Merge remote-tracking branch 'origin/master'

Merge upstream
layers: add disable-scheduled-defrag
2021-12-17 20:33:52 +01:00 · 2021-09-09 00:46:43 +02:00 · 2021-09-09 00:46:01 +02:00 · 2021-06-30 23:55:49 +02:00 · 2021-06-30 23:07:40 +02:00 · 2021-06-30 21:36:25 +02:00
10 changed files with 100 additions and 51 deletions
--- a/wfvm/autounattend.nix
+++ b/wfvm/autounattend.nix
@ -15,6 +15,7 @@
 , impureShellCommands ? []
 , driveLetter ? "D:"
 , efi ? true
+, imageSelection ? "Windows 10 Pro"
 , ...
 }:

@ -49,12 +50,8 @@ let
    # mkDirsDesc ++ writeKeysDesc ++
  [
    {
-      Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
-      Description = "Add OpenSSH service.";
-    }
-    {
-      Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
-      Description = "Enable SSH by default.";
+      Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
+      Description = "Install OpenSSH service.";
    }
  ];

@ -76,7 +73,7 @@ let
    ++ setupCommands
    ++ [
      {
-        Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
+        Path = ''powershell.exe ${driveLetter}\setup.ps1'';
        Description = "Setup SSH and keys";
      }
    ]
@ -203,8 +200,8 @@ let
              </InstallTo>
              <InstallFrom>
                <MetaData wcm:action="add">
-                  <Key>/IMAGE/INDEX</Key>
-                  <Value>1</Value>
+                  <Key>/IMAGE/NAME</Key>
+                  <Value>${imageSelection}</Value>
                </MetaData>
              </InstallFrom>
            </OSImage>
@ -275,14 +272,12 @@ let
    </AutoLogon>
  ''}

-          <FirstLogonCommands>
-            <SynchronousCommand wcm:action="add">
-              <Order>1</Order>
-              <CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
-              <Description>ChangeHideFiles</Description>
-            </SynchronousCommand>
-          </FirstLogonCommands>
-
+        </component>
+        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+          <Reseal>
+            <ForceShutdownNow>true</ForceShutdownNow>
+            <Mode>OOBE</Mode>
+          </Reseal>
        </component>
      </settings>

@ -304,7 +299,7 @@ let
        </component>
      </settings>

-      <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
+       <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>
  '';

@ -315,7 +310,7 @@ in {
  '';

  # autounattend.xml is _super_ picky about quotes and other things
-  setupScript = pkgs.writeText "ssh-setup.ps1" (
+  setupScript = pkgs.writeText "setup.ps1" (
    ''
      # Setup SSH and keys
    '' +
--- a/wfvm/bundle/default.nix
+++ b/wfvm/bundle/default.nix
@ -1,7 +1,10 @@
 { pkgs }:

 pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
+  mkdir bundle
+  cd bundle
+  cp ${./go.mod} go.mod
  cp ${./main.go} main.go
  env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
-  mv build.exe $out
+  mv bundle.exe $out
 ''
--- a/wfvm/bundle/go.mod
+++ b/wfvm/bundle/go.mod
@ -0,0 +1,3 @@
+module bundle
+
+go 1.11
--- a/wfvm/demo-image.nix
+++ b/wfvm/demo-image.nix
@ -8,9 +8,10 @@ wfvm.makeWindowsImage {
  inherit impureMode;

  # Custom base iso
-  # windowsImage = pkgs.fetchurl {
-  #   url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-  #   sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
+  # windowsImage = pkgs.requireFile rec {
+  #   name = "Win10_21H1_English_x64.iso";
+  #   sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
+  #   message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
  # };

  # impureShellCommands = [
@ -57,8 +58,10 @@ wfvm.makeWindowsImage {
  #   };
  # };

-  # License key
-  # productKey = "iboughtthisone";
+  # License key (required)
+  # productKey = throw "Search the f* web"
+  imageSelection = "Windows 10 Pro";
+

  # Locales
  # uiLanguage = "en-US";
--- a/wfvm/install-ssh.ps1
+++ b/wfvm/install-ssh.ps1
@ -0,0 +1,42 @@
+Write-Host "Expanding OpenSSH"
+Expand-Archive D:\OpenSSH-Win64.zip C:\
+
+Push-Location C:\OpenSSH-Win64
+
+Write-Host "Installing OpenSSH"
+& .\install-sshd.ps1
+
+Write-Host "Generating host keys"
+.\ssh-keygen.exe -A
+
+Write-Host "Fixing host file permissions"
+& .\FixHostFilePermissions.ps1 -Confirm:$false
+
+Write-Host "Fixing user file permissions"
+& .\FixUserFilePermissions.ps1 -Confirm:$false
+
+Pop-Location
+
+$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
+[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
+
+#Write-Host "Adding public key to authorized_keys"
+#$keyPath = "~\.ssh\authorized_keys"
+#New-Item -Type Directory ~\.ssh > $null
+#$sshKey | Out-File $keyPath -Encoding Ascii
+
+Write-Host "Opening firewall port 22"
+New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
+
+Write-Host "Setting sshd service startup type to 'Automatic'"
+Set-Service sshd -StartupType Automatic
+Set-Service ssh-agent -StartupType Automatic
+Write-Host "Setting sshd service restart behavior"
+sc.exe failure sshd reset= 86400 actions= restart/500
+
+#Write-Host "Configuring sshd"
+#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
+
+Write-Host "Starting sshd service"
+Start-Service sshd
+Start-Service ssh-agent
--- a/wfvm/layers/default.nix
+++ b/wfvm/layers/default.nix
@ -154,6 +154,16 @@ in
      win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
    '';
  };
+  # Don't let Windows start completely rewriting gigabytes of disk
+  # space. Defragmentation increases the size of our qcow layers
+  # needlessly.
+  disable-scheduled-defrag = {
+    name = "disable-scheduled-defrag";
+    script = ''
+      echo Disabling scheduled defragmentation service
+      win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
+    '';
+  };

  # Chain together layers that are quick to run so that the VM does
  # not have to be started/shutdown for each.
--- a/wfvm/openssh/README.md
+++ b/wfvm/openssh/README.md
@ -1 +0,0 @@
-This file is not publicaly acessible anywhere so had to be extracted from a connected instance
--- a/wfvm/openssh/server-package.cab
+++ b/wfvm/openssh/server-package.cab
--- a/wfvm/utils.nix
+++ b/wfvm/utils.nix
@ -2,7 +2,7 @@

 rec {
  # qemu_test is a smaller closure only building for a single system arch
-  qemu = pkgs.qemu_test;
+  qemu = pkgs.qemu;

  mkQemuFlags = extraFlags: [
    "-enable-kvm"
@ -60,8 +60,10 @@ rec {
    echo win-put $1 -\> $2
    ${pkgs.sshpass}/bin/sshpass -p1234 -- \
      ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
-      wfvm@localhost <<< "cd $2
-        put $1"
+      wfvm@localhost -b- << EOF
+        cd $2
+        put $1
+    EOF
  '';
  win-get = pkgs.writeShellScriptBin "win-get" ''
    set -e
--- a/wfvm/win.nix
+++ b/wfvm/win.nix
@ -6,7 +6,7 @@
 , installCommands ? []
 , users ? {}
 # autounattend always installs index 1, so this default is backward-compatible
-, imageSelection ? "1"
+, imageSelection ? "Windows 10 Pro"
 , efi ? true
 , ...
 }@attrs:
@ -35,10 +35,10 @@ let
      )
  );

-  windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
-    name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-    url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
-    sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
+  windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
+    name = "Win10_21H1_English_x64.iso";
+    sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
+    message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
  };

  # stable as of 2021-04-08
@ -47,7 +47,10 @@ let
    sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
  };

-  openSshServerPackage = ./openssh/server-package.cab;
+  openSshServerPackage = pkgs.fetchurl {
+    url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
+    sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
+  };

  autounattend = import ./autounattend.nix (
    attrs // {
@ -69,17 +72,16 @@ let
  # Packages required to drive installation of other packages
  bootstrapPkgs =
    runQemuCommand "bootstrap-win-pkgs.img" ''
-      mkdir -p pkgs/fod
-
      7z x -y ${virtioWinIso} -opkgs/virtio

      cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"

      # Install optional windows features
-      cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
+      cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip

      # SSH setup script goes here because windows XML parser sucks
-      cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
+      cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
+      cp ${autounattend.setupScript} pkgs/setup.ps1

      virt-make-fs --partition --type=fat pkgs/ $out
    '';
@ -117,19 +119,9 @@ let
        mkdir -p win/nix-win
        7z x -y ${windowsIso} -owin

-        # Extract desired variant from install.wim
-        # This is useful if the install.wim contains multiple Windows
-        # versions (e.g., Home, Pro, ..), because the autounattend file
-        # will always select index 1. With this mechanism, a variant different
-        # from the first one can be automatically selected.
-        # imageSelection can be either an index (1-N) or the image name
-        # wiminfo can list all images contained in a given WIM file
-        wimexport win/sources/install.wim "${imageSelection}" win/sources/install_selected.wim
-        rm win/sources/install.wim
-
        # Split image so it fits in FAT32 partition
-        wimsplit win/sources/install_selected.wim win/sources/install.swm 4096
-        rm win/sources/install_selected.wim
+        wimsplit win/sources/install.wim win/sources/install.swm 4090
+        rm win/sources/install.wim

        cp ${autounattend.autounattendXML} win/autounattend.xml
Author	SHA1	Message	Date
Astro	9d07da799c	Merge remote-tracking branch 'origin/master'	2021-12-17 20:33:52 +01:00
Astro	50471a28f8	Merge upstream	2021-09-09 00:46:43 +02:00
Astro	db995f7d77	layers: add disable-scheduled-defrag	2021-09-09 00:46:01 +02:00
Astro	680d70094f	update windowsImage to Windows 10-21H1	2021-06-30 23:55:49 +02:00
Astro	a84d2d8d90	utils: replace qemu_test with qemu qemu_test lacks support for QXL VGA	2021-06-30 23:07:40 +02:00
Astro	520898c1db	bundle: fix for newer go version	2021-06-30 21:36:25 +02:00
Astro	11a40de18a	utils: fail on sftp errors	2021-06-19 01:15:29 +02:00
Astro	110fe11f00	install openssh from github this removes the need for the windows version's OpenSSH.Server feature-on-demand package which is not publicly available. fixes gitea issue #6 <#6>	2021-06-16 15:13:12 +02:00
Astro	07813c3c4f	remove wimsplit, do imageSelection by name	2021-06-05 20:43:55 +02:00
Astro	54d9f41a6d	autounattend: use ForceShutdownNow instead of FirstLogonCommands shutdown this moves the return a little earlier in the installation process. it is less of a hack, and less problematic with custom `defaultUser` settings.	2021-04-18 00:55:01 +02:00
				`@ -1 +0,0 @@`
				`This file is not publicaly acessible anywhere so had to be extracted from a connected instance`