mirror of
git://git.savannah.gnu.org/guix/maintenance.git
synced 2023-12-14 03:33:04 +01:00
hydra: Unify dover configuration with generic overdrive approach.
* hydra/modules/sysadmin/overdrive.scm (%accounts): Add Andreas. (overdrive-system): Add Andreas's ssh key. * hydra/dover.scm: Replace content by a call to overdrive-system.
This commit is contained in:
parent
3b4290fe2b
commit
45bff0e548
125
hydra/dover.scm
125
hydra/dover.scm
|
@ -1,123 +1,4 @@
|
|||
;; GuixSD configuration file for the SoftIron OverDrive 1000 build machines.
|
||||
;; Copyright © 2016, 2017, 2018, 2021 Ludovic Courtès <ludo@gnu.org>
|
||||
;; Copyright © 2019, 2021 Andreas Enge <andreas@enge.fr>
|
||||
;; Released under the GNU GPLv3 or any later version.
|
||||
(use-modules (sysadmin overdrive))
|
||||
|
||||
(use-modules (guix) (gnu)
|
||||
((sysadmin services) #:select (berlin-wireguard-peer)))
|
||||
(use-service-modules networking mcron ssh avahi cuirass vpn)
|
||||
(use-package-modules screen ssh linux vim)
|
||||
|
||||
(define (sysadmin name full-name)
|
||||
(user-account
|
||||
(name name)
|
||||
(comment full-name)
|
||||
(group "users")
|
||||
(supplementary-groups '("wheel" "kvm"))
|
||||
(home-directory (string-append "/home/" name))))
|
||||
|
||||
(define %accounts
|
||||
(list (sysadmin "ludo" "Ludovic Courtès")
|
||||
(sysadmin "rekado" "Ricardo Wurmus")
|
||||
(sysadmin "andreas" "Andreas Enge")
|
||||
(sysadmin "dannym" "Danny Milosavljevic")
|
||||
(sysadmin "mathieu" "Mathieu Othacehe")
|
||||
(user-account
|
||||
(name "hydra")
|
||||
(comment "Hydra User")
|
||||
(group "users")
|
||||
(home-directory (string-append "/home/" name)))
|
||||
(user-account
|
||||
(name "bayfront")
|
||||
(comment "Bayfront Offload")
|
||||
(group "users")
|
||||
(home-directory (string-append "/home/" name)))))
|
||||
|
||||
(define %authorized-guix-keys
|
||||
;; List of authorized 'guix archive' keys.
|
||||
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
|
||||
|
||||
(define gc-job
|
||||
;; Run 'guix gc' at 3AM every day.
|
||||
#~(job '(next-hour '(3)) "guix gc -F 50G"))
|
||||
|
||||
(define btrfs-job
|
||||
;; Run 'btrfs balance' every three days to make free space.
|
||||
#~(job (lambda (now)
|
||||
(next-day-from now (range 1 31 3)))
|
||||
(string-append #$btrfs-progs "/bin/btrfs balance "
|
||||
"start -dusage=50 -musage=70 /")))
|
||||
|
||||
;; The actual machine.
|
||||
|
||||
(operating-system
|
||||
(host-name "dover")
|
||||
(timezone "Europe/Paris")
|
||||
(locale "en_US.UTF-8")
|
||||
|
||||
(bootloader (bootloader-configuration
|
||||
(bootloader grub-efi-bootloader)
|
||||
(target "/boot/efi")))
|
||||
(initrd-modules (cons* "xhci-pci" "ahci_platform" "sg" "sd_mod"
|
||||
%base-initrd-modules))
|
||||
(file-systems (cons* (file-system
|
||||
(device "/dev/sda3")
|
||||
(mount-point "/")
|
||||
(type "btrfs"))
|
||||
(file-system
|
||||
(device "/dev/sda1")
|
||||
(mount-point "/boot/efi")
|
||||
;; original options:
|
||||
;; (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
|
||||
(type "vfat"))
|
||||
%base-file-systems))
|
||||
|
||||
(swap-devices '("/dev/sda4"))
|
||||
|
||||
(users (append %accounts %base-user-accounts))
|
||||
(services (cons* (service openssh-service-type
|
||||
(openssh-configuration
|
||||
(permit-root-login 'without-password)
|
||||
(authorized-keys
|
||||
`(("ludo" ,(local-file "keys/ssh/ludo.pub"))
|
||||
("rekado" ,(local-file "keys/ssh/rekado.pub"))
|
||||
("andreas" ,(local-file "keys/ssh/andreas.pub"))
|
||||
("dannym" ,(local-file "keys/ssh/dannym.pub"))
|
||||
("mathieu" ,(local-file "keys/ssh/mathieu.pub"))
|
||||
("root" ,(local-file "keys/ssh/andreas.pub"))))))
|
||||
(service dhcp-client-service-type)
|
||||
(service mcron-service-type
|
||||
(mcron-configuration
|
||||
(jobs (list gc-job btrfs-job))))
|
||||
|
||||
(service agetty-service-type
|
||||
(agetty-configuration
|
||||
(tty "ttyAMA0")
|
||||
(keep-baud? #t)
|
||||
(term "vt220")
|
||||
(baud-rate "115200,38400,9600")))
|
||||
|
||||
(service ntp-service-type)
|
||||
|
||||
(service avahi-service-type)
|
||||
(service cuirass-remote-worker-service-type
|
||||
(cuirass-remote-worker-configuration
|
||||
(workers 4)
|
||||
(server "10.0.0.1:5555") ;berlin
|
||||
(systems '("armhf-linux" "aarch64-linux"))
|
||||
(substitute-urls '("http://10.0.0.1"))))
|
||||
(service wireguard-service-type
|
||||
(wireguard-configuration
|
||||
(addresses '("10.0.0.4/32"))
|
||||
(peers (list berlin-wireguard-peer))))
|
||||
|
||||
(modify-services %base-services
|
||||
(guix-service-type config =>
|
||||
(guix-configuration
|
||||
(inherit config)
|
||||
(use-substitutes? #t)
|
||||
(max-silent-time 7200)
|
||||
(authorized-keys
|
||||
%authorized-guix-keys))))))
|
||||
|
||||
(packages (cons* btrfs-progs screen openssh vim %base-packages)))
|
||||
(overdrive-system "dover"
|
||||
#:wireguard-ip "10.0.0.4/32")
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
;;;
|
||||
;;; Copyright © 2016-2018, 2020-2022 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2020, 2021 Mathieu Othacehe <othacehe@gnu.org>
|
||||
;;; Copyright © 2022 Andreas Enge <andreas@enge.fr>
|
||||
;;;
|
||||
;;; This program is free software: you can redistribute it and/or modify
|
||||
;;; it under the terms of the GNU General Public License as published by
|
||||
|
@ -46,6 +47,7 @@
|
|||
(sysadmin "janneke" "Jan Nieuwenhuizen")
|
||||
(sysadmin "mathieu" "Mathieu Othacehe")
|
||||
(sysadmin "maxim" "Maxim Cournoyer")
|
||||
(sysadmin "andreas" "Andreas Enge")
|
||||
(user-account
|
||||
(name "hydra")
|
||||
(comment "Hydra User")
|
||||
|
@ -110,7 +112,9 @@
|
|||
("dannym" ,(local-file "../../keys/ssh/dannym.pub"))
|
||||
("janneke" ,(local-file "../../keys/ssh/janneke.pub"))
|
||||
("mathieu" ,(local-file "../../keys/ssh/mathieu.pub"))
|
||||
("maxim" ,(local-file "../../keys/ssh/maxim.pub"))))))
|
||||
("maxim" ,(local-file "../../keys/ssh/maxim.pub"))
|
||||
("andreas" ,(local-file "../../keys/ssh/andreas.pub"))))))
|
||||
|
||||
(service avahi-service-type)
|
||||
(service dhcp-client-service-type)
|
||||
(service mcron-service-type
|
||||
|
|
Loading…
Reference in a new issue