(define-module (systems izumi izumi) #:use-module (suweren commons sudoers)) (define radicale-keys "/secrets/radicale/keys") (define dovecot-keys "/secrets/dovecot") ( use-modules ( gnu ) ( gnu services syncthing ) ( guix records ) ( ice-9 match ) ( nongnu packages linux ) ( nongnu system linux-initrd ) (suweren system)) ( use-package-modules admin certs kde-frameworks kde-multimedia kde-pim kde-plasma kde-utils mail version-control ) ( use-service-modules base certbot cgit desktop mail shepherd ssh version-control web xorg ) (use-modules (channels) (gnu) (gnu home) (gnu home services) (gnu home services shells) (gnu packages emacs-xyz)) (use-modules (gnu) (gnu home services) (guix build-system emacs) (guix git-download) ((guix licenses) #:prefix license:) (guix packages)) (use-package-modules base emacs-xyz gawk) (use-modules (gnu services) (gnu home services) (gnu packages password-utils) (guix gexp)) (use-modules (gnu home services shells) (gnu services) (gnu services guix)) (define nginx-accounts (list (user-group (name "nginx") (system? #t)) (user-account (name "nginx") (group "nginx") (supplementary-groups '("git")) (system? #t) (comment "nginx server user") (home-directory "/var/empty") (shell (file-append (specification->package "shadow") "/sbin/nologin"))))) (define nginx-service-type* (service-type (inherit nginx-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) account-service-type) (service-extension account-service-type (const nginx-accounts)) extension)) (service-type-extensions nginx-service-type))))) (define hosts-izumi (local-file "system-files/hosts")) ;;;??????????????????????????????????????????????????????????????????? (define services-izumi (append ( modify-services %desktop-services ( elogind-service-type configuration => ( elogind-configuration ( inherit configuration ) ( handle-lid-switch 'ignore ) ( handle-lid-switch-docked 'ignore ) ( handle-lid-switch-external-power 'ignore ) ) ) ( gdm-service-type configuration => ( gdm-configuration ( inherit configuration ) ( auto-suspend? #f ) ( wayland? #t ) ) ) ( guix-service-type configuration => ( let* ( ( non-guix.pub ( string-append "( public-key ( ecc ( curve Ed25519 )" "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )" ) ) ( authorized-keys ( append %default-authorized-guix-keys ( list ( plain-file "non-guix.pub" non-guix.pub ) ) ) ) ( extra-options ( list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes" ) ) ( substitute-urls ( append %default-substitute-urls ( list "https://substitutes.nonguix.org" ) ) ) ) ( guix-configuration ( inherit configuration ) ( authorized-keys authorized-keys ) ( extra-options extra-options ) ( substitute-urls substitute-urls ) ) ) ) ) ( list (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* (@@ (gnu services certbot) certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) ( certbot-configuration ( certificates ( list ( certificate-configuration ( deploy-hook ( program-file "nginx-deploy-hook" #~ ( let ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) ( kill pid SIGHUP ) ) ) ) ( domains ( list "marekpasnikowski.pl" "git.marekpasnikowski.pl" "radicale.marekpasnikowski.pl" ) ) ) ) ) ( email "marek@marekpasnikowski.pl" ) ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* cgit-configuration-nginx-config) extension)) (service-type-extensions cgit-service-type)))) ( cgit-configuration ( nginx ( list ( nginx-server-configuration ( locations ( list ( git-http-nginx-location-configuration ( git-http-configuration ( git-root "/var/lib/gitolite/repositories" ) ( uri-path "/git" ) ) ) ( nginx-location-configuration ( body ( list "fastcgi_param HTTP_HOST $server_name ;" "fastcgi_param PATH_INFO $uri ;" "fastcgi_param QUERY_STRING $args ;" "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" "fastcgi_pass 127.0.0.1:9000 ;" ) ) ( uri "@cgit" ) ) ( nginx-location-configuration ( body ( list "root /srv/www/marek/marekpasnikowski.pl/ ;" ) ) ( uri "/.well-known" ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( root cgit ) ( server-name ( list "git.marekpasnikowski.pl" ) ) ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ( try-files ( list "$uri" "@cgit" ) ) ) ) ) ( repositories ( list ( repository-cgit-configuration ( hide? #t ) ( path "/srv/git/marek/packages" ) ) ) ) ( repository-directory "/var/lib/gitolite/repositories" ) ) ) (service fcgiwrap-service-type (fcgiwrap-configuration (user "git") (group "git"))) ( service gitolite-service-type ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service plasma-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* ( nginx-configuration ( server-blocks ( list ;; Top-Level ( nginx-server-configuration ( locations ( list ( nginx-location-configuration ( uri "/.well-known" ) ( body ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( root "/srv/www/marek/marekpasnikowski.pl" ) ( server-name ( list "marekpasnikowski.pl" ) ) ( ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem" ) ( ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem" ) ) ;; Radicale ( nginx-server-configuration ( locations ( list ( nginx-location-configuration ( body ( list "proxy_pass http://localhost:5232/ ;" "proxy_set_header X-Script-Name \"\" ;" "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" "proxy_set_header Host $http_host ;" "proxy_pass_header Authorization ;" ) ) ( uri "/" ) ) ( nginx-location-configuration ( body ( list "root /srv/www/marek/marekpasnikowski.pl ;" ) ) ( uri "/.well-known" ) ) ) ) ( listen ( list "192.168.10.2:443 ssl" ) ) ( server-name ( list "radicale.marekpasnikowski.pl" ) ) ) ) ) ) ) ( service openssh-service-type ) ( service radicale-service-type ( radicale-configuration ( auth ( radicale-auth-configuration ( type 'htpasswd ) ( htpasswd-filename radicale-keys ) ( htpasswd-encryption 'plain ) ) ) ) ) ( simple-service 'base-profile profile-service-type ( append %base-packages ( list ) ) ) ( simple-service 'nss-profile profile-service-type ( list nss-certs ) ) ( simple-service 'etc-files etc-service-type ( list `( "mailname" ,( plain-file "mailname" "marekpasnikowski.pl\n" ) ) ) ) (service guix-home-service-type `(("marek" ,(home-environment (packages (map specification->package+output (list "dconf-editor" "emacs" "emacs-org-modern" "emacs-paredit" "font-google-noto" "font-google-noto-emoji" "font-google-noto-sans-cjk" "font-google-noto-serif-cjk" "git" "gnupg" "gnome-tweaks" "noweb" "pinentry" "pwgen" "unzip" "zip"))) (services (append (list izumi-channels-service-type) (list (simple-service 'emacs-home-profile home-profile-service-type (append (list emacs-guix emacs-nix-mode) (list (let ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.2" "0" commit*)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) (build-system emacs-build-system) (arguments (list #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) #:exclude #~ (cons "^test/" %default-exclude) #:tests? #t #:test-command #~ (list "emacs" "--batch" "-L" "." "-L" "tests/" "-l" "tests/org-fc-filter-test.el" "-l" "tests/org-fc-indexer-test.el" "-l" "tests/org-fc-review-data-test.el" "-f" "ert-run-tests-batch-and-exit") #:phases #~ (modify-phases %standard-phases (add-after 'unpack 'qualify-paths (lambda* (#:key inputs #:allow-other-keys) (substitute* "org-fc-awk.el" (("\"find ") (string-append "\"" (search-input-file inputs "/bin/find") " ")) (("\"gawk ") (string-append "\"" (search-input-file inputs "/bin/gawk") " ")) (("\"xargs ") (string-append "\"" (search-input-file inputs "/bin/xargs") " ")))))))) (inputs (list findutils gawk)) (propagated-inputs (list emacs-hydra)) (home-page "https://www.leonrische.me/fc/index.html") (synopsis "Spaced repetition system for Emacs Org mode") (description (string-append "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" "It allows you to mark headlines in a file as flashcards, turning pieces of\n" "knowledge you want to learn into a question-answer test. These cards are\n" "reviewed at regular interval. After each review, the next review interval is\n" "calculated based on how well you remembered the contents of the card.\n")) (license license:gpl3+)))))) (simple-service 'home-files home-files-service-type (list (list ".config/emacs/init.el" (local-file "home-files/emacs-configuration.el" )) (list ".gnus" (local-file "home-files/gnus-configuration.el")) (list ".gitconfig" (local-file "home-files/gitconfig")) (list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore (local-file "home-files/git-ignore.conf")))) (simple-service 'environment-variables home-environment-variables-service-type `(("EDITOR" . "emacsclient -nw")))) (list (let* ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/Publiczny/src/deployment/systems/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append "guix home delete-generations 7d ; " "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append "sudo guix system delete-generations 7d ; " "sudo guix system reconfigure " configuration-prefix "izumi.scm ")) (update-system (string-append pull-guix and reconfigure-system ;; and ;; reconfigure-home and collect-garbage))) (simple-service 'bash-extension home-bash-service-type (home-bash-extension (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) ("update-system" . ,update-system))) (bash-profile (list (mixed-text-file "newline-prompt" "PS1=${PS1%?}\n" "PS1=${PS1%?}\\n'$ '\n" "PS1=\"\\n$PS1\"")))))))))))))))) (define swap-device-izumi-1 (swap-space (target "/dev/sda3"))) (define (users-izumi) (use-modules (gnu system shadow) (users id1000) (users vmail)) (append %base-user-accounts (list uid1000-account vmail-account))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (define (operating-system-izumi) (operating-system ( bootloader ( bootloader-configuration ( bootloader grub-efi-bootloader ) ( keyboard-layout ( keyboard-layout "pl" ) ) ( targets ( list "/boot/efi" ) ) ) ) ( mapped-devices ( list ( mapped-device ( source "/dev/sda2" ) ( target "izumi" ) ( type luks-device-mapping ) ) ) ) ( file-systems ( append %base-file-systems ( list ( file-system ( device "/dev/sda1" ) ( mount-point "/boot/efi" ) ( type "vfat" ) ) ( file-system ( dependencies mapped-devices ) ( device "/dev/mapper/izumi" ) ( mount-point "/" ) ( type "xfs" ) ) ) ) ) ( firmware ( list linux-firmware ) ) ( groups ( append %base-groups ( list ( user-group ( name "vmail" ) ( system? #t ) )) ) ) ( host-name "izumi" ) (hosts-file hosts-izumi) ( initrd microcode-initrd ) ( kernel linux ) ( keyboard-layout ( keyboard-layout "pl" ) ) (locale polish-locale-string) (locale-definitions %suweren-locale-definitions) (services services-izumi) (swap-devices (list swap-device-izumi-1)) (users (users-izumi)) (timezone "Europe/Warsaw") (sudoers-file %sudoers-specification*))) (define-public operating-system-izumi (operating-system-izumi)) operating-system-izumi