GNU bug report logs - #42317
Adding a "Running Guix on a Linode" to the cookbook

Previous Next

Package: guix-patches;

Reported by: Joshua Branson <jbranso <at> dismail.de>

Date: Sat, 11 Jul 2020 00:42:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 42317 in the body.
You can then email your comments to 42317 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Sat, 11 Jul 2020 00:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joshua Branson <jbranso <at> dismail.de>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sat, 11 Jul 2020 00:42:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: guix-patches <at> gnu.org
Subject: Adding a "Running Guix on a Linode" to the cookbook
Date: Fri, 10 Jul 2020 20:41:22 -0400
From: Joshua Branson <jbranso <at> dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
MIME-Version: 1.0
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 180 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..3ade82af14 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -1347,6 +1347,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  Be sure to add your ssh key for
+easy login.  We recommend using the default distro as a way to bootstrap
+Guix.  This is usually done via @code{ssh-copy-id}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+VM Mode: Paravirtualization  @c{The default?? Does this matter?}
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ;; Is this a good idea?  Well if you don't add it
+                          ;; you have to manually set your user's password
+                          ;; via the glish console...
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")     ; replace with your server name
+(name "janedoe")            ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Note the same above for root, which I don't feel great about, but
+otherwise you'll need to log in via the linode "glish" console to log in
+as root and set the user's initial password before you can start using
+sudo.  @comment {(is there another way around this?)}
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.26.0





Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Tue, 21 Jul 2020 20:52:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Lemmer Webber <cwebber <at> dustycloud.org>
To: Joshua Branson <jbranso <at> dismail.de>,
 Joshua Branson via Guix-patches <guix-patches <at> gnu.org>
Cc: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Tue, 21 Jul 2020 16:51:46 -0400
Joshua Branson via Guix-patches via writes:

> From: Joshua Branson <jbranso <at> dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
> MIME-Version: 1.0
> Content-Type: text/x-patch
> Content-Disposition: attachment;
>  filename=0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!
> ---
>  doc/guix-cookbook.texi | 180 +++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 180 insertions(+)
>
> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
> index f541592d13..3ade82af14 100644
> --- a/doc/guix-cookbook.texi
> +++ b/doc/guix-cookbook.texi
> @@ -1347,6 +1347,7 @@ reference.
>  * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
>  * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
>  * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
> +* Running Guix on a Linode:: Running Guix on a Linode
>  * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
>  * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
>  @end menu
> @@ -1759,6 +1760,185 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
>  confusion occurs. This can be done by executing @code{xset s activate} immediately
>  before you execute slock.
>  
> +@node Running Guix on a Linode
> +@section Running Guix on a Linode
> +@cindex linode
> +
> +Start with a recommended Debian server.  Be sure to add your ssh key for
> +easy login.  We recommend using the default distro as a way to bootstrap
> +Guix.  This is usually done via @code{ssh-copy-id}.

Huh!  I've never used ssh-copy-id before...

Regardless, my experience was that Linode's interface it asked me what
key I wanted to provide... I just copy-pasta'ed from
~/.ssh/id_<keytype>.pub

How would one do it with ssh-copy-id?

> +Power the linode down. In the Linode's Disks/Configurations tab, resize
> +the Debian disk to be smaller. 30 GB is recommended.
> +
> +In the Linode settings, "Add a disk", with the following:
> +@itemize @bullet
> +@item
> +Label: "Guix"
> +
> +@item
> +Filesystem: ext4
> +
> +@item
> +Set it to the remaining size
> +@end itemize
> +
> +On the "configuration" field that comes with the default image, press
> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
> +label.
> +
> +Now "Add a Configuration", with the following:
> +@itemize @bullet
> +@item
> +Label: Guix
> +
> +@item
> +VM Mode: Paravirtualization  @c{The default?? Does this matter?}

We can probably remove this comment I guess?  Not sure, especially
since I still don't know if it matters. ;)

Maybe we could even skip listing it since the default is fine?

> +@item
> +Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
> +
> +@item
> +Block device assignment:
> +
> +@item
> +/dev/sda: Guix
> +
> +@item
> +/dev/sdb: swap

Also note that I made the mistake of never actually using swap in my
server configuration.  Maybe worth fixing?

> +@item
> +Root device: /dev/sda
> +
> +@item
> +Turn off all the filesystem/boot helpers
> +@end itemize
> +
> +Now power it back up, picking the Debian configuration.  Once it's
> +booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
> +Now you can run the "install guix form binary installer" steps:
> +
> +@example
> +sudo apt-get install gpg
> +wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
> +wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
> +chmod +x guix-install.sh
> +./guix-install.sh
> +guix pull
> +@end example
> +
> +Now it's time to write out a config for the server.  The key information
> +is below. Save the resulting file as guix-config.scm:
> +
> +@lisp
> +(use-modules (gnu)
> +             (guix modules))
> +(use-service-modules networking
> +                     ssh)
> +(use-package-modules admin
> +                     certs
> +                     package-management
> +                     ssh
> +                     tls)
> +
> +(operating-system
> +  (host-name "my-server")
> +  (timezone "America/New_York")
> +  (locale "en_US.UTF-8")
> +  ;; This goofy code will generate the grub.cfg
> +  ;; without installing the grub bootloader on disk.
> +  (bootloader (bootloader-configuration
> +               (bootloader
> +                (bootloader
> +                 (inherit grub-bootloader)
> +                 (installer #~(const #t))))))
> +  (file-systems (cons (file-system
> +                        (device "/dev/sda")
> +                        (mount-point "/")
> +                        (type "ext4"))
> +                      %base-file-systems))

Presumably, here's where we should add swap.

> +  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
> +                        %base-initrd-modules))
> +
> +  (users (cons (user-account
> +                (name "janedoe")
> +                (group "users")
> +                ;; Adding the account to the "wheel" group
> +                ;; makes it a sudoer.
> +                (supplementary-groups '("wheel"))
> +                (home-directory "/home/janedoe"))
> +               %base-user-accounts))
> +
> +  (packages (cons* nss-certs            ;for HTTPS access
> +                   openssh-sans-x
> +                   %base-packages))
> +
> +  (services (cons*
> +             (service dhcp-client-service-type)
> +             (service openssh-service-type
> +                      (openssh-configuration
> +                       (openssh openssh-sans-x)
> +                       (password-authentication? #f)
> +                       (authorized-keys
> +                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
> +                          ;; Is this a good idea?  Well if you don't add it
> +                          ;; you have to manually set your user's password
> +                          ;; via the glish console...
> +                          ("root" ,(local-file "janedoe_rsa.pub"))))))
> +             %base-services)))
> +@end lisp
> +
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server")     ; replace with your server name
> +(name "janedoe")            ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo.  @comment {(is there another way around this?)}

Maybe the first person could be removed... "which I don't feel great
about, but..." with "which doesn't seem great, but..."

> +Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
> +<your-username-here>_rsa.pub in the same directory.
> +
> +Mount the guix drive:
> +@example
> +mkdir /mnt/guix
> +mount /dev/sdc /mnt/guix
> +@end example
> +
> +Due to the way we set things up above, we do not install Grub
> +completely.  Instead we install only our grub configuration file.  So we
> +need to copy over some of the other Grub stuff that is already there:
> +
> +@example
> +mkdir -p /mnt/guix/boot/grub
> +cp -r /boot/grub/* /mnt/guix/boot/grub/
> +@end example
> +
> +Now initialize the Guix installation:
> +@example
> +guix system init guix-config.scm /mnt/guix
> +@end example
> +
> +Ok, power it down!
> +Now from the linode console, select boot and select "Guix".
> +
> +Once it boots, you should be able to log in via ssh!  (The server
> +config will have changed though.)
> +
> +Be sure to set your password and root's password.
> +
> +Horray!  At this point you can shut down the server, delete the
> +Debian disk, and resize the Guix to the rest of the size.
> +Congratulations!
> +
> +BTW, if you save it as a disk image right at this point, you'll have an
> +easy time spinning up new Guix images!
> +
>  @node Setting up a bind mount
>  @section Setting up a bind mount

Fantastic!  It otherwise looks good to me.




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Tue, 21 Jul 2020 20:52:02 GMT) Full text and rfc822 format available.

Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Fri, 07 Aug 2020 17:16:01 GMT) Full text and rfc822 format available.

Message #14 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Fri, 07 Aug 2020 13:15:19 -0400
> +Replace the following fields in the above configuration:
> +@lisp
> +(host-name "my-server")     ; replace with your server name
> +(name "janedoe")            ; replace with your username
> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
> +@end lisp
> +
> +Note the same above for root, which I don't feel great about, but
> +otherwise you'll need to log in via the linode "glish" console to log in
> +as root and set the user's initial password before you can start using
> +sudo.  @comment {(is there another way around this?)}

I'm not certain how I need to change the configuration here...  I just
deleted the "Note the same above for root" paragraph.  Can you give me
some direction?

--
Joshua Branson
Sent from Emacs and Gnus




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Fri, 07 Aug 2020 17:17:02 GMT) Full text and rfc822 format available.

Message #17 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Fri, 07 Aug 2020 13:16:00 -0400
[0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch (text/x-patch, inline)]
From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso <at> dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 187 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d6d28a419 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix.  Be sure to add your ssh key for easy
+login to the remote server.  This is usually done via
+@code{ssh-copy-id}. For example, create your ssh keys, then you can
+upload your keys to the remote server like so:
+
+@example
+ssh-keygen
+ssh-copy-id username@@<remote computer IP address>
+@end example
+
+You can also use linode's graphical interface for adding ssh keys.  Just
+copy your local file @code{~/.ssh/id_<keytype>.pub}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ;; Is this a good idea?  Well if you don't add it
+                          ;; you have to manually set your user's password
+                          ;; via the glish console...
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")     ; replace with your server name
+(name "janedoe")            ; replace with your username on the remote server
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Fri, 07 Aug 2020 21:12:01 GMT) Full text and rfc822 format available.

Message #20 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Lemmer Webber <cwebber <at> dustycloud.org>
To: Joshua Branson <jbranso <at> dismail.de>,
 Joshua Branson via Guix-patches <guix-patches <at> gnu.org>
Cc: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Fri, 07 Aug 2020 17:11:21 -0400
Joshua Branson via Guix-patches via writes:

>> +Replace the following fields in the above configuration:
>> +@lisp
>> +(host-name "my-server")     ; replace with your server name
>> +(name "janedoe")            ; replace with your username
>> +("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
>> +@end lisp
>> +
>> +Note the same above for root, which I don't feel great about, but
>> +otherwise you'll need to log in via the linode "glish" console to log in
>> +as root and set the user's initial password before you can start using
>> +sudo.  @comment {(is there another way around this?)}
>
> I'm not certain how I need to change the configuration here...  I just
> deleted the "Note the same above for root" paragraph.  Can you give me
> some direction?

Easiest path is to just add

    ;; Allow root login to allow easy login before you set up your
    ;; initial password for sudo purposes.  You can remove this line
    ;; after you log in and set your initial user password.
    ("root" ,(local-file "janedoe_rsa.pub")

after the janedoe thing and delete that whole paragraph.  That provides
an easyish way to deal with things... if someone is uncomfortable with
having a root login, I suppose they have enough experience to know how
to remove this later if they want.

Great work on this, with that change I think it looks good to go!




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Fri, 07 Aug 2020 21:12:02 GMT) Full text and rfc822 format available.

Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Sat, 08 Aug 2020 21:58:02 GMT) Full text and rfc822 format available.

Message #26 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Sat, 08 Aug 2020 17:57:32 -0400
Hey Chris,

So I'm made some more edits to the guide about setting up a linode.
Namely, I removed the bit about ssh-copy-id.  It's just easier to use
linode's interface.

I also added some sftp commands for uploading the ssh key and
guix-config.scm file.

There are a smattering of other edits.  I actually followed your guide
and set up my linode!  Thanks for writing this up!

My next email will have the updated patch.

P.S.  The only issue that I currently have is that I can ssh into the
linode server as my regular user, but I cannot ssh in as a root
user...Maybe as a next exercise I'll try to add to the cookbook how to
use guix deploy on a linode server...because that would be cool!

--
Joshua Branson
Sent from Emacs and Gnus




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Sat, 08 Aug 2020 22:00:02 GMT) Full text and rfc822 format available.

Message #29 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Sat, 08 Aug 2020 17:58:50 -0400
[0001-doc-cookbook-Adding-a-section-Running-Guix-on-a-Lino.patch (text/x-patch, inline)]
From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso <at> dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 239 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 239 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..a907ddaf33 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,243 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your ssh keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your ssh key for easy login to the remote server.  This
+is trivially done via linode's graphical interface for adding ssh keys.
+Go to your profile and click add SSH Key.  Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory.  In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues ssh-ing into your box, then you may still need to set your
+root and user password initially by clicking on the ``Launch Console''
+option in your linode.  Choose the ``Glish'' instead of ``Weblish''.
+Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Mon, 31 Aug 2020 10:34:02 GMT) Full text and rfc822 format available.

Message #32 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Joshua Branson <jbranso <at> dismail.de>
Cc: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Mon, 31 Aug 2020 12:33:16 +0200
Hi!

Joshua Branson <jbranso <at> dismail.de> scribes:

>>From 4fd558ae00c5137b76e2a365b1640b95d4f02913 Mon Sep 17 00:00:00 2001
> From: Joshua Branson <jbranso <at> dismail.de>
> Date: Fri, 10 Jul 2020 20:32:30 -0400
> Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""
>
> * doc/guix-cookbook.texi (Running Guix on a Linode):
> I added a section that explains how to run guix on a linode.
> Thanks Chris Webber!

Minor issue: s/on a Linode/on a Linode Server/
or: s/on a Linode/on Linode/ ?

Also, s/Grub/GRUB/, s/ssh/SSH/, s/linode/Linode, and perhaps @code or
@file here and there would be welcome.

But these are details, the post looks great!  Let me know if you can
send an updated version or if I should adjust these for you.

Thanks!

Ludo’.




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Tue, 01 Sep 2020 02:09:01 GMT) Full text and rfc822 format available.

Message #35 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] Adding a "Running Guix on a Linode" to the cookbook
Date: Mon, 31 Aug 2020 22:08:40 -0400
I will send an updated patch tomorrow after work.  You should see a new
patch by late afternoon.

Thanks,

Joshua

-- 
Joshua Branson
Sent from Emacs and Gnus




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Tue, 01 Sep 2020 10:47:01 GMT) Full text and rfc822 format available.

Message #38 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Cc: Joshua Branson <jbranso <at> dismail.de>
Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode
 Server
Date: Tue,  1 Sep 2020 06:45:04 -0400
* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 241 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 241 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0521c29a35 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,245 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your @code{SSH} keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your @code{SSH key} for easy login to the remote server.
+This is trivially done via linode's graphical interface for adding @code{SSH
+keys}.  Go to your profile and click add @code {SSH Key}.  Copy into it
+the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the @code {Linode} down. In the @code{Linode's}
+Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is
+recommended.
+
+In the @code{Linode} settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: @code {GRUB 2} (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@<your-server-ip-here>}. (You can find your server ip address in
+your Linode Summary section.) Now you can run the "install guix from
+binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @code{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your @code{ssh public key} (eg: @code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub and your @code{guix-config.scm} in the same
+directory.  In a new terminal run these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install @code{GRUB}
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other @code{GRUB} stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the @code{Linode} console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via @code{SSH}!  (The server
+config will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete ~/.ssh/known_hosts file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues @code{SSH-ing} into your box, then you may still need to set
+your root and user password initially by clicking on the ``Launch
+Console'' option in your linode.  Choose the ``Glish'' instead of
+``Weblish''.  Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Mon, 07 Sep 2020 14:00:03 GMT) Full text and rfc822 format available.

Message #41 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Joshua Branson <jbranso <at> dismail.de>
Cc: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] [PATCH] doc: cookbook: Adding a section "Running Guix
 on a Linode Server
Date: Mon, 07 Sep 2020 15:59:11 +0200
Hi Joshua,

Thanks for following up on this!  Minor comments:

Joshua Branson <jbranso <at> dismail.de> skribis:

> +@node Running Guix on a Linode Server
> +@section Running Guix on a Linode Server
> +@cindex linode
> +
> +Start with a recommended Debian server.  We recommend using the default
  ^
I’d start the sentence with something like “To run Guix on a server
hosted by @uref{https://www.linode.com/, Linode}, start with a …”.
(That makes it clear what we’re talking about, what Linode is, etc.)

> +distro as a way to bootstrap Guix. Create your @code{SSH} keys.

[...]

> +Be sure to add your @code{SSH key} for easy login to the remote server.

[...]

> +Power the @code {Linode} down. In the @code{Linode's}

I realize I wasn’t clear: @code is for code snippets.  When referring to
Linode (the service/company) or SSH (the protocol), just write it as is,
without @code.

You would use @code for a command (like @code{rm -rf /foo}) and @file
for a file name (like @file{/dev/sdc}).  Text enclosed in @code or @file
is rendered with a fixed-width font and possibly a different background
color.

> +"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
                                                     ^
@file here.

> +root@@<your-server-ip-here>}. (You can find your server ip address in
         ^
@var{your-server-ip-here}

And s/ip/IP/.

Let me know if you can take care of those last (I promise!) changes.

Thank you!

Ludo’.




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Mon, 07 Sep 2020 15:11:02 GMT) Full text and rfc822 format available.

Message #44 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Subject: Re: [bug#42317] [PATCH] doc: cookbook: Adding a section "Running
 Guix on a Linode Server
Date: Mon, 07 Sep 2020 11:10:44 -0400
Yes I will make these changes, and re-submit them.  :)

Thanks,

Joshua

P.S.  Should I follow up to mailing lists via responding only to the
mailing list?  Or would you prefer that I CC your email address?

-- 
Joshua Branson
Sent from Emacs and Gnus




Information forwarded to guix-patches <at> gnu.org:
bug#42317; Package guix-patches. (Tue, 08 Sep 2020 14:32:02 GMT) Full text and rfc822 format available.

Message #47 received at 42317 <at> debbugs.gnu.org (full text, mbox):

From: Joshua Branson <jbranso <at> dismail.de>
To: 42317 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org, jbranso <at> dismail.de
Subject: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode
 Server"
Date: Tue,  8 Sep 2020 10:31:26 -0400
* doc/guix-cookbook.texi (Running Guix on a Linode Server):
I added a section that explains how to run guix on a linode server.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 242 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 242 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d15d658e9 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Running Guix on a Linode Server:: Running Guix on a Linode Server
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes through Tor.
 @end menu
@@ -1759,6 +1761,246 @@ your screen but not suspend it, it's a good idea to notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} immediately
 before you execute slock.
 
+@node Running Guix on a Linode Server
+@section Running Guix on a Linode Server
+@cindex linode, Linode
+
+To run Guix on a server hosted by @uref{https://www.linode.com, Linode},
+start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix. Create your SSH keys.
+
+@example
+ssh-keygen
+@end example
+
+Be sure to add your SSH key for easy login to the remote server.
+This is trivially done via Linode's graphical interface for adding
+SSH keys.  Go to your profile and click add SSH Key.
+Copy into it the output of:
+
+@example
+cat ~/.ssh/<username>_rsa.pub
+@end example
+
+Power the Linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to @file{/dev/sdc} the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel:GRUB 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+@file{/dev/sda}: Guix
+
+@item
+@file{/dev/sdb}: swap
+
+@item
+Root device: @file{/dev/sda}
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh
+root@@@var{<your-server-IP-here>}}. (You can find your server IP address in
+your Linode Summary section.) Now you can run the "install guix from
+@pxref{Binary Installation,,, guix, GNU Guix}" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as @file{guix-config.scm}.
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")       ; replace with your server name
+; if you chose a linode server outside the U.S., then
+; use tzselect to find a correct timezone string
+(timezone "America/New_York") ; if needed replace timezone
+(name "janedoe")              ; replace with your username
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+("root" ,(local-file "janedoe_rsa.pub")) ; replace with your ssh key
+@end lisp
+
+The last line in the above example lets you log into the server as root
+and set the initial root password.  After you have done this, you may
+delete that line from your configuration and reconfigure to prevent root
+login.
+
+Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as
+@file{@var{<your-username-here>}_rsa.pub} and your
+@file{guix-config.scm} in the same directory.  In a new terminal run
+these commands.
+
+@example
+sftp root@@<remote server ip address>
+put /home/<username>/ssh/id_rsa.pub .
+put /path/to/linode/guix-config.scm .
+@end example
+
+In your first terminal, mount the guix drive:
+
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install GRUB
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other GRUB stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the Linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via SSH!  (The server config
+will have changed though.)  You may encounter an error like:
+
+@example
+$ ssh root@@<server ip address>
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (man-in-the-middle attack)!
+It is also possible that a host key has just been changed.
+The fingerprint for the ECDSA key sent by the remote host is
+SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.
+Please contact your system administrator.
+Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.
+Offending ECDSA key in /home/joshua/.ssh/known_hosts:3
+ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.
+Host key verification failed.
+@end example
+
+Either delete @file{~/.ssh/known_hosts} file, or delete the offending line
+starting with your server IP address.
+
+Be sure to set your password and root's password.
+
+@example
+ssh root@@<remote ip address>
+passwd  ; for the root password
+passwd <username> ; for the user password
+@end example
+
+You may not be able to run the above commands at this point.  If you
+have issues remotely logging into your linode box via SSH, then you may
+still need to set your root and user password initially by clicking on
+the ``Launch Console'' option in your linode.  Choose the ``Glish''
+instead of ``Weblish''.  Now you should be able to ssh into the machine.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+By the way, if you save it as a disk image right at this point, you'll
+have an easy time spinning up new Guix images!  You may need to
+down-size the Guix image to 6144MB, to save it as an image.  Then you
+can resize it again to the max size.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0





Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Wed, 09 Sep 2020 07:22:01 GMT) Full text and rfc822 format available.

Notification sent to Joshua Branson <jbranso <at> dismail.de>:
bug acknowledged by developer. (Wed, 09 Sep 2020 07:22:02 GMT) Full text and rfc822 format available.

Message #52 received at 42317-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Joshua Branson <jbranso <at> dismail.de>
Cc: 42317-done <at> debbugs.gnu.org
Subject: Re: [PATCH] doc: cookbook: Adding a section "Running Guix on a Linode
 Server"
Date: Wed, 09 Sep 2020 09:21:46 +0200
Hi Joshua,

Joshua Branson <jbranso <at> dismail.de> skribis:

> * doc/guix-cookbook.texi (Running Guix on a Linode Server):
> I added a section that explains how to run guix on a linode server.
> Thanks Chris Webber!

Applied, thank you!

Ludo’.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 07 Oct 2020 11:24:05 GMT) Full text and rfc822 format available.

This bug report was last modified 3 years and 173 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.