From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id iDqDMoBVF18LLAAA0tVLHw (envelope-from ) for ; Tue, 21 Jul 2020 20:52:16 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id YJMzLoBVF19mCwAAbx9fmQ (envelope-from ) for ; Tue, 21 Jul 2020 20:52:16 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 40FB69404D7 for ; Tue, 21 Jul 2020 20:52:15 +0000 (UTC) Received: from localhost ([::1]:59392 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jxzFF-0001Nm-13 for larch@yhetil.org; Tue, 21 Jul 2020 16:52:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46512) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxzF4-0001NO-Ib for guix-patches@gnu.org; Tue, 21 Jul 2020 16:52:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57198) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jxzF4-0002I6-9s for guix-patches@gnu.org; Tue, 21 Jul 2020 16:52:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jxzF4-0000qJ-95 for guix-patches@gnu.org; Tue, 21 Jul 2020 16:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook Resent-From: Christopher Lemmer Webber Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 21 Jul 2020 20:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42317 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: jbranso@dismail.de, 42317@debbugs.gnu.org X-Debbugs-Original-To: Joshua Branson , Joshua Branson via Guix-patches X-Debbugs-Original-Cc: 42317@debbugs.gnu.org Received: via spool by 42317-submit@debbugs.gnu.org id=B42317.15953647113200 (code B ref 42317); Tue, 21 Jul 2020 20:52:02 +0000 Received: (at 42317) by debbugs.gnu.org; 21 Jul 2020 20:51:51 +0000 Received: from localhost ([127.0.0.1]:40507 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxzEs-0000pX-TC for submit@debbugs.gnu.org; Tue, 21 Jul 2020 16:51:51 -0400 Received: from dustycloud.org ([50.116.34.160]:36462) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxzEq-0000pO-HC for 42317@debbugs.gnu.org; Tue, 21 Jul 2020 16:51:49 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id C511826679; Tue, 21 Jul 2020 16:51:46 -0400 (EDT) References: <87v9iukhn1.fsf@dismail.de> User-agent: mu4e 1.4.9; emacs 26.3 From: Christopher Lemmer Webber In-reply-to: <87v9iukhn1.fsf@dismail.de> Date: Tue, 21 Jul 2020 16:51:46 -0400 Message-ID: <87blk8y4kd.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: EXIvyBpjxE6v Joshua Branson via Guix-patches via writes: > From: Joshua Branson > Date: Fri, 10 Jul 2020 20:32:30 -0400 > Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" > MIME-Version: 1.0 > Content-Type: text/x-patch > Content-Disposition: attachment; > filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch > > * doc/guix-cookbook.texi (Running Guix on a Linode): > I added a section that explains how to run guix on a linode. > Thanks Chris Webber! > --- > doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 180 insertions(+) > > diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi > index f541592d13..3ade82af14 100644 > --- a/doc/guix-cookbook.texi > +++ b/doc/guix-cookbook.texi > @@ -1347,6 +1347,7 @@ reference. > * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. > * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. > * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. > +* Running Guix on a Linode:: Running Guix on a Linode > * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. > * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. > @end menu > @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s > confusion occurs. This can be done by executing @code{xset s activate} immediately > before you execute slock. > > +@node Running Guix on a Linode > +@section Running Guix on a Linode > +@cindex linode > + > +Start with a recommended Debian server. Be sure to add your ssh key for > +easy login. We recommend using the default distro as a way to bootstrap > +Guix. This is usually done via @code{ssh-copy-id}. Huh! I've never used ssh-copy-id before... Regardless, my experience was that Linode's interface it asked me what key I wanted to provide... I just copy-pasta'ed from ~/.ssh/id_.pub How would one do it with ssh-copy-id? > +Power the linode down. In the Linode's Disks/Configurations tab, resize > +the Debian disk to be smaller. 30 GB is recommended. > + > +In the Linode settings, "Add a disk", with the following: > +@itemize @bullet > +@item > +Label: "Guix" > + > +@item > +Filesystem: ext4 > + > +@item > +Set it to the remaining size > +@end itemize > + > +On the "configuration" field that comes with the default image, press > +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" > +label. > + > +Now "Add a Configuration", with the following: > +@itemize @bullet > +@item > +Label: Guix > + > +@item > +VM Mode: Paravirtualization @c{The default?? Does this matter?} We can probably remove this comment I guess? Not sure, especially since I still don't know if it matters. ;) Maybe we could even skip listing it since the default is fine? > +@item > +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) > + > +@item > +Block device assignment: > + > +@item > +/dev/sda: Guix > + > +@item > +/dev/sdb: swap Also note that I made the mistake of never actually using swap in my server configuration. Maybe worth fixing? > +@item > +Root device: /dev/sda > + > +@item > +Turn off all the filesystem/boot helpers > +@end itemize > + > +Now power it back up, picking the Debian configuration. Once it's > +booted up, ssh in your server via @code{ssh root@@}. > +Now you can run the "install guix form binary installer" steps: > + > +@example > +sudo apt-get install gpg > +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - > +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh > +chmod +x guix-install.sh > +./guix-install.sh > +guix pull > +@end example > + > +Now it's time to write out a config for the server. The key information > +is below. Save the resulting file as guix-config.scm: > + > +@lisp > +(use-modules (gnu) > + (guix modules)) > +(use-service-modules networking > + ssh) > +(use-package-modules admin > + certs > + package-management > + ssh > + tls) > + > +(operating-system > + (host-name "my-server") > + (timezone "America/New_York") > + (locale "en_US.UTF-8") > + ;; This goofy code will generate the grub.cfg > + ;; without installing the grub bootloader on disk. > + (bootloader (bootloader-configuration > + (bootloader > + (bootloader > + (inherit grub-bootloader) > + (installer #~(const #t)))))) > + (file-systems (cons (file-system > + (device "/dev/sda") > + (mount-point "/") > + (type "ext4")) > + %base-file-systems)) Presumably, here's where we should add swap. > + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk > + %base-initrd-modules)) > + > + (users (cons (user-account > + (name "janedoe") > + (group "users") > + ;; Adding the account to the "wheel" group > + ;; makes it a sudoer. > + (supplementary-groups '("wheel")) > + (home-directory "/home/janedoe")) > + %base-user-accounts)) > + > + (packages (cons* nss-certs ;for HTTPS access > + openssh-sans-x > + %base-packages)) > + > + (services (cons* > + (service dhcp-client-service-type) > + (service openssh-service-type > + (openssh-configuration > + (openssh openssh-sans-x) > + (password-authentication? #f) > + (authorized-keys > + `(("janedoe" ,(local-file "janedoe_rsa.pub")) > + ;; Is this a good idea? Well if you don't add it > + ;; you have to manually set your user's password > + ;; via the glish console... > + ("root" ,(local-file "janedoe_rsa.pub")))))) > + %base-services))) > +@end lisp > + > +Replace the following fields in the above configuration: > +@lisp > +(host-name "my-server") ; replace with your server name > +(name "janedoe") ; replace with your username > +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too > +@end lisp > + > +Note the same above for root, which I don't feel great about, but > +otherwise you'll need to log in via the linode "glish" console to log in > +as root and set the user's initial password before you can start using > +sudo. @comment {(is there another way around this?)} Maybe the first person could be removed... "which I don't feel great about, but..." with "which doesn't seem great, but..." > +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as > +_rsa.pub in the same directory. > + > +Mount the guix drive: > +@example > +mkdir /mnt/guix > +mount /dev/sdc /mnt/guix > +@end example > + > +Due to the way we set things up above, we do not install Grub > +completely. Instead we install only our grub configuration file. So we > +need to copy over some of the other Grub stuff that is already there: > + > +@example > +mkdir -p /mnt/guix/boot/grub > +cp -r /boot/grub/* /mnt/guix/boot/grub/ > +@end example > + > +Now initialize the Guix installation: > +@example > +guix system init guix-config.scm /mnt/guix > +@end example > + > +Ok, power it down! > +Now from the linode console, select boot and select "Guix". > + > +Once it boots, you should be able to log in via ssh! (The server > +config will have changed though.) > + > +Be sure to set your password and root's password. > + > +Horray! At this point you can shut down the server, delete the > +Debian disk, and resize the Guix to the rest of the size. > +Congratulations! > + > +BTW, if you save it as a disk image right at this point, you'll have an > +easy time spinning up new Guix images! > + > @node Setting up a bind mount > @section Setting up a bind mount Fantastic! It otherwise looks good to me.