diff options
Diffstat (limited to 'deployment/system/rakan.scm')
| -rw-r--r-- | deployment/system/rakan.scm | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/deployment/system/rakan.scm b/deployment/system/rakan.scm new file mode 100644 index 0000000..9e9d77c --- /dev/null +++ b/deployment/system/rakan.scm @@ -0,0 +1,247 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment system rakan) + #:use-module (guix gexp) + #:use-module ( (deployment keys) + #:prefix deployment:keys:) + #:use-module ( (deployment services databases) + #:prefix deployment:services:databases:) + #:use-module ( (deployment services matrix) + #:prefix deployment:services:matrix:) + #:use-module ( (gnu home) + #:prefix gnu:home:) + #:use-module ( (gnu home services) + #:prefix gnu:home:services:) + #:use-module ( (gnu packages mail) + #:prefix gnu:packages:mail:) + #:use-module ( (gnu services) + #:prefix gnu:services:) + #:use-module ( (gnu services base) + #:prefix gnu:services:base:) + #:use-module ( (gnu services guix) + #:prefix gnu:services:guix:) + #:use-module ( (gnu services samba) + #:prefix gnu:services:samba:) + #:use-module ( (gnu system) + #:prefix gnu:system:) + #:use-module ( (gnu system file-systems) + #:prefix gnu:system:file-systems:) + #:use-module ( (gnu system linux-initrd) + #:prefix gnu:system:linux-initrd:) + #:use-module ( (gnu system locale) + #:prefix gnu:system:locale:) + #:use-module ( (gnu system nss) + #:prefix gnu:system:nss:) + #:use-module ( (gnu system pam) + #:prefix gnu:system:pam:) + #:use-module ( (gnu system shadow) + #:prefix gnu:system:shadow:) + #:use-module ( (guix diagnostics) + #:prefix guix:diagnostics:) + #:use-module ( (nongnu packages linux) + #:prefix nongnu:packages:linux:) + #:use-module ( (nongnu system linux-initrd) + #:prefix nongnu:system:linux-initrd:) + #:use-module ( (gnu home-services mail) + #:prefix rde/gnu:home-services:mail:) + #:use-module ( (sovereign devices) + #:prefix sovereign:devices:) + #:use-module ( (sovereign devices amd64) + #:prefix sovereign:devices:amd64:) + #:use-module ( (sovereign packages emacs) + #:prefix sovereign:packages:emacs:) + #:use-module ( (sovereign packages protonmail) + #:prefix sovereign:packages:protonmail:) + #:use-module ( (sovereign services) + #:prefix sovereign:services:) + #:use-module ( (sovereign systems) + #:prefix sovereign:systems:) + #:use-module ( (users id1000) + #:prefix users:id1000:)) + +(define system-name + "rakan") + +(define file-system-efi + (let* + ( (l-system-name (string-upcase system-name)) + (l-device (sovereign:devices:file-system-label l-system-name))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/efi) + (device l-device)))) + +(define file-system-root + (let + ( (l-device (sovereign:devices:file-system-label system-name + "root"))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/root) + (device l-device)))) + +(define swap + (let + ( (l-target (sovereign:devices:file-system-label system-name + "swap"))) + (gnu:system:file-systems:swap-space + (inherit sovereign:devices:swap/no-trim) + (target l-target)))) + +(define guix-offload-authorizations + (gnu:services:base:guix-extension + (authorized-keys (list deployment:keys:aisaka-guix)))) + +(define (l2md-maildir name) + (string-append "~/Publiczne/l2md/" + name)) + +(define l2md-repo-guile-user + (rde/gnu:home-services:mail:l2md-repo + (name "guile-user") + (urls "https://yhetil.org/guile-user/0") + (maildir (l2md-maildir name)) + (pipe "") + (initial-import 0) + (sync-enabled? #t))) + +(define l2md-repo-guix-devel + (rde/gnu:home-services:mail:l2md-repo + (name "guix-devel") + (urls "https://yhetil.org/guix-devel/0") + (maildir (l2md-maildir name)) + (pipe "") + (initial-import 0) + (sync-enabled? #t))) + +(define l2md-repo-guix-user + (rde/gnu:home-services:mail:l2md-repo + (name "guix-user") + (urls "https://yhetil.org/guix-user/0") + (maildir (l2md-maildir name)) + (pipe "") + (initial-import 0) + (sync-enabled? #t))) + +(define l2md-configuration + (rde/gnu:home-services:mail:home-l2md-configuration + (l2md gnu:packages:mail:l2md) + (autostart? #t) + (period 180) + (oneshot 0) + (maildir "") + (pipe "") + (base "~/Publiczne/l2md") + (repos (list l2md-repo-guile-user + l2md-repo-guix-devel + l2md-repo-guix-user)))) + +(define home-l2md + (gnu:services:service + rde/gnu:home-services:mail:home-l2md-service-type + l2md-configuration)) + +(define samba-configuration + (gnu:services:samba:samba-configuration + (enable-smbd? #t) + (config-file (mixed-text-file "smb.conf" + "[global]\n" + "map to guest = Bad User\n" + "logging = syslog@1\n" + "\n" + "[public]\n" + "browsable = yes\n" + "path = /tmp\n" + "read only = no\n" + "guest ok = yes\n" + "guest only = yes\n")))) + +(define samba-service + (gnu:services:service + gnu:services:samba:samba-service-type + samba-configuration)) + +(define named-home-environment-1000 + (let + ( (named-home-environment- users:id1000:named-home-environment)) + (let + ( (home-environment- (car (cdr named-home-environment-))) + (name- (car named-home-environment-))) + (let* + ( (services- (gnu:home:home-environment-user-services home-environment-)) + (packages- (gnu:home:home-environment-packages home-environment-)) + (home-environment-* (gnu:home:home-environment + (inherit home-environment-) + (packages packages-) + (services (cons* home-l2md + services-))))) + (list name- + home-environment-*))))) + +(define guix-homes + (list named-home-environment-1000)) + +(define guix-home-service + (sovereign:systems:guix-home-service guix-homes)) + +(define offload-auth + (gnu:services:simple-service 'offload-authorizations + gnu:services:base:guix-service-type + guix-offload-authorizations)) + +(define guix-publish-configuration + (gnu:services:base:guix-publish-configuration + (host "0.0.0.0") + (port 8080) + (advertise? #t))) + +(define-public guix-publish-service + (sovereign:services:guix-publish-service guix-publish-configuration)) + +(define-public system + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (kernel-loadable-modules (list)) + (kernel-arguments gnu:system:%default-kernel-arguments) + (hurd #f) + (bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name)) + (label (sovereign:systems:operating-system-label* system-name + gnu:system:this-operating-system)) + (keyboard-layout sovereign:devices:pl-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (initrd-modules (cons* "mei_me" + gnu:system:linux-initrd:%base-initrd-modules)) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name system-name) + (hosts-file #f) + (mapped-devices (list)) + (file-systems (cons* file-system-root + file-system-efi + gnu:system:file-systems:%base-file-systems)) + (swap-devices (list swap)) + (users (cons* users:id1000:uid1000-account + gnu:system:shadow:%base-user-accounts)) + (groups gnu:system:shadow:%base-groups) + (skeletons (gnu:system:shadow:default-skeletons)) + (issue (@@ (gnu system) %default-issue)) + (packages gnu:system:%base-packages) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (locale-libcs gnu:system:locale:%default-locale-libcs) + (name-service-switch gnu:system:nss:%default-nss) + (essential-services (gnu:system:operating-system-default-essential-services gnu:system:this-operating-system)) + (services (cons* guix-home-service + guix-publish-service + deployment:services:databases:matrix-postgresql-service + deployment:services:matrix:matrix-service-rakan + sovereign:packages:protonmail:nogui-profile + offload-auth + samba-service + sovereign:systems:%sovereign-services)) + (pam-services (gnu:system:pam:base-pam-services)) + (privileged-programs gnu:system:%default-privileged-programs) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification) + (location (and=> (current-source-location) + guix:diagnostics:source-properties->location)))) + +(define-public operating-system* system) |