(define-module (hosts oswald system) #:use-module (gnu) #:use-module (gnu bootloader u-boot) #:use-module (gnu packages bootloaders) #:use-module (gnu packages certs) #:use-module (gnu packages linux) #:use-module (gnu packages rsync) #:use-module (gnu services admin) #:use-module (gnu services networking) #:use-module (gnu services ssh) #:use-module (gnu services web) #:use-module (guix packages) #:use-module (guix utils) #:use-module (services certbot) #:use-module (config base) #:use-module (config mail)) (define domain "kosobr.in") (define dkim-selector "20220826") ;; Use a lower DDR frequency to avoid random segfaults. ;; See . (define u-boot-rock64-rk3328/666 (package (inherit u-boot-rock64-rk3328) (arguments (substitute-keyword-arguments (package-arguments u-boot-rock64-rk3328) ((#:phases phases) #~(modify-phases #$phases (add-after 'unpack 'change-ddr-clock (lambda _ (substitute* "arch/arm/dts/rk3328-rock64-u-boot.dtsi" (("rk3328-sdram-lpddr3-1600.dtsi") "rk3328-sdram-lpddr3-666.dtsi")))))))))) ; Reload servers on certificate update. (define (cert-deploy-hook pid-files) (program-file "cert-deploy-hook" #~(for-each (lambda (pid-file) (kill (call-with-input-file pid-file read) SIGHUP)) '#$pid-files))) (operating-system (host-name "oswald") (timezone "Europe/Ljubljana") (locale "en_US.utf8") (kernel linux-libre-arm64-generic) (kernel-arguments '("mitigations=auto")) (initrd-modules '()) (bootloader (bootloader-configuration (bootloader (bootloader (inherit u-boot-rock64-rk3328-bootloader) (package u-boot-rock64-rk3328/666))) (targets '("/dev/disk/by-id/mmc-A3A442_0xe236282f")))) (file-systems (cons* (file-system (mount-point "/") (type "ext4") (device (uuid "75c144d6-1693-4245-8375-b678d0c8ba9b"))) %base-file-systems)) (swap-devices (list (swap-space (target "/swap")))) (users (cons* (user-account (name "timotej") (comment "Timotej Lazar") (group "users") (supplementary-groups '("wheel" "netdev" "kvm")) (home-directory "/home/timotej")) %base-user-accounts)) (packages (cons* nss-certs rsync %base-packages)) (services (append (list (service static-networking-service-type (list (static-networking (addresses (list (network-address (device "eth0") (value "192.168.1.3/24")))) (routes (list (network-route (destination "default") (gateway "192.168.1.1")))) (name-servers '("193.2.1.66" "193.2.1.72"))))) (service nginx-service-type (nginx-configuration (extra-content "autoindex on;") (server-blocks (list (nginx-server-configuration (listen '("443 ssl")) (server-name (list domain)) (ssl-certificate (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem")) (ssl-certificate-key (string-append "/etc/letsencrypt/live/" domain "/privkey.pem")) (root (string-append "/srv/http/" domain))))))) (service certbot-service-type (certbot-configuration (certificates (list (certificate-configuration (domains (list domain)) (deploy-hook (cert-deploy-hook '("/var/run/nginx/pid" "/var/run/smtpd.pid")))))))) (service openssh-service-type (openssh-configuration (password-authentication? #f))) (service unattended-upgrade-service-type (unattended-upgrade-configuration (channels #~(map (lambda (c) (channel (inherit c) (commit #f))) (load "/run/current-system/channels.scm"))) (services-to-restart '(mcron ntpd smtpd))))) (mail-services #:domain domain #:aliases (list '("root" "timotej") '("timotej.lazar" "timotej")) #:dkim-selector dkim-selector) (base-services))))