M-Labs
/
wfvm
8
0
Fork 5
Code Issues 4 Pull Requests 2 Releases Wiki Activity

Compare commits

base: M-Labs:a4fe5f0475c6307d8a6c3c4c75223c7849f4b937
Branches Tags
M-Labs:master
...
compare: M-Labs:9d07da799c23a221b0a6462a5db404007ac18250
Branches Tags
M-Labs:master

10 Commits
a4fe5f0475 ... 9d07da799c

Author SHA1 Message Date
Astro 9d07da799c Merge remote-tracking branch 'origin/master' 2021-12-17 20:33:52 +01:00
Astro 50471a28f8 Merge upstream 2021-09-09 00:46:43 +02:00
Astro db995f7d77 layers: add disable-scheduled-defrag 2021-09-09 00:46:01 +02:00
Astro 680d70094f update windowsImage to Windows 10-21H1 2021-06-30 23:55:49 +02:00
Astro a84d2d8d90 utils: replace qemu_test with qemu 
qemu_test lacks support for QXL VGA
 2021-06-30 23:07:40 +02:00
Astro 520898c1db bundle: fix for newer go version 2021-06-30 21:36:25 +02:00
Astro 11a40de18a utils: fail on sftp errors 2021-06-19 01:15:29 +02:00
Astro 110fe11f00 install openssh from github 
this removes the need for the windows version's OpenSSH.Server
feature-on-demand package which is not publicly available.

fixes gitea issue #6 <#6>
 2021-06-16 15:13:12 +02:00
Astro 07813c3c4f remove wimsplit, do imageSelection by name 2021-06-05 20:43:55 +02:00
Astro 54d9f41a6d autounattend: use ForceShutdownNow instead of FirstLogonCommands shutdown 
this moves the return a little earlier in the installation process.
it is less of a hack, and less problematic with custom `defaultUser`
settings.
 2021-04-18 00:55:01 +02:00
10 changed files with 100 additions and 51 deletions
Show Stats Expand all files Collapse all files

33
wfvm/autounattend.nix
View File

@ -15,6 +15,7 @@
, impureShellCommands ? [] , impureShellCommands ? []
, driveLetter ? "D:" , driveLetter ? "D:"
, efi ? true , efi ? true
, imageSelection ? "Windows 10 Pro"
, ... , ...
}: }:
@ -49,12 +50,8 @@ let
# mkDirsDesc ++ writeKeysDesc ++ # mkDirsDesc ++ writeKeysDesc ++
[ [
{ {
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess''; Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
Description = "Add OpenSSH service."; Description = "Install OpenSSH service.";
}
{
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
Description = "Enable SSH by default.";
} }
]; ];
@ -76,7 +73,7 @@ let
++ setupCommands ++ setupCommands
++ [ ++ [
{ {
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1''; Path = ''powershell.exe ${driveLetter}\setup.ps1'';
Description = "Setup SSH and keys"; Description = "Setup SSH and keys";
} }
] ]
@ -203,8 +200,8 @@ let
</InstallTo> </InstallTo>
<InstallFrom> <InstallFrom>
<MetaData wcm:action="add"> <MetaData wcm:action="add">
<Key>/IMAGE/INDEX</Key> <Key>/IMAGE/NAME</Key>
<Value>1</Value> <Value>${imageSelection}</Value>
</MetaData> </MetaData>
</InstallFrom> </InstallFrom>
</OSImage> </OSImage>
@ -275,14 +272,12 @@ let
</AutoLogon> </AutoLogon>
''} ''}
<FirstLogonCommands> </component>
<SynchronousCommand wcm:action="add"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Order>1</Order> <Reseal>
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine> <ForceShutdownNow>true</ForceShutdownNow>
<Description>ChangeHideFiles</Description> <Mode>OOBE</Mode>
</SynchronousCommand> </Reseal>
</FirstLogonCommands>
</component> </component>
</settings> </settings>
@ -304,7 +299,7 @@ let
</component> </component>
</settings> </settings>
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend> </unattend>
''; '';
@ -315,7 +310,7 @@ in {
''; '';
# autounattend.xml is _super_ picky about quotes and other things # autounattend.xml is _super_ picky about quotes and other things
setupScript = pkgs.writeText "ssh-setup.ps1" ( setupScript = pkgs.writeText "setup.ps1" (
'' ''
# Setup SSH and keys # Setup SSH and keys
'' + '' +

5
wfvm/bundle/default.nix
View File

@ -1,7 +1,10 @@
{ pkgs }: { pkgs }:
pkgs.runCommandNoCC "win-bundle-installer.exe" {} '' pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
mkdir bundle
cd bundle
cp ${./go.mod} go.mod
cp ${./main.go} main.go cp ${./main.go} main.go
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
mv build.exe $out mv bundle.exe $out
'' ''

3
wfvm/bundle/go.mod Normal file
View File

@ -0,0 +1,3 @@
module bundle
go 1.11

13
wfvm/demo-image.nix
View File

@ -8,9 +8,10 @@ wfvm.makeWindowsImage {
inherit impureMode; inherit impureMode;
# Custom base iso # Custom base iso
# windowsImage = pkgs.fetchurl { # windowsImage = pkgs.requireFile rec {
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso"; # name = "Win10_21H1_English_x64.iso";
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a"; # sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
# message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
# }; # };
# impureShellCommands = [ # impureShellCommands = [
@ -57,8 +58,10 @@ wfvm.makeWindowsImage {
# }; # };
# }; # };
# License key # License key (required)
# productKey = "iboughtthisone"; # productKey = throw "Search the f* web"
imageSelection = "Windows 10 Pro";
# Locales # Locales
# uiLanguage = "en-US"; # uiLanguage = "en-US";

42
wfvm/install-ssh.ps1 Normal file
View File

@ -0,0 +1,42 @@
Write-Host "Expanding OpenSSH"
Expand-Archive D:\OpenSSH-Win64.zip C:\
Push-Location C:\OpenSSH-Win64
Write-Host "Installing OpenSSH"
& .\install-sshd.ps1
Write-Host "Generating host keys"
.\ssh-keygen.exe -A
Write-Host "Fixing host file permissions"
& .\FixHostFilePermissions.ps1 -Confirm:$false
Write-Host "Fixing user file permissions"
& .\FixUserFilePermissions.ps1 -Confirm:$false
Pop-Location
$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
#Write-Host "Adding public key to authorized_keys"
#$keyPath = "~\.ssh\authorized_keys"
#New-Item -Type Directory ~\.ssh > $null
#$sshKey | Out-File $keyPath -Encoding Ascii
Write-Host "Opening firewall port 22"
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
Write-Host "Setting sshd service startup type to 'Automatic'"
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
Write-Host "Setting sshd service restart behavior"
sc.exe failure sshd reset= 86400 actions= restart/500
#Write-Host "Configuring sshd"
#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
Write-Host "Starting sshd service"
Start-Service sshd
Start-Service ssh-agent

10
wfvm/layers/default.nix
View File

@ -154,6 +154,16 @@ in
win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1" win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
''; '';
}; };
# Don't let Windows start completely rewriting gigabytes of disk
# space. Defragmentation increases the size of our qcow layers
# needlessly.
disable-scheduled-defrag = {
name = "disable-scheduled-defrag";
script = ''
echo Disabling scheduled defragmentation service
win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
'';
};
# Chain together layers that are quick to run so that the VM does # Chain together layers that are quick to run so that the VM does
# not have to be started/shutdown for each. # not have to be started/shutdown for each.

1
wfvm/openssh/README.md
View File

@ -1 +0,0 @@
This file is not publicaly acessible anywhere so had to be extracted from a connected instance

BIN
wfvm/openssh/server-package.cab
View File

Binary file not shown.

8
wfvm/utils.nix
View File

@ -2,7 +2,7 @@
rec { rec {
# qemu_test is a smaller closure only building for a single system arch # qemu_test is a smaller closure only building for a single system arch
qemu = pkgs.qemu_test; qemu = pkgs.qemu;
mkQemuFlags = extraFlags: [ mkQemuFlags = extraFlags: [
"-enable-kvm" "-enable-kvm"
@ -60,8 +60,10 @@ rec {
echo win-put $1 -\> $2 echo win-put $1 -\> $2
${pkgs.sshpass}/bin/sshpass -p1234 -- \ ${pkgs.sshpass}/bin/sshpass -p1234 -- \
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \ ${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
wfvm@localhost <<< "cd $2 wfvm@localhost -b- << EOF
put $1" cd $2
put $1
EOF
''; '';
win-get = pkgs.writeShellScriptBin "win-get" '' win-get = pkgs.writeShellScriptBin "win-get" ''
set -e set -e

36
wfvm/win.nix
View File

@ -6,7 +6,7 @@
, installCommands ? [] , installCommands ? []
, users ? {} , users ? {}
# autounattend always installs index 1, so this default is backward-compatible # autounattend always installs index 1, so this default is backward-compatible
, imageSelection ? "1" , imageSelection ? "Windows 10 Pro"
, efi ? true , efi ? true
, ... , ...
}@attrs: }@attrs:
@ -35,10 +35,10 @@ let
) )
); );
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl { windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso"; name = "Win10_21H1_English_x64.iso";
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso"; sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a"; message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
}; };
# stable as of 2021-04-08 # stable as of 2021-04-08
@ -47,7 +47,10 @@ let
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg"; sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
}; };
openSshServerPackage = ./openssh/server-package.cab; openSshServerPackage = pkgs.fetchurl {
url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
};
autounattend = import ./autounattend.nix ( autounattend = import ./autounattend.nix (
attrs // { attrs // {
@ -69,17 +72,16 @@ let
# Packages required to drive installation of other packages # Packages required to drive installation of other packages
bootstrapPkgs = bootstrapPkgs =
runQemuCommand "bootstrap-win-pkgs.img" '' runQemuCommand "bootstrap-win-pkgs.img" ''
mkdir -p pkgs/fod
7z x -y ${virtioWinIso} -opkgs/virtio 7z x -y ${virtioWinIso} -opkgs/virtio
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")" cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
# Install optional windows features # Install optional windows features
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip
# SSH setup script goes here because windows XML parser sucks # SSH setup script goes here because windows XML parser sucks
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1 cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
cp ${autounattend.setupScript} pkgs/setup.ps1
virt-make-fs --partition --type=fat pkgs/ $out virt-make-fs --partition --type=fat pkgs/ $out
''; '';
@ -117,19 +119,9 @@ let
mkdir -p win/nix-win mkdir -p win/nix-win
7z x -y ${windowsIso} -owin 7z x -y ${windowsIso} -owin
# Extract desired variant from install.wim
# This is useful if the install.wim contains multiple Windows
# versions (e.g., Home, Pro, ..), because the autounattend file
# will always select index 1. With this mechanism, a variant different
# from the first one can be automatically selected.
# imageSelection can be either an index (1-N) or the image name
# wiminfo can list all images contained in a given WIM file
wimexport win/sources/install.wim "${imageSelection}" win/sources/install_selected.wim
rm win/sources/install.wim
# Split image so it fits in FAT32 partition # Split image so it fits in FAT32 partition
wimsplit win/sources/install_selected.wim win/sources/install.swm 4096 wimsplit win/sources/install.wim win/sources/install.swm 4090
rm win/sources/install_selected.wim rm win/sources/install.wim
cp ${autounattend.autounattendXML} win/autounattend.xml cp ${autounattend.autounattendXML} win/autounattend.xml