M-Labs
/
wfvm
8
0
Fork 5
Code Issues 4 Pull Requests 2 Releases Wiki Activity

Compare commits

base: M-Labs:9d07da799c23a221b0a6462a5db404007ac18250
Branches Tags
M-Labs:master
..
compare: M-Labs:a4fe5f0475c6307d8a6c3c4c75223c7849f4b937
Branches Tags
M-Labs:master

No commits in common. "9d07da799c23a221b0a6462a5db404007ac18250" and "a4fe5f0475c6307d8a6c3c4c75223c7849f4b937" have entirely different histories.
9d07da799c ... a4fe5f0475

10 changed files with 51 additions and 100 deletions
Show Stats Expand all files Collapse all files

33
wfvm/autounattend.nix
View File

@ -15,7 +15,6 @@
, impureShellCommands ? [] , impureShellCommands ? []
, driveLetter ? "D:" , driveLetter ? "D:"
, efi ? true , efi ? true
, imageSelection ? "Windows 10 Pro"
, ... , ...
}: }:
@ -50,8 +49,12 @@ let
# mkDirsDesc ++ writeKeysDesc ++ # mkDirsDesc ++ writeKeysDesc ++
[ [
{ {
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1''; Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
Description = "Install OpenSSH service."; Description = "Add OpenSSH service.";
}
{
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
Description = "Enable SSH by default.";
} }
]; ];
@ -73,7 +76,7 @@ let
++ setupCommands ++ setupCommands
++ [ ++ [
{ {
Path = ''powershell.exe ${driveLetter}\setup.ps1''; Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
Description = "Setup SSH and keys"; Description = "Setup SSH and keys";
} }
] ]
@ -200,8 +203,8 @@ let
</InstallTo> </InstallTo>
<InstallFrom> <InstallFrom>
<MetaData wcm:action="add"> <MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key> <Key>/IMAGE/INDEX</Key>
<Value>${imageSelection}</Value> <Value>1</Value>
</MetaData> </MetaData>
</InstallFrom> </InstallFrom>
</OSImage> </OSImage>
@ -272,12 +275,14 @@ let
</AutoLogon> </AutoLogon>
''} ''}
</component> <FirstLogonCommands>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SynchronousCommand wcm:action="add">
<Reseal> <Order>1</Order>
<ForceShutdownNow>true</ForceShutdownNow> <CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
<Mode>OOBE</Mode> <Description>ChangeHideFiles</Description>
</Reseal> </SynchronousCommand>
</FirstLogonCommands>
</component> </component>
</settings> </settings>
@ -299,7 +304,7 @@ let
</component> </component>
</settings> </settings>
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend> </unattend>
''; '';
@ -310,7 +315,7 @@ in {
''; '';
# autounattend.xml is _super_ picky about quotes and other things # autounattend.xml is _super_ picky about quotes and other things
setupScript = pkgs.writeText "setup.ps1" ( setupScript = pkgs.writeText "ssh-setup.ps1" (
'' ''
# Setup SSH and keys # Setup SSH and keys
'' + '' +

5
wfvm/bundle/default.nix
View File

@ -1,10 +1,7 @@
{ pkgs }: { pkgs }:
pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
mkdir bundle
cd bundle
cp ${./go.mod} go.mod
cp ${./main.go} main.go cp ${./main.go} main.go
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
mv bundle.exe $out mv build.exe $out
'' ''

3
wfvm/bundle/go.mod
View File

@ -1,3 +0,0 @@
module bundle
go 1.11

13
wfvm/demo-image.nix
View File

@ -8,10 +8,9 @@ wfvm.makeWindowsImage {
inherit impureMode; inherit impureMode;
# Custom base iso # Custom base iso
# windowsImage = pkgs.requireFile rec { # windowsImage = pkgs.fetchurl {
# name = "Win10_21H1_English_x64.iso"; # url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
# sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; # sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
# message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
# }; # };
# impureShellCommands = [ # impureShellCommands = [
@ -58,10 +57,8 @@ wfvm.makeWindowsImage {
# }; # };
# }; # };
# License key (required) # License key
# productKey = throw "Search the f* web" # productKey = "iboughtthisone";
imageSelection = "Windows 10 Pro";
# Locales # Locales
# uiLanguage = "en-US"; # uiLanguage = "en-US";

42
wfvm/install-ssh.ps1
View File

@ -1,42 +0,0 @@
Write-Host "Expanding OpenSSH"
Expand-Archive D:\OpenSSH-Win64.zip C:\
Push-Location C:\OpenSSH-Win64
Write-Host "Installing OpenSSH"
& .\install-sshd.ps1
Write-Host "Generating host keys"
.\ssh-keygen.exe -A
Write-Host "Fixing host file permissions"
& .\FixHostFilePermissions.ps1 -Confirm:$false
Write-Host "Fixing user file permissions"
& .\FixUserFilePermissions.ps1 -Confirm:$false
Pop-Location
$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
#Write-Host "Adding public key to authorized_keys"
#$keyPath = "~\.ssh\authorized_keys"
#New-Item -Type Directory ~\.ssh > $null
#$sshKey | Out-File $keyPath -Encoding Ascii
Write-Host "Opening firewall port 22"
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
Write-Host "Setting sshd service startup type to 'Automatic'"
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
Write-Host "Setting sshd service restart behavior"
sc.exe failure sshd reset= 86400 actions= restart/500
#Write-Host "Configuring sshd"
#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
Write-Host "Starting sshd service"
Start-Service sshd
Start-Service ssh-agent

10
wfvm/layers/default.nix
View File

@ -154,16 +154,6 @@ in
win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
''; '';
}; };
# Don't let Windows start completely rewriting gigabytes of disk
# space. Defragmentation increases the size of our qcow layers
# needlessly.
disable-scheduled-defrag = {
name = "disable-scheduled-defrag";
script = ''
echo Disabling scheduled defragmentation service
win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
'';
};
# Chain together layers that are quick to run so that the VM does # Chain together layers that are quick to run so that the VM does
# not have to be started/shutdown for each. # not have to be started/shutdown for each.

1
wfvm/openssh/README.md Normal file
View File

@ -0,0 +1 @@
This file is not publicaly acessible anywhere so had to be extracted from a connected instance

BIN
wfvm/openssh/server-package.cab Normal file
View File

Binary file not shown.

8
wfvm/utils.nix
View File

@ -2,7 +2,7 @@
rec { rec {
# qemu_test is a smaller closure only building for a single system arch # qemu_test is a smaller closure only building for a single system arch
qemu = pkgs.qemu; qemu = pkgs.qemu_test;
mkQemuFlags = extraFlags: [ mkQemuFlags = extraFlags: [
"-enable-kvm" "-enable-kvm"
@ -60,10 +60,8 @@ rec {
echo win-put $1 -\> $2 echo win-put $1 -\> $2
${pkgs.sshpass}/bin/sshpass -p1234 -- \ ${pkgs.sshpass}/bin/sshpass -p1234 -- \
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
wfvm@localhost -b- << EOF wfvm@localhost <<< "cd $2
cd $2 put $1"
put $1
EOF
''; '';
win-get = pkgs.writeShellScriptBin "win-get" '' win-get = pkgs.writeShellScriptBin "win-get" ''
set -e set -e

36
wfvm/win.nix
View File

@ -6,7 +6,7 @@
, installCommands ? [] , installCommands ? []
, users ? {} , users ? {}
# autounattend always installs index 1, so this default is backward-compatible # autounattend always installs index 1, so this default is backward-compatible
, imageSelection ? "Windows 10 Pro" , imageSelection ? "1"
, efi ? true , efi ? true
, ... , ...
}@attrs: }@attrs:
@ -35,10 +35,10 @@ let
) )
); );
windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec { windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
name = "Win10_21H1_English_x64.iso"; name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9"; url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO"; sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
}; };
# stable as of 2021-04-08 # stable as of 2021-04-08
@ -47,10 +47,7 @@ let
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
}; };
openSshServerPackage = pkgs.fetchurl { openSshServerPackage = ./openssh/server-package.cab;
url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
};
autounattend = import ./autounattend.nix ( autounattend = import ./autounattend.nix (
attrs // { attrs // {
@ -72,16 +69,17 @@ let
# Packages required to drive installation of other packages # Packages required to drive installation of other packages
bootstrapPkgs = bootstrapPkgs =
runQemuCommand "bootstrap-win-pkgs.img" '' runQemuCommand "bootstrap-win-pkgs.img" ''
mkdir -p pkgs/fod
7z x -y ${virtioWinIso} -opkgs/virtio 7z x -y ${virtioWinIso} -opkgs/virtio
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
# Install optional windows features # Install optional windows features
cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
# SSH setup script goes here because windows XML parser sucks # SSH setup script goes here because windows XML parser sucks
cp ${./install-ssh.ps1} pkgs/install-ssh.ps1 cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
cp ${autounattend.setupScript} pkgs/setup.ps1
virt-make-fs --partition --type=fat pkgs/ $out virt-make-fs --partition --type=fat pkgs/ $out
''; '';
@ -119,10 +117,20 @@ let
mkdir -p win/nix-win mkdir -p win/nix-win
7z x -y ${windowsIso} -owin 7z x -y ${windowsIso} -owin
# Split image so it fits in FAT32 partition # Extract desired variant from install.wim
wimsplit win/sources/install.wim win/sources/install.swm 4090 # This is useful if the install.wim contains multiple Windows
# versions (e.g., Home, Pro, ..), because the autounattend file
# will always select index 1. With this mechanism, a variant different
# from the first one can be automatically selected.
# imageSelection can be either an index (1-N) or the image name
# wiminfo can list all images contained in a given WIM file
wimexport win/sources/install.wim "${imageSelection}" win/sources/install_selected.wim
rm win/sources/install.wim rm win/sources/install.wim
# Split image so it fits in FAT32 partition
wimsplit win/sources/install_selected.wim win/sources/install.swm 4096
rm win/sources/install_selected.wim
cp ${autounattend.autounattendXML} win/autounattend.xml cp ${autounattend.autounattendXML} win/autounattend.xml
${if efi then '' ${if efi then ''