apiVersion: v1 kind: ConfigMap metadata: name: {{ template "docker-osx.fullname" . }}-boot-components data: config.plist: |- ACPI Add Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment Fake EC and USBX Power EnĂ¥abled Path SSDT-EC.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Comment _Q11 to XQ11 Count 1 Enabled Find X1ExMQ== Limit 0 Mask OemTableId Replace WFExMQ== ReplaceMask Skip 0 TableLength 0 TableSignature Comment _Q12 to XQ12 Count 1 Enabled Find X1ExMg== Limit 0 Mask OemTableId Replace WFExMg== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus Booter MmioWhitelist Quirks AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete PciRoot(0x0)/Pci(0x1b,0x0) MaximumBootBeepVolume Kernel Add Arch x86_64 BundlePath VoodooHDA.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/VoodooHDA MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Patch engine Enabled Identifier com.apple.iokit.IONetworkingFamily ExecutablePath Contents/MacOS/IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 20.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.99.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum DummyPowerManagement ExternalDiskIcons IncreasePciBarSize LapicKernelPanic PanicNoKextDump PowerTimeoutKernelPanic ThirdPartyDrives XhciPortLimit Scheme FuzzyMatch KernelArch x86_64 KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary PickerAttributes 1 PickerAudioAssist PickerMode External PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 0 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault ApECID 0 AuthRestart BootProtect None DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Name UEFI Shell Path OpenShell.efi Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Name Shutdown Path ResetSystem.efi NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 SystemAudioVolume Rg== boot-args -v keepsyms=1 tlbto_us=0 vti=9 run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic Generic AdviseWindows MLB {{ .Values.configPlist.MLB }} ROM m7zhIYfl SpoofVendor SystemProductName {{ .Values.configPlist.SystemProductName }} SystemSerialNumber {{ .Values.configPlist.SystemSerialNumber }} SystemUUID {{ .Values.configPlist.SystemUUID }} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime VolumeAmplifier 0 ConnectDrivers Drivers VBoxHfs.efi OpenRuntime.efi OpenCanopy.efi #AudioDxe.efi #OpenUsbKbDxe.efi #UsbMouseDxe.efi #Ps2KeyboardDxe.efi #Ps2MouseDxe.efi #HiiDatabase.efi #NvmExpressDxe.efi #XhciDxe.efi #ExFatDxe.efi #PartitionDxe.efi #CrScreenshotDxe.efi Input KeyFiltering KeyForgetThreshold 5 KeyMergeThreshold 2 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution 1920x1080@32 SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEvent AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks DeduplicateBootOrder ExitBootServicesDelay 0 IgnoreInvalidFlexRatio ReleaseUsbOwnership RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect macOS-libvirt-Catalina.xml: |- macOS 2aca0dd6-cec9-4717-9ab2-0b7b13d111c3 macOS {{ .Values.resources.requests.memory | trimSuffix "Mi" }} {{ .Values.resources.requests.memory | trimSuffix "Mi" }} {{ .Values.resources.requests.cpu }} hvm /home/CHANGEME/OSX-KVM/OVMF_CODE.fd /home/CHANGEME/OSX-KVM/OVMF_VARS-1024x768.fd destroy restart restart /usr/bin/qemu-system-x86_64
Launch_custom.sh: |- #/bin/sh if ! [ -d "/system_image/installers" ]; then mkdir -p /system_image/installers fi if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then mkdir -p "/system_image/{{ .Values.serverName }}" fi # Download and build installer image if no system drive found.. if ! [ -f "/system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img" ]; then echo "Downloading {{ .Values.qemu.systemInstaller.version }} base image.." python fetch-macOS.py --version {{ .Values.qemu.systemInstaller.version }} echo 'Converting downloaded BaseSystem.dmg into BaseSystem.img' qemu-img convert BaseSystem.dmg -O qcow2 -p -c /system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img rm -f BaseSystem.dmg else echo 'Base Image downloaded and converted into img already..' fi if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then echo "Creating a {{ .Values.qemu.diskSize }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.." qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.diskSize }}" echo 'Finished creating system partition!' else echo 'Image already created. Skipping creation..' fi # Start VNC.. sudo rm -f /tmp/.X99-lock export DISPLAY=:99 vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd /usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &\ {{- if .Values.qemu.gpu.enabled }} ulimit -l $(( 8*1048576+100000 )) user hard memlock $(( 8*1048576+100000 )) user soft memlock $(( 8*1048576+100000 )) {{- end }} # Start QEMU.. set -eu sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \ -cpu {{ .Values.qemu.cpu }} \ -machine q35,accel=kvm:tcg \ {{- if .Values.qemu.gpu.enabled }} -vga none \ -device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \ -device vfio-pci,host={{ .Values.qemu.gpu.hardwareId }}.0,multifunction=on,x-vga=on,rombar=1 \ -device vfio-pci,host={{ .Values.qemu.gpu.hardwareId }}.1,bus=port.1 \ -display none \ {{- else -}} -vga {{ .Values.qemu.softwareGpu }} \ {{- end }} -smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \ -usb -device usb-kbd -device usb-tablet \ -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \ -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \ -smbios type=2 \ {{- if .Values.qemu.audio.enabled }} -audiodev {{ .Values.qemu.audo.driver }},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \ \ {{- end }} -device ich9-ahci,id=sata \ -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ -device ide-hd,bus=sata.2,drive=OpenCoreBoot \ -device ide-hd,bus=sata.3,drive=InstallMedia \ -drive id=InstallMedia,if=none,file=/system_image/installers/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img,format=qcow2 \ -drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \ -device ide-hd,bus=sata.4,drive=MacHDD \ -netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraArgs }} -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \ -monitor stdio \ ${EXTRA:-} vncpasswd_file: |- {{ .Values.vnc.password }} limits.conf: |- #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means, for example, that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # # # #Where: # can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # # can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # # can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # # # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 @arch soft memlock unlimited @arch hard memlock unlimited # End of file