diff options
Diffstat (limited to 'deployment/systems')
| -rw-r--r-- | deployment/systems/aisaka.scm | 513 | ||||
| -rw-r--r-- | deployment/systems/akashi.scm | 64 | ||||
| -rw-r--r-- | deployment/systems/ayase.scm | 153 | ||||
| -rw-r--r-- | deployment/systems/git-ignore.conf | 48 | ||||
| -rw-r--r-- | deployment/systems/gitconfig | 10 | ||||
| -rw-r--r-- | deployment/systems/mcdowell.scm | 89 |
6 files changed, 877 insertions, 0 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm new file mode 100644 index 0000000..b303ea0 --- /dev/null +++ b/deployment/systems/aisaka.scm @@ -0,0 +1,513 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems aisaka) + #:use-module ((gnu bootloader) #:prefix gnu:bootloader:) + #:use-module ((gnu bootloader grub) #:prefix gnu:bootloader:grub:) + #:use-module ((gnu services) #:prefix gnu:services:) + #:use-module ((gnu services dns) #:prefix gnu:services:dns:) + #:use-module ((gnu services web) #:prefix gnu:services:web:) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((gnu system shadow) #:prefix gnu:system:shadow:) + #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((sovereign devices) #:prefix sovereign:devices:) + #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) + #:use-module ((sovereign packages jekyll) #:prefix sovereign:packages:jekyll:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((suweren commons sudoers) #:prefix suweren-commons-sudoers:) + #:use-module ((suweren home) #:prefix suweren:home:) + #:use-module ((suweren system) #:prefix suweren:system:) + #:use-module ((suweren update) #:prefix suweren:update:) + #:use-module ((users id1000) #:prefix users:id1000:) + #:use-module ((users vmail) #:prefix users:vmail:)) + +(gnu:services:dns:define-zone-entries marekpasnikowski.pl.zone + ("@" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "NS" "ns.marekpasnikowski.pl.") + ("ns" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "NS" "ns1.marekpasnikowski.pl.") + ("ns1" "3600" "IN" "A" "81.190.248.246") + ("@" "3600" "IN" "MX" "10 mx1.forwardemail.net.") + ("@" "3600" "IN" "MX" "10 mx2.forwardemail.net.") + ("@" "3600" "IN" "TXT" "\"forward-email-port=49152\"") + ("@" "3600" "IN" "TXT" "\"forward-email=marekpasnikowski.pl\"") + ("@" "3600" "IN" "TXT" "\"v=spf1 ip4:81.190.248.246 -all\"") + ("_caldavs._tcp" "3600" "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl") + ("_carddavs._tcp" "3600" "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl") + ("_dmarc" "3600" "IN" "TXT" "\"v=DMARC1; p=reject; sp=reject; pct=100; aspf=s; adkim=s; fo=1; rua=mailto:abuse@marekpasnikowski.pl; ruf=mailto:abuse@marekpasnikowski.pl\"") + ("dkim._domainkey" "3600" "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"") + ("git" "3600" "IN" "A" "81.190.248.246") + ("radicale" "3600" "IN" "A" "81.190.248.246") + ("test" "3600" "IN" "A" "81.190.248.246") + ("www" "3600" "IN" "A" "81.190.248.246") + ("vault" "3600" "IN" "A" "81.190.248.246")) + +(define master-zone + (gnu:services:dns:knot-zone-configuration + (domain "marekpasnikowski.pl") + (zone + (gnu:services:dns:zone-file + (entries marekpasnikowski.pl.zone) + (origin "marekpasnikowski.pl") + (ns "ns.marekpasnikowski.pl.") + (mail "marek.marekpasnikowski.pl.") + (serial 2025031000))))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define radicale-keys "/secrets/radicale/keys") +(define dovecot-keys "/secrets/dovecot") + +(define (nginx-accounts) + (use-modules (gnu packages) + (guix gexp)) + (list ((@ (gnu system accounts) user-group) + (name "nginx") + (system? #t)) + ((@ (gnu system accounts) user-account) + (name "nginx") + (group "nginx") + (supplementary-groups '("git")) + (system? #t) + (comment "nginx server user") + (home-directory "/var/empty") + (shell (file-append (specification->package "shadow") + "/sbin/nologin"))))) + +(define (nginx-service-type*) + (use-modules (gnu services) + (gnu services web) + (gnu system shadow)) + ((@ (gnu services) service-type) + (inherit nginx-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + account-service-type) + ((@ (gnu services) service-extension) + account-service-type + (const (nginx-accounts))) + extension)) + ((@ (gnu services) service-type-extensions) + nginx-service-type))))) + +(define nginx-service-type* + (nginx-service-type*)) + +(define system-name + "aisaka") + +;;;??????????????????????????????????????????????????????????????????? + +(define (certbot) + (use-modules (gnu services certbot)) + ((@ (gnu services) service) + ((@ (gnu services) service-type) + (inherit certbot-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + nginx-service-type) + ((@ (gnu services) service-extension) + nginx-service-type* + (@@ (gnu services certbot) + certbot-nginx-server-configurations)) + extension)) + ((@ (gnu services) service-type-extensions) + certbot-service-type)))) + ((@ (gnu services certbot) certbot-configuration) + (certificates + (list + ((@ (gnu services certbot) certificate-configuration) + (deploy-hook + (program-file + "nginx-deploy-hook" + ((@ (guix gexp) gexp) + (let + ((pid (call-with-input-file "/var/run/nginx/pid" read))) + (kill pid SIGHUP))))) + (domains + (list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" + "test.marekpasnikowski.pl" + "www.marekpasnikowski.pl"))))) + (email "marek@marekpasnikowski.pl") + (webroot "/srv/www/marek/marekpasnikowski.pl")))) + +(define (cgit-izumi) + (use-modules (gnu packages version-control) + (gnu services cgit) + (gnu services version-control)) + ((@ (gnu services) service) + ((@ (gnu services) service-type) + (inherit cgit-service-type) + (extensions (map (lambda (extension) + (if (eq? ((@ (gnu services) service-extension-target) + extension) + nginx-service-type) + ((@ (gnu services) service-extension) + nginx-service-type* + cgit-configuration-nginx-config) + extension)) + ((@ (gnu services) service-type-extensions) + cgit-service-type)))) + ((@ (gnu services cgit) cgit-configuration) + (nginx + (list + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + (git-http-nginx-location-configuration + ((@ (gnu services version-control) git-http-configuration) + (git-root "/var/lib/gitolite/repositories") + (uri-path "/git"))) + ((@ (gnu services web) nginx-location-configuration) + (body + (list + "fastcgi_param HTTP_HOST $server_name ;" + "fastcgi_param PATH_INFO $uri ;" + "fastcgi_param QUERY_STRING $args ;" + "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" + "fastcgi_pass 127.0.0.1:9000 ;")) + (uri "@cgit")) + ((@ (gnu services web) nginx-location-configuration) + (body (list "root /srv/www/marek/marekpasnikowski.pl/ ;")) + (uri "/.well-known")))) + (listen (list "192.168.10.2:443 ssl")) + (root cgit) + (server-name (list "git.marekpasnikowski.pl")) + (ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (try-files (list "$uri" "@cgit"))))) + (repositories + (list + ((@ (gnu services cgit) repository-cgit-configuration) + (hide? #t) + (path "/srv/git/marek/packages")))) + (repository-directory "/var/lib/gitolite/repositories")))) + +(define (etc-mailname) + (gnu:services:simple-service 'etc-files + etc-service-type + (list `("mailname" ,(plain-file "mailname" + "marekpasnikowski.pl\n"))))) + +(define (fcgiwrap) + ((@ (gnu services) service) + fcgiwrap-service-type + ((@ (gnu services web) fcgiwrap-configuration) + (user "git") + (group "git")))) + +(define file-system-efi + (gnu:system:file-systems:file-system + (device (gnu:system:file-systems:file-system-label "AISAKA")) + (mount-point "/boot/efi") + (type "vfat") + (flags (list)) + (options #f) + (mount? #t) + (mount-may-fail? #t) + (needed-for-boot? #f) + (check? #t) + (skip-check-if-clean? #f) + (repair 'preen) + (create-mount-point? #f) + (dependencies (list)) + (shepherd-requirements (list)) + (location (current-source-location)))) + +(define file-system-root + (gnu:system:file-systems:file-system + (device (gnu:system:file-systems:file-system-label "aisaka-root")) + (mount-point "/") + (type "ext4") + (flags (list)) + (options #f) + (mount? #t) + (mount-may-fail? #f) + (needed-for-boot? #t) + (check? #t) + (skip-check-if-clean? #f) + (repair 'preen) + (create-mount-point? #f) + (dependencies (list)) + (shepherd-requirements (list)) + (location (current-source-location)))) + +(define (gitolite) + ((@ (gnu services) service) + gitolite-service-type + ((@ (gnu services version-control) gitolite-configuration) + (rc-file ((@ (gnu services version-control) gitolite-rc-file) + (umask #o0027))) + (admin-pubkey (plain-file "gitolite-admin.pub" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n"))))) + +(define (home-services) + (use-modules (channels) + (gnu home services) + (gnu packages base) + (gnu packages emacs-xyz) + (gnu packages gawk) + (guix build-system emacs) + (guix git-download) + ((guix licenses) + #:prefix license:)) + ((@ (gnu services) service) + (@ (gnu services guix) guix-home-service-type) + `(("marek" ,((@ (gnu home) home-environment) + (packages (map specification->package+output + (list "dconf-editor" + "emacs" + "emacs-org-modern" + "emacs-org-roam" + "emacs-paredit" + "git" + "gnupg" + "gnome-tweaks" + "noweb" + "pinentry" + "pwgen" + "unzip" + "zip"))) + (services (append suweren:home:%suweren-home-services + ;; (list izumi-channels-service-type) + (list + (gnu:services:simple-service + 'emacs-home-profile + home-profile-service-type + (append + (list emacs-guix emacs-nix-mode) + (list + (let + ((commit* "wip-algo-tn")) + ((@ (guix packages) package) + (name "emacs-org-fc") + (version (git-version "0.1.2" "0" commit*)) + (source + ((@ (guix packages) origin) + (method git-fetch) + (uri + ((@ (guix git-download) git-reference) + (url "https://git.marekpasnikowski.pl/org-fc.git") + (commit commit*))) + (file-name (git-file-name name version)) + (sha256 ((@ (guix packages) base32) + '"1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) + (build-system emacs-build-system) + (arguments + (list + #:include ((@ (guix gexp) gexp) + (cons* "\\.awk$" "\\.org$" %default-include)) + #:exclude ((@ (guix gexp) gexp) + (cons "^test/" %default-exclude)) + #:tests? #t + #:test-command + ((@ (guix gexp) gexp) + (list + "emacs" + "--batch" + "-L" "." + "-L" "tests/" + "-l" "tests/org-fc-filter-test.el" + "-l" "tests/org-fc-indexer-test.el" + "-l" "tests/org-fc-review-data-test.el" + "-f" "ert-run-tests-batch-and-exit")) + #:phases + ((@ (guix gexp) gexp) + (modify-phases + %standard-phases + (add-after + 'unpack + 'qualify-paths + (lambda* + (#:key inputs + #:allow-other-keys) + (substitute* + "org-fc-awk.el" + (("\"find ") + (string-append + "\"" + (search-input-file inputs "/bin/find") + " ")) + (("\"gawk ") + (string-append + "\"" + (search-input-file inputs "/bin/gawk") + " ")) + (("\"xargs ") + (string-append + "\"" + (search-input-file inputs "/bin/xargs") + " "))))))))) + (inputs (list findutils gawk)) + (propagated-inputs (list emacs-hydra)) + (home-page "https://www.leonrische.me/fc/index.html") + (synopsis "Spaced repetition system for Emacs Org mode") + (description + (string-append + "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" + "It allows you to mark headlines in a file as flashcards, turning pieces of\n" + "knowledge you want to learn into a question-answer test. These cards are\n" + "reviewed at regular interval. After each review, the next review interval is\n" + "calculated based on how well you remembered the contents of the card.\n")) + (license license:gpl3+)))))) + (gnu:services:simple-service 'home-files + home-files-service-type + (list (list ".gitconfig" + ((@ (guix gexp) local-file) + "gitconfig")) + (list ".config/git/ignore" + ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore + ((@ (guix gexp) local-file) + "git-ignore.conf")))) + (gnu:services:simple-service + 'environment-variables + home-environment-variables-service-type + `(("EDITOR" . "emacsclient -nw"))))))))))) + +(define system-keyboard-layout + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define (nginx-izumi) + ((@ (gnu services) service) + nginx-service-type* + ((@ (gnu services web) nginx-configuration) + (shepherd-requirement (list 'networking)) + (server-blocks + (list + ;; Portal + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + ((@ (gnu services web) nginx-location-configuration) + (uri "/.well-known" ) + (body + (list "root /srv/www/marek/marekpasnikowski.pl ;"))))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/www") + (server-name (list "marekpasnikowski.pl")) + (ssl-certificate + "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key + "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")) + ;; WWW + (gnu:services:web:nginx-server-configuration + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/www") + (server-name (list "www.marekpasnikowski.pl"))) + (gnu:services:web:nginx-server-configuration + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/test") + (server-name (list "test.marekpasnikowski.pl"))) + ;; Radicale + ((@ (gnu services web) nginx-server-configuration) + (locations + (list + ((@ (gnu services web) nginx-location-configuration) + (body + (list + "proxy_pass http://localhost:5232/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;")) + (uri "/")) + ((@ (gnu services web) nginx-location-configuration) + (body + (list "root /srv/www/marek/marekpasnikowski.pl ;")) + (uri "/.well-known")))) + (listen (list "192.168.10.2:443 ssl")) + (server-name (list "radicale.marekpasnikowski.pl")))))))) + +(define (openssh) + (use-modules (gnu services ssh)) + ((@ (gnu services) service) + openssh-service-type)) + +(define (radicale) + (use-modules (gnu services mail)) + ((@ (gnu services) service) + radicale-service-type + ((@ (gnu services mail) radicale-configuration) + (auth ((@ (gnu services mail) radicale-auth-configuration) + (type 'htpasswd) + (htpasswd-filename radicale-keys) + (htpasswd-encryption 'plain))) + (storage ((@ (gnu services mail) radicale-storage-configuration) + (filesystem-folder "/data/radicale/collections")))))) + +(define swap-device-izumi-1-label + ((@ (gnu system file-systems) file-system-label) + "izumi-swap-f")) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define system-bootloader + (gnu:bootloader:bootloader-configuration + (bootloader gnu:bootloader:grub:grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout sovereign:devices:pl-keyboard-layout))) + +(define system-file-systems + (list file-system-root + file-system-efi)) + +(define system-groups + (list ((@ (gnu system accounts) user-group) + (name "vmail") + (system? #t)))) + +(define system-services + (list users:id1000:dkim-service + users:id1000:dovecot-service + users:id1000:smtp-service + (service gnu:services:dns:knot-service-type + (gnu:services:dns:knot-configuration + (listen-v4 "192.168.10.2") + (zones (list master-zone)))) + (certbot) + (cgit-izumi) + (etc-mailname) + (fcgiwrap) + (gitolite) + (home-services) + (nginx-izumi) + (openssh) + (radicale))) + +(define system-users + (list users:id1000:uid1000-account + users:vmail:vmail-account)) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public operating-system* + (gnu:system:operating-system + (bootloader system-bootloader) + (kernel sovereign:devices:amd64:kernel) + (keyboard-layout system-keyboard-layout) + (initrd sovereign:devices:amd64:initrd) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name system-name) + (file-systems (append system-file-systems + gnu:system:file-systems:%base-file-systems)) + (users (append system-users + gnu:system:shadow:%base-user-accounts)) + (groups (append system-groups + gnu:system:shadow:%base-groups)) + (packages (append gnu:system:%base-packages + (list sovereign:packages:jekyll:custom-jekyll))) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services (append system-services + sovereign:systems:%sovereign-services)) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) diff --git a/deployment/systems/akashi.scm b/deployment/systems/akashi.scm new file mode 100644 index 0000000..b939157 --- /dev/null +++ b/deployment/systems/akashi.scm @@ -0,0 +1,64 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems akashi) + #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) + #:use-module ((gnu services guix) #:prefix gnu:services:guix:) + #:use-module ((machines thinkpad-x200) #:prefix machines:thinkpad-x200:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((suweren commons sudoers) #:prefix suweren:commons:sudoers:) + #:use-module (users id1000)) + +(define root-partition + ((@ (gnu system file-systems) file-system) + (mount-point "/") + (device ((@ (gnu system file-systems) file-system-label) "akashi-root")) + (type "ext4"))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define host-name* + "akashi") + +(define (file-systems) + (use-modules (suweren system)) + (append %suweren-file-systems + (list root-partition))) + +(define keyboard-layout* + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define (services) + (use-modules (suweren system)) + (let* ((home-environments `((,uid1000-name ,uid1000-home-environment))) + (guix-home ((@ (gnu services) service) + gnu:services:guix:guix-home-service-type + home-environments))) + (append sovereign:systems:%sovereign-services + (list guix-home + ((@ (gnu services base) udev-rules-service) + 'adb-udev + (@ (gnu packages android) android-udev-rules)))))) + +(define users + (list uid1000-account)) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public operating-system* + (let* ((patter-placeholder #f) + (timezone* "Europe/Warsaw")) + ((@ (gnu system) operating-system) + (kernel gnu:packages:linux:linux-libre) + (bootloader (machines:thinkpad-x200:bootloader-configuration* keyboard-layout*)) + (keyboard-layout keyboard-layout*) + (host-name host-name*) + (file-systems (file-systems)) + (swap-devices (machines:thinkpad-x200:swap-devices* host-name*)) + (users users) + (timezone timezone*) + (locale polish-locale-string) + (locale-definitions %suweren-locale-definitions) + (services (services)) + (sudoers-file suweren:commons:sudoers:%sudoers-specification*)))) diff --git a/deployment/systems/ayase.scm b/deployment/systems/ayase.scm new file mode 100644 index 0000000..fb3e5cb --- /dev/null +++ b/deployment/systems/ayase.scm @@ -0,0 +1,153 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems ayase) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((gnu system uuid) #:prefix gnu:system:uuid:) + #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:) + #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) + #:use-module ((sovereign packages protonmail) #:prefix sovereign:packages:protonmail:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((suweren commons sudoers) #:prefix suweren:commons:sudoers:) + #:use-module ((suweren services) #:prefix suweren:services:) + #:use-module ((suweren system) #:prefix suweren:system:) + #:use-module ((users id1000) #:prefix users:id1000:)) + +(define efi-filesystem-uuid + (gnu:system:uuid:uuid + "B4FB-CBD9" + 'fat32)) + +(define host-name + "ayase") + +(define (label number) + (gnu:system:file-systems:file-system-label + (string-append host-name + "-swap" + number))) + +(define root-filesystem-uuid + (gnu:system:uuid:uuid + "615a98cd-a632-4ee5-a6f4-e5ebcaa6fb8c")) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define efi-partition + (gnu:system:file-systems:file-system + (mount-point "/boot/efi") + (device efi-filesystem-uuid) + (type "vfat"))) + +(define (home-services) + (use-modules (gnu services guix)) + ((@ (gnu services) service) + guix-home-service-type + `((,users:id1000:uid1000-name ,users:id1000:uid1000-home-environment)))) + +(define keyboard-layout + ((@ (gnu system keyboard) keyboard-layout) + "pl")) + +(define (libvirt-service) + (use-modules (gnu services virtualization)) + ((@ (gnu services) service) + libvirt-service-type)) + +(define (virtlog-service) + (use-modules (gnu services virtualization)) + ((@ (gnu services) service) + virtlog-service-type)) + +(define (openssh-service) + (use-modules (gnu services ssh)) + ((@ (gnu services) service) + openssh-service-type)) + +(define root-partition + (gnu:system:file-systems:file-system + (mount-point "/") + (device root-filesystem-uuid) + (type "ext4"))) + +(define (swap-label number) + (let ((target-label (label number))) + (gnu:system:file-systems:swap-space + (target target-label)))) + +(define (system-packages-service) + (use-modules (gnu packages gnome) + (gnu packages gnupg) + (gnu packages kde-pim) + (gnu services)) + (simple-service 'system-packages + profile-service-type + (list gnome-boxes + kgpg + pinentry-qt + pinentry-tty))) + +(define (tor-service) + (use-modules (gnu services) + (gnu services networking)) + ((@ (gnu services) service) + tor-service-type)) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define (bootloader) + (use-modules (gnu bootloader grub)) + ((@ (gnu bootloader) bootloader-configuration) + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + +(define (file-systems) + (append gnu:system:file-systems:%base-file-systems + (list root-partition + efi-partition))) + +(define services + (append sovereign:systems:%sovereign-services + suweren:services:%distribution-services + (list sovereign:packages:protonmail:nogui-profile + (home-services) + ; (libvirt-service) + (openssh-service) + (system-packages-service) + (tor-service) + ; (virtlog-service) + ))) + +(define swap-device-1 + (swap-label "-1")) + +(define swap-device-2 + (swap-label "-2")) + +(define (users) + (use-modules (gnu system accounts)) + (append (@ (gnu system shadow) %base-user-accounts) + (list users:id1000:uid1000-account))) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(define-public operating-system* + (gnu:system:operating-system + (kernel sovereign:devices:amd64:kernel) + (bootloader (bootloader)) + (keyboard-layout keyboard-layout) + (initrd sovereign:devices:amd64:initrd) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name host-name) + (file-systems (file-systems)) + (swap-devices (list swap-device-1 + swap-device-2)) + (users (users)) + (timezone "Europe/Warsaw") + (locale suweren:system:polish-locale-string) + (locale-definitions suweren:system:%suweren-locale-definitions) + (services services) + (sudoers-file suweren:commons:sudoers:%sudoers-specification*))) diff --git a/deployment/systems/git-ignore.conf b/deployment/systems/git-ignore.conf new file mode 100644 index 0000000..98e588f --- /dev/null +++ b/deployment/systems/git-ignore.conf @@ -0,0 +1,48 @@ +# -*- mode: gitignore; -*- +*~ +\#*\# +/.emacs.desktop +/.emacs.desktop.lock +*.elc +auto-save-list +tramp +.\#* + +# Org-mode +.org-id-locations +*_archive + +# flymake-mode +*_flymake.* + +# eshell files +/eshell/history +/eshell/lastdir + +# elpa packages +/elpa/ + +# reftex files +*.rel + +# AUCTeX auto folder +/auto/ + +# cask packages +.cask/ +dist/ + +# Flycheck +flycheck_*.el + +# server auth directory +/server/ + +# projectiles files +.projectile + +# directory configuration +.dir-locals.el + +# network security +/network-security.data diff --git a/deployment/systems/gitconfig b/deployment/systems/gitconfig new file mode 100644 index 0000000..300f906 --- /dev/null +++ b/deployment/systems/gitconfig @@ -0,0 +1,10 @@ +[commit] + gpgsign = true + +[user] + email = marek@marekpasnikowski.pl + name = Marek Paśnikowski + signingkey = 6D81B1207711899F + +[push] + autoSetupRemote = true diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm new file mode 100644 index 0000000..8396279 --- /dev/null +++ b/deployment/systems/mcdowell.scm @@ -0,0 +1,89 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl> + +(define-module (deployment systems mcdowell) + #:use-module ((gnu services) #:prefix gnu:services:) + #:use-module ((gnu services guix) #:prefix gnu:services:guix:) + #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) + #:use-module ((gnu system linux-initrd) #:prefix gnu:system:linux-initrd:) + #:use-module ((gnu system shadow) #:prefix gnu:system:shadow:) + #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((sovereign devices) #:prefix sovereign:devices:) + #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) + #:use-module ((sovereign packages protonmail) #:prefix sovereign:packages:protonmail:) + #:use-module ((sovereign systems) #:prefix sovereign:systems:) + #:use-module ((users id1000) #:prefix users:id1000:)) + +(define system-name + "mcdowell") + +(define file-system-efi + (let* + ( (l-system-name (string-upcase system-name)) + (l-device (sovereign:devices:file-system-label l-system-name))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/efi) + (device l-device)))) + +(define file-system-root + (let + ( (l-device (sovereign:devices:file-system-label system-name + "root"))) + (gnu:system:file-systems:file-system + (inherit sovereign:devices:file-system/root) + (device l-device)))) + +(define swap + (let + ( (l-target (sovereign:devices:file-system-label system-name + "swap"))) + (gnu:system:file-systems:swap-space + (inherit sovereign:devices:swap/no-trim) + (target l-target)))) + +(define system-bootstrap + (let* + ( (l-guix-homes (list users:id1000:name/home-environment)) + (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes)) + (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name)) + (l-file-systems (cons* file-system-root + file-system-efi + gnu:system:file-systems:%base-file-systems)) + (l-firmware (list nongnu:packages:linux:linux-firmware)) + (l-initrd-modules (cons* "mei_me" + gnu:system:linux-initrd:%base-initrd-modules)) + (l-services (cons* l-guix-home-service + sovereign:packages:protonmail:nogui-profile + sovereign:systems:%sovereign-services)) + (l-swap-devices (list swap)) + (l-users (cons* users:id1000:uid1000-account + gnu:system:shadow:%base-user-accounts))) + (gnu:system:operating-system + (kernel sovereign:devices:amd64:kernel) + (bootloader l-bootloader) + (keyboard-layout sovereign:devices:pl-keyboard-layout) + (initrd sovereign:devices:amd64:initrd) + (initrd-modules l-initrd-modules) + (firmware l-firmware) + (host-name system-name) + (file-systems l-file-systems) + (swap-devices l-swap-devices) + (users l-users) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (services l-services) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification)))) + +(define-public system + (let* + ( (bootstrap-label (gnu:system:operating-system-label system-bootstrap)) + (l-label (sovereign:systems:operating-system-label* system-name + bootstrap-label))) + (gnu:system:operating-system + (inherit system-bootstrap) + (label l-label)))) + +(define-public operating-system* + system) |