This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
manuals:distributions:guix [2023/12/19 20:04] – tomas.volf | manuals:distributions:guix [2023/12/20 12:18] (current) – tomas.volf | ||
---|---|---|---|
Line 31: | Line 31: | ||
* Hostname cannot be set using the vpsAdmin. | * Hostname cannot be set using the vpsAdmin. | ||
* /gnu/store is not mounted with noatime flag. This could lead to reproducibility issues. | * /gnu/store is not mounted with noatime flag. This could lead to reproducibility issues. | ||
+ | |||
+ | ===== Alternative configuration for guix deploy ===== | ||
+ | |||
+ | Slightly adjusted, single file, alternative configuration can be found below to be used as a starting point for your '' | ||
+ | |||
+ | * No dhcp-client-service-type, | ||
+ | * No password authentication is allowed for ssh. | ||
+ | * In a single file. | ||
+ | * Added parts for guix deploy | ||
+ | |||
+ | <code scheme> | ||
+ | (use-modules (gnu) | ||
+ | (gnu machine) | ||
+ | (gnu machine ssh) | ||
+ | (gnu packages bash) | ||
+ | (gnu packages certs) | ||
+ | (gnu packages ssh) | ||
+ | (gnu services networking) | ||
+ | (gnu services shepherd) | ||
+ | (gnu services ssh) | ||
+ | (guix build-system trivial) | ||
+ | (guix packages) | ||
+ | (srfi srfi-1)) | ||
+ | |||
+ | ;;; The bootloader is not required. | ||
+ | ;;; start menu is populated by parsing / | ||
+ | ;;; is a mandatory field, and the typical grub-bootloader requires users to | ||
+ | ;;; always pass the --no-bootloader flag. By providing this bootloader | ||
+ | ;;; configuration (it does not do anything, but installs fine), we remove the | ||
+ | ;;; need to remember to pass the flag. At the cost of ~8MB in /boot. | ||
+ | (define %ct-bootloader | ||
+ | (bootloader-configuration | ||
+ | ;; This one can be installed without efivars and without block device. | ||
+ | | ||
+ | | ||
+ | |||
+ | ;;; It seems any package can be passed as an kernel, so create empty one for | ||
+ | ;;; that purpose. | ||
+ | (define %ct-dummy-kernel | ||
+ | (package | ||
+ | (name " | ||
+ | (version " | ||
+ | (source #f) | ||
+ | (build-system trivial-build-system) | ||
+ | (arguments | ||
+ | (list | ||
+ | #:builder #~(mkdir #$output))) | ||
+ | (synopsis "Dummy kernel" | ||
+ | (description | ||
+ | " | ||
+ | still need to specify a kernel in the operating-system definition, hence this | ||
+ | package." | ||
+ | (home-page #f) | ||
+ | (license #f))) | ||
+ | |||
+ | (define %ct-file-systems | ||
+ | (cons* (file-system | ||
+ | | ||
+ | | ||
+ | (type " | ||
+ | ;; Used by vpsadminos scripting. | ||
+ | ;; on tmpfs. | ||
+ | | ||
+ | | ||
+ | | ||
+ | (type " | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | (map (λ (fs) | ||
+ | (cond | ||
+ | ;; %immutable-store is usually mounted with no-atime. | ||
+ | ;; does not work in the vpsFree (causing the boot to hang), so | ||
+ | ;; we need to delete the flag. | ||
+ | ((eq? fs %immutable-store) | ||
+ | (file-system | ||
+ | (inherit fs) | ||
+ | (flags (delete ' | ||
+ | (else | ||
+ | fs))) | ||
+ | (fold delete | ||
+ | %base-file-systems | ||
+ | (list | ||
+ | ;; Already mounted by vpsadminos | ||
+ | | ||
+ | ;; Cannot be mounted due to the permissions | ||
+ | | ||
+ | | ||
+ | |||
+ | (define vpsadminos-networking | ||
+ | (shepherd-service | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | " | ||
+ | [ -f / | ||
+ | touch / | ||
+ | \" | ||
+ | "))))) | ||
+ | |||
+ | (define %ct-services | ||
+ | (cons* (service mingetty-service-type | ||
+ | (mingetty-configuration | ||
+ | (tty " | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | ;; loopback is configured by vpsadminos-networking | ||
+ | | ||
+ | ;; We need no rules. | ||
+ | | ||
+ | (udev-configuration | ||
+ | | ||
+ | | ||
+ | |||
+ | (define %signing-key | ||
+ | ;; Fill this with your local signing key (/ | ||
+ | " | ||
+ | |||
+ | (define %system | ||
+ | (operating-system | ||
+ | (host-name " | ||
+ | ;; Servers usually use UTC regardless of the location. | ||
+ | (timezone " | ||
+ | (locale " | ||
+ | |||
+ | (kernel %ct-dummy-kernel) | ||
+ | (bootloader %ct-bootloader) | ||
+ | |||
+ | (firmware '()) | ||
+ | (initrd-modules '()) | ||
+ | |||
+ | (packages (cons* nss-certs | ||
+ | | ||
+ | |||
+ | (essential-services | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | (file-systems %ct-file-systems) | ||
+ | |||
+ | (services | ||
+ | | ||
+ | | ||
+ | (openssh openssh-sans-x) | ||
+ | (permit-root-login #t) | ||
+ | ;; Only keys are allowed. | ||
+ | (password-authentication? | ||
+ | (simple-service ' | ||
+ | (guix-extension | ||
+ | | ||
+ | (list (plain-file " | ||
+ | %ct-services)))) | ||
+ | |||
+ | ;;; Set this to the SSH key of the machine. | ||
+ | (define %host-key | ||
+ | " | ||
+ | |||
+ | (define %machine | ||
+ | (machine | ||
+ | | ||
+ | | ||
+ | | ||
+ | ;; Put the IP or host name here. | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | (list %machine) | ||
+ | |||
+ | </ | ||
+ | |||
+ | If you will go via the guix deploy route, you should likely delete the /etc/config directory to prevent any confusion. |