blob: c3e6ab169e3a61324f4d629df2762ad6050dcb38 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
(define-module (tw system vin)
#:use-module (gnu)
#:use-module (gnu bootloader grub)
#:use-module (gnu system locale)
#:use-module (gnu system nss)
#:use-module (guix gexp)
#:use-module (tw system common))
(use-package-modules admin bash certs databases linux man rsync shells video)
(use-service-modules mcron monitoring networking pm ssh vpn)
;; The device's BIOS does not support UEFI, sadly. It also doesn't recognise
;; NVME devices, so we can only use SATA hard disks, not the M.2 SSD.
;; /dev/sda1 is the https://en.wikipedia.org/wiki/BIOS_boot_partition for grub.
(define grub-boot-disk ; must contain a BIOS boot partition
"/dev/disk/by-id/wwn-0x5000cca39dd469de") ; this is /dev/sda, usually
(define guixsd-root-partition ; /dev/sda2, 500 GB
(uuid "86970883-b074-4673-a993-193287432352" 'btrfs))
(define backups-partition ; /dev/sdb1, 1000 GB
(uuid "383ee9c7-b17e-43c9-9c39-447d63e22b94" 'btrfs))
(define-public %vin-system
(operating-system
(host-name "vin.twilken.net")
(timezone "Europe/Paris")
(locale "en_GB.utf8")
(locale-definitions
(list (locale-definition (name "en_GB.utf8") (source "en_GB"))
(locale-definition (name "de_DE.utf8") (source "de_DE"))
(locale-definition (name "fr_FR.utf8") (source "fr_FR"))
(locale-definition (name "en_US.utf8") (source "en_US"))))
(hosts-file %wireguard-etc-hosts)
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss)
;; Choose UK English console keyboard layout.
(keyboard-layout %british-keyboard)
;; Packages installed system-wide. Users can also install packages
;; under their own account: use 'guix search KEYWORD' to search
;; for packages and 'guix install PACKAGE' to install a package.
(packages
(append (list
;; For eventual backup scripts?
btrfs-progs rsync)
%common-system-packages
%base-packages))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append
(list (service openssh-service-type
(openssh-configuration
(port-number 22022)
(password-authentication? #f)
(accepted-environment '("LANG" "LC_*"))
(authorized-keys
`(("timo" ,(local-file "files/timo.pub"))))))
(service dhcp-client-service-type)
(service ntp-service-type)
(simple-service 'cronjobs mcron-service-type
(list #~(job "0 21 * * *" "guix gc -d 2w -F 25G")
#~(job "0 22 * * *" ; after guix gc
(string-append #$(file-append util-linux "/sbin/fstrim")
" --fstab --verbose"))))
;; Prometheus node exporter
(service prometheus-node-exporter-service-type
(prometheus-node-exporter-configuration
(web-listen-address "10.0.0.3:9100")))
(wireguard-service 'vin))
(modify-services %base-services
(login-service-type
config =>
(login-configuration
(inherit config)
(motd (plain-file "no-motd" ""))
(allow-empty-passwords? #f))))))
;; The list of user accounts ('root' is implicit).
(users %server-base-user-accounts)
;; Use the non-UEFI/legacy BIOS variant of GRUB with the boot header
;; installed on the system/root disk.
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets (list grub-boot-disk))
(keyboard-layout keyboard-layout)))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems
(cons* (file-system ; this is the smaller (500 GB) disk
(mount-point "/")
(device guixsd-root-partition)
(flags '(no-atime))
(options (alist->file-system-options
'(("compress" . "zstd"))))
(type "btrfs"))
(file-system ; this is the bigger (1000 GB) disk
(mount-point "/var/backups")
(create-mount-point? #t)
(device backups-partition)
(flags '(no-atime))
(options (alist->file-system-options
'(("compress" . "zstd"))))
(type "btrfs"))
%base-file-systems))))
%vin-system
|