From: Christopher Lemmer Webber <cwebber@dustycloud.org>
To: jbranso@dismail.de, 42317@debbugs.gnu.org
Subject: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Tue, 21 Jul 2020 16:51:46 -0400 [thread overview]
Message-ID: <87blk8y4kd.fsf@dustycloud.org> (raw)
In-Reply-To: <87v9iukhn1.fsf@dismail.de>
Joshua Branson via Guix-patches via writes:
> From: Joshua Branson <jbranso@dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode""
> MIME-Version: 1.0
> Content-Type: text/x-patch
> Content-Disposition: attachment;
> filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
> ---
> doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 180 insertions(+)
>
> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
> index f541592d13..3ade82af14 100644
> --- a/doc/guix-cookbook.texi
> +++ b/doc/guix-cookbook.texi
> @@ -1347,6 +1347,7 @@ reference.
> * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
> * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN.
> * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
> +* Running Guix on a Linode:: Running Guix on a Linode
> * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
> * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
> @end menu
> @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
> confusion occurs. This can be done by executing @code{xset s activate} immediately
> before you execute slock.
>
> +@node Running Guix on a Linode
> +@section Running Guix on a Linode
> +@cindex linode
> +
> +Start with a recommended Debian server. Be sure to add your ssh key for
> +easy login. We recommend using the default distro as a way to bootstrap
> +Guix. This is usually done via @code{ssh-copy-id}.
Huh! I've never used ssh-copy-id before...
Regardless, my experience was that Linode's interface it asked me what
key I wanted to provide... I just copy-pasta'ed from
~/.ssh/id_<keytype>.pub
How would one do it with ssh-copy-id?
> +Power the linode down. In the Linode's Disks/Configurations tab, resize
> +the Debian disk to be smaller. 30 GB is recommended.
> +
> +In the Linode settings, "Add a disk", with the following:
> +@itemize @bullet
> +@item
> +Label: "Guix"
> +
> +@item
> +Filesystem: ext4
> +
> +@item
> +Set it to the remaining size
> +@end itemize
> +
> +On the "configuration" field that comes with the default image, press
> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
> +label.
> +
> +Now "Add a Configuration", with the following:
> +@itemize @bullet
> +@item
> +Label: Guix
> +
> +@item
> +VM Mode: Paravirtualization @c{The default?? Does this matter?}
We can probably remove this comment I guess? Not sure, especially
since I still don't know if it matters. ;)
Maybe we could even skip listing it since the default is fine?
> +@item
> +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!})
> +
> +@item
> +Block device assignment:
> +
> +@item
> +/dev/sda: Guix
> +
> +@item
> +/dev/sdb: swap
Also note that I made the mistake of never actually using swap in my
server configuration. Maybe worth fixing?
> +@item
> +Root device: /dev/sda
> +
> +@item
> +Turn off all the filesystem/boot helpers
> +@end itemize
> +
> +Now power it back up, picking the Debian configuration. Once it's
> +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
> +Now you can run the "install guix form binary installer" steps:
> +
> +@example
> +sudo apt-get install gpg
> +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
> +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
> +chmod +x guix-install.sh
> +./guix-install.sh
> +guix pull
> +@end example
> +
> +Now it's time to write out a config for the server. The key information
> +is below. Save the resulting file as guix-config.scm:
> +
> +@lisp
> +(use-modules (gnu)
> + (guix modules))
> +(use-service-modules networking
> + ssh)
> +(use-package-modules admin
> + certs
> + package-management
> + ssh
> + tls)
> +
> +(operating-system
> + (host-name "my-server")
> + (timezone "America/New_York")
> + (locale "en_US.UTF-8")
> + ;; This goofy code will generate the grub.cfg
> + ;; without installing the grub bootloader on disk.
> + (bootloader (bootloader-configuration
> + (bootloader
> + (bootloader
> + (inherit grub-bootloader)
> + (installer #~(const #t))))))
> + (file-systems (cons (file-system
> + (device "/dev/sda")
> + (mount-point "/")
> + (type "ext4"))
> + %base-file-systems))
Presumably, here's where we should add swap.
> + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
> + %base-initrd-modules))
> +
> + (users (cons (user-account
> + (name "janedoe")
> + (group "users")
> + ;; Adding the account to the "wheel" group
> + ;; makes it a sudoer.
> + (supplementary-groups '("wheel"))
> + (home-directory "/home/janedoe"))
> + %base-user-accounts))
> +
> + (packages (cons* nss-certs ;for HTTPS access
> + openssh-sans-x
> + %base-packages))
> +
> + (services (cons*
> + (service dhcp-client-service-type)
> + (service openssh-service-type
> + (openssh-configuration
> + (openssh openssh-sans-x)
> + (password-authentication? #f)
> + (authorized-keys
> + `(("janedoe" ,(local-file "janedoe_rsa.pub"))
> + ;; Is this a good idea? Well if you don't add it
> + ;; you have to manually set your user's password
> + ;; via the glish console...
> + ("root" ,(local-file "janedoe_rsa.pub"))))))
> + %base-services)))
> +@end lisp
> +
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server") ; replace with your server name
> +(name "janedoe") ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo. @comment {(is there another way around this?)}
Maybe the first person could be removed... "which I don't feel great
about, but..." with "which doesn't seem great, but..."
> +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
> +<your-username-here>_rsa.pub in the same directory.
> +
> +Mount the guix drive:
> +@example
> +mkdir /mnt/guix
> +mount /dev/sdc /mnt/guix
> +@end example
> +
> +Due to the way we set things up above, we do not install Grub
> +completely. Instead we install only our grub configuration file. So we
> +need to copy over some of the other Grub stuff that is already there:
> +
> +@example
> +mkdir -p /mnt/guix/boot/grub
> +cp -r /boot/grub/* /mnt/guix/boot/grub/
> +@end example
> +
> +Now initialize the Guix installation:
> +@example
> +guix system init guix-config.scm /mnt/guix
> +@end example
> +
> +Ok, power it down!
> +Now from the linode console, select boot and select "Guix".
> +
> +Once it boots, you should be able to log in via ssh! (The server
> +config will have changed though.)
> +
> +Be sure to set your password and root's password.
> +
> +Horray! At this point you can shut down the server, delete the
> +Debian disk, and resize the Guix to the rest of the size.
> +Congratulations!
> +
> +BTW, if you save it as a disk image right at this point, you'll have an
> +easy time spinning up new Guix images!
> +
> @node Setting up a bind mount
> @section Setting up a bind mount
Fantastic! It otherwise looks good to me.
next prev parent reply other threads:[~2020-07-21 20:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-11 0:41 [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Joshua Branson via Guix-patches via
2020-07-21 20:51 ` Christopher Lemmer Webber [this message]
2020-08-07 17:15 ` Joshua Branson via Guix-patches via
2020-08-07 21:11 ` Christopher Lemmer Webber
2020-08-08 21:57 ` Joshua Branson via Guix-patches via
2020-08-07 17:16 ` Joshua Branson via Guix-patches via
2020-08-08 21:58 ` Joshua Branson via Guix-patches via
2020-08-31 10:33 ` Ludovic Courtès
2020-09-01 2:08 ` Joshua Branson via Guix-patches via
2020-09-01 10:45 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Joshua Branson via Guix-patches via
2020-09-07 13:59 ` Ludovic Courtès
2020-09-07 15:10 ` Joshua Branson via Guix-patches via
2020-09-08 14:31 ` [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Joshua Branson via Guix-patches via
2020-09-09 7:21 ` bug#42317: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blk8y4kd.fsf@dustycloud.org \
--to=cwebber@dustycloud.org \
--cc=42317@debbugs.gnu.org \
--cc=jbranso@dismail.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).