refactor installer, add curiass system
This commit is contained in:
parent
26b671600e
commit
a1d30ad8f3
GPG key ID:
744AB800E383AE52
5 changed files with 218 additions and 248 deletions
|
|
@ -1,66 +1,38 @@
|
|||
(define-module (freya system)
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (gnu)
|
||||
#:use-module (gnu system setuid)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages avahi)
|
||||
#:use-module (gnu packages linux)
|
||||
#:use-module (gnu packages libusb)
|
||||
#:use-module (gnu packages shells)
|
||||
#:use-module (gnu packages tls)
|
||||
#:use-module (gnu packages gtk)
|
||||
#:use-module (gnu packages gl)
|
||||
#:use-module (gnu packages vpn)
|
||||
#:use-module (gnu packages security-token)
|
||||
#:use-module (gnu packages virtualization)
|
||||
#:use-module (gnu services)
|
||||
#:use-module (gnu services linux)
|
||||
#:use-module (gnu services authentication)
|
||||
#:use-module (gnu services security-token)
|
||||
#:use-module (gnu services cups)
|
||||
#:use-module (gnu services desktop)
|
||||
#:use-module (gnu services networking)
|
||||
#:use-module (gnu services xorg)
|
||||
#:use-module (gnu services ssh)
|
||||
#:use-module (gnu services nix)
|
||||
#:use-module (gnu services sound)
|
||||
#:use-module (gnu services docker)
|
||||
#:use-module (gnu services cups)
|
||||
#:use-module (gnu services dbus)
|
||||
#:use-module (gnu services avahi)
|
||||
#:use-module (gnu services linux)
|
||||
#:use-module (gnu services spice)
|
||||
#:use-module (gnu services docker)
|
||||
#:use-module (gnu services desktop)
|
||||
#:use-module (gnu services networking)
|
||||
#:use-module (gnu services security-token)
|
||||
#:use-module (gnu services virtualization)
|
||||
#:use-module (gnu system locale)
|
||||
#:use-module (gnu system setuid)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (nongnu packages linux)
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (freya bootloader uki)
|
||||
#:use-module (freya packages qt)
|
||||
#:use-module (freya packages certs)
|
||||
#:use-module (freya packages linux)
|
||||
#:use-module (freya packages qt)
|
||||
#:use-module (freya packages wm)
|
||||
#:use-module (freya packages pulseaudio)
|
||||
#:use-module (freya packages networking)
|
||||
#:use-module (freya packages virtualization))
|
||||
#:use-module (freya packages virtualization)
|
||||
#:use-module (freya bootloader uki))
|
||||
|
||||
;; locale
|
||||
|
||||
(define-public %freya-user-accounts
|
||||
(cons* (user-account
|
||||
(name "freya")
|
||||
(comment "Freya Murphy")
|
||||
(group "users")
|
||||
(home-directory "/home/freya")
|
||||
(shell (file-append zsh "/bin/zsh"))
|
||||
(supplementary-groups '("wheel"
|
||||
"audio"
|
||||
"lp"
|
||||
"docker"
|
||||
"plugdev"
|
||||
"libvirt"
|
||||
"kvm"
|
||||
"netdev"
|
||||
"video"
|
||||
"tty")))
|
||||
%base-user-accounts))
|
||||
|
||||
|
||||
(define-public %freya-locale
|
||||
(define-public %base-freya-locale
|
||||
(list (locale-definition
|
||||
(name "en_US.utf8")
|
||||
(source "en_US")
|
||||
|
|
@ -70,25 +42,68 @@
|
|||
(source "ja_JP")
|
||||
(charset "UTF-8"))))
|
||||
|
||||
;; user groups
|
||||
|
||||
(define-public %freya-base-packages
|
||||
(define %base-freya-user-groups (list "wheel"
|
||||
"audio"
|
||||
"video"
|
||||
"netdev"
|
||||
"tty"))
|
||||
|
||||
|
||||
(define %desktop-freya-user-groups
|
||||
(append
|
||||
;; append desktop freya groups
|
||||
(list "lp"
|
||||
"docker"
|
||||
"plugdev"
|
||||
"libvirt"
|
||||
"kvm")
|
||||
;; append base freya groups
|
||||
%base-freya-user-groups))
|
||||
|
||||
;; append guix and nonguix base packages
|
||||
;; user accounts
|
||||
|
||||
(define freya-user-accounts
|
||||
(lambda (groups)
|
||||
(cons* (user-account
|
||||
(name "freya")
|
||||
(comment "Freya Murphy")
|
||||
(uid 1000)
|
||||
(group "users")
|
||||
(shell (file-append zsh "/bin/zsh"))
|
||||
(home-directory "/home/freya")
|
||||
(create-home-directory? #t)
|
||||
(supplementary-groups groups))
|
||||
%base-user-accounts)))
|
||||
|
||||
(define-public %base-freya-user-accounts
|
||||
(freya-user-accounts %base-freya-user-groups))
|
||||
|
||||
(define-public %desktop-freya-user-accounts
|
||||
(freya-user-accounts %desktop-freya-user-groups))
|
||||
|
||||
;; packages
|
||||
|
||||
(define-public %virt-freya-packages
|
||||
(append
|
||||
;; append needed virt packages
|
||||
(specifications->packages (list ; video audio
|
||||
"mesa"
|
||||
"mesa-utils"
|
||||
|
||||
; firmware
|
||||
"sof-firmware"
|
||||
"amd-microcode"
|
||||
"v4l2loopback-linux-module"
|
||||
|
||||
; terrminal
|
||||
"alsa-utils"
|
||||
"vim"
|
||||
"neovim"
|
||||
|
||||
; file sys
|
||||
"parted"
|
||||
"gptfdisk"
|
||||
"ddrescue"
|
||||
"cryptsetup"
|
||||
"dosfstools"
|
||||
"btrfs-progs"
|
||||
"e2fsprogs"
|
||||
"f2fs-tools"
|
||||
; basic utils
|
||||
"curl"
|
||||
"htop"
|
||||
|
|
@ -107,18 +122,26 @@
|
|||
"ncurses"
|
||||
"jq"
|
||||
"openssl"))
|
||||
|
||||
;; append certs
|
||||
;; append freyanet certs
|
||||
(list freya-ca-certs)
|
||||
|
||||
;; append guix base packages
|
||||
%base-packages))
|
||||
|
||||
|
||||
(define-public %freya-packages
|
||||
(define-public %base-freya-packages
|
||||
(append
|
||||
;; append needed base packages
|
||||
(specifications->packages (list ; firmware
|
||||
"sof-firmware"
|
||||
"amd-microcode"
|
||||
"v4l2loopback-linux-module"))
|
||||
;; apend virt freya packages
|
||||
%virt-freya-packages))
|
||||
|
||||
;; append guix and nonguix packages
|
||||
|
||||
(define-public %desktop-freya-packages
|
||||
(append
|
||||
;; append needed desktop packages
|
||||
(specifications->packages (list ; gtk
|
||||
"wxwidgets"
|
||||
"gtk+"
|
||||
|
|
@ -126,13 +149,11 @@
|
|||
"gnome-themes-extra"
|
||||
"adwaita-icon-theme"
|
||||
"hicolor-icon-theme"
|
||||
|
||||
; wayland x11
|
||||
"wl-clipboard"
|
||||
"libx11"
|
||||
"xorg-server-xwayland"
|
||||
"xf86-video-qxl"
|
||||
|
||||
; video audio
|
||||
"glu"
|
||||
"libglvnd"
|
||||
|
|
@ -145,11 +166,9 @@
|
|||
"sdl2"
|
||||
"openal"
|
||||
"freealut"
|
||||
|
||||
; xdg
|
||||
"xdg-utils"
|
||||
"xdg-desktop-portal"
|
||||
|
||||
; system daemons
|
||||
"docker"
|
||||
"containerd"
|
||||
|
|
@ -159,74 +178,63 @@
|
|||
"brightnessctl"
|
||||
"wireguard-tools"
|
||||
"libpcap"
|
||||
|
||||
; fonts
|
||||
"font-fira-mono"
|
||||
"font-google-noto-sans-cjk"
|
||||
"font-jetbrains-mono"
|
||||
"font-dejavu"
|
||||
|
||||
; misc
|
||||
"qemu"))
|
||||
|
||||
;; append custom packages
|
||||
(list ; qt
|
||||
qt5-styleplugins
|
||||
qt6gtk2
|
||||
qt5-styleplugins
|
||||
qt6gtk2
|
||||
; bluetooth
|
||||
bluez-new
|
||||
; pactl
|
||||
pulseaudio-new
|
||||
; system
|
||||
virt-manager-ovmf)
|
||||
;; append base freya backages
|
||||
%base-freya-packages))
|
||||
|
||||
; bluetooth
|
||||
bluez-new
|
||||
;; services
|
||||
|
||||
; pactl
|
||||
pulseaudio-new
|
||||
|
||||
; system
|
||||
virt-manager-ovmf)
|
||||
|
||||
;; append freya base backages
|
||||
%freya-base-packages))
|
||||
|
||||
|
||||
(define-public %freya-base-services
|
||||
(define-public %base-freya-services
|
||||
(append
|
||||
|
||||
(list ; pam
|
||||
;; append needed base services
|
||||
(list ; mtp
|
||||
(simple-service 'mtp udev-service-type (list libmtp))
|
||||
; polkit
|
||||
polkit-wheel-service
|
||||
; font config
|
||||
fontconfig-file-system-service
|
||||
; networking
|
||||
(service ntp-service-type)
|
||||
(service network-manager-service-type)
|
||||
(service wpa-supplicant-service-type)
|
||||
(service modem-manager-service-type)
|
||||
(service usb-modeswitch-service-type)
|
||||
; dbus
|
||||
(service upower-service-type)
|
||||
(service polkit-service-type)
|
||||
(service pam-limits-service-type)
|
||||
(service elogind-service-type)
|
||||
(service dbus-root-service-type)
|
||||
; openssh
|
||||
(service openssh-service-type))
|
||||
;; append guix base services
|
||||
%base-services))
|
||||
|
||||
; base guix desktop services
|
||||
(modify-services %desktop-services
|
||||
(guix-service-type config =>
|
||||
(guix-configuration
|
||||
(inherit config)
|
||||
(substitute-urls
|
||||
(append (list "https://substitutes.nonguix.org")
|
||||
%default-substitute-urls))
|
||||
(authorized-keys
|
||||
(append (list (local-file "../../certs/non-guix.pub"))
|
||||
%default-authorized-guix-keys))))
|
||||
(udev-service-type config =>
|
||||
(udev-configuration
|
||||
(inherit config)))
|
||||
(delete pulseaudio-service-type)
|
||||
(delete gdm-service-type)
|
||||
(delete avahi-service-type)
|
||||
(delete alsa-service-type)
|
||||
(delete screen-locker-service-type))))
|
||||
|
||||
|
||||
(define-public %freya-services
|
||||
(define-public %desktop-freya-services
|
||||
(append
|
||||
%freya-base-services
|
||||
;; append needed desktop services
|
||||
(list ; nix
|
||||
(service nix-service-type)
|
||||
|
||||
; wirerguard
|
||||
(simple-service 'wireguard-module
|
||||
kernel-module-loader-service-type
|
||||
'("wireguard"))
|
||||
|
||||
; printing
|
||||
(service cups-service-type
|
||||
(cups-configuration
|
||||
|
|
@ -235,11 +243,9 @@
|
|||
(avahi-configuration
|
||||
(publish? #f)
|
||||
(publish-workstation? #f)))
|
||||
|
||||
; docker
|
||||
(service docker-service-type)
|
||||
(service containerd-service-type)
|
||||
|
||||
; libvirt
|
||||
(service libvirt-service-type
|
||||
(libvirt-configuration
|
||||
|
|
@ -248,58 +254,89 @@
|
|||
(tls-port "16555")))
|
||||
(service virtlog-service-type)
|
||||
(service spice-vdagent-service-type)
|
||||
|
||||
; audio
|
||||
; bluetooth
|
||||
(service bluetooth-service-type
|
||||
(bluetooth-configuration
|
||||
(bluez bluez-new)
|
||||
(experimental #t)
|
||||
(fast-connectable? #t)))
|
||||
|
||||
; yubikey
|
||||
(service pcscd-service-type)
|
||||
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))))
|
||||
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))
|
||||
;; append freya base services
|
||||
%base-freya-services))
|
||||
|
||||
;; setuid programs
|
||||
|
||||
(define-public %freya-setuid-programs
|
||||
(append (list ; doas
|
||||
(file-like->setuid-program
|
||||
(file-append
|
||||
(specification->package "opendoas")
|
||||
"/bin/doas")))
|
||||
; base setuid programs
|
||||
%setuid-programs))
|
||||
(define-public %base-freya-setuid-programs
|
||||
(append
|
||||
;; append needed setuid programs
|
||||
(list ; doas
|
||||
(file-like->setuid-program
|
||||
(file-append
|
||||
(specification->package "opendoas")
|
||||
"/bin/doas")))
|
||||
;; append guix setuid programs
|
||||
%setuid-programs))
|
||||
|
||||
;; file systems
|
||||
|
||||
(define-public %freya-file-systems
|
||||
(define-public %base-freya-file-systems
|
||||
(cons*
|
||||
; /tmp
|
||||
;; /tmp
|
||||
(file-system
|
||||
(mount-point "/tmp")
|
||||
(device "none")
|
||||
(type "tmpfs")
|
||||
(check? #f))
|
||||
;; append guix base file systems
|
||||
%base-file-systems))
|
||||
|
||||
;; firmware
|
||||
|
||||
(define-public base-operating-system
|
||||
(operating-system
|
||||
(kernel linux-6.11)
|
||||
(firmware (list linux-firmware
|
||||
amd-microcode
|
||||
sof-firmware))
|
||||
(locale "en_US.UTF-8")
|
||||
(locale-definitions %freya-locale)
|
||||
(timezone "America/New_York")
|
||||
(keyboard-layout (keyboard-layout "us"))
|
||||
(host-name "ThisWillChange")
|
||||
(users %freya-user-accounts)
|
||||
(packages %freya-packages)
|
||||
(services %freya-services)
|
||||
(name-service-switch %mdns-host-lookup-nss)
|
||||
(setuid-programs %freya-setuid-programs)
|
||||
(file-systems %freya-file-systems)
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader uefi-uki-bootloader)
|
||||
(targets (list "/boot/efi"))
|
||||
(keyboard-layout keyboard-layout)))))
|
||||
(define-public %base-freya-firmware
|
||||
(append
|
||||
;; append needed base firmware
|
||||
(list linux-firmware
|
||||
sof-firmware
|
||||
amd-microcode)
|
||||
;; append guix base firmware
|
||||
%base-firmware))
|
||||
|
||||
;; operating system
|
||||
|
||||
(define-public %base-freya-operating-system
|
||||
(operating-system
|
||||
(kernel linux-6.11)
|
||||
(firmware %base-freya-firmware)
|
||||
(locale "en_US.UTF-8")
|
||||
(locale-definitions %base-freya-locale)
|
||||
(timezone "America/New_York")
|
||||
(keyboard-layout (keyboard-layout "us"))
|
||||
(host-name "guix")
|
||||
(users %base-freya-user-accounts)
|
||||
(packages %base-freya-packages)
|
||||
(services %base-freya-services)
|
||||
(name-service-switch %mdns-host-lookup-nss)
|
||||
(setuid-programs %base-freya-setuid-programs)
|
||||
(file-systems %base-freya-file-systems)
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader uefi-uki-bootloader)
|
||||
(targets (list "/boot/efi"))
|
||||
(keyboard-layout keyboard-layout)))))
|
||||
|
||||
|
||||
(define-public %virt-freya-operating-system
|
||||
(operating-system
|
||||
(inherit %base-freya-operating-system)
|
||||
(kernel linux-libre-lts)
|
||||
(firmware %base-firmware)
|
||||
(packages %virt-freya-packages)))
|
||||
|
||||
|
||||
(define-public %desktop-freya-operating-system
|
||||
(operating-system
|
||||
(inherit %base-freya-operating-system)
|
||||
(users %desktop-freya-user-accounts)
|
||||
(packages %desktop-freya-packages)
|
||||
(services %desktop-freya-services)))
|
||||
|
|
|
|||
24
systems/curiass.scm
Normal file
24
systems/curiass.scm
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
(use-modules (freya system)
|
||||
(gnu))
|
||||
|
||||
(operating-system
|
||||
(inherit %virt-freya-operating-system)
|
||||
(host-name "curiass")
|
||||
(initrd-modules (cons* "virtio_scsi"
|
||||
"mptspi"
|
||||
(operating-system-initrd-modules
|
||||
%virt-freya-operating-system)))
|
||||
(file-systems (cons* (file-system
|
||||
(mount-point "/")
|
||||
(device (uuid "be5f9a76-8295-4710-95b1-370ae3eb0d95"))
|
||||
(type "btrfs"))
|
||||
(file-system
|
||||
(mount-point "/boot")
|
||||
(device (uuid "ACB1-EE58"
|
||||
'fat32))
|
||||
(type "vfat"))
|
||||
(operating-system-file-systems
|
||||
%virt-freya-operating-system)))
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-bootloader)
|
||||
(target "/dev/sda"))))
|
||||
|
|
@ -1,110 +1,22 @@
|
|||
; base system for creating installer images
|
||||
|
||||
(use-modules (freya system)
|
||||
(gnu packages disk)
|
||||
(gnu packages linux)
|
||||
(gnu packages cryptsetup)
|
||||
(gnu packages file-systems)
|
||||
(gnu services shepherd)
|
||||
(guix modules)
|
||||
(freya services cow)
|
||||
(gnu))
|
||||
|
||||
; copy over installer disk utilites
|
||||
|
||||
(define %installer-disk-utilities
|
||||
(list parted gptfdisk ddrescue
|
||||
lvm2-static
|
||||
cryptsetup mdadm
|
||||
dosfstools
|
||||
btrfs-progs
|
||||
e2fsprogs
|
||||
f2fs-tools
|
||||
jfsutils
|
||||
xfsprogs))
|
||||
|
||||
; copy over cow store
|
||||
|
||||
(define %backing-directory
|
||||
;; Sub-directory used as the backing store for copy-on-write.
|
||||
"/tmp/guix-inst")
|
||||
|
||||
(define cow-store-service-type
|
||||
(shepherd-service-type
|
||||
'cow-store
|
||||
(lambda _
|
||||
(define (import-module? module)
|
||||
;; Since we don't use deduplication support in 'populate-store', don't
|
||||
;; import (guix store deduplication) and its dependencies, which
|
||||
;; includes Guile-Gcrypt.
|
||||
(and (guix-module-name? module)
|
||||
(not (equal? module '(guix store deduplication)))))
|
||||
|
||||
(shepherd-service
|
||||
(requirement '(root-file-system user-processes))
|
||||
(provision '(cow-store))
|
||||
(documentation
|
||||
"Make the store copy-on-write, with writes going to \
|
||||
the given target.")
|
||||
|
||||
;; This is meant to be explicitly started by the user.
|
||||
(auto-start? #f)
|
||||
|
||||
(modules `((gnu build install)
|
||||
,@%default-modules))
|
||||
(start
|
||||
(with-imported-modules (source-module-closure
|
||||
'((gnu build install))
|
||||
#:select? import-module?)
|
||||
#~(case-lambda
|
||||
((target)
|
||||
(mount-cow-store target #$%backing-directory)
|
||||
target)
|
||||
(else
|
||||
;; Do nothing, and mark the service as stopped.
|
||||
#f))))
|
||||
(stop #~(lambda (target)
|
||||
;; Delete the temporary directory, but leave everything
|
||||
;; mounted as there may still be processes using it since
|
||||
;; 'user-processes' doesn't depend on us. The 'user-file-systems'
|
||||
;; service will unmount TARGET eventually.
|
||||
(delete-file-recursively
|
||||
(string-append target #$%backing-directory))))))
|
||||
(description "Make the store copy-on-write, with writes going to \
|
||||
the given target.")))
|
||||
|
||||
(define (cow-store-service)
|
||||
"Return a service that makes the store copy-on-write, such that writes go to
|
||||
the user's target storage device rather than on the RAM disk."
|
||||
;; See <http://bugs.gnu.org/18061> for the initial report.
|
||||
(service cow-store-service-type 'mooooh!))
|
||||
|
||||
; installer system
|
||||
|
||||
(operating-system
|
||||
(inherit base-operating-system)
|
||||
(inherit %base-freya-operating-system)
|
||||
(host-name "installer")
|
||||
|
||||
(file-systems
|
||||
(append %base-live-file-systems
|
||||
%base-file-systems))
|
||||
|
||||
(users (list (user-account
|
||||
(name "root")
|
||||
(group "root")
|
||||
(supplementary-groups '("wheel")) ; allow use of sudo
|
||||
(password "")
|
||||
(comment "root"))))
|
||||
|
||||
(file-systems (append %base-live-file-systems
|
||||
%base-file-systems))
|
||||
(pam-services
|
||||
;; Explicitly allow for empty passwords.
|
||||
(base-pam-services #:allow-empty-passwords? #t))
|
||||
|
||||
(packages (append %installer-disk-utilities
|
||||
%freya-base-packages))
|
||||
|
||||
(services (append %freya-base-services
|
||||
(list (cow-store-service))))
|
||||
|
||||
(services (cons* (cow-store-service)
|
||||
(operating-system-services
|
||||
%base-freya-operating-system)))
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-bootloader)
|
||||
(targets '("/dev/sda")))))
|
||||
|
|
|
|||
|
|
@ -2,15 +2,13 @@
|
|||
(gnu))
|
||||
|
||||
(operating-system
|
||||
(inherit base-operating-system)
|
||||
(inherit %desktop-freya-operating-system)
|
||||
(host-name "kaworu")
|
||||
|
||||
(mapped-devices (list (mapped-device
|
||||
(source (uuid
|
||||
"89257280-202b-4565-b832-89f160d5e4e2"))
|
||||
(target "cryptroot")
|
||||
(type luks-device-mapping))))
|
||||
|
||||
(file-systems (cons* (file-system
|
||||
(mount-point "/")
|
||||
(device "/dev/mapper/cryptroot")
|
||||
|
|
@ -21,4 +19,5 @@
|
|||
(device (uuid "099A-D668"
|
||||
'fat32))
|
||||
(type "vfat"))
|
||||
%freya-file-systems)))
|
||||
(operating-system-file-systems
|
||||
%desktop-freya-operating-system))))
|
||||
|
|
|
|||
|
|
@ -2,19 +2,16 @@
|
|||
(gnu))
|
||||
|
||||
(operating-system
|
||||
(inherit base-operating-system)
|
||||
(inherit %desktop-freya-operating-system)
|
||||
(host-name "shinji")
|
||||
|
||||
(mapped-devices (list (mapped-device
|
||||
(source (uuid
|
||||
"ad489bfa-4280-44ea-8ad2-60347b516d60"))
|
||||
(target "root")
|
||||
(type luks-device-mapping))))
|
||||
|
||||
(swap-devices (list (swap-space
|
||||
(target (uuid
|
||||
"57caa02d-8569-43e3-8bf9-09dd6f02b191")))))
|
||||
|
||||
(file-systems (cons* (file-system
|
||||
(mount-point "/")
|
||||
(device "/dev/mapper/root")
|
||||
|
|
@ -25,4 +22,5 @@
|
|||
(device (uuid "6F93-6A0B"
|
||||
'fat32))
|
||||
(type "vfat"))
|
||||
%freya-file-systems)))
|
||||
(operating-system-file-systems
|
||||
%desktop-freya-operating-system))))
|
||||
|
|
|
|||
Loading…
Reference in a new issue