Hi,
We have installed guix following this cluster documentation
https://hpc.guix.info/blog/2017/11/installing-guix-on-a-cluster/ on
Grid'5000 which is a testbed.
In order to be more secure we did not want to export /var/guix with RW
rights, we cannot trust root on the nodes. So for the user profile to
work we did the following:
- mount the user's home on the guix server
- instead of letting guix create the user's profile on
/var/guix/profiles/per-user we created symlink: ln -s /home/USER/.guix
/var/guix/profiles/per-user/USER
This way we can export /var/guix with RO rights and users can't see each
others profiles.
Another way would be to have a parameter to configure the
/var/guix/profiles/per-user directory so the symlink mecanism would not
be needed. For example guix could directly write in the user directory
in /home/USER/.guix.
Best regards,
Dimitri
Grid'5000 Techteam
