[bug#42317] Adding a "Running Guix on a Linode" to the cookbook

[Joshua Branson]

>From 2e7607d7302e76ff4552202345409e91ec63182b Mon Sep 17 00:00:00 2001
From: Joshua Branson <jbranso@dismail.de>
Date: Fri, 10 Jul 2020 20:32:30 -0400
Subject: [PATCH] doc: cookbook:  Adding a section "Running Guix on a Linode""

* doc/guix-cookbook.texi (Running Guix on a Linode):
I added a section that explains how to run guix on a linode.
Thanks Chris Webber!
---
 doc/guix-cookbook.texi | 187 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 187 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f541592d13..0d6d28a419 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -16,6 +16,7 @@ Copyright @copyright{} 2020 Matthew Brooks@*
 Copyright @copyright{} 2020 Marcin Karpezo@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020 Christopher Lemmer Webber
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1347,6 +1348,7 @@ reference.
 * Customizing the Kernel::       Creating and using a custom Linux kernel on 
Guix System.
 * Connecting to Wireguard VPN::  Connecting to a Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on 
Guix System.
+* Running Guix on a Linode:: Running Guix on a Linode
 * Setting up a bind mount:: Setting up a bind mount in the file-systems 
definition.
 * Getting substitutes from Tor:: Configuring Guix daemon to get substitutes 
through Tor.
 @end menu
@@ -1759,6 +1761,191 @@ your screen but not suspend it, it's a good idea to 
notify xss-lock about this s
 confusion occurs. This can be done by executing @code{xset s activate} 
immediately
 before you execute slock.
 
+@node Running Guix on a Linode
+@section Running Guix on a Linode
+@cindex linode
+
+Start with a recommended Debian server.  We recommend using the default
+distro as a way to bootstrap Guix.  Be sure to add your ssh key for easy
+login to the remote server.  This is usually done via
+@code{ssh-copy-id}. For example, create your ssh keys, then you can
+upload your keys to the remote server like so:
+
+@example
+ssh-keygen
+ssh-copy-id username@@<remote computer IP address>
+@end example
+
+You can also use linode's graphical interface for adding ssh keys.  Just
+copy your local file @code{~/.ssh/id_<keytype>.pub}.
+
+Power the linode down. In the Linode's Disks/Configurations tab, resize
+the Debian disk to be smaller. 30 GB is recommended.
+
+In the Linode settings, "Add a disk", with the following:
+@itemize @bullet
+@item
+Label: "Guix"
+
+@item
+Filesystem: ext4
+
+@item
+Set it to the remaining size
+@end itemize
+
+On the "configuration" field that comes with the default image, press
+"..." and select "Edit", then on that menu add to /dev/sdc the "Guix"
+label.
+
+Now "Add a Configuration", with the following:
+@itemize @bullet
+@item
+Label: Guix
+
+@item
+Kernel: Grub 2 (it's at the bottom!  This step is @b{IMPORTANT!})
+
+@item
+Block device assignment:
+
+@item
+/dev/sda: Guix
+
+@item
+/dev/sdb: swap
+
+@item
+Root device: /dev/sda
+
+@item
+Turn off all the filesystem/boot helpers
+@end itemize
+
+Now power it back up, picking the Debian configuration.  Once it's
+booted up, ssh in your server via @code{ssh root@@<your-server-ip-here>}.
+Now you can run the "install guix form binary installer" steps:
+
+@example
+sudo apt-get install gpg
+wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
+chmod +x guix-install.sh
+./guix-install.sh
+guix pull
+@end example
+
+Now it's time to write out a config for the server.  The key information
+is below. Save the resulting file as guix-config.scm:
+
+@lisp
+(use-modules (gnu)
+             (guix modules))
+(use-service-modules networking
+                     ssh)
+(use-package-modules admin
+                     certs
+                     package-management
+                     ssh
+                     tls)
+
+(operating-system
+  (host-name "my-server")
+  (timezone "America/New_York")
+  (locale "en_US.UTF-8")
+  ;; This goofy code will generate the grub.cfg
+  ;; without installing the grub bootloader on disk.
+  (bootloader (bootloader-configuration
+               (bootloader
+                (bootloader
+                 (inherit grub-bootloader)
+                 (installer #~(const #t))))))
+  (file-systems (cons (file-system
+                        (device "/dev/sda")
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+
+  (swap-devices (list "/dev/sdb"))
+
+
+  (initrd-modules (cons "virtio_scsi"    ; Needed to find the disk
+                        %base-initrd-modules))
+
+  (users (cons (user-account
+                (name "janedoe")
+                (group "users")
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.
+                (supplementary-groups '("wheel"))
+                (home-directory "/home/janedoe"))
+               %base-user-accounts))
+
+  (packages (cons* nss-certs            ;for HTTPS access
+                   openssh-sans-x
+                   %base-packages))
+
+  (services (cons*
+             (service dhcp-client-service-type)
+             (service openssh-service-type
+                      (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #f)
+                       (authorized-keys
+                        `(("janedoe" ,(local-file "janedoe_rsa.pub"))
+                          ;; Is this a good idea?  Well if you don't add it
+                          ;; you have to manually set your user's password
+                          ;; via the glish console...
+                          ("root" ,(local-file "janedoe_rsa.pub"))))))
+             %base-services)))
+@end lisp
+
+Replace the following fields in the above configuration:
+@lisp
+(host-name "my-server")     ; replace with your server name
+(name "janedoe")            ; replace with your username on the remote server
+("janedoe" ,(local-file "janedoe_rsa.pub")) ; here too
+@end lisp
+
+Save your ssh public key (@code{~/.ssh/id_rsa.pub}) as
+<your-username-here>_rsa.pub in the same directory.
+
+Mount the guix drive:
+@example
+mkdir /mnt/guix
+mount /dev/sdc /mnt/guix
+@end example
+
+Due to the way we set things up above, we do not install Grub
+completely.  Instead we install only our grub configuration file.  So we
+need to copy over some of the other Grub stuff that is already there:
+
+@example
+mkdir -p /mnt/guix/boot/grub
+cp -r /boot/grub/* /mnt/guix/boot/grub/
+@end example
+
+Now initialize the Guix installation:
+@example
+guix system init guix-config.scm /mnt/guix
+@end example
+
+Ok, power it down!
+Now from the linode console, select boot and select "Guix".
+
+Once it boots, you should be able to log in via ssh!  (The server
+config will have changed though.)
+
+Be sure to set your password and root's password.
+
+Horray!  At this point you can shut down the server, delete the
+Debian disk, and resize the Guix to the rest of the size.
+Congratulations!
+
+BTW, if you save it as a disk image right at this point, you'll have an
+easy time spinning up new Guix images!
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.28.0