Compare commits
10 Commits
main
...
untested/g
Author | SHA1 | Date |
---|---|---|
Denis 'GNUtoo' Carikli | 922515f120 | |
Denis 'GNUtoo' Carikli | f858429ad4 | |
Denis 'GNUtoo' Carikli | 65f67ada92 | |
Denis 'GNUtoo' Carikli | 19c44f265e | |
Denis 'GNUtoo' Carikli | 67e13b860c | |
Denis 'GNUtoo' Carikli | 3bf48fb977 | |
Denis 'GNUtoo' Carikli | f8e4064d6f | |
Denis 'GNUtoo' Carikli | 4dc5a46cbb | |
Denis 'GNUtoo' Carikli | f3af1623b8 | |
Denis 'GNUtoo' Carikli | aef0935acd |
|
@ -1,13 +1,3 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
*~
|
||||
\#*\#
|
||||
aclocal.m4
|
||||
|
@ -17,21 +7,15 @@ config.status
|
|||
configure
|
||||
first-boot.sh
|
||||
guix-commit.txt
|
||||
guix-installer-vm.img
|
||||
guix-installer-vm.tar
|
||||
guix-installer-vm.tar.xz
|
||||
guix-installer-vm.tar.xz.b64
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
id_wireguard
|
||||
index.html
|
||||
install-sh
|
||||
Makefile
|
||||
Makefile.in
|
||||
missing
|
||||
mumble-vm-machine.scm
|
||||
mumble-vm-system.scm
|
||||
mumble-vm.tar
|
||||
mumble-vm.tar.xz
|
||||
mumble-vm.tar.xz.b64
|
||||
signing-key.pub
|
||||
wireguard-post-up.sh
|
||||
|
|
|
@ -42,7 +42,7 @@ guix-commit.txt: Makefile
|
|||
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
|
||||
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \
|
||||
s#VM_IPV4_GATEWAY#$(VM_IPV4_GATEWAY)#g ; \
|
||||
s#VM_IPV6_GATEWAY#$(VM_IPV6_GATEWAY)#g ; \
|
||||
s#VM_IPV6_GATEWAY#$(VM_IPV4_GATEWAY)#g ; \
|
||||
s#VM_IPV4_DNS#$(VM_IPV4_DNS)#g ; \
|
||||
s#VM_IPV6_DNS#$(VM_IPV6_DNS)#g ; \
|
||||
s#VM_SSH_PUB_KEY#$(VM_SSH_PUB_KEY)#g ; \
|
||||
|
@ -59,7 +59,7 @@ guix-commit.txt: Makefile
|
|||
id_ed25519.pub:
|
||||
printf "ssh-ed25519 %s %s" \
|
||||
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
||||
'gnutoo@primary_laptop' \
|
||||
'gnutoo@primary_laptop'
|
||||
> $@
|
||||
|
||||
# Generate default key. Can be changed by replacing signing-key.pub.
|
||||
|
@ -89,10 +89,6 @@ mumble-vm.img: $(IMAGE_SOURCE)
|
|||
--image-type=mbr-raw \
|
||||
--image-size=6G mumble-vm-system.scm` \
|
||||
$@
|
||||
build: $(IMAGE_SOURCE)
|
||||
guix system build \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=6G mumble-vm-system.scm
|
||||
|
||||
mumble-vm.tar: $(TARBALL_SOURCE)
|
||||
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
||||
|
@ -100,8 +96,5 @@ mumble-vm.tar: $(TARBALL_SOURCE)
|
|||
mumble-vm.tar.xz: mumble-vm.tar
|
||||
xz -f -9e --verbose $<
|
||||
|
||||
mumble-vm.tar.xz.b64: mumble-vm.tar.xz
|
||||
base64 $< > $@
|
||||
|
||||
deploy: $(IMAGE_SOURCE)
|
||||
guix deploy -L . mumble-vm-machine.scm
|
120
README
120
README
|
@ -1,59 +1,95 @@
|
|||
Scope
|
||||
=====
|
||||
Until now the virtual machines were handled somewhat manually. This
|
||||
experimental project is meant to have everything needed to deploy the
|
||||
virtual machines in git.
|
||||
Deployment
|
||||
==========
|
||||
To build the virtual machine image you can use the following command:
|
||||
$ ./autogen.sh && ./configure && make
|
||||
|
||||
It also tries to be enable people to safely bootstrap all the
|
||||
VMs. This way there is no more chicken and egg issue, and in case of
|
||||
compromise, the VMs can easily and safely be reinstalled.
|
||||
You can also check the configure option for configuring it for testing
|
||||
on another infrastructure (for instance by using another domain).
|
||||
|
||||
Backups
|
||||
=======
|
||||
This repository is also backed up on software heritage from time to time.
|
||||
To build an image you will also need at least id_ed25519.pub and
|
||||
signing-key.pub:
|
||||
|
||||
Virtual machines
|
||||
================
|
||||
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
|
||||
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
|
||||
details. If you're not confortable with that, backup your ~/.ssh
|
||||
folder first.
|
||||
|
||||
In this git repositories, there are several virtual machines
|
||||
definitions:
|
||||
- signing-key.pub can be generated with the 'guix archive
|
||||
--generate-key' command. See the "Invoking guix archive" in the
|
||||
Guix manual for more details[1].
|
||||
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
|
||||
|
||||
- audio.experimental.a-lec.org: This is a Mumble server made with Guix.
|
||||
Other files are optional:
|
||||
|
||||
- guix-installer-vm: This is meant to generate a template VM with
|
||||
Guix. Once deployed users are supposed to SSH inside and reconfigure
|
||||
it with the Guix scheme configuration they need/want.
|
||||
- id_ed25519: It is used for guix deploy. It is also generated by
|
||||
ssh-keygen. A good idea is to have a symlink to it in order not to
|
||||
have scp copy it to the target machine by mistake as it is the SSH
|
||||
private key. Using separate SSH keys for separate machines also help
|
||||
limiting the damage when such accident happen.
|
||||
|
||||
- trisquel-automatic-netinstall-qemu: This is a Trisquel VM generated
|
||||
automatically from the Trisquel netinstall with qemu and preseed.
|
||||
- id_wireguard: This is the wireguard private key. It can be generated
|
||||
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
|
||||
8 wg') for more detail.
|
||||
|
||||
- trisquel-install-guix-fai: This is an example that can be used to
|
||||
deploy configuration management with FAI (Fully Automated
|
||||
Installation) inside a VM. Unlike regular FAI installations, here
|
||||
things are simplified a lot, and we simply (ab)use FAI to store
|
||||
configuration files inside a git repository. This also require to
|
||||
run inside the VM once the VM has been created.
|
||||
|
||||
- trisquel-manual-netinstall-lxc: This was meant to automatize the
|
||||
creation of VM running the Trisquel netinstall, but it has been
|
||||
superseded by trisquel-automatic-netinstall-qemu which does the
|
||||
full installation automatically. Since
|
||||
trisquel-automatic-netinstall-qemu is using preseed, it's also
|
||||
possible to modify it not provide answers for some of the installer
|
||||
questions, letting the user(s) choose instead.
|
||||
Note that letsencrypt has a limit of about 5 certificates per week, so
|
||||
it's a good idea to use test domains before deployments.
|
||||
|
||||
Once the image is booted:
|
||||
- You will need to login inside and run the following command:
|
||||
# first-boot.sh
|
||||
- You then need to set the root password.
|
||||
|
||||
The mumble-vm-install.sh installation script
|
||||
============================================
|
||||
This script is supposed to only run inside a VM on the Guix installer
|
||||
and checks that it's the case through various ways. The specification
|
||||
of the VM it runs on is provided in guix-vm-installer.xml for
|
||||
reference. It is very specific to the Libre en communs infrastructure,
|
||||
so you might need to modify it to use it on your infrastructure.
|
||||
|
||||
The Libre en Communs infrastructure on which this VM is being deployed
|
||||
has libvirt but it doesn't have Guix on the host. So the option
|
||||
provided by Libre en Communs was to do the installation from a
|
||||
VM.
|
||||
|
||||
This is also common for many infrastructure providers due to security
|
||||
concerns with access outside the VM.
|
||||
|
||||
Since the Guix installer is trusted and is now provided by Libre en
|
||||
communs, and that we also have access to the vm management interfaces
|
||||
we simply use a script to do all the installation work.
|
||||
|
||||
If instead you have a VM with only SSH access you will also need to
|
||||
modify the script to fit that use case.
|
||||
|
||||
It is also possible to convert an existing VM to Guix but that
|
||||
requires significantly more work (see gnu/machine/digital-ocean.scm
|
||||
inside the Guix source code for more detail on how to do that).
|
||||
|
||||
To use this script, the admin with privileged access to the vm
|
||||
management interface needs to boot the installer and copy the script
|
||||
inside. This can be done by running the following command (the script
|
||||
can be named like you want):
|
||||
# cat /dev/ttyS0 > i.sh
|
||||
and then by pasting the script through the first serial port, and
|
||||
typing ctrl+d at the end, so that the file is closed and written.
|
||||
|
||||
The script can then run like that:
|
||||
# chmod +x i.sh
|
||||
# ./i.sh
|
||||
|
||||
License
|
||||
=======
|
||||
All the projects in this git repository are free software: you can
|
||||
redistribute them and/or modify them under the terms of the GNU
|
||||
General Public License as published by the Free Software Foundation,
|
||||
either version 3 of the License, or (at your option) any later
|
||||
version.
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
All the project are distributed in the hope that they will be useful,
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
/Makefile
|
|
@ -1,56 +0,0 @@
|
|||
Deployment
|
||||
==========
|
||||
To build the virtual machine image you can use the following command:
|
||||
$ ./autogen.sh && ./configure && make
|
||||
|
||||
You can also check the configure option for configuring it for testing
|
||||
on another infrastructure (for instance by using another domain).
|
||||
|
||||
To build an image you will also need at least id_ed25519.pub and
|
||||
signing-key.pub:
|
||||
|
||||
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
|
||||
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
|
||||
details. If you're not confortable with that, backup your ~/.ssh
|
||||
folder first.
|
||||
|
||||
- signing-key.pub can be generated with the 'guix archive
|
||||
--generate-key' command. See the "Invoking guix archive" in the
|
||||
Guix manual for more details[1].
|
||||
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
|
||||
|
||||
Other files are optional:
|
||||
|
||||
- id_ed25519: It is used for guix deploy. It is also generated by
|
||||
ssh-keygen. A good idea is to have a symlink to it in order not to
|
||||
have scp copy it to the target machine by mistake as it is the SSH
|
||||
private key. Using separate SSH keys for separate machines also help
|
||||
limiting the damage when such accident happen.
|
||||
|
||||
- id_wireguard: This is the wireguard private key. It can be generated
|
||||
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
|
||||
8 wg') for more detail.
|
||||
|
||||
|
||||
Note that letsencrypt has a limit of about 5 certificates per week, so
|
||||
it's a good idea to use test domains before deployments.
|
||||
|
||||
Once the image is booted:
|
||||
- You will need to login inside and run the following command:
|
||||
# first-boot.sh
|
||||
- You then need to set the root password.
|
||||
|
||||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -1,33 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
set -e
|
||||
|
||||
report()
|
||||
{
|
||||
ret=$?
|
||||
message="$@"
|
||||
|
||||
if [ ${ret} -eq 0 ] ; then
|
||||
echo "[ OK ] ${message}"
|
||||
else
|
||||
echo "[ !! ] ${message} failed"
|
||||
exit ${ret}
|
||||
fi
|
||||
}
|
||||
|
||||
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
|
||||
partprobe
|
||||
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
|
||||
|
||||
certbot certonly --standalone -d DOMAIN -m LETSENCRYPT_EMAIL ; report "Obtaining Lets's Encrypt certificate"
|
||||
herd restart mumble-server ; report "Restarting Mumble server"
|
||||
herd restart nginx ; report "Restarting Nginx server"
|
|
@ -61,9 +61,9 @@ AC_ARG_WITH([letsencrypt-email],
|
|||
|
||||
AC_ARG_WITH([vm-ipv4-address],
|
||||
[AS_HELP_STRING([--with-vm-ipv4-address=VM_IPV4_ADDRESS], [Use custom VM
|
||||
IPv4 address. (default=192.168.1.117/16)])],
|
||||
IPv4 address. (default=192.168.1.117/24)])],
|
||||
[VM_IPV4_ADDRESS=$withval],
|
||||
[VM_IPV4_ADDRESS="192.168.1.117/16"])
|
||||
[VM_IPV4_ADDRESS="192.168.1.117/24"])
|
||||
|
||||
AC_ARG_WITH([vm-ipv6-address],
|
||||
[AS_HELP_STRING([--with-vm-ipv6-address=VM_IPV6_ADDRESS], [Use custom VM
|
||||
|
@ -79,7 +79,7 @@ AC_ARG_WITH([vm-ipv4-gateway],
|
|||
|
||||
AC_ARG_WITH([vm-ipv6-gateway],
|
||||
[AS_HELP_STRING([--with-vm-ipv6-gateway=VM_IPV6_GATEWAY], [Use custom VM
|
||||
IPv6 gateway address. (default=2001:910:1021::1)])],
|
||||
IPv6 gateway address. (default=192.168.0.1)])],
|
||||
[VM_IPV6_GATEWAY=$withval],
|
||||
[VM_IPV6_GATEWAY="2001:910:1021::1"])
|
||||
|
||||
|
@ -99,11 +99,11 @@ AC_ARG_WITH([vm-ssh-public-key],
|
|||
[AS_HELP_STRING([--with-ssh-vm-public-key=VM_SSH_PUB_KEY], [Use custom VM
|
||||
SSH public key for use with 'guix deploy'. (default=\
|
||||
ssh-ed25519\
|
||||
AAAAC3NzaC1lZDI1NTE5AAAAIGeMeRMT4l5mxi8snZYM+jcZ/N/EfJ25L2FU88fdbuhC)])],
|
||||
AAAAC3NzaC1lZDI1NTE5AAAAIEjLYbJ+47MTte960IbOUTRzOD012ewt1IZgOOc+NqDa)])],
|
||||
[VM_SSH_PUB_KEY=$withval],
|
||||
[VM_SSH_PUB_KEY="\
|
||||
ssh-ed25519\
|
||||
AAAAC3NzaC1lZDI1NTE5AAAAIGeMeRMT4l5mxi8snZYM+jcZ/N/EfJ25L2FU88fdbuhC"])
|
||||
AAAAC3NzaC1lZDI1NTE5AAAAIEjLYbJ+47MTte960IbOUTRzOD012ewt1IZgOOc+NqDa"])
|
||||
|
||||
AC_ARG_WITH([vm-ssh-address],
|
||||
[AS_HELP_STRING([--with-vm-ssh-address=VM_SSH_ADDRESS], [Use custom VM
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
|
@ -8,7 +9,8 @@
|
|||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
guix shell -C \
|
||||
autoconf automake coreutils grep m4 sed \
|
||||
-- \
|
||||
autoreconf -fi $@
|
||||
set -e
|
||||
|
||||
certbot certonly --standalone -d DOMAIN -m LETSENCRYPT_EMAIL
|
||||
herd restart mumble-server
|
||||
herd restart nginx
|
|
@ -1,69 +0,0 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
.PHONY: all deploy
|
||||
|
||||
all: guix-installer-vm.img
|
||||
|
||||
# Generate default key. Can be changed by replacing id_ed25519.pub.
|
||||
id_ed25519.pub:
|
||||
printf "ssh-ed25519 %s %s" \
|
||||
'AAAAC3NzaC1lZDI1NTE5AAAAIH2feuEj4asx0ImCG+cuiPv2WdKF6vMI+cJtZyG9cwUQ' \
|
||||
'gnutoo@primary_laptop' \
|
||||
> $@
|
||||
|
||||
# Generate default key. Can be changed by replacing signing-key.pub.
|
||||
signing-key.pub:
|
||||
printf '(public-key (ecc (curve Ed25519) (q #%s#)))\n' \
|
||||
'3A7E1F41E2D5784CFCABB39CB73F99E727D4A5C1ECA79D873587D63D093CC4B5' \
|
||||
>$@
|
||||
|
||||
# We want to only update the image when guix commit changes. The trick
|
||||
# to make that work is to only create or update a file when the revision
|
||||
# changes.
|
||||
guix-commit.txt: Makefile
|
||||
if [ ! -f $@ ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
elif [ "$(cat $@)" != \
|
||||
"$(guix describe | \
|
||||
grep '^ commit:' | awk '{print $$2}')" ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
fi
|
||||
|
||||
TARBALL_SOURCE = \
|
||||
first-boot.sh \
|
||||
guix-commit.txt \
|
||||
guix-installer-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
|
||||
guix-installer-vm.tar: $(TARBALL_SOURCE)
|
||||
tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
|
||||
|
||||
guix-installer-vm.tar.xz: guix-installer-vm.tar
|
||||
xz -f -9e --verbose $<
|
||||
|
||||
guix-installer-vm.tar.xz.b64: guix-installer-vm.tar.xz
|
||||
base64 $< > $@
|
||||
|
||||
IMAGE_SOURCE = \
|
||||
$(TARBALL_SOURCE) \
|
||||
guix-installer-vm.tar.xz
|
||||
|
||||
guix-installer-vm.img: $(IMAGE_SOURCE)
|
||||
install \
|
||||
`guix system image \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=4G guix-installer-vm-system.scm` \
|
||||
$@
|
||||
|
||||
deploy:
|
||||
guix deploy -L . guix-installer-vm-machine.scm
|
|
@ -1,14 +0,0 @@
|
|||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
set -e
|
||||
|
||||
report()
|
||||
{
|
||||
ret=$?
|
||||
message="$@"
|
||||
|
||||
if [ ${ret} -eq 0 ] ; then
|
||||
echo "[ OK ] ${message}"
|
||||
else
|
||||
echo "[ !! ] ${message} failed"
|
||||
exit ${ret}
|
||||
fi
|
||||
}
|
||||
|
||||
echo ';;L;*' | sfdisk -f /dev/vda ; report "Resizing /dev/vda1 partition" ; \
|
||||
partprobe
|
||||
resize2fs /dev/vda1 ; report "Growing /dev/vda1 filesystem"
|
|
@ -1,35 +0,0 @@
|
|||
;;; Copyright © Guix documentation authors
|
||||
;;; Copyright © 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;;
|
||||
;;; This file is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; This file is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(use-modules (gnu)
|
||||
(gnu machine)
|
||||
(gnu machine ssh))
|
||||
(list
|
||||
(machine
|
||||
(operating-system
|
||||
(@ (guix-installer-vm-system) guix-installer-vm-operating-system))
|
||||
(environment managed-host-environment-type)
|
||||
(configuration
|
||||
(machine-ssh-configuration
|
||||
(authorize? #t)
|
||||
(build-locally? #f)
|
||||
(host-key
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGgswfvxxErFStqBGY81N0uuLndjA5l9bGd4DGlcK9F")
|
||||
(host-name "2001:910:1021::118")
|
||||
(identity "./id_ed25519")
|
||||
(port 222)
|
||||
(system "x86_64-linux")
|
||||
(user "root")))))
|
|
@ -1,172 +0,0 @@
|
|||
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
;;
|
||||
;; This file is free software; you can redistribute it and/or modify it
|
||||
;; under the terms of the GNU General Public License as published by
|
||||
;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;; your option) any later version.
|
||||
;;
|
||||
;; You should have received a copy of the GNU General Public License
|
||||
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (guix-installer-vm-system)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages certs)
|
||||
#:use-module (gnu packages disk)
|
||||
#:use-module (gnu packages dns)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages screen)
|
||||
#:use-module (gnu packages ssh)
|
||||
#:use-module (gnu packages tls)
|
||||
#:use-module (gnu services admin)
|
||||
#:use-module (gnu services certbot)
|
||||
#:use-module (gnu services ssh)
|
||||
#:use-module (gnu services telephony)
|
||||
#:use-module (gnu services vpn)
|
||||
#:use-module (gnu services web)
|
||||
#:use-module (guix build-system copy)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix utils)
|
||||
#:export (guix-installer-vm-operating-system))
|
||||
|
||||
(define guix-installer-vm-config
|
||||
(package
|
||||
(name "guix-installer-vm-config")
|
||||
(version "0.1")
|
||||
;; TODO: Make that tarball reproducible
|
||||
(source (local-file "guix-installer-vm.tar.xz"))
|
||||
(build-system copy-build-system)
|
||||
(arguments
|
||||
(list
|
||||
#:install-plan
|
||||
#~(list
|
||||
'("first-boot.sh" "share/guix-installer-vm/configs/")
|
||||
'("guix-commit.txt" "share/guix-installer-vm/configs/")
|
||||
'("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
|
||||
'("id_ed25519.pub" "share/guix-installer-vm/configs/")
|
||||
'("Makefile" "share/guix-installer-vm/configs/")
|
||||
'("signing-key.pub" "share/guix-installer-vm/configs/")
|
||||
'(#$source
|
||||
"share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
|
||||
(synopsis "Full machine configuration.")
|
||||
(description
|
||||
"This contains all the configuration files of this machine. This is
|
||||
needed for unattended upgrades to work.")
|
||||
(home-page "DOMAIN")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define first-boot-script
|
||||
(package
|
||||
(name "first-boot-script")
|
||||
(version "0.1")
|
||||
(source (local-file "first-boot.sh" ))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
(list #:tests? #f ;no tests
|
||||
#:phases
|
||||
#~(modify-phases
|
||||
%standard-phases
|
||||
(delete 'build)
|
||||
(delete 'configure)
|
||||
(replace 'install
|
||||
(lambda _
|
||||
(chmod "first-boot.sh" #o755)
|
||||
(install-file
|
||||
"first-boot.sh"
|
||||
(string-append (string-append #$output "/bin"))))))))
|
||||
(inputs (list e2fsprogs parted util-linux))
|
||||
(synopsis "Script to run on first boot.")
|
||||
(description
|
||||
"The first-boot.sh script resize the rootfs and updates the system.")
|
||||
(home-page #f)
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define guix-installer-vm-operating-system
|
||||
(operating-system
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-minimal-bootloader)
|
||||
(targets '("/dev/vda"))
|
||||
(terminal-outputs '(serial_0))))
|
||||
(kernel-arguments (append '("console=ttyS0")))
|
||||
(file-systems (cons (file-system
|
||||
(device (file-system-label "Guix_image"))
|
||||
(mount-point "/")
|
||||
(type "ext4")) %base-file-systems))
|
||||
(host-name "guix-installer-vm")
|
||||
(timezone "Europe/Paris")
|
||||
(packages (append (list first-boot-script
|
||||
guix-installer-vm-config
|
||||
htop
|
||||
net-tools
|
||||
nss-certs
|
||||
parted
|
||||
screen)
|
||||
%base-packages))
|
||||
(services
|
||||
(append
|
||||
(list
|
||||
;; Agetty
|
||||
|
||||
;; ttyS0 is already setup automatically due to the console=ttyS0
|
||||
;; kernel argument
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS1")))
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS2")))
|
||||
(service agetty-service-type
|
||||
(agetty-configuration (term "xterm-256color")
|
||||
(tty "ttyS3")))
|
||||
;; Networking
|
||||
(service
|
||||
static-networking-service-type
|
||||
(list
|
||||
(static-networking
|
||||
(addresses (list (network-address
|
||||
(device "eth0")
|
||||
(value "192.168.1.118/16"))
|
||||
(network-address
|
||||
(device "eth0")
|
||||
(value "2001:910:1021::118/64"))))
|
||||
(routes (list (network-route
|
||||
(destination "default")
|
||||
(gateway "192.168.0.1"))
|
||||
(network-route
|
||||
(destination "default")
|
||||
(gateway "2001:910:1021::1"))))
|
||||
(name-servers (list "192.168.0.1" "2001:910:1021::1")))))
|
||||
;; OpenSSH
|
||||
(service openssh-service-type
|
||||
(openssh-configuration
|
||||
(openssh openssh-sans-x)
|
||||
(use-pam? #f)
|
||||
(port-number 222)
|
||||
(permit-root-login #t)
|
||||
(password-authentication? #f)
|
||||
(challenge-response-authentication? #f)
|
||||
(authorized-keys
|
||||
`(("root" , (local-file "id_ed25519.pub"))
|
||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||
;; Unattended Upgrades
|
||||
(service
|
||||
unattended-upgrade-service-type
|
||||
(unattended-upgrade-configuration
|
||||
(operating-system-file
|
||||
(string-append "/run/current-system/profile"
|
||||
"/share/guix-installer-vm/configs/"
|
||||
"guix-installer-vm-system.scm"))
|
||||
(schedule "0 * * * * ")
|
||||
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
|
||||
(modify-services
|
||||
%base-services
|
||||
(guix-service-type config => (guix-configuration
|
||||
(authorized-keys
|
||||
(append
|
||||
(list
|
||||
(local-file
|
||||
"signing-key.pub"))
|
||||
%default-authorized-guix-keys)))))))))
|
||||
guix-installer-vm-operating-system
|
|
@ -1,7 +1,7 @@
|
|||
<domain type="kvm">
|
||||
<name>guix-vm-installer</name>
|
||||
<memory unit="KiB">2097152</memory>
|
||||
<currentMemory unit="KiB">2097152</currentMemory>
|
||||
<memory unit="KiB">16777216</memory>
|
||||
<currentMemory unit="KiB">16777216</currentMemory>
|
||||
<resource>
|
||||
<partition>/machine</partition>
|
||||
</resource>
|
||||
|
@ -31,11 +31,17 @@
|
|||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type="file" device="disk">
|
||||
<driver name="qemu" type="raw"/>
|
||||
<source file="/srv/vmverse/installation/guix-installer-vm.img"/>
|
||||
<source file="/srv/vmverse/installation/guix-system-install-1.4.0.x86_64-linux.iso"/>
|
||||
<target dev="sda" bus="usb" removable="on"/>
|
||||
<readonly/>
|
||||
<address type="usb" bus="0" port="1"/>
|
||||
</disk>
|
||||
<disk type="file" device="disk">
|
||||
<driver name="qemu" type="raw"/>
|
||||
<source file="/srv/vmverse/noyau/audio.experimental.a-lec.org.raw"/>
|
||||
<target dev="vda" bus="virtio"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0"/>
|
||||
</disk>
|
||||
<controller type="usb" index="0" model="ich9-ehci1">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||
</controller>
|
||||
|
@ -82,13 +88,16 @@
|
|||
</console>
|
||||
<input type="keyboard" bus="ps2"/>
|
||||
<input type="mouse" bus="ps2"/>
|
||||
<graphics type="spice">
|
||||
<listen type="none"/>
|
||||
<graphics type="spice" autoport="yes" listen="127.0.0.1">
|
||||
<listen type="address" address="127.0.0.1"/>
|
||||
<gl enable="no"/>
|
||||
</graphics>
|
||||
<audio id="1" type="spice"/>
|
||||
<video>
|
||||
<model type="none"/>
|
||||
<model type="virtio" heads="1" primary="yes">
|
||||
<acceleration accel3d="no"/>
|
||||
</model>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
|
||||
</video>
|
||||
<memballoon model="virtio">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
|
@ -0,0 +1,236 @@
|
|||
#!/bin/sh
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
report()
|
||||
{
|
||||
ret=$?
|
||||
message="$@"
|
||||
|
||||
if [ ${ret} -eq 0 ] ; then
|
||||
echo "[ OK ] ${message}"
|
||||
else
|
||||
echo "[ !! ] ${message}"
|
||||
exit ${ret}
|
||||
fi
|
||||
}
|
||||
|
||||
environment_checks()
|
||||
{
|
||||
[ "$(id -u)" = "0" ] ; report "Running as root"
|
||||
|
||||
# Try to detect the installer
|
||||
_mount="none / overlay"
|
||||
_mount="${_mount} rw,relatime"
|
||||
_mount="${_mount},lowerdir=/real-root"
|
||||
_mount="${_mount},upperdir=/rw-root/upper"
|
||||
_mount="${_mount},workdir=/rw-root/work"
|
||||
_mount="${_mount} 0 0"
|
||||
|
||||
grep "${_mount}" "/proc/mounts" 2>&1 > /dev/null ; report "Mount check"
|
||||
|
||||
[ "${HOSTNAME}" = "gnu" ] ; report "Hostname check"
|
||||
}
|
||||
|
||||
|
||||
# FB31DBA3AB8DB76A4157329F7651568F80374459:
|
||||
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
|
||||
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
|
||||
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
|
||||
# uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
import_gpg_key()
|
||||
{
|
||||
cat <<EOF > FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFksJcEBEADYjwYOrJmv5TX7NPItWRT7W+XNMe53NXoSZa9bEiHnTv8PoQaw
|
||||
ldPpHn3TTtN1Iq4QgvNVzr0uoxPAdxFUkcvF3bFH7u/aQoXoBXxl/HH3DAoR+HIa
|
||||
0XE1vPGEzUTybR2CmH3vMkfWsErEJuPxRPSTV0qouRGUU21FTuBy8x/HLyoO9L2M
|
||||
YZX98Y3hWHP4V6P/tSsGaNg73l4oIbVv1SLJdASPRG7FF/UyWZzf1mZjmjbEuju1
|
||||
z8Fcu/urGxiSQO2DPiCpPOIQwUjeaRQbvZQz7d7q6QLZ+lT8YhuFsIjVXDqOiuZ3
|
||||
t2c3Dgg+++RIW1w9KW2xOJHg7rDRA2RqSwf8t51xE/CVLXcWDGqiMG7hjVAO1iW4
|
||||
G31QvUWxDxvyzOTvGDuPb+5eHaGj1uM/ncLfxlPyc4LPRucxNDO426grMdUL9P1S
|
||||
MMUNWOt7Yg3Y4aKFA+/ukBdyoExgC3iubh4QoGuX+SKP46DXTlqQTPj3Fyp3tRWi
|
||||
VhFdMNCRTIDinN3S//KToZ7OxIkgsRG9sw2lGc4JzJxMpv6N++nZJuTFhc3cA3QE
|
||||
E0YGjAmPc2cgwoeGiWrxugWm6B0BWOzHlxzwwtEsK8TsDg4ifyp5erHPDGQ3rV3x
|
||||
gR5Jbf1p6VZE8IdTYoqP1gv+x5/0dK+2Nl2IHfgJ5FX0mKg9BD4+/JbtSwARAQAB
|
||||
tCpEZW5pcyAnR05VdG9vJyBDYXJpa2xpIDxHTlV0b29Abm8tbG9nLm9yZz6JAlQE
|
||||
EwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQT7Mdujq423akFXMp92
|
||||
UVaPgDdEWQUCY0g+1gUJC/1MigAKCRB2UVaPgDdEWV8mD/4icDedQRUNdOlBNroP
|
||||
p161qyYgMeQCOqpeUBVqQOZjXD75PyRWO5HZUjmzZb2+gAOBfRa2dlJGMEc2YzGz
|
||||
916WHq9sjcV6aZG1kTzgKVFo8PeStbvvhGCEIZ3jnfsfbZYvF6GvBzNWeTGoK+w3
|
||||
6wtzdfqI8ySjpy1Ul+V2TtJQAegCWee1qlLmRc49Zzi/s3ohw10FH5PnzcfPfxcB
|
||||
XaFSWV9dj4T9C89Ij2jpPMIVp2zZzWRZUHkw8e12xzdkDukLgDhmdLsOCFcIGw1a
|
||||
dgQNoZdRgTpxacNxrZssGTdaKNjXUSDTIb55SyCZzJNJli7Ict52RVXexUDwHTBn
|
||||
XQbL4MQNwR+gH7WqCMGnNjn/0j6jsnjXn+a+oLiSUHkfz6g+OZh9mNqV7TQfrRDv
|
||||
bj39GqAQVwt31rr1CcAkPLe99R6JPVCdli5ZhuJF00+D8hcwdNtWkZQheOHQM/k4
|
||||
0Lxn+VJKyoAhW/akI6iuNl+twS2vay3Y2G+dSIkCdwioYfe9buI1x7gAyP513kcC
|
||||
HFxHwCFEyfG9cmIaLEiIyO+4YJLgI4S22t9A20nZUawae4lDfunWtCj88hqPRAUB
|
||||
tgSLFkcKXmFQI0UoQXrLqdQAMKhOmXLHrOA03ZR+NCzf/FczP7jGTKdcNXUApvUZ
|
||||
iF37I1gkuZUMxMNDDjSVHQq1rLQqRGVuaXMgJ0dOVXRvbycgQ2FyaWtsaSA8R05V
|
||||
dG9vQHJpc2V1cC5uZXQ+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
|
||||
AheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFWj4A3
|
||||
RFmypg//XGUDW+m5nJMYbmYCyMQf3RPks4h7ncV8KBJg9zZZT/FKG1FVyUgQzMPe
|
||||
pjysvirmRMDrjPzcQRl2Io48eLQvExZALtGUONsPtuY409JW+nIqt5MeuKlcCiY6
|
||||
11c6fDEkt5/Bxa4640VAFNmUOXTWy/pl/ELH7W/RCsuOPDGmeRhBkkMm3EUGnZef
|
||||
7y6AZko3b02IvB35K1nt+eTZ+E2oYmNaiEI/Tfih5R5P31QCrrC9VCuJBmkoqanZ
|
||||
pvxUBgFbfgfv3QFLlXrXTWma/+kxQKoWsdunkXWOoFjJcgWl8eJ4bB1+JmMB1/S1
|
||||
AjQB4jqKjxGaka/cxJG4A1Sd9ad09m+IUW0k9ZlGYGm4ZiRwE26NNlMK0O/3czQX
|
||||
nKC0qmTUTpDey6A9H1w4cybQAX1PIYJZDR+5ipz+UWHrWhYsXzK71BbbxlXo0zgd
|
||||
uc8hSKhYm7tewUKticqrPAeuyEcBZkY1sGcuK+Up5rF3dQYaHGXgIxec9AoZpE2W
|
||||
PMRE4M7jEPU5XFI9g6Jx1YOxht7PXoqyyabjKQgIV9lyWHU2BQ+SyJ4QtRLeMN/v
|
||||
uI7dEvqyWXuX0JBdIU9DLpFfMlC7CY3ysPHN7M6FHWnEj+S2+qyBApUhOWFB5FHW
|
||||
QteCSXXf/OiaUDwTwqvV4vwYHU/tYHZbgnPNK1dBZ5+3IYbupm60L0RlbmlzICdH
|
||||
TlV0b28nIENhcmlrbGkgPEdOVXRvb0BtYWtlZnJlZWRvbS5vcmc+iQJUBBMBCAA+
|
||||
AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3
|
||||
RFkFAmNIPssFCQv9TIoACgkQdlFWj4A3RFl25xAAw586zSEpR674/CZpT+vXf4RL
|
||||
phSxTWHFdBej3uy21coo5zMpJKFwe9IFKGK/tG2JhV/pGwmdPH3LKW4Hwuo77L5z
|
||||
p4iK5vdrQdhNKybICdAt58FtV2Pkv7GWZHCQpVwQFujp/f37CgCxSeobve2Rkfg4
|
||||
ZNABP3EHsXn0kDpBkavBVuCADn7EGbHVcCDExl0sXar4hyPMG/tOi9Q63LmNhdxx
|
||||
KsLI/BFmiPjePUekyYEh4mYjo+ZVOW+1r9dPXdR8vusBx486TcsfldcAMccUZWvo
|
||||
8UYOiebLSXnU1pDnUTQvOKr52rLInt2rAWpnpOsBt8RLPS6youqN1qakvgV+iMdA
|
||||
ujQAAAuV8SCF/FazHgoH2drtNNMVESeQHkJz0cR60ONWVhiHL/9HcZC0ot81Sypp
|
||||
Xwzddigz97c3O3V/GSxz2OjuKh5rbyPffD1eHR2/PVa55OL3wKAVlx228VFP2SUC
|
||||
XL3Pc+s/NTg365npwQh3Lw8FtSdnMt+EMCzu89alUu5Ei+w+oRCRC9v34eYNtzNN
|
||||
4CntgVnPvXLJV1gMImIlKkRzmrQn1x1VR0nEhY7928fwETutZcxJQmVCYug0rT4g
|
||||
crVuDnsqR1p0R+uNKcvMUkdFt9JWezSPjpS/tBSD2RsXeX55z+fS/HrvU0YfaRRH
|
||||
7EVrUJHRQPY7EC8xinK0MkRlbmlzICdHTlV0b28nIENhcmlrbGkgPEdOVXRvb0Bj
|
||||
eWJlcmRpbWVuc2lvbi5vcmc+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAFiEE+zHbo6uNt2pBVzKfdlFWj4A3RFkFAmNIPtUFCQv9TIoACgkQdlFW
|
||||
j4A3RFnhhw//QMHYtFMbR3XI7oXw82RiyjnHrStSsFckW2kbocK+7KV1Yli2u2SN
|
||||
3SGWBAP5LlqwLL1OoJ03nRDY81z193WrO0Kr3vFZAZXfMnD4t+bY6O1aFSoADb79
|
||||
7iFDwTjsyJvQ1Rw1siJQb1PQWrxHkNAfd0iU7x6GLhdU5s1nq4kvTP4SwhOmZ9AN
|
||||
tGrtHpnGUVZv705D2Xu7mnntiApsvxMzrwx2Fo9zNXTWX65nOyOXFufgYwtMPPOZ
|
||||
4jMitV+RFC/mChHwn6U0xn/exSSq/Xwi9DabH24kb466OLkTCew5DBEH+GSyY7+F
|
||||
BYO46lAFVLeAq3TnnkrfAZn/ildAKYTpv2VFZRjO2poG2Pax/0tA/8eO86ih+IxU
|
||||
mU10ddMyRHICA2OH56QFwFLgi4mktDiO11HeMF569VbNADnIls/1HDTTAqsZk9uf
|
||||
I/ZMyjNF8FoZa8AXwrLd1M+KAKNhZqvN1vVp2CF792z4VNMxfD/gzvsW/fq+lpgR
|
||||
n6Qn9BqDe6NoeRsI7u/lfJvDwciMZ2OvcQf+XkaBkMxeYXJXoG+zHqmW5Io+7xdX
|
||||
Ay619mKBm411exJTDMipoJU5djiEdNGrHFqvjKNAz/LGHmgL0m+saWc71a9fcAG8
|
||||
0i75TUpQOleBh/tkSYPHa+Gv7dF0ZQE657lWK3VZmdmSGXgSAtBt3ua5Ag0EWXPU
|
||||
7wEQALjMcmaRsGR1wFgR3RyIoCFNvmCBxDGaPb/X4TG10N5GXZFE1X7I9cZha+QF
|
||||
zF9hFAmN4FnKoWCWaobEhXG5ufoqvj2J3UBDW2s3Enwrhyva3kszMUBzv1dXwwrF
|
||||
qxp6Er73W7Semh64GRLjJo/tPA/mPnu/9qjumfOfydIFVnqYM7ZBx0aAhxzUyBjb
|
||||
okryIct3BEjPmRf+e8SfvFaqFJCNcvmvOVGOCVoz7N3cgLUTK12njj/Qak3nLabv
|
||||
9oQbNtngOYDAIWNPhDM+AUml5mw5Auab92aZyDJ4hmTPhov9OWoWeJFD5xR0R7RX
|
||||
Ol4PvRpA5O5qUa05PoLbp7pBOFmh52aUlaXc37QsgewJpDcCkzw4oZaQiVXwimjy
|
||||
hNAsv6lEYoSDNqPCIbUNmnrFljCMcRtfqtYKLCXNvUOG7+MjfYQ/nEVrPCPgUoQM
|
||||
5nbILxcHHWbECqYIQ4MLgBMEOEzEcp1mXdp+BJBbZiOSuofpMGDF4mbkzjgQOop4
|
||||
aBxzDLd+MjKPuD2uhhloLbf5kUGGBQXc9MNYbWno4c11AR3XLrgoLt2lAYTNX0lI
|
||||
zAjR08gulZlGHcuhoY5brFTtKEy92lUfwSAScvp8NAp6lEsroNqbPw0DdMe2Thpd
|
||||
Vmu9ztHoq0Z7nz0aRt3lQss9zLzphXGKh3Rv81R+QNOd988zABEBAAGJAjwEGAEI
|
||||
ACYCGwwWIQT7Mdujq423akFXMp92UVaPgDdEWQUCY0g/XAUJC7Wd7QAKCRB2UVaP
|
||||
gDdEWXu1D/931OK7RgkP0Nq9gDn6/IwXX+Dtl0JF3Ip3Oy2q6uHxu3YHK1Ezx9kV
|
||||
6T3sOb2MdtGL08qWfQlKRLU3dC7k85z6IAdhTrDOMTBeUssnY5Xgxl3cfJqBfQTW
|
||||
MZG3vqMlsJfUVOAueShUelzpOtYV/s3wm4UYR0zPP2+QDZgIDX8LHhdd3Ela1kgZ
|
||||
cz5OKbeBa30fHWIUQDybJmKFi8y+5629X7TeyFqsQ8CPXW317/eBpY3Q6mkp6pyZ
|
||||
iEEjeca/FQb9q9DsAIdkovfBSNnTZQAFePwIp1nR67LHuxMclxRPoAPtkym3rIWA
|
||||
y6w3n68fKUOIj92OhCBE/FE/nLl+BoFYOuYRoN3C7a7t3U4cAPW+9jl89w4zzvfg
|
||||
QvnAVKKba7szYcjSdyWbeMsIdq8Fe9T/6bdzs5ugR1yu0V618Foa6rPhDEiYjriG
|
||||
KoynZA4hZ9l83hT/kktu2jNYeIeXUqgWUFLZ3EeXynVDzqgN9buWzEZO8wZG2tNS
|
||||
sqTW9ZHZUuR6L9wUCjgPpRz4kREYdYmm5dm1uqXkQTwjo7vA1HRtGSun1FNYOl+w
|
||||
22tKNcU4erBZcKYUfyUP6gTQ4ojZN0rVb5AzT9wQoLcrljllDP9qQ45ndlov+0DD
|
||||
ccixs3PPK1ClY3puCyxX8QT7zROYhck9n0+YmuS/9TUnu19Az//aCbkCDQRZc9Sk
|
||||
ARAAsCIq2++gqtU8Z/lMDDAwVbNoq++FCA2apR4Lxj0G+jEog++8uJYawWDLpJ14
|
||||
Lvlm+OygM3s70RHyLKWiDWkdwDLbZ4b8MlHATBanEHeGsxQK9Td7VB0O3MQ/ICVs
|
||||
OjgTG8PJSv02HmNoGp/Zj3rbNSfXhomIq44aXRrw2ZxoNckj0xuHFSV85QlVy93f
|
||||
BgQiIozEPDJK8xGGn7a2gXwj6+hAaKTF1tOAWKHqInJpNduOZfVzpY5dHSUU4qjU
|
||||
TyvTEJhROA2QEo3qE5VZL2o/2rCapzqC+7pRzxEPDwcDGr2g/RFNLFSf3PvkH48M
|
||||
J66bid6aeI2uPdL9geWk6MJUCj03X2ylfFCKG0Bo0vWbv2wcJrZBCfHm256LTKHO
|
||||
lkBbvBrauzu1cTtivt8wtjm2wOiTII7nyyVvdhYuAirpYJfIFGV3iY8MJ7cdO7rI
|
||||
VRO1wkLiuE606zNJ3WCGJNwlhyFt+z8aYjB6UQwMhs1JztLFrghW+JsjzfgEXWvs
|
||||
d089woZR45PiF2Krm42E6tNBhhcJOmNFXHs5KN6oz8vAOrJ+Obw9HvBWTh5kMhdT
|
||||
ZdbGt3BZmtLfIFsEmvS+RCe5fGSiuPxudbfFzih04aXPG1wM8O4F0SFhzkwTrxGp
|
||||
46VyXZTH5xT1R56xbu44qvtYS2O8IhNKzLPROIOVqD9ey0kAEQEAAYkEcgQYAQgA
|
||||
JgIbAhYhBPsx26OrjbdqQVcyn3ZRVo+AN0RZBQJjSD9cBQkLtZ44AkDBdCAEGQEI
|
||||
AB0WIQR4L53b42un89TeSQZfXfzBQXfiYwUCWXPUpAAKCRBfXfzBQXfiY/ObD/4i
|
||||
x5aFvTz4OMAkhvOugcDekpVHC9gQU92j2boyZO4zi2RhB0JpGWWNU90WgUxorla3
|
||||
p31L44DYfg/ZoDG5zL7liykgAItt+Mwnf+hkNJZnm+dfj2lFAkBEXqpesZ8vyO6m
|
||||
BUOLhXSXd2N8+3XLwStAhC1OWE7ZcuCWmBtnbJad1HNujPhbW7tiddXhdSLbj/kG
|
||||
bjWTUdpH1TS9RNrp2tBqTCvLeXOr7NV+0FAuulO/6+m2OkRuuoj+5nVUmhmPqg4z
|
||||
z2hARiocg1nFca50uO5zbvYkbcggmN1hXrgEkKpThKnTEHaa/tFnfPSU5olPBpVX
|
||||
KP4u+e5ksMKvcLesLpFmqxz02ie1SQk17lZqMw35tHUBP+ZLlO5msdABUfmDpQ4j
|
||||
exTAFN0vfXkMc6MinFtO3WQtZ6Gf9r2oqlR+1siCAtX9l/zL2out4OTwFN7ekEE6
|
||||
7/pFhjDnQEUnY4MdcbAmOR5s3qs6YP+CUabGhkkyH8h4ffpZlNGLlJAz82oxK64A
|
||||
/Wbq5jFMn46nPM/m39+0QvcJD05gmF5PZJ7SXjf2z9Obt1RHPQJJ7+wvYHsQVZAI
|
||||
e8kT/PB74/jPzHYppF3EIFidf1fnRdguZZmG0DTXOUtTAdOAAdqt0MrtkjFzM2eD
|
||||
/3hy110zWKjd4tk7LQAeqYWPM5lzDrQ3ObdPT1+ysQkQdlFWj4A3RFnslw//QbwB
|
||||
PMuaPG9LlcoR8qSQtyXcn5TflVVH1wYa7iL9WSG5NPpx5/FFZKScWMJjjhHUDtc6
|
||||
jnICjLw+83gDOxeFIVyMg/9yT0DS7UPxc904c6G9WRyIdQqA5sRq7Iuk45S30LEZ
|
||||
v2c0+RYk8m0zSlD7vqiRY9myZKrRiWkfylAq/VL/HR6S5eKrPRgEbcQDXsoqyhnM
|
||||
n9cDc+81eOPpKW9S2+xqmo+x3WCISdi2Nr6R3WkyabWkikvlTcd7can/4amKPmIN
|
||||
i2vUVSfhsWaFGvgb8nv0Ebd6yjeDLZ8FI32KCeAYGh6FiJPC5DiFvMlbLXi4SJwu
|
||||
5p0j36xa+jJrylK/4XEJqQn6MrQ9+zdROT6bc3YlxkRXflEnE2uJshT8nSLE/j3v
|
||||
ydSHxgxAbdQ14oocvr7CltS7t0xup/YiOUtcHhprCB02PYdpT/XhZjW0pi/vyhdX
|
||||
6sGFRuCueLRf1cJiCJhISYbR4VyoMLcnvdcoKUa+/ikC6CkyZGxwAH1JGcEVjzD+
|
||||
4xG8l8/ubA3DSguKNpI1dGzVxpWgJnJzMCXBcwxp5c+kKH94QbKAUVt+16dUaY9k
|
||||
0hhucHQnbTHS3w9jY7rZ6sAZHufb9LQMMWunerecL6WvAR+XUydMd1rJS93j4y1W
|
||||
fNHj/507Jk+Ogk89eojQYjZNHCF+Zhyk6IRyI84=
|
||||
=4ncY
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
EOF
|
||||
|
||||
guix shell gnupg -- \
|
||||
gpg --import FB31DBA3AB8DB76A4157329F7651568F80374459.asc && \
|
||||
rm -f FB31DBA3AB8DB76A4157329F7651568F80374459.asc
|
||||
}
|
||||
|
||||
environment_checks
|
||||
|
||||
tmpdir="$(mktemp -d)"
|
||||
cd "${tmpdir}"
|
||||
|
||||
guix pull ; report "Guix pull"
|
||||
hash guix ; report "hash guix"
|
||||
|
||||
import_gpg_key ; report "Import GPG key"
|
||||
|
||||
guix shell -C --network git nss-certs -- \
|
||||
git clone https://git.a-lec.org/GNUtoo/guix-mumble-vm.git -b guix-installer ; \
|
||||
report "Cloning machine configuration git"
|
||||
|
||||
cd "guix-mumble-vm" ; report "cd guix-mumble-vm"
|
||||
|
||||
guix shell git gnupg -- \
|
||||
git verify-commit HEAD ; report "check git signature"
|
||||
|
||||
guix shell -C --nesting autoconf automake bash coreutils grep sed -- \
|
||||
./autogen.sh ; report "./autogen.sh"
|
||||
|
||||
guix shell -C --nesting bash coreutils gawk grep sed -- \
|
||||
./configure ; report "./configure"
|
||||
|
||||
guix shell -C --nesting automake coreutils gawk grep make sed tar xz -- \
|
||||
make mumble-vm.tar.xz ; report "Generating VM definition"
|
||||
|
||||
cp mumble-vm.tar.xz ../ && \
|
||||
cd ../ && \
|
||||
rm -rf mumble-vm && \
|
||||
guix shell -C tar xz -- tar xf mumble-vm.tar.xz && \
|
||||
rm -f mumble-vm.tar.xz ; report "Removing git repository"
|
||||
|
||||
guix gc ; report "guix gc"
|
||||
|
||||
echo 'label: gpt' | sfdisk /dev/vda ; report "GPT creation on /dev/vda" ; \
|
||||
report "GPT formating"
|
||||
|
||||
echo ';;L;*' | sfdisk /dev/vda ; report "/dev/vda1 creation" ; \
|
||||
report "Adding partition"
|
||||
|
||||
mkfs.ext4 -F -L Guix_image /dev/vda1 ; report "EXT4 formating"
|
||||
|
||||
mount /dev/vda1 /mnt ; report "mount /dev/vda1 /mnt" ; report "mounting rootfs"
|
||||
|
||||
herd start cow-store /mnt ; report "Using /mnt for storing guix system init packages"
|
||||
guix system init mumble-vm-system.scm /mnt ; report "guix system init"
|
||||
umount /mnt ; report "umount rootfs"
|
||||
|
||||
printf "Installation done: %s\n" \
|
||||
"you can remove the install media and reboot to the new VM"
|
|
@ -11,7 +11,6 @@
|
|||
(define-module (mumble-vm-system)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages certs)
|
||||
#:use-module (gnu packages dns)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages ssh)
|
||||
|
@ -31,35 +30,6 @@
|
|||
|
||||
(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
|
||||
|
||||
(define mumble-vm-config
|
||||
(package
|
||||
(name "mumble-vm-config")
|
||||
(version "0.1")
|
||||
;; TODO: Make that tarball reproducible
|
||||
(source (local-file "mumble-vm.tar.xz"))
|
||||
(build-system copy-build-system)
|
||||
(arguments
|
||||
(list
|
||||
#:install-plan
|
||||
#~(list
|
||||
'("first-boot.sh" "share/mumble-vm/configs/")
|
||||
'("guix-commit.txt" "share/mumble-vm/configs/")
|
||||
'("index.html" "share/mumble-vm/configs/")
|
||||
'("mumble-vm-machine.scm" "share/mumble-vm/configs/")
|
||||
'("mumble-vm-system.scm" "share/mumble-vm/configs/")
|
||||
'("id_ed25519.pub" "share/mumble-vm/configs/")
|
||||
'("Makefile" "share/mumble-vm/configs/")
|
||||
'("signing-key.pub" "share/mumble-vm/configs/")
|
||||
'(#$source
|
||||
"share/mumble-vm/configs/mumble-vm.tar.xz")
|
||||
'("wireguard-post-up.sh" "share/mumble-vm/configs/"))))
|
||||
(synopsis "Full machine configuration.")
|
||||
(description
|
||||
"This contains all the configuration files of this machine. This is
|
||||
needed for unattended upgrades to work.")
|
||||
(home-page "DOMAIN")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define website
|
||||
(package
|
||||
(name "website")
|
||||
|
@ -70,8 +40,8 @@ needed for unattended upgrades to work.")
|
|||
(arguments
|
||||
(list
|
||||
#:install-plan
|
||||
#~(list '("first-boot.sh" "var/www/DOMAIN/")
|
||||
'(#$source "var/www/DOMAIN/mumble-vm.tar.xz"))))
|
||||
#~(list '("index.html" "var/www/DOMAIN/")
|
||||
'(#$source "var/www/DOMAIN/"))))
|
||||
(synopsis "The DOMAIN website.")
|
||||
(description
|
||||
"The website contains how to use the service, and how to
|
||||
|
@ -168,10 +138,8 @@ the services after that.")
|
|||
htop
|
||||
iftop
|
||||
`(,isc-bind "utils")
|
||||
mumble-vm-config
|
||||
net-tools
|
||||
nmon
|
||||
nss-certs
|
||||
openssh-sans-x
|
||||
website)
|
||||
(if enable-wireguard?
|
||||
|
@ -270,14 +238,7 @@ https://DOMAIN/
|
|||
`(("root" , (local-file "id_ed25519.pub"))
|
||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||
;; Unattended Upgrades
|
||||
(service
|
||||
unattended-upgrade-service-type
|
||||
(unattended-upgrade-configuration
|
||||
(operating-system-file (string-append "/run/current-system/profile"
|
||||
"/share/mumble-vm/configs/"
|
||||
"mumble-vm-system.scm"))
|
||||
(schedule "30 * * * * ")
|
||||
(services-to-restart (list 'guix-daemon 'mcron 'ssh-daemon)))))
|
||||
(service unattended-upgrade-service-type))
|
||||
(if enable-wireguard?
|
||||
(list
|
||||
(service wireguard-service-type
|
||||
|
@ -293,8 +254,7 @@ https://DOMAIN/
|
|||
(wireguard-peer
|
||||
(name "stephanie.franciliens.net")
|
||||
(endpoint "stephanie.franciliens.net:51820")
|
||||
(public-key
|
||||
"Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
||||
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
||||
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
||||
(list ))
|
||||
(modify-services
|
|
@ -1,93 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
keymaps="/run/current-system/profile/share/keymaps/i386"
|
||||
|
||||
ask_keymap_type()
|
||||
{
|
||||
index=0
|
||||
keymap_type_list=""
|
||||
for keymap_type in "${keymaps}"/* ; do
|
||||
# shellcheck disable=SC2001 # For ^ or $ regex.
|
||||
keymap_type="$(echo "${keymap_type}" | sed "s#^${keymaps}/##")"
|
||||
if [ "${keymap_type}" = "include" ] ; then
|
||||
continue
|
||||
fi
|
||||
keymap_type_list="${keymap_type_list} ${index} ${keymap_type}"
|
||||
index=$((index + 1))
|
||||
done
|
||||
|
||||
IFS=' ' read -r -a keymap_type_list_array <<< "${keymap_type_list}"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
result=$(dialog --stdout \
|
||||
--menu "Keyboard layout type:" \
|
||||
0 0 0 \
|
||||
${keymap_type_list})
|
||||
|
||||
if [ "${result}" = "" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
result=$((result * 2))
|
||||
result=$((result + 1))
|
||||
|
||||
directory=${keymap_type_list_array[${result}]}
|
||||
echo "${directory}"
|
||||
}
|
||||
|
||||
ask_keymap()
|
||||
{
|
||||
directory="$1"
|
||||
|
||||
index=0
|
||||
keymap_list=""
|
||||
for keymap in "${keymaps}"/"${directory}"/* ; do
|
||||
# shellcheck disable=SC2001 # For ^ or $ regex.
|
||||
mapname=$(echo "${keymap}" | \
|
||||
sed "s#^${keymaps}/${directory}/##" | \
|
||||
sed 's#\.map\.gz$##')
|
||||
keymap_list="${keymap_list} ${index} ${mapname}"
|
||||
index=$((index + 1))
|
||||
done
|
||||
|
||||
IFS=' ' read -r -a keymap_list_array <<< "${keymap_list}"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
result=$(dialog --stdout --menu "Keyboard layout:" 0 0 0 ${keymap_list})
|
||||
if [ "${result}" = "" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
result=$((result * 2))
|
||||
result=$((result + 1))
|
||||
|
||||
keymap_name=${keymap_list_array[${result}]}
|
||||
|
||||
echo "${keymaps}/${directory}/${keymap_name}.map.gz"
|
||||
}
|
||||
|
||||
directory="$(ask_keymap_type)"
|
||||
if [ -z "${directory}" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
keymap_path="$(ask_keymap "${directory}")"
|
||||
if [ -z "${keymap_path}" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
loadkeys "${keymap_path}"
|
|
@ -1,20 +0,0 @@
|
|||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Files produced by the build system.
|
||||
/autom4te.cache/**
|
||||
/gnupg/**
|
||||
/grub/**
|
||||
/grub.iso
|
||||
/Makefile
|
||||
/preseed.cfg
|
||||
/preseed.img
|
||||
/rootfs.img
|
||||
/rootfs.img.tmp
|
|
@ -1,30 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGNQMswBEACpaLnL36fWyve4zXHKrN7AjXl+g5cafQyei4j1saTLfQatdJed
|
||||
ubvcscZ3yERB+R0+8xuH2UqvR0E57ohZZaTiwcUWJ3VemxCZhwKy+Xvt1ZUNxBrh
|
||||
2qAJBcP0+UCskSfWb+QQ1twNIeQ8Raj+kRPGphlNmjYxF2CFOsw9c56Lz+jNyty9
|
||||
RC3Bg4l+Kcdhw23w5XBUXpHOyL6lsG317PWgEHUIQzNhXZfHL9GzwtTVQV8tVPyu
|
||||
MOQIa7KDFXUEEnRN31mVLzfNHqKtTgFfP2LnSiD3LsBYsqJUtAnFGyORHgKhddRg
|
||||
AKLrn1h0dEzkN+XsMaAWPrJg87ks7qXhhNz3SEI+t7dL4ozfUryRY9/8t/rXuQK+
|
||||
ffRO/63i8SaHdu1Sl8MgHsNZRFOlbYGPw73TpdJ3JvfmfPNrRcTzsU1arMML8GWs
|
||||
q6/QYDTWVYBYXy0kEqJQmeb3yJRvnIdVfiAdu9fyDPY8FCTUTcsxKe88u2bgrIaY
|
||||
pNdoNFXojIC9JvMUM5QakMeog+ocTrZFOyhRMKfq5KEV/IDvsx6BfQzpjvK27LgX
|
||||
LcdlP9HUVb9ZkKUgMGV1trqSA7kKrkDtfw+BInReTeSEnr4jsAwwiG62kDmmA4mo
|
||||
dFq1MsWTAJTvpeeK+86gYliZukt6076zPrszmDJIyJWwHCLFn1jVkn1tlQARAQAB
|
||||
tFpUcmlzcXVlbCBHTlUvTGludXggQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBL
|
||||
ZXkgKDExL2FyYW1vKSA8dHJpc3F1ZWwtZGV2ZWxAdHJpc3F1ZWwuaW5mbz6JAk4E
|
||||
EwEKADgCGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQTSTdrJIm1bpenzvtP1
|
||||
2qr3StTJOAUCY1AzAgAKCRD12qr3StTJOIxbD/44B7Kv+26TBW6BIiUlp1iDsvoX
|
||||
yHk9yau41g6HjJR53KrFID4uszN9B+Cl+R0PjywfgC9OSSTKOjJq4/yQE00JpuF+
|
||||
HtWieshZJs8QFKLD+mZQfRVCQweqj9HZS8AFH02LYkdsXiv4LZLaNljcHEPC3Y34
|
||||
61xcg3viATgHL1ZJIPGT/vk425jQkEv9wjCjIvKsMhoE9EcqDBft9jKBC6H8LQwZ
|
||||
iIYYNf28WRIW/EbutPe+0B3YOuw3PT/o/x40ySLWIJARODxBCqJ0wEC4PI7lUiLg
|
||||
DGV0cUUykZz7BXKaIZIj+3wViR5zDGqIWx5TwdW2MJpDi9ove8N/3HaAc6BwQQXH
|
||||
acZohOBqf/BjTKXQufVzx1sMBxB+a5zp284uICX54y/mm9tPHWcOOtl+NYj5qk4A
|
||||
qn+vh433kNW622qJ8tt72kbcfaRekBnCj/A10U46TyWgZgMc7XxCc5r8slJWlhYZ
|
||||
bRgbWWvkyH1s0mzbkAyNwrNa0vafcxOxO9psc7LG4mLPBqLoKKPmYY5Vgu8fdlbb
|
||||
OLLFVvNhuTSX2ugkPfAp/XeWucQPJv3een1C1AWNcufhKYm1DZkYTGBeT8cbsw3T
|
||||
0JnpRad+Sm2VhLcQ8PHKHUUeklVqUMjyCHo32sydo+I1MjC3QWycolljno2un9HU
|
||||
TNAXG/1k2DzsqFPFjw==
|
||||
=LJyh
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -1,85 +0,0 @@
|
|||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
|
||||
dist_pkgdata_DATA = rootfs.img
|
||||
|
||||
EXTRA_QEMU_ARGS =
|
||||
if WANT_KVM
|
||||
EXTRA_QEMU_ARGS += -enable-kvm -cpu host
|
||||
endif # WANT_KVM
|
||||
|
||||
gnupg/pubring.kbx: ${srcdir}/D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938.asc
|
||||
install -d gnupg
|
||||
gpg \
|
||||
--home=gnupg \
|
||||
--import \
|
||||
${srcdir}/D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938.asc || \
|
||||
rm -rf gnupg
|
||||
|
||||
.PHONY: check-trisquel-installation-image
|
||||
check-trisquel-installation-image: $(TRISQUEL_NETINSTALL) gnupg/pubring.kbx
|
||||
gpg --home=gnupg \
|
||||
--verify trisquel-netinst_11.0.1_amd64.iso.asc \
|
||||
$(TRISQUEL_NETINSTALL)
|
||||
|
||||
grub/boot/linux: Makefile check-trisquel-installation-image
|
||||
install -D -d grub/boot
|
||||
xorriso -osirrox on \
|
||||
-indev $(TRISQUEL_NETINSTALL) \
|
||||
-extract /linux $@
|
||||
chmod 770 $@
|
||||
|
||||
grub/boot/initrd.gz: Makefile check-trisquel-installation-image
|
||||
install -D -d grub/boot
|
||||
xorriso -osirrox on \
|
||||
-indev $(TRISQUEL_NETINSTALL) \
|
||||
-extract /initrd.gz $@
|
||||
chmod 770 $@
|
||||
|
||||
grub/boot/grub/grub.cfg: Makefile grub.cfg
|
||||
install -D -m 660 grub.cfg $@
|
||||
|
||||
# It is way more simple to just extract the kernel and initramfs and
|
||||
# write some grub.cfg by hand than to somehow modify an existing
|
||||
# installer iso.
|
||||
grub.iso: Makefile grub/boot/linux grub/boot/initrd.gz grub/boot/grub/grub.cfg
|
||||
grub-mkrescue -o $@ grub
|
||||
|
||||
preseed.cfg: preseed.cfg.tmpl
|
||||
sed 's#\@MIRROR_HTTP_PROXY\@#$(MIRROR_HTTP_PROXY)#g' \
|
||||
preseed.cfg.tmpl > $@
|
||||
|
||||
preseed.img: Makefile preseed.cfg
|
||||
dd if=/dev/zero of=$@.tmp count=2048
|
||||
mkfs.vfat --mbr=y -n MEDIA $@.tmp
|
||||
mcopy -i $@.tmp preseed.cfg ::/preseed.cfg
|
||||
mv $@.tmp $@
|
||||
|
||||
rootfs.img.tmp: Makefile
|
||||
qemu-img create -f qcow2 $@ $(TRISQUEL_ROOTFS_SIZE)
|
||||
|
||||
# The 790M were found by trial and error. At 789M the netinstall
|
||||
# complains about "low memory".
|
||||
rootfs.img: preseed.img rootfs.img.tmp grub.iso
|
||||
install -m 644 rootfs.img.tmp rootfs.img || rm -f rootfs.img
|
||||
|
||||
qemu-system-x86_64 \
|
||||
-M q35 \
|
||||
-m 807M \
|
||||
-nographic \
|
||||
-drive file=grub.iso,index=2,media=cdrom,if=ide \
|
||||
-drive file=rootfs.img,index=1,media=disk,if=virtio \
|
||||
-drive file=preseed.img,index=0,media=disk,if=none,format=raw,id=usb \
|
||||
-usb -device usb-ehci,id=ehci -device usb-storage,bus=ehci.0,drive=usb \
|
||||
$(EXTRA_QEMU_ARGS) || \
|
||||
\
|
||||
rm -f rootfs.img
|
|
@ -1,42 +0,0 @@
|
|||
Deployment and limitations.
|
||||
===========================
|
||||
|
||||
Creating an image is similar to the build of other software as you use
|
||||
similar commands:
|
||||
$ git clone https://forge.a-lec.org/cominfra/experimental-vms
|
||||
$ cd experimental-vms/trisquel-automatic-netinstall-qemu
|
||||
$ ./autogen.sh
|
||||
$ ./configure --prefix=/ \
|
||||
--with-trisquel-netinstall=~/Downloads/trisquel-netinst_11.0.1_amd64.iso
|
||||
$ make
|
||||
|
||||
Since your account on a physical machines from Libre en communs might
|
||||
lack permissions for accessing /dev/kvm, you might need to pass
|
||||
'--disable-kvm' to ./configure, and since these machines also lack
|
||||
many tools, you will need to workaround by using the provided
|
||||
./libre-en-communs-guix-shell.sh script. For instance the following
|
||||
should work:
|
||||
$ git clone https://forge.a-lec.org/cominfra/experimental-vms
|
||||
$ cd experimental-vms/trisquel-automatic-netinstall-qemu
|
||||
$ wget https://cdimage.trisquel.info/trisquel-images/trisquel-netinst_11.0.1_amd64.iso
|
||||
$ ./libre-en-communs-guix-shell.sh ./autogen.sh
|
||||
$ ./libre-en-communs-guix-shell.sh ./configure --prefix=/ --disable-kvm
|
||||
$ ./libre-en-communs-guix-shell.sh make
|
||||
|
||||
The image should then be in rootfs.img.
|
||||
|
||||
License
|
||||
=======
|
||||
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or (at
|
||||
your option) any later version.
|
||||
|
||||
This project is distributed in the hope that they will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -1,151 +0,0 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
AC_PREREQ([2.69])
|
||||
AC_INIT([trisquel-automatic-netinstall-qemu], [0.1],
|
||||
[GNUtoo@cyberdimension.org])
|
||||
AC_CONFIG_SRCDIR([configure.ac])
|
||||
AC_PROG_AWK
|
||||
AC_PROG_MKDIR_P
|
||||
AM_INIT_AUTOMAKE([foreign])
|
||||
|
||||
AC_SUBST([ENABLE_KVM], [])
|
||||
AC_SUBST([MIRROR_HTTP_PROXY], [])
|
||||
AC_SUBST([TRISQUEL_ROOTFS_SIZE], [])
|
||||
AC_SUBST([TRISQUEL_NETINSTALL], [])
|
||||
|
||||
AC_ARG_ENABLE(kvm,
|
||||
[AS_HELP_STRING([--disable-kvm],
|
||||
[Use Kvm to obtain a public IP address (default=enabled)])],
|
||||
[kvm="$enableval"],
|
||||
[kvm="yes"])
|
||||
|
||||
AM_CONDITIONAL( [WANT_KVM], [test x"$kvm" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(
|
||||
[mirror-http-proxy],
|
||||
[AS_HELP_STRING(
|
||||
[--with-mirror-http-proxy=URL],
|
||||
[URL to the mirror HTTP proxy (default: not set (no mirror)).
|
||||
The proxy configuration is then used during both the netinstall
|
||||
installation and after as well (it's added to /etc/apt/apt.conf).
|
||||
The chosen URL should be reachable from QEMU. As an example, if
|
||||
you use the apt-cacher-ng default configuration and make it
|
||||
listen on localhost, you should use http://10.0.2.2:3142 because
|
||||
localhost becomes 10.0.2.2 with the current QEMU configuration
|
||||
and because the port 3142 is the default port for apt-cacher-ng.])],
|
||||
[MIRROR_HTTP_PROXY=$withval],
|
||||
[MIRROR_HTTP_PROXY=])
|
||||
|
||||
AC_ARG_WITH(
|
||||
[--with-trisquel-target-rootfs-size],
|
||||
[AS_HELP_STRING(
|
||||
[--trisquel-target-rootfs-size=SIZE],
|
||||
[Size of the target image (default=3.5G). The size will be passed
|
||||
as-is to the 'qemu-img create' command. See 'man 1 qemu-img' for
|
||||
more details.])],
|
||||
[TRISQUEL_ROOTFS_SIZE=$withval],
|
||||
[TRISQUEL_ROOTFS_SIZE=3.5G]) dnl 3.4G: Fail, 3.5G: OK
|
||||
|
||||
AC_ARG_WITH(
|
||||
[trisquel-netinstall],
|
||||
[AS_HELP_STRING(
|
||||
[--with-trisquel-netinstall=PATH],
|
||||
[Path to trisquel netinstall image
|
||||
(default=trisquel-netinst_11.0.1_amd64.iso). Note that at the moment
|
||||
only trisquel-netinst_11.0.1_amd64.iso is supported. If you use
|
||||
another image the signature verification will fail.])],
|
||||
[TRISQUEL_NETINSTALL=$withval],
|
||||
[TRISQUEL_NETINSTALL=trisquel-netinst_11.0.1_amd64.iso])
|
||||
|
||||
AC_CHECK_PROG([CHMOD], [chmod], [chmod])
|
||||
AS_IF([test x"$CHMOD" = x""],
|
||||
[AC_MSG_ERROR([chmod was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([GPG], [gpg], [gpg])
|
||||
AS_IF([test x"$GPG" = x""],
|
||||
[AC_MSG_ERROR([gpg was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([INSTALL], [install], [install])
|
||||
AS_IF([test x"$INSTALL" = x""],
|
||||
[AC_MSG_ERROR([install was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([RM], [rm], [rm])
|
||||
AS_IF([test x"$RM" = x""],
|
||||
[AC_MSG_ERROR([rm was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([XORRISO], [xorriso], [xorriso])
|
||||
AS_IF([test x"$XORRISO" = x""],
|
||||
[AC_MSG_ERROR([xorriso was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([GRUB_MKRESCUE], [grub-mkrescue], [grub-mkrescue])
|
||||
AS_IF([test x"$GRUB_MKRESCUE" = x""],
|
||||
[AC_MSG_ERROR([grub-mkrescue was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([DD], [dd], [dd])
|
||||
AS_IF([test x"$DD" = x""],
|
||||
[AC_MSG_ERROR([dd was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([MKFS_VFAT], [mkfs.vfat], [mkfs.vfat])
|
||||
AS_IF([test x"$MKFS_VFAT" = x""],
|
||||
[AC_MSG_ERROR([mkfs.vfat was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([MCOPY], [mcopy], [mcopy])
|
||||
AS_IF([test x"$MCOPY" = x""],
|
||||
[AC_MSG_ERROR([mcopy was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([MV], [mv], [mv])
|
||||
AS_IF([test x"$MV" = x""],
|
||||
[AC_MSG_ERROR([mv was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([QEMU_IMG], [qemu-img], [qemu-img])
|
||||
AS_IF([test x"$QEMU_IMG" = x""],
|
||||
[AC_MSG_ERROR([qemu-img was not found in PATH ($PATH)])])
|
||||
|
||||
AC_CHECK_PROG([QEMU_SYSTEM_X86_64], [qemu-system-x86_64], [qemu-system-x86_64])
|
||||
AS_IF([test x"$QEMU_SYSTEM_X86_64" = x""],
|
||||
[AC_MSG_ERROR([qemu-system-x86_64 was not found in PATH ($PATH)])])
|
||||
|
||||
# Check for the netinstall iso file
|
||||
AS_IF([test x"`echo "$TRISQUEL_NETINSTALL" | cut -c1`" = x"~"],
|
||||
[AC_MSG_ERROR([~ not supported in --with-trisquel-netinstall.
|
||||
Use paths without '~'.])])
|
||||
|
||||
AC_CHECK_FILE([$TRISQUEL_NETINSTALL],
|
||||
[],
|
||||
[AC_MSG_ERROR([trisquel-netinst_11.0.1_amd64.iso was not found in
|
||||
$TRISQUEL_NETINSTALL])])
|
||||
|
||||
AS_IF([test x"$kvm" = x"yes"],
|
||||
[AS_IF([test -c /dev/kvm], [], AC_MSG_ERROR([/dev/kvm not found.]))
|
||||
AS_IF([echo quit | qemu-system-x86_64 -display none -vga none -enable-kvm -monitor stdio],
|
||||
[],
|
||||
[AC_MSG_ERROR([KVM test with qemu-system-x86_64 failed.
|
||||
Check permissions on /dev/kvm.])])])
|
||||
|
||||
AC_CONFIG_FILES([Makefile])
|
||||
AC_OUTPUT
|
||||
|
||||
echo
|
||||
echo "Configuration options:"
|
||||
echo "======================"
|
||||
AS_IF([test x"$kvm" = x"yes"],
|
||||
[echo "- Kvm: enabled"],
|
||||
[echo "- Kvm: disabled"])
|
||||
echo "- Trisquel netinstall path: $TRISQUEL_NETINSTALL"
|
||||
echo "- Trisquel target rootfs size: $TRISQUEL_ROOTFS_SIZE"
|
||||
AS_IF([test x"$MIRROR_HTTP_PROXY" = x""],
|
||||
[echo "- Trisquel mirror http proxy: disabled"],
|
||||
[echo "- Trisquel mirror http proxy: $MIRROR_HTTP_PROXY"])
|
|
@ -1,18 +0,0 @@
|
|||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
|
||||
set timeout=1
|
||||
|
||||
menuentry "Trisquel 11 netinstall with custom preseed" {
|
||||
linux /boot/linux auto=true priority=critical preseed/file=/media/preseed.cfg --- console=ttyS0,115200 quiet
|
||||
initrd /boot/initrd.gz
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
|
||||
# Libre en communs physical machines have Trisquel and just installed
|
||||
# Guix through the package manager. So we end up with Guix 1.3.0 which
|
||||
# doesn't have guix shell. Once Guix is upgraded with 'guix pull', we
|
||||
# still don't have 'guix shell' without exporting the variables below.
|
||||
GUIX_PROFILE="${HOME}/.config/guix/current"
|
||||
. "$GUIX_PROFILE/etc/profile"
|
||||
|
||||
# The Libre en communs physical machines lack many packages, so when
|
||||
# this is the case we can simply use Guix to get these packages, but
|
||||
# at the same time resources are also very constrained (because the
|
||||
# hosts typically run many virtual machines), so if some host packages
|
||||
# are available, we prefer to use that as this uses way less space.
|
||||
guix_packages=" \
|
||||
autoconf \
|
||||
automake \
|
||||
make \
|
||||
mtools \
|
||||
xorriso \
|
||||
"
|
||||
guix shell ${guix_packages} -- $@
|
|
@ -1,63 +0,0 @@
|
|||
#_preseed_V1
|
||||
|
||||
# Copyright (C) 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This file is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
|
||||
# Accounts
|
||||
d-i passwd/root-login boolean false
|
||||
d-i passwd/username string admin666
|
||||
d-i passwd/user-fullname string admin666
|
||||
d-i passwd/user-password password password
|
||||
d-i passwd/user-password-again password password
|
||||
|
||||
# Keyboard layout
|
||||
d-i keyboard-configuration/xkb-keymap select us
|
||||
|
||||
# Locales
|
||||
d-i debian-installer/locale string en_US
|
||||
|
||||
# Network
|
||||
d-i netcfg/choose_interface select auto
|
||||
d-i netcfg/get_domain string test
|
||||
d-i netcfg/get_hostname string test
|
||||
|
||||
# Package management
|
||||
d-i mirror/country string manual
|
||||
d-i mirror/http/directory string /trisquel
|
||||
d-i mirror/http/hostname string mirror.fsf.org
|
||||
d-i mirror/http/proxy string @MIRROR_HTTP_PROXY@
|
||||
popularity-contest popularity-contest/participate boolean false
|
||||
|
||||
# Partitioning
|
||||
d-i grub-installer/bootdev string /dev/vda
|
||||
d-i partman-auto-lvm/guided_size string max
|
||||
d-i partman-auto/choose_recipe select atomic
|
||||
d-i partman-auto/disk string /dev/vda
|
||||
d-i partman-auto/method string regular
|
||||
d-i partman-md/confirm boolean true
|
||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||
d-i partman/choose_partition select finish
|
||||
d-i partman/choose_partition select finish
|
||||
d-i partman/confirm boolean true
|
||||
d-i partman/confirm boolean true
|
||||
d-i partman/confirm_nooverwrite boolean true
|
||||
d-i partman/confirm_nooverwrite boolean true
|
||||
|
||||
# Timezone
|
||||
d-i clock-setup/ntp boolean true
|
||||
d-i clock-setup/utc boolean true
|
||||
d-i time/zone string Europe/Paris
|
||||
|
||||
# Shutdown at the end
|
||||
d-i finish-install/reboot_in_progress note
|
||||
d-i debian-installer/exit/poweroff boolean true
|
|
@ -1,16 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE0k3aySJtW6Xp877T9dqq90rUyTgFAmZZOJ0ACgkQ9dqq90rU
|
||||
yTiNqA/8DrgLZAPDKksGsHeFs73nIdHdeN0BWUrsRGjYnI64XunMCLjPOcA2BbqJ
|
||||
4rfgseuP+2t8AvWn+erIqJMQD67pYL0j5J5cP9I2DvaIvssr3uxaKSuf+U4JMuGt
|
||||
Izsw21BUAn8Yg1NnFish7ByYLmCWTbui3LYUKdjhCOjee0qj0aWOjBnaIW8Uvb6Z
|
||||
KvIDjItMxakCLfw2/DXg7wDPt/BXRZNpYW4P8my1IK12pguaDtg1SFQf5sbtjelH
|
||||
AEK4LOR5GiSh81ve75i4G/KtcqTf4PzNGJfBwvXPJ3ZclR8+FENp8YdG93AagRJS
|
||||
c/tQwzy2vMV1VGMqI63EFzl/DiepOdX6aCf2rhQZpgc37Q+pbfSCtOZXcch0feYD
|
||||
F8pCH4FLU3SOy9vERahBrTmfIWCTQMe6G8G8zQA4rjT7JOAH+PywFik89whzwmgE
|
||||
kgM62EWyRL0VkkeYY2aYCq+WJLs8V4sNyaPqNFmQF/7MhYp/sMuxSwqs8pcAd7TG
|
||||
NhBWolB/YWZPI+TqToLd/K8qQkimBI9cw7uGpc2NBovKVqS/GQlCW59L7d4xMaK1
|
||||
lJhKLqDs3cZVtQrqrT0UEpbIzHY+3yZo5UondgjzVWrHHHPKRMtFIeua8A8yKTI/
|
||||
Lc+G7IFIcyhdK9F0KrQFijsDRZ83WYjGJPhfArIOgT6QNgZgDBk=
|
||||
=Q9Eh
|
||||
-----END PGP SIGNATURE-----
|
|
@ -1,3 +0,0 @@
|
|||
/config.tar
|
||||
/config.tar.xz
|
||||
/config.tar.xz.b64
|
|
@ -1,48 +0,0 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
.PHONY: install
|
||||
|
||||
all: config.tar.xz.b64
|
||||
|
||||
TARBALL_SOURCE = \
|
||||
config/class/50-host-classes \
|
||||
config/files/etc/cron.d/fai/FAIBASE \
|
||||
config/files/etc/fai/fai.conf/FAIBASE \
|
||||
config/files/etc/hostname/FAIBASE \
|
||||
config/files/etc/hosts/FAIBASE \
|
||||
config/files/etc/network/interfaces.d/enp1s0.conf \
|
||||
config/files/etc/network/interfaces.d/lo.conf \
|
||||
config/files/etc/resolv.conf \
|
||||
config/files/etc/ssh/sshd_config \
|
||||
config/files/usr/local/bin/guix-install.sh/FAIBASE \
|
||||
config/package_config/FAIBASE \
|
||||
config/scripts/FAIBASE/01-files \
|
||||
Makefile
|
||||
|
||||
config.tar: $(TARBALL_SOURCE)
|
||||
tar -cf $@ $(TARBALL_SOURCE)
|
||||
|
||||
config.tar.xz: config.tar
|
||||
xz -f -9e --verbose $<
|
||||
|
||||
config.tar.xz.b64: config.tar.xz
|
||||
base64 $< > $@
|
||||
|
||||
install:
|
||||
apt install fai-client
|
||||
install -m644 config/files/etc/fai/fai.conf/FAIBASE /etc/fai/fai.conf
|
||||
@# For some reasons fai returns 2 but the install works fine.
|
||||
/usr/sbin/fai -vNu $$HOSTNAME softupdate || true
|
|
@ -1,38 +0,0 @@
|
|||
What does it do
|
||||
===============
|
||||
|
||||
Long time ago, the Libre en communs host didn't have Guix installed in
|
||||
its physical machines. Because of that I tried to find a way to
|
||||
cleanly bootstrap a Guix VM reproducibily from code, directly on the
|
||||
machines.
|
||||
|
||||
Nowadays Guix is installed on the physical machines so we don't need
|
||||
an intermediate VM anymore.
|
||||
|
||||
But it is kept to show how to use FAI in a very simple way for a
|
||||
single machine.
|
||||
|
||||
How to deploy
|
||||
=============
|
||||
|
||||
This was meant to customize an existing VM. So once Libre en commun
|
||||
provided you with a VM, you can apply the customization within the VM
|
||||
with the following commands:
|
||||
$ git clone https://forge.a-lec.org/GNUtoo/experimental-vms
|
||||
$ cd experimental-vms/trisquel-install-guix-fai
|
||||
$ sudo make install
|
||||
|
||||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
case $HOSTNAME in
|
||||
*)
|
||||
echo "FAIBASE" ;;
|
||||
esac
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
40 * * * * root /usr/sbin/fai -vNu $HOSTNAME softupdate
|
|
@ -1,17 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
FAI_CONFIG_SRC=file:///root/config
|
|
@ -1 +0,0 @@
|
|||
trisquel-guix-installer.experimental.a-lec.org
|
|
@ -1,7 +0,0 @@
|
|||
127.0.0.1 localhost
|
||||
127.0.1.1 trisquel-guix-installer.experimental.a-lec.org
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
|
@ -1,24 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
auto enp1s0
|
||||
iface enp1s0 inet static
|
||||
address 192.168.1.119/16
|
||||
gateway 192.168.0.1
|
||||
|
||||
iface enp1s0 inet static
|
||||
address 2001:910:1021::119/64
|
||||
gateway 2001:910:1021::1
|
|
@ -1,19 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# The loopback network interface
|
||||
auto lo
|
||||
iface lo inet loopback
|
|
@ -1,18 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
nameserver 2001:910:1021::1
|
||||
nameserver 127.0.0.53
|
|
@ -1,23 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
KbdInteractiveAuthentication no
|
||||
PasswordAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
Port 222
|
||||
PrintMotd no
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
UsePAM no
|
|
@ -1,676 +0,0 @@
|
|||
#!/bin/sh
|
||||
# GNU Guix --- Functional package management for GNU
|
||||
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
|
||||
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
||||
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
|
||||
# Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
|
||||
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
|
||||
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
|
||||
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
|
||||
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
|
||||
# Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
||||
# Copyright © 2022 Prafulla Giri <prafulla.giri@protonmail.com>
|
||||
#
|
||||
# This file is part of GNU Guix.
|
||||
#
|
||||
# GNU Guix is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# GNU Guix is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# We require Bash but for portability we'd rather not use /bin/bash or
|
||||
# /usr/bin/env in the shebang, hence this hack.
|
||||
if [ "x$BASH_VERSION" = "x" ]
|
||||
then
|
||||
exec bash "$0" "$@"
|
||||
fi
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
|
||||
|
||||
REQUIRE=(
|
||||
"dirname"
|
||||
"readlink"
|
||||
"wget"
|
||||
"gpg"
|
||||
"grep"
|
||||
"which"
|
||||
"sed"
|
||||
"sort"
|
||||
"getent"
|
||||
"mktemp"
|
||||
"rm"
|
||||
"chmod"
|
||||
"uname"
|
||||
"groupadd"
|
||||
"tail"
|
||||
"tr"
|
||||
"xz"
|
||||
)
|
||||
|
||||
PAS=$'[ \033[32;1mPASS\033[0m ] '
|
||||
ERR=$'[ \033[31;1mFAIL\033[0m ] '
|
||||
WAR=$'[ \033[33;1mWARN\033[0m ] '
|
||||
INF="[ INFO ] "
|
||||
|
||||
DEBUG=0
|
||||
GNU_URL="https://ftp.gnu.org/gnu/guix/"
|
||||
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
|
||||
|
||||
# The following associative array holds set of GPG keys used to sign the
|
||||
# releases, keyed by their corresponding Savannah user ID.
|
||||
declare -A GPG_SIGNING_KEYS
|
||||
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
|
||||
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
#+UTILITIES
|
||||
|
||||
_err()
|
||||
{ # All errors go to stderr.
|
||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
||||
}
|
||||
|
||||
_msg()
|
||||
{ # Default message to stdout.
|
||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
||||
}
|
||||
|
||||
_debug()
|
||||
{
|
||||
if [ "${DEBUG}" = '1' ]; then
|
||||
printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
die()
|
||||
{
|
||||
_err "${ERR}$*"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Return true if user answered yes, false otherwise. The prompt is
|
||||
# yes-biased, that is, when the user simply enter newline, it is equivalent to
|
||||
# answering "yes".
|
||||
# $1: The prompt question.
|
||||
prompt_yes_no() {
|
||||
local -l yn
|
||||
read -rp "$1 [Y/n]" yn
|
||||
[[ ! $yn || $yn = y || $yn = yes ]] || return 1
|
||||
}
|
||||
|
||||
chk_require()
|
||||
{ # Check that every required command is available.
|
||||
declare -a warn
|
||||
local c
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
for c in "$@"; do
|
||||
command -v "$c" &>/dev/null || warn+=("$c")
|
||||
done
|
||||
|
||||
[ "${#warn}" -ne 0 ] &&
|
||||
{ _err "${ERR}Missing commands: ${warn[*]}.";
|
||||
return 1; }
|
||||
|
||||
_msg "${PAS}verification of required commands completed"
|
||||
}
|
||||
|
||||
chk_gpg_keyring()
|
||||
{ # Check whether the Guix release signing public key is present.
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
local user_id
|
||||
local gpg_key_id
|
||||
local exit_flag
|
||||
|
||||
for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
|
||||
gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
|
||||
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
||||
# systems where gpg has never been used, causing errors and confusion.
|
||||
if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
if prompt_yes_no "${INF}The following OpenPGP public key is \
|
||||
required to verify the Guix binary signature: $gpg_key_id.
|
||||
Would you like me to fetch it for you?"; then
|
||||
# Use a reasonable time-out here so users don't report silent
|
||||
# ‘freezes’ when Savannah goes out to lunch, as has happened.
|
||||
if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
|
||||
--timeout=30 --no-verbose -O- | gpg --import -; then
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
# If we reach this point, the key is (still) missing. Report further
|
||||
# missing keys, if any, but then abort the installation.
|
||||
_err "${ERR}Missing OpenPGP public key ($gpg_key_id).
|
||||
Fetch it with this command:
|
||||
|
||||
wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \
|
||||
sudo -i gpg --import -"
|
||||
exit_flag=yes
|
||||
done
|
||||
if [ "$exit_flag" = yes ]; then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
chk_term()
|
||||
{ # Check for ANSI terminal for color printing.
|
||||
if [ -t 2 ]; then
|
||||
if [ "${TERM+set}" = 'set' ]; then
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
|
||||
;;
|
||||
*)
|
||||
ERR="[ FAIL ] "
|
||||
PAS="[ PASS ] "
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
chk_init_sys()
|
||||
{ # Return init system type name.
|
||||
if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
|
||||
_msg "${INF}init system is: upstart"
|
||||
INIT_SYS="upstart"
|
||||
return 0
|
||||
elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
|
||||
_msg "${INF}init system is: systemd"
|
||||
INIT_SYS="systemd"
|
||||
return 0
|
||||
elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
|
||||
_msg "${INF}init system is: sysv-init"
|
||||
INIT_SYS="sysv-init"
|
||||
return 0
|
||||
elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
|
||||
_msg "${INF}init system is: OpenRC"
|
||||
INIT_SYS="openrc"
|
||||
return 0
|
||||
else
|
||||
INIT_SYS="NA"
|
||||
_err "${ERR}Init system could not be detected."
|
||||
fi
|
||||
}
|
||||
|
||||
chk_sys_arch()
|
||||
{ # Check for operating system and architecture type.
|
||||
local os
|
||||
local arch
|
||||
|
||||
os="$(uname -s)"
|
||||
arch="$(uname -m)"
|
||||
|
||||
case "$arch" in
|
||||
i386 | i486 | i686 | i786 | x86)
|
||||
local arch=i686
|
||||
;;
|
||||
x86_64 | x86-64 | x64 | amd64)
|
||||
local arch=x86_64
|
||||
;;
|
||||
aarch64)
|
||||
local arch=aarch64
|
||||
;;
|
||||
armv7l)
|
||||
local arch=armhf
|
||||
;;
|
||||
ppc64le | powerpc64le)
|
||||
local arch=powerpc64le
|
||||
;;
|
||||
*)
|
||||
die "Unsupported CPU type: ${arch}"
|
||||
esac
|
||||
|
||||
case "$os" in
|
||||
Linux | linux)
|
||||
local os=linux
|
||||
;;
|
||||
*)
|
||||
die "Your operation system (${os}) is not supported."
|
||||
esac
|
||||
|
||||
ARCH_OS="${arch}-${os}"
|
||||
}
|
||||
|
||||
chk_sys_nscd()
|
||||
{ # Check if nscd is up and suggest to start it or install it
|
||||
if [ "$(type -P pidof)" ]; then
|
||||
if [ ! "$(pidof nscd)" ]; then
|
||||
_msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
|
||||
_msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
|
||||
fi
|
||||
else
|
||||
_msg "${INF}We cannot determine if your distribution 'nscd' service is running"
|
||||
_msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
|
||||
fi
|
||||
}
|
||||
|
||||
# Configure substitute discovery according to user's preferences.
|
||||
# $1 is the installed service file to edit.
|
||||
configure_substitute_discovery() {
|
||||
if grep -q -- '--discover=no' "$1" && \
|
||||
prompt_yes_no "Would you like the Guix daemon to automatically \
|
||||
discover substitute servers on the local network?"; then
|
||||
sed -i 's/--discover=no/--discover=yes/' "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
#+MAIN
|
||||
|
||||
guix_get_bin_list()
|
||||
{ # Scan GNU archive and save list of binaries
|
||||
local gnu_url="$1"
|
||||
local -a bin_ver_ls
|
||||
local latest_ver
|
||||
local default_ver
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
# Filter only version and architecture
|
||||
bin_ver_ls=("$(wget "$gnu_url" --no-verbose -O- \
|
||||
| sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
|
||||
| sort -Vu)")
|
||||
|
||||
latest_ver="$(echo "${bin_ver_ls[0]}" \
|
||||
| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
|
||||
| tail -n1)"
|
||||
|
||||
default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
|
||||
|
||||
if [[ "${#bin_ver_ls}" -ne "0" ]]; then
|
||||
_msg "${PAS}Release for your system: ${default_ver}"
|
||||
else
|
||||
die "Could not obtain list of Guix releases."
|
||||
fi
|
||||
|
||||
# Use default to download according to the list and local ARCH_OS.
|
||||
BIN_VER="${default_ver}"
|
||||
}
|
||||
|
||||
guix_get_bin()
|
||||
{ # Download and verify binary package.
|
||||
local url="$1"
|
||||
local bin_ver="$2"
|
||||
local dl_path="$3"
|
||||
local wget_args=()
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
_msg "${INF}Downloading Guix release archive"
|
||||
|
||||
wget --help | grep -q '\--show-progress' \
|
||||
&& wget_args=("--no-verbose" "--show-progress")
|
||||
|
||||
if wget "${wget_args[@]}" -P "$dl_path" \
|
||||
"${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
|
||||
_msg "${PAS}download completed."
|
||||
else
|
||||
die "could not download ${url}/${bin_ver}.tar.xz."
|
||||
fi
|
||||
|
||||
pushd "${dl_path}" >/dev/null
|
||||
if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
|
||||
_msg "${PAS}Signature is valid."
|
||||
popd >/dev/null
|
||||
else
|
||||
die "could not verify the signature."
|
||||
fi
|
||||
}
|
||||
|
||||
sys_create_store()
|
||||
{ # Unpack and install /gnu/store and /var/guix
|
||||
local pkg="$1"
|
||||
local tmp_path="$2"
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
if [[ -e "/var/guix" || -e "/gnu" ]]; then
|
||||
die "A previous Guix installation was found. Refusing to overwrite."
|
||||
fi
|
||||
|
||||
cd "$tmp_path"
|
||||
tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"
|
||||
|
||||
_msg "${INF}Installing /var/guix and /gnu..."
|
||||
mv "${tmp_path}/var/guix" /var/
|
||||
mv "${tmp_path}/gnu" /
|
||||
|
||||
_msg "${INF}Linking the root user's profile"
|
||||
mkdir -p ~root/.config/guix
|
||||
ln -sf /var/guix/profiles/per-user/root/current-guix \
|
||||
~root/.config/guix/current
|
||||
|
||||
GUIX_PROFILE=~root/.config/guix/current
|
||||
# shellcheck disable=SC1090
|
||||
source "${GUIX_PROFILE}/etc/profile"
|
||||
_msg "${PAS}activated root profile at ${GUIX_PROFILE}"
|
||||
}
|
||||
|
||||
sys_create_build_user()
|
||||
{ # Create the group and user accounts for build users.
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
if getent group guixbuild > /dev/null; then
|
||||
_msg "${INF}group guixbuild exists"
|
||||
else
|
||||
groupadd --system guixbuild
|
||||
_msg "${PAS}group <guixbuild> created"
|
||||
fi
|
||||
|
||||
if getent group kvm > /dev/null; then
|
||||
_msg "${INF}group kvm exists and build users will be added to it"
|
||||
local KVMGROUP=,kvm
|
||||
fi
|
||||
|
||||
for i in $(seq -w 1 10); do
|
||||
if id "guixbuilder${i}" &>/dev/null; then
|
||||
_msg "${INF}user is already in the system, reset"
|
||||
usermod -g guixbuild -G guixbuild${KVMGROUP} \
|
||||
-d /var/empty -s "$(which nologin)" \
|
||||
-c "Guix build user $i" \
|
||||
"guixbuilder${i}";
|
||||
else
|
||||
useradd -g guixbuild -G guixbuild${KVMGROUP} \
|
||||
-d /var/empty -s "$(which nologin)" \
|
||||
-c "Guix build user $i" --system \
|
||||
"guixbuilder${i}";
|
||||
_msg "${PAS}user added <guixbuilder${i}>"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
sys_enable_guix_daemon()
|
||||
{ # Run the daemon, and set it to automatically start on boot.
|
||||
|
||||
local info_path
|
||||
local local_bin
|
||||
local var_guix
|
||||
|
||||
_debug "--- [ ${FUNCNAME[0]} ] ---"
|
||||
|
||||
info_path="/usr/local/share/info"
|
||||
local_bin="/usr/local/bin"
|
||||
var_guix="/var/guix/profiles/per-user/root/current-guix"
|
||||
|
||||
case "$INIT_SYS" in
|
||||
upstart)
|
||||
{ initctl reload-configuration;
|
||||
cp ~root/.config/guix/current/lib/upstart/system/guix-daemon.conf \
|
||||
/etc/init/ &&
|
||||
configure_substitute_discovery /etc/init/guix-daemon.conf &&
|
||||
start guix-daemon; } &&
|
||||
_msg "${PAS}enabled Guix daemon via upstart"
|
||||
;;
|
||||
systemd)
|
||||
{ # systemd .mount units must be named after the target directory.
|
||||
# Here we assume a hard-coded name of /gnu/store.
|
||||
# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
|
||||
if [ -f ~root/.config/guix/current/lib/systemd/system/gnu-store.mount ]; then
|
||||
cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
|
||||
/etc/systemd/system/;
|
||||
chmod 664 /etc/systemd/system/gnu-store.mount;
|
||||
systemctl daemon-reload &&
|
||||
systemctl enable gnu-store.mount;
|
||||
fi
|
||||
|
||||
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
|
||||
/etc/systemd/system/;
|
||||
chmod 664 /etc/systemd/system/guix-daemon.service;
|
||||
|
||||
# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
|
||||
sed -i /etc/systemd/system/guix-daemon.service \
|
||||
-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
|
||||
|
||||
# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
|
||||
if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
|
||||
then sed -i /etc/systemd/system/guix-daemon.service \
|
||||
-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
|
||||
fi;
|
||||
|
||||
configure_substitute_discovery \
|
||||
/etc/systemd/system/guix-daemon.service
|
||||
|
||||
systemctl daemon-reload &&
|
||||
systemctl enable guix-daemon &&
|
||||
systemctl start guix-daemon; } &&
|
||||
_msg "${PAS}enabled Guix daemon via systemd"
|
||||
;;
|
||||
sysv-init)
|
||||
{ mkdir -p /etc/init.d;
|
||||
cp ~root/.config/guix/current/etc/init.d/guix-daemon \
|
||||
/etc/init.d/guix-daemon;
|
||||
chmod 775 /etc/init.d/guix-daemon;
|
||||
|
||||
configure_substitute_discovery /etc/init.d/guix-daemon
|
||||
|
||||
update-rc.d guix-daemon defaults &&
|
||||
update-rc.d guix-daemon enable &&
|
||||
service guix-daemon start; } &&
|
||||
_msg "${PAS}enabled Guix daemon via sysv"
|
||||
;;
|
||||
openrc)
|
||||
{ mkdir -p /etc/init.d;
|
||||
cp ~root/.config/guix/current/etc/openrc/guix-daemon \
|
||||
/etc/init.d/guix-daemon;
|
||||
chmod 775 /etc/init.d/guix-daemon;
|
||||
|
||||
configure_substitute_discovery /etc/init.d/guix-daemon
|
||||
|
||||
rc-update add guix-daemon default &&
|
||||
rc-service guix-daemon start; } &&
|
||||
_msg "${PAS}enabled Guix daemon via OpenRC"
|
||||
;;
|
||||
NA|*)
|
||||
_msg "${ERR}unsupported init system; run the daemon manually:"
|
||||
echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
|
||||
;;
|
||||
esac
|
||||
|
||||
_msg "${INF}making the guix command available to other users"
|
||||
|
||||
[ -e "$local_bin" ] || mkdir -p "$local_bin"
|
||||
ln -sf "${var_guix}/bin/guix" "$local_bin"
|
||||
|
||||
[ -e "$info_path" ] || mkdir -p "$info_path"
|
||||
for i in "${var_guix}"/share/info/*; do
|
||||
ln -sf "$i" "$info_path"
|
||||
done
|
||||
}
|
||||
|
||||
sys_authorize_build_farms()
|
||||
{ # authorize the public key(s) of the build farm(s)
|
||||
local hosts=(
|
||||
ci.guix.gnu.org
|
||||
bordeaux.guix.gnu.org
|
||||
)
|
||||
|
||||
if prompt_yes_no "Permit downloading pre-built package binaries from the \
|
||||
project's build farms?"; then
|
||||
for host in "${hosts[@]}"; do
|
||||
local key=~root/.config/guix/current/share/guix/$host.pub
|
||||
[ -f "$key" ] \
|
||||
&& guix archive --authorize < "$key" \
|
||||
&& _msg "${PAS}Authorized public key for $host"
|
||||
done
|
||||
else
|
||||
_msg "${INF}Skipped authorizing build farm public keys"
|
||||
fi
|
||||
}
|
||||
|
||||
sys_create_init_profile()
|
||||
{ # Define for better desktop integration
|
||||
# This will not take effect until the next shell or desktop session!
|
||||
[ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
|
||||
cat <<"EOF" > /etc/profile.d/zzz-guix.sh
|
||||
# Explicitly initialize XDG base directory variables to ease compatibility
|
||||
# with Guix System: see <https://issues.guix.gnu.org/56050#3>.
|
||||
export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
|
||||
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
|
||||
export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
|
||||
export XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
|
||||
export XDG_CONFIG_DIRS="${XDG_CONFIG_DIRS:-/etc/xdg}"
|
||||
export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}"
|
||||
# no default for XDG_RUNTIME_DIR (depends on foreign distro for semantics)
|
||||
|
||||
# _GUIX_PROFILE: `guix pull` profile
|
||||
_GUIX_PROFILE="$HOME/.config/guix/current"
|
||||
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
|
||||
# Export INFOPATH so that the updated info pages can be found
|
||||
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
|
||||
# When INFOPATH is unset, add a trailing colon so that Emacs
|
||||
# searches 'Info-default-directory-list'.
|
||||
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
|
||||
|
||||
# GUIX_PROFILE: User's default profile
|
||||
# Prefer the one from 'guix home' if it exists.
|
||||
GUIX_PROFILE="$HOME/.guix-home/profile"
|
||||
[ -L $GUIX_PROFILE ] || GUIX_PROFILE="$HOME/.guix-profile"
|
||||
[ -L $GUIX_PROFILE ] || return
|
||||
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
|
||||
export GUIX_LOCPATH
|
||||
|
||||
[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
|
||||
EOF
|
||||
}
|
||||
|
||||
sys_create_shell_completion()
|
||||
{ # Symlink supported shell completions system-wide
|
||||
|
||||
var_guix=/var/guix/profiles/per-user/root/current-guix
|
||||
bash_completion=/etc/bash_completion.d
|
||||
zsh_completion=/usr/share/zsh/site-functions
|
||||
fish_completion=/usr/share/fish/vendor_completions.d
|
||||
|
||||
{ # Just in case
|
||||
for dir_shell in $bash_completion $zsh_completion $fish_completion; do
|
||||
[ -d "$dir_shell" ] || mkdir -p $dir_shell
|
||||
done;
|
||||
|
||||
ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
|
||||
ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
|
||||
ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
|
||||
_msg "${PAS}installed shell completion"
|
||||
}
|
||||
|
||||
sys_customize_bashrc()
|
||||
{
|
||||
prompt_yes_no "Customize users Bash shell prompt for Guix?" || return
|
||||
for bashrc in /home/*/.bashrc /root/.bashrc; do
|
||||
test -f "$bashrc" || continue
|
||||
grep -Fq '$GUIX_ENVIRONMENT' "$bashrc" && continue
|
||||
cp "${bashrc}" "${bashrc}.bak"
|
||||
echo '
|
||||
# Automatically added by the Guix install script.
|
||||
if [ -n "$GUIX_ENVIRONMENT" ]; then
|
||||
if [[ $PS1 =~ (.*)"\\$" ]]; then
|
||||
PS1="${BASH_REMATCH[1]} [env]\\\$ "
|
||||
fi
|
||||
fi
|
||||
' >> "$bashrc"
|
||||
done
|
||||
_msg "${PAS}Bash shell prompt successfully customized for Guix"
|
||||
}
|
||||
|
||||
welcome()
|
||||
{
|
||||
local char
|
||||
cat<<"EOF"
|
||||
░░░ ░░░
|
||||
░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
|
||||
░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
|
||||
░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
|
||||
░▒▒▒▒░ ░░░░░░
|
||||
▒▒▒▒▒ ░░░░░░
|
||||
▒▒▒▒▒ ░░░░░
|
||||
░▒▒▒▒▒ ░░░░░
|
||||
▒▒▒▒▒ ░░░░░
|
||||
▒▒▒▒▒ ░░░░░
|
||||
░▒▒▒▒▒░░░░░
|
||||
▒▒▒▒▒▒░░░
|
||||
▒▒▒▒▒▒░
|
||||
_____ _ _ _ _ _____ _
|
||||
/ ____| \ | | | | | / ____| (_)
|
||||
| | __| \| | | | | | | __ _ _ ___ __
|
||||
| | |_ | . ' | | | | | | |_ | | | | \ \/ /
|
||||
| |__| | |\ | |__| | | |__| | |_| | |> <
|
||||
\_____|_| \_|\____/ \_____|\__,_|_/_/\_\
|
||||
|
||||
This script installs GNU Guix on your system
|
||||
|
||||
https://www.gnu.org/software/guix/
|
||||
EOF
|
||||
# Don't use ‘read -p’ here! It won't display when run non-interactively.
|
||||
echo -n "Press return to continue..."$'\r'
|
||||
read -r char
|
||||
if [ "$char" ]; then
|
||||
echo
|
||||
echo "...that ($char) was not a return!"
|
||||
_msg "${WAR}Use newlines to automate installation, e.g.: yes '' | ${0##*/}"
|
||||
_msg "${WAR}Any other method is unsupported and likely to break in future."
|
||||
fi
|
||||
}
|
||||
|
||||
main()
|
||||
{
|
||||
local tmp_path
|
||||
welcome
|
||||
|
||||
_msg "Starting installation ($(date))"
|
||||
|
||||
chk_term
|
||||
chk_require "${REQUIRE[@]}"
|
||||
chk_gpg_keyring
|
||||
chk_init_sys
|
||||
chk_sys_arch
|
||||
chk_sys_nscd
|
||||
|
||||
_msg "${INF}system is ${ARCH_OS}"
|
||||
|
||||
umask 0022
|
||||
tmp_path="$(mktemp -t -d guix.XXXXXX)"
|
||||
|
||||
if [ -z "${GUIX_BINARY_FILE_NAME}" ]; then
|
||||
guix_get_bin_list "${GNU_URL}"
|
||||
guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
|
||||
GUIX_BINARY_FILE_NAME=${BIN_VER}.tar.xz
|
||||
else
|
||||
if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
|
||||
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
|
||||
fi
|
||||
_msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
|
||||
GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
|
||||
fi
|
||||
|
||||
sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
|
||||
sys_create_build_user
|
||||
sys_enable_guix_daemon
|
||||
sys_authorize_build_farms
|
||||
sys_create_init_profile
|
||||
sys_create_shell_completion
|
||||
sys_customize_bashrc
|
||||
|
||||
_msg "${INF}cleaning up ${tmp_path}"
|
||||
rm -r "${tmp_path}"
|
||||
|
||||
_msg "${PAS}Guix has successfully been installed!"
|
||||
_msg "${INF}Run 'info guix' to read the manual."
|
||||
|
||||
# Required to source /etc/profile in desktop environments.
|
||||
_msg "${INF}Please log out and back in to complete the installation."
|
||||
}
|
||||
|
||||
main "$@"
|
|
@ -1,24 +0,0 @@
|
|||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
PACKAGES remove
|
||||
guix
|
||||
|
||||
PACKAGES install
|
||||
make
|
||||
screen
|
||||
wget
|
||||
xz-utils
|
|
@ -1,26 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This project is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This project is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this project. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
fcopy -i -m root,root,0755 /etc/cron.d/fai
|
||||
fcopy -iM /etc/fai/fai.conf
|
||||
fcopy -iM /etc/hostname
|
||||
fcopy -iM /etc/hosts
|
||||
fcopy -iM /etc/network/interfaces.d/lo.conf
|
||||
fcopy -iM /etc/network/interfaces.d/enp1s0.conf
|
||||
fcopy -iM /etc/resolv.conf
|
||||
fcopy -iM /etc/ssh/sshd_config
|
||||
fcopy -i -m root,root,0755 /usr/local/bin/guix-install.sh
|
|
@ -1,150 +0,0 @@
|
|||
<domain type='kvm'>
|
||||
<name>trisquel-guix-installer.experimental.a-lec.org</name>
|
||||
<description>Image générique à cloner</description>
|
||||
<memory unit='KiB'>4194304</memory>
|
||||
<currentMemory unit='KiB'>4194304</currentMemory>
|
||||
<vcpu placement='static'>1</vcpu>
|
||||
<os>
|
||||
<type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
|
||||
<boot dev='hd'/>
|
||||
</os>
|
||||
<features>
|
||||
<acpi/>
|
||||
<apic/>
|
||||
<vmport state='off'/>
|
||||
</features>
|
||||
<cpu mode='host-model' check='partial'>
|
||||
<topology sockets='1' dies='1' cores='1' threads='1'/>
|
||||
</cpu>
|
||||
<clock offset='utc'>
|
||||
<timer name='rtc' tickpolicy='catchup'/>
|
||||
<timer name='pit' tickpolicy='delay'/>
|
||||
<timer name='hpet' present='no'/>
|
||||
</clock>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<pm>
|
||||
<suspend-to-mem enabled='no'/>
|
||||
<suspend-to-disk enabled='no'/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type='file' device='disk'>
|
||||
<driver name='qemu' type='raw'/>
|
||||
<source file='/srv/vmverse/installation/gnutoo-trisquel-fai-installer.img'/>
|
||||
<target dev='vdc' bus='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
|
||||
</disk>
|
||||
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
|
||||
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
|
||||
</controller>
|
||||
<controller type='sata' index='0'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
|
||||
</controller>
|
||||
<controller type='pci' index='0' model='pcie-root'/>
|
||||
<controller type='pci' index='1' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='1' port='0x10'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
|
||||
</controller>
|
||||
<controller type='pci' index='2' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='2' port='0x11'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
|
||||
</controller>
|
||||
<controller type='pci' index='3' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='3' port='0x12'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
|
||||
</controller>
|
||||
<controller type='pci' index='4' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='4' port='0x13'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
|
||||
</controller>
|
||||
<controller type='pci' index='5' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='5' port='0x14'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
|
||||
</controller>
|
||||
<controller type='pci' index='6' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='6' port='0x15'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
|
||||
</controller>
|
||||
<controller type='pci' index='7' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='7' port='0x16'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
|
||||
</controller>
|
||||
<controller type='pci' index='8' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='8' port='0x17'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
|
||||
</controller>
|
||||
<controller type='pci' index='9' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='9' port='0x18'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
||||
</controller>
|
||||
<controller type='virtio-serial' index='0'>
|
||||
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
|
||||
</controller>
|
||||
<controller type='scsi' index='0' model='virtio-scsi'>
|
||||
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
|
||||
</controller>
|
||||
<interface type='bridge'>
|
||||
<source bridge='br0'/>
|
||||
<model type='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
||||
</interface>
|
||||
<serial type='pty'>
|
||||
<target type='isa-serial' port='0'>
|
||||
<model name='isa-serial'/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type='pty'>
|
||||
<target type='isa-serial' port='1'>
|
||||
<model name='isa-serial'/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type='pty'>
|
||||
<target type='isa-serial' port='2'>
|
||||
<model name='isa-serial'/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type='pty'>
|
||||
<target type='isa-serial' port='3'>
|
||||
<model name='isa-serial'/>
|
||||
</target>
|
||||
</serial>
|
||||
<console type='pty'>
|
||||
<target type='serial' port='0'/>
|
||||
</console>
|
||||
<channel type='unix'>
|
||||
<target type='virtio' name='org.qemu.guest_agent.0'/>
|
||||
<address type='virtio-serial' controller='0' bus='0' port='1'/>
|
||||
</channel>
|
||||
<channel type='spicevmc'>
|
||||
<target type='virtio' name='com.redhat.spice.0'/>
|
||||
<address type='virtio-serial' controller='0' bus='0' port='2'/>
|
||||
</channel>
|
||||
<input type='mouse' bus='ps2'/>
|
||||
<input type='keyboard' bus='ps2'/>
|
||||
<graphics type='spice'>
|
||||
<listen type='none'/>
|
||||
</graphics>
|
||||
<audio id='1' type='spice'/>
|
||||
<video>
|
||||
<model type='none'/>
|
||||
</video>
|
||||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
|
@ -1,79 +0,0 @@
|
|||
# Copying and distribution of this file, with or without modification,
|
||||
# are permitted in any medium without royalty provided the copyright
|
||||
# notice and this notice are preserved. This file is offered as-is,
|
||||
# without any warranty.
|
||||
|
||||
CURL ?= curl
|
||||
MIRROR ?= https://cdimage.trisquel.info/trisquel-images
|
||||
VERSION ?= 11.0
|
||||
|
||||
.precious: \
|
||||
trisquel_$(VERSION)_amd64.iso \
|
||||
trisquel_$(VERSION)_amd64.iso.asc \
|
||||
trisquel-netinst_$(VERSION)_amd64.iso \
|
||||
trisquel-netinst_$(VERSION)_amd64.iso.asc
|
||||
|
||||
.PHONY: all install-vm
|
||||
all: verify-trisquel-netinst_$(VERSION)_amd64
|
||||
|
||||
trisquel-archive-signkey.gpg:
|
||||
gpg --list-keys D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938 || \
|
||||
$(CURL) https://archive.trisquel.info/trisquel/$@ -o $@
|
||||
gpg --list-keys D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938 || \
|
||||
gpg --import trisquel-archive-signkey.gpg
|
||||
|
||||
%.iso:
|
||||
$(CURL) $(MIRROR)/$@ -o $@
|
||||
|
||||
%.asc: trisquel-archive-signkey.gpg %
|
||||
$(CURL) $(MIRROR)/$@ -o $@
|
||||
|
||||
verify-%: %.iso.asc
|
||||
gpg --verify $<
|
||||
|
||||
install-iso:
|
||||
virsh -c qemu:///system vol-list installation | \
|
||||
tail +3 | \
|
||||
awk '{print $1}' | \
|
||||
grep '^trisquel-netinst_11.0_amd64.iso$' || \
|
||||
( \
|
||||
virsh -c qemu:///system \
|
||||
vol-create-as \
|
||||
installation trisquel-netinst_11.0_amd64.iso 0 && \
|
||||
virsh -c qemu:///system \
|
||||
vol-upload \
|
||||
--pool installation trisquel-netinst_11.0_amd64.iso \
|
||||
--file $PWD/trisquel-netinst_11.0_amd64.iso \
|
||||
)
|
||||
|
||||
# We need that for transparency reasons
|
||||
install-signature:
|
||||
virsh -c qemu:///system vol-list installation | \
|
||||
tail +3 | \
|
||||
awk '{print $1}' | \
|
||||
grep '^trisquel-netinst_11.0_amd64.iso.asc$' || \
|
||||
( \
|
||||
virsh -c qemu:///system \
|
||||
vol-create-as \
|
||||
installation trisquel-netinst_11.0_amd64.iso.asc 0 && \
|
||||
virsh -c qemu:///system \
|
||||
vol-upload \
|
||||
--pool installation trisquel-netinst_11.0_amd64.iso \
|
||||
--file $PWD/trisquel-netinst_11.0_amd64.iso.asc \
|
||||
)
|
||||
|
||||
VM_DEPENDENCIES = \
|
||||
install-iso \
|
||||
install-signature \
|
||||
verify-trisquel-netinst_$(VERSION)_amd64
|
||||
|
||||
install-vm: $(VM_DEPENDENCIES)
|
||||
if ! virsh -c qemu:///system \
|
||||
desc experimental-trisquel-netinstall ; then \
|
||||
virsh -c qemu:///system destroy \
|
||||
experimental-trisquel-netinstall || true ; \
|
||||
virsh -c qemu:///system undefine \
|
||||
experimental-trisquel-netinstall ; \
|
||||
fi
|
||||
virsh -c qemu:///system \
|
||||
define --file experimental-trisquel-netinstall.xml
|
|
@ -1,50 +0,0 @@
|
|||
Deployment
|
||||
==========
|
||||
|
||||
If you don't have the Trisquel netinstall iso inside libvirt you can
|
||||
get it by first downloading it in the current directory with the
|
||||
following command:
|
||||
|
||||
```
|
||||
$ make
|
||||
```
|
||||
|
||||
Then you can add it to libvirt with the following command:
|
||||
|
||||
```
|
||||
$ ./create-netinstall-volume.sh
|
||||
```
|
||||
|
||||
Then if the VM is not already defined in libvirt, you can use the
|
||||
following command to do that:
|
||||
|
||||
```
|
||||
$ ./create-vm.sh
|
||||
```
|
||||
|
||||
You will then need to add an extra storage device to the VM to have
|
||||
some storage to install Trisquel on.
|
||||
|
||||
You can then start the installer and get a console inside it with the
|
||||
following commands:
|
||||
|
||||
```
|
||||
$ virsh -c qemu:///system start gnutoo-trisquel-netinstall
|
||||
$ ./use-serial-port.sh
|
||||
$ virsh -c qemu:///system console gnutoo-trisquel-netinstall
|
||||
```
|
||||
|
||||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This project is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this project. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -1,102 +0,0 @@
|
|||
<domain type="kvm">
|
||||
<name>gnutoo-trisquel-netinstall</name>
|
||||
<memory unit="KiB">2097152</memory>
|
||||
<currentMemory unit="KiB">2097152</currentMemory>
|
||||
<resource>
|
||||
<partition>/machine</partition>
|
||||
</resource>
|
||||
<os>
|
||||
<type arch="x86_64" machine="pc-i440fx-5.1">hvm</type>
|
||||
<boot dev="hd"/>
|
||||
</os>
|
||||
<features>
|
||||
<acpi/>
|
||||
<apic/>
|
||||
<vmport state="off"/>
|
||||
</features>
|
||||
<cpu mode="host-passthrough" check="none" migratable="on"/>
|
||||
<clock offset="utc">
|
||||
<timer name="rtc" tickpolicy="catchup"/>
|
||||
<timer name="pit" tickpolicy="delay"/>
|
||||
<timer name="hpet" present="no"/>
|
||||
</clock>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<pm>
|
||||
<suspend-to-mem enabled="no"/>
|
||||
<suspend-to-disk enabled="no"/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type="file" device="disk">
|
||||
<driver name="qemu" type="raw"/>
|
||||
<source file="/srv/vmverse/installation/trisquel-netinst_11.0_amd64.iso"/>
|
||||
<target dev="sda" bus="usb" removable="on"/>
|
||||
<readonly/>
|
||||
<address type="usb" bus="0" port="1"/>
|
||||
</disk>
|
||||
<controller type="usb" index="0" model="ich9-ehci1">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x7"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci1">
|
||||
<master startport="0"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0" multifunction="on"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci2">
|
||||
<master startport="2"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x1"/>
|
||||
</controller>
|
||||
<controller type="usb" index="0" model="ich9-uhci3">
|
||||
<master startport="4"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x2"/>
|
||||
</controller>
|
||||
<controller type="pci" index="0" model="pci-root"/>
|
||||
<interface type="bridge">
|
||||
<source bridge="br0"/>
|
||||
<model type="virtio"/>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
|
||||
</interface>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="0">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="1">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="2">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<serial type="pty">
|
||||
<target type="isa-serial" port="3">
|
||||
<model name="isa-serial"/>
|
||||
</target>
|
||||
</serial>
|
||||
<console type="pty">
|
||||
<target type="serial" port="0"/>
|
||||
</console>
|
||||
<input type="keyboard" bus="ps2"/>
|
||||
<input type="mouse" bus="ps2"/>
|
||||
<graphics type="spice">
|
||||
<listen type="none"/>
|
||||
<gl enable="no"/>
|
||||
</graphics>
|
||||
<audio id="1" type="spice"/>
|
||||
<video>
|
||||
<model type="none"/>
|
||||
</video>
|
||||
<memballoon model="virtio">
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
|
||||
</memballoon>
|
||||
<rng model="virtio">
|
||||
<backend model="random">/dev/urandom</backend>
|
||||
<address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
|
||||
</rng>
|
||||
</devices>
|
||||
<seclabel type="dynamic" model="dac" relabel="yes"/>
|
||||
</domain>
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
# See /usr/include/linux/input-event-codes.h for the key <-> values
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 15 # TAB
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 46 # C
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 24 # O
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 49 # N
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 31 # S
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 24 # O
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 38 # L
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 18 # E
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 13 # =
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 20 # T
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 20 # T
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 21 # Y
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 58 # CAPSLOCK
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 31 # S
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 11 # 0
|
||||
virsh -c qemu:///system send-key gnutoo-trisquel-netinstall 28 # ENTER
|
Loading…
Reference in New Issue