monguix/hosts/oswald/system.scm

(define-module (hosts oswald system)
  #:use-module (gnu)
  #:use-module (gnu bootloader u-boot)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages certs)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages rsync)
  #:use-module (gnu services admin)
  #:use-module (gnu services networking)
  #:use-module (gnu services ssh)
  #:use-module (gnu services web)
  #:use-module (guix packages)
  #:use-module (guix utils)
  #:use-module (services certbot)
  #:use-module (config base)
  #:use-module (config mail))

(define domain "kosobr.in")
(define dkim-selector "20220826")

;; Use a lower DDR frequency to avoid random segfaults.
;; See <https://forum.pine64.org/showthread.php?tid=11209>.
(define u-boot-rock64-rk3328/666
  (package
    (inherit u-boot-rock64-rk3328)
    (arguments
      (substitute-keyword-arguments (package-arguments u-boot-rock64-rk3328)
        ((#:phases phases)
         #~(modify-phases #$phases
             (add-after 'unpack 'change-ddr-clock
               (lambda _
                 (substitute* "arch/arm/dts/rk3328-rock64-u-boot.dtsi"
                   (("rk3328-sdram-lpddr3-1600.dtsi") "rk3328-sdram-lpddr3-666.dtsi"))))))))))

; Reload servers on certificate update.
(define (cert-deploy-hook pid-files)
  (program-file
    "cert-deploy-hook"
    #~(for-each (lambda (pid-file)
                  (kill (call-with-input-file pid-file read) SIGHUP))
                '#$pid-files)))

(operating-system
  (host-name "oswald")
  (timezone "Europe/Ljubljana")
  (locale "en_US.utf8")

  (kernel linux-libre-arm64-generic)
  (kernel-arguments '("mitigations=auto"))
  (initrd-modules '())

  (bootloader
   (bootloader-configuration
    (bootloader
     (bootloader
      (inherit u-boot-rock64-rk3328-bootloader)
      (package u-boot-rock64-rk3328/666)))
    (targets '("/dev/disk/by-id/mmc-A3A442_0xe236282f"))))

  (file-systems
   (cons*
    (file-system
      (mount-point "/")
      (type "ext4")
      (device (uuid "75c144d6-1693-4245-8375-b678d0c8ba9b")))
    %base-file-systems))

  (swap-devices (list (swap-space (target "/swap"))))

  (users
   (cons*
    (user-account
     (name "timotej")
     (comment "Timotej Lazar")
     (group "users")
     (supplementary-groups '("wheel" "netdev" "kvm"))
     (home-directory "/home/timotej"))
    %base-user-accounts))

  (packages
   (cons* nss-certs rsync %base-packages))

  (services
   (append
    (list
     (service static-networking-service-type
              (list (static-networking
                     (addresses (list (network-address
                                       (device "eth0")
                                       (value "192.168.1.3/24"))))
                     (routes (list (network-route
                                    (destination "default")
                                    (gateway "192.168.1.1"))))
                     (name-servers '("193.2.1.66" "193.2.1.72")))))

     (service nginx-service-type
              (nginx-configuration
               (extra-content "autoindex on;")
               (server-blocks
                (list (nginx-server-configuration
                       (listen '("443 ssl"))
                       (server-name (list domain))
                       (ssl-certificate
                        (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
                       (ssl-certificate-key
                        (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
                       (root (string-append "/srv/http/" domain)))))))

     (service certbot-service-type
              (certbot-configuration
               (certificates
                (list
                 (certificate-configuration
                  (domains (list domain))
                  (deploy-hook (cert-deploy-hook
                                '("/var/run/nginx/pid"
                                  "/var/run/smtpd.pid"))))))))

     (service openssh-service-type
              (openssh-configuration
               (password-authentication? #f)))

     (service unattended-upgrade-service-type
              (unattended-upgrade-configuration
               (channels #~(map (lambda (c) (channel (inherit c) (commit #f)))
                                (load "/run/current-system/channels.scm")))
               (services-to-restart '(mcron ntpd smtpd)))))

    (mail-services
     #:domain domain
     #:aliases (list '("root" "timotej") '("timotej.lazar" "timotej"))
     #:dkim-selector dkim-selector)

    (base-services))))
Add oswald 2016-01-23 06:56:17 +01:00			`(define-module (hosts oswald system)`
			`#:use-module (gnu)`
			`#:use-module (gnu bootloader u-boot)`
			`#:use-module (gnu packages bootloaders)`
			`#:use-module (gnu packages certs)`
			`#:use-module (gnu packages linux)`
			`#:use-module (gnu packages rsync)`
			`#:use-module (gnu services admin)`
			`#:use-module (gnu services networking)`
			`#:use-module (gnu services ssh)`
hosts/oswald: add mail, web and certificate services 2023-04-28 09:11:50 +02:00			`#:use-module (gnu services web)`
Add oswald 2016-01-23 06:56:17 +01:00			`#:use-module (guix packages)`
			`#:use-module (guix utils)`
hosts/oswald: add mail, web and certificate services 2023-04-28 09:11:50 +02:00			`#:use-module (services certbot)`
			`#:use-module (config base)`
			`#:use-module (config mail))`

			`(define domain "kosobr.in")`
			`(define dkim-selector "20220826")`
Add oswald 2016-01-23 06:56:17 +01:00
			`;; Use a lower DDR frequency to avoid random segfaults.`
			`;; See <https://forum.pine64.org/showthread.php?tid=11209>.`
			`(define u-boot-rock64-rk3328/666`
			`(package`
			`(inherit u-boot-rock64-rk3328)`
			`(arguments`
hosts/oswald: fix custom u-boot package 2023-03-19 19:01:18 +01:00			`(substitute-keyword-arguments (package-arguments u-boot-rock64-rk3328)`
			`((#:phases phases)`
			`#~(modify-phases #$phases`
			`(add-after 'unpack 'change-ddr-clock`
			`(lambda _`
			`(substitute* "arch/arm/dts/rk3328-rock64-u-boot.dtsi"`
			`(("rk3328-sdram-lpddr3-1600.dtsi") "rk3328-sdram-lpddr3-666.dtsi"))))))))))`
Add oswald 2016-01-23 06:56:17 +01:00
hosts/oswald: add mail, web and certificate services 2023-04-28 09:11:50 +02:00			`; Reload servers on certificate update.`
			`(define (cert-deploy-hook pid-files)`
			`(program-file`
			`"cert-deploy-hook"`
			`#~(for-each (lambda (pid-file)`
			`(kill (call-with-input-file pid-file read) SIGHUP))`
			`'#$pid-files)))`
Add oswald 2016-01-23 06:56:17 +01:00
			`(operating-system`
			`(host-name "oswald")`
			`(timezone "Europe/Ljubljana")`
			`(locale "en_US.utf8")`

			`(kernel linux-libre-arm64-generic)`
			`(kernel-arguments '("mitigations=auto"))`
			`(initrd-modules '())`

			`(bootloader`
			`(bootloader-configuration`
			`(bootloader`
			`(bootloader`
			`(inherit u-boot-rock64-rk3328-bootloader)`
			`(package u-boot-rock64-rk3328/666)))`
			`(targets '("/dev/disk/by-id/mmc-A3A442_0xe236282f"))))`

			`(file-systems`
			`(cons*`
			`(file-system`
			`(mount-point "/")`
			`(type "ext4")`
			`(device (uuid "75c144d6-1693-4245-8375-b678d0c8ba9b")))`
			`%base-file-systems))`

			`(swap-devices (list (swap-space (target "/swap"))))`

			`(users`
			`(cons*`
			`(user-account`
			`(name "timotej")`
			`(comment "Timotej Lazar")`
			`(group "users")`
			`(supplementary-groups '("wheel" "netdev" "kvm"))`
			`(home-directory "/home/timotej"))`
			`%base-user-accounts))`

			`(packages`
			`(cons* nss-certs rsync %base-packages))`

			`(services`
hosts/oswald: add mail, web and certificate services 2023-04-28 09:11:50 +02:00			`(append`
			`(list`
			`(service static-networking-service-type`
			`(list (static-networking`
			`(addresses (list (network-address`
			`(device "eth0")`
			`(value "192.168.1.3/24"))))`
			`(routes (list (network-route`
			`(destination "default")`
			`(gateway "192.168.1.1"))))`
			`(name-servers '("193.2.1.66" "193.2.1.72")))))`

			`(service nginx-service-type`
			`(nginx-configuration`
			`(extra-content "autoindex on;")`
			`(server-blocks`
			`(list (nginx-server-configuration`
			`(listen '("443 ssl"))`
			`(server-name (list domain))`
			`(ssl-certificate`
			`(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))`
			`(ssl-certificate-key`
			`(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))`
			`(root (string-append "/srv/http/" domain)))))))`

			`(service certbot-service-type`
			`(certbot-configuration`
			`(certificates`
			`(list`
			`(certificate-configuration`
hosts/oswald: remove hardcoded domain name 2023-09-16 11:30:31 +02:00			`(domains (list domain))`
hosts/oswald: add mail, web and certificate services 2023-04-28 09:11:50 +02:00			`(deploy-hook (cert-deploy-hook`
			`'("/var/run/nginx/pid"`
			`"/var/run/smtpd.pid"))))))))`

			`(service openssh-service-type`
			`(openssh-configuration`
			`(password-authentication? #f)))`

			`(service unattended-upgrade-service-type`
			`(unattended-upgrade-configuration`
			`(channels #~(map (lambda (c) (channel (inherit c) (commit #f)))`
			`(load "/run/current-system/channels.scm")))`
			`(services-to-restart '(mcron ntpd smtpd)))))`

			`(mail-services`
			`#:domain domain`
			`#:aliases (list '("root" "timotej") '("timotej.lazar" "timotej"))`
			`#:dkim-selector dkim-selector)`

			`(base-services))))`