tiiuae
diff --git a/‎lib/builders/mkGhafConfiguration.nix‎
Lines changed: 0 additions & 2 deletions b/‎lib/builders/mkGhafConfiguration.nix‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎lib/builders/mkGhafInstaller.nix‎
Lines changed: 30 additions & 28 deletions b/‎lib/builders/mkGhafInstaller.nix‎
Lines changed: 30 additions & 28 deletions
diff --git a/‎lib/default.nix‎
Lines changed: 3 additions & 0 deletions b/‎lib/default.nix‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎lib/global-config.nix‎
Lines changed: 37 additions & 5 deletions b/‎lib/global-config.nix‎
Lines changed: 37 additions & 5 deletions
diff --git a/‎modules/common/identity/dynamic-hostname.nix‎
Lines changed: 39 additions & 37 deletions b/‎modules/common/identity/dynamic-hostname.nix‎
Lines changed: 39 additions & 37 deletions
@@ -79,7 +79,6 @@ let
       vmConfigModule = {
         ghaf.virtualization.vmConfig = vmConfig;
       };
-
       # Module for extraConfig (wrapped properly)
       extraConfigModule = lib.optionalAttrs (extraConfig != { }) { ghaf = extraConfig; };
 
@@ -143,7 +142,6 @@ let
 
       # Full configuration name
       fullName = "${name}-${variant}";
-
       # Determine the package output based on profile
       package =
         if profile == "orin" then
 
@@ -58,36 +58,40 @@ let
 
               # Prevent the image from being included in the nix store
               # by explicitly excluding store contents
-              isoImage.storeContents = [ ];
-
               # Include the image file directly in the ISO filesystem (not in /nix/store)
               # This copies the file without creating a runtime dependency
               # Support both disko (disk1.raw.zst) and verity (ghaf-*.raw.zst) images
               # Use reflinks/hardlinks to avoid duplicating large image files
-              isoImage.contents =
-                let
-                  # Create a derivation that finds the .raw.zst file and creates a normalized reference
-                  # Using cp --reflink=auto attempts copy-on-write, falling back to hardlink
-                  normalizedImage = pkgs.runCommand "normalized-ghaf-image" { } ''
-                    mkdir -p $out
-                    # Find the .raw.zst file (either disk1.raw.zst or ghaf-*.raw.zst)
-                    imageFile=$(find ${imagePath} -maxdepth 1 -name "*.raw.zst" -type f | head -n 1)
-                    if [ -z "$imageFile" ]; then
-                      echo "Error: No .raw.zst file found in ${imagePath}" >&2
-                      exit 1
-                    fi
-                    # Use reflink if supported (e.g. btrfs), otherwise hardlink to avoid duplication
-                    # This saves significant disk space (6-7GB per installer build) compared to cp.
-                    cp --reflink=auto "$imageFile" $out/ghaf-image.raw.zst || \
-                      ln "$imageFile" $out/ghaf-image.raw.zst
-                  '';
-                in
-                [
-                  {
-                    source = "${normalizedImage}/ghaf-image.raw.zst";
-                    target = "/ghaf-image/ghaf-image.raw.zst";
-                  }
-                ];
+              isoImage = {
+                storeContents = [ ];
+
+                contents =
+                  let
+                    # Create a derivation that finds the .raw.zst file and creates a normalized reference
+                    # Using cp --reflink=auto attempts copy-on-write, falling back to hardlink
+                    normalizedImage = pkgs.runCommand "normalized-ghaf-image" { } ''
+                      mkdir -p $out
+                      # Find the .raw.zst file (either disk1.raw.zst or ghaf-*.raw.zst)
+                      imageFile=$(find ${imagePath} -maxdepth 1 -name "*.raw.zst" -type f | head -n 1)
+                      if [ -z "$imageFile" ]; then
+                        echo "Error: No .raw.zst file found in ${imagePath}" >&2
+                        exit 1
+                      fi
+                      # Use reflink if supported (e.g. btrfs), otherwise hardlink to avoid duplication
+                      # This saves significant disk space (6-7GB per installer build) compared to cp.
+                      cp --reflink=auto "$imageFile" $out/ghaf-image.raw.zst || \
+                        ln "$imageFile" $out/ghaf-image.raw.zst
+                    '';
+                  in
+                  [
+                    {
+                      source = "${normalizedImage}/ghaf-image.raw.zst";
+                      target = "/ghaf-image/ghaf-image.raw.zst";
+                    }
+                  ];
+
+                squashfsCompression = "zstd -Xcompression-level 3";
+              };
 
               environment.sessionVariables = {
                 IMG_PATH = "/iso/ghaf-image";
@@ -114,8 +118,6 @@ let
                 '';
               };
 
-              isoImage.squashfsCompression = "zstd -Xcompression-level 3";
-
               # NOTE: Stop nixos complains about "warning:
               # mdadm: Neither MAILADDR nor PROGRAM has been set. This will cause the `mdmon` service to crash."
               # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix#L112
 
@@ -67,6 +67,7 @@ in
           description = "Host name as string.";
           default = null;
         };
+
         mac = lib.mkOption {
           type = lib.types.nullOr lib.types.str;
           description = "MAC address as string.";
@@ -88,11 +89,13 @@ in
           description = "The IPv4 subnet prefix length (e.g. 24 for 255.255.255.0)";
           example = 24;
         };
+
         interfaceName = lib.mkOption {
           type = lib.types.nullOr lib.types.str;
           default = null;
           description = "Name of the network interface.";
         };
+
         cid = lib.mkOption {
           type = lib.types.nullOr lib.types.int;
           default = null;
 
@@ -174,6 +174,17 @@ rec {
         };
       };
 
+      # Graphics/boot UI settings
+      graphics = {
+        boot = {
+          enable = mkOption {
+            type = types.bool;
+            default = false;
+            description = "Enable graphical boot support (splash screen, user login detection)";
+          };
+        };
+      };
+
       # IDS VM specific settings
       idsvm = {
         mitmproxy = {
@@ -356,34 +367,44 @@ rec {
     # Debug profile - full development/debugging capabilities
     debug = {
       debug.enable = true;
+
       development = {
         ssh.daemon.enable = true;
         debug.tools.enable = true;
         nix-setup.enable = true;
       };
+
       # Logging enabled with Ghaf's central logging infrastructure
       # Note: listener.address is auto-populated from admin-vm IP by
       # modules/common/global-config.nix (no need to set it per profile).
       logging = {
         enable = true;
         server.endpoint = "https://loki.ghaflogs.vedenemo.dev/loki/api/v1/push";
       };
+
       security.audit.enable = false;
+
       givc = {
         enable = true;
         # givc.debug disabled to allow logging (they conflict due to security)
         debug = false;
       };
+
       services = {
         power-manager.enable = false;
         performance.enable = false;
       };
+
       storage = {
         encryption.enable = false;
         storeOnDisk = false;
       };
+
+      graphics.boot.enable = true;
+
       shm.enable = false;
       idsvm.mitmproxy.enable = false;
+
       # Feature defaults for debug profile
       features = {
         fprint = {
@@ -416,27 +437,36 @@ rec {
     # Release profile - production settings
     release = {
       debug.enable = false;
+
       development = {
         ssh.daemon.enable = false;
         debug.tools.enable = false;
         nix-setup.enable = false;
       };
+
       logging.enable = false;
       security.audit.enable = true;
+
       givc = {
         enable = true;
         debug = false;
       };
+
       services = {
         power-manager.enable = true;
         performance.enable = true;
       };
+
       storage = {
         encryption.enable = true;
         storeOnDisk = false;
       };
+
+      graphics.boot.enable = true;
+
       shm.enable = false;
       idsvm.mitmproxy.enable = false;
+
       # Feature defaults for release profile
       features = {
         fprint = {
@@ -469,27 +499,34 @@ rec {
     # Minimal profile - bare minimum
     minimal = {
       debug.enable = false;
+
       development = {
         ssh.daemon.enable = false;
         debug.tools.enable = false;
         nix-setup.enable = false;
       };
+
       logging.enable = false;
       security.audit.enable = false;
+
       givc = {
         enable = false;
         debug = false;
       };
+
       services = {
         power-manager.enable = false;
         performance.enable = false;
       };
+
       storage = {
         encryption.enable = false;
         storeOnDisk = false;
       };
+
       shm.enable = false;
       idsvm.mitmproxy.enable = false;
+
       # Feature defaults for minimal profile - all disabled
       features = {
         fprint = {
@@ -606,7 +643,6 @@ rec {
 
         # Kernel configuration for this VM type (if defined)
         kernel = config.ghaf.kernel.${vmType} or null;
-
         # QEMU configuration for this VM type (if defined)
         qemu = config.ghaf.qemu.${vmType} or null;
 
@@ -622,7 +658,6 @@ rec {
 
         # Host filesystem paths
         sharedVmDirectory = config.ghaf.virtualization.microvm-host.sharedVmDirectory or null;
-
         # Boot configuration
         microvmBoot = {
           enable = config.ghaf.microvm-boot.enable or false;
@@ -632,10 +667,8 @@ rec {
         hardware = {
           devices = config.ghaf.hardware.devices or { };
         };
-
         # Common namespace (for killswitch, etc.)
         common = config.ghaf.common or { };
-
         # User configuration (complex, kept as-is for now)
         users = config.ghaf.users or { };
 
@@ -664,7 +697,6 @@ rec {
         # AppVM configurations (needed by guivm for launcher generation)
         # Use enabledVms which has derived values including applications from vmDef
         appvms = config.ghaf.virtualization.microvm.appvm.enabledVms or { };
-
         # GUIVM applications (needed by guivm for local launcher generation)
         guivm = {
           applications = config.ghaf.virtualization.microvm.guivm.applications or [ ];
 
@@ -280,27 +280,46 @@ in
   };
 
   config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = [
-      "d ${toString cfg.outputDir} 0755 root root - -"
-      "d ${toString cfg.shareDir} 0755 root root - -"
-      "d /persist/common 0755 root root - -"
-    ];
-
-    systemd.services.ghaf-dynamic-hostname = {
-      description = "Compute and export dynamic host identity and transient hostname";
-      wantedBy = [ "multi-user.target" ];
-      after = [
-        "local-fs.target"
-        "sysinit.target"
-      ];
-      before = [
-        "multi-user.target"
-        "network-online.target"
+    systemd = {
+      tmpfiles.rules = [
+        "d ${toString cfg.outputDir} 0755 root root - -"
+        "d ${toString cfg.shareDir} 0755 root root - -"
+        "d /persist/common 0755 root root - -"
       ];
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${computeScript}/bin/ghaf-compute-hostname";
-        RemainAfterExit = true;
+
+      services.ghaf-dynamic-hostname = {
+        description = "Compute and export dynamic host identity and transient hostname";
+        wantedBy = [ "multi-user.target" ];
+        after = [
+          "local-fs.target"
+          "sysinit.target"
+        ];
+        before = [
+          "multi-user.target"
+          "network-online.target"
+        ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${computeScript}/bin/ghaf-compute-hostname";
+          RemainAfterExit = true;
+
+          # Set systemd environment for services
+          ExecStartPost =
+            let
+              setHostnameEnv = pkgs.writeShellApplication {
+                name = "set-hostname-env";
+                runtimeInputs = [ pkgs.systemd ];
+                text = ''
+                  if [ -r ${toString cfg.outputDir}/hostname ]; then
+                    if command -v systemctl >/dev/null 2>&1; then
+                      systemctl set-environment GHAF_HOSTNAME="$(cat ${toString cfg.outputDir}/hostname)"
+                    fi
+                  fi
+                '';
+              };
+            in
+            "${setHostnameEnv}/bin/set-hostname-env";
+        };
       };
     };
 
@@ -311,22 +330,5 @@ in
         export GHAF_HOSTNAME_FILE="/run/ghaf-hostname"
       fi
     '';
-
-    # Set systemd environment for services
-    systemd.services.ghaf-dynamic-hostname.serviceConfig.ExecStartPost =
-      let
-        setHostnameEnv = pkgs.writeShellApplication {
-          name = "set-hostname-env";
-          runtimeInputs = [ pkgs.systemd ];
-          text = ''
-            if [ -r ${toString cfg.outputDir}/hostname ]; then
-              if command -v systemctl >/dev/null 2>&1; then
-                systemctl set-environment GHAF_HOSTNAME="$(cat ${toString cfg.outputDir}/hostname)"
-              fi
-            fi
-          '';
-        };
-      in
-      "${setHostnameEnv}/bin/set-hostname-env";
   };
 }