[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (gnu services shepherd)
  #:use-module (gnu services ssh)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages nvi)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (installation-os))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (program-file "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$info-reader "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      ;; Bind-mount TARGET's /tmp in case we need space to build things.
      (let ((tmpdir (string-append #$target "/tmp")))
        (mkdir-p tmpdir)
        (mount tmpdir "/tmp" "none" MS_BIND))

      (let* ((rw-dir (string-append target #$%backing-directory))
             (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
        (mkdir-p rw-dir)
        (mkdir-p work-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the overlay, then atomically make it the store.
        (mount "none" "/.rw-store" "overlay" 0
               (string-append "lowerdir=" #$(%store-prefix) ","
                              "upperdir=" rw-dir ","
                              "workdir=" work-dir))
        (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
        (rmdir "/.rw-store"))))

(define cow-store-service-type
  (shepherd-service-type
   'cow-store
   (lambda _
     (shepherd-service
      (requirement '(root-file-system user-processes))
      (provision '(cow-store))
      (documentation
       "Make the store copy-on-write, with writes going to \
the given target.")

      ;; This is meant to be explicitly started by the user.
      (auto-start? #f)

      (start #~(case-lambda
                 ((target)
                  #$(make-cow-store #~target)
                  target)
                 (else
                  ;; Do nothing, and mark the service as stopped.
                  #f)))
      (stop #~(lambda (target)
                ;; Delete the temporary directory, but leave everything
                ;; mounted as there may still be processes using it since
                ;; 'user-processes' doesn't depend on us.  The 'user-unmount'
                ;; service will unmount TARGET eventually.
                (delete-file-recursively
                 (string-append target #$%backing-directory))))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (service cow-store-service-type 'mooooh!))


(define (/etc/configuration-files _)
  "Return a list of tuples representing configuration templates to add to
/etc."
  (define (file f)
    (local-file (string-append "examples/" f)))

  (define directory
    (computed-file "configuration-templates"
                   (with-imported-modules '((guix build utils))
                     #~(begin
                         (mkdir #$output)
                         (for-each (lambda (file target)
                                     (copy-file file
                                                (string-append #$output "/"
                                                               target)))
                                   '(#$(file "bare-bones.tmpl")
                                     #$(file "desktop.tmpl")
                                     #$(file "lightweight-desktop.tmpl"))
                                   '("bare-bones.scm"
                                     "desktop.scm"
                                     "lightweight-desktop.scm"))
                         #t))))

  `(("configuration" ,directory)))

(define configuration-template-service-type
  (service-type (name 'configuration-template)
                (extensions
                 (list (service-extension etc-service-type
                                          /etc/configuration-files)))))

(define %configuration-template-service
  (service configuration-template-service-type #t))


(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))

                    ;; Do not cache lookup failures at all since they are
                    ;; quite likely (for instance when someone tries to ping a
                    ;; host before networking is functional.)
                    (negative-time-to-live 0)

                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define %installation-services
  ;; List of services of the installation system.
  (let ((motd (plain-file "motd" "
Welcome to the installation of the Guix System Distribution!

There is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is 'beta' software, so it may contain bugs.

You have been warned.  Thanks for being so brave.
")))
    (define (normal-tty tty)
      (mingetty-service (mingetty-configuration (tty tty)
                                                (auto-login "root")
                                                (login-pause? #t))))

    (define bare-bones-os
      (load "examples/bare-bones.tmpl"))

    (list (mingetty-service (mingetty-configuration
                             (tty "tty1")
                             (auto-login "root")))

          (login-service (login-configuration
                          (motd motd)))

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service (mingetty-configuration
                             (tty "tty2")
                             (auto-login "guest")
                             (login-program (log-to-info))))

          ;; Documentation add-on.
          %configuration-template-service

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service (guix-configuration (authorize-key? #t)))

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.
          (service console-font-service-type
                   (map (lambda (tty)
                          (cons tty %default-console-font))
                        '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))

          ;; To facilitate copy/paste.
          (gpm-service)

          ;; Add an SSH server to facilitate remote installs.
          (service openssh-service-type
                   (openssh-configuration
                    (port-number 22)
                    (permit-root-login #t)
                    ;; The root account is passwordless, so make sure
                    ;; a password is set before allowing logins.
                    (allow-empty-passwords? #f)
                    (password-authentication? #t)))

          ;; Since this is running on a USB stick with a overlayfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches)))

          ;; Having /bin/sh is a good idea.  In particular it allows Tramp
          ;; connections to this system to work.
          (service special-files-service-type
                   `(("/bin/sh" ,(file-append (canonical-package bash)
                                              "/bin/sh"))))

          ;; Keep a reference to BARE-BONES-OS to make sure it can be
          ;; installed without downloading/building anything.  Also keep the
          ;; things needed by 'profile-derivation' to minimize the amount of
          ;; download.
          (service gc-root-service-type
                   (list bare-bones-os
                         glibc-utf8-locales
                         texinfo
                         (canonical-package guile-2.2))))))

(define %issue
  ;; Greeting.
  "
This is an installation image of the GNU system.  Welcome.

Use Alt-F2 for documentation.
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (grub-configuration (target "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons* (file-system
              (mount-point "/")
              (device "GuixSD_image")
              (title 'label)
              (type "ext4"))

            ;; Make /tmp a tmpfs instead of keeping the overlayfs.  This
            ;; originally was used for unionfs because FUSE creates
            ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
            ;; Guix's test suite, for instance (see
            ;; <http://bugs.gnu.org/23056>).  We keep this for overlayfs to be
            ;; on the safe side.
            (file-system
              (mount-point "/tmp")
              (device "none")
              (title 'device)
              (type "tmpfs")
              (check? #f))

            ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
            ;; elogind's cgroup file systems.
            (list %pseudo-terminal-file-system
                  %shared-memory-file-system
                  %immutable-store)))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel")) ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)
    (services %installation-services)

    ;; We don't need setuid programs, except for 'passwd', which can be handy
    ;; if one is to allow remote SSH login to the machine being installed.
    (setuid-programs (list (file-append shadow "/bin/passwd")))

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
                     parted gptfdisk ddrescue
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     mdadm
                     dosfstools         ;mkfs.fat, for the UEFI boot partition
                     btrfs-progs
                     openssh    ;we already have sshd, having ssh/scp can help
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     nvi                          ;:wq!
                     %base-packages))))

;; Return it here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
239c2266	2	;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
f0fbf2c1	4	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
c80cd4df	5	;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
fc91c17a LC	6	;;;
	7	;;; This file is part of GNU Guix.
	8	;;;
	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
	14	;;; GNU Guix is distributed in the hope that it will be useful, but
	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	21
	22	(define-module (gnu system install)
	23	#:use-module (gnu)
	24	#:use-module (guix gexp)
e87f0591	25	#:use-module (guix store)
fc91c17a	26	#:use-module (guix monads)
83a17b62	27	#:use-module ((guix store) #:select (%store-prefix))
0190c1c0	28	#:use-module (gnu services shepherd)
c80cd4df	29	#:use-module (gnu services ssh)
db84467a	30	#:use-module (gnu packages admin)
f4bdfe73	31	#:use-module (gnu packages bash)
862e38d5	32	#:use-module (gnu packages bootloaders)
af4a761e	33	#:use-module (gnu packages guile)
fc91c17a	34	#:use-module (gnu packages linux)
1e8d398a	35	#:use-module (gnu packages ssh)
b419c7f5	36	#:use-module (gnu packages cryptsetup)
fc91c17a	37	#:use-module (gnu packages package-management)
cc4a2aeb	38	#:use-module (gnu packages disk)
fc91c17a	39	#:use-module (gnu packages texinfo)
dd6b28d1	40	#:use-module (gnu packages compression)
a8cb87ab	41	#:use-module (gnu packages nvi)
e1fbc32a LC	42	#:use-module (ice-9 match)
e1fbc32a LC	43	#:use-module (srfi srfi-26)
239c2266	44	#:export (installation-os))
fc91c17a LC	45
	46	;;; Commentary:
	47	;;;
	48	;;; This module provides an 'operating-system' definition for use on images
	49	;;; for USB sticks etc., for the installation of the GNU system.
	50	;;;
	51	;;; Code:
	52
9d3fb6c7	53	\f
fc91c17a LC	54	(define (log-to-info)
	55	"Return a script that spawns the Info reader on the right section of the
	56	manual."
ce8a6dfc	57	(program-file "log-to-info"
dd6b28d1 LC	58	#~(begin
	59	;; 'gunzip' is needed to decompress the doc.
	60	(setenv "PATH" (string-append #$gzip "/bin"))
	61
68abb9b0	62	(execl (string-append #$info-reader "/bin/info") "info"
dd6b28d1 LC	63	"-d" "/run/current-system/profile/share/info"
	64	"-f" (string-append #$guix "/share/info/guix.info")
	65	"-n" "System Installation"))))
fc91c17a	66
83a17b62 LC	67	(define %backing-directory
	68	;; Sub-directory used as the backing store for copy-on-write.
	69	"/tmp/guix-inst")
	70
	71	(define (make-cow-store target)
	72	"Return a gexp that makes the store copy-on-write, using TARGET as the
	73	backing store. This is useful when TARGET is on a hard disk, whereas the
	74	current store is on a RAM disk."
83a17b62 LC	75
	76	(define (set-store-permissions directory)
	77	;; Set the right perms on DIRECTORY to use it as the store.
	78	#~(begin
	79	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	80	(chmod #$directory #o1775)))
	81
	82	#~(begin
0adabad7 LC	83	;; Bind-mount TARGET's /tmp in case we need space to build things.
	84	(let ((tmpdir (string-append #$target "/tmp")))
	85	(mkdir-p tmpdir)
	86	(mount tmpdir "/tmp" "none" MS_BIND))
	87
d9565f7d HG	88	(let* ((rw-dir (string-append target #$%backing-directory))
d9565f7d HG	89	(work-dir (string-append rw-dir "/../.overlayfs-workdir")))
83a17b62	90	(mkdir-p rw-dir)
d9565f7d	91	(mkdir-p work-dir)
83a17b62 LC	92	(mkdir-p "/.rw-store")
	93	#$(set-store-permissions #~rw-dir)
	94	#$(set-store-permissions "/.rw-store")
	95
d9565f7d HG	96	;; Mount the overlay, then atomically make it the store.
	97	(mount "none" "/.rw-store" "overlay" 0
	98	(string-append "lowerdir=" #$(%store-prefix) ","
	99	"upperdir=" rw-dir ","
	100	"workdir=" work-dir))
	101	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	102	(rmdir "/.rw-store"))))
83a17b62	103
0adfe95a	104	(define cow-store-service-type
d4053c71	105	(shepherd-service-type
00184239	106	'cow-store
0adfe95a	107	(lambda _
d4053c71	108	(shepherd-service
0adfe95a LC	109	(requirement '(root-file-system user-processes))
	110	(provision '(cow-store))
	111	(documentation
	112	"Make the store copy-on-write, with writes going to \
	113	the given target.")
	114
	115	;; This is meant to be explicitly started by the user.
	116	(auto-start? #f)
	117
	118	(start #~(case-lambda
	119	((target)
	120	#$(make-cow-store #~target)
	121	target)
	122	(else
	123	;; Do nothing, and mark the service as stopped.
	124	#f)))
	125	(stop #~(lambda (target)
	126	;; Delete the temporary directory, but leave everything
	127	;; mounted as there may still be processes using it since
	128	;; 'user-processes' doesn't depend on us. The 'user-unmount'
	129	;; service will unmount TARGET eventually.
	130	(delete-file-recursively
	131	(string-append target #$%backing-directory))))))))
	132
83a17b62 LC	133	(define (cow-store-service)
	134	"Return a service that makes the store copy-on-write, such that writes go to
	135	the user's target storage device rather than on the RAM disk."
	136	;; See <http://bugs.gnu.org/18061> for the initial report.
0adfe95a LC	137	(service cow-store-service-type 'mooooh!))
	138
	139
	140	(define (/etc/configuration-files _)
	141	"Return a list of tuples representing configuration templates to add to
	142	/etc."
	143	(define (file f)
bae90dc7	144	(local-file (string-append "examples/" f)))
0adfe95a LC	145
	146	(define directory
	147	(computed-file "configuration-templates"
4ee96a79 LC	148	(with-imported-modules '((guix build utils))
	149	#~(begin
	150	(mkdir #$output)
	151	(for-each (lambda (file target)
	152	(copy-file file
	153	(string-append #$output "/"
	154	target)))
	155	'(#$(file "bare-bones.tmpl")
	156	#$(file "desktop.tmpl")
	157	#$(file "lightweight-desktop.tmpl"))
	158	'("bare-bones.scm"
	159	"desktop.scm"
	160	"lightweight-desktop.scm"))
	161	#t))))
0adfe95a LC	162
	163	`(("configuration" ,directory)))
	164
	165	(define configuration-template-service-type
	166	(service-type (name 'configuration-template)
	167	(extensions
	168	(list (service-extension etc-service-type
	169	/etc/configuration-files)))))
	170
	171	(define %configuration-template-service
	172	(service configuration-template-service-type #t))
be1c2c54	173
1dac8566	174
61ff0a3a LC	175	(define %nscd-minimal-caches
	176	;; Minimal in-memory caching policy for nscd.
	177	(list (nscd-cache (database 'hosts)
	178	(positive-time-to-live (* 3600 12))
c96ba2cf LC	179
	180	;; Do not cache lookup failures at all since they are
	181	;; quite likely (for instance when someone tries to ping a
	182	;; host before networking is functional.)
	183	(negative-time-to-live 0)
	184
61ff0a3a LC	185	(persistent? #f)
	186	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	187
58b21e1e LC	188	(define %installation-services
58b21e1e LC	189	;; List of services of the installation system.
ce8a6dfc	190	(let ((motd (plain-file "motd" "
c73adb09	191	Welcome to the installation of the Guix System Distribution!
fc91c17a LC	192
	193	There is NO WARRANTY, to the extent permitted by law. In particular, you may
	194	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
c82c060d	195	it is 'beta' software, so it may contain bugs.
fc91c17a LC	196
	197	You have been warned. Thanks for being so brave.
	198	")))
	199	(define (normal-tty tty)
66e4f01c	200	(mingetty-service (mingetty-configuration (tty tty)
66e4f01c LC	201	(auto-login "root")
66e4f01c LC	202	(login-pause? #t))))
fc91c17a	203
4e854b18 LC	204	(define bare-bones-os
	205	(load "examples/bare-bones.tmpl"))
	206
66e4f01c LC	207	(list (mingetty-service (mingetty-configuration
66e4f01c LC	208	(tty "tty1")
66e4f01c	209	(auto-login "root")))
fc91c17a	210
2932ab9c DC	211	(login-service (login-configuration
	212	(motd motd)))
	213
62ca0fdf LC	214	;; Documentation. The manual is in UTF-8, but
	215	;; 'console-font-service' sets up Unicode support and loads a font
	216	;; with all the useful glyphs like em dash and quotation marks.
66e4f01c LC	217	(mingetty-service (mingetty-configuration
66e4f01c LC	218	(tty "tty2")
66e4f01c LC	219	(auto-login "guest")
66e4f01c LC	220	(login-program (log-to-info))))
fc91c17a	221
1dac8566	222	;; Documentation add-on.
0adfe95a	223	%configuration-template-service
1dac8566	224
fc91c17a LC	225	;; A bunch of 'root' ttys.
	226	(normal-tty "tty3")
	227	(normal-tty "tty4")
	228	(normal-tty "tty5")
	229	(normal-tty "tty6")
	230
	231	;; The usual services.
	232	(syslog-service)
2c5c696c LC	233
	234	;; The build daemon. Register the hydra.gnu.org key as trusted.
	235	;; This allows the installation process to use substitutes by
	236	;; default.
0adfe95a	237	(guix-service (guix-configuration (authorize-key? #t)))
2c5c696c	238
e11390df	239	;; Start udev so that useful device nodes are available.
68ac258b LC	240	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	241	;; regulations-compliant WiFi access.
	242	(udev-service #:rules (list lvm2 crda))
e11390df	243
83a17b62 LC	244	;; Add the 'cow-store' service, which users have to start manually
	245	;; since it takes the installation directory as an argument.
	246	(cow-store-service)
	247
62ca0fdf	248	;; Install Unicode support and a suitable font.
4a84a487 LC	249	(service console-font-service-type
	250	(map (lambda (tty)
	251	(cons tty %default-console-font))
	252	'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
62ca0fdf	253
ae7ffa9e LC	254	;; To facilitate copy/paste.
	255	(gpm-service)
	256
c80cd4df MB	257	;; Add an SSH server to facilitate remote installs.
	258	(service openssh-service-type
	259	(openssh-configuration
	260	(port-number 22)
	261	(permit-root-login #t)
	262	;; The root account is passwordless, so make sure
	263	;; a password is set before allowing logins.
	264	(allow-empty-passwords? #f)
	265	(password-authentication? #t)))
	266
d9565f7d	267	;; Since this is running on a USB stick with a overlayfs as the root
61ff0a3a LC	268	;; file system, use an appropriate cache configuration.
61ff0a3a LC	269	(nscd-service (nscd-configuration
50cb948f LC	270	(caches %nscd-minimal-caches)))
	271
	272	;; Having /bin/sh is a good idea. In particular it allows Tramp
	273	;; connections to this system to work.
	274	(service special-files-service-type
	275	`(("/bin/sh" ,(file-append (canonical-package bash)
4e854b18 LC	276	"/bin/sh"))))
	277
	278	;; Keep a reference to BARE-BONES-OS to make sure it can be
af4a761e LC	279	;; installed without downloading/building anything. Also keep the
	280	;; things needed by 'profile-derivation' to minimize the amount of
	281	;; download.
	282	(service gc-root-service-type
	283	(list bare-bones-os
	284	glibc-utf8-locales
	285	texinfo
	286	(canonical-package guile-2.2))))))
fc91c17a LC	287
	288	(define %issue
	289	;; Greeting.
	290	"
	291	This is an installation image of the GNU system. Welcome.
	292
	293	Use Alt-F2 for documentation.
	294	")
	295
	296	(define installation-os
	297	;; The operating system used on installation images for USB sticks etc.
	298	(operating-system
	299	(host-name "gnu")
	300	(timezone "Europe/Paris")
9cd0dfaa	301	(locale "en_US.utf8")
045ebb3e	302	(bootloader (grub-configuration (target "/dev/sda")))
fc91c17a LC	303	(file-systems
	304	;; Note: the disk image build code overrides this root file system with
	305	;; the appropriate one.
ee03b75d LC	306	(cons* (file-system
ee03b75d LC	307	(mount-point "/")
0862b954	308	(device "GuixSD_image")
ee03b75d LC	309	(title 'label)
	310	(type "ext4"))
	311
d9565f7d HG	312	;; Make /tmp a tmpfs instead of keeping the overlayfs. This
	313	;; originally was used for unionfs because FUSE creates
	314	;; '.fuse_hiddenXYZ' files for each open file, and this confuses
	315	;; Guix's test suite, for instance (see
	316	;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
795ec760	317	;; on the safe side.
ee03b75d LC	318	(file-system
	319	(mount-point "/tmp")
	320	(device "none")
	321	(title 'device)
	322	(type "tmpfs")
	323	(check? #f))
	324
0feefb53 LC	325	;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
	326	;; elogind's cgroup file systems.
	327	(list %pseudo-terminal-file-system
	328	%shared-memory-file-system
	329	%immutable-store)))
fc91c17a LC	330
	331	(users (list (user-account
	332	(name "guest")
72507e23	333	(group "users")
ee03b75d	334	(supplementary-groups '("wheel")) ; allow use of sudo
fc91c17a LC	335	(password "")
	336	(comment "Guest of GNU")
	337	(home-directory "/home/guest"))))
fc91c17a LC	338
fc91c17a LC	339	(issue %issue)
58b21e1e	340	(services %installation-services)
fc91c17a	341
903ae630 LC	342	;; We don't need setuid programs, except for 'passwd', which can be handy
	343	;; if one is to allow remote SSH login to the machine being installed.
	344	(setuid-programs (list (file-append shadow "/bin/passwd")))
fc91c17a LC	345
	346	(pam-services
	347	;; Explicitly allow for empty passwords.
	348	(base-pam-services #:allow-empty-passwords? #t))
	349
a6312f1d	350	(packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
72524ae8	351	parted gptfdisk ddrescue
7eda0c56	352	grub ;mostly so xrefs to its manual work
b419c7f5	353	cryptsetup
f0fbf2c1	354	mdadm
f731529e	355	dosfstools ;mkfs.fat, for the UEFI boot partition
3a9cfba8	356	btrfs-progs
1e8d398a	357	openssh ;we already have sshd, having ssh/scp can help
1ce6f43a	358	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	359	;; XXX: We used to have GNU fdisk here, but as of version
	360	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	361	;; space; furthermore util-linux's fdisk is already
	362	;; available here, so we keep that.
f4bdfe73	363	bash-completion
a8cb87ab	364	nvi ;:wq!
6f436c54	365	%base-packages))))
fc91c17a LC	366
	367	;; Return it here so 'guix system' can consume it directly.
	368	installation-os
	369
	370	;;; install.scm ends here