Format alignment between netboot and iso specs.

Openmesh-Network · Jun 5, 2024 · 2e6ebff · 2e6ebff
1 parent c4db724
commit 2e6ebff
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 19 deletions.
diff --git a/repo/modules/services/openmesh/xnode/admin.nix b/repo/modules/services/openmesh/xnode/admin.nix
@@ -12,10 +12,16 @@ in
   options.services.openmesh.xnode.admin = {
     enable = mkEnableOption "Management service for Xnode";
 
-    localDir = mkOption {
+    stateDir = mkOption {
       type = types.str;
-      default = "/var/lib/openmesh/config.nix";
-      description = "Local repository for nix configurations, typically a cloned git repository.";
+      default = "/var/lib/openmesh-xnode-admin";
+      description = "State storage directory.";
+    };
+
+    localStateFilename = mkOption {
+      type = types.str;
+      default = "config.nix";
+      description = "Local file destination for nix configurations.";
     };
 
     package = mkOption {
@@ -39,15 +45,35 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    #environment.systemPackages = [ cfg.package ];
+    environment.systemPackages = [ cfg.package ];
 
     systemd.services.openmesh-xnode-admin = {
+      description = "Openmesh Xnode Administration and Configuration Subsystem Daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
       serviceConfig = {
-        DynamicUser = true;
+        ExecStart = ''${lib.getExe cfg.package} -p ${cfg.stateDir}/${cfg.localStateFilename} ${cfg.remoteDir} ${toString cfg.searchInterval}''; 
         Restart = "always";
-        ExecStart = "${cfg.package}/src/nix_rebuilder.py \
-                    ${cfg.localDir} ${cfg.remoteDir} ${toString cfg.searchInterval}
-                    "; 
+        WorkingDirectory = cfg.stateDir;
+        StateDirectory = "openmesh-xnode-admin";
+        RuntimeDirectory = "openmesh-xnode-admin";
+        RuntimeDirectoryMode = "0755";
+        PrivateTmp = true;
+        DynamicUser = true;
+        DevicePolicy = "closed";
+        LockPersonality = true;
+        PrivateUsers = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
       };
     };
 

diff --git a/repo/pkgs/openmesh/xnode/admin/default.nix b/repo/pkgs/openmesh/xnode/admin/default.nix
@@ -8,8 +8,8 @@ pkgs.python3Packages.buildPythonPackage rec {
   src = pkgs.fetchFromGitHub {
     owner = "Openmesh-Network";
     repo = pname;
-    rev = "96ee992e5f2cc95672964d7f5a55168549e501d4";
-    sha256 = "0p11b039vfn9696zrnl1hl6hrm60mpkhg76jrwk57rg29vy1lcfv";
+    rev = "568ca78e3881f1b2af988b6846ab59f316f2e731";
+    sha256 = "e/GVoWFKEp54gZNkllAf7Q9rBogJ0bSa3aT62pelutw=";
   };
 
   nativeBuildInputs = [
@@ -25,7 +25,8 @@ pkgs.python3Packages.buildPythonPackage rec {
   meta = with lib; {
       homepage = "https://openmesh.network/";
       description = "Agent service for Xnode reconfiguration and management";
+      mainProgram = "openmesh-xnode-admin";
       #license = with licenses; [ x ];
-      maintainers = with maintainers; [ harrys522 ];
+      maintainers = with maintainers; [ harrys522 j-openmesh ];
     };
 }
diff --git a/systems/iso.nix b/systems/iso.nix
@@ -15,10 +15,14 @@ let
       };
       services = {
         getty = {
-          greetingLine = ''<<< Welcome to Openmesh Xnode/OS ${config.system.nixos.label} (\m) - \l >>>'';
+          greetingLine = ''<<< Welcome to Openmesh XnodeOS ${config.system.nixos.label} (\m) - \l >>>'';
         };
-        openmesh.xnode.admin = {
-          enable = true;
+        openmesh = {
+          xnode = {
+            admin = {
+              enable = true;
+            };
+          };
         };
       };
       boot = {
@@ -34,13 +38,11 @@ let
         makeBiosBootable = true;
         makeEfiBootable = true;
         makeUsbBootable = true;
+        squashfsCompression = "gzip -Xcompression-level 1";
       };
       environment = {
         systemPackages = with pkgs; [
-          prometheus
-          grafana
-#          (callPackage ./xnode-admin {})
-#          (callPackage ./openmesh-core {})
+          nyancat
         ];
       };
       networking = {
@@ -51,6 +53,7 @@ let
           "xnode" = {
             isNormalUser = true;
             password = "xnode";
+            extraGroups = [ "wheel" ];
           };
         };
       };

diff --git a/systems/netboot.nix b/systems/netboot.nix
@@ -22,14 +22,17 @@ let
           };
         };
         getty = {
-          greetingLine = ''<<< Welcome to Openmesh Xnode/OS ${config.system.nixos.label} (\m) - \l >>>'';
+          greetingLine = ''<<< Welcome to Openmesh XnodeOS ${config.system.nixos.label} (\m) - \l >>>'';
         };
       };
       environment = {
         systemPackages = with pkgs; [
           nyancat
         ];
       };
+      netboot = {
+        squashfsCompression = "gzip -Xcompression-level 1";
+      };
       networking = {
         hostName = "xnode";
       };
@@ -38,6 +41,7 @@ let
           xnode = {
             isNormalUser = true;
             password = "xnode";
+            extraGroups = [ "wheel" ];
           };
         };
       };