diff options
Diffstat (limited to 'deployment')
| -rw-r--r-- | deployment/system.scm | 96 | ||||
| -rw-r--r-- | deployment/systems/aisaka.scm | 36 |
2 files changed, 112 insertions, 20 deletions
diff --git a/deployment/system.scm b/deployment/system.scm index 5ac011d..89181d0 100644 --- a/deployment/system.scm +++ b/deployment/system.scm @@ -10,9 +10,101 @@ #:use-module ((deployment systems mcdowell) #:prefix deployment:systems:mcdowell:) #:use-module ((deployment systems rakan) - #:prefix deployment:systems:rakan:)) + #:prefix deployment:systems:rakan:) + #:use-module ((gnu packages tls) + #:prefix gnu:packages:tls:) + #:use-module ((gnu packages matrix) + #:prefix gnu:packages:matrix:) + #:use-module ((gnu system) + #:prefix gnu:system:) + #:use-module ((gnu system file-systems) + #:prefix gnu:system:file-systems:) + #:use-module ((gnu system linux-initrd) + #:prefix gnu:system:linux-initrd:) + #:use-module ((gnu system locale) + #:prefix gnu:system:locale:) + #:use-module ((gnu system nss) + #:prefix gnu:system:nss:) + #:use-module ((gnu system pam) + #:prefix gnu:system:pam:) + #:use-module ((gnu system shadow) + #:prefix gnu:system:shadow:) + #:use-module ((guix diagnostics) + #:prefix guix:diagnostics:) + #:use-module ((nongnu packages linux) + #:prefix nongnu:packages:linux:) + #:use-module ((nongnu system linux-initrd) + #:prefix nongnu:system:linux-initrd:) + #:use-module ((sovereign packages jekyll) + #:prefix sovereign:packages:jekyll:) + #:use-module ((sovereign systems) + #:prefix sovereign:systems:) + #:use-module ((users id1000) + #:prefix users:id1000:) + #:use-module ((users vmail) + #:prefix users:vmail:)) -(define-public aisaka deployment:systems:aisaka:system) +(define-public aisaka + (gnu:system:operating-system + (kernel nongnu:packages:linux:linux) + (kernel-loadable-modules (list)) + (kernel-arguments gnu:system:%default-kernel-arguments) + (hurd #f) + (bootloader deployment:systems:aisaka:system-bootloader) + (label (sovereign:systems:operating-system-label* deployment:systems:aisaka:system-name + gnu:system:this-operating-system)) + (keyboard-layout deployment:systems:aisaka:system-keyboard-layout) + (initrd nongnu:system:linux-initrd:microcode-initrd) + (initrd-modules gnu:system:linux-initrd:%base-initrd-modules) + (firmware (list nongnu:packages:linux:linux-firmware)) + (host-name deployment:systems:aisaka:system-name) + (hosts-file #f) + (mapped-devices (list)) + (file-systems (cons* deployment:systems:aisaka:file-system-root + deployment:systems:aisaka:file-system-efi + gnu:system:file-systems:%base-file-systems)) + (swap-devices (list)) + (users (cons* users:id1000:uid1000-account + users:vmail:vmail-account + gnu:system:shadow:%base-user-accounts)) + (groups (cons* deployment:systems:aisaka:vmail-group + gnu:system:shadow:%base-groups)) + (skeletons (gnu:system:shadow:default-skeletons)) + (issue (@@ (gnu system) + %default-issue)) + (packages (cons* sovereign:packages:jekyll:custom-jekyll + gnu:packages:tls:openssl + gnu:packages:matrix:synapse + gnu:system:%base-packages)) + (timezone "Europe/Warsaw") + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) + (locale-libcs gnu:system:locale:%default-locale-libcs) + (name-service-switch gnu:system:nss:%default-nss) + (essential-services (gnu:system:operating-system-default-essential-services gnu:system:this-operating-system)) + (services (cons* users:id1000:dkim-service + users:id1000:dovecot-service + users:id1000:smtp-service + deployment:systems:aisaka:knot + deployment:systems:aisaka:certbot + deployment:systems:aisaka:cgit + deployment:systems:aisaka:etc + deployment:systems:aisaka:fcgiwrap + deployment:systems:aisaka:gitolite + deployment:systems:aisaka:guix-home-service + deployment:systems:aisaka:guix-publish-service + deployment:systems:aisaka:nginx + deployment:systems:aisaka:offload-rakan + deployment:systems:aisaka:radicale + deployment:systems:aisaka:static-networking + deployment:systems:aisaka:iproute2-networking + deployment:systems:aisaka:%sovereign-services*)) + (pam-services (gnu:system:pam:base-pam-services)) + (privileged-programs gnu:system:%default-privileged-programs) + (setuid-programs gnu:system:%setuid-programs) + (sudoers-file sovereign:systems:%sovereign-sudoers-specification) + (location (and=> (current-source-location) + guix:diagnostics:source-properties->location)))) (define-public akashi deployment:systems:akashi:system) diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm index fabc36c..bf8efa7 100644 --- a/deployment/systems/aisaka.scm +++ b/deployment/systems/aisaka.scm @@ -134,7 +134,7 @@ (listen-v4 "0.0.0.0") (zones (list master-zone)))) -(define knot +(define-public knot (gnu:services:service gnu:services:dns:knot-service-type knot-configuration)) @@ -424,17 +424,17 @@ (email "marek@marekpasnikowski.pl") (webroot "/srv/www/marek/marekpasnikowski.pl"))) -(define certbot +(define-public certbot (gnu:services:service certbot-type certbot-configuration)) -(define cgit +(define-public cgit (gnu:services:service cgit-type cgit-configuration)) -(define etc +(define-public etc (let* ((mailname-file- (plain-file "mailname" "marekpasnikowski.pl\n")) @@ -450,12 +450,12 @@ (user "git") (group "git"))) -(define fcgiwrap +(define-public fcgiwrap (gnu:services:service gnu:services:web:fcgiwrap-service-type fcgiwrap-configuration)) -(define file-system-efi +(define-public file-system-efi (gnu:system:file-systems:file-system (device (gnu:system:file-systems:file-system-label "AISAKA")) (mount-point "/boot") @@ -473,7 +473,7 @@ (shepherd-requirements (list)) (location (current-source-location)))) -(define file-system-root +(define-public file-system-root (gnu:system:file-systems:file-system (device (gnu:system:file-systems:file-system-label "aisaka-root")) (mount-point "/") @@ -500,15 +500,15 @@ (rc-file gitolite-rc-file) (admin-pubkey #f))) -(define gitolite +(define-public gitolite (gnu:services:service gnu:services:version-control:gitolite-service-type gitolite-configuration)) -(define system-keyboard-layout +(define-public system-keyboard-layout (gnu:system:keyboard:keyboard-layout "pl")) -(define nginx +(define-public nginx (gnu:services:service nginx-service-type* nginx-configuration*)) @@ -528,7 +528,7 @@ deployment:keys:rakan-guix)) (build-machines (list rakan-machine)))) -(define offload-rakan +(define-public offload-rakan (gnu:services:simple-service 'offload-rakan gnu:services:base:guix-service-type guix-offload-rakan)) @@ -548,7 +548,7 @@ (auth radicale-auth-configuration) (storage radicale-storage-configuration))) -(define radicale +(define-public radicale (gnu:services:service gnu:services:mail:radicale-service-type radicale-configuration)) @@ -587,7 +587,7 @@ (define static-networking-configuration (list network-hardware)) -(define static-networking +(define-public static-networking (gnu:services:service gnu:services:networking:static-networking-service-type static-networking-configuration)) @@ -655,7 +655,7 @@ (documentation "Defines a graph root of one-shot services to invoke various ip commands.") (modules gnu:services:shepherd:%default-modules))) -(define iproute2-networking +(define-public iproute2-networking (let ((extensions- (list network-enp2s0-table network-enp2s0-route-default @@ -667,17 +667,17 @@ (define swap-device-izumi-1-label (gnu:system:file-systems:file-system-label "izumi-swap-f")) -(define %sovereign-services* +(define-public %sovereign-services* (gnu:services:modify-services sovereign:systems:%sovereign-services (gnu:services:delete gnu:services:networking:network-manager-service-type))) -(define system-bootloader +(define-public system-bootloader (gnu:bootloader:bootloader-configuration (bootloader gnu:bootloader:grub:grub-efi-bootloader) (targets (list "/boot")) (keyboard-layout sovereign:devices:pl-keyboard-layout))) -(define vmail-group +(define-public vmail-group (gnu:system:accounts:user-group (name "vmail") (system? #t))) @@ -691,7 +691,7 @@ (port 8080) (advertise? #t))) -(define guix-home-service +(define-public guix-home-service (sovereign:systems:guix-home-service named-home-environments)) (define-public guix-publish-service |