Differences

This shows you the differences between two versions of the page.

--- manuals:distributions:guix [2023/12/19 21:04] – Add an example of an alternative configuration tomas.volf
+++ manuals:distributions:guix [2023/12/20 12:18] (current) – tomas.volf
@@ Line 32: / Line 32: @@
   * /gnu/store is not mounted with noatime flag.  This could lead to reproducibility issues.
-===== Alternative configuration =====
+===== Alternative configuration for guix deploy =====
 Slightly adjusted, single file, alternative configuration can be found below to be used as a starting point for your ''guix deploy'' setup.  It pretty much is just an amalgamation of the default setup into one file, with few tweaks here and there.  Differences are:
@@ Line 39: / Line 39: @@
   * No password authentication is allowed for ssh.
   * In a single file.
+  * Added parts for guix deploy
 <code scheme>
 (use-modules (gnu)
+             (gnu machine)
+             (gnu machine ssh)
              (gnu packages bash)
              (gnu packages certs)
@@ Line 151: / Line 154: @@
                                (rules '()))))))
+(define %signing-key
+  ;; Fill this with your local signing key (/etc/guix/signing-key.pub).
+  "...")
+(define %system
+  (operating-system
+    (host-name "guix")
+    ;; Servers usually use UTC regardless of the location.
+    (timezone "Etc/UTC")
+    (locale "en_US.utf8")
-(operating-system
+    (kernel %ct-dummy-kernel)
-  (host-name "guix")
+    (bootloader %ct-bootloader)
-  ;; Servers usually use UTC regardless of the location.
-  (timezone "Etc/UTC")
-  (locale "en_US.utf8")
-  (kernel %ct-dummy-kernel)
+    (firmware '())
-  (bootloader %ct-bootloader)
+    (initrd-modules '())
-  (firmware '())
+    (packages (cons* nss-certs
-  (initrd-modules '())
+                     %base-packages))
-  (packages (cons* nss-certs
+    (essential-services
-                   %base-packages))
+     (modify-services
+         (operating-system-default-essential-services this-operating-system)
+       (delete firmware-service-type)
+       (delete (service-kind %linux-bare-metal-service))))
-  (essential-services
+    (file-systems %ct-file-systems)
-   (modify-services (operating-system-default-essential-services this-operating-system)
-     (delete firmware-service-type)
-     (delete (service-kind %linux-bare-metal-service))))
-  (file-systems %ct-file-systems)
+    (services
+     (cons* (service openssh-service-type
+                     (openssh-configuration
+                      (openssh openssh-sans-x)
+                      (permit-root-login #t)
+                      ;; Only keys are allowed.
+                      (password-authentication? #f)))
+            (simple-service 'extra-authorized-keys guix-service-type
+                            (guix-extension
+                             (authorized-keys
+                              (list (plain-file "signing-key" %signing-key)))))
+            %ct-services))))
+;;; Set this to the SSH key of the machine.
+(define %host-key
+  "ssh-ed25519 ...")
+(define %machine
+  (machine
+   (operating-system %system)
+   (environment managed-host-environment-type)
+   (configuration (machine-ssh-configuration
+                   ;; Put the IP or host name here.
+                   (host-name "...")
+                   (system "x86_64-linux")
+                   (host-key %host-key)
+                   (allow-downgrades? #t)
+                   (safety-checks? #f)))))
+(list %machine)
-  (services (cons* (service openssh-service-type
-                            (openssh-configuration
-                             (openssh openssh-sans-x)
-                             (permit-root-login #t)
-                             ;; Only keys are allowed.
-                             (password-authentication? #f)))
-                   %ct-services)))
 </code>
+If you will go via the guix deploy route, you should likely delete the /etc/config directory to prevent any confusion.

Knowledge base

User Tools

Site Tools

Differences

Page Tools