blob: 3feaee1804ccf00de99881a2b7d33b85d8108189 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# VPS
See the online [tasks and bug tracker](tasks-and-bugs.html).
## Workflow
### Re-creating everything from scratch
```shell
./shell.sh
git crypt unlock
direnv allow
./terraform-apply.sh
./guix-reconfigure.sh
```
### After an update on `vps.tf`
Same as above.
### After editing `sync/vps.scm` or other OS files
Just run the `./guix-reconfigure.sh` script.
## "base-guix-image"
The base `sync/vps.scm` file in the current snapshot (snapshot ID 5c35fb3a74873)
is:
```scheme
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules ssh)
(define ssh-public-key
"ssh-rsa ...")
(define sudoers "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n")
(operating-system
(locale "fr_FR.UTF-8")
(timezone "America/Sao_Paulo")
(keyboard-layout (keyboard-layout "us"))
(host-name "guix-pet-server")
(users (cons* (user-account
(name "andreh")
(group "users")
(home-directory "/home/andreh")
(supplementary-groups '("wheel")))
%base-user-accounts))
(sudoers-file (plain-file "sudoers" sudoers))
(packages
(append (map specification->package
'("nss-certs"
"rsync"))
%base-packages))
(services
(append
(list (service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(password-authentication? #false)
(authorized-keys
`(("andreh" ,(plain-file "id_rsa.pub" ssh-public-key))))))
(service dhcp-client-service-type))
%base-services))
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/vda")
(keyboard-layout keyboard-layout)))
(swap-devices
(list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca")))
(file-systems
(cons* (file-system
(mount-point "/")
(device
(uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28"
'ext4))
(type "ext4"))
%base-file-systems)))
```
This basic setup allows it to boot, starts the OpenSSH server agent and allows
the listed `ssh-public-key` to login, and commands from the
"andreh" user can run `sudo` without password.
|
