;; Guix System configuration for milano-guix-1.unimi.it build machine ;; HP ProLiantDL380p Gen8 ;; Copyright © 2019 Giovanni Biscuolo ;; Released under the GNU GPLv3 or any later version. ;; DNS name in UNIMI data centre: milano-guix-1.mips.di.unimi.it. ;; SHA256:NMG2qnisy+qm8KXyTAg5kcyzkghmnYiWiM+Eyt83PcY. (use-modules (gnu) (guix gexp)) (use-service-modules databases getmail guix networking mcron ssh virtualization web monitoring) (use-package-modules certs screen tmux ssh linux) ;; The following definition are **almost** copied from dover.scm: a ;; quick hack to have a(n almost) self contained config file ;; FIXME: refactor using modules (e.g. like berlin.scm) (define (sysadmin name full-name) (user-account (name name) (comment full-name) (group "users") (supplementary-groups '("wheel" "kvm")) (home-directory (string-append "/home/" name)))) (define %accounts (list (sysadmin "ludo" "Ludovic Courtès") (sysadmin "rekado" "Ricardo Wurmus") (sysadmin "andreas" "Andreas Enge") (sysadmin "cbaines" "Christopher Baines") (sysadmin "degrees380" "Giovanni Biscuolo") (sysadmin "atrent" "Andrea Trentini") (user-account (name "hydra") (comment "Hydra User") (group "users") (home-directory (string-append "/home/" name))) (user-account (name "bayfront") (comment "Bayfront Offload") (group "users") (home-directory (string-append "/home/" name))))) (define %authorized-guix-keys ;; List of authorized 'guix archive' keys. (list (local-file "keys/guix/berlin.guixsd.org-export.pub") (local-file "keys/guix/bayfront.guix.info-export.pub"))) (define gc-job ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 500G")) (define btrfs-job ;; Run 'btrfs balance' every three days to make free space. #~(job (lambda (now) (next-day-from now (range 1 31 3))) (string-append #$btrfs-progs "/bin/btrfs balance " "start -dusage=50 /"))) ;; The actual machine (operating-system (locale "en_US.utf8") (timezone "Europe/Rome") (keyboard-layout (keyboard-layout "us" "winkeys")) (kernel-arguments '("vga=791")) (initrd-modules (append (list "hpsa") ;; Smart Array P420i controller %base-initrd-modules)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda") (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/") (device (uuid "5ec7b1a5-3db5-49d6-87d8-452931db91c4")) (type "btrfs")) (file-system (mount-point "/tmp") (device "tmpfs") (type "tmpfs")) %base-file-systems)) (swap-devices '("/dev/sda2" "/dev/sdb2")) (host-name "milano-guix-1") (users (append %accounts %base-user-accounts)) (packages (cons* btrfs-progs screen tmux openssh strace nss-certs %base-packages)) ;; Services (services (append (list (service dhcp-client-service-type) (service openssh-service-type (openssh-configuration (port-number 22) (password-authentication? #f) (extra-content "ListenAddress 0.0.0.0") (authorized-keys `(("degrees380" ,(local-file "keys/ssh/degrees380.pub")) ("bayfront" ,(local-file "keys/ssh/bayfront.pub")) ("atrent" ,(local-file "keys/ssh/atrent.pub")) ("ludo" ,(local-file "keys/ssh/ludo.pub")) ("andreas" ,(local-file "keys/ssh/andreas.pub")) ("cbaines" ,(local-file "keys/ssh/cbaines.pub")) ("rekado" ,(local-file "keys/ssh/rekado.pub")))))) (service ntp-service-type) (service prometheus-node-exporter-service-type) ;; (service qemu-binfmt-service-type ;; (qemu-binfmt-configuration ;; (platforms (lookup-qemu-platforms "arm" "aarch64")))) (service mcron-service-type (mcron-configuration (jobs (list gc-job btrfs-job)))) (service guix-build-coordinator-agent-service-type (guix-build-coordinator-agent-configuration (coordinator "https://coordinator.bayfront.guix.gnu.org") (authentication (guix-build-coordinator-agent-password-file-auth (uuid "b57898c3-7187-4c56-9d3c-4e68b954b79a") (password-file "/etc/guix-build-coordinator-agent-password"))) (max-parallel-builds 8) (max-1min-load-average 24) (systems '("x86_64-linux" "i686-linux")) (derivation-substitute-urls (list "https://data.guix.gnu.org")) (non-derivation-substitute-urls (list "https://bordeaux.guix.gnu.org"))))) (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) (substitute-urls '("https://bordeaux.guix.gnu.org")) (max-silent-time 3600) (timeout (* 12 3600)) (authorized-keys (cons* (local-file "keys/guix/bayfront.guix.info-export.pub") ;; for substituting derivations (plain-file "data.guix.gnu.org.pub" " (public-key (ecc (curve Ed25519) (q #1EEE5340C3AAD6E062A1395A88A86FC75982E8BC7DCBAE171858EEAAB14AAB77#) ) )") %authorized-guix-keys))))))))