- Introduction
- Install a bare Debian
- Copy GNU Guix
- Start replacing services
- Environment
- Setting up the desktop
- Other services
- Conclusion
This section deals with running GNU Guix as a package manager inside an existing distribution - which can be any distro. Before I make the full jump to running GuixSD I decided to run a bare bones Debian with SysV on my laptop (apparently I am one of the few people who does not like systemd) so I still get apt and Debian firmware support when I need it. And then one day, when I know I no longer need apt, I may take the plunge into running GuixSD on my laptop (running stock servers will be easier). Do note that there are quite a few people running GuixSD on their laptops too! But it is not for the faint of heart.
The setup is on an older Thinkpad T420. Pretty much everything works. And because I use the minimalistic i3 windo manager almost everything is invoked from the command line.
Since I already had a Debian installed I could use debootstrap to install a minimal distro on a fresh partition. I used a 10Gb partition, which should be large enough as Guix will go on another partition.
debootstrap stable /mnt/sda3/ http://ftp.nl.debian.org/debian/
That installs about 170 packages(!) and we may start purging some later.
After the chroot, install SysV and you can optionally purge systemd according to info. Edit /etc/fstab to match your system and install kernel and headers
apt-get install linux-image-amd64 linux-headers-3.16.0-4-all-amd64
which also fetches the free firmware. I also added a networking interface and the openssh software so I can configure remotely. Now we are at 270-odd packages (a minimal Debian is easily 1GB and with X 2GB). Also add users/groups in the new partition so you can login.
Install grub2 on the boot partition, typically
apt-get install grub2
update-grub2
grub-install /dev/sdaand reboot. Recently I also installed an Intel NUC this way. To get it booting a few extra steps were required booting the kernel from grub-efi and following https://wiki.debian.org/GrubEFIReinstall. Note with the Debian installer you can both chroot in console to update grub-efi and remote ssh login from the rescue part of the installer (very nice if you use a non-standard keyboard layout). Don’t forget to rename grubx64.efi to bootx64.efi and add the grub menu:
grub-mkconfig -o /boot/grub/grub.cfg grub-install --boot-directory=/boot /dev/nvme0(n1)
Next create a partition for Guix and start installing. The quickest way is to copy the relevant files from another system. Guix is good at that because it does not interfere with anything else. Simple way is to copy all files in /gnu/store, /var/guix and the .guix-profile directory in your home dir (note that the proper way to do this is via guix archive). The store on my running laptop is 12Gb in size. It probably is a good idea to reserve at least 20GB, the larger the better.
You may need to set the key and update guix according to guix-notes.
When everything works there is probably nothing else to install because my previous /gnu/store was up-to-date! For example, my installation of python and elixir with dependencies just worked (tm). There is no smoother way to move from one machine to another.
On my freshly installed bare system only the following services are running (outside kernel stuff):
ps xau|grep bin
root 1180 0.0 0.0 258672 2252 ? Ssl Jun12 0:00 /usr/sbin/rsyslogd
root 1227 0.0 0.0 25904 2076 ? Ss Jun12 0:00 /usr/sbin/cron
root 1238 0.0 0.0 19276 1684 ? Ss Jun12 0:07 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
root 1269 0.0 0.0 55184 3224 ? Ss Jun12 0:00 /usr/sbin/sshd
root 1293 0.0 0.0 12844 1736 tty1 Ss+ Jun12 0:00 /sbin/getty 38400 tty1
root 1294 0.0 0.0 12844 1788 tty2 Ss+ Jun12 0:00 /sbin/getty 38400 tty2
root 1295 0.0 0.0 12844 1860 tty3 Ss+ Jun12 0:00 /sbin/getty 38400 tty3
root 1296 0.0 0.0 12844 1840 tty4 Ss+ Jun12 0:00 /sbin/getty 38400 tty4
root 1297 0.0 0.0 12844 1768 tty5 Ss+ Jun12 0:00 /sbin/getty 38400 tty5
root 1298 0.0 0.0 12844 1852 tty6 Ss+ Jun12 0:00 /sbin/getty 38400 tty6
root 2457 0.0 0.0 20312 3352 pts/3 Ss 00:58 0:00 /bin/bash
root 2458 0.0 0.0 33872 4008 pts/3 S+ 00:58 0:00 /home/pjotr/.guix-profile/bin/guix-daemon --build-users-group=guixbuildNice and minimalistic!
As root
guix package -i wpa-supplicant iw
My thinkpad laptop needs some non-free firmware - here Debian comes in handy:
apt-get install firmware-iwlwifi modprobe -r iwlwifi modprobe iwlwifi dhclient -v wlan0 iw wlan0 scan|grep -i ssid
should start the interface and show available routers. Now we need to register with the router
wpa_passphrase essid key >> /etc/wpa_supplicant.conf
where essid is the name of the router and key is the access phrase/key.
wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf & dhclient -v wlan0
The last two lines can go into the startup script.
Note that this is the barebones way of running wifi and may not be good enough with more complicated setups, such as eduroam (easily handled using networkmanager). Here is one example using wpa_supplicant, and here is the one I am using today:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="eduroam"
key_mgmt=IEEE8021X WPA-NONE WPA-EAP
eap=PEAP
identity="pjort@university.edu"
password="*****"
#ca_cert="/location/of/cert" # This might not be required.
phase2="auth=MSCHAPV2"
priority=2
auth_alg=OPEN
}The first candidate is to run openssh server through Guix because Guix contains a more modern edition, e.g. on Debian stable (which just came out) compared with guix:
/usr/bin/ssh -V
OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
guix package -A ssh
libssh 0.7.3 out gnu/packages/ssh.scm:46:2
libssh2 1.7.0 out gnu/packages/ssh.scm:89:2
openssh 7.2p2 out gnu/packages/ssh.scm:116:2As root on guix install openssh
guix package -i openssh
~/.guix-profile/bin/ssh -V
OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016now we want to tell the server to use this. First try by hand, e.g.
/root/.guix-profile/sbin/sshd -f /etc/ssh/sshd_confignext update the script in /etc/init.d/ssh to use this command.
Once it works we purge ssh from Debian
apt-get remove openssh-server openssh-client openssh-sftp-serverFeeling lighter already ;)
Mixing locales has its problems. With this setup I set both GUIX_LOCPATH and LOCPATH and next the locale:
guix package -i glibc-locales export LOCPATH="$HOME/.guix-profile/lib/locale" export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale" export LC_ALL=en_GB.UTF-8
Note that Guix can have multiple locales (tied to glibc), see INSTALL.org.
First thing we need is a driver for X. My laptop has an intel card. Install the following as root (and later as normal user)
guix package -i xf86-video-intel xorg-server xinit slim \
xterm xf86-input-keyboard xf86-input-mouse xf86-input-evdev \
xf86-input-libinput xf86-input-synaptics xinput libdrm \
xf86driprotoxf86-video-intel
Add the search paths to .bashrc (or something):
guix package --search-paths
start X as root
slim
and you should be able to run a desktop with
startx -- ~/.guix-profile/bin/X
I had to add a basic xorg.conf file to point to the drivers.
Note that the X server has to run with root privileges. I am not sure how to work around this, but I set suid permissions in the store for the X server.
A working /etc/X11/xorg.conf
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"
EndSection
Section "ServerFlags"
Option "AllowEmptyInput" "false"
Option "AutoAddDevices" "false"
Option "AutoEnableDevices" "false"
EndSection
Section "Files"
ModulePath "/home/pjotr/.guix-profile/lib/xorg/modules"
ModulePath "/home/pjotr/.guix-profile/lib/xorg/modules/drivers"
ModulePath "/home/pjotr/.guix-profile/lib/xorg/modules/input"
ModulePath "/home/pjotr/.guix-profile/lib/xorg/modules/extensions"
# XkbDir "/etc/X11/xkb"
EndSection
Section "Module"
Load "glx"
EndSection
Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"
EndSection
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/input/mice"
Option "ZAxisMapping" "4 5 6 7"
EndSection
Section "Monitor"
Identifier "Monitor0"
VendorName "Monitor Vendor"
ModelName "Monitor Model"
EndSection
Section "Device"
Identifier "Card0"
Driver "modesetting"
BusID "PCI:0:2:0"
EndSection
Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
SubSection "Display"
Viewport 0 0
Depth 24
EndSubSection
EndSectionNow, on my bare X11 system running i3wm, only the following services are running (outside kernel stuff):
ps xau|grep bin
root 334 0.0 0.0 41104 3496 ? Ss 07:15 0:00 udevd --daemon
root 1073 0.0 0.0 25400 7708 ? Ss 07:16 0:00 dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
root 1191 0.0 0.0 258672 3000 ? Ssl 07:16 0:00 /usr/sbin/rsyslogd
root 1230 0.0 0.0 25904 2124 ? Ss 07:16 0:00 /usr/sbin/cron
root 1251 0.0 0.0 19276 2056 ? Ss 07:16 0:00 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
root 1275 0.0 0.0 30644 2452 ? Ss 07:16 0:00 /root/.guix-profile/sbin/sshd -f /etc/ssh/sshd_config
root 1299 0.0 0.0 63528 3076 tty1 Ss 07:16 0:00 /bin/login --
root 1300 0.0 0.0 12844 1824 tty2 Ss+ 07:16 0:00 /sbin/getty 38400 tty2
root 1301 0.0 0.0 12844 1948 tty3 Ss+ 07:16 0:00 /sbin/getty 38400 tty3
root 1302 0.0 0.0 12844 1960 tty4 Ss+ 07:16 0:00 /sbin/getty 38400 tty4
root 1303 0.0 0.0 12844 1928 tty5 Ss+ 07:16 0:00 /sbin/getty 38400 tty5
root 1304 0.0 0.0 12844 1912 tty6 Ss+ 07:16 0:00 /sbin/getty 38400 tty6
pjotr 1339 0.0 0.0 18028 1956 tty1 S+ 07:16 0:00 xinit /home/pjotr/.xinitrc -- /home/pjotr/.guix-profile/bin/X :0 -auth /home/pjotr/.serverauth.1321
root 1340 0.1 0.4 155516 32900 tty7 Ss+ 07:16 0:00 /home/pjotr/.guix-profile/bin/X :0 -auth /home/pjotr/.serverauth.1321
pjotr 1344 0.0 0.1 115936 9372 tty1 S 07:16 0:00 i3
pjotr 1348 0.0 0.1 90168 8080 ? S 07:16 0:00 i3bar --bar_id=bar-0 --socket=/tmp/i3-pjotr.xWV6Ja/ipc-socket.1344
pjotr 1349 0.0 0.0 57320 3924 ? S 07:16 0:00 i3statusNote the lack of dbus, for example. Still nice and minimalistic. I think this is sweet.
This description appeals to me:
guix package --show=font-terminus location: gnu/packages/fonts.scm:381:2 homepage: http://terminus-font.sourceforge.net/ license: SIL OFL 1.1 synopsis: Simple bitmap programming font description: Terminus Font is a clean, fixed width bitmap font, designed for + long (8 and more hours per day) work with computers.
Install
guix package -i font-terminus
The fonts are stored in $HOME/.guix-profile/share/fonts/terminus. Now you can do
xterm -fa 'terminus' -fs 20
or
xterm -fa 'terminus' -fn 9x15
to get a large font. Another interesting set is font-liberation:
synopsis: Fonts compatible with Arial, Times New Roman, and Courier New description: The Liberation font family aims at metric compatibility with + Arial, Times New Roman, and Courier New. + - Sans (a substitute for Arial, Albany, Helvetica, Nimbus Sans L, and + Bitstream Vera Sans); + - Serif (a substitute for Times New Roman, Thorndale, Nimbus Roman, and + Bitstream Vera Serif); + - Mono (a substitute for Courier New, Cumberland, Courier, Nimbus Mono L, and + Bitstream Vera Sans Mono).
Usage
xterm -fa 'Mono' -fs 20
guix package -i xset setxkbmap
I had to copy my keyboard layout into the store (not recommended, I need to add a proper package!)
root@monza:/gnu/store/cqwv78pirkfka92flin1hs34sb5i8v1k-xkeyboard-config-2.17# cp /home/pjotr/workman share/X11/xkb/symbols/
I find the speed of the external mouse to be high. Get the id
xinput list
list properties
xinput list-props 6
Decerate using the mouse id, the propedty id and a new value. On my system:
xinput set-prop 6 243 3.0
xrandr --output LVDS-1 --same-as VGA-1 --output VGA-1 --auto
echo -n mem > /sys/power/state
i3wm comes with a status bar. To get battery info:
acpi -b Battery 0: Discharging, 98%, 04:42:42 remaining
No need for networkmanager!! This works at University of Utrecht and Wageningen University:
pkill wpa_supplicant wpa_supplicant -Dwext -iwlan0 -c /etc/wpa_supplicant_eduroam.conf & dhclient -v wlan0
where /etc/wpa_supplicant_eduroam.conf contains
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="eduroam"
key_mgmt=IEEE8021X WPA-NONE WPA-EAP
eap=PEAP
identity="email/account"
password="****"
#ca_cert="/location/of/cert" # This might not be required.
phase2="auth=MSCHAPV2"
priority=2
auth_alg=OPEN
}Create /etc/modprobe.d/thinkpad_acpi.conf with:
options thinkpad_acpi fan_control=1
Reload the module and switch off the fan with
echo level 0 > /proc/acpi/ibm/fan
It is recommended to have a daemon running such as thinkfan. The settings I use now are
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp1_input
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp2_input
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp3_input
(0, 0, 65)
(1, 65, 70)
(2, 70, 72)
(3, 72, 74)
(4, 74, 76)
(5, 76, 78)
(6, 78, 80)
(7, 80, 32767)Currently use Debian stunnel (I know).
Complicated screen, keyboard, power management, fan control and wifi setup work fine. I switch for my daily work seamlessly between work station and laptop since they have the exact same tools.
Reproducibility between machines is a Guix feature.
I have a few minor niggles I still need to improve. The remaining item is that I would like to improve the fonts.
For the rest it is rather perfect!! Next time I may try a pure Guix setup!
Note: ultimately I did cave in to run cups, Chrome, FireFox and Skype on top of Debian dependencies. Now dbus is also running. But still, most software is Guix installed and the number of background processes is minimal. Cups has a Guix package - I just did not bother to figure out how to run it. And if you can live without these tools you can go a long way with pure Guix!