| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
ca/cert generation
|
|
|
|
|
|
Only a few TODO's to complete until the blog is ready for final review!
|
|
|
|
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm: In my tired state, ttl was set on cuirass instead of the
guix-publish service!
* docs/administration.org: Correct copy/paste error
|
|
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm: Prior to this change, the guix-publish cache has been
filling up without having items removed. The reason being that the ttl was not set!
Additionally, avoid caching items that are less then 150MiB.
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm: Add tmpfs based /tmp file-system. This bypasses the issue
seen on cuiass.genenetwork.org, where the 'tests/cp/reflink-auto.sh' coreutils test was
failing, but not on other build farms or on my personal systems. Further root cause analysis
needs to take place, however btrfs' concept of subvolumes may be interfering with the test. A
partition outside of where the build is happening is located and selected by
coreutils ('coreutils/tests/other-fs-tmpdir'); which ends up selecting '/tmp'. guix-daemon
builds occur in /tmp. Because of this, the 'cp --reflink=auto ..' in the failing coreutils
test doesn't behave as expected, which in this case would be failing to create the reflink
because the files are expected to be on separate partitions. By using a tmpfs /tmp, coreutils
will select it during tests, and we can ensure guix-daemon uses a build location other then
/tmp (necessitating the following change).
(guix-daemon-config): Use /var/tmp for guix-daemon builds (so they are not built on tmpfs)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* README.org: Add new README that details how to use cuirass.genenetwork.org, and provides
links to other reference documents.
* docs/administration.org: Add a new, initially sparse, reference document detailing administration and
maintenance of cuirass.genenetwork.org.
* docs/initial-setup.org: Adjust abstract phrasing.
|
|
|
|
* .guix/guix-na/config/balg02.scm: Extended %cuirass-specs, adding this channel itself as a
cuirass specification. This allows for change to this configuration
channel (guix-north-america) to be validated before deployment. Further, it could be extended
to build operating-system images for balg02 and any other machines, and even running tests on
them to ensure they will deploy and function as expected.
|
|
* .guix/guix-na/config/balg02.scm: In response to feedback from
Ludo (https://lists.gnu.org/archive/html/guix-devel/2024-07/msg00073.html), adjust
guix-daemon configuration to use only local substitutes. This is at a cost of extra build
time on balg02, but will allow for more build diversity among guix substitute servers.
|
|
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm (guix-daemon-config): New function.
(balg02): Modify guix-daemon service to enable build parallelism, and using substitutes from
the local build server if available.
|
|
- https was initially disabled as nginx failed to start due to a missing certificate
- Worth noting that dhparam's were manually generated on balg02
|
|
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm (%automation-user): Removed variable (only used in one place).
(%cuirass-specs): New variable. (Initial) Cuirass specifications that are run by the guix-na build farm.
(publish-robots.txt): New variable. Used in nginx configuration.
(publish-locations): New function. Defines nginx publish locations (used for http and https servers).
(balg02-locations): New function. Defines nginx publish locations used for guix-na.
(%publish-url): New variable. String representing local publish URL.
(%tls-settings): New variable. Captures nginx tls settings used in nginx configuration.
(le): New function. Generates lets encrypt path given a host and optionally a private key.
(languages-to-accept): New variable. Languages for i8ln.
(accept-languages): New function.
(%balg02-servers): New variable. balg02 nginx servers.
(%extra-content): New variable. Extra nginx configuration content.
(%nginx-configuration): New variable. Capture nginx configuration given all previous helper
functions and variables.
(%nginx-cache-activation): New variable. Service the ensures /var/cache/nginx exists on the
first run.
(%nginx-deploy-hook): New variable. Hook used upon cerbot certificate updates.
(balg02 (packages)): Add btrfs-progs.
(balg02): Remove root ssh key (not necessary as ssh root login is disabled).
(balg02 (services)): Add cuirass, certbot, nginx, and guix-publish services.
|
|
* .guix/guix-na/config/balg02.scm: New ssh key for arun
* .pubkeys/arun-ed25519.pub: New file: Arun's ssh public key
|
|
|
|
|
|
|
|
|
|
* README.org: It was discovered that the wrong disk was referenced in the README!
Its worth noting that this documentation error does not impact the configuration of balg02,
as it doesn't directly reference the disk its being installed to, but instead references
where /boot/efi is located (which is setup as part preparing for the guix installation by
mounting guix's esp partition to /mnt/boot/efi) as well as references to partitions by label.
Also noteworthy is that this documentation error does not impact the Manual Testing of
bootstrapping Guix from a Debian VM, which still quiet closely mimics balg02.
|
|
|
|
|
|
* .guix/guix-na/config/balg02.scm: This is in response to feedback provided by Pjotr and
Arun.
|
