Add configuration for new host vin.twilken.net

1 files changed, 127 insertions, 0 deletions

diff --git a/tw/system/vin.scm b/tw/system/vin.scm
new file mode 100644
index 00000000..07fa3e05
--- /dev/null
+++ b/tw/system/vin.scm
@@ -0,0 +1,127 @@
+(define-module (tw system vin)
+  #:use-module (gnu)
+  #:use-module (gnu bootloader grub)
+  #:use-module (gnu system locale)
+  #:use-module (gnu system nss)
+  #:use-module (guix gexp)
+  #:use-module (tw system common))
+
+(use-package-modules admin bash certs databases linux man rsync shells video)
+(use-service-modules mcron monitoring networking pm ssh vpn)
+
+;; The device's BIOS does not support UEFI, sadly.  It also doesn't recognise
+;; NVME devices, so we can only use SATA hard disks, not the M.2 SSD.
+;; /dev/sda1 is the https://en.wikipedia.org/wiki/BIOS_boot_partition for grub.
+(define grub-boot-disk                ; must contain a BIOS boot partition
+  "/dev/disk/by-id/wwn-0x5000cca39dd469de")   ; this is /dev/sda, usually
+(define guixsd-root-partition         ; /dev/sda2, 500 GB
+  (uuid "86970883-b074-4673-a993-193287432352" 'btrfs))
+(define backups-partition             ; /dev/sdb1, 1000 GB
+  (uuid "383ee9c7-b17e-43c9-9c39-447d63e22b94" 'btrfs))
+
+(define-public %vin-system
+  (operating-system
+    (host-name "vin.twilken.net")
+    (timezone "Europe/Paris")
+    (locale "en_GB.utf8")
+    (locale-definitions
+     (list (locale-definition (name "en_GB.utf8") (source "en_GB"))
+           (locale-definition (name "de_DE.utf8") (source "de_DE"))
+           (locale-definition (name "fr_FR.utf8") (source "fr_FR"))
+           (locale-definition (name "en_US.utf8") (source "en_US"))))
+
+    (hosts-file %wireguard-etc-hosts)
+    ;; Allow resolution of '.local' host names with mDNS.
+    (name-service-switch %mdns-host-lookup-nss)
+
+    ;; Choose UK English console keyboard layout.
+    (keyboard-layout %british-keyboard)
+
+    ;; Packages installed system-wide.  Users can also install packages
+    ;; under their own account: use 'guix search KEYWORD' to search
+    ;; for packages and 'guix install PACKAGE' to install a package.
+    (packages
+     (append (list
+              ;; For eventual backup scripts?
+              btrfs-progs rsync)
+             %common-system-packages
+             %base-packages))
+
+    ;; Below is the list of system services.  To search for available
+    ;; services, run 'guix system search KEYWORD' in a terminal.
+    (services
+     (append
+      (list (service openssh-service-type
+              (openssh-configuration
+               (port-number 22022)
+               (password-authentication? #f)
+               (accepted-environment '("LANG" "LC_*"))
+               (authorized-keys
+                `(("timo" ,(local-file "files/timo.pub"))))))
+
+            (service dhcp-client-service-type)
+
+            (service ntp-service-type)
+
+            (simple-service 'cronjobs mcron-service-type
+              (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G")
+                    #~(job "0 22 * * *"  ; after guix gc
+                           (string-append #$(file-append util-linux "/sbin/fstrim")
+                                          " --fstab --verbose"))))
+
+            ;; Prometheus node exporter
+            (service prometheus-node-exporter-service-type
+              (prometheus-node-exporter-configuration
+               (web-listen-address "10.0.0.3:9100")))
+
+            (wireguard-service 'vin))
+
+      (modify-services %base-services
+        (login-service-type
+         config =>
+         (login-configuration
+          (inherit config)
+          (motd (plain-file "no-motd" ""))
+          (allow-empty-passwords? #f))))))
+
+    ;; The list of user accounts ('root' is implicit).
+    (users
+     (cons* (user-account
+             (name "timo")
+             (comment "Timo Wilken")
+             (group "users")
+             (home-directory "/home/timo")
+             (supplementary-groups '("wheel" "netdev" "audio" "video"))
+             (shell (file-append zsh "/bin/zsh")))
+            %base-user-accounts))
+
+    ;; Use the non-UEFI/legacy BIOS variant of GRUB with the boot header
+    ;; installed on the system/root disk.
+    (bootloader
+     (bootloader-configuration
+      (bootloader grub-bootloader)
+      (targets (list grub-boot-disk))
+      (keyboard-layout keyboard-layout)))
+
+    ;; The list of file systems that get "mounted".  The unique
+    ;; file system identifiers there ("UUIDs") can be obtained
+    ;; by running 'blkid' in a terminal.
+    (file-systems
+     (cons* (file-system   ; this is the smaller (500 GB) disk
+              (mount-point "/")
+              (device guixsd-root-partition)
+              (flags '(no-atime))
+              (options (alist->file-system-options
+                        '(("compress" . "zstd"))))
+              (type "btrfs"))
+            (file-system   ; this is the bigger (1000 GB) disk
+              (mount-point "/var/backups")
+              (create-mount-point? #t)
+              (device backups-partition)
+              (flags '(no-atime))
+              (options (alist->file-system-options
+                        '(("compress" . "zstd"))))
+              (type "btrfs"))
+            %base-file-systems))))
+
+%vin-system