diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/by-name/au/ausweisapp/module.nix | 18 | ||||
| -rw-r--r-- | modules/by-name/bo/boot/module.nix | 88 | ||||
| -rw-r--r-- | modules/by-name/lf/lf/commands/default.nix | 6 | ||||
| -rwxr-xr-x | modules/by-name/lf/lf/commands/scripts/cd_lf_make_map.sh | 27 | ||||
| -rw-r--r-- | modules/by-name/lf/lf/keybindings/default.nix | 18 | ||||
| -rw-r--r-- | modules/by-name/lf/lf/module.nix | 17 | ||||
| -rw-r--r-- | pkgs/by-name/ta/tails-iso/package.nix (renamed from modules/by-name/bo/boot/tails_iso.nix) | 45 |
7 files changed, 162 insertions, 57 deletions
diff --git a/modules/by-name/au/ausweisapp/module.nix b/modules/by-name/au/ausweisapp/module.nix new file mode 100644 index 00000000..3a89db9d --- /dev/null +++ b/modules/by-name/au/ausweisapp/module.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + libraries, + ... +}: let + cfg = config.soispha.programs.ausweisapp; +in { + options.soispha.programs.ausweisapp = { + enable = libraries.base.options.mkEnable "AusweisApp"; + }; + + config = lib.mkIf cfg.enable { + soispha.impermanence.userDirectories = [ + ".config/AusweisApp" + ]; + }; +} diff --git a/modules/by-name/bo/boot/module.nix b/modules/by-name/bo/boot/module.nix index ba64a8e6..4dc9130a 100644 --- a/modules/by-name/bo/boot/module.nix +++ b/modules/by-name/bo/boot/module.nix @@ -19,7 +19,73 @@ }: let cfg = config.soispha.boot; - tailsPrefix = "EFI/tails"; + tails = let + tailsPrefix = "/EFI/tails"; + in { + root = "${tailsPrefix}/tails.iso"; + initrd = "${tailsPrefix}/initrd.img"; + vmlinuz = "${tailsPrefix}/vmlinuz-linux"; + }; + + iso = pkgs.tails-iso; + + # From: + # - The extracted ISO's boot dir + # - Reverse engineered from: + # - `<tails iso squashfs>/usr/share/initramfs-tools/init` + # - `<tails iso squashfs>/usr/lib/live/boot/` + iso_options = + ## General options? + [ + "initrd=${tails.initrd}" + # "noprompt" + # "timezone=Etc/UTC" + # "config" + # "noautologin" + # "slab_nomerge" + # "slub_debug=FZ" + # "mce=0" + # "vsyscall=none" + # "init_on_free=1" + # "mds=full,nosmt" + # "page_alloc.shuffle=1" + # "randomize_kstack_offset=on" + # "efi_pstore.pstore_disable=1" + # "erst_disable" + # "spec_store_bypass_disable=on" + # "systemd.condition_needs_update=no" + ] + ## Systemd log options + ++ [ + "systemd.log_level=debug" + "systemd.log_target=console" + "console=tty1" + "systemd.journald.forward_to_console=1" + "systemd.unit=rescue.target" + ] + ## Options for the first `init` script + ++ [ + # Use the `*-live` scripts + "boot=live" + + # "splash" + "plymouth.enable=0" + + # "quiet" + "debug" + ] + ## Options for the `*-live` `init` scripts + ++ [ + "module=Tails" + + # TODO: RO-makes the fromiso not work <2026-06-08> + # "live-boot.read-only=/dev/nvme0*" + + # Don't store things persistently + "nopersistence" + + "fromiso=/dev/nvme0n1p1/${tails.root}" + ]; in { options.soispha.boot = { enable = lib.mkEnableOption "Bootloader configuration"; @@ -113,7 +179,7 @@ in { systemdCfg.extraFiles )} - ${lib.getExe pkgs.sbctl} sign "${bootMountPoint}/${tailsPrefix}/vmlinuz-linux" + ${lib.getExe pkgs.sbctl} sign "${bootMountPoint}/${tails.vmlinuz}" ${concatStrings ( mapAttrsToList (n: v: '' @@ -133,19 +199,17 @@ in { extraEntries = { "live.conf" = '' - title Tails Live ISO - linux /${tailsPrefix}/vmlinuz-linux - initrd /${tailsPrefix}/initramfs-linux.img - options root=/dev/ram0 rw img_loop=/${tailsPrefix}/tails.iso copytoram + title Tails ${iso.passthru.version} Live ISO + linux ${tails.vmlinuz} + initrd ${tails.initrd} + options ${builtins.concatStringsSep " " iso_options} ''; }; - extraFiles = let - iso = import ./tails_iso.nix {inherit pkgs;}; - in { - "/${tailsPrefix}/tails.iso" = "${iso}/tails.iso"; - "/${tailsPrefix}/vmlinuz-linux" = "${iso}/live/vmlinuz-linux"; - "/${tailsPrefix}/initramfs-linux.img" = "${iso}/live/initramfs-linux.img"; + extraFiles = { + "${tails.root}" = "${iso}/tails.iso"; + "${tails.vmlinuz}" = "${iso}/live/vmlinuz-linux"; + "${tails.initrd}" = "${iso}/live/initrd.img"; }; }; diff --git a/modules/by-name/lf/lf/commands/default.nix b/modules/by-name/lf/lf/commands/default.nix index ae02c45b..42dc548e 100644 --- a/modules/by-name/lf/lf/commands/default.nix +++ b/modules/by-name/lf/lf/commands/default.nix @@ -79,6 +79,12 @@ in { name = "cd_project_root"; dependencies = [pkgs.git]; }; + cd_lf_make_map = shell { + name = "cd_lf_make_map"; + dependencies = [ + pkgs.lf-make-map + ]; + }; chmod = pipe { name = "chmod"; diff --git a/modules/by-name/lf/lf/commands/scripts/cd_lf_make_map.sh b/modules/by-name/lf/lf/commands/scripts/cd_lf_make_map.sh new file mode 100755 index 00000000..00befd3f --- /dev/null +++ b/modules/by-name/lf/lf/commands/scripts/cd_lf_make_map.sh @@ -0,0 +1,27 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. + +# shellcheck shell=sh + +# shellcheck disable=SC2269 +f="$f" +# shellcheck disable=SC2269 +fx="$fx" +# shellcheck disable=SC2269 +fs="$fs" +# shellcheck disable=SC2269 +id="$id" + +root="$(lf-make-map --depth 4 interactive ~/media ~/repos ~/documents ~/.config ~/.local)" +if [ "$root" ]; then + lf_cmd cd "$root" || die "Bug: Failed to cd to selected path at '$root'" +fi + +# vim: ft=sh diff --git a/modules/by-name/lf/lf/keybindings/default.nix b/modules/by-name/lf/lf/keybindings/default.nix index fbc33f6f..b6b7a548 100644 --- a/modules/by-name/lf/lf/keybindings/default.nix +++ b/modules/by-name/lf/lf/keybindings/default.nix @@ -82,22 +82,16 @@ ch = "chmod"; bg = "set_wallpaper"; r = ":rename; cmd-end"; - H = "cd_project_root"; R = "reload"; C = "clear"; U = "unselect"; # Movement - gjr = "cd ~/.local/share/Trash/files"; - gus = "cd /run/user/${builtins.toString uid}"; + nu = "cd /run/user/${builtins.toString uid}"; + ne = "cd /etc"; + nd = "cd ${downloadDir}"; + nt = "cd /tmp"; + nh = "cd_project_root"; - gc = "cd ~/.config"; - gl = "cd ~/.local"; - gE = "cd /etc"; - gD = "cd ${downloadDir}"; - - "gU." = "cd /usr"; - gUs = " cd /usr/share"; - - gt = "cd /tmp"; + g = "cd_lf_make_map"; } diff --git a/modules/by-name/lf/lf/module.nix b/modules/by-name/lf/lf/module.nix index 8dfd0c52..daa236e6 100644 --- a/modules/by-name/lf/lf/module.nix +++ b/modules/by-name/lf/lf/module.nix @@ -85,7 +85,6 @@ in { drawbox = true; - # errorfmt = "\\033[1;91m==> ERROR:\\033[0m\\033[1;93m%s\\033[0m"; errorfmt = "\\033[1;91m%s\\033[0m"; hidden = true; # show hidden files icons = true; @@ -94,22 +93,6 @@ in { shell = "${lib.getExe pkgs.dash}"; shellopts = "-eu"; # e: exit on error; u: error for unset variables }; - extraConfig = '' - # Dynamically generate the cd mappings. - # This code dependends on the fact, that the lf server was started previously - # and keep running through `autoquit = false`. - # (Otherwise, the remote command is silently dropped: https://github.com/gokcehan/lf/issues/495) - &{{ - tmp="$(mktemp -t lf_make_map_dynamic_mapping_source_XXXXX)" - ${lib.getExe pkgs.lf-make-map} --depth 4 generate ~/media ~/repos ~/documents >"$tmp" - - lf -remote "send $id source $tmp" - sleep 1 - lf -remote "send $id source $tmp" - - rm "$tmp" - }} - ''; }; }; }; diff --git a/modules/by-name/bo/boot/tails_iso.nix b/pkgs/by-name/ta/tails-iso/package.nix index ec2b740b..87bfd0b2 100644 --- a/modules/by-name/bo/boot/tails_iso.nix +++ b/pkgs/by-name/ta/tails-iso/package.nix @@ -7,21 +7,28 @@ # # You should have received a copy of the License along with this program. # If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. -{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let - checked_iso = pkgs.stdenv.mkDerivation (finalAttrs: { - pname = "tails-iso"; - version = "amd64-7.8"; +{ + stdenv, + fetchurl, + sequoia-sq, + libarchive, # for bsdtar +}: let + files = builtins.fromJSON (builtins.readFile (./files.json)); + + checked_iso = stdenv.mkDerivation (finalAttrs: { + pname = "raw-tails-iso"; + version = "amd64-${files.version}"; srcs = [ - (pkgs.fetchurl { + (fetchurl { url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig"; - hash = "sha256-58vDQdXQYYqeVUHzupmDPtVVpSrxtT25+gwHe2OfvkA="; + hash = files.files."iso.sig"; }) - (pkgs.fetchurl { + (fetchurl { url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso"; - hash = "sha256-ewLHQ+3iI3aHgvKdBgysQ9QAudQ7AM83WP+VdYFmxt0="; + hash = files.files."iso"; }) - (pkgs.fetchurl { + (fetchurl { url = "https://tails.net/tails-signing.key"; hash = "sha256-OwdqyM7o7K6F5Km0U1RU3hzsnaT+Yw0sjQk/thMeq1k="; }) @@ -30,7 +37,7 @@ dontUnpack = true; nativeBuildInputs = [ - pkgs.sequoia-sq + sequoia-sq ]; buildPhase = @@ -53,15 +60,16 @@ ''; }); in - pkgs.stdenv.mkDerivation { - name = "live_iso_boot_entry"; + stdenv.mkDerivation { + pname = "tails-iso-package"; + inherit (checked_iso) version; src = checked_iso; dontUnpack = true; - nativeBuildInputs = with pkgs; [ - libarchive # for bsdtar + nativeBuildInputs = [ + libarchive ]; buildPhase = '' @@ -69,10 +77,15 @@ in bsdtar -xf "$src" -C iso ''; + passthru = { + inherit (files) version; + }; + installPhase = '' - install -D ./iso/live/initrd.img "$out/live/initramfs-linux.img" + install -D "$src" "$out/tails.iso" install -D ./iso/live/vmlinuz "$out/live/vmlinuz-linux" + install -D ./iso/live/initrd.img "$out/live/initrd.img" - install -D "$src" "$out/tails.iso" + chmod --recursive -x $out/tails.iso $out/live/* ''; } |