cheatsheets/guix.org

What is guix and Guix System?

Guix is a universal package manager, and Guix System is the official GNU operating system, which is an ethical, privacy preserving, and powerful operating system.

vocab

• master means the package only forces a rebuild of 300 packages or
less.

• staging means that the package forces a rebuild of 300-1200
packages.

• core-updates means that the package forces a rebuild of 1,200
packages.

dual booting

Here are some relevant links: https://www.gnu.org/software/guix/manual/html_node/GRUB-Configuration.html http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20067 https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00543.html

I do not have to rely on that hack anymore! It should work normally! https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20067

express vpn

user	password
mybills@member.fsf.org	BUYkxiMA

Activation code EJJS5L8QS9NCJMNURQ4SMFH

It looks like I can manually start this connection with

sudo openvpn my_expressvpn_switzerland.opvn

My unique username and password for the VPN client.

Is express vpn leaking my DNS requests?

username	password
sy1jyfo36842x835jvezzdao	wnu2a6lgs8azarulqwqkzhak

https://www.cogipas.com/is-my-vpn-working/

helping the bug request for guix system

https://www.dnsleaktest.com/results.html https://dnsleak.com/results?token=5pynytpbmomhbu24

My current config file.

cat /gnu/store/nm4dvmsffrghdxjlqj712qhrv6w4fd4m-openvpn.conf 

client proto udp dev tun ca /home/joshua/prog/guile/guix-config/vpn/ca2.crt cert /home/joshua/prog/guile/guix-config/vpn/client.crt key /home/joshua/prog/guile/guix-config/vpn/client.key persist-key persist-tun fast-io verb 3 auth-user-pass /home/joshua/prog/guile/guix-config/vpn/login.conf remote-cert-tls server nobind resolv-retry infinite remote switzerland-ca-version-2.expressnetw.com 1195

the options in the config file that I need to create:

Feb 19 10:49:28 localhost shepherd[1]: Service vpn-client has been started. Feb 19 10:49:28 localhost openvpn[11762]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.165.181:1195 Feb 19 10:49:28 localhost openvpn[11762]: Socket Buffers: R=[212992->212992] S=[212992->212992] Feb 19 10:49:28 localhost openvpn[11762]: UDP link local: (not bound) Feb 19 10:49:28 localhost openvpn[11762]: UDP link remote: [AF_INET]89.187.165.181:1195 Feb 19 10:50:28 localhost openvpn[11762]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 19 10:50:28 localhost openvpn[11762]: TLS Error: TLS handshake failed Feb 19 10:50:28 localhost openvpn[11762]: SIGUSR1[soft,tls-error] received, process restarting Feb 19 10:50:28 localhost openvpn[11762]: Restart pause, 5 second(s) Feb 19 10:50:33 localhost openvpn[11762]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.165.43:1195 Feb 19 10:50:33 localhost openvpn[11762]: Socket Buffers: R=[212992->212992] S=[212992->212992] Feb 19 10:50:33 localhost openvpn[11762]: UDP link local: (not bound) Feb 19 10:50:33 localhost openvpn[11762]: UDP link remote: [AF_INET]89.187.165.43:1195 Feb 19 10:51:33 localhost openvpn[11762]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 19 10:51:33 localhost openvpn[11762]: TLS Error: TLS handshake failed Feb 19 10:51:33 localhost openvpn[11762]: SIGUSR1[soft,tls-error] received, process restarting Feb 19 10:51:33 localhost openvpn[11762]: Restart pause, 5 second(s) Feb 19 10:51:38 localhost openvpn[11762]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.165.48:1195 Feb 19 10:51:38 localhost openvpn[11762]: Socket Buffers: R=[212992->212992] S=[212992->212992] Feb 19 10:51:38 localhost openvpn[11762]: UDP link local: (not bound) Feb 19 10:51:38 localhost openvpn[11762]: UDP link remote: [AF_INET]89.187.165.48:1195

roptat aka Jullien says that I should make an opaque service type

• [ ] persist-key
• [ ] persist-tun
• [ ] remote-random
• [ ] pull
• [ ] comp-lzo no
• [ ] tls-client does tls-auth provide this option???
• [ ] verify-x509-name Server name-prefix
• [ ] ns-cert-type server possibly deprecated?
• [ ] key-direction 1 another way of specifying tls-auth?
• [X] route-method exe This is only useful on Windows.
• [X] route-delay 2
• [X] tun-mtu 1500 The documentation says most cases...I should leave this to it's default parameter.
• [X] fragment 1300
• [X] mssfix 1200
• [X] cipher AES-256-CBC
• [X] keysize 256 deprecated. Do not need. and my key size is the cipher size anyway.
• [X] auth SHA512 I have no idea where this is in the documentation
• [X] sndbuf 524288 I should not need these, to get expressvpn. The default should work.
• [X] rcvbuf 524288 as above
• [ ] auth-user-pass login.conf

opaque-prosody-configuration

So my openvpn configuration would look like:

  (service openvpn-client-service-type
           (opaque-openvpn-client-configuration
            (openvpn.opvn 
             "dev tun
             fast-io
             persist-key
             persist-tun
             nobind
             remote switzerland-ca-version-2.expressnetw.com 1195
             # more stuff here
             ")))

It could be that you just want to get a ‘prosody.cfg.lua’ up and running. In that case, you can pass an ‘opaque-prosody-configuration’ record as the value of ‘prosody-service-type’. As its name indicates, an opaque configuration does not have easy reflective capabilities. Available ‘opaque-prosody-configuration’ fields are:

-- ‘opaque-prosody-configuration’ parameter: package prosody The prosody package.

-- ‘opaque-prosody-configuration’ parameter: string prosody.cfg.lua The contents of the ‘prosody.cfg.lua’ to use.

For example, if your ‘prosody.cfg.lua’ is just the empty string, you could instantiate a prosody service like this:

apparently I am leaking DNS requests...

(service prosody-service-type (opaque-prosody-configuration (prosody.cfg.lua "")))

I could use google's nameservers:

nameserver 8.8.8.8 nameserver 8.8.4.4

Or

Neustar DNS Advantage (156.154.70.1 and 156.154.71.1), Level3 DNS (4.2.2.1 and 4.2.2.2)

I may be able to use network-manager-openvpn plugin to help me connect that way.

https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-ubuntu-with-openvpn/?offer=3monthsfree&offer_code=3c6hjoor69&gclid=EAIaIQobChMInu-F5c3v5wIVzLHtCh1lEQVpEAAYAyAAEgJImvD_BwE

Also I may not be able to get the nm-applet to work in sway at the moment...

https://github.com/swaywm/sway/issues/1357

But i may be able to control network manager via dmenu

I can use network manager to connect to express vpn

https://github.com/firecat53/networkmanager-dmenu

This might be the script that turns on my vpn.

#+BEGIN_SRC sh nmcli con up my_expressvpn_switzerland_udp #+END_SRC

#+RESULTS:

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

https://lists.gnu.org/archive/html/help-guix/2020-03/msg00069.html

man nmcli

  nmcli network connectivity check

full

You can also import an openvpn configuration file. The file may need to have the keys listed in the file. It may need to look like the following.

ca>
-----BEGIN CERTIFICATE-----
some-long-cert-string...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
some-long-cert-string
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
some-long-private-key-string
-----END PRIVATE KEY-----
</key>--

sudo nmcli connection import type openvpn file your-openvpn-config-file.ovpn

  nmcli con show

NAME	UUID	TYPE	DEVICE
Wired	connection	1	fb1729d6-597c-3548-843e-0f1aec419f17	ethernet	enp0s25
my_expressvpn_switzerland_udp	09422048-0bd9-48ca-970c-c6ebe98bdd16	vpn	--

man nmcli

man nmcli-examples

man nm-settings

There is a setting called "secondaries". This is a list of connection UUIDs. Essentially, after my wired connection connects, then my vpn will connect.

DONE bug report for guix system linux 5.4.20 not loading kernel modules

final bug report

CLOSED: [2020-06-01 Mon 19:35] :LOGBOOK:
• State "DONE" from [2020-06-01 Mon 19:35]
:END:

From: Joshua Branson To: bug-guix@gnu.org Subject: Something appears to disable linux kernel modules from loading. --text follows this line--

Hello!

tl;dr

Something is causing linux 5.4.20 not to load kernel modules at boot. Perhaps the culprit is the shepherd 0.7.0.

So I recently reconfigured guix on my ThinkPad T400.

$ guix describe
Generation 32	Feb 18 2020 16:53:46	(current)
  jmacs 1a401c8
    repository URL: https://notabug.org/jbranso/guix-packages.git
    branch: master
    commit: 1a401c81ed0617e2ca2fa37ec8caa9ca96032b7a
  guix 97c6670
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 97c6670ef79bbf5e82dece2e837ed73b6462da01

After I rebooted sway refused to start. The sway error message said

$ sway

[backend/backend.c:339] Failed to open any DRM device.
[sway/server.c] Unable to create backend.

So sway is not starting. I believe this is because my i915 intel driver is not loaded. I know this is the case, because the text on my virtual console is LARGE. $ sudo modprobe i915 loads the required driver. And I can now log into sway.

However, my ethernet driver is not loaded.

$ lsmod | grep e1000e

$ sudo modprobe e1000e

Then I ran ifconfig, and indeed I now have an ethernet device.

$ ifconfig
enp0s25   Link encap:Ethernet  HWaddr 00:1C:25:9A:37:BA
          inet addr:172.16.113.199  Bcast:172.16.115.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:505 errors:0 dropped:0 overruns:0 frame:0
          TX packets:570 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:143838  TX bytes:60886
          Interrupt:20 Memory:fc100000-fc120000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Bcast:0.0.0.0  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0  TX bytes:0

And I now have an internet connection.

joshua@dobby ~/prog/org$ ping -c 3 gnu.org
PING gnu.org (209.51.188.148): 56 data bytes
64 bytes from 209.51.188.148: icmp_seq=0 ttl=56 time=35.610 ms
64 bytes from 209.51.188.148: icmp_seq=1 ttl=56 time=35.635 ms
64 bytes from 209.51.188.148: icmp_seq=2 ttl=56 time=35.501 ms
--- gnu.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 35.501/35.582/35.635/0.058 ms

But I do not have a working touchpad. I guess my touchpad driver is not loaded. I'm not certain what driver my touchpad uses, so for now I am doing with out.

I then went and asked for some tips on irc. HappyEnt claimed the problem for him was commit 205c1e0.

janneke was also having issues with kernel modules not being automatically booted. He said that this commit worked for him: ef2b1d2c8b. He then said that commit d39885a8a9 also worked, which implied the problem was not the linux version 5.4.20, but possibly the shepherd.

I tried reconfiguring with commit d39885a8a9, to see if that solved my issue.

 guix time-machine --commit=d39885a8a9e0e03c2bf6277d475d384168bba642 -- system reconfigure

$ uname -r
5.4.20-gnu

janneke's commit did solve my issue. After rebooting, sway starts, I have internet, and my touchpad and sound work.

Man I love guix system. It really does work smoothly, even when you have problems. So thanks for making a great GNU/Linux distro!

DONE trying to get my mouse to work

Thanks Joshua CLOSED: [2016-08-22 Mon 14:40] :LOGBOOK:
• State "DONE" from [2016-08-22 Mon 14:40]
:END:

I started using sway, and my mouse issue went away.

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20433

Ricardo suggests blacklisting the usbkdb module.

modeprobe.blacklist=usbkdb

(kernel-arguments '("modprobe.blacklist=usbkbd"))

I need to run

$ guix pull
# guix pull

getting tapping to work swell

;; Edit configuration.scm to add ‘kernel-arguments’ to the config: ;; (operating-system ;; … ;; (kernel-arguments '("modprobe.blacklist=usbkbd")))

How do you list all of your input devices?

https://wiki.archlinux.org/index.php/Libinput#Configuration

xinput

⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ bcm5974 id=12 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)] ↳ Power Button id=6 [slave keyboard (3)] ↳ Video Bus id=7 [slave keyboard (3)] ↳ Power Button id=8 [slave keyboard (3)] ↳ Sleep Button id=9 [slave keyboard (3)] ↳ Built-in iSight: Built-in iSigh id=10 [slave keyboard (3)] ↳ Apple Inc. Apple Internal Keyboard / Trackpad id=11 [slave keyboard (3)]

And it looks like #3 is my keyboard.

Here's a question for ya. How do you know what driver is powering each input device?

cat Xorg.0.log | grep "Using input driver"

MISCellaneous

make wayland/sddm use dvorak

[    67.176] (II) Using input driver 'evdev' for 'Power Button'
[    67.252] (II) Using input driver 'evdev' for 'Video Bus'
[    67.253] (II) Using input driver 'evdev' for 'Power Button'
[    67.254] (II) Using input driver 'evdev' for 'Sleep Button'
[    67.255] (II) Using input driver 'evdev' for 'Built-in iSight: Built-in iSigh'
[    67.256] (II) Using input driver 'evdev' for 'Apple Inc. Apple Internal Keyboard / Trackpad'
[    67.325] (II) Using input driver 'synaptics' for 'bcm5974'

This page says that gnome has to configure my input devices https://wayland.freedesktop.org/libinput/doc/latest/faqs.html#faq-config-options

This page says that there are ways for Xorg to configure my input devices https://jlk.fjfi.cvut.cz/arch/manpages/man/libinput.4

making GuixSD automatically swap caps

https://linux.die.net/man/5/xorg.conf

#+BEGIN_SRC guile (locale "en_US.utf8") ;;(initrd-modules (list "e1000e" "i915" %base-initrd-modules)) (keyboard-layout (keyboard-layout "us" "dvorak" #:model "thinkpad" #:options '("ctrl:swapcaps")))

#+END_SRC

This email list letter might let me do it. Also it looks like GuixSD uses Slim https://lists.gnu.org/archive/html/help-guix/2016-08/msg00070.html

#+BEGIN_SRC sh :results output cat ~/.xsession #+END_SRC

#+RESULTS:

#!/bin/sh

setxkbmap dvorak
setxkbmap -option 'ctrl:swapcaps'

a sample guix config

I had some issues getting X to work on Guix System. Now I use sway and have no problems.

making X work again: slash logging in

https://github.com/yenda/guix-con-fig

list of errors:

• Open ACPI failed /var/run/acpid.socket no such file or directory
• failed to open module nv. Module does not exist
• failed to open fbdev. does not exist
• failed to load vesa. Does not exist
• loads in nouveau.

head -n 30 /var/log/slim.log

slim: waiting for X server to shut down

slim: pam_authentication(): User not known to the underlying authentication module

slim: waiting for X server to shut down

slim: unexpected signal 15 slim: connection to X server lost.

slim: waiting for X server to shut down

slim: pam_authentication(): Authentication failure slim: pam_authentication(): User not known to the underlying authentication module

slim: pam_authentication(): Authentication failure slim: pam_authentication(): User not known to the underlying authentication module

So there's some kind of authentication error.

I see an error message about logind. Something about logind requires something starting with a "k" that was not provided.

logging in properly to X

You can get this information from /var/log/messages

using guile-emacs

Dec 5 21:09:54 localhost gnome-session-binary[443]: WARNING: Could not parse desktop file xscreensaver.desktop or it references a not found TryExec binary Dec 5 21:09:55 localhost gnome-keyring-daemon[475]: couldn't access control socket: /run/user/0/keyring/control: No such file or directory Dec 5 21:09:55 localhost gnome-keyring-daemon[476]: couldn't access control socket: /run/user/0/keyring/control: No such file or directory Dec 5 21:09:55 localhost gnome-keyring-daemon[477]: couldn't access control socket: /run/user/0/keyring/control: No such file or directory

guix environment --ad-hoc --pure guile-emacs -- emacs -q

command to check my cpu vunerabilities

You can see here some of the things that my laptop is vulnerable, and the libre kernel tries to mitigate those.

lscpu

Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 36 bits physical, 48 bits virtual CPU(s): 2 On-line CPU(s) list: 0,1 Thread(s) per core: 1 Core(s) per socket: 2 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 23 Model name: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz Stepping: 6 CPU MHz: 1778.483 CPU max MHz: 2534.0000 CPU min MHz: 800.0000 BogoMIPS: 5054.24 Virtualization: VT-x L1d cache: 64 KiB L1i cache: 64 KiB L2 cache: 6 MiB NUMA node0 CPU(s): 0,1 Vulnerability Itlb multihit: KVM: Vulnerable Vulnerability L1tf: Mitigation; PTE Inversion Vulnerability Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Vulnerable Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2: Mitigation; Full generic retpoline, STIBP disabled, RSB filling Vulnerability Tsx async abort: Not affected Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts nopl cpuid aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 lahf_lm pti tpr_shadow vnmi flexpriority dtherm

cool guix webpage

compiling guix and updating guix!

http://dustycloud.org/misc/talks/guix/chicagolug_2015/guix_talk.html

info:guix#Building from Git

#+BEGIN_SRC sh :results output :exports both guix environment --pure guix make clean ./configure --localstatedir=/var make check make authenticate # make install

creating a smaller test-suite.log file for bug submitting:

./pre-inst-env sudo -E guix system reconfigure #+END_SRC make check TEST=tests/packages.scm

using the nix-service

nix-env --install firefox

nix-env --uninstall firefox

nix-env --upgrade firefox

trying to discover the linux kernel modules that I need

nix-env -qa firefox (query for packages)

These are all the kernel modules that I use. Apparently.

lspci -v | grep "Kernel driver in"

Kernel driver in use: i915 Kernel driver in use: e1000e Kernel driver in use: uhci_hcd Kernel driver in use: uhci_hcd Kernel driver in use: uhci_hcd Kernel driver in use: ehci-pci Kernel driver in use: snd_hda_intel Kernel driver in use: pcieport Kernel driver in use: pcieport Kernel driver in use: pcieport Kernel driver in use: pcieport Kernel driver in use: pcieport Kernel driver in use: uhci_hcd Kernel driver in use: uhci_hcd Kernel driver in use: uhci_hcd Kernel driver in use: ehci-pci Kernel driver in use: lpc_ich not touchpad Kernel driver in use: ata_piix Kernel driver in use: i801_smbus possibly touchpad Kernel driver in use: yenta_cardbus possibly touchpad Kernel driver in use: firewire_ohci

• i915 is for my graphics
• e1000e is for my internet
• uhci_hcd is for my usb port and so is ehci-pci
• snd_hda_intel is for my audio device
• pcieport is for my 4 pci express ports! I have 4!?

I can block list the joydev driver/ custom kernel

That is for joysticks, and I do not use those.

lsmod shows me all kernel modules loaded.

lspci -v shows me more kernel modules I need.

how to find configuration files that guix generates

It looks like i915 is for Intel Graphics and and e1000e is for my ethernet.

guix system reconfigure -n sway.scm

This will show you the derivations that guix has to do.

like this

guix system reconfigure -n sway.scm

The following derivations would be built:
   /gnu/store/mdf47km71lx3fhw1zplzmyhmlwh4g2zk-system.drv
   /gnu/store/knr1glycm101cnnvdhkzzc03cw0ahmd2-etc.drv
   /gnu/store/1rz0w8misyl8ckragkdhzig296dnjf3q-pulse.drv
   /gnu/store/mnbw59khxdfdxxp71bhn6x0yqhz3r8l3-daemon.conf.drv
   /gnu/store/4xbg22g3vjvpk9kxrgd3skj398xfj5k7-dbus-configuration.drv
   /gnu/store/sfd0jknw8y4xzssrfgr1v48rms0k7wgr-geoclue-wrapper.drv
   /gnu/store/p8632rqs6hnfly5kz2z2isd6gccylk49-geoclue-program-wrapper.drv
   /gnu/store/ywgrq77ka7fihap70fk4pk33m8260blh-dbus-system-services.drv
   /gnu/store/79srvc4pky6lqz9fj1iz730sj65dj551-asound.conf.drv
   /gnu/store/zvxx3pbik7dn96wjpkkv0fac9aqd0bf3-shepherd-vpn-client.scm.drv
   /gnu/store/zvxx3pbik7dn96wjpkkv0fac9aqd0bf3-shepherd-vpn-client.go.drv

You can then look at various files and try to figure it out where the configuration file may be.

That file looks interesting. Let's build it.

joshua@dobby $ guix build /gnu/store/xp3ril0dkk6d0fa53d7jl6ypcd1dpdhl-shepherd-vpn-client.scm.drv

The following derivation will be built:
   /gnu/store/xp3ril0dkk6d0fa53d7jl6ypcd1dpdhl-shepherd-vpn-client.scm.drv
building /gnu/store/xp3ril0dkk6d0fa53d7jl6ypcd1dpdhl-shepherd-vpn-client.scm.drv...
successfully built /gnu/store/xp3ril0dkk6d0fa53d7jl6ypcd1dpdhl-shepherd-vpn-client.scm.drv
/gnu/store/b6h8njd1mcf7wp7bic5drzqjyphlilrn-shepherd-vpn-client.scm

Ok let's open that vpn-client.scm file!

cat /gnu/store/b6h8njd1mcf7wp7bic5drzqjyphlilrn-shepherd-vpn-client.scm

(eval-when (expand load eval) (let ((extensions (quote ())) (prepend (lambda (items lst) (let loop ((items items) (lst lst)) (if (null? items) lst (loop (cdr items) (cons (car items) (delete (car items) lst)))))))) (set! %load-path (prepend (cons "/gnu/store/wy6fvwp3dfrp9frckdascrrb9rvn3h3g-module-import" (map (lambda (extension) (string-append extension "/share/guile/site/" (effective-version))) extensions)) %load-path)) (set! %load-compiled-path (prepend (cons "/gnu/store/xd4lwx10ljn902712sphac3k0k97g1vy-module-import-compiled" (map (lambda (extension) (string-append extension "/lib/guile/" (effective-version) "/site-ccache")) extensions)) %load-compiled-path))))(begin (use-modules (shepherd service) (oop goops) (guix build utils) (guix build syscalls)) (make  #:docstring (quote "Run the OpenVPN client daemon.") #:provides (quote (vpn-client)) #:requires (quote (networking)) #:one-shot? (quote #f) #:respawn? (quote #t) #:start (make-forkexec-constructor (list (string-append "/gnu/store/hckbwgfqym6x6zcfg6320d0z10a56h6b-openvpn-2.4.8" "/sbin/openvpn") "--writepid" "/var/run/openvpn/openvpn.pid" "--config" "/gnu/store/nm4dvmsffrghdxjlqj712qhrv6w4fd4m-openvpn.conf" "--daemon") #:pid-file "/var/run/openvpn/openvpn.pid") #:stop (make-kill-destructor) #:actions (make-actions)))

Aha! There is my config file!

cat /gnu/store/nm4dvmsffrghdxjlqj712qhrv6w4fd4m-openvpn.conf 

client proto udp dev tun ca /home/joshua/prog/guile/guix-config/vpn/ca2.crt cert /home/joshua/prog/guile/guix-config/vpn/client.crt key /home/joshua/prog/guile/guix-config/vpn/client.key persist-key persist-tun fast-io verb 3 auth-user-pass /home/joshua/prog/guile/guix-config/vpn/login.conf remote-cert-tls server nobind resolv-retry infinite remote switzerland-ca-version-2.expressnetw.com 1195

grub

boot from grub to a usb stick

As soon as you see the grub command line press the "c" key. You'll be dropped into a grub shell. You'll know you're there, because you'll see

grub >

Now, this is what you type

set root=(

Now press TAB and grub will give you some options. Grub will expand what you wrote into

set root=(hd

Grub will then tell you to either press 1 or 0. hd0 is your hard drive. You don't want that. So type

set root=(hd1)

Now type

chainloader +1

That will essentially tell the grub that is on your harddisk, to chainload to the usb. This means that the usb stick has grub (or some other similiar software on it). So grub won't try to find a bootable kernel on the usb stick. Instead, your harddrive's grub will hand over controll to the usb stick's grub.

boot

boot to an installed GNU/Linux distro on your machine

set root=(hd0,PartionNumberWhere/BootIs)
linux /boot/vmlinuz-linux-libre root=/dev/sdaPartionNumberWhereRootIs
initrd /boot/initramfs-linux-libre.img
boot

For me this looks like:

set root=(hd0,1)
linux /boot/vmlinuz-linux-libre root=/dev/sda1
initrd /boot/initramfs-linux-libre.img
boot

getting guix System to boot

When you get to grub, use this command to boot to guix.

configfile (hd1)/boot/grub/grub.cfg

channels are cool!

I can have a git repo somewhere of various packages.

;;; This module implements "channels." A channel is usually a source of ;;; package definitions. There's a special channel, the 'guix' channel, that ;;; provides all of Guix, including its commands and its documentation. ;;; User-defined channels are expected to typically provide a bunch of .scm ;;; files meant to be added to the '%package-search-path'.

I can specify default channels with %default-channels variable. That is kind of cool.

Channels are put in ~/.config/guix/channels.scm

An example channel file looks like:

(cons (channel (name 'my-personal-packages) 
      (url "https://notabug.org/jbranso/guix-packages.git"))
      %default-channels)

consider using nonguix channel for updating cpu microcode

writing sections to the guix cookbook

setting up sway

https://gitlab.com/nonguix/nonguix

Sway is a tiling window manager written for wayland. Since it does not officially support login managers, most users will need to execute "sway" at the virtual console after login. However, according to Sway's developers, the GNOME display manager, usually works to start sway.

Sway does have a configuration file as well. You can download the sway config file and modify it for yourself.

guix package -i sway wget

wget https://raw.githubusercontent.com/swaywm/sway/master/config.in

mkdir -p ~/.config/sway/

mv config.ini ~/.config/sway/config

If gdm works to start sway for you, then swell. However, some users might have issues getting sway to start for them. Here is a minimal configuration file for sway that removes gdm. You can now login to sway after login to the virtual console by typing sway.

  (use-modules (gnu) (guix)
   (srfi srfi-1))

  (use-service-modules desktop xorg)

  (operating-system
   (host-name "dobby")
   (timezone "America/Indiana/Indianapolis")
   (locale "en_US.utf8")
   ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
   ;; target hard disk, and "my-root" is the label of the target
   ;; root file system.
   (bootloader (bootloader-configuration
                (bootloader grub-bootloader)
                (keyboard-layout keyboard-layout)
                (target "/dev/sda")))

   (file-systems
    (cons* (file-system
            (mount-point "/")
            (device "/dev/sda1")
            (type "btrfs"))
           %base-file-systems))
   (users (cons*
           (user-account
            (name "user name")
            (comment "user name")
            (group "users")
            (home-directory "/home/user")
            (supplementary-groups
             '("wheel" "netdev" "audio" "video")))
           %base-user-accounts))

   ;; Globally-installed packages.
   (packages (append (map specification->package
                          '("nss-certs"))
                     %base-packages))

   (services
    (cons*

     (modify-services
      (remove (lambda (service)
                (member (service-kind service)
                        (list
                         gdm-service-type
                         )))
              %desktop-services) ;;end of remove services
      ))))

You can also set up sway to autostart after you login. Add this to your ~/.bash_profile

if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
  XKB_DEFAULT_LAYOUT=us exec sway
fi

packages to add to guix System

I can use debbugs-gnu

:PROPERTIES: :ID: 7325c252-fcf3-4957-9581-b7982f069b4d :END: https://debbugs.gnu.org/cgi/pkgreport.cgi?package=guix

C-u M-x debbugs-gnu RET RET guix-patches RET n y

I may also be able to use Gnus to reply to the bug reports.

I can just use nttp:news.gmane.org

guix package -i xf86-video-intel

or

guix package -i xf86-video-nouveau

avoid using pastebin.com use paste.lisp.org instead.

how do I enable substitutes from hydra.gnu.org?

the bug report is here. https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26158

guix archive --authorize ??

things I can do

DONE complete linode cookbook for Chris Webber

TODO create a shepherd service to start my vpn

guix archive --authorize < hydra.gnu.org.pub :LOGBOOK:
• State "TODO" from [2020-06-05 Fri 18:09]
:END: CLOSED: [2020-08-07 Fri 13:16] :LOGBOOK:
• State "DONE" from "TODO" [2020-08-07 Fri 13:16]
• State "TODO" from [2020-08-07 Fri 12:43]
:END: :LOGBOOK:
• State "TODO" from [2020-08-07 Fri 12:43]
:END:

joshuaBPMan: look up (service-extension shepherd-root-service-type _) [11:53] joshuaBPMan: I'm not that sharp with Shepherd but I think that style of service creation is for shepherd instances started by your user, rather than PID1 "init"

man shepherd

-s, --socket=FILE or stdin (-)

lfam says that I should probably create user services to start my vpn service.

He also says that my current user shepherd cannot start, because something is using the default socket file which is

run/user/1000.

So I need to tell shepherd to use a different socket.

He reccomended that I change XDG_RUNTIME_DIR, which is an environmental variable that tells various applications where they can store small files.

#+BEGIN_SRC sh :results output :exports both export XDG_RUNTIME_DIR="$HOME/run"

#+END_SRC

#+BEGIN_SRC sh :results output :exports both shepherd #+END_SRC

#+RESULTS:

Service root has been started.

TODO create a package for guile-dbi-mysql

PROJECT package jmp.chat

:LOGBOOK:
• State "TODO" from [2020-08-07 Fri 12:43]
:END: :LOGBOOK:
• State "TODO" from [2020-08-12 Wed 10:53]
:END:

PROJECT package sgx-catapult

write my own sgx catapult??

How to package JMP

XMPP server

sgx-catapult I need to package this!

I believe that cheogram controls texting in jmp.chat. Cheogram lets XMPP users use a simple format to chat with SMS users. https://wiki.soprani.ca/SGX JMP texting service is built on XMPP. I need a running XMPP server set up to use JMP.

I definitely need this! sgx-catapult is a doorway from XMPP (Jabber) to SMS (text messages).

The "SGX" stands for "Soprani.ca Gateway to XMPP", as this is associated with the Soprani.ca project.

tai.c

sgx-catapult is written in ruby! This program expects a binary named "tai" to be in its working directory, which should be a compiled version of https://ossguy.com/tai.c for the platform it is running on.

jmp-fwdcalls

jmp-fwdcalls, gets a call from a phone, it then forwards that call onto my SIP account, which I can answer with my SIP client.

relies upon mnemonicode, which generates easy to remember passwords

jmp-fwdcalls lets a landline phone user, talk to a SIP user. https://github.com/singpolyma/mnemonicode

cheogram

This is just C code, which is the ultimate portable programming language! It would be super easy to package in guix! Cheogram does this: It lets your users use a simple format for entering in contacts. +12113114111@cheogram.com instead of +12113114111@example.sgx.soprani.ca

jmp-register

If you don't want to use Cheogram, you will need to replace that code in register[34] before running jmp-register.

This is the registration wizard for jmp. It makes it easy for users to sign up. I may not need this.

set up a jmp.chat service for guix

REFERENCE about the project

Then again I may need it? It sets up a valid Canadian and U.S. phone number.

This app is built in ASP.NET. I know that I can use SMS via ASP.NET.

https://support.microsoft.com/en-us/help/555578

Soprani.ca is an open standard for communication built on XMPP. https://soprani.ca/

I know that my client has an SQL query to get data. He wants his application to respond the result of a query, when the application receives an SMS text message.

It allows for the creation of stable Jabber IDs, for email address and telephone numbers! How cool is it that I can "chat" with an email address? I can use my XMPP account to "chat" with another XMPP account, which forwards my info to an email?

XMPP client issues when using Soprani.ca

https://wiki.soprani.ca/

SMS door to XMPP issues (aka soprani.ca gateway to XMPP)

Soprani.ca plan

Soprani.ca over view of software

SIP standard interchange protocol

SMS provider

https://wiki.soprani.ca/ClientIssues https://wiki.soprani.ca/SGX https://wiki.soprani.ca/ThePlan There are 4 main source trees that make up JMP currently: jmp-register, jmp-fwdcalls, sgx-catapult, and Cheogram. ********* jmp-register is just for registration stuff - once you've signed up, you won't use it again (unless you choose to pay via PayPal in the automated way available on https://jmp.chat/ ) ********* jmp-fwdcalls is used exclusively for handling inbound calls - it forwards them to the number you've configured, or gives a recorded message saying the number doesn't accept voice calls (as a hack, it also handles the voice verification code) ********* sgx-catapult includes both sgx-catapult.rb and mpx-catapult.rb I NEED THIS ONLY. :LOGBOOK:
• State "TODO" from [2020-08-15 Sat 11:36]
:END: ********** sgx-catapult.rb is the XMPP gateway to my carrier (Catapult) - it translates my carrier's messages into XMPP messages, that can either be handled directly by your XMPP client, or relayed through Cheogram (the latter is now the default with new signups) This translates twilio's text and photo, and video, messages into XMPP messages. ********** mpx-catapult.rb is a basic HTTP proxy that is used exclusively for delivering MMS to an sgx-catapult user - when you access a URL it hosts (which sgx-catapult is configured to send you), then it will fetch the media from Catapult and relay it back to you If my friend posts a picture of him working out and getting ripped, and sends it to me.... My XMPP server, saves the message, and sends me a url. I can view the picture by clicking on the link in my XMPP client. ********* Cheogram is its own XMPP gateway that abstracts away an underlying gateway (such as sgx-catapult) so that you can use @cheogram.com JIDs in your roster and switch to some other gateway later, without changing your roster; it also does other cool things like providing an SMS drop-down while adding a contact (ie. in Gajim) so you can just enter a phone number in whatever format you like and have it convert to the E.164 format plus "@cheogram.com" that Cheogram requires for contacts Cheogram uses a preconfigured sgx-catapult number when it doesn't have a route configured for a given JID - this functionality is currently used primarily by jmp-register for sending the verification codes Like Awebber for text messages. Awebber lets you send mass emails. SMSProviders lets you send mass texts. https://wiki.soprani.ca/SMSProviders

XEP XMPP plugin. It's like secure scuttlebutt for JMP!

ossguy uses Bandwith as his carrier. I could do the same.

vocab

JID is a jabber ID (aka XMPP ID)

MUC (multi user chat)

SMS short message service

https://xmpp.org/extensions/xep-0174.html

This is a text message, but I believe you also call a XMPP "text" message an SMS.

MMS multimedia message service

fix tiny compile errors in guix

[ 12%] LOAD guix/scripts/repl.scm

[ 55%] GUILEC guix/diagnostics.go

[ 55%] GUILEC guix/ui.go

[ 56%] GUILEC guix/status.go

create a config file for termite, and let guix install the file for me.

These can be messages sent from phones, but they can be also be sent from XMPP clients like movim. or pidgin. This is a text message, but I believe that XMPP messages can contain photos. These are usually thought of as coming from a phone, but it could also come from pidgin. WARNING: Use of `load' in declarative module (guix scripts repl). Add #:declarative? #f to your define-module invocation. guix/diagnostics.scm:304:9: warning: non-literal format string WARNING: Use of `load' in declarative module (guix ui). Add #:declarative? #f to your define-module invocation. guix/status.scm:568:5: warning: non-literal format string guix/status.scm:561:5: warning: non-literal format string guix/status.scm:563:5: warning: non-literal format string guix/status.scm:556:5: warning: non-literal format string guix/status.scm:553:7: warning: non-literal format string guix/status.scm:528:5: warning: non-literal format string guix/status.scm:524:7: warning: non-literal format string guix/status.scm:512:5: warning: non-literal format string guix/status.scm:519:8: warning: non-literal format string guix/status.scm:516:8: warning: non-literal format string guix/status.scm:500:7: warning: non-literal format string guix/status.scm:495:10: warning: non-literal format string guix/status.scm:491:25: warning: non-literal format string guix/status.scm:492:16: warning: non-literal format string guix/status.scm:483:12: warning: non-literal format string guix/status.scm:475:13: warning: non-literal format string

Essentially, I want to create a config file for termite, to specify to use the ubuntu font and to make the font size a little bigger. I also want to store some scheme code to create this file, that way, if I reconfigure, I'll still have the settings saved.

I'll probably end of needing gnu/system/accounts.scm for this.

I may also need gnu/system/shadow.scm for this.

set up and install guix so that my harddrives are encrypted and a have ram 1 or 0, the way where files are duplicated

try out and test guix home manager

update guix deploy

I could use "skeletons" for this. But it would apply my change for ANY new user, not just me. https://github.com/pmeiyu/guix-config https://gitlab.com/rain1/guix-wiki/-/wikis/encrypted-home-config.scm https://framagit.org/tyreunom/guix-home-manager info:guix#Invoking guix deploy

Mention that host-key is usually found in /etc/ssh, and the file usually ends in ".pub".

updating sway to sway 1.5

This is already an open bug 42695

https://github.com/swaywm/sway/releases

https://github.com/swaywm/wlroots/releases

https://github.com/swaywm/wlroots/blob/master/meson.build

I have to package meson 0.54.0...guix has 0.53.2

I need to package wlroots 0.11.0

I need to update sway from 1.4 to 1.5

try installing a more recent firefox release with flatpak

admittedly, the nix-service-type has firefox 74 right now, which is not bad...

But the later version of firefox may be more "secure".

https://flathub.org/apps/details/org.mozilla.firefox

https://9to5linux.com/firefox-now-has-an-official-flatpak-app-heres-how-to-install-it

I'll need to install these packages for it to work:

#+BEGIN_SRC sh :results output :exports both guix package -i flatpak xdg-desktop-portal xdg-desktop-portal-gtk #+END_SRC

If running sway,

I'll also need to run dbus-run-session sway, which makes sway run sooo much smoother! No idea why.

Add the "--user" options to run each flatpak command as the current regular user. If you omit the "--user" option, flatpak will give you permissions errors. In that case you can probably run the command as sudo.

#+BEGIN_SRC sh :results output :exports both cat ~/.bash_profile #+END_SRC

#+RESULTS: #+begin_example # Honor per-interactive-shell startup file if [ -f ~/.bashrc ]; then . ~/.bashrc; fi

# shepherd

if -z $DISPLAY && $(tty) = /dev/tty1 ; then # this is needed to run firefox on wayland export MOZ_ENABLE_WAYLAND=1 exec dbus-run-session sway dbus-run-session sway fi

shepherd -c ~/.config/shepherd/init.scm #+end_example

create the directories needed for flatpak

#+BEGIN_SRC sh :results output :exports both mkdir -p var/lib/flatpak/exports/share mkdir -p ~.local/share/flatpak/exports/share #+END_SRC

#+RESULTS:

#+BEGIN_SRC sh :results output :exports both ls ~/.local/share/flatpak ls ~/.local/share/flatpak/share #+END_SRC

#+RESULTS:

This command installs the flathub repository so that only the regular user that runs this command, can access the programs flatpak installs. #+BEGIN_SRC sh :results output :exports both flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo #+END_SRC

#+RESULTS:

Set proper environmental variables

#+BEGIN_SRC sh :results output :exports both Note that the directories

'/var/lib/flatpak/exports/share' '/home/joshua/.local/share/flatpak/exports/share'

are not in the search path set by the XDG_DATA_DIRS environment variable, so applications installed by Flatpak may not appear on your desktop until the session is restarted. #+END_SRC

#+BEGIN_SRC sh :results output :exports both echo $XDG_DATA_DIRS #+END_SRC

#+RESULTS:

/gnu/store/gb2v82aflbxjbq1rkgb56xd07f3s01x3-shared-mime-info-1.10/share:/gnu/store/b8pr2k0i2zd07zmb7kpffmcimqi337if-glib-2.60.6/share:/gnu/store/lm3griq0smrnb019wy4517rkll5biqnq-gtk+-3.24.14/share:/gnu/store/frhq807simx67vabbrxnf7al9d96xz54-jmacs-26.3/share:/gnu/store/gb2v82aflbxjbq1rkgb56xd07f3s01x3-shared-mime-info-1.10/share:/gnu/store/b8pr2k0i2zd07zmb7kpffmcimqi337if-glib-2.60.6/share:/gnu/store/lm3griq0smrnb019wy4517rkll5biqnq-gtk+-3.24.14/share:/gnu/store/frhq807simx67vabbrxnf7al9d96xz54-jmacs-26.3/share:/gnu/store/j6gvzm9waf4yhlzv7s15jk39wn0sr50s-shared-mime-info-1.15/share:/gnu/store/xa1vfhfc42x655hi7vxqmbyvwldnz7r0-glib-2.62.6/share:/gnu/store/4rjf9bkzqyxwf2nx984dgcjqc94qivac-gtk+-3.24.20/share:/home/joshua/.guix-profile/share:/run/current-system/profile/share:/home/joshua/.guix-profile/share:/run/current-system/profile/share

#+BEGIN_SRC sh :results output :exports both cat ~/.bash_profile #+END_SRC

#+RESULTS: #+begin_example # Honor per-interactive-shell startup file if [ -f ~/.bashrc ]; then . ~/.bashrc; fi

# shepherd

if -z $DISPLAY && $(tty) = /dev/tty1 ; then export MOZ_ENABLE_WAYLAND=1 exec dbus-run-session sway XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/home/joshua/.local/share/flatpak/exports/share:$XDG_DATA_DIRS fi

shepherd -c ~/.config/shepherd/init.scm #+end_example

command to run the flatpak

#+BEGIN_SRC sh :results output :exports both flatpak run org.mozilla.firefox #+END_SRC

simple service to start my vpn

bugs I might be able to fix

Shepherd

Shepherd not properly restarting dependent services

xfce documentation not available locally

icecat mailto does not work?

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23170 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23199

add in the guix manual that "make check" also runs make. No need for make install

can I set up emacs optional dependencies

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24066

Emacs Dependencies for 26.3 http://www.linuxfromscratch.org/blfs/view/svn/postlfs/emacs.html

Recommended

Optional

• [X] giflib-5.2.1
• [X] GnuTLS-3.6.14
• [X] LibTIFF-4.1.0

• [X] X Window System
• [X] alsa-lib-1.2.3.2
• [X] dbus-1.12.20
• [ ] GConf-3.2.6
• [ ] gobject-introspection-1.64.1
• [ ] gsettings-desktop-schemas-3.36.1
• [ ] GPM-1.20.7
• [X] GTK+-2.24.32 or GTK+-3.24.21
• [X] ImageMagick-6.9.10-93 libraries (see command explanations)
• [X] libjpeg-turbo-2.0.5
• [X] libpng-1.6.37
• [X] librsvg-2.48.8
• [X] libxml2-2.9.10
• [ ] MIT Kerberos V5-1.18.2
• [ ] Valgrind-3.16.1
• [ ] intlfonts
• [ ] libungif
• [ ] libotf and m17n-lib - to correctly display such complex scripts as Indic and Khmer, and also for scripts that require Arabic shaping support (Arabic and Farsi), and libXaw3d

I can package my emacs config and make it install emacs packages but not have those packages in my profile

I can use guile-git to clone my emacs config and set it in a directory.

Here are the three main guile procedures that I'll need to use:

The module ‘git bindings’ provide several definitions for interacting with libgit2. The main procedure is ‘libgit2-init!’ which must be called before any other guile-git procedure is called.

-- Scheme Procedure: libgit2-init! Return the number of initializations of libgit2 or an error code.

Initializes the global state of libgit2. The procedure must be called before any other procedure is called and may be called multiple times.

-- Scheme Procedure: clone url directory Return a repository by cloning a remote git repository found at URL into DIRECTORY or throws an error.

-- Scheme Procedure: libgit2-shutdown! Return the number of remaining initializations of libgit2 or an error code.

The procedure cleans up the global state of libgit2 created by ‘libgit2-init!’.

bspwm

helping with core-updates

joshuaBPMan: i think you want those to be in propagated-inputs, not native-inputs [18:13] native-inputs are build-time dependencies [18:14] pkill9: oh. well I'll try that again then. haha. [18:17] pkill9: It would be nice to have those installed in such a way that emacs can access the packages, but not populate my profile. [18:19] I guess that isn't possible. it is possible, you can create a package that is a wrapper script that runs emacs with command line options [18:20] i did that with bspwm pkill9: thanks. I'll look into that! [18:21] although with that one I created a makefile that handles wrapping it but you can write files in the guix package definition joshuaBPMan: Also you could use separate guix profile instead of wrapping. Most of guix commands has a ‘-p’ command option. [18:24] wigust: hmmm. does that mean I'd have package "myemacs" to install a separate profile containing all of the emacs packages, and then create a script that runs "myemacs" to pull in the emacs packages from the separate profile? [18:25]

Every now and then guix, does some pretty big updates. It changes a lot. I can pull from that branch and test the changes.

What remains to be done is mostly (1) ensuring that there’s no significant regression in terms of build failures compared to ‘master’, and (2) making sure GuixSD boots and works fine.

For #1, a simple test is to try and upgrade your profile and see if everything builds and works well. In addition, you can look at these dashboards to identify build failures that need to be addressed:

https://hydra.gnu.org/jobset/gnu/core-updates https://berlin.guixsd.org/jobset/core-updates-core-updates

make icecat run in a container https://lists.gnu.org/archive/html/help-guix/2018-01/msg00109.html

(users (name joshua) (layout "dvorak"))

For #2, running “make check-system”, or at least the inexpensive subset of system tests (the expensive tests are the installation tests) should give a good overview—Mark already reported an issue at . The next step of course is to try it on the bare metal for your own system config.

What is the kmscon service?

The system reconfigure module is .

This is the variable for user services called operating-system-user-services.

It is populated . Or is that just the type?

What is a scheme record type? It is kind of like a class, but not quite...

DONE change the grub layout

Activation helpers are here: to create default files [[file:~/prog/gnu/guix/gnu/build/activation.scm::;;;%20Commentary:]] CLOSED: [2020-08-09 Sun 11:29] :LOGBOOK:
• State "DONE" from [2020-08-09 Sun 11:29]
:END:

I'm using libreboot. Libreboot sets the grub layout for me.

change the initrd solution

This page has the info that lets you change the layout so that you can still use dvorak even when you are using an encrypt filesystem!

https://wiki.archlinux.org/index.php/GRUB/Tips_and_tricks#Manual_configuration_of_core_image_for_early_boot

:archWikiAnswer: Manual configuration of core image for early boot

If you require a special keymap or other complex steps that GRUB is not able to configure automatically in order to make /boot available to the GRUB environment, you can generate a core image yourself. On UEFI systems, the core image is the grubx64.efi file that is loaded by the firmware on boot. Building your own core image will allow you to embed any modules required for very early boot, as well as a configuration script to bootstrap GRUB.

Firstly, taking as an example a requirement for the dvorak keymap embedded in early-boot in order to enter a password for a crypted /boot on a UEFI system:

Determine from the generated /boot/grub/grub.cfg file what modules are required in order to mount the crypted /boot. For instance, under your menuentry you should see lines similar to:

insmod diskfilter cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha256 insmod ext2 cryptomount -u 1234abcdef1234abcdef1234abcdef set root='cryptouuid/1234abcdef1234abcdef1234abcdef'

Take note of all of those modules: they'll need to be included in the core image. Now, create a tarball containing your keymap. This will be bundled in the core image as a memdisk:

Now create a configuration file to be used in the GRUB core image. This is in the same format as your regular grub config, but need contain only a few lines to find and load the main config file on the /boot partition:

early-grub.cfg root=(memdisk) prefix=($root)/

terminal_input at_keyboard keymap /dvorak.gkb

cryptomount -u 1234abcdef1234abcdef1234abcdef set root='cryptouuid/1234abcdef1234abcdef1234abcdef' set prefix=($root)/grub

configfile grub.cfg

Finally, generate the core image, listing all of the modules determined to be required in the generated grub.cfg, along with any modules used in the early-grub.cfg script. The example above needs memdisk, tar, at_keyboard, keylayouts and configfile.

The generated EFI core image can now be used in the same way as the image that is generated automatically by grub-install: place it in your EFI partition and enable it with efibootmgr, or configure as appropriate for your system firmware.

A mailing list discussion that recommends building a custom initrd

:END: As far as my experience with other Operating Systems goes: we need to make the keyboard layout configurable in the initrd. You can already achieve this with a custom initrd today, but having a service would be more convenient. For expected defaults we should make this hypothetical service default to en-us. I see two possible entry points to writing the service here:

1) extending the console-keymap-service 2) writing a new service that extends the initrd and reuses code from the previously mentioned service.

the guixSD way of doing it:

It is possible to add init modules here: info:guix#operating-system Reference

The easy way to do this is: changing the %base-initrd-modules.

The actual best way to do it, is to build a custom initrd via the base-initrd, or raw-initrd, or expression->initrd procedures and specify which initrd to use via the "initrd" field in the operating system.

grub-xbdcomp isn't working!

sudo grub-kbdcomp -o /boot/grub/dvorak.gkb dvorak

/home/joshua/.guix-profile/bin/grub-kbdcomp: line 76: ckbcomp: command not found
ERROR: no valid keyboard layout found. Check the input.

Generate a GRUB keyboard layout file. Below is the command for a french keyboard.

For other languages, check usr/share/X11/xkb/symbols. Filename

choice is not important (you can change bepo).

sudo grub-kbdcomp -o /boot/grub/bepo.gkb fr

Edit /etc/default/grub with root rights to have:

#GRUB_HIDDEN_TIMEOUT=0 GRUB_TERMINAL_INPUT="at_keyboard"

Edit /etc/grub.d/40_custom with root rights to have:

#!/bin/sh exec tail -n +3 $0

insmod keylayouts keymap /boot/grub/bepo.gkb

Finally:

sudo update-grub

DONE change the console layout

change the initrd layout

use this guile script to generate a manifest

Note: Forget immediately about using the Shift key to display GRUB menu! It may be normal that terminal_input at_keyboard make this key not work anymore. So make sure #GRUB_HIDDEN_TIMEOUT=0 is properly commented. CLOSED: [2020-08-09 Sun 11:29] :LOGBOOK:
• State "DONE" from [2020-08-09 Sun 11:29]
:END:

(use-modules (guix profiles) (ice-9 match) (ice-9 pretty-print))

(match (command-line) ((_ where) (pretty-print `(specifications->manifest ',(map manifest-entry-name (manifest-entries (profile-manifest where)))))) (_ (error "Please provide the path to a Guix profile.")))

use some proxies!

https://wiki.archlinux.org/index.php/Using_a_SOCKS_proxy

I can set up wget to use tor with an environmental variables!

report a bug in Icecat's Tor browser.

https://wiki.archlinux.org/index.php/Proxy_routing_with_Tor_and_Privoxy

It looks like I have to manually go to preferences

search proxy, click on setting

Then click on proxy DNS when using SOCKS v5

Email from Mike Gerwitz: Re: Problem with Tor & IceCat

Or maybe not...This guy apparently filed the bug report already. Email from znavko: Re: Problem with Tor & IceCat

https://en.wikipedia.org/wiki/Freedom_of_the_Press_Foundation

freedom press onion site: http://www.freepress3xxs3hk.onion/

I can search for tor hidden services here:

make grub hide the boot screen unless the "shift" key is pressed!

https://ahmia.fi/

I should probably re-read the archwiki about this info.

Add the following line to the file etc/grub.d/31_hold_shift

GRUB_FORCE_HIDDEN_MENU="true"

chmod a+x /etc/grub.d/31_hold_shift grub-mkconfig -o /boot/grub/grub.cfg

make it possible to only enter the LUKS volume passphase once!

This way I can have several encrypted partitions:

home, boot, swap, grub, etc. and I only enter in one passphrase to decrypt all of them!

Yes, entering the LUKS volume passphrase twice is normal, though I would love to hear about ways to improve it. As I understand it, both GRUB and Linux have to unlock the LUKS volume, and they do not by default coordinate in any way - that is why you have to enter it two times. I don't know how to arrange for a password to be entered only once, but I imagine that it may be possible, with varying degrees of security depending on the chosen solution.

You can use keyfiles to unlock the root partition. That's what I'm using on my arch setup to only have to type in one passphrase instead of three (GRUB, root, swap). No idea how you would translate this to GuixSD though.

The arch wiki has a section on the Dm-crpyt page showing you how to do this:

#Unlocking the root partition at boot

change the default networking service from wpa_supplicant to dhcp service

info:guix#Networking Services I can specify what dhcp client to use:

gnu Hurd internet bug report

guix X errors bug report

guix touchpad set up

darktable How do I use this thing?

manual things

make the manual distinguish between guix & guixSD

turn this arch wiki page into the guix manual.

isc-dhcp is the default. Ludo has an email talking about this topic. Email from Ludovic Courtès: Re: Communication and Design a

https://wiki.archlinux.org/index.php/Security

build some hardened packages & modify gnu-build-system to allow a package to be built hardened-ly.

Paste my patch at this email address: guix-patches@gnu.org

why am I getting two emails when I respond to the list and someone responds to me?

Here is some lisp that makes it possible https://lists.nongnu.org/archive/html/guix-devel/2014-04/msg00162.html

These are both the same email, but I have it twice!

Ricardo send me a To: jbranso.de && he sent me an email to the list. Why can't he just send it to the list?

I can actually fix this! I can go into each mailing list profile and specify not to receive duplicate messages. This should probably be the default.

Email from Ricardo Wurmus: Re: Brain storming cool Guix f

things I could package

https://atom.io/packages/file-icons

emacs-all-the-icons should also install the icons for you

I should try to package a stand alone wayland terminal

Email from Ricardo Wurmus: Re: Brain storming cool Guix f https://www.freedesktop.org/wiki/Software/kmscon/libtsm/

and wlterm https://www.freedesktop.org/wiki/Software/kmscon/wlterm/

package postorius as a guixSD service

https://gitlab.com/mailman/postorius

modily my myemacs so that it tries to run emacsclient -nc first

It's a python web app for GNU Mailman

emacsclient -a "" -c $@

set up mbsync

guix manual

TODO extend the guix manual to mention adding in vfat for UEFI booting [/]

DONE I fixed the full blown desktop example

TODO add some text that explicitly says that one needs to mention the vfat in their filesystems when using UEFI boot.

extend the guix manual to mention how to tweak awesome's config file

add a trouble shooting section in the guix manual to mention what to do on weird mouse issues

ask on guix-devel if I can make an awesome service that allows one to write thise

make this emacsc in bashrc and it should work. http://pragmaticemacs.com/emacs/migrating-from-offlineimap-to-mbsync-for-mu4e/ :LOGBOOK:
• State "TODO" from [2019-01-03 Thu 05:53]
:END: CLOSED: [2019-01-03 Thu 05:53] :LOGBOOK:
• State "DONE" from [2019-01-03 Thu 05:53]
:END: :LOGBOOK:
• State "TODO" from [2019-01-03 Thu 05:53]
:END:

  (service awesome-service-type
           (awesome-configuration
            (config-file "/path/to/file.lua")))

create a script to download the previous days' irc logs

use castget! https://castget.johndal.com/ and package it for guix

fix auto login, so I am automatically logged into sway.

kernel tuning via sysctl

run a custom kernel

load my color profile from Mac, because it looks awesome.

run shepherd as me. That way I can have user services.

It lets you automatically download podcasts!

That would be super cool!

/run/current-system /run/booted-system

current-system is the current system.

booted-system is the last booted system.

I can run sheperd as my user joshua and use it to manage my emacs daemon.

how to update guix:

guix pull as every user

Installing Guix from Guix

To update the whole system. ie: pacman -Syu equivalent:

joshua@dobby $ sudo bash --login
root@dobby #  guix pull && guix system reconfigure config.scm

To update my user's packages

joshua@dobby $ guix pull
joshua@dobby $ guix package -u

there is now a guix-blog@gnu.org email address. If I want to write a blog article

make guix tell you where a package is defined: Email from Julien Lepiller: Re: Right way: define, build a

make guix install programs from file

debugging build failures

access tor hidden services

guix package -i $(cat package-list.log | xargs) https://www.gnu.org/software/guix/manual/en/html_node/Debugging-Build-Failures.html#Debugging-Build-Failures

https://ahmia.fi/search/?q=the

wipe-ing Paul's macbook clean and adding in random data

Here is a list of them, but I can't connect to any of them.

1. If you are wiping your hard drive for security, you should populate it with random data rather than zeros (This is going to take even longer than the first
example.) :

dd if=/dev/urandom of=/dev/sdX bs=1M *replace X with the target drive letter.

Replace X with the target drive letter.

make guix build an installation image

You need to replace sda with the device name you want to overwrite. sda is usually the first hard drive, the second drive would be sdb and so on. Use for example gparted to find the correct drive. If you replace the device name, you can also wipe USB sticks and other peripherals.

I'll need this because the current install image on the guix system website does not have the keyboard layout option.

LUKS setup

guix system --file-system-type=iso9660 disk-image ~/prog/gnu/guix/gnu/system/install.scm

The following example specifies a mapping from ‘/dev/sda3’ to ‘/dev/mapper/home’ using LUKS—the Linux Unified Key Setup (https://gitlab.com/cryptsetup/cryptsetup), a standard mechanism for disk encryption. The ‘/dev/mapper/home’ device can then be used as the ‘device’ of a ‘file-system’ declaration (*note File Systems::).

  (file-system
   (mount-point "/home")
   (device (mapped-device
            (source "/dev/sda3")
            (target "home")
            (type luks-device-mapping)))
   (type "ext4"))

I temporarily set the LUKS encrypted passwords on my encrypted partitions to "a" so I could boot easily.

I found out how to do it here: https://linux.die.net/man/8/cryptsetup

cryptsetup luksAddKey RET

I can remove the "a" key via:

make the manual mention "make"

how nckx builds guix:

cryptsetup luksRemoveKey RET

"gnutls" "guile" "guile-gcrypt" "guile-git" "guile-json" "guile-sqlite3" "guile-ssh" ; ./pre-inst-env guix! [15:14]

Here's what I added to my manifest to use Guix from git (posted this yesterday too, perhaps that's a sign we need to document it better):

searching for packages

Here's the full command I use: guix environment --pure guix -- sh -c 'make -j clean; ./bootstrap && ./configure --sysconfdir=/etc --localstatedir=/var && make -j`nproc`' [15:33] guix package spits out packages into recsel database format. You can use recsel to format the output.

  guix package -i recutils
  guix package -s guile-g | recsel -p name

name:	guile-gnome
name:	guile-gcrypt
name:	guile-gnunet
name:	guile-git
name:	guile-gdbm-ffi
name:	guile2.0-gcrypt
name:	emacs-gtk-look

  guix package -s guile-g | recsel -p name,version,synopsis

learn how to raise the elephant

name:	guile-gnome
version:	2.16.5
synopsis:	Guile	interface	for	GTK+	programming	for	GNOME
name:	guile-gcrypt
version:	0.1.0
synopsis:	Cryptography	library	for	Guile	using	Libgcrypt
name:	guile-gnunet
version:	0.0-1.d12167a
synopsis:	Guile	bindings	for	GNUnet	services
name:	guile-git
version:	0.2.0
synopsis:	Guile	bindings	for	libgit2
name:	guile-gdbm-ffi
version:	20120209.fa1d5b6
synopsis:	Guile	bindings	to	the	GDBM	library	via	Guile's	FFI
name:	guile2.0-gcrypt
version:	0.1.0
synopsis:	Cryptography	library	for	Guile	using	Libgcrypt
name:	emacs-gtk-look
version:	29
synopsis:	Find	and	display	HTML	documentation	for	GTK,	GNOME	and	Glib

Does raising the elephant mean that I have to reboot? Can I recover a system without rebooting?

https://en.wikipedia.org/wiki/Magic_SysRq_key

https://en.wikipedia.org/wiki/File:KeyboardWithPrintScreenRinged.svg

https://superuser.com/questions/652385/how-do-i-use-magic-sysreq-keys-on-a-mac

https://bugs.launchpad.net/mactel-support/+bug/262408/comments/17

Raising Elephants Is So Utterly Boring

unRaw take control of the keyboard back from X or wayland

tErminate send SIGTERM to all processes, allowing them to terminate gracefully.

kIll send SIGTERM to all processes, making them stop NOW

Sync flush data to disk

Unmount all filesystems and remount read-only

using guile's module system on channels

pkill9's channel

how to delete old package generations

reBoot joshuaBPMan: change "gnu packages emacs jmacs" to "jmacs" really? May I ask why that works? What did I do wrong? [15:43] joshuaBPMan: it just needs to mirror the directory structure e.g. if the module is in /path/to/module.scm, the part next to "define-module" needs to be "(path to module)" [15:53] pkill9: thanks! https://gitlab.com/pkill-9/guix-packages-free/tree/master/pkill9/packages

This is how you delete old package generations.

guix package -l will show you the generations that you have.

if you update sway, and sway won't start

guix package -d 10..50 will delete all generations 10-50.

It probably has to do with an outdated shader cache. It is an easy fix.

rm -r .cache/mesa_shader_cache/

try to get firefox installed

This is a firefox guix recipe.

autologin

https://framagit.org/tyreunom/guix-more/blob/master/more/packages/gnuzilla.scm

I need to modify mingetty from base services.

This can probably be done via fold or map procedues...Or via modify services.

open a guile repl

,use(gnu services) ,use(gnu services base) ,use(guix) ,use(oop goops) ,use(shepherd service)

The “service” is obviously a very important concept of the Shepherd. On the Guile level, a service is represented as an instance of ‘’, a GOOPS class (*note (guile)GOOPS::). When creating an instance of it, you can specify the initial values of its slots, and you actually must do this for some of the slots.

The ‘’ class and its associated procedures and methods are defined in the ‘(shepherd service)’ module.

  (use-modules gnu services)
  (use-modules gnu services base)
  (use-modules guix)
  (use-modules oops goops)
  (use shepherd service)
  (define %my-base-service
    (map
     (lambda (service) (describe service))
     %base-services))

devel things

Add a ~/.gdbinit file to the %default-skeletons

Using debugging files should work automatically. It should be as easy as

#+BEGIN_SRC sh :results output :exports both guix install glibc:debug guile:debug guix build --source guile #+END_SRC

info:guix#operating-system Reference skeletons

info:guix#Installing Debugging Files

Program binaries, as produced by the GCC compilers for instance, are typically written in the ELF format, with a section containing “debugging information”. Debugging information is what allows the debugger, GDB, to map binary code to source code; it is required to debug a compiled program in good conditions.

The problem with debugging information is that is takes up a fair amount of disk space. For example, debugging information for the GNU C Library weighs in at more than 60 MiB. Thus, as a user, keeping all the debugging info of all the installed programs is usually not an option. Yet, space savings should not come at the cost of an impediment to debugging—especially in the GNU system, which should make it easier for users to exert their computing freedom (*note GNU Distribution::).

Thankfully, the GNU Binary Utilities (Binutils) and GDB provide a mechanism that allows users to get the best of both worlds: debugging information can be stripped from the binaries and stored in separate files. GDB is then able to load debugging information from those files, when they are available (*note (gdb)Separate Debug Files::).

The GNU distribution takes advantage of this by storing debugging information in the ‘lib/debug’ sub-directory of a separate package output unimaginatively called ‘debug’ (*note Packages with Multiple Outputs::). Users can choose to install the ‘debug’ output of a package when they need it. For instance, the following command installs the debugging information for the GNU C Library and for GNU Guile:

guix install glibc:debug guile:debug

GDB must then be told to look for debug files in the user’s profile, by setting the ‘debug-file-directory’ variable (consider setting it from the ‘~/.gdbinit’ file, *note (gdb)Startup::):

(gdb) set debug-file-directory ~/.guix-profile/lib/debug

From there on, GDB will pick up debugging information from the ‘.debug’ files under ‘~/.guix-profile/lib/debug’.

In addition, you will most likely want GDB to be able to show the source code being debugged. To do that, you will have to unpack the source code of the package of interest (obtained with ‘guix build --source’, *note Invoking guix build::), and to point GDB to that source directory using the ‘directory’ command (*note ‘directory’: (gdb)Source Path.).

The ‘debug’ output mechanism in Guix is implemented by the ‘gnu-build-system’ (*note Build Systems::). Currently, it is opt-in—debugging information is available only for the packages with definitions explicitly declaring a ‘debug’ output. This may be changed to opt-out in the future if our build farm servers can handle the load. To check whether a package has a ‘debug’ output, use ‘guix package --list-available’ (*note Invoking guix package::).