Last active
October 1, 2018 22:21
-
-
Save rockandska/52d1a76b87e1e7bd6ce137c4ddab4b11 to your computer and use it in GitHub Desktop.
install relocatable packages from remote GUIX server through SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
GUIX_PACKAGE=guix-binary-0.15.0.x86_64-linux.tar.xz | |
echo "CLOUD-INIT START" | |
############## | |
# Guix install | |
############## | |
apt-get update | |
apt-get install -y xz-utils dirmngr | |
cd /tmp | |
wget -O ${GUIX_PACKAGE} https://alpha.gnu.org/gnu/guix/${GUIX_PACKAGE} | |
wget -O ${GUIX_PACKAGE}.sig https://alpha.gnu.org/gnu/guix/${GUIX_PACKAGE}.sig | |
gpg --keyserver pgp.mit.edu --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 | |
gpg --verify ${GUIX_PACKAGE}.sig | |
tar --warning=no-timestamp -xf ${GUIX_PACKAGE} | |
rm -rf /var/guix /gnu | |
mv var/guix /var/ && mv gnu / | |
ln -sf /var/guix/profiles/per-user/root/guix-profile ~root/.guix-profile | |
GUIX_PROFILE="`echo ~root`/.guix-profile" | |
source $GUIX_PROFILE/etc/profile | |
groupadd -f --system guixbuild | |
for i in `seq -w 1 10`; | |
do | |
id -u guixbuilder$i &>/dev/null || useradd -g guixbuild -G guixbuild \ | |
-d /var/empty -s `which nologin` \ | |
-c "Guix build user $i" --system \ | |
guixbuilder$i; | |
done | |
cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service /etc/systemd/system/ | |
systemctl enable guix-daemon | |
systemctl daemon-reload | |
systemctl restart guix-daemon | |
mkdir -p /usr/local/bin | |
cd /usr/local/bin | |
ln -sf /var/guix/profiles/per-user/root/guix-profile/bin/guix | |
mkdir -p /usr/local/share/info | |
cd /usr/local/share/info | |
for i in /var/guix/profiles/per-user/root/guix-profile/share/info/* ;do | |
ln -sf $i | |
done | |
guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub | |
guix package -u | |
guix package -i glibc-locales | |
####################### | |
# Prepare Guix User env | |
####################### | |
id -u guixpack &>/dev/null || useradd -s /bin/bash -m guixpack | |
/bin/su -c "guix package -i glibc-locales" - guixpack | |
cat << 'EOF' > /usr/local/bin/guixpack.sh | |
#!/bin/bash | |
set -e | |
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale" | |
cmd='guix pack' | |
for arg in ${SSH_ORIGINAL_COMMAND[@]%Q};do | |
case ${arg%Q} in | |
-h|--help) | |
guix pack --help | |
exit 0 | |
;; | |
-v|--version) | |
guix pack --version | |
exit 0 | |
;; | |
*) | |
cmd+=" ${arg%Q}" | |
;; | |
esac | |
done | |
pack=$($cmd) | |
cat $pack | |
guix gc --free-space=1GB --optimize || true & | |
exit 0 | |
EOF | |
sed -i '/^PasswordAuthentication/d' /etc/ssh/sshd_config | |
sed -i '/# CLOUD-INIT/,/# EOF CLOUD-INIT/d' /etc/ssh/sshd_config | |
cat << 'EOF' >> /etc/ssh/sshd_config | |
# CLOUD-INIT | |
PasswordAuthentication no | |
Match User guixpack | |
X11Forwarding no | |
AllowTcpForwarding no | |
PermitTTY no | |
ForceCommand /usr/local/bin/guixpack.sh | |
AuthorizedKeysCommand /bin/cat /home/debian/.ssh/authorized_keys | |
# EOF CLOUD-INIT | |
EOF | |
/usr/sbin/sshd -t | |
systemctl restart sshd | |
echo "SUCCESS !" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/tmp $ ssh guixpack@XXX.XXX.XXX.XXX -- '-R -S /opt/bin=/bin -S /etc=etc hello' | tar -xzf - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment