tribes/guix-tribes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
308 Commits 6 Branches 0 Tags
master
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
self b522f743aa
Pinned Docker E2E / pinned-docker-e2e (push) Failing after 32m18s
Details
fix: keep DRM enabled for installer consoles 
Keep DRM/KMS support in tribes-linux so the kexec installer can show a local console on Proxmox/QEMU and generic real hardware.

This restores VGA console output while retaining the other kernel slimming options.
2026-06-11 22:08:37 +02:00
.gitea/workflows
fix: use versioned mirror artifacts
2026-06-06 00:45:54 +02:00
docs
feat: support commit update candidates
2026-06-08 03:44:01 +02:00
examples
fix: rely on Tribes sync defaults
2026-05-20 23:24:57 +02:00
manifests
ci: warm substitutes from node OS closures, not curated manifests
2026-06-10 16:56:49 +02:00
nbde
fix: avoid eager Hyper-V kexec modules
2026-06-10 23:42:20 +02:00
pins
chore: Bump base channel to feature/substitute-read-timeout
2026-06-10 23:42:12 +02:00
scripts
fix: avoid eager Hyper-V kexec modules
2026-06-10 23:42:20 +02:00
tests
fix: preserve HAProxy bind capability for QUIC
2026-06-11 01:16:41 +02:00
tribes
fix: keep DRM enabled for installer consoles
2026-06-11 22:08:37 +02:00
.guix-authorizations
build: Introduce channel authentication metadata
2026-04-16 23:13:08 +02:00
.guix-channel
build: Introduce channel authentication metadata
2026-04-16 23:13:08 +02:00
README.md
fix: move kexec pin to branch
2026-06-06 01:34:22 +02:00

README.md

Guix Tribes Channel

This repository is the Guix channel for Tribes OS. It contains the package, service, system, installer, deployment, and substitute-builder definitions used to build and operate Tribes nodes.

Contents

Network-bound disk encryption (NBDE):

  • nbde/packages/crypto.scm: package definitions for luksmeta, tang, and clevis.
  • nbde/services/tang.scm: standalone Tang service for Guix systems.
  • nbde/system/mapped-devices.scm: Clevis-backed mapped-device kind with manual cryptsetup fallback.
  • nbde/system/initrd.scm: early-boot Clevis support around raw-initrd.
  • docs/nbde.md: operational notes for LUKS headers, initrd, Tang, and /boot/nbde/local-boot.key.

Tribes packages and systems:

  • tribes/packages/devtools.scm and tribes/packages/node.scm: shared tooling package definitions used by repo-local Guix development manifests.
  • tribes/packages/source.scm: source-built Tribes package producing a production release from pinned source plus vendored Mix/npm dependency FODs.
  • tribes/plugins/*.scm: external plugin package definitions and plugin metadata.
  • tribes/services/*.scm: Shepherd services for Tribes and supporting runtime components.
  • tribes/system/node.scm: node operating-system constructor.
  • tribes/system/installer.scm: installer-facing Tribes OS constructor.
  • manifests/substitutes/*.scm and tribes/ci/substitutes.scm: substitute builder manifests and CI targets.

Deployment and diagnostics:

  • tribes/deploy/*.scm: deployment helper API and worker/operation support used by Legion.
  • tribes/diagnostics/*.scm: diagnostics helpers, including system generation comparison.
  • scripts/build-kexec-image: builds the Legion kexec installer image.
  • scripts/build-tribes-docker-image: builds the pinned Tribes debug Docker image.

Pin maintenance

Refresh the upstream Guix channel pin intentionally with:

./scripts/update-base-channels-pin

The script updates pins/base-channels.sexp and syncs the Guix entry in pins/legion-channels.sexp. It auto-detects whether the current pin uses the local guix-fork channel or the mirrored official Guix channel, uses the matching sibling checkout head by default (../guix-fork or ../guix), accepts --commit COMMIT, and can switch back to the mirrored official channel with --official.

After changing the base channel pin, run Legion's generator in ../legion_kk:

npm run generate:guix-base-channel

Refresh the Tribes and external plugin source pins with:

./scripts/update-tribes-and-plugin-pins

By default, the pin update scripts use local guix for hashing and fixed-output builds. If the local host is not suitable for Guix networked fixed-output builds, run them explicitly on an SSH build host:

./scripts/update-tribes-and-plugin-pins --build-host HOST

Use --commit to commit the affected pin files after a successful refresh:

./scripts/update-tribes-and-plugin-pins --commit

The combined script updates:

  • tribes/packages/source.scm
  • tribes/plugins/sender.scm
  • tribes/plugins/aether.scm
  • tribes/plugins/supertest.scm
  • tribes/plugins/kobold.scm
  • tribes/plugins/trust.scm

For one-off updates, use scripts/update-tribes-pin or scripts/update-plugin-pin --help directly.

Channel files

Checked-in channel files serve different roles:

  • pins/base-channels.sexp: upstream Guix pin only; used for guix pull -C and related bootstrap tooling.
  • pins/legion-channels.sexp: Legion/build-host default channel set containing the pinned upstream Guix channel plus default tribes channel metadata.
  • The kexec-installer branch selects the default kexec installer source commit.

For pinned bootstrap usage, generate a channels.scm that combines the pinned upstream Guix channel with this repository's current commit.

Current development status

  • NBDE packages and the disposable Tang + LUKS smoke path are working.
  • The QEMU Phase-0 encrypted-root system boots unattended through Clevis/Tang and reaches a login prompt.
  • The active Legion kexec image definition is based on examples/build-host-kexec-installer.scm and nbde/system/build-host-kexec-installer.scm.
  • Tribes source, plugin, node, installer, Docker debug image, and substitute manifest definitions are maintained in this channel.
Reference in New Issue View Git Blame Copy Permalink
S
Description
Guix Channel for Tribes
Readme 1.2 MiB
Languages
Scheme 79.7%
Tree-sitter Query 14.7%
Shell 3.4%
Perl 2%
Common Lisp 0.2%