From a1d30ad8f36c54115c25ccb730748bfc6046d727 Mon Sep 17 00:00:00 2001 From: Freya Murphy Date: Tue, 22 Oct 2024 21:02:08 -0400 Subject: [PATCH] refactor installer, add curiass system --- modules/freya/system.scm | 325 ++++++++++++++++++++++----------------- systems/curiass.scm | 24 +++ systems/installer.scm | 102 +----------- systems/kaworu.scm | 7 +- systems/shinji.scm | 8 +- 5 files changed, 218 insertions(+), 248 deletions(-) create mode 100644 systems/curiass.scm diff --git a/modules/freya/system.scm b/modules/freya/system.scm index 5e1232b..161fa3b 100644 --- a/modules/freya/system.scm +++ b/modules/freya/system.scm @@ -1,66 +1,38 @@ (define-module (freya system) + #:use-module (srfi srfi-1) #:use-module (gnu) - #:use-module (gnu system setuid) #:use-module (gnu packages) - #:use-module (gnu packages admin) - #:use-module (gnu packages avahi) + #:use-module (gnu packages linux) + #:use-module (gnu packages libusb) #:use-module (gnu packages shells) - #:use-module (gnu packages tls) - #:use-module (gnu packages gtk) - #:use-module (gnu packages gl) - #:use-module (gnu packages vpn) #:use-module (gnu packages security-token) - #:use-module (gnu packages virtualization) #:use-module (gnu services) - #:use-module (gnu services linux) - #:use-module (gnu services authentication) - #:use-module (gnu services security-token) - #:use-module (gnu services cups) - #:use-module (gnu services desktop) - #:use-module (gnu services networking) - #:use-module (gnu services xorg) #:use-module (gnu services ssh) #:use-module (gnu services nix) - #:use-module (gnu services sound) - #:use-module (gnu services docker) + #:use-module (gnu services cups) + #:use-module (gnu services dbus) #:use-module (gnu services avahi) + #:use-module (gnu services linux) #:use-module (gnu services spice) + #:use-module (gnu services docker) + #:use-module (gnu services desktop) + #:use-module (gnu services networking) + #:use-module (gnu services security-token) #:use-module (gnu services virtualization) #:use-module (gnu system locale) + #:use-module (gnu system setuid) #:use-module (guix packages) #:use-module (nongnu packages linux) - #:use-module (srfi srfi-1) - #:use-module (freya bootloader uki) + #:use-module (freya packages qt) #:use-module (freya packages certs) #:use-module (freya packages linux) - #:use-module (freya packages qt) - #:use-module (freya packages wm) #:use-module (freya packages pulseaudio) - #:use-module (freya packages networking) - #:use-module (freya packages virtualization)) + #:use-module (freya packages virtualization) + #:use-module (freya bootloader uki)) +;; locale -(define-public %freya-user-accounts - (cons* (user-account - (name "freya") - (comment "Freya Murphy") - (group "users") - (home-directory "/home/freya") - (shell (file-append zsh "/bin/zsh")) - (supplementary-groups '("wheel" - "audio" - "lp" - "docker" - "plugdev" - "libvirt" - "kvm" - "netdev" - "video" - "tty"))) - %base-user-accounts)) - - -(define-public %freya-locale +(define-public %base-freya-locale (list (locale-definition (name "en_US.utf8") (source "en_US") @@ -70,25 +42,68 @@ (source "ja_JP") (charset "UTF-8")))) +;; user groups -(define-public %freya-base-packages +(define %base-freya-user-groups (list "wheel" + "audio" + "video" + "netdev" + "tty")) + + +(define %desktop-freya-user-groups (append + ;; append desktop freya groups + (list "lp" + "docker" + "plugdev" + "libvirt" + "kvm") + ;; append base freya groups + %base-freya-user-groups)) - ;; append guix and nonguix base packages +;; user accounts + +(define freya-user-accounts + (lambda (groups) + (cons* (user-account + (name "freya") + (comment "Freya Murphy") + (uid 1000) + (group "users") + (shell (file-append zsh "/bin/zsh")) + (home-directory "/home/freya") + (create-home-directory? #t) + (supplementary-groups groups)) + %base-user-accounts))) + +(define-public %base-freya-user-accounts + (freya-user-accounts %base-freya-user-groups)) + +(define-public %desktop-freya-user-accounts + (freya-user-accounts %desktop-freya-user-groups)) + +;; packages + +(define-public %virt-freya-packages + (append + ;; append needed virt packages (specifications->packages (list ; video audio "mesa" "mesa-utils" - - ; firmware - "sof-firmware" - "amd-microcode" - "v4l2loopback-linux-module" - ; terrminal "alsa-utils" "vim" "neovim" - + ; file sys + "parted" + "gptfdisk" + "ddrescue" + "cryptsetup" + "dosfstools" + "btrfs-progs" + "e2fsprogs" + "f2fs-tools" ; basic utils "curl" "htop" @@ -107,18 +122,26 @@ "ncurses" "jq" "openssl")) - - ;; append certs + ;; append freyanet certs (list freya-ca-certs) - ;; append guix base packages %base-packages)) -(define-public %freya-packages +(define-public %base-freya-packages (append + ;; append needed base packages + (specifications->packages (list ; firmware + "sof-firmware" + "amd-microcode" + "v4l2loopback-linux-module")) + ;; apend virt freya packages + %virt-freya-packages)) - ;; append guix and nonguix packages + +(define-public %desktop-freya-packages + (append + ;; append needed desktop packages (specifications->packages (list ; gtk "wxwidgets" "gtk+" @@ -126,13 +149,11 @@ "gnome-themes-extra" "adwaita-icon-theme" "hicolor-icon-theme" - ; wayland x11 "wl-clipboard" "libx11" "xorg-server-xwayland" "xf86-video-qxl" - ; video audio "glu" "libglvnd" @@ -145,11 +166,9 @@ "sdl2" "openal" "freealut" - ; xdg "xdg-utils" "xdg-desktop-portal" - ; system daemons "docker" "containerd" @@ -159,74 +178,63 @@ "brightnessctl" "wireguard-tools" "libpcap" - ; fonts "font-fira-mono" "font-google-noto-sans-cjk" "font-jetbrains-mono" "font-dejavu" - ; misc "qemu")) - ;; append custom packages (list ; qt - qt5-styleplugins - qt6gtk2 + qt5-styleplugins + qt6gtk2 + ; bluetooth + bluez-new + ; pactl + pulseaudio-new + ; system + virt-manager-ovmf) + ;; append base freya backages + %base-freya-packages)) - ; bluetooth - bluez-new +;; services - ; pactl - pulseaudio-new - - ; system - virt-manager-ovmf) - - ;; append freya base backages - %freya-base-packages)) - - -(define-public %freya-base-services +(define-public %base-freya-services (append - - (list ; pam + ;; append needed base services + (list ; mtp + (simple-service 'mtp udev-service-type (list libmtp)) + ; polkit + polkit-wheel-service + ; font config + fontconfig-file-system-service + ; networking + (service ntp-service-type) + (service network-manager-service-type) + (service wpa-supplicant-service-type) + (service modem-manager-service-type) + (service usb-modeswitch-service-type) + ; dbus + (service upower-service-type) + (service polkit-service-type) (service pam-limits-service-type) + (service elogind-service-type) + (service dbus-root-service-type) ; openssh (service openssh-service-type)) + ;; append guix base services + %base-services)) - ; base guix desktop services - (modify-services %desktop-services - (guix-service-type config => - (guix-configuration - (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org") - %default-substitute-urls)) - (authorized-keys - (append (list (local-file "../../certs/non-guix.pub")) - %default-authorized-guix-keys)))) - (udev-service-type config => - (udev-configuration - (inherit config))) - (delete pulseaudio-service-type) - (delete gdm-service-type) - (delete avahi-service-type) - (delete alsa-service-type) - (delete screen-locker-service-type)))) - - -(define-public %freya-services +(define-public %desktop-freya-services (append - %freya-base-services + ;; append needed desktop services (list ; nix (service nix-service-type) - ; wirerguard (simple-service 'wireguard-module kernel-module-loader-service-type '("wireguard")) - ; printing (service cups-service-type (cups-configuration @@ -235,11 +243,9 @@ (avahi-configuration (publish? #f) (publish-workstation? #f))) - ; docker (service docker-service-type) (service containerd-service-type) - ; libvirt (service libvirt-service-type (libvirt-configuration @@ -248,58 +254,89 @@ (tls-port "16555"))) (service virtlog-service-type) (service spice-vdagent-service-type) - - ; audio + ; bluetooth (service bluetooth-service-type (bluetooth-configuration (bluez bluez-new) (experimental #t) (fast-connectable? #t))) - ; yubikey (service pcscd-service-type) - (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))))) + (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))) + ;; append freya base services + %base-freya-services)) +;; setuid programs -(define-public %freya-setuid-programs - (append (list ; doas - (file-like->setuid-program - (file-append - (specification->package "opendoas") - "/bin/doas"))) - ; base setuid programs - %setuid-programs)) +(define-public %base-freya-setuid-programs + (append + ;; append needed setuid programs + (list ; doas + (file-like->setuid-program + (file-append + (specification->package "opendoas") + "/bin/doas"))) + ;; append guix setuid programs + %setuid-programs)) +;; file systems -(define-public %freya-file-systems +(define-public %base-freya-file-systems (cons* - ; /tmp + ;; /tmp (file-system (mount-point "/tmp") (device "none") (type "tmpfs") (check? #f)) + ;; append guix base file systems %base-file-systems)) +;; firmware -(define-public base-operating-system - (operating-system - (kernel linux-6.11) - (firmware (list linux-firmware - amd-microcode - sof-firmware)) - (locale "en_US.UTF-8") - (locale-definitions %freya-locale) - (timezone "America/New_York") - (keyboard-layout (keyboard-layout "us")) - (host-name "ThisWillChange") - (users %freya-user-accounts) - (packages %freya-packages) - (services %freya-services) - (name-service-switch %mdns-host-lookup-nss) - (setuid-programs %freya-setuid-programs) - (file-systems %freya-file-systems) - (bootloader (bootloader-configuration - (bootloader uefi-uki-bootloader) - (targets (list "/boot/efi")) - (keyboard-layout keyboard-layout))))) +(define-public %base-freya-firmware + (append + ;; append needed base firmware + (list linux-firmware + sof-firmware + amd-microcode) + ;; append guix base firmware + %base-firmware)) + +;; operating system + +(define-public %base-freya-operating-system + (operating-system + (kernel linux-6.11) + (firmware %base-freya-firmware) + (locale "en_US.UTF-8") + (locale-definitions %base-freya-locale) + (timezone "America/New_York") + (keyboard-layout (keyboard-layout "us")) + (host-name "guix") + (users %base-freya-user-accounts) + (packages %base-freya-packages) + (services %base-freya-services) + (name-service-switch %mdns-host-lookup-nss) + (setuid-programs %base-freya-setuid-programs) + (file-systems %base-freya-file-systems) + (bootloader (bootloader-configuration + (bootloader uefi-uki-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))))) + + +(define-public %virt-freya-operating-system + (operating-system + (inherit %base-freya-operating-system) + (kernel linux-libre-lts) + (firmware %base-firmware) + (packages %virt-freya-packages))) + + +(define-public %desktop-freya-operating-system + (operating-system + (inherit %base-freya-operating-system) + (users %desktop-freya-user-accounts) + (packages %desktop-freya-packages) + (services %desktop-freya-services))) diff --git a/systems/curiass.scm b/systems/curiass.scm new file mode 100644 index 0000000..cf6d04e --- /dev/null +++ b/systems/curiass.scm @@ -0,0 +1,24 @@ +(use-modules (freya system) + (gnu)) + +(operating-system + (inherit %virt-freya-operating-system) + (host-name "curiass") + (initrd-modules (cons* "virtio_scsi" + "mptspi" + (operating-system-initrd-modules + %virt-freya-operating-system))) + (file-systems (cons* (file-system + (mount-point "/") + (device (uuid "be5f9a76-8295-4710-95b1-370ae3eb0d95")) + (type "btrfs")) + (file-system + (mount-point "/boot") + (device (uuid "ACB1-EE58" + 'fat32)) + (type "vfat")) + (operating-system-file-systems + %virt-freya-operating-system))) + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sda")))) diff --git a/systems/installer.scm b/systems/installer.scm index 0fa161c..74fe087 100644 --- a/systems/installer.scm +++ b/systems/installer.scm @@ -1,110 +1,22 @@ ; base system for creating installer images (use-modules (freya system) - (gnu packages disk) - (gnu packages linux) - (gnu packages cryptsetup) - (gnu packages file-systems) - (gnu services shepherd) - (guix modules) + (freya services cow) (gnu)) -; copy over installer disk utilites - -(define %installer-disk-utilities - (list parted gptfdisk ddrescue - lvm2-static - cryptsetup mdadm - dosfstools - btrfs-progs - e2fsprogs - f2fs-tools - jfsutils - xfsprogs)) - -; copy over cow store - -(define %backing-directory - ;; Sub-directory used as the backing store for copy-on-write. - "/tmp/guix-inst") - -(define cow-store-service-type - (shepherd-service-type - 'cow-store - (lambda _ - (define (import-module? module) - ;; Since we don't use deduplication support in 'populate-store', don't - ;; import (guix store deduplication) and its dependencies, which - ;; includes Guile-Gcrypt. - (and (guix-module-name? module) - (not (equal? module '(guix store deduplication))))) - - (shepherd-service - (requirement '(root-file-system user-processes)) - (provision '(cow-store)) - (documentation - "Make the store copy-on-write, with writes going to \ -the given target.") - - ;; This is meant to be explicitly started by the user. - (auto-start? #f) - - (modules `((gnu build install) - ,@%default-modules)) - (start - (with-imported-modules (source-module-closure - '((gnu build install)) - #:select? import-module?) - #~(case-lambda - ((target) - (mount-cow-store target #$%backing-directory) - target) - (else - ;; Do nothing, and mark the service as stopped. - #f)))) - (stop #~(lambda (target) - ;; Delete the temporary directory, but leave everything - ;; mounted as there may still be processes using it since - ;; 'user-processes' doesn't depend on us. The 'user-file-systems' - ;; service will unmount TARGET eventually. - (delete-file-recursively - (string-append target #$%backing-directory)))))) - (description "Make the store copy-on-write, with writes going to \ -the given target."))) - -(define (cow-store-service) - "Return a service that makes the store copy-on-write, such that writes go to -the user's target storage device rather than on the RAM disk." - ;; See for the initial report. - (service cow-store-service-type 'mooooh!)) - ; installer system (operating-system - (inherit base-operating-system) + (inherit %base-freya-operating-system) (host-name "installer") - - (file-systems - (append %base-live-file-systems - %base-file-systems)) - - (users (list (user-account - (name "root") - (group "root") - (supplementary-groups '("wheel")) ; allow use of sudo - (password "") - (comment "root")))) - + (file-systems (append %base-live-file-systems + %base-file-systems)) (pam-services ;; Explicitly allow for empty passwords. (base-pam-services #:allow-empty-passwords? #t)) - - (packages (append %installer-disk-utilities - %freya-base-packages)) - - (services (append %freya-base-services - (list (cow-store-service)))) - + (services (cons* (cow-store-service) + (operating-system-services + %base-freya-operating-system))) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sda"))))) diff --git a/systems/kaworu.scm b/systems/kaworu.scm index f254f6f..77625de 100644 --- a/systems/kaworu.scm +++ b/systems/kaworu.scm @@ -2,15 +2,13 @@ (gnu)) (operating-system - (inherit base-operating-system) + (inherit %desktop-freya-operating-system) (host-name "kaworu") - (mapped-devices (list (mapped-device (source (uuid "89257280-202b-4565-b832-89f160d5e4e2")) (target "cryptroot") (type luks-device-mapping)))) - (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/cryptroot") @@ -21,4 +19,5 @@ (device (uuid "099A-D668" 'fat32)) (type "vfat")) - %freya-file-systems))) + (operating-system-file-systems + %desktop-freya-operating-system)))) diff --git a/systems/shinji.scm b/systems/shinji.scm index 3a48ea7..54b21ec 100644 --- a/systems/shinji.scm +++ b/systems/shinji.scm @@ -2,19 +2,16 @@ (gnu)) (operating-system - (inherit base-operating-system) + (inherit %desktop-freya-operating-system) (host-name "shinji") - (mapped-devices (list (mapped-device (source (uuid "ad489bfa-4280-44ea-8ad2-60347b516d60")) (target "root") (type luks-device-mapping)))) - (swap-devices (list (swap-space (target (uuid "57caa02d-8569-43e3-8bf9-09dd6f02b191"))))) - (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/root") @@ -25,4 +22,5 @@ (device (uuid "6F93-6A0B" 'fat32)) (type "vfat")) - %freya-file-systems))) + (operating-system-file-systems + %desktop-freya-operating-system))))