rekahsoft
/
guix-machines
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor guix deploy machines specifications directly into channel 

* channels-{vms,manual}.scm: Removed in preference of channel wide channels.scm
* README.org: Update various deployment proceedures given that moving forward
operating-system configurations will be self-contained within this channel
* .guix/rekahsoft/guix-config/vms/cloud0-home-rekahsoft-ca.scm: Include public machine record
for instance, refactored from deploy/*.scm
* .guix/rekahsoft/guix-config/vms/grocy0-home-rekahsoft-ca.scm:
* .guix/rekahsoft/guix-config/vms/guix-ci0-home-rekahsoft-ca.scm:
* .guix/rekahsoft/guix-config/vms/vault0-home-rekahsoft-ca.scm:
* deploy/cloud0-home-rekahsoft-ca.scm: Directly reference machine from channel instead of
declaring it here
* deploy/grocy0-home-rekahsoft-ca.scm:
* deploy/guix-ci0-home-rekahsoft-ca.scm:
* deploy/vault0-home-rekahsoft-ca.scm:
This commit is contained in:
Collin J. Doering 2022-03-22 18:39:06 -04:00
parent 0762dab584
commit b9da145c33
Signed by: rekahsoft
GPG Key ID: 7B4DEB93212B3022
12 changed files with 165 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.guix/rekahsoft/guix-config/vms/cloud0-home-rekahsoft-ca.scm
View File

@ -1,13 +1,14 @@
(define-module (rekahsoft guix-config vms cloud0-home-rekahsoft-ca)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu machine)
#:use-module (gnu packages docker)
#:use-module (gnu packages shells)
#:use-module (gnu packages storage)
#:use-module (gnu services docker)
#:use-module (gnu services shepherd)
#:use-module (rekahsoft guix-config proxmox-vm-lvm-minimal)
#:export (system))
#:export (system machine))
(define base-system (proxmox-vm-lvm-minimal "cloud0"))
@ -62,3 +63,15 @@
(list (service docker-service-type)
cephfs-service)
%proxmox-vm-lvm-minimal-services))))
(define machine
(machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "cloud0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwGi4YmUyLgpmFxJzGQF5Ju7CL8d2Wa2VtHMZGms0KO root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))

15
.guix/rekahsoft/guix-config/vms/grocy0-home-rekahsoft-ca.scm
View File

@ -1,10 +1,11 @@
(define-module (rekahsoft guix-config vms grocy0-home-rekahsoft-ca)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu machine)
#:use-module (gnu packages shells)
#:use-module (gnu services docker)
#:use-module (rekahsoft guix-config proxmox-vm-lvm-minimal)
#:export (system))
#:export (system machine))
(define base-system (proxmox-vm-lvm-minimal "grocy0"))
@ -30,3 +31,15 @@
(append
(list (service docker-service-type))
%proxmox-vm-lvm-minimal-services))))
(define machine
(machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "grocy0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSMBcmFdlDI/JKOBC/RRJh2VM0MY45o684OXaTQ3fGm root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))

15
.guix/rekahsoft/guix-config/vms/guix-ci0-home-rekahsoft-ca.scm
View File

@ -1,12 +1,13 @@
(define-module (rekahsoft guix-config vms guix-ci0-home-rekahsoft-ca)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu machine)
#:use-module (gnu packages shells)
#:use-module (gnu services base)
#:use-module (gnu services cuirass)
#:use-module (gnu services web)
#:use-module (rekahsoft guix-config proxmox-vm-lvm-minimal)
#:export (system))
#:export (system machine))
(define base-system (proxmox-vm-lvm-minimal "guix-ci0"))
@ -324,3 +325,15 @@ PUBLISH-URL."
)
)"))
(guix-configuration-authorized-keys config))))))))))
(define machine
(machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "guix-ci0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrv3Ygq47GYt5jYiNPUhvIDOOl4H17Z/abMvA1l/xkj root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))

15
.guix/rekahsoft/guix-config/vms/vault0-home-rekahsoft-ca.scm
View File

@ -1,10 +1,11 @@
(define-module (rekahsoft guix-config vms vault0-home-rekahsoft-ca)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu machine)
#:use-module (gnu packages shells)
#:use-module (gnu services docker)
#:use-module (rekahsoft guix-config proxmox-vm-lvm-minimal)
#:export (system))
#:export (system machine))
(define base-system (proxmox-vm-lvm-minimal "vault0"))
@ -25,3 +26,15 @@
(append
(list (service docker-service-type))
%proxmox-vm-lvm-minimal-services))))
(define machine
(machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "vault0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwGi4YmUyLgpmFxJzGQF5Ju7CL8d2Wa2VtHMZGms0KO root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))

93
README.org
View File

@ -13,8 +13,8 @@ deployment methodologies are supported:
1. A push based model, using ~guix deploy~[fn:1] to remotely deploy changes (useful for example
from ci/cd).
2. A pull based model, using ~guix~ along with this repository directly from the target
machine.
2. A pull based model, using ~guix~ directly from the target, along with either the entire
repository, or its channel file.
Immutable deployment is not yet supported, but is certainly possible given Guix's ability to
build an ~operating-system~ configuration into a image.
@ -47,23 +47,9 @@ Guix channels[fn:5] allow for Guix to be customized and extended. They are also
replicating a Guix system[fn:6]. As mentioned above, there are two primary classes of
deployments that are managed using this repository, push based and pull based. In both cases,
what specific versions of software that will be installed during deployment depends on the
guix channels in use. To ensure reproducibility, ~channel*.scm~ files are provided in this
repository that are expected to be used during deployment. However, multiple channel files
are provided as it makes sense to lock software versions across different sets of machines in
varying ways. For example, there is value in using the same channel file (and thus, same
software versions) across all virtual machines running on my home hypervisor cluster, but
there is no reason to explicitly lock my personal machines to the same software versions.
Further, cases could arise where my personal computer configuration/s or server
configuration/s need to be pinned to a specific set of software versions, and thus require a
individual channel file.
Though supporting a channel file per machine is possible, it would cause additional
maintenance overhead. So instead, two channel files are provided, that correspond to the two
classes of machines that are managed.
- ~channels-vms.scm~ :: Channel file used for push based deployments to vm's running on my
home hypervisor cluster
- ~channels-manual.scm~ :: Channel file used for pull based deployments of personal computers
guix channels in use. To ensure reproducibility, a ~channels.scm~ file is provided in this
repository that is expected to be used during deployment. It pins external guix channels to
specific versions.
If for some reason channels need to be pinned for a specific deployment, a new channel file
named ~channels-<hostname>.scm~ can be created and used in place of normally used channel
@ -74,15 +60,16 @@ file.
**This doesn't work right unless your channels match what is expected by this repository.**
#+begin_src shell
guix time-machine -- describe -f channels > channels-vms.scm
guix time-machine -- describe -f channels > channels.scm
#+end_src
** ~guix-machines~ the Guix Channel
This repository is itself a Guix channel, which facilitates CI, allowing for changes to it to
be evaluated by Cuirass at [[https://guix-ci.home.rekahsoft.ca]] (only available in my internal
home-network). This channel is not intended to be used directly from guix systems as it
doesn't provide any packages.
This repository is itself a Guix channel, which allows operating-system configurations to
come directly from the channel, and the version of this configuration be managed just like
any other guix channel. It also facilitates CI, allowing for changes this channel be
evaluated by Cuirass at [[https://guix-ci.home.rekahsoft.ca]][fn:7]. This channel does not define
any packages, only system configurations and machine specifications for deployment.
At a later date, this also will allow for building of machine images for immutable
deployment, bootstrapping and more.
@ -93,10 +80,16 @@ Push based mutable deployment is the default deployment methodology for the majo
systems managed by this repository. This is particularity safe because Guix changes are done
as transactions, and thus can easily be rolled back.
To deploy a system use the following (substituting ~<hostname>~ with the appropriate deploy
file).
#+begin_src shell
guix time-machine -C channels-vms.scm -- deploy -L ./.guix deploy/<vm-hostname>.scm
guix time-machine -C channels.scm -- deploy deploy/<hostname>.scm
#+end_src
**Note:** Deploy files in [[./deploy]] are named after the hostname that would be used to ssh to
the machine.
* Pull Based Deployment
Pull based mutable deployment is the default deployment methodology for personal computers,
@ -104,32 +97,66 @@ where using a push based method doesn't make sense. It also serves as a secondar
mechanism for systems normally maintained using the push deployment model; for example, this
becomes necessary when facing ~guix deploy~ bugs.
To manually deploy from the target, first the contents of this repository must be transferred
to the target machine. The easiest way to do this is via git, from the target like so.
First, fetch the most recent channel file from the target machine.
#+begin_src shell
git clone https://git.home.rekahsoft.ca/rekahsoft-public/guix-machines.git
curl -O https://git.home.rekahsoft.ca/rekahsoft-public/guix-machines/raw/branch/master/channels.scm
#+end_src
Once this repository is on the target, pull the [[*Guix Channel Files][appropriate channels]] as root.
Once the channel file is available on the target, update guix to use these channels.
#+begin_src shell
sudo -i guix pull -C $(realpath channels-<vms|manual>.scm)
sudo -i guix pull -C $(realpath channels.scm)
#+end_src
Once channels have been updated successfully, use the following to reconfigure the system.
#+begin_src shell
sudo -i guix system reconfigure -L $(realpath .guix) -e '(@ (rekahsoft guix-config <vms|manual> <target>) system)'
sudo -i guix system reconfigure -e '(@ (rekahsoft guix-config <vms|manual> <target>) system)'
#+end_src
Alternatively, the same effect can be achieved without first pulling the appropriate channels
by instead using ~guix time-machine~ as follows.
#+begin_src shell
sudo -i guix time-machine -C $(realpath channels-<vms|manual>.scm) -- system reconfigure -L $(realpath .guix) -e '(@ (rekahsoft guix-config <vms|manual> <target>) system)'
sudo -i guix time-machine -C $(realpath channels.scm) -- system reconfigure -e '(@ (rekahsoft guix-config <vms|manual> <target>) system)'
#+end_src
* Using Local Sources
Regardless of the deployment methodology used, sometimes it is useful to deploy changes that
have not yet been committed. This should be done sparingly, as it can be slightly confusing
if forgotten; that being said, Guix makes this a semi-reasonable thing to do, as how the
system changes is tracked very explicitly by guix generations local to the target.
To manually deploy using local sources, the local sources must exist on the working machine
(of course). The easiest way to do this is via git, from the working machine like so.
#+begin_src shell
git clone https://git.home.rekahsoft.ca/rekahsoft-public/guix-machines.git
#+end_src
Once a copy of the sources are available on the working machine, all that remains is
following the normal deployment steps, but with a slight modification; use the
~-l|--load-path~ argument to specify the current working sources, effectively overriding what
is in the ~guix-machines~ channel.
** Push Based Deployments
#+begin_src shell
guix time-machine -C channels.scm -- deploy -L ./.guix deploy/<hostname>.scm
#+end_src
See the [[*Push Deployment with ~guix deploy~][Push Deployment with ~guix deploy~]] section for more details.
** Pull Based Deployments
#+begin_src shell
sudo -i guix time-machine -C $(realpath channels.scm) -- system reconfigure -L $(realpath ./.guix) -e '(@ (rekahsoft guix-config <vms|manual> <target>) system)'
#+end_src
See the [[*Pull Based Deployment][Pull Based Deployment]] section for more details.
* Footnotes
[fn:1] https://guix.gnu.org/manual/en/html_node/Invoking-guix-deploy.html
@ -143,3 +170,5 @@ by instead using ~guix time-machine~ as follows.
[fn:5] https://guix.gnu.org/manual/en/html_node/Channels.html
[fn:6] https://guix.gnu.org/manual/en/html_node/Replicating-Guix.html
[fn:7] Only available in my internal home-network

22
channels-manual.scm
View File

@ -1,22 +0,0 @@
(list (channel
(name 'guix)
(url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
(commit
"44cd0a4f371db22141832e17b8bdb5130696993a")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
(openpgp-fingerprint
"BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))
(channel
(name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix")
(branch "master")
(commit
"fea52adbc9356184bff51146c6515fad609baf77")
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
(openpgp-fingerprint
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))))

22
channels-vms.scm
View File

@ -1,22 +0,0 @@
(list (channel
(name 'guix)
(url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
(commit
"a4eae0c3adce8e4c4ac153a4959d18b9897a67e1")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
(openpgp-fingerprint
"BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))
(channel
(name 'rekahsoft-guix)
(url "https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix.git")
(branch "master")
(commit
"b72c13392a9ffab0dd52dcf9e30fb599e364a78e")
(introduction
(make-channel-introduction
"191cdaa0947657e0c85fe89ebbb8e7b1e7a8e0a4"
(openpgp-fingerprint
"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022")))))

44
channels.scm Normal file
View File

@ -0,0 +1,44 @@
(list (channel
(name 'guix)
(url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
(commit
"e584a093f943be216fdc93895281fde835836b8d")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
(openpgp-fingerprint
"BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))
(channel
(name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix")
(branch "master")
(commit
"8c22d70b02d4cf42f64784296fbd267695cd3e4c")
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
(openpgp-fingerprint
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
(channel
(name 'rekahsoft-guix)
(url "https://git.rekahsoft.ca/rekahsoft/rekahsoft-guix.git")
(branch "master")
(commit
"b72c13392a9ffab0dd52dcf9e30fb599e364a78e")
(introduction
(make-channel-introduction
"191cdaa0947657e0c85fe89ebbb8e7b1e7a8e0a4"
(openpgp-fingerprint
"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022"))))
(channel
(name 'guix-machines)
(url "https://git.home.rekahsoft.ca/rekahsoft-public/guix-machines.git")
(branch "master")
;; (commit ;; Pin to <commit-sha> if/when required
;; "<commit-sha>")
(introduction
(make-channel-introduction
"acaa20d632da16937508a45ef2cc0083e09bae4c"
(openpgp-fingerprint
"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022")))))

14
deploy/cloud0-home-rekahsoft-ca.scm
View File

@ -1,13 +1 @@
(use-modules
(rekahsoft guix-config vms cloud0-home-rekahsoft-ca))
(list (machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "cloud0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwGi4YmUyLgpmFxJzGQF5Ju7CL8d2Wa2VtHMZGms0KO root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))
(list (@ (rekahsoft guix-config vms cloud0-home-rekahsoft-ca) machine))

14
deploy/grocy0-home-rekahsoft-ca.scm
View File

@ -1,13 +1 @@
(use-modules
(rekahsoft guix-config vms grocy0-home-rekahsoft-ca))
(list (machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "grocy0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSMBcmFdlDI/JKOBC/RRJh2VM0MY45o684OXaTQ3fGm root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))
(list (@ (rekahsoft guix-config vms grocy0-home-rekahsoft-ca) machine))

14
deploy/guix-ci0-home-rekahsoft-ca.scm
View File

@ -1,13 +1 @@
(use-modules
(rekahsoft guix-config vms guix-ci0-home-rekahsoft-ca))
(list (machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "guix-ci0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrv3Ygq47GYt5jYiNPUhvIDOOl4H17Z/abMvA1l/xkj root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))
(list (@ (rekahsoft guix-config vms guix-ci0-home-rekahsoft-ca) machine))

14
deploy/vault0-home-rekahsoft-ca.scm
View File

@ -1,13 +1 @@
(use-modules
(rekahsoft guix-config vms vault0-home-rekahsoft-ca))
(list (machine
(operating-system system)
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name "vault0.home.rekahsoft.ca")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwGi4YmUyLgpmFxJzGQF5Ju7CL8d2Wa2VtHMZGms0KO root@(none)")
(system "x86_64-linux")
(user "auto")
(identity ".deploy-key/key")
(port 22)))))
(list (@ (rekahsoft guix-config vms vault0-home-rekahsoft-ca) machine))