README

This document describes my Gnu Guix System setup for a virtual machine installation (QEMU for me).

• This is for a UEFI installation that can be performed remotely via SSH (easy copy/paste of notes, etc.)
• The installation uses BTRFS instead of LVM, with full disk encryption (LUKS)
• The core installation itself is minimal
  • The user specific software packages include Sway (i3 for Wayland), Librewolf. See home/user/src/guix-config/home-configuration.scm
  • Sway is configured with Ratpoison-like keybindings (C-t prefix)

My goal is to contribute to Open Source projects from a Guix environment.

• My main machine runs few virtual machines a la Qubes OS (vault-vm, personal-vm, etc.)
• Gnu Guix System would be dedicated to open source contributions

Notes:

• Configuration files of this repository are meant to “approachable”
• You can fork this repository and customize further the set of packages that you like and so on

Enable remote installation

After booting the Gnu Guix System ISO image, elect to drop into a shell after selecting your language and location.

Please start SSH and setup a non-blank root password.

herd start ssh-daemon
passwd

Prepare the installation

You can “ssh into” the Gnu Guix System installation: ssh root@ip_here -p port_here.

During new installations with QEMU, I typically forward port 22 to a fixed port number (e.g., 62000).

For my personal setup, I’m using ssh root@localhost -p 62000.

Create partitions

Identify your disk partitions (fdisk -l can help).

Create 2 partitions by running cgdisk /dev/sda (in my case)

• Setup the EFI partition (code ef00) of 300 MB (/dev/sda1 in my case)
• Setup the Linux partition (default code) with the remaining disk space (/dev/sda2 in my case)

Write changes to disk and then Quit the cgdisk interface.

Create an encrypted device

Encrypt the main partition.

cryptsetup luksFormat --type luks1 /dev/sda2

Open LUKS device

Open the encrypted device.

cryptsetup luksOpen /dev/sda2 guixvm

Prepare installation

Run all the commands below to configure partitions and setup filesystems.

mkfs.btrfs -L guixroot /dev/mapper/guixvm

mount -t btrfs /dev/mapper/guixvm /mnt

btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/boot
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/gnu
btrfs subvolume create /mnt/data
btrfs subvolume create /mnt/log
btrfs subvolume create /mnt/swap

btrfs filesystem mkswapfile --size 4g /mnt/swap/swapfile
btrfs subvolume snapshot -r /mnt/root /mnt/root-blank

umount /mnt

mount -o subvol=root /dev/mapper/guixvm /mnt
mkdir -p /mnt/home /mnt/gnu /mnt/data /mnt/var/log /mnt/boot /mnt/swap
mount -o subvol=home /dev/mapper/guixvm /mnt/home
mount -o subvol=gnu  /dev/mapper/guixvm /mnt/gnu
mount -o subvol=data /dev/mapper/guixvm /mnt/data
mount -o subvol=log  /dev/mapper/guixvm /mnt/var/log
mount -o subvol=boot /dev/mapper/guixvm /mnt/boot
mount -o subvol=swap /dev/mapper/guixvm /mnt/swap

mkfs.vfat /dev/sda1
mkdir -p /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

herd start cow-store /mnt

Install the system

Edit the etc/config.scm file as needed (i.e. efi and root partition names, timezone, keyboard layout).

You need to create the config.scm file inside your installation

• You can add/edit the file on your Guix installation locally or via SSH (with nano, mg or vi)
• Alternatively, you could also download the raw file from GitHub via wget or curl

mkdir -p /mnt/etc
cp config.scm /mnt/etc/config.scm
guix system init /mnt/etc/config.scm /mnt

You can now reboot into your new system (shutdown/start or reboot depending on your setup).

reboot

Setup the new system

Update passwords

Both passwords for the root and user users are initially empty.

Let’s login as root and change that.

passwd
passwd user

Update the system

You can now continue the configuration process remotely (ssh user@localhost -p 62000 in my case).

guix pull --timeout=800 --max-silent-time=800
sudo guix system reconfigure /etc/config.scm
reboot

Fix the clock

Connect to the machine remotely (ssh user@localhost -p 62000 in my case).

guix package -i ntp
GUIX_PROFILE="$HOME/.guix-profile"
. "$GUIX_PROFILE/etc/profile"
sudo ntpdate -s time.nist.gov && sudo hwclock --systohc
guix package -r ntp

User environment setup

This will setup a minimal Wayland graphical environment with Sway (via Guix home configuration management).

• It is assumed have you’ve pulled the contents of this git repository on your new Guix installation
• You’ll then be able to quickly have a system up and running

As a regular user (user in my case), deploy home/user/src/guix-config/home-configuration.scm.

mkdir -p ~/Downloads ~/.config/guix
cd ~/Downloads
git clone https://github.com/yveszoundi/guix-config
cp -rf guix-config/home/user/src ~/
cp -rf guix-config/home/user/Pictures ~/
guix home reconfigure ~/src/guix-config/home-configuration.scm
cd -

After first login in the tty, type sway on the command-line to start the Wayland compositor.

Additional notes

Mullvad VPN on the host

If specifically using Mullvad VPN on the host machine, you might run into internet connectivity issues inside the Guix virtual machine. In such a case, create a file at /etc/resolv.conf.head with the line nameserver 10.64.0.1. See also running-wireguard-router.

Initial update upon installation

It is probably a good idea to run guix pull prior installating the system to fetch immediately latest updates (configuration file discrepancies over time, etc.). I haven’t tried that yet though.

References

• https://guix.gnu.org/
• https://packages.guix.gnu.org/
• https://guix.gnu.org/manual/en/html_node/Declaring-the-Home-Environment.html
• https://guix.gnu.org/manual/en/html_node/Essential-Home-Services.html
• https://git.sr.ht/~raghavgururajan/guix-config
• https://git.sr.ht/~boeg/home/tree/master/.config/guix/system/config.scm
• https://github.com/yenda/guix-config/blob/master/readme.org
• https://www.youtube.com/watch?v=XOYirIzUlW8