From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: Pierre Neidhardt <mail@ambrevar.xyz>
Cc: guix-devel@gnu.org
Subject: Re: 02/02: gnu: next: Compress the executable.
Date: Tue, 10 Mar 2020 22:09:30 -0400 [thread overview]
Message-ID: <87imjb4p7p.fsf@gmail.com> (raw)
In-Reply-To: <87tv3522p5.fsf@ambrevar.xyz> (Pierre Neidhardt's message of "Tue, 03 Mar 2020 10:43:50 +0100")
Hi Pierre,
Pierre Neidhardt <mail@ambrevar.xyz> writes:
> Can you share your operating system declaration?
Sorry for the delay; here it is. I've anonymized some of the
information such as SSH public keys and usernames.
--8<---------------cut here---------------start------------->8---
;; This is an operating system configuration template
;; for a "desktop" setup with GNOME and Xfce where the
;; root partition is encrypted with LUKS.
(use-modules (guix store)
(gnu)
(gnu packages bash)
(gnu packages version-control)
(gnu system nss)
(srfi srfi-1))
(use-service-modules admin desktop docker linux ssh xorg)
(use-package-modules android certs docker java linux nfs ratpoison)
(define %my-desktop-services
(remove (lambda (service)
(eq? (service-kind service) gdm-service-type))
%desktop-services))
(operating-system
(host-name "myhost")
(timezone "America/Montreal")
(locale "en_US.utf8")
;; Choose US English keyboard layout. The "altgr-intl"
;; variant provides dead keys for accented characters.
(keyboard-layout (keyboard-layout "dvorak"))
;; Use the UEFI variant of GRUB with the EFI System
;; Partition mounted on /boot/efi.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
(keyboard-layout keyboard-layout)))
;; Specify a mapped device for the encrypted root partition.
;; The UUID is that returned by 'cryptsetup luksUUID'.
(mapped-devices
(list (mapped-device
(source (uuid "f85c0627-1f6f-48b9-a2c2-6c12594a7bd1"))
(target "btrfs-pool-1")
(type luks-device-mapping))
(mapped-device
(source (uuid "73b08e1a-ca2f-4d46-845a-44443fe14cd7"))
(target "btrfs-pool-4")
(type luks-device-mapping))))
(file-systems (cons*
;; For EFI firmware.
(file-system
(device (uuid "209E-67AD" 'fat))
(mount-point "/boot/efi")
(type "vfat"))
;; Main system, on a 500 GB SSD (dev/sda).
(file-system
(device (file-system-label "btrfs-pool-1"))
(mount-point "/")
(type "btrfs")
(options "subvol=rootfs,compress=zstd")
(dependencies mapped-devices))
(file-system
(device (file-system-label "btrfs-pool-1"))
(mount-point "/home")
(type "btrfs")
(options "subvol=homefs,compress=zstd")
(dependencies mapped-devices))
;; 1000 GB drive for builds (/dev/nvme0n1). Shared
;; between jenkins-home, jenkins-build and
;; docker-cache subvolumes.
(file-system
(device (file-system-label "btrfs-pool-4"))
(mount-point "/home/jenkins-user")
(create-mount-point? #t)
(type "btrfs")
(options "subvol=jenkins-home,compress=zstd")
(dependencies mapped-devices))
(file-system
(device (file-system-label "btrfs-pool-4"))
(mount-point "/home/jenkins-user/workspace")
(create-mount-point? #t)
(type "btrfs")
(options "subvol=jenkins-build,compress=zstd")
(dependencies mapped-devices))
(file-system
(device (file-system-label "btrfs-pool-4"))
(mount-point "/var/lib/docker")
(create-mount-point? #t)
(type "btrfs")
(options "subvol=docker-cache,compress=zstd")
(dependencies mapped-devices))
;; NFS mounts for caching the state and downloads of
;; Yocto.
;; FIXME: Must be manually mounted.
(file-system
(device "server:/mnt/scratch/yocto-sstate")
(mount-point "/mnt/scratch/yocto-sstate")
(create-mount-point? #t)
(type "nfs")
(mount? #f)
(options "soft")
(flags '(no-exec)))
(file-system
(device "server:/mnt/scratch/yocto-dldir")
(mount-point "/mnt/scratch/yocto-dldir")
(create-mount-point? #t)
(type "nfs")
(mount? #f)
(options "soft")
(flags '(no-exec)))
%base-file-systems))
(swap-devices '("/swap/swapfile"))
(users (cons* (user-account
(name "myuser")
(group "users")
(supplementary-groups '("dialout" "wheel" "netdev"
"audio" "video"
"kvm" "docker"
"adbusers")))
(user-account
(name "jenkins-user")
(comment "User for a Jenkins build slave")
(home-directory "/home/jenkins-user")
(group "users")
(supplementary-groups '("netdev" "kvm" "docker")))
%base-user-accounts))
(groups (cons* (user-group (system? #t)
(name "adbusers"))
%base-groups))
;; This is where we specify system-wide packages.
(packages (cons* ratpoison
nss-certs ;for HTTPS access
btrfs-progs
nfs-utils
cqfd
docker-cli
git
git-repo
openjdk12
%base-packages))
;; SSH, Docker
(services
(cons*
(extra-special-file "/bin/bash"
(file-append bash "/bin/bash"))
(service rottlog-service-type)
(service earlyoom-service-type)
(service openssh-service-type
(openssh-configuration
(port-number 22)
(permit-root-login #t)
(authorized-keys
`(("myuser" ,(local-file "some-key.pub"))
;; Give access to the Jenkins master.
("jenkins-user" ,(plain-file "jenkins.pub"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQA\
[...]
YK+l20fjZSu198/keqjnlTIWryC479GI3 jenkins@jenkins-user.mtl.sfl"))))))
(service docker-service-type)
;; (set-xorg-configuration (xorg-configuration
;; (keyboard-layout keyboard-layout)))
;; TODO: mcron jobs for cleaning up old docker containers, stale
;; /tmp files
(service slim-service-type
(slim-configuration
(auto-login? #f)
(default-user "mcournoyer")
(xorg-configuration
(xorg-configuration
(keyboard-layout keyboard-layout)))))
(service guix-publish-service-type
(guix-publish-configuration
(host "0.0.0.0"))) ;listen on all interfaces
(modify-services %my-desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(authorized-keys
(cons (local-file "some-key.pub")
%default-authorized-guix-keys))
(extra-options '("--max-jobs=8"))))
;; Enable using adb as a simple user with a multitude of devices.
(udev-service-type config =>
(udev-configuration
(inherit config)
(rules (cons* android-udev-rules
(udev-configuration-rules config))))))))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
--8<---------------cut here---------------end--------------->8---
Note that to have my root partition mounted on a subvolume, you'll need
my (yet to be merged) patches available at:
https://issues.guix.info/issue/37305. I'll post a fresh, rebased v3
(hopefully the last!) series shortly.
Maxim
next prev parent reply other threads:[~2020-03-11 2:09 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190905095602.15524.75425@vcs0.savannah.gnu.org>
[not found] ` <20190905095603.AC57A209A5@vcs0.savannah.gnu.org>
2019-09-05 12:31 ` 02/02: gnu: next: Compress the executable Ricardo Wurmus
2019-09-05 12:51 ` Pierre Neidhardt
2019-09-08 21:19 ` Ludovic Courtès
2019-09-09 8:06 ` Pierre Neidhardt
2019-09-10 12:51 ` Pierre Neidhardt
2019-09-11 20:37 ` Ludovic Courtès
2019-09-12 9:49 ` Pierre Neidhardt
2019-09-16 15:56 ` Ludovic Courtès
2019-09-16 17:46 ` Pierre Neidhardt
2019-09-27 14:35 ` Pierre Neidhardt
2019-09-28 21:02 ` Ludovic Courtès
2019-09-29 7:59 ` Pierre Neidhardt
2019-09-29 13:24 ` Maxim Cournoyer
2019-09-29 13:43 ` Pierre Neidhardt
2019-10-02 7:53 ` Efraim Flashner
2019-10-02 13:27 ` Pierre Neidhardt
2019-10-02 15:01 ` Maxim Cournoyer
2019-10-02 15:20 ` Pierre Neidhardt
2019-10-02 15:59 ` btrfs and Guix features [was: gnu: next: Compress the executable.] Tobias Geerinckx-Rice
2019-10-02 16:31 ` Pierre Neidhardt
2019-10-02 17:48 ` Tobias Geerinckx-Rice
2019-10-02 18:59 ` Pierre Neidhardt
2019-10-08 4:41 ` Maxim Cournoyer
2019-10-08 7:44 ` Pierre Neidhardt
2019-10-09 1:58 ` Maxim Cournoyer
2019-10-03 7:09 ` 02/02: gnu: next: Compress the executable Efraim Flashner
2019-10-03 18:28 ` Bengt Richter
2019-10-04 8:08 ` Pierre Neidhardt
2019-10-08 7:05 ` Maxim Cournoyer
2019-10-08 7:48 ` Pierre Neidhardt
2019-10-09 1:50 ` Maxim Cournoyer
2019-10-09 8:05 ` Pierre Neidhardt
2020-02-27 15:38 ` Maxim Cournoyer
2020-02-27 15:48 ` Pierre Neidhardt
2020-03-03 5:14 ` Maxim Cournoyer
2020-03-03 9:43 ` Pierre Neidhardt
2020-03-11 2:09 ` Maxim Cournoyer [this message]
2020-03-26 8:38 ` Pierre Neidhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imjb4p7p.fsf@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=guix-devel@gnu.org \
--cc=mail@ambrevar.xyz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.