From: Joshua Branson <jbranso@dismail.de> Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" MIME-Version: 1.0 Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..3ade82af14 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -1347,6 +1347,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. Be sure to add your ssh key for +easy login. We recommend using the default distro as a way to bootstrap +Guix. This is usually done via @code{ssh-copy-id}. + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +VM Mode: Paravirtualization @c{The default?? Does this matter?} + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}. +Now you can run the "install guix form binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as guix-config.scm: + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ;; Is this a good idea? Well if you don't add it + ;; you have to manually set your user's password + ;; via the glish console... + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too +@end lisp + +Note the same above for root, which I don't feel great about, but +otherwise you'll need to log in via the linode "glish" console to log in +as root and set the user's initial password before you can start using +sudo. @comment {(is there another way around this?)} + +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as +<your-username-here>_rsa.pub in the same directory. + +Mount the guix drive: +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) + +Be sure to set your password and root's password. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +BTW, if you save it as a disk image right at this point, you'll have an +easy time spinning up new Guix images! + @node Setting up a bind mount @section Setting up a bind mount -- 2.26.0
Joshua Branson via Guix-patches via writes: > From: Joshua Branson <jbranso@dismail.de> > Date: Fri, 10 Jul 2020 20:32:30 -0400 > Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" > MIME-Version: 1.0 > Content-Type: text/x-patch > Content-Disposition: attachment; > filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch > > * doc/guix-cookbook.texi (Running Guix on a Linode): > I added a section that explains how to run guix on a linode. > Thanks Chris Webber! > --- > doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 180 insertions(+) > > diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi > index f541592d13..3ade82af14 100644 > --- a/doc/guix-cookbook.texi > +++ b/doc/guix-cookbook.texi > @@ -1347,6 +1347,7 @@ reference. > * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. > * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. > * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. > +* Running Guix on a Linode:: Running Guix on a Linode > * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. > * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. > @end menu > @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s > confusion occurs. This can be done by executing @code{xset s activate} immediately > before you execute slock. > > +@node Running Guix on a Linode > +@section Running Guix on a Linode > +@cindex linode > + > +Start with a recommended Debian server. Be sure to add your ssh key for > +easy login. We recommend using the default distro as a way to bootstrap > +Guix. This is usually done via @code{ssh-copy-id}. Huh! I've never used ssh-copy-id before... Regardless, my experience was that Linode's interface it asked me what key I wanted to provide... I just copy-pasta'ed from ~/.ssh/id_<keytype>.pub How would one do it with ssh-copy-id? > +Power the linode down. In the Linode's Disks/Configurations tab, resize > +the Debian disk to be smaller. 30 GB is recommended. > + > +In the Linode settings, "Add a disk", with the following: > +@itemize @bullet > +@item > +Label: "Guix" > + > +@item > +Filesystem: ext4 > + > +@item > +Set it to the remaining size > +@end itemize > + > +On the "configuration" field that comes with the default image, press > +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" > +label. > + > +Now "Add a Configuration", with the following: > +@itemize @bullet > +@item > +Label: Guix > + > +@item > +VM Mode: Paravirtualization @c{The default?? Does this matter?} We can probably remove this comment I guess? Not sure, especially since I still don't know if it matters. ;) Maybe we could even skip listing it since the default is fine? > +@item > +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) > + > +@item > +Block device assignment: > + > +@item > +/dev/sda: Guix > + > +@item > +/dev/sdb: swap Also note that I made the mistake of never actually using swap in my server configuration. Maybe worth fixing? > +@item > +Root device: /dev/sda > + > +@item > +Turn off all the filesystem/boot helpers > +@end itemize > + > +Now power it back up, picking the Debian configuration. Once it's > +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}. > +Now you can run the "install guix form binary installer" steps: > + > +@example > +sudo apt-get install gpg > +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - > +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh > +chmod +x guix-install.sh > +./guix-install.sh > +guix pull > +@end example > + > +Now it's time to write out a config for the server. The key information > +is below. Save the resulting file as guix-config.scm: > + > +@lisp > +(use-modules (gnu) > + (guix modules)) > +(use-service-modules networking > + ssh) > +(use-package-modules admin > + certs > + package-management > + ssh > + tls) > + > +(operating-system > + (host-name "my-server") > + (timezone "America/New_York") > + (locale "en_US.UTF-8") > + ;; This goofy code will generate the grub.cfg > + ;; without installing the grub bootloader on disk. > + (bootloader (bootloader-configuration > + (bootloader > + (bootloader > + (inherit grub-bootloader) > + (installer #~(const #t)))))) > + (file-systems (cons (file-system > + (device "/dev/sda") > + (mount-point "/") > + (type "ext4")) > + %base-file-systems)) Presumably, here's where we should add swap. > + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk > + %base-initrd-modules)) > + > + (users (cons (user-account > + (name "janedoe") > + (group "users") > + ;; Adding the account to the "wheel" group > + ;; makes it a sudoer. > + (supplementary-groups '("wheel")) > + (home-directory "/home/janedoe")) > + %base-user-accounts)) > + > + (packages (cons* nss-certs ;for HTTPS access > + openssh-sans-x > + %base-packages)) > + > + (services (cons* > + (service dhcp-client-service-type) > + (service openssh-service-type > + (openssh-configuration > + (openssh openssh-sans-x) > + (password-authentication? #f) > + (authorized-keys > + `(("janedoe" ,(local-file "janedoe_rsa.pub")) > + ;; Is this a good idea? Well if you don't add it > + ;; you have to manually set your user's password > + ;; via the glish console... > + ("root" ,(local-file "janedoe_rsa.pub")))))) > + %base-services))) > +@end lisp > + > +Replace the following fields in the above configuration: > +@lisp > +(host-name "my-server") ; replace with your server name > +(name "janedoe") ; replace with your username > +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too > +@end lisp > + > +Note the same above for root, which I don't feel great about, but > +otherwise you'll need to log in via the linode "glish" console to log in > +as root and set the user's initial password before you can start using > +sudo. @comment {(is there another way around this?)} Maybe the first person could be removed... "which I don't feel great about, but..." with "which doesn't seem great, but..." > +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as > +<your-username-here>_rsa.pub in the same directory. > + > +Mount the guix drive: > +@example > +mkdir /mnt/guix > +mount /dev/sdc /mnt/guix > +@end example > + > +Due to the way we set things up above, we do not install Grub > +completely. Instead we install only our grub configuration file. So we > +need to copy over some of the other Grub stuff that is already there: > + > +@example > +mkdir -p /mnt/guix/boot/grub > +cp -r /boot/grub/* /mnt/guix/boot/grub/ > +@end example > + > +Now initialize the Guix installation: > +@example > +guix system init guix-config.scm /mnt/guix > +@end example > + > +Ok, power it down! > +Now from the linode console, select boot and select "Guix". > + > +Once it boots, you should be able to log in via ssh! (The server > +config will have changed though.) > + > +Be sure to set your password and root's password. > + > +Horray! At this point you can shut down the server, delete the > +Debian disk, and resize the Guix to the rest of the size. > +Congratulations! > + > +BTW, if you save it as a disk image right at this point, you'll have an > +easy time spinning up new Guix images! > + > @node Setting up a bind mount > @section Setting up a bind mount Fantastic! It otherwise looks good to me.
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server") ; replace with your server name
> +(name "janedoe") ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo. @comment {(is there another way around this?)}
I'm not certain how I need to change the configuration here... I just
deleted the "Note the same above for root" paragraph. Can you give me
some direction?
--
Joshua Branson
Sent from Emacs and Gnus
[-- Attachment #1: running linode on a cookbook --] [-- Type: text/x-patch, Size: 7722 bytes --] From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001 From: Joshua Branson <jbranso@dismail.de> Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0d6d28a419 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Be sure to add your ssh key for easy +login to the remote server. This is usually done via +@code{ssh-copy-id}. For example, create your ssh keys, then you can +upload your keys to the remote server like so: + +@example +ssh-keygen +ssh-copy-id username@@<remote computer IP address> +@end example + +You can also use linode's graphical interface for adding ssh keys. Just +copy your local file @code{~/.ssh/id_<keytype>.pub}. + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}. +Now you can run the "install guix form binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as guix-config.scm: + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ;; Is this a good idea? Well if you don't add it + ;; you have to manually set your user's password + ;; via the glish console... + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +(name "janedoe") ; replace with your username on the remote server +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too +@end lisp + +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as +<your-username-here>_rsa.pub in the same directory. + +Mount the guix drive: +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) + +Be sure to set your password and root's password. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +BTW, if you save it as a disk image right at this point, you'll have an +easy time spinning up new Guix images! + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0
Joshua Branson via Guix-patches via writes:
>> +Replace the following fields in the above configuration:
>> +@lisp
>> +(host-name "my-server") ; replace with your server name
>> +(name "janedoe") ; replace with your username
>> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
>> +@end lisp
>> +
>> +Note the same above for root, which I don't feel great about, but
>> +otherwise you'll need to log in via the linode "glish" console to log in
>> +as root and set the user's initial password before you can start using
>> +sudo. @comment {(is there another way around this?)}
>
> I'm not certain how I need to change the configuration here... I just
> deleted the "Note the same above for root" paragraph. Can you give me
> some direction?
Easiest path is to just add
;; Allow root login to allow easy login before you set up your
;; initial password for sudo purposes. You can remove this line
;; after you log in and set your initial user password.
("root" ,(local-file "janedoe_rsa.pub")
after the janedoe thing and delete that whole paragraph. That provides
an easyish way to deal with things... if someone is uncomfortable with
having a root login, I suppose they have enough experience to know how
to remove this later if they want.
Great work on this, with that change I think it looks good to go!
Hey Chris, So I'm made some more edits to the guide about setting up a linode. Namely, I removed the bit about ssh-copy-id. It's just easier to use linode's interface. I also added some sftp commands for uploading the ssh key and guix-config.scm file. There are a smattering of other edits. I actually followed your guide and set up my linode! Thanks for writing this up! My next email will have the updated patch. P.S. The only issue that I currently have is that I can ssh into the linode server as my regular user, but I cannot ssh in as a root user...Maybe as a next exercise I'll try to add to the cookbook how to use guix deploy on a linode server...because that would be cool! -- Joshua Branson Sent from Emacs and Gnus
[-- Attachment #1: running guix on a linode --] [-- Type: text/x-patch, Size: 9853 bytes --] From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001 From: Joshua Branson <jbranso@dismail.de> Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..a907ddaf33 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your ssh keys. + +@example +ssh-keygen +@end example + +Be sure to add your ssh key for easy login to the remote server. This +is trivially done via linode's graphical interface for adding ssh keys. +Go to your profile and click add SSH Key. Copy into it the output of: + +@example +cat ~/.ssh/<username>_rsa.pub +@end example + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@<your-server-ip-here>}. (You can find your server ip address in +your Linode Summary section.) Now you can run the "install guix from +binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @code{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as +<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same +directory. In a new terminal run these commands. + +@example +sftp root@@<remote server ip address> +put /home/<username>/ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) You may encounter an error like: + +@example +$ ssh root@@<server ip address> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict checking. +Host key verification failed. +@end example + +Either delete ~/.ssh/known_hosts file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@<remote ip address> +passwd ; for the root password +passwd <username> ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues ssh-ing into your box, then you may still need to set your +root and user password initially by clicking on the ``Launch Console'' +option in your linode. Choose the ``Glish'' instead of ``Weblish''. +Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0
Hi!
Joshua Branson <jbranso@dismail.de> scribes:
>>From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
Minor issue: s/on a Linode/on a Linode Server/
or: s/on a Linode/on Linode/ ?
Also, s/Grub/GRUB/, s/ssh/SSH/, s/linode/Linode, and perhaps @code or
@file here and there would be welcome.
But these are details, the post looks great! Let me know if you can
send an updated version or if I should adjust these for you.
Thanks!
Ludo’.
I will send an updated patch tomorrow after work. You should see a new patch by late afternoon. Thanks, Joshua -- Joshua Branson Sent from Emacs and Gnus
* doc/guix-cookbook.texi (Running Guix on a Linode Server): I added a section that explains how to run guix on a linode server. Thanks Chris Webber! --- doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 241 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0521c29a35 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode Server:: Running Guix on a Linode Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,245 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode Server +@section Running Guix on a Linode Server +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your @code{SSH} keys. + +@example +ssh-keygen +@end example + +Be sure to add your @code{SSH key} for easy login to the remote server. +This is trivially done via linode's graphical interface for adding @code{SSH +keys}. Go to your profile and click add @code {SSH Key}. Copy into it +the output of: + +@example +cat ~/.ssh/<username>_rsa.pub +@end example + +Power the @code {Linode} down. In the @code{Linode's} +Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is +recommended. + +In the @code{Linode} settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: @code {GRUB 2} (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@<your-server-ip-here>}. (You can find your server ip address in +your Linode Summary section.) Now you can run the "install guix from +binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @code{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your @code{ssh public key} (eg: @code{~/.ssh/id_rsa.pub}) as +<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same +directory. In a new terminal run these commands. + +@example +sftp root@@<remote server ip address> +put /home/<username>/ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install @code{GRUB} +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other @code{GRUB} stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the @code{Linode} console, select boot and select "Guix". + +Once it boots, you should be able to log in via @code{SSH}! (The server +config will have changed though.) You may encounter an error like: + +@example +$ ssh root@@<server ip address> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict checking. +Host key verification failed. +@end example + +Either delete ~/.ssh/known_hosts file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@<remote ip address> +passwd ; for the root password +passwd <username> ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues @code{SSH-ing} into your box, then you may still need to set +your root and user password initially by clicking on the ``Launch +Console'' option in your linode. Choose the ``Glish'' instead of +``Weblish''. Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0
Hi Joshua, Thanks for following up on this! Minor comments: Joshua Branson <jbranso@dismail.de> skribis: > +@node Running Guix on a Linode Server > +@section Running Guix on a Linode Server > +@cindex linode > + > +Start with a recommended Debian server. We recommend using the default ^ I’d start the sentence with something like “To run Guix on a server hosted by @uref{https://www.linode.com/, Linode}, start with a …”. (That makes it clear what we’re talking about, what Linode is, etc.) > +distro as a way to bootstrap Guix. Create your @code{SSH} keys. [...] > +Be sure to add your @code{SSH key} for easy login to the remote server. [...] > +Power the @code {Linode} down. In the @code{Linode's} I realize I wasn’t clear: @code is for code snippets. When referring to Linode (the service/company) or SSH (the protocol), just write it as is, without @code. You would use @code for a command (like @code{rm -rf /foo}) and @file for a file name (like @file{/dev/sdc}). Text enclosed in @code or @file is rendered with a fixed-width font and possibly a different background color. > +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" ^ @file here. > +root@@<your-server-ip-here>}. (You can find your server ip address in ^ @var{your-server-ip-here} And s/ip/IP/. Let me know if you can take care of those last (I promise!) changes. Thank you! Ludo’.
Yes I will make these changes, and re-submit them. :) Thanks, Joshua P.S. Should I follow up to mailing lists via responding only to the mailing list? Or would you prefer that I CC your email address? -- Joshua Branson Sent from Emacs and Gnus
* doc/guix-cookbook.texi (Running Guix on a Linode Server): I added a section that explains how to run guix on a linode server. Thanks Chris Webber! --- doc/guix-cookbook.texi | 242 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0d15d658e9 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode Server:: Running Guix on a Linode Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,246 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode Server +@section Running Guix on a Linode Server +@cindex linode, Linode + +To run Guix on a server hosted by @uref{https://www.linode.com, Linode}, +start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your SSH keys. + +@example +ssh-keygen +@end example + +Be sure to add your SSH key for easy login to the remote server. +This is trivially done via Linode's graphical interface for adding +SSH keys. Go to your profile and click add SSH Key. +Copy into it the output of: + +@example +cat ~/.ssh/<username>_rsa.pub +@end example + +Power the Linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to @file{/dev/sdc} the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel:GRUB 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +@file{/dev/sda}: Guix + +@item +@file{/dev/sdb}: swap + +@item +Root device: @file{/dev/sda} + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@@var{<your-server-IP-here>}}. (You can find your server IP address in +your Linode Summary section.) Now you can run the "install guix from +@pxref{Binary Installation,,, guix, GNU Guix}" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @file{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as +@file{@var{<your-username-here>}_rsa.pub} and your +@file{guix-config.scm} in the same directory. In a new terminal run +these commands. + +@example +sftp root@@<remote server ip address> +put /home/<username>/ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install GRUB +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other GRUB stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the Linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via SSH! (The server config +will have changed though.) You may encounter an error like: + +@example +$ ssh root@@<server ip address> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict checking. +Host key verification failed. +@end example + +Either delete @file{~/.ssh/known_hosts} file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@<remote ip address> +passwd ; for the root password +passwd <username> ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues remotely logging into your linode box via SSH, then you may +still need to set your root and user password initially by clicking on +the ``Launch Console'' option in your linode. Choose the ``Glish'' +instead of ``Weblish''. Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0
Hi Joshua,
Joshua Branson <jbranso@dismail.de> skribis:
> * doc/guix-cookbook.texi (Running Guix on a Linode Server):
> I added a section that explains how to run guix on a linode server.
> Thanks Chris Webber!
Applied, thank you!
Ludo’.