diff --git a/flake.lock b/flake.lock index 04c68dc30..368d72b98 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "crane": { "locked": { - "lastModified": 1730652660, - "narHash": "sha256-+XVYfmVXAiYA0FZT7ijHf555dxCe+AoAT5A6RU+6vSo=", + "lastModified": 1732407143, + "narHash": "sha256-qJOGDT6PACoX+GbNH2PPx2ievlmtT1NVeTB80EkRLys=", "owner": "ipetkov", "repo": "crane", - "rev": "a4ca93905455c07cb7e3aca95d4faf7601cba458", + "rev": "f2b4b472983817021d9ffb60838b2b36b9376b20", "type": "github" }, "original": { @@ -294,17 +294,17 @@ ] }, "locked": { - "lastModified": 1732205024, - "narHash": "sha256-EabYKJfE0sX7NcXW6c2QIjJNR/CVIzFLyu2A8EPONUE=", + "lastModified": 1732525723, + "narHash": "sha256-jVFX83qFFWpEtp5F5Is+4Wd4da/XkPHUBSr1m6dT2Mg=", "owner": "tiiuae", "repo": "ghaf-givc", - "rev": "63e19e1b61a669a21c1bdd0ae5a8e169b2f2d2f6", + "rev": "0467bef54a34a23dfd72ad2bb35715b8021651d3", "type": "github" }, "original": { "owner": "tiiuae", "repo": "ghaf-givc", - "rev": "63e19e1b61a669a21c1bdd0ae5a8e169b2f2d2f6", + "rev": "0467bef54a34a23dfd72ad2bb35715b8021651d3", "type": "github" } }, diff --git a/flake.nix b/flake.nix index c30670bfa..eef1c0995 100644 --- a/flake.nix +++ b/flake.nix @@ -144,7 +144,7 @@ }; givc = { - url = "github:tiiuae/ghaf-givc/63e19e1b61a669a21c1bdd0ae5a8e169b2f2d2f6"; + url = "github:tiiuae/ghaf-givc/0467bef54a34a23dfd72ad2bb35715b8021651d3"; inputs = { nixpkgs.follows = "nixpkgs"; flake-parts.follows = "flake-parts"; diff --git a/modules/common/networking/hosts.nix b/modules/common/networking/hosts.nix index a8ad1c0d6..0960894ba 100644 --- a/modules/common/networking/hosts.nix +++ b/modules/common/networking/hosts.nix @@ -32,19 +32,12 @@ let # please note that .100. network is not # reachable from ghaf-host. It's only reachable # guest-to-guest. - # Use to .101. (debug) to access guests from host. - # debug network hosts are post-fixed: -debug - ipBase = "192.168.100"; - debugBase = "192.168.101"; + network = "192.168.100"; hostsEntries = [ { ip = 1; name = "net-vm"; } - { - ip = 2; - name = "ghaf-host"; - } { ip = 3; name = "gui-vm"; @@ -83,21 +76,36 @@ let } ]; + # Use to .101. (debug) to access guests from host. You have to hop over net-vm. + # Debug network hosts are post-fixed: -debug + debugNetwork = "192.168.101"; + hostsDebugEntries = [ + { + ip = 1; + name = "net-vm"; + } + { + ip = 2; + name = "ghaf-host"; + } + { + ip = 10; + name = "admin-vm"; + } + ]; + mkHostEntry = + ipBase: { ip, name }: { name = "${name}"; ip = "${ipBase}.${toString ip}"; }; - mkHostEntryDebug = - { ip, name }: - { - name = "${name}-debug"; - ip = "${debugBase}.${toString ip}"; - }; - entries = - (map mkHostEntry hostsEntries) - ++ optionals config.ghaf.profiles.debug.enable (map mkHostEntryDebug hostsEntries); + + entries = map (mkHostEntry network) hostsEntries; + debugEntries = optionals config.ghaf.profiles.debug.enable ( + map (mkHostEntry debugNetwork) hostsDebugEntries + ); in { options.ghaf.networking.hosts = { @@ -111,17 +119,25 @@ in ''; default = null; }; + debugEntries = mkOption { + type = types.listOf hostsEntrySubmodule; + description = '' + List of hosts entries for the debug network. + ''; + default = null; + }; }; config = mkIf cfg.enable { ghaf.networking.hosts = { inherit entries; + inherit debugEntries; }; networking.hosts = foldr recursiveUpdate { } ( map (vm: { "${vm.ip}" = [ "${vm.name}" ]; - }) config.ghaf.networking.hosts.entries + }) (config.ghaf.networking.hosts.entries ++ config.ghaf.networking.hosts.debugEntries) ); }; } diff --git a/modules/common/services/desktop.nix b/modules/common/services/desktop.nix index f3223588b..2ef0f6cd1 100644 --- a/modules/common/services/desktop.nix +++ b/modules/common/services/desktop.nix @@ -7,13 +7,12 @@ ... }: let - inherit (builtins) hasAttr replaceStrings; + inherit (builtins) hasAttr; inherit (lib) mkIf mkEnableOption optionals optionalAttrs - optionalString ; cfg = config.ghaf.services.desktop; @@ -27,6 +26,7 @@ let { } else { }; + givc-cli-wrapper = pkgs.callPackage ../../../packages/givc-cli-wrapper { inherit config pkgs lib; }; in # TODO: The desktop configuration needs to be re-worked. # TODO it needs to be moved out of common and the launchers have to be set bu the reference programs NOT here @@ -40,17 +40,6 @@ in profiles.graphics.compositor = "labwc"; graphics = { launchers = - let - cliArgs = replaceStrings [ "\n" ] [ " " ] '' - --name ${config.ghaf.givc.adminConfig.name} - --addr ${config.ghaf.givc.adminConfig.addr} - --port ${config.ghaf.givc.adminConfig.port} - ${optionalString config.ghaf.givc.enableTls "--cacert /run/givc/ca-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--cert /run/givc/gui-vm-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--key /run/givc/gui-vm-key.pem"} - ${optionalString (!config.ghaf.givc.enableTls) "--notls"} - ''; - in [ # { # # The SPKI fingerprint is calculated like this: @@ -59,7 +48,7 @@ in # name = "Chromium"; # description = "Isolated General Browsing"; # vm = "Chromium"; - # path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start chromium"; + # path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start chromium"; # icon = "chromium"; # } @@ -67,7 +56,7 @@ in name = "Trusted Browser"; description = "Isolated Trusted Browsing"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm google-chrome"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm google-chrome"; icon = "thorium-browser"; } { @@ -77,7 +66,7 @@ in name = "Google Chrome"; description = "Isolated General Browsing"; vm = "Chrome"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm chrome-vm google-chrome"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm chrome-vm google-chrome"; icon = "google-chrome"; } @@ -85,7 +74,7 @@ in name = "VPN"; description = "GlobalProtect VPN Client"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm gpclient"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm gpclient"; icon = "yast-vpn"; } @@ -93,35 +82,35 @@ in name = "Microsoft Outlook"; description = "Microsoft Email Client"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm outlook"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm outlook"; icon = "ms-outlook"; } { name = "Microsoft 365"; description = "Microsoft 365 Software Suite"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm office"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm office"; icon = "microsoft-365"; } { name = "Teams"; description = "Microsoft Teams Collaboration Application"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm teams"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm teams"; icon = "teams-for-linux"; } { name = "Text Editor"; description = "Simple Text Editor"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm gnome-text-editor"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm gnome-text-editor"; icon = "org.gnome.TextEditor"; } { name = "Xarchiver"; description = "File Compressor"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm xarchiver"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm xarchiver"; icon = "xarchiver"; } @@ -129,7 +118,7 @@ in name = "GALA"; description = "Secure Android-in-the-Cloud"; vm = "GALA"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start gala"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start gala"; icon = "distributor-logo-android"; } @@ -137,7 +126,7 @@ in name = "PDF Viewer"; description = "Isolated PDF Viewer"; vm = "Zathura"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm zathura-vm zathura"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm zathura-vm zathura"; icon = "document-viewer"; } @@ -145,7 +134,7 @@ in name = "Element"; description = "General Messaging Application"; vm = "Comms"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm comms-vm element"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm comms-vm element"; icon = "element-desktop"; } @@ -153,7 +142,7 @@ in name = "Slack"; description = "Teams Collaboration & Messaging Application"; vm = "Comms"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm comms-vm slack"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm comms-vm slack"; icon = "slack"; } @@ -161,7 +150,7 @@ in name = "Zoom"; description = "Zoom Videoconferencing Application"; vm = "Comms"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm comms-vm zoom"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm comms-vm zoom"; } { @@ -203,7 +192,7 @@ in name = "Video Editor"; description = "Losslesscut Video Editor"; vm = "Business"; - path = "${pkgs.givc-cli}/bin/givc-cli ${cliArgs} start --vm business-vm losslesscut"; + path = "${givc-cli-wrapper}/bin/givc-cli-wrapper start --vm business-vm losslesscut"; icon = "${pkgs.losslesscut-bin}/share/icons/losslesscut.png"; } diff --git a/modules/desktop/graphics/ewwbar.nix b/modules/desktop/graphics/ewwbar.nix index b2fc0a2ab..a3f3a6922 100644 --- a/modules/desktop/graphics/ewwbar.nix +++ b/modules/desktop/graphics/ewwbar.nix @@ -7,12 +7,12 @@ ... }: let - inherit (builtins) replaceStrings; inherit (lib) optionalString; cfg = config.ghaf.graphics.labwc; useGivc = config.ghaf.givc.enable; ghaf-workspace = pkgs.callPackage ../../../packages/ghaf-workspace { }; + givc-cli-wrapper = pkgs.callPackage ../../../packages/givc-cli-wrapper { inherit config pkgs lib; }; inherit (config.ghaf.services.audio) pulseaudioTcpControlPort; launcher-icon = "${pkgs.ghaf-artwork}/icons/launcher.svg"; @@ -54,16 +54,6 @@ let # Called by eww.yuck for updates and reloads eww = "${pkgs.eww}/bin/eww -c /etc/eww"; - cliArgs = replaceStrings [ "\n" ] [ " " ] '' - --name ${config.ghaf.givc.adminConfig.name} - --addr ${config.ghaf.givc.adminConfig.addr} - --port ${config.ghaf.givc.adminConfig.port} - ${optionalString config.ghaf.givc.enableTls "--cacert /run/givc/ca-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--cert /run/givc/gui-vm-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--key /run/givc/gui-vm-key.pem"} - ${optionalString (!config.ghaf.givc.enableTls) "--notls"} - ''; - eww-bat = pkgs.writeShellApplication { name = "eww-bat"; runtimeInputs = [ @@ -193,7 +183,7 @@ let if ! [[ $workspace =~ ^[0-9]+$ ]] ; then workspace="1" fi - + ${eww} update \ volume="$volume" \ brightness="$brightness" \ @@ -242,7 +232,7 @@ let kill "$popup_timer_pid" 2>/dev/null popup_timer_pid=0 fi - + if ! ${eww} active-windows | grep -q "brightness-popup"; then ${eww} open brightness-popup ${eww} update brightness-popup-visible="true" @@ -415,7 +405,7 @@ let eww-power = pkgs.writeShellApplication { name = "eww-power"; - runtimeInputs = if useGivc then [ pkgs.givc-cli ] else [ pkgs.systemd ]; + runtimeInputs = if useGivc then [ givc-cli-wrapper ] else [ pkgs.systemd ]; bashOptions = [ ]; text = '' if [ $# -ne 1 ]; then @@ -424,7 +414,7 @@ let case "$1" in reboot|poweroff) - ${if useGivc then "givc-cli ${cliArgs}" else "systemctl"} "$1" + ${if useGivc then "givc-cli-wrapper" else "systemctl"} "$1" ;; suspend) # Lock sessions @@ -434,7 +424,7 @@ let WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --off '*' # Send suspend command to host - ${if useGivc then "${pkgs.givc-cli}/bin/givc-cli ${cliArgs}" else "systemctl"} suspend + ${if useGivc then "${givc-cli-wrapper}/bin/givc-cli-wrapper" else "systemctl"} suspend # Switch on display on wakeup WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --on '*' @@ -453,7 +443,7 @@ in environment.etc."eww/eww.yuck" = { text = '' ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ;; Variables ;; + ;; Variables ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (defpoll keyboard_layout :interval "5s" "${pkgs.xorg.setxkbmap}/bin/setxkbmap -query | ${pkgs.gawk}/bin/awk '/layout/{print $2}' | tr a-z A-Z") (defpoll battery :interval "5s" :initial "{}" "${eww-bat}/bin/eww-bat get") @@ -471,7 +461,7 @@ in ;; (defpoll bluetooth :interval "3s" :initial "{}" "${pkgs.bt-launcher}/bin/bt-launcher status") ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ;; Widgets ;; + ;; Widgets ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Launcher ;; (defwidget launcher [] @@ -481,20 +471,20 @@ in :style "background-image: url(\"${launcher-icon}\")"))) ;; Generic slider widget ;; - (defwidget sys_slider [?header icon ?settings-icon level ?onchange ?settings-onclick ?icon-onclick ?class ?font-icon ?min] + (defwidget sys_slider [?header icon ?settings-icon level ?onchange ?settings-onclick ?icon-onclick ?class ?font-icon ?min] (box :orientation "v" :class "qs-slider" :spacing 10 :space-evenly false - (label :class "header" - :visible { header != "" && header != "null" ? "true" : "false" } + (label :class "header" + :visible { header != "" && header != "null" ? "true" : "false" } :text header :halign "start" :hexpand true) - (box :orientation "h" + (box :orientation "h" :valign "end" :space-evenly false - (eventbox + (eventbox :active { icon-onclick != "" && icon-onclick != "null" ? "true" : "false" } :visible {font-icon == "" ? "true" : "false"} :onclick icon-onclick @@ -514,9 +504,9 @@ in :halign "fill" :value level :onchange onchange - :max 101 + :max 101 :min { min ?: 0 })) - (eventbox + (eventbox :visible { settings-onclick != "" && settings-onclick != "null" ? "true" : "false" } :onclick settings-onclick :class "settings" @@ -545,15 +535,15 @@ in :onchange "${eww-brightness}/bin/eww-brightness set_screen {} &"))) ;; Generic Widget Buttons For Quick Settings ;; - (defwidget widget_button [icon ?title ?header ?subtitle ?onclick ?font-icon ?class] + (defwidget widget_button [icon ?title ?header ?subtitle ?onclick ?font-icon ?class] (eventbox :class { class == "" ? "widget-button" : "''${class}" } :onclick onclick (box :orientation "v" :class "inner-box" :spacing 6 :space-evenly false - (label :class "header" - :visible { header != "" && header != "null" ? "true" : "false" } + (label :class "header" + :visible { header != "" && header != "null" ? "true" : "false" } :text header :hexpand true :vexpand true @@ -575,7 +565,7 @@ in (label :class "icon" :visible {font-icon != "" ? "true" : "false"} :text font-icon) (box :class "text" :valign "center" - :orientation "v" + :orientation "v" :spacing 3 :halign "start" :hexpand true @@ -643,10 +633,10 @@ in :visible { EWW_BATTERY != "" ? "true" : "false" } :header "Battery" :title {EWW_BATTERY != "" ? "''${battery.capacity}%" : "100%"} - :subtitle { battery.status == 'Charging' ? "Charging" : - battery.hours != "0" && battery.minutes != "0" ? "''${battery.hours}h ''${battery.minutes}m" : + :subtitle { battery.status == 'Charging' ? "Charging" : + battery.hours != "0" && battery.minutes != "0" ? "''${battery.hours}h ''${battery.minutes}m" : battery.hours == "0" && battery.minutes != "0" ? "''${battery.minutes}m" : - battery.hours != "0" && battery.minutes == "0" ? "''${battery.hours}h" : + battery.hours != "0" && battery.minutes == "0" ? "''${battery.hours}h" : "" } :icon {battery.icon}) (widget_button @@ -657,10 +647,10 @@ in ;; Quick Settings Widget ;; (defwidget quick-settings-widget [] - (box :class "floating-widget" + (box :class "floating-widget" :orientation "v" :space-evenly false - (box + (box :class "wrapper_widget" :space-evenly false :spacing 10 @@ -670,10 +660,10 @@ in ;; Power Menu Widget ;; (defwidget power-menu-widget [] - (box :class "floating-widget" + (box :class "floating-widget" :orientation "v" :space-evenly false - (box + (box :class "wrapper_widget" :space-evenly false :orientation "v" @@ -709,9 +699,9 @@ in ''${EWW_CMD} open --screen ''${screen} closer --arg window=\"quick-settings\" && ''${EWW_CMD} open --screen ''${screen} quick-settings; \ fi &" (box :orientation "h" - :space-evenly "false" + :space-evenly "false" :spacing 14 - :valign "center" + :valign "center" (box :class "icon" :hexpand false :style "background-image: url(\"''${bright-icon}\")") @@ -724,9 +714,9 @@ in ;; Power Menu Launcher ;; (defwidget power-menu-launcher [screen] - (button :class "icon_button icon" - :halign "center" - :valign "center" + (button :class "icon_button icon" + :halign "center" + :valign "center" :onclick "if ''${EWW_CMD} active-windows | grep -q 'power-menu'; then \ ''${EWW_CMD} close closer power-menu & \ else \ @@ -741,12 +731,12 @@ in ;; so the user can close the specified window (widget) simply by clicking "outside" (defwidget closer [window] (eventbox :onclick "(''${EWW_CMD} close ''${window} closer) &")) - ;; Quick Settings Launcher ;; + ;; Quick Settings Launcher ;; (defwidget control [screen] - (box :orientation "h" - :space-evenly "false" + (box :orientation "h" + :space-evenly "false" :spacing 14 - :valign "center" + :valign "center" :class "control" (quick-settings-button :screen screen :bright-icon {brightness.icon} @@ -770,13 +760,13 @@ in ;; Clock ;; (defwidget time [] - (label + (label :text "''${formattime(EWW_TIME, "%H:%M")}" :class "time")) ;; Date ;; (defwidget date [screen] - (button + (button :onclick "''${EWW_CMD} update calendar_day=\"$(date +%d)\" calendar_month=\"$(date +%-m)\" calendar_year=\"$(date +%Y)\" & \ if ''${EWW_CMD} active-windows | grep -q 'calendar'; then \ ''${EWW_CMD} close closer calendar & \ @@ -788,9 +778,9 @@ in ;; Calendar ;; (defwidget cal [] - (box :class "floating-widget" + (box :class "floating-widget" (box :class "wrapper_widget" - (calendar :class "cal" + (calendar :class "cal" :show-week-numbers false :day calendar_day :month calendar_month @@ -805,7 +795,7 @@ in :tooltip "Current workspace" :onclick {workspaces-visible == "false" ? "''${EWW_CMD} update workspaces-visible=true" : "''${EWW_CMD} update workspaces-visible=false"} workspace) - (revealer + (revealer :transition "slideright" :duration "250ms" :reveal workspaces-visible @@ -820,36 +810,36 @@ in "2")))))) (defwidget left [] - (box - :orientation "h" + (box + :orientation "h" :space-evenly "false" - :spacing 14 - :halign "start" - :valign "center" + :spacing 14 + :halign "start" + :valign "center" (launcher) (divider) (workspaces))) ;; Right Widgets ;; (defwidget datetime-locale [screen] - (box + (box :orientation "h" :space-evenly "false" :spacing 14 (language) (box - :orientation "h" - :space-evenly "true" + :orientation "h" + :space-evenly "true" :spacing 14 (time) (date :screen screen)))) ;; End Widgets ;; (defwidget end [screen] - (box :orientation "h" - :space-evenly "false" - :halign "end" - :valign "center" + (box :orientation "h" + :space-evenly "false" + :halign "end" + :valign "center" :spacing 14 (systray :orientation "h" :spacing 14 :prepend-new true :class "tray") (divider) @@ -860,24 +850,24 @@ in ;; Bar ;; (defwidget bar [screen] - (box + (box :class "eww_bar" - :orientation "h" - :vexpand "false" + :orientation "h" + :vexpand "false" :hexpand "false" (left) (end :screen screen))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ;; Windows ;; + ;; Windows ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Bar Window ;; (defwindow bar [screen] - :geometry (geometry - :x "0px" - :y "0px" + :geometry (geometry + :x "0px" + :y "0px" :height "36px" - :width "100%" + :width "100%" :anchor "top center") :wm-ignore true :windowtype "normal" @@ -889,7 +879,7 @@ in ;; Calendar Window ;; (defwindow calendar - :geometry (geometry :y "0px" + :geometry (geometry :y "0px" :x "0px" :anchor "top right") :stacking "fg" @@ -906,7 +896,7 @@ in ${lib.optionalString useGivc '' ;; Quick settings window ;; (defwindow quick-settings - :geometry (geometry :y "0px" + :geometry (geometry :y "0px" :x "0px" :anchor "top right") :stacking "fg" @@ -1181,21 +1171,21 @@ in } } - .qs-widget { + .qs-widget { @include unset($rec: true); @include qs-widget; } - .wrapper_widget { + .wrapper_widget { @include unset($rec: true); - @include wrapper_widget; + @include wrapper_widget; } .icon { @include icon; } .floating-widget { @include floating_widget; } - .qs-slider { + .qs-slider { @include unset($rec: true); @include sys-sliders; @include qs-widget($min-height: 0px); diff --git a/modules/givc/adminvm.nix b/modules/givc/adminvm.nix index 7b61b6301..4aae2dd31 100644 --- a/modules/givc/adminvm.nix +++ b/modules/givc/adminvm.nix @@ -16,11 +16,9 @@ in enable = true; inherit (config.ghaf.givc) debug; inherit (config.ghaf.givc.adminConfig) name; - inherit (config.ghaf.givc.adminConfig) addr; - inherit (config.ghaf.givc.adminConfig) port; - inherit (config.ghaf.givc.adminConfig) protocol; + inherit (config.ghaf.givc.adminConfig) addresses; services = [ - "givc-ghaf-host-debug.service" + "givc-ghaf-host.service" "givc-net-vm.service" "givc-gui-vm.service" "givc-audio-vm.service" diff --git a/modules/givc/appvm.nix b/modules/givc/appvm.nix index f0e698e27..e4454bfa9 100644 --- a/modules/givc/appvm.nix +++ b/modules/givc/appvm.nix @@ -13,18 +13,17 @@ let mkEnableOption mkIf types + head + filter + strings ; - vmEntry = vm: builtins.filter (x: x.name == vm) config.ghaf.networking.hosts.entries; - address = vm: lib.head (builtins.map (x: x.ip) (vmEntry vm)); + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.entries)); + admin = head (filter (x: strings.hasInfix ".100." x.addr) config.ghaf.givc.adminConfig.addresses); in { options.ghaf.givc.appvm = { enable = mkEnableOption "Enable appvm givc module."; - name = mkOption { - type = types.str; - default = "appvm"; - description = "Name of the appvm."; - }; applications = mkOption { type = types.listOf types.attrs; default = [ { } ]; @@ -37,14 +36,14 @@ in givc.appvm = { enable = true; inherit (config.ghaf.givc) debug; + inherit admin; agent = { - inherit (cfg) name; - addr = address cfg.name; + name = config.networking.hostName; + addr = getIp config.networking.hostName; port = "9000"; }; inherit (cfg) applications; tls.enable = config.ghaf.givc.enableTls; - admin = config.ghaf.givc.adminConfig; }; # Quick fix to allow linger (linger option in user def. currently doesn't work, e.g., bc mutable) diff --git a/modules/givc/audiovm.nix b/modules/givc/audiovm.nix index a048f5c26..acb44b397 100644 --- a/modules/givc/audiovm.nix +++ b/modules/givc/audiovm.nix @@ -3,11 +3,17 @@ { config, lib, ... }: let cfg = config.ghaf.givc.audiovm; - inherit (lib) mkEnableOption mkIf; - hostName = "audio-vm"; + inherit (lib) + mkEnableOption + mkIf + head + filter + strings + ; + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.entries)); + admin = head (filter (x: strings.hasInfix ".100." x.addr) config.ghaf.givc.adminConfig.addresses); guivmName = "gui-vm"; - vmEntry = vm: builtins.filter (x: x.name == vm) config.ghaf.networking.hosts.entries; - address = vm: lib.head (builtins.map (x: x.ip) (vmEntry vm)); in { options.ghaf.givc.audiovm = { @@ -19,18 +25,18 @@ in givc.sysvm = { enable = true; inherit (config.ghaf.givc) debug; + inherit admin; agent = { - name = hostName; - addr = address hostName; + name = config.networking.hostName; + addr = getIp config.networking.hostName; port = "9000"; }; tls.enable = config.ghaf.givc.enableTls; - admin = config.ghaf.givc.adminConfig; socketProxy = [ { transport = { name = guivmName; - addr = address guivmName; + addr = getIp guivmName; port = "9011"; protocol = "tcp"; }; diff --git a/modules/givc/common.nix b/modules/givc/common.nix index a7b929f46..274170735 100644 --- a/modules/givc/common.nix +++ b/modules/givc/common.nix @@ -8,11 +8,38 @@ let mkEnableOption mkIf types + head + filter ; + name = "admin-vm"; mitmEnabled = config.ghaf.virtualization.microvm.idsvm.enable && config.ghaf.virtualization.microvm.idsvm.mitmproxy.enable; mitmExtraArgs = lib.optionalString mitmEnabled "--user-data-dir=/home/${config.ghaf.users.accounts.user}/.config/google-chrome/Default --test-type --ignore-certificate-errors-spki-list=Bq49YmAq1CG6FuBzp8nsyRXumW7Dmkp7QQ/F82azxGU="; + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.entries)); + getIpDebug = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.debugEntries)); + addressSubmodule = types.submodule { + options = { + name = mkOption { + description = "Name of the IP range for parsing"; + type = types.str; + }; + addr = mkOption { + description = "IP address of admin server"; + type = types.str; + }; + port = mkOption { + description = "Port of admin server"; + type = types.str; + }; + protocol = mkOption { + description = "Protocol of admin server"; + type = types.str; + }; + }; + }; in { options.ghaf.givc = { @@ -21,7 +48,7 @@ in enableTls = mkOption { description = "Enable TLS for gRPC communication globally, or disable for debugging."; type = types.bool; - default = false; + default = true; }; idsExtraArgs = mkOption { description = "Extra arguments for applications when IDS/MITM is enabled."; @@ -41,17 +68,9 @@ in description = "Host name of admin server"; type = types.str; }; - addr = mkOption { - description = "Address of admin server"; - type = types.str; - }; - port = mkOption { - description = "Port of admin server"; - type = types.str; - }; - protocol = mkOption { - description = "Protocol of admin server"; - type = types.str; + addresses = mkOption { + description = "Addresses of admin server"; + type = types.listOf addressSubmodule; }; }; }; @@ -59,16 +78,22 @@ in }; config = mkIf cfg.enable { # Givc admin server configuration - ghaf.givc.adminConfig = - let - adminvmEntry = builtins.filter (x: x.name == "admin-vm-debug") config.ghaf.networking.hosts.entries; - addr = lib.head (builtins.map (x: x.ip) adminvmEntry); - in - { - name = "admin-vm-debug"; - inherit addr; - port = "9001"; - protocol = "tcp"; - }; + ghaf.givc.adminConfig = { + inherit name; + addresses = [ + { + inherit name; + addr = getIp name; + port = "9001"; + protocol = "tcp"; + } + { + inherit name; + addr = getIpDebug name; + port = "9001"; + protocol = "tcp"; + } + ]; + }; }; } diff --git a/modules/givc/flake-module.nix b/modules/givc/flake-module.nix index 1e9ae0e89..a71131972 100644 --- a/modules/givc/flake-module.nix +++ b/modules/givc/flake-module.nix @@ -10,6 +10,7 @@ ]; givc-host.imports = [ inputs.givc.nixosModules.host + inputs.givc.nixosModules.tls ./common.nix ./host.nix { diff --git a/modules/givc/guivm.nix b/modules/givc/guivm.nix index c2807127b..84983b3c8 100644 --- a/modules/givc/guivm.nix +++ b/modules/givc/guivm.nix @@ -1,14 +1,24 @@ # Copyright 2022-2024 TII (SSRC) and the Ghaf contributors # SPDX-License-Identifier: Apache-2.0 -{ config, lib, ... }: +{ + config, + lib, + ... +}: let cfg = config.ghaf.givc.guivm; - inherit (lib) mkEnableOption mkIf; - hostName = "gui-vm"; + inherit (lib) + mkEnableOption + mkIf + head + filter + strings + ; + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.entries)); + admin = head (filter (x: strings.hasInfix ".100." x.addr) config.ghaf.givc.adminConfig.addresses); netvmName = "net-vm"; audiovmName = "audio-vm"; - vmEntry = vm: builtins.filter (x: x.name == vm) config.ghaf.networking.hosts.entries; - address = vm: lib.head (builtins.map (x: x.ip) (vmEntry vm)); in { options.ghaf.givc.guivm = { @@ -19,19 +29,20 @@ in # Configure guivm service givc.sysvm = { enable = true; + inherit (config.ghaf.givc) debug; + inherit admin; agent = { - name = hostName; - addr = address hostName; + name = config.networking.hostName; + addr = getIp config.networking.hostName; port = "9000"; }; - inherit (config.ghaf.givc) debug; tls.enable = config.ghaf.givc.enableTls; - admin = config.ghaf.givc.adminConfig; + enableUserTlsAccess = config.ghaf.givc.enableTls; socketProxy = [ { transport = { name = netvmName; - addr = address netvmName; + addr = getIp netvmName; port = "9010"; protocol = "tcp"; }; @@ -40,7 +51,7 @@ in { transport = { name = audiovmName; - addr = address audiovmName; + addr = getIp audiovmName; port = "9011"; protocol = "tcp"; }; diff --git a/modules/givc/host.nix b/modules/givc/host.nix index 1b1ceeb8e..e03092f35 100644 --- a/modules/givc/host.nix +++ b/modules/givc/host.nix @@ -8,11 +8,22 @@ }: let cfg = config.ghaf.givc.host; - inherit (builtins) map filter attrNames; - inherit (lib) mkEnableOption mkIf head; - hostName = "ghaf-host-debug"; - vmEntry = vm: builtins.filter (x: x.name == vm) config.ghaf.networking.hosts.entries; - address = vm: lib.head (builtins.map (x: x.ip) (vmEntry vm)); + inherit (builtins) map attrNames; + inherit (lib) + mkEnableOption + mkIf + head + filter + strings + ; + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.debugEntries)); + adminAddress = head ( + filter (x: strings.hasInfix ".101." x.addr) config.ghaf.givc.adminConfig.addresses + ); + agentAddresses = + config.ghaf.networking.hosts.entries + ++ (filter (x: lib.strings.hasInfix "host" x.name) config.ghaf.networking.hosts.debugEntries); in { options.ghaf.givc.host = { @@ -24,9 +35,13 @@ in givc.host = { enable = true; inherit (config.ghaf.givc) debug; + admin = { + inherit (config.ghaf.givc.adminConfig) name; + inherit (adminAddress) addr port protocol; + }; agent = { - name = hostName; - addr = address hostName; + name = config.networking.hostName; + addr = getIp config.networking.hostName; port = "9000"; }; services = [ @@ -35,7 +50,18 @@ in "suspend.target" ] ++ map (vmName: "microvm@${vmName}.service") (attrNames config.microvm.vms); tls.enable = config.ghaf.givc.enableTls; - admin = config.ghaf.givc.adminConfig; + }; + + givc.tls = { + enable = config.ghaf.givc.enableTls; + agents = map (entry: { + inherit (entry) name; + addr = entry.ip; + }) agentAddresses; + adminTlsName = config.ghaf.givc.adminConfig.name; + adminAddresses = config.ghaf.givc.adminConfig.addresses; + generatorHostName = config.networking.hostName; + storagePath = "/storagevm"; }; }; } diff --git a/modules/givc/netvm.nix b/modules/givc/netvm.nix index a1a7cf1d1..d3244efe8 100644 --- a/modules/givc/netvm.nix +++ b/modules/givc/netvm.nix @@ -8,11 +8,17 @@ }: let cfg = config.ghaf.givc.netvm; - inherit (lib) mkEnableOption mkIf; - hostName = "net-vm"; + inherit (lib) + mkEnableOption + mkIf + head + filter + strings + ; + getIp = + name: head (map (x: x.ip) (filter (x: x.name == name) config.ghaf.networking.hosts.entries)); + admin = head (filter (x: strings.hasInfix ".100." x.addr) config.ghaf.givc.adminConfig.addresses); guivmName = "gui-vm"; - vmEntry = vm: builtins.filter (x: x.name == vm) config.ghaf.networking.hosts.entries; - address = vm: lib.head (builtins.map (x: x.ip) (vmEntry vm)); in { options.ghaf.givc.netvm = { @@ -24,20 +30,20 @@ in givc.sysvm = { enable = true; inherit (config.ghaf.givc) debug; + inherit admin; agent = { - name = hostName; - addr = address hostName; + name = config.networking.hostName; + addr = getIp config.networking.hostName; port = "9000"; }; wifiManager = true; hwidService = true; tls.enable = config.ghaf.givc.enableTls; - admin = config.ghaf.givc.adminConfig; socketProxy = [ { transport = { name = guivmName; - addr = address guivmName; + addr = getIp guivmName; port = "9010"; protocol = "tcp"; }; diff --git a/modules/microvm/virtualization/microvm/adminvm.nix b/modules/microvm/virtualization/microvm/adminvm.nix index 9e235a9ca..d548297f8 100644 --- a/modules/microvm/virtualization/microvm/adminvm.nix +++ b/modules/microvm/virtualization/microvm/adminvm.nix @@ -51,7 +51,7 @@ let }; storagevm = { enable = true; - name = "adminvm"; + name = vmName; files = [ "/etc/locale-givc.conf" "/etc/timezone.conf" diff --git a/modules/microvm/virtualization/microvm/appvm.nix b/modules/microvm/virtualization/microvm/appvm.nix index c0d40dc14..8c954998e 100644 --- a/modules/microvm/virtualization/microvm/appvm.nix +++ b/modules/microvm/virtualization/microvm/appvm.nix @@ -91,7 +91,7 @@ let storagevm = { enable = true; - name = "${vm.name}"; + name = "${vm.name}-vm"; users.${config.ghaf.users.accounts.user}.directories = [ ".config/" "Downloads" @@ -125,7 +125,6 @@ let environment.systemPackages = [ pkgs.tpm2-tools pkgs.opensc - pkgs.givc-cli ]; security.tpm2 = { diff --git a/modules/microvm/virtualization/microvm/audiovm.nix b/modules/microvm/virtualization/microvm/audiovm.nix index 438aa14ed..282569f58 100644 --- a/modules/microvm/virtualization/microvm/audiovm.nix +++ b/modules/microvm/virtualization/microvm/audiovm.nix @@ -64,7 +64,7 @@ let logging.client.endpoint = configHost.ghaf.logging.client.endpoint; storagevm = { enable = true; - name = "audiovm"; + name = vmName; }; }; diff --git a/modules/microvm/virtualization/microvm/common/storagevm.nix b/modules/microvm/virtualization/microvm/common/storagevm.nix index 3cb4621b3..45a62f7b3 100644 --- a/modules/microvm/virtualization/microvm/common/storagevm.nix +++ b/modules/microvm/virtualization/microvm/common/storagevm.nix @@ -4,9 +4,16 @@ let cfg = config.ghaf.storagevm; mountPath = "/guestStorage"; + inherit (lib) + mkEnableOption + mkOption + mkIf + types + # optionals + ; in { - options.ghaf.storagevm = with lib; { + options.ghaf.storagevm = { enable = mkEnableOption "StorageVM support"; name = mkOption { @@ -86,6 +93,7 @@ in hideMounts = true; directories = [ "/var/lib/nixos" + "/etc/givc" ]; files = [ diff --git a/modules/microvm/virtualization/microvm/common/vm-networking.nix b/modules/microvm/virtualization/microvm/common/vm-networking.nix index 6d9dc1886..b3439d585 100644 --- a/modules/microvm/virtualization/microvm/common/vm-networking.nix +++ b/modules/microvm/virtualization/microvm/common/vm-networking.nix @@ -5,18 +5,41 @@ lib, vmName, macAddress, - internalIP, isGateway ? false, ... }: let + + inherit (lib) + head + optionals + optionalAttrs + optionalString + ; + + # Network definitions networkName = "ethint0"; + + # Helper functions + networkEntryIp = net: builtins.map (x: x.ip) (builtins.filter (x: vmName == x.name) net); + networkAddress = + net: + let + addr = networkEntryIp net; + hasAddr = addr != [ ]; + in + "${optionalString hasAddr (head addr)}"; + releaseNetworkAddress = networkAddress config.ghaf.networking.hosts.entries; + debugNetworkAddress = networkAddress config.ghaf.networking.hosts.debugEntries; + + # Gateway address netVmEntry = builtins.filter (x: x.name == "net-vm") config.ghaf.networking.hosts.entries; netVmAddress = builtins.map (x: x.ip) netVmEntry; isIdsvmEnabled = config.ghaf.virtualization.microvm.idsvm.enable; idsVmEntry = builtins.filter (x: x.name == "ids-vm") config.ghaf.networking.hosts.entries; - idsVmAddress = lib.optionals isIdsvmEnabled (builtins.map (x: x.ip) idsVmEntry); + idsVmAddress = optionals isIdsvmEnabled (builtins.map (x: x.ip) idsVmEntry); gateway = if isIdsvmEnabled && (vmName != "ids-vm") then idsVmAddress else netVmAddress; + in { networking = { @@ -50,16 +73,15 @@ in networks."10-${networkName}" = { matchConfig.MACAddress = macAddress; addresses = - [ { Address = "192.168.100.${toString internalIP}/24"; } ] - ++ lib.optionals config.ghaf.profiles.debug.enable [ - { - # IP-address for debugging subnet - Address = "192.168.101.${toString internalIP}/24"; - } + optionals (releaseNetworkAddress != "") [ + { Address = "${releaseNetworkAddress}/24"; } + ] + ++ optionals (debugNetworkAddress != "") [ + { Address = "${debugNetworkAddress}/24"; } ]; linkConfig.RequiredForOnline = "routable"; linkConfig.ActivationPolicy = "always-up"; - } // lib.optionalAttrs (!isGateway) { inherit gateway; }; + } // optionalAttrs (!isGateway) { inherit gateway; }; }; # systemd-resolved does not support local names resolution diff --git a/modules/microvm/virtualization/microvm/guivm.nix b/modules/microvm/virtualization/microvm/guivm.nix index 56836713a..4cad0c462 100644 --- a/modules/microvm/virtualization/microvm/guivm.nix +++ b/modules/microvm/virtualization/microvm/guivm.nix @@ -31,18 +31,6 @@ let ../../../common/logging/client.nix ( { lib, pkgs, ... }: - let - inherit (builtins) replaceStrings; - cliArgs = replaceStrings [ "\n" ] [ " " ] '' - --name ${config.ghaf.givc.adminConfig.name} - --addr ${config.ghaf.givc.adminConfig.addr} - --port ${config.ghaf.givc.adminConfig.port} - ${lib.optionalString config.ghaf.givc.enableTls "--cacert /run/givc/ca-cert.pem"} - ${lib.optionalString config.ghaf.givc.enableTls "--cert /run/givc/ghaf-host-cert.pem"} - ${lib.optionalString config.ghaf.givc.enableTls "--key /run/givc/ghaf-host-key.pem"} - ${lib.optionalString (!config.ghaf.givc.enableTls) "--notls"} - ''; - in { ghaf = { users.accounts.enable = lib.mkDefault config.ghaf.users.accounts.enable; @@ -84,7 +72,7 @@ let logging.client.endpoint = config.ghaf.logging.client.endpoint; storagevm = { enable = true; - name = "guivm"; + name = vmName; directories = [ { directory = "/var/lib/private/ollama"; @@ -108,33 +96,39 @@ let services.acpid = lib.mkIf config.ghaf.givc.enable { enable = true; - lidEventCommands = '' - case "$1" in - "button/lid LID close") - # Lock sessions - ${pkgs.systemd}/bin/loginctl lock-sessions + lidEventCommands = + let + givc-cli-wrapper = pkgs.callPackage ../../../../packages/givc-cli-wrapper { + inherit config pkgs lib; + }; + in + '' + case "$1" in + "button/lid LID close") + # Lock sessions + ${pkgs.systemd}/bin/loginctl lock-sessions - # Switch off display, if wayland is running - if ${pkgs.procps}/bin/pgrep -fl "wayland" > /dev/null; then - wl_running=1 - WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --off '*' - else - wl_running=0 - fi + # Switch off display, if wayland is running + if ${pkgs.procps}/bin/pgrep -fl "wayland" > /dev/null; then + wl_running=1 + WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --off '*' + else + wl_running=0 + fi - # Initiate Suspension - ${pkgs.givc-cli}/bin/givc-cli ${cliArgs} suspend + # Initiate Suspension + ${givc-cli-wrapper}/bin/givc-cli-wrapper suspend - # Enable display - if [ "$wl_running" -eq 1 ]; then - WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --on '*' - fi - ;; - "button/lid LID open") - # Command to run when the lid is opened - ;; - esac - ''; + # Enable display + if [ "$wl_running" -eq 1 ]; then + WAYLAND_DISPLAY=/run/user/${builtins.toString config.ghaf.users.accounts.uid}/wayland-0 ${pkgs.wlopm}/bin/wlopm --on '*' + fi + ;; + "button/lid LID open") + # Command to run when the lid is opened + ;; + esac + ''; }; systemd.services."waypipe-ssh-keygen" = diff --git a/modules/microvm/virtualization/microvm/microvm-host.nix b/modules/microvm/virtualization/microvm/microvm-host.nix index b1c57274c..9a2f5a630 100644 --- a/modules/microvm/virtualization/microvm/microvm-host.nix +++ b/modules/microvm/virtualization/microvm/microvm-host.nix @@ -9,6 +9,8 @@ }: let cfg = config.ghaf.virtualization.microvm-host; + listenerAddress = config.ghaf.logging.listener.address; + listenerPort = toString config.ghaf.logging.listener.port; in { imports = [ @@ -36,25 +38,39 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { microvm.host.enable = true; - ghaf.systemd = { - withName = "host-systemd"; - enable = true; - boot.enable = true; - withAudit = config.ghaf.profiles.debug.enable; - withPolkit = true; - withTpm2Tss = pkgs.stdenv.hostPlatform.isx86; - withRepart = true; - withFido2 = true; - withCryptsetup = true; - withLocaled = true; - withTimesyncd = cfg.networkSupport; - withNss = cfg.networkSupport; - withResolved = cfg.networkSupport; - withSerial = config.ghaf.profiles.debug.enable; - withDebug = config.ghaf.profiles.debug.enable; - withHardenedConfigs = true; + ghaf = { + systemd = { + withName = "host-systemd"; + enable = true; + boot.enable = true; + withAudit = config.ghaf.profiles.debug.enable; + withPolkit = true; + withTpm2Tss = pkgs.stdenv.hostPlatform.isx86; + withRepart = true; + withFido2 = true; + withCryptsetup = true; + withLocaled = true; + withTimesyncd = cfg.networkSupport; + withNss = cfg.networkSupport; + withResolved = cfg.networkSupport; + withSerial = config.ghaf.profiles.debug.enable; + withDebug = config.ghaf.profiles.debug.enable; + withHardenedConfigs = true; + }; + givc.host.enable = true; + + # Logging configuration + logging = { + client = { + enable = true; + endpoint = "http://${listenerAddress}:${listenerPort}/loki/api/v1/push"; + }; + listener = { + address = "admin-vm"; + port = 9999; + }; + }; }; - ghaf.givc.host.enable = true; services.logind.lidSwitch = "ignore"; # TODO: remove hardcoded paths diff --git a/modules/microvm/virtualization/microvm/netvm.nix b/modules/microvm/virtualization/microvm/netvm.nix index 9fa2830a5..0df787e71 100644 --- a/modules/microvm/virtualization/microvm/netvm.nix +++ b/modules/microvm/virtualization/microvm/netvm.nix @@ -68,8 +68,10 @@ let logging.client.endpoint = config.ghaf.logging.client.endpoint; storagevm = { enable = true; - name = "netvm"; - directories = [ "/etc/NetworkManager/system-connections/" ]; + name = vmName; + directories = [ + "/etc/NetworkManager/system-connections/" + ]; }; }; diff --git a/modules/reference/appvms/appflowy.nix b/modules/reference/appvms/appflowy.nix deleted file mode 100644 index 7a7604abf..000000000 --- a/modules/reference/appvms/appflowy.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2024 TII (SSRC) and the Ghaf contributors -# SPDX-License-Identifier: Apache-2.0 -# -{ - lib, - pkgs, - config, - ... -}: -{ - name = "appflowy"; - packages = [ pkgs.appflowy ]; - macAddress = "02:00:00:03:08:01"; - ramMb = 768; - cores = 1; - extraModules = [ - { - hardware.graphics.enable = true; - time.timeZone = config.time.timeZone; - ghaf.givc.appvm = { - enable = true; - name = lib.mkForce "appflowy-vm"; - applications = [ - { - name = "appflowy"; - command = "${config.ghaf.givc.appPrefix}/run-waypipe ${config.ghaf.givc.appPrefix}/appflowy"; - } - ]; - }; - } - ]; - borderColor = "#4c3f7a"; -} diff --git a/modules/reference/appvms/business.nix b/modules/reference/appvms/business.nix index e4b6344ae..c8410f8af 100644 --- a/modules/reference/appvms/business.nix +++ b/modules/reference/appvms/business.nix @@ -8,7 +8,7 @@ ... }: let - inherit (lib) mkIf optionalString; + inherit (lib) mkIf; #TODO: Move this to a common place name = "business"; tiiVpnAddr = "151.253.154.18"; @@ -25,6 +25,7 @@ let echo -e '\nwindow { border-radius: 0px; }' >> src/style.css ''; }); + givc-cli-wrapper = pkgs.callPackage ../../../packages/givc-cli-wrapper { inherit config pkgs lib; }; in { name = "${name}"; @@ -36,7 +37,7 @@ in pkgs.openconnect gnomeTextEditor pkgs.xarchiver - + givc-cli-wrapper ] ++ lib.optionals config.ghaf.profiles.debug.enable [ pkgs.tcpdump ] ++ lib.optionals config.ghaf.givc.enable [ pkgs.open-normal-extension ]; @@ -67,7 +68,6 @@ in ghaf = { givc.appvm = { enable = true; - name = lib.mkForce "business-vm"; applications = [ { name = "google-chrome"; @@ -128,22 +128,10 @@ in # source = "${pkgs.open-normal-extension}/fi.ssrc.open_normal.json"; # }; environment.etc."open-normal-extension.cfg" = mkIf config.ghaf.givc.enable { - text = - let - cliArgs = builtins.replaceStrings [ "\n" ] [ " " ] '' - --name ${config.ghaf.givc.adminConfig.name} - --addr ${config.ghaf.givc.adminConfig.addr} - --port ${config.ghaf.givc.adminConfig.port} - ${optionalString config.ghaf.givc.enableTls "--cacert /run/givc/ca-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--cert /run/givc/business-vm-cert.pem"} - ${optionalString config.ghaf.givc.enableTls "--key /run/givc/business-vm-key.pem"} - ${optionalString (!config.ghaf.givc.enableTls) "--notls"} - ''; - in - '' - export GIVC_PATH="${pkgs.givc-cli}" - export GIVC_OPTS="${cliArgs}" - ''; + text = '' + export GIVC_PATH="${givc-cli-wrapper}" + export GIVC_OPTS="" + ''; }; # Enable dconf and icon pack for gnome text editor diff --git a/modules/reference/appvms/chromium.nix b/modules/reference/appvms/chromium.nix index 166ed6a7d..c9bae942a 100644 --- a/modules/reference/appvms/chromium.nix +++ b/modules/reference/appvms/chromium.nix @@ -9,11 +9,13 @@ }: let name = "chromium"; + givc-cli-wrapper = pkgs.callPackage ../../../packages/givc-cli-wrapper { inherit config pkgs lib; }; in { name = "${name}"; packages = [ pkgs.chromium + givc-cli-wrapper ] ++ lib.optional config.ghaf.development.debug.tools.enable pkgs.alsa-utils; # TODO create a repository of mac addresses to avoid conflicts macAddress = "02:00:00:03:05:01"; @@ -34,7 +36,6 @@ in ghaf.givc.appvm = { enable = true; - name = lib.mkForce "chromium-vm"; applications = [ { name = "chromium"; diff --git a/modules/reference/appvms/comms.nix b/modules/reference/appvms/comms.nix index 54c6f8dd8..4854eb2a6 100644 --- a/modules/reference/appvms/comms.nix +++ b/modules/reference/appvms/comms.nix @@ -16,6 +16,7 @@ let config.ghaf.reference.services.dendrite else false; + givc-cli-wrapper = pkgs.callPackage ../../../packages/givc-cli-wrapper { inherit config pkgs lib; }; in { name = "${name}"; @@ -26,6 +27,7 @@ in pkgs.element-gps pkgs.gpsd pkgs.tcpdump + givc-cli-wrapper ] ++ pkgs.lib.optionals isDendritePineconeEnabled [ dendrite-pinecone ]; macAddress = "02:00:00:03:09:01"; ramMb = 4096; @@ -89,7 +91,6 @@ in ghaf.givc.appvm = { enable = true; - name = lib.mkForce "${name}-vm"; applications = [ { name = "element"; diff --git a/modules/reference/appvms/gala.nix b/modules/reference/appvms/gala.nix index 6ae25a08a..b0cb3acdb 100644 --- a/modules/reference/appvms/gala.nix +++ b/modules/reference/appvms/gala.nix @@ -2,7 +2,6 @@ # SPDX-License-Identifier: Apache-2.0 # { - lib, pkgs, config, ... @@ -18,7 +17,6 @@ time.timeZone = config.time.timeZone; ghaf.givc.appvm = { enable = true; - name = lib.mkForce "gala-vm"; applications = [ { name = "gala"; diff --git a/modules/reference/appvms/google-chrome.nix b/modules/reference/appvms/google-chrome.nix index 4d6abaf4b..9598f4c7d 100644 --- a/modules/reference/appvms/google-chrome.nix +++ b/modules/reference/appvms/google-chrome.nix @@ -34,7 +34,6 @@ in ghaf.givc.appvm = { enable = true; - name = lib.mkForce "chrome-vm"; applications = [ { name = "google-chrome"; diff --git a/modules/reference/appvms/zathura.nix b/modules/reference/appvms/zathura.nix index a62e7ecd0..b2051d1a5 100644 --- a/modules/reference/appvms/zathura.nix +++ b/modules/reference/appvms/zathura.nix @@ -25,7 +25,6 @@ givc.appvm = { enable = true; - name = lib.mkForce "zathura-vm"; applications = [ { name = "zathura"; diff --git a/modules/reference/profiles/laptop-x86.nix b/modules/reference/profiles/laptop-x86.nix index 93b7c6d85..83d3b7808 100644 --- a/modules/reference/profiles/laptop-x86.nix +++ b/modules/reference/profiles/laptop-x86.nix @@ -3,8 +3,6 @@ { config, lib, ... }: let cfg = config.ghaf.reference.profiles.laptop-x86; - listenerAddress = config.ghaf.logging.listener.address; - listenerPort = toString config.ghaf.logging.listener.port; in { imports = [ @@ -109,8 +107,7 @@ in }; # Enable givc - # @TODO change this flag to enable givc in release - givc.enable = config.ghaf.profiles.debug.enable; + givc.enable = true; givc.debug = false; host = { @@ -122,18 +119,6 @@ in profiles = { applications.enable = false; }; - - # Logging configuration - logging = { - client = { - enable = true; - endpoint = "http://${listenerAddress}:${listenerPort}/loki/api/v1/push"; - }; - listener = { - address = "admin-vm" + lib.optionalString config.ghaf.profiles.debug.enable "-debug"; - port = 9999; - }; - }; }; }; } diff --git a/packages/givc-cli-wrapper/default.nix b/packages/givc-cli-wrapper/default.nix new file mode 100644 index 000000000..b35bfcc06 --- /dev/null +++ b/packages/givc-cli-wrapper/default.nix @@ -0,0 +1,52 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +# +# A wrapper for the givc client CLI. Works in any VM that is part of the ghaf-network. +{ + config, + pkgs, + lib, +}: +let + inherit (lib) + platforms + head + filter + strings + optionalString + ; + + admin = head (filter (x: strings.hasInfix ".100." x.addr) config.ghaf.givc.adminConfig.addresses); + + cliArgs = builtins.replaceStrings [ "\n" ] [ " " ] '' + --name ${config.ghaf.givc.adminConfig.name} + --addr ${admin.addr} + --port ${admin.port} + ${optionalString config.ghaf.givc.enableTls "--cacert /run/givc/ca-cert.pem"} + ${optionalString config.ghaf.givc.enableTls "--cert /run/givc/cert.pem"} + ${optionalString config.ghaf.givc.enableTls "--key /run/givc/key.pem"} + ${optionalString (!config.ghaf.givc.enableTls) "--notls"} + ''; + + givcCliWrapper = pkgs.writeShellScript "givc-cli-wrapper" '' + ${pkgs.givc-cli}/bin/givc-cli ${cliArgs} $@ + ''; +in +pkgs.stdenv.mkDerivation { + name = "givc-cli-wrapper"; + + phases = [ "installPhase" ]; + + installPhase = '' + mkdir -p $out/bin + cp ${givcCliWrapper} $out/bin/givc-cli-wrapper + ''; + + meta = { + description = "Script to launch givc commands via admin service."; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ]; + }; +}