From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christopher Baines <mail@cbaines.net>
Subject: Re: System configuration on non-GuixSD systems (Debian)
Date: Tue, 22 Aug 2017 10:47:23 +0100
Message-ID: <20170822104723.75630581@cbaines.net>
References: <20170822092325.GB26942@thebird.nl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	boundary="Sig_/WRB_RsPqf.lz0iy4C_pjxwM";
	protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34207)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mail@cbaines.net>) id 1dk5mX-0003PR-FR
	for guix-devel@gnu.org; Tue, 22 Aug 2017 05:47:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mail@cbaines.net>) id 1dk5mS-0002ep-Fp
	for guix-devel@gnu.org; Tue, 22 Aug 2017 05:47:33 -0400
Received: from li622-129.members.linode.com ([212.71.249.129]:60839
	helo=mira.cbaines.net) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mail@cbaines.net>) id 1dk5mS-0002eZ-6Y
	for guix-devel@gnu.org; Tue, 22 Aug 2017 05:47:28 -0400
In-Reply-To: <20170822092325.GB26942@thebird.nl>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel <guix-devel@gnu.org>

--Sig_/WRB_RsPqf.lz0iy4C_pjxwM
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Tue, 22 Aug 2017 11:23:25 +0200
Pjotr Prins <pjotr.public12@thebird.nl> wrote:

> I need to reinstall a Debian server (again) and I am looking at how I
> can use 'guix system' to configure stuff. I remember there was someone
> who wrote a about configuring on non-GuixSD, but can't find the
> material (I need Debian because it has CUDA).
>=20
> Let's say I want sshd. It would make sense to me to create a package
> for openssh-with-config-for-machine, i.e., a modified sshd_config. The
> config file can sit in the store somewhere and I can symlink to a
> profile from /etc/sshd on this box so it gets picked up.
>=20
> I have two questions:
>=20
> 1. Is there a smarter way to go about this? I can see for GuixSD is
>    handled differently
> 2. How do I best parametrize the configuration file - for different
>    machines? I suppose the package could write the config file.
>=20
> systemd I'll do separately - though I suppose you could mix systemd
> and shepherd?
>=20
> Doing it in a Guixy way would help me migrate to GuixSD later. Any
> ideas?

One maybe bizare suggestion that comes to mind is to use a container
created through the `guix system container` command.

This would allow you to create a set of processes, that you could give
access to specific parts of the host filesystem (using the --share and
--expose options), and expose the host network to if you want to
use services which access the network (only with this patch [1]).

The more things you do through the container, the closer you are to
having something work just on GuixSD. You might get to the point where
you can even replace what you are using from Debian with Guix packages
that just unpack some Debian packages to the store.

Where this approach might fall down is usability, e.g. reconfiguring a
container isn't possible yet, so you might have to restart it when you
want to make changes, which might be problomatic if you are doing this
through the ssh service in the container...

1: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28128

--Sig_/WRB_RsPqf.lz0iy4C_pjxwM
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmb/atfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XdsGQ//Rx5rs3zaQoVOmB/IxywaafdFIgJrL3aAjaF4Sv32HOtNxU/iHhhsn6XZ
QE2d5OmQNJTg/WsOxpS9fsTJzMLn6L8ITcIFtfAEyEAlo9yCqkBA1CLJasbFc0nL
eYpQ5zWg9kcCRW6qaYculviTsBBMdP3gkSJ7SOIWa5z+qvg80f51WLgz9dz7h06w
fNaKzD/oahQ2ZwJeWvgDu9U1tUm91PjOw81p9ratq+VD9njq1t3eSqnC+s0ly7tv
5xslSo0DdijRGdYhYmfDb3uAjfiS/Gz9Q+csvPS1+lcQAwZGXeihOHhxNjXsAP3v
UuDgzmlD0MRCCy2XLgf1n76/+yj5Dp5Dx5tl/kA8h/nSh86uAL+GmxP5UMc/fcH6
/z9M5zwRfFhUkdsXQ+dIeB7WqH8Gz+gOKhWhEbdGEeAO8jvStHFiqStjvDdS+NUf
kEP9kHYsTpzmJxlBT8fCMmaCXBvKjtcd4GZ7eyHBziHkmgmqfsezY5TSc966JEKi
ZsWdw2BfMu+7d51ahAAP6O0pTZJZPT3fKZjUV4WqOEPJ97ep5yUuGaTjkHEaIsuL
ia92n8NHFIEbBYSpLp0planiInItF13NosBPapX/IWuBerdFpv2q05YGgDJl62Rx
9IrCJhY1zCo6eh4mujyQ1ZGso+FupU5up+m9s66QerHxAW+HZHo=
=i0Fs
-----END PGP SIGNATURE-----

--Sig_/WRB_RsPqf.lz0iy4C_pjxwM--