aboutsummaryrefslogtreecommitdiff

VPS

See the online TODOs.

Workflow

Re-creating everything from scratch

guix environment -m guix/manifest.scm
git crypt unlock
direnv allow
terraform apply
guix deploy

After an update on vultr.tf

terraform apply
guix deploy

After editing vps.scm or other OS files

guix deploy

"base-guix-image"

The base vps.scm file in the current snapshot (snapshot ID 5c35fb3a74873) is:

(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules ssh)

(define ssh-public-key
  "ssh-rsa ...")

(define sudoers "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n")

(operating-system
  (locale "fr_FR.UTF-8")
  (timezone "America/Sao_Paulo")
  (keyboard-layout (keyboard-layout "us"))
  (host-name "guix-pet-server")
  (users (cons* (user-account
                  (name "andreh")
                  (group "users")
                  (home-directory "/home/andreh")
                  (supplementary-groups '("wheel")))
                %base-user-accounts))
  (sudoers-file (plain-file "sudoers" sudoers))
  (packages
    (append (map specification->package
                 '("nss-certs"
                   "rsync"))
      %base-packages))
  (services
    (append
      (list (service openssh-service-type
                     (openssh-configuration
                       (openssh openssh-sans-x)
                       (password-authentication? #false)
                       (authorized-keys
                         `(("andreh" ,(plain-file "id_rsa.pub" ssh-public-key))))))
            (service dhcp-client-service-type))
      %base-services))
  (bootloader
    (bootloader-configuration
      (bootloader grub-bootloader)
      (target "/dev/vda")
      (keyboard-layout keyboard-layout)))
  (swap-devices
    (list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca")))
  (file-systems
    (cons* (file-system
             (mount-point "/")
             (device
               (uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28"
                     'ext4))
             (type "ext4"))
           %base-file-systems)))

This basic setup allows it to boot, starts the OpenSSH server agent and allows the listed ssh-public-key to login, and commands from the "andreh" user can run sudo without password.

Development REPL

Start a REPL from the terminal:

$ cd sync && guix repl --listen=tcp:37146