From 6e34b9eb22a2c91340036340a7aeb5050ae32272 Mon Sep 17 00:00:00 2001 From: Steffen Beyer Date: Sat, 4 Apr 2026 15:44:33 +0200 Subject: [PATCH] Build host builder for arm64 (draft) --- examples/build-host-kexec-installer.scm | 4 + nbde/system/build-host-kexec-installer.scm | 131 +++++++++++++++++++++ nbde/system/build-host.scm | 58 +++++++++ 3 files changed, 193 insertions(+) create mode 100644 examples/build-host-kexec-installer.scm create mode 100644 nbde/system/build-host-kexec-installer.scm create mode 100644 nbde/system/build-host.scm diff --git a/examples/build-host-kexec-installer.scm b/examples/build-host-kexec-installer.scm new file mode 100644 index 0000000..f3236cd --- /dev/null +++ b/examples/build-host-kexec-installer.scm @@ -0,0 +1,4 @@ +(define-module (examples build-host-kexec-installer) + #:use-module (nbde system build-host-kexec-installer)) + +build-host-kexec-installer-os diff --git a/nbde/system/build-host-kexec-installer.scm b/nbde/system/build-host-kexec-installer.scm new file mode 100644 index 0000000..6e41966 --- /dev/null +++ b/nbde/system/build-host-kexec-installer.scm @@ -0,0 +1,131 @@ +(define-module (nbde system build-host-kexec-installer) + #:use-module (gnu) + #:use-module (gnu packages) + #:use-module (gnu packages base) + #:use-module (gnu packages compression) + #:use-module (gnu packages disk) + #:use-module (gnu packages file-systems) + #:use-module (gnu packages linux) + #:use-module (gnu packages package-management) + #:use-module (gnu packages ssh) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (guix gexp) + #:use-module (nbde system kexec-initrd) + #:export (build-host-kexec-installer-os)) + +(define %build-host-kexec-shell-packages + (map specification->package + '("bash-minimal" + "coreutils" + "diffutils" + "findutils" + "gawk" + "grep" + "gzip" + "inetutils" + "iproute2" + "less" + "nss-certs" + "procps" + "rsync" + "sed" + "tar" + "which" + "xz"))) + +(define %build-host-kexec-packages + (append + %build-host-kexec-shell-packages + (list guix + dosfstools + e2fsprogs + gptfdisk + kexec-tools + kmod + parted + util-linux))) + +(define %build-host-kexec-initrd-modules + '("ahci" + "fat" + "loop" + "nls_cp437" + "nls_iso8859-1" + "nvme" + "overlay" + "sd_mod" + "squashfs" + "vfat" + "virtio_blk" + "virtio_console" + "virtio_net" + "virtio_pci" + "virtio_scsi")) + +(define build-host-kexec-installer-os + (operating-system + (host-name "guix-build-host-kexec") + (timezone "Etc/UTC") + (locale "en_US.UTF-8") + (keyboard-layout (keyboard-layout "us")) + (label "Guix build-host kexec installer") + (initrd-modules %build-host-kexec-initrd-modules) + (initrd kexec-installer-initrd) + (kernel-arguments + '("console=ttyS0,115200n8" + "net.ifnames=0" + "panic=30" + "loglevel=4")) + (bootloader + (bootloader-configuration + (bootloader grub-bootloader) + (targets '()))) + (file-systems + (cons (file-system + (device "tmpfs") + (mount-point "/") + (type "tmpfs") + (check? #f)) + %base-file-systems)) + (packages %build-host-kexec-packages) + (services + (append + (list (service dhcpcd-service-type) + (simple-service + 'build-host-kexec-launch-authorized-keys + activation-service-type + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (let ((source "/etc/guix-kexec/authorized_keys/root") + (target-dir "/root/.ssh") + (target "/root/.ssh/authorized_keys")) + (when (file-exists? source) + (mkdir-p target-dir) + (copy-file source target) + (chmod target-dir #o700) + (chmod target #o600)))))) + (service mingetty-service-type + (mingetty-configuration + (tty "ttyS0") + (auto-login "root") + (login-pause? #f))) + (service mingetty-service-type + (mingetty-configuration + (tty "tty1") + (auto-login "root") + (login-pause? #f))) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (port-number 22) + (permit-root-login 'prohibit-password) + (extra-content + "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u /etc/guix-kexec/authorized_keys/%u") + (password-authentication? #f) + (challenge-response-authentication? #f)))) + (modify-services %base-services + (delete console-font-service-type) + (delete agetty-service-type) + (delete mingetty-service-type)))))) diff --git a/nbde/system/build-host.scm b/nbde/system/build-host.scm new file mode 100644 index 0000000..166a4d6 --- /dev/null +++ b/nbde/system/build-host.scm @@ -0,0 +1,58 @@ +(define-module (nbde system build-host) + #:use-module (gnu) + #:use-module (gnu packages) + #:use-module (gnu system linux-initrd) + #:use-module (nbde system installed-base) + #:export (nbde-build-host-operating-system)) + +(define %build-host-packages + (map specification->package + '("curl" + "git" + "htop" + "less" + "nss-certs" + "rsync" + "strace" + "tmux" + "vim" + "wget"))) + +(define* (nbde-build-host-operating-system #:key + host-name + bootloader + file-systems + authorized-keys-file + (timezone "Etc/UTC") + (locale "en_US.UTF-8") + (kernel-arguments + (list "console=tty0" + "console=ttyS0,115200n8")) + (initrd + (lambda (file-systems . rest) + (apply base-initrd + file-systems + rest))) + (extra-packages '()) + (extra-services '())) + "Return a plain Guix build host operating system suitable for disposable +native workers. This keeps the NBDE-installed base system but omits LUKS and +Clevis-specific runtime pieces." + (operating-system + (inherit + (nbde-installed-operating-system + #:host-name host-name + #:bootloader bootloader + #:mapped-devices '() + #:file-systems file-systems + #:initrd initrd + #:interface "eth0" + #:authorized-keys-file authorized-keys-file + #:timezone timezone + #:locale locale + #:kernel-arguments kernel-arguments + #:extra-services extra-services)) + (packages + (append extra-packages + %build-host-packages + %base-packages))))