diff options
| author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-10-07 14:08:40 +0200 |
|---|---|---|
| committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-10-07 14:17:28 +0200 |
| commit | d165844c30759511cf2123b2df131f49b7c3c605 (patch) | |
| tree | 19a2304af97fc661a9442ed0fe2cc2a15e395c0d /systems/izumi/izumi.scm | |
| parent | c03f427f084aa07cfcb557b5aeac3c7f381e309b (diff) | |
refactor(izumi): drop the org file
Diffstat (limited to 'systems/izumi/izumi.scm')
| -rw-r--r-- | systems/izumi/izumi.scm | 464 |
1 files changed, 464 insertions, 0 deletions
diff --git a/systems/izumi/izumi.scm b/systems/izumi/izumi.scm new file mode 100644 index 0000000..8558948 --- /dev/null +++ b/systems/izumi/izumi.scm @@ -0,0 +1,464 @@ +(define-module (systems izumi izumi) + #:use-module (suweren commons sudoers)) + +(define radicale-keys "/secrets/radicale/keys") +(define dovecot-keys "/secrets/dovecot") + +( use-modules + ( gnu ) + ( gnu services syncthing ) + ( guix records ) + ( ice-9 match ) + ( nongnu packages linux ) + ( nongnu system linux-initrd ) + (suweren system)) + +( use-package-modules + admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail + version-control ) + +( use-service-modules + base certbot cgit desktop mail shepherd ssh version-control web xorg ) + +(use-modules (channels) + (gnu) + (gnu home) + (gnu home services) + (gnu home services shells) + (gnu packages emacs-xyz)) + +(use-modules + (gnu) + (gnu home services) + (guix build-system emacs) + (guix git-download) + ((guix licenses) + #:prefix license:) + (guix packages)) + +(use-package-modules base emacs-xyz gawk) + +(use-modules + (gnu services) + (gnu home services) + (gnu packages password-utils) + (guix gexp)) + +(use-modules + (gnu home services shells) + (gnu services) + (gnu services guix)) + +(define nginx-accounts + (list (user-group (name "nginx") + (system? #t)) + (user-account (name "nginx") + (group "nginx") + (supplementary-groups '("git")) + (system? #t) + (comment "nginx server user") + (home-directory "/var/empty") + (shell (file-append (specification->package "shadow") + "/sbin/nologin"))))) + +(define nginx-service-type* + (service-type (inherit nginx-service-type) + (extensions (map (lambda (extension) + (if (eq? (service-extension-target extension) + account-service-type) + (service-extension account-service-type + (const nginx-accounts)) + extension)) + (service-type-extensions nginx-service-type))))) + +(define hosts-izumi + (local-file "system-files/hosts")) + +( operating-system + ( bootloader + ( bootloader-configuration + ( bootloader grub-efi-bootloader ) + ( keyboard-layout ( keyboard-layout "pl" ) ) + ( targets ( list "/boot/efi" ) ) ) ) + ( mapped-devices + ( list + ( mapped-device + ( source "/dev/sda2" ) + ( target "izumi" ) + ( type luks-device-mapping ) ) ) ) + ( file-systems + ( append + %base-file-systems + ( list + ( file-system + ( device "/dev/sda1" ) + ( mount-point "/boot/efi" ) + ( type "vfat" ) ) + ( file-system + ( dependencies mapped-devices ) + ( device "/dev/mapper/izumi" ) + ( mount-point "/" ) + ( type "xfs" ) ) ) ) ) + ( firmware ( list linux-firmware ) ) + ( groups + ( append + %base-groups + ( list + ( user-group + ( name "vmail" ) + ( system? #t ) )) ) ) + ( host-name "izumi" ) + (hosts-file hosts-izumi) + ( initrd microcode-initrd ) + ( kernel linux ) + ( keyboard-layout ( keyboard-layout "pl" ) ) + (locale polish-locale-string) + (locale-definitions %suweren-locale-definitions) + ( services + ( append + ( modify-services + %desktop-services + ( elogind-service-type + configuration => + ( elogind-configuration + ( inherit configuration ) + ( handle-lid-switch 'ignore ) + ( handle-lid-switch-docked 'ignore ) + ( handle-lid-switch-external-power 'ignore ) ) ) + ( gdm-service-type + configuration => + ( gdm-configuration + ( inherit configuration ) + ( auto-suspend? #f ) + ( wayland? #t ) ) ) + ( guix-service-type + configuration => + ( let* + ( ( non-guix.pub + ( string-append + "( public-key ( ecc ( curve Ed25519 )" + "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) + ( authorized-keys + ( append + %default-authorized-guix-keys + ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) + ( extra-options + ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) + ( substitute-urls + ( append + %default-substitute-urls + ( list "https://substitutes.nonguix.org" ) ) ) ) + ( guix-configuration + ( inherit configuration ) + ( authorized-keys authorized-keys ) + ( extra-options extra-options ) + ( substitute-urls substitute-urls ) ) ) ) ) + ( list + (@ (users id1000) dkim-service) + (@ (users id1000) dovecot-service) + (@ (users id1000) smtp-service) + (service (service-type (inherit certbot-service-type) + (extensions (map (lambda (extension) + (if (eq? (service-extension-target extension) + nginx-service-type) + (service-extension nginx-service-type* + (@@ (gnu services certbot) + certbot-nginx-server-configurations)) + extension)) + (service-type-extensions certbot-service-type)))) + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) + ( email "marek@marekpasnikowski.pl" ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + (service (service-type (inherit cgit-service-type) + (extensions (map (lambda (extension) + (if (eq? (service-extension-target extension) + nginx-service-type) + (service-extension nginx-service-type* + cgit-configuration-nginx-config) + extension)) + (service-type-extensions cgit-service-type)))) + ( cgit-configuration + ( nginx + ( list + ( nginx-server-configuration + ( locations + ( list + ( git-http-nginx-location-configuration + ( git-http-configuration + ( git-root "/var/lib/gitolite/repositories" ) + ( uri-path "/git" ) ) ) + ( nginx-location-configuration + ( body + ( list + "fastcgi_param HTTP_HOST $server_name ;" + "fastcgi_param PATH_INFO $uri ;" + "fastcgi_param QUERY_STRING $args ;" + "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" + "fastcgi_pass 127.0.0.1:9000 ;" ) ) + ( uri "@cgit" ) ) + ( nginx-location-configuration + ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root cgit ) + ( server-name ( list "git.marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) + ( try-files ( list "$uri" "@cgit" ) ) ) ) ) + ( repositories + ( list + ( repository-cgit-configuration + ( hide? #t ) + ( path "/srv/git/marek/packages" ) ) ) ) + ( repository-directory "/var/lib/gitolite/repositories" ) ) ) + (service fcgiwrap-service-type + (fcgiwrap-configuration (user "git") + (group "git"))) + ( service gitolite-service-type + ( gitolite-configuration + ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) + ( admin-pubkey ( plain-file "gitolite-admin.pub" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) + ( service plasma-desktop-service-type ) + ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) + (service nginx-service-type* + ( nginx-configuration + ( server-blocks + ( list + ;; Top-Level + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( uri "/.well-known" ) + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( root "/srv/www/marek/marekpasnikowski.pl" ) + ( server-name ( list "marekpasnikowski.pl" ) ) + ( ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) + ( ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) + ;; Radicale + ( nginx-server-configuration + ( locations + ( list + ( nginx-location-configuration + ( body + ( list + "proxy_pass http://localhost:5232/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;" ) ) + ( uri "/" ) ) + ( nginx-location-configuration + ( body + ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) + ( uri "/.well-known" ) ) ) ) + ( listen ( list "192.168.10.2:443 ssl" ) ) + ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) + ( service openssh-service-type ) + ( service radicale-service-type + ( radicale-configuration + ( auth + ( radicale-auth-configuration + ( type 'htpasswd ) + ( htpasswd-filename radicale-keys ) + ( htpasswd-encryption 'plain ) ) ) ) ) + ( simple-service 'base-profile profile-service-type + ( append %base-packages + ( list ) ) ) + ( simple-service + 'nss-profile + profile-service-type + ( list nss-certs ) ) + ( simple-service + 'etc-files + etc-service-type + ( list + `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) + (service guix-home-service-type + `(("marek" ,(home-environment (packages (map specification->package+output + (list "dconf-editor" + "emacs" + "emacs-org-modern" + "emacs-paredit" + "font-google-noto" + "font-google-noto-emoji" + "font-google-noto-sans-cjk" + "font-google-noto-serif-cjk" + "git" + "gnupg" + "gnome-tweaks" + "noweb" + "pinentry" + "pwgen" + "unzip" + "zip"))) + (services (append (list izumi-channels-service-type) + (list + (simple-service + 'emacs-home-profile + home-profile-service-type + (append + (list emacs-guix emacs-nix-mode) + (list + (let + ((commit* "wip-algo-tn")) + (package + (name "emacs-org-fc") + (version (git-version "0.1.2" "0" commit*)) + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://git.marekpasnikowski.pl/org-fc.git") + (commit commit*))) + (file-name (git-file-name name version)) + (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) + (build-system emacs-build-system) + (arguments + (list + #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) + #:exclude #~ (cons "^test/" %default-exclude) + #:tests? #t + #:test-command + #~ + (list + "emacs" + "--batch" + "-L" "." + "-L" "tests/" + "-l" "tests/org-fc-filter-test.el" + "-l" "tests/org-fc-indexer-test.el" + "-l" "tests/org-fc-review-data-test.el" + "-f" "ert-run-tests-batch-and-exit") + #:phases + #~ + (modify-phases + %standard-phases + (add-after + 'unpack + 'qualify-paths + (lambda* + (#:key inputs + #:allow-other-keys) + (substitute* + "org-fc-awk.el" + (("\"find ") + (string-append + "\"" + (search-input-file inputs "/bin/find") + " ")) + (("\"gawk ") + (string-append + "\"" + (search-input-file inputs "/bin/gawk") + " ")) + (("\"xargs ") + (string-append + "\"" + (search-input-file inputs "/bin/xargs") + " ")))))))) + (inputs (list findutils gawk)) + (propagated-inputs (list emacs-hydra)) + (home-page "https://www.leonrische.me/fc/index.html") + (synopsis "Spaced repetition system for Emacs Org mode") + (description + (string-append + "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" + "It allows you to mark headlines in a file as flashcards, turning pieces of\n" + "knowledge you want to learn into a question-answer test. These cards are\n" + "reviewed at regular interval. After each review, the next review interval is\n" + "calculated based on how well you remembered the contents of the card.\n")) + (license license:gpl3+)))))) + (simple-service 'home-files + home-files-service-type + (list (list ".config/emacs/init.el" + (local-file "home-files/emacs-configuration.el" )) + (list ".gnus" + (local-file "home-files/gnus-configuration.el")) + (list ".gitconfig" + (local-file "home-files/gitconfig")) + (list ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + (local-file "home-files/git-ignore.conf")))) + (simple-service + 'environment-variables + home-environment-variables-service-type + `(("EDITOR" . "emacsclient -nw")))) + (list + (let* + ((and "&& ") + (collect-garbage "sudo guix gc -d 7d ") + (configuration-prefix + "/home/marek/Publiczny/src/deployment/systems/izumi/") + (pull-guix "guix pull ") + (reconfigure-home + (string-append + "guix home delete-generations 7d ; " + "guix home reconfigure " + configuration-prefix + "home-configuration.scm ")) + (reconfigure-system + (string-append + "sudo guix system delete-generations 7d ; " + "sudo guix system reconfigure " + configuration-prefix + "izumi.scm ")) + (update-system + (string-append + pull-guix + and + reconfigure-system + ;; and + ;; reconfigure-home + and + collect-garbage))) + (simple-service + 'bash-extension + home-bash-service-type + (home-bash-extension + (aliases + `(("collect-garbage" . ,collect-garbage) + ("edit" . "$EDITOR") + ("pull-guix" . ,pull-guix) + ("reconfigure-home" . ,reconfigure-home) + ("reconfigure-system" . ,reconfigure-system) + ("update-system" . ,update-system))) + (bash-profile + (list + (mixed-text-file + "newline-prompt" + "PS1=${PS1%?}\n" + "PS1=${PS1%?}\\n'$ '\n" + "PS1=\"\\n$PS1\"")))))))))))))))) + ( sudoers-file %sudoers-specification* ) + ( swap-devices + ( list + ( swap-space + ( target "/dev/sda3" ) ) ) ) + ( timezone "Europe/Warsaw" ) + (users (append (@ (gnu system shadow) %base-user-accounts) + (list (@ (users vmail) vmail-account) + (@ (users id1000) uid1000-account))))) |