From 6cf7f9a72eae0333705518ee865a72ea4b63399b Mon Sep 17 00:00:00 2001 From: Collin J. Doering Date: Tue, 12 Mar 2024 00:15:19 -0400 Subject: Initial setup (not yet bootstrapped or thoroughly tested) * .gitignore: Ignore files used by 'guix deploy' * .guix/guix-na/config/balg02.scm: Initial balg02 guix configuration (sans cuirass) * .pubkeys/collin.pub: Public key of Collin Doering * .pubkeys/deploy-key.pub: Public key used for 'guix deploy' usage * README.org: Various updates to how balg02 (guix-north-america) is setup --- .gitignore | 5 ++ .guix/guix-na/config/balg02.scm | 118 ++++++++++++++++++++++++++ .pubkeys/collin.pub | 1 + .pubkeys/deploy-key.pub | 1 + README.org | 180 ++++++++++++++++++++++++++++++++++++++-- balg02.scm | 19 ----- 6 files changed, 299 insertions(+), 25 deletions(-) create mode 100644 .guix/guix-na/config/balg02.scm create mode 100644 .pubkeys/collin.pub create mode 100644 .pubkeys/deploy-key.pub delete mode 100644 balg02.scm diff --git a/.gitignore b/.gitignore index b8372e6..08c28c0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,7 @@ # Emacs *~ + +# Private ssh key used for 'guix deploy' +# Note: 'guix deploy' will generate a public key for the provided private key +.deploy-key +.deploy-key.pub diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm new file mode 100644 index 0000000..2c5c356 --- /dev/null +++ b/.guix/guix-na/config/balg02.scm @@ -0,0 +1,118 @@ +;; (C) Copyright Collin J. Doering 2024 +;; +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. +;; +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program. If not, see . + +;; File: balg02.scm +;; Author: Collin J. Doering +;; Date: Feb 24, 2024 + +(define-module (guix-na config balg02) + #:use-module (gnu) + #:use-module (gnu system) + #:use-module (gnu packages bash) + #:use-module (gnu packages shells) + #:use-module (gnu services base) + #:use-module (gnu services cuirass) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services web) + #:export (%system)) + +(define %automation-user "auto") + +(define %system + (operating-system + (host-name "balg02") + (timezone "US/Central") + (locale "en_US.utf8") + (keyboard-layout (keyboard-layout "us")) + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (terminal-inputs '(console serial_1)) + (terminal-outputs '(console serial_1)) + (serial-unit 1) + (serial-speed 115200) + (targets '("/dev/sda")))) + + (swap-devices + (list (swap-space + (target "/swap/swapfile") + (dependencies (filter (file-system-mount-point-predicate "/swap") + file-systems))))) + + (file-systems (append + (list (file-system + (device (file-system-label "root")) + (mount-point "/") + (type "btrfs") + (options "subvol=@,compress=zstd")) + (file-system + (device (file-system-label "root")) + (mount-point "/swap") + (type "btrfs") + (options "subvol=@swap"))) + %base-file-systems)) + + (users (cons* (user-account + (name %automation-user) + (comment "Automation User") + (group "users") + (shell #~(string-append #$bash "/bin/bash")) + (supplementary-groups + '("wheel")) + (home-directory "/home/auto")) + (user-account + (name "collin") + (comment "Admin user") + (group "users") + (shell #~(string-append #$zsh "/bin/zsh")) + (supplementary-groups + '("wheel")) + (home-directory "/home/collin")) + %base-user-accounts)) + + (packages + (append + (map specification->package + '("nss-certs" + "recutils" + "openssh" + "tmux" + "emacs" + "emacs-guix")) + %base-packages)) + + (services + (append + (list (service openssh-service-type + (openssh-configuration + (password-authentication? #f) + (authorized-keys + `(("auto" ,(local-file "../../../.pubkeys/deploy-key.pub")) + ("collin" ,(local-file "../../../.pubkeys/collin.pub")) + ("root" ,(local-file "../../../.pubkeys/collin.pub")))))) + (service static-networking-service-type + (list (static-networking + (addresses + (list (network-address + (device "eno8303") + (value "216.37.76.55/24")))) + (routes + (list (network-route + (destination "default") + (gateway "216.37.76.1")))) + (name-servers '("216.37.64.2" "216.37.64.3"))))) + (service ntp-service-type)) + %base-services)))) diff --git a/.pubkeys/collin.pub b/.pubkeys/collin.pub new file mode 100644 index 0000000..5c93c20 --- /dev/null +++ b/.pubkeys/collin.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbkiHEE2y85M1qkOBG9p0nuplkFETuMmRudDJ2ryf2gakD1NGMbKz82EHWWyPagkXMHx0tw4TZyV/AOq2LqzH8ZVDAj+QOO2wkFIRIXr3rsZGeMO9kpaZORwdTMTABRPcIg+KteWXe7Qq4I1H3izSuIIbyOW2wFdHkMxWAJEGr2L/q8qMlYbCbDwj1v7AQQRUjy8a0pTyG9eZ6kmc0bVxuFGAsvKtJSPpYxFNNGr8f2EY977DkmHK146B+Ce6Vp9wFDV5PwIQOFnZFXLDoYkI/ndshW+7+LQKViYP/ftIMTt4LC/0BC56heHOKkTCE3FHo4W/0zxfJdcLLkfRoev9T diff --git a/.pubkeys/deploy-key.pub b/.pubkeys/deploy-key.pub new file mode 100644 index 0000000..88bfd99 --- /dev/null +++ b/.pubkeys/deploy-key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxZRNws6tt/YwAvTzfEtsPBPsrBluYxVt8W2xpkYUem69FGZNyzg35yHRtUOQ4A2MRHS3wn5TO/FNQlKrj/Dd3hht3MLwP2Ilk7NnGMu+kFLmUSbhn9i1kHRMjCvJHkWA== collin@rekahsoft-mini diff --git a/README.org b/README.org index 7fc6b94..bd37139 100644 --- a/README.org +++ b/README.org @@ -8,10 +8,18 @@ Farm. * Install Guix on debian to be used to bootstrap the Guix os installation +Optionally, the below steps can be completed within tmux or screen. Tmux was installed and +used in this case using the following. + +#+begin_src shell + sudo apt update + sudo apt install tmux + tmux +#+end_src + Following the [[https://guix.gnu.org/manual/en/html_node/Binary-Installation.html][Binary Installation]] section from the Guix manual to install guix. #+begin_src shell - sudo apt update -y sudo apt install -y guix #+end_src @@ -28,13 +36,173 @@ documentation specific to foreign distros'). See: [[file:balg02.scm][balg02.scm]] -* Bootstrap Guix +** Bootloader configuration -Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix -operating-system for the machine]]. +For this installation, debian and its bootloader Grub will be left in place. Because we want +to retain Guix's interactions with Grub (eg. to allow for restoring from failed upgrades to +an earlier generation), we will have debian's Grub chainload Guix's Grub. To do so, we will +need to manually adjust Debians' Grub in order to add another menu entry, and set it as the +default menu item. + +Below is a snippet from debian's ~/etc/default/grub~. + +#+begin_src text + GRUB_DEFAULT=0 + GRUB_TIMEOUT=5 + GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` + GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8" + GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8" + GRUB_TERMINAL="console serial" + GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1" +#+end_src + +From this we extract the necessary guix bootloader configuration options (for serial). + +- serial-unit :: 1 +- serial-speed :: 115200 +- terminal-inputs :: console serial +- terminal-outputs :: console serial + +*** TODO Manual modifications to Debian's Grub + +In ~/etc/default/grub~ we need to modify ~GRUB_DEFAULT=~ -* Modify grub config on debian to add an additional (and default) option to chainload Guix grub +TODO ... + +Modify grub config on debian to add an additional (and default) option to chainload Guix grub - Add a menuitem for Guix in ~/etc/grub.d/40_custom~ - Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT=~ where ~~ is the menu item number, - starting from 0. + starting from 0, or (preferably) the menu item name/id. + +** Network configuration + +Using the a snippet from ~/etc/network/interfaces~ below, we can extract the necessary details +to configure Guix's static-networking-service. + +- Interface :: eno8303 +- Address :: 216.37.76.55/24 +- Gateway :: 216.37.76.1 +- DNS Name Servers :: 216.37.64.2 216.37.64.3 +- DNS Search :: genenetwork.org + +#+begin_src text + # The primary network interface + allow-hotplug eno8303 + iface eno8303 inet static + address 216.37.76.55/24 + gateway 216.37.76.1 + # dns-* options are implemented by the resolvconf package, if installed + dns-nameservers 216.37.64.2 216.37.64.3 + dns-search genenetwork.org +#+end_src + +** Disk Partitioning + +For this installation we are using ~/dev/sda~ (a 1.5T ssd which is faster then the +alternative 3.6T ssd in the server). + +*** Create disk partition table and layout + +#+begin_src bash + parted /dev/sda mklabel gpt +#+end_src + +*** Create partitions + +A simple™️ partition layout is used for this installation, consisting of an EFI ESP partition, +and the remaining disk partitions for use by btrfs, where btrfs subvolumes and a swapfile +will be used. + +#+begin_src bash + parted /dev/sda mkpart primary fat32 0% 512MiB + parted /dev/sda mkpart primary 512MiB 100% +#+end_src + +*** Create EFI partition + +#+begin_src bash + parted /dev/sda set 1 esp on + mkfs.fat -F32 /dev/sda1 +#+end_src + +*** Create btrfs 'pool' (file-system) and subvolumes + +**** Create btrfs file-system + +#+begin_src bash + mkfs.btrfs --label root /dev/sda2 +#+end_src + +**** Create btrfs subvolumes + +First mount the btrfs top-level file-system. + +#+begin_src bash + mount /dev/sda2 /mnt +#+end_src + +Then create the root subvolume, and a subvolume for swapfiles. + +#+begin_src bash + btrfs subvolume create /mnt/@ + btrfs subvolume create /mnt/@swap +#+end_src + +Unmount the top-level btrfs file-system. + +#+begin_src bash + umount /mnt +#+end_src + +Mount the root subvolume. + +#+begin_src bash + mount -o subvol=@,compress=zstd /dev/sda2 /mnt +#+end_src + +Create nested subvolumes for ~/gnu/store~ and ~/home~. + +#+begin_src bash + mkdir -p /mnt/gnu + + btrfs subvolume create /mnt/gnu/store + btrfs subvolume create /mnt/home + btrfs subvolume create /mnt/var +#+end_src + +*** Create swap + +#+begin_src bash + mkdir /mnt/swap + mount -o subvol=@swap /dev/sda2 /mnt/swap + dd if=/dev/zero of=/mnt/swap/swapfile bs=1M count=32768 + chmod 600 /mnt/swap/swapfile + chattr +C /mnt/swap/swapfile + + mkswap /mnt/swap/swapfile +#+end_src + +*** Prepare ~/mnt~ for Guix installation + +Create ~/boot/efi~ directory for UEFI boot and mount the ESP partition there. + +#+begin_src bash + mkdir -p /mnt/boot/efi + mount /dev/sda1 /mnt/boot/efi +#+end_src + +Both root and swap are already mounted and ready due to earlier steps. + +** Testing + +To test the configuration in a vm before deployment, the following can be used. + +#+begin_src shell + $(guix time-machine -C channels.scm -- system vm -e '(@ (guix-na config balg02) %system)') -m 2G -smp 2 -nic user,model=virtio-net-pci +#+end_src + +* Bootstrap Guix + +Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix +operating-system for the machine]]. diff --git a/balg02.scm b/balg02.scm deleted file mode 100644 index 37cbd27..0000000 --- a/balg02.scm +++ /dev/null @@ -1,19 +0,0 @@ -;; (C) Copyright Collin J. Doering 2024 -;; -;; This program is free software: you can redistribute it and/or modify -;; it under the terms of the GNU General Public License as published by -;; the Free Software Foundation, either version 3 of the License, or -;; (at your option) any later version. -;; -;; This program is distributed in the hope that it will be useful, -;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;; GNU General Public License for more details. -;; -;; You should have received a copy of the GNU General Public License -;; along with this program. If not, see . - -;; File: balg02.scm -;; Author: Collin J. Doering -;; Date: Feb 24, 2024 - -- cgit v1.2.3