From a395639bd2b829c614fb1d0c2ced086edcb038e8 Mon Sep 17 00:00:00 2001 From: Brian McGillion Date: Sun, 10 Dec 2023 10:18:59 +0400 Subject: [PATCH] Modules: Define the basic module structure Signed-off-by: Brian McGillion --- TODO.org | 16 ++++ flake.nix | 8 +- modules/default.nix | 24 +++++ modules/development/default.nix | 10 +++ modules/development/nix.nix | 1 + modules/framework/default.nix | 8 ++ .../default.nix => framework/version.nix} | 1 + modules/graphics/default.nix | 10 ++- modules/graphics/fonts.nix | 17 ---- modules/graphics/weston.ini.nix | 88 ------------------- modules/graphics/weston.nix | 71 +++++++++++++++ modules/hardware/default.nix | 8 ++ .../agx-netvm-wlan-pci-passthrough.nix | 13 ++- .../hardware/nvidia-jetson-orin/default.nix | 12 ++- .../nvidia-jetson-orin/format-module.nix | 14 ++- .../nvidia-jetson-orin/jetson-orin.nix | 9 +- .../nx-netvm-ethernet-pci-passthrough.nix | 4 + .../nvidia-jetson-orin/ota-utils-fix.nix | 1 + .../nvidia-jetson-orin}/systemd-boot-dtb.nix | 5 +- modules/hardware/polarfire/default.nix | 7 ++ .../hardware/polarfire/mpfs-nixos-sdimage.nix | 80 +++++++++-------- .../default.nix} | 4 +- modules/host/default.nix | 28 +++--- modules/host/nvidia/default.nix | 25 ++++++ modules/host/polarfire/default.nix | 25 ++++++ ...kvm-enable-pkvm-on-intel-x86-6.1-lts.patch | 0 modules/host/x86_64-linux/default.nix | 27 ++++++ .../demo-secure-boot-keys/GUID | 0 .../demo-secure-boot-keys/GUID.license | 0 .../demo-secure-boot-keys/files.db | 0 .../demo-secure-boot-keys/keys/KEK/KEK.key | 0 .../demo-secure-boot-keys/keys/KEK/KEK.pem | 0 .../demo-secure-boot-keys/keys/PK/PK.key | 0 .../demo-secure-boot-keys/keys/PK/PK.pem | 0 .../demo-secure-boot-keys/keys/db/db.key | 0 .../demo-secure-boot-keys/keys/db/db.pem | 0 .../ghaf_host_hardened_baseline | 0 .../ghaf_host_hardened_baseline.license | 0 modules/host/{ => x86_64-linux}/kernel.nix | 4 +- .../host/{ => x86_64-linux}/secureboot.nix | 4 +- modules/module-list.nix | 4 +- modules/profiles/applications.nix | 5 +- modules/profiles/default.nix | 12 +++ modules/profiles/graphics.nix | 14 --- modules/profiles/hostOnly.nix | 6 +- modules/profiles/installer.nix | 6 +- modules/programs/default.nix | 4 +- modules/programs/firefox.nix | 68 +++++++------- modules/users/accounts.nix | 1 + modules/users/default.nix | 7 ++ modules/virtualization/default.nix | 8 ++ modules/virtualization/docker.nix | 23 +++-- .../virtualization/microvm/common/default.nix | 7 ++ modules/virtualization/microvm/default.nix | 10 +++ targets/default.nix | 2 +- targets/generic-x86_64.nix | 2 +- targets/lenovo-x1-carbon.nix | 6 +- targets/microchip-icicle-kit.nix | 11 ++- targets/nvidia-jetson-orin/default.nix | 9 +- targets/vm.nix | 2 +- 60 files changed, 469 insertions(+), 262 deletions(-) create mode 100644 TODO.org create mode 100644 modules/default.nix create mode 100644 modules/development/default.nix create mode 100644 modules/framework/default.nix rename modules/{version/default.nix => framework/version.nix} (91%) delete mode 100644 modules/graphics/fonts.nix delete mode 100644 modules/graphics/weston.ini.nix create mode 100644 modules/hardware/default.nix rename modules/{boot => hardware/nvidia-jetson-orin}/systemd-boot-dtb.nix (89%) create mode 100644 modules/hardware/polarfire/default.nix rename modules/hardware/{x86_64-linux.nix => x86_64-linux/default.nix} (91%) create mode 100644 modules/host/nvidia/default.nix create mode 100644 modules/host/polarfire/default.nix rename modules/{virtualization/pkvm => host/x86_64-linux}/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch (100%) create mode 100644 modules/host/x86_64-linux/default.nix rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/GUID (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/GUID.license (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/files.db (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/KEK/KEK.key (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/KEK/KEK.pem (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/PK/PK.key (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/PK/PK.pem (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/db/db.key (100%) rename modules/host/{ => x86_64-linux}/demo-secure-boot-keys/keys/db/db.pem (100%) rename modules/host/{ => x86_64-linux}/ghaf_host_hardened_baseline (100%) rename modules/host/{ => x86_64-linux}/ghaf_host_hardened_baseline.license (100%) rename modules/host/{ => x86_64-linux}/kernel.nix (95%) rename modules/host/{ => x86_64-linux}/secureboot.nix (90%) create mode 100644 modules/profiles/default.nix create mode 100644 modules/users/default.nix create mode 100644 modules/virtualization/default.nix create mode 100644 modules/virtualization/microvm/common/default.nix create mode 100644 modules/virtualization/microvm/default.nix diff --git a/TODO.org b/TODO.org new file mode 100644 index 0000000000..6aab9ccdc4 --- /dev/null +++ b/TODO.org @@ -0,0 +1,16 @@ +#+title: Todo + +* List of tasks + +** Refactoring +*** hardware/Nvidia +- Can this go upstream [[file:modules/hardware/nvidia-jetson-orin/pci-passthrough-agx-test.patch][passthrough patch]] +- Can this go upstream [[file:modules/hardware/nvidia-jetson-orin/pci-passthrough-nx-test.patch][nx passthrough]] +- Does format-module need to be exposed see comments in target. +*** Installer +- How is this supposed to be enabled +- Should it come from profile ? +- Is it still being reworked +*** Windows launcher +- Refactor this and move under apps (temp) +- Ultimatly this should be moved to down stream project ghaf-extras diff --git a/flake.nix b/flake.nix index ceb92e40e1..b16c7cecc0 100644 --- a/flake.nix +++ b/flake.nix @@ -163,18 +163,14 @@ ]; imports = [ + ./hydrajobs.nix + ./modules ./nix ./packages ./targets - ./hydrajobs.nix ./templates ]; - #TODO Fix this - #flake.nixosModules = with lib; - # mapAttrs (_: import) - # (flattenTree (rakeLeaves ./modules)); - flake.lib = lib; }; } diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000000..7dcd15bb79 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,24 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +_: { + flake.nixosModules = { + development = import ./development; + framework = import ./framework; + graphics = import ./graphics; + hardware = import ./hardware; + hardware.nvidia = import ./hardware/nvidia-jetson-orin; + hardware.polarfire = import ./hardware/polarfire; + hardware.x86_64-linux = import ./hardware/x86_64-linux; + host.nvidia = import ./host/nvidia; + host.polarfire = import ./host/polarfire; + host.x86_64-linux = import ./host/x86_64-linux; + installer = import ./installer; + profiles = import ./profiles; + programs = import ./programs; + users = import ./users; + virtualization.docker = import ./virtualization/docker.nix; + virtualization.microvm = import ./virtualization/microvm; + windows-launcher = import ./windows-launcher; + }; +} diff --git a/modules/development/default.nix b/modules/development/default.nix new file mode 100644 index 0000000000..abaaa6f6c0 --- /dev/null +++ b/modules/development/default.nix @@ -0,0 +1,10 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./debug-tools.nix + ./nix.nix + ./ssh.nix + ./usb-serial.nix + ]; +} diff --git a/modules/development/nix.nix b/modules/development/nix.nix index 09312d7728..c9a12dbee9 100644 --- a/modules/development/nix.nix +++ b/modules/development/nix.nix @@ -12,6 +12,7 @@ in enable = mkEnableOption "Target Nix config options"; }; + # TODO setup the channels to properly support e.g. nix-shell and repl config = mkIf cfg.enable { nix.settings.experimental-features = ["nix-command" "flakes"]; nix.extraOptions = '' diff --git a/modules/framework/default.nix b/modules/framework/default.nix new file mode 100644 index 0000000000..730afd8517 --- /dev/null +++ b/modules/framework/default.nix @@ -0,0 +1,8 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./version.nix + ./launchers.nix + ]; +} diff --git a/modules/version/default.nix b/modules/framework/version.nix similarity index 91% rename from modules/version/default.nix rename to modules/framework/version.nix index ade21d3302..52896dfdc3 100644 --- a/modules/version/default.nix +++ b/modules/framework/version.nix @@ -12,6 +12,7 @@ echo "${lib.ghaf-version}" ''; in { + #TODO this has not module setup environment.systemPackages = [ ghafVersion ]; diff --git a/modules/graphics/default.nix b/modules/graphics/default.nix index d51bb48509..39d2ea6804 100644 --- a/modules/graphics/default.nix +++ b/modules/graphics/default.nix @@ -10,8 +10,6 @@ in { imports = [ ./weston.nix ./labwc.nix - ./weston.ini.nix - ./fonts.nix ./gnome.nix ]; @@ -33,5 +31,13 @@ in { ghaf.graphics.weston.enable = cfg.displayManager == "weston"; ghaf.graphics.gnome.enable = cfg.displayManager == "gnome"; ghaf.graphics.labwc.enable = cfg.displayManager == "labwc"; + + ghaf.graphics.fonts.packages = with pkgs; [ + fira-code + hack-font + ]; + + # Install a modern terminal + environment.systemPackages = [pkgs.kitty]; }; } diff --git a/modules/graphics/fonts.nix b/modules/graphics/fonts.nix deleted file mode 100644 index 15ba8bf2e2..0000000000 --- a/modules/graphics/fonts.nix +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -{ - pkgs, - lib, - config, - ... -}: let - cfg = config.ghaf.graphics.weston; -in { - config = lib.mkIf cfg.enable { - fonts.packages = with pkgs; [ - fira-code - hack-font - ]; - }; -} diff --git a/modules/graphics/weston.ini.nix b/modules/graphics/weston.ini.nix deleted file mode 100644 index 54f2009b36..0000000000 --- a/modules/graphics/weston.ini.nix +++ /dev/null @@ -1,88 +0,0 @@ -# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -{ - pkgs, - lib, - config, - ... -}: let - cfg = config.ghaf.graphics.weston; - mkLauncher = { - path, - icon, - }: '' - [launcher] - path=${path} - icon=${icon} - - ''; - - /* - Generate launchers to be used in weston.ini - - Type: mkLaunchers :: [{path, icon}] -> string - - */ - mkLaunchers = lib.concatMapStrings mkLauncher; - - defaultLauncher = [ - # Keep weston-terminal launcher always enabled explicitly since if someone adds - # a launcher on the panel, the launcher will replace weston-terminal launcher. - { - path = "${pkgs.weston}/bin/weston-terminal"; - icon = "${pkgs.weston}/share/weston/icon_terminal.png"; - } - ]; -in { - options.ghaf.graphics.weston = with lib; { - launchers = mkOption { - description = "Weston application launchers to show in launch bar"; - default = []; - type = with types; - listOf - (submodule { - options.path = mkOption { - description = "Path to the executable to be launched"; - type = path; - }; - options.icon = mkOption { - description = "Path of the icon"; - type = path; - }; - }); - }; - enableDemoApplications = mkEnableOption "some applications for demoing"; - }; - - config = lib.mkIf cfg.enable { - ghaf.graphics.weston.launchers = defaultLauncher; - environment.etc."xdg/weston/weston.ini" = { - text = - '' - # Disable screen locking - [core] - idle-time=0 - - [shell] - locking=false - background-image=${../../assets/wallpaper.png} - background-type=scale-crop - num-workspaces=2 - - # Set the keyboard layout for weston to US by default - [keyboard] - keymap_layout=us,fi - - # Enable Hack font for weston-terminal - [terminal] - font=Hack - font-size=16 - - '' - + mkLaunchers cfg.launchers; - - # The UNIX file mode bits - mode = "0644"; - }; - }; -} diff --git a/modules/graphics/weston.nix b/modules/graphics/weston.nix index 54b881ed4a..2d6187cd84 100644 --- a/modules/graphics/weston.nix +++ b/modules/graphics/weston.nix @@ -7,6 +7,30 @@ ... }: let cfg = config.ghaf.graphics.weston; + mkLauncher = { + path, + icon, + }: '' + [launcher] + path=${path} + icon=${icon} + + ''; + + # + # Generate launchers to be used in weston.ini + # Type: mkLaunchers :: [{path, icon}] -> string + + mkLaunchers = lib.concatMapStrings mkLauncher; + + defaultLauncher = [ + # Keep weston-terminal launcher always enabled explicitly since if someone adds + # a launcher on the panel, the launcher will replace weston-terminal launcher. + { + path = "${pkgs.weston}/bin/weston-terminal"; + icon = "${pkgs.weston}/share/weston/icon_terminal.png"; + } + ]; in { imports = [ ./window-manager.nix @@ -14,10 +38,28 @@ in { options.ghaf.graphics.weston = { enable = lib.mkEnableOption "weston"; + + launchers = mkOption { + description = "Weston application launchers to show in launch bar"; + default = []; + type = with types; + listOf + (submodule { + options.path = mkOption { + description = "Path to the executable to be launched"; + type = path; + }; + options.icon = mkOption { + description = "Path of the icon"; + type = path; + }; + }); + }; }; config = lib.mkIf cfg.enable { ghaf.graphics.window-manager-common.enable = true; + ghaf.graphics.weston.launchers = defaultLauncher; environment.systemPackages = with pkgs; [ weston @@ -73,5 +115,34 @@ in { }; wantedBy = ["default.target"]; }; + + environment.etc."xdg/weston/weston.ini" = { + text = + '' + # Disable screen locking + [core] + idle-time=0 + + [shell] + locking=false + background-image=${../../assets/wallpaper.png} + background-type=scale-crop + num-workspaces=2 + + # Set the keyboard layout for weston to US by default + [keyboard] + keymap_layout=us,fi + + # Enable Hack font for weston-terminal + [terminal] + font=Hack + font-size=16 + + '' + + mkLaunchers cfg.launchers; + + # The UNIX file mode bits + mode = "0644"; + }; }; } diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix new file mode 100644 index 0000000000..25fdf5f512 --- /dev/null +++ b/modules/hardware/default.nix @@ -0,0 +1,8 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./definition.nix + #TODO any common hardware definitions or configs + ]; +} diff --git a/modules/hardware/nvidia-jetson-orin/agx-netvm-wlan-pci-passthrough.nix b/modules/hardware/nvidia-jetson-orin/agx-netvm-wlan-pci-passthrough.nix index 97e4cf5c72..64bd2fbf36 100644 --- a/modules/hardware/nvidia-jetson-orin/agx-netvm-wlan-pci-passthrough.nix +++ b/modules/hardware/nvidia-jetson-orin/agx-netvm-wlan-pci-passthrough.nix @@ -7,11 +7,18 @@ }: let cfg = config.ghaf.hardware.nvidia.orin.agx; in { - options.ghaf.hardware.nvidia.orin.agx.enableNetvmWlanPCIPassthrough = - lib.mkEnableOption - "WLAN card PCI passthrough to NetVM"; + imports = [ + ./pci-passthrough-common.nix + ]; + + options.ghaf.hardware.nvidia.orin.agx = { + enableNetvmWlanPCIPassthrough = lib.mkEnableOption "WLAN card PCI passthrough to NetVM"; + }; + config = lib.mkIf cfg.enableNetvmWlanPCIPassthrough { # Orin AGX WLAN card PCI passthrough + # + # TODO this needs to be guarded behind a (! isHostOnly) for the Vm stuff ghaf.hardware.nvidia.orin.enablePCIPassthroughCommon = true; ghaf.virtualization.microvm.netvm.extraModules = [ diff --git a/modules/hardware/nvidia-jetson-orin/default.nix b/modules/hardware/nvidia-jetson-orin/default.nix index 0f45087bea..81ebe344e9 100644 --- a/modules/hardware/nvidia-jetson-orin/default.nix +++ b/modules/hardware/nvidia-jetson-orin/default.nix @@ -4,14 +4,12 @@ # Top-level module entry point for the Orin family of chips { imports = [ - ./partition-template.nix - ../../boot/systemd-boot-dtb.nix - ./jetson-orin.nix - - ./pci-passthrough-common.nix + #TODO do the pci pass throughs need to be exposed here + # They can be included in the Jetson-orin and the namespace + # will be available to the user ./agx-netvm-wlan-pci-passthrough.nix + ./format-module.nix + ./jetson-orin.nix ./nx-netvm-ethernet-pci-passthrough.nix - - ./ota-utils-fix.nix ]; } diff --git a/modules/hardware/nvidia-jetson-orin/format-module.nix b/modules/hardware/nvidia-jetson-orin/format-module.nix index c2b557ba60..5852d874e4 100644 --- a/modules/hardware/nvidia-jetson-orin/format-module.nix +++ b/modules/hardware/nvidia-jetson-orin/format-module.nix @@ -5,9 +5,21 @@ # nixos-generators flake input as an argument. # { + lib, + config, + ... +}: let + cgf = config.ghaf.hardware.nvidia.orin; +in { imports = [ ./sdimage.nix ]; - formatAttr = "sdImage"; + # TODO this is default requirement + # so enabled at the top level of the orin being enabled + + # TODO However, should this be exposed raw like this? + config = lib.mkIf cfg.enable { + formatAttr = "sdImage"; + }; } diff --git a/modules/hardware/nvidia-jetson-orin/jetson-orin.nix b/modules/hardware/nvidia-jetson-orin/jetson-orin.nix index 32d2c94cbd..22cf5650ca 100644 --- a/modules/hardware/nvidia-jetson-orin/jetson-orin.nix +++ b/modules/hardware/nvidia-jetson-orin/jetson-orin.nix @@ -10,6 +10,13 @@ cfg = config.ghaf.hardware.nvidia.orin; in with lib; { + imports = [ + #TODO remove when upstreamed + ./ota-utils-fix.nix + ./partition-template.nix + ./systemd-boot-dtb.nix + ]; + options.ghaf.hardware.nvidia.orin = { # Enable the Orin boards enable = mkEnableOption "Orin hardware"; @@ -53,7 +60,7 @@ in nixpkgs.hostPlatform.system = "aarch64-linux"; - ghaf.boot.loader.systemd-boot-dtb.enable = true; + ghaf.hardware.nvidia.orin.systemd-boot-dtb.enable = true; boot.loader = { efi.canTouchEfiVariables = true; diff --git a/modules/hardware/nvidia-jetson-orin/nx-netvm-ethernet-pci-passthrough.nix b/modules/hardware/nvidia-jetson-orin/nx-netvm-ethernet-pci-passthrough.nix index bd67cc6fd0..c4a8243749 100644 --- a/modules/hardware/nvidia-jetson-orin/nx-netvm-ethernet-pci-passthrough.nix +++ b/modules/hardware/nvidia-jetson-orin/nx-netvm-ethernet-pci-passthrough.nix @@ -7,6 +7,10 @@ }: let cfg = config.ghaf.hardware.nvidia.orin.nx; in { + imports = [ + ./pci-passthrough-common.nix + ]; + options.ghaf.hardware.nvidia.orin.nx.enableNetvmEthernetPCIPassthrough = lib.mkEnableOption "Ethernet card PCI passthrough to NetVM"; diff --git a/modules/hardware/nvidia-jetson-orin/ota-utils-fix.nix b/modules/hardware/nvidia-jetson-orin/ota-utils-fix.nix index d0c9f398bb..0daca5e5a8 100644 --- a/modules/hardware/nvidia-jetson-orin/ota-utils-fix.nix +++ b/modules/hardware/nvidia-jetson-orin/ota-utils-fix.nix @@ -14,6 +14,7 @@ # mkAfter needed here so that we can be sure the overlay is after the overlay # included from jetpack-nixos. Otherwise it will just override the whole # nvidia-jetpack set. + # TODO remove when merged to upstream nixpkgs.overlays = lib.mkAfter [ (_final: prev: { nvidia-jetpack = diff --git a/modules/boot/systemd-boot-dtb.nix b/modules/hardware/nvidia-jetson-orin/systemd-boot-dtb.nix similarity index 89% rename from modules/boot/systemd-boot-dtb.nix rename to modules/hardware/nvidia-jetson-orin/systemd-boot-dtb.nix index 14fd70dd21..8eef43cdea 100644 --- a/modules/boot/systemd-boot-dtb.nix +++ b/modules/hardware/nvidia-jetson-orin/systemd-boot-dtb.nix @@ -6,16 +6,17 @@ # By setting this option to true, device tree file gets copied to # /boot-partition, and gets added to systemd-boot's entry. # +# TODO should this be moved under hardware { config, lib, pkgs, ... }: let - cfg = config.ghaf.boot.loader.systemd-boot-dtb; + cfg = config.ghaf.hardware.nvidia.orin.systemd-boot-dtb; in with lib; { - options.ghaf.boot.loader.systemd-boot-dtb = { + options.ghaf.hardware.nvidia.orin.systemd-boot-dtb = { enable = mkEnableOption "systemd-boot-dtb"; }; diff --git a/modules/hardware/polarfire/default.nix b/modules/hardware/polarfire/default.nix new file mode 100644 index 0000000000..055a4937d2 --- /dev/null +++ b/modules/hardware/polarfire/default.nix @@ -0,0 +1,7 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./mpfs-nixos-sdimage.nix + ]; +} diff --git a/modules/hardware/polarfire/mpfs-nixos-sdimage.nix b/modules/hardware/polarfire/mpfs-nixos-sdimage.nix index 8b2676e325..31845d5be4 100644 --- a/modules/hardware/polarfire/mpfs-nixos-sdimage.nix +++ b/modules/hardware/polarfire/mpfs-nixos-sdimage.nix @@ -6,49 +6,57 @@ pkgs, modulesPath, ... -}: { +}: let + cfg = config.ghaf.hardware.polarfire; +in { imports = [ (modulesPath + "/installer/sd-card/sd-image.nix") ]; - sdImage = { - compressImage = false; - populateFirmwareCommands = '' - cp ${pkgs.uboot-icicle-kit}/payload.bin firmware/ - ''; + options.ghaf.hardware.polarfire.mpfs = { + enable = lib.mkEnableOption "Make SD card image for PolarFire SoC"; + }; + + config = lib.mkIf cfg.mpfs.enable { + sdImage = { + compressImage = false; + populateFirmwareCommands = '' + cp ${pkgs.uboot-icicle-kit}/payload.bin firmware/ + ''; - populateRootCommands = '' - mkdir -p ./files/boot - ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot - ''; - postBuildCommands = '' - sdimage="$out/nixos.img" - blocksize=512 - offset=34 - ubootsize=2048 - sfdisk --list $img | grep Linux - rootstart=$(sfdisk --list $img | grep Linux | awk '{print $3}') - rootsize=$(sfdisk --list $img | grep Linux | awk '{print $5}') - imagesize=$(((offset + ubootsize + rootsize + 2048)*blocksize)) - touch $sdimage - truncate -s $imagesize $sdimage + populateRootCommands = '' + mkdir -p ./files/boot + ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot + ''; + postBuildCommands = '' + sdimage="$out/nixos.img" + blocksize=512 + offset=34 + ubootsize=2048 + sfdisk --list $img | grep Linux + rootstart=$(sfdisk --list $img | grep Linux | awk '{print $3}') + rootsize=$(sfdisk --list $img | grep Linux | awk '{print $5}') + imagesize=$(((offset + ubootsize + rootsize + 2048)*blocksize)) + touch $sdimage + truncate -s $imagesize $sdimage - echo -e " - label: gpt - label-id: 47D1675F-84FF-41C5-9CBD-CC6D822159EC - unit: sectors - first-lba: $offset - last-lba: $((ubootsize + offset + $rootsize - 1)) - sector-size: 512 + echo -e " + label: gpt + label-id: 47D1675F-84FF-41C5-9CBD-CC6D822159EC + unit: sectors + first-lba: $offset + last-lba: $((ubootsize + offset + $rootsize - 1)) + sector-size: 512 - start=$offset, size=$ubootsize, type=21686148-6449-6E6F-744E-656564454649, uuid=0F5E6BEA-86F5-4936-8712-6DBF3B46B2A0, name=\"uboot\" - start=$((offset + ubootsize)), size=$rootsize, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=17E58027-1F0E-4146-8F88-AB26C740BC6D, name=\"kernel\", attrs=\"LegacyBIOSBootable\" " > "$out/partition.txt" + start=$offset, size=$ubootsize, type=21686148-6449-6E6F-744E-656564454649, uuid=0F5E6BEA-86F5-4936-8712-6DBF3B46B2A0, name=\"uboot\" + start=$((offset + ubootsize)), size=$rootsize, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=17E58027-1F0E-4146-8F88-AB26C740BC6D, name=\"kernel\", attrs=\"LegacyBIOSBootable\" " > "$out/partition.txt" - sfdisk $sdimage < "$out/partition.txt" - dd conv=notrunc if=${pkgs.uboot-icicle-kit}/payload.bin of=$sdimage seek=$offset - dd conv=notrunc if=$img of=$sdimage seek=$((offset + ubootsize)) skip=$rootstart count=$rootsize - sfdisk --list $sdimage - rm -rf $out/sd-image - ''; + sfdisk $sdimage < "$out/partition.txt" + dd conv=notrunc if=${pkgs.uboot-icicle-kit}/payload.bin of=$sdimage seek=$offset + dd conv=notrunc if=$img of=$sdimage seek=$((offset + ubootsize)) skip=$rootstart count=$rootsize + sfdisk --list $sdimage + rm -rf $out/sd-image + ''; + }; }; } diff --git a/modules/hardware/x86_64-linux.nix b/modules/hardware/x86_64-linux/default.nix similarity index 91% rename from modules/hardware/x86_64-linux.nix rename to modules/hardware/x86_64-linux/default.nix index 195f9ca8c8..2fbeb6197d 100644 --- a/modules/hardware/x86_64-linux.nix +++ b/modules/hardware/x86_64-linux/default.nix @@ -5,10 +5,10 @@ lib, ... }: let - cfg = config.ghaf.hardware.x86_64.common; + cfg = config.ghaf.hardware.x86_64-linux.common; in with lib; { - options.ghaf.hardware.x86_64.common = { + options.ghaf.hardware.x86_64-linux.common = { enable = mkEnableOption "Common x86 configs"; }; diff --git a/modules/host/default.nix b/modules/host/default.nix index 60afa09dd7..cd0cbd35b5 100644 --- a/modules/host/default.nix +++ b/modules/host/default.nix @@ -4,27 +4,27 @@ lib, pkgs, ... -}: { +}: let + cfg = config.ghaf.host; +in { imports = [ - # TODO remove this when the minimal config is defined - # Replace with the baseModules definition - # UPDATE 26.07.2023: - # This line breaks build of GUIVM. No investigations of a - # root cause are done so far. - #(modulesPath + "/profiles/minimal.nix") - - ../../overlays/custom-packages - - ./kernel.nix - - # TODO: Refactor this under virtualization/microvm/host/networking.nix + # TODO: Refactor this under virtualization/microvm/host/networking.nix? ./networking.nix ]; - config = { + options.ghaf.host = { + enable = lib.mkEnableOption "Enable Ghaf host"; + }; + + config = lib.mkIf cfg.enable { networking.hostName = "ghaf-host"; system.stateVersion = lib.trivial.release; + # TODO should htis be default + # Also check hot to check if isHostOnly / virt environment + # To make better descisions on enabling + ghaf.host.networking.enable = true; + #### # temp means to reduce the image size # TODO remove this when the minimal config is defined diff --git a/modules/host/nvidia/default.nix b/modules/host/nvidia/default.nix new file mode 100644 index 0000000000..7d46e8ba33 --- /dev/null +++ b/modules/host/nvidia/default.nix @@ -0,0 +1,25 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{ + lib, + pkgs, + self, + ... +}: let + cfg = config.ghaf.host.nvidia; +in { + imports = [ + self.nixosModules.ghaf.host + + #TODO remove this when the overlays are merget to pkgs + ../../../overlays/custom-packages + ]; + + options.ghaf.host.nvidia = { + enable = lib.mkEnableOption "Enable Ghaf Nvidia host configuration"; + }; + + config = lib.mkIf cfg.enable { + ghaf.host.enable = true; + }; +} diff --git a/modules/host/polarfire/default.nix b/modules/host/polarfire/default.nix new file mode 100644 index 0000000000..1525fc11ea --- /dev/null +++ b/modules/host/polarfire/default.nix @@ -0,0 +1,25 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{ + lib, + pkgs, + self, + ... +}: let + cfg = config.ghaf.host.polarfire; +in { + imports = [ + self.nixosModules.ghaf.host + self.nixosModules.ghaf.profiles.hostOnly + ]; + + options.ghaf.host.polarfire = { + enable = lib.mkEnableOption "Enable Ghaf Polarfire host configuration"; + }; + + config = lib.mkIf cfg.enable { + #TODO are there any configs for here + ghaf.host.enable = true; + ghaf.profiles.hostOnly.enable = true; + }; +} diff --git a/modules/virtualization/pkvm/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch b/modules/host/x86_64-linux/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch similarity index 100% rename from modules/virtualization/pkvm/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch rename to modules/host/x86_64-linux/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch diff --git a/modules/host/x86_64-linux/default.nix b/modules/host/x86_64-linux/default.nix new file mode 100644 index 0000000000..7ea9b17cdd --- /dev/null +++ b/modules/host/x86_64-linux/default.nix @@ -0,0 +1,27 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{ + lib, + pkgs, + self, + ... +}: let + cfg = config.ghaf.host.x86_64-linux; +in { + imports = [ + self.nixosModules.ghaf.host + + #TODO remove this when the overlays are merget to pkgs + ../../../overlays/custom-packages + + ./kernel.nix + ]; + + options.ghaf.host.x86_64-linux = { + enable = lib.mkEnableOption "Enable Ghaf x86_64-linux host configuration"; + }; + + config = lib.mkIf cfg.enable { + ghaf.host.enable = true; + }; +} diff --git a/modules/host/demo-secure-boot-keys/GUID b/modules/host/x86_64-linux/demo-secure-boot-keys/GUID similarity index 100% rename from modules/host/demo-secure-boot-keys/GUID rename to modules/host/x86_64-linux/demo-secure-boot-keys/GUID diff --git a/modules/host/demo-secure-boot-keys/GUID.license b/modules/host/x86_64-linux/demo-secure-boot-keys/GUID.license similarity index 100% rename from modules/host/demo-secure-boot-keys/GUID.license rename to modules/host/x86_64-linux/demo-secure-boot-keys/GUID.license diff --git a/modules/host/demo-secure-boot-keys/files.db b/modules/host/x86_64-linux/demo-secure-boot-keys/files.db similarity index 100% rename from modules/host/demo-secure-boot-keys/files.db rename to modules/host/x86_64-linux/demo-secure-boot-keys/files.db diff --git a/modules/host/demo-secure-boot-keys/keys/KEK/KEK.key b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/KEK/KEK.key similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/KEK/KEK.key rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/KEK/KEK.key diff --git a/modules/host/demo-secure-boot-keys/keys/KEK/KEK.pem b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/KEK/KEK.pem similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/KEK/KEK.pem rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/KEK/KEK.pem diff --git a/modules/host/demo-secure-boot-keys/keys/PK/PK.key b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/PK/PK.key similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/PK/PK.key rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/PK/PK.key diff --git a/modules/host/demo-secure-boot-keys/keys/PK/PK.pem b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/PK/PK.pem similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/PK/PK.pem rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/PK/PK.pem diff --git a/modules/host/demo-secure-boot-keys/keys/db/db.key b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/db/db.key similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/db/db.key rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/db/db.key diff --git a/modules/host/demo-secure-boot-keys/keys/db/db.pem b/modules/host/x86_64-linux/demo-secure-boot-keys/keys/db/db.pem similarity index 100% rename from modules/host/demo-secure-boot-keys/keys/db/db.pem rename to modules/host/x86_64-linux/demo-secure-boot-keys/keys/db/db.pem diff --git a/modules/host/ghaf_host_hardened_baseline b/modules/host/x86_64-linux/ghaf_host_hardened_baseline similarity index 100% rename from modules/host/ghaf_host_hardened_baseline rename to modules/host/x86_64-linux/ghaf_host_hardened_baseline diff --git a/modules/host/ghaf_host_hardened_baseline.license b/modules/host/x86_64-linux/ghaf_host_hardened_baseline.license similarity index 100% rename from modules/host/ghaf_host_hardened_baseline.license rename to modules/host/x86_64-linux/ghaf_host_hardened_baseline.license diff --git a/modules/host/kernel.nix b/modules/host/x86_64-linux/kernel.nix similarity index 95% rename from modules/host/kernel.nix rename to modules/host/x86_64-linux/kernel.nix index 4448594587..dc541a6e90 100644 --- a/modules/host/kernel.nix +++ b/modules/host/x86_64-linux/kernel.nix @@ -72,10 +72,10 @@ allowImportFromDerivation = true; }; - pkvm_patch = lib.mkIf config.ghaf.hardware.x86_64.common.enable [ + pkvm_patch = lib.mkIf config.ghaf.hardware.x86_64-linux.common.enable [ { name = "pkvm-patch"; - patch = ../virtualization/pkvm/0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch; + patch = ./0001-pkvm-enable-pkvm-on-intel-x86-6.1-lts.patch; structuredExtraConfig = with lib.kernel; { KVM_INTEL = yes; KSM = no; diff --git a/modules/host/secureboot.nix b/modules/host/x86_64-linux/secureboot.nix similarity index 90% rename from modules/host/secureboot.nix rename to modules/host/x86_64-linux/secureboot.nix index 567c0ae01f..4f52177a88 100644 --- a/modules/host/secureboot.nix +++ b/modules/host/x86_64-linux/secureboot.nix @@ -7,9 +7,9 @@ lanzaboote, ... }: let - cfg = config.ghaf.host.secureboot; + cfg = config.ghaf.host.x86_64-linux.secureboot; in { - options.ghaf.host.secureboot = { + options.ghaf.host.x86_64-linux.secureboot = { enable = lib.mkEnableOption "Host secureboot"; }; diff --git a/modules/module-list.nix b/modules/module-list.nix index 41d6042905..3a0927bd40 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -9,7 +9,7 @@ ./graphics ./hardware/definition.nix ./hardware/nvidia-jetson-orin/optee.nix - ./hardware/x86_64-linux.nix + # ./hardware/x86_64-linux.nix ./installer ./profiles/applications.nix ./profiles/debug.nix @@ -17,7 +17,7 @@ ./profiles/installer.nix ./profiles/release.nix ./users/accounts.nix - ./version + # ./version ./virtualization/docker.nix ./windows-launcher ] diff --git a/modules/profiles/applications.nix b/modules/profiles/applications.nix index 3bfdea2e87..039e7ff7b2 100644 --- a/modules/profiles/applications.nix +++ b/modules/profiles/applications.nix @@ -11,8 +11,6 @@ in with lib; { options.ghaf.profiles.applications = { enable = mkEnableOption "Some sample applications"; - #TODO Create options to allow enabling individual apps - #weston.ini.nix mods needed }; config = mkIf cfg.enable { @@ -20,7 +18,8 @@ in # across different window managers. ghaf = { profiles.graphics.enable = true; - graphics.weston.enableDemoApplications = true; + # TODO should we enable all apps? + # ghaf.programs.enableAllApps = true; }; }; } diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix new file mode 100644 index 0000000000..bd9fae922b --- /dev/null +++ b/modules/profiles/default.nix @@ -0,0 +1,12 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./applications.nix + ./debug.nix + ./graphics.nix + ./hostOnly.nix + ./installer.nix + ./release.nix + ]; +} diff --git a/modules/profiles/graphics.nix b/modules/profiles/graphics.nix index 5369e96942..9bd11a6850 100644 --- a/modules/profiles/graphics.nix +++ b/modules/profiles/graphics.nix @@ -7,27 +7,13 @@ ... }: let cfg = config.ghaf.profiles.graphics; - #compositors = ["weston" "gnome" "labwc"]; in with lib; { options.ghaf.profiles.graphics = { enable = mkEnableOption "Graphics profile"; - # Select which compositor to use - # compositor = mkOption { - # type = types.enum compositors; - # default = "weston"; - # description = '' - # Which Wayland compositor to use. - - # Choose one of: ${lib.concatStringsSep "," compositors} - # ''; - # }; }; config = mkIf cfg.enable { ghaf.graphics.enable = true; - #ghaf.graphics.weston.enable = cfg.compositor == "weston"; - #ghaf.graphics.gnome.enable = cfg.compositor == "gnome"; - #ghaf.graphics.labwc.enable = cfg.compositor == "labwc"; }; } diff --git a/modules/profiles/hostOnly.nix b/modules/profiles/hostOnly.nix index 10ea2bbbcd..1a625792af 100644 --- a/modules/profiles/hostOnly.nix +++ b/modules/profiles/hostOnly.nix @@ -14,7 +14,9 @@ in }; config = mkIf cfg.enable { - #cfg.isHostOnly = true; - #TODO do we actually want to set anything else + # TODO how should we set this + #ghaf.profiles.hostOnly.isHostOnly = true; + + # TODO do we actually want to set anything else }; } diff --git a/modules/profiles/installer.nix b/modules/profiles/installer.nix index 86374fc3dd..149ae9aede 100644 --- a/modules/profiles/installer.nix +++ b/modules/profiles/installer.nix @@ -9,10 +9,12 @@ cfg = config.ghaf.profiles.installer; in with lib; { - options.ghaf.profiles.installer.enable = mkEnableOption "installer profile"; + options.ghaf.profiles.installer = { + enable = mkEnableOption "installer profile"; + }; config = mkIf cfg.enable { - # Use less privileged ghaf user + # TODO Use less privileged ghaf user users.users.ghaf = { isNormalUser = true; extraGroups = ["wheel" "networkmanager" "video"]; diff --git a/modules/programs/default.nix b/modules/programs/default.nix index 28dcb3aa6e..15f28cf0c8 100644 --- a/modules/programs/default.nix +++ b/modules/programs/default.nix @@ -1,3 +1,5 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 { config, lib, @@ -28,7 +30,7 @@ in { }; config = lib.mkIf cfg.enableAllApps { - ghaf.programs.chrome.enable = true; + ghaf.programs.chromium.enable = true; ghaf.programs.element-desktop.enable = true; ghaf.programs.firefox.enable = true; ghaf.programs.gala.enable = true; diff --git a/modules/programs/firefox.nix b/modules/programs/firefox.nix index a477a50089..8cd835a657 100644 --- a/modules/programs/firefox.nix +++ b/modules/programs/firefox.nix @@ -9,6 +9,8 @@ }: let cfg = config.ghaf.programs.firefox; + # TODO do we need this permanently + # Could we not just copy the icon from the firefox package # # Scaled down firefox icon # @@ -24,41 +26,39 @@ in { enable = lib.mkEnableOption "Enable Firefox and launchers"; }; - environment.systemPackages = lib.mkIf isHostOnly [pkgs.firefox]; - # Determine if we are running in the host-only or a vm - # TODO generalize the launchers to support other transport mechanisms - # and window managers (framework/launchers.nix) - # TODO add launcher for the VM case - ghaf.graphics.weston.launchers = - (ho: { - path = - if ho - then "${pkgs.firefox}/bin/firefox" - else ""; - icon = - if ho - then "${firefox-icon}/share/icons/hicolor/24x24/apps/firefox.png" - else ""; - }) - isHostOnly; + config = lib.mkIf cfg.enable { + # TODO add launcher for the VM case + ghaf.graphics.weston.launchers = + (ho: { + path = + if ho + then "${pkgs.firefox}/bin/firefox" + else ""; + icon = + if ho + then "${firefox-icon}/share/icons/hicolor/24x24/apps/firefox.png" + else ""; + }) + isHostOnly; - # If running in the host add the app to the system packages - environment.systemPackages = lib.mkIf isHostOnly [pkgs.firefox]; + # If running in the host add the app to the system packages + environment.systemPackages = lib.mkIf isHostOnly [pkgs.firefox]; - #If running in a virtualized platform define the vm configuration - # TODO can this be generalized into a "vm maker function - # TODO Test this in a VM - ghaf.virtualization.microvm.appvm.vms = lib.mkIf (! isHostOnly) { - name = "firefox"; - packages = [pkgs.firefox]; - macAddress = "02:00:00:03:08:01"; - ramMb = 1536; - cores = 2; - extraModules = [ - { - # TODO What does Firefox need in the VM - # Likely same as chrome so an either/or? - } - ]; + #If running in a virtualized platform define the vm configuration + # TODO can this be generalized into a "vm maker function + # TODO Test this in a VM + ghaf.virtualization.microvm.appvm.vms = lib.mkIf (! isHostOnly) { + name = "firefox"; + packages = [pkgs.firefox]; + macAddress = "02:00:00:03:08:01"; + ramMb = 1536; + cores = 2; + extraModules = [ + { + # TODO What does Firefox need in the VM + # Likely same as chrome so an either/or? + } + ]; + }; }; } diff --git a/modules/users/accounts.nix b/modules/users/accounts.nix index f07eec169a..6d49a8b9bd 100644 --- a/modules/users/accounts.nix +++ b/modules/users/accounts.nix @@ -32,6 +32,7 @@ in config = mkIf cfg.enable { users = { + #TODO should not be mutable even for development/debug mutableUsers = true; users."${cfg.user}" = { isNormalUser = true; diff --git a/modules/users/default.nix b/modules/users/default.nix new file mode 100644 index 0000000000..656238d167 --- /dev/null +++ b/modules/users/default.nix @@ -0,0 +1,7 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./accounts.nix + ]; +} diff --git a/modules/virtualization/default.nix b/modules/virtualization/default.nix new file mode 100644 index 0000000000..8027a3f2a2 --- /dev/null +++ b/modules/virtualization/default.nix @@ -0,0 +1,8 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + # TODO Anything common todo? + # if not delete this tile + ]; +} diff --git a/modules/virtualization/docker.nix b/modules/virtualization/docker.nix index f98899660f..9c780e32d9 100644 --- a/modules/virtualization/docker.nix +++ b/modules/virtualization/docker.nix @@ -6,17 +6,16 @@ ... }: let cfg = config.ghaf.virtualization.docker.daemon; -in - with lib; { - options.ghaf.virtualization.docker.daemon = { - enable = mkEnableOption "Docker Daemon"; - }; +in { + options.ghaf.virtualization.docker.daemon = { + enable = lib.mkEnableOption "Docker Daemon"; + }; - config = mkIf cfg.enable { - virtualisation.docker.enable = true; - virtualisation.docker.rootless = { - enable = true; - setSocketVariable = true; - }; + config = lib.mkIf cfg.enable { + virtualisation.docker.enable = true; + virtualisation.docker.rootless = { + enable = true; + setSocketVariable = true; }; - } + }; +} diff --git a/modules/virtualization/microvm/common/default.nix b/modules/virtualization/microvm/common/default.nix new file mode 100644 index 0000000000..2f86be3914 --- /dev/null +++ b/modules/virtualization/microvm/common/default.nix @@ -0,0 +1,7 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./vm-networking.nix + ]; +} diff --git a/modules/virtualization/microvm/default.nix b/modules/virtualization/microvm/default.nix new file mode 100644 index 0000000000..450aa16712 --- /dev/null +++ b/modules/virtualization/microvm/default.nix @@ -0,0 +1,10 @@ +# Copyright 2022-2023 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +_: { + imports = [ + ./appvm.nix + ./guivm.nix + ./microvm-host.nix + ./netvm.nix + ]; +} diff --git a/targets/default.nix b/targets/default.nix index 5a397ef419..2dd2352742 100644 --- a/targets/default.nix +++ b/targets/default.nix @@ -7,7 +7,7 @@ inputs, ... }: let - inherit (inputs) jetpack-nixos lanzaboote microvm nixos-generators nixos-hardware nixpkgs; + inherit (inputs) jetpack-nixos microvm nixos-generators nixos-hardware nixpkgs; in lib.foldr lib.recursiveUpdate {} [ (import ./nvidia-jetson-orin {inherit lib nixpkgs nixos-generators microvm jetpack-nixos;}) diff --git a/targets/generic-x86_64.nix b/targets/generic-x86_64.nix index b9dadbad82..e861dde473 100644 --- a/targets/generic-x86_64.nix +++ b/targets/generic-x86_64.nix @@ -41,7 +41,7 @@ ../modules/virtualization/microvm/netvm.nix { ghaf = { - hardware.x86_64.common.enable = true; + hardware.x86_64-linux.common.enable = true; virtualization.microvm-host.enable = true; host.networking.enable = true; diff --git a/targets/lenovo-x1-carbon.nix b/targets/lenovo-x1-carbon.nix index b83b97ef7f..5398ecedc0 100644 --- a/targets/lenovo-x1-carbon.nix +++ b/targets/lenovo-x1-carbon.nix @@ -186,7 +186,7 @@ host.hypervisor_hardening.enable = false; - hardware.x86_64.common.enable = true; + hardware.x86_64-linux.common.enable = true; profiles.graphics.enable = true; graphics.displayManager = "weston"; @@ -307,8 +307,8 @@ ]; boot.initrd.availableKernelModules = ["nvme"]; }) - ] - ++ (import ../modules/module-list.nix) + ] # TODO Import the real modules + #++ (import ../modules/module-list.nix) ++ extraModules; }; in { diff --git a/targets/microchip-icicle-kit.nix b/targets/microchip-icicle-kit.nix index 150e2af362..a7da419474 100644 --- a/targets/microchip-icicle-kit.nix +++ b/targets/microchip-icicle-kit.nix @@ -15,8 +15,12 @@ specialArgs = {inherit lib;}; modules = [ + # TODO only include the required modules nixos-hardware.nixosModules.microchip-icicle-kit - ../modules/hardware/polarfire/mpfs-nixos-sdimage.nix + self.nixosModules.hardeare.polarfire + # TODO delete this line + #../modules/hardware/polarfire/mpfs-nixos-sdimage.nix + # TODO What was it looking for in the host ?? ../modules/host { @@ -30,7 +34,10 @@ }; # Disable all the default UI applications + # TODO can remove most of this when only correct modules are imported ghaf = { + hardware.polarfire.mpfs.enable = true; + profiles = { applications.enable = false; graphics.enable = false; @@ -52,6 +59,8 @@ disabledModules = ["profiles/all-hardware.nix"]; } ] + # TODO Only enable the modules that we want + # TODO remove this line ++ (import ../modules/module-list.nix) ++ extraModules; }; diff --git a/targets/nvidia-jetson-orin/default.nix b/targets/nvidia-jetson-orin/default.nix index 2f612d920f..e101449952 100644 --- a/targets/nvidia-jetson-orin/default.nix +++ b/targets/nvidia-jetson-orin/default.nix @@ -11,11 +11,13 @@ system = "aarch64-linux"; # Import custom format module + # TODO should the whole format module be handled internally in the + # modules/HW section and be exposed with formatModule = ghaf.hardware.nvidia.orin.formatModule? formatModule = { imports = [ # Needed for formatAttr (nixos-generators + "/format-module.nix") - + # TODO make sure to enable the ghaf.hardware.nvidia.orin.formatModule with a true ../../modules/hardware/nvidia-jetson-orin/format-module.nix ]; }; @@ -80,6 +82,8 @@ (import ./optee.nix {inherit jetpack-nixos;}) + # TODO see above for concealing this in the HW abstraction layer + # and exporting it from there to here formatModule ] ++ (import ../../modules/module-list.nix) @@ -101,7 +105,8 @@ hostConfiguration = tgt.hostConfiguration.extendModules { modules = [ { - ghaf.graphics.weston.enableDemoApplications = lib.mkForce false; + # TODO Is this really needed as it is default false + ghaf.programs.enableAllApps = lib.mkForce false; } ]; }; diff --git a/targets/vm.nix b/targets/vm.nix index 9f3747c1df..6115206749 100644 --- a/targets/vm.nix +++ b/targets/vm.nix @@ -21,7 +21,7 @@ { ghaf = { - hardware.x86_64.common.enable = true; + hardware.x86_64-linux.common.enable = true; virtualization.microvm-host.enable = true; host.networking.enable = true;