[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (gnu system)
  #:use-module (gnu bootloader u-boot)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (gnu installer)
  #:use-module (gnu services dbus)
  #:use-module (gnu services networking)
  #:use-module (gnu services shepherd)
  #:use-module (gnu services ssh)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages certs)
  #:use-module (gnu packages fonts)
  #:use-module (gnu packages fontutils)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages nvi)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (installation-os
            a20-olinuxino-lime-installation-os
            a20-olinuxino-lime2-emmc-installation-os
            a20-olinuxino-micro-installation-os
            bananapi-m2-ultra-installation-os
            beaglebone-black-installation-os
            mx6cuboxi-installation-os
            nintendo-nes-classic-edition-installation-os
            novena-installation-os
            pine64-plus-installation-os
            pinebook-installation-os
            rk3399-puma-installation-os
            wandboard-installation-os
            os-with-u-boot))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (program-file "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$info-reader "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      ;; Bind-mount TARGET's /tmp in case we need space to build things.
      (let ((tmpdir (string-append #$target "/tmp")))
        (mkdir-p tmpdir)
        (mount tmpdir "/tmp" "none" MS_BIND))

      (let* ((rw-dir (string-append target #$%backing-directory))
             (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
        (mkdir-p rw-dir)
        (mkdir-p work-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the overlay, then atomically make it the store.
        (mount "none" "/.rw-store" "overlay" 0
               (string-append "lowerdir=" #$(%store-prefix) ","
                              "upperdir=" rw-dir ","
                              "workdir=" work-dir))
        (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
        (rmdir "/.rw-store"))))

(define cow-store-service-type
  (shepherd-service-type
   'cow-store
   (lambda _
     (shepherd-service
      (requirement '(root-file-system user-processes))
      (provision '(cow-store))
      (documentation
       "Make the store copy-on-write, with writes going to \
the given target.")

      ;; This is meant to be explicitly started by the user.
      (auto-start? #f)

      (start #~(case-lambda
                 ((target)
                  #$(make-cow-store #~target)
                  target)
                 (else
                  ;; Do nothing, and mark the service as stopped.
                  #f)))
      (stop #~(lambda (target)
                ;; Delete the temporary directory, but leave everything
                ;; mounted as there may still be processes using it since
                ;; 'user-processes' doesn't depend on us.  The 'user-file-systems'
                ;; service will unmount TARGET eventually.
                (delete-file-recursively
                 (string-append target #$%backing-directory))))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (service cow-store-service-type 'mooooh!))


(define (/etc/configuration-files _)
  "Return a list of tuples representing configuration templates to add to
/etc."
  (define (file f)
    (local-file (string-append "examples/" f)))

  (define directory
    (computed-file "configuration-templates"
                   (with-imported-modules '((guix build utils))
                     #~(begin
                         (mkdir #$output)
                         (for-each (lambda (file target)
                                     (copy-file file
                                                (string-append #$output "/"
                                                               target)))
                                   '(#$(file "bare-bones.tmpl")
                                     #$(file "beaglebone-black.tmpl")
                                     #$(file "desktop.tmpl")
                                     #$(file "lightweight-desktop.tmpl"))
                                   '("bare-bones.scm"
                                     "beaglebone-black.scm"
                                     "desktop.scm"
                                     "lightweight-desktop.scm"))
                         #t))))

  `(("configuration" ,directory)))

(define configuration-template-service-type
  (service-type (name 'configuration-template)
                (extensions
                 (list (service-extension etc-service-type
                                          /etc/configuration-files)))))

(define %configuration-template-service
  (service configuration-template-service-type #t))


(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))

                    ;; Do not cache lookup failures at all since they are
                    ;; quite likely (for instance when someone tries to ping a
                    ;; host before networking is functional.)
                    (negative-time-to-live 0)

                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define %installation-services
  ;; List of services of the installation system.
  (let ((motd (plain-file "motd" "
\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m

\x1b[2mThere is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is 'beta' software, so it may contain bugs.

You have been warned.  Thanks for being so brave.\x1b[0m
")))
    (define (normal-tty tty)
      (mingetty-service (mingetty-configuration (tty tty)
                                                (auto-login "root")
                                                (login-pause? #t))))

    (define bare-bones-os
      (load "examples/bare-bones.tmpl"))

    (list (service virtual-terminal-service-type)

          (service kmscon-service-type
                   (kmscon-configuration
                    (virtual-terminal "tty1")
                    (login-program (installer-program))))

          (login-service (login-configuration
                          (motd motd)))

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service (mingetty-configuration
                             (tty "tty2")
                             (auto-login "guest")
                             (login-program (log-to-info))))

          ;; Documentation add-on.
          %configuration-template-service

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (service guix-service-type
                   (guix-configuration (authorize-key? #t)))

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.  Use a font that
          ;; doesn't have more than 256 glyphs so that we can use colors with
          ;; varying brightness levels (see note in setfont(8)).
          (service console-font-service-type
                   (map (lambda (tty)
                          (cons tty "lat9u-16"))
                        '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))

          ;; To facilitate copy/paste.
          (service gpm-service-type)

          ;; Add an SSH server to facilitate remote installs.
          (service openssh-service-type
                   (openssh-configuration
                    (port-number 22)
                    (permit-root-login #t)
                    ;; The root account is passwordless, so make sure
                    ;; a password is set before allowing logins.
                    (allow-empty-passwords? #f)
                    (password-authentication? #t)

                    ;; Don't start it upfront.
                    (%auto-start? #f)))

          ;; Since this is running on a USB stick with a overlayfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches)))

          ;; Having /bin/sh is a good idea.  In particular it allows Tramp
          ;; connections to this system to work.
          (service special-files-service-type
                   `(("/bin/sh" ,(file-append (canonical-package bash)
                                              "/bin/sh"))))

          ;; Loopback device, needed by OpenSSH notably.
          (service static-networking-service-type
                   (list (static-networking (interface "lo")
                                            (ip "127.0.0.1")
                                            (requirement '())
                                            (provision '(loopback)))))

          (service wpa-supplicant-service-type)
          (dbus-service)
          (service connman-service-type
                   (connman-configuration
                    (disable-vpn? #t)))

          ;; Keep a reference to BARE-BONES-OS to make sure it can be
          ;; installed without downloading/building anything.  Also keep the
          ;; things needed by 'profile-derivation' to minimize the amount of
          ;; download.
          (service gc-root-service-type
                   (list bare-bones-os
                         glibc-utf8-locales
                         texinfo
                         (canonical-package guile-2.2))))))

(define %issue
  ;; Greeting.
  "
\x1b[1;37mThis is an installation image of the GNU system.  Welcome.\x1b[0m

\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (bootloader-configuration
                 (bootloader grub-bootloader)
                 (target "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons* (file-system
              (mount-point "/")
              (device (file-system-label "GuixSD_image"))
              (type "ext4"))

            ;; Make /tmp a tmpfs instead of keeping the overlayfs.  This
            ;; originally was used for unionfs because FUSE creates
            ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
            ;; Guix's test suite, for instance (see
            ;; <http://bugs.gnu.org/23056>).  We keep this for overlayfs to be
            ;; on the safe side.
            (file-system
              (mount-point "/tmp")
              (device "none")
              (type "tmpfs")
              (check? #f))

            ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
            ;; elogind's cgroup file systems.
            (list %pseudo-terminal-file-system
                  %shared-memory-file-system
                  %immutable-store)))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel")) ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)
    (services %installation-services)

    ;; We don't need setuid programs, except for 'passwd', which can be handy
    ;; if one is to allow remote SSH login to the machine being installed.
    (setuid-programs (list (file-append shadow "/bin/passwd")))

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
                     parted gptfdisk ddrescue
                     fontconfig
                     font-dejavu font-gnu-unifont
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     mdadm
                     dosfstools         ;mkfs.fat, for the UEFI boot partition
                     btrfs-progs
                     openssh    ;we already have sshd, having ssh/scp can help
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     nvi                          ;:wq!
                     nss-certs ; To access HTTPS, use git, etc.
                     %base-packages))))

(define* (os-with-u-boot os board #:key (bootloader-target "/dev/mmcblk0")
                         (triplet "arm-linux-gnueabihf"))
  "Given OS, amend it with the u-boot bootloader for BOARD,
installed to BOOTLOADER-TARGET (a drive), compiled for TRIPLET.

If you want a serial console, make sure to specify one in your
operating-system's kernel-arguments (\"console=ttyS0\" or similar)."
  (operating-system (inherit os)
    (bootloader (bootloader-configuration
                 (bootloader (bootloader (inherit u-boot-bootloader)
                              (package (make-u-boot-package board triplet))))
                 (target bootloader-target)))))

(define* (embedded-installation-os bootloader bootloader-target tty
                                   #:key (extra-modules '()))
  "Return an installation os for embedded systems.
The initrd gets the extra modules EXTRA-MODULES.
A getty is provided on TTY.
The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
  (operating-system
    (inherit installation-os)
    (bootloader (bootloader-configuration
                 (bootloader bootloader)
                 (target bootloader-target)))
    (kernel linux-libre)
    (kernel-arguments
     (cons (string-append "console=" tty)
           (operating-system-user-kernel-arguments installation-os)))
    (initrd-modules (append extra-modules %base-initrd-modules))))

(define beaglebone-black-installation-os
  (embedded-installation-os u-boot-beaglebone-black-bootloader
                            "/dev/sda"
                            "ttyO0"
                            #:extra-modules
                            ;; This module is required to mount the sd card.
                            '("omap_hsmmc")))


(define a20-olinuxino-lime-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-lime-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define a20-olinuxino-lime2-emmc-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-lime2-bootloader
                            "/dev/mmcblk1" ; eMMC storage
                            "ttyS0"))

(define a20-olinuxino-micro-installation-os
  (embedded-installation-os u-boot-a20-olinuxino-micro-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define bananapi-m2-ultra-installation-os
  (embedded-installation-os u-boot-bananapi-m2-ultra-bootloader
                            "/dev/mmcblk1" ; eMMC storage
                            "ttyS0"))

(define mx6cuboxi-installation-os
  (embedded-installation-os u-boot-mx6cuboxi-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttymxc0"))

(define novena-installation-os
  (embedded-installation-os u-boot-novena-bootloader
                            "/dev/mmcblk1" ; SD card storage
                            "ttymxc1"))

(define nintendo-nes-classic-edition-installation-os
  (embedded-installation-os u-boot-nintendo-nes-classic-edition-bootloader
                            "/dev/mmcblk0" ; SD card (solder it yourself)
                            "ttyS0"))

(define pine64-plus-installation-os
  (embedded-installation-os u-boot-pine64-plus-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define pinebook-installation-os
  (embedded-installation-os u-boot-pinebook-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define rk3399-puma-installation-os
  (embedded-installation-os u-boot-puma-rk3399-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttyS0"))

(define wandboard-installation-os
  (embedded-installation-os u-boot-wandboard-bootloader
                            "/dev/mmcblk0" ; SD card storage
                            "ttymxc0"))

;; Return the default os here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
5c215c9e	2	;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
f0fbf2c1	4	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
c80cd4df	5	;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
fdfdecdb	6	;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
fc91c17a LC	7	;;;
	8	;;; This file is part of GNU Guix.
	9	;;;
	10	;;; GNU Guix is free software; you can redistribute it and/or modify it
	11	;;; under the terms of the GNU General Public License as published by
	12	;;; the Free Software Foundation; either version 3 of the License, or (at
	13	;;; your option) any later version.
	14	;;;
	15	;;; GNU Guix is distributed in the hope that it will be useful, but
	16	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	17	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	;;; GNU General Public License for more details.
	19	;;;
	20	;;; You should have received a copy of the GNU General Public License
	21	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	22
	23	(define-module (gnu system install)
	24	#:use-module (gnu)
d0f3a672	25	#:use-module (gnu system)
ceb39527	26	#:use-module (gnu bootloader u-boot)
fc91c17a	27	#:use-module (guix gexp)
e87f0591	28	#:use-module (guix store)
fc91c17a	29	#:use-module (guix monads)
83a17b62	30	#:use-module ((guix store) #:select (%store-prefix))
a49d633c	31	#:use-module (gnu installer)
d0f3a672 MO	32	#:use-module (gnu services dbus)
d0f3a672 MO	33	#:use-module (gnu services networking)
0190c1c0	34	#:use-module (gnu services shepherd)
c80cd4df	35	#:use-module (gnu services ssh)
db84467a	36	#:use-module (gnu packages admin)
f4bdfe73	37	#:use-module (gnu packages bash)
862e38d5	38	#:use-module (gnu packages bootloaders)
9ce09a76	39	#:use-module (gnu packages certs)
d0f3a672 MO	40	#:use-module (gnu packages fonts)
d0f3a672 MO	41	#:use-module (gnu packages fontutils)
af4a761e	42	#:use-module (gnu packages guile)
fc91c17a	43	#:use-module (gnu packages linux)
1e8d398a	44	#:use-module (gnu packages ssh)
b419c7f5	45	#:use-module (gnu packages cryptsetup)
fc91c17a	46	#:use-module (gnu packages package-management)
cc4a2aeb	47	#:use-module (gnu packages disk)
fc91c17a	48	#:use-module (gnu packages texinfo)
dd6b28d1	49	#:use-module (gnu packages compression)
a8cb87ab	50	#:use-module (gnu packages nvi)
e1fbc32a LC	51	#:use-module (ice-9 match)
e1fbc32a LC	52	#:use-module (srfi srfi-26)
ceb39527	53	#:export (installation-os
c55c6985	54	a20-olinuxino-lime-installation-os
4b9e9abb	55	a20-olinuxino-lime2-emmc-installation-os
a7bb327e	56	a20-olinuxino-micro-installation-os
e830c9d0	57	bananapi-m2-ultra-installation-os
84ee3378	58	beaglebone-black-installation-os
07ca9045	59	mx6cuboxi-installation-os
fd5536e3	60	nintendo-nes-classic-edition-installation-os
1b960787	61	novena-installation-os
9f7d6665	62	pine64-plus-installation-os
74e35e8c	63	pinebook-installation-os
6fe16577	64	rk3399-puma-installation-os
4ce4fc50 DM	65	wandboard-installation-os
4ce4fc50 DM	66	os-with-u-boot))
fc91c17a LC	67
	68	;;; Commentary:
	69	;;;
	70	;;; This module provides an 'operating-system' definition for use on images
	71	;;; for USB sticks etc., for the installation of the GNU system.
	72	;;;
	73	;;; Code:
	74
9d3fb6c7	75	\f
fc91c17a LC	76	(define (log-to-info)
	77	"Return a script that spawns the Info reader on the right section of the
	78	manual."
ce8a6dfc	79	(program-file "log-to-info"
dd6b28d1 LC	80	#~(begin
	81	;; 'gunzip' is needed to decompress the doc.
	82	(setenv "PATH" (string-append #$gzip "/bin"))
	83
68abb9b0	84	(execl (string-append #$info-reader "/bin/info") "info"
dd6b28d1 LC	85	"-d" "/run/current-system/profile/share/info"
	86	"-f" (string-append #$guix "/share/info/guix.info")
	87	"-n" "System Installation"))))
fc91c17a	88
83a17b62 LC	89	(define %backing-directory
	90	;; Sub-directory used as the backing store for copy-on-write.
	91	"/tmp/guix-inst")
	92
	93	(define (make-cow-store target)
	94	"Return a gexp that makes the store copy-on-write, using TARGET as the
	95	backing store. This is useful when TARGET is on a hard disk, whereas the
	96	current store is on a RAM disk."
83a17b62 LC	97
	98	(define (set-store-permissions directory)
	99	;; Set the right perms on DIRECTORY to use it as the store.
	100	#~(begin
	101	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	102	(chmod #$directory #o1775)))
	103
	104	#~(begin
0adabad7 LC	105	;; Bind-mount TARGET's /tmp in case we need space to build things.
	106	(let ((tmpdir (string-append #$target "/tmp")))
	107	(mkdir-p tmpdir)
	108	(mount tmpdir "/tmp" "none" MS_BIND))
	109
d9565f7d HG	110	(let* ((rw-dir (string-append target #$%backing-directory))
d9565f7d HG	111	(work-dir (string-append rw-dir "/../.overlayfs-workdir")))
83a17b62	112	(mkdir-p rw-dir)
d9565f7d	113	(mkdir-p work-dir)
83a17b62 LC	114	(mkdir-p "/.rw-store")
	115	#$(set-store-permissions #~rw-dir)
	116	#$(set-store-permissions "/.rw-store")
	117
d9565f7d HG	118	;; Mount the overlay, then atomically make it the store.
	119	(mount "none" "/.rw-store" "overlay" 0
	120	(string-append "lowerdir=" #$(%store-prefix) ","
	121	"upperdir=" rw-dir ","
	122	"workdir=" work-dir))
	123	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	124	(rmdir "/.rw-store"))))
83a17b62	125
0adfe95a	126	(define cow-store-service-type
d4053c71	127	(shepherd-service-type
00184239	128	'cow-store
0adfe95a	129	(lambda _
d4053c71	130	(shepherd-service
0adfe95a LC	131	(requirement '(root-file-system user-processes))
	132	(provision '(cow-store))
	133	(documentation
	134	"Make the store copy-on-write, with writes going to \
	135	the given target.")
	136
	137	;; This is meant to be explicitly started by the user.
	138	(auto-start? #f)
	139
	140	(start #~(case-lambda
	141	((target)
	142	#$(make-cow-store #~target)
	143	target)
	144	(else
	145	;; Do nothing, and mark the service as stopped.
	146	#f)))
	147	(stop #~(lambda (target)
	148	;; Delete the temporary directory, but leave everything
	149	;; mounted as there may still be processes using it since
6c445817	150	;; 'user-processes' doesn't depend on us. The 'user-file-systems'
0adfe95a LC	151	;; service will unmount TARGET eventually.
	152	(delete-file-recursively
	153	(string-append target #$%backing-directory))))))))
	154
83a17b62 LC	155	(define (cow-store-service)
	156	"Return a service that makes the store copy-on-write, such that writes go to
	157	the user's target storage device rather than on the RAM disk."
	158	;; See <http://bugs.gnu.org/18061> for the initial report.
0adfe95a LC	159	(service cow-store-service-type 'mooooh!))
	160
	161
	162	(define (/etc/configuration-files _)
	163	"Return a list of tuples representing configuration templates to add to
	164	/etc."
	165	(define (file f)
bae90dc7	166	(local-file (string-append "examples/" f)))
0adfe95a LC	167
	168	(define directory
	169	(computed-file "configuration-templates"
4ee96a79 LC	170	(with-imported-modules '((guix build utils))
	171	#~(begin
	172	(mkdir #$output)
	173	(for-each (lambda (file target)
	174	(copy-file file
	175	(string-append #$output "/"
	176	target)))
	177	'(#$(file "bare-bones.tmpl")
9f1e39d1	178	#$(file "beaglebone-black.tmpl")
4ee96a79 LC	179	#$(file "desktop.tmpl")
	180	#$(file "lightweight-desktop.tmpl"))
	181	'("bare-bones.scm"
9f1e39d1	182	"beaglebone-black.scm"
4ee96a79 LC	183	"desktop.scm"
	184	"lightweight-desktop.scm"))
	185	#t))))
0adfe95a LC	186
	187	`(("configuration" ,directory)))
	188
	189	(define configuration-template-service-type
	190	(service-type (name 'configuration-template)
	191	(extensions
	192	(list (service-extension etc-service-type
	193	/etc/configuration-files)))))
	194
	195	(define %configuration-template-service
	196	(service configuration-template-service-type #t))
be1c2c54	197
1dac8566	198
61ff0a3a LC	199	(define %nscd-minimal-caches
	200	;; Minimal in-memory caching policy for nscd.
	201	(list (nscd-cache (database 'hosts)
	202	(positive-time-to-live (* 3600 12))
c96ba2cf LC	203
	204	;; Do not cache lookup failures at all since they are
	205	;; quite likely (for instance when someone tries to ping a
	206	;; host before networking is functional.)
	207	(negative-time-to-live 0)
	208
61ff0a3a LC	209	(persistent? #f)
	210	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	211
58b21e1e LC	212	(define %installation-services
58b21e1e LC	213	;; List of services of the installation system.
a7961746 MO	214	(let ((motd (plain-file "motd" "
	215	\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m
	216
	217	\x1b[2mThere is NO WARRANTY, to the extent permitted by law. In particular, you may
	218	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
	219	it is 'beta' software, so it may contain bugs.
	220
	221	You have been warned. Thanks for being so brave.\x1b[0m
	222	")))
	223	(define (normal-tty tty)
	224	(mingetty-service (mingetty-configuration (tty tty)
	225	(auto-login "root")
	226	(login-pause? #t))))
	227
	228	(define bare-bones-os
	229	(load "examples/bare-bones.tmpl"))
	230
	231	(list (service virtual-terminal-service-type)
	232
	233	(service kmscon-service-type
	234	(kmscon-configuration
	235	(virtual-terminal "tty1")
a49d633c	236	(login-program (installer-program))))
a7961746 MO	237
	238	(login-service (login-configuration
	239	(motd motd)))
	240
	241	;; Documentation. The manual is in UTF-8, but
	242	;; 'console-font-service' sets up Unicode support and loads a font
	243	;; with all the useful glyphs like em dash and quotation marks.
	244	(mingetty-service (mingetty-configuration
	245	(tty "tty2")
	246	(auto-login "guest")
	247	(login-program (log-to-info))))
	248
	249	;; Documentation add-on.
	250	%configuration-template-service
	251
	252	;; A bunch of 'root' ttys.
	253	(normal-tty "tty3")
	254	(normal-tty "tty4")
	255	(normal-tty "tty5")
	256	(normal-tty "tty6")
	257
	258	;; The usual services.
	259	(syslog-service)
	260
	261	;; The build daemon. Register the hydra.gnu.org key as trusted.
	262	;; This allows the installation process to use substitutes by
	263	;; default.
	264	(service guix-service-type
	265	(guix-configuration (authorize-key? #t)))
	266
	267	;; Start udev so that useful device nodes are available.
	268	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	269	;; regulations-compliant WiFi access.
	270	(udev-service #:rules (list lvm2 crda))
	271
	272	;; Add the 'cow-store' service, which users have to start manually
	273	;; since it takes the installation directory as an argument.
	274	(cow-store-service)
	275
	276	;; Install Unicode support and a suitable font. Use a font that
	277	;; doesn't have more than 256 glyphs so that we can use colors with
	278	;; varying brightness levels (see note in setfont(8)).
	279	(service console-font-service-type
	280	(map (lambda (tty)
	281	(cons tty "lat9u-16"))
	282	'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
	283
	284	;; To facilitate copy/paste.
	285	(service gpm-service-type)
	286
	287	;; Add an SSH server to facilitate remote installs.
	288	(service openssh-service-type
	289	(openssh-configuration
	290	(port-number 22)
	291	(permit-root-login #t)
	292	;; The root account is passwordless, so make sure
	293	;; a password is set before allowing logins.
	294	(allow-empty-passwords? #f)
	295	(password-authentication? #t)
	296
	297	;; Don't start it upfront.
	298	(%auto-start? #f)))
	299
	300	;; Since this is running on a USB stick with a overlayfs as the root
301	;; file system, use an appropriate cache configuration.
302	(nscd-service (nscd-configuration
303	(caches %nscd-minimal-caches)))
304
305	;; Having /bin/sh is a good idea. In particular it allows Tramp
306	;; connections to this system to work.
307	(service special-files-service-type
308	`(("/bin/sh" ,(file-append (canonical-package bash)
309	"/bin/sh"))))
310
311	;; Loopback device, needed by OpenSSH notably.
312	(service static-networking-service-type
313	(list (static-networking (interface "lo")
314	(ip "127.0.0.1")
315	(requirement '())
316	(provision '(loopback)))))
317
318	(service wpa-supplicant-service-type)
319	(dbus-service)
320	(service connman-service-type
321	(connman-configuration
322	(disable-vpn? #t)))
323
324	;; Keep a reference to BARE-BONES-OS to make sure it can be
325	;; installed without downloading/building anything. Also keep the
326	;; things needed by 'profile-derivation' to minimize the amount of
327	;; download.
328	(service gc-root-service-type
329	(list bare-bones-os
330	glibc-utf8-locales
331	texinfo
332	(canonical-package guile-2.2))))))
fc91c17a LC	333
	334	(define %issue
	335	;; Greeting.
	336	"
8638362f	337	\x1b[1;37mThis is an installation image of the GNU system. Welcome.\x1b[0m
fc91c17a	338
8638362f	339	\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
fc91c17a LC	340	")
	341
	342	(define installation-os
	343	;; The operating system used on installation images for USB sticks etc.
	344	(operating-system
	345	(host-name "gnu")
	346	(timezone "Europe/Paris")
9cd0dfaa	347	(locale "en_US.utf8")
fdfdecdb TGR	348	(bootloader (bootloader-configuration
	349	(bootloader grub-bootloader)
	350	(target "/dev/sda")))
fc91c17a LC	351	(file-systems
	352	;; Note: the disk image build code overrides this root file system with
	353	;; the appropriate one.
ee03b75d LC	354	(cons* (file-system
ee03b75d LC	355	(mount-point "/")
9ceeca08	356	(device (file-system-label "GuixSD_image"))
ee03b75d LC	357	(type "ext4"))
ee03b75d LC	358
d9565f7d HG	359	;; Make /tmp a tmpfs instead of keeping the overlayfs. This
	360	;; originally was used for unionfs because FUSE creates
	361	;; '.fuse_hiddenXYZ' files for each open file, and this confuses
	362	;; Guix's test suite, for instance (see
	363	;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
795ec760	364	;; on the safe side.
ee03b75d LC	365	(file-system
	366	(mount-point "/tmp")
	367	(device "none")
ee03b75d LC	368	(type "tmpfs")
	369	(check? #f))
	370
0feefb53 LC	371	;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
	372	;; elogind's cgroup file systems.
	373	(list %pseudo-terminal-file-system
	374	%shared-memory-file-system
	375	%immutable-store)))
fc91c17a	376
a7961746 MO	377	(users (list (user-account
	378	(name "guest")
	379	(group "users")
	380	(supplementary-groups '("wheel")) ; allow use of sudo
	381	(password "")
	382	(comment "Guest of GNU")
	383	(home-directory "/home/guest"))))
fc91c17a LC	384
fc91c17a LC	385	(issue %issue)
58b21e1e	386	(services %installation-services)
fc91c17a	387
903ae630 LC	388	;; We don't need setuid programs, except for 'passwd', which can be handy
	389	;; if one is to allow remote SSH login to the machine being installed.
	390	(setuid-programs (list (file-append shadow "/bin/passwd")))
fc91c17a LC	391
	392	(pam-services
	393	;; Explicitly allow for empty passwords.
	394	(base-pam-services #:allow-empty-passwords? #t))
	395
a6312f1d	396	(packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
72524ae8	397	parted gptfdisk ddrescue
d0f3a672 MO	398	fontconfig
d0f3a672 MO	399	font-dejavu font-gnu-unifont
7eda0c56	400	grub ;mostly so xrefs to its manual work
b419c7f5	401	cryptsetup
f0fbf2c1	402	mdadm
f731529e	403	dosfstools ;mkfs.fat, for the UEFI boot partition
3a9cfba8	404	btrfs-progs
1e8d398a	405	openssh ;we already have sshd, having ssh/scp can help
1ce6f43a	406	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	407	;; XXX: We used to have GNU fdisk here, but as of version
	408	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	409	;; space; furthermore util-linux's fdisk is already
	410	;; available here, so we keep that.
f4bdfe73	411	bash-completion
a8cb87ab	412	nvi ;:wq!
0b767e3d	413	nss-certs ; To access HTTPS, use git, etc.
6f436c54	414	%base-packages))))
fc91c17a	415
4ce4fc50 DM	416	(define* (os-with-u-boot os board #:key (bootloader-target "/dev/mmcblk0")
	417	(triplet "arm-linux-gnueabihf"))
	418	"Given OS, amend it with the u-boot bootloader for BOARD,
	419	installed to BOOTLOADER-TARGET (a drive), compiled for TRIPLET.
	420
	421	If you want a serial console, make sure to specify one in your
	422	operating-system's kernel-arguments (\"console=ttyS0\" or similar)."
	423	(operating-system (inherit os)
	424	(bootloader (bootloader-configuration
	425	(bootloader (bootloader (inherit u-boot-bootloader)
	426	(package (make-u-boot-package board triplet))))
	427	(target bootloader-target)))))
	428
fccdc8c8 DM	429	(define* (embedded-installation-os bootloader bootloader-target tty
	430	#:key (extra-modules '()))
	431	"Return an installation os for embedded systems.
	432	The initrd gets the extra modules EXTRA-MODULES.
	433	A getty is provided on TTY.
	434	The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
ceb39527 MO	435	(operating-system
	436	(inherit installation-os)
	437	(bootloader (bootloader-configuration
fccdc8c8 DM	438	(bootloader bootloader)
fccdc8c8 DM	439	(target bootloader-target)))
ceb39527	440	(kernel linux-libre)
5a9902c8 DM	441	(kernel-arguments
	442	(cons (string-append "console=" tty)
	443	(operating-system-user-kernel-arguments installation-os)))
bc499b11	444	(initrd-modules (append extra-modules %base-initrd-modules))))
ceb39527	445
fccdc8c8 DM	446	(define beaglebone-black-installation-os
	447	(embedded-installation-os u-boot-beaglebone-black-bootloader
	448	"/dev/sda"
	449	"ttyO0"
	450	#:extra-modules
	451	;; This module is required to mount the sd card.
	452	'("omap_hsmmc")))
	453
	454
0db22b32	455	(define a20-olinuxino-lime-installation-os
c55c6985 DM	456	(embedded-installation-os u-boot-a20-olinuxino-lime-bootloader
	457	"/dev/mmcblk0" ; SD card storage
	458	"ttyS0"))
	459
4b9e9abb	460	(define a20-olinuxino-lime2-emmc-installation-os
fccdc8c8 DM	461	(embedded-installation-os u-boot-a20-olinuxino-lime2-bootloader
	462	"/dev/mmcblk1" ; eMMC storage
	463	"ttyS0"))
a7bb327e DM	464
a7bb327e DM	465	(define a20-olinuxino-micro-installation-os
fccdc8c8 DM	466	(embedded-installation-os u-boot-a20-olinuxino-micro-bootloader
	467	"/dev/mmcblk0" ; SD card storage
	468	"ttyS0"))
4b9e9abb	469
e830c9d0 DM	470	(define bananapi-m2-ultra-installation-os
e830c9d0 DM	471	(embedded-installation-os u-boot-bananapi-m2-ultra-bootloader
fccdc8c8 DM	472	"/dev/mmcblk1" ; eMMC storage
fccdc8c8 DM	473	"ttyS0"))
30aeb846	474
07ca9045 VC	475	(define mx6cuboxi-installation-os
	476	(embedded-installation-os u-boot-mx6cuboxi-bootloader
	477	"/dev/mmcblk0" ; SD card storage
	478	"ttymxc0"))
	479
1b960787 VC	480	(define novena-installation-os
	481	(embedded-installation-os u-boot-novena-bootloader
	482	"/dev/mmcblk1" ; SD card storage
	483	"ttymxc1"))
	484
84ee3378 DM	485	(define nintendo-nes-classic-edition-installation-os
	486	(embedded-installation-os u-boot-nintendo-nes-classic-edition-bootloader
	487	"/dev/mmcblk0" ; SD card (solder it yourself)
	488	"ttyS0"))
	489
9f7d6665 VC	490	(define pine64-plus-installation-os
	491	(embedded-installation-os u-boot-pine64-plus-bootloader
	492	"/dev/mmcblk0" ; SD card storage
	493	"ttyS0"))
	494
74e35e8c VC	495	(define pinebook-installation-os
	496	(embedded-installation-os u-boot-pinebook-bootloader
	497	"/dev/mmcblk0" ; SD card storage
	498	"ttyS0"))
	499
6fe16577 VC	500	(define rk3399-puma-installation-os
	501	(embedded-installation-os u-boot-puma-rk3399-bootloader
	502	"/dev/mmcblk0" ; SD card storage
	503	"ttyS0"))
	504
fd5536e3 VC	505	(define wandboard-installation-os
	506	(embedded-installation-os u-boot-wandboard-bootloader
	507	"/dev/mmcblk0" ; SD card storage
	508	"ttymxc0"))
	509
ceb39527	510	;; Return the default os here so 'guix system' can consume it directly.
fc91c17a LC	511	installation-os
	512
	513	;;; install.scm ends here