Help with preparing to move from Arch Linux to Guix

Help with preparing to move from Arch Linux to Guix

[Doron Behar]

Hello Guix community,

I'm very excited ever since I've discovered Guix. I have been using Arch
Linux user for years and everything I've found annoying with Arch Linux
(especially as a maintainer of a few AUR packages), finally has an
elegant and robust solution.

I haven't done the transition yet. There are still around 100 packages I
use on my Arch installation which are not available on Guix and I guess
I'll need to contribute their Guile definitions my self.

My main question though, regards general system configuration. I have a
Guix 1.0.0 image burned on a USB which I boot to every once in a while
to prepare my self for the transition. I must say that while I've
inspected the filesystem of the installation media, I was astounded by
the genius design of it! I can see how it all works (notably the
symlinks) and I can see how it wonderfully enables the reproducibility
and rollback features of Guix.

Anyway, to come to the bottom of it, I've searched the documentation and
couldn't find an answer regarding what-so-ever configurations in `/etc/`.

Pretty much everything that makes Arch Linux impressive, is it's
documentation on the aspect of everything that is needed to be put in
every file in `/etc/` so the system can be tweaked exactly the way one
wishes.

I noticed that in Guix, all the files in /etc/ are read only. I
understand why - `guix system` is responsible for reading a Scheme file
that will create an etc store that will be used for the configuration of
the whole system and I'm not supposed to touch anything in /etc/
manually..  But, I couldn't find how to generally do stuff there.

I have dozens of very personal configurations I've done in my current
Arch system's /etc/ which I have no clue how to port them all and make
sure all of them are picked in the transition. Here are just a few
examples:

- tinc (VPN software): This one expects to find cryptographic key files
  to in `/etc/tinc/`.
- samba: Where do I define my shares?
- pam: gnome keyring daemon autostart on login (Arch documents how to
  achieve this without a login manager, see
  https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method).
- vconsole.conf: just another example for a file I've put some stuff in.

I noticed that there is a section in the manual called: Services (#8.8)
and it shows the built-in support of Guix to many common services such
as printing for example. Printing is a good example where I don't
understand how it's supposed to actually work at the end. When one adds
a printer using the Web UI in http://localhost:631 , files in
`/etc/cups/` are modified and this is not tracked by `/etc/config.scm` I
suppose.. Most importantly, one cannot predict the contents of these
files after a printer is added. Not to mention that `/etc/` is all
readonly!

And there is so much more.. Additionally, some files in my current
/etc/, have passwords written in them and I wonder whether it's
considered safe to put these strings right away in `/etc/config.scm`..

Anyway, I hope this email is not too long and I could get some pointers
to places I missed in the documentation..

Thanks, Doron.

Re: Help with preparing to move from Arch Linux to Guix

[znavko]

Hello! While you haven't get the answer by some hackers I offer you to read znavko's blog where links to manuals are collected:
http://live-znavko.pantheonsite.io (http://live-znavko.pantheonsite.io/)

The limitation of saving files into '/etc/' directory does not exist, as I know. You may put your own files there, but only configuration files will be modified there by running `guix system reconfigure confis.scm`.
Now I have there old files dhcpd.conf and sddm.conf from my previous generations where I had these services. And even after removing those generation and garbage collection they remain there. So, there are no such limitation for '/etc/'.

Yes, Arch has awesome docs, I've been using it for configure touchpad tap for slim configuration in Guix System's config.
Sometimes it is difficult to understand how to use strings and types in config.scm, what is G-expression, why to use twice '(xorg-configuration (xorg-configuration ...))' and other quirks.

All the configurations should be passed to your system config file config.scm that is using in `guix system reconfigure config.scm`. All the services accept configurations only from there. I think it is not proper way to edit those files in '/etc/' after `guix system reconfigure ..`.

Cannot say about configs for samba, vpn, may be you'll get info reading package definitions here http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/samba.scm (http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/samba.scm)

znavko.

May 10, 2019 9:50 PM, "Doron Behar" <doron.behar@gmail.com (mailto:doron.behar@gmail.com)> wrote:

 Hello Guix community,

I'm very excited ever since I've discovered Guix. I have been using Arch
Linux user for years and everything I've found annoying with Arch Linux
(especially as a maintainer of a few AUR packages), finally has an
elegant and robust solution.

I haven't done the transition yet. There are still around 100 packages I
use on my Arch installation which are not available on Guix and I guess
I'll need to contribute their Guile definitions my self.

My main question though, regards general system configuration. I have a
Guix 1.0.0 image burned on a USB which I boot to every once in a while
to prepare my self for the transition. I must say that while I've
inspected the filesystem of the installation media, I was astounded by
the genius design of it! I can see how it all works (notably the
symlinks) and I can see how it wonderfully enables the reproducibility
and rollback features of Guix.

Anyway, to come to the bottom of it, I've searched the documentation and
couldn't find an answer regarding what-so-ever configurations in `/etc/`.

Pretty much everything that makes Arch Linux impressive, is it's
documentation on the aspect of everything that is needed to be put in
every file in `/etc/` so the system can be tweaked exactly the way one
wishes.

I noticed that in Guix, all the files in /etc/ are read only. I
understand why - `guix system` is responsible for reading a Scheme file
that will create an etc store that will be used for the configuration of
the whole system and I'm not supposed to touch anything in /etc/
manually.. But, I couldn't find how to generally do stuff there.

I have dozens of very personal configurations I've done in my current
Arch system's /etc/ which I have no clue how to port them all and make
sure all of them are picked in the transition. Here are just a few
examples:

- tinc (VPN software): This one expects to find cryptographic key files
to in `/etc/tinc/`.
- samba: Where do I define my shares?
- pam: gnome keyring daemon autostart on login (Arch documents how to
achieve this without a login manager, see
https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method (https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method)).
- vconsole.conf: just another example for a file I've put some stuff in.

I noticed that there is a section in the manual called: Services (#8.8)
and it shows the built-in support of Guix to many common services such
as printing for example. Printing is a good example where I don't
understand how it's supposed to actually work at the end. When one adds
a printer using the Web UI in http://localhost:631 (http://localhost:631) , files in
`/etc/cups/` are modified and this is not tracked by `/etc/config.scm` I
suppose.. Most importantly, one cannot predict the contents of these
files after a printer is added. Not to mention that `/etc/` is all
readonly!

And there is so much more.. Additionally, some files in my current
/etc/, have passwords written in them and I wonder whether it's
considered safe to put these strings right away in `/etc/config.scm`..

Anyway, I hope this email is not too long and I could get some pointers
to places I missed in the documentation..

Thanks, Doron.

Re: Help with preparing to move from Arch Linux to Guix

[Ricardo Wurmus]

Hi Doron,

> Anyway, to come to the bottom of it, I've searched the documentation and
> couldn't find an answer regarding what-so-ever configurations in `/etc/`.
>
> Pretty much everything that makes Arch Linux impressive, is it's
> documentation on the aspect of everything that is needed to be put in
> every file in `/etc/` so the system can be tweaked exactly the way one
> wishes.
>
> I noticed that in Guix, all the files in /etc/ are read only. I
> understand why - `guix system` is responsible for reading a Scheme file
> that will create an etc store that will be used for the configuration of
> the whole system and I'm not supposed to touch anything in /etc/
> manually..  But, I couldn't find how to generally do stuff there.

For those packages where files in /etc do have an effect you can
generate these files with the etc-service-type.  For many packages,
however, it won’t be enough to place files in /etc; often that’s because
the packages have their sysconf directory set to be a sub-directory in
the read-only store.  You may need to figure out alternative ways to
tell the target software about your configuration files — in some cases
you may need to patch the package to make it look in the global /etc
directory; in others you may need to write a service to run a daemon
with an option that points to the generated configuration file; in yet
others a one-shot service may be enough.

If you find that some packages need to be modified to accomodate
customizations: that’s fine and we’d love to discuss patches!

Everything about how the system is set up is done via system services.
A system service is not the equivalent of a systemd service, it is
broader than that.  The system services framework in Guix is used

1) to generate files (e.g. in /etc)
2) to run arbitrary code for setting up directories before running daemons
3) to create service specific user accounts and groups
etc.

Services can extend one another, which allows us to define ways to set
up complex applications, for example, that require a web server, user
accounts, application-specific daemons, a database, udev rules, etc —
all with just one service type.

I recommend taking a look at the section “Defining Services” (and
especially “Service Composition”) in the manual, as well as the
“Services” section, which introduces existing services.

> I have dozens of very personal configurations I've done in my current
> Arch system's /etc/ which I have no clue how to port them all and make
> sure all of them are picked in the transition. Here are just a few
> examples:
>
> - tinc (VPN software): This one expects to find cryptographic key files
>   to in `/etc/tinc/`.

If that’s the only place where it can look for these files you can place
them there manually.  The store is not a suitable location for secrets
so it’s best not to have secrets in the configuration file.

> - samba: Where do I define my shares?

In my experience our support for configuring Samba is rather poor.  I
guess here the best way is to extend the etc-service-type to dump the
configuration string in /etc.

> - pam: gnome keyring daemon autostart on login (Arch documents how to
>   achieve this without a login manager, see
>   https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method).

The operating-system record has a field “pam-services” which has a
default of “(base-pam-services)”.  I’m afraid PAM services are a little
special and don’t all that nicely fit into the general service
framework, which can be a bit frustrating.  (I hope we can generalize
this more in the future.)  Documentation on the pam-services is rather
sparse, unfortunately.

“base-pam-services” is a procedure in (gnu system pam) that returns a
list of “pam-service” values.  These values are constructed with the
“pam-service” constructor, which defines a record with a bunch of
fields, such as “name”, “account”, “auth”, “password”, and “session”.

The “pam-root-service-type” can be extended to modify existing pam
entries, which is what you’d want to do to extend the “login” and
“passwd” files.

I would try to extend the pam-root-service-type with a procedure that
checks if the argument is a <pam-service> with pam-service-name equal to
“login” or “passwd” and then return a modified <pam-service> value with
your extra fields.

Something roughly like this:

--8<---------------cut here---------------start------------->8---
(define (pam-extension-procedure config)
  "Return an extension for PAM-ROOT-SERVICE-TYPE that ensures that the PAM
services for login and passwd use 'pam_gnome_keyring.so'."
  (define pam-gnome-keyring
    (pam-entry
     ;; TODO: I don't know how to pass "auto_start"
     (control "optional")
     (module (file-append gnome-keyring
                          "/path/to/pam_gnome_keyring.so"))))

  (list (lambda (pam)
          (if (member (pam-entry-name pam)
                      '("login" "passwd"))
              (pam-service
               (inherit pam)
               (auth (cons pam-gnome-keyring (pam-service-auth pam)))
               (session (cons pam-gnome-keyring (pam-service-session pam))))
              ;; Don't modify the other pam files
              pam))))

(define pam-gnome-keyring-service-type
  (service-type (name 'pam-gnome-keyring)
                (extensions
                 (list ;; Extend PAM with pam_gnome_keyring.so.
                       (service-extension pam-root-service-type
                                          pam-extension-procedure)))
                (default-value #f)))
--8<---------------cut here---------------end--------------->8---

> - vconsole.conf: just another example for a file I've put some stuff in.

I guess you can extend the etc-service-type here to generate that file.

Hope this helps!

--
Ricardo

Re: Help with preparing to move from Arch Linux to Guix

[Doron Behar]

Thanks Znavko!

You sure has some awesome blog posts there.. I guess it's not as bad as
I thought but I do understand now that in fact it's more complicated
then I thought.. I'm not sure what's my opinion about it yet..

On Sat, May 11, 2019 at 06:06:10AM +0000, znavko@disroot.org wrote:
> Hello! While you haven't get the answer by some hackers I offer you to read znavko's blog where links to manuals are collected:
> http://live-znavko.pantheonsite.io (http://live-znavko.pantheonsite.io/)
> 
> The limitation of saving files into '/etc/' directory does not exist, as I know. You may put your own files there, but only configuration files will be modified there by running `guix system reconfigure confis.scm`.
> Now I have there old files dhcpd.conf and sddm.conf from my previous generations where I had these services. And even after removing those generation and garbage collection they remain there. So, there are no such limitation for '/etc/'.
> 
> Yes, Arch has awesome docs, I've been using it for configure touchpad tap for slim configuration in Guix System's config.
> Sometimes it is difficult to understand how to use strings and types in config.scm, what is G-expression, why to use twice '(xorg-configuration (xorg-configuration ...))' and other quirks.
> 
> All the configurations should be passed to your system config file config.scm that is using in `guix system reconfigure config.scm`. All the services accept configurations only from there. I think it is not proper way to edit those files in '/etc/' after `guix system reconfigure ..`.
> 
> Cannot say about configs for samba, vpn, may be you'll get info reading package definitions here http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/samba.scm (http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/samba.scm)
> 
> znavko.
> 
> May 10, 2019 9:50 PM, "Doron Behar" <doron.behar@gmail.com (mailto:doron.behar@gmail.com)> wrote:
> 
>  Hello Guix community,
> 
> I'm very excited ever since I've discovered Guix. I have been using Arch
> Linux user for years and everything I've found annoying with Arch Linux
> (especially as a maintainer of a few AUR packages), finally has an
> elegant and robust solution.
> 
> I haven't done the transition yet. There are still around 100 packages I
> use on my Arch installation which are not available on Guix and I guess
> I'll need to contribute their Guile definitions my self.
> 
> My main question though, regards general system configuration. I have a
> Guix 1.0.0 image burned on a USB which I boot to every once in a while
> to prepare my self for the transition. I must say that while I've
> inspected the filesystem of the installation media, I was astounded by
> the genius design of it! I can see how it all works (notably the
> symlinks) and I can see how it wonderfully enables the reproducibility
> and rollback features of Guix.
> 
> Anyway, to come to the bottom of it, I've searched the documentation and
> couldn't find an answer regarding what-so-ever configurations in `/etc/`.
> 
> Pretty much everything that makes Arch Linux impressive, is it's
> documentation on the aspect of everything that is needed to be put in
> every file in `/etc/` so the system can be tweaked exactly the way one
> wishes.
> 
> I noticed that in Guix, all the files in /etc/ are read only. I
> understand why - `guix system` is responsible for reading a Scheme file
> that will create an etc store that will be used for the configuration of
> the whole system and I'm not supposed to touch anything in /etc/
> manually.. But, I couldn't find how to generally do stuff there.
> 
> I have dozens of very personal configurations I've done in my current
> Arch system's /etc/ which I have no clue how to port them all and make
> sure all of them are picked in the transition. Here are just a few
> examples:
> 
> - tinc (VPN software): This one expects to find cryptographic key files
> to in `/etc/tinc/`.
> - samba: Where do I define my shares?
> - pam: gnome keyring daemon autostart on login (Arch documents how to
> achieve this without a login manager, see
> https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method (https://wiki.archlinux.org/index.php/GNOME/Keyring#PAM_method)).
> - vconsole.conf: just another example for a file I've put some stuff in.
> 
> I noticed that there is a section in the manual called: Services (#8.8)
> and it shows the built-in support of Guix to many common services such
> as printing for example. Printing is a good example where I don't
> understand how it's supposed to actually work at the end. When one adds
> a printer using the Web UI in http://localhost:631 (http://localhost:631) , files in
> `/etc/cups/` are modified and this is not tracked by `/etc/config.scm` I
> suppose.. Most importantly, one cannot predict the contents of these
> files after a printer is added. Not to mention that `/etc/` is all
> readonly!
> 
> And there is so much more.. Additionally, some files in my current
> /etc/, have passwords written in them and I wonder whether it's
> considered safe to put these strings right away in `/etc/config.scm`..
> 
> Anyway, I hope this email is not too long and I could get some pointers
> to places I missed in the documentation..
> 
> Thanks, Doron.