This repository contains packages used in the Ghaf framework - a hardened virtualization platform for edge computing.
# Clone the repository
git clone https://github.com/tiiuae/ghafpkgs.git
cd ghafpkgs
# Enter development environment
nix develop
# Build a package
nix build .#ghaf-audio-control
# Update all package dependencies
update-deps
# Update with source upgrades (potentially breaking)
update-deps --upgradeVisual assets and themes for Ghaf systems.
ghaf-artwork- Ghaf branding and artwork assetsghaf-theme- GTK4 theme for Ghaf desktop environmentghaf-wallpapers- Default wallpapers collection
Python applications and utilities, all modernized with pyproject.toml + uv.
ghaf-usb-applet- USB panel applet for COSMIC (GTK4) with system tray integrationgps-websock- GPS endpoint exposed over WebSocket for real-time location dataldap-query- LDAP/Active Directory query tool with GSSAPI authvinotify- VM file system notification service using inotify
High-performance system utilities written in Rust.
ghaf-kill-switch-app- GUI Application for kill switchghaf-mem-manager- Memory management utilitiesghaf-nw-packet-forwarder- Network packet forwarding service
Go-based system services and utilities.
swtmp-proxy-shim- Software TPM proxy shim
C++ applications with desktop integration.
ghaf-audio-control- Audio control application with Qt6 GUIdbus-proxy- Proxy connecting DBuses between two separate VMsvsockproxy- VM Sockets proxy for guest-to-guest communication
Repository maintenance and development utilities.
update-deps- Automatic dependency updater for all package types
# Enter development shell with all tools
nix develop
# Available tools in devshell:
# - update-deps (dependency management)
# - reuse (license compliance)
# - cargo (Rust development)
# - go (Go development)
# - nix-fast-build (efficient Nix builds)
# - All package-specific build tools# Build specific packages
nix build .#ghaf-audio-control
nix build .#ghaf-mem-manager
nix build .#ghaf-kill-switch-app
nix build .#ghaf-usb-applet
nix build .#gps-websock
nix build .#vsockproxy
# Build all packages
nix flake check
# Fast parallel builds
nix-fast-buildThe repository includes an automated dependency updater that supports all package types:
# Safe updates (lock files only)
update-deps
# Full upgrades (potentially breaking)
update-deps --upgrade
# Show help
update-deps --helpSupported Package Managers:
- Rust:
cargo update/cargo upgrade - Go:
go get -u=patch/go get -u - Python:
uv sync/uv add --upgrade - Node.js:
npm update/npm upgrade
- Choose appropriate category (
art/,python/,rust/,go/,cpp/) - Create package directory with
default.nixorpackage.nix - Add to category's
default.nixexport list - Use modern packaging standards:
- Python:
pyproject.tomlwithuvandhatchling - Rust:
Cargo.tomlwith workspace support - Go:
go.modwith proper module structure
- Python:
All Python packages use modern tooling:
# pyproject.toml example
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[project]
name = "package-name"
version = "1.0.0"
dependencies = ["dep1>=1.0", "dep2>=2.0"]
[project.scripts]
command-name = "module.main:main"# For Python packages
{
buildPythonApplication,
hatchling,
uv,
# dependencies...
}:
buildPythonApplication {
pname = "package-name";
version = "1.0.0";
build-system = [ hatchling uv ];
propagatedBuildInputs = [ /* runtime deps */ ];
src = ./package-source;
pyproject = true;
doCheck = false;
meta = {
description = "Package description";
license = lib.licenses.asl20;
platforms = platforms.linux;
};
}ghafpkgs/
βββ packages/
β βββ art/ # Visual assets and themes
β βββ cpp/ # C++ applications
β βββ go/ # Go services
β βββ python/ # Python applications
β βββ rust/ # Rust utilities
β βββ update-deps/ # Development tools
β βββ flake-module.nix
βββ nix/
β βββ devshell.nix # Development environment
βββ flake.nix # Main flake configuration
βββ README.md # This file
- Nix Flakes for reproducible builds and dependency management
- Category-based organization with dedicated
default.nixin each category - Modern package managers: uv (Python), cargo (Rust), go modules (Go)
- Automated dependency management with
update-depstool
Packages are designed to integrate with:
- Ghaf Framework - Main virtualization platform
- NixOS configurations - System-level integration
- Development workflows - CI/CD and testing
- Security frameworks - Hardened virtualization context
# Weekly dependency updates (safe)
update-deps
nix flake check
git commit -am "chore: update dependency lock files"
# License compliance check
reuse lint
# Code formatting
nix fmt# Quarterly dependency upgrades (potentially breaking)
update-deps --upgrade
nix flake check
# Review and fix any breaking changes
git commit -am "feat: upgrade dependencies to latest versions"- Update dependencies:
update-deps --upgrade - Run full tests:
nix flake check - Update documentation if needed
- Tag release: Follow semantic versioning
- Update Ghaf framework integration
- Fork the repository
- Create feature branch:
git checkout -b feature/new-package - Enter dev environment:
nix develop - Make changes following the patterns in existing packages
- Test thoroughly:
nix build .#your-package - Update dependencies:
update-deps - Run checks:
nix flake check && reuse lint - Submit pull request
- License compliance: All files must have SPDX headers (
reuse lint) - Modern packaging: Use latest standards (pyproject.toml, Cargo.toml, go.mod)
- Documentation: Include README.md for complex packages
- Testing: Ensure packages build successfully with
nix flake check
Licensed under Apache-2.0. See LICENSES/Apache-2.0.txt for details.
This project follows the REUSE specification for license compliance.
- Ghaf Framework - Main virtualization platform
- Ghaf Documentation - Project documentation and guides
- TII Open Source - Technology Innovation Institute projects
- Documentation: ghaf.dev
- Issues: GitHub Issues
- Community: Ghaf Community
Ghaf Packages - Hardened virtualization platform components π‘οΈ Security-focused β’ π Edge-optimized β’ π§ Developer-friendly