Query the API to find the latest Debian image to deploy the base system with.
* gnu/machine/hetzner/http.scm (null-or): New procedure.
(<hetzner-image>): New JSON record type.
(<hetzner-image-created-from>): Likewise.
(<hetzner-image-protection>): Likewise.
(%hetzner-default-server-image): Change simple variable to a memoized
procedure.
(hetzner-api-server-create): Adjust user accordingly.
(hetzner-api-images): New procedure.
Change-Id: I9544708c878971a2c776c80b9a4ee06078d5ce61
This fixes a regression introduced in commit a2ef2bcbfd ("machine: hetzner:
Allow connections using ssh-agent"), where having no ssh-key would cause the
early Hetzner provisioning to fail due to the lack of SSH authentication.
* gnu/machine/hetzner.scm (%hetzner-ssh-key-file): New parameter.
(<hetzner-configuration>) [ssh-public-key]: Compute default according to the
value of the private ssh-key field. Introduce an indirection via...
(hetzner-configuration-ssh-public-key): ... this new procedure, to honor
%hetzner-ssh-key-file.
(hetzner-configuration-ssh-key): Likewise for the private ssh-key.
(hetzner-configuration-ssh-key-fingerprint): Rename to...
(public-key->fingerprint): ... this, taking just the public key as argument.
Update doc.
(hetzner-configuration-ssh-key-public): Rename to...
(public-key->string-with-type): ...this, for clarity, and accept just a
public-key object. Update doc.
(hetzner-machine-ssh-key): Exit early with #f when no ssh key is provided.
(temporary-ssh-key-file): New procedure.
(hetzner-machine-ssh-key-create): Assert a public key is defined. Adjust
calls to renamed procedures, and adjust for the `hetzner-api-server-create'
API change.
(hetzner-machine-enable-rescue-system): Refine doc and fix code path when
ssh-key is #f.
(hetzner-machine-rescue-install-os): Document.
(hetzner-machine-provision): Refine doc. Remove extraneous sleep and #:unwind
argument. Limit ssh-session dynamic scope to where it's needed.
(cleanup-temporary-ssh-key/maybe): New procedure.
(deploy-hetzner): Create and use a temporary SSH key when none is defined, and
clean it up when done or on errors.
* gnu/machine/hetzner/http.scm (hetzner-api-server-create): Make ssh-keys a
keyword argument, and fix execution when it's #f.
(hetzner-api-server-enable-rescue-system): Likewise.
* tests/machine/hetzner.scm ("deploy-machine-mock-with-unprovisioned-server"):
Adjust test.
* tests/machine/hetzner/http.scm (create-server)
("hetzner-api-server-create-unit")
("hetzner-api-server-enable-rescue-system-unit")
("hetzner-api-actions-integration")
("hetzner-api-server-enable-rescue-system-integration"): Likewise.
* doc/guix.texi (Invoking guix deploy): Precise what happens when 'ssh-key' is
#f in hetzner-configuration, and suggest declaratively authorizing your SSH
key.
Change-Id: I812b348fb553f3b5aebd0bf66850c6ecb9e06653
* gnu/machine/hetzner.scm (<hetzner-configuration>)
[user]: New field.
(hetzner-machine-delegate): Use match-record to bind the field values; honor
user.
* doc/guix.texi (Invoking guix deploy): Document it.
Fixes: #8493
Change-Id: I026828c508ea936523fe864e2646ab9e3a1329c4
All the performance and general purpose newer x86 Hetzner server types like
the 'cpx22' now require an EFI bootloader, while older ones like the 'cx23'
still expect a BIOS bootloader.
Instead of exposing the user to errors when selecting the correct operating
system template to use, provide a procedure that takes returning one based on
the server type name.
* gnu/machine/hetzner.scm (%hetzner-os-arm): Rename to...
(%hetzner-os-arm/efi): ... this. Adjust for variable name change.
(%hetzner-os-x86): Rename to...
(%hetzner-os-x86/bios): ... this. Adjust for variable name change.
(%hetzner-os-x86/efi): New variable.
(server-type-name->arch, server-type-name->bootloader)
(make-hetzner-os): New procedures.
(%hetzner-os-x86, %hetzner-os-x86): Deprecate variables.
(hetzner-machine-bootstrap-os-form): Use the server type name to infer whether
the EFI or BIOS bootloader should be used, along the EFI partition.
* doc/guix.texi (Invoking guix deploy): Updated doc.
Fixes: #8523
Change-Id: I331a76e12bb3c19f5664dcbe4437a8d1cfe1d363
Guix 1.5.0 supports dhcpcd-service-type; therefore, (assuming hetzner
already has a Guix 1.5.0 image), it should no longer be necessary to
use dhcp-client-service-type here. This is one of the few remaining
users of dhcp-client-service-type changing this here will allow to
remove this deprecated service in a future pull request.
* gnu/machine/hetzner.scm (hetzner-machine-bootstrap-os-form): Use
dhcpcd-service-type.
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
#f is to keep the failed provisioned server intact for debugging. The
documented default is #t, so adjust the code accordingly.
* gnu/machine/hetzner.scm (<hetzner-configuration>)
[delete?]: Change default to #t to match documentation.
Change-Id: Iabee105cbf5f5e31e8a8f5cb5db99439a168f174
This fixes DHCP-provided routes on servers that have both public and private
interfaces.
* gnu/machine/hetzner.scm (%hetzner-os-arm)[services]: Replace
dhcp-client-service-type with dhcpcd-service-type.
Fixes: https://codeberg.org/guix/guix/issues/407
Change-Id: I8e0b4fb12727e784f2b622273ffef504e58eddfe
Signed-off-by: Hilton Chain <hako@ultrarare.space>
* gnu/machine/hetzner.scm (hetzner-machine-rescue-install-os): Avoid out of
disk space error by bind mounting /mnt/tmp/gnu/store to /gnu/store.
* tests/machine/hetzner.scm: Test with smaller instances.
* doc/guix.texi (Invoking guix deploy): Mention unsupported instance.
Change-Id: If8bfb6733de493b51813b3e82e255849192f7cba
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Previously, <unspecified> would be returned. That was a bug. Monadic
procedures must always return monadic values.
* gnu/machine/ssh.scm (roll-back-managed-host): Return monadic value.
Change-Id: I3db2879dbfbcab5e9d251fa5ed02c8653adbeafb
This allows rebooting straight into the new system with ‘reboot -k’.
* guix/scripts/system/reconfigure.scm (kexec-loading-program)
(load-system-for-kexec): New procedures.
* gnu/tests/reconfigure.scm (run-kexec-test): New procedure.
(%test-upgrade-kexec): New variable.
* guix/scripts/system.scm (perform-action): Add #:load-for-kexec?.
Call ‘load-system-for-kexec’.
(show-help, %options): Add ‘--no-kexec’.
(%default-options): Add ‘load-for-kexec?’.
(process-action): Honor it and pass it to ‘perform-action’.
* gnu/machine/ssh.scm (deploy-managed-host): Add call to
‘load-system-for-kexec’.
* doc/guix.texi (Invoking guix system): Document it.
Change-Id: I86d11f1c348e4359bc9e73c86e5aebff60fe875c
When using "guix deploy" on an x86_64-linux machine to deploy a system to
i686-linux, DEPLOY-MANAGED-HOST would revert %CURRENT-SYSTEM to the host
system's value by the time it evaluated UPGRADE-SHEPHERD-SERVICES. The
earlier PARAMETERIZE would no longer be effective.
* gnu/machine/ssh.scm (deploy-managed-host): Ensure that
UPGRADE-SHEPHERD-SERVICES is evaluated for the architecture of the target
machine.
Change-Id: I0816da79cd7c46a69418717fa33b2fe4e2fabae0
Reported by hako on #guix.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Filter out pseudo
file systems from 'file-systems'.
* guix/scripts/system.scm (check-initrd-modules): Likewise.
* gnu/machine/digital-ocean.scm (guix-infect): Define the operating system
declaration as an s-expression and paste it into the generated Bash script to
simplify editing.
* gnu/machine/digital-ocean.scm (guix-infect, add-static-networking): Set
GUILE_LOAD_PATH and GUILE_LOAD_COMPILED_PATH to directories for Guile 3.0
instead of 2.2.
* gnu/machine/digital-ocean.scm (ip+netmask->cidr): New procedure.
(guix-infect, add-static-networking): Use static-networking-service-type
instead of the deprecated static-networking-service.
These typos were found and reported through weblate.
* gnu/packages/audio.scm (wildmidi)[description]: Fix typo.
* gnu/packages/games.scm (cgoban)[description]: Fix typo.
* gnu/services/version-control.scm (gitolite-service-type)[description]:
Fix typo.
* gnu/installer/newt/substitutes.scm (run-substitutes-page): Remove full
stop at end of title.
* gnu/machine/ssh.scm (machine-ssh-configuration-system): Move
punctuation outside of quotes.
* guix/scripts/home.scm (process-action): Remove trailing space before
newline.
* guix/scripts/system.scm (show-help): Fix typo.
* guix/scripts/environment.scm (with-store/maybe): Fix typo.
Fixes <https://issues.guix.gnu.org/58084>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
Previously, "sanity checks" and other operations would happen in a
context where '%current-system' has its default value. Thus, running
'guix deploy' on x86_64-linux machine for an aarch64-linux one would
lead things like '%base-initrd-modules' to see "x86_64-linux" as the
'%current-system' value, in turn making the wrong choices.
* gnu/machine/ssh.scm (check-deployment-sanity)[assertions]: Wrap in
'parameterize'.
(deploy-managed-host): Likewise for the 'mlet' body.
This is to make it less surprising, given the common convention sets forth by
the kernel Linux command-line parameters.
* gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root'
and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system',
respectively. Adjust doc.
(find-long-option): Adjust doc.
* gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly.
* gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and
update doc. Use VERSION to conditionally return old style vs new style initrd
arguments.
(%boot-parameters-version): Increment to 1.
(operating-system-boot-parameters): Adjust doc.
(operating-system-boot-parameters-file): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise.
* doc/guix.texi: Adjust doc.
* gnu/build/activation.scm (boot-time-system): Adjust accordingly.
* gnu/build/hurd-boot.scm (boot-hurd-system): Likewise.
* gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment.
Fixes <https://issues.guix.gnu.org/52766>.
Reported by Michael Rohleder <mike@rohleder.de>.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[safety-checks?]: New
field.
(machine-check-file-system-availability): Return the empty list when
'safety-checks?' is false.
(machine-check-initrd-modules): Likewise.
* doc/guix.texi (Invoking guix deploy): Document it.
Previously, any call to 'managed-host-remote-eval' and similar would
open a new SSH session to the host. With this change, an SSH session is
opened once, cached, and then reused by all subsequent calls to
'machine-ssh-session'.
* gnu/machine/ssh.scm (<machine-ssh-configuration>): Add
'this-machine-ssh-configuration'.
[session]: Mark as thunked and change default value to an
'open-machine-ssh-session*' call.
(open-machine-ssh-session, open-machine-ssh-session*): New procedures.
(machine-ssh-session): Replace inline code by call to
'open-machine-ssh-session'.
For some time, OpenSSH's option 'PermitRootLogin' has deprecated the
ambiguous argument 'without-password' with 'prohibit-password'.
* doc/guix.texi (Network Services): Replace 'without-password by
'prohibit-password.
* gnu/machine/digital-ocean.scm (guix-infect): Change system
configuration to use 'prohibit-password.
* gnu/services/ssh.scm (openssh-configuration): Change comment to use
'prohibit-password.
(openssh-config-file): Add support for 'prohibit-password to
'permit-root-login'. Warn about deprecated 'without-password usage.
* gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by
'prohibit-password.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
Fixes a regression introduced in
2885c3568e.
Reported by Mathieu Othacehe.
* gnu/machine/ssh.scm (deploy-managed-host)[eval/error-handling]: Return
two values in the standard case.
Previously, '&inferior-exception' raised by 'upgrade-shepherd-services'
and co. would go through as-is, leaving users with an ugly backtrace.
* gnu/machine/ssh.scm (deploy-managed-host): Define
'eval/error-handling' and use it in lieu of EVAL as arguments to
'switch-to-system', 'upgrade-shepherd-services', and
'install-bootloader'.
This is a followup to 70ffa8af1e, which
did not really solve the problem.
* gnu/machine/ssh.scm (not-config?): New procedure.
(machine-boot-parameters): Use it as an argument to
'source-module-closure'.
* gnu/bootloader/grub.scm (grub-configuration-file): New parameter
store-crypto-devices.
[crypto-devices]: New helper function.
[builder]: Use crypto-devices.
* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* gnu/tests/install.scm (%encrypted-root-not-boot-os,
%encrypted-root-not-boot-os): New os declaration.
(%encrypted-root-not-boot-installation-script): New script, whose contents
were initially taken from %encrypted-root-installation-script.
(%test-encrypted-root-not-boot-os): New test.
* gnu/system.scm (define-module): Export
operating-system-bootoader-crypto-devices and
boot-parameters-store-crypto-devices.
(<boot-parameters>): Add field store-crypto-devices.
(read-boot-parameters): Parse store-crypto-devices field.
[uuid-sexp->uuid]: New helper function extracted from
device-sexp->device.
(operating-system-bootloader-crypto-devices): New function.
(operating-system-bootcfg): Use
operating-system-bootloader-crypto-devices to provide its contents to
the bootloader configuration generation process.
(operating-system-boot-parameters): Add store-crypto-devices to the
generated boot-parameters.
(operating-system-boot-parameters-file): Likewise to the file with
the serialized structure.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* tests/boot-parameters.scm (%default-store-crypto-devices): New
variable.
(%grub-boot-parameters, test-read-boot-parameters): Use
%default-store-crypto-devices.
(tests store-crypto-devices): New tests.
Fixes <http://issues.guix.gnu.org/44196>
* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-directory-prefix.
* gnu/system.scm (define-module): Export
boot-parameters-store-directory-prefix.
(<boot-parameters>)[store-directory-prefix]: New field. It is used to
generate the correct paths when /gnu/store is installed on a btrfs
subvolume whose name doesn't match the final runtime path, as the
bootloader doesn't have knowledge about the final mounting points.
[boot-parameters-store-directory-prefix]: New accessor.
(read-boot-parameters): Read directory-prefix from store field.
(operating-system-boot-parameters-file): Add directory-prefix to
store field.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-directory-prefix.
* test/boot-parameters.scm (%default-btrfs-subvolume,
%default-store-directory-prefix): New variables.
(%grub-boot-parameters): Use %default-store-directory-prefix.
(%default-operating-system): Use %default-btrfs-subvolume.
(test-boot-parameters): Add directory-prefix.
(test optional fields): Add test for directory-prefix.
(test os store-directory-prefix): New test.
* gnu/machine/ssh.scm (roll-back-managed-host): Use locale information
from boot-parameters.
* gnu/system.scm (operating-system-bootcfg): Provide locale information
to the bootloader.
* guix/system/script.scm (reinstall-bootloader): Use locale information
from boot-parameters.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
This is a followup to 8e31736b0a.
* guix/scripts/system/reconfigure.scm (check-forward-update): Add
#:current-channels. Use it instead of OLD.
* gnu/services.scm (sexp->system-provenance): New procedure.
(system-provenance): Use it.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[allow-downgrades?]:
New field.
(machine-check-forward-update): New procedure.
(check-deployment-sanity)[assertions]: Call it.
* doc/guix.texi (Invoking guix deploy): Document 'allow-downgrades?'
field.
Maxim Cournoyer