Go to file
Denis 'GNUtoo' Carikli 65f67ada92
mumble-vm-install.sh: use guix-installer branch
If we don't do that it can't work as the required code is not yet in
the main branch.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-09-21 12:51:19 +02:00
.gitignore Add Public IP address through WireGuard 2023-09-18 22:30:52 +02:00
COPYING Add license 2023-09-12 21:56:04 +02:00
Makefile.am Provide the service source code on the web page 2023-09-21 12:49:08 +02:00
README Add installation script for the guix installer iso. 2023-09-21 12:49:08 +02:00
autogen.sh Make the domain configurable 2023-09-13 07:21:20 +02:00
configure.ac configure.ac: bail out if guix and sed are not detected 2023-09-21 12:43:26 +02:00
first-boot.sh.tmpl Add script to run on first boot 2023-09-18 22:30:52 +02:00
guix-vm-installer.xml Add installation script for the guix installer iso. 2023-09-21 12:49:08 +02:00
index.html.tmpl Provide the service source code on the web page 2023-09-21 12:49:08 +02:00
mumble-vm-install.sh mumble-vm-install.sh: use guix-installer branch 2023-09-21 12:51:19 +02:00
mumble-vm-machine.scm.tmpl Make the VM SSH address configurable 2023-09-18 22:37:48 +02:00
mumble-vm-system.scm.tmpl Provide the service source code on the web page 2023-09-21 12:49:08 +02:00
mumble-vm.xml Update mumble-vm.xml to match the one deployed at Libre en Communs 2023-09-21 12:44:20 +02:00
wireguard-post-up.sh.tmpl Add Public IP address through WireGuard 2023-09-18 22:30:52 +02:00

README

Deployment
==========
To build the virtual machine image you can use the following command:
$ ./autogen.sh && ./configure && make

You can also check the configure option for configuring it for testing
on another infrastructure (for instance by using another domain).

To build an image you will also need at least id_ed25519.pub and
signing-key.pub:

- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
  command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
  details. If you're not confortable with that, backup your ~/.ssh
  folder first.

- signing-key.pub can be generated with the 'guix archive
  --generate-key' command.  See the "Invoking guix archive" in the
  Guix manual for more details[1].
  https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive

Other files are optional:

- id_ed25519: It is used for guix deploy. It is also generated by
  ssh-keygen. A good idea is to have a symlink to it in order not to
  have scp copy it to the target machine by mistake as it is the SSH
  private key. Using separate SSH keys for separate machines also help
  limiting the damage when such accident happen.

- id_wireguard: This is the wireguard private key. It can be generated
  with the 'wg genkey > id_wireguard' command. See the wg manual ('man
  8 wg') for more detail.


Note that letsencrypt has a limit of about 5 certificates per week, so
it's a good idea to use test domains before deployments.

Once the image is booted:
- You will need to login inside and run the following command:
  # first-boot.sh
- You then need to set the root password.

The mumble-vm-install.sh installation script
============================================
This script is supposed to only run inside a VM on the Guix installer
and checks that it's the case through various ways. The specification
of the VM it runs on is provided in guix-vm-installer.xml for
reference. It is very specific to the Libre en communs infrastructure,
so you might need to modify it to use it on your infrastructure.

The Libre en Communs infrastructure on which this VM is being deployed
has libvirt but it doesn't have Guix on the host. So the option
provided by Libre en Communs was to do the installation from a
VM.

This is also common for many infrastructure providers due to security
concerns with access outside the VM.

Since the Guix installer is trusted and is now provided by Libre en
communs, and that we also have access to the vm management interfaces
we simply use a script to do all the installation work.

If instead you have a VM with only SSH access you will also need to
modify the script to fit that use case.

It is also possible to convert an existing VM to Guix but that
requires significantly more work (see gnu/machine/digital-ocean.scm
inside the Guix source code for more detail on how to do that).

To use this script, the admin with privileged access to the vm
management interface needs to boot the installer and copy the script
inside. This can be done by running the following command (the script
can be named like you want):
    # cat /dev/ttyS0 > i.sh
and then by pasting the script through the first serial port, and
typing ctrl+d at the end, so that the file is closed and written.

The script can then run like that:
    # chmod +x i.sh
    # ./i.sh

License
=======
This project is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This project is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this project.  If not, see <http://www.gnu.org/licenses/>.