summaryrefslogtreecommitdiff
path: root/systems/izumi/izumi.scm
diff options
context:
space:
mode:
Diffstat (limited to 'systems/izumi/izumi.scm')
-rw-r--r--systems/izumi/izumi.scm464
1 files changed, 464 insertions, 0 deletions
diff --git a/systems/izumi/izumi.scm b/systems/izumi/izumi.scm
new file mode 100644
index 0000000..8558948
--- /dev/null
+++ b/systems/izumi/izumi.scm
@@ -0,0 +1,464 @@
+(define-module (systems izumi izumi)
+ #:use-module (suweren commons sudoers))
+
+(define radicale-keys "/secrets/radicale/keys")
+(define dovecot-keys "/secrets/dovecot")
+
+( use-modules
+ ( gnu )
+ ( gnu services syncthing )
+ ( guix records )
+ ( ice-9 match )
+ ( nongnu packages linux )
+ ( nongnu system linux-initrd )
+ (suweren system))
+
+( use-package-modules
+ admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail
+ version-control )
+
+( use-service-modules
+ base certbot cgit desktop mail shepherd ssh version-control web xorg )
+
+(use-modules (channels)
+ (gnu)
+ (gnu home)
+ (gnu home services)
+ (gnu home services shells)
+ (gnu packages emacs-xyz))
+
+(use-modules
+ (gnu)
+ (gnu home services)
+ (guix build-system emacs)
+ (guix git-download)
+ ((guix licenses)
+ #:prefix license:)
+ (guix packages))
+
+(use-package-modules base emacs-xyz gawk)
+
+(use-modules
+ (gnu services)
+ (gnu home services)
+ (gnu packages password-utils)
+ (guix gexp))
+
+(use-modules
+ (gnu home services shells)
+ (gnu services)
+ (gnu services guix))
+
+(define nginx-accounts
+ (list (user-group (name "nginx")
+ (system? #t))
+ (user-account (name "nginx")
+ (group "nginx")
+ (supplementary-groups '("git"))
+ (system? #t)
+ (comment "nginx server user")
+ (home-directory "/var/empty")
+ (shell (file-append (specification->package "shadow")
+ "/sbin/nologin")))))
+
+(define nginx-service-type*
+ (service-type (inherit nginx-service-type)
+ (extensions (map (lambda (extension)
+ (if (eq? (service-extension-target extension)
+ account-service-type)
+ (service-extension account-service-type
+ (const nginx-accounts))
+ extension))
+ (service-type-extensions nginx-service-type)))))
+
+(define hosts-izumi
+ (local-file "system-files/hosts"))
+
+( operating-system
+ ( bootloader
+ ( bootloader-configuration
+ ( bootloader grub-efi-bootloader )
+ ( keyboard-layout ( keyboard-layout "pl" ) )
+ ( targets ( list "/boot/efi" ) ) ) )
+ ( mapped-devices
+ ( list
+ ( mapped-device
+ ( source "/dev/sda2" )
+ ( target "izumi" )
+ ( type luks-device-mapping ) ) ) )
+ ( file-systems
+ ( append
+ %base-file-systems
+ ( list
+ ( file-system
+ ( device "/dev/sda1" )
+ ( mount-point "/boot/efi" )
+ ( type "vfat" ) )
+ ( file-system
+ ( dependencies mapped-devices )
+ ( device "/dev/mapper/izumi" )
+ ( mount-point "/" )
+ ( type "xfs" ) ) ) ) )
+ ( firmware ( list linux-firmware ) )
+ ( groups
+ ( append
+ %base-groups
+ ( list
+ ( user-group
+ ( name "vmail" )
+ ( system? #t ) )) ) )
+ ( host-name "izumi" )
+ (hosts-file hosts-izumi)
+ ( initrd microcode-initrd )
+ ( kernel linux )
+ ( keyboard-layout ( keyboard-layout "pl" ) )
+ (locale polish-locale-string)
+ (locale-definitions %suweren-locale-definitions)
+ ( services
+ ( append
+ ( modify-services
+ %desktop-services
+ ( elogind-service-type
+ configuration =>
+ ( elogind-configuration
+ ( inherit configuration )
+ ( handle-lid-switch 'ignore )
+ ( handle-lid-switch-docked 'ignore )
+ ( handle-lid-switch-external-power 'ignore ) ) )
+ ( gdm-service-type
+ configuration =>
+ ( gdm-configuration
+ ( inherit configuration )
+ ( auto-suspend? #f )
+ ( wayland? #t ) ) )
+ ( guix-service-type
+ configuration =>
+ ( let*
+ ( ( non-guix.pub
+ ( string-append
+ "( public-key ( ecc ( curve Ed25519 )"
+ "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) )
+ ( authorized-keys
+ ( append
+ %default-authorized-guix-keys
+ ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) )
+ ( extra-options
+ ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) )
+ ( substitute-urls
+ ( append
+ %default-substitute-urls
+ ( list "https://substitutes.nonguix.org" ) ) ) )
+ ( guix-configuration
+ ( inherit configuration )
+ ( authorized-keys authorized-keys )
+ ( extra-options extra-options )
+ ( substitute-urls substitute-urls ) ) ) ) )
+ ( list
+ (@ (users id1000) dkim-service)
+ (@ (users id1000) dovecot-service)
+ (@ (users id1000) smtp-service)
+ (service (service-type (inherit certbot-service-type)
+ (extensions (map (lambda (extension)
+ (if (eq? (service-extension-target extension)
+ nginx-service-type)
+ (service-extension nginx-service-type*
+ (@@ (gnu services certbot)
+ certbot-nginx-server-configurations))
+ extension))
+ (service-type-extensions certbot-service-type))))
+ ( certbot-configuration
+ ( certificates
+ ( list
+ ( certificate-configuration
+ ( deploy-hook
+ ( program-file
+ "nginx-deploy-hook"
+ #~
+ ( let
+ ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) )
+ ( kill pid SIGHUP ) ) ) )
+ ( domains
+ ( list
+ "marekpasnikowski.pl"
+ "git.marekpasnikowski.pl"
+ "radicale.marekpasnikowski.pl" ) ) ) ) )
+ ( email "marek@marekpasnikowski.pl" )
+ ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) )
+ (service (service-type (inherit cgit-service-type)
+ (extensions (map (lambda (extension)
+ (if (eq? (service-extension-target extension)
+ nginx-service-type)
+ (service-extension nginx-service-type*
+ cgit-configuration-nginx-config)
+ extension))
+ (service-type-extensions cgit-service-type))))
+ ( cgit-configuration
+ ( nginx
+ ( list
+ ( nginx-server-configuration
+ ( locations
+ ( list
+ ( git-http-nginx-location-configuration
+ ( git-http-configuration
+ ( git-root "/var/lib/gitolite/repositories" )
+ ( uri-path "/git" ) ) )
+ ( nginx-location-configuration
+ ( body
+ ( list
+ "fastcgi_param HTTP_HOST $server_name ;"
+ "fastcgi_param PATH_INFO $uri ;"
+ "fastcgi_param QUERY_STRING $args ;"
+ "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;"
+ "fastcgi_pass 127.0.0.1:9000 ;" ) )
+ ( uri "@cgit" ) )
+ ( nginx-location-configuration
+ ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) )
+ ( uri "/.well-known" ) ) ) )
+ ( listen ( list "192.168.10.2:443 ssl" ) )
+ ( root cgit )
+ ( server-name ( list "git.marekpasnikowski.pl" ) )
+ ( ssl-certificate
+ "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" )
+ ( ssl-certificate-key
+ "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" )
+ ( try-files ( list "$uri" "@cgit" ) ) ) ) )
+ ( repositories
+ ( list
+ ( repository-cgit-configuration
+ ( hide? #t )
+ ( path "/srv/git/marek/packages" ) ) ) )
+ ( repository-directory "/var/lib/gitolite/repositories" ) ) )
+ (service fcgiwrap-service-type
+ (fcgiwrap-configuration (user "git")
+ (group "git")))
+ ( service gitolite-service-type
+ ( gitolite-configuration
+ ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) )
+ ( admin-pubkey ( plain-file "gitolite-admin.pub"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) )
+ ( service plasma-desktop-service-type )
+ ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) )
+ (service nginx-service-type*
+ ( nginx-configuration
+ ( server-blocks
+ ( list
+ ;; Top-Level
+ ( nginx-server-configuration
+ ( locations
+ ( list
+ ( nginx-location-configuration
+ ( uri "/.well-known" )
+ ( body
+ ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) )
+ ( listen ( list "192.168.10.2:443 ssl" ) )
+ ( root "/srv/www/marek/marekpasnikowski.pl" )
+ ( server-name ( list "marekpasnikowski.pl" ) )
+ ( ssl-certificate
+ "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" )
+ ( ssl-certificate-key
+ "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) )
+ ;; Radicale
+ ( nginx-server-configuration
+ ( locations
+ ( list
+ ( nginx-location-configuration
+ ( body
+ ( list
+ "proxy_pass http://localhost:5232/ ;"
+ "proxy_set_header X-Script-Name \"\" ;"
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;"
+ "proxy_set_header Host $http_host ;"
+ "proxy_pass_header Authorization ;" ) )
+ ( uri "/" ) )
+ ( nginx-location-configuration
+ ( body
+ ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) )
+ ( uri "/.well-known" ) ) ) )
+ ( listen ( list "192.168.10.2:443 ssl" ) )
+ ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) )
+ ( service openssh-service-type )
+ ( service radicale-service-type
+ ( radicale-configuration
+ ( auth
+ ( radicale-auth-configuration
+ ( type 'htpasswd )
+ ( htpasswd-filename radicale-keys )
+ ( htpasswd-encryption 'plain ) ) ) ) )
+ ( simple-service 'base-profile profile-service-type
+ ( append %base-packages
+ ( list ) ) )
+ ( simple-service
+ 'nss-profile
+ profile-service-type
+ ( list nss-certs ) )
+ ( simple-service
+ 'etc-files
+ etc-service-type
+ ( list
+ `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) )
+ (service guix-home-service-type
+ `(("marek" ,(home-environment (packages (map specification->package+output
+ (list "dconf-editor"
+ "emacs"
+ "emacs-org-modern"
+ "emacs-paredit"
+ "font-google-noto"
+ "font-google-noto-emoji"
+ "font-google-noto-sans-cjk"
+ "font-google-noto-serif-cjk"
+ "git"
+ "gnupg"
+ "gnome-tweaks"
+ "noweb"
+ "pinentry"
+ "pwgen"
+ "unzip"
+ "zip")))
+ (services (append (list izumi-channels-service-type)
+ (list
+ (simple-service
+ 'emacs-home-profile
+ home-profile-service-type
+ (append
+ (list emacs-guix emacs-nix-mode)
+ (list
+ (let
+ ((commit* "wip-algo-tn"))
+ (package
+ (name "emacs-org-fc")
+ (version (git-version "0.1.2" "0" commit*))
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://git.marekpasnikowski.pl/org-fc.git")
+ (commit commit*)))
+ (file-name (git-file-name name version))
+ (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj"))))
+ (build-system emacs-build-system)
+ (arguments
+ (list
+ #:include #~ (cons* "\\.awk$" "\\.org$" %default-include)
+ #:exclude #~ (cons "^test/" %default-exclude)
+ #:tests? #t
+ #:test-command
+ #~
+ (list
+ "emacs"
+ "--batch"
+ "-L" "."
+ "-L" "tests/"
+ "-l" "tests/org-fc-filter-test.el"
+ "-l" "tests/org-fc-indexer-test.el"
+ "-l" "tests/org-fc-review-data-test.el"
+ "-f" "ert-run-tests-batch-and-exit")
+ #:phases
+ #~
+ (modify-phases
+ %standard-phases
+ (add-after
+ 'unpack
+ 'qualify-paths
+ (lambda*
+ (#:key inputs
+ #:allow-other-keys)
+ (substitute*
+ "org-fc-awk.el"
+ (("\"find ")
+ (string-append
+ "\""
+ (search-input-file inputs "/bin/find")
+ " "))
+ (("\"gawk ")
+ (string-append
+ "\""
+ (search-input-file inputs "/bin/gawk")
+ " "))
+ (("\"xargs ")
+ (string-append
+ "\""
+ (search-input-file inputs "/bin/xargs")
+ " "))))))))
+ (inputs (list findutils gawk))
+ (propagated-inputs (list emacs-hydra))
+ (home-page "https://www.leonrische.me/fc/index.html")
+ (synopsis "Spaced repetition system for Emacs Org mode")
+ (description
+ (string-append
+ "Org-fc is a spaced-repetition system for Emacs' Org mode.\n"
+ "It allows you to mark headlines in a file as flashcards, turning pieces of\n"
+ "knowledge you want to learn into a question-answer test. These cards are\n"
+ "reviewed at regular interval. After each review, the next review interval is\n"
+ "calculated based on how well you remembered the contents of the card.\n"))
+ (license license:gpl3+))))))
+ (simple-service 'home-files
+ home-files-service-type
+ (list (list ".config/emacs/init.el"
+ (local-file "home-files/emacs-configuration.el" ))
+ (list ".gnus"
+ (local-file "home-files/gnus-configuration.el"))
+ (list ".gitconfig"
+ (local-file "home-files/gitconfig"))
+ (list ".config/git/ignore"
+ ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore
+ (local-file "home-files/git-ignore.conf"))))
+ (simple-service
+ 'environment-variables
+ home-environment-variables-service-type
+ `(("EDITOR" . "emacsclient -nw"))))
+ (list
+ (let*
+ ((and "&& ")
+ (collect-garbage "sudo guix gc -d 7d ")
+ (configuration-prefix
+ "/home/marek/Publiczny/src/deployment/systems/izumi/")
+ (pull-guix "guix pull ")
+ (reconfigure-home
+ (string-append
+ "guix home delete-generations 7d ; "
+ "guix home reconfigure "
+ configuration-prefix
+ "home-configuration.scm "))
+ (reconfigure-system
+ (string-append
+ "sudo guix system delete-generations 7d ; "
+ "sudo guix system reconfigure "
+ configuration-prefix
+ "izumi.scm "))
+ (update-system
+ (string-append
+ pull-guix
+ and
+ reconfigure-system
+ ;; and
+ ;; reconfigure-home
+ and
+ collect-garbage)))
+ (simple-service
+ 'bash-extension
+ home-bash-service-type
+ (home-bash-extension
+ (aliases
+ `(("collect-garbage" . ,collect-garbage)
+ ("edit" . "$EDITOR")
+ ("pull-guix" . ,pull-guix)
+ ("reconfigure-home" . ,reconfigure-home)
+ ("reconfigure-system" . ,reconfigure-system)
+ ("update-system" . ,update-system)))
+ (bash-profile
+ (list
+ (mixed-text-file
+ "newline-prompt"
+ "PS1=${PS1%?}\n"
+ "PS1=${PS1%?}\\n'$ '\n"
+ "PS1=\"\\n$PS1\""))))))))))))))))
+ ( sudoers-file %sudoers-specification* )
+ ( swap-devices
+ ( list
+ ( swap-space
+ ( target "/dev/sda3" ) ) ) )
+ ( timezone "Europe/Warsaw" )
+ (users (append (@ (gnu system shadow) %base-user-accounts)
+ (list (@ (users vmail) vmail-account)
+ (@ (users id1000) uid1000-account)))))
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-02 07:06:23 +0000