From d7111d14acb0cc274f0845e6460ce56fb4d0aa1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 11 Mar 2024 15:03:13 +0100 Subject: [PATCH] move lenovo disko setup to a re-usuable module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörg Thalheim --- modules/common/hardware/definition.nix | 18 ++++++++++++++++++ modules/disko/flake-module.nix | 13 +++++++++++++ modules/flake-module.nix | 2 ++ targets/lenovo-x1/everything.nix | 9 +++------ targets/lenovo-x1/hardwareDefinition.nix | 2 ++ 5 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 modules/disko/flake-module.nix diff --git a/modules/common/hardware/definition.nix b/modules/common/hardware/definition.nix index 3d61a1a7e..991598fc5 100644 --- a/modules/common/hardware/definition.nix +++ b/modules/common/hardware/definition.nix @@ -63,6 +63,24 @@ }; }; + disks = mkOption { + description = "Disks to format and mount"; + type = types.attrsOf (types.submodule { + options.device = mkOption { + type = types.str; + description = '' + Path to the disk + ''; + }; + }); + default = {}; + example = literalExpression '' + { + disk1.device = "/dev/nvme0n1"; + } + ''; + }; + gpu = { # TODO? Should add GuiVM enabler here? # guivm.enable = mkEnableOption = "NetVM"; diff --git a/modules/disko/flake-module.nix b/modules/disko/flake-module.nix new file mode 100644 index 000000000..34353f96a --- /dev/null +++ b/modules/disko/flake-module.nix @@ -0,0 +1,13 @@ +# Copyright 2024 TII (SSRC) and the Ghaf contributors +# SPDX-License-Identifier: Apache-2.0 +{inputs, ...}: { + flake.nixosModules = { + # TODO: rename this module to what it actually does rather than what model it's for. + # We version the disko partitiong module so that we can update it without breaking existing systems + disko-lenovo-x1-basic-v1.imports = [ + inputs.disko.nixosModules.disko + ./lenovo-x1-disko-basic.nix + ./disko-basic-postboot.nix + ]; + }; +} diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 004517c35..cdbe92292 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -4,6 +4,8 @@ # Modules to be exported from Flake # {inputs, ...}: { + imports = [./disko/flake-module.nix]; + flake.nixosModules = { common.imports = [ ./common diff --git a/targets/lenovo-x1/everything.nix b/targets/lenovo-x1/everything.nix index 5da094fdd..292a5f86b 100644 --- a/targets/lenovo-x1/everything.nix +++ b/targets/lenovo-x1/everything.nix @@ -6,7 +6,6 @@ lib, microvm, lanzaboote, - disko, name, system, ... @@ -24,7 +23,6 @@ inherit system; modules = [ - disko.nixosModules.disko lanzaboote.nixosModules.lanzaboote microvm.nixosModules.host self.nixosModules.common @@ -33,10 +31,7 @@ self.nixosModules.lanzaboote self.nixosModules.microvm - # TODO: Refactor the disko module a bit - ../../modules/disko/lenovo-x1-disko-basic.nix #TODO define device in hw def file - { disko.disk.disk1.device = "/dev/nvme0n1"; } - ../../modules/disko/disko-basic-postboot.nix + self.nixosModules.disko-lenovo-x1-basic-v1 ./sshkeys.nix ({ @@ -80,6 +75,8 @@ environment.etc.${config.ghaf.security.sshKeys.getAuthKeysFilePathInEtc} = import ./getAuthKeysSource.nix {inherit pkgs config;}; services.openssh = config.ghaf.security.sshKeys.sshAuthorizedKeysCommand; + disko.devices.disk = config.ghaf.hardware.definition.disks; + ghaf = { hardware.definition = hwDefinition; # To enable guest hardening enable host hardening first diff --git a/targets/lenovo-x1/hardwareDefinition.nix b/targets/lenovo-x1/hardwareDefinition.nix index 06fb78896..8bc994f8c 100644 --- a/targets/lenovo-x1/hardwareDefinition.nix +++ b/targets/lenovo-x1/hardwareDefinition.nix @@ -28,4 +28,6 @@ # Lenovo X1 trackpoint (red button/joystick) "/dev/input/by-path/platform-i8042-serio-1-event-mouse" ]; + + disks.disk1.device = "/dev/nvme0n1"; }