diff --git a/hosts/amahl/system.scm b/hosts/amahl/system.scm new file mode 100644 index 0000000..1fd655a --- /dev/null +++ b/hosts/amahl/system.scm @@ -0,0 +1,117 @@ +(define-module (hosts amahl system) + #:use-module (gnu) + #:use-module (gnu bootloader u-boot) + #:use-module (gnu packages bootloaders) + #:use-module (gnu packages certs) + #:use-module (gnu packages rsync) + #:use-module (gnu services admin) + #:use-module (gnu services mail) + #:use-module (gnu services networking) + #:use-module (gnu services ssh) + #:use-module (gnu services web) + #:use-module (guix packages) + #:use-module (guix utils) + #:use-module (services certbot) + #:use-module (services ip) + #:use-module (services znc) + #:use-module (config base) + #:use-module (config mail)) + +(define domain "araneo.si") +(define dkim-selector "20230811") + +;; Reload servers on certificate update. +(define (cert-deploy-hook pid-files) + (program-file + "cert-deploy-hook" + #~(for-each (lambda (pid-file) + (false-if-exception + (kill (call-with-input-file pid-file read) SIGHUP))) + '#$pid-files))) + +(operating-system + (locale "en_US.utf8") + (timezone "Europe/Ljubljana") + (keyboard-layout (keyboard-layout "us")) + (host-name "amahl") + + (bootloader + (bootloader-configuration + (bootloader grub-bootloader) + (targets (list "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_35537784")))) + (initrd-modules (cons* "virtio_scsi" %base-initrd-modules)) + + (swap-devices (list (swap-space (target "/swap")))) + + (file-systems + (cons* (file-system + (mount-point "/") + (device (uuid "6c89d6cf-2d17-479e-a095-3427dfe343d9" 'ext4)) + (type "ext4")) + %base-file-systems)) + + (users + (cons* (user-account + (name "timotej") + (comment "Timotej Lazar") + (group "users") + (home-directory "/home/timotej") + (supplementary-groups '("wheel"))) + %base-user-accounts)) + + (packages (append (list (specification->package "nss-certs")) + %base-packages)) + + (services + (append + (list + (service ip-service-type + (ip-configuration + (commands + (list "link set eth0 up" + "address add 2a01:4f9:c012:5f72::/64 dev eth0" + "route add default via fe80::1 dev eth0")))) + + (service dhcp-client-service-type + (dhcp-client-configuration (interfaces '("eth0")))) + + (service nginx-service-type + (nginx-configuration + (extra-content "autoindex on;") + (server-blocks + (list (nginx-server-configuration + (listen '("443 ssl")) + (server-name (list domain)) + (ssl-certificate + (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem")) + (ssl-certificate-key + (string-append "/etc/letsencrypt/live/" domain "/privkey.pem")) + (root (string-append "/srv/http/" domain))))))) + + (service certbot-service-type + (certbot-configuration + (certificates + (list (certificate-configuration + (domains (list domain)) + (deploy-hook (cert-deploy-hook + '("/var/run/nginx/pid" + "/var/run/smtpd.pid")))))))) + + (service openssh-service-type + (openssh-configuration + (password-authentication? #f))) + + (service znc-service-type) + + (service unattended-upgrade-service-type + (unattended-upgrade-configuration + (channels #~(map (lambda (c) (channel (inherit c) (commit #f))) + (load "/run/current-system/channels.scm"))) + (services-to-restart '(mcron nginx ntpd smtpd))))) + + (mail-services + #:domain domain + #:aliases (list '("root" "timotej") '("timotej.lazar" "timotej")) + #:dkim-selector dkim-selector) + + (base-services))))