apiVersion: v1 kind: ConfigMap metadata: name: {{ template "docker-osx.fullname" . }}-boot-components data: config.plist: |- ACPI Add Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment Fake EC and USBX Power EnĂ¥abled Path SSDT-EC.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Comment _Q11 to XQ11 Count 1 Enabled Find X1ExMQ== Limit 0 Mask OemTableId Replace WFExMQ== ReplaceMask Skip 0 TableLength 0 TableSignature Comment _Q12 to XQ12 Count 1 Enabled Find X1ExMg== Limit 0 Mask OemTableId Replace WFExMg== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus Booter MmioWhitelist Quirks AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete PciRoot(0x0)/Pci(0x1b,0x0) MaximumBootBeepVolume Kernel Add {{- if .Values.qemu.hardwareGpu.enabled }} BundlePath mXHCD.kext Comment Hello There Enabled ExecutablePath Contents/MacOS/mXHCD MaxKernel MinKernel PlistPath Contents/Info.plist {{- end }} Arch x86_64 BundlePath VoodooHDA.kext Comment Patch engine {{- if .Values.qemu.audio.enabled }} Enabled {{- else -}} Disabled {{- end }} ExecutablePath Contents/MacOS/VoodooHDA MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist {{- if .Values.kexts.add }} {{- range .Values.kexts.kextsToAdd }} Arch Any BundlePath {{ .name }} Comment Enabled ExecutablePath {{ .executablePath }} MaxKernel MinKernel PlistPath {{ .plistPath }} {{- end }} {{- end }} Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate {{- if .Values.qemu.hardwareGpu.enabled }} Cpuid1Data VwYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask /////wAAAAAAAAAAAAAAAA== {{- else -}} Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== {{- end }} Force {{- if .Values.qemu.hardwareGpu.enabled }} Base Comment algrey - cpuid_set_generic_info - disable check to allow leaf7 Count 1 Enabled Find ADoPgg== Identifier kernel Limit 0 Mask MaxKernel 19.99.99 MinKernel 17.0.0 Replace AAAPgg== ReplaceMask Skip 0 {{- else -}} Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Patch engine Enabled Identifier com.apple.iokit.IONetworkingFamily ExecutablePath Contents/MacOS/IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist {{- end }} Patch {{- if .Values.qemu.hardwareGpu.enabled }} Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 19.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 {{- else -}} Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 20.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 {{- end }} Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled {{- if .Values.qemu.hardwareGpu.enabled }} Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= {{- else -}} Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= {{- end }} MaxKernel 20.99.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 {{- if .Values.qemu.hardwareGpu.enabled }} Base Comment algrey - - skip cpuid_cores_per_package test -10.15 Count 0 Enabled Find gz0AAAAAAA8AAAAAAItdvA== Identifier kernel Limit 0 Mask //8AAAD///8AAAAA/////w== MaxKernel 19.99.99 MinKernel 19.0.0 Replace AAAAAAAAAQAAAAAAAAAAAA== ReplaceMask AAAAAAAADwAAAAAAAAAAAA== Skip 0 Base Comment algrey - - skip cpuid_cores_per_package test Count 0 Enabled Find gz0AAAAAAHQAi128 Identifier kernel Limit 0 Mask //8AAAD///8A//// MaxKernel 18.99.99 MinKernel 17.0.0 Replace AAAAAAAAAQAAAAAA ReplaceMask AAAAAAAADwAAAAAA Skip 0 {{- end }} Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum DummyPowerManagement ExternalDiskIcons IncreasePciBarSize LapicKernelPanic PanicNoKextDump PowerTimeoutKernelPanic ThirdPartyDrives XhciPortLimit Scheme {{- if not .Values.qemu.hardwareGpu.enabled }} FuzzyMatch KernelArch x86_64 KernelCache Auto {{- end }} Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary PickerAttributes 1 PickerVariant Modern PickerAudioAssist PickerMode External PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout {{ .Values.openCore.boot.timeout }} Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault ApECID 0 AuthRestart BootProtect None DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Name UEFI Shell Path OpenShell.efi Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Name Shutdown Path ResetSystem.efi NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 SystemAudioVolume Rg== boot-args {{ .Values.configPlist.bootArgs }} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic Generic AdviseWindows MLB {{ .Values.configPlist.MLB }} ROM m7zhIYfl SpoofVendor SystemProductName {{ .Values.configPlist.SystemProductName }} SystemSerialNumber {{ .Values.configPlist.SystemSerialNumber }} SystemUUID {{ .Values.configPlist.SystemUUID }} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime VolumeAmplifier 0 ConnectDrivers Drivers VBoxHfs.efi OpenRuntime.efi OpenCanopy.efi #AudioDxe.efi #OpenUsbKbDxe.efi #UsbMouseDxe.efi #Ps2KeyboardDxe.efi #Ps2MouseDxe.efi #HiiDatabase.efi #NvmExpressDxe.efi #XhciDxe.efi #ExFatDxe.efi #PartitionDxe.efi #CrScreenshotDxe.efi Input KeyFiltering KeyForgetThreshold 5 KeyMergeThreshold 2 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution {{ .Values.vnc.resolution }} SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEvent AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks DeduplicateBootOrder ExitBootServicesDelay 0 IgnoreInvalidFlexRatio ReleaseUsbOwnership RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect Launch_custom.sh: |- #/bin/sh # Add extra kexts to EFI/OC/kexts {{- if .Values.kexts.add }} {{- range .Values.kexts.kextsToAdd }} {{- $rangeItem := . -}} {{- with $ }} echo 'Installing kext {{ $rangeItem.name }}..' cp -r "{{ .Values.kexts.path }}/{{ $rangeItem.name }}" /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/ sudo chmod 755 /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/{{ $rangeItem.name }} {{- end }} {{- end }} {{- end }} # Rebuild Opencore.qcow2 after making changes to config.plist and etc.. {{- if .Values.openCore.rebuild }} echo 'Building new Opencore.qcow2..' sudo apt install {{ .Values.openCore.kernel }} -y pushd OpenCore-Catalina/ mkdir -p EFI/OC/Resources rm -f OpenCore.qcow2 sudo ./opencore-image-ng.sh \ --cfg config.plist \ --img OpenCore.qcow2 sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} OpenCore.qcow2 popd {{- end }} if ! [ -d "{{ .Values.qemu.systemInstaller.path }}" ]; then mkdir -p {{ .Values.qemu.systemInstaller.path }} fi if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then mkdir -p "/system_image/{{ .Values.serverName }}" fi # Download and build installer image if no system drive found.. if ! [ -f "{{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img" ]; then echo "Downloading {{ .Values.qemu.systemInstaller.version }} base image.." python fetch-macOS.py --version {{ .Values.qemu.systemInstaller.version }} echo 'Converting downloaded BaseSystem.dmg into BaseSystem{{ .Values.qemu.systemInstaller.version }}.img and saving in {{ .Values.qemu.systemInstaller.path }}' qemu-img convert BaseSystem.dmg -O qcow2 -p -c {{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img rm -f BaseSystem.dmg else echo 'Base Image downloaded and converted into img already..' fi if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then echo "Creating a {{ .Values.qemu.systemDisk.size }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.." qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.systemDisk.size }}" echo 'Finished creating system partition!' else echo 'Image already created. Skipping creation..' fi # # Fix permissions on usb devices.. # {{- if .Values.qemu.usb }} # {{- range .Values.qemu.usb }} # echo "Updating permissions to r/w for /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4).." # sudo chmod 666 /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4) # {{- end }} # {{- end }} # Start VNC.. {{- if .Values.vnc.enabled }} echo 'geometry={{ .Values.vnc.resolution }} localhost alwaysshared' > ~/.vnc/config sudo rm -f /tmp/.X99-lock export DISPLAY=:99 vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd /usr/bin/Xvnc -geometry {{ .Values.vnc.resolution }} -rfbauth "${HOME}/.vnc/passwd" :99 &\ sudo chmod 600 ~/.vnc/passwd {{- end }} sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} /dev/kvm {{- if .Values.qemu.hardwareGpu.enabled }} sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} -R /dev/vfio {{- end }} # Start QEMU.. echo 'Starting QEMU..' set -eu sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \ -cpu {{ .Values.qemu.cpu }} \ -machine q35,accel=kvm:tcg \ {{- if .Values.qemu.hardwareGpu.enabled }} -device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \ {{- if .Values.qemu.hardwareGpu.romfile }} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,bus=port.1,multifunction=on,romfile={{ .Values.qemu.hardwareGpu.romfile}} \ {{- else -}} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,multifunction=on \ {{- end }} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.1,bus=port.1 \ {{- else -}} -vga {{ .Values.qemu.softwareGpu }} \ {{- end }} -smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \ {{- if .Values.vnc.enabled }} -usb -device usb-kbd -device usb-tablet \ {{- else -}} -vga none \ -display none \ {{- end }} -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ -drive if=pflash,format=raw,readonly,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_CODE.fd \ -drive if=pflash,format=raw,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_VARS-1024x768.fd \ -smbios type=2 \ {{- if .Values.qemu.audio.enabled }} -audiodev {{ .Values.qemu.audio.driver }},id=hda \ -device ich9-intel-hda \ -device hda-duplex,audiodev=hda \ {{- end }} -device ich9-ahci,id=sata \ -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ -device ide-hd,bus=sata.2,drive=OpenCoreBoot \ {{- if .Values.qemu.systemInstaller.enabled }} -device ide-hd,bus=sata.3,drive=InstallMedia \ -drive id=InstallMedia,if=none,file={{ .Values.qemu.systemInstaller.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img,format=qcow2 \ {{- end }} -drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \ -device ide-hd,bus=sata.4,drive=MacHDD \ -netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraPortForwarding }} \ -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \ {{- range .Values.qemu.usb }} -usb -device usb-host,productid=0x{{ .productId }},vendorid=0x{{ .vendorId }} \ {{- end }} {{- range .Values.qemu.extraArgs }} {{ . }} \ {{- end }} ${EXTRA:-} vncpasswd_file: |- {{ .Values.vnc.password }} limits.conf: |- #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means, for example, that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # # # #Where: # can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # # can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # # can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # # # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 @{{ .Values.image.userName }} soft memlock unlimited @{{ .Values.image.userName }} hard memlock unlimited # End of file