[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (gnu bootloader u-boot)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (gnu services shepherd)
  #:use-module (gnu services ssh)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages nvi)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (installation-os
            beaglebone-black-installation-os))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (program-file "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$info-reader "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      ;; Bind-mount TARGET's /tmp in case we need space to build things.
      (let ((tmpdir (string-append #$target "/tmp")))
        (mkdir-p tmpdir)
        (mount tmpdir "/tmp" "none" MS_BIND))

      (let* ((rw-dir (string-append target #$%backing-directory))
             (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
        (mkdir-p rw-dir)
        (mkdir-p work-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the overlay, then atomically make it the store.
        (mount "none" "/.rw-store" "overlay" 0
               (string-append "lowerdir=" #$(%store-prefix) ","
                              "upperdir=" rw-dir ","
                              "workdir=" work-dir))
        (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
        (rmdir "/.rw-store"))))

(define cow-store-service-type
  (shepherd-service-type
   'cow-store
   (lambda _
     (shepherd-service
      (requirement '(root-file-system user-processes))
      (provision '(cow-store))
      (documentation
       "Make the store copy-on-write, with writes going to \
the given target.")

      ;; This is meant to be explicitly started by the user.
      (auto-start? #f)

      (start #~(case-lambda
                 ((target)
                  #$(make-cow-store #~target)
                  target)
                 (else
                  ;; Do nothing, and mark the service as stopped.
                  #f)))
      (stop #~(lambda (target)
                ;; Delete the temporary directory, but leave everything
                ;; mounted as there may still be processes using it since
                ;; 'user-processes' doesn't depend on us.  The 'user-unmount'
                ;; service will unmount TARGET eventually.
                (delete-file-recursively
                 (string-append target #$%backing-directory))))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (service cow-store-service-type 'mooooh!))


(define (/etc/configuration-files _)
  "Return a list of tuples representing configuration templates to add to
/etc."
  (define (file f)
    (local-file (string-append "examples/" f)))

  (define directory
    (computed-file "configuration-templates"
                   (with-imported-modules '((guix build utils))
                     #~(begin
                         (mkdir #$output)
                         (for-each (lambda (file target)
                                     (copy-file file
                                                (string-append #$output "/"
                                                               target)))
                                   '(#$(file "bare-bones.tmpl")
                                     #$(file "desktop.tmpl")
                                     #$(file "lightweight-desktop.tmpl"))
                                   '("bare-bones.scm"
                                     "desktop.scm"
                                     "lightweight-desktop.scm"))
                         #t))))

  `(("configuration" ,directory)))

(define configuration-template-service-type
  (service-type (name 'configuration-template)
                (extensions
                 (list (service-extension etc-service-type
                                          /etc/configuration-files)))))

(define %configuration-template-service
  (service configuration-template-service-type #t))


(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))

                    ;; Do not cache lookup failures at all since they are
                    ;; quite likely (for instance when someone tries to ping a
                    ;; host before networking is functional.)
                    (negative-time-to-live 0)

                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define %installation-services
  ;; List of services of the installation system.
  (let ((motd (plain-file "motd" "
\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m

\x1b[2mThere is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is 'beta' software, so it may contain bugs.

You have been warned.  Thanks for being so brave.\x1b[0m
")))
    (define (normal-tty tty)
      (mingetty-service (mingetty-configuration (tty tty)
                                                (auto-login "root")
                                                (login-pause? #t))))

    (define bare-bones-os
      (load "examples/bare-bones.tmpl"))

    (list (mingetty-service (mingetty-configuration
                             (tty "tty1")
                             (auto-login "root")))

          (login-service (login-configuration
                          (motd motd)))

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service (mingetty-configuration
                             (tty "tty2")
                             (auto-login "guest")
                             (login-program (log-to-info))))

          ;; Documentation add-on.
          %configuration-template-service

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service (guix-configuration (authorize-key? #t)))

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.  Use a font that
          ;; doesn't have more than 256 glyphs so that we can use colors with
          ;; varying brightness levels (see note in setfont(8)).
          (service console-font-service-type
                   (map (lambda (tty)
                          (cons tty "lat9u-16"))
                        '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))

          ;; To facilitate copy/paste.
          (gpm-service)

          ;; Add an SSH server to facilitate remote installs.
          (service openssh-service-type
                   (openssh-configuration
                    (port-number 22)
                    (permit-root-login #t)
                    ;; The root account is passwordless, so make sure
                    ;; a password is set before allowing logins.
                    (allow-empty-passwords? #f)
                    (password-authentication? #t)

                    ;; Don't start it upfront.
                    (%auto-start? #f)))

          ;; Since this is running on a USB stick with a overlayfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches)))

          ;; Having /bin/sh is a good idea.  In particular it allows Tramp
          ;; connections to this system to work.
          (service special-files-service-type
                   `(("/bin/sh" ,(file-append (canonical-package bash)
                                              "/bin/sh"))))

          ;; Keep a reference to BARE-BONES-OS to make sure it can be
          ;; installed without downloading/building anything.  Also keep the
          ;; things needed by 'profile-derivation' to minimize the amount of
          ;; download.
          (service gc-root-service-type
                   (list bare-bones-os
                         glibc-utf8-locales
                         texinfo
                         (canonical-package guile-2.2))))))

(define %issue
  ;; Greeting.
  "
\x1b[1;37mThis is an installation image of the GNU system.  Welcome.\x1b[0m

\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (bootloader-configuration
                 (bootloader grub-bootloader)
                 (target "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons* (file-system
              (mount-point "/")
              (device "GuixSD_image")
              (title 'label)
              (type "ext4"))

            ;; Make /tmp a tmpfs instead of keeping the overlayfs.  This
            ;; originally was used for unionfs because FUSE creates
            ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
            ;; Guix's test suite, for instance (see
            ;; <http://bugs.gnu.org/23056>).  We keep this for overlayfs to be
            ;; on the safe side.
            (file-system
              (mount-point "/tmp")
              (device "none")
              (title 'device)
              (type "tmpfs")
              (check? #f))

            ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
            ;; elogind's cgroup file systems.
            (list %pseudo-terminal-file-system
                  %shared-memory-file-system
                  %immutable-store)))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel")) ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)
    (services %installation-services)

    ;; We don't need setuid programs, except for 'passwd', which can be handy
    ;; if one is to allow remote SSH login to the machine being installed.
    (setuid-programs (list (file-append shadow "/bin/passwd")))

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
                     parted gptfdisk ddrescue
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     mdadm
                     dosfstools         ;mkfs.fat, for the UEFI boot partition
                     btrfs-progs
                     openssh    ;we already have sshd, having ssh/scp can help
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     nvi                          ;:wq!
                     %base-packages))))

(define beaglebone-black-installation-os
  (operating-system
    (inherit installation-os)
    (bootloader (bootloader-configuration
                 (bootloader u-boot-beaglebone-black-bootloader)
                 (target "/dev/sda")))
    (kernel linux-libre)
    (initrd (lambda (fs . rest)
              (apply base-initrd fs
                     ;; This module is required to mount the sd card.
                     #:extra-modules (list "omap_hsmmc")
                     rest)))
    (services (append
               ;; mingetty does not work on serial lines.
               ;; Use agetty with board-specific serial parameters.
               (list (agetty-service
                      (agetty-configuration
                       (extra-options '("-L"))
                       (baud-rate "115200")
                       (term "vt100")
                       (tty "ttyO0"))))
               (operating-system-user-services installation-os)))))

;; Return the default os here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
239c2266	2	;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
f0fbf2c1	4	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
c80cd4df	5	;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
fdfdecdb	6	;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
fc91c17a LC	7	;;;
	8	;;; This file is part of GNU Guix.
	9	;;;
	10	;;; GNU Guix is free software; you can redistribute it and/or modify it
	11	;;; under the terms of the GNU General Public License as published by
	12	;;; the Free Software Foundation; either version 3 of the License, or (at
	13	;;; your option) any later version.
	14	;;;
	15	;;; GNU Guix is distributed in the hope that it will be useful, but
	16	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	17	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	;;; GNU General Public License for more details.
	19	;;;
	20	;;; You should have received a copy of the GNU General Public License
	21	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	22
	23	(define-module (gnu system install)
	24	#:use-module (gnu)
ceb39527	25	#:use-module (gnu bootloader u-boot)
fc91c17a	26	#:use-module (guix gexp)
e87f0591	27	#:use-module (guix store)
fc91c17a	28	#:use-module (guix monads)
83a17b62	29	#:use-module ((guix store) #:select (%store-prefix))
0190c1c0	30	#:use-module (gnu services shepherd)
c80cd4df	31	#:use-module (gnu services ssh)
db84467a	32	#:use-module (gnu packages admin)
f4bdfe73	33	#:use-module (gnu packages bash)
862e38d5	34	#:use-module (gnu packages bootloaders)
af4a761e	35	#:use-module (gnu packages guile)
fc91c17a	36	#:use-module (gnu packages linux)
1e8d398a	37	#:use-module (gnu packages ssh)
b419c7f5	38	#:use-module (gnu packages cryptsetup)
fc91c17a	39	#:use-module (gnu packages package-management)
cc4a2aeb	40	#:use-module (gnu packages disk)
fc91c17a	41	#:use-module (gnu packages texinfo)
dd6b28d1	42	#:use-module (gnu packages compression)
a8cb87ab	43	#:use-module (gnu packages nvi)
e1fbc32a LC	44	#:use-module (ice-9 match)
e1fbc32a LC	45	#:use-module (srfi srfi-26)
ceb39527 MO	46	#:export (installation-os
ceb39527 MO	47	beaglebone-black-installation-os))
fc91c17a LC	48
	49	;;; Commentary:
	50	;;;
	51	;;; This module provides an 'operating-system' definition for use on images
	52	;;; for USB sticks etc., for the installation of the GNU system.
	53	;;;
	54	;;; Code:
	55
9d3fb6c7	56	\f
fc91c17a LC	57	(define (log-to-info)
	58	"Return a script that spawns the Info reader on the right section of the
	59	manual."
ce8a6dfc	60	(program-file "log-to-info"
dd6b28d1 LC	61	#~(begin
	62	;; 'gunzip' is needed to decompress the doc.
	63	(setenv "PATH" (string-append #$gzip "/bin"))
	64
68abb9b0	65	(execl (string-append #$info-reader "/bin/info") "info"
dd6b28d1 LC	66	"-d" "/run/current-system/profile/share/info"
	67	"-f" (string-append #$guix "/share/info/guix.info")
	68	"-n" "System Installation"))))
fc91c17a	69
83a17b62 LC	70	(define %backing-directory
	71	;; Sub-directory used as the backing store for copy-on-write.
	72	"/tmp/guix-inst")
	73
	74	(define (make-cow-store target)
	75	"Return a gexp that makes the store copy-on-write, using TARGET as the
	76	backing store. This is useful when TARGET is on a hard disk, whereas the
	77	current store is on a RAM disk."
83a17b62 LC	78
	79	(define (set-store-permissions directory)
	80	;; Set the right perms on DIRECTORY to use it as the store.
	81	#~(begin
	82	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	83	(chmod #$directory #o1775)))
	84
	85	#~(begin
0adabad7 LC	86	;; Bind-mount TARGET's /tmp in case we need space to build things.
	87	(let ((tmpdir (string-append #$target "/tmp")))
	88	(mkdir-p tmpdir)
	89	(mount tmpdir "/tmp" "none" MS_BIND))
	90
d9565f7d HG	91	(let* ((rw-dir (string-append target #$%backing-directory))
d9565f7d HG	92	(work-dir (string-append rw-dir "/../.overlayfs-workdir")))
83a17b62	93	(mkdir-p rw-dir)
d9565f7d	94	(mkdir-p work-dir)
83a17b62 LC	95	(mkdir-p "/.rw-store")
	96	#$(set-store-permissions #~rw-dir)
	97	#$(set-store-permissions "/.rw-store")
	98
d9565f7d HG	99	;; Mount the overlay, then atomically make it the store.
	100	(mount "none" "/.rw-store" "overlay" 0
	101	(string-append "lowerdir=" #$(%store-prefix) ","
	102	"upperdir=" rw-dir ","
	103	"workdir=" work-dir))
	104	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	105	(rmdir "/.rw-store"))))
83a17b62	106
0adfe95a	107	(define cow-store-service-type
d4053c71	108	(shepherd-service-type
00184239	109	'cow-store
0adfe95a	110	(lambda _
d4053c71	111	(shepherd-service
0adfe95a LC	112	(requirement '(root-file-system user-processes))
	113	(provision '(cow-store))
	114	(documentation
	115	"Make the store copy-on-write, with writes going to \
	116	the given target.")
	117
	118	;; This is meant to be explicitly started by the user.
	119	(auto-start? #f)
	120
	121	(start #~(case-lambda
	122	((target)
	123	#$(make-cow-store #~target)
	124	target)
	125	(else
	126	;; Do nothing, and mark the service as stopped.
	127	#f)))
	128	(stop #~(lambda (target)
	129	;; Delete the temporary directory, but leave everything
	130	;; mounted as there may still be processes using it since
	131	;; 'user-processes' doesn't depend on us. The 'user-unmount'
	132	;; service will unmount TARGET eventually.
	133	(delete-file-recursively
	134	(string-append target #$%backing-directory))))))))
	135
83a17b62 LC	136	(define (cow-store-service)
	137	"Return a service that makes the store copy-on-write, such that writes go to
	138	the user's target storage device rather than on the RAM disk."
	139	;; See <http://bugs.gnu.org/18061> for the initial report.
0adfe95a LC	140	(service cow-store-service-type 'mooooh!))
	141
	142
	143	(define (/etc/configuration-files _)
	144	"Return a list of tuples representing configuration templates to add to
	145	/etc."
	146	(define (file f)
bae90dc7	147	(local-file (string-append "examples/" f)))
0adfe95a LC	148
	149	(define directory
	150	(computed-file "configuration-templates"
4ee96a79 LC	151	(with-imported-modules '((guix build utils))
	152	#~(begin
	153	(mkdir #$output)
	154	(for-each (lambda (file target)
	155	(copy-file file
	156	(string-append #$output "/"
	157	target)))
	158	'(#$(file "bare-bones.tmpl")
	159	#$(file "desktop.tmpl")
	160	#$(file "lightweight-desktop.tmpl"))
	161	'("bare-bones.scm"
	162	"desktop.scm"
	163	"lightweight-desktop.scm"))
	164	#t))))
0adfe95a LC	165
	166	`(("configuration" ,directory)))
	167
	168	(define configuration-template-service-type
	169	(service-type (name 'configuration-template)
	170	(extensions
	171	(list (service-extension etc-service-type
	172	/etc/configuration-files)))))
	173
	174	(define %configuration-template-service
	175	(service configuration-template-service-type #t))
be1c2c54	176
1dac8566	177
61ff0a3a LC	178	(define %nscd-minimal-caches
	179	;; Minimal in-memory caching policy for nscd.
	180	(list (nscd-cache (database 'hosts)
	181	(positive-time-to-live (* 3600 12))
c96ba2cf LC	182
	183	;; Do not cache lookup failures at all since they are
	184	;; quite likely (for instance when someone tries to ping a
	185	;; host before networking is functional.)
	186	(negative-time-to-live 0)
	187
61ff0a3a LC	188	(persistent? #f)
	189	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	190
58b21e1e LC	191	(define %installation-services
58b21e1e LC	192	;; List of services of the installation system.
ce8a6dfc	193	(let ((motd (plain-file "motd" "
8638362f	194	\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m
fc91c17a	195
8638362f	196	\x1b[2mThere is NO WARRANTY, to the extent permitted by law. In particular, you may
fc91c17a	197	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
c82c060d	198	it is 'beta' software, so it may contain bugs.
fc91c17a	199
8638362f	200	You have been warned. Thanks for being so brave.\x1b[0m
fc91c17a LC	201	")))
fc91c17a LC	202	(define (normal-tty tty)
66e4f01c	203	(mingetty-service (mingetty-configuration (tty tty)
66e4f01c LC	204	(auto-login "root")
66e4f01c LC	205	(login-pause? #t))))
fc91c17a	206
4e854b18 LC	207	(define bare-bones-os
	208	(load "examples/bare-bones.tmpl"))
	209
66e4f01c LC	210	(list (mingetty-service (mingetty-configuration
66e4f01c LC	211	(tty "tty1")
66e4f01c	212	(auto-login "root")))
fc91c17a	213
2932ab9c DC	214	(login-service (login-configuration
	215	(motd motd)))
	216
62ca0fdf LC	217	;; Documentation. The manual is in UTF-8, but
	218	;; 'console-font-service' sets up Unicode support and loads a font
	219	;; with all the useful glyphs like em dash and quotation marks.
66e4f01c LC	220	(mingetty-service (mingetty-configuration
66e4f01c LC	221	(tty "tty2")
66e4f01c LC	222	(auto-login "guest")
66e4f01c LC	223	(login-program (log-to-info))))
fc91c17a	224
1dac8566	225	;; Documentation add-on.
0adfe95a	226	%configuration-template-service
1dac8566	227
fc91c17a LC	228	;; A bunch of 'root' ttys.
	229	(normal-tty "tty3")
	230	(normal-tty "tty4")
	231	(normal-tty "tty5")
	232	(normal-tty "tty6")
	233
	234	;; The usual services.
	235	(syslog-service)
2c5c696c LC	236
	237	;; The build daemon. Register the hydra.gnu.org key as trusted.
	238	;; This allows the installation process to use substitutes by
	239	;; default.
0adfe95a	240	(guix-service (guix-configuration (authorize-key? #t)))
2c5c696c	241
e11390df	242	;; Start udev so that useful device nodes are available.
68ac258b LC	243	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	244	;; regulations-compliant WiFi access.
	245	(udev-service #:rules (list lvm2 crda))
e11390df	246
83a17b62 LC	247	;; Add the 'cow-store' service, which users have to start manually
	248	;; since it takes the installation directory as an argument.
	249	(cow-store-service)
	250
8638362f LC	251	;; Install Unicode support and a suitable font. Use a font that
	252	;; doesn't have more than 256 glyphs so that we can use colors with
	253	;; varying brightness levels (see note in setfont(8)).
4a84a487 LC	254	(service console-font-service-type
4a84a487 LC	255	(map (lambda (tty)
8638362f	256	(cons tty "lat9u-16"))
4a84a487	257	'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
62ca0fdf	258
ae7ffa9e LC	259	;; To facilitate copy/paste.
	260	(gpm-service)
	261
c80cd4df MB	262	;; Add an SSH server to facilitate remote installs.
	263	(service openssh-service-type
	264	(openssh-configuration
	265	(port-number 22)
	266	(permit-root-login #t)
	267	;; The root account is passwordless, so make sure
	268	;; a password is set before allowing logins.
	269	(allow-empty-passwords? #f)
aab322d9 LC	270	(password-authentication? #t)
	271
	272	;; Don't start it upfront.
	273	(%auto-start? #f)))
c80cd4df	274
d9565f7d	275	;; Since this is running on a USB stick with a overlayfs as the root
61ff0a3a LC	276	;; file system, use an appropriate cache configuration.
61ff0a3a LC	277	(nscd-service (nscd-configuration
50cb948f LC	278	(caches %nscd-minimal-caches)))
	279
	280	;; Having /bin/sh is a good idea. In particular it allows Tramp
	281	;; connections to this system to work.
	282	(service special-files-service-type
	283	`(("/bin/sh" ,(file-append (canonical-package bash)
4e854b18 LC	284	"/bin/sh"))))
	285
	286	;; Keep a reference to BARE-BONES-OS to make sure it can be
af4a761e LC	287	;; installed without downloading/building anything. Also keep the
	288	;; things needed by 'profile-derivation' to minimize the amount of
	289	;; download.
	290	(service gc-root-service-type
	291	(list bare-bones-os
	292	glibc-utf8-locales
	293	texinfo
	294	(canonical-package guile-2.2))))))
fc91c17a LC	295
	296	(define %issue
	297	;; Greeting.
	298	"
8638362f	299	\x1b[1;37mThis is an installation image of the GNU system. Welcome.\x1b[0m
fc91c17a	300
8638362f	301	\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
fc91c17a LC	302	")
	303
	304	(define installation-os
	305	;; The operating system used on installation images for USB sticks etc.
	306	(operating-system
	307	(host-name "gnu")
	308	(timezone "Europe/Paris")
9cd0dfaa	309	(locale "en_US.utf8")
fdfdecdb TGR	310	(bootloader (bootloader-configuration
	311	(bootloader grub-bootloader)
	312	(target "/dev/sda")))
fc91c17a LC	313	(file-systems
	314	;; Note: the disk image build code overrides this root file system with
	315	;; the appropriate one.
ee03b75d LC	316	(cons* (file-system
ee03b75d LC	317	(mount-point "/")
0862b954	318	(device "GuixSD_image")
ee03b75d LC	319	(title 'label)
	320	(type "ext4"))
	321
d9565f7d HG	322	;; Make /tmp a tmpfs instead of keeping the overlayfs. This
	323	;; originally was used for unionfs because FUSE creates
	324	;; '.fuse_hiddenXYZ' files for each open file, and this confuses
	325	;; Guix's test suite, for instance (see
	326	;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
795ec760	327	;; on the safe side.
ee03b75d LC	328	(file-system
	329	(mount-point "/tmp")
	330	(device "none")
	331	(title 'device)
	332	(type "tmpfs")
	333	(check? #f))
	334
0feefb53 LC	335	;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
	336	;; elogind's cgroup file systems.
	337	(list %pseudo-terminal-file-system
	338	%shared-memory-file-system
	339	%immutable-store)))
fc91c17a LC	340
	341	(users (list (user-account
	342	(name "guest")
72507e23	343	(group "users")
ee03b75d	344	(supplementary-groups '("wheel")) ; allow use of sudo
fc91c17a LC	345	(password "")
	346	(comment "Guest of GNU")
	347	(home-directory "/home/guest"))))
fc91c17a LC	348
fc91c17a LC	349	(issue %issue)
58b21e1e	350	(services %installation-services)
fc91c17a	351
903ae630 LC	352	;; We don't need setuid programs, except for 'passwd', which can be handy
	353	;; if one is to allow remote SSH login to the machine being installed.
	354	(setuid-programs (list (file-append shadow "/bin/passwd")))
fc91c17a LC	355
	356	(pam-services
	357	;; Explicitly allow for empty passwords.
	358	(base-pam-services #:allow-empty-passwords? #t))
	359
a6312f1d	360	(packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
72524ae8	361	parted gptfdisk ddrescue
7eda0c56	362	grub ;mostly so xrefs to its manual work
b419c7f5	363	cryptsetup
f0fbf2c1	364	mdadm
f731529e	365	dosfstools ;mkfs.fat, for the UEFI boot partition
3a9cfba8	366	btrfs-progs
1e8d398a	367	openssh ;we already have sshd, having ssh/scp can help
1ce6f43a	368	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	369	;; XXX: We used to have GNU fdisk here, but as of version
	370	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	371	;; space; furthermore util-linux's fdisk is already
	372	;; available here, so we keep that.
f4bdfe73	373	bash-completion
a8cb87ab	374	nvi ;:wq!
6f436c54	375	%base-packages))))
fc91c17a	376
ceb39527 MO	377	(define beaglebone-black-installation-os
	378	(operating-system
	379	(inherit installation-os)
	380	(bootloader (bootloader-configuration
	381	(bootloader u-boot-beaglebone-black-bootloader)
	382	(target "/dev/sda")))
	383	(kernel linux-libre)
	384	(initrd (lambda (fs . rest)
	385	(apply base-initrd fs
	386	;; This module is required to mount the sd card.
	387	#:extra-modules (list "omap_hsmmc")
	388	rest)))
	389	(services (append
	390	;; mingetty does not work on serial lines.
	391	;; Use agetty with board-specific serial parameters.
	392	(list (agetty-service
	393	(agetty-configuration
	394	(extra-options '("-L"))
	395	(baud-rate "115200")
	396	(term "vt100")
	397	(tty "ttyO0"))))
	398	(operating-system-user-services installation-os)))))
	399
	400	;; Return the default os here so 'guix system' can consume it directly.
fc91c17a LC	401	installation-os
	402
	403	;;; install.scm ends here