forked from M-Labs/wfvm
copy from nix-scripts
This commit is contained in:
parent
94d4ede5dd
commit
b3515a9192
|
@ -0,0 +1,26 @@
|
|||
# Preparation steps
|
||||
|
||||
## Install a Windows image
|
||||
|
||||
1. Adjust demo-image.nix accordingly
|
||||
2. Run:
|
||||
|
||||
If in impure mode
|
||||
```shell
|
||||
nix-build demo-image.nix
|
||||
./result
|
||||
```
|
||||
Results in a file called c.img
|
||||
|
||||
If in pure mode
|
||||
```shell
|
||||
nix-build demo-image.nix
|
||||
ls -la ./result
|
||||
```
|
||||
Results in a symlink to the image in the nix store
|
||||
|
||||
|
||||
# Impure/pure mode
|
||||
Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes.
|
||||
|
||||
For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image.
|
|
@ -0,0 +1,317 @@
|
|||
{ pkgs
|
||||
, fullName ? "John Doe"
|
||||
, organization ? "KVM Authority"
|
||||
, administratorPassword ? "123456"
|
||||
, uiLanguage ? "en-US"
|
||||
, inputLocale ? "en-US"
|
||||
, userLocale ? "en-US"
|
||||
, systemLocale ? "en-US"
|
||||
, users ? {}
|
||||
, productKey ? null
|
||||
, defaultUser ? "wfvm"
|
||||
, setupCommands ? []
|
||||
, timeZone ? "UTC"
|
||||
, services ? {}
|
||||
, impureShellCommands ? []
|
||||
, driveLetter ? "E:"
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
serviceCommands = lib.mapAttrsToList (
|
||||
serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + (
|
||||
lib.concatStringsSep " " (
|
||||
(
|
||||
lib.mapAttrsToList (
|
||||
n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}"
|
||||
)
|
||||
) (
|
||||
# Always run without interaction
|
||||
{ Force = true; } // attrs
|
||||
)
|
||||
)
|
||||
)
|
||||
) services;
|
||||
|
||||
sshSetupCommands =
|
||||
# let
|
||||
# makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users;
|
||||
# writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let
|
||||
# commands = [
|
||||
# ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' ''
|
||||
# ];
|
||||
# in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users);
|
||||
# mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs;
|
||||
# writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys;
|
||||
# in
|
||||
# mkDirsDesc ++ writeKeysDesc ++
|
||||
[
|
||||
{
|
||||
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
|
||||
Description = "Add OpenSSH service.";
|
||||
}
|
||||
{
|
||||
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
|
||||
Description = "Enable SSH by default.";
|
||||
}
|
||||
];
|
||||
|
||||
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
||||
|
||||
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
||||
[
|
||||
{
|
||||
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
||||
Description = "Allow unsigned powershell scripts.";
|
||||
}
|
||||
]
|
||||
++ [
|
||||
{
|
||||
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
||||
Description = "Install any declared packages.";
|
||||
}
|
||||
]
|
||||
++ setupCommands
|
||||
++ [
|
||||
{
|
||||
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
|
||||
Description = "Setup SSH and keys";
|
||||
}
|
||||
]
|
||||
++ serviceCommands
|
||||
++ impureShellCommands
|
||||
);
|
||||
|
||||
mkCommand = attrs: ''
|
||||
<RunSynchronousCommand wcm:action="add">
|
||||
${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)}
|
||||
</RunSynchronousCommand>
|
||||
'';
|
||||
mkCommands = commands: (
|
||||
builtins.foldl' (
|
||||
acc: v: rec {
|
||||
i = acc.i + 1;
|
||||
values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ];
|
||||
}
|
||||
) {
|
||||
i = 0;
|
||||
values = [];
|
||||
} commands
|
||||
).values;
|
||||
|
||||
mkUser =
|
||||
{ name
|
||||
, password
|
||||
, description ? ""
|
||||
, displayName ? ""
|
||||
, groups ? []
|
||||
# , sshKeys ? [] # Handled in scripts
|
||||
}: ''
|
||||
<LocalAccount wcm:action="add">
|
||||
<Password>
|
||||
<Value>${password}</Value>
|
||||
<PlainText>true</PlainText>
|
||||
</Password>
|
||||
<Description>${description}</Description>
|
||||
<DisplayName>${displayName}</DisplayName>
|
||||
<Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group>
|
||||
<Name>${name}</Name>
|
||||
</LocalAccount>
|
||||
'';
|
||||
|
||||
# Windows expects a flat list of users while we want to manage them as a set
|
||||
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
||||
|
||||
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<unattend xmlns="urn:schemas-microsoft-com:unattend">
|
||||
<settings pass="windowsPE">
|
||||
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<DriverPaths>
|
||||
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
|
||||
<Path>D:\</Path>
|
||||
</PathAndCredentials>
|
||||
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
|
||||
<Path>E:\</Path>
|
||||
</PathAndCredentials>
|
||||
</DriverPaths>
|
||||
</component>
|
||||
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
|
||||
<DiskConfiguration>
|
||||
<Disk wcm:action="add">
|
||||
<CreatePartitions>
|
||||
<CreatePartition wcm:action="add">
|
||||
<Order>1</Order>
|
||||
<Type>EFI</Type>
|
||||
<Size>100</Size>
|
||||
</CreatePartition>
|
||||
<CreatePartition wcm:action="add">
|
||||
<Order>2</Order>
|
||||
<Type>MSR</Type>
|
||||
<Size>16</Size>
|
||||
</CreatePartition>
|
||||
<CreatePartition wcm:action="add">
|
||||
<Order>3</Order>
|
||||
<Type>Primary</Type>
|
||||
<Extend>true</Extend>
|
||||
</CreatePartition>
|
||||
</CreatePartitions>
|
||||
<ModifyPartitions>
|
||||
<ModifyPartition wcm:action="add">
|
||||
<Order>1</Order>
|
||||
<Format>FAT32</Format>
|
||||
<Label>System</Label>
|
||||
<PartitionID>1</PartitionID>
|
||||
</ModifyPartition>
|
||||
<ModifyPartition wcm:action="add">
|
||||
<Order>2</Order>
|
||||
<PartitionID>2</PartitionID>
|
||||
</ModifyPartition>
|
||||
<ModifyPartition wcm:action="add">
|
||||
<Order>3</Order>
|
||||
<Format>NTFS</Format>
|
||||
<Label>Windows</Label>
|
||||
<Letter>C</Letter>
|
||||
<PartitionID>3</PartitionID>
|
||||
</ModifyPartition>
|
||||
</ModifyPartitions>
|
||||
<DiskID>0</DiskID>
|
||||
<WillWipeDisk>true</WillWipeDisk>
|
||||
</Disk>
|
||||
</DiskConfiguration>
|
||||
|
||||
<ImageInstall>
|
||||
<OSImage>
|
||||
<InstallTo>
|
||||
<DiskID>0</DiskID>
|
||||
<PartitionID>3</PartitionID>
|
||||
</InstallTo>
|
||||
<InstallFrom>
|
||||
<MetaData wcm:action="add">
|
||||
<Key>/IMAGE/INDEX</Key>
|
||||
<Value>1</Value>
|
||||
</MetaData>
|
||||
</InstallFrom>
|
||||
</OSImage>
|
||||
</ImageInstall>
|
||||
|
||||
<UserData>
|
||||
<ProductKey>
|
||||
${if productKey != null then "<Key>${productKey}</Key>" else ""}
|
||||
<WillShowUI>OnError</WillShowUI>
|
||||
</ProductKey>
|
||||
<AcceptEula>true</AcceptEula>
|
||||
<FullName>${fullName}</FullName>
|
||||
<Organization>${organization}</Organization>
|
||||
</UserData>
|
||||
|
||||
</component>
|
||||
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<SetupUILanguage>
|
||||
<UILanguage>${uiLanguage}</UILanguage>
|
||||
</SetupUILanguage>
|
||||
<InputLocale>${inputLocale}</InputLocale>
|
||||
<SystemLocale>${systemLocale}</SystemLocale>
|
||||
<UILanguage>${uiLanguage}</UILanguage>
|
||||
<UILanguageFallback>en-US</UILanguageFallback>
|
||||
<UserLocale>${userLocale}</UserLocale>
|
||||
</component>
|
||||
</settings>
|
||||
|
||||
<settings pass="oobeSystem">
|
||||
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<InputLocale>${inputLocale}</InputLocale>
|
||||
<SystemLocale>${systemLocale}</SystemLocale>
|
||||
<UILanguage>${uiLanguage}</UILanguage>
|
||||
<UILanguageFallback>en-US</UILanguageFallback>
|
||||
<UserLocale>${userLocale}</UserLocale>
|
||||
</component>
|
||||
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<OOBE>
|
||||
<HideEULAPage>true</HideEULAPage>
|
||||
<HideLocalAccountScreen>true</HideLocalAccountScreen>
|
||||
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
|
||||
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
|
||||
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
|
||||
<ProtectYourPC>1</ProtectYourPC>
|
||||
</OOBE>
|
||||
<TimeZone>${timeZone}</TimeZone>
|
||||
|
||||
<UserAccounts>
|
||||
${if administratorPassword != null then ''
|
||||
<AdministratorPassword>
|
||||
<Value>${administratorPassword}</Value>
|
||||
<PlainText>true</PlainText>
|
||||
</AdministratorPassword>
|
||||
'' else ""}
|
||||
<LocalAccounts>
|
||||
${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)}
|
||||
</LocalAccounts>
|
||||
</UserAccounts>
|
||||
|
||||
${if defaultUser == null then "" else ''
|
||||
<AutoLogon>
|
||||
<Password>
|
||||
<Value>${(builtins.getAttr defaultUser users).password}</Value>
|
||||
<PlainText>true</PlainText>
|
||||
</Password>
|
||||
<Enabled>true</Enabled>
|
||||
<Username>${defaultUser}</Username>
|
||||
</AutoLogon>
|
||||
''}
|
||||
|
||||
<FirstLogonCommands>
|
||||
<SynchronousCommand wcm:action="add">
|
||||
<Order>1</Order>
|
||||
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
|
||||
<Description>ChangeHideFiles</Description>
|
||||
</SynchronousCommand>
|
||||
</FirstLogonCommands>
|
||||
|
||||
</component>
|
||||
</settings>
|
||||
|
||||
<settings pass="specialize">
|
||||
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<RunSynchronous>
|
||||
${lib.concatStringsSep "\n" (mkCommands commands)}
|
||||
</RunSynchronous>
|
||||
</component>
|
||||
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<CEIPEnabled>0</CEIPEnabled>
|
||||
</component>
|
||||
</settings>
|
||||
|
||||
<!-- Disable Windows UAC -->
|
||||
<settings pass="offlineServicing">
|
||||
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||
<EnableLUA>false</EnableLUA>
|
||||
</component>
|
||||
</settings>
|
||||
|
||||
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
||||
</unattend>
|
||||
'';
|
||||
|
||||
in {
|
||||
# Lint and format as a sanity check
|
||||
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
|
||||
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
|
||||
'';
|
||||
|
||||
# autounattend.xml is _super_ picky about quotes and other things
|
||||
setupScript = pkgs.writeText "ssh-setup.ps1" (
|
||||
''
|
||||
# Setup SSH and keys
|
||||
'' +
|
||||
lib.concatStrings (
|
||||
builtins.map (c: ''
|
||||
# ${c.Description}
|
||||
${c.Path}
|
||||
'') sshSetupCommands
|
||||
)
|
||||
);
|
||||
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ pkgs }:
|
||||
|
||||
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
|
||||
cp ${./main.go} main.go
|
||||
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
||||
mv build.exe $out
|
||||
''
|
|
@ -0,0 +1,116 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"archive/tar"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
func Untar(dst string, r io.Reader) error {
|
||||
|
||||
tr := tar.NewReader(r)
|
||||
|
||||
for {
|
||||
header, err := tr.Next()
|
||||
|
||||
switch {
|
||||
|
||||
case err == io.EOF:
|
||||
return nil
|
||||
case err != nil:
|
||||
return err
|
||||
|
||||
case header == nil:
|
||||
continue
|
||||
}
|
||||
|
||||
target := filepath.Join(dst, header.Name)
|
||||
|
||||
switch header.Typeflag {
|
||||
|
||||
case tar.TypeDir:
|
||||
if _, err := os.Stat(target); err != nil {
|
||||
if err := os.MkdirAll(target, 0755); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
case tar.TypeReg:
|
||||
f, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if _, err := io.Copy(f, tr); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
f.Close()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func InstallBundle(bundlePath string) error {
|
||||
|
||||
reader, err := os.Open(bundlePath)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
workDir, err := ioutil.TempDir("", "bundle_install")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer os.RemoveAll(workDir)
|
||||
|
||||
err = Untar(workDir, reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
installScript := filepath.Join(workDir, "install.ps1")
|
||||
|
||||
cmd := exec.Command("powershell", installScript)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
cmd.Dir = workDir
|
||||
err = cmd.Run()
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func main() {
|
||||
// Get path relative to binary
|
||||
baseDir, err := filepath.Abs(filepath.Dir(os.Args[0]))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
var dirs = [2]string{"bootstrap", "user"}
|
||||
|
||||
for _, pkgDir := range dirs {
|
||||
|
||||
dir := filepath.Join(baseDir, pkgDir)
|
||||
|
||||
files, err := ioutil.ReadDir(dir)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
for _, file := range files {
|
||||
bundle := filepath.Join(dir, file.Name())
|
||||
fmt.Println(fmt.Sprintf("Installing: %s", bundle))
|
||||
err := InstallBundle(bundle)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ pkgs ? import <nixpkgs> {} }:
|
||||
|
||||
pkgs.mkShell {
|
||||
|
||||
buildInputs = [
|
||||
pkgs.go
|
||||
];
|
||||
|
||||
shellHook = ''
|
||||
unset GOPATH
|
||||
'';
|
||||
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ pkgs }:
|
||||
|
||||
{
|
||||
makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
|
||||
layers = (import ./layers { inherit pkgs; });
|
||||
utils = (import ./utils.nix { inherit pkgs; });
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
{ pkgs ? import <nixpkgs> {}, impureMode ? false }:
|
||||
|
||||
let
|
||||
wfvm = (import ./default.nix { inherit pkgs; });
|
||||
in
|
||||
wfvm.makeWindowsImage {
|
||||
# Build install script & skip building iso
|
||||
inherit impureMode;
|
||||
|
||||
# Custom base iso
|
||||
# windowsImage = pkgs.fetchurl {
|
||||
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
||||
# };
|
||||
|
||||
# impureShellCommands = [
|
||||
# "powershell.exe echo Hello"
|
||||
# ];
|
||||
|
||||
# User accounts
|
||||
# users = {
|
||||
# artiq = {
|
||||
# password = "1234";
|
||||
# # description = "Default user";
|
||||
# # displayName = "Display name";
|
||||
# groups = [
|
||||
# "Administrators"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# Auto login
|
||||
# defaultUser = "artiq";
|
||||
|
||||
# fullName = "M-Labs";
|
||||
# organization = "m-labs";
|
||||
# administratorPassword = "12345";
|
||||
|
||||
# Imperative installation commands, to be installed incrementally
|
||||
installCommands = with wfvm.layers; [ anaconda3 msys2 msvc msvc-ide-unbreak ];
|
||||
|
||||
# services = {
|
||||
# # Enable remote management
|
||||
# WinRm = {
|
||||
# Status = "Running";
|
||||
# PassThru = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
# License key
|
||||
# productKey = "iboughtthisone";
|
||||
|
||||
# Locales
|
||||
# uiLanguage = "en-US";
|
||||
# inputLocale = "en-US";
|
||||
# userLocale = "en-US";
|
||||
# systemLocale = "en-US";
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ pkgs ? import <nixpkgs> {} }:
|
||||
|
||||
let
|
||||
wfvm = (import ./default.nix { inherit pkgs; });
|
||||
in
|
||||
wfvm.utils.wfvm-run {
|
||||
name = "demo-ssh";
|
||||
image = import ./demo-image.nix { inherit pkgs; };
|
||||
isolateNetwork = false;
|
||||
script = ''
|
||||
${pkgs.sshpass}/bin/sshpass -p1234 -- ${pkgs.openssh}/bin/ssh -p 2022 wfvm@localhost -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
|
||||
'';
|
||||
}
|
|
@ -0,0 +1,124 @@
|
|||
{ pkgs }:
|
||||
let
|
||||
wfvm = import ../. { inherit pkgs; };
|
||||
in
|
||||
{
|
||||
anaconda3 = {
|
||||
name = "Anaconda3";
|
||||
script = let
|
||||
Anaconda3 = pkgs.fetchurl {
|
||||
name = "Anaconda3.exe";
|
||||
url = "https://repo.anaconda.com/archive/Anaconda3-2020.02-Windows-x86_64.exe";
|
||||
sha256 = "0n31l8l89jrjrbzbifxbjnr3g320ly9i4zfyqbf3l9blf4ygbhl3";
|
||||
};
|
||||
in
|
||||
''
|
||||
ln -s ${Anaconda3} ./Anaconda3.exe
|
||||
win-put Anaconda3.exe .
|
||||
echo Running Anaconda installer...
|
||||
win-exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3'
|
||||
echo Anaconda installer finished
|
||||
'';
|
||||
};
|
||||
msys2 = {
|
||||
name = "MSYS2";
|
||||
buildInputs = [ pkgs.expect ];
|
||||
script = let
|
||||
msys2 = pkgs.fetchurl {
|
||||
name = "msys2.exe";
|
||||
url = "https://github.com/msys2/msys2-installer/releases/download/2020-06-02/msys2-x86_64-20200602.exe";
|
||||
sha256 = "1mswlfybvk42vdr4r85dypgkwhrp5ff47gcbxgjqwq86ym44xzd4";
|
||||
};
|
||||
msys2-auto-install = pkgs.fetchurl {
|
||||
url = "https://raw.githubusercontent.com/msys2/msys2-installer/master/auto-install.js";
|
||||
sha256 = "0ww48xch2q427c58arg5llakfkfzh3kb32kahwplp0s7jc8224g7";
|
||||
};
|
||||
in ''
|
||||
ln -s ${msys2} ./msys2.exe
|
||||
ln -s ${msys2-auto-install} ./auto-install.js
|
||||
win-put msys2.exe .
|
||||
win-put auto-install.js .
|
||||
echo Running MSYS2 installer...
|
||||
# work around MSYS2 installer bug that prevents it from closing at the end of unattended install
|
||||
expect -c 'set timeout 600; spawn win-exec ".\\msys2.exe --script auto-install.js -v InstallPrefix=C:\\msys64"; expect FinishedPageCallback { close }'
|
||||
echo MSYS2 installer finished
|
||||
'';
|
||||
};
|
||||
msys2-packages = msys-packages: {
|
||||
name = "MSYS2-packages";
|
||||
script = let
|
||||
msys-packages-put = pkgs.lib.strings.concatStringsSep "\n"
|
||||
(map (package: ''win-put ${package} 'msyspackages' '') msys-packages);
|
||||
in
|
||||
# Windows command line is so shitty it can't even do glob expansion. Why do people use Windows?
|
||||
''
|
||||
win-exec 'mkdir msyspackages'
|
||||
${msys-packages-put}
|
||||
cat > installmsyspackages.bat << EOF
|
||||
set MSYS=c:\msys64
|
||||
set ARCH=64
|
||||
set PATH=%MSYS%\usr\bin;%MSYS%\mingw%ARCH%\bin;%PATH%
|
||||
bash -c "pacman -U --noconfirm C:/Users/wfvm/msyspackages/*"
|
||||
EOF
|
||||
win-put installmsyspackages.bat .
|
||||
win-exec installmsyspackages
|
||||
'';
|
||||
};
|
||||
msvc = {
|
||||
# Those instructions are vaguely correct:
|
||||
# https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2019
|
||||
name = "MSVC";
|
||||
script = let
|
||||
bootstrapper = pkgs.fetchurl {
|
||||
name = "RESTRICTDIST-vs_Community.exe";
|
||||
url = "https://download.visualstudio.microsoft.com/download/pr/ac05c4f5-0da1-429f-8701-ce509ac69926/cc9556137c66a373670376d6db2fc5c5c937b2b0bf7b3d3cac11c69e33615511/vs_Community.exe";
|
||||
sha256 = "04amc4rrxihimhy3syxzn2r3gjf5qlpxpmkn0dkp78v6gh9md5fc";
|
||||
};
|
||||
# This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
|
||||
download-vs = wfvm.utils.wfvm-run {
|
||||
name = "download-vs";
|
||||
image = wfvm.makeWindowsImage { };
|
||||
isolateNetwork = false;
|
||||
script =
|
||||
''
|
||||
ln -s ${bootstrapper} vs_Community.exe
|
||||
${wfvm.utils.win-put}/bin/win-put vs_Community.exe
|
||||
rm vs_Community.exe
|
||||
${wfvm.utils.win-exec}/bin/win-exec "vs_Community.exe --quiet --norestart --layout c:\vslayout --add Microsoft.VisualStudio.Workload.NativeDesktop --includeRecommended --lang en-US"
|
||||
${wfvm.utils.win-get}/bin/win-get /c:/vslayout
|
||||
'';
|
||||
};
|
||||
cache = pkgs.stdenv.mkDerivation {
|
||||
name = "RESTRICTDIST-vs";
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHashMode = "recursive";
|
||||
outputHash = "0fp7a6prjp8n8sirwday13wis3xyzhmrwi377y3x89nxzysp0mnv";
|
||||
|
||||
phases = [ "buildPhase" ];
|
||||
buildInputs = [ download-vs ];
|
||||
buildPhase =
|
||||
''
|
||||
mkdir $out
|
||||
cd $out
|
||||
wfvm-run-download-vs
|
||||
'';
|
||||
};
|
||||
in
|
||||
''
|
||||
ln -s ${cache}/vslayout vslayout
|
||||
win-put vslayout /c:/
|
||||
echo "Running Visual Studio installer"
|
||||
win-exec "cd \vslayout && start /wait vs_Community.exe --passive --wait && echo %errorlevel%"
|
||||
'';
|
||||
};
|
||||
# You need to run the IDE at least once or else most of the Visual Studio trashware won't actually work.
|
||||
msvc-ide-unbreak = {
|
||||
name = "MSVC-ide-unbreak";
|
||||
script =
|
||||
''
|
||||
win-exec 'cd "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE" && devenv /ResetSettings'
|
||||
sleep 40
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
nix-build -E "
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
wfvm = import ../default.nix { inherit pkgs; };
|
||||
in
|
||||
wfvm.utils.wfvm-run {
|
||||
name = \"get-msys-packages\";
|
||||
image = wfvm.makeWindowsImage { installCommands = [ wfvm.layers.msys2 ]; };
|
||||
script = ''
|
||||
cat > getmsyspackages.bat << EOF
|
||||
set MSYS=C:\\MSYS64
|
||||
set TOOLPREF=mingw-w64-x86_64-
|
||||
set PATH=%MSYS%\usr\bin;%MSYS%\mingw64\bin;%PATH%
|
||||
pacman -Sp %TOOLPREF%gcc %TOOLPREF%binutils make autoconf automake libtool texinfo > packages.txt
|
||||
EOF
|
||||
\${wfvm.utils.win-put}/bin/win-put getmsyspackages.bat
|
||||
\${wfvm.utils.win-exec}/bin/win-exec getmsyspackages
|
||||
\${wfvm.utils.win-get}/bin/win-get packages.txt
|
||||
'';
|
||||
}
|
||||
"
|
||||
|
||||
./result/bin/wfvm-run-get-msys-packages
|
||||
|
||||
echo "{ pkgs } : [" > msys_packages.nix
|
||||
while read package; do
|
||||
hash=$(nix-prefetch-url $package)
|
||||
echo "
|
||||
(pkgs.fetchurl {
|
||||
url = \"$package\";
|
||||
sha256 = \"$hash\";
|
||||
})" >> msys_packages.nix
|
||||
done < packages.txt
|
||||
echo "]" >> msys_packages.nix
|
||||
|
||||
rm result getmsyspackages.bat packages.txt
|
|
@ -0,0 +1 @@
|
|||
This file is not publicaly acessible anywhere so had to be extracted from a connected instance
|
Binary file not shown.
|
@ -0,0 +1,103 @@
|
|||
{ pkgs, baseRtc ? "2020-04-20T14:21:42", cores ? "4", qemuMem ? "4G" }:
|
||||
|
||||
rec {
|
||||
# qemu_test is a smaller closure only building for a single system arch
|
||||
qemu = pkgs.qemu_test;
|
||||
|
||||
mkQemuFlags = extraFlags: [
|
||||
"-enable-kvm"
|
||||
"-cpu host"
|
||||
"-smp ${cores}"
|
||||
"-m ${qemuMem}"
|
||||
"-bios ${pkgs.OVMF.fd}/FV/OVMF.fd"
|
||||
"-rtc base=${baseRtc}"
|
||||
"-device piix3-usb-uhci"
|
||||
"-device e1000,netdev=n1"
|
||||
] ++ extraFlags;
|
||||
|
||||
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
||||
sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
|
||||
win-exec = pkgs.writeShellScriptBin "win-exec" ''
|
||||
set -e
|
||||
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
||||
${pkgs.openssh}/bin/ssh -np 2022 ${sshOpts} \
|
||||
wfvm@localhost \
|
||||
$1
|
||||
'';
|
||||
win-wait = pkgs.writeShellScriptBin "win-wait" ''
|
||||
set -e
|
||||
|
||||
# If the machine is not up within 10 minutes it's likely never coming up
|
||||
timeout=600
|
||||
|
||||
# Wait for VM to be accessible
|
||||
sleep 20
|
||||
echo "Waiting for SSH..."
|
||||
while true; do
|
||||
if test "$timeout" -eq 0; then
|
||||
echo "SSH connection timed out"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
output=$(${win-exec}/bin/win-exec 'echo|set /p="Ran command"' || echo "")
|
||||
if test "$output" = "Ran command"; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Retrying in 1 second, timing out in $timeout seconds"
|
||||
|
||||
((timeout=$timeout-1))
|
||||
|
||||
sleep 1
|
||||
done
|
||||
echo "SSH OK"
|
||||
'';
|
||||
win-put = pkgs.writeShellScriptBin "win-put" ''
|
||||
set -e
|
||||
echo win-put $1 -\> $2
|
||||
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
||||
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
||||
wfvm@localhost <<< "cd $2
|
||||
put $1"
|
||||
'';
|
||||
win-get = pkgs.writeShellScriptBin "win-get" ''
|
||||
set -e
|
||||
echo win-get $1
|
||||
${pkgs.sshpass}/bin/sshpass -p1234 -- \
|
||||
${pkgs.openssh}/bin/sftp -r -P 2022 ${sshOpts} \
|
||||
wfvm@localhost:$1 .
|
||||
'';
|
||||
|
||||
wfvm-run = { name, image, script, display ? false, isolateNetwork ? true, forwardedPorts ? [], fakeRtc ? true }:
|
||||
let
|
||||
restrict =
|
||||
if isolateNetwork
|
||||
then "on"
|
||||
else "off";
|
||||
# use socat instead of `tcp:...` to allow multiple connections
|
||||
guestfwds =
|
||||
builtins.concatStringsSep ""
|
||||
(map ({ listenAddr, targetAddr, port }:
|
||||
",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}"
|
||||
) forwardedPorts);
|
||||
qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [
|
||||
"-drive"
|
||||
"file=${image},index=0,media=disk,cache=unsafe"
|
||||
"-snapshot"
|
||||
"-netdev user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}"
|
||||
]);
|
||||
in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
|
||||
set -e -m
|
||||
${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &
|
||||
|
||||
${win-wait}/bin/win-wait
|
||||
|
||||
${script}
|
||||
|
||||
echo "Shutting down..."
|
||||
${win-exec}/bin/win-exec 'shutdown /s'
|
||||
echo "Waiting for VM to terminate..."
|
||||
fg
|
||||
echo "Done"
|
||||
'';
|
||||
}
|
|
@ -0,0 +1,164 @@
|
|||
{ pkgs
|
||||
, diskImageSize ? "70G"
|
||||
, windowsImage ? null
|
||||
, autoUnattendParams ? {}
|
||||
, impureMode ? false
|
||||
, installCommands ? []
|
||||
, users ? {}
|
||||
, ...
|
||||
}@attrs:
|
||||
|
||||
let
|
||||
lib = pkgs.lib;
|
||||
utils = import ./utils.nix { inherit pkgs; };
|
||||
libguestfs = pkgs.libguestfs-with-appliance;
|
||||
|
||||
# p7zip on >20.03 has known vulns but we have no better option
|
||||
p7zip = pkgs.p7zip.overrideAttrs(old: {
|
||||
meta = old.meta // {
|
||||
knownVulnerabilities = [];
|
||||
};
|
||||
});
|
||||
|
||||
runQemuCommand = name: command: (
|
||||
pkgs.runCommandNoCC name { buildInputs = [ p7zip utils.qemu libguestfs ]; }
|
||||
(
|
||||
''
|
||||
if ! test -f; then
|
||||
echo "KVM not available, bailing out" >> /dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
'' + command
|
||||
)
|
||||
);
|
||||
|
||||
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
|
||||
name = "RESTRICTDIST-release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
||||
};
|
||||
|
||||
openSshServerPackage = ./openssh/server-package.cab;
|
||||
|
||||
autounattend = import ./autounattend.nix (
|
||||
attrs // {
|
||||
inherit pkgs;
|
||||
users = users // {
|
||||
wfvm = {
|
||||
password = "1234";
|
||||
description = "WFVM Administrator";
|
||||
groups = [
|
||||
"Administrators"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
bundleInstaller = pkgs.callPackage ./bundle {};
|
||||
|
||||
# Packages required to drive installation of other packages
|
||||
bootstrapPkgs =
|
||||
runQemuCommand "bootstrap-win-pkgs.img" ''
|
||||
mkdir -p pkgs/fod
|
||||
|
||||
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
||||
|
||||
# Install optional windows features
|
||||
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
|
||||
|
||||
# SSH setup script goes here because windows XML parser sucks
|
||||
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
|
||||
|
||||
virt-make-fs --partition --type=fat pkgs/ $out
|
||||
'';
|
||||
|
||||
installScript = pkgs.writeScript "windows-install-script" (
|
||||
let
|
||||
qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [
|
||||
# "CD" drive with bootstrap pkgs
|
||||
"-drive"
|
||||
"id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on"
|
||||
"-device"
|
||||
"usb-storage,drive=virtio-win"
|
||||
# USB boot
|
||||
"-drive"
|
||||
"id=win-install,file=usbimage.img,if=none,format=raw,readonly=on"
|
||||
"-device"
|
||||
"usb-storage,drive=win-install"
|
||||
# Output image
|
||||
"-drive"
|
||||
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||
# Network
|
||||
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on"
|
||||
]);
|
||||
in
|
||||
''
|
||||
#!${pkgs.runtimeShell}
|
||||
set -euxo pipefail
|
||||
export PATH=${lib.makeBinPath [ p7zip utils.qemu libguestfs ]}:$PATH
|
||||
|
||||
# Create a bootable "USB" image
|
||||
# Booting in USB mode circumvents the "press any key to boot from cdrom" prompt
|
||||
#
|
||||
# Also embed the autounattend answer file in this image
|
||||
mkdir -p win
|
||||
mkdir -p win/nix-win
|
||||
7z x -y ${windowsIso} -owin
|
||||
|
||||
cp ${autounattend.autounattendXML} win/autounattend.xml
|
||||
|
||||
virt-make-fs --partition --type=fat win/ usbimage.img
|
||||
rm -rf win
|
||||
|
||||
# Qemu requires files to be rw
|
||||
qemu-img create -f qcow2 c.img ${diskImageSize}
|
||||
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
||||
''
|
||||
);
|
||||
|
||||
baseImage = pkgs.runCommandNoCC "RESTRICTDIST-windows.img" {} ''
|
||||
${installScript}
|
||||
mv c.img $out
|
||||
'';
|
||||
|
||||
finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "RESTRICTDIST-${v.name}.img" {
|
||||
buildInputs = with utils; [
|
||||
qemu win-wait win-exec win-put
|
||||
] ++ (v.buildInputs or []);
|
||||
} (let
|
||||
script = pkgs.writeScript "${v.name}-script" v.script;
|
||||
qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [
|
||||
# Output image
|
||||
"-drive"
|
||||
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||
# Network - enable SSH forwarding
|
||||
"-netdev user,id=n1,net=192.168.1.0/24,restrict=on,hostfwd=tcp::2022-:22"
|
||||
]);
|
||||
|
||||
in ''
|
||||
# Create an image referencing the previous image in the chain
|
||||
qemu-img create -f qcow2 -b ${acc} c.img
|
||||
|
||||
set -m
|
||||
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
|
||||
|
||||
win-wait
|
||||
|
||||
echo "Executing script to build layer..."
|
||||
${script}
|
||||
echo "Layer script done"
|
||||
|
||||
echo "Shutting down..."
|
||||
win-exec 'shutdown /s'
|
||||
echo "Waiting for VM to terminate..."
|
||||
fg
|
||||
echo "Done"
|
||||
|
||||
mv c.img $out
|
||||
'')) baseImage installCommands;
|
||||
|
||||
in
|
||||
|
||||
# impureMode is meant for debugging the base image, not the full incremental build process
|
||||
if !(impureMode) then finalImage else assert installCommands == []; installScript
|
Loading…
Reference in New Issue