unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
@ 2020-07-11  0:41 Joshua Branson via Guix-patches via
  2020-07-21 20:51 ` Christopher Lemmer Webber
                   ` (2 more replies)
  0 siblings, 3 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-07-11  0:41 UTC (permalink / raw)
  To: 42317

From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
MIME-Version: 1.0
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 180 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..3ade82af14 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -1347,6 +1347,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  Be sure to add your ssh key for
+easy login.  We recommend using the default distro as a way to bootstrap
+Guix.  This is usually done via @code{ssh-copy-id}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+VM Mode: Paravirtualization  @c{The default?? Does this matter?}
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ;; Is this a good idea?  Well if you don't add it
+                          ;; you have to manually set your user's password
+                          ;; via the glish console...
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")     ; replace with your server name
+(name "janedoe")            ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Note the same above for root, which I don't feel great about, but
+otherwise you'll need to log in via the linode "glish" console to log in
+as root and set the user's initial password before you can start using
+sudo.  @comment {(is there another way around this?)}
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.26.0





^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-07-11  0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
@ 2020-07-21 20:51 ` Christopher Lemmer Webber
  2020-08-07 17:15   ` Joshua Branson via Guix-patches via
  2020-08-07 17:16   ` Joshua Branson via Guix-patches via
  2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
  2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
  2 siblings, 2 replies; 14+ messages in thread
From: Christopher Lemmer Webber @ 2020-07-21 20:51 UTC (permalink / raw)
  To: jbranso, 42317

Joshua Branson via Guix-patches via writes:

> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
> MIME-Version: 1.0
> Content-Type: text/x-patch
> Content-Disposition: attachment;
>  filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
> ---
>  doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 180 insertions(+)
>
> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
> index f541592d13..3ade82af14 100644
> --- a/doc/guix-cookbook.texi
> +++ b/doc/guix-cookbook.texi
> @@ -1347,6 +1347,7 @@ reference.
>  * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
>  * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
>  * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
> +* Running Guix on a Linode:: Running Guix on a Linode
>  * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
>  * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
>  @end menu
> @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
>  confusion occurs. This can be done by executing @code{xset s activate} immediately
>  before you execute slock.
>  
> +@node Running Guix on a Linode
> +@section Running Guix on a Linode
> +@cindex linode
> +
> +Start with a recommended Debian server.  Be sure to add your ssh key for
> +easy login.  We recommend using the default distro as a way to bootstrap
> +Guix.  This is usually done via @code{ssh-copy-id}.

Huh!  I've never used ssh-copy-id before...

Regardless, my experience was that Linode's interface it asked me what
key I wanted to provide... I just copy-pasta'ed from
~/.ssh/id_<keytype>.pub

How would one do it with ssh-copy-id?

> +Power the linode down. In the Linode's Disks/Configurations tab, resize
> +the Debian disk to be smaller. 30 GB is recommended.
> +
> +In the Linode settings, "Add a disk", with the following:
> +@itemize @bullet
> +@item
> +Label: "Guix"
> +
> +@item
> +Filesystem: ext4
> +
> +@item
> +Set it to the remaining size
> +@end itemize
> +
> +On the "configuration" field that comes with the default image, press
> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
> +label.
> +
> +Now "Add a Configuration", with the following:
> +@itemize @bullet
> +@item
> +Label: Guix
> +
> +@item
> +VM Mode: Paravirtualization  @c{The default?? Does this matter?}

We can probably remove this comment I guess?  Not sure, especially
since I still don't know if it matters. ;)

Maybe we could even skip listing it since the default is fine?

> +@item
> +Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
> +
> +@item
> +Block device assignment:
> +
> +@item
> +/dev/sda: Guix
> +
> +@item
> +/dev/sdb: swap

Also note that I made the mistake of never actually using swap in my
server configuration.  Maybe worth fixing?

> +@item
> +Root device: /dev/sda
> +
> +@item
> +Turn off all the filesystem/boot helpers
> +@end itemize
> +
> +Now power it back up, picking the Debian configuration.  Once it's
> +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
> +Now you can run the "install guix form binary installer" steps:
> +
> +@example
> +sudo apt-get install gpg
> +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
> +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
> +chmod +x guix-install.sh
> +./guix-install.sh
> +guix pull
> +@end example
> +
> +Now it's time to write out a config for the server.  The key information
> +is below. Save the resulting file as guix-config.scm:
> +
> +@lisp
> +(use-modules (gnu)
> +             (guix modules))
> +(use-service-modules networking
> +                     ssh)
> +(use-package-modules admin
> +                     certs
> +                     package-management
> +                     ssh
> +                     tls)
> +
> +(operating-system
> +  (host-name "my-server")
> +  (timezone "America/New_York")
> +  (locale "en_US.UTF-8")
> +  ;; This goofy code will generate the grub.cfg
> +  ;; without installing the grub bootloader on disk.
> +  (bootloader (bootloader-configuration
> +               (bootloader
> +                (bootloader
> +                 (inherit grub-bootloader)
> +                 (installer #~(const #t))))))
> +  (file-systems (cons (file-system
> +                        (device "/dev/sda")
> +                        (mount-point "/")
> +                        (type "ext4"))
> +                      %base-file-systems))

Presumably, here's where we should add swap.

> +  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
> +                        %base-initrd-modules))
> +
> +  (users (cons (user-account
> +                (name "janedoe")
> +                (group "users")
> +                ;; Adding the account to the "wheel" group
> +                ;; makes it a sudoer.
> +                (supplementary-groups '("wheel"))
> +                (home-directory "/home/janedoe"))
> +               %base-user-accounts))
> +
> +  (packages (cons* nss-certs            ;for HTTPS access
> +                   openssh-sans-x
> +                   %base-packages))
> +
> +  (services (cons*
> +             (service dhcp-client-service-type)
> +             (service openssh-service-type
> +                      (openssh-configuration
> +                       (openssh openssh-sans-x)
> +                       (password-authentication? #f)
> +                       (authorized-keys
> +                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
> +                          ;; Is this a good idea?  Well if you don't add it
> +                          ;; you have to manually set your user's password
> +                          ;; via the glish console...
> +                          ("root" ,(local-file "janedoe_rsa.pub"))))))
> +             %base-services)))
> +@end lisp
> +
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server")     ; replace with your server name
> +(name "janedoe")            ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo.  @comment {(is there another way around this?)}

Maybe the first person could be removed... "which I don't feel great
about, but..." with "which doesn't seem great, but..."

> +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
> +<your-username-here>_rsa.pub in the same directory.
> +
> +Mount the guix drive:
> +@example
> +mkdir /mnt/guix
> +mount /dev/sdc /mnt/guix
> +@end example
> +
> +Due to the way we set things up above, we do not install Grub
> +completely.  Instead we install only our grub configuration file.  So we
> +need to copy over some of the other Grub stuff that is already there:
> +
> +@example
> +mkdir -p /mnt/guix/boot/grub
> +cp -r /boot/grub/* /mnt/guix/boot/grub/
> +@end example
> +
> +Now initialize the Guix installation:
> +@example
> +guix system init guix-config.scm /mnt/guix
> +@end example
> +
> +Ok, power it down!
> +Now from the linode console, select boot and select "Guix".
> +
> +Once it boots, you should be able to log in via ssh!  (The server
> +config will have changed though.)
> +
> +Be sure to set your password and root's password.
> +
> +Horray!  At this point you can shut down the server, delete the
> +Debian disk, and resize the Guix to the rest of the size.
> +Congratulations!
> +
> +BTW, if you save it as a disk image right at this point, you'll have an
> +easy time spinning up new Guix images!
> +
>  @node Setting up a bind mount
>  @section Setting up a bind mount

Fantastic!  It otherwise looks good to me.




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-07-21 20:51 ` Christopher Lemmer Webber
@ 2020-08-07 17:15   ` Joshua Branson via Guix-patches via
  2020-08-07 21:11     ` Christopher Lemmer Webber
  2020-08-07 17:16   ` Joshua Branson via Guix-patches via
  1 sibling, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-07 17:15 UTC (permalink / raw)
  To: 42317


> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server")     ; replace with your server name
> +(name "janedoe")            ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo.  @comment {(is there another way around this?)}

I'm not certain how I need to change the configuration here...  I just
deleted the "Note the same above for root" paragraph.  Can you give me
some direction?

--
Joshua Branson
Sent from Emacs and Gnus




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-07-21 20:51 ` Christopher Lemmer Webber
  2020-08-07 17:15   ` Joshua Branson via Guix-patches via
@ 2020-08-07 17:16   ` Joshua Branson via Guix-patches via
  2020-08-08 21:58     ` Joshua Branson via Guix-patches via
  1 sibling, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-07 17:16 UTC (permalink / raw)
  To: 42317

[-- Attachment #1: running linode on a cookbook --]
[-- Type: text/x-patch, Size: 7722 bytes --]

From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 187 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d6d28a419 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix.  Be sure to add your ssh key for easy
+login to the remote server.  This is usually done via
+@code{ssh-copy-id}. For example, create your ssh keys, then you can
+upload your keys to the remote server like so:
+
+@example
+ssh-keygen
+ssh-copy-id username@@<remote computer IP address>
+@end example
+
+You can also use linode's graphical interface for adding ssh keys.  Just
+copy your local file @code{~/.ssh/id_<keytype>.pub}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ;; Is this a good idea?  Well if you don't add it
+                          ;; you have to manually set your user's password
+                          ;; via the glish console...
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")     ; replace with your server name
+(name "janedoe")            ; replace with your username on the remote server
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-08-07 17:15   ` Joshua Branson via Guix-patches via
@ 2020-08-07 21:11     ` Christopher Lemmer Webber
  2020-08-08 21:57       ` Joshua Branson via Guix-patches via
  0 siblings, 1 reply; 14+ messages in thread
From: Christopher Lemmer Webber @ 2020-08-07 21:11 UTC (permalink / raw)
  To: jbranso, 42317

Joshua Branson via Guix-patches via writes:

>> +Replace the following fields in the above configuration:
>> +@lisp
>> +(host-name "my-server")     ; replace with your server name
>> +(name "janedoe")            ; replace with your username
>> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
>> +@end lisp
>> +
>> +Note the same above for root, which I don't feel great about, but
>> +otherwise you'll need to log in via the linode "glish" console to log in
>> +as root and set the user's initial password before you can start using
>> +sudo.  @comment {(is there another way around this?)}
>
> I'm not certain how I need to change the configuration here...  I just
> deleted the "Note the same above for root" paragraph.  Can you give me
> some direction?

Easiest path is to just add

    ;; Allow root login to allow easy login before you set up your
    ;; initial password for sudo purposes.  You can remove this line
    ;; after you log in and set your initial user password.
    ("root" ,(local-file "janedoe_rsa.pub")

after the janedoe thing and delete that whole paragraph.  That provides
an easyish way to deal with things... if someone is uncomfortable with
having a root login, I suppose they have enough experience to know how
to remove this later if they want.

Great work on this, with that change I think it looks good to go!




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-08-07 21:11     ` Christopher Lemmer Webber
@ 2020-08-08 21:57       ` Joshua Branson via Guix-patches via
  0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-08 21:57 UTC (permalink / raw)
  To: 42317


Hey Chris,

So I'm made some more edits to the guide about setting up a linode.
Namely, I removed the bit about ssh-copy-id.  It's just easier to use
linode's interface.

I also added some sftp commands for uploading the ssh key and
guix-config.scm file.

There are a smattering of other edits.  I actually followed your guide
and set up my linode!  Thanks for writing this up!

My next email will have the updated patch.

P.S.  The only issue that I currently have is that I can ssh into the
linode server as my regular user, but I cannot ssh in as a root
user...Maybe as a next exercise I'll try to add to the cookbook how to
use guix deploy on a linode server...because that would be cool!

--
Joshua Branson
Sent from Emacs and Gnus




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-08-07 17:16   ` Joshua Branson via Guix-patches via
@ 2020-08-08 21:58     ` Joshua Branson via Guix-patches via
  2020-08-31 10:33       ` Ludovic Courtès
  0 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-08 21:58 UTC (permalink / raw)
  To: 42317

[-- Attachment #1: running guix on a linode --]
[-- Type: text/x-patch, Size: 9853 bytes --]

From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 239 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..a907ddaf33 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your ssh keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your ssh key for easy login to the remote server.  This
+is trivially done via linode's graphical interface for adding ssh keys.
+Go to your profile and click add SSH Key.  Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory.  In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues ssh-ing into your box, then you may still need to set your
+root and user password initially by clicking on the ``Launch Console''
+option in your linode.  Choose the ``Glish'' instead of ``Weblish''.
+Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-08-08 21:58     ` Joshua Branson via Guix-patches via
@ 2020-08-31 10:33       ` Ludovic Courtès
  2020-09-01  2:08         ` Joshua Branson via Guix-patches via
  0 siblings, 1 reply; 14+ messages in thread
From: Ludovic Courtès @ 2020-08-31 10:33 UTC (permalink / raw)
  To: Joshua Branson; +Cc: 42317

Hi!

Joshua Branson <jbranso@dismail.de> scribes:

>>From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!

Minor issue: s/on a Linode/on a Linode Server/
or: s/on a Linode/on Linode/ ?

Also, s/Grub/GRUB/, s/ssh/SSH/, s/linode/Linode, and perhaps @code or
@file here and there would be welcome.

But these are details, the post looks great!  Let me know if you can
send an updated version or if I should adjust these for you.

Thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
  2020-08-31 10:33       ` Ludovic Courtès
@ 2020-09-01  2:08         ` Joshua Branson via Guix-patches via
  0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-01  2:08 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 42317


I will send an updated patch tomorrow after work.  You should see a new
patch by late afternoon.

Thanks,

Joshua

-- 
Joshua Branson
Sent from Emacs and Gnus




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
  2020-07-11  0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
  2020-07-21 20:51 ` Christopher Lemmer Webber
@ 2020-09-01 10:45 ` Joshua Branson via Guix-patches via
  2020-09-07 13:59   ` Ludovic Courtès
  2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
  2 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-01 10:45 UTC (permalink / raw)
  To: 42317; +Cc: Joshua Branson

* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 241 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0521c29a35 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,245 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your @code{SSH} keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your @code{SSH key} for easy login to the remote server.
+This is trivially done via linode's graphical interface for adding @code{SSH
+keys}.  Go to your profile and click add @code {SSH Key}.  Copy into it
+the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the @code {Linode} down. In the @code{Linode's}
+Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is
+recommended.
+
+In the @code{Linode} settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: @code {GRUB 2} (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your @code{ssh public key} (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory.  In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install @code{GRUB}
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other @code{GRUB} stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the @code{Linode} console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via @code{SSH}!  (The server
+config will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues @code{SSH-ing} into your box, then you may still need to set
+your root and user password initially by clicking on the ``Launch
+Console'' option in your linode.  Choose the ``Glish'' instead of
+``Weblish''.  Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
  2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
@ 2020-09-07 13:59   ` Ludovic Courtès
  2020-09-07 15:10     ` Joshua Branson via Guix-patches via
  0 siblings, 1 reply; 14+ messages in thread
From: Ludovic Courtès @ 2020-09-07 13:59 UTC (permalink / raw)
  To: Joshua Branson; +Cc: 42317

Hi Joshua,

Thanks for following up on this!  Minor comments:

Joshua Branson <jbranso@dismail.de> skribis:

> +@node Running Guix on a Linode Server
> +@section Running Guix on a Linode Server
> +@cindex linode
> +
> +Start with a recommended Debian server.  We recommend using the default
  ^
I’d start the sentence with something like “To run Guix on a server
hosted by @uref{https://www.linode.com/, Linode}, start with a …”.
(That makes it clear what we’re talking about, what Linode is, etc.)

> +distro as a way to bootstrap Guix. Create your @code{SSH} keys.

[...]

> +Be sure to add your @code{SSH key} for easy login to the remote server.

[...]

> +Power the @code {Linode} down. In the @code{Linode's}

I realize I wasn’t clear: @code is for code snippets.  When referring to
Linode (the service/company) or SSH (the protocol), just write it as is,
without @code.

You would use @code for a command (like @code{rm -rf /foo}) and @file
for a file name (like @file{/dev/sdc}).  Text enclosed in @code or @file
is rendered with a fixed-width font and possibly a different background
color.

> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
                                                     ^
@file here.

> +root@@<your-server-ip-here>}. (You can find your server ip address in
         ^
@var{your-server-ip-here}

And s/ip/IP/.

Let me know if you can take care of those last (I promise!) changes.

Thank you!

Ludo’.




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
  2020-09-07 13:59   ` Ludovic Courtès
@ 2020-09-07 15:10     ` Joshua Branson via Guix-patches via
  0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-07 15:10 UTC (permalink / raw)
  To: 42317


Yes I will make these changes, and re-submit them.  :)

Thanks,

Joshua

P.S.  Should I follow up to mailing lists via responding only to the
mailing list?  Or would you prefer that I CC your email address?

-- 
Joshua Branson
Sent from Emacs and Gnus




^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server"
  2020-07-11  0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
  2020-07-21 20:51 ` Christopher Lemmer Webber
  2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
@ 2020-09-08 14:31 ` Joshua Branson via Guix-patches via
  2020-09-09  7:21   ` bug#42317: " Ludovic Courtès
  2 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-08 14:31 UTC (permalink / raw)
  To: 42317; +Cc: ludo, jbranso

* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 242 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 242 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d15d658e9 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,246 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode, Linode
+
+To run Guix on a server hosted by @uref{https://www.linode.com, Linode},
+start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your SSH keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your SSH key for easy login to the remote server.
+This is trivially done via Linode's graphical interface for adding
+SSH keys.  Go to your profile and click add SSH Key.
+Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the Linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to @file{/dev/sdc} the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel:GRUB 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+@file{/dev/sda}: Guix
+
+@item
+@file{/dev/sdb}: swap
+
+@item
+Root device: @file{/dev/sda}
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@@var{<your-server-IP-here>}}. (You can find your server IP address in
+your Linode Summary section.) Now you can run the "install guix from
+@pxref{Binary Installation,,, guix, GNU Guix}" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @file{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as
+@file{@var{<your-username-here>}_rsa.pub} and your
+@file{guix-config.scm} in the same directory.  In a new terminal run
+these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install GRUB
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other GRUB stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the Linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via SSH!  (The server config
+will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete @file{~/.ssh/known_hosts} file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues remotely logging into your linode box via SSH, then you may
+still need to set your root and user password initially by clicking on
+the ``Launch Console'' option in your linode.  Choose the ``Glish''
+instead of ``Weblish''.  Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





^ permalink raw reply related	[flat|nested] 14+ messages in thread

* bug#42317: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server"
  2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
@ 2020-09-09  7:21   ` Ludovic Courtès
  0 siblings, 0 replies; 14+ messages in thread
From: Ludovic Courtès @ 2020-09-09  7:21 UTC (permalink / raw)
  To: Joshua Branson; +Cc: 42317-done

Hi Joshua,

Joshua Branson <jbranso@dismail.de> skribis:

> * doc/guix-cookbook.texi (Running Guix on a Linode Server):
> I added a section that explains how to run guix on a linode server.
> Thanks Chris Webber!

Applied, thank you!

Ludo’.




^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2020-09-09  7:22 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-11  0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber
2020-08-07 17:15   ` Joshua Branson via Guix-patches via
2020-08-07 21:11     ` Christopher Lemmer Webber
2020-08-08 21:57       ` Joshua Branson via Guix-patches via
2020-08-07 17:16   ` Joshua Branson via Guix-patches via
2020-08-08 21:58     ` Joshua Branson via Guix-patches via
2020-08-31 10:33       ` Ludovic Courtès
2020-09-01  2:08         ` Joshua Branson via Guix-patches via
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
2020-09-07 13:59   ` Ludovic Courtès
2020-09-07 15:10     ` Joshua Branson via Guix-patches via
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
2020-09-09  7:21   ` bug#42317: " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).