blob: 00aee73a03bdd9e6f0748f174b68220d849c82ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
;;; SPDX-License-Identifier: GPL-3.0-or-later
;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
(define-module (deployment systems rakan)
#:use-module ( (deployment keys)
#:prefix deployment:keys:)
#:use-module ( (gnu services)
#:prefix gnu:services:)
#:use-module ( (gnu services base)
#:prefix gnu:services:base:)
#:use-module ( (gnu services guix)
#:prefix gnu:services:guix:)
#:use-module ( (gnu services samba)
#:prefix gnu:services:samba:)
#:use-module ( (gnu services ssh)
#:prefix gnu:services:ssh:)
#:use-module ( (gnu system)
#:prefix gnu:system:)
#:use-module ( (gnu system file-systems)
#:prefix gnu:system:file-systems:)
#:use-module ( (gnu system linux-initrd)
#:prefix gnu:system:linux-initrd:)
#:use-module ( (gnu system shadow)
#:prefix gnu:system:shadow:)
#:use-module ( (nongnu packages linux)
#:prefix nongnu:packages:linux:)
#:use-module ( (nongnu system linux-initrd)
#:prefix nongnu:system:linux-initrd:)
#:use-module ( (sovereign devices)
#:prefix sovereign:devices:)
#:use-module ( (sovereign devices amd64)
#:prefix sovereign:devices:amd64:)
#:use-module ( (sovereign packages protonmail)
#:prefix sovereign:packages:protonmail:)
#:use-module ( (sovereign systems)
#:prefix sovereign:systems:)
#:use-module ( (users id1000)
#:prefix users:id1000:)
#:use-module (guix gexp))
(define system-name
"rakan")
(define file-system-efi
(let*
( (l-system-name (string-upcase system-name))
(l-device (sovereign:devices:file-system-label l-system-name)))
(gnu:system:file-systems:file-system
(inherit sovereign:devices:file-system/efi)
(device l-device))))
(define file-system-root
(let
( (l-device (sovereign:devices:file-system-label system-name
"root")))
(gnu:system:file-systems:file-system
(inherit sovereign:devices:file-system/root)
(device l-device))))
(define swap
(let
( (l-target (sovereign:devices:file-system-label system-name
"swap")))
(gnu:system:file-systems:swap-space
(inherit sovereign:devices:swap/no-trim)
(target l-target))))
(define guix-offload-authorizations
(gnu:services:base:guix-extension
(authorized-keys (list deployment:keys:mcdowell-guix))))
(define guix-publish-configuration
(gnu:services:base:guix-publish-configuration
(host "0.0.0.0")
(port 8080)
(advertise? #t)))
(define guix-publish-service
(gnu:services:service gnu:services:base:guix-publish-service-type
guix-publish-configuration))
(define samba-configuration
(gnu:services:samba:samba-configuration
(enable-smbd? #t)
(config-file (mixed-text-file "smb.conf"
"[global]\n"
"map to guest = Bad User\n"
"logging = syslog@1\n"
"\n"
"[public]\n"
"browsable = yes\n"
"path = /public\n"
"read only = no\n"
"guest ok = yes\n"
"guest only = yes\n"))))
(define samba-service
(gnu:services:service
gnu:services:samba:samba-service-type
samba-configuration))
(define system
(let*
( (l-guix-homes (list users:id1000:name/home-environment))
(l-guix-home-service (sovereign:systems:guix-home-service l-guix-homes))
(l-bootloader (sovereign:devices:amd64:custom-bootloader-configuration system-name))
(l-file-systems (cons* file-system-root
file-system-efi
gnu:system:file-systems:%base-file-systems))
(l-firmware (list nongnu:packages:linux:linux-firmware))
(l-initrd-modules (cons* "mei_me"
gnu:system:linux-initrd:%base-initrd-modules))
(l-services (cons* l-guix-home-service
guix-publish-service
(gnu:services:simple-service 'offload-authorizations
gnu:services:base:guix-service-type
guix-offload-authorizations)
(gnu:services:service gnu:services:ssh:openssh-service-type)
sovereign:packages:protonmail:nogui-profile
samba-service
sovereign:systems:%sovereign-services))
(l-swap-devices (list swap))
(l-users (cons* users:id1000:uid1000-account
gnu:system:shadow:%base-user-accounts)))
(gnu:system:operating-system
(kernel nongnu:packages:linux:linux)
(bootloader l-bootloader)
(label (sovereign:systems:operating-system-label* system-name
(gnu:system:operating-system-default-label gnu:system:this-operating-system)))
(keyboard-layout sovereign:devices:pl-keyboard-layout)
(initrd nongnu:system:linux-initrd:microcode-initrd)
(initrd-modules l-initrd-modules)
(firmware l-firmware)
(host-name system-name)
(file-systems l-file-systems)
(swap-devices l-swap-devices)
(users l-users)
(timezone "Europe/Warsaw")
(locale sovereign:systems:pl-locale)
(locale-definitions sovereign:systems:%sovereign-locale-definitions)
(services l-services)
(sudoers-file sovereign:systems:%sovereign-sudoers-specification))))
(define-public operating-system*
system)
|
