From 15fdf1163da241f0bb513e3c6da38f3723a9e154 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Thu, 7 Nov 2024 01:28:26 +0100
Subject: [PATCH] works

---
 .gitignore                                    |   1 +
 airootfs/etc/hostname                         |   1 +
 airootfs/etc/locale.conf                      |   1 +
 airootfs/etc/localtime                        |   1 +
 airootfs/etc/mkinitcpio.conf.d/archiso.conf   |   1 +
 airootfs/etc/mkinitcpio.d/linux.preset        |   8 ++++++
 airootfs/etc/os-release                       |   6 ++++
 airootfs/etc/pam.d/cage                       |   4 +++
 airootfs/etc/shadow                           |   1 +
 airootfs/etc/ssh/sshd_config.d/10-login.conf  |   2 ++
 .../ipv6-privacy-extensions.conf              |   2 ++
 .../etc/systemd/network/20-ethernet.network   |   9 ++++++
 .../etc/systemd/resolved.conf.d/archiso.conf  |   2 ++
 .../systemd-gpt-auto-generator                |   1 +
 .../systemd/system/abrechenbarkeit@.service   |  27 ++++++++++++++++++
 .../abrechenbarkeit@tty1.service              |   1 +
 .../hv_fcopy_daemon.service                   |   1 +
 .../hv_kvp_daemon.service                     |   1 +
 .../hv_vss_daemon.service                     |   1 +
 .../multi-user.target.wants/sshd.service      |   1 +
 .../systemd-networkd.service                  |   1 +
 .../systemd-resolved.service                  |   1 +
 .../systemd-networkd-wait-online.service      |   1 +
 .../systemd-networkd.socket                   |   1 +
 .../wait-for-only-one-interface.conf          |   6 ++++
 airootfs/etc/sysusers.d/abrechenbarkeit.conf  |   1 +
 airootfs/root/.ssh/authorized_keys            |   1 +
 .../pacman/keyrings/metamuffin-infra-trusted  |   1 +
 .../pacman/keyrings/metamuffin-infra.gpg      | Bin 0 -> 441 bytes
 bootstrap_packages.x86_64                     |   2 ++
 efiboot/loader/entries/asd.conf               |   4 +++
 efiboot/loader/loader.conf                    |   2 ++
 packages.x86_64                               |  16 +++++++++++
 pacman.conf                                   |  17 +++++++++++
 profiledef.sh                                 |  19 ++++++++++++
 35 files changed, 145 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 airootfs/etc/hostname
 create mode 100644 airootfs/etc/locale.conf
 create mode 120000 airootfs/etc/localtime
 create mode 100644 airootfs/etc/mkinitcpio.conf.d/archiso.conf
 create mode 100644 airootfs/etc/mkinitcpio.d/linux.preset
 create mode 100644 airootfs/etc/os-release
 create mode 100644 airootfs/etc/pam.d/cage
 create mode 100644 airootfs/etc/shadow
 create mode 100644 airootfs/etc/ssh/sshd_config.d/10-login.conf
 create mode 100644 airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf
 create mode 100644 airootfs/etc/systemd/network/20-ethernet.network
 create mode 100644 airootfs/etc/systemd/resolved.conf.d/archiso.conf
 create mode 120000 airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator
 create mode 100644 airootfs/etc/systemd/system/abrechenbarkeit@.service
 create mode 120000 airootfs/etc/systemd/system/graphical.target.wants/abrechenbarkeit@tty1.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/sshd.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
 create mode 120000 airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
 create mode 120000 airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
 create mode 120000 airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
 create mode 100644 airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
 create mode 100644 airootfs/etc/sysusers.d/abrechenbarkeit.conf
 create mode 100644 airootfs/root/.ssh/authorized_keys
 create mode 100644 airootfs/usr/share/pacman/keyrings/metamuffin-infra-trusted
 create mode 100644 airootfs/usr/share/pacman/keyrings/metamuffin-infra.gpg
 create mode 100644 bootstrap_packages.x86_64
 create mode 100644 efiboot/loader/entries/asd.conf
 create mode 100644 efiboot/loader/loader.conf
 create mode 100644 packages.x86_64
 create mode 100644 pacman.conf
 create mode 100644 profiledef.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e2e7327
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/out
diff --git a/airootfs/etc/hostname b/airootfs/etc/hostname
new file mode 100644
index 0000000..1050001
--- /dev/null
+++ b/airootfs/etc/hostname
@@ -0,0 +1 @@
+asd
\ No newline at end of file
diff --git a/airootfs/etc/locale.conf b/airootfs/etc/locale.conf
new file mode 100644
index 0000000..f9c983c
--- /dev/null
+++ b/airootfs/etc/locale.conf
@@ -0,0 +1 @@
+LANG=C.UTF-8
diff --git a/airootfs/etc/localtime b/airootfs/etc/localtime
new file mode 120000
index 0000000..0e35b57
--- /dev/null
+++ b/airootfs/etc/localtime
@@ -0,0 +1 @@
+/usr/share/zoneinfo/UTC
\ No newline at end of file
diff --git a/airootfs/etc/mkinitcpio.conf.d/archiso.conf b/airootfs/etc/mkinitcpio.conf.d/archiso.conf
new file mode 100644
index 0000000..fd9cd48
--- /dev/null
+++ b/airootfs/etc/mkinitcpio.conf.d/archiso.conf
@@ -0,0 +1 @@
+HOOKS=(base udev modconf archiso block filesystems)
diff --git a/airootfs/etc/mkinitcpio.d/linux.preset b/airootfs/etc/mkinitcpio.d/linux.preset
new file mode 100644
index 0000000..8e85205
--- /dev/null
+++ b/airootfs/etc/mkinitcpio.d/linux.preset
@@ -0,0 +1,8 @@
+# mkinitcpio preset file for the 'linux' package on archiso
+
+PRESETS=('archiso')
+
+ALL_kver='/boot/vmlinuz-linux'
+archiso_config='/etc/mkinitcpio.conf.d/archiso.conf'
+
+archiso_image="/boot/initramfs-linux.img"
diff --git a/airootfs/etc/os-release b/airootfs/etc/os-release
new file mode 100644
index 0000000..ba2d66b
--- /dev/null
+++ b/airootfs/etc/os-release
@@ -0,0 +1,6 @@
+NAME="Abrechenbarkeit System Distribution"
+PRETTY_NAME="Abrechenbarkeit System Distribution"
+ID=abrechenbarkeit
+BUILD_ID=rolling
+ANSI_COLOR="38;2;23;147;209"
+HOME_URL="https://codeberg.org/metamuffin/abrechenbarkeit"
diff --git a/airootfs/etc/pam.d/cage b/airootfs/etc/pam.d/cage
new file mode 100644
index 0000000..4523a93
--- /dev/null
+++ b/airootfs/etc/pam.d/cage
@@ -0,0 +1,4 @@
+auth           required        pam_unix.so nullok
+account        required        pam_unix.so
+session        required        pam_unix.so
+session        required        pam_systemd.so
diff --git a/airootfs/etc/shadow b/airootfs/etc/shadow
new file mode 100644
index 0000000..7edfd69
--- /dev/null
+++ b/airootfs/etc/shadow
@@ -0,0 +1 @@
+root::14871::::::
diff --git a/airootfs/etc/ssh/sshd_config.d/10-login.conf b/airootfs/etc/ssh/sshd_config.d/10-login.conf
new file mode 100644
index 0000000..5b988bc
--- /dev/null
+++ b/airootfs/etc/ssh/sshd_config.d/10-login.conf
@@ -0,0 +1,2 @@
+PasswordAuthentication no
+PermitRootLogin yes
diff --git a/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf b/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf
new file mode 100644
index 0000000..0e9ceb4
--- /dev/null
+++ b/airootfs/etc/systemd/network.conf.d/ipv6-privacy-extensions.conf
@@ -0,0 +1,2 @@
+[Network]
+IPv6PrivacyExtensions=yes
diff --git a/airootfs/etc/systemd/network/20-ethernet.network b/airootfs/etc/systemd/network/20-ethernet.network
new file mode 100644
index 0000000..ea81109
--- /dev/null
+++ b/airootfs/etc/systemd/network/20-ethernet.network
@@ -0,0 +1,9 @@
+[Match]
+Type=ether
+
+[Link]
+RequiredForOnline=routable
+
+[Network]
+DHCP=yes
+MulticastDNS=yes
diff --git a/airootfs/etc/systemd/resolved.conf.d/archiso.conf b/airootfs/etc/systemd/resolved.conf.d/archiso.conf
new file mode 100644
index 0000000..dbc8db6
--- /dev/null
+++ b/airootfs/etc/systemd/resolved.conf.d/archiso.conf
@@ -0,0 +1,2 @@
+[Resolve]
+MulticastDNS=yes
diff --git a/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator b/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator
new file mode 120000
index 0000000..dc1dc0c
--- /dev/null
+++ b/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator
@@ -0,0 +1 @@
+/dev/null
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/abrechenbarkeit@.service b/airootfs/etc/systemd/system/abrechenbarkeit@.service
new file mode 100644
index 0000000..3189eee
--- /dev/null
+++ b/airootfs/etc/systemd/system/abrechenbarkeit@.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=User interface for abrechenbarkeit
+After=systemd-user-sessions.service plymouth-quit-wait.service
+Before=graphical.target
+ConditionPathExists=/dev/tty0
+Wants=dbus.socket systemd-logind.service
+After=dbus.socket systemd-logind.service
+Conflicts=getty@%i.service
+After=getty@%i.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/cage -d -- chromium --ozone-platform=wayland --app='https://staging.metamuffin.org/'
+Restart=always
+User=abrechenbarkeit
+UtmpIdentifier=%I
+UtmpMode=user
+TTYPath=/dev/%I
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+StandardInput=tty-fail
+PAMName=cage
+
+[Install]
+WantedBy=graphical.target
+DefaultInstance=tty7
diff --git a/airootfs/etc/systemd/system/graphical.target.wants/abrechenbarkeit@tty1.service b/airootfs/etc/systemd/system/graphical.target.wants/abrechenbarkeit@tty1.service
new file mode 120000
index 0000000..d5664e3
--- /dev/null
+++ b/airootfs/etc/systemd/system/graphical.target.wants/abrechenbarkeit@tty1.service
@@ -0,0 +1 @@
+/etc/systemd/system/abrechenbarkeit@.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service b/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service
new file mode 120000
index 0000000..20ac7b2
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/hv_fcopy_daemon.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/hv_fcopy_daemon.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service b/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service
new file mode 120000
index 0000000..a7eac4a
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/hv_kvp_daemon.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/hv_kvp_daemon.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service b/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service
new file mode 120000
index 0000000..eae19ef
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/hv_vss_daemon.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/hv_vss_daemon.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service b/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service
new file mode 120000
index 0000000..d21ebd9
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/sshd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/sshd.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
new file mode 120000
index 0000000..4c158e6
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
new file mode 120000
index 0000000..4f6ae34
--- /dev/null
+++ b/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-resolved.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
new file mode 120000
index 0000000..7d6ad92
--- /dev/null
+++ b/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd-wait-online.service
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
new file mode 120000
index 0000000..51942c8
--- /dev/null
+++ b/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.socket
\ No newline at end of file
diff --git a/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
new file mode 100644
index 0000000..c9f9bce
--- /dev/null
+++ b/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
@@ -0,0 +1,6 @@
+# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist,
+# network-online.target gets needlessly delayed.
+# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online
+[Service]
+ExecStart=
+ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any
diff --git a/airootfs/etc/sysusers.d/abrechenbarkeit.conf b/airootfs/etc/sysusers.d/abrechenbarkeit.conf
new file mode 100644
index 0000000..2bae59d
--- /dev/null
+++ b/airootfs/etc/sysusers.d/abrechenbarkeit.conf
@@ -0,0 +1 @@
+u abrechenbarkeit - "Abrechenbarkeit User Interface User" -
diff --git a/airootfs/root/.ssh/authorized_keys b/airootfs/root/.ssh/authorized_keys
new file mode 100644
index 0000000..c8b8876
--- /dev/null
+++ b/airootfs/root/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3vF7K0qO14OE5anUCRgBbmixVTIc6Cv9JxtuH9Q0KL muffin@ubuntu
diff --git a/airootfs/usr/share/pacman/keyrings/metamuffin-infra-trusted b/airootfs/usr/share/pacman/keyrings/metamuffin-infra-trusted
new file mode 100644
index 0000000..4a5f5f6
--- /dev/null
+++ b/airootfs/usr/share/pacman/keyrings/metamuffin-infra-trusted
@@ -0,0 +1 @@
+D617AA66740C402C03E54F51F6005FC09FAB6142:4:
diff --git a/airootfs/usr/share/pacman/keyrings/metamuffin-infra.gpg b/airootfs/usr/share/pacman/keyrings/metamuffin-infra.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..13c183dcdf0fa5ed0ab2f31cc476684319665b19
GIT binary patch
literal 441
zcmbPX%#voH@JEbOn~jl$@s>M3BO|+m%w|ok2Yju339DJ3EZNr__mZ_MVfU=u7lIvk
z>MJbS*tb~brj{h;mZqg;<|$|tBqnDkrl%?tXQt<6=A|oSr&ekz*dSCmq+}Ks<>!~^
z<rk&fbxdXv7UN>D7E@%oCcY}IgvUXL`Kf>4H-`8F^H(Q2u`+>N!z9hj%FW5a&cvj|
z#3stc$-&LUBF4nb$Rx+kB;LTl#VG(&e_}l&!|SIGEO(oP_O5vL`dv3`{rvq$ZY68B
zoMcKW=i6HAF)y9rue_mE?M(H>5rX&JS1Rt^ux^ucYh~c}Ef>}Q7=C@Y;5_#Z3veI^
zae)J2dMG0+C=@y`mD#5I^w~9>obl>a`ufV{-+99_!n}-kv0j%t?82wV%*essQNbbs
z^o{}n@9-eIIZT4#e^GbI@hwY)mOc6<CK*_H{am$Z^^UnS6JA(v%}7o?_;W2I!^x9(
j<ZGwfMMN!-HnS_ZGJoDWrDy~Dld?Y(g7cLQT;>D-+>D~G

literal 0
HcmV?d00001

diff --git a/bootstrap_packages.x86_64 b/bootstrap_packages.x86_64
new file mode 100644
index 0000000..64966d0
--- /dev/null
+++ b/bootstrap_packages.x86_64
@@ -0,0 +1,2 @@
+arch-install-scripts
+base
diff --git a/efiboot/loader/entries/asd.conf b/efiboot/loader/entries/asd.conf
new file mode 100644
index 0000000..9423500
--- /dev/null
+++ b/efiboot/loader/entries/asd.conf
@@ -0,0 +1,4 @@
+title   Abrechenbarkeit System Distribution
+linux   /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
+initrd  /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
+options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID%
diff --git a/efiboot/loader/loader.conf b/efiboot/loader/loader.conf
new file mode 100644
index 0000000..3deedc7
--- /dev/null
+++ b/efiboot/loader/loader.conf
@@ -0,0 +1,2 @@
+timeout 3
+default asd
diff --git a/packages.x86_64 b/packages.x86_64
new file mode 100644
index 0000000..9bcf9bd
--- /dev/null
+++ b/packages.x86_64
@@ -0,0 +1,16 @@
+base
+linux
+mkinitcpio
+mkinitcpio-archiso
+open-vm-tools
+openssh
+pv
+qemu-guest-agent
+cage
+edk2-shell
+fish
+chromium
+pipewire
+pipewire-alsa
+pipewire-jack
+pipewire-pulse
diff --git a/pacman.conf b/pacman.conf
new file mode 100644
index 0000000..83b96d2
--- /dev/null
+++ b/pacman.conf
@@ -0,0 +1,17 @@
+[options]
+HoldPkg     = pacman glibc
+Architecture = auto
+ParallelDownloads = 5
+DownloadUser = alpm
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[metamuffin-infra]
+Server = https://pkg.metamuffin.org/$arch
+SigLevel = Required
diff --git a/profiledef.sh b/profiledef.sh
new file mode 100644
index 0000000..78bbef3
--- /dev/null
+++ b/profiledef.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2034
+
+iso_name="abrecheniso"
+iso_label="ASD_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)"
+iso_publisher="metamuffin"
+iso_application="Abrechenbarkeit System Distribution"
+iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
+install_dir="asd"
+buildmodes=('iso')
+bootmodes=('uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp')
+arch="x86_64"
+pacman_conf="pacman.conf"
+airootfs_image_type="squashfs"
+airootfs_image_tool_options=('-comp' 'zstd' '-Xcompression-level' '5')
+bootstrap_tarball_compression=(zstd -c -T0 --long -19)
+file_permissions=(
+  ["/etc/shadow"]="0:0:400"
+)