From 2e6ebffdbd9dfb71c57ea154751607b1473300a2 Mon Sep 17 00:00:00 2001 From: J Date: Wed, 5 Jun 2024 13:43:34 +1000 Subject: [PATCH] Format alignment between netboot and iso specs. --- .../modules/services/openmesh/xnode/admin.nix | 42 +++++++++++++++---- repo/pkgs/openmesh/xnode/admin/default.nix | 7 ++-- systems/iso.nix | 17 ++++---- systems/netboot.nix | 6 ++- 4 files changed, 53 insertions(+), 19 deletions(-) diff --git a/repo/modules/services/openmesh/xnode/admin.nix b/repo/modules/services/openmesh/xnode/admin.nix index 5c112a7..dccf86f 100644 --- a/repo/modules/services/openmesh/xnode/admin.nix +++ b/repo/modules/services/openmesh/xnode/admin.nix @@ -12,10 +12,16 @@ in options.services.openmesh.xnode.admin = { enable = mkEnableOption "Management service for Xnode"; - localDir = mkOption { + stateDir = mkOption { type = types.str; - default = "/var/lib/openmesh/config.nix"; - description = "Local repository for nix configurations, typically a cloned git repository."; + default = "/var/lib/openmesh-xnode-admin"; + description = "State storage directory."; + }; + + localStateFilename = mkOption { + type = types.str; + default = "config.nix"; + description = "Local file destination for nix configurations."; }; package = mkOption { @@ -39,15 +45,35 @@ in }; config = lib.mkIf cfg.enable { - #environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ cfg.package ]; systemd.services.openmesh-xnode-admin = { + description = "Openmesh Xnode Administration and Configuration Subsystem Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { - DynamicUser = true; + ExecStart = ''${lib.getExe cfg.package} -p ${cfg.stateDir}/${cfg.localStateFilename} ${cfg.remoteDir} ${toString cfg.searchInterval}''; Restart = "always"; - ExecStart = "${cfg.package}/src/nix_rebuilder.py \ - ${cfg.localDir} ${cfg.remoteDir} ${toString cfg.searchInterval} - "; + WorkingDirectory = cfg.stateDir; + StateDirectory = "openmesh-xnode-admin"; + RuntimeDirectory = "openmesh-xnode-admin"; + RuntimeDirectoryMode = "0755"; + PrivateTmp = true; + DynamicUser = true; + DevicePolicy = "closed"; + LockPersonality = true; + PrivateUsers = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + UMask = "0077"; }; }; diff --git a/repo/pkgs/openmesh/xnode/admin/default.nix b/repo/pkgs/openmesh/xnode/admin/default.nix index c637120..60590fc 100644 --- a/repo/pkgs/openmesh/xnode/admin/default.nix +++ b/repo/pkgs/openmesh/xnode/admin/default.nix @@ -8,8 +8,8 @@ pkgs.python3Packages.buildPythonPackage rec { src = pkgs.fetchFromGitHub { owner = "Openmesh-Network"; repo = pname; - rev = "96ee992e5f2cc95672964d7f5a55168549e501d4"; - sha256 = "0p11b039vfn9696zrnl1hl6hrm60mpkhg76jrwk57rg29vy1lcfv"; + rev = "568ca78e3881f1b2af988b6846ab59f316f2e731"; + sha256 = "e/GVoWFKEp54gZNkllAf7Q9rBogJ0bSa3aT62pelutw="; }; nativeBuildInputs = [ @@ -25,7 +25,8 @@ pkgs.python3Packages.buildPythonPackage rec { meta = with lib; { homepage = "https://openmesh.network/"; description = "Agent service for Xnode reconfiguration and management"; + mainProgram = "openmesh-xnode-admin"; #license = with licenses; [ x ]; - maintainers = with maintainers; [ harrys522 ]; + maintainers = with maintainers; [ harrys522 j-openmesh ]; }; } diff --git a/systems/iso.nix b/systems/iso.nix index 9b27b62..73c7925 100644 --- a/systems/iso.nix +++ b/systems/iso.nix @@ -15,10 +15,14 @@ let }; services = { getty = { - greetingLine = ''<<< Welcome to Openmesh Xnode/OS ${config.system.nixos.label} (\m) - \l >>>''; + greetingLine = ''<<< Welcome to Openmesh XnodeOS ${config.system.nixos.label} (\m) - \l >>>''; }; - openmesh.xnode.admin = { - enable = true; + openmesh = { + xnode = { + admin = { + enable = true; + }; + }; }; }; boot = { @@ -34,13 +38,11 @@ let makeBiosBootable = true; makeEfiBootable = true; makeUsbBootable = true; + squashfsCompression = "gzip -Xcompression-level 1"; }; environment = { systemPackages = with pkgs; [ - prometheus - grafana -# (callPackage ./xnode-admin {}) -# (callPackage ./openmesh-core {}) + nyancat ]; }; networking = { @@ -51,6 +53,7 @@ let "xnode" = { isNormalUser = true; password = "xnode"; + extraGroups = [ "wheel" ]; }; }; }; diff --git a/systems/netboot.nix b/systems/netboot.nix index a5964e7..d5204f1 100644 --- a/systems/netboot.nix +++ b/systems/netboot.nix @@ -22,7 +22,7 @@ let }; }; getty = { - greetingLine = ''<<< Welcome to Openmesh Xnode/OS ${config.system.nixos.label} (\m) - \l >>>''; + greetingLine = ''<<< Welcome to Openmesh XnodeOS ${config.system.nixos.label} (\m) - \l >>>''; }; }; environment = { @@ -30,6 +30,9 @@ let nyancat ]; }; + netboot = { + squashfsCompression = "gzip -Xcompression-level 1"; + }; networking = { hostName = "xnode"; }; @@ -38,6 +41,7 @@ let xnode = { isNormalUser = true; password = "xnode"; + extraGroups = [ "wheel" ]; }; }; };