Add initial installer

2022-02-17 15:47:24 +00:00 · 2022-02-17 15:47:24 +00:00 · c0414cd062
commit c0414cd062
parent 788e476c01
15 changed files with 169 additions and 87 deletions
--- a/flake.nix
+++ b/flake.nix
@ -90,7 +90,7 @@
        }))
        pkgsFlakes;

-      modules = mapAttrs (_: f: ./. + "/modules/${f}") {
+      modules = mapAttrs (_: f: ./. + "/nixos/modules/${f}") {
        common = "common.nix";
        build = "build.nix";
        dynamic-motd = "dynamic-motd.nix";
@ -98,7 +98,7 @@
        firewall = "firewall.nix";
        server = "server.nix";
      };
-      homeModules = mapAttrs (_: f: ./. + "/home-modules/${f}") {
+      homeModules = mapAttrs (_: f: ./. + "/home-manager/modules/${f}") {
        common = "common.nix";
        gui = "gui.nix";
      };
@ -111,16 +111,17 @@
      nixosModules = inlineModules modules;
      homeModules = inlineModules homeModules;

-      nixosConfigurations = import ./systems.nix {
+      nixosConfigurations = import ./nixos {
        inherit lib pkgsFlakes hmFlakes inputs;
        pkgs' = configPkgs';
        modules = attrValues modules;
        homeModules = attrValues homeModules;
      };
      systems = mapAttrs (_: system: system.config.system.build.toplevel) self.nixosConfigurations;
-      vms = mapAttrs (_: system: system.config.my.build.devVM) self.nixosConfigurations;
+      vms = mapAttrs (_: system: system.config.my.buildAs.devVM) self.nixosConfigurations;
+      isos = mapAttrs (_: system: system.config.my.buildAs.iso) self.nixosConfigurations;

-      homeConfigurations = import ./homes.nix {
+      homeConfigurations = import ./home-manager {
        inherit lib hmFlakes inputs;
        pkgs' = configPkgs';
        modules = attrValues homeModules;
--- a/home-manager/configs/castle.nix
+++ b/home-manager/configs/castle.nix
--- a/home-manager/default.nix
+++ b/home-manager/default.nix
@ -43,7 +43,7 @@ mapAttrs mkHome {
  "dev@castle" = {
    system = "x86_64-linux";
    nixpkgs = "unstable";
-    config = homes/castle.nix;
+    config = configs/castle.nix;

    homeDirectory = "/home/dev";
    username = "dev";
--- a/home-manager/modules/common.nix
+++ b/home-manager/modules/common.nix
@ -29,7 +29,7 @@ in
      };
    })
    {
-      my.isStandalone = !(args ? sysConfig);
+      my.isStandalone = !(args ? osConfig);

      programs = {
        # Even when enabled this will only be actually installed in standalone mode
@ -37,6 +37,18 @@ in
        # never care about.
        home-manager.enable = true;

+        lsd = {
+          enable = mkDefault true;
+          enableAliases = mkDefault true;
+        };
+
+        starship = {
+          enable = mkDefault true;
+          settings = {
+            aws.disabled = true;
+          };
+        };
+
        bash = {
          # This not only installs bash but has home-manager control .bashrc and friends
          enable = mkDefault true;
@ -92,7 +104,7 @@ in
        language.base = mkDefault "en_IE.UTF-8";
      };
    }
-    (mkIf (config.my.isStandalone || !args.sysConfig.home-manager.useGlobalPkgs) {
+    (mkIf (config.my.isStandalone || !args.osConfig.home-manager.useGlobalPkgs) {
      # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options
      nixpkgs = {
        overlays = [
--- a/home-manager/modules/gui.nix
+++ b/home-manager/modules/gui.nix
@ -12,11 +12,6 @@ in

  config = mkMerge [
    (mkIf cfg.enable {
-      programs = {
-        lsd.enable = true;
-        starship.enable = mkDefault true;
-      };
-
      home = {
        packages = with pkgs; [
          (nerdfonts.override {
@ -25,18 +20,5 @@ in
        ];
      };
    })
-    {
-      programs = {
-        lsd = {
-          enableAliases = mkDefault true;
-        };
-
-        starship = {
-          settings = {
-            aws.disabled = true;
-          };
-        };
-      };
-    }
  ];
 }
--- a/modules/build.nix
+++ b/modules/build.nix
@ -1,49 +0,0 @@
-{ lib, extendModules, modulesPath, baseModules, options, config, ... }:
-let
-  inherit (lib) recursiveUpdate mkOption mkDefault;
-  inherit (lib.my) mkBoolOpt' dummyOption;
-
-  cfg = config.my.build;
-
-  asDevVM = extendModules {
-    # TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343)
-    specialArgs = { inherit baseModules; };
-    modules = [
-      "${modulesPath}/virtualisation/qemu-vm.nix"
-      ({ ... }: {
-        my.boot.isDevVM = true;
-      })
-    ];
-  };
-in
-{
-  options = with lib.types; {
-    my = {
-      boot.isDevVM = mkBoolOpt' false "Whether the system is a development VM.";
-      build = options.system.build;
-      asDevVM = mkOption {
-        inherit (asDevVM) type;
-        default = { };
-        visible = "shallow";
-        description = "Configuration as a development VM";
-      };
-    };
-
-    # Forward declare options that won't exist until the VM module is actually imported
-    virtualisation = {
-      diskImage = dummyOption;
-    };
-  };
-
-  config = {
-    virtualisation = {
-      diskImage = mkDefault "./.vms/${config.system.name}.qcow2";
-    };
-    my.build = {
-      # The meta.mainProgram should probably be set upstream but oh well...
-      devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; };
-    };
-  };
-
-  meta.buildDocsInSandbox = false;
-}
--- a/nixos/boxes/colony.nix
+++ b/nixos/boxes/colony.nix
@ -16,12 +16,7 @@
    };
    server.enable = true;

-    homeConfig = {
-      programs = {
-        lsd.enable = true;
-        starship.enable = true;
-      };
-    };
+    homeConfig = {};
  };

  fileSystems = {
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -108,4 +108,11 @@ mapAttrs mkSystem {
    config = boxes/colony.nix;
    docCustom = false;
  };
+
+  installer = {
+    system = "x86_64-linux";
+    nixpkgs = "unstable";
+    config = ./installer.nix;
+    docCustom = false;
+  };
 }
--- a/nixos/installer.nix
+++ b/nixos/installer.nix
@ -0,0 +1,43 @@
+{ lib, modulesPath, config, ... }:
+let
+  inherit (lib) mkDefault mkForce;
+in
+{
+  imports = [
+    # Lots of kernel modules and firmware
+    "${modulesPath}/profiles/all-hardware.nix"
+    # Useful tools to have
+    "${modulesPath}/profiles/base.nix"
+  ];
+
+  # Some of this is yoinked from modules/profiles/installation-device.nix
+  config = {
+    my = {
+      # Whatever installer mechanism is chosen will provied an appropriate `/`
+      tmproot.enable = false;
+      firewall.nat.enable = false;
+      server.enable = true;
+    };
+
+    # Good to have docs in the installer!
+    documentation.enable = mkForce true;
+    documentation.nixos.enable = mkForce true;
+
+    # Enable wpa_supplicant, but don't start it by default.
+    networking.wireless.enable = mkDefault true;
+    networking.wireless.userControlled.enable = true;
+    systemd.services.wpa_supplicant.wantedBy = mkForce [];
+
+    # Tell the Nix evaluator to garbage collect more aggressively.
+    # This is desirable in memory-constrained environments that don't
+    # (yet) have swap set up.
+    environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
+
+    # Make the installer more likely to succeed in low memory
+    # environments.  The kernel's overcommit heustistics bite us
+    # fairly often, preventing processes such as nix-worker or
+    # download-using-manifests.pl from forking even if there is
+    # plenty of free memory.
+    boot.kernel.sysctl."vm.overcommit_memory" = "1";
+  };
+}
--- a/nixos/modules/build.nix
+++ b/nixos/modules/build.nix
@ -0,0 +1,82 @@
+{ lib, extendModules, modulesPath, baseModules, options, config, ... }:
+let
+  inherit (lib) recursiveUpdate mkOption mkDefault mkIf mkMerge;
+  inherit (lib.my) mkBoolOpt' dummyOption;
+
+  cfg = config.my.build;
+
+  asDevVM = extendModules {
+    # TODO: Hack because this is kinda broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343)
+    specialArgs = { inherit baseModules; };
+    modules = [
+      "${modulesPath}/virtualisation/qemu-vm.nix"
+      { my.build.isDevVM = true; }
+    ];
+  };
+  asISO = extendModules {
+    # TODO: see previous
+    specialArgs = { inherit baseModules; };
+    modules = lib.flatten [
+      "${modulesPath}/installer/cd-dvd/iso-image.nix"
+      (lib.optional config.my.build.allHardware { imports = [ "${modulesPath}/profiles/all-hardware.nix" ]; })
+      {
+        isoImage = {
+          makeEfiBootable = true;
+          makeUsbBootable = true;
+          # Not necessarily an installer
+          appendToMenuLabel = mkDefault "";
+
+          squashfsCompression = "zstd -Xcompression-level 8";
+        };
+      }
+    ];
+  };
+in
+{
+  options = with lib.types; {
+    my = {
+      build = {
+        isDevVM = mkBoolOpt' false "Whether the system is a development VM.";
+        allHardware = mkBoolOpt' false
+          ("Whether to enable a lot of firmware and kernel modules for a wide range of hardware." +
+          "Only applies to some build targets.");
+      };
+
+      asDevVM = mkOption {
+        inherit (asDevVM) type;
+        default = { };
+        visible = "shallow";
+        description = "Configuration as a development VM";
+      };
+      asISO = mkOption {
+        inherit (asISO) type;
+        default = { };
+        visible = "shallow";
+        description = "Configuration as a bootable .iso image";
+      };
+
+      buildAs = options.system.build;
+    };
+
+    # Forward declare options that won't exist until the VM module is actually imported
+    virtualisation = {
+      diskImage = dummyOption;
+    };
+  };
+
+  config = {
+    virtualisation = {
+      diskImage = mkDefault "./.vms/${config.system.name}.qcow2";
+    };
+
+    my = {
+      buildAs = {
+        # The meta.mainProgram should probably be set upstream but oh well...
+        devVM = recursiveUpdate config.my.asDevVM.system.build.vm { meta.mainProgram = "run-${config.system.name}-vm"; };
+        iso = config.my.asISO.system.build.isoImage;
+      };
+    };
+  };
+
+  meta.buildDocsInSandbox = false;
+}
--- a/nixos/modules/common.nix
+++ b/nixos/modules/common.nix
@ -1,4 +1,4 @@
-{ lib, pkgs, inputs, options, config, ... }:
+{ lib, pkgs, pkgs', inputs, options, config, ... }:
 let
  inherit (builtins) attrValues;
  inherit (lib) mkIf mkDefault mkMerge mkAliasDefinitions;
@ -62,6 +62,8 @@ in
      nixpkgs = {
        overlays = [
          (final: prev: { nix = inputs.nix.defaultPackage.${config.nixpkgs.system}; })
+          # TODO: Wait for https://github.com/NixOS/nixpkgs/pull/159074 to arrive to nixos-unstable
+          (final: prev: { remarshal = pkgs'.master.remarshal; })
        ];
        config = {
          allowUnfree = true;
@ -85,6 +87,9 @@ in
            efiSysMountPoint = mkDefault "/boot";
            canTouchEfiVariables = mkDefault false;
          };
+          grub = {
+            memtest86.enable = mkDefault true;
+          };
          systemd-boot = {
            enable = mkDefault true;
            editor = mkDefault true;
--- a/nixos/modules/dynamic-motd.nix
+++ b/nixos/modules/dynamic-motd.nix
--- a/nixos/modules/firewall.nix
+++ b/nixos/modules/firewall.nix
@ -1,7 +1,7 @@
 { lib, options, config, ... }:
 let
  inherit (lib) optionalString concatStringsSep concatMapStringsSep optionalAttrs mkIf mkDefault mkMerge mkOverride;
-  inherit (lib.my) parseIPPort mkOpt' mkBoolOpt' dummyOption;
+  inherit (lib.my) parseIPPort mkOpt' mkBoolOpt';

  cfg = config.my.firewall;
 in
@ -149,7 +149,9 @@ in
              ${concatMapStringsSep "\n    " makeFilter cfg.nat.forwardPorts}
            }
            chain forward {
-              iifname ${cfg.nat.externalInterface} jump filter-port-forwards
+              ${optionalString
+                (cfg.nat.externalInterface != null)
+                "iifname ${cfg.nat.externalInterface} jump filter-port-forwards"}
            }
          }

@ -158,7 +160,9 @@ in
              ${concatMapStringsSep "\n    " makeForward cfg.nat.forwardPorts}
            }
            chain prerouting {
-              iifname ${cfg.nat.externalInterface} jump port-forward
+              ${optionalString
+                (cfg.nat.externalInterface != null)
+                "iifname ${cfg.nat.externalInterface} jump port-forward"}
            }
          }
        '';
--- a/nixos/modules/server.nix
+++ b/nixos/modules/server.nix
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@ -132,7 +132,7 @@ in
    (mkIf config.security.doas.enable {
      my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ];
    })
-    (mkIf config.my.boot.isDevVM {
+    (mkIf config.my.build.isDevVM {
      my.tmproot.unsaved.ignore = [ "/nix" ];

      fileSystems = mkVMOverride {
@ -199,7 +199,7 @@ in
        environment.persistence."${cfg.persistDir}".files =
          concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
      })
-      (mkIf config.my.boot.isDevVM {
+      (mkIf config.my.build.isDevVM {
        fileSystems = mkVMOverride {
          # Hijack the "root" device for persistence in the VM
          "${cfg.persistDir}" = {