diff options
Diffstat (limited to 'gnu/system')
| -rw-r--r-- | gnu/system/examples/bare-bones.tmpl (renamed from gnu/system/os-config.tmpl) | 28 | ||||
| -rw-r--r-- | gnu/system/examples/desktop.tmpl | 44 | ||||
| -rw-r--r-- | gnu/system/grub.scm | 3 | ||||
| -rw-r--r-- | gnu/system/install.scm | 43 | ||||
| -rw-r--r-- | gnu/system/nss.scm | 23 | ||||
| -rw-r--r-- | gnu/system/shadow.scm | 46 |
6 files changed, 163 insertions, 24 deletions
diff --git a/gnu/system/os-config.tmpl b/gnu/system/examples/bare-bones.tmpl index e14c95733a..dc5cfc81a4 100644 --- a/gnu/system/os-config.tmpl +++ b/gnu/system/examples/bare-bones.tmpl @@ -1,12 +1,13 @@ -;; This is an operating system configuration template. +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. (use-modules (gnu)) -(use-service-modules xorg networking dbus avahi) -(use-package-modules xorg avahi) +(use-service-modules networking ssh) +(use-package-modules admin) (operating-system - (host-name "antelope") - (timezone "Europe/Paris") + (host-name "komputilo") + (timezone "Europe/Berlin") (locale "en_US.UTF-8") ;; Assuming /dev/sdX is the target hard disk, and "root" is @@ -22,7 +23,7 @@ ;; This is where user accounts are specified. The "root" ;; account is implicit, and is initially created with the ;; empty password. - (users (list (user-account + (users (cons (user-account (name "alice") (comment "Bob's sister") (group "users") @@ -33,15 +34,14 @@ ;; and access the webcam. (supplementary-groups '("wheel" "audio" "video")) - (home-directory "/home/alice")))) + (home-directory "/home/alice")) + %base-user-accounts)) ;; Globally-installed packages. - (packages (cons xterm %base-packages)) + (packages (cons tcpdump %base-packages)) - ;; Add services to the baseline: the SLiM log-in manager - ;; for Xorg sessions, a DHCP client, Avahi, and D-Bus. - (services (cons* (slim-service) - (dhcp-client-service) - (avahi-service) - (dbus-service (list avahi)) + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services (cons* (dhcp-client-service) + (lsh-service #:port-number 2222) %base-services))) diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl new file mode 100644 index 0000000000..988b8f937f --- /dev/null +++ b/gnu/system/examples/desktop.tmpl @@ -0,0 +1,44 @@ +;; This is an operating system configuration template +;; for a "desktop" setup with X11. + +(use-modules (gnu) (gnu system nss)) +(use-service-modules desktop) +(use-package-modules xfce ratpoison wicd avahi xorg certs) + +(operating-system + (host-name "antelope") + (timezone "Europe/Paris") + (locale "en_US.UTF-8") + + ;; Assuming /dev/sdX is the target hard disk, and "root" is + ;; the label of the target root file system. + (bootloader (grub-configuration (device "/dev/sdX"))) + (file-systems (cons (file-system + (device "root") + (title 'label) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (users (cons (user-account + (name "bob") + (comment "Alice's brother") + (group "users") + (supplementary-groups '("wheel" "netdev" + "audio" "video")) + (home-directory "/home/bob")) + %base-user-accounts)) + + ;; Add Xfce and Ratpoison; that allows us to choose + ;; sessions using either of these at the log-in screen. + (packages (cons* xfce ratpoison ;desktop environments + xterm wicd avahi ;useful tools + nss-certs ;for HTTPS access + %base-packages)) + + ;; Use the "desktop" services, which include the X11 + ;; log-in service, networking with Wicd, and more. + (services %desktop-services) + + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss)) diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm index 17b08aa9b7..e49b6dbe54 100644 --- a/gnu/system/grub.scm +++ b/gnu/system/grub.scm @@ -80,7 +80,8 @@ (define %background-image (grub-image (aspect-ratio 4/3) - (file #~(string-append #$%artwork-repository "/grub/GuixSD-4-3.svg")))) + (file #~(string-append #$%artwork-repository + "/grub/GuixSD-fully-black-4-3.svg")))) (define %default-theme ;; Default theme contributed by Felipe López. diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 2fd35e8c48..27d8ecdefc 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ #:use-module ((guix store) #:select (%store-prefix)) #:use-module (guix profiles) #:use-module (gnu packages admin) + #:use-module (gnu packages bash) #:use-module (gnu packages linux) #:use-module (gnu packages cryptsetup) #:use-module (gnu packages package-management) @@ -31,6 +33,8 @@ #:use-module (gnu packages grub) #:use-module (gnu packages texinfo) #:use-module (gnu packages compression) + #:use-module (ice-9 match) + #:use-module (srfi srfi-26) #:export (self-contained-tarball installation-os)) @@ -67,7 +71,16 @@ under /root/.guix-profile where GUIX is installed." ;; length limitation. (with-directory-excursion %root (zero? (system* "tar" "--xz" "--format=gnu" - "-cvf" #$output "."))))) + "--owner=root:0" "--group=root:0" + "-cvf" #$output + ;; Avoid adding / and /var to the tarball, + ;; so that the ownership and permissions of those + ;; directories will not be overwritten when + ;; extracting the archive. Do not include /root + ;; because the root account might have a different + ;; home directory. + "./var/guix" + (string-append "." (%store-directory))))))) (gexp->derivation "guix-tarball.tar.xz" build #:references-graphs `(("profile" ,profile)) @@ -171,12 +184,17 @@ the given target.") "Return a dummy service whose purpose is to install an operating system configuration template file in the installation system." - (define local-template - "/etc/configuration-template.scm") - (define template - (search-path %load-path "gnu/system/os-config.tmpl")) + (define search + (cut search-path %load-path <>)) + (define templates + (map (match-lambda + ((file '-> target) + (list (local-file (search file)) + (string-append "/etc/configuration/" target)))) + '(("gnu/system/examples/bare-bones.tmpl" -> "bare-bones.scm") + ("gnu/system/examples/desktop.tmpl" -> "desktop.scm")))) - (mlet %store-monad ((template (interned-file template))) + (with-monad %store-monad (return (service (requirement '(root-file-system)) (provision '(os-config-template)) @@ -185,8 +203,16 @@ configuration template file in the installation system." (start #~(const #t)) (stop #~(const #f)) (activate - #~(unless (file-exists? #$local-template) - (copy-file #$template #$local-template))))))) + #~(begin + (use-modules (ice-9 match) + (guix build utils)) + + (mkdir-p "/etc/configuration") + (for-each (match-lambda + ((file target) + (unless (file-exists? target) + (copy-file file target)))) + '#$templates))))))) (define %nscd-minimal-caches ;; Minimal in-memory caching policy for nscd. @@ -316,6 +342,7 @@ Use Alt-F2 for documentation. ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable ;; space; furthermore util-linux's fdisk is already ;; available here, so we keep that. + bash-completion %base-packages)))) ;; Return it here so 'guix system' can consume it directly. diff --git a/gnu/system/nss.scm b/gnu/system/nss.scm index ec2d2517e7..f4d2855289 100644 --- a/gnu/system/nss.scm +++ b/gnu/system/nss.scm @@ -29,6 +29,8 @@ lookup-specification %default-nss + %mdns-host-lookup-nss + %files %compat %dns @@ -148,6 +150,27 @@ ;; Default NSS configuration. (name-service-switch)) +(define %mdns-host-lookup-nss + (name-service-switch + (hosts (list %files ;first, check /etc/hosts + + ;; If the above did not succeed, try with 'mdns_minimal'. + (name-service + (name "mdns_minimal") + + ;; 'mdns_minimal' is authoritative for '.local'. When it + ;; returns "not found", no need to try the next methods. + (reaction (lookup-specification + (not-found => return)))) + + ;; Then fall back to DNS. + (name-service + (name "dns")) + + ;; Finally, try with the "full" 'mdns'. + (name-service + (name "mdns")))))) + ;;; ;;; Serialization. diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index 16b9e4b555..aa97652678 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -21,12 +21,17 @@ #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix monads) + #:use-module (guix sets) + #:use-module (guix ui) #:use-module ((gnu system file-systems) #:select (%tty-gid)) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu packages bash) #:use-module (gnu packages guile-wm) + #:use-module (srfi srfi-26) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:export (user-account user-account? user-account-name @@ -48,7 +53,9 @@ default-skeletons skeleton-directory - %base-groups)) + %base-groups + %base-user-accounts + assert-valid-users/groups)) ;;; Commentary: ;;; @@ -107,6 +114,16 @@ (system-group (name "tape")) (system-group (name "kvm"))))) ; for /dev/kvm +(define %base-user-accounts + ;; List of standard user accounts. Note that "root" is a special case, so + ;; it's not listed here. + (list (user-account + (name "nobody") + (uid 65534) + (group "nogroup") + (home-directory "/var/empty") + (system? #t)))) + (define (default-skeletons) "Return the default skeleton files for /etc/skel. These files are copied by 'useradd' in the home directory of newly created user accounts." @@ -176,4 +193,31 @@ set debug-file-directory ~/.guix-profile/lib/debug\n"))) '#$skeletons) #t))) +(define (assert-valid-users/groups users groups) + "Raise an error if USERS refer to groups not listed in GROUPS." + (let ((groups (list->set (map user-group-name groups)))) + (define (validate-supplementary-group user group) + (unless (set-contains? groups group) + (raise (condition + (&message + (message + (format #f (_ "supplementary group '~a' \ +of user '~a' is undeclared") + group + (user-account-name user)))))))) + + (for-each (lambda (user) + (unless (set-contains? groups (user-account-group user)) + (raise (condition + (&message + (message + (format #f (_ "primary group '~a' \ +of user '~a' is undeclared") + (user-account-group user) + (user-account-name user))))))) + + (for-each (cut validate-supplementary-group user <>) + (user-account-supplementary-groups user))) + users))) + ;;; shadow.scm ends here |