# Update production checklist


# Tasks

* [X] Install underlying Debian
* [X] Get guix going
* [ ] Check database
* [ ] Check gemma working
* [ ] Check global search
* [ ] Check authentication
* [ ] Check sending E-mails
* [ ] Make sure info.genenetwork.org can reach the DB

The following are at the system level

* [ ] Make journalctl presistent
* [ ] Update certificates in CRON
* [ ] Run trim in CRON

# Install underlying Debian

For our production systems we use Debian as a base install. Once installed:

* [X] set up git in /etc and limit permissions to root user
* [X] add ttyS0 support for grub and kernel - so out-of-band works
* [X] start ssh server and configure not to use with passwords
* [X] start nginx and check external networking
* [ ] set up E-mail routing

It may help to mount the old root if you have it. Now it is on

```
mount /dev/sdd2 /mnt/old-root/
```

# Get Guix going

* [X] Install Guix daemon
* [X] Move /gnu/store to larger partition
* [X] Update Guix daemon and setup in systemd
* [ ] Make available in /usr/local/guix-profiles

We can bootstrap with the Debian guix package. Next move the store to a large partion and hard mount it in /etc/fstab with

```
/export2/gnu /gnu none defaults,bind 0 0
```

Run guix pull

```
wrk@tux04:~$ guix pull -p ~/opt/guix-pull --url=https://codeberg.org/guix/guix-mirror.git
```

Use that to install guix in /usr/local/guix-profiles

```
guix package -i guix -p /usr/local/guix-profiles/guix
```

and update the daemon in systemd accordingly. After that I tend to remove /usr/bin/guix

# Check database

* [X] Install mariadb
* [ ] Recover database
* [ ] Test permissions

Basically recover the database from a backup is the best start and set permissions. We usually take the default mariadb unless production is already on a newer version - so we move to guix deployment.

On tux02 mariadb-10.5.8 is running. On Debian it is now 10.11.11-0+deb12u1, so we should be good. On Guix is 10.10 at this point.

```
apt-get install mariadb-server
```

=> topics/systems/mariadb/mariadb.gmi

# Check sending E-mails

The swaks package is quite useful to test for a valid receive host:

```
swaks --to testing-my-server@gmail.com --server smtp.uthsc.edu
=== Trying smtp.uthsc.edu:25...
=== Connected to smtp.uthsc.edu.
<-  220 mailrouter8.uthsc.edu ESMTP NO UCE
 -> EHLO tux04.uthsc.edu
<-  250-mailrouter8.uthsc.edu
<-  250-PIPELINING
<-  250-SIZE 26214400
<-  250-VRFY
<-  250-ETRN
<-  250-STARTTLS
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250-DSN
<-  250 SMTPUTF8
 -> MAIL FROM:<root@tux04.uthsc.edu>
<-  250 2.1.0 Ok
 -> RCPT TO:<pjotr2020@thebird.nl>
<-  250 2.1.5 Ok
 -> DATA
<-  354 End data with <CR><LF>.<CR><LF>
 -> Date: Thu, 06 Mar 2025 08:34:24 +0000
 -> To: pjotr2020@thebird.nl
 -> From: root@tux04.uthsc.edu
 -> Subject: test Thu, 06 Mar 2025 08:34:24 +0000
 -> Message-Id: <20250306083424.624509@tux04.uthsc.edu>
 -> X-Mailer: swaks v20201014.0 jetmore.org/john/code/swaks/
 ->
 -> This is a test mailing
 ->
 ->
 -> .
<-  250 2.0.0 Ok: queued as 4157929DD
 -> QUIT
<-  221 2.0.0 Bye                                                                                                                             === Connection closed with remote host
```