System configuration


PantherX comes with a really easy, command-line based installer that asks virtually no questions. Simply boot the ISO, make sure you’re connected to the internet and run px-install. If you know how-to press buttons on your keyboard, it’s as easy to use, as any installer with interface. If you insist on an interface, we kindly ask you to wait another couple of months, or help us write one now.

Desktop

This provides the default desktop environment.

  • Standard Linux kernel
  • Firewall with sane defaults (22 is not open)
px-desktop-os
%px-desktop-packages
%px-desktop-services

If you have a modern PC, you will probably want to use UEFI: Skip ahead to “Desktop: Boot in UEFI mode”

Example

Desktop: Boot in BIOS mode

;; PantherX OS Desktop Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (px system install)
             (px system))

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
  
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons*
	     %px-desktop-services))))

Desktop: Boot in BIOS mode (with Docker configured)

;; PantherX OS Desktop Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm
;;
;; with Docker service

(use-modules (gnu)
             (gnu system)
             (px system install)
             (px system))

;; Add the service module 'docker'
(use-service-modules docker)

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
  
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam. Adding it to "docker"
		;; allows docker deamon access
                (supplementary-groups '("wheel"
                                        "audio" "video" "docker"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons* (service docker-service-type)
		   %px-desktop-services))))

Desktop: Boot in UEFI mode

;; PantherX OS Desktop Configuration v2
;; boot in EFI mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (px system install)
             (px system))

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in EFI mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-efi-bootloader)
               (targets '("/boot/efi"))))
  
  (file-systems (append
		 (list (file-system
			(device (file-system-label "my-root"))
			(mount-point "/")
			(type "ext4"))
		       (file-system
			(device "/dev/sda1")
			(mount-point "/boot/efi")
			(type "vfat")))
		 %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons*
	     %px-desktop-services))))

Adjust Firewall

PantherX defaults to nftables as package filter and as seen above, it’s easy to open additional ports.

Example for SSH:

#:open-ports '(("tcp" "ssh"))

Example for typical webserver:

#:open-ports '(("tcp" "ssh", "http", "https"))
#:open-ports '(("tcp" "22", "80", "443")) ;; identical

Example with multiple protocols:

#:open-ports '(("tcp" "ssh")
               ("udp" "53"))

Enable SSH access

To access your desktop remotely:

  1. Define your public key in config.scm
  2. Open the SSH port
  3. Add your public key to the authorized keys
(define %ssh-public-key
  "ssh-ed25519 AAAAC3NzaC1lZSJANJQ5AAAAIP7gcASKK1KAM91dl1OC0GqpgcudsaaJ4QydPg panther")

(px-desktop-os
  ...
  #:open-ports '(("tcp" "ssh"))
  #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key))
))

Change Kernel

px-desktop-os defaults on nonlibre kernel, px-server-os on libre.

You can easily switch between kernel:

  • #:kernel 'libre
  • #:kernel 'nonlibre
  • #:kernel 'custom

If needed, 'custom gives you fill control:

(px-desktop-os
  (operating-system
    ...
    (kernel linux)
      (initrd microcode-initrd)
      (firmware (list linux-firmware))
	...
))

Desktop Libre

This provides the default desktop environment with non-libre components stripped.

  • Libre kernel
  • Firewall with sane defaults (22 is not open)

Use this only if you know what you’re doing.

px-desktop-os
%px-desktop-packages
%px-desktop-services

You can toggle the libre kernel in system.scm:

(px-desktop-os
  ...
  #:kernel 'libre
)

For Firewall and SSH configuration, check the previous section. It’s identical for every system.

Server

This provides the default server environment.

  • Libre kernel
  • Firewall with sane defaults (22 is open)
  • SSH login only with SSH key
  • DHCP, NTP
px-server-os
%px-server-packages
%px-server-services

Example

Server: Boot in BIOS mode

;; PantherX OS Server Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (px system install)
             (px system))

(define %ssh-public-key
  "ssh-ed25519 AAAAC3NzaC1lZSJANJQ5AAAAIP7gcASKK1KAM91dl1OC0GqpgcudsaaJ4QydPg panther")

(px-server-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")

  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
       
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))

  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))

                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))

  ;; Globally-installed packages.
  (packages (cons*
   %px-server-packages))

  ;; Globally-activated services.
  (services (cons*
   %px-server-services)))

 #:open-ports '(("tcp" "ssh"))
 #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key))))

For Firewall and SSH configuration, check the previous section. It’s identical for every system.

See also

PantherX & (unofficial) GNU Guix Wiki.

Last update: 2023-02-03 19:33:34 +0000 | Apache-2.0

Inspired by the excellent Arch Linux Wiki