Phase 2 of #273. Adds `packages.${system}.frontend` to the flake —
a `buildNpmPackage` derivation that consumes the lockfile committed
in the previous step and produces two static dist trees under $out:
$out/dashboard/ the hive-c0re dashboard SPA assets
(index.html, app.js, dashboard.css, favicon.svg)
$out/agent/ the per-agent default UI assets
(index.html, app.js, stats.html, stats.js,
agent.css, screen.html)
The dashboard favicon lives outside the frontend src tree
(branding/hyperhive.svg at the repo root). It's passed in as a
callPackage argument so the hermetic build can grab it.
`npmDepsHash` is set to `lib.fakeHash` — the build will fail on
first attempt with the actual sha256 printed; copy that in. Use
`nix run nixpkgs#prefetch-npm-deps -- frontend/package-lock.json`
to recompute locally without a build round-trip (works from
operator's host; iris's container can't recompute it without
prefetch-npm-deps in PATH).
The Rust crates and NixOS modules continue to use the legacy
include_str! routes; cutover happens in Phase 4.
Refs #273.
The VNC desktop faded to black after weston's default 300s idle
timeout, and on wake desktop-shell showed its click-to-unlock lock
screen (a green circle) — pointless for an agent desktop viewed
over /screen, and confusing for the operator (issue #180).
Add [core] idle-time=0 to the generated weston.ini. Verified against
weston 14.0.1: idle-time parses to compositor->idle_time, and
weston_compositor_wake arms the idle timer with idle_time*1000 ms;
0 ms makes wl_event_source_timer_update disarm the timer, so the
compositor never transitions to IDLE and desktop-shell never locks.
closes#180
Foundation for the per-agent icon feature (#137).
- harness-base.nix: new hyperhive.icon option (nullable path to an
SVG). An agent commits an SVG into its config repo and references
it as ./icon.svg; when set it lands at /etc/hyperhive/icon.svg.
- web_ui.rs: GET /icon serves the configured SVG, falling back to the
bundled hyperhive logo when none is set — so it always returns an
image and consumers can hit it unconditionally.
Closes#139
Two consecutive single quotes ('') inside a Nix indented string (''...'')
are treated as the string-end delimiter, breaking nix evaluation.
Switch the shell -c argument from double-quotes to single-quotes so
the Python string literals use double-quotes instead, avoiding any ''
sequences in the Nix source.
weston calls pam_start("weston-remote-access", ...) in libweston/auth.c.
The previous security.pam.services.weston entry created /etc/pam.d/weston
which was never consulted, so PAM fell back to the system default and
rejected all credentials. Renaming to weston-remote-access makes
pam_permit.so actually take effect.
Fixes#92
