Re: Installing Guix on Linode: a how-to

[jbranso]

Ok I sent it to guix-patches.

https://lists.gnu.org/archive/html/guix-patches/2020-07/msg00294.html

July 10, 2020 6:17 PM, jbranso@dismail.de wrote:

> I will volunteer to add this to the guix cookbook. If I don't send a patch in 
> a week or so, then
> that means I got lazy and decided not to do it.
> 
> July 8, 2020 7:57 PM, "Gary Johnson" <lambdatronic@disroot.org> wrote:
> 
>> Can someone add this tutorial to the Guix Cookbook? I've been wondering
>> about how to do this for some time now, and it would be great to have it
>> saved somewhere obvious like that for future reference.
>> 
>> Thanks,
>> Gary
>> 
>> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
>> 
>>> Hi! I finally got Guix running on Linode! I'm excited about it!
>>> Here's the process (thanks to jackhill on freenode for helping me figure
>>> out all the stuff involving the bootloader!). It's very bullet-point'y,
>>> but here's the steps I took:
>>> 
>>> - Start with a Debian (or whatever) server. Be sure to add your ssh
>>> key for easy login. We'll be using the default distro as a way to
>>> bootstrap Guix.
>>> - Power it down.
>>> - In the Disks/Configurations tab, resize the Debian disk to be
>>> smaller, maybe 30GB or something.
>>> - "Add a disk", with the following:
>>> - Label: "Guix"
>>> - Filesystem: ext4
>>> - Set it to the remaining size
>>> - Next to the "configuration" that comes with the default image,
>>> press "..." and select "Edit", then on that menu add to
>>> /dev/sdc the "Guix" label
>>> - Now "Add a Configuration", with the following:
>>> - Label: Guix
>>> - VM Mode: Paravirtualization (the default?? don't know if this matters)
>>> - Kernel: Grub 2 (it's at the bottom! This step is *IMPORTANT*)
>>> - Block device assignment:
>>> - /dev/sda: Guix
>>> - /dev/sdb: swap
>>> - Root device: /dev/sda
>>> - Turn off all the filesystem/boot helpers
>>> - Now power it back up, picking the Debian configuration
>>> - Once it's booted up, ssh root@<your-server-ip-here>
>>> - Run the "install guix form binary installer" steps:
>>> - $ sudo apt-get install gpg
>>> - $ wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg 
>>> --import -
>>> - $ wget 
>>> https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
>>> - $ chmod +x guix-install.sh
>>> - $ ./guix-install.sh
>>> - $ guix pull
>>> 
>>> - Now it's time to write out a config for the server. The key stuff is
>>> below, save as guix-config.scm:
>>> 
>>> #+BEGIN_SRC scheme
>>> (use-modules (gnu)
>>> (guix modules))
>>> (use-service-modules networking
>>> ssh)
>>> (use-package-modules admin
>>> certs
>>> package-management
>>> ssh
>>> tls)
>>> 
>>> (operating-system
>>> (host-name "my-server")
>>> (timezone "America/New_York")
>>> (locale "en_US.UTF-8")
>>> ;; This goofy code will generate the grub.cfg
>>> ;; without installing the grub bootloader on disk.
>>> (bootloader (bootloader-configuration
>>> (bootloader
>>> (bootloader
>>> (inherit grub-bootloader)
>>> (installer #~(const #t))))))
>>> (file-systems (cons (file-system
>>> (device "/dev/sda")
>>> (mount-point "/")
>>> (type "ext4"))
>>> %base-file-systems))
>>> 
>>> (initrd-modules (cons "virtio_scsi" ; Needed to find the disk
>>> %base-initrd-modules))
>>> 
>>> (users (cons (user-account
>>> (name "janedoe")
>>> (group "users")
>>> ;; Adding the account to the "wheel" group
>>> ;; makes it a sudoer.
>>> (supplementary-groups '("wheel"))
>>> (home-directory "/home/janedoe"))
>>> %base-user-accounts))
>>> 
>>> (packages (cons* nss-certs ;for HTTPS access
>>> openssh-sans-x
>>> %base-packages))
>>> 
>>> (services (cons*
>>> (service dhcp-client-service-type)
>>> (service openssh-service-type
>>> (openssh-configuration
>>> (openssh openssh-sans-x)
>>> (password-authentication? #f)
>>> (authorized-keys
>>> `(("janedoe" ,(local-file "janedoe_rsa.pub"))
>>> ;; Is this a good idea? Well if you don't add it
>>> ;; you have to manually set your user's password
>>> ;; via the glish console...
>>> ("root" ,(local-file "janedoe_rsa.pub"))))))
>>> %base-services)))
>>> #+END_SRC
>>> 
>>> - Replace the following fields in the above configuration:
>>> - (host-name "my-server") ; replace with your server name
>>> - (name "janedoe") ; replace with your username
>>> - ("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
>>> - Note the same above for root, which I don't feel great about, but
>>> otherwise you'll need to log in via the linode "glish" console to
>>> log in as root and set the user's initial password before you can
>>> start using sudo (is there another way around this?)
>>> 
>>> - Save your ssh public key (~/.ssh/id_rsa.pub) as
>>> <your-username-here>_rsa.pub or whatever in the same directory
>>> 
>>> - Mount the guix drive:
>>> $ mkdir /mnt/guix
>>> $ mount /dev/sdc /mnt/guix
>>> 
>>> - Due to the way we set things up above, we don't install Grub
>>> completely, just our grub configuration file. So we need to copy
>>> over some of the other Grub stuff that's already there:
>>> $ mkdir -p /mnt/guix/boot/grub
>>> $ cp -r /boot/grub/* /mnt/guix/boot/grub/
>>> 
>>> - Now initialize the Guix installation:
>>> $ guix system init guix-config.scm /mnt/guix
>>> 
>>> - Ok, power it down!
>>> - Now from the linode console, select boot and select "Guix"
>>> 
>>> - Once it boots, you should be able to log in via ssh! (The server
>>> config will have changed though.)
>>> 
>>> - Be sure to set your password and root's password.
>>> 
>>> - Horray! At this point you can shut down the server, delete the
>>> Debian disk, and resize the Guix to the rest of the size.
>>> Congratulations!
>>> 
>>> BTW, if you save it as a disk image right at this point, you'll have an
>>> easy time spinning up new Guix images!
>>> 
>>> Let me know if this guide helps you!
>> 
>> --
>> GPG Key ID: 7BC158ED
>> Use `gpg --search-keys lambdatronic' to find me
>> Protect yourself from surveillance: https://emailselfdefense.fsf.org
>> =======================================================================
>> () ascii ribbon campaign - against html e-mail
>> /\ www.asciiribbon.org - against proprietary attachments
>> 
>> Please avoid sending me MS-Office attachments.
>> See http://www.gnu.org/philosophy/no-word-attachments.html