diff options
| -rw-r--r-- | deployment/systems/aisaka.scm | 128 | ||||
| -rw-r--r-- | users/id1000.scm | 4 |
2 files changed, 126 insertions, 6 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm index 2f91765..eaba797 100644 --- a/deployment/systems/aisaka.scm +++ b/deployment/systems/aisaka.scm @@ -6,10 +6,13 @@ #:use-module ((deployment keys) #:prefix deployment:keys:) #:use-module ((gnu bootloader) #:prefix gnu:bootloader:) #:use-module ((gnu bootloader grub) #:prefix gnu:bootloader:grub:) + #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) #:use-module ((gnu packages tls) #:prefix gnu:packages:tls:) #:use-module ((gnu services) #:prefix gnu:services:) #:use-module ((gnu services base) #:prefix gnu:services:base:) #:use-module ((gnu services dns) #:prefix gnu:services:dns:) + #:use-module ((gnu services networking) #:prefix gnu:services:networking:) + #:use-module ((gnu services shepherd) #:prefix gnu:services:shepherd:) #:use-module ((gnu services version-control) #:prefix gnu:services:version-control:) #:use-module ((gnu services web) #:prefix gnu:services:web:) #:use-module ((gnu system) #:prefix gnu:system:) @@ -33,7 +36,7 @@ ip-otvarta " -all\"")) -(define ttl "60") +(define ttl "3600") (gnu:services:dns:define-zone-entries marekpasnikowski.pl-entries ("@" ttl "IN" "A" ip-multimedia) @@ -41,8 +44,10 @@ ("@" ttl "IN" "NS" "ns.marekpasnikowski.pl.") ("ns1" ttl "IN" "A" ip-multimedia) ("@" ttl "IN" "NS" "ns1.marekpasnikowski.pl.") + ("mx" ttl "IN" "A" ip-otvarta) ("@" ttl "IN" "MX" "10 mx1.forwardemail.net.") ("@" ttl "IN" "MX" "10 mx2.forwardemail.net.") + ;("@" ttl "IN" "MX" "20 mx.marekpasnikowski.pl.") ("@" ttl "IN" "TXT" "\"forward-email-port=49152\"") ("@" ttl "IN" "TXT" "\"forward-email=marekpasnikowski.pl\"") ("@" ttl "IN" "TXT" spf-value) @@ -63,7 +68,7 @@ (origin "marekpasnikowski.pl") (ns "ns.marekpasnikowski.pl.") (mail "marek.marekpasnikowski.pl.") - (serial 2025122101))) + (serial 2026010903))) (define master-zone (gnu:services:dns:knot-zone-configuration @@ -405,12 +410,125 @@ (storage ((@ (gnu services mail) radicale-storage-configuration) (filesystem-folder "/data/radicale/collections")))))) +(define enp1s0-address-4 + (gnu:services:base:network-address + (device "enp1s0") + (value "192.168.10.2/24") + (ipv6? #f))) + +(define enp2s0-address-4 + (gnu:services:base:network-address + (device "enp2s0") + (value "192.168.1.2/24") + (ipv6? #f))) + +(define enp1s0-route-4-default + (gnu:services:base:network-route + (destination "default") + (source #f) + (device #f) + (ipv6? #f) + (gateway "192.168.10.1"))) + +(define network-hardware + (gnu:services:base:static-networking + (addresses (list enp1s0-address-4 + enp2s0-address-4)) + (links (list)) + (routes (list enp1s0-route-4-default)) + (name-servers (list "192.168.10.1" + "192.168.1.1")) + (provision (list 'network-hardware)) + (requirement (list)))) + +(define static-networking-configuration + (list network-hardware)) + +(define static-networking + (gnu:services:service + gnu:services:networking:static-networking-service-type + static-networking-configuration)) + +(define ip-command + (file-append gnu:packages:linux:iproute + "/sbin/ip")) + +(define network-enp2s0-route-default + (let + ( (route-default- #~(list #$ip-command + "route" + "add" + "default" + "via" + "192.168.1.1" + "table" + "1"))) + (gnu:services:shepherd:shepherd-service + (provision (list 'network-enp2s0-route-default)) + (requirement (list 'network-enp2s0-table)) + (one-shot? #t) + (respawn? #f) + (start #~(make-forkexec-constructor #$route-default-)) + (stop #~(const #f)) + (actions (list)) + (auto-start? #t) + (documentation "Sets up a default route for traffic from enp2s0.") + (modules gnu:services:shepherd:%default-modules)))) + +(define network-enp2s0-table + (let + ( (table- #~(list #$ip-command + "rule" + "add" + "from" + "192.168.1.2" + "table" + "1" + "prio" + "1"))) + (gnu:services:shepherd:shepherd-service + (provision (list 'network-enp2s0-table)) + (requirement (list 'network-hardware)) + (one-shot? #t) + (respawn? #f) + (start #~(make-forkexec-constructor #$table-)) + (stop #~(const #f)) + (actions (list)) + (auto-start? #t) + (documentation "Defines a table of rules number 1 for routes through enp2s0.") + (modules gnu:services:shepherd:%default-modules)))) + +(define networking + (gnu:services:shepherd:shepherd-service + (provision (list 'networking)) + (requirement (list 'network-enp2s0-table + 'network-enp2s0-route-default)) + (one-shot? #t) + (respawn? #f) + (start #~(const #t)) + (stop #~(const #f)) + (actions (list)) + (auto-start? #t) + (documentation "Defines a graph root of one-shot services to invoke various ip commands.") + (modules gnu:services:shepherd:%default-modules))) + +(define iproute2-networking + (gnu:services:simple-service 'networking + gnu:services:shepherd:shepherd-root-service-type + (list network-enp2s0-table + network-enp2s0-route-default + networking))) + (define swap-device-izumi-1-label ((@ (gnu system file-systems) file-system-label) "izumi-swap-f")) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +(define %sovereign-services* + (gnu:services:modify-services sovereign:systems:%sovereign-services + (delete gnu:services:networking:network-manager-service-type))) + (define system-bootloader (gnu:bootloader:bootloader-configuration (bootloader gnu:bootloader:grub:grub-efi-bootloader) @@ -443,7 +561,9 @@ (nginx-izumi) offload-rakan (openssh) - (radicale))) + (radicale) + static-networking + iproute2-networking)) (define system-users (list users:id1000:uid1000-account @@ -474,7 +594,7 @@ (locale sovereign:systems:pl-locale) (locale-definitions sovereign:systems:%sovereign-locale-definitions) (services (append system-services - sovereign:systems:%sovereign-services)) + %sovereign-services*)) (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) (define-public operating-system* diff --git a/users/id1000.scm b/users/id1000.scm index fa12195..06ca5f2 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -408,7 +408,7 @@ "# instead of /etc/passwd\n" "table passwd file:" smtpd-keys "\n" "\n" - "table other-relays file:" relays-file "\n" + "# table other-relays file:" relays-file "\n" "table blacklist file:" blacklist-file "\n" "\n" "# A simple spam filter\n" @@ -445,7 +445,7 @@ "# We define some actions\n" "action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual <aliases>\n" "action godkim relay host smtp://localhost:10027\n" - "action outbound relay helo \"" domain "\"\n" + "action outbound relay src \"192.168.1.2\" helo \"" "user119-109.otvarta.pl" "\"\n" "\n" "# We accept to relay any mail from authenticated users\n" "match for any from any auth action godkim\n" |