Knowledge base

Information about vpsFree.org, manuals and FAQs.

User Tools

Site Tools

You are here: Knowledge Base of vpsFree.org » manuals » Linux Distros at vpsFree.cz » GNU Guix System
Trace: API What Do I Get as a Member? IP Addresses GNU Guix System Where to Report Bugs and Send in Ideas for Improvement vpsAdminOS Everything About Membership Fees
manuals:distributions:guix

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
manuals:distributions:guix [2023/09/06 19:15] – known issue with vpsadminos-networking Aithermanuals:distributions:guix [2023/12/20 12:18] (current) tomas.volf
Line 9: Line 9:
 The VPS is created from a template which contains a minimal system with SSH. The VPS is created from a template which contains a minimal system with SSH.
 You can log in with a generated password or deploy your public key using vpsAdmin. You can log in with a generated password or deploy your public key using vpsAdmin.
-The system can then be configured using ''guix system reconfigure''. Since our +The system can then be configured using ''guix system reconfigure''.
-VPS are containers, it is necessary to disable bootloader installation by adding +
-option ''--no-bootloader''.+
  
 System configuration is stored in directory ''/etc/config'': System configuration is stored in directory ''/etc/config'':
Line 22: Line 20:
 # guix pull # guix pull
 # hash guix # hash guix
-# guix system reconfigure --no-bootloader /etc/config/system.scm+# guix system reconfigure /etc/config/system.scm
 </code> </code>
 +
 +Networking is handled by /ifcfg.add script, which is generated by vpsadminos on every VPS restart.  The script is executed using vpsadminos-networking shepherd service.  Due to how dynamic the environment is (IPv6 route changes on every reboot), using static-networking-service-type is simply not possible.
  
 ===== Known issues ===== ===== Known issues =====
  
-  * Service ''vpsadminos-networking'' fails during system reconfiguration. The error is harmless, we intend to [[https://lists.vpsfree.cz/mailman3/hyperkitty/list/community-list@lists.vpsfree.cz/message/GW4PW5SIJDJBNFW3JFNB4AHWIHP2HKEV/|fix it]] when ''/run'' on tmpfs is [[https://issues.guix.gnu.org/64775|implemented]]. 
   * halt (graceful shutdown) has been observed to sometimes hang, please report in case it's still a problem.   * halt (graceful shutdown) has been observed to sometimes hang, please report in case it's still a problem.
   * cgroups v1 are not mounted. cgroups do not seem to be needed by the base system, contact us in case it's a problem for some service or submit a patch to the [[https://github.com/vpsfreecz/vpsadminos/tree/staging/image-scripts/images/guix|template]].   * cgroups v1 are not mounted. cgroups do not seem to be needed by the base system, contact us in case it's a problem for some service or submit a patch to the [[https://github.com/vpsfreecz/vpsadminos/tree/staging/image-scripts/images/guix|template]].
 +  * Hostname cannot be set using the vpsAdmin.
 +  * /gnu/store is not mounted with noatime flag.  This could lead to reproducibility issues.
 +
 +===== Alternative configuration for guix deploy =====
 +
 +Slightly adjusted, single file, alternative configuration can be found below to be used as a starting point for your ''guix deploy'' setup.  It pretty much is just an amalgamation of the default setup into one file, with few tweaks here and there.  Differences are:
 +
 +  * No dhcp-client-service-type, 'networking is handled directly by vpsadminos-networking service.
 +  * No password authentication is allowed for ssh.
 +  * In a single file.
 +  * Added parts for guix deploy
 +
 +<code scheme>
 +(use-modules (gnu)
 +             (gnu machine)
 +             (gnu machine ssh)
 +             (gnu packages bash)
 +             (gnu packages certs)
 +             (gnu packages ssh)
 +             (gnu services networking)
 +             (gnu services shepherd)
 +             (gnu services ssh)
 +             (guix build-system trivial)
 +             (guix packages)
 +             (srfi srfi-1))
 +
 +;;; The bootloader is not required.  This is running inside a container, and the
 +;;; start menu is populated by parsing /var/guix/profiles.  However bootloader
 +;;; is a mandatory field, and the typical grub-bootloader requires users to
 +;;; always pass the --no-bootloader flag.  By providing this bootloader
 +;;; configuration (it does not do anything, but installs fine), we remove the
 +;;; need to remember to pass the flag.  At the cost of ~8MB in /boot.
 +(define %ct-bootloader
 +  (bootloader-configuration
 +   ;; This one can be installed without efivars and without block device.
 +   (bootloader grub-efi-netboot-removable-bootloader)
 +   (targets '("/boot"))))
 +
 +;;; It seems any package can be passed as an kernel, so create empty one for
 +;;; that purpose.
 +(define %ct-dummy-kernel
 +  (package
 +    (name "dummy-kernel")
 +    (version "1")
 +    (source #f)
 +    (build-system trivial-build-system)
 +    (arguments
 +     (list
 +      #:builder #~(mkdir #$output)))
 +    (synopsis "Dummy kernel")
 +    (description
 +     "In container environment, the kernel is provided by the host.  However we
 +still need to specify a kernel in the operating-system definition, hence this
 +package.")
 +    (home-page #f)
 +    (license #f)))
 +
 +(define %ct-file-systems
 +  (cons* (file-system                   ; Dummy rootfs
 +           (device "/dev/null")
 +           (mount-point "/")
 +           (type "dummy"))
 +         ;; Used by vpsadminos scripting.  Can go away once /run as a whole is
 +         ;; on tmpfs.
 +         (file-system
 +           (device "none")
 +           (mount-point "/run/vpsadminos")
 +           (type "tmpfs")
 +           (check? #f)
 +           (flags '(no-suid no-dev no-exec))
 +           (options "mode=0755")
 +           (create-mount-point? #t))
 +         (map (λ (fs)
 +                (cond
 +                 ;; %immutable-store is usually mounted with no-atime.  That
 +                 ;; does not work in the vpsFree (causing the boot to hang), so
 +                 ;; we need to delete the flag.
 +                 ((eq? fs %immutable-store)
 +                  (file-system
 +                    (inherit fs)
 +                    (flags (delete 'no-atime (file-system-flags fs)))))
 +                 (else
 +                  fs)))
 +              (fold delete
 +                    %base-file-systems
 +                    (list
 +                     ;; Already mounted by vpsadminos
 +                     %pseudo-terminal-file-system
 +                     ;; Cannot be mounted due to the permissions
 +                     %debug-file-system
 +                     %efivars-file-system)))))
 +
 +(define vpsadminos-networking
 +  (shepherd-service
 +   (requirement '(file-system-/run/vpsadminos))
 +   (provision '(vpsadminos-networking networking loopback))
 +   (documentation "Setup network on vpsAdminOS")
 +   (one-shot? #t)
 +   (start #~(lambda _ (invoke #$(file-append bash "/bin/bash")
 +                              "-c" "
 +[ -f  /run/vpsadminos/network ] && exit 0
 +touch /run/vpsadminos/network
 +\"$SHELL\" /ifcfg.add
 +")))))
 +
 +(define %ct-services
 +  (cons* (service mingetty-service-type
 +                  (mingetty-configuration
 +                   (tty "console")))
 +         (simple-service 'vpsadminos-networking
 +                         shepherd-root-service-type (list vpsadminos-networking))
 +
 +         (modify-services %base-services
 +           (delete console-font-service-type)
 +           (delete agetty-service-type)
 +           (delete mingetty-service-type)
 +           (delete urandom-seed-service-type)
 +           ;; loopback is configured by vpsadminos-networking
 +           (delete static-networking-service-type)
 +           ;; We need no rules.
 +           (udev-service-type config =>
 +                              (udev-configuration
 +                               (inherit config)
 +                               (rules '()))))))
 +
 +(define %signing-key
 +  ;; Fill this with your local signing key (/etc/guix/signing-key.pub).
 +  "...")
 +
 +(define %system
 +  (operating-system
 +    (host-name "guix")
 +    ;; Servers usually use UTC regardless of the location.
 +    (timezone "Etc/UTC")
 +    (locale "en_US.utf8")
 +
 +    (kernel %ct-dummy-kernel)
 +    (bootloader %ct-bootloader)
 +
 +    (firmware '())
 +    (initrd-modules '())
 +
 +    (packages (cons* nss-certs
 +                     %base-packages))
 +
 +    (essential-services
 +     (modify-services
 +         (operating-system-default-essential-services this-operating-system)
 +       (delete firmware-service-type)
 +       (delete (service-kind %linux-bare-metal-service))))
 +
 +    (file-systems %ct-file-systems)
 +
 +    (services
 +     (cons* (service openssh-service-type
 +                     (openssh-configuration
 +                      (openssh openssh-sans-x)
 +                      (permit-root-login #t)
 +                      ;; Only keys are allowed.
 +                      (password-authentication? #f)))
 +            (simple-service 'extra-authorized-keys guix-service-type
 +                            (guix-extension
 +                             (authorized-keys
 +                              (list (plain-file "signing-key" %signing-key)))))
 +            %ct-services))))
 +
 +;;; Set this to the SSH key of the machine.
 +(define %host-key
 +  "ssh-ed25519 ...")
 +
 +(define %machine
 +  (machine
 +   (operating-system %system)
 +   (environment managed-host-environment-type)
 +   (configuration (machine-ssh-configuration
 +                   ;; Put the IP or host name here.
 +                   (host-name "...")
 +                   (system "x86_64-linux")
 +                   (host-key %host-key)
 +                   (allow-downgrades? #t)
 +                   (safety-checks? #f)))))
 +
 +(list %machine)
 +
 +</code>
  
 +If you will go via the guix deploy route, you should likely delete the /etc/config directory to prevent any confusion.
manuals/distributions/guix.1694027727.txt.gz · Last modified: 2023/09/06 19:15 by Aither

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki