nullscm · September 1, 2022 17:15
diff --git a/guix-system-infect.sh b/guix-system-infect.sh
 #!/usr/bin/env bash
 # used on Debian 11 / Check the output of the variables / edit config manually to be sure!
 # RUN:  wget -q -S -O - URL_TO_THIS_GIST_IN_RAW 2>&1 | tail -n +9 | bash -x 
 HOSTNAME="$(hostname)"
 IP="$(ip r | tail -n 1 | awk '{print $9}')"
 BRD="$(ip r | tail -n 1 | awk '{print $1}' | cut -d '/' -f1  | cut -d '.' -f1-3 ).1"
 DEV="$(ip r | tail -n 1 | awk '{print $3}')"
 NS="$(cat /etc/resolv.conf | grep nameserver | head -n1 | awk '{print $2}')"
 ROOT="$(mount | grep "/ " | awk '{print $1}')"
 ROOTFS="$(mount | grep "/ " | awk '{print $5}')"
 BOOT="/dev/$(lsblk -io KNAME  | sed -n 2p)"
 cat <<EOF >>/tmp/host.scm
 (use-modules (gnu))
 (use-service-modules networking ssh)
 (use-package-modules screen ssh certs tls)
 (operating-system
  (host-name "${HOSTNAME}")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  (hosts-file (plain-file "hosts" "127.0.0.1 localhost ${HOSTNAME}
 ${IP} ${HOSTNAME}.de ${HOSTNAME}"))
  (initrd-modules (append (list "virtio_scsi") %base-initrd-modules))
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (timeout 1)
               (targets  (list "${BOOT}"))))
  (file-systems (append (list (file-system
                (device "${ROOT}") (mount-point "/") (type "${ROOTFS}")))
              %base-file-systems))
  (users %base-user-accounts)
  (packages (cons* screen openssh nss-certs gnutls %base-packages))
  (services  (cons*
 (service static-networking-service-type
         (list (static-networking
                (addresses
                 (list (network-address
                        (device "${DEV}")
                        (value "${IP}/24"))))
                (routes
                 (list (network-route
                        (destination "default")
                        (gateway "${BRD}"))))
                (name-servers '("${NS}")))))
  (service openssh-service-type
          (openssh-configuration
   (allow-empty-passwords? #t)
          (permit-root-login 'prohibit-password)))
  %base-services)))
 EOF
 cat /tmp/host.scm
 wget "https://ci.guix.gnu.org/search/latest/archive?query=spec:tarball+status:success+system:x86_64-linux+guix-binary.tar.xz" 
 mv "archive?query=spec:tarball+status:success+system:x86_64-linux+guix-binary.tar.xz" guix.tar.xz
 tar --warning=no-timestamp -xf guix.tar.xz
 mv var/guix /var/ && mv gnu /
 groupadd --system guixbuild
 for i in $(seq -w 1 10);
 do
  useradd -g guixbuild -G guixbuild     \
    -d /var/empty -s $(which nologin)   \
    -c "Guix build user $i" --system    \
  guixbuilder$i;
 done
 /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild &
 rm -Rf /boot/*
 mv /etc /old-etc
 mkdir /etc
 cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,resolv.conf,services,hosts,nsswitch.conf} /etc/
 /var/guix/profiles/per-user/root/current-guix/bin/guix archive --authorize < /var/guix/profiles/per-user/root/current-guix/share/guix/ci.guix.gnu.org.pub
 /var/guix/profiles/per-user/root/current-guix/bin/guix system reconfigure /tmp/host.scm 
 reboot
	#!/usr/bin/env bash
	# used on Debian 11 / Check the output of the variables / edit config manually to be sure!
	# RUN: wget -q -S -O - URL_TO_THIS_GIST_IN_RAW 2>&1 \| tail -n +9 \| bash -x
	HOSTNAME="$(hostname)"
	IP="$(ip r \| tail -n 1 \| awk '{print $9}')"
	BRD="$(ip r \| tail -n 1 \| awk '{print $1}' \| cut -d '/' -f1 \| cut -d '.' -f1-3 ).1"
	DEV="$(ip r \| tail -n 1 \| awk '{print $3}')"
	NS="$(cat /etc/resolv.conf \| grep nameserver \| head -n1 \| awk '{print $2}')"
	ROOT="$(mount \| grep "/ " \| awk '{print $1}')"
	ROOTFS="$(mount \| grep "/ " \| awk '{print $5}')"
	BOOT="/dev/$(lsblk -io KNAME \| sed -n 2p)"
	cat <<EOF >>/tmp/host.scm
	(use-modules (gnu))
	(use-service-modules networking ssh)
	(use-package-modules screen ssh certs tls)
	(operating-system
	(host-name "${HOSTNAME}")
	(timezone "Europe/Berlin")
	(locale "en_US.utf8")
	(hosts-file (plain-file "hosts" "127.0.0.1 localhost ${HOSTNAME}
	${IP} ${HOSTNAME}.de ${HOSTNAME}"))
	(initrd-modules (append (list "virtio_scsi") %base-initrd-modules))
	(bootloader (bootloader-configuration
	(bootloader grub-bootloader)
	(timeout 1)
	(targets (list "${BOOT}"))))
	(file-systems (append (list (file-system
	(device "${ROOT}") (mount-point "/") (type "${ROOTFS}")))
	%base-file-systems))
	(users %base-user-accounts)
	(packages (cons* screen openssh nss-certs gnutls %base-packages))
	(services (cons*
	(service static-networking-service-type
	(list (static-networking
	(addresses
	(list (network-address
	(device "${DEV}")
	(value "${IP}/24"))))
	(routes
	(list (network-route
	(destination "default")
	(gateway "${BRD}"))))
	(name-servers '("${NS}")))))
	(service openssh-service-type
	(openssh-configuration
	(allow-empty-passwords? #t)
	(permit-root-login 'prohibit-password)))
	%base-services)))
	EOF
	cat /tmp/host.scm
	wget "https://ci.guix.gnu.org/search/latest/archive?query=spec:tarball+status:success+system:x86_64-linux+guix-binary.tar.xz"
	mv "archive?query=spec:tarball+status:success+system:x86_64-linux+guix-binary.tar.xz" guix.tar.xz
	tar --warning=no-timestamp -xf guix.tar.xz
	mv var/guix /var/ && mv gnu /
	groupadd --system guixbuild
	for i in $(seq -w 1 10);
	do
	useradd -g guixbuild -G guixbuild \
	-d /var/empty -s $(which nologin) \
	-c "Guix build user $i" --system \
	guixbuilder$i;
	done
	/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild &
	rm -Rf /boot/*
	mv /etc /old-etc
	mkdir /etc
	cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,resolv.conf,services,hosts,nsswitch.conf} /etc/
	/var/guix/profiles/per-user/root/current-guix/bin/guix archive --authorize < /var/guix/profiles/per-user/root/current-guix/share/guix/ci.guix.gnu.org.pub
	/var/guix/profiles/per-user/root/current-guix/bin/guix system reconfigure /tmp/host.scm
	reboot