[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (guix profiles)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages grub)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (self-contained-tarball
            installation-os))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define* (self-contained-tarball #:key (guix guix))
  "Return a self-contained tarball containing a store initialized with the
closure of GUIX.  The tarball contains /gnu/store, /var/guix, and a profile
under /root/.guix-profile where GUIX is installed."
  (mlet %store-monad ((profile (profile-derivation
                                (manifest
                                 (list (package->manifest-entry guix))))))
    (define build
      #~(begin
          (use-modules (guix build utils)
                       (gnu build install))

          (define %root "root")

          (setenv "PATH"
                  (string-append #$guix "/sbin:" #$tar "/bin:" #$xz "/bin"))

          ;; Note: there is not much to gain here with deduplication and there
          ;; is the overhead of the '.links' directory, so turn it off.
          (populate-single-profile-directory %root
                                             #:profile #$profile
                                             #:closure "profile"
                                             #:deduplicate? #f)

          ;; Create the tarball.  Use GNU format so there's no file name
          ;; length limitation.
          (with-directory-excursion %root
            (zero? (system* "tar" "--xz" "--format=gnu"

                            ;; avoid non-determinism in the archive
                            "--sort=name"
                            "--mtime=@0"          ;for files in /var/guix
                            "--owner=root:0"
                            "--group=root:0"

                            "--check-links"
                            "-cvf" #$output
                            ;; Avoid adding / and /var to the tarball,
                            ;; so that the ownership and permissions of those
                            ;; directories will not be overwritten when
                            ;; extracting the archive.  Do not include /root
                            ;; because the root account might have a different
                            ;; home directory.
                            "./var/guix"
                            (string-append "." (%store-directory)))))))

    (gexp->derivation "guix-tarball.tar.xz" build
                      #:references-graphs `(("profile" ,profile))
                      #:modules '((guix build utils)
                                  (guix build store-copy)
                                  (gnu build install)))))

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (gexp->script "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$texinfo-4 "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."
  (define (unionfs read-only read-write mount-point)
    ;; Make MOUNT-POINT the union of READ-ONLY and READ-WRITE.

    ;; Note: in the command below, READ-WRITE appears before READ-ONLY so that
    ;; it is considered a "higher-level branch", as per unionfs-fuse(8),
    ;; thereby allowing files existing on READ-ONLY to be copied over to
    ;; READ-WRITE.
    #~(fork+exec-command
       (list (string-append #$unionfs-fuse "/bin/unionfs")
             "-o"
             "cow,allow_other,use_ino,max_files=65536,nonempty"
             (string-append #$read-write "=RW:" #$read-only "=RO")
             #$mount-point)))

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      (unless (file-exists? "/.ro-store")
        (mkdir "/.ro-store")
        (mount #$(%store-prefix) "/.ro-store" "none"
               (logior MS_BIND MS_RDONLY)))

      (let ((rw-dir (string-append target #$%backing-directory)))
        (mkdir-p rw-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the union, then atomically make it the store.
        (and #$(unionfs "/.ro-store" #~rw-dir "/.rw-store")
             (begin
               (sleep 1) ;XXX: wait for unionfs to be ready
               (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
               (rmdir "/.rw-store"))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (with-monad %store-monad
    (return (service
             (requirement '(root-file-system user-processes))
             (provision '(cow-store))
             (documentation
              "Make the store copy-on-write, with writes going to \
the given target.")

             ;; This is meant to be explicitly started by the user.
             (auto-start? #f)

             (start #~(case-lambda
                        ((target)
                         #$(make-cow-store #~target)
                         target)
                        (else
                         ;; Do nothing, and mark the service as stopped.
                         #f)))
             (stop #~(lambda (target)
                       ;; Delete the temporary directory, but leave everything
                       ;; mounted as there may still be processes using it
                       ;; since 'user-processes' doesn't depend on us.  The
                       ;; 'user-unmount' service will unmount TARGET
                       ;; eventually.
                       (delete-file-recursively
                        (string-append target #$%backing-directory))))))))

(define (configuration-template-service)
  "Return a dummy service whose purpose is to install an operating system
configuration template file in the installation system."

  (define search
    (cut search-path %load-path <>))
  (define templates
    (map (match-lambda
           ((file '-> target)
            (list (local-file (search file))
                  (string-append "/etc/configuration/" target))))
         '(("gnu/system/examples/bare-bones.tmpl" -> "bare-bones.scm")
           ("gnu/system/examples/desktop.tmpl" -> "desktop.scm"))))

  (with-monad %store-monad
    (return (service
             (requirement '(root-file-system))
             (provision '(os-config-template))
             (documentation
              "This dummy service installs an OS configuration template.")
             (start #~(const #t))
             (stop  #~(const #f))
             (activate
              #~(begin
                  (use-modules (ice-9 match)
                               (guix build utils))

                  (mkdir-p "/etc/configuration")
                  (for-each (match-lambda
                              ((file target)
                               (unless (file-exists? target)
                                 (copy-file file target))))
                            '#$templates)))))))

(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))
                    (negative-time-to-live 20)
                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define (installation-services)
  "Return the list services for the installation image."
  (let ((motd (text-file "motd" "
Welcome to the installation of the Guix System Distribution!

There is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is alpha software, so it may BREAK IN UNEXPECTED WAYS.

You have been warned.  Thanks for being so brave.
")))
    (define (normal-tty tty)
      (mingetty-service tty
                        #:motd motd
                        #:auto-login "root"
                        #:login-pause? #t))

    (list (mingetty-service "tty1"
                            #:motd motd
                            #:auto-login "root")

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service "tty2"
                            #:motd motd
                            #:auto-login "guest"
                            #:login-program (log-to-info))

          ;; Documentation add-on.
          (configuration-template-service)

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service #:authorize-hydra-key? #t)

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.
          (console-font-service "tty1")
          (console-font-service "tty2")
          (console-font-service "tty3")
          (console-font-service "tty4")
          (console-font-service "tty5")
          (console-font-service "tty6")

          ;; Since this is running on a USB stick with a unionfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches))))))

(define %issue
  ;; Greeting.
  "
This is an installation image of the GNU system.  Welcome.

Use Alt-F2 for documentation.
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (grub-configuration
                 (device "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons (file-system
             (mount-point "/")
             (device "gnu-disk-image")
             (type "ext4"))
           %base-file-systems))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel"))  ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)

    (services (installation-services))

    ;; We don't need setuid programs so pass the empty list so we don't pull
    ;; additional programs here.
    (setuid-programs '())

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* texinfo-4                 ;for the standalone Info reader
                     parted ddrescue
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     %base-packages))))

;; Return it here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
e87f0591	2	;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
fc91c17a LC	4	;;;
	5	;;; This file is part of GNU Guix.
	6	;;;
	7	;;; GNU Guix is free software; you can redistribute it and/or modify it
	8	;;; under the terms of the GNU General Public License as published by
	9	;;; the Free Software Foundation; either version 3 of the License, or (at
	10	;;; your option) any later version.
	11	;;;
	12	;;; GNU Guix is distributed in the hope that it will be useful, but
	13	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	14	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	;;; GNU General Public License for more details.
	16	;;;
	17	;;; You should have received a copy of the GNU General Public License
	18	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	19
	20	(define-module (gnu system install)
	21	#:use-module (gnu)
	22	#:use-module (guix gexp)
e87f0591	23	#:use-module (guix store)
fc91c17a	24	#:use-module (guix monads)
83a17b62	25	#:use-module ((guix store) #:select (%store-prefix))
9d3fb6c7	26	#:use-module (guix profiles)
db84467a	27	#:use-module (gnu packages admin)
f4bdfe73	28	#:use-module (gnu packages bash)
fc91c17a	29	#:use-module (gnu packages linux)
b419c7f5	30	#:use-module (gnu packages cryptsetup)
fc91c17a	31	#:use-module (gnu packages package-management)
cc4a2aeb	32	#:use-module (gnu packages disk)
7eda0c56	33	#:use-module (gnu packages grub)
fc91c17a	34	#:use-module (gnu packages texinfo)
dd6b28d1	35	#:use-module (gnu packages compression)
e1fbc32a LC	36	#:use-module (ice-9 match)
e1fbc32a LC	37	#:use-module (srfi srfi-26)
9d3fb6c7 LC	38	#:export (self-contained-tarball
9d3fb6c7 LC	39	installation-os))
fc91c17a LC	40
	41	;;; Commentary:
	42	;;;
	43	;;; This module provides an 'operating-system' definition for use on images
	44	;;; for USB sticks etc., for the installation of the GNU system.
	45	;;;
	46	;;; Code:
	47
9d3fb6c7 LC	48	\f
	49	(define* (self-contained-tarball #:key (guix guix))
	50	"Return a self-contained tarball containing a store initialized with the
	51	closure of GUIX. The tarball contains /gnu/store, /var/guix, and a profile
	52	under /root/.guix-profile where GUIX is installed."
	53	(mlet %store-monad ((profile (profile-derivation
	54	(manifest
	55	(list (package->manifest-entry guix))))))
	56	(define build
	57	#~(begin
	58	(use-modules (guix build utils)
	59	(gnu build install))
	60
	61	(define %root "root")
	62
	63	(setenv "PATH"
	64	(string-append #$guix "/sbin:" #$tar "/bin:" #$xz "/bin"))
	65
08fa7613 LC	66	;; Note: there is not much to gain here with deduplication and there
08fa7613 LC	67	;; is the overhead of the '.links' directory, so turn it off.
9d3fb6c7 LC	68	(populate-single-profile-directory %root
9d3fb6c7 LC	69	#:profile #$profile
08fa7613 LC	70	#:closure "profile"
08fa7613 LC	71	#:deduplicate? #f)
9d3fb6c7 LC	72
9d3fb6c7 LC	73	;; Create the tarball. Use GNU format so there's no file name
01dbc7e0	74	;; length limitation.
9d3fb6c7 LC	75	(with-directory-excursion %root
9d3fb6c7 LC	76	(zero? (system* "tar" "--xz" "--format=gnu"
92226a47 MW	77
	78	;; avoid non-determinism in the archive
	79	"--sort=name"
6c92551a	80	"--mtime=@0" ;for files in /var/guix
92226a47 MW	81	"--owner=root:0"
	82	"--group=root:0"
	83
08fa7613	84	"--check-links"
b2a5fa59	85	"-cvf" #$output
7acd3439	86	;; Avoid adding / and /var to the tarball,
b2a5fa59 MW	87	;; so that the ownership and permissions of those
b2a5fa59 MW	88	;; directories will not be overwritten when
7acd3439 LC	89	;; extracting the archive. Do not include /root
	90	;; because the root account might have a different
	91	;; home directory.
b2a5fa59	92	"./var/guix"
781d0a2c	93	(string-append "." (%store-directory)))))))
9d3fb6c7 LC	94
	95	(gexp->derivation "guix-tarball.tar.xz" build
	96	#:references-graphs `(("profile" ,profile))
	97	#:modules '((guix build utils)
	98	(guix build store-copy)
	99	(gnu build install)))))
	100
	101	\f
fc91c17a LC	102	(define (log-to-info)
	103	"Return a script that spawns the Info reader on the right section of the
	104	manual."
	105	(gexp->script "log-to-info"
dd6b28d1 LC	106	#~(begin
	107	;; 'gunzip' is needed to decompress the doc.
	108	(setenv "PATH" (string-append #$gzip "/bin"))
	109
	110	(execl (string-append #$texinfo-4 "/bin/info") "info"
	111	"-d" "/run/current-system/profile/share/info"
	112	"-f" (string-append #$guix "/share/info/guix.info")
	113	"-n" "System Installation"))))
fc91c17a	114
83a17b62 LC	115	(define %backing-directory
	116	;; Sub-directory used as the backing store for copy-on-write.
	117	"/tmp/guix-inst")
	118
	119	(define (make-cow-store target)
	120	"Return a gexp that makes the store copy-on-write, using TARGET as the
	121	backing store. This is useful when TARGET is on a hard disk, whereas the
	122	current store is on a RAM disk."
	123	(define (unionfs read-only read-write mount-point)
	124	;; Make MOUNT-POINT the union of READ-ONLY and READ-WRITE.
	125
	126	;; Note: in the command below, READ-WRITE appears before READ-ONLY so that
	127	;; it is considered a "higher-level branch", as per unionfs-fuse(8),
	128	;; thereby allowing files existing on READ-ONLY to be copied over to
	129	;; READ-WRITE.
	130	#~(fork+exec-command
	131	(list (string-append #$unionfs-fuse "/bin/unionfs")
	132	"-o"
	133	"cow,allow_other,use_ino,max_files=65536,nonempty"
	134	(string-append #$read-write "=RW:" #$read-only "=RO")
	135	#$mount-point)))
	136
	137	(define (set-store-permissions directory)
	138	;; Set the right perms on DIRECTORY to use it as the store.
	139	#~(begin
	140	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	141	(chmod #$directory #o1775)))
	142
	143	#~(begin
	144	(unless (file-exists? "/.ro-store")
	145	(mkdir "/.ro-store")
	146	(mount #$(%store-prefix) "/.ro-store" "none"
	147	(logior MS_BIND MS_RDONLY)))
	148
	149	(let ((rw-dir (string-append target #$%backing-directory)))
	150	(mkdir-p rw-dir)
	151	(mkdir-p "/.rw-store")
	152	#$(set-store-permissions #~rw-dir)
	153	#$(set-store-permissions "/.rw-store")
	154
	155	;; Mount the union, then atomically make it the store.
	156	(and #$(unionfs "/.ro-store" #~rw-dir "/.rw-store")
	157	(begin
	158	(sleep 1) ;XXX: wait for unionfs to be ready
	159	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	160	(rmdir "/.rw-store"))))))
	161
	162	(define (cow-store-service)
	163	"Return a service that makes the store copy-on-write, such that writes go to
	164	the user's target storage device rather than on the RAM disk."
	165	;; See <http://bugs.gnu.org/18061> for the initial report.
	166	(with-monad %store-monad
	167	(return (service
	168	(requirement '(root-file-system user-processes))
	169	(provision '(cow-store))
	170	(documentation
	171	"Make the store copy-on-write, with writes going to \
	172	the given target.")
fdaacbad LC	173
	174	;; This is meant to be explicitly started by the user.
	175	(auto-start? #f)
	176
83a17b62 LC	177	(start #~(case-lambda
	178	((target)
	179	#$(make-cow-store #~target)
	180	target)
	181	(else
	182	;; Do nothing, and mark the service as stopped.
	183	#f)))
	184	(stop #~(lambda (target)
	185	;; Delete the temporary directory, but leave everything
	186	;; mounted as there may still be processes using it
d6e2a622 LC	187	;; since 'user-processes' doesn't depend on us. The
	188	;; 'user-unmount' service will unmount TARGET
	189	;; eventually.
83a17b62 LC	190	(delete-file-recursively
	191	(string-append target #$%backing-directory))))))))
	192
1dac8566 LC	193	(define (configuration-template-service)
	194	"Return a dummy service whose purpose is to install an operating system
	195	configuration template file in the installation system."
	196
e1fbc32a LC	197	(define search
	198	(cut search-path %load-path <>))
	199	(define templates
	200	(map (match-lambda
	201	((file '-> target)
	202	(list (local-file (search file))
	203	(string-append "/etc/configuration/" target))))
	204	'(("gnu/system/examples/bare-bones.tmpl" -> "bare-bones.scm")
	205	("gnu/system/examples/desktop.tmpl" -> "desktop.scm"))))
1dac8566	206
e1fbc32a	207	(with-monad %store-monad
1dac8566 LC	208	(return (service
	209	(requirement '(root-file-system))
	210	(provision '(os-config-template))
	211	(documentation
	212	"This dummy service installs an OS configuration template.")
	213	(start #~(const #t))
	214	(stop #~(const #f))
	215	(activate
e1fbc32a LC	216	#~(begin
	217	(use-modules (ice-9 match)
	218	(guix build utils))
	219
	220	(mkdir-p "/etc/configuration")
	221	(for-each (match-lambda
	222	((file target)
	223	(unless (file-exists? target)
	224	(copy-file file target))))
	225	'#$templates)))))))
1dac8566	226
61ff0a3a LC	227	(define %nscd-minimal-caches
	228	;; Minimal in-memory caching policy for nscd.
	229	(list (nscd-cache (database 'hosts)
	230	(positive-time-to-live (* 3600 12))
	231	(negative-time-to-live 20)
	232	(persistent? #f)
	233	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	234
fc91c17a LC	235	(define (installation-services)
	236	"Return the list services for the installation image."
	237	(let ((motd (text-file "motd" "
c73adb09	238	Welcome to the installation of the Guix System Distribution!
fc91c17a LC	239
	240	There is NO WARRANTY, to the extent permitted by law. In particular, you may
	241	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
	242	it is alpha software, so it may BREAK IN UNEXPECTED WAYS.
	243
	244	You have been warned. Thanks for being so brave.
	245	")))
	246	(define (normal-tty tty)
	247	(mingetty-service tty
	248	#:motd motd
	249	#:auto-login "root"
	250	#:login-pause? #t))
	251
	252	(list (mingetty-service "tty1"
	253	#:motd motd
	254	#:auto-login "root")
	255
62ca0fdf LC	256	;; Documentation. The manual is in UTF-8, but
	257	;; 'console-font-service' sets up Unicode support and loads a font
	258	;; with all the useful glyphs like em dash and quotation marks.
fc91c17a LC	259	(mingetty-service "tty2"
	260	#:motd motd
	261	#:auto-login "guest"
	262	#:login-program (log-to-info))
	263
1dac8566 LC	264	;; Documentation add-on.
	265	(configuration-template-service)
	266
fc91c17a LC	267	;; A bunch of 'root' ttys.
	268	(normal-tty "tty3")
	269	(normal-tty "tty4")
	270	(normal-tty "tty5")
	271	(normal-tty "tty6")
	272
	273	;; The usual services.
	274	(syslog-service)
2c5c696c LC	275
	276	;; The build daemon. Register the hydra.gnu.org key as trusted.
	277	;; This allows the installation process to use substitutes by
	278	;; default.
	279	(guix-service #:authorize-hydra-key? #t)
	280
e11390df	281	;; Start udev so that useful device nodes are available.
68ac258b LC	282	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	283	;; regulations-compliant WiFi access.
	284	(udev-service #:rules (list lvm2 crda))
e11390df	285
83a17b62 LC	286	;; Add the 'cow-store' service, which users have to start manually
	287	;; since it takes the installation directory as an argument.
	288	(cow-store-service)
	289
62ca0fdf LC	290	;; Install Unicode support and a suitable font.
	291	(console-font-service "tty1")
	292	(console-font-service "tty2")
	293	(console-font-service "tty3")
	294	(console-font-service "tty4")
	295	(console-font-service "tty5")
	296	(console-font-service "tty6")
	297
61ff0a3a LC	298	;; Since this is running on a USB stick with a unionfs as the root
	299	;; file system, use an appropriate cache configuration.
	300	(nscd-service (nscd-configuration
	301	(caches %nscd-minimal-caches))))))
fc91c17a LC	302
	303	(define %issue
	304	;; Greeting.
	305	"
	306	This is an installation image of the GNU system. Welcome.
	307
	308	Use Alt-F2 for documentation.
	309	")
	310
	311	(define installation-os
	312	;; The operating system used on installation images for USB sticks etc.
	313	(operating-system
	314	(host-name "gnu")
	315	(timezone "Europe/Paris")
9cd0dfaa	316	(locale "en_US.utf8")
fc91c17a LC	317	(bootloader (grub-configuration
	318	(device "/dev/sda")))
	319	(file-systems
	320	;; Note: the disk image build code overrides this root file system with
	321	;; the appropriate one.
a69576ea	322	(cons (file-system
fc91c17a LC	323	(mount-point "/")
fc91c17a LC	324	(device "gnu-disk-image")
a69576ea LC	325	(type "ext4"))
a69576ea LC	326	%base-file-systems))
fc91c17a LC	327
	328	(users (list (user-account
	329	(name "guest")
72507e23 LC	330	(group "users")
72507e23 LC	331	(supplementary-groups '("wheel")) ; allow use of sudo
fc91c17a LC	332	(password "")
	333	(comment "Guest of GNU")
	334	(home-directory "/home/guest"))))
fc91c17a LC	335
	336	(issue %issue)
	337
	338	(services (installation-services))
	339
	340	;; We don't need setuid programs so pass the empty list so we don't pull
	341	;; additional programs here.
	342	(setuid-programs '())
	343
	344	(pam-services
	345	;; Explicitly allow for empty passwords.
	346	(base-pam-services #:allow-empty-passwords? #t))
	347
7eda0c56	348	(packages (cons* texinfo-4 ;for the standalone Info reader
8f297d42	349	parted ddrescue
7eda0c56	350	grub ;mostly so xrefs to its manual work
b419c7f5	351	cryptsetup
1ce6f43a	352	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	353	;; XXX: We used to have GNU fdisk here, but as of version
	354	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	355	;; space; furthermore util-linux's fdisk is already
	356	;; available here, so we keep that.
f4bdfe73	357	bash-completion
6f436c54	358	%base-packages))))
fc91c17a LC	359
	360	;; Return it here so 'guix system' can consume it directly.
	361	installation-os
	362
	363	;;; install.scm ends here