From mboxrd@z Thu Jan 1 00:00:00 1970 From: Divan Santana Subject: guixsd install questions Date: Fri, 27 Jan 2017 10:29:20 +0200 Message-ID: <87tw8kkisf.fsf@santanas.co.za> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57212) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cX2Nx-00004u-3N for help-guix@gnu.org; Fri, 27 Jan 2017 03:59:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cX2Nu-0002mv-1H for help-guix@gnu.org; Fri, 27 Jan 2017 03:59:57 -0500 Received: from outmail149082.authsmtp.co.uk ([62.13.149.82]:50273) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cX2Nt-0002lI-Am for help-guix@gnu.org; Fri, 27 Jan 2017 03:59:53 -0500 Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt20.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v0R8TRHP052342 for ; Fri, 27 Jan 2017 08:29:27 GMT Received: from mail.santanas.co.za ([196.192.182.3]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v0R8TOdf089128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 27 Jan 2017 08:29:26 GMT Received: from authenticated-user (mail.santanas.co.za [196.192.182.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.santanas.co.za (Postfix) with ESMTPSA id 6768420BB5 for ; Fri, 27 Jan 2017 10:29:22 +0200 (SAST) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: help-guix Hi All, Few newbie questions regarding install. * How to get sshd running on install image for easier remote install. Useful for a VM: I'm doing this nasty hack for now. Get ssh working on boot image: #+BEGIN_EXAMPLE guix package -i shadow openssh export PATH="/root/.guix-profile/bin:/root/.guix-profile/sbin${PATH:+}$PATH" zile /etc/passwd # add sshd account zile /etc/shadow # add sshd account mkdir /etc/ssh echo "PermitRootLogin yes" > /etc/ssh/sshd_config ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key `which sshd` passwd root #+END_EXAMPLE Sure there's a better way then the above hack? Then then use Emacs tramp to put my install system manifest in place: Using emacs to remotely edit the file, which requires sshd on the install image. #+BEGIN_SRC emacs-lisp ;; TRAMP and guix settings (setq tramp-default-method "ssh") ;; workaround for guixsd ;; https://lists.gnu.org/archive/html/help-guix/2016-10/msg00049.html ;; Make sure we work on remote guixsd machines :) (setq tramp-remote-path (append tramp-remote-path '("~/.guix-profile/bin" "~/.guix-profile/sbin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin"))) #+END_SRC Then one can open this path: =/ssh:root@192.168.122.236:/mnt/etc/config.scm= with tramp. * How to setup encrypted root with mdadm software raid 0? I've done the following and none are working yet. Partitioning #+BEGIN_EXAMPLE fdisk, one partition of each only marked as fd mdadm --create --level=0 --raid-devices=2 /dev/md0 /dev/vd[bc]1 cryptsetup luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 crypt mkfs.ext4 -L root -m2 /dev/mapper/crypt mount /dev/mapper/crypt /mnt #+END_EXAMPLE Then do the install with this guile code: #+BEGIN_SRC scheme ;; two devices in raid0 striped with LUKS full disk encryption. (bootloader (grub-configuration (device "/dev/vdb"))) (mapped-devices (list (mapped-device (source (list "/dev/vdb1" "/dev/vdc1")) (target "/dev/md0") (type raid-device-mapping)) (mapped-device (source (uuid "fb29c6f6-b2c0-4c87-8651-4962b7125dc0")) (target "crypt") (type luks-device-mapping)))) #+END_SRC And this too: #+BEGIN_SRC scheme (file-systems (cons (file-system (device "root") (title 'label) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC The above fails. So tried another install with device like so #+BEGIN_SRC scheme (file-systems (cons (file-system (device "/dev/mapper/crypt") (title 'device) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC That failed, I then tried the UUID method, via =blkid /dev/mapper/crypt=, get the UUID and did another install with this snippet instead: #+BEGIN_SRC scheme (file-systems (cons (file-system (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")) (title 'uuid) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC This fails with waiting for root device. * How to recover a failed install. How to chroot a broken system and fix? You can see why I'm asking this. When my failed crypt install fails, I sometimes just want to reconfigure the system to try another method. Now when I run =guix system init /mnt/etc/config.scm /mnt= to recover the install to the same preveiously install disk it re-downloads, re-compiles and redoes the whole install, instead of just perhaps changing grub to (attempt to) fix my crypt issue. Ideally I want to chroot into the installed (and broken) environment and do a =guix system reconfigure /etc/config.scm=. How can one do this? * How to use a proxy to do the install This is from the boot install media. I've read the docs on using proxy though it's not working like I expect. Prob doing something wrong. I've done the following On tt1 I did =herd stop guix-daemon= Then exported proxy like so: export http_proxy=http://server.domain.co.za:8080/ ; export ftp_proxy=$http_proxy ; export https_proxy=$http_proxy =herd start guix-daemon= =guix package -i something= and note the proxy is not working. Try do the install =guix system init /mnt/etc/config.scm /mnt= and note the proxy env is not being used. Greetings from South Africa :) -- Best regards, Divan Santana