Version 0.1.0.

.gitignore

@@ -0,0 +1 @@
+*~

.guix-authorizations

@@ -0,0 +1,4 @@
+(authorizations
+ (version 0)
+ (("E23C 21ED 864F F4F3 A711  4CDF CA47 1FD5 0161 8A49"
+   (name "black-hole@rdmp.org"))))

config/config.scm

@@ -0,0 +1,182 @@
+;;  Nu-2 --- Operating system for headless production servers.
+;;  Copyright © 2024  Dale Mellor
+;;
+;;  This file is part of nu-2.
+;;
+;;  Nu-2 is free software; you can redistribute it and/or modify it under
+;;  the terms of the GNU General Public License as published by the Free
+;;  Software Foundation; either version 3 of the License, or (at your
+;;  option) any later version.
+;;
+;;  Nu-2 is distributed in the hope that it will be useful, but WITHOUT
+;;  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+;;  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+;;  for more details.
+;;
+;;  You should have received a copy of the GNU General Public License
+;;  along with Nu-2.  If not, see <http://www.gnu.org/licenses/>.
+
+
+(use-modules (gnu) (guix) (ice-9 textual-ports))
+
+(use-service-modules admin
+                     base
+                     mcron
+                     networking
+                     ssh  security  shepherd  sysctl
+                     web)
+
+(use-package-modules bash
+                     certs   compression
+                     emacs
+                     file
+                     gawk   guile
+                     less   linux
+                     package-management
+                     ssh
+                     tls
+                     version-control)
+
+(define vm-image-motd (plain-file "motd" "
+\x1b[1;37mThis is the Nu-2 system.  Welcome!\x1b[0m
+"))
+
+
+(operating-system
+ 
+ (host-name "nu-2")
+
+ (kernel (customize-linux #:name "nu-2-linux"
+			  #:linux (specification->package "linux-libre@6.8")
+                          #:defconfig (local-file "linux.config")))
+ (kernel-loadable-modules '())
+ (kernel-arguments (list "console=ttyS0,115200"))
+
+ (initrd-modules '("virtio_blk" "virtio_pci"))
+
+ (bootloader (bootloader-configuration
+              (bootloader grub-bootloader)
+              ;;  Set to some number of seconds (like, 20) if you want to
+              ;;  give yourself a chance at interrupting the GRUB boot
+              ;;  sequence.
+              (timeout 0)
+              (targets '("/dev/vda"))
+              (terminal-outputs '(console))))
+
+ ;; Label for the GRUB boot menu.
+ (label (string-append "nu-2 "
+                       (or (getenv "GUIX_DISPLAYED_VERSION")
+                           (package-version guix))))
+
+ ;; Modify these to taste.
+ (timezone "Etc/UTC")
+ (locale "en_US.utf8")
+
+ ;; You might not like this (just take it out!)
+ (keyboard-layout (keyboard-layout "us" "dvorak"
+                                   #:options '("ctrl:nocaps")))
+
+ (firmware '())
+
+ (file-systems (cons (file-system
+                      (device "/dev/vda2")
+                      (mount-point "/")
+                      (type "ext4"))
+                     %base-file-systems))
+
+ (users (cons (user-account
+               (name "admin")
+               ;; If you want to log in to the console as admin user, you
+               ;; will need to put a password in here.
+               (password "*")
+               (group "users")
+               (supplementary-groups '("wheel" "netdev"
+                                       "audio" "video")))
+              %base-user-accounts))
+
+  ;; Our /etc/sudoers file.  Since 'admin' initially has an empty
+  ;; password, allow for password-less sudo.
+ (sudoers-file (plain-file "sudoers" "\
+root ALL=(ALL) ALL
+%wheel ALL=NOPASSWD: ALL\n"))
+
+  ;; Just enough essential parts to get us out of a sticky situation if
+  ;; necessary.
+  (packages (list bash
+                  coreutils
+                  diffutils
+                  ;;  Change to vim if you must.
+                  emacs-minimal
+                  file  findutils
+                  gawk  git  glibc   ;; Utilities like ldd.
+                        grep
+                  iproute
+                  less
+                  module-init-tools  ;; Utilities like lsmod.
+                  nss-certs
+                  procps
+                  sed
+                  tar
+                  which
+                  ))
+
+ (services
+   (list
+
+    (service dhcp-client-service-type)
+
+    (service ntp-service-type)
+
+    (service openssh-service-type
+             (openssh-configuration
+              (openssh openssh-sans-x)
+              ;; Use anything you want here, or delete this line to use
+              ;; the standard port 22.
+              (port-number 26544)
+              (password-authentication? #f)
+              (use-pam? #f)
+              (subsystems
+               `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))
+              (authorized-keys
+               `(("admin"
+                  ,(local-file "ssh-key.public"))))))
+
+    ;;  This allows root to get in without a password on the console.
+    ;;  Remove this line if you can reliably log in by SSH.
+    (service login-service-type)
+
+    (service syslog-service-type)
+
+    (service agetty-service-type (agetty-configuration
+                                  (extra-options '("-L")) ; no carrier detect
+                                  (term "vt100")
+                                  (tty #f) ; automatic
+                                  (shepherd-requirement '(syslogd))))
+
+    (service static-networking-service-type
+             (list %loopback-static-networking))
+    (service urandom-seed-service-type)
+    (service guix-service-type)
+    (service nscd-service-type)
+
+    (service rottlog-service-type)
+
+    ;; Periodically delete old build logs.
+    (service log-cleanup-service-type
+             (log-cleanup-configuration
+              (directory "/var/log/guix/drvs")))
+    
+    ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
+    ;; used, so enable them by default.  The FUSE and ALSA rules are
+    ;; less critical, but handy.
+    (service udev-service-type
+             (udev-configuration
+              (rules (list lvm2 fuse alsa-utils crda))))
+    
+    (service sysctl-service-type)
+    
+    (service special-files-service-type
+             `(("/bin/sh" ,(file-append bash "/bin/sh"))
+               ("/usr/bin/env" ,(file-append coreutils "/bin/env")))))
+   
+   ))

config/ssh-key.private

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAp8dICt4hVLnjLMRGrogwJ/Ww+7Uun+DnqjszSckDGcgAAAJD+wp7u/sKe
+7gAAAAtzc2gtZWQyNTUxOQAAACAp8dICt4hVLnjLMRGrogwJ/Ww+7Uun+DnqjszSckDGcg
+AAAEBLxPD48Cpe36l+pJ3S52+e2fce8Aou9gybPG9IAG7nASnx0gK3iFUueMsxEauiDAn9
+bD7tS6f4OeqOzNJyQMZyAAAAB2RhbGVAbDcBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

config/ssh-key.public

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICnx0gK3iFUueMsxEauiDAn9bD7tS6f4OeqOzNJyQMZy dale@l7

run-emu.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#  Nu-2 --- Operating system for headless production servers.
+#  Copyright © 2024  Dale Mellor
+# 
+#  This file is part of nu-2.
+# 
+#  Nu-2 is free software; you can redistribute it and/or modify it under
+#  the terms of the GNU General Public License as published by the Free
+#  Software Foundation; either version 3 of the License, or (at your
+#  option) any later version.
+# 
+#  Nu-2 is distributed in the hope that it will be useful, but WITHOUT ANY
+#  WARRANTY; without even the implied warranty of MERCHANTABILITY or
+#  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+#  for more details.
+# 
+#  You should have received a copy of the GNU General Public License along
+#  with Nu-2.  If not, see <http://www.gnu.org/licenses/>.
+
+
+if [ "x$1" == "x" ]; then
+    echo "run-emu: provide qcow2 image"
+else
+
+    # You might want to tweak the allocated memory (-m) and number of
+    # processor cores (-smp) according to your available hardware.
+
+    qemu-system-x86_64                                             \
+        -netdev bridge,br=emu,id=n                                 \
+            -device virtio-net,netdev=n,mac=00:00:10:04:00:99      \
+        -drive if=none,file="$1.qcow2",id=a                        \
+            -device virtio-blk,drive=a                             \
+        -enable-kvm   -m 4G   -smp 8                               \
+        -nographic
+
+fi