From: Andrew Tropin <andrew@trop.in>
To: guix-bug-va9nk6@rdmp.org, 56669@debbugs.gnu.org
Cc: Tissevert <tissevert+guix@marvid.fr>
Subject: bug#56669: enhancement: Link guix system and guix home
Date: Thu, 21 Jul 2022 20:13:04 +0300 [thread overview]
Message-ID: <87k086crtr.fsf@trop.in> (raw)
In-Reply-To: <87o7xjbrb1.fsf@trop.in>
[-- Attachment #1.1: Type: text/plain, Size: 1652 bytes --]
On 2022-07-20 20:57, Andrew Tropin wrote:
> On 2022-07-20 11:47, Dale Mellor wrote:
>
>> I would like to be able to create a rescue disk for my system in which
>> the admin user's home directory contains a copy of an encrypted key,
>> for manually unlocking encrypted disk drives.
>>
>> Following a short discussion in IRC, it appears the best route to
>> achieve this would be to link *guix system* and *guix home* together,
>> so that the system configuration file can specify
>>
>> (user-account
>> ...
>> (configuration (local-file "my-home-config.scm")))
>>
>> for example (it should be possible to use either (home-configuration)
>> or a file-like object here).
>>
>> Hopefully this is an easy thing to accomplish, but I don't know...
>>
>
> Hi Dale,
>
> it's not easy, but doable.
>
> This topic popups from time to time, but this feature is not implemented
> yet.
>
> https://yhetil.org/guix-devel/20220706112011.77c71a94@marvid.fr/
>
> I have spare time tomorrow and can try to implement it, however Idk how
> much time will it take and if I don't finish tomorrow, there is no
> guarantee that I'll finish it anytime soon.
I built home environment baked in operating system and sucessfully
deployed it with guix deploy. I face some issues with the similiar
setup on livecd, but I think I will figure out it soon and will publish
results in a few days.
The source code is here:
https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9
It's drafty and will be rewritten, also there are a few local commits
that I haven't sent to guix yet, but it should work without them if
elogind is enabled.
The usage example:
[-- Attachment #1.2: config.scm --]
[-- Type: application/octet-stream, Size: 3303 bytes --]
;; This is an operating system configuration generated
;; by the graphical installer.
(use-modules (gnu)
(gnu services home))
(use-service-modules
cups
desktop
networking
ssh
xorg)
(use-modules (gnu home)
(gnu home services)
(gnu home services shells)
(gnu packages admin))
(define he
(home-environment
(packages (list htop))
(services
(list
(service
home-bash-service-type
(home-bash-configuration))))))
(define os
(operating-system
(locale "en_US.utf8")
(timezone "Europe/Moscow")
(keyboard-layout
(keyboard-layout "us" "altgr-intl"))
(host-name "tmp")
(users (cons* (user-account
(name "bob")
(comment "Bob")
(group "users")
(home-directory "/home/bob")
(supplementary-groups
'("wheel" "netdev" "audio" "video")))
%base-user-accounts))
(sudoers-file
(plain-file "sudoers"
(string-append (plain-file-content %sudoers-specification)
"%wheel ALL=(ALL) NOPASSWD: ALL")))
(packages
(append
(list (specification->package "nss-certs"))
%base-packages))
(services
(append
(list (service dhcp-client-service-type)
(service openssh-service-type
(openssh-configuration
(permit-root-login #t)
(password-authentication? #f)
(authorized-keys
`(("root" ,(local-file "ssh.key"))))))
;; FIXME: Send two patches to make it work without elogind
(service elogind-service-type)
(service
guix-home-service-type
`(("bob" . ,he)))
(service ntp-service-type))
(modify-services %base-services
(guix-service-type
config =>
(guix-configuration
(inherit config)
(substitute-urls '("http://ci.guix.trop.in"
"https://bordeaux.guix.gnu.org"))
(authorized-keys
(append (list (local-file "/etc/guix/signing-key.pub"))
%default-authorized-guix-keys)))))))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/sda"))
(keyboard-layout keyboard-layout)))
(swap-devices
(list (swap-space
(target
(uuid "8b332a77-38ec-4abf-9cf4-c755f8f27805")))))
(file-systems
(cons* (file-system
(mount-point "/")
(device
(uuid "9382dc00-c702-4b70-955f-6c804c59b6c0"
'ext4))
(type "ext4"))
%base-file-systems))))
(define host "qemu")
(define user "bob")
(list (machine
(operating-system os)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name host)
(allow-downgrades? #t)
(system "x86_64-linux")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPKPj2X6gmxLzj956AE2YBihTibmpaXj+G51r4zkbQ+2")
(user "root")))))
[-- Attachment #1.3: Type: text/plain, Size: 37 bytes --]
--
Best regards,
Andrew Tropin
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2022-07-21 17:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-20 10:47 bug#56669: enhancement: Link guix system and guix home Dale Mellor
2022-07-20 17:57 ` Andrew Tropin
2022-07-21 17:13 ` Andrew Tropin [this message]
2022-07-21 17:25 ` Maxime Devos
2022-07-26 9:23 ` Andrew Tropin
2023-02-08 13:42 ` Andrew Tropin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k086crtr.fsf@trop.in \
--to=andrew@trop.in \
--cc=56669@debbugs.gnu.org \
--cc=guix-bug-va9nk6@rdmp.org \
--cc=tissevert+guix@marvid.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.