f4e7ec1db72164d0dc23463050e6bec1738b3bdc — Thomas Ieong 1 year, 10 months ago
1 files changed, 202 insertions(+), 0 deletions(-)

A bootstrap.sh
A  => bootstrap.sh +202 -0
@@ 1,202 @@
#!/usr/bin/env bash

# To run as root

apt-get update

apt-get install xz-utils -y

wget https://ftp.gnu.org/gnu/guix/guix-binary-1.3.0.x86_64-linux.tar.xz

cd /tmp

tar --warning=no-timestamp -xvf ~/guix-binary-1.3.0.x86_64-linux.tar.xz

mv var/guix /var/ && mv gnu /

mkdir -p /root/.config/guix

ln -sf /var/guix/profiles/per-user/root/current-guix ~root/.config/guix/current

export GUIX_PROFILE="/root/.config/guix/current" ;

source $GUIX_PROFILE/etc/profile

groupadd --system guixbuild

for i in `seq -w 1 10`; do
   useradd -g guixbuild -G guixbuild         \
           -d /var/empty -s `which nologin`  \
           -c "Guix build user $i" --system  \

cp -v /root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/

systemctl start guix-daemon && systemctl enable guix-daemon

mkdir -p /usr/local/bin

cd /usr/local/bin

ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix

mkdir -p /usr/local/share/info

cd /usr/local/share/info

for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
    ln -s $i;

guix archive --authorize < /root/.config/guix/current/share/guix/ci.guix.gnu.org.pub

guix pull
guix install glibc-utf8-locales-2.29

export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"

guix install openssl

cat > /etc/bootstrap-config.scm << EOF
(use-modules (gnu))
(use-service-modules networking ssh vpn)
(use-package-modules ssh certs tls tmux vpn)

  (host-name "guix")
  (timezone "Etc/UTC")

  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets (list "/dev/sda" "/dev/sdb"))
               (terminal-outputs '(console))))

  ;; Add a kernel module for RAID-1 (aka. "mirror").
  (initrd-modules (cons "raid1" %base-initrd-modules))

     (source (list "/dev/sda2" "/dev/sdb2"))
     (target "/dev/md2")
     (type raid-device-mapping))
     (source (list "/dev/sda4" "/dev/sdb4"))
     (target "/dev/md4")
     (type raid-device-mapping))
     (source "vg")
     (targets (list "vg-xenvg"))
     (type lvm-device-mapping))))

       (target "/dev/sda3"))
       (target "/dev/sdb3"))))

  ;; Default contents for /etc/issue.
This is the GNU system at Kimsufi.  Welcome.\n")

  (file-systems (cons* (file-system
                        (mount-point "/")
                        (device "/dev/md2")
                        (type "ext4")
                        (dependencies mapped-devices))
                        (mount-point "/srv/ganeti")
                        (device "/dev/mapper/vg-xenvg")
                        (type "ext4")
                        (dependencies mapped-devices))

  (users (cons (user-account
                (name "debian")
                (comment "debian")
                (group "users")
                (supplementary-groups '("wheel"))
                (home-directory "/home/debian"))

   (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
debian ALL=(ALL) NOPASSWD:ALL\n"))

  ;; Globally-installed packages.
  (packages (cons* tmux openssh nss-certs gnutls wireguard-tools %base-packages))

  (service wireguard-service-type
          (addresses '(""))
          ;(addresses '(""))
          (port 51820)
          (dns #f)
             (name "my-peer")
             (public-key "8HR5tqYjmM7PU+TJ0WZlqq6nRi9XoZoaQ2x7tabl9xE=")
             (endpoint "")
             ;(endpoint "")
             (allowed-ips '(""))
             ;(allowed-ips '(""))
             (keep-alive #f))))))
  (service static-networking-service-type
           (list (static-networking
		  (addresses (list (network-address
                                    (device "enp3s0")
                                    ;(value ""))))
                                    (value ""))))
		  (routes (list (network-route
				 (destination "default")
				 ;(gateway ""))))
				 (gateway ""))))
		  (name-servers '("")))))

  (service openssh-service-type
            (permit-root-login #f)))
 (modify-services %base-services
   (guix-service-type config =>
		       (inherit config)
			(append (list
				 (plain-file "offload-key.pub"
  (curve Ed25519)
  (q #92A6B514AB44FD75B0D257412C4A9CA4D00E02D0C9F2C366F93B72DB3BDE9EE9#)

guix system build /etc/bootstrap-config.scm
guix system reconfigure /etc/bootstrap-config.scm

mv /etc /old-etc

mkdir /etc

cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm} /etc/

guix system reconfigure /etc/bootstrap-config.scm

# The users uid created by guix is set to 100 and the one made
# made by debian is 1000, so we change that for guix.

chown -R debian:users /home/debian