Compare commits
10 Commits
main
...
untested/g
Author | SHA1 | Date |
---|---|---|
Denis 'GNUtoo' Carikli | 922515f120 | |
Denis 'GNUtoo' Carikli | f858429ad4 | |
Denis 'GNUtoo' Carikli | 65f67ada92 | |
Denis 'GNUtoo' Carikli | 19c44f265e | |
Denis 'GNUtoo' Carikli | 67e13b860c | |
Denis 'GNUtoo' Carikli | 3bf48fb977 | |
Denis 'GNUtoo' Carikli | f8e4064d6f | |
Denis 'GNUtoo' Carikli | 4dc5a46cbb | |
Denis 'GNUtoo' Carikli | f3af1623b8 | |
Denis 'GNUtoo' Carikli | aef0935acd |
|
@ -1,13 +1,3 @@
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
*~
|
*~
|
||||||
\#*\#
|
\#*\#
|
||||||
aclocal.m4
|
aclocal.m4
|
||||||
|
@ -17,21 +7,15 @@ config.status
|
||||||
configure
|
configure
|
||||||
first-boot.sh
|
first-boot.sh
|
||||||
guix-commit.txt
|
guix-commit.txt
|
||||||
guix-installer-vm.img
|
|
||||||
guix-installer-vm.tar
|
|
||||||
guix-installer-vm.tar.xz
|
|
||||||
guix-installer-vm.tar.xz.b64
|
|
||||||
id_ed25519
|
id_ed25519
|
||||||
id_ed25519.pub
|
id_ed25519.pub
|
||||||
id_wireguard
|
id_wireguard
|
||||||
index.html
|
index.html
|
||||||
install-sh
|
install-sh
|
||||||
|
Makefile
|
||||||
Makefile.in
|
Makefile.in
|
||||||
missing
|
missing
|
||||||
mumble-vm-machine.scm
|
mumble-vm-machine.scm
|
||||||
mumble-vm-system.scm
|
mumble-vm-system.scm
|
||||||
mumble-vm.tar
|
|
||||||
mumble-vm.tar.xz
|
|
||||||
mumble-vm.tar.xz.b64
|
|
||||||
signing-key.pub
|
signing-key.pub
|
||||||
wireguard-post-up.sh
|
wireguard-post-up.sh
|
||||||
|
|
|
@ -42,7 +42,7 @@ guix-commit.txt: Makefile
|
||||||
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
|
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
|
||||||
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \
|
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \
|
||||||
s#VM_IPV4_GATEWAY#$(VM_IPV4_GATEWAY)#g ; \
|
s#VM_IPV4_GATEWAY#$(VM_IPV4_GATEWAY)#g ; \
|
||||||
s#VM_IPV6_GATEWAY#$(VM_IPV6_GATEWAY)#g ; \
|
s#VM_IPV6_GATEWAY#$(VM_IPV4_GATEWAY)#g ; \
|
||||||
s#VM_IPV4_DNS#$(VM_IPV4_DNS)#g ; \
|
s#VM_IPV4_DNS#$(VM_IPV4_DNS)#g ; \
|
||||||
s#VM_IPV6_DNS#$(VM_IPV6_DNS)#g ; \
|
s#VM_IPV6_DNS#$(VM_IPV6_DNS)#g ; \
|
||||||
s#VM_SSH_PUB_KEY#$(VM_SSH_PUB_KEY)#g ; \
|
s#VM_SSH_PUB_KEY#$(VM_SSH_PUB_KEY)#g ; \
|
||||||
|
@ -59,7 +59,7 @@ guix-commit.txt: Makefile
|
||||||
id_ed25519.pub:
|
id_ed25519.pub:
|
||||||
printf "ssh-ed25519 %s %s" \
|
printf "ssh-ed25519 %s %s" \
|
||||||
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
||||||
'gnutoo@primary_laptop' \
|
'gnutoo@primary_laptop'
|
||||||
> $@
|
> $@
|
||||||
|
|
||||||
# Generate default key. Can be changed by replacing signing-key.pub.
|
# Generate default key. Can be changed by replacing signing-key.pub.
|
||||||
|
@ -89,10 +89,6 @@ mumble-vm.img: $(IMAGE_SOURCE)
|
||||||
--image-type=mbr-raw \
|
--image-type=mbr-raw \
|
||||||
--image-size=6G mumble-vm-system.scm` \
|
--image-size=6G mumble-vm-system.scm` \
|
||||||
$@
|
$@
|
||||||
build: $(IMAGE_SOURCE)
|
|
||||||
guix system build \
|
|
||||||
--image-type=mbr-raw \
|
|
||||||
--image-size=6G mumble-vm-system.scm
|
|
||||||
|
|
||||||
mumble-vm.tar: $(TARBALL_SOURCE)
|
mumble-vm.tar: $(TARBALL_SOURCE)
|
||||||
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
||||||
|
@ -100,8 +96,5 @@ mumble-vm.tar: $(TARBALL_SOURCE)
|
||||||
mumble-vm.tar.xz: mumble-vm.tar
|
mumble-vm.tar.xz: mumble-vm.tar
|
||||||
xz -f -9e --verbose $<
|
xz -f -9e --verbose $<
|
||||||
|
|
||||||
mumble-vm.tar.xz.b64: mumble-vm.tar.xz
|
|
||||||
base64 $< > $@
|
|
||||||
|
|
||||||
deploy: $(IMAGE_SOURCE)
|
deploy: $(IMAGE_SOURCE)
|
||||||
guix deploy -L . mumble-vm-machine.scm
|
guix deploy -L . mumble-vm-machine.scm
|
120
README
120
README
|
@ -1,59 +1,95 @@
|
||||||
Scope
|
Deployment
|
||||||
=====
|
==========
|
||||||
Until now the virtual machines were handled somewhat manually. This
|
To build the virtual machine image you can use the following command:
|
||||||
experimental project is meant to have everything needed to deploy the
|
$ ./autogen.sh && ./configure && make
|
||||||
virtual machines in git.
|
|
||||||
|
|
||||||
It also tries to be enable people to safely bootstrap all the
|
You can also check the configure option for configuring it for testing
|
||||||
VMs. This way there is no more chicken and egg issue, and in case of
|
on another infrastructure (for instance by using another domain).
|
||||||
compromise, the VMs can easily and safely be reinstalled.
|
|
||||||
|
|
||||||
Backups
|
To build an image you will also need at least id_ed25519.pub and
|
||||||
=======
|
signing-key.pub:
|
||||||
This repository is also backed up on software heritage from time to time.
|
|
||||||
|
|
||||||
Virtual machines
|
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
|
||||||
================
|
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
|
||||||
|
details. If you're not confortable with that, backup your ~/.ssh
|
||||||
|
folder first.
|
||||||
|
|
||||||
In this git repositories, there are several virtual machines
|
- signing-key.pub can be generated with the 'guix archive
|
||||||
definitions:
|
--generate-key' command. See the "Invoking guix archive" in the
|
||||||
|
Guix manual for more details[1].
|
||||||
|
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
|
||||||
|
|
||||||
- audio.experimental.a-lec.org: This is a Mumble server made with Guix.
|
Other files are optional:
|
||||||
|
|
||||||
- guix-installer-vm: This is meant to generate a template VM with
|
- id_ed25519: It is used for guix deploy. It is also generated by
|
||||||
Guix. Once deployed users are supposed to SSH inside and reconfigure
|
ssh-keygen. A good idea is to have a symlink to it in order not to
|
||||||
it with the Guix scheme configuration they need/want.
|
have scp copy it to the target machine by mistake as it is the SSH
|
||||||
|
private key. Using separate SSH keys for separate machines also help
|
||||||
|
limiting the damage when such accident happen.
|
||||||
|
|
||||||
- trisquel-automatic-netinstall-qemu: This is a Trisquel VM generated
|
- id_wireguard: This is the wireguard private key. It can be generated
|
||||||
automatically from the Trisquel netinstall with qemu and preseed.
|
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
|
||||||
|
8 wg') for more detail.
|
||||||
|
|
||||||
- trisquel-install-guix-fai: This is an example that can be used to
|
|
||||||
deploy configuration management with FAI (Fully Automated
|
|
||||||
Installation) inside a VM. Unlike regular FAI installations, here
|
|
||||||
things are simplified a lot, and we simply (ab)use FAI to store
|
|
||||||
configuration files inside a git repository. This also require to
|
|
||||||
run inside the VM once the VM has been created.
|
|
||||||
|
|
||||||
- trisquel-manual-netinstall-lxc: This was meant to automatize the
|
Note that letsencrypt has a limit of about 5 certificates per week, so
|
||||||
creation of VM running the Trisquel netinstall, but it has been
|
it's a good idea to use test domains before deployments.
|
||||||
superseded by trisquel-automatic-netinstall-qemu which does the
|
|
||||||
full installation automatically. Since
|
Once the image is booted:
|
||||||
trisquel-automatic-netinstall-qemu is using preseed, it's also
|
- You will need to login inside and run the following command:
|
||||||
possible to modify it not provide answers for some of the installer
|
# first-boot.sh
|
||||||
questions, letting the user(s) choose instead.
|
- You then need to set the root password.
|
||||||
|
|
||||||
|
The mumble-vm-install.sh installation script
|
||||||
|
============================================
|
||||||
|
This script is supposed to only run inside a VM on the Guix installer
|
||||||
|
and checks that it's the case through various ways. The specification
|
||||||
|
of the VM it runs on is provided in guix-vm-installer.xml for
|
||||||
|
reference. It is very specific to the Libre en communs infrastructure,
|
||||||
|
so you might need to modify it to use it on your infrastructure.
|
||||||
|
|
||||||
|
The Libre en Communs infrastructure on which this VM is being deployed
|
||||||
|
has libvirt but it doesn't have Guix on the host. So the option
|
||||||
|
provided by Libre en Communs was to do the installation from a
|
||||||
|
VM.
|
||||||
|
|
||||||
|
This is also common for many infrastructure providers due to security
|
||||||
|
concerns with access outside the VM.
|
||||||
|
|
||||||
|
Since the Guix installer is trusted and is now provided by Libre en
|
||||||
|
communs, and that we also have access to the vm management interfaces
|
||||||
|
we simply use a script to do all the installation work.
|
||||||
|
|
||||||
|
If instead you have a VM with only SSH access you will also need to
|
||||||
|
modify the script to fit that use case.
|
||||||
|
|
||||||
|
It is also possible to convert an existing VM to Guix but that
|
||||||
|
requires significantly more work (see gnu/machine/digital-ocean.scm
|
||||||
|
inside the Guix source code for more detail on how to do that).
|
||||||
|
|
||||||
|
To use this script, the admin with privileged access to the vm
|
||||||
|
management interface needs to boot the installer and copy the script
|
||||||
|
inside. This can be done by running the following command (the script
|
||||||
|
can be named like you want):
|
||||||
|
# cat /dev/ttyS0 > i.sh
|
||||||
|
and then by pasting the script through the first serial port, and
|
||||||
|
typing ctrl+d at the end, so that the file is closed and written.
|
||||||
|
|
||||||
|
The script can then run like that:
|
||||||
|
# chmod +x i.sh
|
||||||
|
# ./i.sh
|
||||||
|
|
||||||
License
|
License
|
||||||
=======
|
=======
|
||||||
All the projects in this git repository are free software: you can
|
This project is free software: you can redistribute it and/or modify
|
||||||
redistribute them and/or modify them under the terms of the GNU
|
it under the terms of the GNU General Public License as published by
|
||||||
General Public License as published by the Free Software Foundation,
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
either version 3 of the License, or (at your option) any later
|
(at your option) any later version.
|
||||||
version.
|
|
||||||
|
|
||||||
All the project are distributed in the hope that they will be useful,
|
This project is distributed in the hope that it will be useful,
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
General Public License for more details.
|
GNU General Public License for more details.
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
/Makefile
|
|
|
@ -1,56 +0,0 @@
|
||||||
Deployment
|
|
||||||
==========
|
|
||||||
To build the virtual machine image you can use the following command:
|
|
||||||
$ ./autogen.sh && ./configure && make
|
|
||||||
|
|
||||||
You can also check the configure option for configuring it for testing
|
|
||||||
on another infrastructure (for instance by using another domain).
|
|
||||||
|
|
||||||
To build an image you will also need at least id_ed25519.pub and
|
|
||||||
signing-key.pub:
|
|
||||||
|
|
||||||
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
|
|
||||||
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
|
|
||||||
details. If you're not confortable with that, backup your ~/.ssh
|
|
||||||
folder first.
|
|
||||||
|
|
||||||
- signing-key.pub can be generated with the 'guix archive
|
|
||||||
--generate-key' command. See the "Invoking guix archive" in the
|
|
||||||
Guix manual for more details[1].
|
|
||||||
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
|
|
||||||
|
|
||||||
Other files are optional:
|
|
||||||
|
|
||||||
- id_ed25519: It is used for guix deploy. It is also generated by
|
|
||||||
ssh-keygen. A good idea is to have a symlink to it in order not to
|
|
||||||
have scp copy it to the target machine by mistake as it is the SSH
|
|
||||||
private key. Using separate SSH keys for separate machines also help
|
|
||||||
limiting the damage when such accident happen.
|
|
||||||
|
|
||||||
- id_wireguard: This is the wireguard private key. It can be generated
|
|
||||||
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
|
|
||||||
8 wg') for more detail.
|
|
||||||
|
|
||||||
|
|
||||||
Note that letsencrypt has a limit of about 5 certificates per week, so
|
|
||||||
it's a good idea to use test domains before deployments.
|
|
||||||
|
|
||||||
Once the image is booted:
|
|
||||||
- You will need to login inside and run the following command:
|
|
||||||
# first-boot.sh
|
|
||||||
- You then need to set the root password.
|
|
||||||
|
|
||||||
License
|
|
||||||
=======
|
|
||||||
This project is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This project is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
|
@ -1,33 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
set -e
|
|
||||||
|
|
||||||
report()
|
|
||||||
{
|
|
||||||
ret=$?
|
|
||||||
message="$@"
|
|
||||||
|
|
||||||
if [ ${ret} -eq 0 ] ; then
|
|
||||||
echo "[ OK ] ${message}"
|
|
||||||
else
|
|
||||||
echo "[ !! ] ${message} failed"
|
|
||||||
exit ${ret}
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
|
|
||||||
partprobe
|
|
||||||
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
|
|
||||||
|
|
||||||
certbot certonly --standalone -d DOMAIN -m LETSENCRYPT_EMAIL ; report "Obtaining Lets's Encrypt certificate"
|
|
||||||
herd restart mumble-server ; report "Restarting Mumble server"
|
|
||||||
herd restart nginx ; report "Restarting Nginx server"
|
|
|
@ -61,9 +61,9 @@ AC_ARG_WITH([letsencrypt-email],
|
||||||
|
|
||||||
AC_ARG_WITH([vm-ipv4-address],
|
AC_ARG_WITH([vm-ipv4-address],
|
||||||
[AS_HELP_STRING([--with-vm-ipv4-address=VM_IPV4_ADDRESS], [Use custom VM
|
[AS_HELP_STRING([--with-vm-ipv4-address=VM_IPV4_ADDRESS], [Use custom VM
|
||||||
IPv4 address. (default=192.168.1.117/16)])],
|
IPv4 address. (default=192.168.1.117/24)])],
|
||||||
[VM_IPV4_ADDRESS=$withval],
|
[VM_IPV4_ADDRESS=$withval],
|
||||||
[VM_IPV4_ADDRESS="192.168.1.117/16"])
|
[VM_IPV4_ADDRESS="192.168.1.117/24"])
|
||||||
|
|
||||||
AC_ARG_WITH([vm-ipv6-address],
|
AC_ARG_WITH([vm-ipv6-address],
|
||||||
[AS_HELP_STRING([--with-vm-ipv6-address=VM_IPV6_ADDRESS], [Use custom VM
|
[AS_HELP_STRING([--with-vm-ipv6-address=VM_IPV6_ADDRESS], [Use custom VM
|
||||||
|
@ -79,7 +79,7 @@ AC_ARG_WITH([vm-ipv4-gateway],
|
||||||
|
|
||||||
AC_ARG_WITH([vm-ipv6-gateway],
|
AC_ARG_WITH([vm-ipv6-gateway],
|
||||||
[AS_HELP_STRING([--with-vm-ipv6-gateway=VM_IPV6_GATEWAY], [Use custom VM
|
[AS_HELP_STRING([--with-vm-ipv6-gateway=VM_IPV6_GATEWAY], [Use custom VM
|
||||||
IPv6 gateway address. (default=2001:910:1021::1)])],
|
IPv6 gateway address. (default=192.168.0.1)])],
|
||||||
[VM_IPV6_GATEWAY=$withval],
|
[VM_IPV6_GATEWAY=$withval],
|
||||||
[VM_IPV6_GATEWAY="2001:910:1021::1"])
|
[VM_IPV6_GATEWAY="2001:910:1021::1"])
|
||||||
|
|
||||||
|
@ -99,11 +99,11 @@ AC_ARG_WITH([vm-ssh-public-key],
|
||||||
[AS_HELP_STRING([--with-ssh-vm-public-key=VM_SSH_PUB_KEY], [Use custom VM
|
[AS_HELP_STRING([--with-ssh-vm-public-key=VM_SSH_PUB_KEY], [Use custom VM
|
||||||
SSH public key for use with 'guix deploy'. (default=\
|
SSH public key for use with 'guix deploy'. (default=\
|
||||||
ssh-ed25519\
|
ssh-ed25519\
|
||||||
AAAAC3NzaC1lZDI1NTE5AAAAIGeMeRMT4l5mxi8snZYM+jcZ/N/EfJ25L2FU88fdbuhC)])],
|
AAAAC3NzaC1lZDI1NTE5AAAAIEjLYbJ+47MTte960IbOUTRzOD012ewt1IZgOOc+NqDa)])],
|
||||||
[VM_SSH_PUB_KEY=$withval],
|
[VM_SSH_PUB_KEY=$withval],
|
||||||
[VM_SSH_PUB_KEY="\
|
[VM_SSH_PUB_KEY="\
|
||||||
ssh-ed25519\
|
ssh-ed25519\
|
||||||
AAAAC3NzaC1lZDI1NTE5AAAAIGeMeRMT4l5mxi8snZYM+jcZ/N/EfJ25L2FU88fdbuhC"])
|
AAAAC3NzaC1lZDI1NTE5AAAAIEjLYbJ+47MTte960IbOUTRzOD012ewt1IZgOOc+NqDa"])
|
||||||
|
|
||||||
AC_ARG_WITH([vm-ssh-address],
|
AC_ARG_WITH([vm-ssh-address],
|
||||||
[AS_HELP_STRING([--with-vm-ssh-address=VM_SSH_ADDRESS], [Use custom VM
|
[AS_HELP_STRING([--with-vm-ssh-address=VM_SSH_ADDRESS], [Use custom VM
|
|
@ -1,4 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
#
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
#
|
#
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
|
@ -8,7 +9,8 @@
|
||||||
#
|
#
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
guix shell -C \
|
set -e
|
||||||
autoconf automake coreutils grep m4 sed \
|
|
||||||
-- \
|
certbot certonly --standalone -d DOMAIN -m LETSENCRYPT_EMAIL
|
||||||
autoreconf -fi $@
|
herd restart mumble-server
|
||||||
|
herd restart nginx
|
|
@ -1,69 +0,0 @@
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
.PHONY: all deploy
|
|
||||||
|
|
||||||
all: guix-installer-vm.img
|
|
||||||
|
|
||||||
# Generate default key. Can be changed by replacing id_ed25519.pub.
|
|
||||||
id_ed25519.pub:
|
|
||||||
printf "ssh-ed25519 %s %s" \
|
|
||||||
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
|
||||||
'gnutoo@primary_laptop' \
|
|
||||||
> $@
|
|
||||||
|
|
||||||
# Generate default key. Can be changed by replacing signing-key.pub.
|
|
||||||
signing-key.pub:
|
|
||||||
printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
|
|
||||||
'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
|
|
||||||
>$@
|
|
||||||
|
|
||||||
# We want to only update the image when guix commit changes. The trick
|
|
||||||
# to make that work is to only create or update a file when the revision
|
|
||||||
# changes.
|
|
||||||
guix-commit.txt: Makefile
|
|
||||||
if [ ! -f $@ ] ; then \
|
|
||||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
|
||||||
elif [ "$(cat $@)" != \
|
|
||||||
"$(guix describe | \
|
|
||||||
grep '^ commit:' | awk '{print $$2}')" ] ; then \
|
|
||||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
TARBALL_SOURCE = \
|
|
||||||
first-boot.sh \
|
|
||||||
guix-commit.txt \
|
|
||||||
guix-installer-vm-system.scm \
|
|
||||||
id_ed25519.pub \
|
|
||||||
Makefile \
|
|
||||||
signing-key.pub
|
|
||||||
|
|
||||||
guix-installer-vm.tar: $(TARBALL_SOURCE)
|
|
||||||
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
|
||||||
|
|
||||||
guix-installer-vm.tar.xz: guix-installer-vm.tar
|
|
||||||
xz -f -9e --verbose $<
|
|
||||||
|
|
||||||
guix-installer-vm.tar.xz.b64: guix-installer-vm.tar.xz
|
|
||||||
base64 $< > $@
|
|
||||||
|
|
||||||
IMAGE_SOURCE = \
|
|
||||||
$(TARBALL_SOURCE) \
|
|
||||||
guix-installer-vm.tar.xz
|
|
||||||
|
|
||||||
guix-installer-vm.img: $(IMAGE_SOURCE)
|
|
||||||
install \
|
|
||||||
`guix system image \
|
|
||||||
--image-type=mbr-raw \
|
|
||||||
--image-size=4G guix-installer-vm-system.scm` \
|
|
||||||
$@
|
|
||||||
|
|
||||||
deploy:
|
|
||||||
guix deploy -L . guix-installer-vm-machine.scm
|
|
|
@ -1,14 +0,0 @@
|
||||||
License
|
|
||||||
=======
|
|
||||||
This project is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This project is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
|
@ -1,29 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
set -e
|
|
||||||
|
|
||||||
report()
|
|
||||||
{
|
|
||||||
ret=$?
|
|
||||||
message="$@"
|
|
||||||
|
|
||||||
if [ ${ret} -eq 0 ] ; then
|
|
||||||
echo "[ OK ] ${message}"
|
|
||||||
else
|
|
||||||
echo "[ !! ] ${message} failed"
|
|
||||||
exit ${ret}
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
|
|
||||||
partprobe
|
|
||||||
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
|
|
|
@ -1,35 +0,0 @@
|
||||||
;;; Copyright © Guix documentation authors
|
|
||||||
;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
;;;
|
|
||||||
;;; This file is free software; you can redistribute it and/or modify it
|
|
||||||
;;; under the terms of the GNU General Public License as published by
|
|
||||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
;;; your option) any later version.
|
|
||||||
;;;
|
|
||||||
;;; This file is distributed in the hope that it will be useful, but
|
|
||||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
;;; GNU General Public License for more details.
|
|
||||||
;;;
|
|
||||||
;;; You should have received a copy of the GNU General Public License
|
|
||||||
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
(use-modules (gnu)
|
|
||||||
(gnu machine)
|
|
||||||
(gnu machine ssh))
|
|
||||||
(list
|
|
||||||
(machine
|
|
||||||
(operating-system
|
|
||||||
(@ (guix-installer-vm-system) guix-installer-vm-operating-system))
|
|
||||||
(environment managed-host-environment-type)
|
|
||||||
(configuration
|
|
||||||
(machine-ssh-configuration
|
|
||||||
(authorize? #t)
|
|
||||||
(build-locally? #f)
|
|
||||||
(host-key
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGgswfvxxErFStqBGY81N0uuLndjA5l9bGd4DGlcK9F")
|
|
||||||
(host-name "2001:910:1021::118")
|
|
||||||
(identity "./id_ed25519")
|
|
||||||
(port 222)
|
|
||||||
(system "x86_64-linux")
|
|
||||||
(user "root")))))
|
|
|
@ -1,172 +0,0 @@
|
||||||
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
;;
|
|
||||||
;; This file is free software; you can redistribute it and/or modify it
|
|
||||||
;; under the terms of the GNU General Public License as published by
|
|
||||||
;; the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
;; your option) any later version.
|
|
||||||
;;
|
|
||||||
;; You should have received a copy of the GNU General Public License
|
|
||||||
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
(define-module (guix-installer-vm-system)
|
|
||||||
#:use-module (gnu)
|
|
||||||
#:use-module (gnu packages admin)
|
|
||||||
#:use-module (gnu packages certs)
|
|
||||||
#:use-module (gnu packages disk)
|
|
||||||
#:use-module (gnu packages dns)
|
|
||||||
#:use-module (gnu packages linux)
|
|
||||||
#:use-module (gnu packages screen)
|
|
||||||
#:use-module (gnu packages ssh)
|
|
||||||
#:use-module (gnu packages tls)
|
|
||||||
#:use-module (gnu services admin)
|
|
||||||
#:use-module (gnu services certbot)
|
|
||||||
#:use-module (gnu services ssh)
|
|
||||||
#:use-module (gnu services telephony)
|
|
||||||
#:use-module (gnu services vpn)
|
|
||||||
#:use-module (gnu services web)
|
|
||||||
#:use-module (guix build-system copy)
|
|
||||||
#:use-module (guix build-system gnu)
|
|
||||||
#:use-module ((guix licenses) #:prefix license:)
|
|
||||||
#:use-module (guix packages)
|
|
||||||
#:use-module (guix utils)
|
|
||||||
#:export (guix-installer-vm-operating-system))
|
|
||||||
|
|
||||||
(define guix-installer-vm-config
|
|
||||||
(package
|
|
||||||
(name "guix-installer-vm-config")
|
|
||||||
(version "0.1")
|
|
||||||
;; TODO: Make that tarball reproducible
|
|
||||||
(source (local-file "guix-installer-vm.tar.xz"))
|
|
||||||
(build-system copy-build-system)
|
|
||||||
(arguments
|
|
||||||
(list
|
|
||||||
#:install-plan
|
|
||||||
#~(list
|
|
||||||
'("first-boot.sh" "share/guix-installer-vm/configs/")
|
|
||||||
'("guix-commit.txt" "share/guix-installer-vm/configs/")
|
|
||||||
'("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
|
|
||||||
'("id_ed25519.pub" "share/guix-installer-vm/configs/")
|
|
||||||
'("Makefile" "share/guix-installer-vm/configs/")
|
|
||||||
'("signing-key.pub" "share/guix-installer-vm/configs/")
|
|
||||||
'(#$source
|
|
||||||
"share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
|
|
||||||
(synopsis "Full machine configuration.")
|
|
||||||
(description
|
|
||||||
"This contains all the configuration files of this machine. This is
|
|
||||||
needed for unattended upgrades to work.")
|
|
||||||
(home-page "DOMAIN")
|
|
||||||
(license license:gpl3+)))
|
|
||||||
|
|
||||||
(define first-boot-script
|
|
||||||
(package
|
|
||||||
(name "first-boot-script")
|
|
||||||
(version "0.1")
|
|
||||||
(source (local-file "first-boot.sh" ))
|
|
||||||
(build-system gnu-build-system)
|
|
||||||
(arguments
|
|
||||||
(list #:tests? #f ;no tests
|
|
||||||
#:phases
|
|
||||||
#~(modify-phases
|
|
||||||
%standard-phases
|
|
||||||
(delete 'build)
|
|
||||||
(delete 'configure)
|
|
||||||
(replace 'install
|
|
||||||
(lambda _
|
|
||||||
(chmod "first-boot.sh" #o755)
|
|
||||||
(install-file
|
|
||||||
"first-boot.sh"
|
|
||||||
(string-append (string-append #$output "/bin"))))))))
|
|
||||||
(inputs (list e2fsprogs parted util-linux))
|
|
||||||
(synopsis "Script to run on first boot.")
|
|
||||||
(description
|
|
||||||
"The first-boot.sh script resize the rootfs and updates the system.")
|
|
||||||
(home-page #f)
|
|
||||||
(license license:gpl3+)))
|
|
||||||
|
|
||||||
(define guix-installer-vm-operating-system
|
|
||||||
(operating-system
|
|
||||||
(bootloader (bootloader-configuration
|
|
||||||
(bootloader grub-minimal-bootloader)
|
|
||||||
(targets '("/dev/vda"))
|
|
||||||
(terminal-outputs '(serial_0))))
|
|
||||||
(kernel-arguments (append '("console=ttyS0")))
|
|
||||||
(file-systems (cons (file-system
|
|
||||||
(device (file-system-label "Guix_image"))
|
|
||||||
(mount-point "/")
|
|
||||||
(type "ext4")) %base-file-systems))
|
|
||||||
(host-name "guix-installer-vm")
|
|
||||||
(timezone "Europe/Paris")
|
|
||||||
(packages (append (list first-boot-script
|
|
||||||
guix-installer-vm-config
|
|
||||||
htop
|
|
||||||
net-tools
|
|
||||||
nss-certs
|
|
||||||
parted
|
|
||||||
screen)
|
|
||||||
%base-packages))
|
|
||||||
(services
|
|
||||||
(append
|
|
||||||
(list
|
|
||||||
;; Agetty
|
|
||||||
|
|
||||||
;; ttyS0 is already setup automatically due to the console=ttyS0
|
|
||||||
;; kernel argument
|
|
||||||
(service agetty-service-type
|
|
||||||
(agetty-configuration (term "xterm-256color")
|
|
||||||
(tty "ttyS1")))
|
|
||||||
(service agetty-service-type
|
|
||||||
(agetty-configuration (term "xterm-256color")
|
|
||||||
(tty "ttyS2")))
|
|
||||||
(service agetty-service-type
|
|
||||||
(agetty-configuration (term "xterm-256color")
|
|
||||||
(tty "ttyS3")))
|
|
||||||
;; Networking
|
|
||||||
(service
|
|
||||||
static-networking-service-type
|
|
||||||
(list
|
|
||||||
(static-networking
|
|
||||||
(addresses (list (network-address
|
|
||||||
(device "eth0")
|
|
||||||
(value "192.168.1.118/16"))
|
|
||||||
(network-address
|
|
||||||
(device "eth0")
|
|
||||||
(value "2001:910:1021::118/64"))))
|
|
||||||
(routes (list (network-route
|
|
||||||
(destination "default")
|
|
||||||
(gateway "192.168.0.1"))
|
|
||||||
(network-route
|
|
||||||
(destination "default")
|
|
||||||
(gateway "2001:910:1021::1"))))
|
|
||||||
(name-servers (list "192.168.0.1" "2001:910:1021::1")))))
|
|
||||||
;; OpenSSH
|
|
||||||
(service openssh-service-type
|
|
||||||
(openssh-configuration
|
|
||||||
(openssh openssh-sans-x)
|
|
||||||
(use-pam? #f)
|
|
||||||
(port-number 222)
|
|
||||||
(permit-root-login #t)
|
|
||||||
(password-authentication? #f)
|
|
||||||
(challenge-response-authentication? #f)
|
|
||||||
(authorized-keys
|
|
||||||
`(("root" , (local-file "id_ed25519.pub"))
|
|
||||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
|
||||||
;; Unattended Upgrades
|
|
||||||
(service
|
|
||||||
unattended-upgrade-service-type
|
|
||||||
(unattended-upgrade-configuration
|
|
||||||
(operating-system-file
|
|
||||||
(string-append "/run/current-system/profile"
|
|
||||||
"/share/guix-installer-vm/configs/"
|
|
||||||
"guix-installer-vm-system.scm"))
|
|
||||||
(schedule "0 * * * * ")
|
|
||||||
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
|
|
||||||
(modify-services
|
|
||||||
%base-services
|
|
||||||
(guix-service-type config => (guix-configuration
|
|
||||||
(authorized-keys
|
|
||||||
(append
|
|
||||||
(list
|
|
||||||
(local-file
|
|
||||||
"signing-key.pub"))
|
|
||||||
%default-authorized-guix-keys)))))))))
|
|
||||||
guix-installer-vm-operating-system
|
|
|
@ -1,7 +1,7 @@
|
||||||
<domain type="kvm">
|
<domain type="kvm">
|
||||||
<name>guix-vm-installer</name>
|
<name>guix-vm-installer</name>
|
||||||
<memory unit="KiB">2097152</memory>
|
<memory unit="KiB">16777216</memory>
|
||||||
<currentMemory unit="KiB">2097152</currentMemory>
|
<currentMemory unit="KiB">16777216</currentMemory>
|
||||||
<resource>
|
<resource>
|
||||||
<partition>/machine</partition>
|
<partition>/machine</partition>
|
||||||
</resource>
|
</resource>
|
||||||
|
@ -31,11 +31,17 @@
|
||||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||||
<disk type="file" device="disk">
|
<disk type="file" device="disk">
|
||||||
<driver name="qemu" type="raw"/>
|
<driver name="qemu" type="raw"/>
|
||||||
<source file="/srv/vmverse/installation/guix-installer-vm.img"/>
|
<source file="/srv/vmverse/installation/guix-system-install-1.4.0.x86_64-linux.iso"/>
|
||||||
<target dev="sda" bus="usb" removable="on"/>
|
<target dev="sda" bus="usb" removable="on"/>
|
||||||
<readonly/>
|
<readonly/>
|
||||||
<address type="usb" bus="0" port="1"/>
|
<address type="usb" bus="0" port="1"/>
|
||||||
</disk>
|
</disk>
|
||||||
|
<disk type="file" device="disk">
|
||||||
|
<driver name="qemu" type="raw"/>
|
||||||
|
<source file="/srv/vmverse/noyau/audio.experimental.a-lec.org.raw"/>
|
||||||
|
<target dev="vda" bus="virtio"/>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||||
|
</disk>
|
||||||
<controller type="usb" index="0" model="ich9-ehci1">
|
<controller type="usb" index="0" model="ich9-ehci1">
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||||
</controller>
|
</controller>
|
||||||
|
@ -82,13 +88,16 @@
|
||||||
</console>
|
</console>
|
||||||
<input type="keyboard" bus="ps2"/>
|
<input type="keyboard" bus="ps2"/>
|
||||||
<input type="mouse" bus="ps2"/>
|
<input type="mouse" bus="ps2"/>
|
||||||
<graphics type="spice">
|
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
||||||
<listen type="none"/>
|
<listen type="address" address="127.0.0.1"/>
|
||||||
<gl enable="no"/>
|
<gl enable="no"/>
|
||||||
</graphics>
|
</graphics>
|
||||||
<audio id="1" type="spice"/>
|
<audio id="1" type="spice"/>
|
||||||
<video>
|
<video>
|
||||||
<model type="none"/>
|
<model type="virtio" heads="1" primary="yes">
|
||||||
|
<acceleration accel3d="no"/>
|
||||||
|
</model>
|
||||||
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
||||||
</video>
|
</video>
|
||||||
<memballoon model="virtio">
|
<memballoon model="virtio">
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
|
@ -0,0 +1,236 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
#
|
||||||
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 3 of the License, or (at
|
||||||
|
# your option) any later version.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
report()
|
||||||
|
{
|
||||||
|
ret=$?
|
||||||
|
message="$@"
|
||||||
|
|
||||||
|
if [ ${ret} -eq 0 ] ; then
|
||||||
|
echo "[ OK ] ${message}"
|
||||||
|
else
|
||||||
|
echo "[ !! ] ${message}"
|
||||||
|
exit ${ret}
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
environment_checks()
|
||||||
|
{
|
||||||
|
[ "$(id -u)" = "0" ] ; report "Running as root"
|
||||||
|
|
||||||
|
# Try to detect the installer
|
||||||
|
_mount="none / overlay"
|
||||||
|
_mount="${_mount} rw,relatime"
|
||||||
|
_mount="${_mount},lowerdir=/real-root"
|
||||||
|
_mount="${_mount},upperdir=/rw-root/upper"
|
||||||
|
_mount="${_mount},workdir=/rw-root/work"
|
||||||
|
_mount="${_mount} 0 0"
|
||||||
|
|
||||||
|
grep "${_mount}" "/proc/mounts" 2>&1 > /dev/null ; report "Mount check"
|
||||||
|
|
||||||
|
[ "${HOSTNAME}" = "gnu" ] ; report "Hostname check"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# FB31DBA3AB8DB76A4157329F7651568F80374459:
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
|
||||||
|
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||||
|
import_gpg_key()
|
||||||
|
{
|
||||||
|
cat <<EOF > FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFksJcEBEADYjwYOrJmv5TX7NPItWRT7W+XNMe53NXoSZa9bEiHnTv8PoQaw
|
||||||
|
ldPpHn3TTtN1Iq4QgvNVzr0uoxPAdxFUkcvF3bFH7u/aQoXoBXxl/HH3DAoR+HIa
|
||||||
|
0XE1vPGEzUTybR2CmH3vMkfWsErEJuPxRPSTV0qouRGUU21FTuBy8x/HLyoO9L2M
|
||||||
|
YZX98Y3hWHP4V6P/tSsGaNg73l4oIbVv1SLJdASPRG7FF/UyWZzf1mZjmjbEuju1
|
||||||
|
z8Fcu/urGxiSQO2DPiCpPOIQwUjeaRQbvZQz7d7q6QLZ+lT8YhuFsIjVXDqOiuZ3
|
||||||
|
t2c3Dgg+++RIW1w9KW2xOJHg7rDRA2RqSwf8t51xE/CVLXcWDGqiMG7hjVAO1iW4
|
||||||
|
G31QvUWxDxvyzOTvGDuPb+5eHaGj1uM/ncLfxlPyc4LPRucxNDO426grMdUL9P1S
|
||||||
|
MMUNWOt7Yg3Y4aKFA+/ukBdyoExgC3iubh4QoGuX+SKP46DXTlqQTPj3Fyp3tRWi
|
||||||
|
VhFdMNCRTIDinN3S//KToZ7OxIkgsRG9sw2lGc4JzJxMpv6N++nZJuTFhc3cA3QE
|
||||||
|
E0YGjAmPc2cgwoeGiWrxugWm6B0BWOzHlxzwwtEsK8TsDg4ifyp5erHPDGQ3rV3x
|
||||||
|
gR5Jbf1p6VZE8IdTYoqP1gv+x5/0dK+2Nl2IHfgJ5FX0mKg9BD4+/JbtSwARAQAB
|
||||||
|
tCpEZW5pcyAnR05VdG9vJyBDYXJpa2xpIDxHTlV0b29Abm8tbG9nLm9yZz6JAlQE
|
||||||
|
EwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQT7Mdujq423akFXMp92
|
||||||
|
UVaPgDdEWQUCY0g+1gUJC/1MigAKCRB2UVaPgDdEWV8mD/4icDedQRUNdOlBNroP
|
||||||
|
p161qyYgMeQCOqpeUBVqQOZjXD75PyRWO5HZUjmzZb2+gAOBfRa2dlJGMEc2YzGz
|
||||||
|
916WHq9sjcV6aZG1kTzgKVFo8PeStbvvhGCEIZ3jnfsfbZYvF6GvBzNWeTGoK+w3
|
||||||
|
6wtzdfqI8ySjpy1Ul+V2TtJQAegCWee1qlLmRc49Zzi/s3ohw10FH5PnzcfPfxcB
|
||||||
|
XaFSWV9dj4T9C89Ij2jpPMIVp2zZzWRZUHkw8e12xzdkDukLgDhmdLsOCFcIGw1a
|
||||||
|
dgQNoZdRgTpxacNxrZssGTdaKNjXUSDTIb55SyCZzJNJli7Ict52RVXexUDwHTBn
|
||||||
|
XQbL4MQNwR+gH7WqCMGnNjn/0j6jsnjXn+a+oLiSUHkfz6g+OZh9mNqV7TQfrRDv
|
||||||
|
bj39GqAQVwt31rr1CcAkPLe99R6JPVCdli5ZhuJF00+D8hcwdNtWkZQheOHQM/k4
|
||||||
|
0Lxn+VJKyoAhW/akI6iuNl+twS2vay3Y2G+dSIkCdwioYfe9buI1x7gAyP513kcC
|
||||||
|
HFxHwCFEyfG9cmIaLEiIyO+4YJLgI4S22t9A20nZUawae4lDfunWtCj88hqPRAUB
|
||||||
|
tgSLFkcKXmFQI0UoQXrLqdQAMKhOmXLHrOA03ZR+NCzf/FczP7jGTKdcNXUApvUZ
|
||||||
|
iF37I1gkuZUMxMNDDjSVHQq1rLQqRGVuaXMgJ0dOVXRvbycgQ2FyaWtsaSA8R05V
|
||||||
|
dG9vQHJpc2V1cC5uZXQ+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
|
||||||
|
AheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFWj4A3
|
||||||
|
RFmypg//XGUDW+m5nJMYbmYCyMQf3RPks4h7ncV8KBJg9zZZT/FKG1FVyUgQzMPe
|
||||||
|
pjysvirmRMDrjPzcQRl2Io48eLQvExZALtGUONsPtuY409JW+nIqt5MeuKlcCiY6
|
||||||
|
11c6fDEkt5/Bxa4640VAFNmUOXTWy/pl/ELH7W/RCsuOPDGmeRhBkkMm3EUGnZef
|
||||||
|
7y6AZko3b02IvB35K1nt+eTZ+E2oYmNaiEI/Tfih5R5P31QCrrC9VCuJBmkoqanZ
|
||||||
|
pvxUBgFbfgfv3QFLlXrXTWma/+kxQKoWsdunkXWOoFjJcgWl8eJ4bB1+JmMB1/S1
|
||||||
|
AjQB4jqKjxGaka/cxJG4A1Sd9ad09m+IUW0k9ZlGYGm4ZiRwE26NNlMK0O/3czQX
|
||||||
|
nKC0qmTUTpDey6A9H1w4cybQAX1PIYJZDR+5ipz+UWHrWhYsXzK71BbbxlXo0zgd
|
||||||
|
uc8hSKhYm7tewUKticqrPAeuyEcBZkY1sGcuK+Up5rF3dQYaHGXgIxec9AoZpE2W
|
||||||
|
PMRE4M7jEPU5XFI9g6Jx1YOxht7PXoqyyabjKQgIV9lyWHU2BQ+SyJ4QtRLeMN/v
|
||||||
|
uI7dEvqyWXuX0JBdIU9DLpFfMlC7CY3ysPHN7M6FHWnEj+S2+qyBApUhOWFB5FHW
|
||||||
|
QteCSXXf/OiaUDwTwqvV4vwYHU/tYHZbgnPNK1dBZ5+3IYbupm60L0RlbmlzICdH
|
||||||
|
TlV0b28nIENhcmlrbGkgPEdOVXRvb0BtYWtlZnJlZWRvbS5vcmc+iQJUBBMBCAA+
|
||||||
|
AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3
|
||||||
|
RFkFAmNIPssFCQv9TIoACgkQdlFWj4A3RFl25xAAw586zSEpR674/CZpT+vXf4RL
|
||||||
|
phSxTWHFdBej3uy21coo5zMpJKFwe9IFKGK/tG2JhV/pGwmdPH3LKW4Hwuo77L5z
|
||||||
|
p4iK5vdrQdhNKybICdAt58FtV2Pkv7GWZHCQpVwQFujp/f37CgCxSeobve2Rkfg4
|
||||||
|
ZNABP3EHsXn0kDpBkavBVuCADn7EGbHVcCDExl0sXar4hyPMG/tOi9Q63LmNhdxx
|
||||||
|
KsLI/BFmiPjePUekyYEh4mYjo+ZVOW+1r9dPXdR8vusBx486TcsfldcAMccUZWvo
|
||||||
|
8UYOiebLSXnU1pDnUTQvOKr52rLInt2rAWpnpOsBt8RLPS6youqN1qakvgV+iMdA
|
||||||
|
ujQAAAuV8SCF/FazHgoH2drtNNMVESeQHkJz0cR60ONWVhiHL/9HcZC0ot81Sypp
|
||||||
|
Xwzddigz97c3O3V/GSxz2OjuKh5rbyPffD1eHR2/PVa55OL3wKAVlx228VFP2SUC
|
||||||
|
XL3Pc+s/NTg365npwQh3Lw8FtSdnMt+EMCzu89alUu5Ei+w+oRCRC9v34eYNtzNN
|
||||||
|
4CntgVnPvXLJV1gMImIlKkRzmrQn1x1VR0nEhY7928fwETutZcxJQmVCYug0rT4g
|
||||||
|
crVuDnsqR1p0R+uNKcvMUkdFt9JWezSPjpS/tBSD2RsXeX55z+fS/HrvU0YfaRRH
|
||||||
|
7EVrUJHRQPY7EC8xinK0MkRlbmlzICdHTlV0b28nIENhcmlrbGkgPEdOVXRvb0Bj
|
||||||
|
eWJlcmRpbWVuc2lvbi5vcmc+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB
|
||||||
|
Ah4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFW
|
||||||
|
j4A3RFnhhw//QMHYtFMbR3XI7oXw82RiyjnHrStSsFckW2kbocK+7KV1Yli2u2SN
|
||||||
|
3SGWBAP5LlqwLL1OoJ03nRDY81z193WrO0Kr3vFZAZXfMnD4t+bY6O1aFSoADb79
|
||||||
|
7iFDwTjsyJvQ1Rw1siJQb1PQWrxHkNAfd0iU7x6GLhdU5s1nq4kvTP4SwhOmZ9AN
|
||||||
|
tGrtHpnGUVZv705D2Xu7mnntiApsvxMzrwx2Fo9zNXTWX65nOyOXFufgYwtMPPOZ
|
||||||
|
4jMitV+RFC/mChHwn6U0xn/exSSq/Xwi9DabH24kb466OLkTCew5DBEH+GSyY7+F
|
||||||
|
BYO46lAFVLeAq3TnnkrfAZn/ildAKYTpv2VFZRjO2poG2Pax/0tA/8eO86ih+IxU
|
||||||
|
mU10ddMyRHICA2OH56QFwFLgi4mktDiO11HeMF569VbNADnIls/1HDTTAqsZk9uf
|
||||||
|
I/ZMyjNF8FoZa8AXwrLd1M+KAKNhZqvN1vVp2CF792z4VNMxfD/gzvsW/fq+lpgR
|
||||||
|
n6Qn9BqDe6NoeRsI7u/lfJvDwciMZ2OvcQf+XkaBkMxeYXJXoG+zHqmW5Io+7xdX
|
||||||
|
Ay619mKBm411exJTDMipoJU5djiEdNGrHFqvjKNAz/LGHmgL0m+saWc71a9fcAG8
|
||||||
|
0i75TUpQOleBh/tkSYPHa+Gv7dF0ZQE657lWK3VZmdmSGXgSAtBt3ua5Ag0EWXPU
|
||||||
|
7wEQALjMcmaRsGR1wFgR3RyIoCFNvmCBxDGaPb/X4TG10N5GXZFE1X7I9cZha+QF
|
||||||
|
zF9hFAmN4FnKoWCWaobEhXG5ufoqvj2J3UBDW2s3Enwrhyva3kszMUBzv1dXwwrF
|
||||||
|
qxp6Er73W7Semh64GRLjJo/tPA/mPnu/9qjumfOfydIFVnqYM7ZBx0aAhxzUyBjb
|
||||||
|
okryIct3BEjPmRf+e8SfvFaqFJCNcvmvOVGOCVoz7N3cgLUTK12njj/Qak3nLabv
|
||||||
|
9oQbNtngOYDAIWNPhDM+AUml5mw5Auab92aZyDJ4hmTPhov9OWoWeJFD5xR0R7RX
|
||||||
|
Ol4PvRpA5O5qUa05PoLbp7pBOFmh52aUlaXc37QsgewJpDcCkzw4oZaQiVXwimjy
|
||||||
|
hNAsv6lEYoSDNqPCIbUNmnrFljCMcRtfqtYKLCXNvUOG7+MjfYQ/nEVrPCPgUoQM
|
||||||
|
5nbILxcHHWbECqYIQ4MLgBMEOEzEcp1mXdp+BJBbZiOSuofpMGDF4mbkzjgQOop4
|
||||||
|
aBxzDLd+MjKPuD2uhhloLbf5kUGGBQXc9MNYbWno4c11AR3XLrgoLt2lAYTNX0lI
|
||||||
|
zAjR08gulZlGHcuhoY5brFTtKEy92lUfwSAScvp8NAp6lEsroNqbPw0DdMe2Thpd
|
||||||
|
Vmu9ztHoq0Z7nz0aRt3lQss9zLzphXGKh3Rv81R+QNOd988zABEBAAGJAjwEGAEI
|
||||||
|
ACYCGwwWIQT7Mdujq423akFXMp92UVaPgDdEWQUCY0g/XAUJC7Wd7QAKCRB2UVaP
|
||||||
|
gDdEWXu1D/931OK7RgkP0Nq9gDn6/IwXX+Dtl0JF3Ip3Oy2q6uHxu3YHK1Ezx9kV
|
||||||
|
6T3sOb2MdtGL08qWfQlKRLU3dC7k85z6IAdhTrDOMTBeUssnY5Xgxl3cfJqBfQTW
|
||||||
|
MZG3vqMlsJfUVOAueShUelzpOtYV/s3wm4UYR0zPP2+QDZgIDX8LHhdd3Ela1kgZ
|
||||||
|
cz5OKbeBa30fHWIUQDybJmKFi8y+5629X7TeyFqsQ8CPXW317/eBpY3Q6mkp6pyZ
|
||||||
|
iEEjeca/FQb9q9DsAIdkovfBSNnTZQAFePwIp1nR67LHuxMclxRPoAPtkym3rIWA
|
||||||
|
y6w3n68fKUOIj92OhCBE/FE/nLl+BoFYOuYRoN3C7a7t3U4cAPW+9jl89w4zzvfg
|
||||||
|
QvnAVKKba7szYcjSdyWbeMsIdq8Fe9T/6bdzs5ugR1yu0V618Foa6rPhDEiYjriG
|
||||||
|
KoynZA4hZ9l83hT/kktu2jNYeIeXUqgWUFLZ3EeXynVDzqgN9buWzEZO8wZG2tNS
|
||||||
|
sqTW9ZHZUuR6L9wUCjgPpRz4kREYdYmm5dm1uqXkQTwjo7vA1HRtGSun1FNYOl+w
|
||||||
|
22tKNcU4erBZcKYUfyUP6gTQ4ojZN0rVb5AzT9wQoLcrljllDP9qQ45ndlov+0DD
|
||||||
|
ccixs3PPK1ClY3puCyxX8QT7zROYhck9n0+YmuS/9TUnu19Az//aCbkCDQRZc9Sk
|
||||||
|
ARAAsCIq2++gqtU8Z/lMDDAwVbNoq++FCA2apR4Lxj0G+jEog++8uJYawWDLpJ14
|
||||||
|
Lvlm+OygM3s70RHyLKWiDWkdwDLbZ4b8MlHATBanEHeGsxQK9Td7VB0O3MQ/ICVs
|
||||||
|
OjgTG8PJSv02HmNoGp/Zj3rbNSfXhomIq44aXRrw2ZxoNckj0xuHFSV85QlVy93f
|
||||||
|
BgQiIozEPDJK8xGGn7a2gXwj6+hAaKTF1tOAWKHqInJpNduOZfVzpY5dHSUU4qjU
|
||||||
|
TyvTEJhROA2QEo3qE5VZL2o/2rCapzqC+7pRzxEPDwcDGr2g/RFNLFSf3PvkH48M
|
||||||
|
J66bid6aeI2uPdL9geWk6MJUCj03X2ylfFCKG0Bo0vWbv2wcJrZBCfHm256LTKHO
|
||||||
|
lkBbvBrauzu1cTtivt8wtjm2wOiTII7nyyVvdhYuAirpYJfIFGV3iY8MJ7cdO7rI
|
||||||
|
VRO1wkLiuE606zNJ3WCGJNwlhyFt+z8aYjB6UQwMhs1JztLFrghW+JsjzfgEXWvs
|
||||||
|
d089woZR45PiF2Krm42E6tNBhhcJOmNFXHs5KN6oz8vAOrJ+Obw9HvBWTh5kMhdT
|
||||||
|
ZdbGt3BZmtLfIFsEmvS+RCe5fGSiuPxudbfFzih04aXPG1wM8O4F0SFhzkwTrxGp
|
||||||
|
46VyXZTH5xT1R56xbu44qvtYS2O8IhNKzLPROIOVqD9ey0kAEQEAAYkEcgQYAQgA
|
||||||
|
JgIbAhYhBPsx26OrjbdqQVcyn3ZRVo+AN0RZBQJjSD9cBQkLtZ44AkDBdCAEGQEI
|
||||||
|
AB0WIQR4L53b42un89TeSQZfXfzBQXfiYwUCWXPUpAAKCRBfXfzBQXfiY/ObD/4i
|
||||||
|
x5aFvTz4OMAkhvOugcDekpVHC9gQU92j2boyZO4zi2RhB0JpGWWNU90WgUxorla3
|
||||||
|
p31L44DYfg/ZoDG5zL7liykgAItt+Mwnf+hkNJZnm+dfj2lFAkBEXqpesZ8vyO6m
|
||||||
|
BUOLhXSXd2N8+3XLwStAhC1OWE7ZcuCWmBtnbJad1HNujPhbW7tiddXhdSLbj/kG
|
||||||
|
bjWTUdpH1TS9RNrp2tBqTCvLeXOr7NV+0FAuulO/6+m2OkRuuoj+5nVUmhmPqg4z
|
||||||
|
z2hARiocg1nFca50uO5zbvYkbcggmN1hXrgEkKpThKnTEHaa/tFnfPSU5olPBpVX
|
||||||
|
KP4u+e5ksMKvcLesLpFmqxz02ie1SQk17lZqMw35tHUBP+ZLlO5msdABUfmDpQ4j
|
||||||
|
exTAFN0vfXkMc6MinFtO3WQtZ6Gf9r2oqlR+1siCAtX9l/zL2out4OTwFN7ekEE6
|
||||||
|
7/pFhjDnQEUnY4MdcbAmOR5s3qs6YP+CUabGhkkyH8h4ffpZlNGLlJAz82oxK64A
|
||||||
|
/Wbq5jFMn46nPM/m39+0QvcJD05gmF5PZJ7SXjf2z9Obt1RHPQJJ7+wvYHsQVZAI
|
||||||
|
e8kT/PB74/jPzHYppF3EIFidf1fnRdguZZmG0DTXOUtTAdOAAdqt0MrtkjFzM2eD
|
||||||
|
/3hy110zWKjd4tk7LQAeqYWPM5lzDrQ3ObdPT1+ysQkQdlFWj4A3RFnslw//QbwB
|
||||||
|
PMuaPG9LlcoR8qSQtyXcn5TflVVH1wYa7iL9WSG5NPpx5/FFZKScWMJjjhHUDtc6
|
||||||
|
jnICjLw+83gDOxeFIVyMg/9yT0DS7UPxc904c6G9WRyIdQqA5sRq7Iuk45S30LEZ
|
||||||
|
v2c0+RYk8m0zSlD7vqiRY9myZKrRiWkfylAq/VL/HR6S5eKrPRgEbcQDXsoqyhnM
|
||||||
|
n9cDc+81eOPpKW9S2+xqmo+x3WCISdi2Nr6R3WkyabWkikvlTcd7can/4amKPmIN
|
||||||
|
i2vUVSfhsWaFGvgb8nv0Ebd6yjeDLZ8FI32KCeAYGh6FiJPC5DiFvMlbLXi4SJwu
|
||||||
|
5p0j36xa+jJrylK/4XEJqQn6MrQ9+zdROT6bc3YlxkRXflEnE2uJshT8nSLE/j3v
|
||||||
|
ydSHxgxAbdQ14oocvr7CltS7t0xup/YiOUtcHhprCB02PYdpT/XhZjW0pi/vyhdX
|
||||||
|
6sGFRuCueLRf1cJiCJhISYbR4VyoMLcnvdcoKUa+/ikC6CkyZGxwAH1JGcEVjzD+
|
||||||
|
4xG8l8/ubA3DSguKNpI1dGzVxpWgJnJzMCXBcwxp5c+kKH94QbKAUVt+16dUaY9k
|
||||||
|
0hhucHQnbTHS3w9jY7rZ6sAZHufb9LQMMWunerecL6WvAR+XUydMd1rJS93j4y1W
|
||||||
|
fNHj/507Jk+Ogk89eojQYjZNHCF+Zhyk6IRyI84=
|
||||||
|
=4ncY
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
EOF
|
||||||
|
|
||||||
|
guix shell gnupg -- \
|
||||||
|
gpg --import FB31DBA3AB8DB76A4157329F7651568F80374459.asc && \
|
||||||
|
rm -f FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||||
|
}
|
||||||
|
|
||||||
|
environment_checks
|
||||||
|
|
||||||
|
tmpdir="$(mktemp -d)"
|
||||||
|
cd "${tmpdir}"
|
||||||
|
|
||||||
|
guix pull ; report "Guix pull"
|
||||||
|
hash guix ; report "hash guix"
|
||||||
|
|
||||||
|
import_gpg_key ; report "Import GPG key"
|
||||||
|
|
||||||
|
guix shell -C --network git nss-certs -- \
|
||||||
|
git clone https://git.a-lec.org/GNUtoo/guix-mumble-vm.git -b guix-installer ; \
|
||||||
|
report "Cloning machine configuration git"
|
||||||
|
|
||||||
|
cd "guix-mumble-vm" ; report "cd guix-mumble-vm"
|
||||||
|
|
||||||
|
guix shell git gnupg -- \
|
||||||
|
git verify-commit HEAD ; report "check git signature"
|
||||||
|
|
||||||
|
guix shell -C --nesting autoconf automake bash coreutils grep sed -- \
|
||||||
|
./autogen.sh ; report "./autogen.sh"
|
||||||
|
|
||||||
|
guix shell -C --nesting bash coreutils gawk grep sed -- \
|
||||||
|
./configure ; report "./configure"
|
||||||
|
|
||||||
|
guix shell -C --nesting automake coreutils gawk grep make sed tar xz -- \
|
||||||
|
make mumble-vm.tar.xz ; report "Generating VM definition"
|
||||||
|
|
||||||
|
cp mumble-vm.tar.xz ../ && \
|
||||||
|
cd ../ && \
|
||||||
|
rm -rf mumble-vm && \
|
||||||
|
guix shell -C tar xz -- tar xf mumble-vm.tar.xz && \
|
||||||
|
rm -f mumble-vm.tar.xz ; report "Removing git repository"
|
||||||
|
|
||||||
|
guix gc ; report "guix gc"
|
||||||
|
|
||||||
|
echo 'label: gpt' | sfdisk /dev/vda ; report "GPT creation on /dev/vda" ; \
|
||||||
|
report "GPT formating"
|
||||||
|
|
||||||
|
echo ';;L;*' | sfdisk /dev/vda ; report "/dev/vda1 creation" ; \
|
||||||
|
report "Adding partition"
|
||||||
|
|
||||||
|
mkfs.ext4 -F -L Guix_image /dev/vda1 ; report "EXT4 formating"
|
||||||
|
|
||||||
|
mount /dev/vda1 /mnt ; report "mount /dev/vda1 /mnt" ; report "mounting rootfs"
|
||||||
|
|
||||||
|
herd start cow-store /mnt ; report "Using /mnt for storing guix system init packages"
|
||||||
|
guix system init mumble-vm-system.scm /mnt ; report "guix system init"
|
||||||
|
umount /mnt ; report "umount rootfs"
|
||||||
|
|
||||||
|
printf "Installation done: %s\n" \
|
||||||
|
"you can remove the install media and reboot to the new VM"
|
|
@ -11,7 +11,6 @@
|
||||||
(define-module (mumble-vm-system)
|
(define-module (mumble-vm-system)
|
||||||
#:use-module (gnu)
|
#:use-module (gnu)
|
||||||
#:use-module (gnu packages admin)
|
#:use-module (gnu packages admin)
|
||||||
#:use-module (gnu packages certs)
|
|
||||||
#:use-module (gnu packages dns)
|
#:use-module (gnu packages dns)
|
||||||
#:use-module (gnu packages linux)
|
#:use-module (gnu packages linux)
|
||||||
#:use-module (gnu packages ssh)
|
#:use-module (gnu packages ssh)
|
||||||
|
@ -31,35 +30,6 @@
|
||||||
|
|
||||||
(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
|
(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
|
||||||
|
|
||||||
(define mumble-vm-config
|
|
||||||
(package
|
|
||||||
(name "mumble-vm-config")
|
|
||||||
(version "0.1")
|
|
||||||
;; TODO: Make that tarball reproducible
|
|
||||||
(source (local-file "mumble-vm.tar.xz"))
|
|
||||||
(build-system copy-build-system)
|
|
||||||
(arguments
|
|
||||||
(list
|
|
||||||
#:install-plan
|
|
||||||
#~(list
|
|
||||||
'("first-boot.sh" "share/mumble-vm/configs/")
|
|
||||||
'("guix-commit.txt" "share/mumble-vm/configs/")
|
|
||||||
'("index.html" "share/mumble-vm/configs/")
|
|
||||||
'("mumble-vm-machine.scm" "share/mumble-vm/configs/")
|
|
||||||
'("mumble-vm-system.scm" "share/mumble-vm/configs/")
|
|
||||||
'("id_ed25519.pub" "share/mumble-vm/configs/")
|
|
||||||
'("Makefile" "share/mumble-vm/configs/")
|
|
||||||
'("signing-key.pub" "share/mumble-vm/configs/")
|
|
||||||
'(#$source
|
|
||||||
"share/mumble-vm/configs/mumble-vm.tar.xz")
|
|
||||||
'("wireguard-post-up.sh" "share/mumble-vm/configs/"))))
|
|
||||||
(synopsis "Full machine configuration.")
|
|
||||||
(description
|
|
||||||
"This contains all the configuration files of this machine. This is
|
|
||||||
needed for unattended upgrades to work.")
|
|
||||||
(home-page "DOMAIN")
|
|
||||||
(license license:gpl3+)))
|
|
||||||
|
|
||||||
(define website
|
(define website
|
||||||
(package
|
(package
|
||||||
(name "website")
|
(name "website")
|
||||||
|
@ -70,8 +40,8 @@ needed for unattended upgrades to work.")
|
||||||
(arguments
|
(arguments
|
||||||
(list
|
(list
|
||||||
#:install-plan
|
#:install-plan
|
||||||
#~(list '("first-boot.sh" "var/www/DOMAIN/")
|
#~(list '("index.html" "var/www/DOMAIN/")
|
||||||
'(#$source "var/www/DOMAIN/mumble-vm.tar.xz"))))
|
'(#$source "var/www/DOMAIN/"))))
|
||||||
(synopsis "The DOMAIN website.")
|
(synopsis "The DOMAIN website.")
|
||||||
(description
|
(description
|
||||||
"The website contains how to use the service, and how to
|
"The website contains how to use the service, and how to
|
||||||
|
@ -168,10 +138,8 @@ the services after that.")
|
||||||
htop
|
htop
|
||||||
iftop
|
iftop
|
||||||
`(,isc-bind "utils")
|
`(,isc-bind "utils")
|
||||||
mumble-vm-config
|
|
||||||
net-tools
|
net-tools
|
||||||
nmon
|
nmon
|
||||||
nss-certs
|
|
||||||
openssh-sans-x
|
openssh-sans-x
|
||||||
website)
|
website)
|
||||||
(if enable-wireguard?
|
(if enable-wireguard?
|
||||||
|
@ -226,13 +194,13 @@ https://DOMAIN/
|
||||||
(addresses (list (network-address
|
(addresses (list (network-address
|
||||||
(device "eth0")
|
(device "eth0")
|
||||||
(value "VM_IPV4_ADDRESS"))
|
(value "VM_IPV4_ADDRESS"))
|
||||||
(network-address
|
(network-address
|
||||||
(device "eth0")
|
(device "eth0")
|
||||||
(value "VM_IPV6_ADDRESS"))))
|
(value "VM_IPV6_ADDRESS"))))
|
||||||
(routes (list (network-route
|
(routes (list (network-route
|
||||||
(destination "default")
|
(destination "default")
|
||||||
(gateway "VM_IPV4_GATEWAY"))
|
(gateway "VM_IPV4_GATEWAY"))
|
||||||
(network-route
|
(network-route
|
||||||
(destination "default")
|
(destination "default")
|
||||||
(gateway "VM_IPV6_GATEWAY"))))
|
(gateway "VM_IPV6_GATEWAY"))))
|
||||||
(name-servers (list "VM_IPV4_DNS" "VM_IPV6_DNS")))))
|
(name-servers (list "VM_IPV4_DNS" "VM_IPV6_DNS")))))
|
||||||
|
@ -270,21 +238,14 @@ https://DOMAIN/
|
||||||
`(("root" , (local-file "id_ed25519.pub"))
|
`(("root" , (local-file "id_ed25519.pub"))
|
||||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||||
;; Unattended Upgrades
|
;; Unattended Upgrades
|
||||||
(service
|
(service unattended-upgrade-service-type))
|
||||||
unattended-upgrade-service-type
|
|
||||||
(unattended-upgrade-configuration
|
|
||||||
(operating-system-file (string-append "/run/current-system/profile"
|
|
||||||
"/share/mumble-vm/configs/"
|
|
||||||
"mumble-vm-system.scm"))
|
|
||||||
(schedule "30 * * * * ")
|
|
||||||
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
|
|
||||||
(if enable-wireguard?
|
(if enable-wireguard?
|
||||||
(list
|
(list
|
||||||
(service wireguard-service-type
|
(service wireguard-service-type
|
||||||
(wireguard-configuration
|
(wireguard-configuration
|
||||||
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
|
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
|
||||||
(dns '("79.143.250.1" "79.143.250.2"
|
(dns '("79.143.250.1" "79.143.250.2"
|
||||||
"2001:678:938::53:1" "2001:678:938::53:2"))
|
"2001:678:938::53:1" "2001:678:938::53:2"))
|
||||||
(port 0)
|
(port 0)
|
||||||
(post-up %wireguard-post-up)
|
(post-up %wireguard-post-up)
|
||||||
(private-key (local-file "id_wireguard"))
|
(private-key (local-file "id_wireguard"))
|
||||||
|
@ -293,10 +254,9 @@ https://DOMAIN/
|
||||||
(wireguard-peer
|
(wireguard-peer
|
||||||
(name "stephanie.franciliens.net")
|
(name "stephanie.franciliens.net")
|
||||||
(endpoint "stephanie.franciliens.net:51820")
|
(endpoint "stephanie.franciliens.net:51820")
|
||||||
(public-key
|
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
||||||
"Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
|
||||||
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
||||||
(list ))
|
(list ))
|
||||||
(modify-services
|
(modify-services
|
||||||
%base-services
|
%base-services
|
||||||
(guix-service-type config => (guix-configuration
|
(guix-service-type config => (guix-configuration
|
|
@ -1,93 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
#
|
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
keymaps="/run/current-system/profile/share/keymaps/i386"
|
|
||||||
|
|
||||||
ask_keymap_type()
|
|
||||||
{
|
|
||||||
index=0
|
|
||||||
keymap_type_list=""
|
|
||||||
for keymap_type in "${keymaps}"/* ; do
|
|
||||||
# shellcheck disable=SC2001 # For ^ or $ regex.
|
|
||||||
keymap_type="$(echo "${keymap_type}" | sed "s#^${keymaps}/##")"
|
|
||||||
if [ "${keymap_type}" = "include" ] ; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
keymap_type_list="${keymap_type_list} ${index} ${keymap_type}"
|
|
||||||
index=$((index + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
IFS=' ' read -r -a keymap_type_list_array <<< "${keymap_type_list}"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
result=$(dialog --stdout \
|
|
||||||
--menu "Keyboard layout type:" \
|
|
||||||
0 0 0 \
|
|
||||||
${keymap_type_list})
|
|
||||||
|
|
||||||
if [ "${result}" = "" ] ; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
result=$((result * 2))
|
|
||||||
result=$((result + 1))
|
|
||||||
|
|
||||||
directory=${keymap_type_list_array[${result}]}
|
|
||||||
echo "${directory}"
|
|
||||||
}
|
|
||||||
|
|
||||||
ask_keymap()
|
|
||||||
{
|
|
||||||
directory="$1"
|
|
||||||
|
|
||||||
index=0
|
|
||||||
keymap_list=""
|
|
||||||
for keymap in "${keymaps}"/"${directory}"/* ; do
|
|
||||||
# shellcheck disable=SC2001 # For ^ or $ regex.
|
|
||||||
mapname=$(echo "${keymap}" | \
|
|
||||||
sed "s#^${keymaps}/${directory}/##" | \
|
|
||||||
sed 's#\.map\.gz$##')
|
|
||||||
keymap_list="${keymap_list} ${index} ${mapname}"
|
|
||||||
index=$((index + 1))
|
|
||||||
done
|
|
||||||
|
|
||||||
IFS=' ' read -r -a keymap_list_array <<< "${keymap_list}"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
result=$(dialog --stdout --menu "Keyboard layout:" 0 0 0 ${keymap_list})
|
|
||||||
if [ "${result}" = "" ] ; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
result=$((result * 2))
|
|
||||||
result=$((result + 1))
|
|
||||||
|
|
||||||
keymap_name=${keymap_list_array[${result}]}
|
|
||||||
|
|
||||||
echo "${keymaps}/${directory}/${keymap_name}.map.gz"
|
|
||||||
}
|
|
||||||
|
|
||||||
directory="$(ask_keymap_type)"
|
|
||||||
if [ -z "${directory}" ] ; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
keymap_path="$(ask_keymap "${directory}")"
|
|
||||||
if [ -z "${keymap_path}" ] ; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
loadkeys "${keymap_path}"
|
|
|
@ -1,20 +0,0 @@
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# Files produced by the build system.
|
|
||||||
/autom4te.cache/**
|
|
||||||
/gnupg/**
|
|
||||||
/grub/**
|
|
||||||
/grub.iso
|
|
||||||
/Makefile
|
|
||||||
/preseed.cfg
|
|
||||||
/preseed.img
|
|
||||||
/rootfs.img
|
|
||||||
/rootfs.img.tmp
|
|
|
@ -1,30 +0,0 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQINBGNQMswBEACpaLnL36fWyve4zXHKrN7AjXl+g5cafQyei4j1saTLfQatdJed
|
|
||||||
ubvcscZ3yERB+R0+8xuH2UqvR0E57ohZZaTiwcUWJ3VemxCZhwKy+Xvt1ZUNxBrh
|
|
||||||
2qAJBcP0+UCskSfWb+QQ1twNIeQ8Raj+kRPGphlNmjYxF2CFOsw9c56Lz+jNyty9
|
|
||||||
RC3Bg4l+Kcdhw23w5XBUXpHOyL6lsG317PWgEHUIQzNhXZfHL9GzwtTVQV8tVPyu
|
|
||||||
MOQIa7KDFXUEEnRN31mVLzfNHqKtTgFfP2LnSiD3LsBYsqJUtAnFGyORHgKhddRg
|
|
||||||
AKLrn1h0dEzkN+XsMaAWPrJg87ks7qXhhNz3SEI+t7dL4ozfUryRY9/8t/rXuQK+
|
|
||||||
ffRO/63i8SaHdu1Sl8MgHsNZRFOlbYGPw73TpdJ3JvfmfPNrRcTzsU1arMML8GWs
|
|
||||||
q6/QYDTWVYBYXy0kEqJQmeb3yJRvnIdVfiAdu9fyDPY8FCTUTcsxKe88u2bgrIaY
|
|
||||||
pNdoNFXojIC9JvMUM5QakMeog+ocTrZFOyhRMKfq5KEV/IDvsx6BfQzpjvK27LgX
|
|
||||||
LcdlP9HUVb9ZkKUgMGV1trqSA7kKrkDtfw+BInReTeSEnr4jsAwwiG62kDmmA4mo
|
|
||||||
dFq1MsWTAJTvpeeK+86gYliZukt6076zPrszmDJIyJWwHCLFn1jVkn1tlQARAQAB
|
|
||||||
tFpUcmlzcXVlbCBHTlUvTGludXggQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBL
|
|
||||||
ZXkgKDExL2FyYW1vKSA8dHJpc3F1ZWwtZGV2ZWxAdHJpc3F1ZWwuaW5mbz6JAk4E
|
|
||||||
EwEKADgCGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQTSTdrJIm1bpenzvtP1
|
|
||||||
2qr3StTJOAUCY1AzAgAKCRD12qr3StTJOIxbD/44B7Kv+26TBW6BIiUlp1iDsvoX
|
|
||||||
yHk9yau41g6HjJR53KrFID4uszN9B+Cl+R0PjywfgC9OSSTKOjJq4/yQE00JpuF+
|
|
||||||
HtWieshZJs8QFKLD+mZQfRVCQweqj9HZS8AFH02LYkdsXiv4LZLaNljcHEPC3Y34
|
|
||||||
61xcg3viATgHL1ZJIPGT/vk425jQkEv9wjCjIvKsMhoE9EcqDBft9jKBC6H8LQwZ
|
|
||||||
iIYYNf28WRIW/EbutPe+0B3YOuw3PT/o/x40ySLWIJARODxBCqJ0wEC4PI7lUiLg
|
|
||||||
DGV0cUUykZz7BXKaIZIj+3wViR5zDGqIWx5TwdW2MJpDi9ove8N/3HaAc6BwQQXH
|
|
||||||
acZohOBqf/BjTKXQufVzx1sMBxB+a5zp284uICX54y/mm9tPHWcOOtl+NYj5qk4A
|
|
||||||
qn+vh433kNW622qJ8tt72kbcfaRekBnCj/A10U46TyWgZgMc7XxCc5r8slJWlhYZ
|
|
||||||
bRgbWWvkyH1s0mzbkAyNwrNa0vafcxOxO9psc7LG4mLPBqLoKKPmYY5Vgu8fdlbb
|
|
||||||
OLLFVvNhuTSX2ugkPfAp/XeWucQPJv3een1C1AWNcufhKYm1DZkYTGBeT8cbsw3T
|
|
||||||
0JnpRad+Sm2VhLcQ8PHKHUUeklVqUMjyCHo32sydo+I1MjC3QWycolljno2un9HU
|
|
||||||
TNAXG/1k2DzsqFPFjw==
|
|
||||||
=LJyh
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
@ -1,85 +0,0 @@
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# This file is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
dist_pkgdata_DATA = rootfs.img
|
|
||||||
|
|
||||||
EXTRA_QEMU_ARGS =
|
|
||||||
if WANT_KVM
|
|
||||||
EXTRA_QEMU_ARGS += -enable-kvm -cpu host
|
|
||||||
endif # WANT_KVM
|
|
||||||
|
|
||||||
gnupg/pubring.kbx: ${srcdir}/D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938.asc
|
|
||||||
install -d gnupg
|
|
||||||
gpg \
|
|
||||||
--home=gnupg \
|
|
||||||
--import \
|
|
||||||
${srcdir}/D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938.asc || \
|
|
||||||
rm -rf gnupg
|
|
||||||
|
|
||||||
.PHONY: check-trisquel-installation-image
|
|
||||||
check-trisquel-installation-image: $(TRISQUEL_NETINSTALL) gnupg/pubring.kbx
|
|
||||||
gpg --home=gnupg \
|
|
||||||
--verify trisquel-netinst_11.0.1_amd64.iso.asc \
|
|
||||||
$(TRISQUEL_NETINSTALL)
|
|
||||||
|
|
||||||
grub/boot/linux: Makefile check-trisquel-installation-image
|
|
||||||
install -D -d grub/boot
|
|
||||||
xorriso -osirrox on \
|
|
||||||
-indev $(TRISQUEL_NETINSTALL) \
|
|
||||||
-extract /linux $@
|
|
||||||
chmod 770 $@
|
|
||||||
|
|
||||||
grub/boot/initrd.gz: Makefile check-trisquel-installation-image
|
|
||||||
install -D -d grub/boot
|
|
||||||
xorriso -osirrox on \
|
|
||||||
-indev $(TRISQUEL_NETINSTALL) \
|
|
||||||
-extract /initrd.gz $@
|
|
||||||
chmod 770 $@
|
|
||||||
|
|
||||||
grub/boot/grub/grub.cfg: Makefile grub.cfg
|
|
||||||
install -D -m 660 grub.cfg $@
|
|
||||||
|
|
||||||
# It is way more simple to just extract the kernel and initramfs and
|
|
||||||
# write some grub.cfg by hand than to somehow modify an existing
|
|
||||||
# installer iso.
|
|
||||||
grub.iso: Makefile grub/boot/linux grub/boot/initrd.gz grub/boot/grub/grub.cfg
|
|
||||||
grub-mkrescue -o $@ grub
|
|
||||||
|
|
||||||
preseed.cfg: preseed.cfg.tmpl
|
|
||||||
sed 's#\@MIRROR_HTTP_PROXY\@#$(MIRROR_HTTP_PROXY)#g' \
|
|
||||||
preseed.cfg.tmpl > $@
|
|
||||||
|
|
||||||
preseed.img: Makefile preseed.cfg
|
|
||||||
dd if=/dev/zero of=$@.tmp count=2048
|
|
||||||
mkfs.vfat --mbr=y -n MEDIA $@.tmp
|
|
||||||
mcopy -i $@.tmp preseed.cfg ::/preseed.cfg
|
|
||||||
mv $@.tmp $@
|
|
||||||
|
|
||||||
rootfs.img.tmp: Makefile
|
|
||||||
qemu-img create -f qcow2 $@ $(TRISQUEL_ROOTFS_SIZE)
|
|
||||||
|
|
||||||
# The 790M were found by trial and error. At 789M the netinstall
|
|
||||||
# complains about "low memory".
|
|
||||||
rootfs.img: preseed.img rootfs.img.tmp grub.iso
|
|
||||||
install -m 644 rootfs.img.tmp rootfs.img || rm -f rootfs.img
|
|
||||||
|
|
||||||
qemu-system-x86_64 \
|
|
||||||
-M q35 \
|
|
||||||
-m 807M \
|
|
||||||
-nographic \
|
|
||||||
-drive file=grub.iso,index=2,media=cdrom,if=ide \
|
|
||||||
-drive file=rootfs.img,index=1,media=disk,if=virtio \
|
|
||||||
-drive file=preseed.img,index=0,media=disk,if=none,format=raw,id=usb \
|
|
||||||
-usb -device usb-ehci,id=ehci -device usb-storage,bus=ehci.0,drive=usb \
|
|
||||||
$(EXTRA_QEMU_ARGS) || \
|
|
||||||
\
|
|
||||||
rm -f rootfs.img
|
|
|
@ -1,42 +0,0 @@
|
||||||
Deployment and limitations.
|
|
||||||
===========================
|
|
||||||
|
|
||||||
Creating an image is similar to the build of other software as you use
|
|
||||||
similar commands:
|
|
||||||
$ git clone https://forge.a-lec.org/cominfra/experimental-vms
|
|
||||||
$ cd experimental-vms/trisquel-automatic-netinstall-qemu
|
|
||||||
$ ./autogen.sh
|
|
||||||
$ ./configure --prefix=/ \
|
|
||||||
--with-trisquel-netinstall=~/Downloads/trisquel-netinst_11.0.1_amd64.iso
|
|
||||||
$ make
|
|
||||||
|
|
||||||
Since your account on a physical machines from Libre en communs might
|
|
||||||
lack permissions for accessing /dev/kvm, you might need to pass
|
|
||||||
'--disable-kvm' to ./configure, and since these machines also lack
|
|
||||||
many tools, you will need to workaround by using the provided
|
|
||||||
./libre-en-communs-guix-shell.sh script. For instance the following
|
|
||||||
should work:
|
|
||||||
$ git clone https://forge.a-lec.org/cominfra/experimental-vms
|
|
||||||
$ cd experimental-vms/trisquel-automatic-netinstall-qemu
|
|
||||||
$ wget https://cdimage.trisquel.info/trisquel-images/trisquel-netinst_11.0.1_amd64.iso
|
|
||||||
$ ./libre-en-communs-guix-shell.sh ./autogen.sh
|
|
||||||
$ ./libre-en-communs-guix-shell.sh ./configure --prefix=/ --disable-kvm
|
|
||||||
$ ./libre-en-communs-guix-shell.sh make
|
|
||||||
|
|
||||||
The image should then be in rootfs.img.
|
|
||||||
|
|
||||||
License
|
|
||||||
=======
|
|
||||||
|
|
||||||
This project is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or (at
|
|
||||||
your option) any later version.
|
|
||||||
|
|
||||||
This project is distributed in the hope that they will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
|
@ -1,151 +0,0 @@
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
AC_PREREQ([2.69])
|
|
||||||
AC_INIT([trisquel-automatic-netinstall-qemu], [0.1],
|
|
||||||
[GNUtoo@cyberdimension.org])
|
|
||||||
AC_CONFIG_SRCDIR([configure.ac])
|
|
||||||
AC_PROG_AWK
|
|
||||||
AC_PROG_MKDIR_P
|
|
||||||
AM_INIT_AUTOMAKE([foreign])
|
|
||||||
|
|
||||||
AC_SUBST([ENABLE_KVM], [])
|
|
||||||
AC_SUBST([MIRROR_HTTP_PROXY], [])
|
|
||||||
AC_SUBST([TRISQUEL_ROOTFS_SIZE], [])
|
|
||||||
AC_SUBST([TRISQUEL_NETINSTALL], [])
|
|
||||||
|
|
||||||
AC_ARG_ENABLE(kvm,
|
|
||||||
[AS_HELP_STRING([--disable-kvm],
|
|
||||||
[Use Kvm to obtain a public IP address (default=enabled)])],
|
|
||||||
[kvm="$enableval"],
|
|
||||||
[kvm="yes"])
|
|
||||||
|
|
||||||
AM_CONDITIONAL( [WANT_KVM], [test x"$kvm" = x"yes"])
|
|
||||||
|
|
||||||
AC_ARG_WITH(
|
|
||||||
[mirror-http-proxy],
|
|
||||||
[AS_HELP_STRING(
|
|
||||||
[--with-mirror-http-proxy=URL],
|
|
||||||
[URL to the mirror HTTP proxy (default: not set (no mirror)).
|
|
||||||
The proxy configuration is then used during both the netinstall
|
|
||||||
installation and after as well (it's added to /etc/apt/apt.conf).
|
|
||||||
The chosen URL should be reachable from QEMU. As an example, if
|
|
||||||
you use the apt-cacher-ng default configuration and make it
|
|
||||||
listen on localhost, you should use http://10.0.2.2:3142 because
|
|
||||||
localhost becomes 10.0.2.2 with the current QEMU configuration
|
|
||||||
and because the port 3142 is the default port for apt-cacher-ng.])],
|
|
||||||
[MIRROR_HTTP_PROXY=$withval],
|
|
||||||
[MIRROR_HTTP_PROXY=])
|
|
||||||
|
|
||||||
AC_ARG_WITH(
|
|
||||||
[--with-trisquel-target-rootfs-size],
|
|
||||||
[AS_HELP_STRING(
|
|
||||||
[--trisquel-target-rootfs-size=SIZE],
|
|
||||||
[Size of the target image (default=3.5G). The size will be passed
|
|
||||||
as-is to the 'qemu-img create' command. See 'man 1 qemu-img' for
|
|
||||||
more details.])],
|
|
||||||
[TRISQUEL_ROOTFS_SIZE=$withval],
|
|
||||||
[TRISQUEL_ROOTFS_SIZE=3.5G]) dnl 3.4G: Fail, 3.5G: OK
|
|
||||||
|
|
||||||
AC_ARG_WITH(
|
|
||||||
[trisquel-netinstall],
|
|
||||||
[AS_HELP_STRING(
|
|
||||||
[--with-trisquel-netinstall=PATH],
|
|
||||||
[Path to trisquel netinstall image
|
|
||||||
(default=trisquel-netinst_11.0.1_amd64.iso). Note that at the moment
|
|
||||||
only trisquel-netinst_11.0.1_amd64.iso is supported. If you use
|
|
||||||
another image the signature verification will fail.])],
|
|
||||||
[TRISQUEL_NETINSTALL=$withval],
|
|
||||||
[TRISQUEL_NETINSTALL=trisquel-netinst_11.0.1_amd64.iso])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([CHMOD], [chmod], [chmod])
|
|
||||||
AS_IF([test x"$CHMOD" = x""],
|
|
||||||
[AC_MSG_ERROR([chmod was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([GPG], [gpg], [gpg])
|
|
||||||
AS_IF([test x"$GPG" = x""],
|
|
||||||
[AC_MSG_ERROR([gpg was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([INSTALL], [install], [install])
|
|
||||||
AS_IF([test x"$INSTALL" = x""],
|
|
||||||
[AC_MSG_ERROR([install was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([RM], [rm], [rm])
|
|
||||||
AS_IF([test x"$RM" = x""],
|
|
||||||
[AC_MSG_ERROR([rm was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([XORRISO], [xorriso], [xorriso])
|
|
||||||
AS_IF([test x"$XORRISO" = x""],
|
|
||||||
[AC_MSG_ERROR([xorriso was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([GRUB_MKRESCUE], [grub-mkrescue], [grub-mkrescue])
|
|
||||||
AS_IF([test x"$GRUB_MKRESCUE" = x""],
|
|
||||||
[AC_MSG_ERROR([grub-mkrescue was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([DD], [dd], [dd])
|
|
||||||
AS_IF([test x"$DD" = x""],
|
|
||||||
[AC_MSG_ERROR([dd was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([MKFS_VFAT], [mkfs.vfat], [mkfs.vfat])
|
|
||||||
AS_IF([test x"$MKFS_VFAT" = x""],
|
|
||||||
[AC_MSG_ERROR([mkfs.vfat was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([MCOPY], [mcopy], [mcopy])
|
|
||||||
AS_IF([test x"$MCOPY" = x""],
|
|
||||||
[AC_MSG_ERROR([mcopy was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([MV], [mv], [mv])
|
|
||||||
AS_IF([test x"$MV" = x""],
|
|
||||||
[AC_MSG_ERROR([mv was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([QEMU_IMG], [qemu-img], [qemu-img])
|
|
||||||
AS_IF([test x"$QEMU_IMG" = x""],
|
|
||||||
[AC_MSG_ERROR([qemu-img was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
AC_CHECK_PROG([QEMU_SYSTEM_X86_64], [qemu-system-x86_64], [qemu-system-x86_64])
|
|
||||||
AS_IF([test x"$QEMU_SYSTEM_X86_64" = x""],
|
|
||||||
[AC_MSG_ERROR([qemu-system-x86_64 was not found in PATH ($PATH)])])
|
|
||||||
|
|
||||||
# Check for the netinstall iso file
|
|
||||||
AS_IF([test x"`echo "$TRISQUEL_NETINSTALL" | cut -c1`" = x"~"],
|
|
||||||
[AC_MSG_ERROR([~ not supported in --with-trisquel-netinstall.
|
|
||||||
Use paths without '~'.])])
|
|
||||||
|
|
||||||
AC_CHECK_FILE([$TRISQUEL_NETINSTALL],
|
|
||||||
[],
|
|
||||||
[AC_MSG_ERROR([trisquel-netinst_11.0.1_amd64.iso was not found in
|
|
||||||
$TRISQUEL_NETINSTALL])])
|
|
||||||
|
|
||||||
AS_IF([test x"$kvm" = x"yes"],
|
|
||||||
[AS_IF([test -c /dev/kvm], [], AC_MSG_ERROR([/dev/kvm not found.]))
|
|
||||||
AS_IF([echo quit | qemu-system-x86_64 -display none -vga none -enable-kvm -monitor stdio],
|
|
||||||
[],
|
|
||||||
[AC_MSG_ERROR([KVM test with qemu-system-x86_64 failed.
|
|
||||||
Check permissions on /dev/kvm.])])])
|
|
||||||
|
|
||||||
AC_CONFIG_FILES([Makefile])
|
|
||||||
AC_OUTPUT
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "Configuration options:"
|
|
||||||
echo "======================"
|
|
||||||
AS_IF([test x"$kvm" = x"yes"],
|
|
||||||
[echo "- Kvm: enabled"],
|
|
||||||
[echo "- Kvm: disabled"])
|
|
||||||
echo "- Trisquel netinstall path: $TRISQUEL_NETINSTALL"
|
|
||||||
echo "- Trisquel target rootfs size: $TRISQUEL_ROOTFS_SIZE"
|
|
||||||
AS_IF([test x"$MIRROR_HTTP_PROXY" = x""],
|
|
||||||
[echo "- Trisquel mirror http proxy: disabled"],
|
|
||||||
[echo "- Trisquel mirror http proxy: $MIRROR_HTTP_PROXY"])
|
|
|
@ -1,18 +0,0 @@
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# This file is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
set timeout=1
|
|
||||||
|
|
||||||
menuentry "Trisquel 11 netinstall with custom preseed" {
|
|
||||||
linux /boot/linux auto=true priority=critical preseed/file=/media/preseed.cfg --- console=ttyS0,115200 quiet
|
|
||||||
initrd /boot/initrd.gz
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# This file is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# Libre en communs physical machines have Trisquel and just installed
|
|
||||||
# Guix through the package manager. So we end up with Guix 1.3.0 which
|
|
||||||
# doesn't have guix shell. Once Guix is upgraded with 'guix pull', we
|
|
||||||
# still don't have 'guix shell' without exporting the variables below.
|
|
||||||
GUIX_PROFILE="${HOME}/.config/guix/current"
|
|
||||||
. "$GUIX_PROFILE/etc/profile"
|
|
||||||
|
|
||||||
# The Libre en communs physical machines lack many packages, so when
|
|
||||||
# this is the case we can simply use Guix to get these packages, but
|
|
||||||
# at the same time resources are also very constrained (because the
|
|
||||||
# hosts typically run many virtual machines), so if some host packages
|
|
||||||
# are available, we prefer to use that as this uses way less space.
|
|
||||||
guix_packages=" \
|
|
||||||
autoconf \
|
|
||||||
automake \
|
|
||||||
make \
|
|
||||||
mtools \
|
|
||||||
xorriso \
|
|
||||||
"
|
|
||||||
guix shell ${guix_packages} -- $@
|
|
|
@ -1,63 +0,0 @@
|
||||||
#_preseed_V1
|
|
||||||
|
|
||||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# This file is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
|
|
||||||
# Accounts
|
|
||||||
d-i passwd/root-login boolean false
|
|
||||||
d-i passwd/username string admin666
|
|
||||||
d-i passwd/user-fullname string admin666
|
|
||||||
d-i passwd/user-password password password
|
|
||||||
d-i passwd/user-password-again password password
|
|
||||||
|
|
||||||
# Keyboard layout
|
|
||||||
d-i keyboard-configuration/xkb-keymap select us
|
|
||||||
|
|
||||||
# Locales
|
|
||||||
d-i debian-installer/locale string en_US
|
|
||||||
|
|
||||||
# Network
|
|
||||||
d-i netcfg/choose_interface select auto
|
|
||||||
d-i netcfg/get_domain string test
|
|
||||||
d-i netcfg/get_hostname string test
|
|
||||||
|
|
||||||
# Package management
|
|
||||||
d-i mirror/country string manual
|
|
||||||
d-i mirror/http/directory string /trisquel
|
|
||||||
d-i mirror/http/hostname string mirror.fsf.org
|
|
||||||
d-i mirror/http/proxy string @MIRROR_HTTP_PROXY@
|
|
||||||
popularity-contest popularity-contest/participate boolean false
|
|
||||||
|
|
||||||
# Partitioning
|
|
||||||
d-i grub-installer/bootdev string /dev/vda
|
|
||||||
d-i partman-auto-lvm/guided_size string max
|
|
||||||
d-i partman-auto/choose_recipe select atomic
|
|
||||||
d-i partman-auto/disk string /dev/vda
|
|
||||||
d-i partman-auto/method string regular
|
|
||||||
d-i partman-md/confirm boolean true
|
|
||||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
|
||||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
|
||||||
d-i partman/choose_partition select finish
|
|
||||||
d-i partman/choose_partition select finish
|
|
||||||
d-i partman/confirm boolean true
|
|
||||||
d-i partman/confirm boolean true
|
|
||||||
d-i partman/confirm_nooverwrite boolean true
|
|
||||||
d-i partman/confirm_nooverwrite boolean true
|
|
||||||
|
|
||||||
# Timezone
|
|
||||||
d-i clock-setup/ntp boolean true
|
|
||||||
d-i clock-setup/utc boolean true
|
|
||||||
d-i time/zone string Europe/Paris
|
|
||||||
|
|
||||||
# Shutdown at the end
|
|
||||||
d-i finish-install/reboot_in_progress note
|
|
||||||
d-i debian-installer/exit/poweroff boolean true
|
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEE0k3aySJtW6Xp877T9dqq90rUyTgFAmZZOJ0ACgkQ9dqq90rU
|
|
||||||
yTiNqA/8DrgLZAPDKksGsHeFs73nIdHdeN0BWUrsRGjYnI64XunMCLjPOcA2BbqJ
|
|
||||||
4rfgseuP+2t8AvWn+erIqJMQD67pYL0j5J5cP9I2DvaIvssr3uxaKSuf+U4JMuGt
|
|
||||||
Izsw21BUAn8Yg1NnFish7ByYLmCWTbui3LYUKdjhCOjee0qj0aWOjBnaIW8Uvb6Z
|
|
||||||
KvIDjItMxakCLfw2/DXg7wDPt/BXRZNpYW4P8my1IK12pguaDtg1SFQf5sbtjelH
|
|
||||||
AEK4LOR5GiSh81ve75i4G/KtcqTf4PzNGJfBwvXPJ3ZclR8+FENp8YdG93AagRJS
|
|
||||||
c/tQwzy2vMV1VGMqI63EFzl/DiepOdX6aCf2rhQZpgc37Q+pbfSCtOZXcch0feYD
|
|
||||||
F8pCH4FLU3SOy9vERahBrTmfIWCTQMe6G8G8zQA4rjT7JOAH+PywFik89whzwmgE
|
|
||||||
kgM62EWyRL0VkkeYY2aYCq+WJLs8V4sNyaPqNFmQF/7MhYp/sMuxSwqs8pcAd7TG
|
|
||||||
NhBWolB/YWZPI+TqToLd/K8qQkimBI9cw7uGpc2NBovKVqS/GQlCW59L7d4xMaK1
|
|
||||||
lJhKLqDs3cZVtQrqrT0UEpbIzHY+3yZo5UondgjzVWrHHHPKRMtFIeua8A8yKTI/
|
|
||||||
Lc+G7IFIcyhdK9F0KrQFijsDRZ83WYjGJPhfArIOgT6QNgZgDBk=
|
|
||||||
=Q9Eh
|
|
||||||
-----END PGP SIGNATURE-----
|
|
|
@ -1,3 +0,0 @@
|
||||||
/config.tar
|
|
||||||
/config.tar.xz
|
|
||||||
/config.tar.xz.b64
|
|
|
@ -1,48 +0,0 @@
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
.PHONY: install
|
|
||||||
|
|
||||||
all: config.tar.xz.b64
|
|
||||||
|
|
||||||
TARBALL_SOURCE = \
|
|
||||||
config/class/50-host-classes \
|
|
||||||
config/files/etc/cron.d/fai/FAIBASE \
|
|
||||||
config/files/etc/fai/fai.conf/FAIBASE \
|
|
||||||
config/files/etc/hostname/FAIBASE \
|
|
||||||
config/files/etc/hosts/FAIBASE \
|
|
||||||
config/files/etc/network/interfaces.d/enp1s0.conf \
|
|
||||||
config/files/etc/network/interfaces.d/lo.conf \
|
|
||||||
config/files/etc/resolv.conf \
|
|
||||||
config/files/etc/ssh/sshd_config \
|
|
||||||
config/files/usr/local/bin/guix-install.sh/FAIBASE \
|
|
||||||
config/package_config/FAIBASE \
|
|
||||||
config/scripts/FAIBASE/01-files \
|
|
||||||
Makefile
|
|
||||||
|
|
||||||
config.tar: $(TARBALL_SOURCE)
|
|
||||||
tar -cf $@ $(TARBALL_SOURCE)
|
|
||||||
|
|
||||||
config.tar.xz: config.tar
|
|
||||||
xz -f -9e --verbose $<
|
|
||||||
|
|
||||||
config.tar.xz.b64: config.tar.xz
|
|
||||||
base64 $< > $@
|
|
||||||
|
|
||||||
install:
|
|
||||||
apt install fai-client
|
|
||||||
install -m644 config/files/etc/fai/fai.conf/FAIBASE /etc/fai/fai.conf
|
|
||||||
@# For some reasons fai returns 2 but the install works fine.
|
|
||||||
/usr/sbin/fai -vNu $$HOSTNAME softupdate || true
|
|
|
@ -1,38 +0,0 @@
|
||||||
What does it do
|
|
||||||
===============
|
|
||||||
|
|
||||||
Long time ago, the Libre en communs host didn't have Guix installed in
|
|
||||||
its physical machines. Because of that I tried to find a way to
|
|
||||||
cleanly bootstrap a Guix VM reproducibily from code, directly on the
|
|
||||||
machines.
|
|
||||||
|
|
||||||
Nowadays Guix is installed on the physical machines so we don't need
|
|
||||||
an intermediate VM anymore.
|
|
||||||
|
|
||||||
But it is kept to show how to use FAI in a very simple way for a
|
|
||||||
single machine.
|
|
||||||
|
|
||||||
How to deploy
|
|
||||||
=============
|
|
||||||
|
|
||||||
This was meant to customize an existing VM. So once Libre en commun
|
|
||||||
provided you with a VM, you can apply the customization within the VM
|
|
||||||
with the following commands:
|
|
||||||
$ git clone https://forge.a-lec.org/GNUtoo/experimental-vms
|
|
||||||
$ cd experimental-vms/trisquel-install-guix-fai
|
|
||||||
$ sudo make install
|
|
||||||
|
|
||||||
License
|
|
||||||
=======
|
|
||||||
This project is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This project is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
|
@ -1,23 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
case $HOSTNAME in
|
|
||||||
*)
|
|
||||||
echo "FAIBASE" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
40 * * * * root /usr/sbin/fai -vNu $HOSTNAME softupdate
|
|
|
@ -1,17 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
FAI_CONFIG_SRC=file:///root/config
|
|
|
@ -1 +0,0 @@
|
||||||
trisquel-guix-installer.experimental.a-lec.org
|
|
|
@ -1,7 +0,0 @@
|
||||||
127.0.0.1 localhost
|
|
||||||
127.0.1.1 trisquel-guix-installer.experimental.a-lec.org
|
|
||||||
|
|
||||||
# The following lines are desirable for IPv6 capable hosts
|
|
||||||
::1 localhost ip6-localhost ip6-loopback
|
|
||||||
ff02::1 ip6-allnodes
|
|
||||||
ff02::2 ip6-allrouters
|
|
|
@ -1,24 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
auto enp1s0
|
|
||||||
iface enp1s0 inet static
|
|
||||||
address 192.168.1.119/16
|
|
||||||
gateway 192.168.0.1
|
|
||||||
|
|
||||||
iface enp1s0 inet static
|
|
||||||
address 2001:910:1021::119/64
|
|
||||||
gateway 2001:910:1021::1
|
|
|
@ -1,19 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# The loopback network interface
|
|
||||||
auto lo
|
|
||||||
iface lo inet loopback
|
|
|
@ -1,18 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
nameserver 2001:910:1021::1
|
|
||||||
nameserver 127.0.0.53
|
|
|
@ -1,23 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
KbdInteractiveAuthentication no
|
|
||||||
PasswordAuthentication no
|
|
||||||
PermitEmptyPasswords no
|
|
||||||
Port 222
|
|
||||||
PrintMotd no
|
|
||||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
||||||
UsePAM no
|
|
|
@ -1,676 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# GNU Guix --- Functional package management for GNU
|
|
||||||
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
|
|
||||||
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
|
||||||
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
|
|
||||||
# Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
|
|
||||||
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
|
|
||||||
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
|
|
||||||
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
|
|
||||||
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
|
|
||||||
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
|
|
||||||
# Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
||||||
# Copyright © 2022 Prafulla Giri <prafulla.giri@protonmail.com>
|
|
||||||
#
|
|
||||||
# This file is part of GNU Guix.
|
|
||||||
#
|
|
||||||
# GNU Guix is free software; you can redistribute it and/or modify it
|
|
||||||
# under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation; either version 3 of the License, or (at
|
|
||||||
# your option) any later version.
|
|
||||||
#
|
|
||||||
# GNU Guix is distributed in the hope that it will be useful, but
|
|
||||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# We require Bash but for portability we'd rather not use /bin/bash or
|
|
||||||
# /usr/bin/env in the shebang, hence this hack.
|
|
||||||
if [ "x$BASH_VERSION" = "x" ]
|
|
||||||
then
|
|
||||||
exec bash "$0" "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
set -eo pipefail
|
|
||||||
|
|
||||||
[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
|
|
||||||
|
|
||||||
REQUIRE=(
|
|
||||||
"dirname"
|
|
||||||
"readlink"
|
|
||||||
"wget"
|
|
||||||
"gpg"
|
|
||||||
"grep"
|
|
||||||
"which"
|
|
||||||
"sed"
|
|
||||||
"sort"
|
|
||||||
"getent"
|
|
||||||
"mktemp"
|
|
||||||
"rm"
|
|
||||||
"chmod"
|
|
||||||
"uname"
|
|
||||||
"groupadd"
|
|
||||||
"tail"
|
|
||||||
"tr"
|
|
||||||
"xz"
|
|
||||||
)
|
|
||||||
|
|
||||||
PAS=$'[ \033[32;1mPASS\033[0m ] '
|
|
||||||
ERR=$'[ \033[31;1mFAIL\033[0m ] '
|
|
||||||
WAR=$'[ \033[33;1mWARN\033[0m ] '
|
|
||||||
INF="[ INFO ] "
|
|
||||||
|
|
||||||
DEBUG=0
|
|
||||||
GNU_URL="https://ftp.gnu.org/gnu/guix/"
|
|
||||||
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
|
|
||||||
|
|
||||||
# The following associative array holds set of GPG keys used to sign the
|
|
||||||
# releases, keyed by their corresponding Savannah user ID.
|
|
||||||
declare -A GPG_SIGNING_KEYS
|
|
||||||
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
|
|
||||||
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
#+UTILITIES
|
|
||||||
|
|
||||||
_err()
|
|
||||||
{ # All errors go to stderr.
|
|
||||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
_msg()
|
|
||||||
{ # Default message to stdout.
|
|
||||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
_debug()
|
|
||||||
{
|
|
||||||
if [ "${DEBUG}" = '1' ]; then
|
|
||||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
die()
|
|
||||||
{
|
|
||||||
_err "${ERR}$*"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Return true if user answered yes, false otherwise. The prompt is
|
|
||||||
# yes-biased, that is, when the user simply enter newline, it is equivalent to
|
|
||||||
# answering "yes".
|
|
||||||
# $1: The prompt question.
|
|
||||||
prompt_yes_no() {
|
|
||||||
local -l yn
|
|
||||||
read -rp "$1 [Y/n]" yn
|
|
||||||
[[ ! $yn || $yn = y || $yn = yes ]] || return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_require()
|
|
||||||
{ # Check that every required command is available.
|
|
||||||
declare -a warn
|
|
||||||
local c
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
for c in "$@"; do
|
|
||||||
command -v "$c" &>/dev/null || warn+=("$c")
|
|
||||||
done
|
|
||||||
|
|
||||||
[ "${#warn}" -ne 0 ] &&
|
|
||||||
{ _err "${ERR}Missing commands: ${warn[*]}.";
|
|
||||||
return 1; }
|
|
||||||
|
|
||||||
_msg "${PAS}verification of required commands completed"
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_gpg_keyring()
|
|
||||||
{ # Check whether the Guix release signing public key is present.
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
local user_id
|
|
||||||
local gpg_key_id
|
|
||||||
local exit_flag
|
|
||||||
|
|
||||||
for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
|
|
||||||
gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
|
|
||||||
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
|
||||||
# systems where gpg has never been used, causing errors and confusion.
|
|
||||||
if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if prompt_yes_no "${INF}The following OpenPGP public key is \
|
|
||||||
required to verify the Guix binary signature: $gpg_key_id.
|
|
||||||
Would you like me to fetch it for you?"; then
|
|
||||||
# Use a reasonable time-out here so users don't report silent
|
|
||||||
# ‘freezes’ when Savannah goes out to lunch, as has happened.
|
|
||||||
if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
|
|
||||||
--timeout=30 --no-verbose -O- | gpg --import -; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# If we reach this point, the key is (still) missing. Report further
|
|
||||||
# missing keys, if any, but then abort the installation.
|
|
||||||
_err "${ERR}Missing OpenPGP public key ($gpg_key_id).
|
|
||||||
Fetch it with this command:
|
|
||||||
|
|
||||||
wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \
|
|
||||||
sudo -i gpg --import -"
|
|
||||||
exit_flag=yes
|
|
||||||
done
|
|
||||||
if [ "$exit_flag" = yes ]; then
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_term()
|
|
||||||
{ # Check for ANSI terminal for color printing.
|
|
||||||
if [ -t 2 ]; then
|
|
||||||
if [ "${TERM+set}" = 'set' ]; then
|
|
||||||
case "$TERM" in
|
|
||||||
xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
ERR="[ FAIL ] "
|
|
||||||
PAS="[ PASS ] "
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_init_sys()
|
|
||||||
{ # Return init system type name.
|
|
||||||
if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
|
|
||||||
_msg "${INF}init system is: upstart"
|
|
||||||
INIT_SYS="upstart"
|
|
||||||
return 0
|
|
||||||
elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
|
|
||||||
_msg "${INF}init system is: systemd"
|
|
||||||
INIT_SYS="systemd"
|
|
||||||
return 0
|
|
||||||
elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
|
|
||||||
_msg "${INF}init system is: sysv-init"
|
|
||||||
INIT_SYS="sysv-init"
|
|
||||||
return 0
|
|
||||||
elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
|
|
||||||
_msg "${INF}init system is: OpenRC"
|
|
||||||
INIT_SYS="openrc"
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
INIT_SYS="NA"
|
|
||||||
_err "${ERR}Init system could not be detected."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_sys_arch()
|
|
||||||
{ # Check for operating system and architecture type.
|
|
||||||
local os
|
|
||||||
local arch
|
|
||||||
|
|
||||||
os="$(uname -s)"
|
|
||||||
arch="$(uname -m)"
|
|
||||||
|
|
||||||
case "$arch" in
|
|
||||||
i386 | i486 | i686 | i786 | x86)
|
|
||||||
local arch=i686
|
|
||||||
;;
|
|
||||||
x86_64 | x86-64 | x64 | amd64)
|
|
||||||
local arch=x86_64
|
|
||||||
;;
|
|
||||||
aarch64)
|
|
||||||
local arch=aarch64
|
|
||||||
;;
|
|
||||||
armv7l)
|
|
||||||
local arch=armhf
|
|
||||||
;;
|
|
||||||
ppc64le | powerpc64le)
|
|
||||||
local arch=powerpc64le
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
die "Unsupported CPU type: ${arch}"
|
|
||||||
esac
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
Linux | linux)
|
|
||||||
local os=linux
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
die "Your operation system (${os}) is not supported."
|
|
||||||
esac
|
|
||||||
|
|
||||||
ARCH_OS="${arch}-${os}"
|
|
||||||
}
|
|
||||||
|
|
||||||
chk_sys_nscd()
|
|
||||||
{ # Check if nscd is up and suggest to start it or install it
|
|
||||||
if [ "$(type -P pidof)" ]; then
|
|
||||||
if [ ! "$(pidof nscd)" ]; then
|
|
||||||
_msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
|
|
||||||
_msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
_msg "${INF}We cannot determine if your distribution 'nscd' service is running"
|
|
||||||
_msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Configure substitute discovery according to user's preferences.
|
|
||||||
# $1 is the installed service file to edit.
|
|
||||||
configure_substitute_discovery() {
|
|
||||||
if grep -q -- '--discover=no' "$1" && \
|
|
||||||
prompt_yes_no "Would you like the Guix daemon to automatically \
|
|
||||||
discover substitute servers on the local network?"; then
|
|
||||||
sed -i 's/--discover=no/--discover=yes/' "$1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
#+MAIN
|
|
||||||
|
|
||||||
guix_get_bin_list()
|
|
||||||
{ # Scan GNU archive and save list of binaries
|
|
||||||
local gnu_url="$1"
|
|
||||||
local -a bin_ver_ls
|
|
||||||
local latest_ver
|
|
||||||
local default_ver
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
# Filter only version and architecture
|
|
||||||
bin_ver_ls=("$(wget "$gnu_url" --no-verbose -O- \
|
|
||||||
| sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
|
|
||||||
| sort -Vu)")
|
|
||||||
|
|
||||||
latest_ver="$(echo "${bin_ver_ls[0]}" \
|
|
||||||
| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
|
|
||||||
| tail -n1)"
|
|
||||||
|
|
||||||
default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
|
|
||||||
|
|
||||||
if [[ "${#bin_ver_ls}" -ne "0" ]]; then
|
|
||||||
_msg "${PAS}Release for your system: ${default_ver}"
|
|
||||||
else
|
|
||||||
die "Could not obtain list of Guix releases."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Use default to download according to the list and local ARCH_OS.
|
|
||||||
BIN_VER="${default_ver}"
|
|
||||||
}
|
|
||||||
|
|
||||||
guix_get_bin()
|
|
||||||
{ # Download and verify binary package.
|
|
||||||
local url="$1"
|
|
||||||
local bin_ver="$2"
|
|
||||||
local dl_path="$3"
|
|
||||||
local wget_args=()
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
_msg "${INF}Downloading Guix release archive"
|
|
||||||
|
|
||||||
wget --help | grep -q '\--show-progress' \
|
|
||||||
&& wget_args=("--no-verbose" "--show-progress")
|
|
||||||
|
|
||||||
if wget "${wget_args[@]}" -P "$dl_path" \
|
|
||||||
"${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
|
|
||||||
_msg "${PAS}download completed."
|
|
||||||
else
|
|
||||||
die "could not download ${url}/${bin_ver}.tar.xz."
|
|
||||||
fi
|
|
||||||
|
|
||||||
pushd "${dl_path}" >/dev/null
|
|
||||||
if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
|
|
||||||
_msg "${PAS}Signature is valid."
|
|
||||||
popd >/dev/null
|
|
||||||
else
|
|
||||||
die "could not verify the signature."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_create_store()
|
|
||||||
{ # Unpack and install /gnu/store and /var/guix
|
|
||||||
local pkg="$1"
|
|
||||||
local tmp_path="$2"
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
if [[ -e "/var/guix" || -e "/gnu" ]]; then
|
|
||||||
die "A previous Guix installation was found. Refusing to overwrite."
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd "$tmp_path"
|
|
||||||
tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"
|
|
||||||
|
|
||||||
_msg "${INF}Installing /var/guix and /gnu..."
|
|
||||||
mv "${tmp_path}/var/guix" /var/
|
|
||||||
mv "${tmp_path}/gnu" /
|
|
||||||
|
|
||||||
_msg "${INF}Linking the root user's profile"
|
|
||||||
mkdir -p ~root/.config/guix
|
|
||||||
ln -sf /var/guix/profiles/per-user/root/current-guix \
|
|
||||||
~root/.config/guix/current
|
|
||||||
|
|
||||||
GUIX_PROFILE=~root/.config/guix/current
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
source "${GUIX_PROFILE}/etc/profile"
|
|
||||||
_msg "${PAS}activated root profile at ${GUIX_PROFILE}"
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_create_build_user()
|
|
||||||
{ # Create the group and user accounts for build users.
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
if getent group guixbuild > /dev/null; then
|
|
||||||
_msg "${INF}group guixbuild exists"
|
|
||||||
else
|
|
||||||
groupadd --system guixbuild
|
|
||||||
_msg "${PAS}group <guixbuild> created"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if getent group kvm > /dev/null; then
|
|
||||||
_msg "${INF}group kvm exists and build users will be added to it"
|
|
||||||
local KVMGROUP=,kvm
|
|
||||||
fi
|
|
||||||
|
|
||||||
for i in $(seq -w 1 10); do
|
|
||||||
if id "guixbuilder${i}" &>/dev/null; then
|
|
||||||
_msg "${INF}user is already in the system, reset"
|
|
||||||
usermod -g guixbuild -G guixbuild${KVMGROUP} \
|
|
||||||
-d /var/empty -s "$(which nologin)" \
|
|
||||||
-c "Guix build user $i" \
|
|
||||||
"guixbuilder${i}";
|
|
||||||
else
|
|
||||||
useradd -g guixbuild -G guixbuild${KVMGROUP} \
|
|
||||||
-d /var/empty -s "$(which nologin)" \
|
|
||||||
-c "Guix build user $i" --system \
|
|
||||||
"guixbuilder${i}";
|
|
||||||
_msg "${PAS}user added <guixbuilder${i}>"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_enable_guix_daemon()
|
|
||||||
{ # Run the daemon, and set it to automatically start on boot.
|
|
||||||
|
|
||||||
local info_path
|
|
||||||
local local_bin
|
|
||||||
local var_guix
|
|
||||||
|
|
||||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
|
||||||
|
|
||||||
info_path="/usr/local/share/info"
|
|
||||||
local_bin="/usr/local/bin"
|
|
||||||
var_guix="/var/guix/profiles/per-user/root/current-guix"
|
|
||||||
|
|
||||||
case "$INIT_SYS" in
|
|
||||||
upstart)
|
|
||||||
{ initctl reload-configuration;
|
|
||||||
cp ~root/.config/guix/current/lib/upstart/system/guix-daemon.conf \
|
|
||||||
/etc/init/ &&
|
|
||||||
configure_substitute_discovery /etc/init/guix-daemon.conf &&
|
|
||||||
start guix-daemon; } &&
|
|
||||||
_msg "${PAS}enabled Guix daemon via upstart"
|
|
||||||
;;
|
|
||||||
systemd)
|
|
||||||
{ # systemd .mount units must be named after the target directory.
|
|
||||||
# Here we assume a hard-coded name of /gnu/store.
|
|
||||||
# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
|
|
||||||
if [ -f ~root/.config/guix/current/lib/systemd/system/gnu-store.mount ]; then
|
|
||||||
cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
|
|
||||||
/etc/systemd/system/;
|
|
||||||
chmod 664 /etc/systemd/system/gnu-store.mount;
|
|
||||||
systemctl daemon-reload &&
|
|
||||||
systemctl enable gnu-store.mount;
|
|
||||||
fi
|
|
||||||
|
|
||||||
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
|
|
||||||
/etc/systemd/system/;
|
|
||||||
chmod 664 /etc/systemd/system/guix-daemon.service;
|
|
||||||
|
|
||||||
# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
|
|
||||||
sed -i /etc/systemd/system/guix-daemon.service \
|
|
||||||
-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
|
|
||||||
|
|
||||||
# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
|
|
||||||
if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
|
|
||||||
then sed -i /etc/systemd/system/guix-daemon.service \
|
|
||||||
-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
|
|
||||||
fi;
|
|
||||||
|
|
||||||
configure_substitute_discovery \
|
|
||||||
/etc/systemd/system/guix-daemon.service
|
|
||||||
|
|
||||||
systemctl daemon-reload &&
|
|
||||||
systemctl enable guix-daemon &&
|
|
||||||
systemctl start guix-daemon; } &&
|
|
||||||
_msg "${PAS}enabled Guix daemon via systemd"
|
|
||||||
;;
|
|
||||||
sysv-init)
|
|
||||||
{ mkdir -p /etc/init.d;
|
|
||||||
cp ~root/.config/guix/current/etc/init.d/guix-daemon \
|
|
||||||
/etc/init.d/guix-daemon;
|
|
||||||
chmod 775 /etc/init.d/guix-daemon;
|
|
||||||
|
|
||||||
configure_substitute_discovery /etc/init.d/guix-daemon
|
|
||||||
|
|
||||||
update-rc.d guix-daemon defaults &&
|
|
||||||
update-rc.d guix-daemon enable &&
|
|
||||||
service guix-daemon start; } &&
|
|
||||||
_msg "${PAS}enabled Guix daemon via sysv"
|
|
||||||
;;
|
|
||||||
openrc)
|
|
||||||
{ mkdir -p /etc/init.d;
|
|
||||||
cp ~root/.config/guix/current/etc/openrc/guix-daemon \
|
|
||||||
/etc/init.d/guix-daemon;
|
|
||||||
chmod 775 /etc/init.d/guix-daemon;
|
|
||||||
|
|
||||||
configure_substitute_discovery /etc/init.d/guix-daemon
|
|
||||||
|
|
||||||
rc-update add guix-daemon default &&
|
|
||||||
rc-service guix-daemon start; } &&
|
|
||||||
_msg "${PAS}enabled Guix daemon via OpenRC"
|
|
||||||
;;
|
|
||||||
NA|*)
|
|
||||||
_msg "${ERR}unsupported init system; run the daemon manually:"
|
|
||||||
echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
_msg "${INF}making the guix command available to other users"
|
|
||||||
|
|
||||||
[ -e "$local_bin" ] || mkdir -p "$local_bin"
|
|
||||||
ln -sf "${var_guix}/bin/guix" "$local_bin"
|
|
||||||
|
|
||||||
[ -e "$info_path" ] || mkdir -p "$info_path"
|
|
||||||
for i in "${var_guix}"/share/info/*; do
|
|
||||||
ln -sf "$i" "$info_path"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_authorize_build_farms()
|
|
||||||
{ # authorize the public key(s) of the build farm(s)
|
|
||||||
local hosts=(
|
|
||||||
ci.guix.gnu.org
|
|
||||||
bordeaux.guix.gnu.org
|
|
||||||
)
|
|
||||||
|
|
||||||
if prompt_yes_no "Permit downloading pre-built package binaries from the \
|
|
||||||
project's build farms?"; then
|
|
||||||
for host in "${hosts[@]}"; do
|
|
||||||
local key=~root/.config/guix/current/share/guix/$host.pub
|
|
||||||
[ -f "$key" ] \
|
|
||||||
&& guix archive --authorize < "$key" \
|
|
||||||
&& _msg "${PAS}Authorized public key for $host"
|
|
||||||
done
|
|
||||||
else
|
|
||||||
_msg "${INF}Skipped authorizing build farm public keys"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_create_init_profile()
|
|
||||||
{ # Define for better desktop integration
|
|
||||||
# This will not take effect until the next shell or desktop session!
|
|
||||||
[ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
|
|
||||||
cat <<"EOF" > /etc/profile.d/zzz-guix.sh
|
|
||||||
# Explicitly initialize XDG base directory variables to ease compatibility
|
|
||||||
# with Guix System: see <https://issues.guix.gnu.org/56050#3>.
|
|
||||||
export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
|
|
||||||
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
|
|
||||||
export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
|
|
||||||
export XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
|
|
||||||
export XDG_CONFIG_DIRS="${XDG_CONFIG_DIRS:-/etc/xdg}"
|
|
||||||
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}"
|
|
||||||
# no default for XDG_RUNTIME_DIR (depends on foreign distro for semantics)
|
|
||||||
|
|
||||||
# _GUIX_PROFILE: `guix pull` profile
|
|
||||||
_GUIX_PROFILE="$HOME/.config/guix/current"
|
|
||||||
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
|
|
||||||
# Export INFOPATH so that the updated info pages can be found
|
|
||||||
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
|
|
||||||
# When INFOPATH is unset, add a trailing colon so that Emacs
|
|
||||||
# searches 'Info-default-directory-list'.
|
|
||||||
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
|
|
||||||
|
|
||||||
# GUIX_PROFILE: User's default profile
|
|
||||||
# Prefer the one from 'guix home' if it exists.
|
|
||||||
GUIX_PROFILE="$HOME/.guix-home/profile"
|
|
||||||
[ -L $GUIX_PROFILE ] || GUIX_PROFILE="$HOME/.guix-profile"
|
|
||||||
[ -L $GUIX_PROFILE ] || return
|
|
||||||
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
|
|
||||||
export GUIX_LOCPATH
|
|
||||||
|
|
||||||
[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_create_shell_completion()
|
|
||||||
{ # Symlink supported shell completions system-wide
|
|
||||||
|
|
||||||
var_guix=/var/guix/profiles/per-user/root/current-guix
|
|
||||||
bash_completion=/etc/bash_completion.d
|
|
||||||
zsh_completion=/usr/share/zsh/site-functions
|
|
||||||
fish_completion=/usr/share/fish/vendor_completions.d
|
|
||||||
|
|
||||||
{ # Just in case
|
|
||||||
for dir_shell in $bash_completion $zsh_completion $fish_completion; do
|
|
||||||
[ -d "$dir_shell" ] || mkdir -p $dir_shell
|
|
||||||
done;
|
|
||||||
|
|
||||||
ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
|
|
||||||
ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
|
|
||||||
ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
|
|
||||||
_msg "${PAS}installed shell completion"
|
|
||||||
}
|
|
||||||
|
|
||||||
sys_customize_bashrc()
|
|
||||||
{
|
|
||||||
prompt_yes_no "Customize users Bash shell prompt for Guix?" || return
|
|
||||||
for bashrc in /home/*/.bashrc /root/.bashrc; do
|
|
||||||
test -f "$bashrc" || continue
|
|
||||||
grep -Fq '$GUIX_ENVIRONMENT' "$bashrc" && continue
|
|
||||||
cp "${bashrc}" "${bashrc}.bak"
|
|
||||||
echo '
|
|
||||||
# Automatically added by the Guix install script.
|
|
||||||
if [ -n "$GUIX_ENVIRONMENT" ]; then
|
|
||||||
if [[ $PS1 =~ (.*)"\\$" ]]; then
|
|
||||||
PS1="${BASH_REMATCH[1]} [env]\\\$ "
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
' >> "$bashrc"
|
|
||||||
done
|
|
||||||
_msg "${PAS}Bash shell prompt successfully customized for Guix"
|
|
||||||
}
|
|
||||||
|
|
||||||
welcome()
|
|
||||||
{
|
|
||||||
local char
|
|
||||||
cat<<"EOF"
|
|
||||||
░░░ ░░░
|
|
||||||
░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
|
|
||||||
░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
|
|
||||||
░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
|
|
||||||
░▒▒▒▒░ ░░░░░░
|
|
||||||
▒▒▒▒▒ ░░░░░░
|
|
||||||
▒▒▒▒▒ ░░░░░
|
|
||||||
░▒▒▒▒▒ ░░░░░
|
|
||||||
▒▒▒▒▒ ░░░░░
|
|
||||||
▒▒▒▒▒ ░░░░░
|
|
||||||
░▒▒▒▒▒░░░░░
|
|
||||||
▒▒▒▒▒▒░░░
|
|
||||||
▒▒▒▒▒▒░
|
|
||||||
_____ _ _ _ _ _____ _
|
|
||||||
/ ____| \ | | | | | / ____| (_)
|
|
||||||
| | __| \| | | | | | | __ _ _ ___ __
|
|
||||||
| | |_ | . ' | | | | | | |_ | | | | \ \/ /
|
|
||||||
| |__| | |\ | |__| | | |__| | |_| | |> <
|
|
||||||
\_____|_| \_|\____/ \_____|\__,_|_/_/\_\
|
|
||||||
|
|
||||||
This script installs GNU Guix on your system
|
|
||||||
|
|
||||||
https://www.gnu.org/software/guix/
|
|
||||||
EOF
|
|
||||||
# Don't use ‘read -p’ here! It won't display when run non-interactively.
|
|
||||||
echo -n "Press return to continue..."$'\r'
|
|
||||||
read -r char
|
|
||||||
if [ "$char" ]; then
|
|
||||||
echo
|
|
||||||
echo "...that ($char) was not a return!"
|
|
||||||
_msg "${WAR}Use newlines to automate installation, e.g.: yes '' | ${0##*/}"
|
|
||||||
_msg "${WAR}Any other method is unsupported and likely to break in future."
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
main()
|
|
||||||
{
|
|
||||||
local tmp_path
|
|
||||||
welcome
|
|
||||||
|
|
||||||
_msg "Starting installation ($(date))"
|
|
||||||
|
|
||||||
chk_term
|
|
||||||
chk_require "${REQUIRE[@]}"
|
|
||||||
chk_gpg_keyring
|
|
||||||
chk_init_sys
|
|
||||||
chk_sys_arch
|
|
||||||
chk_sys_nscd
|
|
||||||
|
|
||||||
_msg "${INF}system is ${ARCH_OS}"
|
|
||||||
|
|
||||||
umask 0022
|
|
||||||
tmp_path="$(mktemp -t -d guix.XXXXXX)"
|
|
||||||
|
|
||||||
if [ -z "${GUIX_BINARY_FILE_NAME}" ]; then
|
|
||||||
guix_get_bin_list "${GNU_URL}"
|
|
||||||
guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
|
|
||||||
GUIX_BINARY_FILE_NAME=${BIN_VER}.tar.xz
|
|
||||||
else
|
|
||||||
if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
|
|
||||||
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
|
|
||||||
fi
|
|
||||||
_msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
|
|
||||||
GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
|
|
||||||
fi
|
|
||||||
|
|
||||||
sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
|
|
||||||
sys_create_build_user
|
|
||||||
sys_enable_guix_daemon
|
|
||||||
sys_authorize_build_farms
|
|
||||||
sys_create_init_profile
|
|
||||||
sys_create_shell_completion
|
|
||||||
sys_customize_bashrc
|
|
||||||
|
|
||||||
_msg "${INF}cleaning up ${tmp_path}"
|
|
||||||
rm -r "${tmp_path}"
|
|
||||||
|
|
||||||
_msg "${PAS}Guix has successfully been installed!"
|
|
||||||
_msg "${INF}Run 'info guix' to read the manual."
|
|
||||||
|
|
||||||
# Required to source /etc/profile in desktop environments.
|
|
||||||
_msg "${INF}Please log out and back in to complete the installation."
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
|
@ -1,24 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
PACKAGES remove
|
|
||||||
guix
|
|
||||||
|
|
||||||
PACKAGES install
|
|
||||||
make
|
|
||||||
screen
|
|
||||||
wget
|
|
||||||
xz-utils
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
||||||
#
|
|
||||||
# This project is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This project is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
fcopy -i -m root,root,0755 /etc/cron.d/fai
|
|
||||||
fcopy -iM /etc/fai/fai.conf
|
|
||||||
fcopy -iM /etc/hostname
|
|
||||||
fcopy -iM /etc/hosts
|
|
||||||
fcopy -iM /etc/network/interfaces.d/lo.conf
|
|
||||||
fcopy -iM /etc/network/interfaces.d/enp1s0.conf
|
|
||||||
fcopy -iM /etc/resolv.conf
|
|
||||||
fcopy -iM /etc/ssh/sshd_config
|
|
||||||
fcopy -i -m root,root,0755 /usr/local/bin/guix-install.sh
|
|
|
@ -1,150 +0,0 @@
|
||||||
<domain type='kvm'>
|
|
||||||
<name>trisquel-guix-installer.experimental.a-lec.org</name>
|
|
||||||
<description>Image générique à cloner</description>
|
|
||||||
<memory unit='KiB'>4194304</memory>
|
|
||||||
<currentMemory unit='KiB'>4194304</currentMemory>
|
|
||||||
<vcpu placement='static'>1</vcpu>
|
|
||||||
<os>
|
|
||||||
<type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
|
|
||||||
<boot dev='hd'/>
|
|
||||||
</os>
|
|
||||||
<features>
|
|
||||||
<acpi/>
|
|
||||||
<apic/>
|
|
||||||
<vmport state='off'/>
|
|
||||||
</features>
|
|
||||||
<cpu mode='host-model' check='partial'>
|
|
||||||
<topology sockets='1' dies='1' cores='1' threads='1'/>
|
|
||||||
</cpu>
|
|
||||||
<clock offset='utc'>
|
|
||||||
<timer name='rtc' tickpolicy='catchup'/>
|
|
||||||
<timer name='pit' tickpolicy='delay'/>
|
|
||||||
<timer name='hpet' present='no'/>
|
|
||||||
</clock>
|
|
||||||
<on_poweroff>destroy</on_poweroff>
|
|
||||||
<on_reboot>restart</on_reboot>
|
|
||||||
<on_crash>destroy</on_crash>
|
|
||||||
<pm>
|
|
||||||
<suspend-to-mem enabled='no'/>
|
|
||||||
<suspend-to-disk enabled='no'/>
|
|
||||||
</pm>
|
|
||||||
<devices>
|
|
||||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
|
||||||
<disk type='file' device='disk'>
|
|
||||||
<driver name='qemu' type='raw'/>
|
|
||||||
<source file='/srv/vmverse/installation/gnutoo-trisquel-fai-installer.img'/>
|
|
||||||
<target dev='vdc' bus='virtio'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
|
|
||||||
</disk>
|
|
||||||
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='sata' index='0'>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='0' model='pcie-root'/>
|
|
||||||
<controller type='pci' index='1' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='1' port='0x10'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='2' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='2' port='0x11'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='3' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='3' port='0x12'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='4' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='4' port='0x13'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='5' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='5' port='0x14'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='6' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='6' port='0x15'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='7' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='7' port='0x16'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='8' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='8' port='0x17'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='pci' index='9' model='pcie-root-port'>
|
|
||||||
<model name='pcie-root-port'/>
|
|
||||||
<target chassis='9' port='0x18'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='virtio-serial' index='0'>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
|
|
||||||
</controller>
|
|
||||||
<controller type='scsi' index='0' model='virtio-scsi'>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
|
|
||||||
</controller>
|
|
||||||
<interface type='bridge'>
|
|
||||||
<source bridge='br0'/>
|
|
||||||
<model type='virtio'/>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
|
||||||
</interface>
|
|
||||||
<serial type='pty'>
|
|
||||||
<target type='isa-serial' port='0'>
|
|
||||||
<model name='isa-serial'/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type='pty'>
|
|
||||||
<target type='isa-serial' port='1'>
|
|
||||||
<model name='isa-serial'/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type='pty'>
|
|
||||||
<target type='isa-serial' port='2'>
|
|
||||||
<model name='isa-serial'/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type='pty'>
|
|
||||||
<target type='isa-serial' port='3'>
|
|
||||||
<model name='isa-serial'/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<console type='pty'>
|
|
||||||
<target type='serial' port='0'/>
|
|
||||||
</console>
|
|
||||||
<channel type='unix'>
|
|
||||||
<target type='virtio' name='org.qemu.guest_agent.0'/>
|
|
||||||
<address type='virtio-serial' controller='0' bus='0' port='1'/>
|
|
||||||
</channel>
|
|
||||||
<channel type='spicevmc'>
|
|
||||||
<target type='virtio' name='com.redhat.spice.0'/>
|
|
||||||
<address type='virtio-serial' controller='0' bus='0' port='2'/>
|
|
||||||
</channel>
|
|
||||||
<input type='mouse' bus='ps2'/>
|
|
||||||
<input type='keyboard' bus='ps2'/>
|
|
||||||
<graphics type='spice'>
|
|
||||||
<listen type='none'/>
|
|
||||||
</graphics>
|
|
||||||
<audio id='1' type='spice'/>
|
|
||||||
<video>
|
|
||||||
<model type='none'/>
|
|
||||||
</video>
|
|
||||||
<memballoon model='virtio'>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
|
|
||||||
</memballoon>
|
|
||||||
<rng model='virtio'>
|
|
||||||
<backend model='random'>/dev/urandom</backend>
|
|
||||||
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
|
|
||||||
</rng>
|
|
||||||
</devices>
|
|
||||||
</domain>
|
|
|
@ -1,79 +0,0 @@
|
||||||
# Copying and distribution of this file, with or without modification,
|
|
||||||
# are permitted in any medium without royalty provided the copyright
|
|
||||||
# notice and this notice are preserved. This file is offered as-is,
|
|
||||||
# without any warranty.
|
|
||||||
|
|
||||||
CURL ?= curl
|
|
||||||
MIRROR ?= https://cdimage.trisquel.info/trisquel-images
|
|
||||||
VERSION ?= 11.0
|
|
||||||
|
|
||||||
.precious: \
|
|
||||||
trisquel_$(VERSION)_amd64.iso \
|
|
||||||
trisquel_$(VERSION)_amd64.iso.asc \
|
|
||||||
trisquel-netinst_$(VERSION)_amd64.iso \
|
|
||||||
trisquel-netinst_$(VERSION)_amd64.iso.asc
|
|
||||||
|
|
||||||
.PHONY: all install-vm
|
|
||||||
all: verify-trisquel-netinst_$(VERSION)_amd64
|
|
||||||
|
|
||||||
trisquel-archive-signkey.gpg:
|
|
||||||
gpg --list-keys D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938 || \
|
|
||||||
$(CURL) https://archive.trisquel.info/trisquel/$@ -o $@
|
|
||||||
gpg --list-keys D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938 || \
|
|
||||||
gpg --import trisquel-archive-signkey.gpg
|
|
||||||
|
|
||||||
%.iso:
|
|
||||||
$(CURL) $(MIRROR)/$@ -o $@
|
|
||||||
|
|
||||||
%.asc: trisquel-archive-signkey.gpg %
|
|
||||||
$(CURL) $(MIRROR)/$@ -o $@
|
|
||||||
|
|
||||||
verify-%: %.iso.asc
|
|
||||||
gpg --verify $<
|
|
||||||
|
|
||||||
install-iso:
|
|
||||||
virsh -c qemu:///system vol-list installation | \
|
|
||||||
tail +3 | \
|
|
||||||
awk '{print $1}' | \
|
|
||||||
grep '^trisquel-netinst_11.0_amd64.iso$' || \
|
|
||||||
( \
|
|
||||||
virsh -c qemu:///system \
|
|
||||||
vol-create-as \
|
|
||||||
installation trisquel-netinst_11.0_amd64.iso 0 && \
|
|
||||||
virsh -c qemu:///system \
|
|
||||||
vol-upload \
|
|
||||||
--pool installation trisquel-netinst_11.0_amd64.iso \
|
|
||||||
--file $PWD/trisquel-netinst_11.0_amd64.iso \
|
|
||||||
)
|
|
||||||
|
|
||||||
# We need that for transparency reasons
|
|
||||||
install-signature:
|
|
||||||
virsh -c qemu:///system vol-list installation | \
|
|
||||||
tail +3 | \
|
|
||||||
awk '{print $1}' | \
|
|
||||||
grep '^trisquel-netinst_11.0_amd64.iso.asc$' || \
|
|
||||||
( \
|
|
||||||
virsh -c qemu:///system \
|
|
||||||
vol-create-as \
|
|
||||||
installation trisquel-netinst_11.0_amd64.iso.asc 0 && \
|
|
||||||
virsh -c qemu:///system \
|
|
||||||
vol-upload \
|
|
||||||
--pool installation trisquel-netinst_11.0_amd64.iso \
|
|
||||||
--file $PWD/trisquel-netinst_11.0_amd64.iso.asc \
|
|
||||||
)
|
|
||||||
|
|
||||||
VM_DEPENDENCIES = \
|
|
||||||
install-iso \
|
|
||||||
install-signature \
|
|
||||||
verify-trisquel-netinst_$(VERSION)_amd64
|
|
||||||
|
|
||||||
install-vm: $(VM_DEPENDENCIES)
|
|
||||||
if ! virsh -c qemu:///system \
|
|
||||||
desc experimental-trisquel-netinstall ; then \
|
|
||||||
virsh -c qemu:///system destroy \
|
|
||||||
experimental-trisquel-netinstall || true ; \
|
|
||||||
virsh -c qemu:///system undefine \
|
|
||||||
experimental-trisquel-netinstall ; \
|
|
||||||
fi
|
|
||||||
virsh -c qemu:///system \
|
|
||||||
define --file experimental-trisquel-netinstall.xml
|
|
|
@ -1,50 +0,0 @@
|
||||||
Deployment
|
|
||||||
==========
|
|
||||||
|
|
||||||
If you don't have the Trisquel netinstall iso inside libvirt you can
|
|
||||||
get it by first downloading it in the current directory with the
|
|
||||||
following command:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ make
|
|
||||||
```
|
|
||||||
|
|
||||||
Then you can add it to libvirt with the following command:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./create-netinstall-volume.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
Then if the VM is not already defined in libvirt, you can use the
|
|
||||||
following command to do that:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./create-vm.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
You will then need to add an extra storage device to the VM to have
|
|
||||||
some storage to install Trisquel on.
|
|
||||||
|
|
||||||
You can then start the installer and get a console inside it with the
|
|
||||||
following commands:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ virsh -c qemu:///system start gnutoo-trisquel-netinstall
|
|
||||||
$ ./use-serial-port.sh
|
|
||||||
$ virsh -c qemu:///system console gnutoo-trisquel-netinstall
|
|
||||||
```
|
|
||||||
|
|
||||||
License
|
|
||||||
=======
|
|
||||||
This project is free software: you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation, either version 3 of the License, or
|
|
||||||
(at your option) any later version.
|
|
||||||
|
|
||||||
This project is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
|
||||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
|
@ -1,102 +0,0 @@
|
||||||
<domain type="kvm">
|
|
||||||
<name>gnutoo-trisquel-netinstall</name>
|
|
||||||
<memory unit="KiB">2097152</memory>
|
|
||||||
<currentMemory unit="KiB">2097152</currentMemory>
|
|
||||||
<resource>
|
|
||||||
<partition>/machine</partition>
|
|
||||||
</resource>
|
|
||||||
<os>
|
|
||||||
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
|
||||||
<boot dev="hd"/>
|
|
||||||
</os>
|
|
||||||
<features>
|
|
||||||
<acpi/>
|
|
||||||
<apic/>
|
|
||||||
<vmport state="off"/>
|
|
||||||
</features>
|
|
||||||
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
|
||||||
<clock offset="utc">
|
|
||||||
<timer name="rtc" tickpolicy="catchup"/>
|
|
||||||
<timer name="pit" tickpolicy="delay"/>
|
|
||||||
<timer name="hpet" present="no"/>
|
|
||||||
</clock>
|
|
||||||
<on_poweroff>destroy</on_poweroff>
|
|
||||||
<on_reboot>restart</on_reboot>
|
|
||||||
<on_crash>destroy</on_crash>
|
|
||||||
<pm>
|
|
||||||
<suspend-to-mem enabled="no"/>
|
|
||||||
<suspend-to-disk enabled="no"/>
|
|
||||||
</pm>
|
|
||||||
<devices>
|
|
||||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
|
||||||
<disk type="file" device="disk">
|
|
||||||
<driver name="qemu" type="raw"/>
|
|
||||||
<source file="/srv/vmverse/installation/trisquel-netinst_11.0_amd64.iso"/>
|
|
||||||
<target dev="sda" bus="usb" removable="on"/>
|
|
||||||
<readonly/>
|
|
||||||
<address type="usb" bus="0" port="1"/>
|
|
||||||
</disk>
|
|
||||||
<controller type="usb" index="0" model="ich9-ehci1">
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
|
||||||
</controller>
|
|
||||||
<controller type="usb" index="0" model="ich9-uhci1">
|
|
||||||
<master startport="0"/>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
|
||||||
</controller>
|
|
||||||
<controller type="usb" index="0" model="ich9-uhci2">
|
|
||||||
<master startport="2"/>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
|
||||||
</controller>
|
|
||||||
<controller type="usb" index="0" model="ich9-uhci3">
|
|
||||||
<master startport="4"/>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
|
||||||
</controller>
|
|
||||||
<controller type="pci" index="0" model="pci-root"/>
|
|
||||||
<interface type="bridge">
|
|
||||||
<source bridge="br0"/>
|
|
||||||
<model type="virtio"/>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
|
||||||
</interface>
|
|
||||||
<serial type="pty">
|
|
||||||
<target type="isa-serial" port="0">
|
|
||||||
<model name="isa-serial"/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type="pty">
|
|
||||||
<target type="isa-serial" port="1">
|
|
||||||
<model name="isa-serial"/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type="pty">
|
|
||||||
<target type="isa-serial" port="2">
|
|
||||||
<model name="isa-serial"/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<serial type="pty">
|
|
||||||
<target type="isa-serial" port="3">
|
|
||||||
<model name="isa-serial"/>
|
|
||||||
</target>
|
|
||||||
</serial>
|
|
||||||
<console type="pty">
|
|
||||||
<target type="serial" port="0"/>
|
|
||||||
</console>
|
|
||||||
<input type="keyboard" bus="ps2"/>
|
|
||||||
<input type="mouse" bus="ps2"/>
|
|
||||||
<graphics type="spice">
|
|
||||||
<listen type="none"/>
|
|
||||||
<gl enable="no"/>
|
|
||||||
</graphics>
|
|
||||||
<audio id="1" type="spice"/>
|
|
||||||
<video>
|
|
||||||
<model type="none"/>
|
|
||||||
</video>
|
|
||||||
<memballoon model="virtio">
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
|
||||||
</memballoon>
|
|
||||||
<rng model="virtio">
|
|
||||||
<backend model="random">/dev/urandom</backend>
|
|
||||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
|
||||||
</rng>
|
|
||||||
</devices>
|
|
||||||
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
|
||||||
</domain>
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
# See /usr/include/linux/input-event-codes.h for the key <-> values
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 15 # TAB
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 46 # C
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 24 # O
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 49 # N
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 31 # S
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 24 # O
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 38 # L
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 18 # E
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 13 # =
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 20 # T
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 20 # T
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 21 # Y
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 58 # CAPSLOCK
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 31 # S
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 11 # 0
|
|
||||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 28 # ENTER
|
|
Loading…
Reference in New Issue