Add script to run on first boot

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
Denis 'GNUtoo' Carikli 2023-09-12 21:53:10 +02:00
parent 67922b0c13
commit f7de8414a3
Signed by: GNUtoo
GPG Key ID: 5F5DFCC14177E263
5 changed files with 53 additions and 3 deletions

1
.gitignore vendored
View File

@ -5,6 +5,7 @@ autom4te.cache/**
config.log config.log
config.status config.status
configure configure
first-boot.sh
guix-commit.txt guix-commit.txt
id_ed25519 id_ed25519
id_ed25519.pub id_ed25519.pub

View File

@ -39,7 +39,14 @@ guix-commit.txt: Makefile
s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \ s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \
s#VM_SSH_PUB_KEY#$(VM_SSH_PUB_KEY)#g" $< > $@ s#VM_SSH_PUB_KEY#$(VM_SSH_PUB_KEY)#g" $< > $@
%.sh: %.sh.tmpl guix-commit.txt Makefile
sed \
"s#DOMAIN#$(DOMAIN)#g ; \
s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g" $< > $@
chmod +x $@
IMAGE_SOURCE = \ IMAGE_SOURCE = \
first-boot.sh \
guix-commit.txt \ guix-commit.txt \
index.html \ index.html \
mumble-vm-machine.scm \ mumble-vm-machine.scm \

4
README
View File

@ -11,9 +11,7 @@ it's a good idea to use test domains before deployments.
Once the image is booted: Once the image is booted:
- You will need to login inside and run the following command: - You will need to login inside and run the following command:
# certbot certonly --standalone -d audio.experimental.a-lec.org # first-boot.sh
# herd restart nginx
# herd restart mumble-server
- You then need to set the root password. - You then need to set the root password.
License License

16
first-boot.sh.tmpl Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
#
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
set -e
certbot certonly --standalone -d DOMAIN -m LETSENCRYPT_EMAIL
herd restart mumble-server
herd restart nginx

View File

@ -21,6 +21,7 @@
#:use-module (gnu services telephony) #:use-module (gnu services telephony)
#:use-module (gnu services web) #:use-module (gnu services web)
#:use-module (guix build-system copy) #:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:prefix license:) #:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix utils) #:use-module (guix utils)
@ -43,6 +44,32 @@ replicate or contribute to it.")
(home-page "DOMAIN") (home-page "DOMAIN")
(license license:gpl3+))) (license license:gpl3+)))
(define first-boot-script
(package
(name "first-boot-script")
(version "0.1")
(source (local-file "first-boot.sh" ))
(build-system gnu-build-system)
(arguments
(list #:tests? #f ;no tests
#:phases
#~(modify-phases
%standard-phases
(delete 'build)
(delete 'configure)
(replace 'install
(lambda _
(chmod "first-boot.sh" #o755)
(install-file
"first-boot.sh"
(string-append (string-append #$output "/bin"))))))))
(synopsis "Script to run on first boot.")
(description
"The first-boot.sh script generates the TLS certificate and restart
the services after that.")
(home-page #f)
(license license:gpl3+)))
(define-public %nginx-deploy-hook (define-public %nginx-deploy-hook
(program-file (program-file
"nginx-deploy-hook" "nginx-deploy-hook"
@ -71,6 +98,7 @@ replicate or contribute to it.")
(packages (packages
(append (append
(list certbot (list certbot
first-boot-script
htop htop
iftop iftop
`(,isc-bind "utils") `(,isc-bind "utils")