Initial setup (not yet bootstrapped or thoroughly tested)

* .gitignore: Ignore files used by 'guix deploy'
* .guix/guix-na/config/balg02.scm: Initial balg02 guix configuration (sans cuirass)
* .pubkeys/collin.pub: Public key of Collin Doering
* .pubkeys/deploy-key.pub: Public key used for 'guix deploy' usage
* README.org: Various updates to how balg02 (guix-north-america) is setup

.gitignore

@@ -1,2 +1,7 @@
 # Emacs
 *~
+
+# Private ssh key used for 'guix deploy'
+# Note: 'guix deploy' will generate a public key for the provided private key
+.deploy-key
+.deploy-key.pub

.guix/guix-na/config/balg02.scm

@@ -0,0 +1,118 @@
+;; (C) Copyright Collin J. Doering 2024
+;;
+;; This program is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+;; File: balg02.scm
+;; Author: Collin J. Doering <collin@rekahsoft.ca>
+;; Date: Feb 24, 2024
+
+(define-module (guix-na config balg02)
+  #:use-module (gnu)
+  #:use-module (gnu system)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages shells)
+  #:use-module (gnu services base)
+  #:use-module (gnu services cuirass)
+  #:use-module (gnu services networking)
+  #:use-module (gnu services ssh)
+  #:use-module (gnu services web)
+  #:export (%system))
+
+(define %automation-user "auto")
+
+(define %system
+  (operating-system
+   (host-name "balg02")
+   (timezone "US/Central")
+   (locale "en_US.utf8")
+   (keyboard-layout (keyboard-layout "us"))
+
+   (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (terminal-inputs '(console serial_1))
+                (terminal-outputs '(console serial_1))
+                (serial-unit 1)
+                (serial-speed 115200)
+                (targets '("/dev/sda"))))
+
+   (swap-devices
+    (list (swap-space
+           (target "/swap/swapfile")
+           (dependencies (filter (file-system-mount-point-predicate "/swap")
+                                 file-systems)))))
+
+   (file-systems (append
+                  (list (file-system
+                         (device (file-system-label "root"))
+                         (mount-point "/")
+                         (type "btrfs")
+                         (options "subvol=@,compress=zstd"))
+                        (file-system
+                         (device (file-system-label "root"))
+                         (mount-point "/swap")
+                         (type "btrfs")
+                         (options "subvol=@swap")))
+                  %base-file-systems))
+
+   (users (cons* (user-account
+                  (name %automation-user)
+                  (comment "Automation User")
+                  (group "users")
+	          (shell #~(string-append #$bash "/bin/bash"))
+                  (supplementary-groups
+                   '("wheel"))
+                  (home-directory "/home/auto"))
+                 (user-account
+                  (name "collin")
+                  (comment "Admin user")
+                  (group "users")
+	          (shell #~(string-append #$zsh "/bin/zsh"))
+                  (supplementary-groups
+                   '("wheel"))
+                  (home-directory "/home/collin"))
+                 %base-user-accounts))
+
+   (packages
+    (append
+     (map specification->package
+          '("nss-certs"
+            "recutils"
+            "openssh"
+            "tmux"
+            "emacs"
+            "emacs-guix"))
+     %base-packages))
+
+   (services
+    (append
+     (list (service openssh-service-type
+		    (openssh-configuration
+		     (password-authentication? #f)
+		     (authorized-keys
+		      `(("auto" ,(local-file "../../../.pubkeys/deploy-key.pub"))
+                        ("collin" ,(local-file "../../../.pubkeys/collin.pub"))
+		        ("root" ,(local-file "../../../.pubkeys/collin.pub"))))))
+           (service static-networking-service-type
+                    (list (static-networking
+                           (addresses
+                            (list (network-address
+                                   (device "eno8303")
+                                   (value "216.37.76.55/24"))))
+                           (routes
+                            (list (network-route
+                                   (destination "default")
+                                   (gateway "216.37.76.1"))))
+                           (name-servers '("216.37.64.2" "216.37.64.3")))))
+           (service ntp-service-type))
+     %base-services))))

.pubkeys/collin.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbkiHEE2y85M1qkOBG9p0nuplkFETuMmRudDJ2ryf2gakD1NGMbKz82EHWWyPagkXMHx0tw4TZyV/AOq2LqzH8ZVDAj+QOO2wkFIRIXr3rsZGeMO9kpaZORwdTMTABRPcIg+KteWXe7Qq4I1H3izSuIIbyOW2wFdHkMxWAJEGr2L/q8qMlYbCbDwj1v7AQQRUjy8a0pTyG9eZ6kmc0bVxuFGAsvKtJSPpYxFNNGr8f2EY977DkmHK146B+Ce6Vp9wFDV5PwIQOFnZFXLDoYkI/ndshW+7+LQKViYP/ftIMTt4LC/0BC56heHOKkTCE3FHo4W/0zxfJdcLLkfRoev9T

.pubkeys/deploy-key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxZRNws6tt/YwAvTzfEtsPBPsrBluYxVt8W2xpkYUem69FGZNyzg35yHRtUOQ4A2MRHS3wn5TO/FNQlKrj/Dd3hht3MLwP2Ilk7NnGMu+kFLmUSbhn9i1kHRMjCvJHkWA== collin@rekahsoft-mini

README.org

@@ -8,10 +8,18 @@ Farm.
 
 * Install Guix on debian to be used to bootstrap the Guix os installation
 
+Optionally, the below steps can be completed within tmux or screen. Tmux was installed and
+used in this case using the following.
+
+#+begin_src shell
+  sudo apt update
+  sudo apt install tmux
+  tmux
+#+end_src
+
 Following the [[https://guix.gnu.org/manual/en/html_node/Binary-Installation.html][Binary Installation]] section from the Guix manual to install guix.
 
 #+begin_src shell
-  sudo apt update -y
   sudo apt install -y guix
 #+end_src
 
@@ -28,13 +36,173 @@ documentation specific to foreign distros').
 
 See: [[file:balg02.scm][balg02.scm]]
 
+** Bootloader configuration
+
+For this installation, debian and its bootloader Grub will be left in place. Because we want
+to retain Guix's interactions with Grub (eg. to allow for restoring from failed upgrades to
+an earlier generation), we will have debian's Grub chainload Guix's Grub. To do so, we will
+need to manually adjust Debians' Grub in order to add another menu entry, and set it as the
+default menu item.
+
+Below is a snippet from debian's ~/etc/default/grub~.
+
+#+begin_src text
+  GRUB_DEFAULT=0
+  GRUB_TIMEOUT=5
+  GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+  GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8"
+  GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8"
+  GRUB_TERMINAL="console serial"
+  GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
+#+end_src
+
+From this we extract the necessary guix bootloader configuration options (for serial).
+
+- serial-unit :: 1
+- serial-speed :: 115200
+- terminal-inputs :: console serial
+- terminal-outputs :: console serial
+
+*** TODO Manual modifications to Debian's Grub
+
+In ~/etc/default/grub~ we need to modify ~GRUB_DEFAULT=<MENU_ITEM>~
+
+TODO ...
+
+Modify grub config on debian to add an additional (and default) option to chainload Guix grub
+
+- Add a menuitem for Guix in ~/etc/grub.d/40_custom~
+- Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT=<n>~ where ~<n>~ is the menu item number,
+  starting from 0, or (preferably) the menu item name/id.
+
+** Network configuration
+
+Using the a snippet from ~/etc/network/interfaces~ below, we can extract the necessary details
+to configure Guix's static-networking-service.
+
+- Interface        :: eno8303
+- Address          :: 216.37.76.55/24
+- Gateway          :: 216.37.76.1
+- DNS Name Servers :: 216.37.64.2 216.37.64.3
+- DNS Search       :: genenetwork.org
+
+#+begin_src text
+  # The primary network interface
+  allow-hotplug eno8303
+  iface eno8303 inet static
+          address 216.37.76.55/24
+          gateway 216.37.76.1
+          # dns-* options are implemented by the resolvconf package, if installed
+          dns-nameservers 216.37.64.2 216.37.64.3
+          dns-search genenetwork.org
+#+end_src
+
+** Disk Partitioning
+
+For this installation we are using ~/dev/sda~ (a 1.5T ssd which is faster then the
+alternative 3.6T ssd in the server).
+
+*** Create disk partition table and layout
+
+#+begin_src bash
+  parted /dev/sda mklabel gpt
+#+end_src
+
+*** Create partitions
+
+A simple™️ partition layout is used for this installation, consisting of an EFI ESP partition,
+and the remaining disk partitions for use by btrfs, where btrfs subvolumes and a swapfile
+will be used.
+
+#+begin_src bash
+  parted /dev/sda mkpart primary fat32 0% 512MiB
+  parted /dev/sda mkpart primary 512MiB 100%
+#+end_src
+
+*** Create EFI partition
+
+#+begin_src bash
+  parted /dev/sda set 1 esp on
+  mkfs.fat -F32 /dev/sda1
+#+end_src
+
+*** Create btrfs 'pool' (file-system) and subvolumes
+
+**** Create btrfs file-system
+
+#+begin_src bash
+  mkfs.btrfs --label root /dev/sda2
+#+end_src
+
+**** Create btrfs subvolumes
+
+First mount the btrfs top-level file-system.
+
+#+begin_src bash
+  mount /dev/sda2 /mnt
+#+end_src
+
+Then create the root subvolume, and a subvolume for swapfiles.
+
+#+begin_src bash
+  btrfs subvolume create /mnt/@
+  btrfs subvolume create /mnt/@swap
+#+end_src
+
+Unmount the top-level btrfs file-system.
+
+#+begin_src bash
+  umount /mnt
+#+end_src
+
+Mount the root subvolume.
+
+#+begin_src bash
+  mount -o subvol=@,compress=zstd /dev/sda2 /mnt
+#+end_src
+
+Create nested subvolumes for ~/gnu/store~ and ~/home~.
+
+#+begin_src bash
+  mkdir -p /mnt/gnu
+
+  btrfs subvolume create /mnt/gnu/store
+  btrfs subvolume create /mnt/home
+  btrfs subvolume create /mnt/var
+#+end_src
+
+*** Create swap
+
+#+begin_src bash
+  mkdir /mnt/swap
+  mount -o subvol=@swap /dev/sda2 /mnt/swap
+  dd if=/dev/zero of=/mnt/swap/swapfile bs=1M count=32768
+  chmod 600 /mnt/swap/swapfile
+  chattr +C /mnt/swap/swapfile
+
+  mkswap /mnt/swap/swapfile
+#+end_src
+
+*** Prepare ~/mnt~ for Guix installation
+
+Create ~/boot/efi~ directory for UEFI boot and mount the ESP partition there.
+
+#+begin_src bash
+  mkdir -p /mnt/boot/efi
+  mount /dev/sda1 /mnt/boot/efi
+#+end_src
+
+Both root and swap are already mounted and ready due to earlier steps.
+
+** Testing
+
+To test the configuration in a vm before deployment, the following can be used.
+
+#+begin_src shell
+  $(guix time-machine -C channels.scm -- system vm -e '(@ (guix-na config balg02) %system)') -m 2G -smp 2 -nic user,model=virtio-net-pci
+#+end_src
+
 * Bootstrap Guix
 
 Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix
 operating-system for the machine]].
-
-* Modify grub config on debian to add an additional (and default) option to chainload Guix grub
-
-- Add a menuitem for Guix in ~/etc/grub.d/40_custom~
-- Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT=<n>~ where ~<n>~ is the menu item number,
-  starting from 0.

balg02.scm

@@ -1,19 +0,0 @@
-;; (C) Copyright Collin J. Doering 2024
-;;
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU General Public License as published by
-;; the Free Software Foundation, either version 3 of the License, or
-;; (at your option) any later version.
-;;
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;; GNU General Public License for more details.
-;;
-;; You should have received a copy of the GNU General Public License
-;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-;; File: balg02.scm
-;; Author: Collin J. Doering <collin@rekahsoft.ca>
-;; Date: Feb 24, 2024
-