(define-module (systems izumi izumi)) (define radicale-keys "/secrets/radicale/keys") (define dovecot-keys "/secrets/dovecot") (use-modules (gnu system) (gnu system accounts) (gnu system file-systems) (gnu system keyboard) (gnu system mapped-devices) (gnu system shadow) (guix build-system emacs) (guix gexp) (guix git-download) ((guix licenses) #:prefix license:) (guix packages)) (define (nginx-accounts) (use-modules (gnu packages)) (list (user-group (name "nginx") (system? #t)) (user-account (name "nginx") (group "nginx") (supplementary-groups '("git")) (system? #t) (comment "nginx server user") (home-directory "/var/empty") (shell (file-append (specification->package "shadow") "/sbin/nologin"))))) (define (nginx-service-type*) (use-modules (gnu services) (gnu services web)) ((@ (gnu services) service-type) (inherit nginx-service-type) (extensions (map (lambda (extension) (if (eq? ((@ (gnu services) service-extension-target) extension) account-service-type) ((@ (gnu services) service-extension) account-service-type (const (nginx-accounts))) extension)) ((@ (gnu services) service-type-extensions) nginx-service-type))))) (define nginx-service-type* (nginx-service-type*)) ;;;??????????????????????????????????????????????????????????????????? (define (certbot) (use-modules (gnu services certbot)) ((@ (gnu services) service) ((@ (gnu services) service-type) (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? ((@ (gnu services) service-extension-target) extension) nginx-service-type) ((@ (gnu services) service-extension) nginx-service-type* (@@ (gnu services certbot) certbot-nginx-server-configurations)) extension)) ((@ (gnu services) service-type-extensions) certbot-service-type)))) ((@ (gnu services certbot) certbot-configuration) (certificates (list ((@ (gnu services certbot) certificate-configuration) (deploy-hook (program-file "nginx-deploy-hook" #~ (let ((pid (call-with-input-file "/var/run/nginx/pid" read))) (kill pid SIGHUP)))) (domains (list "marekpasnikowski.pl" "git.marekpasnikowski.pl" "radicale.marekpasnikowski.pl"))))) (email "marek@marekpasnikowski.pl") (webroot "/srv/www/marek/marekpasnikowski.pl")))) (define (cgit-izumi) (use-modules (gnu packages version-control) (gnu services cgit) (gnu services version-control)) ((@ (gnu services) service) ((@ (gnu services) service-type) (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? ((@ (gnu services) service-extension-target) extension) nginx-service-type) ((@ (gnu services) service-extension) nginx-service-type* cgit-configuration-nginx-config) extension)) ((@ (gnu services) service-type-extensions) cgit-service-type)))) ((@ (gnu services cgit) cgit-configuration) (nginx (list ((@ (gnu services web) nginx-server-configuration) (locations (list (git-http-nginx-location-configuration ((@ (gnu services version-control) git-http-configuration) (git-root "/var/lib/gitolite/repositories") (uri-path "/git"))) ((@ (gnu services web) nginx-location-configuration) (body (list "fastcgi_param HTTP_HOST $server_name ;" "fastcgi_param PATH_INFO $uri ;" "fastcgi_param QUERY_STRING $args ;" "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" "fastcgi_pass 127.0.0.1:9000 ;")) (uri "@cgit")) ((@ (gnu services web) nginx-location-configuration) (body (list "root /srv/www/marek/marekpasnikowski.pl/ ;")) (uri "/.well-known")))) (listen (list "192.168.10.2:443 ssl")) (root cgit) (server-name (list "git.marekpasnikowski.pl")) (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") (try-files (list "$uri" "@cgit"))))) (repositories (list ((@ (gnu services cgit) repository-cgit-configuration) (hide? #t) (path "/srv/git/marek/packages")))) (repository-directory "/var/lib/gitolite/repositories")))) (define (desktop-services-izumi) (use-modules (gnu services base) (gnu services desktop) (gnu services xorg)) ((@ (gnu services) modify-services) (@ (gnu services desktop) %desktop-services) (elogind-service-type configuration => ((@ (gnu services desktop) elogind-configuration) (inherit configuration) (handle-lid-switch 'ignore) (handle-lid-switch-docked 'ignore) (handle-lid-switch-external-power 'ignore))) (gdm-service-type configuration => ((@ (gnu services xorg) gdm-configuration) (inherit configuration) (auto-suspend? #f) (wayland? #t))) (guix-service-type configuration => (let* ((non-guix.pub (string-append "( public-key ( ecc ( curve Ed25519 )" "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )")) (authorized-keys (append %default-authorized-guix-keys (list (plain-file "non-guix.pub" non-guix.pub)))) (extra-options (list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes")) (substitute-urls (append %default-substitute-urls (list "https://substitutes.nonguix.org")))) ((@ (gnu services base) guix-configuration) (inherit configuration) (authorized-keys authorized-keys) (extra-options extra-options) (substitute-urls substitute-urls)))))) (define (etc-mailname) (simple-service 'etc-files etc-service-type (list `("mailname" ,(plain-file "mailname" "marekpasnikowski.pl\n"))))) (define (fcgiwrap) ((@ (gnu services) service) fcgiwrap-service-type ((@ (gnu services web) fcgiwrap-configuration) (user "git") (group "git")))) (define (gitolite) ((@ (gnu services) service) gitolite-service-type ((@ (gnu services version-control) gitolite-configuration) (rc-file ((@ (gnu services version-control) gitolite-rc-file) (umask #o0027))) (admin-pubkey (plain-file "gitolite-admin.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n"))))) (define (home-services) (use-modules (channels) (gnu home services) (gnu packages base) (gnu packages emacs-xyz) (gnu packages gawk)) ((@ (gnu services) service) (@ (gnu services guix) guix-home-service-type) `(("marek" ,((@ (gnu home) home-environment) (packages (map specification->package+output (list "dconf-editor" "emacs" "emacs-org-modern" "emacs-paredit" "font-google-noto" "font-google-noto-emoji" "font-google-noto-sans-cjk" "font-google-noto-serif-cjk" "git" "gnupg" "gnome-tweaks" "noweb" "pinentry" "pwgen" "unzip" "zip"))) (services (append (list izumi-channels-service-type) (list (simple-service 'emacs-home-profile home-profile-service-type (append (list emacs-guix emacs-nix-mode) (list (let ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.2" "0" commit*)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) (build-system emacs-build-system) (arguments (list #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) #:exclude #~ (cons "^test/" %default-exclude) #:tests? #t #:test-command #~ (list "emacs" "--batch" "-L" "." "-L" "tests/" "-l" "tests/org-fc-filter-test.el" "-l" "tests/org-fc-indexer-test.el" "-l" "tests/org-fc-review-data-test.el" "-f" "ert-run-tests-batch-and-exit") #:phases #~ (modify-phases %standard-phases (add-after 'unpack 'qualify-paths (lambda* (#:key inputs #:allow-other-keys) (substitute* "org-fc-awk.el" (("\"find ") (string-append "\"" (search-input-file inputs "/bin/find") " ")) (("\"gawk ") (string-append "\"" (search-input-file inputs "/bin/gawk") " ")) (("\"xargs ") (string-append "\"" (search-input-file inputs "/bin/xargs") " ")))))))) (inputs (list findutils gawk)) (propagated-inputs (list emacs-hydra)) (home-page "https://www.leonrische.me/fc/index.html") (synopsis "Spaced repetition system for Emacs Org mode") (description (string-append "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" "It allows you to mark headlines in a file as flashcards, turning pieces of\n" "knowledge you want to learn into a question-answer test. These cards are\n" "reviewed at regular interval. After each review, the next review interval is\n" "calculated based on how well you remembered the contents of the card.\n")) (license license:gpl3+)))))) (simple-service 'home-files home-files-service-type (list (list ".config/emacs/init.el" (local-file "home-files/emacs-configuration.el" )) (list ".gnus" (local-file "home-files/gnus-configuration.el")) (list ".gitconfig" (local-file "home-files/gitconfig")) (list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore (local-file "home-files/git-ignore.conf")))) (simple-service 'environment-variables home-environment-variables-service-type `(("EDITOR" . "emacsclient -nw")))) (list (let* ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/Publiczny/src/deployment/systems/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append "guix home delete-generations 7d ; " "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append "sudo guix system delete-generations 7d ; " "sudo guix system reconfigure " configuration-prefix "izumi.scm ")) (update-system (string-append pull-guix and reconfigure-system ;; and ;; reconfigure-home and collect-garbage))) (simple-service 'bash-extension (@ (gnu home services shells) home-bash-service-type) ((@ (gnu home services shells) home-bash-extension) (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) ("update-system" . ,update-system))) (bash-profile (list (mixed-text-file "newline-prompt" "PS1=${PS1%?}\n" "PS1=${PS1%?}\\n'$ '\n" "PS1=\"\\n$PS1\"")))))))))))))) (define keyboard-layout-izumi (keyboard-layout "pl")) (define (mapped-devices-izumi) (use-modules (gnu system mapped-devices)) (list (mapped-device (source "/dev/sda2") (target "izumi") (type luks-device-mapping)))) (define mapped-devices-izumi (mapped-devices-izumi)) (define (nginx-izumi) ((@ (gnu services) service) nginx-service-type* ((@ (gnu services web) nginx-configuration) (server-blocks (list ;; Top-Level ((@ (gnu services web) nginx-server-configuration) (locations (list ((@ (gnu services web) nginx-location-configuration) (uri "/.well-known" ) (body (list "root /srv/www/marek/marekpasnikowski.pl ;"))))) (listen (list "192.168.10.2:443 ssl")) (root "/srv/www/marek/marekpasnikowski.pl") (server-name ( list "marekpasnikowski.pl")) (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")) ;; Radicale ((@ (gnu services web) nginx-server-configuration) (locations (list ((@ (gnu services web) nginx-location-configuration) (body (list "proxy_pass http://localhost:5232/ ;" "proxy_set_header X-Script-Name \"\" ;" "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" "proxy_set_header Host $http_host ;" "proxy_pass_header Authorization ;")) (uri "/")) ((@ (gnu services web) nginx-location-configuration) (body (list "root /srv/www/marek/marekpasnikowski.pl ;")) (uri "/.well-known")))) (listen (list "192.168.10.2:443 ssl")) (server-name (list "radicale.marekpasnikowski.pl")))))))) (define (openssh) (use-modules (gnu services ssh)) ((@ (gnu services) service) openssh-service-type)) (define (plasma-desktop) ((@ (gnu services) service) plasma-desktop-service-type)) (define (radicale) (use-modules (gnu services mail)) ((@ (gnu services) service) radicale-service-type ((@ (gnu services mail) radicale-configuration) (auth ((@ (gnu services mail) radicale-auth-configuration) (type 'htpasswd) (htpasswd-filename radicale-keys) (htpasswd-encryption 'plain)))))) (define swap-device-izumi-1-label (file-system-label "izumi-swap-f")) (define (syncthing) (use-modules (gnu services syncthing)) ((@ (gnu services) service) syncthing-service-type ((@ (gnu services syncthing) syncthing-configuration) (user "marek")))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (define (bootloader-izumi) (use-modules (gnu bootloader grub)) ((@ (gnu bootloader) bootloader-configuration) (bootloader grub-efi-bootloader) (keyboard-layout keyboard-layout-izumi) (targets (list "/boot/efi")))) (define (file-systems-izumi) (use-modules (gnu system file-systems)) (append %base-file-systems (list (file-system (device "/dev/sda1") (mount-point "/boot/efi") (type "vfat")) (file-system (dependencies mapped-devices-izumi) (device "/dev/mapper/izumi") (mount-point "/") (type "xfs"))))) (define groups-izumi (append %base-groups (list (user-group (name "vmail") (system? #t))))) (define host-name-izumi "izumi") (define services-izumi (append (desktop-services-izumi) (list (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (certbot) (cgit-izumi) (etc-mailname) (fcgiwrap) (gitolite) (home-services) (nginx-izumi) (openssh) (plasma-desktop) (radicale) (syncthing)))) (define swap-device-izumi-1 (swap-space (target swap-device-izumi-1-label))) (define (users-izumi) (use-modules (gnu system shadow) (users id1000) (users vmail)) (append %base-user-accounts (list uid1000-account vmail-account))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (define (operating-system-izumi) (use-modules (nongnu packages linux) (nongnu system linux-initrd) (suweren commons sudoers) (suweren system)) (operating-system (bootloader (bootloader-izumi)) (kernel linux) (keyboard-layout keyboard-layout-izumi) (initrd microcode-initrd) (firmware (list linux-firmware)) (host-name host-name-izumi) (mapped-devices mapped-devices-izumi) (file-systems (file-systems-izumi)) (swap-devices (list swap-device-izumi-1)) (users (users-izumi)) (groups groups-izumi) (timezone "Europe/Warsaw") (locale polish-locale-string) (locale-definitions %suweren-locale-definitions) (services services-izumi) (sudoers-file %sudoers-specification*))) (define-public operating-system-izumi (operating-system-izumi)) operating-system-izumi