jetomit/monguix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add amahl

Browse source
This commit is contained in:
Timotej Lazar 2023-08-11 18:04:27 +02:00
parent c8b3c180df
commit e08a4ae5ad
1 changed files with 117 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

117
hosts/amahl/system.scm Normal file
View file

@ -0,0 +1,117 @@
(define-module (hosts amahl system)
#:use-module (gnu)
#:use-module (gnu bootloader u-boot)
#:use-module (gnu packages bootloaders)
#:use-module (gnu packages certs)
#:use-module (gnu packages rsync)
#:use-module (gnu services admin)
#:use-module (gnu services mail)
#:use-module (gnu services networking)
#:use-module (gnu services ssh)
#:use-module (gnu services web)
#:use-module (guix packages)
#:use-module (guix utils)
#:use-module (services certbot)
#:use-module (services ip)
#:use-module (services znc)
#:use-module (config base)
#:use-module (config mail))
(define domain "araneo.si")
(define dkim-selector "20230811")
;; Reload servers on certificate update.
(define (cert-deploy-hook pid-files)
(program-file
"cert-deploy-hook"
#~(for-each (lambda (pid-file)
(false-if-exception
(kill (call-with-input-file pid-file read) SIGHUP)))
'#$pid-files)))
(operating-system
(locale "en_US.utf8")
(timezone "Europe/Ljubljana")
(keyboard-layout (keyboard-layout "us"))
(host-name "amahl")
(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_35537784"))))
(initrd-modules (cons* "virtio_scsi" %base-initrd-modules))
(swap-devices (list (swap-space (target "/swap"))))
(file-systems
(cons* (file-system
(mount-point "/")
(device (uuid "6c89d6cf-2d17-479e-a095-3427dfe343d9" 'ext4))
(type "ext4"))
%base-file-systems))
(users
(cons* (user-account
(name "timotej")
(comment "Timotej Lazar")
(group "users")
(home-directory "/home/timotej")
(supplementary-groups '("wheel")))
%base-user-accounts))
(packages (append (list (specification->package "nss-certs"))
%base-packages))
(services
(append
(list
(service ip-service-type
(ip-configuration
(commands
(list "link set eth0 up"
"address add 2a01:4f9:c012:5f72::/64 dev eth0"
"route add default via fe80::1 dev eth0"))))
(service dhcp-client-service-type
(dhcp-client-configuration (interfaces '("eth0"))))
(service nginx-service-type
(nginx-configuration
(extra-content "autoindex on;")
(server-blocks
(list (nginx-server-configuration
(listen '("443 ssl"))
(server-name (list domain))
(ssl-certificate
(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
(ssl-certificate-key
(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
(root (string-append "/srv/http/" domain)))))))
(service certbot-service-type
(certbot-configuration
(certificates
(list (certificate-configuration
(domains (list domain))
(deploy-hook (cert-deploy-hook
'("/var/run/nginx/pid"
"/var/run/smtpd.pid"))))))))
(service openssh-service-type
(openssh-configuration
(password-authentication? #f)))
(service znc-service-type)
(service unattended-upgrade-service-type
(unattended-upgrade-configuration
(channels #~(map (lambda (c) (channel (inherit c) (commit #f)))
(load "/run/current-system/channels.scm")))
(services-to-restart '(mcron nginx ntpd smtpd)))))
(mail-services
#:domain domain
#:aliases (list '("root" "timotej") '("timotej.lazar" "timotej"))
#:dkim-selector dkim-selector)
(base-services))))