[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (gnu bootloader u-boot)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (gnu services shepherd)
  #:use-module (gnu services ssh)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages nvi)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (installation-os
            a20-olinuxino-lime-installation-os
            a20-olinuxino-lime2-emmc-installation-os
            a20-olinuxino-micro-installation-os
            banana-pi-m2-ultra-installation-os
            beaglebone-black-installation-os
            mx6cuboxi-installation-os
            nintendo-nes-classic-edition-installation-os))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (program-file "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$info-reader "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      ;; Bind-mount TARGET's /tmp in case we need space to build things.
      (let ((tmpdir (string-append #$target "/tmp")))
        (mkdir-p tmpdir)
        (mount tmpdir "/tmp" "none" MS_BIND))

      (let* ((rw-dir (string-append target #$%backing-directory))
             (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
        (mkdir-p rw-dir)
        (mkdir-p work-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the overlay, then atomically make it the store.
        (mount "none" "/.rw-store" "overlay" 0
               (string-append "lowerdir=" #$(%store-prefix) ","
                              "upperdir=" rw-dir ","
                              "workdir=" work-dir))
        (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
        (rmdir "/.rw-store"))))

(define cow-store-service-type
  (shepherd-service-type
   'cow-store
   (lambda _
     (shepherd-service
      (requirement '(root-file-system user-processes))
      (provision '(cow-store))
      (documentation
       "Make the store copy-on-write, with writes going to \
the given target.")

      ;; This is meant to be explicitly started by the user.
      (auto-start? #f)

      (start #~(case-lambda
                 ((target)
                  #$(make-cow-store #~target)
                  target)
                 (else
                  ;; Do nothing, and mark the service as stopped.
                  #f)))
      (stop #~(lambda (target)
                ;; Delete the temporary directory, but leave everything
                ;; mounted as there may still be processes using it since
                ;; 'user-processes' doesn't depend on us.  The 'user-file-systems'
                ;; service will unmount TARGET eventually.
                (delete-file-recursively
                 (string-append target #$%backing-directory))))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (service cow-store-service-type 'mooooh!))


(define (/etc/configuration-files _)
  "Return a list of tuples representing configuration templates to add to
/etc."
  (define (file f)
    (local-file (string-append "examples/" f)))

  (define directory
    (computed-file "configuration-templates"
                   (with-imported-modules '((guix build utils))
                     #~(begin
                         (mkdir #$output)
                         (for-each (lambda (file target)
                                     (copy-file file
                                                (string-append #$output "/"
                                                               target)))
                                   '(#$(file "bare-bones.tmpl")
                                     #$(file "beaglebone-black.tmpl")
                                     #$(file "desktop.tmpl")
                                     #$(file "lightweight-desktop.tmpl"))
                                   '("bare-bones.scm"
                                     "beaglebone-black.scm"
                                     "desktop.scm"
                                     "lightweight-desktop.scm"))
                         #t))))

  `(("configuration" ,directory)))

(define configuration-template-service-type
  (service-type (name 'configuration-template)
                (extensions
                 (list (service-extension etc-service-type
                                          /etc/configuration-files)))))

(define %configuration-template-service
  (service configuration-template-service-type #t))


(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))

                    ;; Do not cache lookup failures at all since they are
                    ;; quite likely (for instance when someone tries to ping a
                    ;; host before networking is functional.)
                    (negative-time-to-live 0)

                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define %installation-services
  ;; List of services of the installation system.
  (let ((motd (plain-file "motd" "
\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m

\x1b[2mThere is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is 'beta' software, so it may contain bugs.

You have been warned.  Thanks for being so brave.\x1b[0m
")))
    (define (normal-tty tty)
      (mingetty-service (mingetty-configuration (tty tty)
                                                (auto-login "root")
                                                (login-pause? #t))))

    (define bare-bones-os
      (load "examples/bare-bones.tmpl"))

    (list (service virtual-terminal-service-type)

          (mingetty-service (mingetty-configuration
                             (tty "tty1")
                             (auto-login "root")))

          (login-service (login-configuration
                          (motd motd)))

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service (mingetty-configuration
                             (tty "tty2")
                             (auto-login "guest")
                             (login-program (log-to-info))))

          ;; Documentation add-on.
          %configuration-template-service

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service (guix-configuration (authorize-key? #t)))

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.  Use a font that
          ;; doesn't have more than 256 glyphs so that we can use colors with
          ;; varying brightness levels (see note in setfont(8)).
          (service console-font-service-type
                   (map (lambda (tty)
                          (cons tty "lat9u-16"))
                        '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))

          ;; To facilitate copy/paste.
          (gpm-service)

          ;; Add an SSH server to facilitate remote installs.
          (service openssh-service-type
                   (openssh-configuration
                    (port-number 22)
                    (permit-root-login #t)
                    ;; The root account is passwordless, so make sure
                    ;; a password is set before allowing logins.
                    (allow-empty-passwords? #f)
                    (password-authentication? #t)

                    ;; Don't start it upfront.
                    (%auto-start? #f)))

          ;; Since this is running on a USB stick with a overlayfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches)))

          ;; Having /bin/sh is a good idea.  In particular it allows Tramp
          ;; connections to this system to work.
          (service special-files-service-type
                   `(("/bin/sh" ,(file-append (canonical-package bash)
                                              "/bin/sh"))))

          ;; Keep a reference to BARE-BONES-OS to make sure it can be
          ;; installed without downloading/building anything.  Also keep the
          ;; things needed by 'profile-derivation' to minimize the amount of
          ;; download.
          (service gc-root-service-type
                   (list bare-bones-os
                         glibc-utf8-locales
                         texinfo
                         (canonical-package guile-2.2))))))

(define %issue
  ;; Greeting.
  "
\x1b[1;37mThis is an installation image of the GNU system.  Welcome.\x1b[0m

\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (bootloader-configuration
                 (bootloader grub-bootloader)
                 (target "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons* (file-system
              (mount-point "/")
              (device "GuixSD_image")
              (title 'label)
              (type "ext4"))

            ;; Make /tmp a tmpfs instead of keeping the overlayfs.  This
            ;; originally was used for unionfs because FUSE creates
            ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
            ;; Guix's test suite, for instance (see
            ;; <http://bugs.gnu.org/23056>).  We keep this for overlayfs to be
            ;; on the safe side.
            (file-system
              (mount-point "/tmp")
              (device "none")
              (title 'device)
              (type "tmpfs")
              (check? #f))

            ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
            ;; elogind's cgroup file systems.
            (list %pseudo-terminal-file-system
                  %shared-memory-file-system
                  %immutable-store)))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel")) ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)
    (services %installation-services)

    ;; We don't need setuid programs, except for 'passwd', which can be handy
    ;; if one is to allow remote SSH login to the machine being installed.
    (setuid-programs (list (file-append shadow "/bin/passwd")))

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
                     parted gptfdisk ddrescue
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     mdadm
                     dosfstools         ;mkfs.fat, for the UEFI boot partition
                     btrfs-progs
                     openssh    ;we already have sshd, having ssh/scp can help
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     nvi                          ;:wq!
                     %base-packages))))

(define* (embedded-installation-os bootloader bootloader-target tty
                                   #:key (extra-modules '()))
  "Return an installation os for embedded systems.
The initrd gets the extra modules EXTRA-MODULES.
A getty is provided on TTY.
The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
  (operating-system
    (inherit installation-os)
    (bootloader (bootloader-configuration
                 (bootloader bootloader)
                 (target bootloader-target)))
    (kernel linux-libre)
    (kernel-arguments
     (cons (string-append "console=" tty)
           (operating-system-user-kernel-arguments installation-os)))
    (initrd-modules (append extra-modules %base-initrd-modules))))

(define beaglebone-black-installation-os
  (embedded-installation-os u-boot-beaglebone-black-bootloader
                            "/dev/sda"
                            "ttyO0"
                            #:extra-modules
                            ;; This module is required to mount the sd card.
                            '("omap_hsmmc")))


(define a20-olinuxino-lime-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-lime-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define a20-olinuxino-lime2-emmc-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-lime2-bootloader
                            "/dev/mmcblk1" ; eMMC storage
                            "ttyS0"))

(define a20-olinuxino-micro-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-micro-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define banana-pi-m2-ultra-installation-os
  (embedded-installation-os u-boot-banana-pi-m2-ultra-bootloader
                            "/dev/mmcblk1" ; eMMC storage
                            "ttyS0"))

(define mx6cuboxi-installation-os
  (embedded-installation-os u-boot-mx6cuboxi-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttymxc0"))

(define nintendo-nes-classic-edition-installation-os
  (embedded-installation-os u-boot-nintendo-nes-classic-edition-bootloader
                            "/dev/mmcblk0" ; SD card (solder it yourself)
                            "ttyS0"))

;; Return the default os here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
bc499b11	2	;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
f0fbf2c1	4	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
c80cd4df	5	;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
fdfdecdb	6	;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
fc91c17a LC	7	;;;
	8	;;; This file is part of GNU Guix.
	9	;;;
	10	;;; GNU Guix is free software; you can redistribute it and/or modify it
	11	;;; under the terms of the GNU General Public License as published by
	12	;;; the Free Software Foundation; either version 3 of the License, or (at
	13	;;; your option) any later version.
	14	;;;
	15	;;; GNU Guix is distributed in the hope that it will be useful, but
	16	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	17	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	;;; GNU General Public License for more details.
	19	;;;
	20	;;; You should have received a copy of the GNU General Public License
	21	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	22
	23	(define-module (gnu system install)
	24	#:use-module (gnu)
ceb39527	25	#:use-module (gnu bootloader u-boot)
fc91c17a	26	#:use-module (guix gexp)
e87f0591	27	#:use-module (guix store)
fc91c17a	28	#:use-module (guix monads)
83a17b62	29	#:use-module ((guix store) #:select (%store-prefix))
0190c1c0	30	#:use-module (gnu services shepherd)
c80cd4df	31	#:use-module (gnu services ssh)
db84467a	32	#:use-module (gnu packages admin)
f4bdfe73	33	#:use-module (gnu packages bash)
862e38d5	34	#:use-module (gnu packages bootloaders)
af4a761e	35	#:use-module (gnu packages guile)
fc91c17a	36	#:use-module (gnu packages linux)
1e8d398a	37	#:use-module (gnu packages ssh)
b419c7f5	38	#:use-module (gnu packages cryptsetup)
fc91c17a	39	#:use-module (gnu packages package-management)
cc4a2aeb	40	#:use-module (gnu packages disk)
fc91c17a	41	#:use-module (gnu packages texinfo)
dd6b28d1	42	#:use-module (gnu packages compression)
a8cb87ab	43	#:use-module (gnu packages nvi)
e1fbc32a LC	44	#:use-module (ice-9 match)
e1fbc32a LC	45	#:use-module (srfi srfi-26)
ceb39527	46	#:export (installation-os
c55c6985	47	a20-olinuxino-lime-installation-os
4b9e9abb	48	a20-olinuxino-lime2-emmc-installation-os
a7bb327e	49	a20-olinuxino-micro-installation-os
30aeb846	50	banana-pi-m2-ultra-installation-os
84ee3378	51	beaglebone-black-installation-os
07ca9045	52	mx6cuboxi-installation-os
84ee3378	53	nintendo-nes-classic-edition-installation-os))
fc91c17a LC	54
	55	;;; Commentary:
	56	;;;
	57	;;; This module provides an 'operating-system' definition for use on images
	58	;;; for USB sticks etc., for the installation of the GNU system.
	59	;;;
	60	;;; Code:
	61
9d3fb6c7	62	\f
fc91c17a LC	63	(define (log-to-info)
	64	"Return a script that spawns the Info reader on the right section of the
	65	manual."
ce8a6dfc	66	(program-file "log-to-info"
dd6b28d1 LC	67	#~(begin
	68	;; 'gunzip' is needed to decompress the doc.
	69	(setenv "PATH" (string-append #$gzip "/bin"))
	70
68abb9b0	71	(execl (string-append #$info-reader "/bin/info") "info"
dd6b28d1 LC	72	"-d" "/run/current-system/profile/share/info"
	73	"-f" (string-append #$guix "/share/info/guix.info")
	74	"-n" "System Installation"))))
fc91c17a	75
83a17b62 LC	76	(define %backing-directory
	77	;; Sub-directory used as the backing store for copy-on-write.
	78	"/tmp/guix-inst")
	79
	80	(define (make-cow-store target)
	81	"Return a gexp that makes the store copy-on-write, using TARGET as the
	82	backing store. This is useful when TARGET is on a hard disk, whereas the
	83	current store is on a RAM disk."
83a17b62 LC	84
	85	(define (set-store-permissions directory)
	86	;; Set the right perms on DIRECTORY to use it as the store.
	87	#~(begin
	88	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	89	(chmod #$directory #o1775)))
	90
	91	#~(begin
0adabad7 LC	92	;; Bind-mount TARGET's /tmp in case we need space to build things.
	93	(let ((tmpdir (string-append #$target "/tmp")))
	94	(mkdir-p tmpdir)
	95	(mount tmpdir "/tmp" "none" MS_BIND))
	96
d9565f7d HG	97	(let* ((rw-dir (string-append target #$%backing-directory))
d9565f7d HG	98	(work-dir (string-append rw-dir "/../.overlayfs-workdir")))
83a17b62	99	(mkdir-p rw-dir)
d9565f7d	100	(mkdir-p work-dir)
83a17b62 LC	101	(mkdir-p "/.rw-store")
	102	#$(set-store-permissions #~rw-dir)
	103	#$(set-store-permissions "/.rw-store")
	104
d9565f7d HG	105	;; Mount the overlay, then atomically make it the store.
	106	(mount "none" "/.rw-store" "overlay" 0
	107	(string-append "lowerdir=" #$(%store-prefix) ","
	108	"upperdir=" rw-dir ","
	109	"workdir=" work-dir))
	110	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	111	(rmdir "/.rw-store"))))
83a17b62	112
0adfe95a	113	(define cow-store-service-type
d4053c71	114	(shepherd-service-type
00184239	115	'cow-store
0adfe95a	116	(lambda _
d4053c71	117	(shepherd-service
0adfe95a LC	118	(requirement '(root-file-system user-processes))
	119	(provision '(cow-store))
	120	(documentation
	121	"Make the store copy-on-write, with writes going to \
	122	the given target.")
	123
	124	;; This is meant to be explicitly started by the user.
	125	(auto-start? #f)
	126
	127	(start #~(case-lambda
	128	((target)
	129	#$(make-cow-store #~target)
	130	target)
	131	(else
	132	;; Do nothing, and mark the service as stopped.
	133	#f)))
	134	(stop #~(lambda (target)
	135	;; Delete the temporary directory, but leave everything
	136	;; mounted as there may still be processes using it since
6c445817	137	;; 'user-processes' doesn't depend on us. The 'user-file-systems'
0adfe95a LC	138	;; service will unmount TARGET eventually.
	139	(delete-file-recursively
	140	(string-append target #$%backing-directory))))))))
	141
83a17b62 LC	142	(define (cow-store-service)
	143	"Return a service that makes the store copy-on-write, such that writes go to
	144	the user's target storage device rather than on the RAM disk."
	145	;; See <http://bugs.gnu.org/18061> for the initial report.
0adfe95a LC	146	(service cow-store-service-type 'mooooh!))
	147
	148
	149	(define (/etc/configuration-files _)
	150	"Return a list of tuples representing configuration templates to add to
	151	/etc."
	152	(define (file f)
bae90dc7	153	(local-file (string-append "examples/" f)))
0adfe95a LC	154
	155	(define directory
	156	(computed-file "configuration-templates"
4ee96a79 LC	157	(with-imported-modules '((guix build utils))
	158	#~(begin
	159	(mkdir #$output)
	160	(for-each (lambda (file target)
	161	(copy-file file
	162	(string-append #$output "/"
	163	target)))
	164	'(#$(file "bare-bones.tmpl")
9f1e39d1	165	#$(file "beaglebone-black.tmpl")
4ee96a79 LC	166	#$(file "desktop.tmpl")
	167	#$(file "lightweight-desktop.tmpl"))
	168	'("bare-bones.scm"
9f1e39d1	169	"beaglebone-black.scm"
4ee96a79 LC	170	"desktop.scm"
	171	"lightweight-desktop.scm"))
	172	#t))))
0adfe95a LC	173
	174	`(("configuration" ,directory)))
	175
	176	(define configuration-template-service-type
	177	(service-type (name 'configuration-template)
	178	(extensions
	179	(list (service-extension etc-service-type
	180	/etc/configuration-files)))))
	181
	182	(define %configuration-template-service
	183	(service configuration-template-service-type #t))
be1c2c54	184
1dac8566	185
61ff0a3a LC	186	(define %nscd-minimal-caches
	187	;; Minimal in-memory caching policy for nscd.
	188	(list (nscd-cache (database 'hosts)
	189	(positive-time-to-live (* 3600 12))
c96ba2cf LC	190
	191	;; Do not cache lookup failures at all since they are
	192	;; quite likely (for instance when someone tries to ping a
	193	;; host before networking is functional.)
	194	(negative-time-to-live 0)
	195
61ff0a3a LC	196	(persistent? #f)
	197	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	198
58b21e1e LC	199	(define %installation-services
58b21e1e LC	200	;; List of services of the installation system.
ce8a6dfc	201	(let ((motd (plain-file "motd" "
8638362f	202	\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m
fc91c17a	203
8638362f	204	\x1b[2mThere is NO WARRANTY, to the extent permitted by law. In particular, you may
fc91c17a	205	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
c82c060d	206	it is 'beta' software, so it may contain bugs.
fc91c17a	207
8638362f	208	You have been warned. Thanks for being so brave.\x1b[0m
fc91c17a LC	209	")))
fc91c17a LC	210	(define (normal-tty tty)
66e4f01c	211	(mingetty-service (mingetty-configuration (tty tty)
66e4f01c LC	212	(auto-login "root")
66e4f01c LC	213	(login-pause? #t))))
fc91c17a	214
4e854b18 LC	215	(define bare-bones-os
	216	(load "examples/bare-bones.tmpl"))
	217
bb3062ad LC	218	(list (service virtual-terminal-service-type)
	219
	220	(mingetty-service (mingetty-configuration
66e4f01c	221	(tty "tty1")
66e4f01c	222	(auto-login "root")))
fc91c17a	223
2932ab9c DC	224	(login-service (login-configuration
	225	(motd motd)))
	226
62ca0fdf LC	227	;; Documentation. The manual is in UTF-8, but
	228	;; 'console-font-service' sets up Unicode support and loads a font
	229	;; with all the useful glyphs like em dash and quotation marks.
66e4f01c LC	230	(mingetty-service (mingetty-configuration
66e4f01c LC	231	(tty "tty2")
66e4f01c LC	232	(auto-login "guest")
66e4f01c LC	233	(login-program (log-to-info))))
fc91c17a	234
1dac8566	235	;; Documentation add-on.
0adfe95a	236	%configuration-template-service
1dac8566	237
fc91c17a LC	238	;; A bunch of 'root' ttys.
	239	(normal-tty "tty3")
	240	(normal-tty "tty4")
	241	(normal-tty "tty5")
	242	(normal-tty "tty6")
	243
	244	;; The usual services.
	245	(syslog-service)
2c5c696c LC	246
	247	;; The build daemon. Register the hydra.gnu.org key as trusted.
	248	;; This allows the installation process to use substitutes by
	249	;; default.
0adfe95a	250	(guix-service (guix-configuration (authorize-key? #t)))
2c5c696c	251
e11390df	252	;; Start udev so that useful device nodes are available.
68ac258b LC	253	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	254	;; regulations-compliant WiFi access.
	255	(udev-service #:rules (list lvm2 crda))
e11390df	256
83a17b62 LC	257	;; Add the 'cow-store' service, which users have to start manually
	258	;; since it takes the installation directory as an argument.
	259	(cow-store-service)
	260
8638362f LC	261	;; Install Unicode support and a suitable font. Use a font that
	262	;; doesn't have more than 256 glyphs so that we can use colors with
	263	;; varying brightness levels (see note in setfont(8)).
4a84a487 LC	264	(service console-font-service-type
4a84a487 LC	265	(map (lambda (tty)
8638362f	266	(cons tty "lat9u-16"))
4a84a487	267	'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
62ca0fdf	268
ae7ffa9e LC	269	;; To facilitate copy/paste.
	270	(gpm-service)
	271
c80cd4df MB	272	;; Add an SSH server to facilitate remote installs.
	273	(service openssh-service-type
	274	(openssh-configuration
	275	(port-number 22)
	276	(permit-root-login #t)
	277	;; The root account is passwordless, so make sure
	278	;; a password is set before allowing logins.
	279	(allow-empty-passwords? #f)
aab322d9 LC	280	(password-authentication? #t)
	281
	282	;; Don't start it upfront.
	283	(%auto-start? #f)))
c80cd4df	284
d9565f7d	285	;; Since this is running on a USB stick with a overlayfs as the root
61ff0a3a LC	286	;; file system, use an appropriate cache configuration.
61ff0a3a LC	287	(nscd-service (nscd-configuration
50cb948f LC	288	(caches %nscd-minimal-caches)))
	289
	290	;; Having /bin/sh is a good idea. In particular it allows Tramp
	291	;; connections to this system to work.
	292	(service special-files-service-type
	293	`(("/bin/sh" ,(file-append (canonical-package bash)
4e854b18 LC	294	"/bin/sh"))))
	295
	296	;; Keep a reference to BARE-BONES-OS to make sure it can be
af4a761e LC	297	;; installed without downloading/building anything. Also keep the
	298	;; things needed by 'profile-derivation' to minimize the amount of
	299	;; download.
	300	(service gc-root-service-type
	301	(list bare-bones-os
	302	glibc-utf8-locales
	303	texinfo
	304	(canonical-package guile-2.2))))))
fc91c17a LC	305
	306	(define %issue
	307	;; Greeting.
	308	"
8638362f	309	\x1b[1;37mThis is an installation image of the GNU system. Welcome.\x1b[0m
fc91c17a	310
8638362f	311	\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
fc91c17a LC	312	")
	313
	314	(define installation-os
	315	;; The operating system used on installation images for USB sticks etc.
	316	(operating-system
	317	(host-name "gnu")
	318	(timezone "Europe/Paris")
9cd0dfaa	319	(locale "en_US.utf8")
fdfdecdb TGR	320	(bootloader (bootloader-configuration
	321	(bootloader grub-bootloader)
	322	(target "/dev/sda")))
fc91c17a LC	323	(file-systems
	324	;; Note: the disk image build code overrides this root file system with
	325	;; the appropriate one.
ee03b75d LC	326	(cons* (file-system
ee03b75d LC	327	(mount-point "/")
0862b954	328	(device "GuixSD_image")
ee03b75d LC	329	(title 'label)
	330	(type "ext4"))
	331
d9565f7d HG	332	;; Make /tmp a tmpfs instead of keeping the overlayfs. This
	333	;; originally was used for unionfs because FUSE creates
	334	;; '.fuse_hiddenXYZ' files for each open file, and this confuses
	335	;; Guix's test suite, for instance (see
	336	;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
795ec760	337	;; on the safe side.
ee03b75d LC	338	(file-system
	339	(mount-point "/tmp")
	340	(device "none")
	341	(title 'device)
	342	(type "tmpfs")
	343	(check? #f))
	344
0feefb53 LC	345	;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
	346	;; elogind's cgroup file systems.
	347	(list %pseudo-terminal-file-system
	348	%shared-memory-file-system
	349	%immutable-store)))
fc91c17a LC	350
	351	(users (list (user-account
	352	(name "guest")
72507e23	353	(group "users")
ee03b75d	354	(supplementary-groups '("wheel")) ; allow use of sudo
fc91c17a LC	355	(password "")
	356	(comment "Guest of GNU")
	357	(home-directory "/home/guest"))))
fc91c17a LC	358
fc91c17a LC	359	(issue %issue)
58b21e1e	360	(services %installation-services)
fc91c17a	361
903ae630 LC	362	;; We don't need setuid programs, except for 'passwd', which can be handy
	363	;; if one is to allow remote SSH login to the machine being installed.
	364	(setuid-programs (list (file-append shadow "/bin/passwd")))
fc91c17a LC	365
	366	(pam-services
	367	;; Explicitly allow for empty passwords.
	368	(base-pam-services #:allow-empty-passwords? #t))
	369
a6312f1d	370	(packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
72524ae8	371	parted gptfdisk ddrescue
7eda0c56	372	grub ;mostly so xrefs to its manual work
b419c7f5	373	cryptsetup
f0fbf2c1	374	mdadm
f731529e	375	dosfstools ;mkfs.fat, for the UEFI boot partition
3a9cfba8	376	btrfs-progs
1e8d398a	377	openssh ;we already have sshd, having ssh/scp can help
1ce6f43a	378	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	379	;; XXX: We used to have GNU fdisk here, but as of version
	380	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	381	;; space; furthermore util-linux's fdisk is already
	382	;; available here, so we keep that.
f4bdfe73	383	bash-completion
a8cb87ab	384	nvi ;:wq!
6f436c54	385	%base-packages))))
fc91c17a	386
fccdc8c8 DM	387	(define* (embedded-installation-os bootloader bootloader-target tty
	388	#:key (extra-modules '()))
	389	"Return an installation os for embedded systems.
	390	The initrd gets the extra modules EXTRA-MODULES.
	391	A getty is provided on TTY.
	392	The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
ceb39527 MO	393	(operating-system
	394	(inherit installation-os)
	395	(bootloader (bootloader-configuration
fccdc8c8 DM	396	(bootloader bootloader)
fccdc8c8 DM	397	(target bootloader-target)))
ceb39527	398	(kernel linux-libre)
5a9902c8 DM	399	(kernel-arguments
	400	(cons (string-append "console=" tty)
	401	(operating-system-user-kernel-arguments installation-os)))
bc499b11	402	(initrd-modules (append extra-modules %base-initrd-modules))))
ceb39527	403
fccdc8c8 DM	404	(define beaglebone-black-installation-os
	405	(embedded-installation-os u-boot-beaglebone-black-bootloader
	406	"/dev/sda"
	407	"ttyO0"
	408	#:extra-modules
	409	;; This module is required to mount the sd card.
	410	'("omap_hsmmc")))
	411
	412
0db22b32	413	(define a20-olinuxino-lime-installation-os
c55c6985 DM	414	(embedded-installation-os u-boot-a20-olinuxino-lime-bootloader
	415	"/dev/mmcblk0" ; SD card storage
	416	"ttyS0"))
	417
4b9e9abb	418	(define a20-olinuxino-lime2-emmc-installation-os
fccdc8c8 DM	419	(embedded-installation-os u-boot-a20-olinuxino-lime2-bootloader
	420	"/dev/mmcblk1" ; eMMC storage
	421	"ttyS0"))
a7bb327e DM	422
a7bb327e DM	423	(define a20-olinuxino-micro-installation-os
fccdc8c8 DM	424	(embedded-installation-os u-boot-a20-olinuxino-micro-bootloader
	425	"/dev/mmcblk0" ; SD card storage
	426	"ttyS0"))
4b9e9abb	427
30aeb846	428	(define banana-pi-m2-ultra-installation-os
fccdc8c8 DM	429	(embedded-installation-os u-boot-banana-pi-m2-ultra-bootloader
	430	"/dev/mmcblk1" ; eMMC storage
	431	"ttyS0"))
30aeb846	432
07ca9045 VC	433	(define mx6cuboxi-installation-os
	434	(embedded-installation-os u-boot-mx6cuboxi-bootloader
	435	"/dev/mmcblk0" ; SD card storage
	436	"ttymxc0"))
	437
84ee3378 DM	438	(define nintendo-nes-classic-edition-installation-os
	439	(embedded-installation-os u-boot-nintendo-nes-classic-edition-bootloader
	440	"/dev/mmcblk0" ; SD card (solder it yourself)
	441	"ttyS0"))
	442
ceb39527	443	;; Return the default os here so 'guix system' can consume it directly.
fc91c17a LC	444	installation-os
	445
	446	;;; install.scm ends here