Package: guix-patches;
Reported by: Thomas Ieong <th.ieong <at> free.fr>
Date: Fri, 7 Apr 2023 17:49:01 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: help-debbugs <at> gnu.org (GNU bug Tracking System) To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: tracker <at> debbugs.gnu.org Subject: bug#62716: closed ([PATCH] gnu: Add a section to the cookbook.) Date: Sat, 02 Sep 2023 03:14:01 +0000
[Message part 1 (text/plain, inline)]
Your message dated Fri, 01 Sep 2023 23:13:03 -0400 with message-id <87wmx9z2rk.fsf_-_ <at> gmail.com> and subject line Re: bug#62716: [PATCH] gnu: Add a section to the cookbook. has caused the debbugs.gnu.org bug report #62716, regarding [PATCH] gnu: Add a section to the cookbook. to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs <at> gnu.org.) -- 62716: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62716 GNU Bug Tracking System Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
From: Thomas Ieong <th.ieong <at> free.fr> To: guix-patches <at> gnu.org Cc: Thomas Ieong <th.ieong <at> free.fr> Subject: [PATCH] gnu: Add a section to the cookbook. Date: Fri, 7 Apr 2023 19:45:41 +0200* doc/guix-cookbook.texi (Running Guix on a Kimsufi Server): New chapter. --- doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 241 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index b9fb916f4a..f28b3c8932 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -23,6 +23,7 @@ Copyright @copyright{} 2021 Joshua Branson@* Copyright @copyright{} 2022 Maxim Cournoyer@* Copyright @copyright{} 2023 Ludovic Courtès +Copyright @copyright{} 2023 Thomas Ieong Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -98,6 +99,7 @@ Top * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Running Guix on a Linode Server:: Running Guix on a Linode Server +* Running Guix on a Kimsufi Server:: Running Guix on a Kimsufi Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. * Setting up NGINX with Lua:: Configuring NGINX web-server to load Lua modules. @@ -1403,6 +1405,7 @@ System Configuration * Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Running Guix on a Linode Server:: Running Guix on a Linode Server +* Running Guix on a Kimsufi Server:: Running Guix on a Kimsufi Server * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor. * Setting up NGINX with Lua:: Configuring NGINX web-server to load Lua modules. @@ -2373,6 +2376,244 @@ Running Guix on a Linode Server down-size the Guix image to 6144MB, to save it as an image. Then you can resize it again to the max size. +@node Running Guix on a Kimsufi Server +@section Running Guix on a Kimsufi Server +@cindex kimsufi, Kimsufi, OVH + +To run Guix on a server hosted by @uref{https://www.kimsufi.com/, Kimsufi}, +click on the netboot tab then select rescue64-pro and restart. + +OVH will email you the credentials required to ssh into a Debian system. + +Now you can run the "install guix from @pxref{Binary Installation,,, guix, GNU Guix}" steps: + +@example +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh +chmod +x guix-install.sh +./guix-install.sh +guix pull +@end example + +Partition the drives and format them, first stop the raid array: + +@example +mdadm --stop /dev/md127 +mdadm --zero-superblock /dev/sda2 /dev/sdb2 +@end example + +Then wipe the disks and set up the partitions, we will create +a RAID 1 array. + +@example +wipefs -a /dev/sda +wipefs -a /dev/sdb + +parted /dev/sda --align=opt -s -m -- mklabel gpt +parted /dev/sda --align=opt -s -m -- \ + mkpart bios_grub 1049kb 512MiB \ + set 1 bios_grub on +parted /dev/sda --align=opt -s -m -- \ + mkpart primary 512MiB -512MiB + set 2 raid on +parted /dev/sda --align=opt -s -m -- mkpart primary linux-swap 512MiB 100% # Swap + +parted /dev/sdb --align=opt -s -m -- mklabel gpt +parted /dev/sdb --align=opt -s -m -- \ + mkpart bios_grub 1049kb 512MiB \ + set 1 bios_grub on +parted /dev/sdb --align=opt -s -m -- \ + mkpart primary 512MiB -512MiB \ + set 2 raid on +parted /dev/sdb --align=opt -s -m -- mkpart primary linux-swap 512MiB 100% # Swap +@end example + +Create the array: + +@example +mdadm --create /dev/md127 --level=1 --raid-disks=2 --metadata=0.90 /dev/sda2 /dev/sdb2 +@end example + +Now create file systems on the relevant partitions, first the boot partitions: + +@example +mkfs.ext4 /dev/sda1 +mkfs.ext4 /dev/sdb1 +@end example + +Then the root partition: + +@example +mkfs.ext4 /dev/md127 +@end example + +Initialize the swap partitions: + +@example +mkswap /dev/sda3 +swapon /dev/sda3 +mkswap /dev/sdb3 +swapon /dev/sdb3 +@end example + +Mount the guix drive: + +@example +mkdir /mnt/guix +mount /dev/md127 /mnt/guix +@end example + +Now is time to write an os.scm, here is a sample: + +@lisp +(use-modules (gnu) (guix)) +(use-service-modules networking ssh vpn virtualization sysctl admin mcron) +(use-package-modules ssh certs tls tmux vpn virtualization) + +(operating-system + (host-name "kimsufi") + (timezone "Etc/UTC") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets (list "/dev/sda" "/dev/sdb")) + (terminal-outputs '(console)))) + + ;; Add a kernel module for RAID-1 (aka. "mirror"). + (initrd-modules (cons* "raid1" %base-initrd-modules)) + + (mapped-devices + (list + (mapped-device + (source (list "/dev/sda2" "/dev/sdb2")) + (target "/dev/md127") + (type raid-device-mapping)))) + + (swap-devices + (list + (swap-space + (target "/dev/sda3")) + (swap-space + (target "/dev/sdb3")))) + + (issue + ;; Default contents for /etc/issue. + "\ +This is the GNU system at Kimsufi. Welcome.\n") + + (file-systems (cons* (file-system + (mount-point "/") + (device "/dev/md127") + (type "ext4") + (dependencies mapped-devices)) + %base-file-systems)) + + (users (cons (user-account + (name "guix") + (comment "guix") + (group "users") + (supplementary-groups '("wheel")) + (home-directory "/home/guix")) + %base-user-accounts)) + + (sudoers-file + (plain-file "sudoers" "\ +root ALL=(ALL) ALL +%wheel ALL=(ALL) ALL +guix ALL=(ALL) NOPASSWD:ALL\n")) + + + ;; Globally-installed packages. + (packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages)) + (services + (cons* + (service static-networking-service-type + (list (static-networking + (addresses (list (network-address + (device "enp3s0") + (value "REPLACE_ME/24")))) + (routes (list (network-route + (destination "default") + (gateway "REPLACE_ME")))) + (name-servers '("213.186.33.99"))))) + + (service unattended-upgrade-service-type) + + (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (permit-root-login #f) + (authorized-keys + (quasiquote + (("guix" (unquote (plain-file "REPLACE_ME.pub" "REPLACE_ME")))))))) + (modify-services %base-services + (sysctl-service-type config => + (sysctl-configuration + (settings (append '(("net.ipv6.conf.all.autoconf" . "0") + ("net.ipv6.conf.all.accept_ra" . "0")) + %default-sysctl-settings)))))))) +@end lisp + +Don't forget to replace the "REPLACE_ME" fields, they correspond respectively to the ip +address of your server, the gateway, the name of your ssh key and the content of your ssh public key. + +The gateway is the last usable ip in your block so if you have a server with an ip +of 37.187.79.10 then its gateway will be 37.187.79.254. + +Transfer your os.scm on the server via scp/sftp. + +Now all that is left is to install guix with a @code{guix system init} and restart. + +However we first need to set up a chroot. Why is that? Well the root partition +of the rescue system is mounted on an aufs partition and if you try to install Guix +it will fail at the grub install step complaining about the canonical path of "aufs". + +Install packages that will be used in the chroot: + +@example +guix install bash-static parted util-linux-with-udev coreutils guix +@end example + +Then run the following to create directories needed for the chroot: + +@example +cd /mnt || exit 1 +mkdir -p bin etc gnu/store root/.guix-profile/ root/.config/guix/current var/guix proc sys dev +@end example + +Copy our resolv.conf in our chroot: + +@example +cp /etc/resolv.conf etc/ +@end example + +Mount block devices, the store and its database and the current guix config: + +@example +mount --rbind /proc /mnt/proc +mount --rbind /sys /mnt/sys +mount --rbind /dev /mnt/dev +mount --rbind /var/guix/ var/guix/ +mount --rbind /gnu/store gnu/store/ +mount --rbind /root/.config/ root/.config/ +mount --rbind /root/.guix-profile/bin/ bin +mount --rbind /root/.guix-profile root/.guix-profile/ +@end example + +Chroot in /mnt and install the system: + +@example +chroot /mnt/ /bin/bash + +guix system init /root/os.scm /guix +@end example + +Finally from the web ui change netboot to boot to disk and restart (also from the web ui). + +Wait a couple of minutes and try to ssh with @code{ssh +guix@@@var{<your-server-IP-here>} -i @var{<path-to-your-ssh-key>}} + +Congratulations you should have a Guix system up and running on Kimsufi! + @node Setting up a bind mount @section Setting up a bind mount base-commit: 110dc3fde90de3b8f2c8dfe8d531c46d6f074145 -- 2.39.2
[Message part 3 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Thomas Ieong <th.ieong <at> free.fr> Cc: 62716-done <at> debbugs.gnu.org Subject: Re: bug#62716: [PATCH] gnu: Add a section to the cookbook. Date: Fri, 01 Sep 2023 23:13:03 -0400Hi! I've finally apply this series, applying some Texinfo polish here and there. Thanks for the recipe! -- Maxim
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.