diff --git a/flake.lock b/flake.lock index 01d2e0635..d75fd985a 100644 --- a/flake.lock +++ b/flake.lock @@ -70,6 +70,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706491084, + "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "owner": "nix-community", + "repo": "disko", + "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -417,6 +438,7 @@ "inputs": { "devour-flake": "devour-flake", "devshell": "devshell", + "disko": "disko", "flake-compat": "flake-compat", "flake-parts": "flake-parts", "flake-root": "flake-root", diff --git a/flake.nix b/flake.nix index b74038866..ca895dc5c 100644 --- a/flake.nix +++ b/flake.nix @@ -123,6 +123,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # # Security # diff --git a/lib/default.nix b/lib/default.nix index 4db0d528f..2bea84a61 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,12 +5,10 @@ lib, inputs, }: let - inherit (inputs) nixpkgs; - inherit (inputs) nixos-generators; + inherit (inputs) nixpkgs nixos-generators disko; in { installer = { system, - sshKeys, modules ? [], }: let installerImgCfg = lib.nixosSystem { @@ -28,7 +26,10 @@ in { }: { imports = [(modulesPath + "/profiles/all-hardware.nix")]; - environment.systemPackages = [(pkgs.callPackage ../packages/wifi-connector {useNmcli = true;})]; + environment.systemPackages = [ + (pkgs.callPackage ../packages/wifi-connector {useNmcli = true;}) + disko.packages.${system}.disko + ]; nixpkgs.hostPlatform.system = system; nixpkgs.config.allowUnfree = true; @@ -48,7 +49,6 @@ in { }; development.ssh.daemon = { enable = true; - authorizedKeys = sshKeys; }; }; }) diff --git a/modules/installer/default.nix b/modules/installer/default.nix index fbe05f326..49a45216e 100644 --- a/modules/installer/default.nix +++ b/modules/installer/default.nix @@ -25,6 +25,12 @@ in { config.system.build.installer = lib.ghaf.installer { inherit (config.nixpkgs.hostPlatform) system; - inherit (cfg) modules sshKeys; + modules = + cfg.modules + ++ [ + { + ghaf.development.ssh.daemon.authorizedKeys = cfg.sshKeys; + } + ]; }; } diff --git a/modules/installer/standalone-installer/default.nix b/modules/installer/standalone-installer/default.nix new file mode 100644 index 000000000..8439aac4a --- /dev/null +++ b/modules/installer/standalone-installer/default.nix @@ -0,0 +1,19 @@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{ + pkgs, + toplevelDrv, + disko, + diskoConfig, +}: +pkgs.substituteAll { + dir = "bin"; + isExecutable = true; + + buildInputs = with pkgs; [nix nixos-install-tools disko]; + + pname = "ghaf-installer"; + src = ./installer.sh; + inherit (pkgs) runtimeShell; + inherit toplevelDrv diskoConfig; +} diff --git a/modules/installer/standalone-installer/installer.sh b/modules/installer/standalone-installer/installer.sh new file mode 100644 index 000000000..ffc145d17 --- /dev/null +++ b/modules/installer/standalone-installer/installer.sh @@ -0,0 +1,47 @@ +#! @runtimeShell@ +# Copyright 2022-2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +clear +cat <<"EOF" + ,----.. ,---, + / / \ ,--.' | .--., +| : : | | : ,--.' \ +. | ;. / : : : | | /\/ +. ; /--` : | |,--. ,--.--. : : : +; | ; __ | : ' | / \ : | |-, +| : |.' .'| | /' :.--. .-. || : :/| +. | '_.' :' : | | | \__\/: . .| | .' +' ; : \ || | ' | : ," .--.; |' : ' +' | '/ .'| : :_:,'/ / ,. || | | +| : / | | ,' ; : .' \ : \ + \ \ .' `--'' | , .-./ |,' + `---` `--`---' `--' +EOF + +echo "Welcome to Ghaf installer!" + +echo "To install image choose path to the device on which image will be installed." + +lsblk +read -p "Device name [e.g. sda]: " DEVICE_NAME + +export DISKO_CONFIG_FILE_WITH_DRIVE="$HOME/disk-config.nix" + +sed "s/DRIVE_PATH/\/dev\/$DEVICE_NAME/g" '@diskoConfig@' > $DISKO_CONFIG_FILE_WITH_DRIVE +cat $DISKO_CONFIG_FILE_WITH_DRIVE +echo $DISKO_CONFIG_FILE_WITH_DRIVE + +read -p 'WARNING: Next commmand will destory all previous data from your device, press Enter to proceed. ' +echo "Partitioning..." +disko --no-deps --debug --mode disko $DISKO_CONFIG_FILE_WITH_DRIVE + +read -p "Press Enter to install system" + +echo "Installing..." +nixos-install --option binary-caches “” --no-root-passwd --system "@toplevelDrv@" + +read -p "Press Enter to reboot" + +echo "Rebooting..." +sleep 1 +reboot diff --git a/targets/default.nix b/targets/default.nix index 1eeb78f9f..29805a99a 100644 --- a/targets/default.nix +++ b/targets/default.nix @@ -7,13 +7,13 @@ inputs, ... }: let - inherit (inputs) jetpack-nixos lanzaboote microvm nixos-generators nixos-hardware nixpkgs; + inherit (inputs) jetpack-nixos lanzaboote microvm nixos-generators nixos-hardware nixpkgs disko; in lib.foldr lib.recursiveUpdate {} [ (import ./nvidia-jetson-orin {inherit lib nixpkgs nixos-generators microvm jetpack-nixos;}) (import ./vm.nix {inherit lib nixos-generators microvm;}) (import ./generic-x86_64.nix {inherit lib nixos-generators microvm;}) - (import ./lenovo-x1-carbon.nix {inherit lib nixos-generators microvm lanzaboote;}) + (import ./lenovo-x1-carbon.nix {inherit lib nixos-generators microvm lanzaboote nixpkgs disko;}) (import ./imx8qm-mek.nix {inherit lib nixos-generators nixos-hardware microvm;}) (import ./microchip-icicle-kit.nix {inherit lib nixpkgs nixos-hardware;}) ] diff --git a/targets/lenovo-x1-carbon.nix b/targets/lenovo-x1-carbon.nix index 12276c851..fdc3a3c7b 100644 --- a/targets/lenovo-x1-carbon.nix +++ b/targets/lenovo-x1-carbon.nix @@ -7,6 +7,8 @@ nixos-generators, microvm, lanzaboote, + nixpkgs, + disko, ... }: let name = "lenovo-x1-carbon-gen11"; @@ -503,10 +505,54 @@ ++ (import ../modules/module-list.nix) ++ extraModules; }; + package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; in { - inherit hostConfiguration; + inherit hostConfiguration package; name = "${name}-${variant}"; - package = let inherit ((hostConfiguration.extendModules {modules = [formatModule];})) config; in config.system.build.${config.formatAttr}; + installer = let + pkgs = import nixpkgs {inherit system;}; + inherit ((hostConfiguration.extendModules {modules = [disko.nixosModules.disko (import ../templates/targets/x86_64/generic/disk-config.nix)];}).config.system.build) toplevel; + installerScript = import ../modules/installer/standalone-installer { + inherit pkgs; + toplevelDrv = toplevel; + inherit (disko.packages.${system}) disko; + diskoConfig = pkgs.writeText "disko-config.nix" (builtins.readFile ../templates/targets/x86_64/generic/disk-config.nix); + }; + in + lib.ghaf.installer { + inherit system; + modules = [ + ({pkgs, ...}: { + # Stop nixos complains about "warning: mdadm: Neither MAILADDR nor PROGRAM has been set. This will cause the `mdmon` service to crash." + # NOTE: Why this not working though? https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L112 + boot.swraid.mdadmConf = "PROGRAM ${pkgs.coreutils}/bin/true"; + + environment.systemPackages = with pkgs; [ + installerScript + # Installing this toplevel derivation should include all required + # packages to installer image /nix/store thus enabling offline + # installation. + # hostConfiguration.config.system.build.toplevel + + # Copied from https://github.com/nix-community/disko/blob/f67ba6552845ea5d7f596a24d57c33a8a9dc8de9/lib/default.nix#L396-L402 + # To make disko cli happy without internet. + util-linux + e2fsprogs + mdadm + zfs + lvm2 + bash + jq + ]; + environment.loginShellInit = '' + if [[ "$(tty)" == "/dev/tty1" ]] then + sudo installer.sh + fi + ''; + isoImage.storeContents = [toplevel]; + }) + ]; + }; }; debugModules = [ ../modules/development/usb-serial.nix @@ -537,6 +583,7 @@ in { builtins.listToAttrs (map (t: lib.nameValuePair t.name t.hostConfiguration) targets); flake.packages = { x86_64-linux = - builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets); + builtins.listToAttrs (map (t: lib.nameValuePair t.name t.package) targets) + // builtins.listToAttrs (map (t: lib.nameValuePair "${t.name}-installer" t.installer) targets); }; } diff --git a/templates/targets/x86_64/generic/disk-config.nix b/templates/targets/x86_64/generic/disk-config.nix index 2ec05381e..ea0ee5de3 100644 --- a/templates/targets/x86_64/generic/disk-config.nix +++ b/templates/targets/x86_64/generic/disk-config.nix @@ -4,7 +4,7 @@ _: { disko.devices = { disk.disk1 = { - # device = lib.mkDefault "/dev/nvme0n1"; + device = "DRIVE_PATH"; type = "disk"; content = { type = "gpt"; @@ -22,6 +22,7 @@ _: { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; + mountOptions = ["umask=0077"]; }; }; root = { diff --git a/templates/targets/x86_64/generic/flake.nix b/templates/targets/x86_64/generic/flake.nix index 59d365bc3..27f45846e 100644 --- a/templates/targets/x86_64/generic/flake.nix +++ b/templates/targets/x86_64/generic/flake.nix @@ -71,7 +71,8 @@ modules = [ disko.nixosModules.disko ./disk-config.nix - { + # deadnix: skip + ({lib, ...}: { #insert your additional modules here e.g. # virtualisation.docker.enable = true; # users.users."ghaf".extraGroups = ["docker"]; @@ -88,8 +89,8 @@ ]; # Insert block device on which system will be installed (this will destory all content on it). - disko.devices.disk.disk1.device = "DRIVE_PATH"; - } + # disko.devices.disk.disk1.device = lib.mkDefault "DRIVE_PATH"; + }) ]; }; packages.x86_64-linux.PROJ_NAME-ghaf-debug = let