Bring in the guix-installer-vm.

Having several VM inside the same repository could help as some of the fixes between the two repositories are extremely similar and could be done in the same commit. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-10-07 01:40:09 +02:00 · 2023-10-07 01:40:09 +02:00 · 4937beac06
parent 2d58c051a7 848d381d50
commit 4937beac06
8 changed files with 457 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,13 @@
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
 *~
 \#*\#
 aclocal.m4
@ -7,6 +17,10 @@ config.status
 configure
 first-boot.sh
 guix-commit.txt
+guix-installer-vm.img
+guix-installer-vm.tar
+guix-installer-vm.tar.xz
+guix-installer-vm.tar.xz.b64
 id_ed25519
 id_ed25519.pub
 id_wireguard
@ -15,10 +29,10 @@ install-sh
 Makefile
 Makefile.in
 missing
+mumble-vm-machine.scm
+mumble-vm-system.scm
 mumble-vm.tar
 mumble-vm.tar.xz
 mumble-vm.tar.xz.b64
-mumble-vm-machine.scm
-mumble-vm-system.scm
 signing-key.pub
 wireguard-post-up.sh
--- a/guix-installer-vm/.gitignore
+++ b/guix-installer-vm/.gitignore
@ -0,0 +1,20 @@
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
+*~
+\#*\#
+guix-commit.txt
+guix-installer-vm.img
+guix-installer-vm.tar
+guix-installer-vm.tar.xz
+guix-installer-vm.tar.xz.b64
+id_ed25519
+id_ed25519.pub
+signing-key.pub
--- a/guix-installer-vm/Makefile
+++ b/guix-installer-vm/Makefile
@ -0,0 +1,69 @@
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
+.PHONY: all deploy
+
+all: guix-installer-vm.img
+
+# Generate default key. Can be changed by replacing id_ed25519.pub.
+id_ed25519.pub:
+	printf "ssh-ed25519 %s %s" \
+	'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
+	'gnutoo@primary_laptop' \
+	> $@
+
+# Generate default key. Can be changed by replacing signing-key.pub.
+signing-key.pub:
+	printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
+	'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
+	>$@
+
+# We want to only update the image when guix commit changes. The trick
+# to make that work is to only create or update a file when the revision
+# changes.
+guix-commit.txt: Makefile
+	if [ ! -f $@ ] ; then \
+		guix describe | grep '^    commit:' | awk '{print $$2}' > $@ ; \
+	elif [ "$(cat $@)" != \
+	       "$(guix describe | \
+			grep '^    commit:' | awk '{print $$2}')" ] ; then \
+		guix describe | grep '^    commit:' | awk '{print $$2}' > $@ ; \
+	fi
+
+TARBALL_SOURCE = \
+	first-boot.sh \
+	guix-commit.txt \
+	guix-installer-vm-system.scm \
+	id_ed25519.pub \
+	Makefile \
+	signing-key.pub
+
+guix-installer-vm.tar: $(TARBALL_SOURCE)
+	tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
+
+guix-installer-vm.tar.xz: guix-installer-vm.tar
+	xz -f -9e --verbose $<
+
+guix-installer-vm.tar.xz.b64: guix-installer-vm.tar.xz
+	base64 $< > $@
+
+IMAGE_SOURCE = \
+	$(TARBALL_SOURCE) \
+	guix-installer-vm.tar.xz
+
+guix-installer-vm.img: $(IMAGE_SOURCE)
+	install \
+		`guix system image \
+			--image-type=mbr-raw \
+			--image-size=4G guix-installer-vm-system.scm` \
+		$@
+
+deploy:
+	guix deploy -L . guix-installer-vm-machine.scm
--- a/guix-installer-vm/README
+++ b/guix-installer-vm/README
@ -0,0 +1,14 @@
+License
+=======
+This project is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This project is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this project.  If not, see <http://www.gnu.org/licenses/>.
--- a/guix-installer-vm/first-boot.sh
+++ b/guix-installer-vm/first-boot.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+set -e
+
+report()
+{
+    ret=$?
+    message="$@"
+
+    if [ ${ret} -eq 0 ] ; then
+	echo "[ OK ] ${message}"
+    else
+	echo "[ !! ] ${message} failed"
+	exit ${ret}
+    fi
+}
+
+echo ';;L;*' | sfdisk -f /dev/vda  ; report "Resizing /dev/vda1 partition" ; \
+partprobe
+resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
--- a/guix-installer-vm/guix-installer-vm-machine.scm
+++ b/guix-installer-vm/guix-installer-vm-machine.scm
@ -0,0 +1,35 @@
+;;; Copyright © Guix documentation authors
+;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+;;;
+;;; This file is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; This file is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules (gnu)
+             (gnu machine)
+             (gnu machine ssh))
+(list
+ (machine
+  (operating-system
+   (@ (guix-installer-vm-system) guix-installer-vm-operating-system))
+  (environment managed-host-environment-type)
+  (configuration
+   (machine-ssh-configuration
+    (authorize? #t)
+    (build-locally? #f)
+    (host-key
+     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGgswfvxxErFStqBGY81N0uuLndjA5l9bGd4DGlcK9F")
+    (host-name "2001:910:1021::118")
+    (identity "./id_ed25519")
+    (port 222)
+    (system "x86_64-linux")
+    (user "root")))))
--- a/guix-installer-vm/guix-installer-vm-system.scm
+++ b/guix-installer-vm/guix-installer-vm-system.scm
@ -0,0 +1,172 @@
+;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+;;
+;; This file is free software; you can redistribute it and/or modify it
+;; under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or (at
+;; your option) any later version.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix-installer-vm-system)
+  #:use-module (gnu)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages certs)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages dns)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages screen)
+  #:use-module (gnu packages ssh)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu services admin)
+  #:use-module (gnu services certbot)
+  #:use-module (gnu services ssh)
+  #:use-module (gnu services telephony)
+  #:use-module (gnu services vpn)
+  #:use-module (gnu services web)
+  #:use-module (guix build-system copy)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix utils)
+  #:export (guix-installer-vm-operating-system))
+
+(define guix-installer-vm-config
+  (package
+    (name "guix-installer-vm-config")
+    (version "0.1")
+    ;; TODO: Make that tarball reproducible
+    (source (local-file "guix-installer-vm.tar.xz"))
+    (build-system copy-build-system)
+    (arguments
+     (list
+     #:install-plan
+     #~(list
+        '("first-boot.sh" "share/guix-installer-vm/configs/")
+        '("guix-commit.txt" "share/guix-installer-vm/configs/")
+        '("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
+        '("id_ed25519.pub" "share/guix-installer-vm/configs/")
+        '("Makefile" "share/guix-installer-vm/configs/")
+        '("signing-key.pub" "share/guix-installer-vm/configs/")
+        '(#$source
+          "share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
+    (synopsis "Full machine configuration.")
+    (description
+     "This contains all the configuration files of this machine. This is
+needed for unattended upgrades to work.")
+    (home-page "DOMAIN")
+    (license license:gpl3+)))
+
+(define first-boot-script
+  (package
+    (name "first-boot-script")
+    (version "0.1")
+    (source (local-file "first-boot.sh" ))
+    (build-system gnu-build-system)
+    (arguments
+     (list #:tests? #f ;no tests
+           #:phases
+           #~(modify-phases
+              %standard-phases
+              (delete 'build)
+              (delete 'configure)
+              (replace 'install
+                       (lambda _
+                         (chmod "first-boot.sh" #o755)
+                         (install-file
+                          "first-boot.sh"
+                          (string-append (string-append #$output "/bin"))))))))
+    (inputs (list e2fsprogs parted util-linux))
+    (synopsis "Script to run on first boot.")
+    (description
+     "The first-boot.sh script resize the rootfs and updates the system.")
+    (home-page #f)
+    (license license:gpl3+)))
+
+(define guix-installer-vm-operating-system
+  (operating-system
+   (bootloader (bootloader-configuration
+                (bootloader grub-minimal-bootloader)
+                (targets '("/dev/vda"))
+                (terminal-outputs '(serial_0))))
+   (kernel-arguments (append '("console=ttyS0")))
+   (file-systems (cons (file-system
+                        (device (file-system-label "Guix_image"))
+                        (mount-point "/")
+                        (type "ext4")) %base-file-systems))
+   (host-name "guix-installer-vm")
+   (timezone "Europe/Paris")
+   (packages (append (list first-boot-script
+                           guix-installer-vm-config
+                           htop
+                           net-tools
+                           nss-certs
+                           parted
+                           screen)
+                     %base-packages))
+   (services
+    (append
+     (list
+      ;; Agetty
+
+      ;; ttyS0 is already setup automatically due to the console=ttyS0
+      ;; kernel argument
+      (service agetty-service-type
+               (agetty-configuration (term "xterm-256color")
+                                     (tty "ttyS1")))
+      (service agetty-service-type
+               (agetty-configuration (term "xterm-256color")
+                                     (tty "ttyS2")))
+      (service agetty-service-type
+               (agetty-configuration (term "xterm-256color")
+                                     (tty "ttyS3")))
+      ;; Networking
+      (service
+       static-networking-service-type
+       (list
+        (static-networking
+         (addresses (list (network-address
+                           (device "eth0")
+                           (value "192.168.1.118/16"))
+                          (network-address
+                           (device "eth0")
+                           (value "2001:910:1021::118/64"))))
+         (routes (list (network-route
+                        (destination "default")
+                        (gateway "192.168.0.1"))
+                       (network-route
+                        (destination "default")
+                        (gateway "2001:910:1021::1"))))
+         (name-servers (list "192.168.0.1" "2001:910:1021::1")))))
+      ;; OpenSSH
+      (service openssh-service-type
+               (openssh-configuration
+                (openssh openssh-sans-x)
+                (use-pam? #f)
+                (port-number 222)
+                (permit-root-login #t)
+                (password-authentication? #f)
+                (challenge-response-authentication? #f)
+                (authorized-keys
+                 `(("root" , (local-file "id_ed25519.pub"))
+                   ("gnutoo" ,(local-file "id_ed25519.pub"))))))
+      ;; Unattended Upgrades
+      (service
+       unattended-upgrade-service-type
+       (unattended-upgrade-configuration
+        (operating-system-file
+         (string-append "/run/current-system/profile"
+                        "/share/guix-installer-vm/configs/"
+                        "guix-installer-vm-system.scm"))
+        (schedule "0 * * * * ")
+        (services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
+     (modify-services
+      %base-services
+      (guix-service-type config => (guix-configuration
+                                    (authorized-keys
+                                     (append
+                                      (list
+                                       (local-file
+                                        "signing-key.pub"))
+                                      %default-authorized-guix-keys)))))))))
+guix-installer-vm-operating-system
--- a/guix-installer-vm/guix-installer-vm.xml
+++ b/guix-installer-vm/guix-installer-vm.xml
@ -0,0 +1,102 @@
+<domain type="kvm">
+  <name>guix-vm-installer</name>
+  <memory unit="KiB">2097152</memory>
+  <currentMemory unit="KiB">2097152</currentMemory>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
+    <boot dev="hd"/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state="off"/>
+  </features>
+  <cpu mode="host-passthrough" check="none" migratable="on"/>
+  <clock offset="utc">
+    <timer name="rtc" tickpolicy="catchup"/>
+    <timer name="pit" tickpolicy="delay"/>
+    <timer name="hpet" present="no"/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled="no"/>
+    <suspend-to-disk enabled="no"/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type="file" device="disk">
+      <driver name="qemu" type="raw"/>
+      <source file="/srv/vmverse/installation/guix-installer-vm.img"/>
+      <target dev="sda" bus="usb" removable="on"/>
+      <readonly/>
+      <address type="usb" bus="0" port="1"/>
+    </disk>
+    <controller type="usb" index="0" model="ich9-ehci1">
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
+    </controller>
+    <controller type="usb" index="0" model="ich9-uhci1">
+      <master startport="0"/>
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
+    </controller>
+    <controller type="usb" index="0" model="ich9-uhci2">
+      <master startport="2"/>
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
+    </controller>
+    <controller type="usb" index="0" model="ich9-uhci3">
+      <master startport="4"/>
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
+    </controller>
+    <controller type="pci" index="0" model="pci-root"/>
+    <interface type="bridge">
+      <source bridge="br0"/>
+      <model type="virtio"/>
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
+    </interface>
+    <serial type="pty">
+      <target type="isa-serial" port="0">
+        <model name="isa-serial"/>
+      </target>
+    </serial>
+    <serial type="pty">
+      <target type="isa-serial" port="1">
+        <model name="isa-serial"/>
+      </target>
+    </serial>
+    <serial type="pty">
+      <target type="isa-serial" port="2">
+        <model name="isa-serial"/>
+      </target>
+    </serial>
+    <serial type="pty">
+      <target type="isa-serial" port="3">
+        <model name="isa-serial"/>
+      </target>
+    </serial>
+    <console type="pty">
+      <target type="serial" port="0"/>
+    </console>
+    <input type="keyboard" bus="ps2"/>
+    <input type="mouse" bus="ps2"/>
+    <graphics type="spice">
+      <listen type="none"/>
+      <gl enable="no"/>
+    </graphics>
+    <audio id="1" type="spice"/>
+    <video>
+      <model type="none"/>
+    </video>
+    <memballoon model="virtio">
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
+    </memballoon>
+    <rng model="virtio">
+      <backend model="random">/dev/urandom</backend>
+      <address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
+    </rng>
+  </devices>
+  <seclabel type="dynamic" model="dac" relabel="yes"/>
+</domain>