From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 10 20:41:51 2020 Received: (at submit) by debbugs.gnu.org; 11 Jul 2020 00:41:51 +0000 Received: from localhost ([127.0.0.1]:43651 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ju3aM-0004HW-HB for submit@debbugs.gnu.org; Fri, 10 Jul 2020 20:41:50 -0400 Received: from lists.gnu.org ([209.51.188.17]:49560) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ju3aJ-0004HN-6V for submit@debbugs.gnu.org; Fri, 10 Jul 2020 20:41:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60156) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ju3aI-0002zi-Ms for guix-patches@gnu.org; Fri, 10 Jul 2020 20:41:42 -0400 Received: from mx1.dismail.de ([78.46.223.134]:28183) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ju3aG-0000ll-1G for guix-patches@gnu.org; Fri, 10 Jul 2020 20:41:42 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 40200222 for ; Sat, 11 Jul 2020 02:41:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:subject; s=20190914; bh=QjaXeuN+z9J2/XnPOSdQ XROWc55nkNwfaxDQOeR75Zw=; b=tPwPLrSXUHHz9YXngLHu/rydLbjvbW/5i33i uMgZOp5BTneBQPeaBjHQ32IA9pBOaYA2IVbSoSYpaDBXQjoWt5m1Rz0q2ip2fgsP xMW9X04i8QffxQXIfdrRSqpRSeOsAQ5nJvR1o8aYkZixo7aWfdLn1xIxJoi18RNi ILGQ7PFjQ9Z9wWyM6ZSG9dlyTYJe5eYQF12LROiKkOTZnkbCzP0Sbn81AeVI7gMm 7xaC8pmAFE79xj4iiACUfjFbkVniA1XXGBQ17rLMgrZShIt6grPC9Vu5BDgd0RWC foGC3oYNaIJC8xG4ituaPo7PyHqpDVH4SP7IN7uE2PjCD3PT4Q== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id be9a26d5 for ; Sat, 11 Jul 2020 02:41:36 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id d665f7af for ; Sat, 11 Jul 2020 02:41:36 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id a1f7edb9 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Sat, 11 Jul 2020 02:41:32 +0200 (CEST) Date: Fri, 10 Jul 2020 20:41:22 -0400 Message-Id: <87v9iukhn1.fsf@dismail.de> From: Joshua Branson To: guix-patches@gnu.org Subject: Adding a "Running Guix on a Linode" to the cookbook Received-SPF: pass client-ip=78.46.223.134; envelope-from=jbranso@dismail.de; helo=mx1.dismail.de X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/10 20:41:37 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) From: Joshua Branson Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" MIME-Version: 1.0 Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..3ade82af14 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -1347,6 +1347,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. Be sure to add your ssh key for +easy login. We recommend using the default distro as a way to bootstrap +Guix. This is usually done via @code{ssh-copy-id}. + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +VM Mode: Paravirtualization @c{The default?? Does this matter?} + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh root@@}. +Now you can run the "install guix form binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as guix-config.scm: + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ;; Is this a good idea? Well if you don't add it + ;; you have to manually set your user's password + ;; via the glish console... + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too +@end lisp + +Note the same above for root, which I don't feel great about, but +otherwise you'll need to log in via the linode "glish" console to log in +as root and set the user's initial password before you can start using +sudo. @comment {(is there another way around this?)} + +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as +_rsa.pub in the same directory. + +Mount the guix drive: +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) + +Be sure to set your password and root's password. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +BTW, if you save it as a disk image right at this point, you'll have an +easy time spinning up new Guix images! + @node Setting up a bind mount @section Setting up a bind mount -- 2.26.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 21 16:51:56 2020 Received: (at submit) by debbugs.gnu.org; 21 Jul 2020 20:51:56 +0000 Received: from localhost ([127.0.0.1]:40510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxzEy-0000ps-D7 for submit@debbugs.gnu.org; Tue, 21 Jul 2020 16:51:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:46838) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jxzEu-0000pg-0F for submit@debbugs.gnu.org; Tue, 21 Jul 2020 16:51:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46486) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxzEt-0001M5-6z for guix-patches@gnu.org; Tue, 21 Jul 2020 16:51:51 -0400 Received: from dustycloud.org ([50.116.34.160]:38068) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jxzEr-0002Gn-3G for guix-patches@gnu.org; Tue, 21 Jul 2020 16:51:50 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id C511826679; Tue, 21 Jul 2020 16:51:46 -0400 (EDT) References: <87v9iukhn1.fsf@dismail.de> User-agent: mu4e 1.4.9; emacs 26.3 From: Christopher Lemmer Webber To: Joshua Branson , Joshua Branson via Guix-patches Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook In-reply-to: <87v9iukhn1.fsf@dismail.de> Date: Tue, 21 Jul 2020 16:51:46 -0400 Message-ID: <87blk8y4kd.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=50.116.34.160; envelope-from=cwebber@dustycloud.org; helo=dustycloud.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/21 16:44:33 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 42317@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Joshua Branson via Guix-patches via writes: > From: Joshua Branson > Date: Fri, 10 Jul 2020 20:32:30 -0400 > Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode"" > MIME-Version: 1.0 > Content-Type: text/x-patch > Content-Disposition: attachment; > filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch > > * doc/guix-cookbook.texi (Running Guix on a Linode): > I added a section that explains how to run guix on a linode. > Thanks Chris Webber! > --- > doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 180 insertions(+) > > diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi > index f541592d13..3ade82af14 100644 > --- a/doc/guix-cookbook.texi > +++ b/doc/guix-cookbook.texi > @@ -1347,6 +1347,7 @@ reference. > * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. > * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. > * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. > +* Running Guix on a Linode:: Running Guix on a Linode > * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. > * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. > @end menu > @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s > confusion occurs. This can be done by executing @code{xset s activate} immediately > before you execute slock. > > +@node Running Guix on a Linode > +@section Running Guix on a Linode > +@cindex linode > + > +Start with a recommended Debian server. Be sure to add your ssh key for > +easy login. We recommend using the default distro as a way to bootstrap > +Guix. This is usually done via @code{ssh-copy-id}. Huh! I've never used ssh-copy-id before... Regardless, my experience was that Linode's interface it asked me what key I wanted to provide... I just copy-pasta'ed from ~/.ssh/id_.pub How would one do it with ssh-copy-id? > +Power the linode down. In the Linode's Disks/Configurations tab, resize > +the Debian disk to be smaller. 30 GB is recommended. > + > +In the Linode settings, "Add a disk", with the following: > +@itemize @bullet > +@item > +Label: "Guix" > + > +@item > +Filesystem: ext4 > + > +@item > +Set it to the remaining size > +@end itemize > + > +On the "configuration" field that comes with the default image, press > +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" > +label. > + > +Now "Add a Configuration", with the following: > +@itemize @bullet > +@item > +Label: Guix > + > +@item > +VM Mode: Paravirtualization @c{The default?? Does this matter?} We can probably remove this comment I guess? Not sure, especially since I still don't know if it matters. ;) Maybe we could even skip listing it since the default is fine? > +@item > +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) > + > +@item > +Block device assignment: > + > +@item > +/dev/sda: Guix > + > +@item > +/dev/sdb: swap Also note that I made the mistake of never actually using swap in my server configuration. Maybe worth fixing? > +@item > +Root device: /dev/sda > + > +@item > +Turn off all the filesystem/boot helpers > +@end itemize > + > +Now power it back up, picking the Debian configuration. Once it's > +booted up, ssh in your server via @code{ssh root@@}. > +Now you can run the "install guix form binary installer" steps: > + > +@example > +sudo apt-get install gpg > +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - > +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh > +chmod +x guix-install.sh > +./guix-install.sh > +guix pull > +@end example > + > +Now it's time to write out a config for the server. The key information > +is below. Save the resulting file as guix-config.scm: > + > +@lisp > +(use-modules (gnu) > + (guix modules)) > +(use-service-modules networking > + ssh) > +(use-package-modules admin > + certs > + package-management > + ssh > + tls) > + > +(operating-system > + (host-name "my-server") > + (timezone "America/New_York") > + (locale "en_US.UTF-8") > + ;; This goofy code will generate the grub.cfg > + ;; without installing the grub bootloader on disk. > + (bootloader (bootloader-configuration > + (bootloader > + (bootloader > + (inherit grub-bootloader) > + (installer #~(const #t)))))) > + (file-systems (cons (file-system > + (device "/dev/sda") > + (mount-point "/") > + (type "ext4")) > + %base-file-systems)) Presumably, here's where we should add swap. > + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk > + %base-initrd-modules)) > + > + (users (cons (user-account > + (name "janedoe") > + (group "users") > + ;; Adding the account to the "wheel" group > + ;; makes it a sudoer. > + (supplementary-groups '("wheel")) > + (home-directory "/home/janedoe")) > + %base-user-accounts)) > + > + (packages (cons* nss-certs ;for HTTPS access > + openssh-sans-x > + %base-packages)) > + > + (services (cons* > + (service dhcp-client-service-type) > + (service openssh-service-type > + (openssh-configuration > + (openssh openssh-sans-x) > + (password-authentication? #f) > + (authorized-keys > + `(("janedoe" ,(local-file "janedoe_rsa.pub")) > + ;; Is this a good idea? Well if you don't add it > + ;; you have to manually set your user's password > + ;; via the glish console... > + ("root" ,(local-file "janedoe_rsa.pub")))))) > + %base-services))) > +@end lisp > + > +Replace the following fields in the above configuration: > +@lisp > +(host-name "my-server") ; replace with your server name > +(name "janedoe") ; replace with your username > +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too > +@end lisp > + > +Note the same above for root, which I don't feel great about, but > +otherwise you'll need to log in via the linode "glish" console to log in > +as root and set the user's initial password before you can start using > +sudo. @comment {(is there another way around this?)} Maybe the first person could be removed... "which I don't feel great about, but..." with "which doesn't seem great, but..." > +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as > +_rsa.pub in the same directory. > + > +Mount the guix drive: > +@example > +mkdir /mnt/guix > +mount /dev/sdc /mnt/guix > +@end example > + > +Due to the way we set things up above, we do not install Grub > +completely. Instead we install only our grub configuration file. So we > +need to copy over some of the other Grub stuff that is already there: > + > +@example > +mkdir -p /mnt/guix/boot/grub > +cp -r /boot/grub/* /mnt/guix/boot/grub/ > +@end example > + > +Now initialize the Guix installation: > +@example > +guix system init guix-config.scm /mnt/guix > +@end example > + > +Ok, power it down! > +Now from the linode console, select boot and select "Guix". > + > +Once it boots, you should be able to log in via ssh! (The server > +config will have changed though.) > + > +Be sure to set your password and root's password. > + > +Horray! At this point you can shut down the server, delete the > +Debian disk, and resize the Guix to the rest of the size. > +Congratulations! > + > +BTW, if you save it as a disk image right at this point, you'll have an > +easy time spinning up new Guix images! > + > @node Setting up a bind mount > @section Setting up a bind mount Fantastic! It otherwise looks good to me. From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 07 13:15:34 2020 Received: (at 42317) by debbugs.gnu.org; 7 Aug 2020 17:15:34 +0000 Received: from localhost ([127.0.0.1]:57472 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k45xt-0002Qs-WC for submit@debbugs.gnu.org; Fri, 07 Aug 2020 13:15:34 -0400 Received: from mx1.dismail.de ([78.46.223.134]:34614) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k45xr-0002Qd-Bv for 42317@debbugs.gnu.org; Fri, 07 Aug 2020 13:15:32 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id cc147c61 for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:15:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=vUgMcGsGp0eL5E0htmR/IbKxW+u4XNTyZ4 2jmACUJUY=; b=gjPP/Qme5GIdjERLGg2sO6dxzorM1poE50B2zWav2BaTLqyGpA 2mBjalOyYSoNM0Um3i0rW7StJ6uU+bTnkv8eXzCmxYCwyCgEvQbQmtsbEmt3VDi+ O0wpXHRew72dQhH1n8l4UrG7QwHq50vmqfgUgk1vVOHpLox3WYhKM9zNVQEiLEC1 3U8dw5rSBNcOpqQiAVD8Rz427MvF5ePED+mMf5Nimu/z5x0Ze6c+TOS5VYAXynaA 2TtOUYmHdrLb2iQjSXcVQdqNwwajuKjmkmn6gwpvjNzLsteIndGR+2dmHumve0iV HAgTy05yEGMwpApKI0U/kfzdWjXkXjkX3dhA== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id ebb8a14f for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:15:24 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id a3ef4e43 for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:15:23 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 5e266ffc (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:15:23 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> Date: Fri, 07 Aug 2020 13:15:19 -0400 In-Reply-To: <87blk8y4kd.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Tue, 21 Jul 2020 16:51:46 -0400") Message-ID: <87bljms7h4.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > +Replace the following fields in the above configuration: > +@lisp > +(host-name "my-server") ; replace with your server name > +(name "janedoe") ; replace with your username > +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too > +@end lisp > + > +Note the same above for root, which I don't feel great about, but > +otherwise you'll need to log in via the linode "glish" console to log in > +as root and set the user's initial password before you can start using > +sudo. @comment {(is there another way around this?)} I'm not certain how I need to change the configuration here... I just deleted the "Note the same above for root" paragraph. Can you give me some direction? -- Joshua Branson Sent from Emacs and Gnus From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 07 13:16:11 2020 Received: (at 42317) by debbugs.gnu.org; 7 Aug 2020 17:16:11 +0000 Received: from localhost ([127.0.0.1]:57477 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k45yV-0002SO-7k for submit@debbugs.gnu.org; Fri, 07 Aug 2020 13:16:11 -0400 Received: from mx1.dismail.de ([78.46.223.134]:33642) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k45yS-0002Rs-Sn for 42317@debbugs.gnu.org; Fri, 07 Aug 2020 13:16:09 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 09c4f512 for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:16:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding:content-description; s= 20190914; bh=fSU56Yi5hWZK7WDmnHMuHcsP5m1hX6Ixv/A2iaRvF4c=; b=p18 ZjB6WGjk4BQpzrH/xBdUI+4FHfZZPpC4Kvrv8lodGEO+pYvDK5klZ1M2yHphh8ZP q+Tw6LsLjyvwvfx+oKSK0Wr7iIRbSkp3ZVRPvs4B/2drs6pSCvEKGptO2k67Zhcp noyvjGtmtHh48Kk2u3VDNya6jT0ypJgCYSRGntWas/uqWkqEbFRU4aVI1ePqxlRY xs9Kr4F00oZEXWAeNoJUAnt5HjSS5TAe03LWBZe+ONiEfUrFsmmxawaMk9SiQl7b d9iro36mgdv2jGzU/BSeA47KDhhORmSMm+g2uH80Xm79iRKeaSG7NgQMNpYgtZiN hiGuOm4HMGe3OL5zEeA== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id e1a0a634 for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:16:02 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id 9560e9c1 for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:16:02 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 266868eb (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Fri, 7 Aug 2020 19:16:01 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> Date: Fri, 07 Aug 2020 13:16:00 -0400 In-Reply-To: <87blk8y4kd.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Tue, 21 Jul 2020 16:51:46 -0400") Message-ID: <878seqs7fz.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch Content-Transfer-Encoding: quoted-printable Content-Description: running linode on a cookbook X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) >From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001 From: Joshua Branson Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode= "" * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0d6d28a419 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel = on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager = on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems de= finition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitute= s through Tor. @end menu @@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to= notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} imm= ediately before you execute slock. =20 +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Be sure to add your ssh key for easy +login to the remote server. This is usually done via +@code{ssh-copy-id}. For example, create your ssh keys, then you can +upload your keys to the remote server like so: + +@example +ssh-keygen +ssh-copy-id username@@ +@end example + +You can also use linode's graphical interface for adding ssh keys. Just +copy your local file @code{~/.ssh/id_.pub}. + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh root@@}. +Now you can run the "install guix form binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=3D15145 -qO - | gpg --i= mport - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as guix-config.scm: + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ;; Is this a good idea? Well if you don't add it + ;; you have to manually set your user's password + ;; via the glish console... + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +(name "janedoe") ; replace with your username on the remote ser= ver +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too +@end lisp + +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as +_rsa.pub in the same directory. + +Mount the guix drive: +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) + +Be sure to set your password and root's password. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +BTW, if you save it as a disk image right at this point, you'll have an +easy time spinning up new Guix images! + @node Setting up a bind mount @section Setting up a bind mount =20 --=20 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 07 17:11:28 2020 Received: (at submit) by debbugs.gnu.org; 7 Aug 2020 21:11:28 +0000 Received: from localhost ([127.0.0.1]:57648 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k49eB-0007yH-V1 for submit@debbugs.gnu.org; Fri, 07 Aug 2020 17:11:28 -0400 Received: from lists.gnu.org ([209.51.188.17]:53646) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k49e9-0007y2-RA for submit@debbugs.gnu.org; Fri, 07 Aug 2020 17:11:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37246) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k49e9-0000dB-Mp for guix-patches@gnu.org; Fri, 07 Aug 2020 17:11:25 -0400 Received: from dustycloud.org ([50.116.34.160]:41048) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k49e8-0007zU-0m for guix-patches@gnu.org; Fri, 07 Aug 2020 17:11:25 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id CEB0026650; Fri, 7 Aug 2020 17:11:21 -0400 (EDT) References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <87bljms7h4.fsf@dismail.de> User-agent: mu4e 1.4.10; emacs 26.3 From: Christopher Lemmer Webber To: Joshua Branson , Joshua Branson via Guix-patches Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook In-reply-to: <87bljms7h4.fsf@dismail.de> Date: Fri, 07 Aug 2020 17:11:21 -0400 Message-ID: <87ft8y88li.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=50.116.34.160; envelope-from=cwebber@dustycloud.org; helo=dustycloud.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/07 17:11:22 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 42317@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Joshua Branson via Guix-patches via writes: >> +Replace the following fields in the above configuration: >> +@lisp >> +(host-name "my-server") ; replace with your server name >> +(name "janedoe") ; replace with your username >> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too >> +@end lisp >> + >> +Note the same above for root, which I don't feel great about, but >> +otherwise you'll need to log in via the linode "glish" console to log in >> +as root and set the user's initial password before you can start using >> +sudo. @comment {(is there another way around this?)} > > I'm not certain how I need to change the configuration here... I just > deleted the "Note the same above for root" paragraph. Can you give me > some direction? Easiest path is to just add ;; Allow root login to allow easy login before you set up your ;; initial password for sudo purposes. You can remove this line ;; after you log in and set your initial user password. ("root" ,(local-file "janedoe_rsa.pub") after the janedoe thing and delete that whole paragraph. That provides an easyish way to deal with things... if someone is uncomfortable with having a root login, I suppose they have enough experience to know how to remove this later if they want. Great work on this, with that change I think it looks good to go! From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 08 17:57:45 2020 Received: (at 42317) by debbugs.gnu.org; 8 Aug 2020 21:57:45 +0000 Received: from localhost ([127.0.0.1]:59685 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4WqX-00088p-0s for submit@debbugs.gnu.org; Sat, 08 Aug 2020 17:57:45 -0400 Received: from mx1.dismail.de ([78.46.223.134]:12298) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4WqU-00088Z-Tb for 42317@debbugs.gnu.org; Sat, 08 Aug 2020 17:57:43 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id be4a53f0 for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:57:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=YoRxI4qPX+AYsYoIFHVlWlf6jTcZYxOjYA Qkln8g8dg=; b=JBEPEPRhsxU3BnU/WV17NdSnPBcztbvMaqZHdiPla3LL76zKAR 2f2xCiSePI2R1eT9WrJTcHgpbKxTFZKMv0HcicFp3897VHu3R3A8+99JG6V48MLr XjPi4miLnqB3D6lDtqZChrIJqWCzBB7Mb5DPnU1aidjJ8I/ZFHGXv682gODC0QjF 2peHzBRq+YlKgBnd18ycrfeL+ppBhsCEwVhZGBxTAEes8sKoueCUvHGi94kedKMA yoJStW1ERaWONsoDIV+0FCTjpvOVMeF2OQ8/AJnDPznz1BXx5Q6sUsJA+kpvpZEP mg99ghMx3EHeyaGleB8WIFMJw8zO9OM+cILQ== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 31cdd46c for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:57:34 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 18722c00 for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:57:34 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 97a4cb52 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:57:34 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <87bljms7h4.fsf@dismail.de> <87ft8y88li.fsf@dustycloud.org> Date: Sat, 08 Aug 2020 17:57:32 -0400 In-Reply-To: <87ft8y88li.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Fri, 07 Aug 2020 17:11:21 -0400") Message-ID: <87a6z4n6lv.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey Chris, So I'm made some more edits to the guide about setting up a linode. Namely, I removed the bit about ssh-copy-id. It's just easier to use linode's interface. I also added some sftp commands for uploading the ssh key and guix-config.scm file. There are a smattering of other edits. I actually followed your guide and set up my linode! Thanks for writing this up! My next email will have the updated patch. P.S. The only issue that I currently have is that I can ssh into the linode server as my regular user, but I cannot ssh in as a root user...Maybe as a next exercise I'll try to add to the cookbook how to use guix deploy on a linode server...because that would be cool! -- Joshua Branson Sent from Emacs and Gnus From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 08 17:59:03 2020 Received: (at 42317) by debbugs.gnu.org; 8 Aug 2020 21:59:03 +0000 Received: from localhost ([127.0.0.1]:59695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4Wrm-0008Bg-Hg for submit@debbugs.gnu.org; Sat, 08 Aug 2020 17:59:03 -0400 Received: from mx1.dismail.de ([78.46.223.134]:37229) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k4Wrj-0008Aq-Gm for 42317@debbugs.gnu.org; Sat, 08 Aug 2020 17:59:00 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 53a8a27c for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding:content-description; s= 20190914; bh=6d8I9P1UJvA70Y1huEN1KzYKWKebhGxU7qJ8NwqYm+I=; b=l/S Wqhu1lkgBhTrw7n2uNVR7JUYsjYWw9k0DCLSL/y+Ew3m+HNEN07Zd8wW63CZd91A nAJmUPyi94HIKFOsSREE30PdPIKlofKTXVHW6QJGHkmDzKN/QPRIvOjXHsHP7Ejc UVfgndUE6rNJ2GDDhHhFubQoSvTf1MWGd/L6N9NfT73jOz+P4yo5Or06e83ojCIL x+wt0HU5DWGSZeynQdRAVO41xrXkwrdUNeExOE9FJZXj8MFg2wp79avKoVX9s4tK R++qh0zIi4sWtKC0EVtvx8oR2V6nMAhVnYtkVdyXT0BPXSHr9SOerD5P8vvFTWV6 Nx/x1C9Kl40eEueM+Cw== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id f57a8b28 for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id fb6daeca for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:53 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 7772dae7 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Sat, 8 Aug 2020 23:58:52 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <878seqs7fz.fsf@dismail.de> Date: Sat, 08 Aug 2020 17:58:50 -0400 In-Reply-To: <878seqs7fz.fsf@dismail.de> (Joshua Branson's message of "Fri, 07 Aug 2020 13:16:00 -0400") Message-ID: <875z9sn6jp.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch Content-Transfer-Encoding: quoted-printable Content-Description: running guix on a linode X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) >From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001 From: Joshua Branson Date: Fri, 10 Jul 2020 20:32:30 -0400 Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode= "" * doc/guix-cookbook.texi (Running Guix on a Linode): I added a section that explains how to run guix on a linode. Thanks Chris Webber! --- doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..a907ddaf33 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel = on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager = on Guix System. +* Running Guix on a Linode:: Running Guix on a Linode * Setting up a bind mount:: Setting up a bind mount in the file-systems de= finition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitute= s through Tor. @end menu @@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to= notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} imm= ediately before you execute slock. =20 +@node Running Guix on a Linode +@section Running Guix on a Linode +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your ssh keys. + +@example +ssh-keygen +@end example + +Be sure to add your ssh key for easy login to the remote server. This +is trivially done via linode's graphical interface for adding ssh keys. +Go to your profile and click add SSH Key. Copy into it the output of: + +@example +cat ~/.ssh/_rsa.pub +@end example + +Power the linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: Grub 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@}. (You can find your server ip address in +your Linode Summary section.) Now you can run the "install guix from +binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=3D15145 -qO - | gpg --i= mport - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @code{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as +_rsa.pub and your @code{guix-config.scm} in the same +directory. In a new terminal run these commands. + +@example +sftp root@@ +put /home//ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install Grub +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other Grub stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via ssh! (The server +config will have changed though.) You may encounter an error like: + +@example +$ ssh root@@ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this m= essage. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict = checking. +Host key verification failed. +@end example + +Either delete ~/.ssh/known_hosts file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@ +passwd ; for the root password +passwd ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues ssh-ing into your box, then you may still need to set your +root and user password initially by clicking on the ``Launch Console'' +option in your linode. Choose the ``Glish'' instead of ``Weblish''. +Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount =20 --=20 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 31 06:33:27 2020 Received: (at 42317) by debbugs.gnu.org; 31 Aug 2020 10:33:27 +0000 Received: from localhost ([127.0.0.1]:51636 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCh7v-00007w-4L for submit@debbugs.gnu.org; Mon, 31 Aug 2020 06:33:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCh7t-00007j-RP for 42317@debbugs.gnu.org; Mon, 31 Aug 2020 06:33:26 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:54184) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCh7n-0004WF-Lk; Mon, 31 Aug 2020 06:33:19 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=35994 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kCh7n-0007K0-5q; Mon, 31 Aug 2020 06:33:19 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Joshua Branson Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <878seqs7fz.fsf@dismail.de> <875z9sn6jp.fsf@dismail.de> Date: Mon, 31 Aug 2020 12:33:16 +0200 In-Reply-To: <875z9sn6jp.fsf@dismail.de> (Joshua Branson's message of "Sat, 08 Aug 2020 17:58:50 -0400") Message-ID: <871rjnf6kz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 Cc: 42317@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Joshua Branson scribes: >>>From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001 > From: Joshua Branson > Date: Fri, 10 Jul 2020 20:32:30 -0400 > Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Lino= de"" > > * doc/guix-cookbook.texi (Running Guix on a Linode): > I added a section that explains how to run guix on a linode. > Thanks Chris Webber! Minor issue: s/on a Linode/on a Linode Server/ or: s/on a Linode/on Linode/ ? Also, s/Grub/GRUB/, s/ssh/SSH/, s/linode/Linode, and perhaps @code or @file here and there would be welcome. But these are details, the post looks great! Let me know if you can send an updated version or if I should adjust these for you. Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 31 22:08:46 2020 Received: (at 42317) by debbugs.gnu.org; 1 Sep 2020 02:08:46 +0000 Received: from localhost ([127.0.0.1]:54278 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCvj3-0004g6-VP for submit@debbugs.gnu.org; Mon, 31 Aug 2020 22:08:46 -0400 Received: from mx1.dismail.de ([78.46.223.134]:41176) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCvj2-0004fl-AA for 42317@debbugs.gnu.org; Mon, 31 Aug 2020 22:08:44 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 67e31d86; Tue, 1 Sep 2020 04:08:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=8YnFe45epkZrR0JqSPh5W/xheuCRGvZw3Y 6Qt5WvOn0=; b=uHpekO0Er7YElu8HNOz3OjVKOGtL6fjN9M59q+ABnFFyOfRjBN Jl6GApXtxYIIpHOXOYP0um6h0SkfQGrdQWVSvdtpWdY0cdVNV+z17Tli5sUlq1Zq hqnzdxcBBb/ZeIS+04EtaiTxiJ+QEnn3AV8+RTlUedlchXoefRE+2kvUBfvnGbgN 1PfYMFEjTdfRIi1xdj0SkoPoo9+SIaL3VJhQOchMYi1T4RMlkrfPDTGnNWvfgfUK M6xNrkxbX+fCzE8jROKCsRoSz3wVIWLxRh4WoFGXstafH3JDd49YtUJfvzj6i013 7C6Jwqp3XhI8vRmgkQp+N2mZ40XYiv6PVJgg== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 3b29dfa9; Tue, 1 Sep 2020 04:08:36 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 217efd09; Tue, 1 Sep 2020 04:08:36 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 515bcffe (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 1 Sep 2020 04:08:36 +0200 (CEST) From: Joshua Branson To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook References: <87v9iukhn1.fsf@dismail.de> <87blk8y4kd.fsf@dustycloud.org> <878seqs7fz.fsf@dismail.de> <875z9sn6jp.fsf@dismail.de> <871rjnf6kz.fsf@gnu.org> Date: Mon, 31 Aug 2020 22:08:40 -0400 In-Reply-To: <871rjnf6kz.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 31 Aug 2020 12:33:16 +0200") Message-ID: <87sgc28d07.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 Cc: 42317@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) I will send an updated patch tomorrow after work. You should see a new patch by late afternoon. Thanks, Joshua -- Joshua Branson Sent from Emacs and Gnus From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 01 06:46:15 2020 Received: (at 42317) by debbugs.gnu.org; 1 Sep 2020 10:46:15 +0000 Received: from localhost ([127.0.0.1]:55193 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD3nq-0001Tl-WC for submit@debbugs.gnu.org; Tue, 01 Sep 2020 06:46:15 -0400 Received: from mx1.dismail.de ([78.46.223.134]:48977) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD3no-0001TS-NN for 42317@debbugs.gnu.org; Tue, 01 Sep 2020 06:46:14 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 4dc1c2cb for <42317@debbugs.gnu.org>; Tue, 1 Sep 2020 12:46:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=20190914; bh=wtTN1o3nRJuG/G6W+ZFq7 GcJAoMkb6nOSjmb5cqjC44=; b=S68rcILqBw13nqPCqkpCV9ZfOSw7k0ptVpgM6 HdpuUVPvXhw41L8QpGewZoYMT6Mw5eMUlbIRG6TMZFJQOw6jf4Tm3oNt1OxFD/R0 ZJLTQ2LgK4Z1LRNwDQb5LpRPNODZGWmzjzebU7hKTSjvj8a6TOsT13T3r6Vop92b rgCSc1vA+BoR/eB/uZNZJ/xhzJtQRromBehtmcOQ93Xu9i3UOrOQ6CV34atP5lX4 5t2DHRWzV6D/q+bTS/aa6Dlp3VqF2YRm2tlYxOOaAw0g/lcnkLT4q0VjVCNK4Cqx ZkIhVma3SKgqk0/jLHDUYnli0vDUfosCVZ4NvxnC13WlbaD8g== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 31f4e3bf for <42317@debbugs.gnu.org>; Tue, 1 Sep 2020 12:46:05 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id df2c5143 for <42317@debbugs.gnu.org>; Tue, 1 Sep 2020 12:46:05 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 0d275d6c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 1 Sep 2020 12:45:59 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server Date: Tue, 1 Sep 2020 06:45:04 -0400 Message-Id: <20200901104505.31147-1-jbranso@dismail.de> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 Cc: Joshua Branson X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * doc/guix-cookbook.texi (Running Guix on a Linode Server): I added a section that explains how to run guix on a linode server. Thanks Chris Webber! --- doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 241 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0521c29a35 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode Server:: Running Guix on a Linode Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,245 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode Server +@section Running Guix on a Linode Server +@cindex linode + +Start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your @code{SSH} keys. + +@example +ssh-keygen +@end example + +Be sure to add your @code{SSH key} for easy login to the remote server. +This is trivially done via linode's graphical interface for adding @code{SSH +keys}. Go to your profile and click add @code {SSH Key}. Copy into it +the output of: + +@example +cat ~/.ssh/_rsa.pub +@end example + +Power the @code {Linode} down. In the @code{Linode's} +Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is +recommended. + +In the @code{Linode} settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel: @code {GRUB 2} (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +/dev/sda: Guix + +@item +/dev/sdb: swap + +@item +Root device: /dev/sda + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@}. (You can find your server ip address in +your Linode Summary section.) Now you can run the "install guix from +binary installer" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @code{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your @code{ssh public key} (eg: @code{~/.ssh/id_rsa.pub}) as +_rsa.pub and your @code{guix-config.scm} in the same +directory. In a new terminal run these commands. + +@example +sftp root@@ +put /home//ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install @code{GRUB} +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other @code{GRUB} stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the @code{Linode} console, select boot and select "Guix". + +Once it boots, you should be able to log in via @code{SSH}! (The server +config will have changed though.) You may encounter an error like: + +@example +$ ssh root@@ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict checking. +Host key verification failed. +@end example + +Either delete ~/.ssh/known_hosts file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@ +passwd ; for the root password +passwd ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues @code{SSH-ing} into your box, then you may still need to set +your root and user password initially by clicking on the ``Launch +Console'' option in your linode. Choose the ``Glish'' instead of +``Weblish''. Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 07 09:59:28 2020 Received: (at 42317) by debbugs.gnu.org; 7 Sep 2020 13:59:28 +0000 Received: from localhost ([127.0.0.1]:50302 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFHg8-000164-1J for submit@debbugs.gnu.org; Mon, 07 Sep 2020 09:59:28 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59306) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFHg6-00015s-5j for 42317@debbugs.gnu.org; Mon, 07 Sep 2020 09:59:26 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42435) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFHfz-0003YW-Rc; Mon, 07 Sep 2020 09:59:19 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=44434 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFHfx-0003D1-6R; Mon, 07 Sep 2020 09:59:17 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Joshua Branson Subject: Re: [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server References: <87v9iukhn1.fsf@dismail.de> <20200901104505.31147-1-jbranso@dismail.de> Date: Mon, 07 Sep 2020 15:59:11 +0200 In-Reply-To: <20200901104505.31147-1-jbranso@dismail.de> (Joshua Branson's message of "Tue, 1 Sep 2020 06:45:04 -0400") Message-ID: <871rjdit74.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 Cc: 42317@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Joshua, Thanks for following up on this! Minor comments: Joshua Branson skribis: > +@node Running Guix on a Linode Server > +@section Running Guix on a Linode Server > +@cindex linode > + > +Start with a recommended Debian server. We recommend using the default ^ I=E2=80=99d start the sentence with something like =E2=80=9CTo run Guix on = a server hosted by @uref{https://www.linode.com/, Linode}, start with a =E2=80=A6=E2= =80=9D. (That makes it clear what we=E2=80=99re talking about, what Linode is, etc.) > +distro as a way to bootstrap Guix. Create your @code{SSH} keys. [...] > +Be sure to add your @code{SSH key} for easy login to the remote server. [...] > +Power the @code {Linode} down. In the @code{Linode's} I realize I wasn=E2=80=99t clear: @code is for code snippets. When referri= ng to Linode (the service/company) or SSH (the protocol), just write it as is, without @code. You would use @code for a command (like @code{rm -rf /foo}) and @file for a file name (like @file{/dev/sdc}). Text enclosed in @code or @file is rendered with a fixed-width font and possibly a different background color. > +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix" ^ @file here. > +root@@}. (You can find your server ip address in ^ @var{your-server-ip-here} And s/ip/IP/. Let me know if you can take care of those last (I promise!) changes. Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 07 11:10:49 2020 Received: (at 42317) by debbugs.gnu.org; 7 Sep 2020 15:10:49 +0000 Received: from localhost ([127.0.0.1]:50413 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFInB-00054W-B7 for submit@debbugs.gnu.org; Mon, 07 Sep 2020 11:10:49 -0400 Received: from mx1.dismail.de ([78.46.223.134]:1926) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFIn9-00054F-0S for 42317@debbugs.gnu.org; Mon, 07 Sep 2020 11:10:47 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 8fe31845 for <42317@debbugs.gnu.org>; Mon, 7 Sep 2020 17:10:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=TP7s8Tkv47JmhKMaiQGboBAQHsIErI4fu3 yRZb/Jt5g=; b=gVk04CEDSQ4YgP0HamN1dyYXRYjINfpsMQXi+YBlaDlu9Huq4H elkeaCgsdZpGVwu//42kgiIFEGpZmz1EOAu2oEGyjP73AwgQu79sPHXPxaangOXZ GPOzu8Refte5Q1m5jucxNIrhu0rhcBBwIpGQoM8KhxvXT2ert1CuGidRxEeyJu8L NHIdlyUUnX3NuQT3DNGH9Fyrq2iz5ulW2ra2xprcLsubm4iB6WJl5hA+0XXrj8nW 1PSQB/dq22lFeqIBtM9c0HkyZintOYAjhWSmQDtyegaOPjkjlRryTLsy9FfT7FS5 XxqRKwUU1LF82Nq5cPJbeutTvRLhLQFjjV9w== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 7b95a89f for <42317@debbugs.gnu.org>; Mon, 7 Sep 2020 17:10:39 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id f8ee2c50 for <42317@debbugs.gnu.org>; Mon, 7 Sep 2020 17:10:39 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id badcef6a (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <42317@debbugs.gnu.org>; Mon, 7 Sep 2020 17:10:39 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: Re: [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server References: <87v9iukhn1.fsf@dismail.de> <20200901104505.31147-1-jbranso@dismail.de> <871rjdit74.fsf@gnu.org> Date: Mon, 07 Sep 2020 11:10:44 -0400 In-Reply-To: <871rjdit74.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Mon, 07 Sep 2020 15:59:11 +0200") Message-ID: <87d02xoc5n.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Yes I will make these changes, and re-submit them. :) Thanks, Joshua P.S. Should I follow up to mailing lists via responding only to the mailing list? Or would you prefer that I CC your email address? -- Joshua Branson Sent from Emacs and Gnus From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 08 10:31:57 2020 Received: (at 42317) by debbugs.gnu.org; 8 Sep 2020 14:31:57 +0000 Received: from localhost ([127.0.0.1]:55791 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFef3-00025I-9O for submit@debbugs.gnu.org; Tue, 08 Sep 2020 10:31:57 -0400 Received: from mx1.dismail.de ([78.46.223.134]:42180) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFef0-00024f-CX for 42317@debbugs.gnu.org; Tue, 08 Sep 2020 10:31:51 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 46b6618e; Tue, 8 Sep 2020 16:31:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=20190914; bh=VUCKYnezCaN91IVT6jVPD YGOOpeVX0+QXXaEPw5eWLI=; b=YaU95IFqcfUylxJbCgl5TB8GEkt6Y5Fw4DA3n QecMTu8cwXSp27q4oADUkfAxFKzi16tIhCHrYSTIapqWR7akPuzM0DpQK1OfLbCg 7QVRyhafoBiLXSsTss5IqyNqq7RDJTw66iU3i+ymzColQ0Xekb2hHX6+RaVazx53 yig1DNKBKF30I7LATSy+bj+xT8QY7kCiMHWj4oZl0QUOJ9nzFJgHz4FQOvLLTvrF qNK7UmRWUIas6VGo4kUigfpr9jVy8KlgT1K4V6M2qxYZWERMam1tCRgaFIrER3cR 7/dokJLHT1B2ZLQnLirmthNsxLS7A0Savaf6pJ1tP+c3vW8UA== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 4ae43d51; Tue, 8 Sep 2020 16:31:43 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 6ecfda36; Tue, 8 Sep 2020 16:31:43 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id ed5c50cb (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 8 Sep 2020 16:31:41 +0200 (CEST) From: Joshua Branson To: 42317@debbugs.gnu.org Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" Date: Tue, 8 Sep 2020 10:31:26 -0400 Message-Id: <20200908143126.6623-1-jbranso@dismail.de> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317 Cc: ludo@gnu.org, jbranso@dismail.de X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * doc/guix-cookbook.texi (Running Guix on a Linode Server): I added a section that explains how to run guix on a linode server. Thanks Chris Webber! --- doc/guix-cookbook.texi | 242 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f541592d13..0d15d658e9 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Christopher Lemmer Webber Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1347,6 +1348,7 @@ reference. * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Running Guix on a Linode Server:: Running Guix on a Linode Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. @end menu @@ -1759,6 +1761,246 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock. +@node Running Guix on a Linode Server +@section Running Guix on a Linode Server +@cindex linode, Linode + +To run Guix on a server hosted by @uref{https://www.linode.com, Linode}, +start with a recommended Debian server. We recommend using the default +distro as a way to bootstrap Guix. Create your SSH keys. + +@example +ssh-keygen +@end example + +Be sure to add your SSH key for easy login to the remote server. +This is trivially done via Linode's graphical interface for adding +SSH keys. Go to your profile and click add SSH Key. +Copy into it the output of: + +@example +cat ~/.ssh/_rsa.pub +@end example + +Power the Linode down. In the Linode's Disks/Configurations tab, resize +the Debian disk to be smaller. 30 GB is recommended. + +In the Linode settings, "Add a disk", with the following: +@itemize @bullet +@item +Label: "Guix" + +@item +Filesystem: ext4 + +@item +Set it to the remaining size +@end itemize + +On the "configuration" field that comes with the default image, press +"..." and select "Edit", then on that menu add to @file{/dev/sdc} the "Guix" +label. + +Now "Add a Configuration", with the following: +@itemize @bullet +@item +Label: Guix + +@item +Kernel:GRUB 2 (it's at the bottom! This step is @b{IMPORTANT!}) + +@item +Block device assignment: + +@item +@file{/dev/sda}: Guix + +@item +@file{/dev/sdb}: swap + +@item +Root device: @file{/dev/sda} + +@item +Turn off all the filesystem/boot helpers +@end itemize + +Now power it back up, picking the Debian configuration. Once it's +booted up, ssh in your server via @code{ssh +root@@@var{}}. (You can find your server IP address in +your Linode Summary section.) Now you can run the "install guix from +@pxref{Binary Installation,,, guix, GNU Guix}" steps: + +@example +sudo apt-get install gpg +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import - +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Now it's time to write out a config for the server. The key information +is below. Save the resulting file as @file{guix-config.scm}. + +@lisp +(use-modules (gnu) + (guix modules)) +(use-service-modules networking + ssh) +(use-package-modules admin + certs + package-management + ssh + tls) + +(operating-system + (host-name "my-server") + (timezone "America/New_York") + (locale "en_US.UTF-8") + ;; This goofy code will generate the grub.cfg + ;; without installing the grub bootloader on disk. + (bootloader (bootloader-configuration + (bootloader + (bootloader + (inherit grub-bootloader) + (installer #~(const #t)))))) + (file-systems (cons (file-system + (device "/dev/sda") + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + + (swap-devices (list "/dev/sdb")) + + + (initrd-modules (cons "virtio_scsi" ; Needed to find the disk + %base-initrd-modules)) + + (users (cons (user-account + (name "janedoe") + (group "users") + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. + (supplementary-groups '("wheel")) + (home-directory "/home/janedoe")) + %base-user-accounts)) + + (packages (cons* nss-certs ;for HTTPS access + openssh-sans-x + %base-packages)) + + (services (cons* + (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (password-authentication? #f) + (authorized-keys + `(("janedoe" ,(local-file "janedoe_rsa.pub")) + ("root" ,(local-file "janedoe_rsa.pub")))))) + %base-services))) +@end lisp + +Replace the following fields in the above configuration: +@lisp +(host-name "my-server") ; replace with your server name +; if you chose a linode server outside the U.S., then +; use tzselect to find a correct timezone string +(timezone "America/New_York") ; if needed replace timezone +(name "janedoe") ; replace with your username +("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key +@end lisp + +The last line in the above example lets you log into the server as root +and set the initial root password. After you have done this, you may +delete that line from your configuration and reconfigure to prevent root +login. + +Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as +@file{@var{}_rsa.pub} and your +@file{guix-config.scm} in the same directory. In a new terminal run +these commands. + +@example +sftp root@@ +put /home//ssh/id_rsa.pub . +put /path/to/linode/guix-config.scm . +@end example + +In your first terminal, mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/sdc /mnt/guix +@end example + +Due to the way we set things up above, we do not install GRUB +completely. Instead we install only our grub configuration file. So we +need to copy over some of the other GRUB stuff that is already there: + +@example +mkdir -p /mnt/guix/boot/grub +cp -r /boot/grub/* /mnt/guix/boot/grub/ +@end example + +Now initialize the Guix installation: + +@example +guix system init guix-config.scm /mnt/guix +@end example + +Ok, power it down! +Now from the Linode console, select boot and select "Guix". + +Once it boots, you should be able to log in via SSH! (The server config +will have changed though.) You may encounter an error like: + +@example +$ ssh root@@ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! +Someone could be eavesdropping on you right now (man-in-the-middle attack)! +It is also possible that a host key has just been changed. +The fingerprint for the ECDSA key sent by the remote host is +SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4. +Please contact your system administrator. +Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message. +Offending ECDSA key in /home/joshua/.ssh/known_hosts:3 +ECDSA host key for 198.58.98.76 has changed and you have requested strict checking. +Host key verification failed. +@end example + +Either delete @file{~/.ssh/known_hosts} file, or delete the offending line +starting with your server IP address. + +Be sure to set your password and root's password. + +@example +ssh root@@ +passwd ; for the root password +passwd ; for the user password +@end example + +You may not be able to run the above commands at this point. If you +have issues remotely logging into your linode box via SSH, then you may +still need to set your root and user password initially by clicking on +the ``Launch Console'' option in your linode. Choose the ``Glish'' +instead of ``Weblish''. Now you should be able to ssh into the machine. + +Horray! At this point you can shut down the server, delete the +Debian disk, and resize the Guix to the rest of the size. +Congratulations! + +By the way, if you save it as a disk image right at this point, you'll +have an easy time spinning up new Guix images! You may need to +down-size the Guix image to 6144MB, to save it as an image. Then you +can resize it again to the max size. + @node Setting up a bind mount @section Setting up a bind mount -- 2.28.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 09 03:21:59 2020 Received: (at 42317-done) by debbugs.gnu.org; 9 Sep 2020 07:21:59 +0000 Received: from localhost ([127.0.0.1]:56994 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFuQZ-0001bw-Ii for submit@debbugs.gnu.org; Wed, 09 Sep 2020 03:21:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kFuQY-0001bk-4Q for 42317-done@debbugs.gnu.org; Wed, 09 Sep 2020 03:21:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57126) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kFuQS-0005DG-QK; Wed, 09 Sep 2020 03:21:52 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54452 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kFuQS-0005fo-9T; Wed, 09 Sep 2020 03:21:52 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Joshua Branson Subject: Re: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode Server" References: <20200908143126.6623-1-jbranso@dismail.de> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 24 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 09 Sep 2020 09:21:46 +0200 In-Reply-To: <20200908143126.6623-1-jbranso@dismail.de> (Joshua Branson's message of "Tue, 8 Sep 2020 10:31:26 -0400") Message-ID: <874ko7o1o5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 42317-done Cc: 42317-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Joshua, Joshua Branson skribis: > * doc/guix-cookbook.texi (Running Guix on a Linode Server): > I added a section that explains how to run guix on a linode server. > Thanks Chris Webber! Applied, thank you! Ludo=E2=80=99. From unknown Tue Jun 17 01:48:03 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 07 Oct 2020 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator