Add machine definition
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
3b8d7f2763
commit
7fe191c90d
|
@ -0,0 +1,5 @@
|
|||
*~
|
||||
\#*\#
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
signing-key.pub
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
DESTDIR ?= .
|
||||
|
||||
.PHONY: all help install update $(DESTDIR)/mumble-vm.img
|
||||
|
||||
IMAGE_SOURCE = \
|
||||
mumble-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
|
||||
all: help
|
||||
|
||||
help:
|
||||
@printf "Available commands:\n\
|
||||
make help # prints this help\n\
|
||||
make install # install image to $(DESTDIR)/ \n\
|
||||
make deploy # update existing vm with guix deploy through SSH\n\
|
||||
"
|
||||
|
||||
$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE)
|
||||
sudo install \
|
||||
`guix system image \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=6G mumble-vm-system.scm` \
|
||||
$@
|
||||
|
||||
install: $(DESTDIR)/mumble-vm.img
|
||||
|
||||
deploy:
|
||||
guix deploy -L . mumble-vm-machine.scm
|
|
@ -0,0 +1,38 @@
|
|||
;;; Copyright © Guix documentation authors
|
||||
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;;
|
||||
;;; This file is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; This file is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(use-modules (gnu)
|
||||
(gnu machine)
|
||||
(gnu machine ssh))
|
||||
(list
|
||||
(machine
|
||||
(operating-system
|
||||
(@ (mumble-vm-system) mumble-vm-operating-system))
|
||||
(environment managed-host-environment-type)
|
||||
(configuration
|
||||
(machine-ssh-configuration
|
||||
(authorize? #t)
|
||||
(build-locally? #f)
|
||||
(host-key
|
||||
(string-append
|
||||
"ssh-ed25519"
|
||||
" "
|
||||
"AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC"))
|
||||
(host-name "audio.experimental.a-lec.org")
|
||||
(identity "./id_ed25519")
|
||||
(port 222)
|
||||
(system "x86_64-linux")
|
||||
(user "root")))))
|
|
@ -0,0 +1,93 @@
|
|||
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;
|
||||
;; This file is free software; you can redistribute it and/or modify it
|
||||
;; under the terms of the GNU General Public License as published by
|
||||
;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;; your option) any later version.
|
||||
;;
|
||||
;; You should have received a copy of the GNU General Public License
|
||||
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (mumble-vm-system)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages dns)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages ssh)
|
||||
#:use-module (gnu services admin)
|
||||
#:use-module (gnu services ssh)
|
||||
#:export (mumble-vm-operating-system))
|
||||
|
||||
(define-public %nginx-deploy-hook
|
||||
(program-file
|
||||
"nginx-deploy-hook"
|
||||
#~(let
|
||||
((nginx-pid (call-with-input-file "/var/run/nginx/pid" read))
|
||||
(mumble-server-pid
|
||||
(call-with-input-file
|
||||
"/var/run/mumble-server/mumble-server.pid" read)))
|
||||
((lambda _
|
||||
(kill nginx-pid SIGHUP)
|
||||
(kill mumble-server-pid SIGUSR1))))))
|
||||
|
||||
(define mumble-vm-operating-system
|
||||
(operating-system
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-minimal-bootloader)
|
||||
(targets '("/dev/vda"))))
|
||||
;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4
|
||||
;; without doing many fsck?
|
||||
(file-systems (cons (file-system
|
||||
(device (file-system-label "Guix_image"))
|
||||
(mount-point "/")
|
||||
(type "ext4")) %base-file-systems))
|
||||
(host-name "mumble-vm")
|
||||
(timezone "Europe/Paris")
|
||||
(packages
|
||||
(append
|
||||
(list htop
|
||||
iftop
|
||||
`(,isc-bind "utils")
|
||||
net-tools
|
||||
nmon
|
||||
openssh-sans-x)
|
||||
%base-packages))
|
||||
(services
|
||||
(append
|
||||
(list
|
||||
;; Networking
|
||||
(service
|
||||
static-networking-service-type
|
||||
(list
|
||||
(static-networking
|
||||
(addresses (list (network-address
|
||||
(device "eth0")
|
||||
(value "192.168.10.37/24"))))
|
||||
(routes (list (network-route
|
||||
(destination "default")
|
||||
(gateway "192.168.10.1"))))
|
||||
(name-servers '("192.168.10.1")))))
|
||||
;; OpenSSH
|
||||
(service openssh-service-type
|
||||
(openssh-configuration
|
||||
(openssh openssh-sans-x)
|
||||
(use-pam? #f)
|
||||
(port-number 222)
|
||||
(permit-root-login #t)
|
||||
(password-authentication? #f)
|
||||
(challenge-response-authentication? #f)
|
||||
(authorized-keys
|
||||
`(("root" , (local-file "id_ed25519.pub"))
|
||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||
;; Unattended Upgrades
|
||||
(service unattended-upgrade-service-type))
|
||||
(modify-services
|
||||
%base-services
|
||||
(guix-service-type config => (guix-configuration
|
||||
(authorized-keys
|
||||
(append
|
||||
(list
|
||||
(local-file
|
||||
"signing-key.pub"))
|
||||
%default-authorized-guix-keys)))))))))
|
||||
mumble-vm-operating-system
|
|
@ -0,0 +1,90 @@
|
|||
<domain type="kvm">
|
||||
<name>mumble-vm</name>
|
||||
<memory unit="KiB">4194304</memory>
|
||||
<currentMemory unit="KiB">4194304</currentMemory>
|
||||
<resource>
|
||||
<partition>/machine</partition>
|
||||
</resource>
|
||||
<os>
|
||||
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
||||
<boot dev="hd"/>
|
||||
</os>
|
||||
<features>
|
||||
<acpi/>
|
||||
<apic/>
|
||||
<vmport state="off"/>
|
||||
</features>
|
||||
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||
<clock offset="utc">
|
||||
<timer name="rtc" tickpolicy="catchup"/>
|
||||
<timer name="pit" tickpolicy="delay"/>
|
||||
<timer name="hpet" present="no"/>
|
||||
</clock>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<pm>
|
||||
<suspend-to-mem enabled="no"/>
|
||||
<suspend-to-disk enabled="no"/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type="file" device="disk">
|
||||
<driver name="qemu" type="raw"/>
|
||||
<source file="/var/lib/libvirt/images/distros/mumble-vm.img"/>
|
||||
<target dev="vda" bus="virtio"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||
</disk>
|
||||
<controller type="usb" index="0" model="ich9-ehci1">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci1">
|
||||
<master startport="0"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci2">
|
||||
<master startport="2"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci3">
|
||||
<master startport="4"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
||||
</controller>
|
||||
<controller type="pci" index="0" model="pci-root"/>
|
||||
<interface type="bridge">
|
||||
<source bridge="lan0"/>
|
||||
<model type="virtio"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||
</interface>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="0">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<console type="pty">
|
||||
<target type="serial" port="0"/>
|
||||
</console>
|
||||
<input type="keyboard" bus="ps2"/>
|
||||
<input type="mouse" bus="ps2"/>
|
||||
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
||||
<listen type="address" address="127.0.0.1"/>
|
||||
<gl enable="no"/>
|
||||
</graphics>
|
||||
<audio id="1" type="spice"/>
|
||||
<video>
|
||||
<model type="virtio" heads="1" primary="yes">
|
||||
<acceleration accel3d="no"/>
|
||||
</model>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
||||
</video>
|
||||
<memballoon model="virtio">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||
</memballoon>
|
||||
<rng model="virtio">
|
||||
<backend model="random">/dev/urandom</backend>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
||||
</rng>
|
||||
</devices>
|
||||
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
||||
</domain>
|
||||
|
Loading…
Reference in New Issue