* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
@ 2020-07-11 0:41 Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber
` (2 more replies)
0 siblings, 3 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-07-11 0:41 UTC (permalink / raw)
To: 42317
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
MIME-Version: 1.0
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch
* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 180 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..3ade82af14 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -1347,6 +1347,7 @@ reference.
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
@end menu
@@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
confusion occurs. This can be done by executing @code{xset s activate} immediately
before you execute slock.
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server. Be sure to add your ssh key for
+easy login. We recommend using the default distro as a way to bootstrap
+Guix. This is usually done via @code{ssh-copy-id}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+VM Mode: Paravirtualization @c{The default?? Does this matter?}
+
+@item
+Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration. Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server. The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+ (guix modules))
+(use-service-modules networking
+ ssh)
+(use-package-modules admin
+ certs
+ package-management
+ ssh
+ tls)
+
+(operating-system
+ (host-name "my-server")
+ (timezone "America/New_York")
+ (locale "en_US.UTF-8")
+ ;; This goofy code will generate the grub.cfg
+ ;; without installing the grub bootloader on disk.
+ (bootloader (bootloader-configuration
+ (bootloader
+ (bootloader
+ (inherit grub-bootloader)
+ (installer #~(const #t))))))
+ (file-systems (cons (file-system
+ (device "/dev/sda")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
+ %base-initrd-modules))
+
+ (users (cons (user-account
+ (name "janedoe")
+ (group "users")
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel"))
+ (home-directory "/home/janedoe"))
+ %base-user-accounts))
+
+ (packages (cons* nss-certs ;for HTTPS access
+ openssh-sans-x
+ %base-packages))
+
+ (services (cons*
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (password-authentication? #f)
+ (authorized-keys
+ `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+ ;; Is this a good idea? Well if you don't add it
+ ;; you have to manually set your user's password
+ ;; via the glish console...
+ ("root" ,(local-file "janedoe_rsa.pub"))))))
+ %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server") ; replace with your server name
+(name "janedoe") ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Note the same above for root, which I don't feel great about, but
+otherwise you'll need to log in via the linode "glish" console to log in
+as root and set the user's initial password before you can start using
+sudo. @comment {(is there another way around this?)}
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely. Instead we install only our grub configuration file. So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh! (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray! At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.26.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-07-11 0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
@ 2020-07-21 20:51 ` Christopher Lemmer Webber
2020-08-07 17:15 ` Joshua Branson via Guix-patches via
2020-08-07 17:16 ` Joshua Branson via Guix-patches via
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
2 siblings, 2 replies; 14+ messages in thread
From: Christopher Lemmer Webber @ 2020-07-21 20:51 UTC (permalink / raw)
To: jbranso, 42317
Joshua Branson via Guix-patches via writes:
> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
> MIME-Version: 1.0
> Content-Type: text/x-patch
> Content-Disposition: attachment;
> filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
> ---
> doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 180 insertions(+)
>
> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
> index f541592d13..3ade82af14 100644
> --- a/doc/guix-cookbook.texi
> +++ b/doc/guix-cookbook.texi
> @@ -1347,6 +1347,7 @@ reference.
> * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
> * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
> * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
> +* Running Guix on a Linode:: Running Guix on a Linode
> * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
> * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
> @end menu
> @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
> confusion occurs. This can be done by executing @code{xset s activate} immediately
> before you execute slock.
>
> +@node Running Guix on a Linode
> +@section Running Guix on a Linode
> +@cindex linode
> +
> +Start with a recommended Debian server. Be sure to add your ssh key for
> +easy login. We recommend using the default distro as a way to bootstrap
> +Guix. This is usually done via @code{ssh-copy-id}.
Huh! I've never used ssh-copy-id before...
Regardless, my experience was that Linode's interface it asked me what
key I wanted to provide... I just copy-pasta'ed from
~/.ssh/id_<keytype>.pub
How would one do it with ssh-copy-id?
> +Power the linode down. In the Linode's Disks/Configurations tab, resize
> +the Debian disk to be smaller. 30 GB is recommended.
> +
> +In the Linode settings, "Add a disk", with the following:
> +@itemize @bullet
> +@item
> +Label: "Guix"
> +
> +@item
> +Filesystem: ext4
> +
> +@item
> +Set it to the remaining size
> +@end itemize
> +
> +On the "configuration" field that comes with the default image, press
> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
> +label.
> +
> +Now "Add a Configuration", with the following:
> +@itemize @bullet
> +@item
> +Label: Guix
> +
> +@item
> +VM Mode: Paravirtualization @c{The default?? Does this matter?}
We can probably remove this comment I guess? Not sure, especially
since I still don't know if it matters. ;)
Maybe we could even skip listing it since the default is fine?
> +@item
> +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!})
> +
> +@item
> +Block device assignment:
> +
> +@item
> +/dev/sda: Guix
> +
> +@item
> +/dev/sdb: swap
Also note that I made the mistake of never actually using swap in my
server configuration. Maybe worth fixing?
> +@item
> +Root device: /dev/sda
> +
> +@item
> +Turn off all the filesystem/boot helpers
> +@end itemize
> +
> +Now power it back up, picking the Debian configuration. Once it's
> +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
> +Now you can run the "install guix form binary installer" steps:
> +
> +@example
> +sudo apt-get install gpg
> +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
> +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
> +chmod +x guix-install.sh
> +./guix-install.sh
> +guix pull
> +@end example
> +
> +Now it's time to write out a config for the server. The key information
> +is below. Save the resulting file as guix-config.scm:
> +
> +@lisp
> +(use-modules (gnu)
> + (guix modules))
> +(use-service-modules networking
> + ssh)
> +(use-package-modules admin
> + certs
> + package-management
> + ssh
> + tls)
> +
> +(operating-system
> + (host-name "my-server")
> + (timezone "America/New_York")
> + (locale "en_US.UTF-8")
> + ;; This goofy code will generate the grub.cfg
> + ;; without installing the grub bootloader on disk.
> + (bootloader (bootloader-configuration
> + (bootloader
> + (bootloader
> + (inherit grub-bootloader)
> + (installer #~(const #t))))))
> + (file-systems (cons (file-system
> + (device "/dev/sda")
> + (mount-point "/")
> + (type "ext4"))
> + %base-file-systems))
Presumably, here's where we should add swap.
> + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
> + %base-initrd-modules))
> +
> + (users (cons (user-account
> + (name "janedoe")
> + (group "users")
> + ;; Adding the account to the "wheel" group
> + ;; makes it a sudoer.
> + (supplementary-groups '("wheel"))
> + (home-directory "/home/janedoe"))
> + %base-user-accounts))
> +
> + (packages (cons* nss-certs ;for HTTPS access
> + openssh-sans-x
> + %base-packages))
> +
> + (services (cons*
> + (service dhcp-client-service-type)
> + (service openssh-service-type
> + (openssh-configuration
> + (openssh openssh-sans-x)
> + (password-authentication? #f)
> + (authorized-keys
> + `(("janedoe" ,(local-file "janedoe_rsa.pub"))
> + ;; Is this a good idea? Well if you don't add it
> + ;; you have to manually set your user's password
> + ;; via the glish console...
> + ("root" ,(local-file "janedoe_rsa.pub"))))))
> + %base-services)))
> +@end lisp
> +
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server") ; replace with your server name
> +(name "janedoe") ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo. @comment {(is there another way around this?)}
Maybe the first person could be removed... "which I don't feel great
about, but..." with "which doesn't seem great, but..."
> +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
> +<your-username-here>_rsa.pub in the same directory.
> +
> +Mount the guix drive:
> +@example
> +mkdir /mnt/guix
> +mount /dev/sdc /mnt/guix
> +@end example
> +
> +Due to the way we set things up above, we do not install Grub
> +completely. Instead we install only our grub configuration file. So we
> +need to copy over some of the other Grub stuff that is already there:
> +
> +@example
> +mkdir -p /mnt/guix/boot/grub
> +cp -r /boot/grub/* /mnt/guix/boot/grub/
> +@end example
> +
> +Now initialize the Guix installation:
> +@example
> +guix system init guix-config.scm /mnt/guix
> +@end example
> +
> +Ok, power it down!
> +Now from the linode console, select boot and select "Guix".
> +
> +Once it boots, you should be able to log in via ssh! (The server
> +config will have changed though.)
> +
> +Be sure to set your password and root's password.
> +
> +Horray! At this point you can shut down the server, delete the
> +Debian disk, and resize the Guix to the rest of the size.
> +Congratulations!
> +
> +BTW, if you save it as a disk image right at this point, you'll have an
> +easy time spinning up new Guix images!
> +
> @node Setting up a bind mount
> @section Setting up a bind mount
Fantastic! It otherwise looks good to me.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-07-21 20:51 ` Christopher Lemmer Webber
@ 2020-08-07 17:15 ` Joshua Branson via Guix-patches via
2020-08-07 21:11 ` Christopher Lemmer Webber
2020-08-07 17:16 ` Joshua Branson via Guix-patches via
1 sibling, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-07 17:15 UTC (permalink / raw)
To: 42317
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server") ; replace with your server name
> +(name "janedoe") ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo. @comment {(is there another way around this?)}
I'm not certain how I need to change the configuration here... I just
deleted the "Note the same above for root" paragraph. Can you give me
some direction?
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-07-21 20:51 ` Christopher Lemmer Webber
2020-08-07 17:15 ` Joshua Branson via Guix-patches via
@ 2020-08-07 17:16 ` Joshua Branson via Guix-patches via
2020-08-08 21:58 ` Joshua Branson via Guix-patches via
1 sibling, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-07 17:16 UTC (permalink / raw)
To: 42317
[-- Attachment #1: running linode on a cookbook --]
[-- Type: text/x-patch, Size: 7722 bytes --]
From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 187 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d6d28a419 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
Copyright @copyright{} 2020 Marcin Karpezo@*
Copyright @copyright{} 2020 Brice Waegeneire@*
Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
@end menu
@@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
confusion occurs. This can be done by executing @code{xset s activate} immediately
before you execute slock.
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server. We recommend using the default
+distro as a way to bootstrap Guix. Be sure to add your ssh key for easy
+login to the remote server. This is usually done via
+@code{ssh-copy-id}. For example, create your ssh keys, then you can
+upload your keys to the remote server like so:
+
+@example
+ssh-keygen
+ssh-copy-id username@@<remote computer IP address>
+@end example
+
+You can also use linode's graphical interface for adding ssh keys. Just
+copy your local file @code{~/.ssh/id_<keytype>.pub}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration. Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server. The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+ (guix modules))
+(use-service-modules networking
+ ssh)
+(use-package-modules admin
+ certs
+ package-management
+ ssh
+ tls)
+
+(operating-system
+ (host-name "my-server")
+ (timezone "America/New_York")
+ (locale "en_US.UTF-8")
+ ;; This goofy code will generate the grub.cfg
+ ;; without installing the grub bootloader on disk.
+ (bootloader (bootloader-configuration
+ (bootloader
+ (bootloader
+ (inherit grub-bootloader)
+ (installer #~(const #t))))))
+ (file-systems (cons (file-system
+ (device "/dev/sda")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+
+ (swap-devices (list "/dev/sdb"))
+
+
+ (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
+ %base-initrd-modules))
+
+ (users (cons (user-account
+ (name "janedoe")
+ (group "users")
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel"))
+ (home-directory "/home/janedoe"))
+ %base-user-accounts))
+
+ (packages (cons* nss-certs ;for HTTPS access
+ openssh-sans-x
+ %base-packages))
+
+ (services (cons*
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (password-authentication? #f)
+ (authorized-keys
+ `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+ ;; Is this a good idea? Well if you don't add it
+ ;; you have to manually set your user's password
+ ;; via the glish console...
+ ("root" ,(local-file "janedoe_rsa.pub"))))))
+ %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server") ; replace with your server name
+(name "janedoe") ; replace with your username on the remote server
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely. Instead we install only our grub configuration file. So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh! (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray! At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.28.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-08-07 17:15 ` Joshua Branson via Guix-patches via
@ 2020-08-07 21:11 ` Christopher Lemmer Webber
2020-08-08 21:57 ` Joshua Branson via Guix-patches via
0 siblings, 1 reply; 14+ messages in thread
From: Christopher Lemmer Webber @ 2020-08-07 21:11 UTC (permalink / raw)
To: jbranso, 42317
Joshua Branson via Guix-patches via writes:
>> +Replace the following fields in the above configuration:
>> +@lisp
>> +(host-name "my-server") ; replace with your server name
>> +(name "janedoe") ; replace with your username
>> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
>> +@end lisp
>> +
>> +Note the same above for root, which I don't feel great about, but
>> +otherwise you'll need to log in via the linode "glish" console to log in
>> +as root and set the user's initial password before you can start using
>> +sudo. @comment {(is there another way around this?)}
>
> I'm not certain how I need to change the configuration here... I just
> deleted the "Note the same above for root" paragraph. Can you give me
> some direction?
Easiest path is to just add
;; Allow root login to allow easy login before you set up your
;; initial password for sudo purposes. You can remove this line
;; after you log in and set your initial user password.
("root" ,(local-file "janedoe_rsa.pub")
after the janedoe thing and delete that whole paragraph. That provides
an easyish way to deal with things... if someone is uncomfortable with
having a root login, I suppose they have enough experience to know how
to remove this later if they want.
Great work on this, with that change I think it looks good to go!
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-08-07 21:11 ` Christopher Lemmer Webber
@ 2020-08-08 21:57 ` Joshua Branson via Guix-patches via
0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-08 21:57 UTC (permalink / raw)
To: 42317
Hey Chris,
So I'm made some more edits to the guide about setting up a linode.
Namely, I removed the bit about ssh-copy-id. It's just easier to use
linode's interface.
I also added some sftp commands for uploading the ssh key and
guix-config.scm file.
There are a smattering of other edits. I actually followed your guide
and set up my linode! Thanks for writing this up!
My next email will have the updated patch.
P.S. The only issue that I currently have is that I can ssh into the
linode server as my regular user, but I cannot ssh in as a root
user...Maybe as a next exercise I'll try to add to the cookbook how to
use guix deploy on a linode server...because that would be cool!
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-08-07 17:16 ` Joshua Branson via Guix-patches via
@ 2020-08-08 21:58 ` Joshua Branson via Guix-patches via
2020-08-31 10:33 ` Ludovic Courtès
0 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-08-08 21:58 UTC (permalink / raw)
To: 42317
[-- Attachment #1: running guix on a linode --]
[-- Type: text/x-patch, Size: 9853 bytes --]
From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 239 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..a907ddaf33 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
Copyright @copyright{} 2020 Marcin Karpezo@*
Copyright @copyright{} 2020 Brice Waegeneire@*
Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
@end menu
@@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
confusion occurs. This can be done by executing @code{xset s activate} immediately
before you execute slock.
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server. We recommend using the default
+distro as a way to bootstrap Guix. Create your ssh keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your ssh key for easy login to the remote server. This
+is trivially done via linode's graphical interface for adding ssh keys.
+Go to your profile and click add SSH Key. Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration. Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server. The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+ (guix modules))
+(use-service-modules networking
+ ssh)
+(use-package-modules admin
+ certs
+ package-management
+ ssh
+ tls)
+
+(operating-system
+ (host-name "my-server")
+ (timezone "America/New_York")
+ (locale "en_US.UTF-8")
+ ;; This goofy code will generate the grub.cfg
+ ;; without installing the grub bootloader on disk.
+ (bootloader (bootloader-configuration
+ (bootloader
+ (bootloader
+ (inherit grub-bootloader)
+ (installer #~(const #t))))))
+ (file-systems (cons (file-system
+ (device "/dev/sda")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+
+ (swap-devices (list "/dev/sdb"))
+
+
+ (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
+ %base-initrd-modules))
+
+ (users (cons (user-account
+ (name "janedoe")
+ (group "users")
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel"))
+ (home-directory "/home/janedoe"))
+ %base-user-accounts))
+
+ (packages (cons* nss-certs ;for HTTPS access
+ openssh-sans-x
+ %base-packages))
+
+ (services (cons*
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (password-authentication? #f)
+ (authorized-keys
+ `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+ ("root" ,(local-file "janedoe_rsa.pub"))))))
+ %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server") ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe") ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password. After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory. In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely. Instead we install only our grub configuration file. So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh! (The server
+config will have changed though.) You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point. If you
+have issues ssh-ing into your box, then you may still need to set your
+root and user password initially by clicking on the ``Launch Console''
+option in your linode. Choose the ``Glish'' instead of ``Weblish''.
+Now you should be able to ssh into the machine.
+
+Horray! At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images! You may need to
+down-size the Guix image to 6144MB, to save it as an image. Then you
+can resize it again to the max size.
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.28.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-08-08 21:58 ` Joshua Branson via Guix-patches via
@ 2020-08-31 10:33 ` Ludovic Courtès
2020-09-01 2:08 ` Joshua Branson via Guix-patches via
0 siblings, 1 reply; 14+ messages in thread
From: Ludovic Courtès @ 2020-08-31 10:33 UTC (permalink / raw)
To: Joshua Branson; +Cc: 42317
Hi!
Joshua Branson <jbranso@dismail.de> scribes:
>>From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
Minor issue: s/on a Linode/on a Linode Server/
or: s/on a Linode/on Linode/ ?
Also, s/Grub/GRUB/, s/ssh/SSH/, s/linode/Linode, and perhaps @code or
@file here and there would be welcome.
But these are details, the post looks great! Let me know if you can
send an updated version or if I should adjust these for you.
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
2020-08-31 10:33 ` Ludovic Courtès
@ 2020-09-01 2:08 ` Joshua Branson via Guix-patches via
0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-01 2:08 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 42317
I will send an updated patch tomorrow after work. You should see a new
patch by late afternoon.
Thanks,
Joshua
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
2020-07-11 0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber
@ 2020-09-01 10:45 ` Joshua Branson via Guix-patches via
2020-09-07 13:59 ` Ludovic Courtès
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
2 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-01 10:45 UTC (permalink / raw)
To: 42317; +Cc: Joshua Branson
* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 241 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0521c29a35 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
Copyright @copyright{} 2020 Marcin Karpezo@*
Copyright @copyright{} 2020 Brice Waegeneire@*
Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
@end menu
@@ -1759,6 +1761,245 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
confusion occurs. This can be done by executing @code{xset s activate} immediately
before you execute slock.
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode
+
+Start with a recommended Debian server. We recommend using the default
+distro as a way to bootstrap Guix. Create your @code{SSH} keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your @code{SSH key} for easy login to the remote server.
+This is trivially done via linode's graphical interface for adding @code{SSH
+keys}. Go to your profile and click add @code {SSH Key}. Copy into it
+the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the @code {Linode} down. In the @code{Linode's}
+Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is
+recommended.
+
+In the @code{Linode} settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: @code {GRUB 2} (it's at the bottom! This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration. Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server. The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+ (guix modules))
+(use-service-modules networking
+ ssh)
+(use-package-modules admin
+ certs
+ package-management
+ ssh
+ tls)
+
+(operating-system
+ (host-name "my-server")
+ (timezone "America/New_York")
+ (locale "en_US.UTF-8")
+ ;; This goofy code will generate the grub.cfg
+ ;; without installing the grub bootloader on disk.
+ (bootloader (bootloader-configuration
+ (bootloader
+ (bootloader
+ (inherit grub-bootloader)
+ (installer #~(const #t))))))
+ (file-systems (cons (file-system
+ (device "/dev/sda")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+
+ (swap-devices (list "/dev/sdb"))
+
+
+ (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
+ %base-initrd-modules))
+
+ (users (cons (user-account
+ (name "janedoe")
+ (group "users")
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel"))
+ (home-directory "/home/janedoe"))
+ %base-user-accounts))
+
+ (packages (cons* nss-certs ;for HTTPS access
+ openssh-sans-x
+ %base-packages))
+
+ (services (cons*
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (password-authentication? #f)
+ (authorized-keys
+ `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+ ("root" ,(local-file "janedoe_rsa.pub"))))))
+ %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server") ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe") ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password. After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your @code{ssh public key} (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory. In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install @code{GRUB}
+completely. Instead we install only our grub configuration file. So we
+need to copy over some of the other @code{GRUB} stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the @code{Linode} console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via @code{SSH}! (The server
+config will have changed though.) You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point. If you
+have issues @code{SSH-ing} into your box, then you may still need to set
+your root and user password initially by clicking on the ``Launch
+Console'' option in your linode. Choose the ``Glish'' instead of
+``Weblish''. Now you should be able to ssh into the machine.
+
+Horray! At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images! You may need to
+down-size the Guix image to 6144MB, to save it as an image. Then you
+can resize it again to the max size.
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.28.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
@ 2020-09-07 13:59 ` Ludovic Courtès
2020-09-07 15:10 ` Joshua Branson via Guix-patches via
0 siblings, 1 reply; 14+ messages in thread
From: Ludovic Courtès @ 2020-09-07 13:59 UTC (permalink / raw)
To: Joshua Branson; +Cc: 42317
Hi Joshua,
Thanks for following up on this! Minor comments:
Joshua Branson <jbranso@dismail.de> skribis:
> +@node Running Guix on a Linode Server
> +@section Running Guix on a Linode Server
> +@cindex linode
> +
> +Start with a recommended Debian server. We recommend using the default
^
I’d start the sentence with something like “To run Guix on a server
hosted by @uref{https://www.linode.com/, Linode}, start with a …”.
(That makes it clear what we’re talking about, what Linode is, etc.)
> +distro as a way to bootstrap Guix. Create your @code{SSH} keys.
[...]
> +Be sure to add your @code{SSH key} for easy login to the remote server.
[...]
> +Power the @code {Linode} down. In the @code{Linode's}
I realize I wasn’t clear: @code is for code snippets. When referring to
Linode (the service/company) or SSH (the protocol), just write it as is,
without @code.
You would use @code for a command (like @code{rm -rf /foo}) and @file
for a file name (like @file{/dev/sdc}). Text enclosed in @code or @file
is rendered with a fixed-width font and possibly a different background
color.
> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
^
@file here.
> +root@@<your-server-ip-here>}. (You can find your server ip address in
^
@var{your-server-ip-here}
And s/ip/IP/.
Let me know if you can take care of those last (I promise!) changes.
Thank you!
Ludo’.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server
2020-09-07 13:59 ` Ludovic Courtès
@ 2020-09-07 15:10 ` Joshua Branson via Guix-patches via
0 siblings, 0 replies; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-07 15:10 UTC (permalink / raw)
To: 42317
Yes I will make these changes, and re-submit them. :)
Thanks,
Joshua
P.S. Should I follow up to mailing lists via responding only to the
mailing list? Or would you prefer that I CC your email address?
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server"
2020-07-11 0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
@ 2020-09-08 14:31 ` Joshua Branson via Guix-patches via
2020-09-09 7:21 ` bug#42317: " Ludovic Courtès
2 siblings, 1 reply; 14+ messages in thread
From: Joshua Branson via Guix-patches via @ 2020-09-08 14:31 UTC (permalink / raw)
To: 42317; +Cc: ludo, jbranso
* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
doc/guix-cookbook.texi | 242 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 242 insertions(+)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d15d658e9 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
Copyright @copyright{} 2020 Marcin Karpezo@*
Copyright @copyright{} 2020 Brice Waegeneire@*
Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
* Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
@end menu
@@ -1759,6 +1761,246 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
confusion occurs. This can be done by executing @code{xset s activate} immediately
before you execute slock.
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode, Linode
+
+To run Guix on a server hosted by @uref{https://www.linode.com, Linode},
+start with a recommended Debian server. We recommend using the default
+distro as a way to bootstrap Guix. Create your SSH keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your SSH key for easy login to the remote server.
+This is trivially done via Linode's graphical interface for adding
+SSH keys. Go to your profile and click add SSH Key.
+Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the Linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to @file{/dev/sdc} the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel:GRUB 2 (it's at the bottom! This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+@file{/dev/sda}: Guix
+
+@item
+@file{/dev/sdb}: swap
+
+@item
+Root device: @file{/dev/sda}
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration. Once it's
+booted up, ssh in your server via @code{ssh
+root@@@var{<your-server-IP-here>}}. (You can find your server IP address in
+your Linode Summary section.) Now you can run the "install guix from
+@pxref{Binary Installation,,, guix, GNU Guix}" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server. The key information
+is below. Save the resulting file as @file{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+ (guix modules))
+(use-service-modules networking
+ ssh)
+(use-package-modules admin
+ certs
+ package-management
+ ssh
+ tls)
+
+(operating-system
+ (host-name "my-server")
+ (timezone "America/New_York")
+ (locale "en_US.UTF-8")
+ ;; This goofy code will generate the grub.cfg
+ ;; without installing the grub bootloader on disk.
+ (bootloader (bootloader-configuration
+ (bootloader
+ (bootloader
+ (inherit grub-bootloader)
+ (installer #~(const #t))))))
+ (file-systems (cons (file-system
+ (device "/dev/sda")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+
+ (swap-devices (list "/dev/sdb"))
+
+
+ (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
+ %base-initrd-modules))
+
+ (users (cons (user-account
+ (name "janedoe")
+ (group "users")
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer.
+ (supplementary-groups '("wheel"))
+ (home-directory "/home/janedoe"))
+ %base-user-accounts))
+
+ (packages (cons* nss-certs ;for HTTPS access
+ openssh-sans-x
+ %base-packages))
+
+ (services (cons*
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (openssh openssh-sans-x)
+ (password-authentication? #f)
+ (authorized-keys
+ `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+ ("root" ,(local-file "janedoe_rsa.pub"))))))
+ %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server") ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe") ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password. After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as
+@file{@var{<your-username-here>}_rsa.pub} and your
+@file{guix-config.scm} in the same directory. In a new terminal run
+these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install GRUB
+completely. Instead we install only our grub configuration file. So we
+need to copy over some of the other GRUB stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the Linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via SSH! (The server config
+will have changed though.) You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete @file{~/.ssh/known_hosts} file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point. If you
+have issues remotely logging into your linode box via SSH, then you may
+still need to set your root and user password initially by clicking on
+the ``Launch Console'' option in your linode. Choose the ``Glish''
+instead of ``Weblish''. Now you should be able to ssh into the machine.
+
+Horray! At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images! You may need to
+down-size the Guix image to 6144MB, to save it as an image. Then you
+can resize it again to the max size.
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.28.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* bug#42317: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server"
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
@ 2020-09-09 7:21 ` Ludovic Courtès
0 siblings, 0 replies; 14+ messages in thread
From: Ludovic Courtès @ 2020-09-09 7:21 UTC (permalink / raw)
To: Joshua Branson; +Cc: 42317-done
Hi Joshua,
Joshua Branson <jbranso@dismail.de> skribis:
> * doc/guix-cookbook.texi (Running Guix on a Linode Server):
> I added a section that explains how to run guix on a linode server.
> Thanks Chris Webber!
Applied, thank you!
Ludo’.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-09-09 7:22 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-11 0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber
2020-08-07 17:15 ` Joshua Branson via Guix-patches via
2020-08-07 21:11 ` Christopher Lemmer Webber
2020-08-08 21:57 ` Joshua Branson via Guix-patches via
2020-08-07 17:16 ` Joshua Branson via Guix-patches via
2020-08-08 21:58 ` Joshua Branson via Guix-patches via
2020-08-31 10:33 ` Ludovic Courtès
2020-09-01 2:08 ` Joshua Branson via Guix-patches via
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
2020-09-07 13:59 ` Ludovic Courtès
2020-09-07 15:10 ` Joshua Branson via Guix-patches via
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
2020-09-09 7:21 ` bug#42317: " Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).