1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
5 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
7 ;;; This file is part of GNU Guix.
9 ;;; GNU Guix is free software; you can redistribute it and/or modify it
10 ;;; under the terms of the GNU General Public License as published by
11 ;;; the Free Software Foundation; either version 3 of the License, or (at
12 ;;; your option) any later version.
14 ;;; GNU Guix is distributed in the hope that it will be useful, but
15 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;;; GNU General Public License for more details.
19 ;;; You should have received a copy of the GNU General Public License
20 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
22 (define-module (gnu system install)
24 #:use-module (guix gexp)
25 #:use-module (guix store)
26 #:use-module (guix monads)
27 #:use-module ((guix store) #:select (%store-prefix))
28 #:use-module (gnu services shepherd)
29 #:use-module (gnu services ssh)
30 #:use-module (gnu packages admin)
31 #:use-module (gnu packages bash)
32 #:use-module (gnu packages bootloaders)
33 #:use-module (gnu packages linux)
34 #:use-module (gnu packages ssh)
35 #:use-module (gnu packages cryptsetup)
36 #:use-module (gnu packages package-management)
37 #:use-module (gnu packages disk)
38 #:use-module (gnu packages texinfo)
39 #:use-module (gnu packages compression)
40 #:use-module (gnu packages nvi)
41 #:use-module (ice-9 match)
42 #:use-module (srfi srfi-26)
43 #:export (installation-os))
47 ;;; This module provides an 'operating-system' definition for use on images
48 ;;; for USB sticks etc., for the installation of the GNU system.
54 "Return a script that spawns the Info reader on the right section of the
56 (program-file "log-to-info"
58 ;; 'gunzip' is needed to decompress the doc.
59 (setenv "PATH" (string-append #$gzip "/bin"))
61 (execl (string-append #$info-reader "/bin/info") "info"
62 "-d" "/run/current-system/profile/share/info"
63 "-f" (string-append #$guix "/share/info/guix.info")
64 "-n" "System Installation"))))
66 (define %backing-directory
67 ;; Sub-directory used as the backing store for copy-on-write.
70 (define (make-cow-store target)
71 "Return a gexp that makes the store copy-on-write, using TARGET as the
72 backing store. This is useful when TARGET is on a hard disk, whereas the
73 current store is on a RAM disk."
75 (define (set-store-permissions directory)
76 ;; Set the right perms on DIRECTORY to use it as the store.
78 (chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
79 (chmod #$directory #o1775)))
82 ;; Bind-mount TARGET's /tmp in case we need space to build things.
83 (let ((tmpdir (string-append #$target "/tmp")))
85 (mount tmpdir "/tmp" "none" MS_BIND))
87 (let* ((rw-dir (string-append target #$%backing-directory))
88 (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
91 (mkdir-p "/.rw-store")
92 #$(set-store-permissions #~rw-dir)
93 #$(set-store-permissions "/.rw-store")
95 ;; Mount the overlay, then atomically make it the store.
96 (mount "none" "/.rw-store" "overlay" 0
97 (string-append "lowerdir=" #$(%store-prefix) ","
98 "upperdir=" rw-dir ","
100 (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
101 (rmdir "/.rw-store"))))
103 (define cow-store-service-type
104 (shepherd-service-type
108 (requirement '(root-file-system user-processes))
109 (provision '(cow-store))
111 "Make the store copy-on-write, with writes going to \
114 ;; This is meant to be explicitly started by the user.
117 (start #~(case-lambda
119 #$(make-cow-store #~target)
122 ;; Do nothing, and mark the service as stopped.
124 (stop #~(lambda (target)
125 ;; Delete the temporary directory, but leave everything
126 ;; mounted as there may still be processes using it since
127 ;; 'user-processes' doesn't depend on us. The 'user-unmount'
128 ;; service will unmount TARGET eventually.
129 (delete-file-recursively
130 (string-append target #$%backing-directory))))))))
132 (define (cow-store-service)
133 "Return a service that makes the store copy-on-write, such that writes go to
134 the user's target storage device rather than on the RAM disk."
135 ;; See <http://bugs.gnu.org/18061> for the initial report.
136 (service cow-store-service-type 'mooooh!))
139 (define (/etc/configuration-files _)
140 "Return a list of tuples representing configuration templates to add to
143 (local-file (string-append "examples/" f)))
146 (computed-file "configuration-templates"
147 (with-imported-modules '((guix build utils))
150 (for-each (lambda (file target)
152 (string-append #$output "/"
154 '(#$(file "bare-bones.tmpl")
155 #$(file "desktop.tmpl")
156 #$(file "lightweight-desktop.tmpl"))
159 "lightweight-desktop.scm"))
162 `(("configuration" ,directory)))
164 (define configuration-template-service-type
165 (service-type (name 'configuration-template)
167 (list (service-extension etc-service-type
168 /etc/configuration-files)))))
170 (define %configuration-template-service
171 (service configuration-template-service-type #t))
174 (define %nscd-minimal-caches
175 ;; Minimal in-memory caching policy for nscd.
176 (list (nscd-cache (database 'hosts)
177 (positive-time-to-live (* 3600 12))
179 ;; Do not cache lookup failures at all since they are
180 ;; quite likely (for instance when someone tries to ping a
181 ;; host before networking is functional.)
182 (negative-time-to-live 0)
185 (max-database-size (* 5 (expt 2 20)))))) ;5 MiB
187 (define %installation-services
188 ;; List of services of the installation system.
189 (let ((motd (plain-file "motd" "
190 Welcome to the installation of the Guix System Distribution!
192 There is NO WARRANTY, to the extent permitted by law. In particular, you may
193 LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
194 it is 'beta' software, so it may contain bugs.
196 You have been warned. Thanks for being so brave.
198 (define (normal-tty tty)
199 (mingetty-service (mingetty-configuration (tty tty)
203 (define bare-bones-os
204 (load "examples/bare-bones.tmpl"))
206 (list (mingetty-service (mingetty-configuration
208 (auto-login "root")))
210 (login-service (login-configuration
213 ;; Documentation. The manual is in UTF-8, but
214 ;; 'console-font-service' sets up Unicode support and loads a font
215 ;; with all the useful glyphs like em dash and quotation marks.
216 (mingetty-service (mingetty-configuration
219 (login-program (log-to-info))))
221 ;; Documentation add-on.
222 %configuration-template-service
224 ;; A bunch of 'root' ttys.
230 ;; The usual services.
233 ;; The build daemon. Register the hydra.gnu.org key as trusted.
234 ;; This allows the installation process to use substitutes by
236 (guix-service (guix-configuration (authorize-key? #t)))
238 ;; Start udev so that useful device nodes are available.
239 ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
240 ;; regulations-compliant WiFi access.
241 (udev-service #:rules (list lvm2 crda))
243 ;; Add the 'cow-store' service, which users have to start manually
244 ;; since it takes the installation directory as an argument.
247 ;; Install Unicode support and a suitable font.
248 (service console-font-service-type
250 (cons tty %default-console-font))
251 '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
253 ;; To facilitate copy/paste.
256 ;; Add an SSH server to facilitate remote installs.
257 (service openssh-service-type
258 (openssh-configuration
260 (permit-root-login #t)
261 ;; The root account is passwordless, so make sure
262 ;; a password is set before allowing logins.
263 (allow-empty-passwords? #f)
264 (password-authentication? #t)))
266 ;; Since this is running on a USB stick with a overlayfs as the root
267 ;; file system, use an appropriate cache configuration.
268 (nscd-service (nscd-configuration
269 (caches %nscd-minimal-caches)))
271 ;; Having /bin/sh is a good idea. In particular it allows Tramp
272 ;; connections to this system to work.
273 (service special-files-service-type
274 `(("/bin/sh" ,(file-append (canonical-package bash)
277 ;; Keep a reference to BARE-BONES-OS to make sure it can be
278 ;; installed without downloading/building anything.
279 (service gc-root-service-type (list bare-bones-os)))))
284 This is an installation image of the GNU system. Welcome.
286 Use Alt-F2 for documentation.
289 (define installation-os
290 ;; The operating system used on installation images for USB sticks etc.
293 (timezone "Europe/Paris")
294 (locale "en_US.utf8")
295 (bootloader (grub-configuration (target "/dev/sda")))
297 ;; Note: the disk image build code overrides this root file system with
298 ;; the appropriate one.
301 (device "GuixSD_image")
305 ;; Make /tmp a tmpfs instead of keeping the overlayfs. This
306 ;; originally was used for unionfs because FUSE creates
307 ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
308 ;; Guix's test suite, for instance (see
309 ;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
318 ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
319 ;; elogind's cgroup file systems.
320 (list %pseudo-terminal-file-system
321 %shared-memory-file-system
324 (users (list (user-account
327 (supplementary-groups '("wheel")) ; allow use of sudo
329 (comment "Guest of GNU")
330 (home-directory "/home/guest"))))
333 (services %installation-services)
335 ;; We don't need setuid programs, except for 'passwd', which can be handy
336 ;; if one is to allow remote SSH login to the machine being installed.
337 (setuid-programs (list (file-append shadow "/bin/passwd")))
340 ;; Explicitly allow for empty passwords.
341 (base-pam-services #:allow-empty-passwords? #t))
343 (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
344 parted gptfdisk ddrescue
345 grub ;mostly so xrefs to its manual work
348 dosfstools ;mkfs.fat, for the UEFI boot partition
350 openssh ;we already have sshd, having ssh/scp can help
351 wireless-tools iw wpa-supplicant-minimal iproute
352 ;; XXX: We used to have GNU fdisk here, but as of version
353 ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
354 ;; space; furthermore util-linux's fdisk is already
355 ;; available here, so we keep that.
360 ;; Return it here so 'guix system' can consume it directly.
363 ;;; install.scm ends here