lib inputs;}; + flattenTree = /* * diff --git a/lib/default.nix b/lib/default.nix index 1c8e58e84..4db0d528f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -2,33 +2,17 @@ # # SPDX-License-Identifier: Apache-2.0 { - self, lib, - nixpkgs, + inputs, }: let - release = lib.strings.fileContents ../.version; - versionSuffix = ".${lib.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}"; - version = release + versionSuffix; + inherit (inputs) nixpkgs; + inherit (inputs) nixos-generators; in { - inherit release versionSuffix version; - modules = import ./ghaf-modules.nix {inherit lib;}; - - # NOTE: Currently supports configuration that generates raw-efi image using nixos-generators installer = { - systemImgCfg, + system, + sshKeys, modules ? [], - userCode ? "", }: let - inherit (systemImgCfg.nixpkgs.hostPlatform) system; - - pkgs = import nixpkgs {inherit system;}; - - installerScript = import ../modules/installer/installer.nix { - inherit pkgs; - inherit (pkgs) runtimeShell; - inherit userCode; - }; - installerImgCfg = lib.nixosSystem { inherit system; specialArgs = {inherit lib;}; @@ -36,29 +20,45 @@ in { [ ../modules/host - ({modulesPath, ...}: { + ({ + pkgs, + lib, + modulesPath, + ... + }: { imports = [(modulesPath + "/profiles/all-hardware.nix")]; + environment.systemPackages = [(pkgs.callPackage ../packages/wifi-connector {useNmcli = true;})]; + nixpkgs.hostPlatform.system = system; nixpkgs.config.allowUnfree = true; hardware.enableAllFirmware = true; - ghaf.profiles.installer.enable = true; - }) + networking = { + # wireless is disabled because we use NetworkManager for wireless + wireless.enable = lib.mkForce false; + networkmanager.enable = true; + }; - { - environment.systemPackages = [installerScript]; - environment.loginShellInit = '' - installer.sh - ''; - } + ghaf = { + profiles = { + installer.enable = true; + debug.enable = true; + }; + development.ssh.daemon = { + enable = true; + authorizedKeys = sshKeys; + }; + }; + }) ] ++ (import ../modules/module-list.nix) - ++ modules; + ++ modules + # NOTE: Stick with install-iso as nixos-anywhere requires VARIANT=installer + # https://nix-community.github.io/nixos-anywhere/howtos/no-os.html#installing-on-a-machine-with-no-operating-system + ++ [nixos-generators.nixosModules.install-iso]; }; - in { - inherit installerImgCfg system; - installerImgDrv = installerImgCfg.config.system.build.${installerImgCfg.config.formatAttr}; - }; + in + installerImgCfg.config.system.build.${installerImgCfg.config.formatAttr}; } diff --git a/lib/ghaf-modules.nix b/lib/ghaf-modules.nix deleted file mode 100644 index 992a7da8a..000000000 --- a/lib/ghaf-modules.nix +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-FileCopyrightText: 2022-2023 TII (SSRC) and the Ghaf contributors -# SPDX-FileCopyrightText: 2023 TII (SSRC) and the Ghaf contributors -# -# SPDX-License-Identifier: Apache-2.0 -{lib}: let - inherit (builtins) readFile filter; - inherit (lib) filesystem hasInfix hasSuffix; - - isDesiredFile = path: hasSuffix ".nix" path && hasInfix "options" (readFile path); - modulesDirectoryFiles = filesystem.listFilesRecursive ../modules; -in - filter isDesiredFile modulesDirectoryFiles diff --git a/modules/development/ssh.nix b/modules/development/ssh.nix index aa1435e44..20439366b 100644 --- a/modules/development/ssh.nix +++ b/modules/development/ssh.nix @@ -26,11 +26,26 @@ in with lib; { options.ghaf.development.ssh.daemon = { enable = mkEnableOption "ssh daemon"; + authorizedKeys = mkOption { + type = with types; listOf singleLineStr; + default = []; + description = mdDoc '' + Add your SSH Public Keys here. + NOTE: adding your pub ssh key here will make accessing and "nixos-rebuild switching" development mode + builds easy but still secure. Given that you protect your private keys. Do not share your keypairs across hosts. + + Shared authorized keys access poses a minor risk for developers in the same network (e.g. office) cross-accessing + each others development devices if: + - the ip addresses from dhcp change between the developers without the noticing AND + - you ignore the server fingerprint checks + You have been helped and you have been warned. + ''; + }; }; config = mkIf cfg.enable { services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = authorizedKeys; - users.users.${config.ghaf.users.accounts.user}.openssh.authorizedKeys.keys = authorizedKeys; + users.users.root.openssh.authorizedKeys.keys = cfg.authorizedKeys; + users.users.${config.ghaf.users.accounts.user}.openssh.authorizedKeys.keys = cfg.authorizedKeys; }; } diff --git a/modules/hardware/x86_64-linux.nix b/modules/hardware/x86_64-linux.nix index 27032ceb2..aebec866d 100644 --- a/modules/hardware/x86_64-linux.nix +++ b/modules/hardware/x86_64-linux.nix @@ -29,8 +29,74 @@ in # Enable normal Linux console on the display kernelParams = ["console=tty0"]; - # To enable installation of ghaf into NVMe drives - initrd.availableKernelModules = ["nvme"]; + # The initrd has to contain any module that might be necessary for + # supporting the most important parts of HW like drives. + initrd.availableKernelModules = [ + # SATA/PATA support. + "ahci" + + "ata_piix" + + "sata_inic162x" + "sata_nv" + "sata_promise" + "sata_qstor" + "sata_sil" + "sata_sil24" + "sata_sis" + "sata_svw" + "sata_sx4" + "sata_uli" + "sata_via" + "sata_vsc" + + "pata_ali" + "pata_amd" + "pata_artop" + "pata_atiixp" + "pata_efar" + "pata_hpt366" + "pata_hpt37x" + "pata_hpt3x2n" + "pata_hpt3x3" + "pata_it8213" + "pata_it821x" + "pata_jmicron" + "pata_marvell" + "pata_mpiix" + "pata_netcell" + "pata_ns87410" + "pata_oldpiix" + "pata_pcmcia" + "pata_pdc2027x" + "pata_qdi" + "pata_rz1000" + "pata_serverworks" + "pata_sil680" + "pata_sis" + "pata_sl82c105" + "pata_triflex" + "pata_via" + "pata_winbond" + + # SCSI support (incomplete). + "3w-9xxx" + "3w-xxxx" + "aic79xx" + "aic7xxx" + "arcmsr" + "hpsa" + + # USB support, especially for booting from USB CD-ROM + # drives. + "uas" + + # SD cards. + "sdhci_pci" + + # NVMe drives + "nvme" + ]; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; diff --git a/modules/installer/builtin/flush.nix b/modules/installer/builtin/flush.nix deleted file mode 100644 index e8d3936aa..000000000 --- a/modules/installer/builtin/flush.nix +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-FileCopyrightText: 2022-2023 TII (SSRC) and the Ghaf contributors -# -# SPDX-License-Identifier: Apache-2.0 -_: { - ghaf.installer.installerModules.flushImage = { - requestCode = '' - lsblk - read -p "Device name [e.g. sda]: " DEVICE_NAME - ''; - providedVariables = { - deviceName = "$DEVICE_NAME"; - }; - }; -} diff --git a/modules/installer/default.nix b/modules/installer/default.nix index c5f3d576a..fbe05f326 100644 --- a/modules/installer/default.nix +++ b/modules/installer/default.nix @@ -1,6 +1,6 @@ # Copyright 2022-2024 TII (SSRC) and the Ghaf contributors # SPDX-License-Identifier: Apache-2.0 -inputs @ { +{ config, lib, ... @@ -8,92 +8,23 @@ inputs @ { cfg = config.ghaf.installer; in { options.ghaf.installer = { - enable = lib.mkEnableOption "installer image"; - - imgModules = lib.mkOption { - description = lib.mdDoc '' - Modules that will be passed to the installer image. - ''; - type = with lib.types; listOf deferredModule; - default = []; + sshKeys = lib.mkOption { + description = lib.mdDoc "Path to ssh public key that will be used during installation."; + type = lib.types.listOf lib.types.singleLineStr; + example = [ + "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" + "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" + ]; }; - - # NOTE: These options tries to resemble calamares module system so we'll be - # able to generate calamares installer from same (almost) code base. - # TODO: Add library of bash functions with unified way of asking user - # required information. - installerModules = lib.mkOption { - description = lib.mdDoc '' - Modules describe the information requested from the user - for the installer. - - All code must be written for the current pkgs.runtimeShell. - ''; - type = with lib.types; - attrsOf (submodule { - options = { - requestCode = lib.mkOption { - description = lib.mdDoc '' - Code that will ask user their preferences. - ''; - type = lines; - default = "echo \"Here's should be your installer\""; - }; - providedVariables = lib.mkOption { - description = lib.mdDoc '' - Variable that this modules provides. - Used to detect errors with non-existent variables. - ''; - type = attrsOf str; - default = {}; - }; - }; - }); - }; - - enabledModules = lib.mkOption { - description = lib.mdDoc '' - Sequence of enabled modules. - ''; - type = with lib.types; listOf str; + modules = lib.mkOption { + description = lib.mdDoc "Modules that will be passed to the installer image."; + type = with lib.types; listOf deferredModule; default = []; }; - - installerCode = lib.mkOption { - description = lib.mdDoc '' - Code that will install image based on the information - collected from the installer modules. - - All code must be written for the current pkgs.runtimeShell. - ''; - type = lib.types.lines; - default = ""; - }; }; - config = lib.mkIf cfg.enable (let - builtinModulesPaths = map (name: "${./builtin}/${name}.nix") ["flush"]; - modulePath2Module = path: import path inputs; - builtinInstallerModules = map modulePath2Module builtinModulesPaths; - in - builtins.foldl' lib.recursiveUpdate { - system.build.installer = let - name2code = name: cfg.installerModules.${name}.requestCode; - enabledModulesCode = map name2code cfg.enabledModules; - enabledModulesCode' = builtins.concatStringsSep "\n" enabledModulesCode; - in - (lib.ghaf.installer { - systemImgCfg = config; - modules = cfg.imgModules; - userCode = '' - # Modules code - ${enabledModulesCode'} - - # Installer code - ${cfg.installerCode} - ''; - }) - .installerImgDrv; - } - builtinInstallerModules); + config.system.build.installer = lib.ghaf.installer { + inherit (config.nixpkgs.hostPlatform) system; + inherit (cfg) modules sshKeys; + }; } diff --git a/modules/installer/installer.nix b/modules/installer/installer.nix deleted file mode 100644 index 0151e671a..000000000 --- a/modules/installer/installer.nix +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -{ - pkgs, - runtimeShell, - userCode ? "", -}: -pkgs.substituteAll { - dir = "bin"; - isExecutable = true; - - pname = "ghaf-installer"; - src = ./installer.sh; - inherit runtimeShell userCode; -} diff --git a/modules/installer/installer.sh b/modules/installer/installer.sh deleted file mode 100644 index bf2475598..000000000 --- a/modules/installer/installer.sh +++ /dev/null @@ -1,29 +0,0 @@ -#! @runtimeShell@ -# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -clear -cat <<"EOF" - ,----.. ,---, - / / \ ,--.' | .--., -| : : | | : ,--.' \ -. | ;. / : : : | | /\/ -. ; /--` : | |,--. ,--.--. : : : -; | ; __ | : ' | / \ : | |-, -| : |.' .'| | /' :.--. .-. || : :/| -. | '_.' :' : | | | \__\/: . .| | .' -' ; : \ || | ' | : ," .--.; |' : ' -' | '/ .'| : :_:,'/ / ,. || | | -| : / | | ,' ; : .' \ : \ - \ \ .' `--'' | , .-./ |,' - `---` `--`---' `--' -EOF - -echo "Welcome to Ghaf installer!" - -echo "To install image choose path to the device on which image will be installed." - -@userCode@ - -echo "Rebooting..." -sleep 1 -sudo reboot diff --git a/modules/profiles/installer.nix b/modules/profiles/installer.nix index 310027967..b934616e3 100644 --- a/modules/profiles/installer.nix +++ b/modules/profiles/installer.nix @@ -30,6 +30,6 @@ in }; # Automatically log in at the virtual consoles. - services.getty.autologinUser = "ghaf"; + services.getty.autologinUser = mkDefault "ghaf"; }; } diff --git a/packages/default.nix b/packages/default.nix index e12147015..3ff495c2f 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -17,23 +17,13 @@ windows-launcher-spice = callPackage ./windows-launcher {enableSpice = true;}; doc = callPackage ../docs { revision = lib.ghaf-version; - # options = ; - # TODO Add the options in from the self.nixosModules - # The below is not needed anymore to setoptions - # - # options = let - # cfg = nixpkgs.lib.nixosSystem { - # inherit system; - # modules = - # lib.ghaf.modules - # ++ [ - # jetpack-nixos.nixosModules.default - # microvm.nixosModules.host - # lanzaboote.nixosModules.lanzaboote - # ]; - # }; - # in - # cfg.options; + options = let + cfg = lib.nixosSystem { + inherit system; + modules = import ../modules/module-list.nix; + }; + in + cfg.options; }; }; }; diff --git a/targets/generic-x86_64.nix b/targets/generic-x86_64.nix index a5508e5b4..5b3a9ee3a 100644 --- a/targets/generic-x86_64.nix +++ b/targets/generic-x86_64.nix @@ -61,8 +61,6 @@ }; } - formatModule - #TODO: how to handle the majority of laptops that need a little # something extra? # SEE: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix @@ -85,7 +83,7 @@ in { inherit hostConfiguration; name = "${name}-${variant}"; - package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr}; + package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; }; debugModules = [../modules/development/usb-serial.nix {ghaf.development.usb-serial.enable = true;}]; targets = [ diff --git a/targets/imx8qm-mek.nix b/targets/imx8qm-mek.nix index bd45ae419..4d2f3c735 100644 --- a/targets/imx8qm-mek.nix +++ b/targets/imx8qm-mek.nix @@ -40,8 +40,6 @@ }; }; } - - formatModule ] ++ (import ../modules/module-list.nix) ++ extraModules; @@ -49,7 +47,7 @@ in { inherit hostConfiguration; name = "${name}-${variant}"; - package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr}; + package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; }; debugModules = []; targets = [ diff --git a/targets/lenovo-x1-carbon.nix b/targets/lenovo-x1-carbon.nix index eff72cd47..12276c851 100644 --- a/targets/lenovo-x1-carbon.nix +++ b/targets/lenovo-x1-carbon.nix @@ -476,29 +476,6 @@ }; }) - ({config, ...}: { - ghaf.installer = { - enable = true; - imgModules = [ - nixos-generators.nixosModules.raw-efi - ]; - enabledModules = ["flushImage"]; - installerCode = '' - echo "Starting flushing..." - if sudo dd if=${config.system.build.${config.formatAttr}}/nixos.img of=/dev/${config.ghaf.installer.installerModules.flushImage.providedVariables.deviceName} conv=sync bs=4K status=progress; then - sync - echo "Flushing finished successfully!" - echo "Now you can detach installation device and reboot to ghaf." - else - echo "Some error occured during flushing process, exit code: $?." - exit - fi - ''; - }; - }) - - formatModule - #TODO: how to handle the majority of laptops that need a little # something extra? # SEE: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix @@ -529,7 +506,7 @@ in { inherit hostConfiguration; name = "${name}-${variant}"; - package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr}; + package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; }; debugModules = [ ../modules/development/usb-serial.nix diff --git a/targets/vm.nix b/targets/vm.nix index f49c5837a..9d8f90fd1 100644 --- a/targets/vm.nix +++ b/targets/vm.nix @@ -38,15 +38,13 @@ }; }; } - - formatModule ] ++ (import ../modules/module-list.nix); }; in { inherit hostConfiguration; name = "${name}-${variant}"; - package = hostConfiguration.config.system.build.${hostConfiguration.config.formatAttr}; + package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; }; targets = [ (vm "debug") diff --git a/templates/targets/aarch64/nvidia/orin-agx/flake.nix b/templates/targets/aarch64/nvidia/orin-agx/flake.nix index 68012eb24..72a304615 100644 --- a/templates/targets/aarch64/nvidia/orin-agx/flake.nix +++ b/templates/targets/aarch64/nvidia/orin-agx/flake.nix @@ -4,18 +4,28 @@ description = " - Ghaf based configuration"; nixConfig = { + substituters = [ + "https://cache.vedenemo.dev" + "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" + ]; extra-trusted-substituters = [ "https://cache.vedenemo.dev" "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ "cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E=" "cache.ssrcdevops.tii.ae:oOrzj9iCppf+me5/3sN/BxEkp5SaFkHfKTPPZ97xXQk=" + "ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; flake-utils.url = "github:numtide/flake-utils"; jetpack-nixos = { url = "github:anduril/jetpack-nixos"; diff --git a/templates/targets/aarch64/nvidia/orin-nx/flake.nix b/templates/targets/aarch64/nvidia/orin-nx/flake.nix index 38c12f06b..b4df17032 100644 --- a/templates/targets/aarch64/nvidia/orin-nx/flake.nix +++ b/templates/targets/aarch64/nvidia/orin-nx/flake.nix @@ -4,18 +4,28 @@ description = "PROJ_NAME - Ghaf based configuration"; nixConfig = { + substituters = [ + "https://cache.vedenemo.dev" + "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" + ]; extra-trusted-substituters = [ "https://cache.vedenemo.dev" "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ "cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E=" "cache.ssrcdevops.tii.ae:oOrzj9iCppf+me5/3sN/BxEkp5SaFkHfKTPPZ97xXQk=" + "ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; flake-utils.url = "github:numtide/flake-utils"; jetpack-nixos = { url = "github:anduril/jetpack-nixos"; diff --git a/templates/targets/aarch64/nxp/imx8/flake.nix b/templates/targets/aarch64/nxp/imx8/flake.nix index 878b9c0d3..51b04e21f 100644 --- a/templates/targets/aarch64/nxp/imx8/flake.nix +++ b/templates/targets/aarch64/nxp/imx8/flake.nix @@ -4,20 +4,33 @@ description = "PROJ_NAME - Ghaf based configuration"; nixConfig = { + substituters = [ + "https://cache.vedenemo.dev" + "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" + ]; extra-trusted-substituters = [ "https://cache.vedenemo.dev" "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ "cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E=" "cache.ssrcdevops.tii.ae:oOrzj9iCppf+me5/3sN/BxEkp5SaFkHfKTPPZ97xXQk=" + "ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; flake-utils.url = "github:numtide/flake-utils"; - nixos-hardware.url = "github:nixos/nixos-hardware"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; ghaf = { url = "github:tiiuae/ghaf"; inputs = { @@ -32,6 +45,7 @@ self, ghaf, nixpkgs, + nixos-generators, flake-utils, }: let systems = with flake-utils.lib.system; [ @@ -55,7 +69,12 @@ } ]; }; - packages.aarch64-linux.PROJ_NAME-ghaf-debug = self.nixosConfigurations.PROJ_NAME-ghaf-debug.config.system.build.${self.nixosConfigurations.PROJ_NAME-ghaf-debug.config.formatAttr}; + packages.aarch64-linux.PROJ_NAME-ghaf-debug = let + hostConfiguration = self.nixosConfigurations.PROJ_NAME-ghaf-debug; + formatModule = nixos-generators.nixosModules.raw-efi; + inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; + in + config.system.build.${config.formatAttr}; } ]; } diff --git a/templates/targets/riscv64/microchip/polarfire/flake.nix b/templates/targets/riscv64/microchip/polarfire/flake.nix index ee778fed6..80fd94d63 100644 --- a/templates/targets/riscv64/microchip/polarfire/flake.nix +++ b/templates/targets/riscv64/microchip/polarfire/flake.nix @@ -4,20 +4,29 @@ description = "PROJ_NAME - Ghaf based configuration"; nixConfig = { + substituters = [ + "https://cache.vedenemo.dev" + "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" + ]; extra-trusted-substituters = [ "https://cache.vedenemo.dev" "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ "cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E=" "cache.ssrcdevops.tii.ae:oOrzj9iCppf+me5/3sN/BxEkp5SaFkHfKTPPZ97xXQk=" + "ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; flake-utils.url = "github:numtide/flake-utils"; - nixos-hardware.url = "github:NixOS/nixos-hardware"; ghaf = { url = "github:tiiuae/ghaf"; inputs = { diff --git a/templates/targets/x86_64/generic/disk-config.nix b/templates/targets/x86_64/generic/disk-config.nix new file mode 100644 index 000000000..2ec05381e --- /dev/null +++ b/templates/targets/x86_64/generic/disk-config.nix @@ -0,0 +1,57 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# Example to create a bios compatible gpt partition +_: { + disko.devices = { + disk.disk1 = { + # device = lib.mkDefault "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/templates/targets/x86_64/generic/flake.nix b/templates/targets/x86_64/generic/flake.nix index 759d451e3..59d365bc3 100644 --- a/templates/targets/x86_64/generic/flake.nix +++ b/templates/targets/x86_64/generic/flake.nix @@ -4,20 +4,34 @@ description = "PROJ_NAME - Ghaf based configuration"; nixConfig = { + substituters = [ + "https://cache.vedenemo.dev" + "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" + ]; extra-trusted-substituters = [ "https://cache.vedenemo.dev" "https://cache.ssrcdevops.tii.ae" + "https://ghaf-dev.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ "cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E=" "cache.ssrcdevops.tii.ae:oOrzj9iCppf+me5/3sN/BxEkp5SaFkHfKTPPZ97xXQk=" + "ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; flake-utils.url = "github:numtide/flake-utils"; nixos-hardware.url = "github:nixos/nixos-hardware"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; ghaf = { url = "github:tiiuae/ghaf"; inputs = { @@ -26,12 +40,20 @@ nixos-hardware.follows = "nixos-hardware"; }; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, ghaf, + disko, nixpkgs, + # deadnix: skip + nixos-hardware, + nixos-generators, flake-utils, }: let systems = with flake-utils.lib.system; [ @@ -47,6 +69,8 @@ { nixosConfigurations.PROJ_NAME-ghaf-debug = ghaf.nixosConfigurations.generic-x86_64-debug.extendModules { modules = [ + disko.nixosModules.disko + ./disk-config.nix { #insert your additional modules here e.g. # virtualisation.docker.enable = true; @@ -55,10 +79,25 @@ # To handle the majority of laptops we need a little something extra # TODO:: SEE: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix # nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen + + # Write public ssh keys that will be used to install the system. + ghaf.installer.sshKeys = [ + "SSH_KEY" + # "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" + # "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" + ]; + + # Insert block device on which system will be installed (this will destory all content on it). + disko.devices.disk.disk1.device = "DRIVE_PATH"; } ]; }; - packages.x86_64-linux.PROJ_NAME-ghaf-debug = self.nixosConfigurations.PROJ_NAME-ghaf-debug.config.system.build.${self.nixosConfigurations.PROJ_NAME-ghaf-debug.config.formatAttr}; + packages.x86_64-linux.PROJ_NAME-ghaf-debug = let + hostConfiguration = self.nixosConfigurations.PROJ_NAME-ghaf-debug; + formatModule = nixos-generators.nixosModules.raw-efi; + inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; + in + config.system.build.${config.formatAttr}; } ]; }