@@ 1,243 0,0 @@
-#!/usr/bin/env bash
-
-# Target a debian10 machine
-
-sudo su -
-
-apt-get update
-
-apt-get install xz-utils -y
-
-wget https://ftp.gnu.org/gnu/guix/guix-binary-1.4.0.x86_64-linux.tar.xz
-
-cd /tmp
-
-tar --warning=no-timestamp -xvf ~/guix-binary-1.4.0.x86_64-linux.tar.xz
-
-mv var/guix /var/ && mv gnu /
-
-mkdir -p /root/.config/guix
-
-ln -sf /var/guix/profiles/per-user/root/current-guix ~root/.config/guix/current
-
-export GUIX_PROFILE="/root/.config/guix/current" ;
-
-source $GUIX_PROFILE/etc/profile
-
-groupadd --system guixbuild
-
-for i in `seq -w 1 10`; do
- useradd -g guixbuild -G guixbuild \
- -d /var/empty -s `which nologin` \
- -c "Guix build user $i" --system \
- guixbuilder$i;
-done;
-
-cp -v /root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/
-
-systemctl start guix-daemon && systemctl enable guix-daemon
-
-mkdir -p /usr/local/bin
-
-cd /usr/local/bin
-
-ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
-
-mkdir -p /usr/local/share/info
-
-cd /usr/local/share/info
-
-for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
- ln -s $i;
-done
-
-guix archive --authorize < /root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
-
-guix pull
-guix install glibc-utf8-locales-2.29 openssl glibc-locales
-
-export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
-
-# Yeah I actually have to comment out libvirt and virtlog for now
-# otherwise I get a werid libvirt error.
-# Reenable them once we've succesfully bootstraped.
-
-cat > /etc/bootstrap-config.scm << EOF
-(use-modules (gnu))
-(use-service-modules networking ssh vpn virtualization sysctl certbot admin)
-(use-package-modules ssh certs tls tmux vpn virtualization)
-
-(operating-system
- (host-name "guix")
- (timezone "Etc/UTC")
-
- (bootloader (bootloader-configuration
- (bootloader grub-bootloader)
- (targets (list "/dev/sda" "/dev/sdb"))
- (terminal-outputs '(console))))
-
- ;; Add a kernel module for RAID-1 (aka. "mirror").
- (initrd-modules (cons "raid1" %base-initrd-modules))
-
- (mapped-devices
- (list
- (mapped-device
- (source (list "/dev/sda2" "/dev/sdb2"))
- (target "/dev/md2")
- (type raid-device-mapping))))
-
- (swap-devices
- (list
- (swap-space
- (target "/dev/sda3"))
- (swap-space
- (target "/dev/sdb3"))))
-
- (issue
- ;; Default contents for /etc/issue.
- "
-This is the GNU system at Kimsufi. Welcome.\n")
-
- (file-systems (cons* (file-system
- (mount-point "/")
- (device "/dev/md2")
- (type "ext4")
- (dependencies mapped-devices))
- %base-file-systems))
-
- (users (cons (user-account
- (name "debian")
- (comment "debian")
- (group "users")
- ;(supplementary-groups '("wheel"))
- ;(supplementary-groups '("wheel" "libvirt" "kvm"))
- (home-directory "/home/debian"))
- %base-user-accounts))
-
- (sudoers-file
- (plain-file "sudoers" "\
-root ALL=(ALL) ALL
-%wheel ALL=(ALL) ALL
-debian ALL=(ALL) NOPASSWD:ALL\n"))
-
-
- ;; Globally-installed packages.
- (packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages))
-
-(services
- (cons*
- (service static-networking-service-type
- (list (static-networking
- (addresses (list (network-address
- (device "enp3s0")
- (value "37.187.79.64/24"))
- (network-address
- (device "enp3s0")
- (value "2001:41d0:a:2f40::1/64"))))
- (routes (list (network-route
- (destination "default")
- (gateway "37.187.79.254"))
- (network-route
- (destination "default")
- (gateway "2001:41d0:a:2fFF:FF:FF:FF:FF"))))
- (name-servers '("213.186.33.99")))))
-
-; (service unattended-upgrade-service-type)
-;
-; (service nftables-service-type
-; (nftables-configuration
-; (ruleset
-; (plain-file "nftables.nft"
-; "\
-;table ip nat {
-; chain prerouting {
-; type nat hook prerouting priority -100;
-; tcp dport { http, https } dnat to 192.168.1.10:http
-; }
-;
-; chain postrouting {
-; type nat hook postrouting priority 100;
-; masquerade
-; }
-;}
-;
-;table inet filter {
-; chain input {
-; type filter hook input priority 0; policy drop;
-;
-; # early drop of invalid connections
-; ct state invalid drop
-;
-; # allow established/related connections
-; ct state { established, related } accept
-;
-; # allow icmp
-; ip protocol icmp accept
-; ip6 nexthdr icmpv6 accept
-;
-; # allow from loopback
-; iifname lo accept
-;
-; # added: make NAT from libvirt work
-; iifname virbr0 accept
-;
-; # allow ssh,http
-; tcp dport {http,https,53,67,2222} accept
-; udp dport {53,67} accept
-;
-; # reject everything else
-; reject with icmpx type port-unreachable
-; }
-; chain forward {
-; type filter hook forward priority 0; policy drop;
-; iifname virbr0 oifname enp3s0 accept
-; iifname enp3s0 oifname virbr0 accept
-; }
-; chain output {
-; type filter hook output priority 0; policy accept;
-; }
-;}"))))
-;
-; (service libvirt-service-type
-; (libvirt-configuration
-; (unix-sock-group "libvirt")
-; (tls-port "16555")))
-;
-; (service virtlog-service-type
-; (virtlog-configuration
-; (max-clients 1000)))
-
- (service openssh-service-type
- (openssh-configuration
- (port-number 2222)
- (permit-root-login #f)))
-
- (modify-services %base-services
- (sysctl-service-type config =>
- (sysctl-configuration
- (settings (append '(("net.ipv6.conf.all.autoconf" . "0")
- ("net.ipv6.conf.all.accept_ra" . "0"))
- %default-sysctl-settings))))))))
-EOF
-
-guix system build /etc/bootstrap-config.scm
-
-# TODO: dbus
-mv /etc/{ssl,pam.d,skel,udev} /tmp
-
-guix system reconfigure /etc/bootstrap-config.scm
-
-mv /etc /old-etc
-
-mkdir /etc
-
-cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm} /etc/
-
-guix system reconfigure /etc/bootstrap-config.scm
-
-# The users uid created by guix is set to 100 and the one made
-# made by debian is 1000, so we change that for guix.
-
-chown -R debian:users /home/debian
-
-reboot