summaryrefslogtreecommitdiff
path: root/deployment/systems
diff options
context:
space:
mode:
Diffstat (limited to 'deployment/systems')
-rw-r--r--deployment/systems/aisaka.scm713
-rw-r--r--deployment/systems/akashi.scm125
-rw-r--r--deployment/systems/asakura.scm132
-rw-r--r--deployment/systems/cokolwiek.scm105
-rw-r--r--deployment/systems/git-ignore.conf48
-rw-r--r--deployment/systems/gitconfig10
-rw-r--r--deployment/systems/mcdowell.scm121
-rw-r--r--deployment/systems/rakan.scm247
8 files changed, 0 insertions, 1501 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
deleted file mode 100644
index da3816c..0000000
--- a/deployment/systems/aisaka.scm
+++ /dev/null
@@ -1,713 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2026 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems aisaka)
- #:use-module (guix gexp)
- #:use-module ((deployment keys)
- #:prefix deployment:keys:)
- #:use-module ((gnu bootloader)
- #:prefix gnu:bootloader:)
- #:use-module ((gnu bootloader grub)
- #:prefix gnu:bootloader:grub:)
- #:use-module ((gnu packages)
- #:prefix gnu:packages:)
- #:use-module ((gnu packages linux)
- #:prefix gnu:packages:linux:)
- #:use-module ((gnu packages tls)
- #:prefix gnu:packages:tls:)
- #:use-module ((gnu packages version-control)
- #:prefix gnu:packages:version-control:)
- #:use-module ((gnu services)
- #:prefix gnu:services:)
- #:use-module ((gnu services base)
- #:prefix gnu:services:base:)
- #:use-module ((gnu services certbot)
- #:prefix gnu:services:certbot:)
- #:use-module ((gnu services cgit)
- #:prefix gnu:services:cgit:)
- #:use-module ((gnu services dns)
- #:prefix gnu:services:dns:)
- #:use-module ((gnu services mail)
- #:prefix gnu:services:mail:)
- #:use-module ((gnu services networking)
- #:prefix gnu:services:networking:)
- #:use-module ((gnu services shepherd)
- #:prefix gnu:services:shepherd:)
- #:use-module ((gnu services version-control)
- #:prefix gnu:services:version-control:)
- #:use-module ((gnu services web)
- #:prefix gnu:services:web:)
- #:use-module ((gnu system)
- #:prefix gnu:system:)
- #:use-module ((gnu system accounts)
- #:prefix gnu:system:accounts:)
- #:use-module ((gnu system file-systems)
- #:prefix gnu:system:file-systems:)
- #:use-module ((gnu system keyboard)
- #:prefix gnu:system:keyboard:)
- #:use-module ((gnu system linux-initrd)
- #:prefix gnu:system:linux-initrd:)
- #:use-module ((gnu system locale)
- #:prefix gnu:system:locale:)
- #:use-module ((gnu packages matrix)
- #:prefix gnu:packages:matrix:)
- #:use-module ((gnu system nss)
- #:prefix gnu:system:nss:)
- #:use-module ((gnu system pam)
- #:prefix gnu:system:pam:)
- #:use-module ((gnu system shadow)
- #:prefix gnu:system:shadow:)
- #:use-module ((guix diagnostics)
- #:prefix guix:diagnostics:)
- #:use-module ((nongnu packages linux)
- #:prefix nongnu:packages:linux:)
- #:use-module ((nongnu system linux-initrd)
- #:prefix nongnu:system:linux-initrd:)
- #:use-module ((sovereign devices)
- #:prefix sovereign:devices:)
- #:use-module ((sovereign devices amd64)
- #:prefix sovereign:devices:amd64:)
- #:use-module ((sovereign packages jekyll)
- #:prefix sovereign:packages:jekyll:)
- #:use-module ((sovereign services)
- #:prefix sovereign:services:)
- #:use-module ((sovereign systems)
- #:prefix sovereign:systems:)
- #:use-module ((users id1000)
- #:prefix users:id1000:)
- #:use-module ((users vmail)
- #:prefix users:vmail:))
-
-(define-public architecture "x86_64-linux")
-
-(define-public system-name "aisaka")
-
-(define ip-multimedia "81.190.248.246")
-
-(define ip-otvarta "95.171.119.109")
-
-(define spf-value
- (string-append "\"v=spf1 ip4:"
- ip-otvarta
- " -all\""))
-
-(define ttl "3600")
-
-(gnu:services:dns:define-zone-entries
- marekpasnikowski.pl-entries
- ("@" ttl "IN" "A" ip-otvarta)
- ("2" ttl "IN" "A" ip-otvarta)
- ("ns1" ttl "IN" "A" ip-otvarta)
- ("@" ttl "IN" "NS" "ns1.marekpasnikowski.pl.")
- ("@" ttl "IN" "A" ip-multimedia)
- ("1" ttl "IN" "A" ip-multimedia)
- ("ns2" ttl "IN" "A" ip-multimedia)
- ("@" ttl "IN" "NS" "ns2.marekpasnikowski.pl.")
- ("@" ttl "IN" "MX" "10 marekpasnikowski.pl.")
- ("@" ttl "IN" "TXT" spf-value)
- ("_caldavs._tcp" ttl "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl")
- ("_carddavs._tcp" ttl "IN" "SRV" "10 0 443 radicale.marekpasnikowski.pl")
- ("_dmarc" ttl "IN" "TXT" "\"v=DMARC1; p=reject; sp=reject; pct=100; aspf=s; adkim=s; fo=1; rua=mailto:abuse@marekpasnikowski.pl; ruf=mailto:abuse@marekpasnikowski.pl\"")
- ("dkim._domainkey" ttl "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"")
- ("git" ttl "IN" "CNAME" "1")
- ("guix" ttl "IN" "CNAME" "1")
- ("matrix" ttl "IN" "CNAME" "1")
- ("radicale" ttl "IN" "CNAME" "1")
- ("schron" ttl "IN" "CNAME" "1")
- ("sejf" ttl "IN" "CNAME" "1")
- ("test" ttl "IN" "CNAME" "1")
- ("www" ttl "IN" "CNAME" "1"))
-
-(define marekpasnikowski.pl-zone
- (gnu:services:dns:zone-file
- (entries marekpasnikowski.pl-entries)
- (origin "marekpasnikowski.pl")
- (ns "ns1.marekpasnikowski.pl.")
- (mail "marek.marekpasnikowski.pl.")
- (serial 2026042000)))
-
-(define master-zone
- (gnu:services:dns:knot-zone-configuration
- (domain "marekpasnikowski.pl")
- (zone marekpasnikowski.pl-zone)))
-
-(define knot-configuration
- (gnu:services:dns:knot-configuration
- (listen-v4 "0.0.0.0")
- (zones (list master-zone))))
-
-(define-public knot
- (gnu:services:service
- gnu:services:dns:knot-service-type
- knot-configuration))
-
-(define radicale-keys "/secrets/radicale/keys")
-
-(define dovecot-keys "/secrets/dovecot")
-
-(define nginx-account
- (gnu:system:accounts:user-account
- (name "nginx")
- (group "nginx")
- (supplementary-groups '("git"))
- (system? #t)
- (comment "nginx server user")
- (home-directory "/var/empty")
- (shell (file-append (gnu:packages:specification->package "shadow")
- "/sbin/nologin"))))
-
-(define nginx-group
- (gnu:system:accounts:user-group
- (name "nginx")
- (system? #t)))
-
-(define nginx-accounts
- (let
- ((accounts- (list nginx-group
- nginx-account)))
- (const accounts-)))
-
-(define nginx-extension-of-account
- (gnu:services:service-extension
- gnu:system:shadow:account-service-type
- nginx-accounts))
-
-(define (extend-account extension)
- (let*
- ((extension-target- (gnu:services:service-extension-target extension))
- (account-service-type?- (eq? extension-target-
- gnu:system:shadow:account-service-type)))
- (if account-service-type?-
- nginx-extension-of-account
- extension)))
-
-(define nginx-service-type*
- (let
- ((nginx-extensions- (gnu:services:service-type-extensions gnu:services:web:nginx-service-type)))
- (gnu:services:service-type
- (inherit gnu:services:web:nginx-service-type)
- (extensions (map extend-account
- nginx-extensions-)))))
-
-(define cgit-repository-configuration
- (gnu:services:cgit:repository-cgit-configuration
- (hide? #t)
- (path "/srv/git/marek/packages")))
-
-(define git-http-configuration
- (gnu:services:version-control:git-http-configuration
- (git-root "/var/lib/gitolite/repositories")
- (uri-path "/git")))
-
-(define nginx-extension-of-cgit
- (gnu:services:service-extension
- nginx-service-type*
- gnu:services:cgit:cgit-configuration-nginx-config))
-
-(define (extend-cgit extension)
- (let*
- ((extension-target- (gnu:services:service-extension-target extension))
- (nginx-service-type?- (eq? extension-target-
- gnu:services:web:nginx-service-type)))
- (if nginx-service-type?-
- nginx-extension-of-cgit
- extension)))
-
-(define cgit-type
- (let
- ((cgit-extensions- (gnu:services:service-type-extensions gnu:services:cgit:cgit-service-type)))
- (gnu:services:service-type
- (inherit gnu:services:cgit:cgit-service-type)
- (extensions (map extend-cgit
- cgit-extensions-)))))
-
-(define nginx-location-cgit
- (gnu:services:web:nginx-location-configuration
- (body (list "fastcgi_param HTTP_HOST $server_name ;"
- "fastcgi_param PATH_INFO $uri ;"
- "fastcgi_param QUERY_STRING $args ;"
- "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;"
- "fastcgi_pass 127.0.0.1:9000 ;"))
- (uri "@cgit")))
-
-(define nginx-location-proxy-guix
- (gnu:services:web:nginx-location-configuration
- (body (list "proxy_pass http://localhost:5232/ ;"
- "proxy_set_header X-Script-Name \"\" ;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;"
- "proxy_set_header Host $http_host ;"
- "proxy_pass_header Authorization ;"))
- (uri "/")))
-
-(define nginx-location-proxy-matrix
- (gnu:services:web:nginx-location-configuration
- (body (list "proxy_pass http://localhost:8008 ;"
- "proxy_set_header X-Forwarded-For $remote_addr ;"
- "proxy_set_header X-Forwarded-Proto $scheme ;"
- "proxy_set_header Host $host:$server_port ;"
- "client_max_body_size 1024M ;"))
- (uri "~ ^(/_matrix|/_synapse/client)")))
-
-(define nginx-location-proxy-radicale
- (gnu:services:web:nginx-location-configuration
- (body (list "proxy_pass http://localhost:8080/ ;"
- "proxy_set_header X-Script-Name \"\" ;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;"
- "proxy_set_header Host $http_host ;"
- "proxy_pass_header Authorization ;"))
- (uri "/")))
-
-(define nginx-location-proxy-auth
- (gnu:services:web:nginx-location-configuration
- (body (list "proxy_set_header Host $host;"
- "proxy_set_header X-Real-IP $remote_addr;"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
- "proxy_set_header X-Forwarded-Proto $scheme;"
- "if ($ssl_client_verify != SUCCESS) {return 403;}"))
- (uri "/")))
-
-(define nginx-location-well-known
- (gnu:services:web:nginx-location-configuration
- (body (list "root /srv/www/marek/marekpasnikowski.pl ;"))
- (uri "/.well-known")))
-
-(define nginx-location-well-known-matrix-client
- (gnu:services:web:nginx-location-configuration
- (body (list "return 200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.marekpasnikowski.pl\"}}' ;"
- "default_type application/json ;"
- "add_header Access-Control-Allow-Origin * ;"))
- (uri "/.well-known/matrix/client")))
-
-(define nginx-server-cgit
- (let
- ((git-http- (gnu:services:version-control:git-http-nginx-location-configuration git-http-configuration)))
- (gnu:services:web:nginx-server-configuration
- (locations (list git-http-
- nginx-location-cgit
- nginx-location-well-known))
- (listen (list "192.168.10.2:443 ssl"))
- (root gnu:packages:version-control:cgit)
- (server-name (list "git.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
- (try-files (list "$uri" "@cgit")))))
-
-(define nginx-server-guix
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-guix))
- (listen (list "192.168.10.2:443 ssl"))
- (server-name (list "guix.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")))
-
-(define nginx-server-matrix
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-matrix))
- (listen (list "192.168.10.2:443 ssl"
- "192.168.10.2:8448 ssl default_server"))
- (root (file-append gnu:packages:matrix:synapse
- "/lib/python3.11/site-packages/synapse/static"))
- (server-name (list "matrix.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
- (raw-content (list "proxy_http_version 1.1 ;"))))
-
-(define nginx-server-portal
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-well-known
- nginx-location-well-known-matrix-client))
- (listen (list "192.168.10.2:443 ssl"))
- (root "/home/marek/Publiczne/www")
- (server-name (list 'default
- "marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")))
-
-(define nginx-server-radicale
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-radicale
- nginx-location-well-known))
- (listen (list "192.168.10.2:443 ssl"))
- (server-name (list "radicale.marekpasnikowski.pl"))))
-
-(define nginx-server-schron
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-auth))
- (listen (list "192.168.10.2:443 ssl"))
- (root "/home/marek/Publiczne/schron")
- (server-name (list "schron.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
- (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;"
- "ssl_verify_client on;"))))
-
-(define nginx-server-sejf
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-auth))
- (listen (list "192.168.10.2:443 ssl"))
- (root "/home/marek/Publiczne/sejf")
- (server-name (list "sejf.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
- (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;"
- "ssl_verify_client on;"))))
-
-(define nginx-server-test
- (gnu:services:web:nginx-server-configuration
- (locations (list nginx-location-proxy-auth))
- (listen (list "192.168.10.2:443 ssl"))
- (root "/home/marek/Publiczne/schron")
- (server-name (list "test.marekpasnikowski.pl"))
- (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
- (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;"
- "ssl_verify_client on;"))))
-
-(define nginx-server-www
- (gnu:services:web:nginx-server-configuration
- (listen (list "192.168.10.2:443 ssl"))
- (root "/home/marek/Publiczne/www")
- (server-name (list "www.marekpasnikowski.pl"))))
-
-(define cgit-configuration
- (gnu:services:cgit:cgit-configuration
- (nginx (list nginx-server-cgit))
- (repositories (list cgit-repository-configuration))
- (project-list (list "deployment.git"
- "nonguix.git"
- "sovereign.git"))
- (repository-directory "/var/lib/gitolite/repositories")))
-
-(define nginx-configuration*
- (gnu:services:web:nginx-configuration
- (shepherd-requirement (list 'networking))
- (server-blocks (list nginx-server-portal
- nginx-server-www
- nginx-server-guix
- nginx-server-matrix
- nginx-server-test
- nginx-server-schron
- nginx-server-sejf
- nginx-server-radicale))))
-
-(define nginx-deploy-hook-file
- #~(let
- ((pid (call-with-input-file "/var/run/nginx/pid"
- read)))
- (kill pid SIGHUP)))
-
-(define nginx-extension-of-certbot
- (gnu:services:service-extension
- nginx-service-type*
- (@@ (gnu services certbot) certbot-nginx-server-configurations)))
-
-(define (extend-certbot extension)
- (let*
- ((extension-target- (gnu:services:service-extension-target extension))
- (nginx-service-type?- (eq? extension-target-
- gnu:services:web:nginx-service-type)))
- (if nginx-service-type?-
- nginx-extension-of-certbot
- extension)))
-
-(define certbot-type
- (let
- ((certbot-extensions- (gnu:services:service-type-extensions gnu:services:certbot:certbot-service-type)))
- (gnu:services:service-type
- (inherit gnu:services:certbot:certbot-service-type)
- (extensions (map extend-certbot
- certbot-extensions-)))))
-
-(define certificate-configuration
- (gnu:services:certbot:certificate-configuration
- (deploy-hook (program-file "nginx-deploy-hook"
- nginx-deploy-hook-file))
- (domains (list "marekpasnikowski.pl"
- "git.marekpasnikowski.pl"
- "guix.marekpasnikowski.pl"
- "matrix.marekpasnikowski.pl"
- "mx.marekpasnikowski.pl"
- "radicale.marekpasnikowski.pl"
- "schron.marekpasnikowski.pl"
- "sejf.marekpasnikowski.pl"
- "test.marekpasnikowski.pl"
- "www.marekpasnikowski.pl"))))
-
-(define certbot-configuration
- (gnu:services:certbot:certbot-configuration
- (certificates (list certificate-configuration))
- (email "marek@marekpasnikowski.pl")
- (webroot "/srv/www/marek/marekpasnikowski.pl")))
-
-(define-public certbot
- (gnu:services:service
- certbot-type
- certbot-configuration))
-
-(define-public cgit
- (gnu:services:service
- cgit-type
- cgit-configuration))
-
-(define-public etc
- (let*
- ((mailname-file- (plain-file "mailname"
- "marekpasnikowski.pl\n"))
- (mailname-link- (list "mailname"
- mailname-file-))
- (etc-links- (list mailname-link-)))
- (gnu:services:simple-service 'etc-files
- gnu:services:etc-service-type
- etc-links-)))
-
-(define fcgiwrap-configuration
- (gnu:services:web:fcgiwrap-configuration
- (user "git")
- (group "git")))
-
-(define-public fcgiwrap
- (gnu:services:service
- gnu:services:web:fcgiwrap-service-type
- fcgiwrap-configuration))
-
-(define-public file-system-efi
- (gnu:system:file-systems:file-system
- (device (gnu:system:file-systems:file-system-label "AISAKA"))
- (mount-point "/boot")
- (type "vfat")
- (flags (list))
- (options #f)
- (mount? #t)
- (mount-may-fail? #t)
- (needed-for-boot? #f)
- (check? #t)
- (skip-check-if-clean? #f)
- (repair 'preen)
- (create-mount-point? #f)
- (dependencies (list))
- (shepherd-requirements (list))
- (location (current-source-location))))
-
-(define-public file-system-root
- (gnu:system:file-systems:file-system
- (device (gnu:system:file-systems:file-system-label "aisaka-root"))
- (mount-point "/")
- (type "ext4")
- (flags (list))
- (options #f)
- (mount? #t)
- (mount-may-fail? #f)
- (needed-for-boot? #t)
- (check? #t)
- (skip-check-if-clean? #f)
- (repair 'preen)
- (create-mount-point? #f)
- (dependencies (list))
- (shepherd-requirements (list))
- (location (current-source-location))))
-
-(define gitolite-rc-file
- (gnu:services:version-control:gitolite-rc-file
- (umask #o0027)))
-
-(define gitolite-configuration
- (gnu:services:version-control:gitolite-configuration
- (rc-file gitolite-rc-file)
- (admin-pubkey #f)))
-
-(define-public gitolite
- (gnu:services:service
- gnu:services:version-control:gitolite-service-type
- gitolite-configuration))
-
-(define-public system-keyboard-layout
- (gnu:system:keyboard:keyboard-layout "pl"))
-
-(define-public nginx
- (gnu:services:service
- nginx-service-type*
- nginx-configuration*))
-
-(define rakan-machine
- #~(build-machine
- (name "rakan")
- (systems (list "x86_64-linux"
- "i686-linux"))
- (user "marek")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@rakan")
- (private-key "/home/marek/.ssh/id_ed25519")))
-
-(define guix-offload-rakan
- (gnu:services:base:guix-extension
- (authorized-keys (list deployment:keys:akashi-guix
- deployment:keys:rakan-guix))
- (build-machines (list rakan-machine))))
-
-(define-public offload-rakan
- (gnu:services:simple-service 'offload-rakan
- gnu:services:base:guix-service-type
- guix-offload-rakan))
-
-(define radicale-auth-configuration
- (gnu:services:mail:radicale-auth-configuration
- (type 'htpasswd)
- (htpasswd-filename radicale-keys)
- (htpasswd-encryption 'plain)))
-
-(define radicale-storage-configuration
- (gnu:services:mail:radicale-storage-configuration
- (filesystem-folder "/data/radicale/collections")))
-
-(define radicale-configuration
- (gnu:services:mail:radicale-configuration
- (auth radicale-auth-configuration)
- (storage radicale-storage-configuration)))
-
-(define-public radicale
- (gnu:services:service
- gnu:services:mail:radicale-service-type
- radicale-configuration))
-
-(define enp1s0-address-4
- (gnu:services:base:network-address
- (device "enp1s0")
- (value "192.168.10.2/24")
- (ipv6? #f)))
-
-(define enp2s0-address-4
- (gnu:services:base:network-address
- (device "enp2s0")
- (value "192.168.1.2/24")
- (ipv6? #f)))
-
-(define enp1s0-route-4-default
- (gnu:services:base:network-route
- (destination "default")
- (source #f)
- (device #f)
- (ipv6? #f)
- (gateway "192.168.10.1")))
-
-(define network-hardware
- (gnu:services:base:static-networking
- (addresses (list enp1s0-address-4
- enp2s0-address-4))
- (links (list))
- (routes (list enp1s0-route-4-default))
- (name-servers (list "192.168.10.1"
- "192.168.1.1"))
- (provision (list 'network-hardware))
- (requirement (list))))
-
-(define static-networking-configuration
- (list network-hardware))
-
-(define-public static-networking
- (gnu:services:service
- gnu:services:networking:static-networking-service-type
- static-networking-configuration))
-
-(define ip-command
- (file-append gnu:packages:linux:iproute
- "/sbin/ip"))
-
-(define network-enp2s0-route-default
- (let
- ((route-default- #~(list #$ip-command
- "route"
- "add"
- "default"
- "via"
- "192.168.1.1"
- "table"
- "1")))
- (gnu:services:shepherd:shepherd-service
- (provision (list 'network-enp2s0-route-default))
- (requirement (list 'network-enp2s0-table))
- (one-shot? #t)
- (respawn? #f)
- (start #~(make-forkexec-constructor #$route-default-))
- (stop #~(const #f))
- (actions (list))
- (auto-start? #t)
- (documentation "Sets up a default route for traffic from enp2s0.")
- (modules gnu:services:shepherd:%default-modules))))
-
-(define network-enp2s0-table
- (let
- ((table- #~(list #$ip-command
- "rule"
- "add"
- "from"
- "192.168.1.2"
- "table"
- "1"
- "prio"
- "1")))
- (gnu:services:shepherd:shepherd-service
- (provision (list 'network-enp2s0-table))
- (requirement (list 'network-hardware))
- (one-shot? #t)
- (respawn? #f)
- (start #~(make-forkexec-constructor #$table-))
- (stop #~(const #f))
- (actions (list))
- (auto-start? #t)
- (documentation "Defines a table of rules number 1 for routes through enp2s0.")
- (modules gnu:services:shepherd:%default-modules))))
-
-(define networking
- (gnu:services:shepherd:shepherd-service
- (provision (list 'networking))
- (requirement (list 'network-enp2s0-table
- 'network-enp2s0-route-default))
- (one-shot? #t)
- (respawn? #f)
- (start #~(const #t))
- (stop #~(const #f))
- (actions (list))
- (auto-start? #t)
- (documentation "Defines a graph root of one-shot services to invoke various ip commands.")
- (modules gnu:services:shepherd:%default-modules)))
-
-(define-public iproute2-networking
- (let
- ((extensions- (list network-enp2s0-table
- network-enp2s0-route-default
- networking)))
- (gnu:services:simple-service 'networking
- gnu:services:shepherd:shepherd-root-service-type
- extensions-)))
-
-(define swap-device-izumi-1-label
- (gnu:system:file-systems:file-system-label "izumi-swap-f"))
-
-(define-public %sovereign-services*
- (gnu:services:modify-services sovereign:systems:%sovereign-services
- (gnu:services:delete gnu:services:networking:network-manager-service-type)))
-
-(define-public system-bootloader
- (gnu:bootloader:bootloader-configuration
- (bootloader gnu:bootloader:grub:grub-efi-bootloader)
- (targets (list "/boot"))
- (keyboard-layout sovereign:devices:pl-keyboard-layout)))
-
-(define-public vmail-group
- (gnu:system:accounts:user-group
- (name "vmail")
- (system? #t)))
-
-(define named-home-environments
- (list users:id1000:named-home-environment))
-
-(define guix-publish-configuration
- (gnu:services:base:guix-publish-configuration
- (host "192.168.10.2")
- (port 8080)
- (advertise? #t)))
-
-(define-public guix-home-service
- (sovereign:systems:guix-home-service named-home-environments))
-
-(define-public guix-publish-service
- (sovereign:services:guix-publish-service guix-publish-configuration))
diff --git a/deployment/systems/akashi.scm b/deployment/systems/akashi.scm
deleted file mode 100644
index 142ffae..0000000
--- a/deployment/systems/akashi.scm
+++ /dev/null
@@ -1,125 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems akashi)
- #:use-module (guix gexp)
- #:use-module (users id1000)
- #:use-module ((deployment keys)
- #:prefix deployment:keys:)
- #:use-module ((gnu packages linux)
- #:prefix gnu:packages:linux:)
- #:use-module ((gnu services)
- #:prefix gnu:services:)
- #:use-module ((gnu services base)
- #:prefix gnu:services:base:)
- #:use-module ((gnu services guix)
- #:prefix gnu:services:guix:)
- #:use-module ((gnu system)
- #:prefix gnu:system:)
- #:use-module ((gnu system file-systems)
- #:prefix gnu:system:file-systems:)
- #:use-module ((gnu system keyboard)
- #:prefix gnu:system:keyboard:)
- #:use-module ((gnu system linux-initrd)
- #:prefix gnu:system:linux-initrd:)
- #:use-module ((gnu system locale)
- #:prefix gnu:system:locale:)
- #:use-module ((gnu system nss)
- #:prefix gnu:system:nss:)
- #:use-module ((gnu system pam)
- #:prefix gnu:system:pam:)
- #:use-module ((gnu system shadow)
- #:prefix gnu:system:shadow:)
- #:use-module ((guix diagnostics)
- #:prefix guix:diagnostics:)
- #:use-module ((machines thinkpad-x200)
- #:prefix machines:thinkpad-x200:)
- #:use-module ((sovereign systems)
- #:prefix sovereign:systems:))
-
-(define-public architecture "x86_64-linux")
-
-(define-public system-name "akashi")
-
-(define root-partition
- ((@ (gnu system file-systems) file-system)
- (mount-point "/")
- (device ((@ (gnu system file-systems) file-system-label) "akashi-root"))
- (type "ext4")))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(define system-keyboard-layout
- (gnu:system:keyboard:keyboard-layout "pl"))
-
-(define offload-hub
- #~(build-machine
- (name "www.marekpasnikowski.pl")
- (systems (list "x86_64-linux"
- "i686-linux"))
- (user "marek")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt root@aisaka")
- (port 23)
- (private-key "/home/marek/.ssh/id_ed25519")))
-
-(define guix-offload-targets
- (gnu:services:base:guix-extension
- (authorized-keys (list deployment:keys:aisaka-guix))
- (build-machines (list offload-hub))))
-
-(define offload-extension
- (gnu:services:simple-service 'offload-extension
- gnu:services:base:guix-service-type
- guix-offload-targets))
-
-(define home-environments
- `((,uid1000-name ,uid1000-home-environment)))
-
-(define guix-home
- (gnu:services:service gnu:services:guix:guix-home-service-type
- home-environments))
-
-(define-public system
- (gnu:system:operating-system
- (kernel gnu:packages:linux:linux-libre)
- (kernel-loadable-modules (list))
- (kernel-arguments (cons* "thinkpad_acpi.fan_control=1"
- "thinkpad_acpi.fan='level 7'"
- gnu:system:%default-kernel-arguments))
- (hurd #f)
- (bootloader (machines:thinkpad-x200:bootloader-configuration* system-keyboard-layout))
- (label (sovereign:systems:operating-system-label* system-name
- gnu:system:this-operating-system))
- (keyboard-layout system-keyboard-layout)
- (initrd gnu:system:linux-initrd:base-initrd)
- (initrd-modules gnu:system:linux-initrd:%base-initrd-modules)
- (firmware (list))
- (host-name system-name)
- (hosts-file #f)
- (mapped-devices (list))
- (file-systems (cons* root-partition
- gnu:system:file-systems:%base-file-systems))
- (swap-devices (machines:thinkpad-x200:swap-devices* system-name))
- (users (list uid1000-account))
- (groups gnu:system:shadow:%base-groups)
- (skeletons (gnu:system:shadow:default-skeletons))
- (issue (@@ (gnu system)
- %default-issue))
- (packages gnu:system:%base-packages)
- (timezone "Europe/Warsaw")
- (locale sovereign:systems:pl-locale)
- (locale-definitions sovereign:systems:%sovereign-locale-definitions)
- (locale-libcs gnu:system:locale:%default-locale-libcs)
- (name-service-switch gnu:system:nss:%default-nss)
- (essential-services (gnu:system:operating-system-default-essential-services gnu:system:this-operating-system))
- (services (cons* guix-home
- offload-extension
- sovereign:systems:%sovereign-services))
- (pam-services (gnu:system:pam:base-pam-services))
- (privileged-programs gnu:system:%default-privileged-programs)
- (setuid-programs gnu:system:%setuid-programs)
- (sudoers-file sovereign:systems:%sovereign-sudoers-specification)
- (location (and=> (current-source-location)
- guix:diagnostics:source-properties->location))))
-
-(define-public operating-system* system)
diff --git a/deployment/systems/asakura.scm b/deployment/systems/asakura.scm
deleted file mode 100644
index 2b8397d..0000000
--- a/deployment/systems/asakura.scm
+++ /dev/null
@@ -1,132 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems asakura)
- #:use-module ((gnu system) #:prefix gnu:system:)
- #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:)
- #:use-module ((gnu system uuid) #:prefix gnu:system:uuid:)
- #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:)
- #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:)
- #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:)
- #:use-module ((sovereign packages protonmail) #:prefix sovereign:packages:protonmail:)
- #:use-module ((sovereign systems) #:prefix sovereign:systems:)
- #:use-module ((users id1000) #:prefix users:id1000:))
-
-(define efi-filesystem-uuid
- (gnu:system:uuid:uuid
- "B4FB-CBD9"
- 'fat32))
-
-(define host-name
- "asakura")
-
-(define (label number)
- (gnu:system:file-systems:file-system-label
- (string-append host-name
- "-swap"
- number)))
-
-(define root-filesystem-uuid
- (gnu:system:uuid:uuid
- "615a98cd-a632-4ee5-a6f4-e5ebcaa6fb8c"))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(define efi-partition
- (gnu:system:file-systems:file-system
- (mount-point "/boot")
- (device efi-filesystem-uuid)
- (type "vfat")))
-
-(define keyboard-layout
- ((@ (gnu system keyboard) keyboard-layout)
- "pl"))
-
-(define (libvirt-service)
- (use-modules (gnu services virtualization))
- ((@ (gnu services) service)
- libvirt-service-type))
-
-(define (virtlog-service)
- (use-modules (gnu services virtualization))
- ((@ (gnu services) service)
- virtlog-service-type))
-
-(define root-partition
- (gnu:system:file-systems:file-system
- (mount-point "/")
- (device root-filesystem-uuid)
- (type "ext4")))
-
-(define (swap-label number)
- (let ((target-label (label number)))
- (gnu:system:file-systems:swap-space
- (target target-label))))
-
-(define (system-packages-service)
- (use-modules (gnu packages gnupg)
- (gnu packages kde-pim)
- (gnu services))
- (simple-service 'system-packages
- profile-service-type
- (list kgpg
- pinentry-qt
- pinentry-tty)))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(define (bootloader)
- (use-modules (gnu bootloader grub))
- ((@ (gnu bootloader) bootloader-configuration)
- (bootloader grub-efi-bootloader)
- (targets (list "/boot"))
- (keyboard-layout keyboard-layout)))
-
-(define (file-systems)
- (append gnu:system:file-systems:%base-file-systems
- (list root-partition
- efi-partition)))
-
-(define services
- (let*
- ( (l-guix-homes (list users:id1000:named-home-environment))
- (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes)))
- (append sovereign:systems:%sovereign-services
- (list sovereign:packages:protonmail:nogui-profile
- l-guix-home-service
- (system-packages-service)))))
-
-(define swap-device-1
- (swap-label "-1"))
-
-(define swap-device-2
- (swap-label "-2"))
-
-(define (users)
- (use-modules (gnu system accounts))
- (append (@ (gnu system shadow) %base-user-accounts)
- (list users:id1000:uid1000-account)))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(define-public system
- (gnu:system:operating-system
- (kernel nongnu:packages:linux:linux)
- (bootloader (bootloader))
- (label (sovereign:systems:operating-system-label* host-name
- gnu:system:this-operating-system))
- (keyboard-layout keyboard-layout)
- (initrd nongnu:system:linux-initrd:microcode-initrd)
- (firmware (list nongnu:packages:linux:linux-firmware))
- (host-name host-name)
- (file-systems (file-systems))
- (swap-devices (list swap-device-1
- swap-device-2))
- (users (users))
- (timezone "Europe/Warsaw")
- (locale sovereign:systems:pl-locale)
- (locale-definitions sovereign:systems:%sovereign-locale-definitions)
- (services services)
- (sudoers-file sovereign:systems:%sovereign-sudoers-specification)))
-
-(define-public operating-system* system)
diff --git a/deployment/systems/cokolwiek.scm b/deployment/systems/cokolwiek.scm
deleted file mode 100644
index 15beb99..0000000
--- a/deployment/systems/cokolwiek.scm
+++ /dev/null
@@ -1,105 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems cokolwiek)
- #:use-module ( (gnu packages package-management)
- #:prefix gnu:packages:package-management:)
- #:use-module ( (gnu services)
- #:prefix gnu:services:)
- #:use-module ( (gnu services base)
- #:prefix gnu:services:base:)
- #:use-module ( (gnu services guix)
- #:prefix gnu:services:guix:)
- #:use-module ( (gnu system)
- #:prefix gnu:system:)
- #:use-module ( (gnu system file-systems)
- #:prefix gnu:system:file-systems:)
- #:use-module ( (gnu system linux-initrd)
- #:prefix gnu:system:linux-initrd:)
- #:use-module ( (gnu system shadow)
- #:prefix gnu:system:shadow:)
- #:use-module ( (nongnu packages linux)
- #:prefix nongnu:packages:linux:)
- #:use-module ( (nongnu system linux-initrd)
- #:prefix nongnu:system:linux-initrd:)
- #:use-module ( (sovereign channels)
- #:prefix sovereign:channels:)
- #:use-module ( (sovereign devices)
- #:prefix sovereign:devices:)
- #:use-module ( (sovereign devices amd64)
- #:prefix sovereign:devices:amd64:)
- #:use-module ( (sovereign packages protonmail)
- #:prefix sovereign:packages:protonmail:)
- #:use-module ( (sovereign systems)
- #:prefix sovereign:systems:)
- #:use-module ( (users id1000)
- #:prefix users:id1000:)
- #:use-module ( (users id1001)
- #:prefix users:id1001:))
-
-(define system-name
- "cokolwiek")
-
-(define file-system-efi
- (let*
- ( (l-system-name (string-upcase system-name))
- (l-device (sovereign:devices:file-system-label l-system-name)))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/efi)
- (device l-device))))
-
-(define file-system-root
- (let
- ( (l-device (sovereign:devices:file-system-label system-name
- "root")))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/root)
- (device l-device))))
-
-(define swap
- (let
- ( (l-target (sovereign:devices:file-system-label system-name
- "swap")))
- (gnu:system:file-systems:swap-space
- (inherit sovereign:devices:swap/no-trim)
- (target l-target))))
-
-(define-public system
- (let*
- ( (l-guix-homes (list users:id1000:named-home-environment
- users:id1001:named-home-environment))
- (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes))
- (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name))
- (l-file-systems (cons* file-system-root
- file-system-efi
- gnu:system:file-systems:%base-file-systems))
- (l-firmware (list nongnu:packages:linux:linux-firmware))
- (l-initrd-modules (cons* "mei_me"
- gnu:system:linux-initrd:%base-initrd-modules))
- (l-services (cons* l-guix-home-service
- sovereign:packages:protonmail:nogui-profile
- sovereign:systems:%sovereign-services))
- (l-swap-devices (list swap))
- (l-users (cons* users:id1000:uid1000-account
- users:id1001:user-account
- gnu:system:shadow:%base-user-accounts)))
- (gnu:system:operating-system
- (kernel nongnu:packages:linux:linux)
- (bootloader l-bootloader)
- (label (sovereign:systems:operating-system-label* system-name
- gnu:system:this-operating-system))
- (keyboard-layout sovereign:devices:pl-keyboard-layout)
- (initrd nongnu:system:linux-initrd:microcode-initrd)
- (initrd-modules l-initrd-modules)
- (firmware l-firmware)
- (host-name system-name)
- (file-systems l-file-systems)
- (swap-devices l-swap-devices)
- (users l-users)
- (timezone "Europe/Warsaw")
- (locale sovereign:systems:pl-locale)
- (locale-definitions sovereign:systems:%sovereign-locale-definitions)
- (services l-services)
- (sudoers-file sovereign:systems:%sovereign-sudoers-specification))))
-
-(define-public operating-system* system)
diff --git a/deployment/systems/git-ignore.conf b/deployment/systems/git-ignore.conf
deleted file mode 100644
index 98e588f..0000000
--- a/deployment/systems/git-ignore.conf
+++ /dev/null
@@ -1,48 +0,0 @@
-# -*- mode: gitignore; -*-
-*~
-\#*\#
-/.emacs.desktop
-/.emacs.desktop.lock
-*.elc
-auto-save-list
-tramp
-.\#*
-
-# Org-mode
-.org-id-locations
-*_archive
-
-# flymake-mode
-*_flymake.*
-
-# eshell files
-/eshell/history
-/eshell/lastdir
-
-# elpa packages
-/elpa/
-
-# reftex files
-*.rel
-
-# AUCTeX auto folder
-/auto/
-
-# cask packages
-.cask/
-dist/
-
-# Flycheck
-flycheck_*.el
-
-# server auth directory
-/server/
-
-# projectiles files
-.projectile
-
-# directory configuration
-.dir-locals.el
-
-# network security
-/network-security.data
diff --git a/deployment/systems/gitconfig b/deployment/systems/gitconfig
deleted file mode 100644
index 300f906..0000000
--- a/deployment/systems/gitconfig
+++ /dev/null
@@ -1,10 +0,0 @@
-[commit]
- gpgsign = true
-
-[user]
- email = marek@marekpasnikowski.pl
- name = Marek Paśnikowski
- signingkey = 6D81B1207711899F
-
-[push]
- autoSetupRemote = true
diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm
deleted file mode 100644
index 341bb50..0000000
--- a/deployment/systems/mcdowell.scm
+++ /dev/null
@@ -1,121 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems mcdowell)
- #:use-module ( (deployment keys)
- #:prefix deployment:keys:)
- #:use-module ( (gnu packages package-management)
- #:prefix gnu:packages:package-management:)
- #:use-module ( (gnu services)
- #:prefix gnu:services:)
- #:use-module ( (gnu services base)
- #:prefix gnu:services:base:)
- #:use-module ( (gnu services guix)
- #:prefix gnu:services:guix:)
- #:use-module ( (gnu system)
- #:prefix gnu:system:)
- #:use-module ( (gnu system file-systems)
- #:prefix gnu:system:file-systems:)
- #:use-module ( (gnu system linux-initrd)
- #:prefix gnu:system:linux-initrd:)
- #:use-module ( (gnu system shadow)
- #:prefix gnu:system:shadow:)
- #:use-module ( (nongnu packages linux)
- #:prefix nongnu:packages:linux:)
- #:use-module ( (nongnu system linux-initrd)
- #:prefix nongnu:system:linux-initrd:)
- #:use-module ( (sovereign channels)
- #:prefix sovereign:channels:)
- #:use-module ( (sovereign devices)
- #:prefix sovereign:devices:)
- #:use-module ( (sovereign devices amd64)
- #:prefix sovereign:devices:amd64:)
- #:use-module ( (sovereign packages protonmail)
- #:prefix sovereign:packages:protonmail:)
- #:use-module ( (sovereign systems)
- #:prefix sovereign:systems:)
- #:use-module ( (users id1000)
- #:prefix users:id1000:)
- #:use-module (guix gexp))
-
-(define system-name
- "mcdowell")
-
-(define file-system-efi
- (let*
- ( (l-system-name (string-upcase system-name))
- (l-device (sovereign:devices:file-system-label l-system-name)))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/efi)
- (device l-device))))
-
-(define file-system-root
- (let
- ( (l-device (sovereign:devices:file-system-label system-name
- "root")))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/root)
- (device l-device))))
-
-(define swap
- (let
- ( (l-target (sovereign:devices:file-system-label system-name
- "swap")))
- (gnu:system:file-systems:swap-space
- (inherit sovereign:devices:swap/no-trim)
- (target l-target))))
-
-(define rakan-machine
- #~(build-machine
- (name "rakan")
- (systems (list "x86_64-linux"
- "i686-linux"))
- (user "marek")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@mcdowell")
- (private-key "/home/marek/.ssh/id_ed25519")))
-
-(define guix-offload-rakan
- (gnu:services:base:guix-extension
- (authorized-keys (list deployment:keys:rakan-guix))
- (build-machines (list rakan-machine))))
-
-(define-public system
- (let*
- ( (l-guix-homes (list users:id1000:named-home-environment))
- (l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes))
- (l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name))
- (l-file-systems (cons* file-system-root
- file-system-efi
- gnu:system:file-systems:%base-file-systems))
- (l-firmware (list nongnu:packages:linux:linux-firmware))
- (l-initrd-modules (cons* "mei_me"
- gnu:system:linux-initrd:%base-initrd-modules))
- (l-services (cons* l-guix-home-service
- sovereign:packages:protonmail:nogui-profile
- (gnu:services:simple-service 'offload-rakan
- gnu:services:base:guix-service-type
- guix-offload-rakan)
- sovereign:systems:%sovereign-services))
- (l-swap-devices (list swap))
- (l-users (cons* users:id1000:uid1000-account
- gnu:system:shadow:%base-user-accounts)))
- (gnu:system:operating-system
- (kernel nongnu:packages:linux:linux)
- (bootloader l-bootloader)
- (label (sovereign:systems:operating-system-label* system-name
- gnu:system:this-operating-system))
- (keyboard-layout sovereign:devices:pl-keyboard-layout)
- (initrd nongnu:system:linux-initrd:microcode-initrd)
- (initrd-modules l-initrd-modules)
- (firmware l-firmware)
- (host-name system-name)
- (file-systems l-file-systems)
- (swap-devices l-swap-devices)
- (users l-users)
- (timezone "Europe/Warsaw")
- (locale sovereign:systems:pl-locale)
- (locale-definitions sovereign:systems:%sovereign-locale-definitions)
- (services l-services)
- (sudoers-file sovereign:systems:%sovereign-sudoers-specification))))
-
-(define-public operating-system* system)
diff --git a/deployment/systems/rakan.scm b/deployment/systems/rakan.scm
deleted file mode 100644
index 35e0803..0000000
--- a/deployment/systems/rakan.scm
+++ /dev/null
@@ -1,247 +0,0 @@
-;;; SPDX-License-Identifier: GPL-3.0-or-later
-;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
-
-(define-module (deployment systems rakan)
- #:use-module (guix gexp)
- #:use-module ( (deployment keys)
- #:prefix deployment:keys:)
- #:use-module ( (deployment services databases)
- #:prefix deployment:services:databases:)
- #:use-module ( (deployment services matrix)
- #:prefix deployment:services:matrix:)
- #:use-module ( (gnu home)
- #:prefix gnu:home:)
- #:use-module ( (gnu home services)
- #:prefix gnu:home:services:)
- #:use-module ( (gnu packages mail)
- #:prefix gnu:packages:mail:)
- #:use-module ( (gnu services)
- #:prefix gnu:services:)
- #:use-module ( (gnu services base)
- #:prefix gnu:services:base:)
- #:use-module ( (gnu services guix)
- #:prefix gnu:services:guix:)
- #:use-module ( (gnu services samba)
- #:prefix gnu:services:samba:)
- #:use-module ( (gnu system)
- #:prefix gnu:system:)
- #:use-module ( (gnu system file-systems)
- #:prefix gnu:system:file-systems:)
- #:use-module ( (gnu system linux-initrd)
- #:prefix gnu:system:linux-initrd:)
- #:use-module ( (gnu system locale)
- #:prefix gnu:system:locale:)
- #:use-module ( (gnu system nss)
- #:prefix gnu:system:nss:)
- #:use-module ( (gnu system pam)
- #:prefix gnu:system:pam:)
- #:use-module ( (gnu system shadow)
- #:prefix gnu:system:shadow:)
- #:use-module ( (guix diagnostics)
- #:prefix guix:diagnostics:)
- #:use-module ( (nongnu packages linux)
- #:prefix nongnu:packages:linux:)
- #:use-module ( (nongnu system linux-initrd)
- #:prefix nongnu:system:linux-initrd:)
- #:use-module ( (gnu home-services mail)
- #:prefix rde/gnu:home-services:mail:)
- #:use-module ( (sovereign devices)
- #:prefix sovereign:devices:)
- #:use-module ( (sovereign devices amd64)
- #:prefix sovereign:devices:amd64:)
- #:use-module ( (sovereign packages emacs)
- #:prefix sovereign:packages:emacs:)
- #:use-module ( (sovereign packages protonmail)
- #:prefix sovereign:packages:protonmail:)
- #:use-module ( (sovereign services)
- #:prefix sovereign:services:)
- #:use-module ( (sovereign systems)
- #:prefix sovereign:systems:)
- #:use-module ( (users id1000)
- #:prefix users:id1000:))
-
-(define system-name
- "rakan")
-
-(define file-system-efi
- (let*
- ( (l-system-name (string-upcase system-name))
- (l-device (sovereign:devices:file-system-label l-system-name)))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/efi)
- (device l-device))))
-
-(define file-system-root
- (let
- ( (l-device (sovereign:devices:file-system-label system-name
- "root")))
- (gnu:system:file-systems:file-system
- (inherit sovereign:devices:file-system/root)
- (device l-device))))
-
-(define swap
- (let
- ( (l-target (sovereign:devices:file-system-label system-name
- "swap")))
- (gnu:system:file-systems:swap-space
- (inherit sovereign:devices:swap/no-trim)
- (target l-target))))
-
-(define guix-offload-authorizations
- (gnu:services:base:guix-extension
- (authorized-keys (list deployment:keys:aisaka-guix))))
-
-(define (l2md-maildir name)
- (string-append "~/Publiczne/l2md/"
- name))
-
-(define l2md-repo-guile-user
- (rde/gnu:home-services:mail:l2md-repo
- (name "guile-user")
- (urls "https://yhetil.org/guile-user/0")
- (maildir (l2md-maildir name))
- (pipe "")
- (initial-import 0)
- (sync-enabled? #t)))
-
-(define l2md-repo-guix-devel
- (rde/gnu:home-services:mail:l2md-repo
- (name "guix-devel")
- (urls "https://yhetil.org/guix-devel/0")
- (maildir (l2md-maildir name))
- (pipe "")
- (initial-import 0)
- (sync-enabled? #t)))
-
-(define l2md-repo-guix-user
- (rde/gnu:home-services:mail:l2md-repo
- (name "guix-user")
- (urls "https://yhetil.org/guix-user/0")
- (maildir (l2md-maildir name))
- (pipe "")
- (initial-import 0)
- (sync-enabled? #t)))
-
-(define l2md-configuration
- (rde/gnu:home-services:mail:home-l2md-configuration
- (l2md gnu:packages:mail:l2md)
- (autostart? #t)
- (period 180)
- (oneshot 0)
- (maildir "")
- (pipe "")
- (base "~/Publiczne/l2md")
- (repos (list l2md-repo-guile-user
- l2md-repo-guix-devel
- l2md-repo-guix-user))))
-
-(define home-l2md
- (gnu:services:service
- rde/gnu:home-services:mail:home-l2md-service-type
- l2md-configuration))
-
-(define samba-configuration
- (gnu:services:samba:samba-configuration
- (enable-smbd? #t)
- (config-file (mixed-text-file "smb.conf"
- "[global]\n"
- "map to guest = Bad User\n"
- "logging = syslog@1\n"
- "\n"
- "[public]\n"
- "browsable = yes\n"
- "path = /tmp\n"
- "read only = no\n"
- "guest ok = yes\n"
- "guest only = yes\n"))))
-
-(define samba-service
- (gnu:services:service
- gnu:services:samba:samba-service-type
- samba-configuration))
-
-(define named-home-environment-1000
- (let
- ( (named-home-environment- users:id1000:named-home-environment))
- (let
- ( (home-environment- (car (cdr named-home-environment-)))
- (name- (car named-home-environment-)))
- (let*
- ( (services- (gnu:home:home-environment-user-services home-environment-))
- (packages- (gnu:home:home-environment-packages home-environment-))
- (home-environment-* (gnu:home:home-environment
- (inherit home-environment-)
- (packages packages-)
- (services (cons* home-l2md
- services-)))))
- (list name-
- home-environment-*)))))
-
-(define guix-homes
- (list named-home-environment-1000))
-
-(define guix-home-service
- (sovereign:systems:guix-home-service guix-homes))
-
-(define offload-auth
- (gnu:services:simple-service 'offload-authorizations
- gnu:services:base:guix-service-type
- guix-offload-authorizations))
-
-(define guix-publish-configuration
- (gnu:services:base:guix-publish-configuration
- (host "0.0.0.0")
- (port 8080)
- (advertise? #t)))
-
-(define-public guix-publish-service
- (sovereign:services:guix-publish-service guix-publish-configuration))
-
-(define-public system
- (gnu:system:operating-system
- (kernel nongnu:packages:linux:linux)
- (kernel-loadable-modules (list))
- (kernel-arguments gnu:system:%default-kernel-arguments)
- (hurd #f)
- (bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name))
- (label (sovereign:systems:operating-system-label* system-name
- gnu:system:this-operating-system))
- (keyboard-layout sovereign:devices:pl-keyboard-layout)
- (initrd nongnu:system:linux-initrd:microcode-initrd)
- (initrd-modules (cons* "mei_me"
- gnu:system:linux-initrd:%base-initrd-modules))
- (firmware (list nongnu:packages:linux:linux-firmware))
- (host-name system-name)
- (hosts-file #f)
- (mapped-devices (list))
- (file-systems (cons* file-system-root
- file-system-efi
- gnu:system:file-systems:%base-file-systems))
- (swap-devices (list swap))
- (users (cons* users:id1000:uid1000-account
- gnu:system:shadow:%base-user-accounts))
- (groups gnu:system:shadow:%base-groups)
- (skeletons (gnu:system:shadow:default-skeletons))
- (issue (@@ (gnu system) %default-issue))
- (packages gnu:system:%base-packages)
- (timezone "Europe/Warsaw")
- (locale sovereign:systems:pl-locale)
- (locale-definitions sovereign:systems:%sovereign-locale-definitions)
- (locale-libcs gnu:system:locale:%default-locale-libcs)
- (name-service-switch gnu:system:nss:%default-nss)
- (essential-services (gnu:system:operating-system-default-essential-services gnu:system:this-operating-system))
- (services (cons* guix-home-service
- guix-publish-service
- deployment:services:databases:matrix-postgresql-service
- deployment:services:matrix:matrix-service-rakan
- sovereign:packages:protonmail:nogui-profile
- offload-auth
- samba-service
- sovereign:systems:%sovereign-services))
- (pam-services (gnu:system:pam:base-pam-services))
- (privileged-programs gnu:system:%default-privileged-programs)
- (sudoers-file sovereign:systems:%sovereign-sudoers-specification)
- (location (and=> (current-source-location)
- guix:diagnostics:source-properties->location))))
-
-(define-public operating-system* system)
generated by cgit v1.3 (git 2.53.0) at 2026-05-04 05:38:21 +0000