(define-module (tw system vin) #:use-module (gnu) #:use-module (gnu bootloader grub) #:use-module (gnu system locale) #:use-module (gnu system nss) #:use-module (guix gexp) #:use-module (tw system common)) (use-package-modules admin bash certs databases linux man rsync shells video) (use-service-modules mcron monitoring networking pm ssh vpn) ;; The device's BIOS does not support UEFI, sadly. It also doesn't recognise ;; NVME devices, so we can only use SATA hard disks, not the M.2 SSD. ;; /dev/sda1 is the https://en.wikipedia.org/wiki/BIOS_boot_partition for grub. (define grub-boot-disk ; must contain a BIOS boot partition "/dev/disk/by-id/wwn-0x5000cca39dd469de") ; this is /dev/sda, usually (define guixsd-root-partition ; /dev/sda2, 500 GB (uuid "86970883-b074-4673-a993-193287432352" 'btrfs)) (define backups-partition ; /dev/sdb1, 1000 GB (uuid "383ee9c7-b17e-43c9-9c39-447d63e22b94" 'btrfs)) (define-public %vin-system (operating-system (host-name "vin.twilken.net") (timezone "Europe/Paris") (locale "en_GB.utf8") (locale-definitions (list (locale-definition (name "en_GB.utf8") (source "en_GB")) (locale-definition (name "de_DE.utf8") (source "de_DE")) (locale-definition (name "fr_FR.utf8") (source "fr_FR")) (locale-definition (name "en_US.utf8") (source "en_US")))) (hosts-file %wireguard-etc-hosts) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) ;; Choose UK English console keyboard layout. (keyboard-layout %british-keyboard) ;; Packages installed system-wide. Users can also install packages ;; under their own account: use 'guix search KEYWORD' to search ;; for packages and 'guix install PACKAGE' to install a package. (packages (append (list ;; For eventual backup scripts? btrfs-progs rsync) %common-system-packages %base-packages)) ;; Below is the list of system services. To search for available ;; services, run 'guix system search KEYWORD' in a terminal. (services (append (list (service openssh-service-type (openssh-configuration (port-number 22022) (password-authentication? #f) (accepted-environment '("LANG" "LC_*")) (authorized-keys `(("timo" ,(local-file "files/timo.pub")))))) (service dhcp-client-service-type) (service ntp-service-type) (simple-service 'cronjobs mcron-service-type (list #~(job "0 21 * * *" "guix gc -d 2w -F 25G") #~(job "0 22 * * *" ; after guix gc (string-append #$(file-append util-linux "/sbin/fstrim") " --fstab --verbose")))) ;; Prometheus node exporter (service prometheus-node-exporter-service-type (prometheus-node-exporter-configuration (web-listen-address "10.0.0.3:9100"))) (wireguard-service 'vin)) (modify-services %base-services (login-service-type config => (login-configuration (inherit config) (motd (plain-file "no-motd" "")) (allow-empty-passwords? #f)))))) ;; The list of user accounts ('root' is implicit). (users (cons* (user-account (name "timo") (comment "Timo Wilken") (group "users") (home-directory "/home/timo") (supplementary-groups '("wheel" "netdev" "audio" "video")) (shell (file-append zsh "/bin/zsh"))) %base-user-accounts)) ;; Use the non-UEFI/legacy BIOS variant of GRUB with the boot header ;; installed on the system/root disk. (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list grub-boot-disk)) (keyboard-layout keyboard-layout))) ;; The list of file systems that get "mounted". The unique ;; file system identifiers there ("UUIDs") can be obtained ;; by running 'blkid' in a terminal. (file-systems (cons* (file-system ; this is the smaller (500 GB) disk (mount-point "/") (device guixsd-root-partition) (flags '(no-atime)) (options (alist->file-system-options '(("compress" . "zstd")))) (type "btrfs")) (file-system ; this is the bigger (1000 GB) disk (mount-point "/var/backups") (create-mount-point? #t) (device backups-partition) (flags '(no-atime)) (options (alist->file-system-options '(("compress" . "zstd")))) (type "btrfs")) %base-file-systems)))) %vin-system