#+TITLE: Configuration of the Izumi computer #+AUTHOR: Marek Paśnikowski #+STARTUP: showall #+PROPERTY: header-args:scheme :noweb yes #+PROPERTY: header-args:scheme+ :noweb-prefix yes * DONE The Monolith #+NAME: OPERATING-SYSTEM #+BEGIN_SRC scheme :tangle system-configuration.scm (define-module (systems izumi system-configuration) #:use-module (suweren commons sudoers)) (define radicale-keys "/secrets/radicale/keys") (define dovecot-keys "/secrets/dovecot") ( use-modules ( gnu ) ( gnu services syncthing ) ( guix records ) ( ice-9 match ) ( nongnu packages linux ) ( nongnu system linux-initrd ) ) ( use-package-modules admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail version-control ) ( use-service-modules base certbot cgit desktop mail shepherd ssh version-control web xorg ) (define nginx-accounts (list (user-group (name "nginx") (system? #t)) (user-account (name "nginx") (group "nginx") (supplementary-groups '("git")) (system? #t) (comment "nginx server user") (home-directory "/var/empty") (shell (file-append (specification->package "shadow") "/sbin/nologin"))))) (define nginx-service-type* (service-type (inherit nginx-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) account-service-type) (service-extension account-service-type (const nginx-accounts)) extension)) (service-type-extensions nginx-service-type))))) (define hosts-izumi (local-file "system-files/hosts")) ( operating-system ( bootloader ( bootloader-configuration ( bootloader grub-efi-bootloader ) ( keyboard-layout ( keyboard-layout "pl" ) ) ( targets ( list "/boot/efi" ) ) ) ) ( mapped-devices ( list ( mapped-device ( source "/dev/sda2" ) ( target "izumi" ) ( type luks-device-mapping ) ) ) ) ( file-systems ( append %base-file-systems ( list ( file-system ( device "/dev/sda1" ) ( mount-point "/boot/efi" ) ( type "vfat" ) ) ( file-system ( dependencies mapped-devices ) ( device "/dev/mapper/izumi" ) ( mount-point "/" ) ( type "xfs" ) ) ) ) ) ( firmware ( list linux-firmware ) ) ( groups ( append %base-groups ( list ( user-group ( name "vmail" ) ( system? #t ) )) ) ) ( host-name "izumi" ) (hosts-file hosts-izumi) ( initrd microcode-initrd ) ( kernel linux ) ( keyboard-layout ( keyboard-layout "pl" ) ) ( locale "pl_PL.utf8" ) ( services ( append ( modify-services %desktop-services ( elogind-service-type configuration => ( elogind-configuration ( inherit configuration ) ( handle-lid-switch 'ignore ) ( handle-lid-switch-docked 'ignore ) ( handle-lid-switch-external-power 'ignore ) ) ) ( gdm-service-type configuration => ( gdm-configuration ( inherit configuration ) ( auto-suspend? #f ) ( wayland? #t ) ) ) ( guix-service-type configuration => ( let* ( ( non-guix.pub ( string-append "( public-key ( ecc ( curve Ed25519 )" "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) ( authorized-keys ( append %default-authorized-guix-keys ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) ( extra-options ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) ( substitute-urls ( append %default-substitute-urls ( list "https://substitutes.nonguix.org" ) ) ) ) ( guix-configuration ( inherit configuration ) ( authorized-keys authorized-keys ) ( extra-options extra-options ) ( substitute-urls substitute-urls ) ) ) ) ) ( list (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* (@@ (gnu services certbot) certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) ( certbot-configuration ( certificates ( list ( certificate-configuration ( deploy-hook ( program-file "nginx-deploy-hook" #~ ( let ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) ( kill pid SIGHUP ) ) ) ) ( domains ( list "marekpasnikowski.pl" "git.marekpasnikowski.pl" "radicale.marekpasnikowski.pl" ) ) ) ) ) ( email "marek@marekpasnikowski.pl" ) ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* cgit-configuration-nginx-config) extension)) (service-type-extensions cgit-service-type)))) ( cgit-configuration ( nginx ( list ( nginx-server-configuration ( locations ( list ( git-http-nginx-location-configuration ( git-http-configuration ( git-root "/var/lib/gitolite/repositories" ) ( uri-path "/git" ) ) ) ( nginx-location-configuration ( body ( list "fastcgi_param HTTP_HOST $server_name ;" "fastcgi_param PATH_INFO $uri ;" "fastcgi_param QUERY_STRING $args ;" "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" "fastcgi_pass 127.0.0.1:9000 ;" ) ) ( uri "@cgit" ) ) ( nginx-location-configuration ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) ( uri "/.well-known" ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( root cgit ) ( server-name ( list "git.marekpasnikowski.pl" ) ) ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ( try-files ( list "$uri" "@cgit" ) ) ) ) ) ( repositories ( list ( repository-cgit-configuration ( hide? #t ) ( path "/srv/git/marek/packages" ) ) ) ) ( repository-directory "/var/lib/gitolite/repositories" ) ) ) (service fcgiwrap-service-type (fcgiwrap-configuration (user "git") (group "git"))) ( service gitolite-service-type ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service plasma-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* ( nginx-configuration ( server-blocks ( list ;; Top-Level ( nginx-server-configuration ( locations ( list ( nginx-location-configuration ( uri "/.well-known" ) ( body ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( root "/srv/www/marek/marekpasnikowski.pl" ) ( server-name ( list "marekpasnikowski.pl" ) ) ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ;; Radicale ( nginx-server-configuration ( locations ( list ( nginx-location-configuration ( body ( list "proxy_pass http://localhost:5232/ ;" "proxy_set_header X-Script-Name \"\" ;" "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" "proxy_set_header Host $http_host ;" "proxy_pass_header Authorization ;" ) ) ( uri "/" ) ) ( nginx-location-configuration ( body ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ( uri "/.well-known" ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) ( service openssh-service-type ) ( service radicale-service-type ( radicale-configuration ( auth ( radicale-auth-configuration ( type 'htpasswd ) ( htpasswd-filename radicale-keys ) ( htpasswd-encryption 'plain ) ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages ( list ) ) ) ( simple-service 'nss-profile profile-service-type ( list nss-certs ) ) ( simple-service 'etc-files etc-service-type ( list `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) ) ) ) ( sudoers-file %sudoers-specification* ) ( swap-devices ( list ( swap-space ( target "/dev/sda3" ) ) ) ) ( timezone "Europe/Warsaw" ) ( users ( append %base-user-accounts ( list ( user-account ( comment "vmail" ) ( group "vmail" ) ( home-directory "/home/vmail" ) ( name "vmail" ) ( system? #t ) ) ( user-account ( comment "Marek Paśnikowski" ) ( group "users" ) ( home-directory "/home/marek" ) ( name "marek" ) ( supplementary-groups ( list "audio" "netdev" "video" "wheel" ) ) ) ) ) ) ) #+END_SRC #+NAME: OPENSMTPD-CONFIGURATION-FILE #+BEGIN_SRC conf :tangle system-files/smtpd.conf # The prefix on GUIX is not the default one — it is /etc . table aliases file:/etc/aliases # The mail certificates are issued by Let‘s Encrypt and served by NGINX pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" # Listen for local messages. listen on lo # Listen for messages from the internet. listen on enp1s0 tls port 25 pki "marekpasnikowski.pl" listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl" # There is no filtering in the design, so the two actions are enough. action receive maildir alias action send relay # Match incoming messages. match from local for local action receive match from any for domain "marekpasnikowski.pl" action receive # Match outgoing messages. match for any action send #+END_SRC * [[https://guix.gnu.org/manual/en/html_node/Home-Configuration.html][13 Home Configuration]] #+BEGIN_SRC scheme :tangle home-configuration.scm (define-module (systems izumi home-configuration)) (use-modules ( channels ) (gnu home) (gnu home services shells)) <> <> <> <> (home-environment (packages (map specification->package+output (list "dconf-editor" "emacs" "emacs-org-modern" "emacs-paredit" "font-google-noto" "font-google-noto-emoji" "font-google-noto-sans-cjk" "font-google-noto-serif-cjk" "git" "gnupg" "gnome-tweaks" "noweb" "pinentry" "pwgen" "unzip" "zip"))) (services (append (list izumi-channels-service-type) <> <>))) #+END_SRC ** [[https://guix.gnu.org/manual/en/html_node/Home-Services.html][13.3 Home Services]] #+NAME: ESSENTIAL-HOME-SERVICES #+BEGIN_SRC scheme (list <> <> (simple-service 'environment-variables home-environment-variables-service-type `(("EDITOR" . "emacsclient -nw")))) #+END_SRC #+NAME: SHELLS #+BEGIN_SRC scheme (list <>) #+END_SRC *** [[https://guix.gnu.org/manual/en/html_node/Essential-Home-Services.html][13.3.1 Essential Home Services]] #+NAME: ESSENTIAL-HOME-MODULES #+BEGIN_SRC scheme (use-modules (gnu services) (gnu home services) (gnu packages password-utils) (guix gexp)) #+END_SRC #+NAME: EMACS-HOME-PROFILE #+BEGIN_SRC scheme (simple-service 'emacs-home-profile home-profile-service-type (append <> <>)) #+END_SRC #+NAME: HOME-FILES-SERVICE-TYPE #+BEGIN_SRC scheme (simple-service 'home-files home-files-service-type (list (list ".config/emacs/init.el" (local-file "home-files/emacs-configuration.el" )) (list ".gnus" (local-file "home-files/gnus-configuration.el")) (list ".gitconfig" (local-file "home-files/gitconfig")) (list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore (local-file "home-files/git-ignore.conf")))) #+END_SRC *** [[https://guix.gnu.org/manual/en/html_node/Shells-Home-Services.html][13.3.2 Shells]] #+NAME: SHELLS-MODULES #+BEGIN_SRC scheme (use-modules (gnu home services shells) (gnu services)) #+END_SRC #+NAME: HOME-BASH-SERVICE-TYPE #+BEGIN_SRC scheme (let* ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/Publiczny/src/deployment/systems/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append "guix home delete-generations 7d ; " "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append "sudo guix system delete-generations 7d ; " "sudo guix system reconfigure " configuration-prefix "system-configuration.scm ")) (update-system (string-append pull-guix and reconfigure-system and reconfigure-home and collect-garbage))) (simple-service 'bash-extension home-bash-service-type (home-bash-extension (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) ("update-system" . ,update-system))) (bash-profile (list (mixed-text-file "newline-prompt" "PS1=${PS1%?}\n" "PS1=${PS1%?}\\n'$ '\n" "PS1=\"\\n$PS1\"")))))) #+END_SRC * [[https://www.leonrische.me/fc/][Emacs-Org-FC-TN]] #+NAME: EMACS-ORG-FC-TN-MODULES #+BEGIN_SRC scheme (use-modules (gnu) (gnu home services) (guix build-system emacs) (guix git-download) ((guix licenses) #:prefix license:) (guix packages)) (use-package-modules base emacs-xyz gawk) #+END_SRC #+NAME: EMACS-ORG-FC-TN-PACKAGES #+BEGIN_SRC scheme (list (let ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.2" "0" commit*)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) (build-system emacs-build-system) (arguments (list #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) #:exclude #~ (cons "^test/" %default-exclude) #:tests? #t #:test-command #~ (list "emacs" "--batch" "-L" "." "-L" "tests/" "-l" "tests/org-fc-filter-test.el" "-l" "tests/org-fc-indexer-test.el" "-l" "tests/org-fc-review-data-test.el" "-f" "ert-run-tests-batch-and-exit") #:phases #~ (modify-phases %standard-phases (add-after 'unpack 'qualify-paths (lambda* (#:key inputs #:allow-other-keys) (substitute* "org-fc-awk.el" (("\"find ") (string-append "\"" (search-input-file inputs "/bin/find") " ")) (("\"gawk ") (string-append "\"" (search-input-file inputs "/bin/gawk") " ")) (("\"xargs ") (string-append "\"" (search-input-file inputs "/bin/xargs") " ")))))))) (inputs (list findutils gawk)) (propagated-inputs (list emacs-hydra)) (home-page "https://www.leonrische.me/fc/index.html") (synopsis "Spaced repetition system for Emacs Org mode") (description (string-append "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" "It allows you to mark headlines in a file as flashcards, turning pieces of\n" "knowledge you want to learn into a question-answer test. These cards are\n" "reviewed at regular interval. After each review, the next review interval is\n" "calculated based on how well you remembered the contents of the card.\n")) (license license:gpl3+)))) #+END_SRC * [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/index.html][Emacs-Guix]] ** [[https://emacs-guix.gitlab.io/website/manual/latest/html_node/Installation.html][2. Installation]] #+NAME: EMACS-GUIX-MODULES #+BEGIN_SRC scheme (use-modules (gnu) (gnu home services)) (use-package-modules emacs-xyz) (use-service-modules) #+END_SRC #+NAME: EMACS-GUIX-PACKAGES #+BEGIN_SRC scheme (list emacs-guix emacs-nix-mode) #+END_SRC * EOF