See the online TODOs.


Re-creating everything from scratch

guix environment -m guix/manifest.scm
git crypt unlock
direnv allow
terraform apply
guix deploy

After an update on vultr.tf

terraform apply
guix deploy

After editing vps.scm or other OS files

guix deploy


The base vps.scm file in the current snapshot (snapshot ID 5c35fb3a74873) is:

(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules ssh)

(define ssh-public-key
  "ssh-rsa ...")

(define sudoers "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n")

  (locale "fr_FR.UTF-8")
  (timezone "America/Sao_Paulo")
  (keyboard-layout (keyboard-layout "us"))
  (host-name "guix-pet-server")
  (users (cons* (user-account
                  (name "andreh")
                  (group "users")
                  (home-directory "/home/andreh")
                  (supplementary-groups '("wheel")))
  (sudoers-file (plain-file "sudoers" sudoers))
    (append (map specification->package
      (list (service openssh-service-type
                       (openssh openssh-sans-x)
                       (password-authentication? #false)
                         `(("andreh" ,(plain-file "id_rsa.pub" ssh-public-key))))))
            (service dhcp-client-service-type))
      (bootloader grub-bootloader)
      (target "/dev/vda")
      (keyboard-layout keyboard-layout)))
    (list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca")))
    (cons* (file-system
             (mount-point "/")
               (uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28"
             (type "ext4"))

This basic setup allows it to boot, starts the OpenSSH server agent and allows the listed ssh-public-key to login, and commands from the "andreh" user can run sudo without password.

Development REPL

Start a REPL from the terminal:

$ cd sync && guix repl --listen=tcp:37146