From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
Subject: Re: Using the Hetzner Cloud
Date: Wed, 19 Feb 2020 14:48:37 +0100
Message-ID: <87pnean0wa.fsf@gmail.com>
References: <57dc667e-5a69-45f7-e076-914d4691020c@web.de>
 <31fbafeb5a408e361b65861dda17bd0c65cd5118.camel@wine-logistix.de>
 <87mu9hnniw.fsf@gmail.com> <87blpw85uf.fsf@roquette.mug.biscuolo.net>
Reply-To: alex.sassmannshausen@gmail.com
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:42538)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <alex.sassmannshausen@gmail.com>) id 1j4PiU-0004sE-M5
 for guix-devel@gnu.org; Wed, 19 Feb 2020 08:48:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <alex.sassmannshausen@gmail.com>) id 1j4PiT-0000Yj-5z
 for guix-devel@gnu.org; Wed, 19 Feb 2020 08:48:42 -0500
Received: from mail-wr1-x42b.google.com ([2a00:1450:4864:20::42b]:39823)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <alex.sassmannshausen@gmail.com>)
 id 1j4PiS-0000YJ-Uh
 for guix-devel@gnu.org; Wed, 19 Feb 2020 08:48:41 -0500
Received: by mail-wr1-x42b.google.com with SMTP id y11so613468wrt.6
 for <guix-devel@gnu.org>; Wed, 19 Feb 2020 05:48:40 -0800 (PST)
In-reply-to: <87blpw85uf.fsf@roquette.mug.biscuolo.net>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org
Sender: "Guix-devel"
 <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
To: Giovanni Biscuolo <g@xelera.eu>, Ellen Papsch <ellen.papsch@wine-logistix.de>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Heya,

Giovanni Biscuolo <g@xelera.eu> writes:

> Hello Alex,
>
> Alex Sassmannshausen <alex.sassmannshausen@gmail.com> writes:
>
> [...]
>
>> Now I use a different approach: deploy a debian server then use a
>> guix-infect style script (gleaned from the guix deploy code for digital
>> ocean).
>
> could you please share that "guix-infect" script?

Sure, please see attached.  This one here is a bash script that works
with a system config that is specified as part of a here-doc in the bash
script.

It's all a bit gaffer tape & macgyver =E2=80=94 primarily to encourage myse=
lf to
keep automating further by integrating this in Guix deploy. Where does
all the time go!!!

Happy to help if you run into problems or have questions.

> I think this could/should become an entry in our cookbook, in a similar
> way NixOS does here:
> https://nixos.wiki/wiki/NixOS_friendly_hosters#Hoster-agnostic_means_of_i=
nstallation

Agreed, a cookbook recipe that summarises the existing ways of deploying
would be cool.  I'd be happy to read over and give feedback on any
proposed articles.

Ellen Papsch <ellen.papsch@wine-logistix.de> writes:

> [=E2=80=A6]
> mv var/guix /var/ && mv gnu /
>
> there seems to be a complete takeover, even better than a FrankenDebian
> :-)

Agreed =E2=80=94 it's testament to the versatility of Guix that it can lite=
rally
do this hostile take-over.  Very cool :-)

Cheers,

Alex

--=-=-=
Content-Type: text/x-sh
Content-Disposition: attachment; filename=boostrap.sh

#!/bin/bash

e2label /dev/sda1 root
apt-get update
apt-get install xz-utils -y
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
cd /tmp
tar --warning=no-timestamp -xf ~/guix-binary-1.0.1.x86_64-linux.tar.xz
mv var/guix /var/ && mv gnu /
mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix ~root/.config/guix/current
export GUIX_PROFILE="`echo ~root`/.config/guix/current" ;
source $GUIX_PROFILE/etc/profile
groupadd --system guixbuild
for i in `seq -w 1 10`; do
   useradd -g guixbuild -G guixbuild                    -d /var/empty -s `which nologin`             -c "Guix build user $i" --system             guixbuilder$i;
done;
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/
systemctl start guix-daemon && systemctl enable guix-daemon
mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
    ln -s $i;
done
guix archive --authorize < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
# FIXME: I'm pulling a commit that fixes some issues.  When there is a new
# guix release this can be removed.
guix pull --commit=3a695c01d7ee18f30f22df53f3c44dfac04017f1
guix package -i openssl
# FIXME: Just loading the default example from the guix manual here.  This can
# be adapted to whatever base guix deployment you want.
cat > /etc/bootstrap-config.scm << EOF
     ;; This is an operating system configuration template
     ;; for a "bare bones" setup, with no X11 display server.

     (use-modules (gnu))
     (use-service-modules networking ssh)
     (use-package-modules screen)

     (operating-system
       (host-name "komputilo")
       (timezone "Europe/Berlin")
       (locale "en_US.utf8")

       ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
       ;; target hard disk, and "my-root" is the label of the target
       ;; root file system.
       (bootloader (bootloader-configuration
                     (bootloader grub-bootloader)
                     (target "/dev/sdX")))
       (file-systems (cons (file-system
                             (device (file-system-label "my-root"))
                             (mount-point "/")
                             (type "ext4"))
                           %base-file-systems))

       ;; This is where user accounts are specified.  The "root"
       ;; account is implicit, and is initially created with the
       ;; empty password.
       (users (cons (user-account
                     (name "alice")
                     (comment "Bob's sister")
                     (group "users")

                     ;; Adding the account to the "wheel" group
                     ;; makes it a sudoer.  Adding it to "audio"
                     ;; and "video" allows the user to play sound
                     ;; and access the webcam.
                     (supplementary-groups '("wheel"
                                             "audio" "video")))
                    %base-user-accounts))

       ;; Globally-installed packages.
       (packages (cons screen %base-packages))

       ;; Add services to the baseline: a DHCP client and
       ;; an SSH server.
       (services (append (list (service dhcp-client-service-type)
                               (service openssh-service-type
                                        (openssh-configuration
                                         (port-number 2222))))
                         %base-services)))
EOF
guix system build /etc/bootstrap-config.scm
guix system reconfigure /etc/bootstrap-config.scm
mv /etc /old-etc
mkdir /etc
cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm} /etc/
guix system reconfigure /etc/bootstrap-config.scm
echo ". /etc/bashrc" >> /root/.bashrc
echo ". /etc/profile" >> /root/.bashrc

--=-=-=--