From: "Pierre-Henry Fröhring" <contact@phfrohring.com>
To: guix-devel@gnu.org
Subject: [BUG] Cuirass seems stuck in a loop.
Date: Tue, 22 Feb 2022 17:32:57 +0100 [thread overview]
Message-ID: <8581C816-466C-44ED-AFDC-9DB66C543086@phfrohring.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 6018 bytes --]
Hello Guix!
I've a strange behaviour using Cuirass.
* Symptoms
#+begin_example
$ cat /var/log/cuirass.log
…
2022-02-22T16:18:17 Fetching channels for spec 'flat'.
2022-02-22T16:18:18 next evaluation in 60 seconds
2022-02-22T16:18:26 error: build succeeded: '/gnu/store/rrp2yqlff0b6mz7frwdghclxb7qhqr2n-texlive-psnfss-59745-checkout.drv'
2022-02-22T16:18:26 error: build started: '/gnu/store/gqc8jcd6vwh6gd64xfjiisjn5jzynvvv-texlive-ruhyphen-59745-checkout.drv'
2022-02-22T16:18:26 error: build succeeded: '/gnu/store/gqc8jcd6vwh6gd64xfjiisjn5jzynvvv-texlive-ruhyphen-59745-checkout.drv'
2022-02-22T16:18:27 error: build started: '/gnu/store/v8596k4spyd6j71zb1vsw3bbvpn232r4-texlive-scripts-59745-checkout.drv'
2022-02-22T16:18:27 error: build succeeded: '/gnu/store/v8596k4spyd6j71zb1vsw3bbvpn232r4-texlive-scripts-59745-checkout.drv'
…
#+end_example
* Guix describe
#+begin_example
# guix describe
Generation 2 Feb 22 2022 14:58:35 (current)
guix 218400c
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 218400c0f7d754467eac20bbdea3c5282efe7b2e
#+end_example
* Operating system
#+begin_example
(use-modules (gnu)
(gnu services web)
(gnu services rsync)
(gnu services avahi)
(gnu services cuirass)
(gnu packages certs)
(gnu packages rsync))
(use-service-modules networking ssh)
(use-package-modules screen ssh)
(define %nftables-ruleset
(plain-file "nftables.conf"
"# A simple and safe firewall
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# early drop of invalid connections
ct state invalid drop
# allow established/related connections
ct state { established, related } accept
# allow from loopback
iifname lo accept
# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# allow ssh and http
tcp dport {ssh, https, http, rsync} accept
# reject everything else
reject with icmpx type port-unreachable
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
"))
(operating-system
(host-name "guixsd-1")
(timezone "Europe/Paris")
(locale "en_US.UTF-8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/vda")))
(file-systems (cons (file-system
(device "/dev/vda1")
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "phf")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/phf"))
%base-user-accounts))
(packages (cons*
;; rsync is installed system wide.
;;
;;;; When connecting non-interactively over SSH, Guix will
;;;; source /etc/profile. It will not source your users's
;;;; own profile, but only the system profile.
;;;; see: https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/shadow.scm?id=1684ed6537fbd91ae5c14fb0314564e71799d390#n136
rsync
nss-certs
screen
openssh
%base-packages))
;; Set your Droplet, static network configuration
(services
(append
(list ;; Static address
(service static-networking-service-type
(list (static-networking
(addresses
(list (network-address
(device "eth0")
;; ip a
(value "134.209.246.249/20"))))
(routes
(list (network-route
(destination "default")
;; ip r
(gateway "134.209.240.1"))))
(name-servers '("8.8.8.8" "8.8.4.4")))))
;; SSH
;; ( … )
;; Cuirass
(service cuirass-service-type
(cuirass-configuration
(specifications #~'())
(host "0.0.0.0")))
;; Avahi
(service avahi-service-type
(avahi-configuration))
;; Cuirass publish
(service guix-publish-service-type
(guix-publish-configuration
(host "0.0.0.0")
(advertise? #t)))
;; Firewall
(service nftables-service-type
(nftables-configuration
(ruleset %nftables-ruleset)))
;; Rsync
(service rsync-service-type))
%base-services)))
#+end_example
* Cuirass
Cuirass has been configured through the web interface but the
configuration should be equivalent to:
#+begin_example
(service cuirass-service-type
(cuirass-configuration
(specifications
#~(list
(specification
(name "flat")
(build '(channels flat))
(channels
(cons (channel
(name 'flat)
(url "https://github.com/flatwhatson/guix-channel"))
%default-channels)))))
(host "0.0.0.0")))
#+end_example
[-- Attachment #2: Type: text/html, Size: 46554 bytes --]
reply other threads:[~2022-02-22 17:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8581C816-466C-44ED-AFDC-9DB66C543086@phfrohring.com \
--to=contact@phfrohring.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.