Commit | Line | Data |
---|---|---|
fc91c17a | 1 | ;;; GNU Guix --- Functional package management for GNU |
bc499b11 | 2 | ;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org> |
b2a5fa59 | 3 | ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> |
f0fbf2c1 | 4 | ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr> |
c80cd4df | 5 | ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> |
fdfdecdb | 6 | ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> |
fc91c17a LC |
7 | ;;; |
8 | ;;; This file is part of GNU Guix. | |
9 | ;;; | |
10 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
11 | ;;; under the terms of the GNU General Public License as published by | |
12 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
13 | ;;; your option) any later version. | |
14 | ;;; | |
15 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
16 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;;; GNU General Public License for more details. | |
19 | ;;; | |
20 | ;;; You should have received a copy of the GNU General Public License | |
21 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
22 | ||
23 | (define-module (gnu system install) | |
24 | #:use-module (gnu) | |
ceb39527 | 25 | #:use-module (gnu bootloader u-boot) |
fc91c17a | 26 | #:use-module (guix gexp) |
e87f0591 | 27 | #:use-module (guix store) |
fc91c17a | 28 | #:use-module (guix monads) |
83a17b62 | 29 | #:use-module ((guix store) #:select (%store-prefix)) |
0190c1c0 | 30 | #:use-module (gnu services shepherd) |
c80cd4df | 31 | #:use-module (gnu services ssh) |
db84467a | 32 | #:use-module (gnu packages admin) |
f4bdfe73 | 33 | #:use-module (gnu packages bash) |
862e38d5 | 34 | #:use-module (gnu packages bootloaders) |
af4a761e | 35 | #:use-module (gnu packages guile) |
fc91c17a | 36 | #:use-module (gnu packages linux) |
1e8d398a | 37 | #:use-module (gnu packages ssh) |
b419c7f5 | 38 | #:use-module (gnu packages cryptsetup) |
fc91c17a | 39 | #:use-module (gnu packages package-management) |
cc4a2aeb | 40 | #:use-module (gnu packages disk) |
fc91c17a | 41 | #:use-module (gnu packages texinfo) |
dd6b28d1 | 42 | #:use-module (gnu packages compression) |
a8cb87ab | 43 | #:use-module (gnu packages nvi) |
e1fbc32a LC |
44 | #:use-module (ice-9 match) |
45 | #:use-module (srfi srfi-26) | |
ceb39527 | 46 | #:export (installation-os |
c55c6985 | 47 | a20-olinuxino-lime-installation-os |
4b9e9abb | 48 | a20-olinuxino-lime2-emmc-installation-os |
a7bb327e | 49 | a20-olinuxino-micro-installation-os |
30aeb846 | 50 | banana-pi-m2-ultra-installation-os |
84ee3378 | 51 | beaglebone-black-installation-os |
07ca9045 | 52 | mx6cuboxi-installation-os |
84ee3378 | 53 | nintendo-nes-classic-edition-installation-os)) |
fc91c17a LC |
54 | |
55 | ;;; Commentary: | |
56 | ;;; | |
57 | ;;; This module provides an 'operating-system' definition for use on images | |
58 | ;;; for USB sticks etc., for the installation of the GNU system. | |
59 | ;;; | |
60 | ;;; Code: | |
61 | ||
9d3fb6c7 | 62 | \f |
fc91c17a LC |
63 | (define (log-to-info) |
64 | "Return a script that spawns the Info reader on the right section of the | |
65 | manual." | |
ce8a6dfc | 66 | (program-file "log-to-info" |
dd6b28d1 LC |
67 | #~(begin |
68 | ;; 'gunzip' is needed to decompress the doc. | |
69 | (setenv "PATH" (string-append #$gzip "/bin")) | |
70 | ||
68abb9b0 | 71 | (execl (string-append #$info-reader "/bin/info") "info" |
dd6b28d1 LC |
72 | "-d" "/run/current-system/profile/share/info" |
73 | "-f" (string-append #$guix "/share/info/guix.info") | |
74 | "-n" "System Installation")))) | |
fc91c17a | 75 | |
83a17b62 LC |
76 | (define %backing-directory |
77 | ;; Sub-directory used as the backing store for copy-on-write. | |
78 | "/tmp/guix-inst") | |
79 | ||
80 | (define (make-cow-store target) | |
81 | "Return a gexp that makes the store copy-on-write, using TARGET as the | |
82 | backing store. This is useful when TARGET is on a hard disk, whereas the | |
83 | current store is on a RAM disk." | |
83a17b62 LC |
84 | |
85 | (define (set-store-permissions directory) | |
86 | ;; Set the right perms on DIRECTORY to use it as the store. | |
87 | #~(begin | |
88 | (chown #$directory 0 30000) ;use the fixed 'guixbuild' GID | |
89 | (chmod #$directory #o1775))) | |
90 | ||
91 | #~(begin | |
0adabad7 LC |
92 | ;; Bind-mount TARGET's /tmp in case we need space to build things. |
93 | (let ((tmpdir (string-append #$target "/tmp"))) | |
94 | (mkdir-p tmpdir) | |
95 | (mount tmpdir "/tmp" "none" MS_BIND)) | |
96 | ||
d9565f7d HG |
97 | (let* ((rw-dir (string-append target #$%backing-directory)) |
98 | (work-dir (string-append rw-dir "/../.overlayfs-workdir"))) | |
83a17b62 | 99 | (mkdir-p rw-dir) |
d9565f7d | 100 | (mkdir-p work-dir) |
83a17b62 LC |
101 | (mkdir-p "/.rw-store") |
102 | #$(set-store-permissions #~rw-dir) | |
103 | #$(set-store-permissions "/.rw-store") | |
104 | ||
d9565f7d HG |
105 | ;; Mount the overlay, then atomically make it the store. |
106 | (mount "none" "/.rw-store" "overlay" 0 | |
107 | (string-append "lowerdir=" #$(%store-prefix) "," | |
108 | "upperdir=" rw-dir "," | |
109 | "workdir=" work-dir)) | |
110 | (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE) | |
111 | (rmdir "/.rw-store")))) | |
83a17b62 | 112 | |
0adfe95a | 113 | (define cow-store-service-type |
d4053c71 | 114 | (shepherd-service-type |
00184239 | 115 | 'cow-store |
0adfe95a | 116 | (lambda _ |
d4053c71 | 117 | (shepherd-service |
0adfe95a LC |
118 | (requirement '(root-file-system user-processes)) |
119 | (provision '(cow-store)) | |
120 | (documentation | |
121 | "Make the store copy-on-write, with writes going to \ | |
122 | the given target.") | |
123 | ||
124 | ;; This is meant to be explicitly started by the user. | |
125 | (auto-start? #f) | |
126 | ||
127 | (start #~(case-lambda | |
128 | ((target) | |
129 | #$(make-cow-store #~target) | |
130 | target) | |
131 | (else | |
132 | ;; Do nothing, and mark the service as stopped. | |
133 | #f))) | |
134 | (stop #~(lambda (target) | |
135 | ;; Delete the temporary directory, but leave everything | |
136 | ;; mounted as there may still be processes using it since | |
6c445817 | 137 | ;; 'user-processes' doesn't depend on us. The 'user-file-systems' |
0adfe95a LC |
138 | ;; service will unmount TARGET eventually. |
139 | (delete-file-recursively | |
140 | (string-append target #$%backing-directory)))))))) | |
141 | ||
83a17b62 LC |
142 | (define (cow-store-service) |
143 | "Return a service that makes the store copy-on-write, such that writes go to | |
144 | the user's target storage device rather than on the RAM disk." | |
145 | ;; See <http://bugs.gnu.org/18061> for the initial report. | |
0adfe95a LC |
146 | (service cow-store-service-type 'mooooh!)) |
147 | ||
148 | ||
149 | (define (/etc/configuration-files _) | |
150 | "Return a list of tuples representing configuration templates to add to | |
151 | /etc." | |
152 | (define (file f) | |
bae90dc7 | 153 | (local-file (string-append "examples/" f))) |
0adfe95a LC |
154 | |
155 | (define directory | |
156 | (computed-file "configuration-templates" | |
4ee96a79 LC |
157 | (with-imported-modules '((guix build utils)) |
158 | #~(begin | |
159 | (mkdir #$output) | |
160 | (for-each (lambda (file target) | |
161 | (copy-file file | |
162 | (string-append #$output "/" | |
163 | target))) | |
164 | '(#$(file "bare-bones.tmpl") | |
9f1e39d1 | 165 | #$(file "beaglebone-black.tmpl") |
4ee96a79 LC |
166 | #$(file "desktop.tmpl") |
167 | #$(file "lightweight-desktop.tmpl")) | |
168 | '("bare-bones.scm" | |
9f1e39d1 | 169 | "beaglebone-black.scm" |
4ee96a79 LC |
170 | "desktop.scm" |
171 | "lightweight-desktop.scm")) | |
172 | #t)))) | |
0adfe95a LC |
173 | |
174 | `(("configuration" ,directory))) | |
175 | ||
176 | (define configuration-template-service-type | |
177 | (service-type (name 'configuration-template) | |
178 | (extensions | |
179 | (list (service-extension etc-service-type | |
180 | /etc/configuration-files))))) | |
181 | ||
182 | (define %configuration-template-service | |
183 | (service configuration-template-service-type #t)) | |
be1c2c54 | 184 | |
1dac8566 | 185 | |
61ff0a3a LC |
186 | (define %nscd-minimal-caches |
187 | ;; Minimal in-memory caching policy for nscd. | |
188 | (list (nscd-cache (database 'hosts) | |
189 | (positive-time-to-live (* 3600 12)) | |
c96ba2cf LC |
190 | |
191 | ;; Do not cache lookup failures at all since they are | |
192 | ;; quite likely (for instance when someone tries to ping a | |
193 | ;; host before networking is functional.) | |
194 | (negative-time-to-live 0) | |
195 | ||
61ff0a3a LC |
196 | (persistent? #f) |
197 | (max-database-size (* 5 (expt 2 20)))))) ;5 MiB | |
198 | ||
58b21e1e LC |
199 | (define %installation-services |
200 | ;; List of services of the installation system. | |
ce8a6dfc | 201 | (let ((motd (plain-file "motd" " |
8638362f | 202 | \x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m |
fc91c17a | 203 | |
8638362f | 204 | \x1b[2mThere is NO WARRANTY, to the extent permitted by law. In particular, you may |
fc91c17a | 205 | LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore, |
c82c060d | 206 | it is 'beta' software, so it may contain bugs. |
fc91c17a | 207 | |
8638362f | 208 | You have been warned. Thanks for being so brave.\x1b[0m |
fc91c17a LC |
209 | "))) |
210 | (define (normal-tty tty) | |
66e4f01c | 211 | (mingetty-service (mingetty-configuration (tty tty) |
66e4f01c LC |
212 | (auto-login "root") |
213 | (login-pause? #t)))) | |
fc91c17a | 214 | |
4e854b18 LC |
215 | (define bare-bones-os |
216 | (load "examples/bare-bones.tmpl")) | |
217 | ||
bb3062ad LC |
218 | (list (service virtual-terminal-service-type) |
219 | ||
220 | (mingetty-service (mingetty-configuration | |
66e4f01c | 221 | (tty "tty1") |
66e4f01c | 222 | (auto-login "root"))) |
fc91c17a | 223 | |
2932ab9c DC |
224 | (login-service (login-configuration |
225 | (motd motd))) | |
226 | ||
62ca0fdf LC |
227 | ;; Documentation. The manual is in UTF-8, but |
228 | ;; 'console-font-service' sets up Unicode support and loads a font | |
229 | ;; with all the useful glyphs like em dash and quotation marks. | |
66e4f01c LC |
230 | (mingetty-service (mingetty-configuration |
231 | (tty "tty2") | |
66e4f01c LC |
232 | (auto-login "guest") |
233 | (login-program (log-to-info)))) | |
fc91c17a | 234 | |
1dac8566 | 235 | ;; Documentation add-on. |
0adfe95a | 236 | %configuration-template-service |
1dac8566 | 237 | |
fc91c17a LC |
238 | ;; A bunch of 'root' ttys. |
239 | (normal-tty "tty3") | |
240 | (normal-tty "tty4") | |
241 | (normal-tty "tty5") | |
242 | (normal-tty "tty6") | |
243 | ||
244 | ;; The usual services. | |
245 | (syslog-service) | |
2c5c696c LC |
246 | |
247 | ;; The build daemon. Register the hydra.gnu.org key as trusted. | |
248 | ;; This allows the installation process to use substitutes by | |
249 | ;; default. | |
0adfe95a | 250 | (guix-service (guix-configuration (authorize-key? #t))) |
2c5c696c | 251 | |
e11390df | 252 | ;; Start udev so that useful device nodes are available. |
68ac258b LC |
253 | ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for |
254 | ;; regulations-compliant WiFi access. | |
255 | (udev-service #:rules (list lvm2 crda)) | |
e11390df | 256 | |
83a17b62 LC |
257 | ;; Add the 'cow-store' service, which users have to start manually |
258 | ;; since it takes the installation directory as an argument. | |
259 | (cow-store-service) | |
260 | ||
8638362f LC |
261 | ;; Install Unicode support and a suitable font. Use a font that |
262 | ;; doesn't have more than 256 glyphs so that we can use colors with | |
263 | ;; varying brightness levels (see note in setfont(8)). | |
4a84a487 LC |
264 | (service console-font-service-type |
265 | (map (lambda (tty) | |
8638362f | 266 | (cons tty "lat9u-16")) |
4a84a487 | 267 | '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6"))) |
62ca0fdf | 268 | |
ae7ffa9e LC |
269 | ;; To facilitate copy/paste. |
270 | (gpm-service) | |
271 | ||
c80cd4df MB |
272 | ;; Add an SSH server to facilitate remote installs. |
273 | (service openssh-service-type | |
274 | (openssh-configuration | |
275 | (port-number 22) | |
276 | (permit-root-login #t) | |
277 | ;; The root account is passwordless, so make sure | |
278 | ;; a password is set before allowing logins. | |
279 | (allow-empty-passwords? #f) | |
aab322d9 LC |
280 | (password-authentication? #t) |
281 | ||
282 | ;; Don't start it upfront. | |
283 | (%auto-start? #f))) | |
c80cd4df | 284 | |
d9565f7d | 285 | ;; Since this is running on a USB stick with a overlayfs as the root |
61ff0a3a LC |
286 | ;; file system, use an appropriate cache configuration. |
287 | (nscd-service (nscd-configuration | |
50cb948f LC |
288 | (caches %nscd-minimal-caches))) |
289 | ||
290 | ;; Having /bin/sh is a good idea. In particular it allows Tramp | |
291 | ;; connections to this system to work. | |
292 | (service special-files-service-type | |
293 | `(("/bin/sh" ,(file-append (canonical-package bash) | |
4e854b18 LC |
294 | "/bin/sh")))) |
295 | ||
296 | ;; Keep a reference to BARE-BONES-OS to make sure it can be | |
af4a761e LC |
297 | ;; installed without downloading/building anything. Also keep the |
298 | ;; things needed by 'profile-derivation' to minimize the amount of | |
299 | ;; download. | |
300 | (service gc-root-service-type | |
301 | (list bare-bones-os | |
302 | glibc-utf8-locales | |
303 | texinfo | |
304 | (canonical-package guile-2.2)))))) | |
fc91c17a LC |
305 | |
306 | (define %issue | |
307 | ;; Greeting. | |
308 | " | |
8638362f | 309 | \x1b[1;37mThis is an installation image of the GNU system. Welcome.\x1b[0m |
fc91c17a | 310 | |
8638362f | 311 | \x1b[1;33mUse Alt-F2 for documentation.\x1b[0m |
fc91c17a LC |
312 | ") |
313 | ||
314 | (define installation-os | |
315 | ;; The operating system used on installation images for USB sticks etc. | |
316 | (operating-system | |
317 | (host-name "gnu") | |
318 | (timezone "Europe/Paris") | |
9cd0dfaa | 319 | (locale "en_US.utf8") |
fdfdecdb TGR |
320 | (bootloader (bootloader-configuration |
321 | (bootloader grub-bootloader) | |
322 | (target "/dev/sda"))) | |
fc91c17a LC |
323 | (file-systems |
324 | ;; Note: the disk image build code overrides this root file system with | |
325 | ;; the appropriate one. | |
ee03b75d LC |
326 | (cons* (file-system |
327 | (mount-point "/") | |
0862b954 | 328 | (device "GuixSD_image") |
ee03b75d LC |
329 | (title 'label) |
330 | (type "ext4")) | |
331 | ||
d9565f7d HG |
332 | ;; Make /tmp a tmpfs instead of keeping the overlayfs. This |
333 | ;; originally was used for unionfs because FUSE creates | |
334 | ;; '.fuse_hiddenXYZ' files for each open file, and this confuses | |
335 | ;; Guix's test suite, for instance (see | |
336 | ;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be | |
795ec760 | 337 | ;; on the safe side. |
ee03b75d LC |
338 | (file-system |
339 | (mount-point "/tmp") | |
340 | (device "none") | |
341 | (title 'device) | |
342 | (type "tmpfs") | |
343 | (check? #f)) | |
344 | ||
0feefb53 LC |
345 | ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need |
346 | ;; elogind's cgroup file systems. | |
347 | (list %pseudo-terminal-file-system | |
348 | %shared-memory-file-system | |
349 | %immutable-store))) | |
fc91c17a LC |
350 | |
351 | (users (list (user-account | |
352 | (name "guest") | |
72507e23 | 353 | (group "users") |
ee03b75d | 354 | (supplementary-groups '("wheel")) ; allow use of sudo |
fc91c17a LC |
355 | (password "") |
356 | (comment "Guest of GNU") | |
357 | (home-directory "/home/guest")))) | |
fc91c17a LC |
358 | |
359 | (issue %issue) | |
58b21e1e | 360 | (services %installation-services) |
fc91c17a | 361 | |
903ae630 LC |
362 | ;; We don't need setuid programs, except for 'passwd', which can be handy |
363 | ;; if one is to allow remote SSH login to the machine being installed. | |
364 | (setuid-programs (list (file-append shadow "/bin/passwd"))) | |
fc91c17a LC |
365 | |
366 | (pam-services | |
367 | ;; Explicitly allow for empty passwords. | |
368 | (base-pam-services #:allow-empty-passwords? #t)) | |
369 | ||
a6312f1d | 370 | (packages (cons* (canonical-package glibc) ;for 'tzselect' & co. |
72524ae8 | 371 | parted gptfdisk ddrescue |
7eda0c56 | 372 | grub ;mostly so xrefs to its manual work |
b419c7f5 | 373 | cryptsetup |
f0fbf2c1 | 374 | mdadm |
f731529e | 375 | dosfstools ;mkfs.fat, for the UEFI boot partition |
3a9cfba8 | 376 | btrfs-progs |
1e8d398a | 377 | openssh ;we already have sshd, having ssh/scp can help |
1ce6f43a | 378 | wireless-tools iw wpa-supplicant-minimal iproute |
8f297d42 LC |
379 | ;; XXX: We used to have GNU fdisk here, but as of version |
380 | ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable | |
381 | ;; space; furthermore util-linux's fdisk is already | |
382 | ;; available here, so we keep that. | |
f4bdfe73 | 383 | bash-completion |
a8cb87ab | 384 | nvi ;:wq! |
6f436c54 | 385 | %base-packages)))) |
fc91c17a | 386 | |
fccdc8c8 DM |
387 | (define* (embedded-installation-os bootloader bootloader-target tty |
388 | #:key (extra-modules '())) | |
389 | "Return an installation os for embedded systems. | |
390 | The initrd gets the extra modules EXTRA-MODULES. | |
391 | A getty is provided on TTY. | |
392 | The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET." | |
ceb39527 MO |
393 | (operating-system |
394 | (inherit installation-os) | |
395 | (bootloader (bootloader-configuration | |
fccdc8c8 DM |
396 | (bootloader bootloader) |
397 | (target bootloader-target))) | |
ceb39527 | 398 | (kernel linux-libre) |
5a9902c8 DM |
399 | (kernel-arguments |
400 | (cons (string-append "console=" tty) | |
401 | (operating-system-user-kernel-arguments installation-os))) | |
bc499b11 | 402 | (initrd-modules (append extra-modules %base-initrd-modules)))) |
ceb39527 | 403 | |
fccdc8c8 DM |
404 | (define beaglebone-black-installation-os |
405 | (embedded-installation-os u-boot-beaglebone-black-bootloader | |
406 | "/dev/sda" | |
407 | "ttyO0" | |
408 | #:extra-modules | |
409 | ;; This module is required to mount the sd card. | |
410 | '("omap_hsmmc"))) | |
411 | ||
412 | ||
0db22b32 | 413 | (define a20-olinuxino-lime-installation-os |
c55c6985 DM |
414 | (embedded-installation-os u-boot-a20-olinuxino-lime-bootloader |
415 | "/dev/mmcblk0" ; SD card storage | |
416 | "ttyS0")) | |
417 | ||
4b9e9abb | 418 | (define a20-olinuxino-lime2-emmc-installation-os |
fccdc8c8 DM |
419 | (embedded-installation-os u-boot-a20-olinuxino-lime2-bootloader |
420 | "/dev/mmcblk1" ; eMMC storage | |
421 | "ttyS0")) | |
a7bb327e DM |
422 | |
423 | (define a20-olinuxino-micro-installation-os | |
fccdc8c8 DM |
424 | (embedded-installation-os u-boot-a20-olinuxino-micro-bootloader |
425 | "/dev/mmcblk0" ; SD card storage | |
426 | "ttyS0")) | |
4b9e9abb | 427 | |
30aeb846 | 428 | (define banana-pi-m2-ultra-installation-os |
fccdc8c8 DM |
429 | (embedded-installation-os u-boot-banana-pi-m2-ultra-bootloader |
430 | "/dev/mmcblk1" ; eMMC storage | |
431 | "ttyS0")) | |
30aeb846 | 432 | |
07ca9045 VC |
433 | (define mx6cuboxi-installation-os |
434 | (embedded-installation-os u-boot-mx6cuboxi-bootloader | |
435 | "/dev/mmcblk0" ; SD card storage | |
436 | "ttymxc0")) | |
437 | ||
84ee3378 DM |
438 | (define nintendo-nes-classic-edition-installation-os |
439 | (embedded-installation-os u-boot-nintendo-nes-classic-edition-bootloader | |
440 | "/dev/mmcblk0" ; SD card (solder it yourself) | |
441 | "ttyS0")) | |
442 | ||
ceb39527 | 443 | ;; Return the default os here so 'guix system' can consume it directly. |
fc91c17a LC |
444 | installation-os |
445 | ||
446 | ;;; install.scm ends here |