navos/navinstall
navos/navinstall
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: navos:f2358676000c70c7ae1ae7b17c16f6c79433557d
Branches Tags
navos:main
...
compare: navos:3ae066d593cdb18e2b8a0824ac319bd5f7c068e1
Branches Tags
navos:main

2 commits
f235867600 ... 3ae066d593

Author SHA1 Message Date
JMARyA
3ae066d593
update
Some checks failed
ci/woodpecker/push/build Pipeline failed
Details
2025-01-10 14:27:23 +01:00
JMARyA
dfa3a34484
refactor + firewall 2025-01-10 13:19:39 +01:00
21 changed files with 254 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Cargo.lock generated
View file

@ -130,6 +130,12 @@ version = "1.70.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
[[package]]
name = "itoa"
version = "1.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
[[package]]
name = "libc"
version = "0.2.169"
@ -149,6 +155,7 @@ dependencies = [
"clap",
"nix",
"serde",
"serde_json",
"toml",
"yansi",
]
@ -183,6 +190,12 @@ dependencies = [
"proc-macro2",
]
[[package]]
name = "ryu"
version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
[[package]]
name = "serde"
version = "1.0.216"
@ -203,6 +216,18 @@ dependencies = [
"syn",
]
[[package]]
name = "serde_json"
version = "1.0.135"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b0d7ba2887406110130a978386c4e1befb98c674b4fba677954e4db976630d9"
dependencies = [
"itoa",
"memchr",
"ryu",
"serde",
]
[[package]]
name = "serde_spanned"
version = "0.6.8"

1
Cargo.toml
View file

@ -7,5 +7,6 @@ edition = "2024"
clap = { version = "4.5.23", features = ["cargo"] }
nix = { version = "0.29.0", features = ["user"] }
serde = { version = "1.0.216", features = ["derive"] }
serde_json = "1.0.135"
toml = "0.8.19"
yansi = "1.0.1"

32
installs/desktop.toml
View file

@ -1,59 +1,29 @@
# Desktop Install Template
# Drive Selection for Install
[drive]
# Device node for the EFI boot filesystem
boot = "/dev/null"
# Device node for the root filesystem
root = "/dev/null"
# Root filesystem encryption passphrase
# If this option is set the root filesystem will be encrypted with LUKS
encryption = "password"
# General configuration
[general]
# Preset
mode = "Desktop"
# System Locale
locale = "de_DE.UTF-8"
# Keymap
keyboard_layout = "de"
keyboard_variant = "mac"
# Timezone
timezone = "Europe/Berlin"
# Hostname
hostname = "navos"
# Root password
root_password = "root"
# Enable Bluetooth
bluetooth = true
# GPU Video Drivers
gpu_driver = "NVIDIA"
firewall = true
[pkg]
# Additional packages
pkg = [
"nano",
"micro"
]
# User configuration
# The `[[user]]` directive can be repeated to create multiple users.
[[user]]
# Username
name = "u"
# User password
password = "pass"
# Add user to wheel group
wheel = true

8
installs/full.toml
View file

@ -15,6 +15,10 @@ encryption = "password"
# General configuration
[general]
# Preset
# Available options:
# - `Base`: Basic Arch Linux Installation
# - `Desktop`: navOS Desktop Installation
# - `Server`: navOS Server Installation
mode = "Desktop"
# System Locale
@ -37,8 +41,12 @@ root_password = "root"
bluetooth = true
# GPU Video Drivers
# Available options: `NVIDIA`, `AMD`, `INTEL`
gpu_driver = "NVIDIA"
# Enable firewall
firewall = true
[pkg]
# Additional packages
pkg = [

21
installs/min.toml
View file

@ -1,38 +1,19 @@
# Minimal Install Template
# Drive Selection for Install
[drive]
# Device node for the EFI boot filesystem
boot = "/dev/null"
# Device node for the root filesystem
root = "/dev/null"
# Root filesystem encryption passphrase
# If this option is set the root filesystem will be encrypted with LUKS
encryption = "password"
# General configuration
[general]
# Preset
mode = "Base"
# System Locale
locale = "de_DE.UTF-8"
# Keymap
keyboard_layout = "de"
keyboard_variant = "mac"
# Timezone
timezone = "Europe/Berlin"
# Hostname
hostname = "navos_min"
# Root password
root_password = "root"
firewall = false
[pkg]
# Additional packages
pkg = []

45
installs/server.toml
View file

@ -1,79 +1,36 @@
# Server Install Template
# Drive Selection for Install
[drive]
# Device node for the EFI boot filesystem
boot = "/dev/null"
# Device node for the root filesystem
root = "/dev/null"
# Root filesystem encryption passphrase
# If this option is set the root filesystem will be encrypted with LUKS
encryption = "password"
# General configuration
[general]
# Preset
mode = "Server"
# System Locale
locale = "de_DE.UTF-8"
# Keymap
keyboard_layout = "de"
keyboard_variant = "mac"
# Timezone
timezone = "Europe/Berlin"
# Hostname
hostname = "navos"
# Root password
root_password = "root"
firewall = true
[pkg]
# Additional packages
pkg = []
# Enable virtualization
virtualization = true
# Enable docker
docker = true
# User configuration
# The `[[user]]` directive can be repeated to create multiple users.
[[user]]
# Username
name = "u"
# User password
password = "pass"
# Add user to wheel group
wheel = true
# Add user to Docker group
docker = true
# Add user to libvirt group
virtualization = true
# SSH Configuration
# If `[ssh]` is set, openssh will be installed and enabled.
[ssh]
# Config file for sshd
# This file will be copied to the new system
sshd_config = "/etc/ssh/sshd_config"
# Install a SSH keys
# To set multiple keys, repeat the `[[ssh.key]]` directive.
# Every key will be installed in the users respective `authorized_keys` file.
[[ssh.key]]
# The SSH Key
key = "ssh-rsa ... user@host"
# The users allowed to login with this key
users = ["u", "root"]

6
src/config.rs
View file

@ -88,14 +88,16 @@ pub struct GeneralConfig {
// Enable Bluetooth
pub bluetooth: Option<bool>,
/// Install Video Driver
pub gpu_driver: Option<GPUVendor>
pub gpu_driver: Option<GPUVendor>,
// Eanble firewall
pub firewall: Option<bool>,
}
#[derive(Debug, Clone, Deserialize)]
pub enum GPUVendor {
AMD,
NVIDIA,
INTEL
INTEL,
}
#[derive(Debug, Clone, Deserialize)]

63
src/install/drives.rs
View file

@ -1,10 +1,13 @@
use crate::{config::DriveConfig, linux::run_command};
use yansi::{Color, Paint};
use crate::{config::DriveConfig, linux::run_command, print_status};
// TODO : Add support for using entire block device
/// Format the drives with the given config
pub fn format_drives(conf: &DriveConfig) {
// TODO : Safety checks !!!
disk_safe_check(&conf.root);
disk_safe_check(&conf.root);
// EFI (BOOT)
run_command(&["mkfs.vfat", "-F", "32", conf.boot.as_str()], None, false);
@ -52,3 +55,59 @@ pub fn mount_drives(conf: &DriveConfig) {
false,
);
}
/// Format a disk with EFI and BOOT partitions.
pub fn partition_disk(dev: &str) {
disk_safe_check(dev);
print_status(&format!("Formatting disk {dev}"));
let cmd = vec!["fdisk", dev];
let input = "g\nn\n1\n\n+1G\nt\n1\nn\n2\n\nw\n";
run_command(&cmd, Some(input), false);
}
/// Check if `dev` contains a filesystem and error if it does
pub fn disk_safe_check(dev: &str) {
if let Some(fs) = has_filesystem(dev) {
println!(
"{} Device {} already contains a filesystem {}",
"Error:".paint(Color::Red),
dev.paint(Color::Red),
fs.paint(Color::Blue)
);
std::process::exit(1);
}
}
pub fn has_filesystem(dev: &str) -> Option<String> {
let blockdevs: serde_json::Value =
serde_json::from_str(&run_command(&["lsblk", "--fs", "--json"], None, false).0).unwrap();
// TODO : Follow if symlink from /dev/disks
let dev = dev.trim_start_matches("/dev/");
let dev_entry = blockdevs
.as_object()
.unwrap()
.get("blockdevices")
.unwrap()
.as_array()
.unwrap()
.iter()
.find(|x| {
x.as_object()
.unwrap()
.get("name")
.unwrap()
.as_str()
.unwrap()
== dev
});
if let Some(dev_entry) = dev_entry {
if let Some(fs) = dev_entry.as_object().unwrap().get("fstype") {
return Some(fs.to_string());
}
}
None
}

22
src/install/firewall.rs Normal file
View file

@ -0,0 +1,22 @@
use crate::{
linux::{arch_chroot, systemd_service_enable},
pkg::install_pkgs,
print_status,
};
/// Setup UFW
pub fn setup_firewall(ssh: bool) {
print_status("Enabling firewall");
install_pkgs(&["ufw"]);
systemd_service_enable("ufw.service");
arch_chroot(&["ufw", "default", "deny"], None, false);
if ssh {
arch_chroot(&["ufw", "allow", "22/tcp"], None, false);
arch_chroot(&["ufw", "limit", "ssh"], None, false);
}
arch_chroot(&["ufw", "enable"], None, false);
}

2
src/install/firmware.rs
View file

@ -1,11 +1,13 @@
use crate::{linux::systemd_service_enable, pkg::install_pkgs, print_status};
/// Setup firmware update daemon
pub fn setup_fwupd() {
print_status("Enabling firmware updates");
install_pkgs(&["fwupd"]);
systemd_service_enable("fwupd-refresh.timer");
}
/// Setup CPU Microcode
pub fn setup_microcode() {
print_status("Installing CPU Microcode");
let cpuinfo = std::fs::read_to_string("/proc/cpuinfo").unwrap();

9
src/install/first_boot.rs
View file

@ -45,7 +45,14 @@ pub fn first_boot_values(conf: &GeneralConfig) {
print_status("Writing /etc/hostname");
std::fs::write("/mnt/etc/hostname", format!("{}\n", conf.hostname)).unwrap();
install_file("/mnt/etc/hosts", &format!("127.0.0.1 localhost\n::1 localhost\n127.0.1.1 {}\n", conf.hostname), 0o644);
install_file(
"/mnt/etc/hosts",
&format!(
"127.0.0.1 localhost\n::1 localhost\n127.0.1.1 {}\n",
conf.hostname
),
0o644,
);
// LOCALE
print_status("Setting locale");

23
src/install/gpu.rs
View file

@ -1,15 +1,28 @@
use crate::{config::GPUVendor, pkg::install_pkgs};
/// Setup GPU video drivers
pub fn setup_video_drivers(vendor: &GPUVendor) {
match vendor {
GPUVendor::AMD => {
install_pkgs(&["xf86-video-amdgpu", "mesa", "lib32-mesa", "vulkan-radeon", "lib32-vulkan-radeon"]);
},
install_pkgs(&[
"xf86-video-amdgpu",
"mesa",
"lib32-mesa",
"vulkan-radeon",
"lib32-vulkan-radeon",
]);
}
GPUVendor::NVIDIA => {
install_pkgs(&["nvidia", "nvidia-utils", "lib32-nvidia-utils"]);
},
}
GPUVendor::INTEL => {
install_pkgs(&["xf86-video-intel2", "mesa", "lib32-mesa", "vulkan-intel", "lib32-vulkan-intel"]);
},
install_pkgs(&[
"xf86-video-intel2",
"mesa",
"lib32-mesa",
"vulkan-intel",
"lib32-vulkan-intel",
]);
}
}
}

1
src/install/kernel.rs
View file

@ -6,6 +6,7 @@ use crate::{
print_status,
};
/// Setup initramfs
pub fn setup_mkinitcpio(conf: &DriveConfig) {
print_status("Writing /etc/mkinitcpio.d/linux.preset");
install_file(

46
src/install/mod.rs
View file

@ -1,6 +1,5 @@
// TODO : Autojoin docker swarm
// TODO : Autojoin teleport
// TODO : Firewall
// DRIVE SELECTION
@ -9,6 +8,7 @@ use boot::setup_bootloader;
use desktop::setup_desktop;
use docker::setup_docker;
use drives::{format_drives, mount_drives};
use firewall::setup_firewall;
use firmware::{setup_fwupd, setup_microcode};
use first_boot::{first_boot_values, genfstab};
use gpu::setup_video_drivers;
@ -28,7 +28,10 @@ pub mod boot;
pub mod desktop;
pub mod docker;
pub mod drives;
pub mod firewall;
pub mod firmware;
pub mod first_boot;
pub mod gpu;
pub mod kernel;
pub mod navos;
pub mod ollama;
@ -38,14 +41,22 @@ pub mod ssh;
pub mod user;
pub mod virt;
pub mod zram;
pub mod firmware;
pub mod gpu;
use crate::{
config::InstallConfig,
pkg::{self, install_pkgs, pacstrap},
};
/// Uncomment the first occurrence of a specified value in a file.
///
/// This function searches for the first line in the specified file that contains
/// the given `value` string. If the line is commented out with a `#` symbol,
/// it removes the `#` and updates the file.
///
/// # Arguments
///
/// * `value` - A string that specifies the value to search for in the file.
/// * `file` - A string specifying the path to the file.
pub fn uncomment_first_value_of(value: &str, file: &str) {
// read in the file
let content = std::fs::read_to_string(file).unwrap();
@ -66,6 +77,15 @@ pub fn uncomment_first_value_of(value: &str, file: &str) {
std::fs::write(file, new).unwrap();
}
/// Uncomment lines that start with a specified tag in a file.
///
/// This function processes all lines in the specified file. For any line that starts
/// with the provided `tag`, it removes the `tag` and updates the file.
///
/// # Arguments
///
/// * `tag` - A string specifying the prefix tag to remove from matching lines.
/// * `file` - A string specifying the path to the file.
pub fn uncomment_tag(tag: &str, file: &str) {
// read in the file
let content = std::fs::read_to_string(file).unwrap();
@ -95,15 +115,13 @@ pub fn install(conf: InstallConfig) {
pacstrap(&conf.pkg);
genfstab();
// System Setup
// Configuration
first_boot_values(&conf.general);
setup_skel(&conf.general);
setup_users(&conf.user.as_ref().unwrap_or(&Vec::new()));
setup_ssh(&conf.ssh);
setup_bootloader();
// Presets
match conf.general.mode {
crate::config::InstallMode::Base => {}
crate::config::InstallMode::Desktop => {
@ -118,6 +136,8 @@ pub fn install(conf: InstallConfig) {
}
}
// Applications
if conf.pkg.virtualization.unwrap_or_default() {
setup_virtualization(&conf);
}
@ -136,18 +156,24 @@ pub fn install(conf: InstallConfig) {
setup_ollama(&ai);
}
setup_zram();
// Connectivity
if conf.general.bluetooth.unwrap_or_default() {
setup_bluetooth();
}
if conf.general.firewall.unwrap_or(true) {
setup_firewall(conf.ssh.is_some());
}
// System
setup_zram();
setup_vm();
if let Some(gpu_vendor) = &conf.general.gpu_driver {
setup_video_drivers(gpu_vendor);
}
setup_fwupd();
setup_microcode();
setup_bootloader();
setup_mkinitcpio(&conf.drive);
setup_secure_boot();
@ -155,5 +181,5 @@ pub fn install(conf: InstallConfig) {
setup_tpm_unlock(&conf.drive);
}
println!("{}", "System install complete".paint(Color::Green));
println!("{}", "System install complete".bold().paint(Color::Green));
}

24
src/install/ollama.rs
View file

@ -1,4 +1,9 @@
use crate::{config::OllamaConfig, linux::systemd_service_enable, pkg::install_pkgs};
use crate::{
config::OllamaConfig,
linux::{arch_chroot, systemd_service_enable},
pkg::install_pkgs,
print_status,
};
/// Setup Ollama AI Service
pub fn setup_ollama(conf: &OllamaConfig) {
@ -10,7 +15,20 @@ pub fn setup_ollama(conf: &OllamaConfig) {
systemd_service_enable("ollama.service");
for model in conf.models.clone().unwrap_or_default() {
// TODO : Pull models
print_status("Pulling Models");
let mut ollama_server = std::process::Command::new("arch-chroot")
.arg("/mnt")
.arg("runuser -u ollama -- env OLLAMA_MODELS=/var/lib/ollama HOME=/var/lib/ollama /usr/bin/ollama serve")
.stdout(Stdio::piped())
.spawn()
.expect("Failed to start ollama server");
let models = conf.models.clone().unwrap_or_default();
for model in models {
arch_chroot(&["ollama", "pull", &model], None, true);
}
ollama_server.kill().unwrap();
}

9
src/install/ssh.rs
View file

@ -1,4 +1,9 @@
use crate::{config::SSHConfig, linux::install_file, pkg::install_pkgs, print_status};
use crate::{
config::SSHConfig,
linux::{install_file, systemd_service_enable},
pkg::install_pkgs,
print_status,
};
use std::io::Write;
/// Setup SSH on the system
@ -34,5 +39,7 @@ pub fn setup_ssh(conf: &Option<SSHConfig>) {
writeln!(authorized_keys, "{}\n", key.key).unwrap();
}
}
systemd_service_enable("sshd.service");
}
}

5
src/install/user.rs
View file

@ -1,5 +1,8 @@
use crate::{
config::UserConfig, linux::{arch_chroot, install_file}, pkg::install_pkgs, print_status
config::UserConfig,
linux::{arch_chroot, install_file},
pkg::install_pkgs,
print_status,
};
pub fn change_passwd(user: &str, pw: &str) {

18
src/install/virt.rs
View file

@ -1,7 +1,8 @@
use crate::{
config::{InstallConfig, InstallMode},
linux::{arch_chroot, systemd_service_enable},
linux::{arch_chroot, run_command, systemd_service_enable},
pkg::install_pkgs,
print_status,
};
pub fn setup_virtualization(conf: &InstallConfig) {
@ -30,6 +31,19 @@ pub fn setup_virtualization(conf: &InstallConfig) {
}
}
/// Setup guest utils if running inside a VM
pub fn setup_vm() {
// TODO : Install guest tools if in virt with systemd-detect-virt
let is_vm = run_command(&["systemd-detect-virt", "--vm"], None, false)
.0
.trim();
match is_vm {
"qemu" | "kvm" => {
print_status("Detected KVM. Installing utils");
install_pkgs(&["qemu-guest-agent", "spice-vdagent"]);
systemd_service_enable("qemu-guest-agent.service");
systemd_service_enable("spice-vdagentd.service");
}
_ => {}
}
}

3
src/linux.rs
View file

@ -75,7 +75,6 @@ pub fn install_file(path: &str, content: &str, permissions: u32) {
file.write_all(content.as_bytes()).unwrap();
let permissions = std::fs::Permissions::from_mode(permissions);
// TODO : Fix permission format
print_status(&format!("Wrote file {path} [{permissions:#?}]"));
print_status(&format!("Wrote file {path} [{:o}]", permissions.mode()));
std::fs::set_permissions(path, permissions).unwrap();
}

9
src/pkg.rs
View file

@ -3,18 +3,16 @@ use crate::{
linux::{arch_chroot, run_command},
};
pub const DESKTOP_PKG: [&str; 16] = [
pub const DESKTOP_PKG: [&str; 17] = [
// Desktop
"plasma",
"sddm",
// Sound
"pipewire",
"pipewire-alsa",
"pipewire-pulse",
"pipewire-jack",
"wireplumber",
// Applications
"konsole",
"dolphin",
@ -24,9 +22,9 @@ pub const DESKTOP_PKG: [&str; 16] = [
"gwenview",
"ark",
"flatpak",
// Misc
"navos/navos"
"navos/navos",
"man",
];
pub const SERVER_PKG: [&str; 2] = ["tmux", "navos/navos"];
@ -60,7 +58,6 @@ pub fn pacstrap(conf: &PackageConfig) {
"zsh",
"zsh-completions",
"zsh-autosuggestions",
"man"
];
cmd.extend(

15
src/print.rs
View file

@ -65,10 +65,19 @@ pub fn print_config(conf: &InstallConfig) {
}
if let Some(vendor) = &conf.general.gpu_driver {
match vendor {
crate::config::GPUVendor::AMD => general_info.add_str(format!("🟥 AMD GPU {}", "✔️".paint(Color::Green))),
crate::config::GPUVendor::INTEL => general_info.add_str(format!("🟦 Intel GPU {}", "✔️".paint(Color::Green))),
crate::config::GPUVendor::NVIDIA => general_info.add_str(format!("🟩 NVIDIA GPU {}", "✔️".paint(Color::Green))),
crate::config::GPUVendor::AMD => {
general_info.add_str(format!("🟥 AMD GPU {}", "✔️".paint(Color::Green)))
}
crate::config::GPUVendor::INTEL => {
general_info.add_str(format!("🟦 Intel GPU {}", "✔️".paint(Color::Green)))
}
crate::config::GPUVendor::NVIDIA => {
general_info.add_str(format!("🟩 NVIDIA GPU {}", "✔️".paint(Color::Green)))
}
}
}
if conf.general.firewall.unwrap_or(true) {
general_info.add_str(format!("🔥 Firewall {}", "✔️".paint(Color::Green)));
}
root_info.add_tree("🔨 General", general_info);