baseos/README.md

# BaseOS

**BaseOS** is a NixOS flake designed specifically for life and work at the **c-base Space**.

---

## Features

- **c-base Wi-Fi**:
  - `c-base-crew` → Members network (EAP/PEAP/MSCHAPv2), requires ISRG Root X1 certificate.
  - `c-base-public` → Guest network, open, no certificate needed.
- **Freifunk Berlin**: `berlin.freifunk.net`, open community Wi-Fi.
- **ISRG Root X1 Certificate** as a package (`pkgs.byName.is.isrg-root-x1`) only used for crew Wi-Fi.


---

## Project Structure

```
flake.nix
cbase-wifi.nix
pkgs/
└── by-name/
    └── is/
        └── isrg-root-x1/
            └── default.nix
README.md
```

---

## Usage as a Nix Flake

Here is a fully working example to include in your `flake.nix` or `nixosConfigurations`:

```nix
{
  description = "BaseOS flake for c-base space";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    baseos.url = "https://code.c-base.org/lucy/baseos"; 
  };

  outputs = { self, nixpkgs, baseos }: let
    system = "x86_64-linux";
    pkgs = import nixpkgs { inherit system; };
  in
  {
    nixosConfigurations.cbase-client = pkgs.lib.nixosSystem {
      inherit system;
      modules = [
        baseos.nixosModules.cbase-wifi.${system}
        {
          boot.loader.systemd-boot.enable = true;
          boot.loader.efi.canTouchEfiVariables = true;
          networking.hostName = "cbase-client";

          # Enable c-base Wi-Fi
          networking.wireless.c-base = {
            crew = true;          # Member network
            usePublic = true;     # Guest network (only if crew enabled)
            useFreifunk = true;   # Berlin Freifunk
            credentialsFile = "/run/secrets/cbase-credentials";
          };

          system.stateVersion = "24.05";
        }
      ];
    };

    devShells.${system}.default = pkgs.mkShell {
      buildInputs = with pkgs; [
        nixos-rebuild
        git
        nixpkgs-fmt
        statix
        deadnix
      ];
    };

    packages.${system}.isrg-root-x1 = baseos.packages.${system}.isrg-root-x1;
  };
}
```

---

### Wi-Fi Connection Priorities

- `c-base-crew` → 20
- `c-base-public` → 10
- `berlin.freifunk.net` → 5

---

### Development

Enter the dev shell:

```bash
nix develop
```

Run formatter:

```bash
nix build .#formatter
```

Run formatting checks:

```bash
nix build .#checks
```

---

### Certificate

Use the certificate only for the crew network:

```nix
pkgs.byName.is.isrg-root-x1
```

---

### Target Audience

**BaseOS** is for anyone who:
- Is a member of the c-base Space.
- Wants a reproducible NixOS environment for Wi-Fi, certificates, and dev tools.
- Wants to use the flake as a base for other c-base projects.
init 2025-09-25 13:51:04 +02:00			`# BaseOS`

			`BaseOS is a NixOS flake designed specifically for life and work at the c-base Space.`

			`---`

			`## Features`

			`- c-base Wi-Fi:`
			- `c-base-crew` → Members network (EAP/PEAP/MSCHAPv2), requires ISRG Root X1 certificate.
			- `c-base-public` → Guest network, open, no certificate needed.
			- Freifunk Berlin: `berlin.freifunk.net`, open community Wi-Fi.
			- ISRG Root X1 Certificate as a package (`pkgs.byName.is.isrg-root-x1`) only used for crew Wi-Fi.


			`---`

			`## Project Structure`

			```
			`flake.nix`
			`cbase-wifi.nix`
			`pkgs/`
			`└── by-name/`
			`└── is/`
			`└── isrg-root-x1/`
			`└── default.nix`
			`README.md`
			```

			`---`

			`## Usage as a Nix Flake`

			Here is a fully working example to include in your `flake.nix` or `nixosConfigurations`:

			```nix
			`{`
			`description = "BaseOS flake for c-base space";`

			`inputs = {`
			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
			`baseos.url = "https://code.c-base.org/lucy/baseos";`
			`};`

			`outputs = { self, nixpkgs, baseos }: let`
			`system = "x86_64-linux";`
			`pkgs = import nixpkgs { inherit system; };`
			`in`
			`{`
			`nixosConfigurations.cbase-client = pkgs.lib.nixosSystem {`
			`inherit system;`
			`modules = [`
			`baseos.nixosModules.cbase-wifi.${system}`
			`{`
			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`
			`networking.hostName = "cbase-client";`

			`# Enable c-base Wi-Fi`
			`networking.wireless.c-base = {`
			`crew = true; # Member network`
			`usePublic = true; # Guest network (only if crew enabled)`
			`useFreifunk = true; # Berlin Freifunk`
			`credentialsFile = "/run/secrets/cbase-credentials";`
			`};`

			`system.stateVersion = "24.05";`
			`}`
			`];`
			`};`

			`devShells.${system}.default = pkgs.mkShell {`
			`buildInputs = with pkgs; [`
			`nixos-rebuild`
			`git`
			`nixpkgs-fmt`
			`statix`
			`deadnix`
			`];`
			`};`

			`packages.${system}.isrg-root-x1 = baseos.packages.${system}.isrg-root-x1;`
			`};`
			`}`
			```

			`---`

			`### Wi-Fi Connection Priorities`

			- `c-base-crew` → 20
			- `c-base-public` → 10
			- `berlin.freifunk.net` → 5

			`---`

			`### Development`

			`Enter the dev shell:`

			```bash
			`nix develop`
			```

			`Run formatter:`

			```bash
			`nix build .#formatter`
			```

			`Run formatting checks:`

			```bash
			`nix build .#checks`
			```

			`---`

			`### Certificate`

			`Use the certificate only for the crew network:`

			```nix
			`pkgs.byName.is.isrg-root-x1`
			```

			`---`

			`### Target Audience`

			`BaseOS is for anyone who:`
			`- Is a member of the c-base Space.`
			`- Wants a reproducible NixOS environment for Wi-Fi, certificates, and dev tools.`
			`- Wants to use the flake as a base for other c-base projects.`