Guix

Link manifest

(ignore-errors
(let* ((manifest-dir (file-name-as-directory (concat (file-name-as-directory (xdg-config-home)) "guix-manifests")))
        (manifest-dir-file (concat manifest-dir "user.scm")))
    (if (not (file-exists-p manifest-dir))
        (make-directory manifest-dir))
    (if (not (or (file-exists-p manifest-dir-file) (file-symlink-p manifest-dir-file)))
        (make-symbolic-link (concat (file-name-directory (or load-file-name buffer-file-name)) "user.scm") manifest-dir-file 1))))

User manifest

;; Manifest for development env
(specifications->manifest
 '(
   ;; basic
   ;;"shepherd" ;;"glibc-utf8-locales"

   ;;"ungoogled-chromium-nvda"
   ;;"firefox-nvda"; --with-graft=mesa=nvda
   ;;"torbrowser"

   ;;"transmission"
   ;;"nzbget"
   ;;"steam-nvidia" ;; steam
   ;;"zfs"
   "perf"
   "bpftrace"
   "bcc"

   ;; C dev
   ;;"make" ;;"cmake"
   ;;"glibc" ;; "musl"
   ;;"gcc-toolchain" ;;"clang-toolchain"
   ;;"gdb" ;;"lldb"
   "rr"
   ;;"binutils"
   ;;"module-init-tools"
   ;;"msr-tools"

   ;; java
   ;;"openjdk"
   ;;"maven"
   ;;"leiningen"
   ;;"clojure"

   ;; julia
   ;;"julia"

   ;; python
   ;;"python"

   ;; shell
   ;;"shellcheck" ;;"bash"
   "htop"
   ;;"xclip"
   ;;"wl-clipboard"
   ;;"bc"
   ;;"jq"
   ;;"coreutils" ;;"busybox"
   ;;"less"
   ;;"gzip"
   ;;"fdisk" ;;"gparted"
   ;;"wget"
   ;;"diffutils"
   ;;"findutils"
   ;;"tar"
   ;;"gawk"
   ;;"which"
   ;;"sed"
   ;;"grep"
   ;;"patch"
   ;;"gash"
   ;;"gash-utils"

   ;; apps
   ;;"wine64"; "wine"
   ;;"winetricks"
   ;;"clamav"
   ;;"filezilla"
   ;;"lynx"
   ;;"libvirt"
   ;;"virt-manager"
   ;;"postgresql"
   ;;"sqlite"
   ;;"tigervnc-client"
   ;;"tigervnc-server" ; newer gdm supports rdp login
   ;;"searx"
   ;;"gnuradio"
   ;;"obs"
   ;;"virt-viewer"
   ;;"dino" ; xmpp client
   ;;"flatpak"

   ;; docs
   ;;"libreoffice"
   ;;"calibre"
   ;;"biber"
   ;;"texlive"
   ;;"kiwix-desktop"

   ;; media
   ;;"blender"
   ;;"gimp"
   ;;"inkscape"
   ;;"vlc"
   ;;"mkvtoolnix"
   ;;"mediainfo"
   ;;"ffmpeg"
   ;;"gnuplot"
   ;;"makemkv"
   "flamegraph"
   ;;"yt-dlp"
   ;;"vapoursynth";; "ffms2"

   ;; net
   ;;"curl"
   ;;"whois"
   ;;"bind:utils"
   ;;"nmap"
   ;;"python-stem"
   ;;"onionshare"
   ;;"iptables"
   ;;"ebtables"
   "wireshark"
   ;;"netcat"
   ;;"net-tools"
   ;;"openssh" ;;"dropbear"
   ;;"wireguard-tools"
   ;;"socat"
   "strace"
   ;;"tor"
   "torsocks"
   ;;"i2pd"
   ;;"screen"
   "dnsmasq"

   ;; Desktop
   ;;"notification-daemon"
   ;;"nvidia-driver"
   ))

guix notes

  • BUG cuirass ui adding job js failed with .remove button querySelector being null for adding the event handler
  • cuirass ci saves gc roots in /var/guix/gcroots/profiles/per-user/cuirass/cuirass for default of 30 days
    • can unlink and gc for space
  • guix system image -t iso9660 ./installer.scm
  • GUIX_SANDBOX_EXTRA_MOUNTS=/path/to/extra/thing for guix steam
  • transform options for source, c-toolchain, debug, grafts/inputs
    • --with-commit=SomeSuchPackage=XXX
  • -L ./guix-channel to use local channel changes
  • guix pack -S /bin=bin -S /sbin=sbin --localstatedir -RR guix bash-static
  • guix package --roll-back to drop to last version
  • commit signing and downgrading flags are --disable-authentication --allow-downgrades
  • platform specific binaries can be produces with the --tune flag
  • hpc channel for extra pytorch packages
  • non root guix can be done through a series of env variables and flags
    • arg --listen=/socket and/or env vars
  • app img run mount thing.AppImage tmpmnt -o offset=$(guix shell -C -F zlib -- "./thing.AppImage --appimage-offset")
  • guix shell can emulate normal fs with –emulate-fhs
  • set package as GC root with ln --symbolic --force /path/to/guix/packagelink /var/guix/gcroots for guix copy
  • download source with guix build -S PKG
  • search with rg -a -z "STR" /gnu/store/PKG.tar.gz
    • Add $XDG_DATA_HOME/guix/bin to $PATH
    • --disable-chroot
  • default source for user is $HOME/.guix-profile/etc/profile and $XDG_CONFIG_HOME/guix/etc/profile
    • cleanup space with guix package -d && guix pull -d && guix gc
    • os templates for qemu images with guix system image -t qcow2 --save-provenance
      • guix system upgrade
        • ln -s /etc/channels.scm ~/.config/guix/channels.scm
        • guix pull . ~/.config/guix/current/etc/profile
        • sudo -E guix system reconfigure /etc/guix-os.scm
      • run guix vm
        • qemu-system-x86_64 -nic user,model=virtio-net-pci,hostfwd=tcp::10022-:22 -enable-kvm -m 1024 -device virtio-blk,drive=myhd -drive if=none,file=$MY_IMAGE,id=myhd -spice port=5930,disable-ticketing
      • grow vm disk
        • qemu-image resize IMAGE.qcow2 +10G
        • growpart /dev/vda 2
        • resize2fs /dev/vda2
    • guix hash -xr . for the checksum of a repo
    • guix publish substitutes after exporting/importing key with guix archive or use nars with guix archive --export -r
  • packages are standard SRFI-9 guile records (set-fields, etc…)
  • nonguix substitutes at substitutes.nonguix.org key is /signing-key.pub.
  • guix time-machine --commit=a4eae0c3adce8e4c4ac153a4959d18b9897a67e1 -- package -i old
  • manual setup
#https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
# get tarball for system=x86_64-linux,aarch64,armhf,i686
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
# check sig
wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz.sig
gpg --verify guix-binary-1.0.1.x86_64-linux.tar.xz.sig
# with root
sudo -i
# untar into dirs
tar --warning=no-timestamp -xf /path/to/guix-binary-1.0.1.x86_64-linux.tar.xz
mv var/guix /var/ && mv gnu /
# add guix profile
mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix ~root/.config/guix/current
# setup build daemon for multiple users
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/
# add build users
groupadd --system guixbuild
for i in `seq -w 1 10`;
do
    useradd -g guixbuild -G guixbuild           \
            -d /var/empty -s `which nologin`    \
            -c "Guix build user $i" --system    \
            guixbuilder$i;
done
# link guix and info for all users
mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/* ;
do ln -s $i ; done
# source guix profile and add sub servers
source ~/root/.config/guix/current/etc/profile
guix archive --authorize < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
guix archive --authorize < ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
# install locale
guix package -i glibc-utf8-locales
  • manual install
    • create wifi.conf with
network={
  ssid="ssid-name"
  key_mgmt=WPA-PSK
  psk="unencrypted passphrase"
}
  • rfkill unblock all && ifconfig -a && wpa_supplicant -c wifi.conf -i INTERFACE -B && dhclient -v INTERFACE
  • partition with lsblk && cfdisk
  • format with mkfs
  • mount root as mnt and /boot/efi under /mnt/boot/efi
  • swapon the device
  • herd start cow-store /mnt
  • clone config, symlink channels, pull then guix system -L CONFIG_DIR init config.scm /mnt
guix shell --container --network --emulate-fhs \
    --development ungoogled-chromium gcc:lib \
    --preserve='^DISPLAY$' \
    --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
    --preserve='^DBUS_' --expose=/var/run/dbus \
    --expose=/sys/dev --expose=/sys/devices --expose=/dev/dri \
    -- ./VSCodium-1.74.0.22342.glibc2.17-x86_64.AppImage --appimage-extract-and-run # Run VSCodium Appimage

guix shell --network --container --emulate-fhs \
    bash coreutils curl grep nss-certs gcc:lib gcc-toolchain \
    pkg-config glib cairo atk pango@1.48.10 gdk-pixbuf gtk+ git \
    --share=$HOME/temphome=$HOME --no-cwd

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # install rustup in guix

guix shell --container --network --emulate-fhs \
    --preserve='^DISPLAY$' \
    --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
    alsa-lib bash coreutils dbus-glib file gcc:lib \
    grep gtk+ libcxx pciutils sed \
    -- ./start-tor-browser.desktop -v ; # Start tor-browser

GUIX_DAEMON_SOCKET=$XDG_DATA_HOME/guix/var/guix/daemon-socket/socket
GUIX_DATABASE_DIRECTORY=$XDG_DATA_HOME/guix/var/guix/db
GUIX_LOG_DIRECTORY=$XDG_DATA_HOME/guix/var/log/guix
GUIX_STATE_DIRECTORY=$XDG_DATA_HOME/guix/var/guix
GUIX_CONFIGURATION_DIRECTORY=$XDG_CONFIG_HOME/guix/etc
GUIX_LOCPATH=$XDG_DATA_HOME/guix/var/guix/profiles/per-user/root/guix-profile/lib/locale
NIX_STORE=$XDG_DATA_HOME/guix/gnu/store

guix issues

TODO [PATCH v1] initrd: Allow extra search paths with ‘initrd-extra-module-paths’   patch

[2022-05-02 Mon] Submitted

:DEBBUGSID: 55231 :CREATOR: Brian Cully <bjc@spork.org>

Messages [2022-06-21 Tue] Last modified

TODO Add support for file capabilities(7)   patch

[2023-02-12 Sun] Submitted

:DEBBUGSID: 61462 :CREATOR: Tobias Geerinckx-Rice <me@tobias.gr>

Messages [2023-12-23 Sat] Last modified 

; WIP This does not work as it can't find patches? (ghostscript)
(define-module (etc httm-manifest)
 #:use-module (guix scripts pack)
 #:use-module (guix gexp)
 #:use-module (guix monads)
 #:use-module (guix profiles)
 #:use-module (guix store)
 #:use-module (guix derivations)
 #:use-module (guix modules)
 #:use-module (gnu packages)
 #:use-module (gnu packages gnupg)
 #:use-module (gnu packages guile)
 #:use-module (gnu packages ghostscript)

 )

;(display (source-module-closure '((guix scripts pack)
;                                  (guix monads)
;                                  (guix profiles)
;                                  (guix store)
;                                  (guix derivations))))

  (manifest
   (list
    (manifest-entry
     (name "httm-binary-tarball")
     (version "0.30.0")
     (item (computed-file "httm-directory"
                          (with-extensions (list guile-gcrypt guile-zlib guile-git guile-bytestructures guile-json-4)
                                           (with-imported-modules (source-module-closure
                                                                   '(;(guix packages)
                                                                     ;(guix utils)
                                                                     ;(gnu compression)
                                                                     ;(gnu packages ghostscript)
                                                                     ;(gnu packages)
                                                                     (guix scripts pack)
                                                                     (guix monads)
                                                                     (guix profiles)
                                                                     (guix store)
                                                                     (guix derivations))
                                                                   ;(append %load-path (%patch-path)); load-path
                                                                   )
                          #~(let ((bin (string-append #$output "/bin")))
                              (mkdir #$output) (mkdir bin)
                              (use-modules ;(guix packages)
                                           ;(guix gexp)
                                           ;(guix utils)
                                           ;(gnu compression)
                                           ;(gnu packages ghostscript)
                                           ;(gnu packages)
                                           (guix scripts pack)
                                           (guix monads)
                                           (guix profiles)
                                           (guix store)
                                           (guix derivations))
                              (define (build-tarballs)
                                (run-with-store (open-connection)
                                                (mbegin %store-monad
                                                        ;(set-guile-for-build (default-guile))
                                                        (>>= (profile-derivation (packages->manifest (list "rust-httm-0.30")))
                                                             (lambda (profile)
                                                               (self-contained-tarball "httm-binary" profile
                                                                                       #:profile-name "rust-httm"
                                                                                      ;#:localstatedir? #t
                                                                                      ;#:compressor (lookup-compressor "xz")
                                                                                       ))))
                                                #:system "x86_64-linux"))
                              (symlink (derivation->output-path (build-tarballs)) (string-append bin "rust-httm.tar.xz"))))))))))