Compare commits
10 Commits
a4fe5f0475
...
9d07da799c
Author | SHA1 | Date |
---|---|---|
Astro | 9d07da799c | |
Astro | 50471a28f8 | |
Astro | db995f7d77 | |
Astro | 680d70094f | |
Astro | a84d2d8d90 | |
Astro | 520898c1db | |
Astro | 11a40de18a | |
Astro | 110fe11f00 | |
Astro | 07813c3c4f | |
Astro | 54d9f41a6d |
|
@ -15,6 +15,7 @@
|
||||||
, impureShellCommands ? []
|
, impureShellCommands ? []
|
||||||
, driveLetter ? "D:"
|
, driveLetter ? "D:"
|
||||||
, efi ? true
|
, efi ? true
|
||||||
|
, imageSelection ? "Windows 10 Pro"
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -49,12 +50,8 @@ let
|
||||||
# mkDirsDesc ++ writeKeysDesc ++
|
# mkDirsDesc ++ writeKeysDesc ++
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
|
Path = ''powershell.exe ${driveLetter}\install-ssh.ps1'';
|
||||||
Description = "Add OpenSSH service.";
|
Description = "Install OpenSSH service.";
|
||||||
}
|
|
||||||
{
|
|
||||||
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
|
|
||||||
Description = "Enable SSH by default.";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -76,7 +73,7 @@ let
|
||||||
++ setupCommands
|
++ setupCommands
|
||||||
++ [
|
++ [
|
||||||
{
|
{
|
||||||
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
|
Path = ''powershell.exe ${driveLetter}\setup.ps1'';
|
||||||
Description = "Setup SSH and keys";
|
Description = "Setup SSH and keys";
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -203,8 +200,8 @@ let
|
||||||
</InstallTo>
|
</InstallTo>
|
||||||
<InstallFrom>
|
<InstallFrom>
|
||||||
<MetaData wcm:action="add">
|
<MetaData wcm:action="add">
|
||||||
<Key>/IMAGE/INDEX</Key>
|
<Key>/IMAGE/NAME</Key>
|
||||||
<Value>1</Value>
|
<Value>${imageSelection}</Value>
|
||||||
</MetaData>
|
</MetaData>
|
||||||
</InstallFrom>
|
</InstallFrom>
|
||||||
</OSImage>
|
</OSImage>
|
||||||
|
@ -275,14 +272,12 @@ let
|
||||||
</AutoLogon>
|
</AutoLogon>
|
||||||
''}
|
''}
|
||||||
|
|
||||||
<FirstLogonCommands>
|
</component>
|
||||||
<SynchronousCommand wcm:action="add">
|
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
<Order>1</Order>
|
<Reseal>
|
||||||
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
|
<ForceShutdownNow>true</ForceShutdownNow>
|
||||||
<Description>ChangeHideFiles</Description>
|
<Mode>OOBE</Mode>
|
||||||
</SynchronousCommand>
|
</Reseal>
|
||||||
</FirstLogonCommands>
|
|
||||||
|
|
||||||
</component>
|
</component>
|
||||||
</settings>
|
</settings>
|
||||||
|
|
||||||
|
@ -304,7 +299,7 @@ let
|
||||||
</component>
|
</component>
|
||||||
</settings>
|
</settings>
|
||||||
|
|
||||||
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
||||||
</unattend>
|
</unattend>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -315,7 +310,7 @@ in {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# autounattend.xml is _super_ picky about quotes and other things
|
# autounattend.xml is _super_ picky about quotes and other things
|
||||||
setupScript = pkgs.writeText "ssh-setup.ps1" (
|
setupScript = pkgs.writeText "setup.ps1" (
|
||||||
''
|
''
|
||||||
# Setup SSH and keys
|
# Setup SSH and keys
|
||||||
'' +
|
'' +
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
|
|
||||||
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
|
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
|
||||||
|
mkdir bundle
|
||||||
|
cd bundle
|
||||||
|
cp ${./go.mod} go.mod
|
||||||
cp ${./main.go} main.go
|
cp ${./main.go} main.go
|
||||||
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
||||||
mv build.exe $out
|
mv bundle.exe $out
|
||||||
''
|
''
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
module bundle
|
||||||
|
|
||||||
|
go 1.11
|
|
@ -8,9 +8,10 @@ wfvm.makeWindowsImage {
|
||||||
inherit impureMode;
|
inherit impureMode;
|
||||||
|
|
||||||
# Custom base iso
|
# Custom base iso
|
||||||
# windowsImage = pkgs.fetchurl {
|
# windowsImage = pkgs.requireFile rec {
|
||||||
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
# name = "Win10_21H1_English_x64.iso";
|
||||||
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
# sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
|
||||||
|
# message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# impureShellCommands = [
|
# impureShellCommands = [
|
||||||
|
@ -57,8 +58,10 @@ wfvm.makeWindowsImage {
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# License key
|
# License key (required)
|
||||||
# productKey = "iboughtthisone";
|
# productKey = throw "Search the f* web"
|
||||||
|
imageSelection = "Windows 10 Pro";
|
||||||
|
|
||||||
|
|
||||||
# Locales
|
# Locales
|
||||||
# uiLanguage = "en-US";
|
# uiLanguage = "en-US";
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
Write-Host "Expanding OpenSSH"
|
||||||
|
Expand-Archive D:\OpenSSH-Win64.zip C:\
|
||||||
|
|
||||||
|
Push-Location C:\OpenSSH-Win64
|
||||||
|
|
||||||
|
Write-Host "Installing OpenSSH"
|
||||||
|
& .\install-sshd.ps1
|
||||||
|
|
||||||
|
Write-Host "Generating host keys"
|
||||||
|
.\ssh-keygen.exe -A
|
||||||
|
|
||||||
|
Write-Host "Fixing host file permissions"
|
||||||
|
& .\FixHostFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Write-Host "Fixing user file permissions"
|
||||||
|
& .\FixUserFilePermissions.ps1 -Confirm:$false
|
||||||
|
|
||||||
|
Pop-Location
|
||||||
|
|
||||||
|
$newPath = 'C:\OpenSSH-Win64;' + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
|
||||||
|
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
|
||||||
|
|
||||||
|
#Write-Host "Adding public key to authorized_keys"
|
||||||
|
#$keyPath = "~\.ssh\authorized_keys"
|
||||||
|
#New-Item -Type Directory ~\.ssh > $null
|
||||||
|
#$sshKey | Out-File $keyPath -Encoding Ascii
|
||||||
|
|
||||||
|
Write-Host "Opening firewall port 22"
|
||||||
|
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
|
||||||
|
|
||||||
|
Write-Host "Setting sshd service startup type to 'Automatic'"
|
||||||
|
Set-Service sshd -StartupType Automatic
|
||||||
|
Set-Service ssh-agent -StartupType Automatic
|
||||||
|
Write-Host "Setting sshd service restart behavior"
|
||||||
|
sc.exe failure sshd reset= 86400 actions= restart/500
|
||||||
|
|
||||||
|
#Write-Host "Configuring sshd"
|
||||||
|
#(Get-Content C:\ProgramData\ssh\sshd_config).replace('#TCPKeepAlive yes', 'TCPKeepAlive yes').replace('#ClientAliveInterval 0', 'ClientAliveInterval 300').replace('#ClientAliveCountMax 3', 'ClientAliveCountMax 3') | Set-Content C:\ProgramData\ssh\sshd_config
|
||||||
|
|
||||||
|
Write-Host "Starting sshd service"
|
||||||
|
Start-Service sshd
|
||||||
|
Start-Service ssh-agent
|
|
@ -154,6 +154,16 @@ in
|
||||||
win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
|
win-exec "reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# Don't let Windows start completely rewriting gigabytes of disk
|
||||||
|
# space. Defragmentation increases the size of our qcow layers
|
||||||
|
# needlessly.
|
||||||
|
disable-scheduled-defrag = {
|
||||||
|
name = "disable-scheduled-defrag";
|
||||||
|
script = ''
|
||||||
|
echo Disabling scheduled defragmentation service
|
||||||
|
win-exec 'schtasks /Change /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag"'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# Chain together layers that are quick to run so that the VM does
|
# Chain together layers that are quick to run so that the VM does
|
||||||
# not have to be started/shutdown for each.
|
# not have to be started/shutdown for each.
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
This file is not publicaly acessible anywhere so had to be extracted from a connected instance
|
|
Binary file not shown.
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
# qemu_test is a smaller closure only building for a single system arch
|
# qemu_test is a smaller closure only building for a single system arch
|
||||||
qemu = pkgs.qemu_test;
|
qemu = pkgs.qemu;
|
||||||
|
|
||||||
mkQemuFlags = extraFlags: [
|
mkQemuFlags = extraFlags: [
|
||||||
"-enable-kvm"
|
"-enable-kvm"
|
||||||
|
@ -60,8 +60,10 @@ rec {
|
||||||
echo win-put $1 -\> $2
|
echo win-put $1 -\> $2
|
||||||
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
||||||
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
||||||
wfvm@localhost <<< "cd $2
|
wfvm@localhost -b- << EOF
|
||||||
put $1"
|
cd $2
|
||||||
|
put $1
|
||||||
|
EOF
|
||||||
'';
|
'';
|
||||||
win-get = pkgs.writeShellScriptBin "win-get" ''
|
win-get = pkgs.writeShellScriptBin "win-get" ''
|
||||||
set -e
|
set -e
|
||||||
|
|
36
wfvm/win.nix
36
wfvm/win.nix
|
@ -6,7 +6,7 @@
|
||||||
, installCommands ? []
|
, installCommands ? []
|
||||||
, users ? {}
|
, users ? {}
|
||||||
# autounattend always installs index 1, so this default is backward-compatible
|
# autounattend always installs index 1, so this default is backward-compatible
|
||||||
, imageSelection ? "1"
|
, imageSelection ? "Windows 10 Pro"
|
||||||
, efi ? true
|
, efi ? true
|
||||||
, ...
|
, ...
|
||||||
}@attrs:
|
}@attrs:
|
||||||
|
@ -35,10 +35,10 @@ let
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
|
windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
|
||||||
name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
name = "Win10_21H1_English_x64.iso";
|
||||||
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
|
||||||
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
|
||||||
};
|
};
|
||||||
|
|
||||||
# stable as of 2021-04-08
|
# stable as of 2021-04-08
|
||||||
|
@ -47,7 +47,10 @@ let
|
||||||
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
|
sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
|
||||||
};
|
};
|
||||||
|
|
||||||
openSshServerPackage = ./openssh/server-package.cab;
|
openSshServerPackage = pkgs.fetchurl {
|
||||||
|
url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip";
|
||||||
|
sha256 = "1dw6n054r0939501dpxfm7ghv21ihmypdx034van8cl21gf1b4lz";
|
||||||
|
};
|
||||||
|
|
||||||
autounattend = import ./autounattend.nix (
|
autounattend = import ./autounattend.nix (
|
||||||
attrs // {
|
attrs // {
|
||||||
|
@ -69,17 +72,16 @@ let
|
||||||
# Packages required to drive installation of other packages
|
# Packages required to drive installation of other packages
|
||||||
bootstrapPkgs =
|
bootstrapPkgs =
|
||||||
runQemuCommand "bootstrap-win-pkgs.img" ''
|
runQemuCommand "bootstrap-win-pkgs.img" ''
|
||||||
mkdir -p pkgs/fod
|
|
||||||
|
|
||||||
7z x -y ${virtioWinIso} -opkgs/virtio
|
7z x -y ${virtioWinIso} -opkgs/virtio
|
||||||
|
|
||||||
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
||||||
|
|
||||||
# Install optional windows features
|
# Install optional windows features
|
||||||
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
|
cp ${openSshServerPackage} pkgs/OpenSSH-Win64.zip
|
||||||
|
|
||||||
# SSH setup script goes here because windows XML parser sucks
|
# SSH setup script goes here because windows XML parser sucks
|
||||||
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
|
cp ${./install-ssh.ps1} pkgs/install-ssh.ps1
|
||||||
|
cp ${autounattend.setupScript} pkgs/setup.ps1
|
||||||
|
|
||||||
virt-make-fs --partition --type=fat pkgs/ $out
|
virt-make-fs --partition --type=fat pkgs/ $out
|
||||||
'';
|
'';
|
||||||
|
@ -117,19 +119,9 @@ let
|
||||||
mkdir -p win/nix-win
|
mkdir -p win/nix-win
|
||||||
7z x -y ${windowsIso} -owin
|
7z x -y ${windowsIso} -owin
|
||||||
|
|
||||||
# Extract desired variant from install.wim
|
|
||||||
# This is useful if the install.wim contains multiple Windows
|
|
||||||
# versions (e.g., Home, Pro, ..), because the autounattend file
|
|
||||||
# will always select index 1. With this mechanism, a variant different
|
|
||||||
# from the first one can be automatically selected.
|
|
||||||
# imageSelection can be either an index (1-N) or the image name
|
|
||||||
# wiminfo can list all images contained in a given WIM file
|
|
||||||
wimexport win/sources/install.wim "${imageSelection}" win/sources/install_selected.wim
|
|
||||||
rm win/sources/install.wim
|
|
||||||
|
|
||||||
# Split image so it fits in FAT32 partition
|
# Split image so it fits in FAT32 partition
|
||||||
wimsplit win/sources/install_selected.wim win/sources/install.swm 4096
|
wimsplit win/sources/install.wim win/sources/install.swm 4090
|
||||||
rm win/sources/install_selected.wim
|
rm win/sources/install.wim
|
||||||
|
|
||||||
cp ${autounattend.autounattendXML} win/autounattend.xml
|
cp ${autounattend.autounattendXML} win/autounattend.xml
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue