aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-30balg02: Use AnonIP service for nginx access log filesCollin J. Doering
2024-06-04cuirass.genenetwork.org.pub: Add guix-daemon signing keyCollin J. Doering
2024-06-04balg02: Configure guix-deamon to build in parallelCollin J. Doering
* .guix/guix-na/config/balg02.scm (guix-daemon-config): New function. (balg02): Modify guix-daemon service to enable build parallelism, and using substitutes from the local build server if available.
2024-05-31balg02: Re-enable https (that was disabled in 4230616)Collin J. Doering
- https was initially disabled as nginx failed to start due to a missing certificate - Worth noting that dhparam's were manually generated on balg02
2024-05-31balg02: Send nginx logs to /var/run/nginx/...Collin J. Doering
2024-05-31balg02: Temporarily disable https until letsencrypt certs can be generatedCollin J. Doering
2024-05-31balg02: Correct typosCollin J. Doering
2024-05-31balg02: Initial implementation of Guix build farmCollin J. Doering
* .guix/guix-na/config/balg02.scm (%automation-user): Removed variable (only used in one place). (%cuirass-specs): New variable. (Initial) Cuirass specifications that are run by the guix-na build farm. (publish-robots.txt): New variable. Used in nginx configuration. (publish-locations): New function. Defines nginx publish locations (used for http and https servers). (balg02-locations): New function. Defines nginx publish locations used for guix-na. (%publish-url): New variable. String representing local publish URL. (%tls-settings): New variable. Captures nginx tls settings used in nginx configuration. (le): New function. Generates lets encrypt path given a host and optionally a private key. (languages-to-accept): New variable. Languages for i8ln. (accept-languages): New function. (%balg02-servers): New variable. balg02 nginx servers. (%extra-content): New variable. Extra nginx configuration content. (%nginx-configuration): New variable. Capture nginx configuration given all previous helper functions and variables. (%nginx-cache-activation): New variable. Service the ensures /var/cache/nginx exists on the first run. (%nginx-deploy-hook): New variable. Hook used upon cerbot certificate updates. (balg02 (packages)): Add btrfs-progs. (balg02): Remove root ssh key (not necessary as ssh root login is disabled). (balg02 (services)): Add cuirass, certbot, nginx, and guix-publish services.
2024-05-27balg02: Add additional ssh key for user arunCollin J. Doering
* .guix/guix-na/config/balg02.scm: New ssh key for arun * .pubkeys/arun-ed25519.pub: New file: Arun's ssh public key
2024-05-27balg02: Add new users, and ssh keys for Arun and PjotrCollin J. Doering
2024-05-25channels.scm: Update guix channelCollin J. Doering
2024-05-25README.org: Adjust how swapfile should be provisionedCollin J. Doering
2024-05-25balg02: Add megaraid_sas to initrd-modulesCollin J. Doering
2024-04-12README.org: Correct typo (refer to the correct installation disk)Collin J. Doering
* README.org: It was discovered that the wrong disk was referenced in the README! Its worth noting that this documentation error does not impact the configuration of balg02, as it doesn't directly reference the disk its being installed to, but instead references where /boot/efi is located (which is setup as part preparing for the guix installation by mounting guix's esp partition to /mnt/boot/efi) as well as references to partitions by label. Also noteworthy is that this documentation error does not impact the Manual Testing of bootstrapping Guix from a Debian VM, which still quiet closely mimics balg02.
2024-04-10balg02: Disable root logins over sshCollin J. Doering
2024-04-10channels.scm: Update guix channelCollin J. Doering
2024-04-09balg02: openssh: permit root login with key; enable agent-forwardingCollin J. Doering
* .guix/guix-na/config/balg02.scm: This is in response to feedback provided by Pjotr and Arun.
2024-04-08README.org: Add CUSTOM_id props to correct rendering via go-orgCollin J. Doering
See: https://github.com/niklasfasching/go-org/issues/32#issuecomment-1546940722
2024-04-08README.org: Clean up and add final guix bootstrapping instructionsCollin J. Doering
* README.org: Completed/removed TODOs. Filled in section "Bootstrap Guix". Added section on manually testing bootstrapping guix from debian in a VM. Corrected typo/oversight when creating swapfile.
2024-04-05balg02: Mount efi partition; expose balg02 functionCollin J. Doering
* .guix/guix-na/config/balg02.scm: New function: balg02; this is necessary as the efi partition UUID changes between testing and the deployed system. Additionally, mount the efi partition. Its useful to note that when testing, I found a bug in guix that resulting in a partial system upgrade! Namely, grub/kernel stuff appears to have been updated, but the `guix system reconfigure ...` never completed. This was because the efi system partition was not mounted. However the odd part was that even if I manually mounted the efi partition and retried `guix system reconfigure ..` the command update would still hang. I suspect this is because for some reason the efi system partition must be explicitly specified in the operating-system configuration.
2024-04-01balg02: Specify console kernel argument for ttyS0Collin J. Doering
* .guix/guix-na/config/balg02.scm: Remove export of temporary balg02 function
2024-03-21balg02: Use efi bootloader instead of biosCollin J. Doering
* .guix/guix-na/config/balg02.scm: Correct the above mistake.
2024-03-21balg02: Make minor adjusting to allow for testingCollin J. Doering
* .guix/guix-na/config/balg02.scm (guix-na): Add function balg02 which parameterized the disk that the bootloader (grub) is installed to. This enables testing in a vm where the disk may not match what is used on the physical server.
2024-03-21channels.scm: Add a Guix channels file to pin dependenciesCollin J. Doering
2024-03-21balg02: Minor adjustment and reformattingCollin J. Doering
* .guix/guix-na/config/balg02.scm: Move swap-devices to be after file-systems (file-systems is referenced from within swap-devices). Other changes are just noop reformatting.
2024-03-18news: Add entry about this authenticated channelCollin J. Doering
2024-03-18Make this repository a authenticated Guix channelCollin J. Doering
In order to ease distribution of the various machine configurations defined within this repository, make this repository an authenticated Guix channel. * .guix-authorizations: Add a single authorized key to start * .guix-channel: Set various channel details * news.txt: Provide an initial news item
2024-03-12Initial setup (not yet bootstrapped or thoroughly tested)Collin J. Doering
* .gitignore: Ignore files used by 'guix deploy' * .guix/guix-na/config/balg02.scm: Initial balg02 guix configuration (sans cuirass) * .pubkeys/collin.pub: Public key of Collin Doering * .pubkeys/deploy-key.pub: Public key used for 'guix deploy' usage * README.org: Various updates to how balg02 (guix-north-america) is setup
2024-02-24Initial commitCollin J. Doering
* .gitignore: Ignore emacs backup files * README.org: Add preliminary plan, with a few more details * balg02.scm: Placeholder file that will become guix operating-system configuration for balg02