Build host builder for arm64 (draft)

2026-04-04 15:44:33 +02:00
parent 9ae6d1e600
commit 6e34b9eb22
3 changed files with 193 additions and 0 deletions
--- a/examples/build-host-kexec-installer.scm
+++ b/examples/build-host-kexec-installer.scm
@@ -0,0 +1,4 @@
+(define-module (examples build-host-kexec-installer)
+  #:use-module (nbde system build-host-kexec-installer))
+
+build-host-kexec-installer-os
--- a/nbde/system/build-host-kexec-installer.scm
+++ b/nbde/system/build-host-kexec-installer.scm
@@ -0,0 +1,131 @@
+(define-module (nbde system build-host-kexec-installer)
+  #:use-module (gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages file-systems)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages package-management)
+  #:use-module (gnu packages ssh)
+  #:use-module (gnu services networking)
+  #:use-module (gnu services ssh)
+  #:use-module (guix gexp)
+  #:use-module (nbde system kexec-initrd)
+  #:export (build-host-kexec-installer-os))
+
+(define %build-host-kexec-shell-packages
+  (map specification->package
+       '("bash-minimal"
+         "coreutils"
+         "diffutils"
+         "findutils"
+         "gawk"
+         "grep"
+         "gzip"
+         "inetutils"
+         "iproute2"
+         "less"
+         "nss-certs"
+         "procps"
+         "rsync"
+         "sed"
+         "tar"
+         "which"
+         "xz")))
+
+(define %build-host-kexec-packages
+  (append
+   %build-host-kexec-shell-packages
+   (list guix
+         dosfstools
+         e2fsprogs
+         gptfdisk
+         kexec-tools
+         kmod
+         parted
+         util-linux)))
+
+(define %build-host-kexec-initrd-modules
+  '("ahci"
+    "fat"
+    "loop"
+    "nls_cp437"
+    "nls_iso8859-1"
+    "nvme"
+    "overlay"
+    "sd_mod"
+    "squashfs"
+    "vfat"
+    "virtio_blk"
+    "virtio_console"
+    "virtio_net"
+    "virtio_pci"
+    "virtio_scsi"))
+
+(define build-host-kexec-installer-os
+  (operating-system
+    (host-name "guix-build-host-kexec")
+    (timezone "Etc/UTC")
+    (locale "en_US.UTF-8")
+    (keyboard-layout (keyboard-layout "us"))
+    (label "Guix build-host kexec installer")
+    (initrd-modules %build-host-kexec-initrd-modules)
+    (initrd kexec-installer-initrd)
+    (kernel-arguments
+     '("console=ttyS0,115200n8"
+       "net.ifnames=0"
+       "panic=30"
+       "loglevel=4"))
+    (bootloader
+     (bootloader-configuration
+      (bootloader grub-bootloader)
+      (targets '())))
+    (file-systems
+     (cons (file-system
+             (device "tmpfs")
+             (mount-point "/")
+             (type "tmpfs")
+             (check? #f))
+           %base-file-systems))
+    (packages %build-host-kexec-packages)
+    (services
+     (append
+      (list (service dhcpcd-service-type)
+            (simple-service
+             'build-host-kexec-launch-authorized-keys
+             activation-service-type
+             (with-imported-modules '((guix build utils))
+               #~(begin
+                   (use-modules (guix build utils))
+                   (let ((source "/etc/guix-kexec/authorized_keys/root")
+                         (target-dir "/root/.ssh")
+                         (target "/root/.ssh/authorized_keys"))
+                     (when (file-exists? source)
+                       (mkdir-p target-dir)
+                       (copy-file source target)
+                       (chmod target-dir #o700)
+                       (chmod target #o600))))))
+            (service mingetty-service-type
+                     (mingetty-configuration
+                      (tty "ttyS0")
+                      (auto-login "root")
+                      (login-pause? #f)))
+            (service mingetty-service-type
+                     (mingetty-configuration
+                      (tty "tty1")
+                      (auto-login "root")
+                      (login-pause? #f)))
+            (service openssh-service-type
+                     (openssh-configuration
+                      (openssh openssh-sans-x)
+                      (port-number 22)
+                      (permit-root-login 'prohibit-password)
+                      (extra-content
+                       "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u /etc/guix-kexec/authorized_keys/%u")
+                      (password-authentication? #f)
+                      (challenge-response-authentication? #f))))
+      (modify-services %base-services
+        (delete console-font-service-type)
+        (delete agetty-service-type)
+        (delete mingetty-service-type))))))
--- a/nbde/system/build-host.scm
+++ b/nbde/system/build-host.scm
@@ -0,0 +1,58 @@
+(define-module (nbde system build-host)
+  #:use-module (gnu)
+  #:use-module (gnu packages)
+  #:use-module (gnu system linux-initrd)
+  #:use-module (nbde system installed-base)
+  #:export (nbde-build-host-operating-system))
+
+(define %build-host-packages
+  (map specification->package
+       '("curl"
+         "git"
+         "htop"
+         "less"
+         "nss-certs"
+         "rsync"
+         "strace"
+         "tmux"
+         "vim"
+         "wget")))
+
+(define* (nbde-build-host-operating-system #:key
+                                           host-name
+                                           bootloader
+                                           file-systems
+                                           authorized-keys-file
+                                           (timezone "Etc/UTC")
+                                           (locale "en_US.UTF-8")
+                                           (kernel-arguments
+                                            (list "console=tty0"
+                                                  "console=ttyS0,115200n8"))
+                                           (initrd
+                                            (lambda (file-systems . rest)
+                                              (apply base-initrd
+                                                     file-systems
+                                                     rest)))
+                                           (extra-packages '())
+                                           (extra-services '()))
+  "Return a plain Guix build host operating system suitable for disposable
+native workers.  This keeps the NBDE-installed base system but omits LUKS and
+Clevis-specific runtime pieces."
+  (operating-system
+    (inherit
+     (nbde-installed-operating-system
+      #:host-name host-name
+      #:bootloader bootloader
+      #:mapped-devices '()
+      #:file-systems file-systems
+      #:initrd initrd
+      #:interface "eth0"
+      #:authorized-keys-file authorized-keys-file
+      #:timezone timezone
+      #:locale locale
+      #:kernel-arguments kernel-arguments
+      #:extra-services extra-services))
+    (packages
+     (append extra-packages
+             %build-host-packages
+             %base-packages))))