tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update NBDE channel for kexec installs

Browse Source
This commit is contained in:
Steffen
2026-03-30 01:42:11 +02:00
parent 9274b5a870
commit 19a8e5b10a
8 changed files with 768 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
nbde/system/kexec-installer.scm Normal file
View File

@@ -0,0 +1,152 @@
(define-module (nbde system kexec-installer)
#:use-module (gnu)
#:use-module (gnu packages)
#:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages disk)
#:use-module (gnu packages file-systems)
#:use-module (gnu packages linux)
#:use-module (gnu packages package-management)
#:use-module (gnu packages ssh)
#:use-module (gnu services networking)
#:use-module (gnu services ssh)
#:use-module (guix gexp)
#:use-module (nbde system kexec-initrd)
#:use-module (nbde packages crypto)
#:export (make-kexec-installer-os
kexec-installer-os))
(define %kexec-installer-shell-packages
(map specification->package
'("bash-minimal"
"coreutils"
"diffutils"
"findutils"
"gawk"
"grep"
"gzip"
"inetutils"
"iproute2"
"less"
"nss-certs"
"procps"
"rsync"
"sed"
"tar"
"which"
"xz")))
(define %kexec-installer-packages
;; Keep the live image intentionally thin. This environment only needs
;; enough tooling to repartition disks, format ext4/FAT, configure LUKS, and
;; run the remote Guix installer flow after the kexec handoff.
(append
%kexec-installer-shell-packages
(list guix
clevis
cryptsetup
dosfstools
e2fsprogs
gptfdisk
kexec-tools
kmod
parted
util-linux)))
(define %kexec-installer-initrd-modules
'("ahci"
"dm-crypt"
"fat"
"loop"
"nls_cp437"
"nls_iso8859-1"
"nvme"
"overlay"
"sd_mod"
"squashfs"
"vfat"
"virtio_blk"
"virtio_console"
"virtio_net"
"virtio_pci"
"virtio_scsi"))
(define* (make-kexec-installer-os
#:key
(host-name "guix-kexec")
(timezone "Etc/UTC")
(locale "en_US.UTF-8")
(kernel-arguments
'("console=ttyS0,115200n8"
"net.ifnames=0"
"panic=30"
"loglevel=4"))
(extra-packages '())
(extra-services '()))
(operating-system
(host-name host-name)
(timezone timezone)
(locale locale)
(keyboard-layout (keyboard-layout "us"))
(label "Guix kexec installer")
(initrd-modules %kexec-installer-initrd-modules)
(initrd kexec-installer-initrd)
(kernel-arguments kernel-arguments)
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets '())))
(file-systems
(cons (file-system
(device "tmpfs")
(mount-point "/")
(type "tmpfs")
(check? #f))
%base-file-systems))
(packages
(append extra-packages
%kexec-installer-packages))
(services
(append
(list (service dhcpcd-service-type)
(simple-service
'kexec-launch-authorized-keys
activation-service-type
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(let ((source "/etc/guix-kexec/authorized_keys/root")
(target-dir "/root/.ssh")
(target "/root/.ssh/authorized_keys"))
(when (file-exists? source)
(mkdir-p target-dir)
(copy-file source target)
(chmod target-dir #o700)
(chmod target #o600))))))
(service mingetty-service-type
(mingetty-configuration
(tty "ttyS0")
(auto-login "root")
(login-pause? #f)))
(service mingetty-service-type
(mingetty-configuration
(tty "tty1")
(auto-login "root")
(login-pause? #f)))
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(port-number 22)
(permit-root-login 'prohibit-password)
(extra-content
"AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u /etc/guix-kexec/authorized_keys/%u")
(password-authentication? #f))))
extra-services
(modify-services %base-services
(delete console-font-service-type)
(delete agetty-service-type)
(delete mingetty-service-type))))))
(define kexec-installer-os
(make-kexec-installer-os))