From 599f82d0857d408b25f2df95163c3bd1ae596eda Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Sun, 22 Jan 2023 22:46:35 +0100 Subject: Export lud system as a variable --- tw/system/lud.scm | 357 +++++++++++++++++++++++++++--------------------------- 1 file changed, 180 insertions(+), 177 deletions(-) (limited to 'tw/system/lud.scm') diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 54e0ea4f..0e32305b 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -193,110 +193,111 @@ ProxyPass \"/\" \"https://127.0.0.1:48448/\" ;; TODO: Matrix bridges )) -(operating-system - (host-name "lud.twilken.net") - (timezone "Europe/Berlin") - (locale "en_GB.utf8") - (locale-definitions - (list (locale-definition (name "en_GB.utf8") (source "en_GB")) - (locale-definition (name "de_DE.utf8") (source "de_DE")) - (locale-definition (name "fr_FR.utf8") (source "fr_FR")) - (locale-definition (name "pt_BR.utf8") (source "pt_BR")) - (locale-definition (name "en_US.utf8") (source "en_US")))) - - (sudoers-file %sudoers-file) - (hosts-file %wireguard-etc-hosts) - ;; Allow resolution of '.local' host names with mDNS. - (name-service-switch %mdns-host-lookup-nss) - - ;; Choose UK English console keyboard layout. - (keyboard-layout %british-keyboard) - - ;; Packages installed system-wide. Users can also install packages - ;; under their own account: use 'guix search KEYWORD' to search - ;; for packages and 'guix install PACKAGE' to install a package. - (packages - (cons* - ffmpeg tor ; for video downloader - mariadb ; for Nextcloud backup script - ;; For Nextcloud. PHP modules must be installed in system - ;; profile, as that's referred to in Nextcloud's php.ini. - php php-apcu - %base-system-packages)) - - ;; Below is the list of system services. To search for available - ;; services, run 'guix system search KEYWORD' in a terminal. - (services - (append - (list (simple-service 'duplicity-backup-access openssh-service-type - `(("ira" ; for Duplicity backups - ,(local-file "files/kitchen-pc.pub") - ,(local-file "files/wilken-laptop.pub")))) - - (service tor-service-type) - - (service thermald-service-type - (thermald-configuration - (adaptive? #t))) - - ;; Transmission (torrents) - (service transmission-daemon-service-type - (transmission-daemon-configuration - (download-dir "/var/data/bt") - (incomplete-dir "/var/data/bt/incomplete") - (incomplete-dir-enabled? #t) - (speed-limit-up-enabled? #t) - (speed-limit-up 512) ; KiB/s - (encryption 'require-encrypted-connections) - ;; Don't try to configure port forwarding automatically. - (port-forwarding-enabled? #f) - ;; Make RPC interface only accessible via WireGuard. - (rpc-bind-address "10.0.0.2") - (rpc-whitelist-enabled? #t) - (rpc-whitelist '("127.0.0.1" "::1" - "10.0.0.*" "fc00::*")) - (rpc-host-whitelist-enabled? #t) - (rpc-host-whitelist '("lud.wg")))) - - ;; TODO: Streama - - ;; Syncthing - (service syncthing-service-type - (syncthing-configuration - (user "syncthing") - (group "syncthing"))) - - ;; certbot for Synapse + Apache/Nextcloud - ;; This also installs a nginx server on port 80, redirecting to port 443. - (service certbot-service-type - (certbot-configuration - (email "letsencrypt@twilken.net"))) - - (service httpd-service-type - (httpd-configuration - (config - (httpd-config-file - (listen '("443")) ; leave port 80 free for certbot/nginx - (modules - (cons* (httpd-module (name "ssl_module") (file "modules/mod_ssl.so")) - (httpd-module (name "proxy_module") (file "modules/mod_proxy.so")) - (httpd-module (name "rewrite_module") (file "modules/mod_rewrite.so")) - (httpd-module (name "alias_module") (file "modules/mod_alias.so")) - (httpd-module (name "socache_shmcb_module") ; for SSLStaplingCache - (file "modules/mod_socache_shmcb.so")) - (httpd-module (name "proxy_fcgi_module") ; for PHP/FastCGI - (file "modules/mod_proxy_fcgi.so")) - %default-httpd-modules)) - ;; Preserve default value for `extra-config'. - (extra-config - (list "TypesConfig etc/httpd/mime.types\n" - "ServerAdmin webmaster@twilken.net\n" - httpd-intermediate-ssl-config)))))) - - ;; For Nextcloud (and Streama) - (service mysql-service-type - (mysql-configuration - (extra-content "\ +(define-public %lud-system + (operating-system + (host-name "lud.twilken.net") + (timezone "Europe/Berlin") + (locale "en_GB.utf8") + (locale-definitions + (list (locale-definition (name "en_GB.utf8") (source "en_GB")) + (locale-definition (name "de_DE.utf8") (source "de_DE")) + (locale-definition (name "fr_FR.utf8") (source "fr_FR")) + (locale-definition (name "pt_BR.utf8") (source "pt_BR")) + (locale-definition (name "en_US.utf8") (source "en_US")))) + + (sudoers-file %sudoers-file) + (hosts-file %wireguard-etc-hosts) + ;; Allow resolution of '.local' host names with mDNS. + (name-service-switch %mdns-host-lookup-nss) + + ;; Choose UK English console keyboard layout. + (keyboard-layout %british-keyboard) + + ;; Packages installed system-wide. Users can also install packages + ;; under their own account: use 'guix search KEYWORD' to search + ;; for packages and 'guix install PACKAGE' to install a package. + (packages + (cons* + ffmpeg tor ; for video downloader + mariadb ; for Nextcloud backup script + ;; For Nextcloud. PHP modules must be installed in system + ;; profile, as that's referred to in Nextcloud's php.ini. + php php-apcu + %base-system-packages)) + + ;; Below is the list of system services. To search for available + ;; services, run 'guix system search KEYWORD' in a terminal. + (services + (append + (list (simple-service 'duplicity-backup-access openssh-service-type + `(("ira" ; for Duplicity backups + ,(local-file "files/kitchen-pc.pub") + ,(local-file "files/wilken-laptop.pub")))) + + (service tor-service-type) + + (service thermald-service-type + (thermald-configuration + (adaptive? #t))) + + ;; Transmission (torrents) + (service transmission-daemon-service-type + (transmission-daemon-configuration + (download-dir "/var/data/bt") + (incomplete-dir "/var/data/bt/incomplete") + (incomplete-dir-enabled? #t) + (speed-limit-up-enabled? #t) + (speed-limit-up 512) ; KiB/s + (encryption 'require-encrypted-connections) + ;; Don't try to configure port forwarding automatically. + (port-forwarding-enabled? #f) + ;; Make RPC interface only accessible via WireGuard. + (rpc-bind-address "10.0.0.2") + (rpc-whitelist-enabled? #t) + (rpc-whitelist '("127.0.0.1" "::1" + "10.0.0.*" "fc00::*")) + (rpc-host-whitelist-enabled? #t) + (rpc-host-whitelist '("lud.wg")))) + + ;; TODO: Streama + + ;; Syncthing + (service syncthing-service-type + (syncthing-configuration + (user "syncthing") + (group "syncthing"))) + + ;; certbot for Synapse + Apache/Nextcloud + ;; This also installs a nginx server on port 80, redirecting to port 443. + (service certbot-service-type + (certbot-configuration + (email "letsencrypt@twilken.net"))) + + (service httpd-service-type + (httpd-configuration + (config + (httpd-config-file + (listen '("443")) ; leave port 80 free for certbot/nginx + (modules + (cons* (httpd-module (name "ssl_module") (file "modules/mod_ssl.so")) + (httpd-module (name "proxy_module") (file "modules/mod_proxy.so")) + (httpd-module (name "rewrite_module") (file "modules/mod_rewrite.so")) + (httpd-module (name "alias_module") (file "modules/mod_alias.so")) + (httpd-module (name "socache_shmcb_module") ; for SSLStaplingCache + (file "modules/mod_socache_shmcb.so")) + (httpd-module (name "proxy_fcgi_module") ; for PHP/FastCGI + (file "modules/mod_proxy_fcgi.so")) + %default-httpd-modules)) + ;; Preserve default value for `extra-config'. + (extra-config + (list "TypesConfig etc/httpd/mime.types\n" + "ServerAdmin webmaster@twilken.net\n" + httpd-intermediate-ssl-config)))))) + + ;; For Nextcloud (and Streama) + (service mysql-service-type + (mysql-configuration + (extra-content "\ [mysqld] character-set-server = utf8mb4 collation-server = utf8mb4_general_ci @@ -308,76 +309,78 @@ innodb_buffer_pool_size = 1G innodb_io_capacity = 4000 "))) - ;; TODO: JSON exporter (Nextcloud) - ;; TODO: Syncthing exporter - ;; TODO: Transmission exporter - ) - - nextcloud-services - matrix-services - (server-base-services host-name))) - - ;; The list of user accounts ('root' is implicit). - (users - (cons* (user-account ; TODO: merge with "timo"? - (name "timo-phone") - (comment "Backups of Timo's phone") - (group "users") - (home-directory "/var/backups/timo-phone") - (shell (file-append bash-minimal "/bin/sh"))) - (user-account - (name "ira") - (comment "Ira Wilken") - (group "users") - (home-directory "/home/ira")) - (user-account - (system? #t) - (name "syncthing") - (comment "Syncthing service") - (group "syncthing") - (home-directory "/var/data/syncthing")) - %server-base-user-accounts)) - - (groups - (cons* (user-group ; This is NOT implict from the "syncthing" user. - (system? #t) - (name "syncthing")) - %base-groups)) - - ;; Use the UEFI variant of GRUB with the EFI System Partition mounted - ;; on /boot/efi. - (bootloader - (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets '("/boot/efi")) - (keyboard-layout keyboard-layout))) - - ;; The list of file systems that get "mounted". The unique - ;; file system identifiers there ("UUIDs") can be obtained - ;; by running 'blkid' in a terminal. - (file-systems - (cons* (file-system - (mount-point "/") - (device guixsd-root-partition) - (flags '(no-atime)) - (options (alist->file-system-options - '("ssd" ("compress" . "zstd")))) - (type "btrfs")) - (file-system - (mount-point "/boot/efi") - (device efi-system-partition) - (flags '(no-atime)) - (type "vfat")) - (file-system - (mount-point "/var/backups") - (create-mount-point? #t) - (device backups-partition) - (flags '(no-atime)) - (type "btrfs")) - (file-system - (mount-point "/var/data") - (create-mount-point? #t) - (device data-partition) - (flags '(no-atime)) - (type "btrfs")) - %base-file-systems))) + ;; TODO: JSON exporter (Nextcloud) + ;; TODO: Syncthing exporter + ;; TODO: Transmission exporter + ) + + nextcloud-services + matrix-services + (server-base-services host-name))) + + ;; The list of user accounts ('root' is implicit). + (users + (cons* (user-account ; TODO: merge with "timo"? + (name "timo-phone") + (comment "Backups of Timo's phone") + (group "users") + (home-directory "/var/backups/timo-phone") + (shell (file-append bash-minimal "/bin/sh"))) + (user-account + (name "ira") + (comment "Ira Wilken") + (group "users") + (home-directory "/home/ira")) + (user-account + (system? #t) + (name "syncthing") + (comment "Syncthing service") + (group "syncthing") + (home-directory "/var/data/syncthing")) + %server-base-user-accounts)) + + (groups + (cons* (user-group ; This is NOT implict from the "syncthing" user. + (system? #t) + (name "syncthing")) + %base-groups)) + + ;; Use the UEFI variant of GRUB with the EFI System Partition mounted + ;; on /boot/efi. + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets '("/boot/efi")) + (keyboard-layout keyboard-layout))) + + ;; The list of file systems that get "mounted". The unique + ;; file system identifiers there ("UUIDs") can be obtained + ;; by running 'blkid' in a terminal. + (file-systems + (cons* (file-system + (mount-point "/") + (device guixsd-root-partition) + (flags '(no-atime)) + (options (alist->file-system-options + '("ssd" ("compress" . "zstd")))) + (type "btrfs")) + (file-system + (mount-point "/boot/efi") + (device efi-system-partition) + (flags '(no-atime)) + (type "vfat")) + (file-system + (mount-point "/var/backups") + (create-mount-point? #t) + (device backups-partition) + (flags '(no-atime)) + (type "btrfs")) + (file-system + (mount-point "/var/data") + (create-mount-point? #t) + (device data-partition) + (flags '(no-atime)) + (type "btrfs")) + %base-file-systems)))) + +%lud-system -- cgit v1.2.3