Knowledge base

Information about vpsFree.org, manuals and FAQs.

User Tools

Site Tools

You are here: Knowledge Base of vpsFree.org » manuals » Linux Distros at vpsFree.cz » GNU Guix System
Trace: API vpsAdminOS What Do I Get as a Member? Everything About Membership Fees IP Address Replacement Using KVM on vpsFree.cz
manuals:distributions:guix

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
manuals:distributions:guix [2023/12/19 13:02] tomas.volfmanuals:distributions:guix [2023/12/20 12:18] (current) tomas.volf
Line 9: Line 9:
 The VPS is created from a template which contains a minimal system with SSH. The VPS is created from a template which contains a minimal system with SSH.
 You can log in with a generated password or deploy your public key using vpsAdmin. You can log in with a generated password or deploy your public key using vpsAdmin.
-The system can then be configured using ''guix system reconfigure''. Since our +The system can then be configured using ''guix system reconfigure''.
-VPS are containers, it is necessary to disable bootloader installation by adding +
-option ''--no-bootloader''.+
  
 System configuration is stored in directory ''/etc/config'': System configuration is stored in directory ''/etc/config'':
Line 22: Line 20:
 # guix pull # guix pull
 # hash guix # hash guix
-# guix system reconfigure --no-bootloader /etc/config/system.scm+# guix system reconfigure /etc/config/system.scm
 </code> </code>
 +
 +Networking is handled by /ifcfg.add script, which is generated by vpsadminos on every VPS restart.  The script is executed using vpsadminos-networking shepherd service.  Due to how dynamic the environment is (IPv6 route changes on every reboot), using static-networking-service-type is simply not possible.
  
 ===== Known issues ===== ===== Known issues =====
  
-  * Service ''vpsadminos-networking'' fails during system reconfiguration. The error is harmless, we intend to [[https://lists.vpsfree.cz/mailman3/hyperkitty/list/community-list@lists.vpsfree.cz/message/GW4PW5SIJDJBNFW3JFNB4AHWIHP2HKEV/|fix it]] when ''/run'' on tmpfs is [[https://issues.guix.gnu.org/64775|implemented]]. 
   * halt (graceful shutdown) has been observed to sometimes hang, please report in case it's still a problem.   * halt (graceful shutdown) has been observed to sometimes hang, please report in case it's still a problem.
   * cgroups v1 are not mounted. cgroups do not seem to be needed by the base system, contact us in case it's a problem for some service or submit a patch to the [[https://github.com/vpsfreecz/vpsadminos/tree/staging/image-scripts/images/guix|template]].   * cgroups v1 are not mounted. cgroups do not seem to be needed by the base system, contact us in case it's a problem for some service or submit a patch to the [[https://github.com/vpsfreecz/vpsadminos/tree/staging/image-scripts/images/guix|template]].
   * Hostname cannot be set using the vpsAdmin.   * Hostname cannot be set using the vpsAdmin.
-  * /gnu/store is not mounted with noatime flag.  That could lead to reproducibility issues.+  * /gnu/store is not mounted with noatime flag.  This could lead to reproducibility issues
 + 
 +===== Alternative configuration for guix deploy ===== 
 + 
 +Slightly adjusted, single file, alternative configuration can be found below to be used as a starting point for your ''guix deploy'' setup.  It pretty much is just an amalgamation of the default setup into one file, with few tweaks here and there.  Differences are: 
 + 
 +  * No dhcp-client-service-type, 'networking is handled directly by vpsadminos-networking service. 
 +  * No password authentication is allowed for ssh. 
 +  * In a single file. 
 +  * Added parts for guix deploy 
 + 
 +<code scheme> 
 +(use-modules (gnu) 
 +             (gnu machine) 
 +             (gnu machine ssh) 
 +             (gnu packages bash) 
 +             (gnu packages certs) 
 +             (gnu packages ssh) 
 +             (gnu services networking) 
 +             (gnu services shepherd) 
 +             (gnu services ssh) 
 +             (guix build-system trivial) 
 +             (guix packages) 
 +             (srfi srfi-1)) 
 + 
 +;;; The bootloader is not required.  This is running inside a container, and the 
 +;;; start menu is populated by parsing /var/guix/profiles.  However bootloader 
 +;;; is a mandatory field, and the typical grub-bootloader requires users to 
 +;;; always pass the --no-bootloader flag.  By providing this bootloader 
 +;;; configuration (it does not do anything, but installs fine), we remove the 
 +;;; need to remember to pass the flag.  At the cost of ~8MB in /boot. 
 +(define %ct-bootloader 
 +  (bootloader-configuration 
 +   ;; This one can be installed without efivars and without block device. 
 +   (bootloader grub-efi-netboot-removable-bootloader) 
 +   (targets '("/boot")))) 
 + 
 +;;; It seems any package can be passed as an kernel, so create empty one for 
 +;;; that purpose. 
 +(define %ct-dummy-kernel 
 +  (package 
 +    (name "dummy-kernel"
 +    (version "1"
 +    (source #f) 
 +    (build-system trivial-build-system) 
 +    (arguments 
 +     (list 
 +      #:builder #~(mkdir #$output))) 
 +    (synopsis "Dummy kernel"
 +    (description 
 +     "In container environment, the kernel is provided by the host.  However we 
 +still need to specify a kernel in the operating-system definition, hence this 
 +package."
 +    (home-page #f) 
 +    (license #f))) 
 + 
 +(define %ct-file-systems 
 +  (cons* (file-system                   ; Dummy rootfs 
 +           (device "/dev/null"
 +           (mount-point "/"
 +           (type "dummy")) 
 +         ;; Used by vpsadminos scripting.  Can go away once /run as a whole is 
 +         ;; on tmpfs. 
 +         (file-system 
 +           (device "none"
 +           (mount-point "/run/vpsadminos"
 +           (type "tmpfs"
 +           (check? #f) 
 +           (flags '(no-suid no-dev no-exec)) 
 +           (options "mode=0755"
 +           (create-mount-point? #t)) 
 +         (map (λ (fs) 
 +                (cond 
 +                 ;; %immutable-store is usually mounted with no-atime.  That 
 +                 ;; does not work in the vpsFree (causing the boot to hang), so 
 +                 ;; we need to delete the flag. 
 +                 ((eq? fs %immutable-store) 
 +                  (file-system 
 +                    (inherit fs) 
 +                    (flags (delete 'no-atime (file-system-flags fs))))) 
 +                 (else 
 +                  fs))) 
 +              (fold delete 
 +                    %base-file-systems 
 +                    (list 
 +                     ;; Already mounted by vpsadminos 
 +                     %pseudo-terminal-file-system 
 +                     ;; Cannot be mounted due to the permissions 
 +                     %debug-file-system 
 +                     %efivars-file-system))))) 
 + 
 +(define vpsadminos-networking 
 +  (shepherd-service 
 +   (requirement '(file-system-/run/vpsadminos)) 
 +   (provision '(vpsadminos-networking networking loopback)) 
 +   (documentation "Setup network on vpsAdminOS"
 +   (one-shot? #t) 
 +   (start #~(lambda _ (invoke #$(file-append bash "/bin/bash"
 +                              "-c"
 +[ -f  /run/vpsadminos/network ] && exit 0 
 +touch /run/vpsadminos/network 
 +\"$SHELL\" /ifcfg.add 
 +"))))) 
 + 
 +(define %ct-services 
 +  (cons* (service mingetty-service-type 
 +                  (mingetty-configuration 
 +                   (tty "console"))) 
 +         (simple-service 'vpsadminos-networking 
 +                         shepherd-root-service-type (list vpsadminos-networking)) 
 + 
 +         (modify-services %base-services 
 +           (delete console-font-service-type) 
 +           (delete agetty-service-type) 
 +           (delete mingetty-service-type) 
 +           (delete urandom-seed-service-type) 
 +           ;; loopback is configured by vpsadminos-networking 
 +           (delete static-networking-service-type) 
 +           ;; We need no rules. 
 +           (udev-service-type config => 
 +                              (udev-configuration 
 +                               (inherit config) 
 +                               (rules '())))))) 
 + 
 +(define %signing-key 
 +  ;; Fill this with your local signing key (/etc/guix/signing-key.pub). 
 +  "..."
 + 
 +(define %system 
 +  (operating-system 
 +    (host-name "guix"
 +    ;; Servers usually use UTC regardless of the location. 
 +    (timezone "Etc/UTC"
 +    (locale "en_US.utf8"
 + 
 +    (kernel %ct-dummy-kernel) 
 +    (bootloader %ct-bootloader) 
 + 
 +    (firmware '()) 
 +    (initrd-modules '()) 
 + 
 +    (packages (cons* nss-certs 
 +                     %base-packages)) 
 + 
 +    (essential-services 
 +     (modify-services 
 +         (operating-system-default-essential-services this-operating-system) 
 +       (delete firmware-service-type) 
 +       (delete (service-kind %linux-bare-metal-service)))) 
 + 
 +    (file-systems %ct-file-systems) 
 + 
 +    (services 
 +     (cons* (service openssh-service-type 
 +                     (openssh-configuration 
 +                      (openssh openssh-sans-x) 
 +                      (permit-root-login #t) 
 +                      ;; Only keys are allowed. 
 +                      (password-authentication? #f))) 
 +            (simple-service 'extra-authorized-keys guix-service-type 
 +                            (guix-extension 
 +                             (authorized-keys 
 +                              (list (plain-file "signing-key" %signing-key))))) 
 +            %ct-services)))) 
 + 
 +;;; Set this to the SSH key of the machine. 
 +(define %host-key 
 +  "ssh-ed25519 ..."
 + 
 +(define %machine 
 +  (machine 
 +   (operating-system %system) 
 +   (environment managed-host-environment-type) 
 +   (configuration (machine-ssh-configuration 
 +                   ;; Put the IP or host name here. 
 +                   (host-name "..."
 +                   (system "x86_64-linux"
 +                   (host-key %host-key) 
 +                   (allow-downgrades? #t) 
 +                   (safety-checks? #f))))) 
 + 
 +(list %machine) 
 + 
 +</code> 
 + 
 +If you will go via the guix deploy route, you should likely delete the /etc/config directory to prevent any confusion.
manuals/distributions/guix.1702990966.txt.gz · Last modified: 2023/12/19 13:02 by tomas.volf

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki