From 1d208f6eaec5000daab9e4bce69e5547a916df89 Mon Sep 17 00:00:00 2001
From: Eino Rauhala <60004820+EinoHR@users.noreply.github.com>
Date: Sat, 29 Apr 2023 14:08:17 +0300
Subject: [PATCH] feat: add a just setup command for setting up nix (#48)

* feat: add nix install script from bluefin / dnkmmr

* feat: add nix-me-up just cmd from bluefin

* feat: just update nix if installed

* feat: add nix-app-icons.sh
enables desktop icon support by adding to XDG_DATA_DIRS

* chore: remove nix update for now
this will be added in a later PR
---
 Containerfile             |   3 +-
 etc/justfile              |  14 +++-
 usr/bin/ublue-nix-install | 130 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 143 insertions(+), 4 deletions(-)
 create mode 100644 usr/bin/ublue-nix-install

diff --git a/Containerfile b/Containerfile
index 36af020aa2..163c7a3fff 100644
--- a/Containerfile
+++ b/Containerfile
@@ -10,8 +10,7 @@ ARG RECIPE
 # and /etc/ is for editing by the local admin
 # see issue #28 (https://github.com/ublue-os/startingpoint/issues/28)
 COPY etc /usr/etc
-# uncomment below line if you need to put config files in /usr/
-# COPY usr /usr
+COPY usr /usr
 
 # copy scripts
 RUN mkdir /tmp/scripts
diff --git a/etc/justfile b/etc/justfile
index 5e655aa976..af46e5fbd6 100644
--- a/etc/justfile
+++ b/etc/justfile
@@ -56,8 +56,18 @@ setup-gaming:
   flatpak override com.usebottles.bottles --user --filesystem=xdg-data/applications 
   flatpak override --user --env=MANGOHUD=1 com.valvesoftware.Steam 
   flatpak override --user --env=MANGOHUD=1 com.heroicgameslauncher.hgl 
- 
+
+nix-me-up:
+  echo 'Setting phasers to kill. Installing nix.'
+  /usr/bin/ublue-nix-install
+
 update:
+  #!/bin/bash
+  echo "Staging system update..."
   rpm-ostree update
+
+  echo "Updating Flatpaks..."
   flatpak update -y
-  distrobox upgrade -a
+
+  echo "Updating Distroboxes..."
+  distrobox upgrade -a
\ No newline at end of file
diff --git a/usr/bin/ublue-nix-install b/usr/bin/ublue-nix-install
new file mode 100644
index 0000000000..28c79fa257
--- /dev/null
+++ b/usr/bin/ublue-nix-install
@@ -0,0 +1,130 @@
+#!/bin/bash
+# original script here: https://github.com/dnkmmr69420/nix-with-selinux/blob/main/silverblue-installer.sh
+# thanks dnkmmr!
+
+sudo sleep 2
+echo "Adding SELinux content to /nix"
+sudo semanage fcontext -a -t etc_t '/nix/store/[^/]+/etc(/.*)?' ; sudo semanage fcontext -a -t lib_t '/nix/store/[^/]+/lib(/.*)?' ; sudo semanage fcontext -a -t systemd_unit_file_t '/nix/store/[^/]+/lib/systemd/system(/.*)?' ; sudo semanage fcontext -a -t man_t '/nix/store/[^/]+/man(/.*)?' ; sudo semanage fcontext -a -t bin_t '/nix/store/[^/]+/s?bin(/.*)?' ; sudo semanage fcontext -a -t usr_t '/nix/store/[^/]+/share(/.*)?' ; sudo semanage fcontext -a -t var_run_t '/nix/var/nix/daemon-socket(/.*)?' ; sudo semanage fcontext -a -t usr_t '/nix/var/nix/profiles(/per-user/[^/]+)?/[^/]+'
+sleep 1
+sudo mkdir /var/lib/nix
+sleep 1
+echo "Adding SELinux content to /var/lib/nix"
+sudo semanage fcontext -a -t etc_t '/var/lib/nix/store/[^/]+/etc(/.*)?' ; sudo semanage fcontext -a -t lib_t '/var/lib/nix/store/[^/]+/lib(/.*)?' ; sudo semanage fcontext -a -t systemd_unit_file_t '/var/lib/nix/store/[^/]+/lib/systemd/system(/.*)?' ; sudo semanage fcontext -a -t man_t '/var/lib/nix/store/[^/]+/man(/.*)?' ; sudo semanage fcontext -a -t bin_t '/var/lib/nix/store/[^/]+/s?bin(/.*)?' ; sudo semanage fcontext -a -t usr_t '/var/lib/nix/store/[^/]+/share(/.*)?' ; sudo semanage fcontext -a -t var_run_t '/var/lib/nix/var/nix/daemon-socket(/.*)?' ; sudo semanage fcontext -a -t usr_t '/var/lib/nix/var/nix/profiles(/per-user/[^/]+)?/[^/]+'
+echo "Creating service files"
+sleep 1
+sleep 1
+echo "Creating rootfs mkdir service"
+
+sudo tee /etc/systemd/system/mkdir-rootfs@.service <<EOF
+[Unit]
+Description=Enable mount points in / for ostree
+ConditionPathExists=!%f
+DefaultDependencies=no
+Requires=local-fs-pre.target
+After=local-fs-pre.target
+
+[Service]
+Type=oneshot
+ExecStartPre=chattr -i /
+ExecStart=mkdir -p '%f'
+ExecStopPost=chattr +i /
+EOF
+
+sleep 1
+echo "Creating nix.mount"
+
+sudo tee /etc/systemd/system/nix.mount <<EOF
+[Unit]
+Description=Nix Package Manager
+DefaultDependencies=no
+After=mkdir-rootfs@nix.service
+Wants=mkdir-rootfs@nix.service
+Before=sockets.target
+After=ostree-remount.service
+BindsTo=var.mount
+
+[Mount]
+What=/var/lib/nix
+Where=/nix
+Options=bind
+Type=none
+EOF
+
+sleep 1
+echo "Enabling mount and resetting SELinux context"
+sleep 1
+
+sudo systemctl daemon-reload ; sudo systemctl enable nix.mount ; sudo systemctl start nix.mount ; sudo restorecon -RF /nix
+
+sleep 1
+
+echo "Temorarily setting SELinux to Permissive"
+
+sudo setenforce Permissive
+
+sleep 1
+
+echo "Preparing the nix install script"
+
+sleep 2
+
+sh <(curl -L https://nixos.org/nix/install) --daemon
+
+echo "Nix installer has finished running"
+sleep 1
+echo "Copying service files"
+
+sleep 1
+
+echo "Creating SSL cert file"
+sudo mkdir -p /etc/systemd/system/nix-daemon.service.d/
+sudo tee /etc/systemd/system/nix-daemon.service.d/override.conf <<EOF
+[Service]
+Environment="NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
+EOF
+sudo rm -f /etc/systemd/system/nix-daemon.{service,socket} ; sudo cp /nix/var/nix/profiles/default/lib/systemd/system/nix-daemon.{service,socket} /etc/systemd/system/ ; sudo restorecon -RF /nix ; sudo systemctl daemon-reload ; sudo systemctl enable --now nix-daemon.socket
+
+sleep 1
+
+echo "Setting SELinux back to Enforcing"
+
+sudo setenforce Enforcing
+
+echo "Modifying /etc/nix/nix.conf"
+echo "experimental-features = nix-command flakes" | sudo tee -a /etc/nix/nix.conf
+
+sleep 1
+
+echo "Adding /etc/profile.d/nix-app-icons.sh"
+
+sudo rm -f /etc/profile.d/nix-app-icons.sh 
+sudo tee /etc/profile.d/nix-app-icons.sh <<EOF
+XDG_DATA_DIRS="$HOME/.nix-profile/share:/nix/var/nix/profiles/default/share:$XDG_DATA_DIRS"
+EOF
+
+sleep 1
+
+echo "Installing nix backup"
+
+sudo mkdir /opt/nixbackup
+sudo cp -R /nix /opt/nixbackup
+
+sudo tee /opt/nixbackup/reset-nix <<EOF
+#!/bin/bash
+sudo echo "Resetting nix..."
+sudo rm -rf /nix/*
+sudo mkdir -p /nix
+sudo cp -R /opt/nixbackup/nix/* /nix/
+sudo restorecon -RF /nix
+sudo echo "Nix has been reset. Reboot for changes to apply."
+EOF
+
+sudo chmod a+x /opt/nixbackup/reset-nix
+
+sudo echo "Finished installing nix backup"
+
+sleep 1
+
+echo "You MUST reboot in order for the installation to finish"
+echo "Reboot your system by typing:"
+echo "systemctl reboot"
\ No newline at end of file