From b746a3cb76b0617114911dfbebf69dc2e8e39f5b Mon Sep 17 00:00:00 2001 From: Ray Miller Date: Fri, 29 Nov 2024 11:09:04 +0000 Subject: [PATCH] Add initial system configuration --- systems/basic-vm.scm | 63 +++++++++++++++++++++++++++++ systems/files/authorized_keys | 2 + systems/little-rascal.scm | 76 +++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 systems/basic-vm.scm create mode 100644 systems/files/authorized_keys create mode 100644 systems/little-rascal.scm diff --git a/systems/basic-vm.scm b/systems/basic-vm.scm new file mode 100644 index 0000000..e31bbf3 --- /dev/null +++ b/systems/basic-vm.scm @@ -0,0 +1,63 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules screen ssh) + +(operating-system + (host-name "little-rascal") + (timezone "Europe/London") + (locale "en_GB.utf8") + (keyboard-layout (keyboard-layout "gb" "dvorak")) + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")))) + ;; It's fitting to support the equally bare bones ‘-nographic’ + ;; QEMU option, which also nicely sidesteps forcing QWERTY. + (kernel-arguments (list "console=ttyS0,115200")) + (file-systems (cons (file-system + (device (file-system-label "/dev/vda1")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "ray") + (comment "Ray Miller") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel"))) + %base-user-accounts)) + + (sudoers-file (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=(ALL) NOPASSWD:ALL\n")) + + ;; Globally-installed packages. + (packages (cons screen %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services (append (list (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (password-authentication? #f) + (permit-root-login 'prohibit-password) + (authorized-keys + `(("ray" ,(local-file "/home/ray/.ssh/id_rsa.pub")) + ("root" ,(local-file "/home/ray/.ssh/id_rsa.pub")))) + (openssh openssh-sans-x) + (port-number 22)))) + %base-services))) diff --git a/systems/files/authorized_keys b/systems/files/authorized_keys new file mode 100644 index 0000000..4d51bd3 --- /dev/null +++ b/systems/files/authorized_keys @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcdqayEHSx23hjrDklXoIIfc9EAjWZi5BO5wIMKOqYZ5kU1KNcT8Uo6fNwDLGtorFAOXAflPmLYPV+djRi7yI68NH0ZXOYeWVPepNT9sleECy1bDt6b0uWmmSSUNrScKjVmwOSlABQMOyFnG0YvfNSlXr+zqMpUD1JhfpXeUm92zk4CnwsqtDYm1BZ/FT3TlQcnIs4dFE3bZLtbHxWP+Y6NCfM1eeBJ3NpQUrlZ2igxBaYnio36vA3yOoApJ8gI6vvdLEIfPZI1iMeQrvEYxef4/Hau880rju1yGEi/477u36632JQsCNxxm84Atsp4vGtUnfnvOPjV3rS5hyJf4rXtFzUkUMLSi72VRy6v1BNEVLhfdKuG7y5g6Hf6jPM6o+fzfDh85EJPjB3NrwuASJrpKaA5HThkRzwA28vnQQqxyLWNyXpwgv5E+3t0ASU+AY9FGCFNZjnxfAMnKR4wMvjQcWaKvoloAAQQnayjYZp1M2+m99veD1Ewop+KeDiIXM= ray@grey-area +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSgripG58LBncu0cDp69uTrRoiOdcELjcrn8daCuP6N ray@leto diff --git a/systems/little-rascal.scm b/systems/little-rascal.scm new file mode 100644 index 0000000..06dd02a --- /dev/null +++ b/systems/little-rascal.scm @@ -0,0 +1,76 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules screen ssh) + +(operating-system + (host-name "little-rascal") + (timezone "Europe/London") + (locale "en_GB.utf8") + (keyboard-layout (keyboard-layout "gb" "dvorak")) + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")))) + ;; It's fitting to support the equally bare bones ‘-nographic’ + ;; QEMU option, which also nicely sidesteps forcing QWERTY. + (kernel-arguments (list "console=ttyS0,115200")) + (file-systems (cons (file-system + (device (file-system-label "/dev/vda1")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "ray") + (comment "Ray Miller") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel"))) + %base-user-accounts)) + + (sudoers-file (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=(ALL) NOPASSWD:ALL\n")) + + ;; Globally-installed packages. + (packages (cons screen %base-packages)) + + ;; Add services to the baseline: static networking and an SSH server. + (services (append (list (service static-networking-service-type + (list (static-networking + (addresses + (list (network-address + (device "ens3") + (value "192.168.200.2/24")))) + (routes + (list (network-route + (destination "default") + (gateway "192.168.200.1")) + (network-route + (destination "192.168.200.0/24") + (source "192.168.200.2") + (device "ens3")))) + (name-servers '("192.168.200.1"))))) + (service openssh-service-type + (openssh-configuration + (password-authentication? #f) + (permit-root-login 'prohibit-password) + (authorized-keys + `(("ray" ,(local-file "./files/authorized_keys")) + ("root" ,(local-file "./files/authorized_keys")))) + (openssh openssh-sans-x) + (port-number 22)))) + %base-services)))