From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: Re: 02/02: gnu: next: Compress the executable. Date: Tue, 10 Mar 2020 22:09:30 -0400 Message-ID: <87imjb4p7p.fsf@gmail.com> References: <875zm0co0t.fsf@ambrevar.xyz> <87h85ipo14.fsf@gnu.org> <87muf9n8sc.fsf@ambrevar.xyz> <8736gw6xrh.fsf@gnu.org> <87y2yonng4.fsf@ambrevar.xyz> <87k19tg63u.fsf@ambrevar.xyz> <87v9tcm8ws.fsf@gnu.org> <87d0fjb5hi.fsf@gmail.com> <87a7an8bfy.fsf@ambrevar.xyz> <87eezv9oo8.fsf@gmail.com> <20191003070930.GA17163@E5400> <871rvnyawl.fsf@gmail.com> <87k19fk79g.fsf@ambrevar.xyz> <874l0ir8jy.fsf@gmail.com> <87sgo2fine.fsf@ambrevar.xyz> <87tv3cm45b.fsf@gmail.com> <87tv3c58w4.fsf@ambrevar.xyz> <87pnduja02.fsf@gmail.com> <87tv3522p5.fsf@ambrevar.xyz> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:59745) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jBqoR-00014P-7A for guix-devel@gnu.org; Tue, 10 Mar 2020 22:09:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jBqoP-00022f-JY for guix-devel@gnu.org; Tue, 10 Mar 2020 22:09:35 -0400 Received: from mail-qt1-x830.google.com ([2607:f8b0:4864:20::830]:35425) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jBqoP-00022T-FI for guix-devel@gnu.org; Tue, 10 Mar 2020 22:09:33 -0400 Received: by mail-qt1-x830.google.com with SMTP id v15so496714qto.2 for ; Tue, 10 Mar 2020 19:09:33 -0700 (PDT) In-Reply-To: <87tv3522p5.fsf@ambrevar.xyz> (Pierre Neidhardt's message of "Tue, 03 Mar 2020 10:43:50 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: Pierre Neidhardt Cc: guix-devel@gnu.org Hi Pierre, Pierre Neidhardt writes: > Can you share your operating system declaration? Sorry for the delay; here it is. I've anonymized some of the information such as SSH public keys and usernames. --8<---------------cut here---------------start------------->8--- ;; This is an operating system configuration template ;; for a "desktop" setup with GNOME and Xfce where the ;; root partition is encrypted with LUKS. (use-modules (guix store) (gnu) (gnu packages bash) (gnu packages version-control) (gnu system nss) (srfi srfi-1)) (use-service-modules admin desktop docker linux ssh xorg) (use-package-modules android certs docker java linux nfs ratpoison) (define %my-desktop-services (remove (lambda (service) (eq? (service-kind service) gdm-service-type)) %desktop-services)) (operating-system (host-name "myhost") (timezone "America/Montreal") (locale "en_US.utf8") ;; Choose US English keyboard layout. The "altgr-intl" ;; variant provides dead keys for accented characters. (keyboard-layout (keyboard-layout "dvorak")) ;; Use the UEFI variant of GRUB with the EFI System ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (target "/boot/efi") (keyboard-layout keyboard-layout))) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. (mapped-devices (list (mapped-device (source (uuid "f85c0627-1f6f-48b9-a2c2-6c12594a7bd1")) (target "btrfs-pool-1") (type luks-device-mapping)) (mapped-device (source (uuid "73b08e1a-ca2f-4d46-845a-44443fe14cd7")) (target "btrfs-pool-4") (type luks-device-mapping)))) (file-systems (cons* ;; For EFI firmware. (file-system (device (uuid "209E-67AD" 'fat)) (mount-point "/boot/efi") (type "vfat")) ;; Main system, on a 500 GB SSD (dev/sda). (file-system (device (file-system-label "btrfs-pool-1")) (mount-point "/") (type "btrfs") (options "subvol=rootfs,compress=zstd") (dependencies mapped-devices)) (file-system (device (file-system-label "btrfs-pool-1")) (mount-point "/home") (type "btrfs") (options "subvol=homefs,compress=zstd") (dependencies mapped-devices)) ;; 1000 GB drive for builds (/dev/nvme0n1). Shared ;; between jenkins-home, jenkins-build and ;; docker-cache subvolumes. (file-system (device (file-system-label "btrfs-pool-4")) (mount-point "/home/jenkins-user") (create-mount-point? #t) (type "btrfs") (options "subvol=jenkins-home,compress=zstd") (dependencies mapped-devices)) (file-system (device (file-system-label "btrfs-pool-4")) (mount-point "/home/jenkins-user/workspace") (create-mount-point? #t) (type "btrfs") (options "subvol=jenkins-build,compress=zstd") (dependencies mapped-devices)) (file-system (device (file-system-label "btrfs-pool-4")) (mount-point "/var/lib/docker") (create-mount-point? #t) (type "btrfs") (options "subvol=docker-cache,compress=zstd") (dependencies mapped-devices)) ;; NFS mounts for caching the state and downloads of ;; Yocto. ;; FIXME: Must be manually mounted. (file-system (device "server:/mnt/scratch/yocto-sstate") (mount-point "/mnt/scratch/yocto-sstate") (create-mount-point? #t) (type "nfs") (mount? #f) (options "soft") (flags '(no-exec))) (file-system (device "server:/mnt/scratch/yocto-dldir") (mount-point "/mnt/scratch/yocto-dldir") (create-mount-point? #t) (type "nfs") (mount? #f) (options "soft") (flags '(no-exec))) %base-file-systems)) (swap-devices '("/swap/swapfile")) (users (cons* (user-account (name "myuser") (group "users") (supplementary-groups '("dialout" "wheel" "netdev" "audio" "video" "kvm" "docker" "adbusers"))) (user-account (name "jenkins-user") (comment "User for a Jenkins build slave") (home-directory "/home/jenkins-user") (group "users") (supplementary-groups '("netdev" "kvm" "docker"))) %base-user-accounts)) (groups (cons* (user-group (system? #t) (name "adbusers")) %base-groups)) ;; This is where we specify system-wide packages. (packages (cons* ratpoison nss-certs ;for HTTPS access btrfs-progs nfs-utils cqfd docker-cli git git-repo openjdk12 %base-packages)) ;; SSH, Docker (services (cons* (extra-special-file "/bin/bash" (file-append bash "/bin/bash")) (service rottlog-service-type) (service earlyoom-service-type) (service openssh-service-type (openssh-configuration (port-number 22) (permit-root-login #t) (authorized-keys `(("myuser" ,(local-file "some-key.pub")) ;; Give access to the Jenkins master. ("jenkins-user" ,(plain-file "jenkins.pub" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQA\ [...] YK+l20fjZSu198/keqjnlTIWryC479GI3 jenkins@jenkins-user.mtl.sfl")))))) (service docker-service-type) ;; (set-xorg-configuration (xorg-configuration ;; (keyboard-layout keyboard-layout))) ;; TODO: mcron jobs for cleaning up old docker containers, stale ;; /tmp files (service slim-service-type (slim-configuration (auto-login? #f) (default-user "mcournoyer") (xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout))))) (service guix-publish-service-type (guix-publish-configuration (host "0.0.0.0"))) ;listen on all interfaces (modify-services %my-desktop-services (guix-service-type config => (guix-configuration (inherit config) (authorized-keys (cons (local-file "some-key.pub") %default-authorized-guix-keys)) (extra-options '("--max-jobs=8")))) ;; Enable using adb as a simple user with a multitude of devices. (udev-service-type config => (udev-configuration (inherit config) (rules (cons* android-udev-rules (udev-configuration-rules config)))))))) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)) --8<---------------cut here---------------end--------------->8--- Note that to have my root partition mounted on a subvolume, you'll need my (yet to be merged) patches available at: https://issues.guix.info/issue/37305. I'll post a fresh, rebased v3 (hopefully the last!) series shortly. Maxim