;;; SPDX-License-Identifier: GPL-3.0-or-later ;;; SPDX-FileCopyrightText: 2024-2026 Marek Paśnikowski (define-module (deployment system aisaka) #:use-module (guix gexp) #:use-module ((deployment gexp) #:prefix deployment:gexp:) #:use-module ((gnu bootloader) #:prefix gnu:bootloader:) #:use-module ((gnu bootloader grub) #:prefix gnu:bootloader:grub:) #:use-module ((gnu packages) #:prefix gnu:packages:) #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) #:use-module ((gnu packages tls) #:prefix gnu:packages:tls:) #:use-module ((gnu services) #:prefix gnu:services:) #:use-module ((gnu services base) #:prefix gnu:services:base:) #:use-module ((gnu services mail) #:prefix gnu:services:mail:) #:use-module ((gnu services networking) #:prefix gnu:services:networking:) #:use-module ((gnu services shepherd) #:prefix gnu:services:shepherd:) #:use-module ((gnu services version-control) #:prefix gnu:services:version-control:) #:use-module ((gnu services web) #:prefix gnu:services:web:) #:use-module ((gnu system) #:prefix gnu:system:) #:use-module ((gnu system accounts) #:prefix gnu:system:accounts:) #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) #:use-module ((gnu system keyboard) #:prefix gnu:system:keyboard:) #:use-module ((gnu system linux-initrd) #:prefix gnu:system:linux-initrd:) #:use-module ((gnu system locale) #:prefix gnu:system:locale:) #:use-module ((gnu system nss) #:prefix gnu:system:nss:) #:use-module ((gnu system pam) #:prefix gnu:system:pam:) #:use-module ((guix diagnostics) #:prefix guix:diagnostics:) #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:) #:use-module ((sovereign devices) #:prefix sovereign:devices:) #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) #:use-module ((sovereign packages jekyll) #:prefix sovereign:packages:jekyll:) #:use-module ((sovereign services) #:prefix sovereign:services:) #:use-module ((sovereign systems) #:prefix sovereign:systems:) #:use-module ((users id1000) #:prefix users:id1000:) #:use-module ((users vmail) #:prefix users:vmail:)) (define-public architecture "x86_64-linux") (define-public system-name "aisaka") (define radicale-keys "/secrets/radicale/keys") (define dovecot-keys "/secrets/dovecot") (define-public etc (let* ((mailname-file- (plain-file "mailname" "marekpasnikowski.pl\n")) (mailname-link- (list "mailname" mailname-file-)) (etc-links- (list mailname-link-))) (gnu:services:simple-service 'etc-files gnu:services:etc-service-type etc-links-))) (define fcgiwrap-configuration (gnu:services:web:fcgiwrap-configuration (user "git") (group "git"))) (define-public fcgiwrap (gnu:services:service gnu:services:web:fcgiwrap-service-type fcgiwrap-configuration)) (define-public file-system-efi (gnu:system:file-systems:file-system (device (gnu:system:file-systems:file-system-label "AISAKA")) (mount-point "/boot") (type "vfat") (flags (list)) (options #f) (mount? #t) (mount-may-fail? #t) (needed-for-boot? #f) (check? #t) (skip-check-if-clean? #f) (repair 'preen) (create-mount-point? #f) (dependencies (list)) (shepherd-requirements (list)) (location (current-source-location)))) (define-public file-system-root (gnu:system:file-systems:file-system (device (gnu:system:file-systems:file-system-label "aisaka-root")) (mount-point "/") (type "ext4") (flags (list)) (options #f) (mount? #t) (mount-may-fail? #f) (needed-for-boot? #t) (check? #t) (skip-check-if-clean? #f) (repair 'preen) (create-mount-point? #f) (dependencies (list)) (shepherd-requirements (list)) (location (current-source-location)))) (define gitolite-rc-file (gnu:services:version-control:gitolite-rc-file (umask #o0027))) (define gitolite-configuration (gnu:services:version-control:gitolite-configuration (rc-file gitolite-rc-file) (admin-pubkey #f))) (define-public gitolite (gnu:services:service gnu:services:version-control:gitolite-service-type gitolite-configuration)) (define-public system-keyboard-layout (gnu:system:keyboard:keyboard-layout "pl")) (define rakan-machine #~(build-machine (name "rakan") (systems (list "x86_64-linux" "i686-linux")) (user "marek") (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@rakan") (private-key "/home/marek/.ssh/id_ed25519"))) (define guix-offload-rakan (gnu:services:base:guix-extension (authorized-keys (list deployment:gexp:akashi-guix-key deployment:gexp:rakan-guix-key)) (build-machines (list rakan-machine)))) (define-public offload-rakan (gnu:services:simple-service 'offload-rakan gnu:services:base:guix-service-type guix-offload-rakan)) (define radicale-auth-configuration (gnu:services:mail:radicale-auth-configuration (type 'htpasswd) (htpasswd-filename radicale-keys) (htpasswd-encryption 'plain))) (define radicale-storage-configuration (gnu:services:mail:radicale-storage-configuration (filesystem-folder "/data/radicale/collections"))) (define radicale-configuration (gnu:services:mail:radicale-configuration (auth radicale-auth-configuration) (storage radicale-storage-configuration))) (define-public radicale (gnu:services:service gnu:services:mail:radicale-service-type radicale-configuration)) (define enp1s0-address-4 (gnu:services:base:network-address (device "enp1s0") (value "192.168.10.2/24") (ipv6? #f))) (define enp2s0-address-4 (gnu:services:base:network-address (device "enp2s0") (value "192.168.1.2/24") (ipv6? #f))) (define enp1s0-route-4-default (gnu:services:base:network-route (destination "default") (source #f) (device #f) (ipv6? #f) (gateway "192.168.10.1"))) (define network-hardware (gnu:services:base:static-networking (addresses (list enp1s0-address-4 enp2s0-address-4)) (links (list)) (routes (list enp1s0-route-4-default)) (name-servers (list "192.168.10.1" "192.168.1.1")) (provision (list 'network-hardware)) (requirement (list)))) (define static-networking-configuration (list network-hardware)) (define-public static-networking (gnu:services:service gnu:services:networking:static-networking-service-type static-networking-configuration)) (define ip-command (file-append gnu:packages:linux:iproute "/sbin/ip")) (define network-enp2s0-route-default (let ((route-default- #~(list #$ip-command "route" "add" "default" "via" "192.168.1.1" "table" "1"))) (gnu:services:shepherd:shepherd-service (provision (list 'network-enp2s0-route-default)) (requirement (list 'network-enp2s0-table)) (one-shot? #t) (respawn? #f) (start #~(make-forkexec-constructor #$route-default-)) (stop #~(const #f)) (actions (list)) (auto-start? #t) (documentation "Sets up a default route for traffic from enp2s0.") (modules gnu:services:shepherd:%default-modules)))) (define network-enp2s0-table (let ((table- #~(list #$ip-command "rule" "add" "from" "192.168.1.2" "table" "1" "prio" "1"))) (gnu:services:shepherd:shepherd-service (provision (list 'network-enp2s0-table)) (requirement (list 'network-hardware)) (one-shot? #t) (respawn? #f) (start #~(make-forkexec-constructor #$table-)) (stop #~(const #f)) (actions (list)) (auto-start? #t) (documentation "Defines a table of rules number 1 for routes through enp2s0.") (modules gnu:services:shepherd:%default-modules)))) (define networking (gnu:services:shepherd:shepherd-service (provision (list 'networking)) (requirement (list 'network-enp2s0-table 'network-enp2s0-route-default)) (one-shot? #t) (respawn? #f) (start #~(const #t)) (stop #~(const #f)) (actions (list)) (auto-start? #t) (documentation "Defines a graph root of one-shot services to invoke various ip commands.") (modules gnu:services:shepherd:%default-modules))) (define-public iproute2-networking (let ((extensions- (list network-enp2s0-table network-enp2s0-route-default networking))) (gnu:services:simple-service 'networking gnu:services:shepherd:shepherd-root-service-type extensions-))) (define swap-device-izumi-1-label (gnu:system:file-systems:file-system-label "izumi-swap-f")) (define-public %sovereign-services* (gnu:services:modify-services sovereign:systems:%sovereign-services (gnu:services:delete gnu:services:networking:network-manager-service-type))) (define-public system-bootloader (gnu:bootloader:bootloader-configuration (bootloader gnu:bootloader:grub:grub-efi-bootloader) (targets (list "/boot")) (keyboard-layout sovereign:devices:pl-keyboard-layout))) (define-public vmail-group (gnu:system:accounts:user-group (name "vmail") (system? #t))) (define named-home-environments (list users:id1000:named-home-environment)) (define guix-publish-configuration (gnu:services:base:guix-publish-configuration (host "192.168.10.2") (port 8080) (advertise? #t))) (define-public guix-home-service (sovereign:systems:guix-home-service named-home-environments)) (define-public guix-publish-service (sovereign:services:guix-publish-service guix-publish-configuration))