131 lines
4.4 KiB
Scheme
131 lines
4.4 KiB
Scheme
(define-module (hosts amahl system)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu bootloader u-boot)
|
|
#:use-module (gnu packages bootloaders)
|
|
#:use-module (gnu packages ncurses)
|
|
#:use-module (gnu packages rsync)
|
|
#:use-module (gnu services admin)
|
|
#:use-module (gnu services mail)
|
|
#:use-module (gnu services networking)
|
|
#:use-module (gnu services ssh)
|
|
#:use-module (gnu services web)
|
|
#:use-module (guix packages)
|
|
#:use-module (guix utils)
|
|
#:use-module (services certbot)
|
|
#:use-module (services ip)
|
|
#:use-module (services znc)
|
|
#:use-module (config base)
|
|
#:use-module (config mail))
|
|
|
|
(define domain "araneo.si")
|
|
(define dkim-selector "20230811")
|
|
|
|
;; Reload servers on certificate update.
|
|
(define (cert-deploy-hook pid-files)
|
|
(program-file
|
|
"cert-deploy-hook"
|
|
#~(for-each (lambda (pid-file)
|
|
(false-if-exception
|
|
(kill (call-with-input-file pid-file read) SIGHUP)))
|
|
'#$pid-files)))
|
|
|
|
(operating-system
|
|
(locale "en_US.utf8")
|
|
(timezone "Europe/Ljubljana")
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
(host-name "amahl")
|
|
|
|
(bootloader
|
|
(bootloader-configuration
|
|
(bootloader grub-bootloader)
|
|
(targets (list "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_35537784"))))
|
|
(initrd-modules (cons* "virtio_scsi" %base-initrd-modules))
|
|
|
|
(swap-devices (list (swap-space (target "/swap"))))
|
|
|
|
(file-systems
|
|
(cons* (file-system
|
|
(mount-point "/")
|
|
(device (uuid "6c89d6cf-2d17-479e-a095-3427dfe343d9" 'ext4))
|
|
(type "ext4"))
|
|
%base-file-systems))
|
|
|
|
(users
|
|
(cons* (user-account
|
|
(name "timotej")
|
|
(comment "Timotej Lazar")
|
|
(group "users")
|
|
(home-directory "/home/timotej")
|
|
(supplementary-groups '("wheel")))
|
|
%base-user-accounts))
|
|
|
|
(packages
|
|
(cons* ncurses rsync %base-packages))
|
|
|
|
(services
|
|
(append
|
|
(list
|
|
(service ip-service-type
|
|
(ip-configuration
|
|
(commands
|
|
(list "link set eth0 up"
|
|
"address add 2a01:4f9:c012:5f72::/64 dev eth0"
|
|
"route add default via fe80::1 dev eth0"))))
|
|
|
|
(service dhcp-client-service-type
|
|
(dhcp-client-configuration (interfaces '("eth0"))))
|
|
|
|
(service tor-service-type
|
|
(tor-configuration
|
|
(hidden-services
|
|
(list
|
|
(tor-onion-service-configuration
|
|
(name "nginx")
|
|
(mapping '((80 "127.0.0.1:8080"))))))))
|
|
|
|
(service nginx-service-type
|
|
(nginx-configuration
|
|
(extra-content "autoindex on;")
|
|
(server-blocks
|
|
(list
|
|
(nginx-server-configuration
|
|
(listen '("127.0.0.1:8080"))
|
|
(server-name (list "*.onion"))
|
|
(root (string-append "/srv/http/" domain)))
|
|
(nginx-server-configuration
|
|
(listen '("443 ssl"))
|
|
(server-name (list domain))
|
|
(ssl-certificate
|
|
(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
|
|
(ssl-certificate-key
|
|
(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
|
|
(root (string-append "/srv/http/" domain)))))))
|
|
|
|
(service certbot-service-type
|
|
(certbot-configuration
|
|
(certificates
|
|
(list (certificate-configuration
|
|
(domains (list domain))
|
|
(deploy-hook (cert-deploy-hook
|
|
'("/var/run/nginx/pid"
|
|
"/var/run/smtpd.pid"))))))))
|
|
|
|
(service openssh-service-type
|
|
(openssh-configuration
|
|
(password-authentication? #f)
|
|
(permit-root-login 'prohibit-password)))
|
|
|
|
(service znc-service-type)
|
|
|
|
(service unattended-upgrade-service-type
|
|
(unattended-upgrade-configuration
|
|
(channels #~(map (lambda (c) (channel (inherit c) (commit #f)))
|
|
(load "/run/current-system/channels.scm")))
|
|
(services-to-restart '(mcron nginx ntpd smtpd)))))
|
|
|
|
(mail-services
|
|
#:domain domain
|
|
#:aliases (list '("root" "timotej") '("timotej.lazar" "timotej"))
|
|
#:dkim-selector dkim-selector)
|
|
|
|
(base-services))))
|