(define-module (systems izumi izumi)) (define radicale-keys "/secrets/radicale/keys") (define dovecot-keys "/secrets/dovecot") (use-modules (gnu packages version-control) (gnu services) (gnu services base) (gnu services certbot) (gnu services cgit) (gnu services desktop) (gnu services mail) (gnu services ssh) (gnu services syncthing) (gnu services version-control) (gnu services web) (gnu services xorg) (gnu system) (gnu system accounts) (gnu system file-systems) (gnu system keyboard) (gnu system mapped-devices) (gnu system shadow) (guix build-system emacs) (guix gexp) (guix git-download) ((guix licenses) #:prefix license:) (guix packages)) (define (nginx-accounts) (use-modules (gnu packages)) (list (user-group (name "nginx") (system? #t)) (user-account (name "nginx") (group "nginx") (supplementary-groups '("git")) (system? #t) (comment "nginx server user") (home-directory "/var/empty") (shell (file-append (specification->package "shadow") "/sbin/nologin"))))) (define nginx-service-type* (service-type (inherit nginx-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) account-service-type) (service-extension account-service-type (const (nginx-accounts))) extension)) (service-type-extensions nginx-service-type))))) ;;;??????????????????????????????????????????????????????????????????? (define (certbot) (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* (@@ (gnu services certbot) certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) (certbot-configuration (certificates (list (certificate-configuration (deploy-hook (program-file "nginx-deploy-hook" #~ (let ((pid (call-with-input-file "/var/run/nginx/pid" read))) (kill pid SIGHUP)))) (domains (list "marekpasnikowski.pl" "git.marekpasnikowski.pl" "radicale.marekpasnikowski.pl"))))) (email "marek@marekpasnikowski.pl") (webroot "/srv/www/marek/marekpasnikowski.pl")))) (define cgit (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) (service-extension nginx-service-type* cgit-configuration-nginx-config) extension)) (service-type-extensions cgit-service-type)))) (cgit-configuration (nginx (list (nginx-server-configuration (locations (list (git-http-nginx-location-configuration (git-http-configuration (git-root "/var/lib/gitolite/repositories") (uri-path "/git"))) (nginx-location-configuration (body (list "fastcgi_param HTTP_HOST $server_name ;" "fastcgi_param PATH_INFO $uri ;" "fastcgi_param QUERY_STRING $args ;" "fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi ;" "fastcgi_pass 127.0.0.1:9000 ;")) (uri "@cgit")) (nginx-location-configuration (body (list "root /srv/www/marek/marekpasnikowski.pl/ ;")) (uri "/.well-known")))) (listen (list "192.168.10.2:443 ssl")) (root cgit) (server-name (list "git.marekpasnikowski.pl")) (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") (try-files (list "$uri" "@cgit"))))) (repositories (list (repository-cgit-configuration (hide? #t) (path "/srv/git/marek/packages")))) (repository-directory "/var/lib/gitolite/repositories")))) (define (desktop-services-izumi) (modify-services %desktop-services (elogind-service-type configuration => (elogind-configuration (inherit configuration) (handle-lid-switch 'ignore) (handle-lid-switch-docked 'ignore) (handle-lid-switch-external-power 'ignore))) (gdm-service-type configuration => (gdm-configuration (inherit configuration) (auto-suspend? #f) (wayland? #t))) (guix-service-type configuration => (let* ((non-guix.pub (string-append "( public-key ( ecc ( curve Ed25519 )" "( q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98# ) ) )")) (authorized-keys (append %default-authorized-guix-keys (list (plain-file "non-guix.pub" non-guix.pub)))) (extra-options (list "--gc-keep-derivations=yes" "--gc-keep-outputs=yes")) (substitute-urls (append %default-substitute-urls (list "https://substitutes.nonguix.org")))) (guix-configuration (inherit configuration) (authorized-keys authorized-keys) (extra-options extra-options) (substitute-urls substitute-urls)))))) (define (etc-mailname) (simple-service 'etc-files etc-service-type (list `("mailname" ,(plain-file "mailname" "marekpasnikowski.pl\n"))))) (define (fcgiwrap) (service fcgiwrap-service-type (fcgiwrap-configuration (user "git") (group "git")))) (define (gitolite) (service gitolite-service-type (gitolite-configuration (rc-file (gitolite-rc-file (umask #o0027))) (admin-pubkey (plain-file "gitolite-admin.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n"))))) (define (home-services) (use-modules (channels) (gnu home services) (gnu packages base) (gnu packages emacs-xyz) (gnu packages gawk)) (service (@ (gnu services guix) guix-home-service-type) `(("marek" ,((@ (gnu home) home-environment) (packages (map specification->package+output (list "dconf-editor" "emacs" "emacs-org-modern" "emacs-paredit" "font-google-noto" "font-google-noto-emoji" "font-google-noto-sans-cjk" "font-google-noto-serif-cjk" "git" "gnupg" "gnome-tweaks" "noweb" "pinentry" "pwgen" "unzip" "zip"))) (services (append (list izumi-channels-service-type) (list (simple-service 'emacs-home-profile home-profile-service-type (append (list emacs-guix emacs-nix-mode) (list (let ((commit* "wip-algo-tn")) (package (name "emacs-org-fc") (version (git-version "0.1.2" "0" commit*)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.marekpasnikowski.pl/org-fc.git") (commit commit*))) (file-name (git-file-name name version)) (sha256 (base32 "1i8ii1garx2pdg08a12yzsd0fhwdzcpxp9m97zj8m5s275i8ccaj")))) (build-system emacs-build-system) (arguments (list #:include #~ (cons* "\\.awk$" "\\.org$" %default-include) #:exclude #~ (cons "^test/" %default-exclude) #:tests? #t #:test-command #~ (list "emacs" "--batch" "-L" "." "-L" "tests/" "-l" "tests/org-fc-filter-test.el" "-l" "tests/org-fc-indexer-test.el" "-l" "tests/org-fc-review-data-test.el" "-f" "ert-run-tests-batch-and-exit") #:phases #~ (modify-phases %standard-phases (add-after 'unpack 'qualify-paths (lambda* (#:key inputs #:allow-other-keys) (substitute* "org-fc-awk.el" (("\"find ") (string-append "\"" (search-input-file inputs "/bin/find") " ")) (("\"gawk ") (string-append "\"" (search-input-file inputs "/bin/gawk") " ")) (("\"xargs ") (string-append "\"" (search-input-file inputs "/bin/xargs") " ")))))))) (inputs (list findutils gawk)) (propagated-inputs (list emacs-hydra)) (home-page "https://www.leonrische.me/fc/index.html") (synopsis "Spaced repetition system for Emacs Org mode") (description (string-append "Org-fc is a spaced-repetition system for Emacs' Org mode.\n" "It allows you to mark headlines in a file as flashcards, turning pieces of\n" "knowledge you want to learn into a question-answer test. These cards are\n" "reviewed at regular interval. After each review, the next review interval is\n" "calculated based on how well you remembered the contents of the card.\n")) (license license:gpl3+)))))) (simple-service 'home-files home-files-service-type (list (list ".config/emacs/init.el" (local-file "home-files/emacs-configuration.el" )) (list ".gnus" (local-file "home-files/gnus-configuration.el")) (list ".gitconfig" (local-file "home-files/gitconfig")) (list ".config/git/ignore" ;; https://github.com/github/gitignore/blob/main/Global/Emacs.gitignore (local-file "home-files/git-ignore.conf")))) (simple-service 'environment-variables home-environment-variables-service-type `(("EDITOR" . "emacsclient -nw")))) (list (let* ((and "&& ") (collect-garbage "sudo guix gc -d 7d ") (configuration-prefix "/home/marek/Publiczny/src/deployment/systems/izumi/") (pull-guix "guix pull ") (reconfigure-home (string-append "guix home delete-generations 7d ; " "guix home reconfigure " configuration-prefix "home-configuration.scm ")) (reconfigure-system (string-append "sudo guix system delete-generations 7d ; " "sudo guix system reconfigure " configuration-prefix "izumi.scm ")) (update-system (string-append pull-guix and reconfigure-system ;; and ;; reconfigure-home and collect-garbage))) (simple-service 'bash-extension (@ (gnu home services shells) home-bash-service-type) ((@ (gnu home services shells) home-bash-extension) (aliases `(("collect-garbage" . ,collect-garbage) ("edit" . "$EDITOR") ("pull-guix" . ,pull-guix) ("reconfigure-home" . ,reconfigure-home) ("reconfigure-system" . ,reconfigure-system) ("update-system" . ,update-system))) (bash-profile (list (mixed-text-file "newline-prompt" "PS1=${PS1%?}\n" "PS1=${PS1%?}\\n'$ '\n" "PS1=\"\\n$PS1\"")))))))))))))) (define keyboard-layout-izumi (keyboard-layout "pl")) (define (mapped-devices-izumi) (use-modules (gnu system mapped-devices)) (list (mapped-device (source "/dev/sda2") (target "izumi") (type luks-device-mapping)))) (define mapped-devices-izumi (mapped-devices-izumi)) (define (nginx) (service nginx-service-type* (nginx-configuration (server-blocks (list ;; Top-Level (nginx-server-configuration (locations (list (nginx-location-configuration (uri "/.well-known" ) (body (list "root /srv/www/marek/marekpasnikowski.pl ;"))))) (listen (list "192.168.10.2:443 ssl")) (root "/srv/www/marek/marekpasnikowski.pl") (server-name ( list "marekpasnikowski.pl")) (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")) ;; Radicale (nginx-server-configuration (locations (list (nginx-location-configuration (body (list "proxy_pass http://localhost:5232/ ;" "proxy_set_header X-Script-Name \"\" ;" "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" "proxy_set_header Host $http_host ;" "proxy_pass_header Authorization ;")) (uri "/")) (nginx-location-configuration (body (list "root /srv/www/marek/marekpasnikowski.pl ;")) (uri "/.well-known")))) (listen (list "192.168.10.2:443 ssl")) (server-name (list "radicale.marekpasnikowski.pl")))))))) (define (openssh) (service openssh-service-type)) (define (plasma-desktop) (service plasma-desktop-service-type)) (define (radicale) (service radicale-service-type (radicale-configuration (auth (radicale-auth-configuration (type 'htpasswd) (htpasswd-filename radicale-keys) (htpasswd-encryption 'plain)))))) (define swap-device-izumi-1-label (file-system-label "izumi-swap-f")) (define (syncthing) (service syncthing-service-type (syncthing-configuration (user "marek")))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (define (bootloader-izumi) (use-modules (gnu bootloader grub)) ((@ (gnu bootloader) bootloader-configuration) (bootloader grub-efi-bootloader) (keyboard-layout keyboard-layout-izumi) (targets (list "/boot/efi")))) (define (file-systems-izumi) (use-modules (gnu system file-systems)) (append %base-file-systems (list (file-system (device "/dev/sda1") (mount-point "/boot/efi") (type "vfat")) (file-system (dependencies mapped-devices-izumi) (device "/dev/mapper/izumi") (mount-point "/") (type "xfs"))))) (define groups-izumi (append %base-groups (list (user-group (name "vmail") (system? #t))))) (define host-name-izumi "izumi") (define services-izumi (append (desktop-services-izumi) (list (@ (users id1000) dkim-service) (@ (users id1000) dovecot-service) (@ (users id1000) smtp-service) (certbot) cgit (etc-mailname) (fcgiwrap) (gitolite) (home-services) (nginx) (openssh) (plasma-desktop) (radicale) (syncthing)))) (define swap-device-izumi-1 (swap-space (target swap-device-izumi-1-label))) (define (users-izumi) (use-modules (gnu system shadow) (users id1000) (users vmail)) (append %base-user-accounts (list uid1000-account vmail-account))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (define (operating-system-izumi) (use-modules (nongnu packages linux) (nongnu system linux-initrd) (suweren commons sudoers) (suweren system)) (operating-system (bootloader (bootloader-izumi)) (kernel linux) (keyboard-layout keyboard-layout-izumi) (initrd microcode-initrd) (firmware (list linux-firmware)) (host-name host-name-izumi) (mapped-devices mapped-devices-izumi) (file-systems (file-systems-izumi)) (swap-devices (list swap-device-izumi-1)) (users (users-izumi)) (groups groups-izumi) (timezone "Europe/Warsaw") (locale polish-locale-string) (locale-definitions %suweren-locale-definitions) (services services-izumi) (sudoers-file %sudoers-specification*))) (define-public operating-system-izumi (operating-system-izumi)) operating-system-izumi