experimental-vms/README

96 lines
3.8 KiB
Plaintext

Deployment
==========
To build the virtual machine image you can use the following command:
$ ./autogen.sh && ./configure && make
You can also check the configure option for configuring it for testing
on another infrastructure (for instance by using another domain).
To build an image you will also need at least id_ed25519.pub and
signing-key.pub:
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
details. If you're not confortable with that, backup your ~/.ssh
folder first.
- signing-key.pub can be generated with the 'guix archive
--generate-key' command. See the "Invoking guix archive" in the
Guix manual for more details[1].
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
Other files are optional:
- id_ed25519: It is used for guix deploy. It is also generated by
ssh-keygen. A good idea is to have a symlink to it in order not to
have scp copy it to the target machine by mistake as it is the SSH
private key. Using separate SSH keys for separate machines also help
limiting the damage when such accident happen.
- id_wireguard: This is the wireguard private key. It can be generated
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
8 wg') for more detail.
Note that letsencrypt has a limit of about 5 certificates per week, so
it's a good idea to use test domains before deployments.
Once the image is booted:
- You will need to login inside and run the following command:
# first-boot.sh
- You then need to set the root password.
The mumble-vm-install.sh installation script
============================================
This script is supposed to only run inside a VM on the Guix installer
and checks that it's the case through various ways. The specification
of the VM it runs on is provided in guix-vm-installer.xml for
reference. It is very specific to the Libre en communs infrastructure,
so you might need to modify it to use it on your infrastructure.
The Libre en Communs infrastructure on which this VM is being deployed
has libvirt but it doesn't have Guix on the host. So the option
provided by Libre en Communs was to do the installation from a
VM.
This is also common for many infrastructure providers due to security
concerns with access outside the VM.
Since the Guix installer is trusted and is now provided by Libre en
communs, and that we also have access to the vm management interfaces
we simply use a script to do all the installation work.
If instead you have a VM with only SSH access you will also need to
modify the script to fit that use case.
It is also possible to convert an existing VM to Guix but that
requires significantly more work (see gnu/machine/digital-ocean.scm
inside the Guix source code for more detail on how to do that).
To use this script, the admin with privileged access to the vm
management interface needs to boot the installer and copy the script
inside. This can be done by running the following command (the script
can be named like you want):
# cat /dev/ttyS0 > i.sh
and then by pasting the script through the first serial port, and
typing ctrl+d at the end, so that the file is closed and written.
The script can then run like that:
# chmod +x i.sh
# ./i.sh
License
=======
This project is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This project is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this project. If not, see <http://www.gnu.org/licenses/>.