tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
65 Commits 6 Branches 0 Tags
keyring
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
self d7fa902ab3 build: add supertest dev key to keyring 
Add the public key used to sign the supertest-dev channel branch for explicit test/dev rollout iteration.
2026-04-30 11:30:06 +02:00
examples
fix: curl in kexec installer, clean up
2026-04-14 12:28:25 +02:00
manifests/substitutes
fix: Installer image
2026-04-14 13:44:10 +02:00
nbde
fix: Installer image
2026-04-14 13:44:10 +02:00
pins
build: Move guix channel to fork
2026-04-16 21:46:32 +02:00
scripts
build/docs: update-base-channels-pin, README
2026-04-14 12:59:45 +02:00
tests
fix: make channel example and tests safe to import
2026-04-13 10:06:08 +02:00
tribes
chore: Bump tribes
2026-04-16 14:23:08 +02:00
README.md
build/docs: update-base-channels-pin, README
2026-04-14 12:59:45 +02:00
steffen-EF99DAC3.key
Add key for Steffen Beyer.
2026-04-16 23:13:43 +02:00
supertest-dev-B19D4784.key
build: add supertest dev key to keyring
2026-04-30 11:30:06 +02:00

README.md

NBDE Channel

This repository provides the Guix-side pieces for network-bound disk encryption:

  • nbde/packages/crypto.scm Package definitions for luksmeta, tang, and clevis.
  • nbde/services/tang.scm A standalone Tang service for Guix systems.
  • nbde/system/mapped-devices.scm A Clevis-backed mapped-device kind with manual cryptsetup fallback.
  • nbde/system/initrd.scm A helper around raw-initrd for early-boot Clevis support.
  • examples/phase0-system.scm Minimal reference system using the Clevis-backed mapped-device kind and custom initrd.

It now also carries the first Tribes deployment substrate:

  • tribes/packages/release.scm A deployment-bridge package wrapper for a prebuilt Tribes release tree.
  • tribes/packages/source.scm A real source-built Tribes package that produces a production release from vendored Mix and npm dependency trees plus local Parrhesia source. Local-source builds accept hash overrides via TRIBES_MIX_DEPS_SHA256, TRIBES_RAW_MIX_DEPS_SHA256, and TRIBES_NPM_DEPS_SHA256.
  • tribes/services/tribes.scm Shepherd service, runtime environment wiring, and account/activation setup for a Tribes node.
  • tribes/system/node.scm A higher-level service bundle that wires PostgreSQL plus the Tribes service.
  • tribes/system/installer.scm Installer-facing OS constructor for NBDE-installed Tribes nodes.
  • nbde/system/installed-base.scm Shared base installed-system constructor used by both the minimal NBDE flow and the Tribes-specific installer path.

Current development status:

  1. luksmeta, tang, and clevis build successfully on pguix.
  2. A disposable Tang + LUKS smoke test passes.
  3. A QEMU Phase-0 system with encrypted root now boots unattended through Clevis/Tang and reaches a login prompt.

For pinned bootstrap usage, generate a channels.scm that combines upstream Guix with this repository's current commit.

The deployment scripts default to the checked-in base-channel lock at pins/base-channels.sexp. Refresh that lock intentionally with ./scripts/update-base-channels-pin.

The current Legion kexec image path is based on:

  • examples/build-host-kexec-installer.scm
  • nbde/system/build-host-kexec-installer.scm

That build-host installer is the active kexec image definition used for Legion deployment bootstrapping.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Guix Channel for Tribes
Readme 1.2 MiB
Languages
Scheme 79.7%
Tree-sitter Query 14.7%
Shell 3.4%
Perl 2%
Common Lisp 0.2%