System configuration


PantherX comes with a really easy, command-line based installer that asks virtually no questions. Simply boot the ISO, make sure you’re connected to the internet and run px-install.

Also checkout our new System Configuration Generator.

Desktop

This provides the default desktop environment.

  • Standard Linux kernel
  • Firewall with sane defaults (22 is not open)
px-desktop-os
%px-desktop-packages
%px-desktop-services

You can configure any of the available guix desktops:

  • xfce-desktop-service-type
  • mate-desktop-service-type
  • gnome-desktop-service-type
  • lxqt-desktop-service-type

If you have a modern PC, you will probably want to use UEFI: Skip ahead to “Desktop: Boot in UEFI mode”

Example

Desktop: Boot in BIOS mode

;; PantherX OS Desktop Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (gnu services desktop)
             (px system config))

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
  
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons*
             (service xfce-desktop-service-type)
	     %px-desktop-services))))

Desktop: Boot in BIOS mode (with Docker configured)

;; PantherX OS Desktop Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm
;;
;; with Docker service

(use-modules (gnu)
             (gnu system)
             (px system config))

;; Add the service module 'docker'
(use-service-modules docker)

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
  
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam. Adding it to "docker"
		;; allows docker deamon access
                (supplementary-groups '("wheel"
                                        "audio" "video" "docker"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons* (service docker-service-type)
		   %px-desktop-services))))

Desktop: Boot in UEFI mode

;; PantherX OS Desktop Configuration v2
;; boot in EFI mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (gnu services desktop)
             (px system config))

(px-desktop-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")
  
  ;; Boot in EFI mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-efi-bootloader)
               (targets '("/boot/efi"))))
  
  (file-systems (append
		 (list (file-system
			(device (file-system-label "my-root"))
			(mount-point "/")
			(type "ext4"))
		       (file-system
			(device "/dev/sda1")
			(mount-point "/boot/efi")
			(type "vfat")))
		 %base-file-systems))
  
  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))
		
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))
  
  ;; Globally-installed packages.
  (packages (cons*
	     %px-desktop-packages))
  
  ;; Globally-activated services.
  (services (cons*
             (service xfce-desktop-service-type)
	     %px-desktop-services))))

Adjust Firewall

PantherX defaults to nftables as package filter and as seen above, it’s easy to open additional ports.

Example for SSH:

#:open-ports '(("tcp" "ssh"))

Example for typical webserver:

#:open-ports '(("tcp" "ssh", "http", "https"))
#:open-ports '(("tcp" "22", "80", "443")) ;; identical

Example with multiple protocols:

#:open-ports '(("tcp" "ssh")
               ("udp" "53"))

Enable SSH access

To access your desktop remotely:

  1. Define your public key in config.scm
  2. Open the SSH port
  3. Add your public key to the authorized keys
(define %ssh-public-key
  "ssh-ed25519 AAAAC3NzaC1lZSJANJQ5AAAAIP7gcASKK1KAM91dl1OC0GqpgcudsaaJ4QydPg panther")

(px-desktop-os
  ...
  #:open-ports '(("tcp" "ssh"))
  #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key))
))

Change Kernel

px-desktop-os defaults on nonlibre kernel, px-server-os on libre.

You can easily switch between kernel:

  • #:kernel 'libre
  • #:kernel 'nonlibre
  • #:kernel 'custom

If needed, 'custom gives you fill control:

(px-desktop-os
  (operating-system
    ...
    (kernel linux)
      (initrd microcode-initrd)
      (firmware (list linux-firmware))
	...
))

Desktop Libre

This provides the default desktop environment with non-libre components stripped.

  • Libre kernel
  • Firewall with sane defaults (22 is not open)

Use this only if you know what you’re doing.

px-desktop-os
%px-desktop-packages
%px-desktop-services

You can toggle the libre kernel in system.scm:

(px-desktop-os
  ...
  #:kernel 'libre
)

For Firewall and SSH configuration, check the previous section. It’s identical for every system.

Server

This provides the default server environment.

  • Libre kernel
  • Firewall with sane defaults (22 is open)
  • SSH login only with SSH key
  • DHCP, NTP
px-server-os
%px-server-packages
%px-server-services

Example

Server: Boot in BIOS mode

;; PantherX OS Server Configuration v2
;; boot in "legacy" BIOS mode
;; /etc/system.scm

(use-modules (gnu)
             (gnu system)
             (px system config))

(define %ssh-public-key
  "ssh-ed25519 AAAAC3NzaC1lZSJANJQ5AAAAIP7gcASKK1KAM91dl1OC0GqpgcudsaaJ4QydPg panther")

(px-server-os
 (operating-system
  (host-name "px-base")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")

  ;; Boot in "legacy" BIOS mode, assuming /dev/sda is the
  ;; target hard disk, and "my-root" is the label of the target
  ;; root file system.
  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets '("/dev/sda"))))
       
  (file-systems (cons (file-system
                       (device (file-system-label "my-root"))
                       (mount-point "/")
                       (type "ext4"))
                      %base-file-systems))

  (users (cons (user-account
                (name "panther")
                (comment "panther's account")
                (group "users")
                ;; Set the default password to 'pantherx'
                ;; Important: Change with 'passwd panther' after first login
                (password (crypt "pantherx" "$6$abc"))

                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.  Adding it to "audio"
                ;; and "video" allows the user to play sound
                ;; and access the webcam.
                (supplementary-groups '("wheel"
                                        "audio" "video"))
                (home-directory "/home/panther"))
               %base-user-accounts))

  ;; Globally-installed packages.
  (packages (cons*
   %px-server-packages))

  ;; Globally-activated services.
  (services (cons*
   %px-server-services)))

 #:open-ports '(("tcp" "ssh"))
 #:authorized-keys `(("root" ,(plain-file "panther.pub" %ssh-public-key))))

For Firewall and SSH configuration, check the previous section. It’s identical for every system.

See also

PantherX & (unofficial) GNU Guix Wiki.

Last update: 2023-12-24 22:58:50 +0000 | Apache-2.0

Inspired by the excellent Arch Linux Wiki