From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id AOv/CmsgL1+yQQAA0tVLHw (envelope-from ) for ; Sat, 08 Aug 2020 22:00:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id kMvFBmsgL18jegAAB5/wlQ (envelope-from ) for ; Sat, 08 Aug 2020 22:00:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 56ECD9403A5 for ; Sat, 8 Aug 2020 22:00:10 +0000 (UTC) Received: from localhost ([::1]:35234 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k4Wsr-0006l9-6v for larch@yhetil.org; Sat, 08 Aug 2020 18:00:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50866) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k4Wsk-0006jQ-OZ for guix-patches@gnu.org; Sat, 08 Aug 2020 18:00:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48157) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k4Wsk-0002rd-DU for guix-patches@gnu.org; Sat, 08 Aug 2020 18:00:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1k4Wsk-0008Dd-CK for guix-patches@gnu.org; Sat, 08 Aug 2020 18:00:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Resent-From: Joshua Branson Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 08 Aug 2020 22:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42317 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 42317@debbugs.gnu.org Received: via spool by 42317-submit@debbugs.gnu.org id=B42317.159692394331480 (code B ref 42317); Sat, 08 Aug 2020 22:00:02 +0000 Received: (at 42317) by debbugs.gnu.org; 8 Aug 2020 21:59:03 +0000 Received: from localhost ([127.0.0.1]:59695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4Wrm-0008Bg-Hg for submit@debbugs.gnu.org; Sat, 08 Aug 2020 17:59:03 -0400 Received: from mx1.dismail.de ([78.46.223.134]:37229) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4Wrj-0008Aq-Gm for 42317@debbugs.gnu.org; Sat, 08 Aug 2020 17:59:00 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 53a8a27c for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding:content-description; s= 20190914; bh=6d8I9P1UJvA70Y1huEN1KzYKWKebhGxU7qJ8NwqYm+I=; b=l/S Wqhu1lkgBhTrw7n2uNVR7JUYsjYWw9k0DCLSL/y+Ew3m+HNEN07Zd8wW63CZd91A nAJmUPyi94HIKFOsSREE30PdPIKlofKTXVHW6QJGHkmDzKN/QPRIvOjXHsHP7Ejc UVfgndUE6rNJ2GDDhHhFubQoSvTf1MWGd/L6N9NfT73jOz+P4yo5Or06e83ojCIL x+wt0HU5DWGSZeynQdRAVO41xrXkwrdUNeExOE9FJZXj8MFg2wp79avKoVX9s4tK R++qh0zIi4sWtKC0EVtvx8oR2V6nMAhVnYtkVdyXT0BPXSHr9SOerD5P8vvFTWV6 Nx/x1C9Kl40eEueM+Cw== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id f57a8b28 for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id fb6daeca for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 7772dae7 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:52 +0200 (CEST) References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <878seqs7fz.fsf@dismail.de> Date: Sat, 08 Aug 2020 17:58:50 -0400 In-Reply-To: <878seqs7fz.fsf@dismail.de> (Joshua Branson's message of "Fri, 07 Aug 2020 13:16:00 -0400") Message-ID: <875z9sn6jp.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch Content-Transfer-Encoding: quoted-printable Content-Description: running guix on a linode X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Joshua Branson , Joshua Branson via Guix-patches From: Joshua Branson via Guix-patches via X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=dismail.de header.s=20190914 header.b=l/S Wqhu; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -0.01 X-TUID: /fa28WW/X0cF >From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001 From: Joshua Branson Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode= "" * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..a907ddaf33 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel = on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager = on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems de= finition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitute= s through Tor. @end menu @@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to= notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} imm= ediately before you execute slock. =20 +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your ssh keys. + +@example +ssh-keygen +@end example + +Be sure to add your ssh key for easy login to the remote server. This +is trivially done via linode's graphical interface for adding ssh keys. +Go to your profile and click add SSH Key. Copy into it the output of: + +@example +cat ~/.ssh/_rsa.pub +@end example + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@}. (You can find your server ip address in +your Linode Summary section.) Now you can run the "install guix from +binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=3D15145 -qO - | gpg --i= mport - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @code{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as +_rsa.pub and your @code{guix-config.scm} in the same +directory. In a new terminal run these commands. + +@example +sftp root@@ +put /home//ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) You may encounter an error like: + +@example +$ ssh root@@ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this m= essage. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict = checking. +Host key verification failed. +@end example + +Either delete ~/.ssh/known_hosts file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@ +passwd ; for the root password +passwd ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues ssh-ing into your box, then you may still need to set your +root and user password initially by clicking on the ``Launch Console'' +option in your linode. Choose the ``Glish'' instead of ``Weblish''. +Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount =20 --=20 2.28.0