Merge remote-tracking branch 'origin/master'

qemu_test lacks support for QXL VGA

wfvm/autounattend.nix

@@ -15,6 +15,7 @@
 , impureShellCommands ? []
 , driveLetter ? "D:"
 , efi ? true
+, imageSelection ? "Windows 10 Pro"
 , ...
 }:
 
@@ -49,12 +50,8 @@ let
     # mkDirsDesc ++ writeKeysDesc ++
   [
     {
-      Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
-      Description = "Add OpenSSH service.";
-    }
-    {
-      Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
-      Description = "Enable SSH by default.";
+      Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
+      Description = "Install OpenSSH service.";
     }
   ];
 
@@ -76,7 +73,7 @@ let
     ++ setupCommands
     ++ [
       {
-        Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
+        Path = ''powershell.exe ${driveLetter}\setup.ps1'';
         Description = "Setup SSH and keys";
       }
     ]
@@ -203,8 +200,8 @@ let
               </InstallTo>
               <InstallFrom>
                 <MetaData wcm:action="add">
-                  <Key>/IMAGE/INDEX</Key>
-                  <Value>1</Value>
+                  <Key>/IMAGE/NAME</Key>
+                  <Value>${imageSelection}</Value>
                 </MetaData>
               </InstallFrom>
             </OSImage>
@@ -275,14 +272,12 @@ let
     </AutoLogon>
   ''}
 
-          <FirstLogonCommands>
-            <SynchronousCommand wcm:action="add">
-              <Order>1</Order>
-              <CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
-              <Description>ChangeHideFiles</Description>
-            </SynchronousCommand>
-          </FirstLogonCommands>
-
+        </component>
+        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+          <Reseal>
+            <ForceShutdownNow>true</ForceShutdownNow>
+            <Mode>OOBE</Mode>
+          </Reseal>
         </component>
       </settings>
 
@@ -304,7 +299,7 @@ let
         </component>
       </settings>
 
-      <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
+       <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
     </unattend>
   '';
 
@@ -315,7 +310,7 @@ in {
   '';
 
   # autounattend.xml is _super_ picky about quotes and other things
-  setupScript = pkgs.writeText "ssh-setup.ps1" (
+  setupScript = pkgs.writeText "setup.ps1" (
     ''
       # Setup SSH and keys
     '' +

wfvm/bundle/default.nix

@@ -1,7 +1,10 @@
 { pkgs }:
 
 pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
+  mkdir bundle
+  cd bundle
+  cp ${./go.mod} go.mod
   cp ${./main.go} main.go
   env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
-  mv build.exe $out
+  mv bundle.exe $out
 ''

wfvm/bundle/go.mod

@@ -0,0 +1,3 @@
+module bundle
+
+go 1.11

wfvm/demo-image.nix

@@ -8,9 +8,10 @@ wfvm.makeWindowsImage {
   inherit impureMode;
 
   # Custom base iso
-  # windowsImage = pkgs.fetchurl {
-  #   url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-  #   sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
+  # windowsImage = pkgs.requireFile rec {
+  #   name = "Win10_21H1_English_x64.iso";
+  #   sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
+  #   message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
   # };
 
   # impureShellCommands = [
@@ -57,8 +58,10 @@ wfvm.makeWindowsImage {
   #   };
   # };
 
-  # License key
-  # productKey = "iboughtthisone";
+  # License key (required)
+  # productKey = throw "Search the f* web"
+  imageSelection = "Windows 10 Pro";
+
 
   # Locales
   # uiLanguage = "en-US";

wfvm/install-ssh.ps1

@@ -0,0 +1,42 @@
+Write-Host "Expanding OpenSSH"
+Expand-Archive D:\OpenSSH-Win64.zip C:\
+
+Push-Location C:\OpenSSH-Win64
+
+Write-Host "Installing OpenSSH"
+& .\install-sshd.ps1
+
+Write-Host "Generating host keys"
+.\ssh-keygen.exe -A
+
+Write-Host "Fixing host file permissions"
+& .\FixHostFilePermissions.ps1 -Confirm:$false
+
+Write-Host "Fixing user file permissions"
+& .\FixUserFilePermissions.ps1 -Confirm:$false
+
+Pop-Location
+
+$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
+[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
+
+#Write-Host "Adding public key to authorized_keys"
+#$keyPath = "~\.ssh\authorized_keys"
+#New-Item -Type Directory ~\.ssh > $null
+#$sshKey | Out-File $keyPath -Encoding Ascii
+
+Write-Host "Opening firewall port 22"
+New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
+
+Write-Host "Setting sshd service startup type to 'Automatic'"
+Set-Service sshd -StartupType Automatic
+Set-Service ssh-agent -StartupType Automatic
+Write-Host "Setting sshd service restart behavior"
+sc.exe failure sshd reset= 86400 actions= restart/500
+
+#Write-Host "Configuring sshd"
+#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
+
+Write-Host "Starting sshd service"
+Start-Service sshd
+Start-Service ssh-agent

wfvm/layers/default.nix

@@ -154,6 +154,16 @@ in
       win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
     '';
   };
+  # Don't let Windows start completely rewriting gigabytes of disk
+  # space. Defragmentation increases the size of our qcow layers
+  # needlessly.
+  disable-scheduled-defrag = {
+    name = "disable-scheduled-defrag";
+    script = ''
+      echo Disabling scheduled defragmentation service
+      win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
+    '';
+  };
 
   # Chain together layers that are quick to run so that the VM does
   # not have to be started/shutdown for each.

wfvm/openssh/README.md

@@ -1 +0,0 @@
-This file is not publicaly acessible anywhere so had to be extracted from a connected instance

wfvm/utils.nix

@@ -2,7 +2,7 @@
 
 rec {
   # qemu_test is a smaller closure only building for a single system arch
-  qemu = pkgs.qemu_test;
+  qemu = pkgs.qemu;
 
   mkQemuFlags = extraFlags: [
     "-enable-kvm"
@@ -60,8 +60,10 @@ rec {
     echo win-put $1 -\> $2
     ${pkgs.sshpass}/bin/sshpass -p1234 -- \
       ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
-      wfvm@localhost <<< "cd $2
-        put $1"
+      wfvm@localhost -b- << EOF
+        cd $2
+        put $1
+    EOF
   '';
   win-get = pkgs.writeShellScriptBin "win-get" ''
     set -e

wfvm/win.nix

@@ -6,7 +6,7 @@
 , installCommands ? []
 , users ? {}
 # autounattend always installs index 1, so this default is backward-compatible
-, imageSelection ? "1"
+, imageSelection ? "Windows 10 Pro"
 , efi ? true
 , ...
 }@attrs:
@@ -35,10 +35,10 @@ let
       )
   );
 
-  windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
-    name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-    url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-    sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
+  windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
+    name = "Win10_21H1_English_x64.iso";
+    sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
+    message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
   };
 
   # stable as of 2021-04-08
@@ -47,7 +47,10 @@ let
     sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
   };
 
-  openSshServerPackage = ./openssh/server-package.cab;
+  openSshServerPackage = pkgs.fetchurl {
+    url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
+    sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
+  };
 
   autounattend = import ./autounattend.nix (
     attrs // {
@@ -69,17 +72,16 @@ let
   # Packages required to drive installation of other packages
   bootstrapPkgs =
     runQemuCommand "bootstrap-win-pkgs.img" ''
-      mkdir -p pkgs/fod
-
       7z x -y ${virtioWinIso} -opkgs/virtio
 
       cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
 
       # Install optional windows features
-      cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
+      cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip
 
       # SSH setup script goes here because windows XML parser sucks
-      cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
+      cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
+      cp ${autounattend.setupScript} pkgs/setup.ps1
 
       virt-make-fs --partition --type=fat pkgs/ $out
     '';
@@ -117,19 +119,9 @@ let
         mkdir -p win/nix-win
         7z x -y ${windowsIso} -owin
 
-        # Extract desired variant from install.wim
-        # This is useful if the install.wim contains multiple Windows
-        # versions (e.g., Home, Pro, ..), because the autounattend file
-        # will always select index 1. With this mechanism, a variant different
-        # from the first one can be automatically selected.
-        # imageSelection can be either an index (1-N) or the image name
-        # wiminfo can list all images contained in a given WIM file
-        wimexport win/sources/install.wim "${imageSelection}" win/sources/install_selected.wim
-        rm win/sources/install.wim
-
         # Split image so it fits in FAT32 partition
-        wimsplit win/sources/install_selected.wim win/sources/install.swm 4096
-        rm win/sources/install_selected.wim
+        wimsplit win/sources/install.wim win/sources/install.swm 4090
+        rm win/sources/install.wim
 
         cp ${autounattend.autounattendXML} win/autounattend.xml