Add machine definition
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
3b8d7f2763
commit
7fe191c90d
|
@ -0,0 +1,5 @@
|
||||||
|
*~
|
||||||
|
\#*\#
|
||||||
|
id_ed25519
|
||||||
|
id_ed25519.pub
|
||||||
|
signing-key.pub
|
|
@ -0,0 +1,40 @@
|
||||||
|
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
#
|
||||||
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
# your option) any later version.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
DESTDIR ?= .
|
||||||
|
|
||||||
|
.PHONY: all help install update $(DESTDIR)/mumble-vm.img
|
||||||
|
|
||||||
|
IMAGE_SOURCE = \
|
||||||
|
mumble-vm-system.scm \
|
||||||
|
id_ed25519.pub \
|
||||||
|
Makefile \
|
||||||
|
signing-key.pub
|
||||||
|
|
||||||
|
all: help
|
||||||
|
|
||||||
|
help:
|
||||||
|
@printf "Available commands:\n\
|
||||||
|
make help # prints this help\n\
|
||||||
|
make install # install image to $(DESTDIR)/ \n\
|
||||||
|
make deploy # update existing vm with guix deploy through SSH\n\
|
||||||
|
"
|
||||||
|
|
||||||
|
$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE)
|
||||||
|
sudo install \
|
||||||
|
`guix system image \
|
||||||
|
--image-type=mbr-raw \
|
||||||
|
--image-size=6G mumble-vm-system.scm` \
|
||||||
|
$@
|
||||||
|
|
||||||
|
install: $(DESTDIR)/mumble-vm.img
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
guix deploy -L . mumble-vm-machine.scm
|
|
@ -0,0 +1,38 @@
|
||||||
|
;;; Copyright © Guix documentation authors
|
||||||
|
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
;;;
|
||||||
|
;;; This file is free software; you can redistribute it and/or modify it
|
||||||
|
;;; under the terms of the GNU General Public License as published by
|
||||||
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
;;; your option) any later version.
|
||||||
|
;;;
|
||||||
|
;;; This file is distributed in the hope that it will be useful, but
|
||||||
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
;;; GNU General Public License for more details.
|
||||||
|
;;;
|
||||||
|
;;; You should have received a copy of the GNU General Public License
|
||||||
|
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
(use-modules (gnu)
|
||||||
|
(gnu machine)
|
||||||
|
(gnu machine ssh))
|
||||||
|
(list
|
||||||
|
(machine
|
||||||
|
(operating-system
|
||||||
|
(@ (mumble-vm-system) mumble-vm-operating-system))
|
||||||
|
(environment managed-host-environment-type)
|
||||||
|
(configuration
|
||||||
|
(machine-ssh-configuration
|
||||||
|
(authorize? #t)
|
||||||
|
(build-locally? #f)
|
||||||
|
(host-key
|
||||||
|
(string-append
|
||||||
|
"ssh-ed25519"
|
||||||
|
" "
|
||||||
|
"AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC"))
|
||||||
|
(host-name "audio.experimental.a-lec.org")
|
||||||
|
(identity "./id_ed25519")
|
||||||
|
(port 222)
|
||||||
|
(system "x86_64-linux")
|
||||||
|
(user "root")))))
|
|
@ -0,0 +1,93 @@
|
||||||
|
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
;;
|
||||||
|
;; This file is free software; you can redistribute it and/or modify it
|
||||||
|
;; under the terms of the GNU General Public License as published by
|
||||||
|
;; the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
;; your option) any later version.
|
||||||
|
;;
|
||||||
|
;; You should have received a copy of the GNU General Public License
|
||||||
|
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
(define-module (mumble-vm-system)
|
||||||
|
#:use-module (gnu)
|
||||||
|
#:use-module (gnu packages admin)
|
||||||
|
#:use-module (gnu packages dns)
|
||||||
|
#:use-module (gnu packages linux)
|
||||||
|
#:use-module (gnu packages ssh)
|
||||||
|
#:use-module (gnu services admin)
|
||||||
|
#:use-module (gnu services ssh)
|
||||||
|
#:export (mumble-vm-operating-system))
|
||||||
|
|
||||||
|
(define-public %nginx-deploy-hook
|
||||||
|
(program-file
|
||||||
|
"nginx-deploy-hook"
|
||||||
|
#~(let
|
||||||
|
((nginx-pid (call-with-input-file "/var/run/nginx/pid" read))
|
||||||
|
(mumble-server-pid
|
||||||
|
(call-with-input-file
|
||||||
|
"/var/run/mumble-server/mumble-server.pid" read)))
|
||||||
|
((lambda _
|
||||||
|
(kill nginx-pid SIGHUP)
|
||||||
|
(kill mumble-server-pid SIGUSR1))))))
|
||||||
|
|
||||||
|
(define mumble-vm-operating-system
|
||||||
|
(operating-system
|
||||||
|
(bootloader (bootloader-configuration
|
||||||
|
(bootloader grub-minimal-bootloader)
|
||||||
|
(targets '("/dev/vda"))))
|
||||||
|
;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4
|
||||||
|
;; without doing many fsck?
|
||||||
|
(file-systems (cons (file-system
|
||||||
|
(device (file-system-label "Guix_image"))
|
||||||
|
(mount-point "/")
|
||||||
|
(type "ext4")) %base-file-systems))
|
||||||
|
(host-name "mumble-vm")
|
||||||
|
(timezone "Europe/Paris")
|
||||||
|
(packages
|
||||||
|
(append
|
||||||
|
(list htop
|
||||||
|
iftop
|
||||||
|
`(,isc-bind "utils")
|
||||||
|
net-tools
|
||||||
|
nmon
|
||||||
|
openssh-sans-x)
|
||||||
|
%base-packages))
|
||||||
|
(services
|
||||||
|
(append
|
||||||
|
(list
|
||||||
|
;; Networking
|
||||||
|
(service
|
||||||
|
static-networking-service-type
|
||||||
|
(list
|
||||||
|
(static-networking
|
||||||
|
(addresses (list (network-address
|
||||||
|
(device "eth0")
|
||||||
|
(value "192.168.10.37/24"))))
|
||||||
|
(routes (list (network-route
|
||||||
|
(destination "default")
|
||||||
|
(gateway "192.168.10.1"))))
|
||||||
|
(name-servers '("192.168.10.1")))))
|
||||||
|
;; OpenSSH
|
||||||
|
(service openssh-service-type
|
||||||
|
(openssh-configuration
|
||||||
|
(openssh openssh-sans-x)
|
||||||
|
(use-pam? #f)
|
||||||
|
(port-number 222)
|
||||||
|
(permit-root-login #t)
|
||||||
|
(password-authentication? #f)
|
||||||
|
(challenge-response-authentication? #f)
|
||||||
|
(authorized-keys
|
||||||
|
`(("root" , (local-file "id_ed25519.pub"))
|
||||||
|
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||||
|
;; Unattended Upgrades
|
||||||
|
(service unattended-upgrade-service-type))
|
||||||
|
(modify-services
|
||||||
|
%base-services
|
||||||
|
(guix-service-type config => (guix-configuration
|
||||||
|
(authorized-keys
|
||||||
|
(append
|
||||||
|
(list
|
||||||
|
(local-file
|
||||||
|
"signing-key.pub"))
|
||||||
|
%default-authorized-guix-keys)))))))))
|
||||||
|
mumble-vm-operating-system
|
|
@ -0,0 +1,90 @@
|
||||||
|
<domain type="kvm">
|
||||||
|
<name>mumble-vm</name>
|
||||||
|
<memory unit="KiB">4194304</memory>
|
||||||
|
<currentMemory unit="KiB">4194304</currentMemory>
|
||||||
|
<resource>
|
||||||
|
<partition>/machine</partition>
|
||||||
|
</resource>
|
||||||
|
<os>
|
||||||
|
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
||||||
|
<boot dev="hd"/>
|
||||||
|
</os>
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<vmport state="off"/>
|
||||||
|
</features>
|
||||||
|
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||||
|
<clock offset="utc">
|
||||||
|
<timer name="rtc" tickpolicy="catchup"/>
|
||||||
|
<timer name="pit" tickpolicy="delay"/>
|
||||||
|
<timer name="hpet" present="no"/>
|
||||||
|
</clock>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<pm>
|
||||||
|
<suspend-to-mem enabled="no"/>
|
||||||
|
<suspend-to-disk enabled="no"/>
|
||||||
|
</pm>
|
||||||
|
<devices>
|
||||||
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
|
<disk type="file" device="disk">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="/var/lib/libvirt/images/distros/mumble-vm.img"/>
|
||||||
|
<target dev="vda" bus="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||||
|
</disk>
|
||||||
|
<controller type="usb" index="0" model="ich9-ehci1">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci1">
|
||||||
|
<master startport="0"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci2">
|
||||||
|
<master startport="2"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci3">
|
||||||
|
<master startport="4"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="0" model="pci-root"/>
|
||||||
|
<interface type="bridge">
|
||||||
|
<source bridge="lan0"/>
|
||||||
|
<model type="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||||
|
</interface>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="0">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<console type="pty">
|
||||||
|
<target type="serial" port="0"/>
|
||||||
|
</console>
|
||||||
|
<input type="keyboard" bus="ps2"/>
|
||||||
|
<input type="mouse" bus="ps2"/>
|
||||||
|
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
||||||
|
<listen type="address" address="127.0.0.1"/>
|
||||||
|
<gl enable="no"/>
|
||||||
|
</graphics>
|
||||||
|
<audio id="1" type="spice"/>
|
||||||
|
<video>
|
||||||
|
<model type="virtio" heads="1" primary="yes">
|
||||||
|
<acceleration accel3d="no"/>
|
||||||
|
</model>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
||||||
|
</video>
|
||||||
|
<memballoon model="virtio">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||||
|
</memballoon>
|
||||||
|
<rng model="virtio">
|
||||||
|
<backend model="random">/dev/urandom</backend>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
||||||
|
</rng>
|
||||||
|
</devices>
|
||||||
|
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
||||||
|
</domain>
|
||||||
|
|
Loading…
Reference in New Issue