guix

Guix

Link manifest

(ignore-errors
(let* ((manifest-dir (file-name-as-directory (concat (file-name-as-directory (xdg-config-home)) "guix-manifests")))
        (manifest-dir-file (concat manifest-dir "user.scm")))
    (if (not (file-exists-p manifest-dir))
        (make-directory manifest-dir))
    (if (not (or (file-exists-p manifest-dir-file) (file-symlink-p manifest-dir-file)))
        (make-symbolic-link (concat (file-name-directory (or load-file-name buffer-file-name)) "user.scm") manifest-dir-file 1))))

User manifest

;; Manifest for development env
(specifications->manifest
 '(
   ;; basic
   ;;"shepherd" ;;"glibc-utf8-locales"

   ;;"ungoogled-chromium-nvda"
   ;;"firefox-nvda"; --with-graft=mesa=nvda
   ;;"torbrowser"

   ;;"transmission"
   ;;"nzbget"
   ;;"steam-nvidia" ;; steam
   ;;"zfs"
   "strace"
   "perf"
   "flamegraph"
   "bpftrace"
   "bcc"

   ;; C dev
   ;;"make" ;;"cmake"
   ;;"glibc" ;; "musl"
   ;;"gcc-toolchain" ;;"clang-toolchain"
   "gdb" ;;"lldb"
   ;;"rr"
   ;;"binutils"
   ;;"module-init-tools"
   ;;"msr-tools"

   ;; java
   ;;"openjdk"
   ;;"maven"
   ;;"leiningen"
   ;;"clojure"

   ;; julia
   ;;"julia"

   ;; python
   ;;"python"
   ;;"vapoursynth";; "ffms2"

   ;; shell
   ;;"shellcheck" ;;"bash"
   "htop"; Requires CAP_NET_ADMIN for PERCENT_*_DELAY
   ;;"bottom"
   ;;"xclip"
   ;;"wl-clipboard"
   ;;"bc"
   ;;"jq"
   ;;"coreutils" ;;"busybox"
   ;;"less"
   ;;"gzip"
   ;;"fdisk" ;;"gparted"
   ;;"wget"
   ;;"diffutils"
   ;;"findutils"
   ;;"tar"
   ;;"gawk"
   ;;"which"
   ;;"sed"
   ;;"grep"
   ;;"patch"
   ;;"gash"
   ;;"gash-utils"
   "screen"

   ;; apps
   ;;"wine64"; "wine"
   ;;"winetricks"
   ;;"clamav"
   ;;"filezilla"
   ;;"lynx"
   ;;"libvirt"
   ;;"virt-manager"
   ;;"postgresql"
   ;;"sqlite"
   ;;"tigervnc-client"
   ;;"tigervnc-server" ; newer gdm supports rdp login
   ;;"searx"
   ;;"gnuradio"
   ;;"obs"
   ;;"virt-viewer"
   ;;"dino" ; xmpp client
   ;;"flatpak"
   ;;"waypipe"

   ;; docs
   ;;"libreoffice"
   ;;"calibre"
   ;;"biber"
   ;;"texlive"
   ;;"kiwix-desktop"

   ;; media
   ;;"blender"
   ;;"gimp"
   ;;"inkscape"
   ;;"vlc"
   ;;"mkvtoolnix"
   ;;"mediainfo"
   ;;"ffmpeg"
   ;;"gnuplot"
   ;;"makemkv"
   ;;"yt-dlp"

   ;; net
   ;;"curl"
   ;;"whois"
   ;;"bind:utils"
   ;;"nmap"
   ;;"python-stem"
   ;;"onionshare"
   ;;"iptables"
   ;;"ebtables"
   ;;"wireshark"
   ;;"netcat"
   ;;"net-tools"
   ;;"openssh" ;;"dropbear"
   ;;"wireguard-tools"
   ;;"socat"
   ;;"tor"
   ;;"torsocks"
   ;;"i2pd"
   ;;"dnsmasq"

   ;; Desktop
   ;;"notification-daemon"
   ;;"nvidia-driver"
   ))

guix notes

https://git.genenetwork.org/guix-north-america/about/ for NA substitute server ?
cuirass ci saves gc roots in /var/guix/gcroots/profiles/per-user/cuirass/cuirass for default of 30 days
- can unlink and gc for space
guix system image -t iso9660 ./installer.scm
GUIX_SANDBOX_EXTRA_MOUNTS=/path/to/extra/thing for guix steam
transform options for source, c-toolchain, debug, grafts/inputs
- --with-commit=SomeSuchPackage=XXX
-L ./guix-channel to use local channel changes
guix pack -S /bin=bin -S /sbin=sbin --localstatedir -RR guix bash-static
guix package --roll-back to drop to last version
commit signing and downgrading flags are --disable-authentication --allow-downgrades
platform specific binaries can be produces with the --tune flag
hpc channel for extra pytorch packages
- https://gitlab.inria.fr/guix-hpc/guix-hpc/
- misc channels https://git.sr.ht/~whereiseveryone/toys/log for services/packages (sops(secrets), cuda, android, rustup, lutris, ollama, tailscaled, jellyfin, tailwindcss-lsp, guile-lsp, goblins, etc)
non root guix can be done through a series of env variables and flags
- arg --listen=/socket and/or env vars
app img run mount thing.AppImage tmpmnt -o offset=$(guix shell -C -F zlib -- "./thing.AppImage --appimage-offset")
guix shell can emulate normal fs with –emulate-fhs
set package as GC root with ln --symbolic --force /path/to/guix/packagelink /var/guix/gcroots for guix copy
download source with guix build -S PKG
search with rg -a -z "STR" /gnu/store/PKG.tar.gz
- Add $XDG_DATA_HOME/guix/bin to $PATH
- --disable-chroot
default source for user is $HOME/.guix-profile/etc/profile and $XDG_CONFIG_HOME/guix/etc/profile
- cleanup space with guix package -d && guix pull -d && guix gc
- os templates for qemu images with guix system image -t qcow2 --save-provenance
  - guix system upgrade
    - ln -s /etc/channels.scm ~/.config/guix/channels.scm
    - guix pull . ~/.config/guix/current/etc/profile
    - sudo -E guix system reconfigure /etc/guix-os.scm
  - run guix vm
    - qemu-system-x86_64 -nic user,model=virtio-net-pci,hostfwd=tcp::10022-:22 -enable-kvm -m 1024 -device virtio-blk,drive=myhd -drive if=none,file=$MY_IMAGE,id=myhd -spice port=5930,disable-ticketing
  - grow vm disk
    - qemu-image resize IMAGE.qcow2 +10G
    - growpart /dev/vda 2
    - resize2fs /dev/vda2
- guix hash -xr . for the checksum of a repo
- guix publish substitutes after exporting/importing key with guix archive or use nars with guix archive --export -r
packages are standard SRFI-9 guile records (set-fields, etc…)
nonguix substitutes at substitutes.nonguix.org key is /signing-key.pub.
guix time-machine --commit=a4eae0c3adce8e4c4ac153a4959d18b9897a67e1 -- package -i old
manual setup

#https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
# get tarball for system=x86_64-linux,aarch64,armhf,i686
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
# check sig
wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz.sig
gpg --verify guix-binary-1.0.1.x86_64-linux.tar.xz.sig
# with root
sudo -i
# untar into dirs
tar --warning=no-timestamp -xf /path/to/guix-binary-1.0.1.x86_64-linux.tar.xz
mv var/guix /var/ && mv gnu /
# add guix profile
mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix ~root/.config/guix/current
# setup build daemon for multiple users
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/
# add build users
groupadd --system guixbuild
for i in `seq -w 1 10`;
do
    useradd -g guixbuild -G guixbuild           \
            -d /var/empty -s `which nologin`    \
            -c "Guix build user $i" --system    \
            guixbuilder$i;
done
# link guix and info for all users
mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/* ;
do ln -s $i ; done
# source guix profile and add sub servers
source ~/root/.config/guix/current/etc/profile
guix archive --authorize < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
guix archive --authorize < ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
# install locale
guix package -i glibc-utf8-locales

manual install
- create image with guix system image -t iso9660 ./jam/system/installer.scm
  - dd if=file.iso of=/dev/sdX status=progress
- create wifi.conf with

network={
  ssid="ssid-name"
  key_mgmt=WPA-PSK
  psk="unencrypted passphrase"
}

rfkill unblock all && ifconfig -a && wpa_supplicant -c wifi.conf -i INTERFACE -B && dhclient -v INTERFACE
update time with ntpdate pool.ntp.org
- if you need to install nss-certs/git set the profile and add gits libexec directory to the PATH
partition with lsblk && cfdisk
format with mkfs
mount root as mnt and /boot/efi under /mnt/boot/efi
- ensure to have booted with uefi boot if installing efi and not legacy grub
swapon the device
herd start cow-store /mnt
clone config, copy channels to ~/.config/guix/, guix pull --no-check-certificate then guix system -L CONFIG_DIR init config.scm /mnt

guix shell --container --network --emulate-fhs \
    --development ungoogled-chromium gcc:lib \
    --preserve='^DISPLAY$' \
    --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
    --preserve='^DBUS_' --expose=/var/run/dbus \
    --expose=/sys/dev --expose=/sys/devices --expose=/dev/dri \
    -- ./VSCodium-1.74.0.22342.glibc2.17-x86_64.AppImage --appimage-extract-and-run # Run VSCodium Appimage

guix shell --network --container --emulate-fhs \
    bash coreutils curl grep nss-certs gcc:lib gcc-toolchain \
    pkg-config glib cairo atk pango@1.48.10 gdk-pixbuf gtk+ git \
    --share=$HOME/temphome=$HOME --no-cwd

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # install rustup in guix

guix shell --container --network --emulate-fhs \
    --preserve='^DISPLAY$' \
    --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
    alsa-lib bash coreutils dbus-glib file gcc:lib \
    grep gtk+ libcxx pciutils sed \
    -- ./start-tor-browser.desktop -v ; # Start tor-browser

GUIX_DAEMON_SOCKET=$XDG_DATA_HOME/guix/var/guix/daemon-socket/socket
GUIX_DATABASE_DIRECTORY=$XDG_DATA_HOME/guix/var/guix/db
GUIX_LOG_DIRECTORY=$XDG_DATA_HOME/guix/var/log/guix
GUIX_STATE_DIRECTORY=$XDG_DATA_HOME/guix/var/guix
GUIX_CONFIGURATION_DIRECTORY=$XDG_CONFIG_HOME/guix/etc
GUIX_LOCPATH=$XDG_DATA_HOME/guix/var/guix/profiles/per-user/root/guix-profile/lib/locale
NIX_STORE=$XDG_DATA_HOME/guix/gnu/store