Initial setup (not yet bootstrapped or thoroughly tested)
* .gitignore: Ignore files used by 'guix deploy' * .guix/guix-na/config/balg02.scm: Initial balg02 guix configuration (sans cuirass) * .pubkeys/collin.pub: Public key of Collin Doering * .pubkeys/deploy-key.pub: Public key used for 'guix deploy' usage * README.org: Various updates to how balg02 (guix-north-america) is setup
This commit is contained in:
parent
254381bfa7
commit
6cf7f9a72e
|
@ -1,2 +1,7 @@
|
||||||
# Emacs
|
# Emacs
|
||||||
*~
|
*~
|
||||||
|
|
||||||
|
# Private ssh key used for 'guix deploy'
|
||||||
|
# Note: 'guix deploy' will generate a public key for the provided private key
|
||||||
|
.deploy-key
|
||||||
|
.deploy-key.pub
|
||||||
|
|
|
@ -0,0 +1,118 @@
|
||||||
|
;; (C) Copyright Collin J. Doering 2024
|
||||||
|
;;
|
||||||
|
;; This program is free software: you can redistribute it and/or modify
|
||||||
|
;; it under the terms of the GNU General Public License as published by
|
||||||
|
;; the Free Software Foundation, either version 3 of the License, or
|
||||||
|
;; (at your option) any later version.
|
||||||
|
;;
|
||||||
|
;; This program is distributed in the hope that it will be useful,
|
||||||
|
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
;; GNU General Public License for more details.
|
||||||
|
;;
|
||||||
|
;; You should have received a copy of the GNU General Public License
|
||||||
|
;; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
;; File: balg02.scm
|
||||||
|
;; Author: Collin J. Doering <collin@rekahsoft.ca>
|
||||||
|
;; Date: Feb 24, 2024
|
||||||
|
|
||||||
|
(define-module (guix-na config balg02)
|
||||||
|
#:use-module (gnu)
|
||||||
|
#:use-module (gnu system)
|
||||||
|
#:use-module (gnu packages bash)
|
||||||
|
#:use-module (gnu packages shells)
|
||||||
|
#:use-module (gnu services base)
|
||||||
|
#:use-module (gnu services cuirass)
|
||||||
|
#:use-module (gnu services networking)
|
||||||
|
#:use-module (gnu services ssh)
|
||||||
|
#:use-module (gnu services web)
|
||||||
|
#:export (%system))
|
||||||
|
|
||||||
|
(define %automation-user "auto")
|
||||||
|
|
||||||
|
(define %system
|
||||||
|
(operating-system
|
||||||
|
(host-name "balg02")
|
||||||
|
(timezone "US/Central")
|
||||||
|
(locale "en_US.utf8")
|
||||||
|
(keyboard-layout (keyboard-layout "us"))
|
||||||
|
|
||||||
|
(bootloader (bootloader-configuration
|
||||||
|
(bootloader grub-bootloader)
|
||||||
|
(terminal-inputs '(console serial_1))
|
||||||
|
(terminal-outputs '(console serial_1))
|
||||||
|
(serial-unit 1)
|
||||||
|
(serial-speed 115200)
|
||||||
|
(targets '("/dev/sda"))))
|
||||||
|
|
||||||
|
(swap-devices
|
||||||
|
(list (swap-space
|
||||||
|
(target "/swap/swapfile")
|
||||||
|
(dependencies (filter (file-system-mount-point-predicate "/swap")
|
||||||
|
file-systems)))))
|
||||||
|
|
||||||
|
(file-systems (append
|
||||||
|
(list (file-system
|
||||||
|
(device (file-system-label "root"))
|
||||||
|
(mount-point "/")
|
||||||
|
(type "btrfs")
|
||||||
|
(options "subvol=@,compress=zstd"))
|
||||||
|
(file-system
|
||||||
|
(device (file-system-label "root"))
|
||||||
|
(mount-point "/swap")
|
||||||
|
(type "btrfs")
|
||||||
|
(options "subvol=@swap")))
|
||||||
|
%base-file-systems))
|
||||||
|
|
||||||
|
(users (cons* (user-account
|
||||||
|
(name %automation-user)
|
||||||
|
(comment "Automation User")
|
||||||
|
(group "users")
|
||||||
|
(shell #~(string-append #$bash "/bin/bash"))
|
||||||
|
(supplementary-groups
|
||||||
|
'("wheel"))
|
||||||
|
(home-directory "/home/auto"))
|
||||||
|
(user-account
|
||||||
|
(name "collin")
|
||||||
|
(comment "Admin user")
|
||||||
|
(group "users")
|
||||||
|
(shell #~(string-append #$zsh "/bin/zsh"))
|
||||||
|
(supplementary-groups
|
||||||
|
'("wheel"))
|
||||||
|
(home-directory "/home/collin"))
|
||||||
|
%base-user-accounts))
|
||||||
|
|
||||||
|
(packages
|
||||||
|
(append
|
||||||
|
(map specification->package
|
||||||
|
'("nss-certs"
|
||||||
|
"recutils"
|
||||||
|
"openssh"
|
||||||
|
"tmux"
|
||||||
|
"emacs"
|
||||||
|
"emacs-guix"))
|
||||||
|
%base-packages))
|
||||||
|
|
||||||
|
(services
|
||||||
|
(append
|
||||||
|
(list (service openssh-service-type
|
||||||
|
(openssh-configuration
|
||||||
|
(password-authentication? #f)
|
||||||
|
(authorized-keys
|
||||||
|
`(("auto" ,(local-file "../../../.pubkeys/deploy-key.pub"))
|
||||||
|
("collin" ,(local-file "../../../.pubkeys/collin.pub"))
|
||||||
|
("root" ,(local-file "../../../.pubkeys/collin.pub"))))))
|
||||||
|
(service static-networking-service-type
|
||||||
|
(list (static-networking
|
||||||
|
(addresses
|
||||||
|
(list (network-address
|
||||||
|
(device "eno8303")
|
||||||
|
(value "216.37.76.55/24"))))
|
||||||
|
(routes
|
||||||
|
(list (network-route
|
||||||
|
(destination "default")
|
||||||
|
(gateway "216.37.76.1"))))
|
||||||
|
(name-servers '("216.37.64.2" "216.37.64.3")))))
|
||||||
|
(service ntp-service-type))
|
||||||
|
%base-services))))
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbkiHEE2y85M1qkOBG9p0nuplkFETuMmRudDJ2ryf2gakD1NGMbKz82EHWWyPagkXMHx0tw4TZyV/AOq2LqzH8ZVDAj+QOO2wkFIRIXr3rsZGeMO9kpaZORwdTMTABRPcIg+KteWXe7Qq4I1H3izSuIIbyOW2wFdHkMxWAJEGr2L/q8qMlYbCbDwj1v7AQQRUjy8a0pTyG9eZ6kmc0bVxuFGAsvKtJSPpYxFNNGr8f2EY977DkmHK146B+Ce6Vp9wFDV5PwIQOFnZFXLDoYkI/ndshW+7+LQKViYP/ftIMTt4LC/0BC56heHOKkTCE3FHo4W/0zxfJdcLLkfRoev9T
|
|
@ -0,0 +1 @@
|
||||||
|
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxZRNws6tt/YwAvTzfEtsPBPsrBluYxVt8W2xpkYUem69FGZNyzg35yHRtUOQ4A2MRHS3wn5TO/FNQlKrj/Dd3hht3MLwP2Ilk7NnGMu+kFLmUSbhn9i1kHRMjCvJHkWA== collin@rekahsoft-mini
|
182
README.org
182
README.org
|
@ -8,10 +8,18 @@ Farm.
|
||||||
|
|
||||||
* Install Guix on debian to be used to bootstrap the Guix os installation
|
* Install Guix on debian to be used to bootstrap the Guix os installation
|
||||||
|
|
||||||
|
Optionally, the below steps can be completed within tmux or screen. Tmux was installed and
|
||||||
|
used in this case using the following.
|
||||||
|
|
||||||
|
#+begin_src shell
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install tmux
|
||||||
|
tmux
|
||||||
|
#+end_src
|
||||||
|
|
||||||
Following the [[https://guix.gnu.org/manual/en/html_node/Binary-Installation.html][Binary Installation]] section from the Guix manual to install guix.
|
Following the [[https://guix.gnu.org/manual/en/html_node/Binary-Installation.html][Binary Installation]] section from the Guix manual to install guix.
|
||||||
|
|
||||||
#+begin_src shell
|
#+begin_src shell
|
||||||
sudo apt update -y
|
|
||||||
sudo apt install -y guix
|
sudo apt install -y guix
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -28,13 +36,173 @@ documentation specific to foreign distros').
|
||||||
|
|
||||||
See: [[file:balg02.scm][balg02.scm]]
|
See: [[file:balg02.scm][balg02.scm]]
|
||||||
|
|
||||||
|
** Bootloader configuration
|
||||||
|
|
||||||
|
For this installation, debian and its bootloader Grub will be left in place. Because we want
|
||||||
|
to retain Guix's interactions with Grub (eg. to allow for restoring from failed upgrades to
|
||||||
|
an earlier generation), we will have debian's Grub chainload Guix's Grub. To do so, we will
|
||||||
|
need to manually adjust Debians' Grub in order to add another menu entry, and set it as the
|
||||||
|
default menu item.
|
||||||
|
|
||||||
|
Below is a snippet from debian's ~/etc/default/grub~.
|
||||||
|
|
||||||
|
#+begin_src text
|
||||||
|
GRUB_DEFAULT=0
|
||||||
|
GRUB_TIMEOUT=5
|
||||||
|
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
|
||||||
|
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8"
|
||||||
|
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8"
|
||||||
|
GRUB_TERMINAL="console serial"
|
||||||
|
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
From this we extract the necessary guix bootloader configuration options (for serial).
|
||||||
|
|
||||||
|
- serial-unit :: 1
|
||||||
|
- serial-speed :: 115200
|
||||||
|
- terminal-inputs :: console serial
|
||||||
|
- terminal-outputs :: console serial
|
||||||
|
|
||||||
|
*** TODO Manual modifications to Debian's Grub
|
||||||
|
|
||||||
|
In ~/etc/default/grub~ we need to modify ~GRUB_DEFAULT=<MENU_ITEM>~
|
||||||
|
|
||||||
|
TODO ...
|
||||||
|
|
||||||
|
Modify grub config on debian to add an additional (and default) option to chainload Guix grub
|
||||||
|
|
||||||
|
- Add a menuitem for Guix in ~/etc/grub.d/40_custom~
|
||||||
|
- Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT=<n>~ where ~<n>~ is the menu item number,
|
||||||
|
starting from 0, or (preferably) the menu item name/id.
|
||||||
|
|
||||||
|
** Network configuration
|
||||||
|
|
||||||
|
Using the a snippet from ~/etc/network/interfaces~ below, we can extract the necessary details
|
||||||
|
to configure Guix's static-networking-service.
|
||||||
|
|
||||||
|
- Interface :: eno8303
|
||||||
|
- Address :: 216.37.76.55/24
|
||||||
|
- Gateway :: 216.37.76.1
|
||||||
|
- DNS Name Servers :: 216.37.64.2 216.37.64.3
|
||||||
|
- DNS Search :: genenetwork.org
|
||||||
|
|
||||||
|
#+begin_src text
|
||||||
|
# The primary network interface
|
||||||
|
allow-hotplug eno8303
|
||||||
|
iface eno8303 inet static
|
||||||
|
address 216.37.76.55/24
|
||||||
|
gateway 216.37.76.1
|
||||||
|
# dns-* options are implemented by the resolvconf package, if installed
|
||||||
|
dns-nameservers 216.37.64.2 216.37.64.3
|
||||||
|
dns-search genenetwork.org
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Disk Partitioning
|
||||||
|
|
||||||
|
For this installation we are using ~/dev/sda~ (a 1.5T ssd which is faster then the
|
||||||
|
alternative 3.6T ssd in the server).
|
||||||
|
|
||||||
|
*** Create disk partition table and layout
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
parted /dev/sda mklabel gpt
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Create partitions
|
||||||
|
|
||||||
|
A simple™️ partition layout is used for this installation, consisting of an EFI ESP partition,
|
||||||
|
and the remaining disk partitions for use by btrfs, where btrfs subvolumes and a swapfile
|
||||||
|
will be used.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
parted /dev/sda mkpart primary fat32 0% 512MiB
|
||||||
|
parted /dev/sda mkpart primary 512MiB 100%
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Create EFI partition
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
parted /dev/sda set 1 esp on
|
||||||
|
mkfs.fat -F32 /dev/sda1
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Create btrfs 'pool' (file-system) and subvolumes
|
||||||
|
|
||||||
|
**** Create btrfs file-system
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mkfs.btrfs --label root /dev/sda2
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
**** Create btrfs subvolumes
|
||||||
|
|
||||||
|
First mount the btrfs top-level file-system.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mount /dev/sda2 /mnt
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Then create the root subvolume, and a subvolume for swapfiles.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
btrfs subvolume create /mnt/@
|
||||||
|
btrfs subvolume create /mnt/@swap
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Unmount the top-level btrfs file-system.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
umount /mnt
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Mount the root subvolume.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mount -o subvol=@,compress=zstd /dev/sda2 /mnt
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Create nested subvolumes for ~/gnu/store~ and ~/home~.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mkdir -p /mnt/gnu
|
||||||
|
|
||||||
|
btrfs subvolume create /mnt/gnu/store
|
||||||
|
btrfs subvolume create /mnt/home
|
||||||
|
btrfs subvolume create /mnt/var
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Create swap
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mkdir /mnt/swap
|
||||||
|
mount -o subvol=@swap /dev/sda2 /mnt/swap
|
||||||
|
dd if=/dev/zero of=/mnt/swap/swapfile bs=1M count=32768
|
||||||
|
chmod 600 /mnt/swap/swapfile
|
||||||
|
chattr +C /mnt/swap/swapfile
|
||||||
|
|
||||||
|
mkswap /mnt/swap/swapfile
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Prepare ~/mnt~ for Guix installation
|
||||||
|
|
||||||
|
Create ~/boot/efi~ directory for UEFI boot and mount the ESP partition there.
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
mkdir -p /mnt/boot/efi
|
||||||
|
mount /dev/sda1 /mnt/boot/efi
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Both root and swap are already mounted and ready due to earlier steps.
|
||||||
|
|
||||||
|
** Testing
|
||||||
|
|
||||||
|
To test the configuration in a vm before deployment, the following can be used.
|
||||||
|
|
||||||
|
#+begin_src shell
|
||||||
|
$(guix time-machine -C channels.scm -- system vm -e '(@ (guix-na config balg02) %system)') -m 2G -smp 2 -nic user,model=virtio-net-pci
|
||||||
|
#+end_src
|
||||||
|
|
||||||
* Bootstrap Guix
|
* Bootstrap Guix
|
||||||
|
|
||||||
Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix
|
Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix
|
||||||
operating-system for the machine]].
|
operating-system for the machine]].
|
||||||
|
|
||||||
* Modify grub config on debian to add an additional (and default) option to chainload Guix grub
|
|
||||||
|
|
||||||
- Add a menuitem for Guix in ~/etc/grub.d/40_custom~
|
|
||||||
- Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT=<n>~ where ~<n>~ is the menu item number,
|
|
||||||
starting from 0.
|
|
||||||
|
|
19
balg02.scm
19
balg02.scm
|
@ -1,19 +0,0 @@
|
||||||
;; (C) Copyright Collin J. Doering 2024
|
|
||||||
;;
|
|
||||||
;; This program is free software: you can redistribute it and/or modify
|
|
||||||
;; it under the terms of the GNU General Public License as published by
|
|
||||||
;; the Free Software Foundation, either version 3 of the License, or
|
|
||||||
;; (at your option) any later version.
|
|
||||||
;;
|
|
||||||
;; This program is distributed in the hope that it will be useful,
|
|
||||||
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
;; GNU General Public License for more details.
|
|
||||||
;;
|
|
||||||
;; You should have received a copy of the GNU General Public License
|
|
||||||
;; along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
;; File: balg02.scm
|
|
||||||
;; Author: Collin J. Doering <collin@rekahsoft.ca>
|
|
||||||
;; Date: Feb 24, 2024
|
|
||||||
|
|
Loading…
Reference in New Issue