Compare commits
10 Commits
main
...
untested/g
Author | SHA1 | Date |
---|---|---|
Denis 'GNUtoo' Carikli | 922515f120 | |
Denis 'GNUtoo' Carikli | f858429ad4 | |
Denis 'GNUtoo' Carikli | 65f67ada92 | |
Denis 'GNUtoo' Carikli | 19c44f265e | |
Denis 'GNUtoo' Carikli | 67e13b860c | |
Denis 'GNUtoo' Carikli | 3bf48fb977 | |
Denis 'GNUtoo' Carikli | f8e4064d6f | |
Denis 'GNUtoo' Carikli | 4dc5a46cbb | |
Denis 'GNUtoo' Carikli | f3af1623b8 | |
Denis 'GNUtoo' Carikli | aef0935acd |
29
Makefile.am
29
Makefile.am
|
@ -34,7 +34,7 @@ guix-commit.txt: Makefile
|
||||||
%.html: %.html.tmpl guix-commit.txt Makefile
|
%.html: %.html.tmpl guix-commit.txt Makefile
|
||||||
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
|
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
|
||||||
|
|
||||||
%.scm: %.scm.tmpl guix-commit.txt Makefile
|
%.scm: %.scm.tmpl guix-commit.txt id_ed25519.pub Makefile signing-key.pub
|
||||||
sed \
|
sed \
|
||||||
"s#DOMAIN#$(DOMAIN)#g ; \
|
"s#DOMAIN#$(DOMAIN)#g ; \
|
||||||
s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \
|
s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \
|
||||||
|
@ -55,7 +55,20 @@ guix-commit.txt: Makefile
|
||||||
s#VM_SSH_ADDRESS#$(VM_SSH_ADDRESS)#g" $< > $@
|
s#VM_SSH_ADDRESS#$(VM_SSH_ADDRESS)#g" $< > $@
|
||||||
chmod +x $@
|
chmod +x $@
|
||||||
|
|
||||||
IMAGE_SOURCE = \
|
# Generate default key. Can be changed by replacing id_ed25519.pub.
|
||||||
|
id_ed25519.pub:
|
||||||
|
printf "ssh-ed25519 %s %s" \
|
||||||
|
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
||||||
|
'gnutoo@primary_laptop'
|
||||||
|
> $@
|
||||||
|
|
||||||
|
# Generate default key. Can be changed by replacing signing-key.pub.
|
||||||
|
signing-key.pub:
|
||||||
|
printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
|
||||||
|
'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
|
||||||
|
>$@
|
||||||
|
|
||||||
|
TARBALL_SOURCE = \
|
||||||
first-boot.sh \
|
first-boot.sh \
|
||||||
guix-commit.txt \
|
guix-commit.txt \
|
||||||
index.html \
|
index.html \
|
||||||
|
@ -66,12 +79,22 @@ IMAGE_SOURCE = \
|
||||||
signing-key.pub \
|
signing-key.pub \
|
||||||
wireguard-post-up.sh
|
wireguard-post-up.sh
|
||||||
|
|
||||||
|
IMAGE_SOURCE = \
|
||||||
|
$(TARBALL_SOURCE) \
|
||||||
|
mumble-vm.tar.xz
|
||||||
|
|
||||||
mumble-vm.img: $(IMAGE_SOURCE)
|
mumble-vm.img: $(IMAGE_SOURCE)
|
||||||
sudo install \
|
install \
|
||||||
`guix system image \
|
`guix system image \
|
||||||
--image-type=mbr-raw \
|
--image-type=mbr-raw \
|
||||||
--image-size=6G mumble-vm-system.scm` \
|
--image-size=6G mumble-vm-system.scm` \
|
||||||
$@
|
$@
|
||||||
|
|
||||||
|
mumble-vm.tar: $(TARBALL_SOURCE)
|
||||||
|
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
||||||
|
|
||||||
|
mumble-vm.tar.xz: mumble-vm.tar
|
||||||
|
xz -f -9e --verbose $<
|
||||||
|
|
||||||
deploy: $(IMAGE_SOURCE)
|
deploy: $(IMAGE_SOURCE)
|
||||||
guix deploy -L . mumble-vm-machine.scm
|
guix deploy -L . mumble-vm-machine.scm
|
||||||
|
|
39
README
39
README
|
@ -40,6 +40,45 @@ Once the image is booted:
|
||||||
# first-boot.sh
|
# first-boot.sh
|
||||||
- You then need to set the root password.
|
- You then need to set the root password.
|
||||||
|
|
||||||
|
The mumble-vm-install.sh installation script
|
||||||
|
============================================
|
||||||
|
This script is supposed to only run inside a VM on the Guix installer
|
||||||
|
and checks that it's the case through various ways. The specification
|
||||||
|
of the VM it runs on is provided in guix-vm-installer.xml for
|
||||||
|
reference. It is very specific to the Libre en communs infrastructure,
|
||||||
|
so you might need to modify it to use it on your infrastructure.
|
||||||
|
|
||||||
|
The Libre en Communs infrastructure on which this VM is being deployed
|
||||||
|
has libvirt but it doesn't have Guix on the host. So the option
|
||||||
|
provided by Libre en Communs was to do the installation from a
|
||||||
|
VM.
|
||||||
|
|
||||||
|
This is also common for many infrastructure providers due to security
|
||||||
|
concerns with access outside the VM.
|
||||||
|
|
||||||
|
Since the Guix installer is trusted and is now provided by Libre en
|
||||||
|
communs, and that we also have access to the vm management interfaces
|
||||||
|
we simply use a script to do all the installation work.
|
||||||
|
|
||||||
|
If instead you have a VM with only SSH access you will also need to
|
||||||
|
modify the script to fit that use case.
|
||||||
|
|
||||||
|
It is also possible to convert an existing VM to Guix but that
|
||||||
|
requires significantly more work (see gnu/machine/digital-ocean.scm
|
||||||
|
inside the Guix source code for more detail on how to do that).
|
||||||
|
|
||||||
|
To use this script, the admin with privileged access to the vm
|
||||||
|
management interface needs to boot the installer and copy the script
|
||||||
|
inside. This can be done by running the following command (the script
|
||||||
|
can be named like you want):
|
||||||
|
# cat /dev/ttyS0 > i.sh
|
||||||
|
and then by pasting the script through the first serial port, and
|
||||||
|
typing ctrl+d at the end, so that the file is closed and written.
|
||||||
|
|
||||||
|
The script can then run like that:
|
||||||
|
# chmod +x i.sh
|
||||||
|
# ./i.sh
|
||||||
|
|
||||||
License
|
License
|
||||||
=======
|
=======
|
||||||
This project is free software: you can redistribute it and/or modify
|
This project is free software: you can redistribute it and/or modify
|
||||||
|
|
|
@ -21,7 +21,12 @@ AC_PROG_MKDIR_P
|
||||||
AM_INIT_AUTOMAKE([foreign])
|
AM_INIT_AUTOMAKE([foreign])
|
||||||
|
|
||||||
AC_CHECK_PROG([GUIX], [guix], [guix])
|
AC_CHECK_PROG([GUIX], [guix], [guix])
|
||||||
|
AS_IF([test x"$GUIX" = x""],
|
||||||
|
[AC_MSG_ERROR([guix was not found in PATH ($PATH)])])
|
||||||
|
|
||||||
AC_CHECK_PROG([SED], [sed], [sed])
|
AC_CHECK_PROG([SED], [sed], [sed])
|
||||||
|
AS_IF([test x"$SED" = x""],
|
||||||
|
[AC_MSG_ERROR([sed was not found in PATH ($PATH)])])
|
||||||
|
|
||||||
AC_SUBST([DOMAIN], [])
|
AC_SUBST([DOMAIN], [])
|
||||||
AC_SUBST([ENABLE_WIREGUARD], [])
|
AC_SUBST([ENABLE_WIREGUARD], [])
|
||||||
|
|
|
@ -0,0 +1,111 @@
|
||||||
|
<domain type="kvm">
|
||||||
|
<name>guix-vm-installer</name>
|
||||||
|
<memory unit="KiB">16777216</memory>
|
||||||
|
<currentMemory unit="KiB">16777216</currentMemory>
|
||||||
|
<resource>
|
||||||
|
<partition>/machine</partition>
|
||||||
|
</resource>
|
||||||
|
<os>
|
||||||
|
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
||||||
|
<boot dev="hd"/>
|
||||||
|
</os>
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<vmport state="off"/>
|
||||||
|
</features>
|
||||||
|
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||||
|
<clock offset="utc">
|
||||||
|
<timer name="rtc" tickpolicy="catchup"/>
|
||||||
|
<timer name="pit" tickpolicy="delay"/>
|
||||||
|
<timer name="hpet" present="no"/>
|
||||||
|
</clock>
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
<pm>
|
||||||
|
<suspend-to-mem enabled="no"/>
|
||||||
|
<suspend-to-disk enabled="no"/>
|
||||||
|
</pm>
|
||||||
|
<devices>
|
||||||
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
|
<disk type="file" device="disk">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="/srv/vmverse/installation/guix-system-install-1.4.0.x86_64-linux.iso"/>
|
||||||
|
<target dev="sda" bus="usb" removable="on"/>
|
||||||
|
<readonly/>
|
||||||
|
<address type="usb" bus="0" port="1"/>
|
||||||
|
</disk>
|
||||||
|
<disk type="file" device="disk">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="/srv/vmverse/noyau/audio.experimental.a-lec.org.raw"/>
|
||||||
|
<target dev="vda" bus="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||||
|
</disk>
|
||||||
|
<controller type="usb" index="0" model="ich9-ehci1">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci1">
|
||||||
|
<master startport="0"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci2">
|
||||||
|
<master startport="2"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="usb" index="0" model="ich9-uhci3">
|
||||||
|
<master startport="4"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
||||||
|
</controller>
|
||||||
|
<controller type="pci" index="0" model="pci-root"/>
|
||||||
|
<interface type="bridge">
|
||||||
|
<source bridge="br0"/>
|
||||||
|
<model type="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||||
|
</interface>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="0">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="1">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="2">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<serial type="pty">
|
||||||
|
<target type="isa-serial" port="3">
|
||||||
|
<model name="isa-serial"/>
|
||||||
|
</target>
|
||||||
|
</serial>
|
||||||
|
<console type="pty">
|
||||||
|
<target type="serial" port="0"/>
|
||||||
|
</console>
|
||||||
|
<input type="keyboard" bus="ps2"/>
|
||||||
|
<input type="mouse" bus="ps2"/>
|
||||||
|
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
||||||
|
<listen type="address" address="127.0.0.1"/>
|
||||||
|
<gl enable="no"/>
|
||||||
|
</graphics>
|
||||||
|
<audio id="1" type="spice"/>
|
||||||
|
<video>
|
||||||
|
<model type="virtio" heads="1" primary="yes">
|
||||||
|
<acceleration accel3d="no"/>
|
||||||
|
</model>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
||||||
|
</video>
|
||||||
|
<memballoon model="virtio">
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||||
|
</memballoon>
|
||||||
|
<rng model="virtio">
|
||||||
|
<backend model="random">/dev/urandom</backend>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
||||||
|
</rng>
|
||||||
|
</devices>
|
||||||
|
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
||||||
|
</domain>
|
|
@ -1,4 +1,4 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" ?>
|
<!doctype html>
|
||||||
<!--
|
<!--
|
||||||
-- Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
-- Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
--
|
--
|
||||||
|
@ -10,11 +10,10 @@
|
||||||
-- You should have received a copy of the GNU General Public License
|
-- You should have received a copy of the GNU General Public License
|
||||||
-- along with this file. If not, see <http://www.gnu.org/licenses/>.
|
-- along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
-->
|
-->
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
<html lang="fr-FR">
|
||||||
<head>
|
<head>
|
||||||
<title>DOMAIN</title>
|
<title>DOMAIN</title>
|
||||||
<meta name="keywords" content="a-lec, Libre en communs, logiciel libre" />
|
<meta charset="utf-8" />
|
||||||
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
|
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h2>Experimental</h2>
|
<h2>Experimental</h2>
|
||||||
|
@ -100,9 +99,20 @@
|
||||||
laquelle il tourne, etc.
|
laquelle il tourne, etc.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<!-- TODO:
|
<h2>Code source</h2>
|
||||||
-- * Fournir un lien vers le code source qui est déployé
|
<ul>
|
||||||
-- * Expliquer comment contribuer
|
<li>Code source du service qui tourne:
|
||||||
-->
|
<a href="mumble-vm.tar.xz">mumble-vm.tar.xz</a>
|
||||||
|
</li>
|
||||||
|
<li> git:
|
||||||
|
<a href="https://git.a-lec.org/GNUtoo/guix-mumble-vm.git">
|
||||||
|
https://git.a-lec.org/GNUtoo/guix-mumble-vm.git
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
<li> Comment contribuer: envoyer un patch par mail à l'auteur
|
||||||
|
principal en attendant qu'on mette en place un meilleur système
|
||||||
|
pour les contributions.
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -0,0 +1,236 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
#
|
||||||
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
# your option) any later version.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
report()
|
||||||
|
{
|
||||||
|
ret=$?
|
||||||
|
message="$@"
|
||||||
|
|
||||||
|
if [ ${ret} -eq 0 ] ; then
|
||||||
|
echo "[ OK ] ${message}"
|
||||||
|
else
|
||||||
|
echo "[ !! ] ${message}"
|
||||||
|
exit ${ret}
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
environment_checks()
|
||||||
|
{
|
||||||
|
[ "$(id -u)" = "0" ] ; report "Running as root"
|
||||||
|
|
||||||
|
# Try to detect the installer
|
||||||
|
_mount="none / overlay"
|
||||||
|
_mount="${_mount} rw,relatime"
|
||||||
|
_mount="${_mount},lowerdir=/real-root"
|
||||||
|
_mount="${_mount},upperdir=/rw-root/upper"
|
||||||
|
_mount="${_mount},workdir=/rw-root/work"
|
||||||
|
_mount="${_mount} 0 0"
|
||||||
|
|
||||||
|
grep "${_mount}" "/proc/mounts" 2>&1 > /dev/null ; report "Mount check"
|
||||||
|
|
||||||
|
[ "${HOSTNAME}" = "gnu" ] ; report "Hostname check"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# FB31DBA3AB8DB76A4157329F7651568F80374459:
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
import_gpg_key()
|
||||||
|
{
|
||||||
|
cat <<EOF > FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFksJcEBEADYjwYOrJmv5TX7NPItWRT7W+XNMe53NXoSZa9bEiHnTv8PoQaw
|
||||||
|
ldPpHn3TTtN1Iq4QgvNVzr0uoxPAdxFUkcvF3bFH7u/aQoXoBXxl/HH3DAoR+HIa
|
||||||
|
0XE1vPGEzUTybR2CmH3vMkfWsErEJuPxRPSTV0qouRGUU21FTuBy8x/HLyoO9L2M
|
||||||
|
YZX98Y3hWHP4V6P/tSsGaNg73l4oIbVv1SLJdASPRG7FF/UyWZzf1mZjmjbEuju1
|
||||||
|
z8Fcu/urGxiSQO2DPiCpPOIQwUjeaRQbvZQz7d7q6QLZ+lT8YhuFsIjVXDqOiuZ3
|
||||||
|
t2c3Dgg+++RIW1w9KW2xOJHg7rDRA2RqSwf8t51xE/CVLXcWDGqiMG7hjVAO1iW4
|
||||||
|
G31QvUWxDxvyzOTvGDuPb+5eHaGj1uM/ncLfxlPyc4LPRucxNDO426grMdUL9P1S
|
||||||
|
MMUNWOt7Yg3Y4aKFA+/ukBdyoExgC3iubh4QoGuX+SKP46DXTlqQTPj3Fyp3tRWi
|
||||||
|
VhFdMNCRTIDinN3S//KToZ7OxIkgsRG9sw2lGc4JzJxMpv6N++nZJuTFhc3cA3QE
|
||||||
|
E0YGjAmPc2cgwoeGiWrxugWm6B0BWOzHlxzwwtEsK8TsDg4ifyp5erHPDGQ3rV3x
|
||||||
|
gR5Jbf1p6VZE8IdTYoqP1gv+x5/0dK+2Nl2IHfgJ5FX0mKg9BD4+/JbtSwARAQAB
|
||||||
|
tCpEZW5pcyAnR05VdG9vJyBDYXJpa2xpIDxHTlV0b29Abm8tbG9nLm9yZz6JAlQE
|
||||||
|
EwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQT7Mdujq423akFXMp92
|
||||||
|
UVaPgDdEWQUCY0g+1gUJC/1MigAKCRB2UVaPgDdEWV8mD/4icDedQRUNdOlBNroP
|
||||||
|
p161qyYgMeQCOqpeUBVqQOZjXD75PyRWO5HZUjmzZb2+gAOBfRa2dlJGMEc2YzGz
|
||||||
|
916WHq9sjcV6aZG1kTzgKVFo8PeStbvvhGCEIZ3jnfsfbZYvF6GvBzNWeTGoK+w3
|
||||||
|
6wtzdfqI8ySjpy1Ul+V2TtJQAegCWee1qlLmRc49Zzi/s3ohw10FH5PnzcfPfxcB
|
||||||
|
XaFSWV9dj4T9C89Ij2jpPMIVp2zZzWRZUHkw8e12xzdkDukLgDhmdLsOCFcIGw1a
|
||||||
|
dgQNoZdRgTpxacNxrZssGTdaKNjXUSDTIb55SyCZzJNJli7Ict52RVXexUDwHTBn
|
||||||
|
XQbL4MQNwR+gH7WqCMGnNjn/0j6jsnjXn+a+oLiSUHkfz6g+OZh9mNqV7TQfrRDv
|
||||||
|
bj39GqAQVwt31rr1CcAkPLe99R6JPVCdli5ZhuJF00+D8hcwdNtWkZQheOHQM/k4
|
||||||
|
0Lxn+VJKyoAhW/akI6iuNl+twS2vay3Y2G+dSIkCdwioYfe9buI1x7gAyP513kcC
|
||||||
|
HFxHwCFEyfG9cmIaLEiIyO+4YJLgI4S22t9A20nZUawae4lDfunWtCj88hqPRAUB
|
||||||
|
tgSLFkcKXmFQI0UoQXrLqdQAMKhOmXLHrOA03ZR+NCzf/FczP7jGTKdcNXUApvUZ
|
||||||
|
iF37I1gkuZUMxMNDDjSVHQq1rLQqRGVuaXMgJ0dOVXRvbycgQ2FyaWtsaSA8R05V
|
||||||
|
dG9vQHJpc2V1cC5uZXQ+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
|
||||||
|
AheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFWj4A3
|
||||||
|
RFmypg//XGUDW+m5nJMYbmYCyMQf3RPks4h7ncV8KBJg9zZZT/FKG1FVyUgQzMPe
|
||||||
|
pjysvirmRMDrjPzcQRl2Io48eLQvExZALtGUONsPtuY409JW+nIqt5MeuKlcCiY6
|
||||||
|
11c6fDEkt5/Bxa4640VAFNmUOXTWy/pl/ELH7W/RCsuOPDGmeRhBkkMm3EUGnZef
|
||||||
|
7y6AZko3b02IvB35K1nt+eTZ+E2oYmNaiEI/Tfih5R5P31QCrrC9VCuJBmkoqanZ
|
||||||
|
pvxUBgFbfgfv3QFLlXrXTWma/+kxQKoWsdunkXWOoFjJcgWl8eJ4bB1+JmMB1/S1
|
||||||
|
AjQB4jqKjxGaka/cxJG4A1Sd9ad09m+IUW0k9ZlGYGm4ZiRwE26NNlMK0O/3czQX
|
||||||
|
nKC0qmTUTpDey6A9H1w4cybQAX1PIYJZDR+5ipz+UWHrWhYsXzK71BbbxlXo0zgd
|
||||||
|
uc8hSKhYm7tewUKticqrPAeuyEcBZkY1sGcuK+Up5rF3dQYaHGXgIxec9AoZpE2W
|
||||||
|
PMRE4M7jEPU5XFI9g6Jx1YOxht7PXoqyyabjKQgIV9lyWHU2BQ+SyJ4QtRLeMN/v
|
||||||
|
uI7dEvqyWXuX0JBdIU9DLpFfMlC7CY3ysPHN7M6FHWnEj+S2+qyBApUhOWFB5FHW
|
||||||
|
QteCSXXf/OiaUDwTwqvV4vwYHU/tYHZbgnPNK1dBZ5+3IYbupm60L0RlbmlzICdH
|
||||||
|
TlV0b28nIENhcmlrbGkgPEdOVXRvb0BtYWtlZnJlZWRvbS5vcmc+iQJUBBMBCAA+
|
||||||
|
AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3
|
||||||
|
RFkFAmNIPssFCQv9TIoACgkQdlFWj4A3RFl25xAAw586zSEpR674/CZpT+vXf4RL
|
||||||
|
phSxTWHFdBej3uy21coo5zMpJKFwe9IFKGK/tG2JhV/pGwmdPH3LKW4Hwuo77L5z
|
||||||
|
p4iK5vdrQdhNKybICdAt58FtV2Pkv7GWZHCQpVwQFujp/f37CgCxSeobve2Rkfg4
|
||||||
|
ZNABP3EHsXn0kDpBkavBVuCADn7EGbHVcCDExl0sXar4hyPMG/tOi9Q63LmNhdxx
|
||||||
|
KsLI/BFmiPjePUekyYEh4mYjo+ZVOW+1r9dPXdR8vusBx486TcsfldcAMccUZWvo
|
||||||
|
8UYOiebLSXnU1pDnUTQvOKr52rLInt2rAWpnpOsBt8RLPS6youqN1qakvgV+iMdA
|
||||||
|
ujQAAAuV8SCF/FazHgoH2drtNNMVESeQHkJz0cR60ONWVhiHL/9HcZC0ot81Sypp
|
||||||
|
Xwzddigz97c3O3V/GSxz2OjuKh5rbyPffD1eHR2/PVa55OL3wKAVlx228VFP2SUC
|
||||||
|
XL3Pc+s/NTg365npwQh3Lw8FtSdnMt+EMCzu89alUu5Ei+w+oRCRC9v34eYNtzNN
|
||||||
|
4CntgVnPvXLJV1gMImIlKkRzmrQn1x1VR0nEhY7928fwETutZcxJQmVCYug0rT4g
|
||||||
|
crVuDnsqR1p0R+uNKcvMUkdFt9JWezSPjpS/tBSD2RsXeX55z+fS/HrvU0YfaRRH
|
||||||
|
7EVrUJHRQPY7EC8xinK0MkRlbmlzICdHTlV0b28nIENhcmlrbGkgPEdOVXRvb0Bj
|
||||||
|
eWJlcmRpbWVuc2lvbi5vcmc+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB
|
||||||
|
Ah4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFW
|
||||||
|
j4A3RFnhhw//QMHYtFMbR3XI7oXw82RiyjnHrStSsFckW2kbocK+7KV1Yli2u2SN
|
||||||
|
3SGWBAP5LlqwLL1OoJ03nRDY81z193WrO0Kr3vFZAZXfMnD4t+bY6O1aFSoADb79
|
||||||
|
7iFDwTjsyJvQ1Rw1siJQb1PQWrxHkNAfd0iU7x6GLhdU5s1nq4kvTP4SwhOmZ9AN
|
||||||
|
tGrtHpnGUVZv705D2Xu7mnntiApsvxMzrwx2Fo9zNXTWX65nOyOXFufgYwtMPPOZ
|
||||||
|
4jMitV+RFC/mChHwn6U0xn/exSSq/Xwi9DabH24kb466OLkTCew5DBEH+GSyY7+F
|
||||||
|
BYO46lAFVLeAq3TnnkrfAZn/ildAKYTpv2VFZRjO2poG2Pax/0tA/8eO86ih+IxU
|
||||||
|
mU10ddMyRHICA2OH56QFwFLgi4mktDiO11HeMF569VbNADnIls/1HDTTAqsZk9uf
|
||||||
|
I/ZMyjNF8FoZa8AXwrLd1M+KAKNhZqvN1vVp2CF792z4VNMxfD/gzvsW/fq+lpgR
|
||||||
|
n6Qn9BqDe6NoeRsI7u/lfJvDwciMZ2OvcQf+XkaBkMxeYXJXoG+zHqmW5Io+7xdX
|
||||||
|
Ay619mKBm411exJTDMipoJU5djiEdNGrHFqvjKNAz/LGHmgL0m+saWc71a9fcAG8
|
||||||
|
0i75TUpQOleBh/tkSYPHa+Gv7dF0ZQE657lWK3VZmdmSGXgSAtBt3ua5Ag0EWXPU
|
||||||
|
7wEQALjMcmaRsGR1wFgR3RyIoCFNvmCBxDGaPb/X4TG10N5GXZFE1X7I9cZha+QF
|
||||||
|
zF9hFAmN4FnKoWCWaobEhXG5ufoqvj2J3UBDW2s3Enwrhyva3kszMUBzv1dXwwrF
|
||||||
|
qxp6Er73W7Semh64GRLjJo/tPA/mPnu/9qjumfOfydIFVnqYM7ZBx0aAhxzUyBjb
|
||||||
|
okryIct3BEjPmRf+e8SfvFaqFJCNcvmvOVGOCVoz7N3cgLUTK12njj/Qak3nLabv
|
||||||
|
9oQbNtngOYDAIWNPhDM+AUml5mw5Auab92aZyDJ4hmTPhov9OWoWeJFD5xR0R7RX
|
||||||
|
Ol4PvRpA5O5qUa05PoLbp7pBOFmh52aUlaXc37QsgewJpDcCkzw4oZaQiVXwimjy
|
||||||
|
hNAsv6lEYoSDNqPCIbUNmnrFljCMcRtfqtYKLCXNvUOG7+MjfYQ/nEVrPCPgUoQM
|
||||||
|
5nbILxcHHWbECqYIQ4MLgBMEOEzEcp1mXdp+BJBbZiOSuofpMGDF4mbkzjgQOop4
|
||||||
|
aBxzDLd+MjKPuD2uhhloLbf5kUGGBQXc9MNYbWno4c11AR3XLrgoLt2lAYTNX0lI
|
||||||
|
zAjR08gulZlGHcuhoY5brFTtKEy92lUfwSAScvp8NAp6lEsroNqbPw0DdMe2Thpd
|
||||||
|
Vmu9ztHoq0Z7nz0aRt3lQss9zLzphXGKh3Rv81R+QNOd988zABEBAAGJAjwEGAEI
|
||||||
|
ACYCGwwWIQT7Mdujq423akFXMp92UVaPgDdEWQUCY0g/XAUJC7Wd7QAKCRB2UVaP
|
||||||
|
gDdEWXu1D/931OK7RgkP0Nq9gDn6/IwXX+Dtl0JF3Ip3Oy2q6uHxu3YHK1Ezx9kV
|
||||||
|
6T3sOb2MdtGL08qWfQlKRLU3dC7k85z6IAdhTrDOMTBeUssnY5Xgxl3cfJqBfQTW
|
||||||
|
MZG3vqMlsJfUVOAueShUelzpOtYV/s3wm4UYR0zPP2+QDZgIDX8LHhdd3Ela1kgZ
|
||||||
|
cz5OKbeBa30fHWIUQDybJmKFi8y+5629X7TeyFqsQ8CPXW317/eBpY3Q6mkp6pyZ
|
||||||
|
iEEjeca/FQb9q9DsAIdkovfBSNnTZQAFePwIp1nR67LHuxMclxRPoAPtkym3rIWA
|
||||||
|
y6w3n68fKUOIj92OhCBE/FE/nLl+BoFYOuYRoN3C7a7t3U4cAPW+9jl89w4zzvfg
|
||||||
|
QvnAVKKba7szYcjSdyWbeMsIdq8Fe9T/6bdzs5ugR1yu0V618Foa6rPhDEiYjriG
|
||||||
|
KoynZA4hZ9l83hT/kktu2jNYeIeXUqgWUFLZ3EeXynVDzqgN9buWzEZO8wZG2tNS
|
||||||
|
sqTW9ZHZUuR6L9wUCjgPpRz4kREYdYmm5dm1uqXkQTwjo7vA1HRtGSun1FNYOl+w
|
||||||
|
22tKNcU4erBZcKYUfyUP6gTQ4ojZN0rVb5AzT9wQoLcrljllDP9qQ45ndlov+0DD
|
||||||
|
ccixs3PPK1ClY3puCyxX8QT7zROYhck9n0+YmuS/9TUnu19Az//aCbkCDQRZc9Sk
|
||||||
|
ARAAsCIq2++gqtU8Z/lMDDAwVbNoq++FCA2apR4Lxj0G+jEog++8uJYawWDLpJ14
|
||||||
|
Lvlm+OygM3s70RHyLKWiDWkdwDLbZ4b8MlHATBanEHeGsxQK9Td7VB0O3MQ/ICVs
|
||||||
|
OjgTG8PJSv02HmNoGp/Zj3rbNSfXhomIq44aXRrw2ZxoNckj0xuHFSV85QlVy93f
|
||||||
|
BgQiIozEPDJK8xGGn7a2gXwj6+hAaKTF1tOAWKHqInJpNduOZfVzpY5dHSUU4qjU
|
||||||
|
TyvTEJhROA2QEo3qE5VZL2o/2rCapzqC+7pRzxEPDwcDGr2g/RFNLFSf3PvkH48M
|
||||||
|
J66bid6aeI2uPdL9geWk6MJUCj03X2ylfFCKG0Bo0vWbv2wcJrZBCfHm256LTKHO
|
||||||
|
lkBbvBrauzu1cTtivt8wtjm2wOiTII7nyyVvdhYuAirpYJfIFGV3iY8MJ7cdO7rI
|
||||||
|
VRO1wkLiuE606zNJ3WCGJNwlhyFt+z8aYjB6UQwMhs1JztLFrghW+JsjzfgEXWvs
|
||||||
|
d089woZR45PiF2Krm42E6tNBhhcJOmNFXHs5KN6oz8vAOrJ+Obw9HvBWTh5kMhdT
|
||||||
|
ZdbGt3BZmtLfIFsEmvS+RCe5fGSiuPxudbfFzih04aXPG1wM8O4F0SFhzkwTrxGp
|
||||||
|
46VyXZTH5xT1R56xbu44qvtYS2O8IhNKzLPROIOVqD9ey0kAEQEAAYkEcgQYAQgA
|
||||||
|
JgIbAhYhBPsx26OrjbdqQVcyn3ZRVo+AN0RZBQJjSD9cBQkLtZ44AkDBdCAEGQEI
|
||||||
|
AB0WIQR4L53b42un89TeSQZfXfzBQXfiYwUCWXPUpAAKCRBfXfzBQXfiY/ObD/4i
|
||||||
|
x5aFvTz4OMAkhvOugcDekpVHC9gQU92j2boyZO4zi2RhB0JpGWWNU90WgUxorla3
|
||||||
|
p31L44DYfg/ZoDG5zL7liykgAItt+Mwnf+hkNJZnm+dfj2lFAkBEXqpesZ8vyO6m
|
||||||
|
BUOLhXSXd2N8+3XLwStAhC1OWE7ZcuCWmBtnbJad1HNujPhbW7tiddXhdSLbj/kG
|
||||||
|
bjWTUdpH1TS9RNrp2tBqTCvLeXOr7NV+0FAuulO/6+m2OkRuuoj+5nVUmhmPqg4z
|
||||||
|
z2hARiocg1nFca50uO5zbvYkbcggmN1hXrgEkKpThKnTEHaa/tFnfPSU5olPBpVX
|
||||||
|
KP4u+e5ksMKvcLesLpFmqxz02ie1SQk17lZqMw35tHUBP+ZLlO5msdABUfmDpQ4j
|
||||||
|
exTAFN0vfXkMc6MinFtO3WQtZ6Gf9r2oqlR+1siCAtX9l/zL2out4OTwFN7ekEE6
|
||||||
|
7/pFhjDnQEUnY4MdcbAmOR5s3qs6YP+CUabGhkkyH8h4ffpZlNGLlJAz82oxK64A
|
||||||
|
/Wbq5jFMn46nPM/m39+0QvcJD05gmF5PZJ7SXjf2z9Obt1RHPQJJ7+wvYHsQVZAI
|
||||||
|
e8kT/PB74/jPzHYppF3EIFidf1fnRdguZZmG0DTXOUtTAdOAAdqt0MrtkjFzM2eD
|
||||||
|
/3hy110zWKjd4tk7LQAeqYWPM5lzDrQ3ObdPT1+ysQkQdlFWj4A3RFnslw//QbwB
|
||||||
|
PMuaPG9LlcoR8qSQtyXcn5TflVVH1wYa7iL9WSG5NPpx5/FFZKScWMJjjhHUDtc6
|
||||||
|
jnICjLw+83gDOxeFIVyMg/9yT0DS7UPxc904c6G9WRyIdQqA5sRq7Iuk45S30LEZ
|
||||||
|
v2c0+RYk8m0zSlD7vqiRY9myZKrRiWkfylAq/VL/HR6S5eKrPRgEbcQDXsoqyhnM
|
||||||
|
n9cDc+81eOPpKW9S2+xqmo+x3WCISdi2Nr6R3WkyabWkikvlTcd7can/4amKPmIN
|
||||||
|
i2vUVSfhsWaFGvgb8nv0Ebd6yjeDLZ8FI32KCeAYGh6FiJPC5DiFvMlbLXi4SJwu
|
||||||
|
5p0j36xa+jJrylK/4XEJqQn6MrQ9+zdROT6bc3YlxkRXflEnE2uJshT8nSLE/j3v
|
||||||
|
ydSHxgxAbdQ14oocvr7CltS7t0xup/YiOUtcHhprCB02PYdpT/XhZjW0pi/vyhdX
|
||||||
|
6sGFRuCueLRf1cJiCJhISYbR4VyoMLcnvdcoKUa+/ikC6CkyZGxwAH1JGcEVjzD+
|
||||||
|
4xG8l8/ubA3DSguKNpI1dGzVxpWgJnJzMCXBcwxp5c+kKH94QbKAUVt+16dUaY9k
|
||||||
|
0hhucHQnbTHS3w9jY7rZ6sAZHufb9LQMMWunerecL6WvAR+XUydMd1rJS93j4y1W
|
||||||
|
fNHj/507Jk+Ogk89eojQYjZNHCF+Zhyk6IRyI84=
|
||||||
|
=4ncY
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
EOF
|
||||||
|
|
||||||
|
guix shell gnupg -- \
|
||||||
|
gpg --import FB31DBA3AB8DB76A4157329F7651568F80374459.asc && \
|
||||||
|
rm -f FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||||
|
}
|
||||||
|
|
||||||
|
environment_checks
|
||||||
|
|
||||||
|
tmpdir="$(mktemp -d)"
|
||||||
|
cd "${tmpdir}"
|
||||||
|
|
||||||
|
guix pull ; report "Guix pull"
|
||||||
|
hash guix ; report "hash guix"
|
||||||
|
|
||||||
|
import_gpg_key ; report "Import GPG key"
|
||||||
|
|
||||||
|
guix shell -C --network git nss-certs -- \
|
||||||
|
git clone https://git.a-lec.org/GNUtoo/guix-mumble-vm.git -b guix-installer ; \
|
||||||
|
report "Cloning machine configuration git"
|
||||||
|
|
||||||
|
cd "guix-mumble-vm" ; report "cd guix-mumble-vm"
|
||||||
|
|
||||||
|
guix shell git gnupg -- \
|
||||||
|
git verify-commit HEAD ; report "check git signature"
|
||||||
|
|
||||||
|
guix shell -C --nesting autoconf automake bash coreutils grep sed -- \
|
||||||
|
./autogen.sh ; report "./autogen.sh"
|
||||||
|
|
||||||
|
guix shell -C --nesting bash coreutils gawk grep sed -- \
|
||||||
|
./configure ; report "./configure"
|
||||||
|
|
||||||
|
guix shell -C --nesting automake coreutils gawk grep make sed tar xz -- \
|
||||||
|
make mumble-vm.tar.xz ; report "Generating VM definition"
|
||||||
|
|
||||||
|
cp mumble-vm.tar.xz ../ && \
|
||||||
|
cd ../ && \
|
||||||
|
rm -rf mumble-vm && \
|
||||||
|
guix shell -C tar xz -- tar xf mumble-vm.tar.xz && \
|
||||||
|
rm -f mumble-vm.tar.xz ; report "Removing git repository"
|
||||||
|
|
||||||
|
guix gc ; report "guix gc"
|
||||||
|
|
||||||
|
echo 'label: gpt' | sfdisk /dev/vda ; report "GPT creation on /dev/vda" ; \
|
||||||
|
report "GPT formating"
|
||||||
|
|
||||||
|
echo ';;L;*' | sfdisk /dev/vda ; report "/dev/vda1 creation" ; \
|
||||||
|
report "Adding partition"
|
||||||
|
|
||||||
|
mkfs.ext4 -F -L Guix_image /dev/vda1 ; report "EXT4 formating"
|
||||||
|
|
||||||
|
mount /dev/vda1 /mnt ; report "mount /dev/vda1 /mnt" ; report "mounting rootfs"
|
||||||
|
|
||||||
|
herd start cow-store /mnt ; report "Using /mnt for storing guix system init packages"
|
||||||
|
guix system init mumble-vm-system.scm /mnt ; report "guix system init"
|
||||||
|
umount /mnt ; report "umount rootfs"
|
||||||
|
|
||||||
|
printf "Installation done: %s\n" \
|
||||||
|
"you can remove the install media and reboot to the new VM"
|
|
@ -34,12 +34,14 @@
|
||||||
(package
|
(package
|
||||||
(name "website")
|
(name "website")
|
||||||
(version "0.1")
|
(version "0.1")
|
||||||
(source (local-file "index.html" ))
|
;; TODO: Make that tarball reproducible
|
||||||
|
(source (local-file "mumble-vm.tar.xz"))
|
||||||
(build-system copy-build-system)
|
(build-system copy-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
(list
|
(list
|
||||||
#:install-plan
|
#:install-plan
|
||||||
#~(list '("index.html" "var/www/DOMAIN/"))))
|
#~(list '("index.html" "var/www/DOMAIN/")
|
||||||
|
'(#$source "var/www/DOMAIN/"))))
|
||||||
(synopsis "The DOMAIN website.")
|
(synopsis "The DOMAIN website.")
|
||||||
(description
|
(description
|
||||||
"The website contains how to use the service, and how to
|
"The website contains how to use the service, and how to
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
<domain type="kvm">
|
<domain type="kvm">
|
||||||
<name>mumble-vm</name>
|
<name>audio.experimental.a-lec.org</name>
|
||||||
<memory unit="KiB">4194304</memory>
|
<memory unit="KiB">4194304</memory>
|
||||||
<currentMemory unit="KiB">4194304</currentMemory>
|
<currentMemory unit="KiB">4194304</currentMemory>
|
||||||
|
<vcpu placement="static">1</vcpu>
|
||||||
<resource>
|
<resource>
|
||||||
<partition>/machine</partition>
|
<partition>/machine</partition>
|
||||||
</resource>
|
</resource>
|
||||||
|
@ -31,7 +32,7 @@
|
||||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
<disk type="file" device="disk">
|
<disk type="file" device="disk">
|
||||||
<driver name="qemu" type="raw"/>
|
<driver name="qemu" type="raw"/>
|
||||||
<source file="/var/lib/libvirt/images/distros/mumble-vm.img"/>
|
<source file="/srv/vmverse/noyau/audio.experimental.a-lec.org"/>
|
||||||
<target dev="vda" bus="virtio"/>
|
<target dev="vda" bus="virtio"/>
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||||
</disk>
|
</disk>
|
||||||
|
@ -52,7 +53,7 @@
|
||||||
</controller>
|
</controller>
|
||||||
<controller type="pci" index="0" model="pci-root"/>
|
<controller type="pci" index="0" model="pci-root"/>
|
||||||
<interface type="bridge">
|
<interface type="bridge">
|
||||||
<source bridge="lan0"/>
|
<source bridge="br0"/>
|
||||||
<model type="virtio"/>
|
<model type="virtio"/>
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||||
</interface>
|
</interface>
|
||||||
|
@ -81,16 +82,13 @@
|
||||||
</console>
|
</console>
|
||||||
<input type="keyboard" bus="ps2"/>
|
<input type="keyboard" bus="ps2"/>
|
||||||
<input type="mouse" bus="ps2"/>
|
<input type="mouse" bus="ps2"/>
|
||||||
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
<graphics type="spice">
|
||||||
<listen type="address" address="127.0.0.1"/>
|
<listen type="none"/>
|
||||||
<gl enable="no"/>
|
<gl enable="no"/>
|
||||||
</graphics>
|
</graphics>
|
||||||
<audio id="1" type="spice"/>
|
<audio id="1" type="spice"/>
|
||||||
<video>
|
<video>
|
||||||
<model type="virtio" heads="1" primary="yes">
|
<model type="none"/>
|
||||||
<acceleration accel3d="no"/>
|
|
||||||
</model>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
|
||||||
</video>
|
</video>
|
||||||
<memballoon model="virtio">
|
<memballoon model="virtio">
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||||
|
|
Loading…
Reference in New Issue