Bring in the guix-installer-vm.

Having several VM inside the same repository could help as some of the
fixes between the two repositories are extremely similar and could be
done in the same commit.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
Denis 'GNUtoo' Carikli 2023-10-07 01:40:09 +02:00
commit 4937beac06
Signed by: GNUtoo
GPG Key ID: 5F5DFCC14177E263
8 changed files with 457 additions and 2 deletions

18
.gitignore vendored
View File

@ -1,3 +1,13 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
*~
\#*\#
aclocal.m4
@ -7,6 +17,10 @@ config.status
configure
first-boot.sh
guix-commit.txt
guix-installer-vm.img
guix-installer-vm.tar
guix-installer-vm.tar.xz
guix-installer-vm.tar.xz.b64
id_ed25519
id_ed25519.pub
id_wireguard
@ -15,10 +29,10 @@ install-sh
Makefile
Makefile.in
missing
mumble-vm-machine.scm
mumble-vm-system.scm
mumble-vm.tar
mumble-vm.tar.xz
mumble-vm.tar.xz.b64
mumble-vm-machine.scm
mumble-vm-system.scm
signing-key.pub
wireguard-post-up.sh

20
guix-installer-vm/.gitignore vendored Normal file
View File

@ -0,0 +1,20 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
*~
\#*\#
guix-commit.txt
guix-installer-vm.img
guix-installer-vm.tar
guix-installer-vm.tar.xz
guix-installer-vm.tar.xz.b64
id_ed25519
id_ed25519.pub
signing-key.pub

View File

@ -0,0 +1,69 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
.PHONY: all deploy
all: guix-installer-vm.img
# Generate default key. Can be changed by replacing id_ed25519.pub.
id_ed25519.pub:
printf "ssh-ed25519 %s %s" \
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
'gnutoo@primary_laptop' \
> $@
# Generate default key. Can be changed by replacing signing-key.pub.
signing-key.pub:
printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
>$@
# We want to only update the image when guix commit changes. The trick
# to make that work is to only create or update a file when the revision
# changes.
guix-commit.txt: Makefile
if [ ! -f $@ ] ; then \
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
elif [ "$(cat $@)" != \
"$(guix describe | \
grep '^ commit:' | awk '{print $$2}')" ] ; then \
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
fi
TARBALL_SOURCE = \
first-boot.sh \
guix-commit.txt \
guix-installer-vm-system.scm \
id_ed25519.pub \
Makefile \
signing-key.pub
guix-installer-vm.tar: $(TARBALL_SOURCE)
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
guix-installer-vm.tar.xz: guix-installer-vm.tar
xz -f -9e --verbose $<
guix-installer-vm.tar.xz.b64: guix-installer-vm.tar.xz
base64 $< > $@
IMAGE_SOURCE = \
$(TARBALL_SOURCE) \
guix-installer-vm.tar.xz
guix-installer-vm.img: $(IMAGE_SOURCE)
install \
`guix system image \
--image-type=mbr-raw \
--image-size=4G guix-installer-vm-system.scm` \
$@
deploy:
guix deploy -L . guix-installer-vm-machine.scm

14
guix-installer-vm/README Normal file
View File

@ -0,0 +1,14 @@
License
=======
This project is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This project is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this project. If not, see <http://www.gnu.org/licenses/>.

29
guix-installer-vm/first-boot.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
#
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
set -e
report()
{
ret=$?
message="$@"
if [ ${ret} -eq 0 ] ; then
echo "[ OK ] ${message}"
else
echo "[ !! ] ${message} failed"
exit ${ret}
fi
}
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
partprobe
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"

View File

@ -0,0 +1,35 @@
;;; Copyright © Guix documentation authors
;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;;
;;; This file is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; This file is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
(use-modules (gnu)
(gnu machine)
(gnu machine ssh))
(list
(machine
(operating-system
(@ (guix-installer-vm-system) guix-installer-vm-operating-system))
(environment managed-host-environment-type)
(configuration
(machine-ssh-configuration
(authorize? #t)
(build-locally? #f)
(host-key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGgswfvxxErFStqBGY81N0uuLndjA5l9bGd4DGlcK9F")
(host-name "2001:910:1021::118")
(identity "./id_ed25519")
(port 222)
(system "x86_64-linux")
(user "root")))))

View File

@ -0,0 +1,172 @@
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;
;; This file is free software; you can redistribute it and/or modify it
;; under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or (at
;; your option) any later version.
;;
;; You should have received a copy of the GNU General Public License
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix-installer-vm-system)
#:use-module (gnu)
#:use-module (gnu packages admin)
#:use-module (gnu packages certs)
#:use-module (gnu packages disk)
#:use-module (gnu packages dns)
#:use-module (gnu packages linux)
#:use-module (gnu packages screen)
#:use-module (gnu packages ssh)
#:use-module (gnu packages tls)
#:use-module (gnu services admin)
#:use-module (gnu services certbot)
#:use-module (gnu services ssh)
#:use-module (gnu services telephony)
#:use-module (gnu services vpn)
#:use-module (gnu services web)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix utils)
#:export (guix-installer-vm-operating-system))
(define guix-installer-vm-config
(package
(name "guix-installer-vm-config")
(version "0.1")
;; TODO: Make that tarball reproducible
(source (local-file "guix-installer-vm.tar.xz"))
(build-system copy-build-system)
(arguments
(list
#:install-plan
#~(list
'("first-boot.sh" "share/guix-installer-vm/configs/")
'("guix-commit.txt" "share/guix-installer-vm/configs/")
'("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
'("id_ed25519.pub" "share/guix-installer-vm/configs/")
'("Makefile" "share/guix-installer-vm/configs/")
'("signing-key.pub" "share/guix-installer-vm/configs/")
'(#$source
"share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
(synopsis "Full machine configuration.")
(description
"This contains all the configuration files of this machine. This is
needed for unattended upgrades to work.")
(home-page "DOMAIN")
(license license:gpl3+)))
(define first-boot-script
(package
(name "first-boot-script")
(version "0.1")
(source (local-file "first-boot.sh" ))
(build-system gnu-build-system)
(arguments
(list #:tests? #f ;no tests
#:phases
#~(modify-phases
%standard-phases
(delete 'build)
(delete 'configure)
(replace 'install
(lambda _
(chmod "first-boot.sh" #o755)
(install-file
"first-boot.sh"
(string-append (string-append #$output "/bin"))))))))
(inputs (list e2fsprogs parted util-linux))
(synopsis "Script to run on first boot.")
(description
"The first-boot.sh script resize the rootfs and updates the system.")
(home-page #f)
(license license:gpl3+)))
(define guix-installer-vm-operating-system
(operating-system
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
(targets '("/dev/vda"))
(terminal-outputs '(serial_0))))
(kernel-arguments (append '("console=ttyS0")))
(file-systems (cons (file-system
(device (file-system-label "Guix_image"))
(mount-point "/")
(type "ext4")) %base-file-systems))
(host-name "guix-installer-vm")
(timezone "Europe/Paris")
(packages (append (list first-boot-script
guix-installer-vm-config
htop
net-tools
nss-certs
parted
screen)
%base-packages))
(services
(append
(list
;; Agetty
;; ttyS0 is already setup automatically due to the console=ttyS0
;; kernel argument
(service agetty-service-type
(agetty-configuration (term "xterm-256color")
(tty "ttyS1")))
(service agetty-service-type
(agetty-configuration (term "xterm-256color")
(tty "ttyS2")))
(service agetty-service-type
(agetty-configuration (term "xterm-256color")
(tty "ttyS3")))
;; Networking
(service
static-networking-service-type
(list
(static-networking
(addresses (list (network-address
(device "eth0")
(value "192.168.1.118/16"))
(network-address
(device "eth0")
(value "2001:910:1021::118/64"))))
(routes (list (network-route
(destination "default")
(gateway "192.168.0.1"))
(network-route
(destination "default")
(gateway "2001:910:1021::1"))))
(name-servers (list "192.168.0.1" "2001:910:1021::1")))))
;; OpenSSH
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(use-pam? #f)
(port-number 222)
(permit-root-login #t)
(password-authentication? #f)
(challenge-response-authentication? #f)
(authorized-keys
`(("root" , (local-file "id_ed25519.pub"))
("gnutoo" ,(local-file "id_ed25519.pub"))))))
;; Unattended Upgrades
(service
unattended-upgrade-service-type
(unattended-upgrade-configuration
(operating-system-file
(string-append "/run/current-system/profile"
"/share/guix-installer-vm/configs/"
"guix-installer-vm-system.scm"))
(schedule "0 * * * * ")
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
(modify-services
%base-services
(guix-service-type config => (guix-configuration
(authorized-keys
(append
(list
(local-file
"signing-key.pub"))
%default-authorized-guix-keys)))))))))
guix-installer-vm-operating-system

View File

@ -0,0 +1,102 @@
<domain type="kvm">
<name>guix-vm-installer</name>
<memory unit="KiB">2097152</memory>
<currentMemory unit="KiB">2097152</currentMemory>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="none" migratable="on"/>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="raw"/>
<source file="/srv/vmverse/installation/guix-installer-vm.img"/>
<target dev="sda" bus="usb" removable="on"/>
<readonly/>
<address type="usb" bus="0" port="1"/>
</disk>
<controller type="usb" index="0" model="ich9-ehci1">
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
</controller>
<controller type="usb" index="0" model="ich9-uhci1">
<master startport="0"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
</controller>
<controller type="usb" index="0" model="ich9-uhci2">
<master startport="2"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
</controller>
<controller type="usb" index="0" model="ich9-uhci3">
<master startport="4"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
</controller>
<controller type="pci" index="0" model="pci-root"/>
<interface type="bridge">
<source bridge="br0"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<serial type="pty">
<target type="isa-serial" port="1">
<model name="isa-serial"/>
</target>
</serial>
<serial type="pty">
<target type="isa-serial" port="2">
<model name="isa-serial"/>
</target>
</serial>
<serial type="pty">
<target type="isa-serial" port="3">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<input type="keyboard" bus="ps2"/>
<input type="mouse" bus="ps2"/>
<graphics type="spice">
<listen type="none"/>
<gl enable="no"/>
</graphics>
<audio id="1" type="spice"/>
<video>
<model type="none"/>
</video>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
</memballoon>
<rng model="virtio">
<backend model="random">/dev/urandom</backend>
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
</rng>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes"/>
</domain>