Erase / on boot

Tom Fitzhenry wrote on 1 Nov 2021 12:13

Recipients:(address . bug-guix@gnu.org)

Message-ID:0eb0cb5f-2a76-08b6-1e24-ea1593b56c98@tom-fitzhenry.me.uk

This issue tracks the creation of a Guix System implementation of

https://grahamc.com/blog/erase-your-darlings:

"I erase my systems at every boot.

[...]

NixOS can boot with only two directories: /boot, and /nix."

I have a working prototype of

https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/. I will submit some

small fixes in the short term, and later some larger patches.

Ideally this will result in a cookbook entry, and a CI test.

Tom Fitzhenry wrote on 1 Nov 2021 13:19

Recipients:(address . 51547@debbugs.gnu.org)

Message-ID:e2aeac72-fa72-bb55-4074-4605065630d7@tom-fitzhenry.me.uk

Adventures so far...

I've pasted a working system configuration at the bottom.

The idea is to boot / as tmpfs, and to mount the minimal set of 
directories from persistent storage:
* /boot
* /gnu
* /home is not strictly required, but is useful!
* /var/guix

What's working:
* Booting to GNOME
* `guix system reconfigure`
* Booting previous generations
* /etc and /var are empty upon boot, woo!

A few issues:

* Bootstrapping all this is non-trivial. It requires fiddling with 
partitions, and getting it wrong can easily make your system unbootable. 
Suggestions? Maybe the user could set up bind-mounts to map to their 
preferred partition scheme? A basic cookbook entry could bind-mount 
directories from a single ext4 partition to the required directories.

* I tried setting up /gnu and /var/guix as bind-mounts per 
https://guix.gnu.org/cookbook/en/html_node/Setting-up-a-bind-mount.html, 
but this didn't seem to work from initrd: the kernel panic'd on boot. I 
need to confirm this and raise a bug.

* Mounting / as tmpfs falsely requires a device, otherwise it waits 
forever on boot. I need to confirm this and raise a bug.

* Activation-on-boot fails due to inexistence of /run and /var/run. 
https://issues.guix.gnu.org/51548 fixes this.


Here's the config:



(use-modules (gnu))
(use-service-modules desktop networking ssh xorg)

(operating-system
  (timezone "Australia/Sydney")
  (host-name "test")
  (users (cons* (user-account
                 (name "tom")
                 (comment "Tom")
                 (group "users")
                 (home-directory "/home/tom")
		;; Needed since /etc/passwd is not persisted.
		(password (crypt "password" "foobar"))
                 (supplementary-groups
                  '("wheel" "netdev" "audio" "video")))
                %base-user-accounts))
  (packages
   (append
    (list
     (specification->package "emacs-next"))
    %base-packages))
  (services
   (append
    (list (service gnome-desktop-service-type)
          (set-xorg-configuration
           (xorg-configuration
            (keyboard-layout keyboard-layout))))
    %desktop-services))
  (bootloader
   (bootloader-configuration
    (bootloader grub-bootloader)
    (target "/dev/sda")
    (keyboard-layout keyboard-layout)))
  (file-systems
   (cons* (file-system
           (mount-point "/")
           (device
	   ;; TODO: Raise bug that root-as-tmpfs falsely requires a partition.
            (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da"
                  'btrfs))
	  (options "size=1G")
           (type "tmpfs"))
	 (file-system
	  (mount-point "/boot")
           (device
            (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da"
                  'btrfs))
	  (options "subvol=boot")
	  (needed-for-boot? #t)
           (type "btrfs"))	
	 (file-system
	  (mount-point "/home")
           (device
            (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da"
                  'btrfs))
	  (options "subvol=home")
           (type "btrfs"))
  	 (file-system
	  (mount-point "/var/guix")
           (device
            (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da"
                  'btrfs))
	  (options "subvol=var/guix")
	  ;; Needed to boot old generations, which needs /var/guix/profiles/
	  (needed-for-boot? #t)
           (type "btrfs"))
	 (file-system
	  (mount-point "/gnu")
           (device
            (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da"
                  'btrfs))
	  (options "subvol=gnu")
	  (needed-for-boot? #t)
           (type "btrfs"))
          %base-file-systems)))

Tom Fitzhenry wrote on 3 Nov 2021 14:35

Recipients:(address . 51547@debbugs.gnu.org)

Message-ID:30dcfcdf-5a3d-4d52-54b0-592b0384b6d0@tom-fitzhenry.me.uk

On 1/11/21 23:19, Tom Fitzhenry wrote:

Toggle quote (2 lines)

> A few issues:

Another issue: /var/tmp/ is not created on boot, which breaks vi:

tom@computer ~/src$ vi
ex/vi: Error: /var/tmp/vi.recover: No such file or directory
ex/vi: Modifications not recoverable if the session fails
ex/vi: Error: /var/tmp/vi.recover/vi.u8Kkbb: No such file or directory

Maxim Cournoyer wrote on 12 Jul 2022 16:13

Re: bug#51547: Erase / on boot

Recipients:(name . Tom Fitzhenry)(address . tom@tom-fitzhenry.me.uk)(address . 51547-done@debbugs.gnu.org)

Message-ID:875yk28lmf.fsf@gmail.com

Hi Tom,

Tom Fitzhenry <tom@tom-fitzhenry.me.uk> writes:

Toggle quote (10 lines)> On 1/11/21 23:19, Tom Fitzhenry wrote:
>> A few issues:
>
> Another issue: /var/tmp/ is not created on boot, which breaks vi:
>
> tom@computer ~/src$ vi
> ex/vi: Error: /var/tmp/vi.recover: No such file or directory
> ex/vi: Modifications not recoverable if the session fails
> ex/vi: Error: /var/tmp/vi.recover/vi.u8Kkbb: No such file or directory

While interesting, this effort is not an actual bug and is a WIP it

seems, so I'm closing it.

Feel free to share progress or ask for guidance or guix-devel@gnu.org!

Thanks!

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 51547@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date