mirror of https://codeberg.org/anemofilia/zero
file-system fix?
parent
ba91125c7e
commit
53ef5abce1
|
@ -75,6 +75,8 @@
|
||||||
#:prefix channel:)
|
#:prefix channel:)
|
||||||
#|F|# #:use-module ((buer files)
|
#|F|# #:use-module ((buer files)
|
||||||
#:prefix file:)
|
#:prefix file:)
|
||||||
|
#|F|# #:use-module ((buer file-systems)
|
||||||
|
#:prefix file-system:)
|
||||||
#|P|# #:use-module ((buer privilege)
|
#|P|# #:use-module ((buer privilege)
|
||||||
#:prefix privileged-programs:)
|
#:prefix privileged-programs:)
|
||||||
#|R|# #:use-module ((buer rules)
|
#|R|# #:use-module ((buer rules)
|
||||||
|
@ -124,15 +126,8 @@
|
||||||
%kicksecure-kernel-arguments)))
|
%kicksecure-kernel-arguments)))
|
||||||
|
|
||||||
(file-systems
|
(file-systems
|
||||||
(cons* (file-system
|
(append file-system:volumes
|
||||||
(device (file-system-label "guix-root"))
|
file-system:persistent-directories))
|
||||||
(mount-point "/")
|
|
||||||
(type "ext4"))
|
|
||||||
(file-system
|
|
||||||
(device (file-system-label "home"))
|
|
||||||
(mount-point "/home")
|
|
||||||
(type "ext4"))
|
|
||||||
%base-file-systems))
|
|
||||||
|
|
||||||
(users
|
(users
|
||||||
(cons* user:radio
|
(cons* user:radio
|
||||||
|
@ -193,9 +188,9 @@
|
||||||
(iota 2 1)))))
|
(iota 2 1)))))
|
||||||
|
|
||||||
#|Home environment services|#
|
#|Home environment services|#
|
||||||
(service guix-home-service-type
|
;(service guix-home-service-type
|
||||||
(if (file-exists? "/run/current-system/provenance") '()
|
; (if (file-exists? "/run/current-system/provenance") '()
|
||||||
`(("radio" ,home-environment:radio))))
|
; `(("radio" ,home-environment:radio))))
|
||||||
|
|
||||||
#|Log services|#
|
#|Log services|#
|
||||||
(service rottlog-service-type)
|
(service rottlog-service-type)
|
||||||
|
@ -257,7 +252,7 @@
|
||||||
(service ntp-service-type)
|
(service ntp-service-type)
|
||||||
(service wpa-supplicant-service-type
|
(service wpa-supplicant-service-type
|
||||||
(wpa-supplicant-configuration
|
(wpa-supplicant-configuration
|
||||||
(config-file "/etc/wpa-supplicant.conf")
|
(config-file "/etc/ws/wpa-supplicant.conf")
|
||||||
(interface "wlp2s0")
|
(interface "wlp2s0")
|
||||||
(extra-options `("-B"))))
|
(extra-options `("-B"))))
|
||||||
(service dhcp-client-service-type
|
(service dhcp-client-service-type
|
||||||
|
@ -309,6 +304,11 @@
|
||||||
(service special-files-service-type
|
(service special-files-service-type
|
||||||
`(("/bin/sh" ,(file-append bash "/bin/bash"))
|
`(("/bin/sh" ,(file-append bash "/bin/bash"))
|
||||||
("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
|
("/usr/bin/env" ,(file-append coreutils "/bin/env"))))
|
||||||
|
(simple-service 'persistent-files-service
|
||||||
|
special-files-service-type
|
||||||
|
(map (juxt identity
|
||||||
|
(partial string-append "/gnu/persist/"))
|
||||||
|
file-system:persistent-files))
|
||||||
|
|
||||||
#|Sysctl services|#
|
#|Sysctl services|#
|
||||||
(simple-service 'extra-sysctl-settings sysctl-service-type
|
(simple-service 'extra-sysctl-settings sysctl-service-type
|
||||||
|
@ -316,9 +316,9 @@
|
||||||
("vm.watermark_boost_factor" . "0")
|
("vm.watermark_boost_factor" . "0")
|
||||||
("vm.watermark_scale_factor" . "125")
|
("vm.watermark_scale_factor" . "125")
|
||||||
("vm.page-cluster" . "0")))
|
("vm.page-cluster" . "0")))
|
||||||
(simple-service 'security-syctl-settings sysctl-service-type
|
;(simple-service 'security-syctl-settings sysctl-service-type
|
||||||
(alist-delete "net.core.bpf_jit_harden"
|
; (alist-delete "net.core.bpf_jit_harden"
|
||||||
%kicksecure-sysctl-rules))
|
; %kicksecure-sysctl-rules))
|
||||||
|
|
||||||
#|Base services|#
|
#|Base services|#
|
||||||
(service urandom-seed-service-type)
|
(service urandom-seed-service-type)
|
||||||
|
|
|
@ -1,104 +1,146 @@
|
||||||
;; based on https://codeberg.org/squishypinkelephant/guix-random-junk
|
|
||||||
|
|
||||||
;; how to guix: / as tmpfs
|
|
||||||
|
|
||||||
;; /var/guix is REQUIRED to perform rollbacks
|
|
||||||
;; create the folders /gnu/persist/etc/ssh /gnu/persist/etc/wireguard and
|
|
||||||
;; the file /gnu/persist/etc/machine-id for dbus
|
|
||||||
|
|
||||||
(define-module (buer file-systems)
|
(define-module (buer file-systems)
|
||||||
#:use-module (gnu system file-systems)
|
#:use-module (gnu system file-systems)
|
||||||
|
|
||||||
#:export (rootfs
|
#:export (partition:guix
|
||||||
bootfs
|
persistent-directories
|
||||||
file-systems))
|
persistent-files
|
||||||
|
volumes))
|
||||||
|
|
||||||
;;; reminder: Send a patch to guix to make file-system-options and
|
;;; reminder: Send a patch to guix to make file-system-options and
|
||||||
;;; privileged-program-capabitilities receive a list-of-strings
|
;;; privileged-program-capabitilities receive a list-of-strings
|
||||||
|
|
||||||
(define rootfs
|
(define partition:guix
|
||||||
(file-system
|
(file-system-label "guix"))
|
||||||
(device (file-system-label "root"))
|
|
||||||
(mount-point "/")
|
|
||||||
(type "tmpfs")
|
|
||||||
(options "mode=755")))
|
|
||||||
|
|
||||||
(define bootfs
|
(define volumes
|
||||||
|
(list #|base|#
|
||||||
|
%immutable-store
|
||||||
|
%pseudo-terminal-file-system
|
||||||
|
%shared-memory-file-system
|
||||||
|
|
||||||
|
#|boot|#
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "root")
|
(device partition:guix)
|
||||||
(type "btrfs")
|
(type "btrfs")
|
||||||
(mount-point "/boot")
|
(mount-point "/boot")
|
||||||
(dependencies (list rootfs))
|
(check? #f)
|
||||||
(flags '(no-atime))
|
|
||||||
(options (format #f "compress=zstd:7,~
|
|
||||||
discard=async,~
|
|
||||||
ssd,~
|
|
||||||
subvol=@boot")))))
|
|
||||||
|
|
||||||
(define file-systems
|
|
||||||
(cons* rootfs
|
|
||||||
;; /gnu/store
|
|
||||||
(file-system
|
|
||||||
(device (file-system-label "root"))
|
|
||||||
(type "btrfs")
|
|
||||||
(mount-point "/gnu/store")
|
|
||||||
(needed-for-boot? #t)
|
(needed-for-boot? #t)
|
||||||
(dependencies (list rootfs))
|
(flags '(no-atime))
|
||||||
(flags '(read-only bind-mount no-atime))
|
(options (format #f "subvol=@boot,~
|
||||||
(options (format #f "compress=zstd:7,~
|
|
||||||
discard=async,~
|
discard=async,~
|
||||||
ssd,~
|
ssd")))
|
||||||
subvol=@gnu/store")))
|
|
||||||
;; /gnu/persist
|
#|run|#
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "root"))
|
(device "none")
|
||||||
|
(type "tmpfs")
|
||||||
|
(mount-point "/run")
|
||||||
|
(check? #f)
|
||||||
|
(needed-for-boot? #t)
|
||||||
|
(options "mode=0755"))
|
||||||
|
|
||||||
|
#|tmp|#
|
||||||
|
(file-system
|
||||||
|
(device "none")
|
||||||
|
(type "tmpfs")
|
||||||
|
(mount-point "/tmp")
|
||||||
|
(check? #f)
|
||||||
|
(needed-for-boot? #f))
|
||||||
|
|
||||||
|
#|root|#
|
||||||
|
(file-system
|
||||||
|
(device "none")
|
||||||
|
(type "tmpfs")
|
||||||
|
(mount-point "/")
|
||||||
|
(check? #f)
|
||||||
|
(needed-for-boot? #t)
|
||||||
|
(options "mode=0755"))
|
||||||
|
|
||||||
|
#|gnu|#
|
||||||
|
(file-system
|
||||||
|
(device partition:guix)
|
||||||
(type "btrfs")
|
(type "btrfs")
|
||||||
(mount-point "/gnu/persist")
|
(mount-point "/gnu/persist")
|
||||||
(needed-for-boot? #t)
|
(needed-for-boot? #t)
|
||||||
(dependencies (list rootfs))
|
(flags '(no-atime))
|
||||||
(flags '(no-atime bind-mount))
|
(options (format #f "subvol=@gnu/persist,~
|
||||||
(options (format #f "discard=async,~
|
ssd")))
|
||||||
ssd,~
|
|
||||||
subvol=@gnu/persist")))
|
|
||||||
;; /home
|
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "root"))
|
(device partition:guix)
|
||||||
(type "btrfs")
|
(type "btrfs")
|
||||||
(mount-point "/home")
|
(mount-point "/gnu/store")
|
||||||
(dependencies (list rootfs))
|
(needed-for-boot? #t)
|
||||||
(flags '(no-atime bind-mount))
|
(flags '(no-atime))
|
||||||
(options (format #f "compress=zstd:7,~
|
(options (format #f "compress=zstd,~
|
||||||
discard=async,~
|
subvol=@gnu/store,~
|
||||||
ssd,~
|
ssd")))
|
||||||
subvol=@home")))
|
|
||||||
;; /var/guix
|
#|var|#
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "root"))
|
(device partition:guix)
|
||||||
(type "btrfs")
|
(type "btrfs")
|
||||||
(mount-point "/var/guix")
|
(mount-point "/var/guix")
|
||||||
(dependencies (list rootfs))
|
(needed-for-boot? #t)
|
||||||
(flags '(no-atime))
|
(flags '(no-atime))
|
||||||
(options (format #f "compress=zstd:7,~
|
(options (format #f "compress=zstd,~
|
||||||
discard=async,~
|
subvol=@var/guix,~
|
||||||
ssd,~
|
ssd")))
|
||||||
subvol=@var/guix")))
|
|
||||||
;; /var/log
|
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "root"))
|
(device partition:guix)
|
||||||
|
(type "btrfs")
|
||||||
|
(mount-point "/var/lib")
|
||||||
|
(needed-for-boot? #t)
|
||||||
|
(flags '(no-atime))
|
||||||
|
(options (format #f "compress=zstd,~
|
||||||
|
subvol=@var/lib,~
|
||||||
|
ssd")))
|
||||||
|
(file-system
|
||||||
|
(device partition:guix)
|
||||||
(type "btrfs")
|
(type "btrfs")
|
||||||
(mount-point "/var/log")
|
(mount-point "/var/log")
|
||||||
(dependencies (list rootfs))
|
(check? #f)
|
||||||
|
(needed-for-boot? #t)
|
||||||
(flags '(no-atime))
|
(flags '(no-atime))
|
||||||
(options (format #f "compress=zstd:7,~
|
(options (format #f "compress=zstd,~
|
||||||
discard=async,~
|
subvol=@var/log,~
|
||||||
ssd,~
|
ssd")))
|
||||||
subvol=@var/log")))
|
|
||||||
;; /boot
|
|
||||||
bootfs
|
|
||||||
(file-system
|
(file-system
|
||||||
(device (file-system-label "esp"))
|
(device "none")
|
||||||
(type "vfat")
|
(type "tmpfs")
|
||||||
(dependencies (list bootfs))
|
(mount-point "/var/run")
|
||||||
(mount-point "/boot/efi")
|
(check? #f)
|
||||||
(create-mount-point? #t))
|
(needed-for-boot? #t)
|
||||||
%base-file-systems))
|
(options "mode=0755"))
|
||||||
|
|
||||||
|
#|home|#
|
||||||
|
(file-system
|
||||||
|
(device partition:guix)
|
||||||
|
(type "btrfs")
|
||||||
|
(mount-point "/root")
|
||||||
|
(flags '(no-atime))
|
||||||
|
(options (format #f "subvol=@root,~
|
||||||
|
discard=async,~
|
||||||
|
ssd")))
|
||||||
|
(file-system
|
||||||
|
(device partition:guix)
|
||||||
|
(type "btrfs")
|
||||||
|
(mount-point "/home")
|
||||||
|
(flags '(no-atime))
|
||||||
|
(options (format #f "subvol=@home,~
|
||||||
|
discard=async,~
|
||||||
|
ssd")))))
|
||||||
|
|
||||||
|
(define persistent-directories
|
||||||
|
(map (lambda (filename)
|
||||||
|
(file-system
|
||||||
|
(mount-point filename)
|
||||||
|
(device (string-append "/gnu/persist" mount-point))
|
||||||
|
(type "none")
|
||||||
|
(flags '(no-atime bind-mount))))
|
||||||
|
`("/etc/guix"
|
||||||
|
"/etc/ssh"
|
||||||
|
"/etc/wireguard")))
|
||||||
|
|
||||||
|
(define persistent-files
|
||||||
|
(list "/etc/machine-id"
|
||||||
|
"/etc/wpa-supplicant.conf"))
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
set -exu
|
||||||
|
|
||||||
|
# Mounting
|
||||||
|
mount -L guix /mnt
|
||||||
|
|
||||||
|
cd /mnt
|
||||||
|
for dir in boot root home var/log var/guix gnu/persist gnu/store; do
|
||||||
|
mkdir -p $dir; btrfs subvolume create @$dir; mount --bind @$dir $dir
|
||||||
|
done
|
||||||
|
|
||||||
|
cd @gnu/persist
|
||||||
|
mkdir -p /etc/guix /etc/ssh /etc/wireguard
|
||||||
|
cd
|
||||||
|
|
||||||
|
# Connection
|
||||||
|
rfkill unblock wifi
|
||||||
|
wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase 'AP24' 'Floresta123@')
|
||||||
|
dhclient
|
||||||
|
|
||||||
|
# Initialization
|
||||||
|
guix shell git -- git clone codeberg.org/anemofilia/radix
|
||||||
|
guix shell git -- git clone codeberg.org/anemofilia/zero
|
||||||
|
|
||||||
|
export GUILE_LOAD_PATH="zero:zero/operating-systems:radix:$GUILE_LOAD_PATH"
|
||||||
|
guix system init zero/operating-systems/buer.scm /mnt
|
||||||
|
|
||||||
|
# Cleaning
|
||||||
|
cd /mnt
|
||||||
|
for dir in boot root home var/log var/guix gnu/persist gnu/store; do
|
||||||
|
umount $dir; rm -rf $dir
|
||||||
|
done
|
||||||
|
|
||||||
|
# Populate
|
||||||
|
guix shell dbus -- dbus-uuidgen > @gnu/persist/etc/machine-id
|
||||||
|
cp -r /etc/ssh/* @gnu/persist/etc/ssh
|
||||||
|
cp -r /etc/guix/* @gnu/persist/etc/guix
|
||||||
|
|
||||||
|
# Permissions
|
||||||
|
chmod 700 @root
|
||||||
|
cd @gnu/persist/etc/
|
||||||
|
chmod 644 machine-id
|
||||||
|
chmod 600 guix ssh wireguard
|
Loading…
Reference in New Issue