diff --git a/operating-systems/buer.scm b/operating-systems/buer.scm index 44a08cd..753a498 100644 --- a/operating-systems/buer.scm +++ b/operating-systems/buer.scm @@ -75,6 +75,8 @@ #:prefix channel:) #|F|# #:use-module ((buer files) #:prefix file:) + #|F|# #:use-module ((buer file-systems) + #:prefix file-system:) #|P|# #:use-module ((buer privilege) #:prefix privileged-programs:) #|R|# #:use-module ((buer rules) @@ -124,15 +126,8 @@ %kicksecure-kernel-arguments))) (file-systems - (cons* (file-system - (device (file-system-label "guix-root")) - (mount-point "/") - (type "ext4")) - (file-system - (device (file-system-label "home")) - (mount-point "/home") - (type "ext4")) - %base-file-systems)) + (append file-system:volumes + file-system:persistent-directories)) (users (cons* user:radio @@ -193,9 +188,9 @@ (iota 2 1))))) #|Home environment services|# - (service guix-home-service-type - (if (file-exists? "/run/current-system/provenance") '() - `(("radio" ,home-environment:radio)))) + ;(service guix-home-service-type + ; (if (file-exists? "/run/current-system/provenance") '() + ; `(("radio" ,home-environment:radio)))) #|Log services|# (service rottlog-service-type) @@ -257,7 +252,7 @@ (service ntp-service-type) (service wpa-supplicant-service-type (wpa-supplicant-configuration - (config-file "/etc/wpa-supplicant.conf") + (config-file "/etc/ws/wpa-supplicant.conf") (interface "wlp2s0") (extra-options `("-B")))) (service dhcp-client-service-type @@ -309,6 +304,11 @@ (service special-files-service-type `(("/bin/sh" ,(file-append bash "/bin/bash")) ("/usr/bin/env" ,(file-append coreutils "/bin/env")))) + (simple-service 'persistent-files-service + special-files-service-type + (map (juxt identity + (partial string-append "/gnu/persist/")) + file-system:persistent-files)) #|Sysctl services|# (simple-service 'extra-sysctl-settings sysctl-service-type @@ -316,9 +316,9 @@ ("vm.watermark_boost_factor" . "0") ("vm.watermark_scale_factor" . "125") ("vm.page-cluster" . "0"))) - (simple-service 'security-syctl-settings sysctl-service-type - (alist-delete "net.core.bpf_jit_harden" - %kicksecure-sysctl-rules)) + ;(simple-service 'security-syctl-settings sysctl-service-type + ; (alist-delete "net.core.bpf_jit_harden" + ; %kicksecure-sysctl-rules)) #|Base services|# (service urandom-seed-service-type) diff --git a/operating-systems/buer/file-systems.scm b/operating-systems/buer/file-systems.scm index c5e202d..b287cf3 100644 --- a/operating-systems/buer/file-systems.scm +++ b/operating-systems/buer/file-systems.scm @@ -1,104 +1,146 @@ -;; based on https://codeberg.org/squishypinkelephant/guix-random-junk - -;; how to guix: / as tmpfs - -;; /var/guix is REQUIRED to perform rollbacks -;; create the folders /gnu/persist/etc/ssh /gnu/persist/etc/wireguard and -;; the file /gnu/persist/etc/machine-id for dbus - (define-module (buer file-systems) #:use-module (gnu system file-systems) - #:export (rootfs - bootfs - file-systems)) + #:export (partition:guix + persistent-directories + persistent-files + volumes)) ;;; reminder: Send a patch to guix to make file-system-options and ;;; privileged-program-capabitilities receive a list-of-strings -(define rootfs - (file-system - (device (file-system-label "root")) - (mount-point "/") - (type "tmpfs") - (options "mode=755"))) +(define partition:guix + (file-system-label "guix")) -(define bootfs - (file-system - (device (file-system-label "root") - (type "btrfs") - (mount-point "/boot") - (dependencies (list rootfs)) - (flags '(no-atime)) - (options (format #f "compress=zstd:7,~ - discard=async,~ - ssd,~ - subvol=@boot"))))) +(define volumes + (list #|base|# + %immutable-store + %pseudo-terminal-file-system + %shared-memory-file-system -(define file-systems - (cons* rootfs - ;; /gnu/store + #|boot|# + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/boot") + (check? #f) + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "subvol=@boot,~ + discard=async,~ + ssd"))) + + #|run|# + (file-system + (device "none") + (type "tmpfs") + (mount-point "/run") + (check? #f) + (needed-for-boot? #t) + (options "mode=0755")) + + #|tmp|# + (file-system + (device "none") + (type "tmpfs") + (mount-point "/tmp") + (check? #f) + (needed-for-boot? #f)) + + #|root|# + (file-system + (device "none") + (type "tmpfs") + (mount-point "/") + (check? #f) + (needed-for-boot? #t) + (options "mode=0755")) + + #|gnu|# + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/gnu/persist") + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "subvol=@gnu/persist,~ + ssd"))) + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/gnu/store") + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "compress=zstd,~ + subvol=@gnu/store,~ + ssd"))) + + #|var|# + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/var/guix") + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "compress=zstd,~ + subvol=@var/guix,~ + ssd"))) + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/var/lib") + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "compress=zstd,~ + subvol=@var/lib,~ + ssd"))) + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/var/log") + (check? #f) + (needed-for-boot? #t) + (flags '(no-atime)) + (options (format #f "compress=zstd,~ + subvol=@var/log,~ + ssd"))) + (file-system + (device "none") + (type "tmpfs") + (mount-point "/var/run") + (check? #f) + (needed-for-boot? #t) + (options "mode=0755")) + + #|home|# + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/root") + (flags '(no-atime)) + (options (format #f "subvol=@root,~ + discard=async,~ + ssd"))) + (file-system + (device partition:guix) + (type "btrfs") + (mount-point "/home") + (flags '(no-atime)) + (options (format #f "subvol=@home,~ + discard=async,~ + ssd"))))) + +(define persistent-directories + (map (lambda (filename) (file-system - (device (file-system-label "root")) - (type "btrfs") - (mount-point "/gnu/store") - (needed-for-boot? #t) - (dependencies (list rootfs)) - (flags '(read-only bind-mount no-atime)) - (options (format #f "compress=zstd:7,~ - discard=async,~ - ssd,~ - subvol=@gnu/store"))) - ;; /gnu/persist - (file-system - (device (file-system-label "root")) - (type "btrfs") - (mount-point "/gnu/persist") - (needed-for-boot? #t) - (dependencies (list rootfs)) - (flags '(no-atime bind-mount)) - (options (format #f "discard=async,~ - ssd,~ - subvol=@gnu/persist"))) - ;; /home - (file-system - (device (file-system-label "root")) - (type "btrfs") - (mount-point "/home") - (dependencies (list rootfs)) - (flags '(no-atime bind-mount)) - (options (format #f "compress=zstd:7,~ - discard=async,~ - ssd,~ - subvol=@home"))) - ;; /var/guix - (file-system - (device (file-system-label "root")) - (type "btrfs") - (mount-point "/var/guix") - (dependencies (list rootfs)) - (flags '(no-atime)) - (options (format #f "compress=zstd:7,~ - discard=async,~ - ssd,~ - subvol=@var/guix"))) - ;; /var/log - (file-system - (device (file-system-label "root")) - (type "btrfs") - (mount-point "/var/log") - (dependencies (list rootfs)) - (flags '(no-atime)) - (options (format #f "compress=zstd:7,~ - discard=async,~ - ssd,~ - subvol=@var/log"))) - ;; /boot - bootfs - (file-system - (device (file-system-label "esp")) - (type "vfat") - (dependencies (list bootfs)) - (mount-point "/boot/efi") - (create-mount-point? #t)) - %base-file-systems)) + (mount-point filename) + (device (string-append "/gnu/persist" mount-point)) + (type "none") + (flags '(no-atime bind-mount)))) + `("/etc/guix" + "/etc/ssh" + "/etc/wireguard"))) + +(define persistent-files + (list "/etc/machine-id" + "/etc/wpa-supplicant.conf")) diff --git a/operating-systems/buer/install b/operating-systems/buer/install new file mode 100644 index 0000000..2441f2c --- /dev/null +++ b/operating-systems/buer/install @@ -0,0 +1,42 @@ +set -exu + +# Mounting +mount -L guix /mnt + +cd /mnt +for dir in boot root home var/log var/guix gnu/persist gnu/store; do + mkdir -p $dir; btrfs subvolume create @$dir; mount --bind @$dir $dir +done + +cd @gnu/persist +mkdir -p /etc/guix /etc/ssh /etc/wireguard +cd + +# Connection +rfkill unblock wifi +wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase 'AP24' 'Floresta123@') +dhclient + +# Initialization +guix shell git -- git clone codeberg.org/anemofilia/radix +guix shell git -- git clone codeberg.org/anemofilia/zero + +export GUILE_LOAD_PATH="zero:zero/operating-systems:radix:$GUILE_LOAD_PATH" +guix system init zero/operating-systems/buer.scm /mnt + +# Cleaning +cd /mnt +for dir in boot root home var/log var/guix gnu/persist gnu/store; do + umount $dir; rm -rf $dir +done + +# Populate +guix shell dbus -- dbus-uuidgen > @gnu/persist/etc/machine-id +cp -r /etc/ssh/* @gnu/persist/etc/ssh +cp -r /etc/guix/* @gnu/persist/etc/guix + +# Permissions +chmod 700 @root +cd @gnu/persist/etc/ +chmod 644 machine-id +chmod 600 guix ssh wireguard