From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: System configuration with Guix
Date: Tue, 10 Dec 2013 00:33:07 +0100
Message-ID: <87r49l7g7g.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Return-path: <gnu-system-discuss-bounces+gcgs-gnu-system-discuss=m.gmane.org@gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/gnu-system-discuss>,
	<mailto:gnu-system-discuss-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/gnu-system-discuss>
List-Post: <mailto:gnu-system-discuss@gnu.org>
List-Help: <mailto:gnu-system-discuss-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/gnu-system-discuss>,
	<mailto:gnu-system-discuss-request@gnu.org?subject=subscribe>
Errors-To: gnu-system-discuss-bounces+gcgs-gnu-system-discuss=m.gmane.org@gnu.org
Sender: gnu-system-discuss-bounces+gcgs-gnu-system-discuss=m.gmane.org@gnu.org
To: guix-devel@gnu.org, gnu-system-discuss@gnu.org
List-Id: guix-devel.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi!

Commit 033adfe in Guix adds the (gnu system) Guile module, which is a
first stab at providing a declarative system configuration mechanism.
This is inspired by NixOS, and is also probably familiar to users of
Puppet or Chef.

Currently it=E2=80=99s only used to build a QEMU image, but in the
not-too-distant future it will be used to build installer images, and
actual system images.

Below is the doc I=E2=80=99ve written to describe the spirit of that approa=
ch,
and part of its implementation.

Comments welcome!

Ludo=E2=80=99.


6.6 System Configuration
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

_This section documents work-in-progress.  As such it may be incomplete,
outdated, or open to discussions.  Please discuss it on
<guix-devel@gnu.org>._

   The GNU system supports a consistent whole-system configuration
mechanism.  By that we mean that all aspects of the global system
configuration=E2=80=94such as the available system services, timezone and l=
ocale
settings, user accounts=E2=80=94are configured in a single place.  Such a
"system configuration" can be "instantiated"=E2=80=94i.e., effected.

   This section describes this mechanism.  First we focus on the system
administrator=E2=80=99s viewpoint=E2=80=94explaining how the system is conf=
igured and
instantiated.  Then we show how this mechanism can be extended, for
instance to support new system services.

* Menu:

* Using the Configuration System::      Customizing your GNU system.
* Defining Services::                   Adding new service definitions.


6.6.1 Using the Configuration System
=2D-----------------------------------

The operating system is configured by filling in an =E2=80=98operating-syst=
em=E2=80=99
structure, as defined by the =E2=80=98(gnu system)=E2=80=99 module.  A simp=
le setup,
with the default system services, the default Linux-Libre kernel,
initial RAM disk, and boot loader looks like this:

     (use-modules (gnu system)
                  (gnu system shadow)   ; for 'user-account'
                  (gnu system service)  ; for 'lsh-service'
                  (gnu packages base)   ; Coreutils, grep, etc.
                  (gnu packages bash)   ; Bash
                  (gnu packages system) ; dmd, Inetutils
                  (gnu packages zile)   ; Zile
                  (gnu packages less)   ; less
                  (gnu packages guile)  ; Guile
                  (gnu packages linux)) ; procps, psmisc

     (define %komputilo
       (operating-system
        (host-name "komputilo")
        (timezone "Europe/Paris")
        (locale "fr_FR.UTF-8")
        (users (list (user-account
                      (name "alice")
                      (password "")
                      (uid 1000) (gid 100)
                      (comment "Bob's sister")
                      (home-directory "/home/alice"))))
        (packages (list coreutils bash guile-2.0
                        guix dmd
                        inetutils
                        findutils grep sed
                        procps psmisc
                        zile less))
        (services (cons (lsh-service #:port 2222 #:allow-root-login? #t)
                        %standard-services))))

   This example should be self-describing.  The =E2=80=98packages=E2=80=99 =
field lists
packages provides by the various =E2=80=98(gnu packages ...)=E2=80=99 modul=
es above;
these are the packages that will be globally visible on the system, for
all user accounts, in addition to the per-user profiles (*note Invoking
guix package::).

   The =E2=80=98services=E2=80=99 field lists "system services" to be made =
available
when the system starts.  The %STANDARD-SERVICES list, from the =E2=80=98(gnu
system)=E2=80=99 module, provides the basic services one would expect from =
a GNU
system: a login service (mingetty) on each tty, syslogd, libc=E2=80=99s name
service cache daemon (nscd), etc.

   The =E2=80=98operating-system=E2=80=99 declaration above specifies that,=
 in addition
to those services, we want the =E2=80=98lshd=E2=80=99 secure shell daemon l=
istening on
port 2222, and allowing remote =E2=80=98root=E2=80=99 logins (*note (lsh)In=
voking
lshd::).  Under the hood, =E2=80=98lsh-service=E2=80=99 arranges so that =
=E2=80=98lshd=E2=80=99 is
started with the right command-line options, possibly with supporting
configuration files generated as needed (*note Defining Services::).

   Assuming the above snippet is stored in the =E2=80=98my-system-config.sc=
m=E2=80=99
file, the (yet unwritten!)  =E2=80=98guix system --boot my-system-config.sc=
m=E2=80=99
command instantiates that configuration, and makes it the default GRUB
boot entry.  The normal way to change the system=E2=80=99s configuration is=
 by
updating this file and re-running the =E2=80=98guix system=E2=80=99 command.

   At the Scheme level, the bulk of an =E2=80=98operating-system=E2=80=99 d=
eclaration is
instantiated with the following monadic procedure (*note The Store
Monad::):

 -- Monadic Procedure: operating-system-derivation os
     Return a derivation that builds OS, an =E2=80=98operating-system=E2=80=
=99 object
     (*note Derivations::).

     The output of the derivation is a single directory that refers to
     all the packages, configuration files, and other supporting files
     needed to instantiate OS.

   One of the advantages of putting all the system configuration under
the control of Guix is that it makes it possible to roll-back to a
previous system instantiation, should anything go wrong with the new
one.  Another one is that it makes it easy to replicate the very same
configuration across different machines, or at different points in time,
without having to resort to additional administration tools layered on
top of the system=E2=80=99s own tools.


6.6.2 Defining Services
=2D----------------------

The =E2=80=98(gnu system dmd)=E2=80=99 module defines several procedures th=
at allow
users to declare the operating system=E2=80=99s services (*note Using the
Configuration System::).  These procedures are _monadic
procedures_=E2=80=94i.e., procedures that return a monadic value in the sto=
re
monad (*note The Store Monad::).  Examples of such procedures include:

=E2=80=98mingetty-service=E2=80=99
     return the definition of a service that runs =E2=80=98mingetty=E2=80=
=99 to offer a
     login service on the given console tty;

=E2=80=98nscd-service=E2=80=99
     return a definition for libc=E2=80=99s name service cache daemon (nscd=
);

=E2=80=98guix-service=E2=80=99
     return a definition for a service that runs =E2=80=98guix-daemon=E2=80=
=99 (*note
     Invoking guix-daemon::).

   The monadic value returned by those procedures is a "service
definition"=E2=80=94a structure as returned by the =E2=80=98service=E2=80=
=99 form.  Service
definitions specifies the inputs the service depends on, and an
expression to start and stop the service.  Behind the scenes, service
definitions are =E2=80=9Ctranslated=E2=80=9D into the form suitable for the
configuration file of dmd, the init system (*note (dmd)Services::).

   As an example, here is what the =E2=80=98nscd-service=E2=80=99 procedure=
 looks like:

     (define (nscd-service)
       (mlet %store-monad ((nscd (package-file glibc "sbin/nscd")))
         (return (service
                  (documentation "Run libc's name service cache daemon.")
                  (provision '(nscd))
                  (start `(make-forkexec-constructor ,nscd "-f" "/dev/null"
                                                     "--foreground"))
                  (stop  `(make-kill-destructor))

                  (respawn? #f)
                  (inputs `(("glibc" ,glibc)))))))

The =E2=80=98inputs=E2=80=99 field specifies that this service depends on t=
he GLIBC
package=E2=80=94the package that contains the =E2=80=98nscd=E2=80=99 progra=
m.  The =E2=80=98start=E2=80=99 and
=E2=80=98stop=E2=80=99 fields are expressions that make use of dmd=E2=80=99=
s facilities to start
and stop processes (*note (dmd)Service De- and Constructors::).  The
=E2=80=98provision=E2=80=99 field specifies the name under which this servi=
ce is known
to dmd, and =E2=80=98documentation=E2=80=99 specifies on-line documentation=
.  Thus, the
commands =E2=80=98deco start ncsd=E2=80=99, =E2=80=98deco stop nscd=E2=80=
=99, and =E2=80=98deco doc nscd=E2=80=99 will
do what you would expect (*note (dmd)Invoking deco::).

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlKmUzsACgkQd92V4upS7PRkagCeJqWpG0u93+GTLrTbqmI3KLi3
uFUAoJbgfAfyhGRAv5kP13k5o8C53wg5
=BKXo
-----END PGP SIGNATURE-----
--=-=-=--