diff options
| author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-10-07 14:08:40 +0200 |
|---|---|---|
| committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-10-07 14:17:28 +0200 |
| commit | d165844c30759511cf2123b2df131f49b7c3c605 (patch) | |
| tree | 19a2304af97fc661a9442ed0fe2cc2a15e395c0d /systems | |
| parent | c03f427f084aa07cfcb557b5aeac3c7f381e309b (diff) | |
refactor(izumi): drop the org file
Diffstat (limited to 'systems')
| -rw-r--r-- | systems/izumi/izumi.org | 504 | ||||
| -rw-r--r-- | systems/izumi/izumi.scm (renamed from systems/izumi/system-configuration.scm) | 4 |
2 files changed, 2 insertions, 506 deletions
diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org deleted file mode 100644 index 97a56d5..0000000 --- a/systems/izumi/izumi.org +++ /dev/null @@ -1,504 +0,0 @@ -#+TITLE: Configuration of the Izumi computer -#+AUTHOR: Marek Paśnikowski -#+STARTUP: showall -#+PROPERTY: header-args:scheme :noweb yes -#+PROPERTY: header-args:scheme+ :noweb-prefix yes - -* DONE The Monolith - -#+NAME: OPERATING-SYSTEM -#+BEGIN_SRC scheme :tangle system-configuration.scm - (define-module (systems izumi system-configuration) - #:use-module (suweren commons sudoers)) - - (define radicale-keys "/secrets/radicale/keys") - (define dovecot-keys "/secrets/dovecot") - - ( use-modules - ( gnu ) - ( gnu services syncthing ) - ( guix records ) - ( ice-9 match ) - ( nongnu packages linux ) - ( nongnu system linux-initrd ) - (suweren system)) - - ( use-package-modules - admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail - version-control ) - - ( use-service-modules - base certbot cgit desktop mail shepherd ssh version-control web xorg ) - - (use-modules (channels) - (gnu) - (gnu home) - (gnu home services) - (gnu home services shells) - (gnu packages emacs-xyz)) - - (use-modules - (gnu) - (gnu home services) - (guix build-system emacs) - (guix git-download) - ((guix licenses) - #:prefix license:) - (guix packages)) - - (use-package-modules base emacs-xyz gawk) - - (use-modules - (gnu services) - (gnu home services) - (gnu packages password-utils) - (guix gexp)) - - (use-modules - (gnu home services shells) - (gnu services) - (gnu services guix)) - - (define nginx-accounts - (list (user-group (name "nginx") - (system? #t)) - (user-account (name "nginx") - (group "nginx") - (supplementary-groups '("git")) - (system? #t) - (comment "nginx server user") - (home-directory "/var/empty") - (shell (file-append (specification->package "shadow") - "/sbin/nologin"))))) - - (define nginx-service-type* - (service-type (inherit nginx-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - account-service-type) - (service-extension account-service-type - (const nginx-accounts)) - extension)) - (service-type-extensions nginx-service-type))))) - - (define hosts-izumi - (local-file "system-files/hosts")) - - ( operating-system - ( bootloader - ( bootloader-configuration - ( bootloader grub-efi-bootloader ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - ( targets ( list "/boot/efi" ) ) ) ) - ( mapped-devices - ( list - ( mapped-device - ( source "/dev/sda2" ) - ( target "izumi" ) - ( type luks-device-mapping ) ) ) ) - ( file-systems - ( append - %base-file-systems - ( list - ( file-system - ( device "/dev/sda1" ) - ( mount-point "/boot/efi" ) - ( type "vfat" ) ) - ( file-system - ( dependencies mapped-devices ) - ( device "/dev/mapper/izumi" ) - ( mount-point "/" ) - ( type "xfs" ) ) ) ) ) - ( firmware ( list linux-firmware ) ) - ( groups - ( append - %base-groups - ( list - ( user-group - ( name "vmail" ) - ( system? #t ) )) ) ) - ( host-name "izumi" ) - (hosts-file hosts-izumi) - ( initrd microcode-initrd ) - ( kernel linux ) - ( keyboard-layout ( keyboard-layout "pl" ) ) - (locale polish-locale-string) - (locale-definitions %suweren-locale-definitions) - ( services - ( append - ( modify-services - %desktop-services - ( elogind-service-type - configuration => - ( elogind-configuration - ( inherit configuration ) - ( handle-lid-switch 'ignore ) - ( handle-lid-switch-docked 'ignore ) - ( handle-lid-switch-external-power 'ignore ) ) ) - ( gdm-service-type - configuration => - ( gdm-configuration - ( inherit configuration ) - ( auto-suspend? #f ) - ( wayland? #t ) ) ) - ( guix-service-type - configuration => - ( let* - ( ( non-guix.pub - ( string-append - "( public-key ( ecc ( curve Ed25519 )" - "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) - ( authorized-keys - ( append - %default-authorized-guix-keys - ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) - ( extra-options - ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) - ( substitute-urls - ( append - %default-substitute-urls - ( list "https://substitutes.nonguix.org" ) ) ) ) - ( guix-configuration - ( inherit configuration ) - ( authorized-keys authorized-keys ) - ( extra-options extra-options ) - ( substitute-urls substitute-urls ) ) ) ) ) - ( list - (@ (users id1000) dkim-service) - (@ (users id1000) dovecot-service) - (@ (users id1000) smtp-service) - (service (service-type (inherit certbot-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - (@@ (gnu services certbot) - certbot-nginx-server-configurations)) - extension)) - (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) - (service (service-type (inherit cgit-service-type) - (extensions (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - cgit-configuration-nginx-config) - extension)) - (service-type-extensions cgit-service-type)))) - ( cgit-configuration - ( nginx - ( list - ( nginx-server-configuration - ( locations - ( list - ( git-http-nginx-location-configuration - ( git-http-configuration - ( git-root "/var/lib/gitolite/repositories" ) - ( uri-path "/git" ) ) ) - ( nginx-location-configuration - ( body - ( list - "fastcgi_param HTTP_HOST $server_name ;" - "fastcgi_param PATH_INFO $uri ;" - "fastcgi_param QUERY_STRING $args ;" - "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" - "fastcgi_pass 127.0.0.1:9000 ;" ) ) - ( uri "@cgit" ) ) - ( nginx-location-configuration - ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root cgit ) - ( server-name ( list "git.marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) - ( try-files ( list "$uri" "@cgit" ) ) ) ) ) - ( repositories - ( list - ( repository-cgit-configuration - ( hide? #t ) - ( path "/srv/git/marek/packages" ) ) ) ) - ( repository-directory "/var/lib/gitolite/repositories" ) ) ) - (service fcgiwrap-service-type - (fcgiwrap-configuration (user "git") - (group "git"))) - ( service gitolite-service-type - ( gitolite-configuration - ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) - ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) - ( service plasma-desktop-service-type ) - ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) - (service nginx-service-type* - ( nginx-configuration - ( server-blocks - ( list - ;; Top-Level - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( uri "/.well-known" ) - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( root "/srv/www/marek/marekpasnikowski.pl" ) - ( server-name ( list "marekpasnikowski.pl" ) ) - ( ssl-certificate - "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) - ( ssl-certificate-key - "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) - ;; Radicale - ( nginx-server-configuration - ( locations - ( list - ( nginx-location-configuration - ( body - ( list - "proxy_pass http://localhost:5232/ ;" - "proxy_set_header X-Script-Name \"\" ;" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" - "proxy_set_header Host $http_host ;" - "proxy_pass_header Authorization ;" ) ) - ( uri "/" ) ) - ( nginx-location-configuration - ( body - ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) - ( uri "/.well-known" ) ) ) ) - ( listen ( list "192.168.10.2:443 ssl" ) ) - ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) - ( service openssh-service-type ) - ( service radicale-service-type - ( radicale-configuration - ( auth - ( radicale-auth-configuration - ( type 'htpasswd ) - ( htpasswd-filename radicale-keys ) - ( htpasswd-encryption 'plain ) ) ) ) ) - ( simple-service 'base-profile profile-service-type - ( append %base-packages - ( list ) ) ) - ( simple-service - 'nss-profile - profile-service-type - ( list nss-certs ) ) - ( simple-service - 'etc-files - etc-service-type - ( list - `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) - (service guix-home-service-type - `(("marek" ,(home-environment (packages (map specification->package+output - (list "dconf-editor" - "emacs" - "emacs-org-modern" - "emacs-paredit" - "font-google-noto" - "font-google-noto-emoji" - "font-google-noto-sans-cjk" - "font-google-noto-serif-cjk" - "git" - "gnupg" - "gnome-tweaks" - "noweb" - "pinentry" - "pwgen" - "unzip" - "zip"))) - (services (append (list izumi-channels-service-type) - (list - (simple-service - 'emacs-home-profile - home-profile-service-type - (append - (list emacs-guix emacs-nix-mode) - (list - (let - ((commit* "wip-algo-tn")) - (package - (name "emacs-org-fc") - (version (git-version "0.1.2" "0" commit*)) - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://git.marekpasnikowski.pl/org-fc.git") - (commit commit*))) - (file-name (git-file-name name version)) - (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) - (build-system emacs-build-system) - (arguments - (list - #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) - #:exclude #~ (cons "^test/" %default-exclude) - #:tests? #t - #:test-command - #~ - (list - "emacs" - "--batch" - "-L" "." - "-L" "tests/" - "-l" "tests/org-fc-filter-test.el" - "-l" "tests/org-fc-indexer-test.el" - "-l" "tests/org-fc-review-data-test.el" - "-f" "ert-run-tests-batch-and-exit") - #:phases - #~ - (modify-phases - %standard-phases - (add-after - 'unpack - 'qualify-paths - (lambda* - (#:key inputs - #:allow-other-keys) - (substitute* - "org-fc-awk.el" - (("\"find ") - (string-append - "\"" - (search-input-file inputs "/bin/find") - " ")) - (("\"gawk ") - (string-append - "\"" - (search-input-file inputs "/bin/gawk") - " ")) - (("\"xargs ") - (string-append - "\"" - (search-input-file inputs "/bin/xargs") - " ")))))))) - (inputs (list findutils gawk)) - (propagated-inputs (list emacs-hydra)) - (home-page "https://www.leonrische.me/fc/index.html") - (synopsis "Spaced repetition system for Emacs Org mode") - (description - (string-append - "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" - "It allows you to mark headlines in a file as flashcards, turning pieces of\n" - "knowledge you want to learn into a question-answer test. These cards are\n" - "reviewed at regular interval. After each review, the next review interval is\n" - "calculated based on how well you remembered the contents of the card.\n")) - (license license:gpl3+)))))) - (simple-service 'home-files - home-files-service-type - (list (list ".config/emacs/init.el" - (local-file "home-files/emacs-configuration.el" )) - (list ".gnus" - (local-file "home-files/gnus-configuration.el")) - (list ".gitconfig" - (local-file "home-files/gitconfig")) - (list ".config/git/ignore" - ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore - (local-file "home-files/git-ignore.conf")))) - (simple-service - 'environment-variables - home-environment-variables-service-type - `(("EDITOR" . "emacsclient -nw")))) - (list - (let* - ((and "&& ") - (collect-garbage "sudo guix gc -d 7d ") - (configuration-prefix - "/home/marek/Publiczny/src/deployment/systems/izumi/") - (pull-guix "guix pull ") - (reconfigure-home - (string-append - "guix home delete-generations 7d ; " - "guix home reconfigure " - configuration-prefix - "home-configuration.scm ")) - (reconfigure-system - (string-append - "sudo guix system delete-generations 7d ; " - "sudo guix system reconfigure " - configuration-prefix - "system-configuration.scm ")) - (update-system - (string-append - pull-guix - and - reconfigure-system - ;; and - ;; reconfigure-home - and - collect-garbage))) - (simple-service - 'bash-extension - home-bash-service-type - (home-bash-extension - (aliases - `(("collect-garbage" . ,collect-garbage) - ("edit" . "$EDITOR") - ("pull-guix" . ,pull-guix) - ("reconfigure-home" . ,reconfigure-home) - ("reconfigure-system" . ,reconfigure-system) - ("update-system" . ,update-system))) - (bash-profile - (list - (mixed-text-file - "newline-prompt" - "PS1=${PS1%?}\n" - "PS1=${PS1%?}\\n'$ '\n" - "PS1=\"\\n$PS1\"")))))))))))))))) - ( sudoers-file %sudoers-specification* ) - ( swap-devices - ( list - ( swap-space - ( target "/dev/sda3" ) ) ) ) - ( timezone "Europe/Warsaw" ) - (users (append (@ (gnu system shadow) %base-user-accounts) - (list (@ (users vmail) vmail-account) - (@ (users id1000) uid1000-account))))) -#+END_SRC - -#+NAME: OPENSMTPD-CONFIGURATION-FILE -#+BEGIN_SRC conf :tangle system-files/smtpd.conf - # The prefix on GUIX is not the default one — it is /etc . - table aliases file:/etc/aliases - - # The mail certificates are issued by Let‘s Encrypt and served by NGINX - pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" - pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" - - # Listen for local messages. - listen on lo - - # Listen for messages from the internet. - listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" - listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" - - # There is no filtering in the design, so the two actions are enough. - action receive maildir alias <aliases> - action send relay - - # Match incoming messages. - match from local for local action receive - match from any for domain "marekpasnikowski.pl" action receive - - # Match outgoing messages. - match for any action send -#+END_SRC - diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/izumi.scm index 502ec90..8558948 100644 --- a/systems/izumi/system-configuration.scm +++ b/systems/izumi/izumi.scm @@ -1,4 +1,4 @@ -(define-module (systems izumi system-configuration) +(define-module (systems izumi izumi) #:use-module (suweren commons sudoers)) (define radicale-keys "/secrets/radicale/keys") @@ -425,7 +425,7 @@ "sudo guix system delete-generations 7d ; " "sudo guix system reconfigure " configuration-prefix - "system-configuration.scm ")) + "izumi.scm ")) (update-system (string-append pull-guix |