Bring in the guix-installer-vm.
Having several VM inside the same repository could help as some of the fixes between the two repositories are extremely similar and could be done in the same commit. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
commit
4937beac06
|
@ -1,3 +1,13 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
*~
|
||||
\#*\#
|
||||
aclocal.m4
|
||||
|
@ -7,6 +17,10 @@ config.status
|
|||
configure
|
||||
first-boot.sh
|
||||
guix-commit.txt
|
||||
guix-installer-vm.img
|
||||
guix-installer-vm.tar
|
||||
guix-installer-vm.tar.xz
|
||||
guix-installer-vm.tar.xz.b64
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
id_wireguard
|
||||
|
@ -15,10 +29,10 @@ install-sh
|
|||
Makefile
|
||||
Makefile.in
|
||||
missing
|
||||
mumble-vm-machine.scm
|
||||
mumble-vm-system.scm
|
||||
mumble-vm.tar
|
||||
mumble-vm.tar.xz
|
||||
mumble-vm.tar.xz.b64
|
||||
mumble-vm-machine.scm
|
||||
mumble-vm-system.scm
|
||||
signing-key.pub
|
||||
wireguard-post-up.sh
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
*~
|
||||
\#*\#
|
||||
guix-commit.txt
|
||||
guix-installer-vm.img
|
||||
guix-installer-vm.tar
|
||||
guix-installer-vm.tar.xz
|
||||
guix-installer-vm.tar.xz.b64
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
signing-key.pub
|
|
@ -0,0 +1,69 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
.PHONY: all deploy
|
||||
|
||||
all: guix-installer-vm.img
|
||||
|
||||
# Generate default key. Can be changed by replacing id_ed25519.pub.
|
||||
id_ed25519.pub:
|
||||
printf "ssh-ed25519 %s %s" \
|
||||
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
||||
'gnutoo@primary_laptop' \
|
||||
> $@
|
||||
|
||||
# Generate default key. Can be changed by replacing signing-key.pub.
|
||||
signing-key.pub:
|
||||
printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
|
||||
'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
|
||||
>$@
|
||||
|
||||
# We want to only update the image when guix commit changes. The trick
|
||||
# to make that work is to only create or update a file when the revision
|
||||
# changes.
|
||||
guix-commit.txt: Makefile
|
||||
if [ ! -f $@ ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
elif [ "$(cat $@)" != \
|
||||
"$(guix describe | \
|
||||
grep '^ commit:' | awk '{print $$2}')" ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
fi
|
||||
|
||||
TARBALL_SOURCE = \
|
||||
first-boot.sh \
|
||||
guix-commit.txt \
|
||||
guix-installer-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
|
||||
guix-installer-vm.tar: $(TARBALL_SOURCE)
|
||||
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
||||
|
||||
guix-installer-vm.tar.xz: guix-installer-vm.tar
|
||||
xz -f -9e --verbose $<
|
||||
|
||||
guix-installer-vm.tar.xz.b64: guix-installer-vm.tar.xz
|
||||
base64 $< > $@
|
||||
|
||||
IMAGE_SOURCE = \
|
||||
$(TARBALL_SOURCE) \
|
||||
guix-installer-vm.tar.xz
|
||||
|
||||
guix-installer-vm.img: $(IMAGE_SOURCE)
|
||||
install \
|
||||
`guix system image \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=4G guix-installer-vm-system.scm` \
|
||||
$@
|
||||
|
||||
deploy:
|
||||
guix deploy -L . guix-installer-vm-machine.scm
|
|
@ -0,0 +1,14 @@
|
|||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
set -e
|
||||
|
||||
report()
|
||||
{
|
||||
ret=$?
|
||||
message="$@"
|
||||
|
||||
if [ ${ret} -eq 0 ] ; then
|
||||
echo "[ OK ] ${message}"
|
||||
else
|
||||
echo "[ !! ] ${message} failed"
|
||||
exit ${ret}
|
||||
fi
|
||||
}
|
||||
|
||||
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
|
||||
partprobe
|
||||
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
|
|
@ -0,0 +1,35 @@
|
|||
;;; Copyright © Guix documentation authors
|
||||
;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;;
|
||||
;;; This file is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; This file is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(use-modules (gnu)
|
||||
(gnu machine)
|
||||
(gnu machine ssh))
|
||||
(list
|
||||
(machine
|
||||
(operating-system
|
||||
(@ (guix-installer-vm-system) guix-installer-vm-operating-system))
|
||||
(environment managed-host-environment-type)
|
||||
(configuration
|
||||
(machine-ssh-configuration
|
||||
(authorize? #t)
|
||||
(build-locally? #f)
|
||||
(host-key
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGgswfvxxErFStqBGY81N0uuLndjA5l9bGd4DGlcK9F")
|
||||
(host-name "2001:910:1021::118")
|
||||
(identity "./id_ed25519")
|
||||
(port 222)
|
||||
(system "x86_64-linux")
|
||||
(user "root")))))
|
|
@ -0,0 +1,172 @@
|
|||
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;
|
||||
;; This file is free software; you can redistribute it and/or modify it
|
||||
;; under the terms of the GNU General Public License as published by
|
||||
;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;; your option) any later version.
|
||||
;;
|
||||
;; You should have received a copy of the GNU General Public License
|
||||
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (guix-installer-vm-system)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages certs)
|
||||
#:use-module (gnu packages disk)
|
||||
#:use-module (gnu packages dns)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages screen)
|
||||
#:use-module (gnu packages ssh)
|
||||
#:use-module (gnu packages tls)
|
||||
#:use-module (gnu services admin)
|
||||
#:use-module (gnu services certbot)
|
||||
#:use-module (gnu services ssh)
|
||||
#:use-module (gnu services telephony)
|
||||
#:use-module (gnu services vpn)
|
||||
#:use-module (gnu services web)
|
||||
#:use-module (guix build-system copy)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix utils)
|
||||
#:export (guix-installer-vm-operating-system))
|
||||
|
||||
(define guix-installer-vm-config
|
||||
(package
|
||||
(name "guix-installer-vm-config")
|
||||
(version "0.1")
|
||||
;; TODO: Make that tarball reproducible
|
||||
(source (local-file "guix-installer-vm.tar.xz"))
|
||||
(build-system copy-build-system)
|
||||
(arguments
|
||||
(list
|
||||
#:install-plan
|
||||
#~(list
|
||||
'("first-boot.sh" "share/guix-installer-vm/configs/")
|
||||
'("guix-commit.txt" "share/guix-installer-vm/configs/")
|
||||
'("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
|
||||
'("id_ed25519.pub" "share/guix-installer-vm/configs/")
|
||||
'("Makefile" "share/guix-installer-vm/configs/")
|
||||
'("signing-key.pub" "share/guix-installer-vm/configs/")
|
||||
'(#$source
|
||||
"share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
|
||||
(synopsis "Full machine configuration.")
|
||||
(description
|
||||
"This contains all the configuration files of this machine. This is
|
||||
needed for unattended upgrades to work.")
|
||||
(home-page "DOMAIN")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define first-boot-script
|
||||
(package
|
||||
(name "first-boot-script")
|
||||
(version "0.1")
|
||||
(source (local-file "first-boot.sh" ))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
(list #:tests? #f ;no tests
|
||||
#:phases
|
||||
#~(modify-phases
|
||||
%standard-phases
|
||||
(delete 'build)
|
||||
(delete 'configure)
|
||||
(replace 'install
|
||||
(lambda _
|
||||
(chmod "first-boot.sh" #o755)
|
||||
(install-file
|
||||
"first-boot.sh"
|
||||
(string-append (string-append #$output "/bin"))))))))
|
||||
(inputs (list e2fsprogs parted util-linux))
|
||||
(synopsis "Script to run on first boot.")
|
||||
(description
|
||||
"The first-boot.sh script resize the rootfs and updates the system.")
|
||||
(home-page #f)
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define guix-installer-vm-operating-system
|
||||
(operating-system
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-minimal-bootloader)
|
||||
(targets '("/dev/vda"))
|
||||
(terminal-outputs '(serial_0))))
|
||||
(kernel-arguments (append '("console=ttyS0")))
|
||||
(file-systems (cons (file-system
|
||||
(device (file-system-label "Guix_image"))
|
||||
(mount-point "/")
|
||||
(type "ext4")) %base-file-systems))
|
||||
(host-name "guix-installer-vm")
|
||||
(timezone "Europe/Paris")
|
||||
(packages (append (list first-boot-script
|
||||
guix-installer-vm-config
|
||||
htop
|
||||
net-tools
|
||||
nss-certs
|
||||
parted
|
||||
screen)
|
||||
%base-packages))
|
||||
(services
|
||||
(append
|
||||
(list
|
||||
;; Agetty
|
||||
|
||||
;; ttyS0 is already setup automatically due to the console=ttyS0
|
||||
;; kernel argument
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS1")))
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS2")))
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS3")))
|
||||
;; Networking
|
||||
(service
|
||||
static-networking-service-type
|
||||
(list
|
||||
(static-networking
|
||||
(addresses (list (network-address
|
||||
(device "eth0")
|
||||
(value "192.168.1.118/16"))
|
||||
(network-address
|
||||
(device "eth0")
|
||||
(value "2001:910:1021::118/64"))))
|
||||
(routes (list (network-route
|
||||
(destination "default")
|
||||
(gateway "192.168.0.1"))
|
||||
(network-route
|
||||
(destination "default")
|
||||
(gateway "2001:910:1021::1"))))
|
||||
(name-servers (list "192.168.0.1" "2001:910:1021::1")))))
|
||||
;; OpenSSH
|
||||
(service openssh-service-type
|
||||
(openssh-configuration
|
||||
(openssh openssh-sans-x)
|
||||
(use-pam? #f)
|
||||
(port-number 222)
|
||||
(permit-root-login #t)
|
||||
(password-authentication? #f)
|
||||
(challenge-response-authentication? #f)
|
||||
(authorized-keys
|
||||
`(("root" , (local-file "id_ed25519.pub"))
|
||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||
;; Unattended Upgrades
|
||||
(service
|
||||
unattended-upgrade-service-type
|
||||
(unattended-upgrade-configuration
|
||||
(operating-system-file
|
||||
(string-append "/run/current-system/profile"
|
||||
"/share/guix-installer-vm/configs/"
|
||||
"guix-installer-vm-system.scm"))
|
||||
(schedule "0 * * * * ")
|
||||
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
|
||||
(modify-services
|
||||
%base-services
|
||||
(guix-service-type config => (guix-configuration
|
||||
(authorized-keys
|
||||
(append
|
||||
(list
|
||||
(local-file
|
||||
"signing-key.pub"))
|
||||
%default-authorized-guix-keys)))))))))
|
||||
guix-installer-vm-operating-system
|
|
@ -0,0 +1,102 @@
|
|||
<domain type="kvm">
|
||||
<name>guix-vm-installer</name>
|
||||
<memory unit="KiB">2097152</memory>
|
||||
<currentMemory unit="KiB">2097152</currentMemory>
|
||||
<resource>
|
||||
<partition>/machine</partition>
|
||||
</resource>
|
||||
<os>
|
||||
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
||||
<boot dev="hd"/>
|
||||
</os>
|
||||
<features>
|
||||
<acpi/>
|
||||
<apic/>
|
||||
<vmport state="off"/>
|
||||
</features>
|
||||
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||
<clock offset="utc">
|
||||
<timer name="rtc" tickpolicy="catchup"/>
|
||||
<timer name="pit" tickpolicy="delay"/>
|
||||
<timer name="hpet" present="no"/>
|
||||
</clock>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<pm>
|
||||
<suspend-to-mem enabled="no"/>
|
||||
<suspend-to-disk enabled="no"/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type="file" device="disk">
|
||||
<driver name="qemu" type="raw"/>
|
||||
<source file="/srv/vmverse/installation/guix-installer-vm.img"/>
|
||||
<target dev="sda" bus="usb" removable="on"/>
|
||||
<readonly/>
|
||||
<address type="usb" bus="0" port="1"/>
|
||||
</disk>
|
||||
<controller type="usb" index="0" model="ich9-ehci1">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci1">
|
||||
<master startport="0"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci2">
|
||||
<master startport="2"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci3">
|
||||
<master startport="4"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
||||
</controller>
|
||||
<controller type="pci" index="0" model="pci-root"/>
|
||||
<interface type="bridge">
|
||||
<source bridge="br0"/>
|
||||
<model type="virtio"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||
</interface>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="0">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="1">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="2">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="3">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<console type="pty">
|
||||
<target type="serial" port="0"/>
|
||||
</console>
|
||||
<input type="keyboard" bus="ps2"/>
|
||||
<input type="mouse" bus="ps2"/>
|
||||
<graphics type="spice">
|
||||
<listen type="none"/>
|
||||
<gl enable="no"/>
|
||||
</graphics>
|
||||
<audio id="1" type="spice"/>
|
||||
<video>
|
||||
<model type="none"/>
|
||||
</video>
|
||||
<memballoon model="virtio">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||
</memballoon>
|
||||
<rng model="virtio">
|
||||
<backend model="random">/dev/urandom</backend>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
||||
</rng>
|
||||
</devices>
|
||||
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
||||
</domain>
|
Loading…
Reference in New Issue