;; GuixSD configuration file for the SoftIron OverDrive 1000 build machines. ;; Copyright © 2016, 2017, 2018 Ludovic Courtès ;; Released under the GNU GPLv3 or any later version. (use-modules (guix) (gnu)) (use-service-modules networking mcron ssh monitoring) (use-package-modules screen ssh linux certs) (define (sysadmin name full-name) (user-account (name name) (comment full-name) (group "users") (supplementary-groups '("wheel" "kvm")) (home-directory (string-append "/home/" name)))) (define %accounts (list (sysadmin "ludo" "Ludovic Coutes") (sysadmin "rekado" "Ricardo Wurmus") (sysadmin "roptat" "Julien Lepiller") (sysadmin "dannym" "Danny Milosavljevic") (sysadmin "cbaines" "Christopher Baines") (sysadmin "lfam" "Leo Famulari") (user-account (name "hydra") (comment "Hydra User") (group "users") (home-directory (string-append "/home/" name))))) (define %authorized-guix-keys ;; List of authorized 'guix archive' keys. (list (local-file "keys/guix/berlin.guixsd.org-export.pub"))) (define gc-job ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 200G")) (define btrfs-job ;; Run 'btrfs balance' every three days to make free space. #~(job (lambda (now) (next-day-from now (range 1 31 3))) (string-append #$btrfs-progs "/bin/btrfs balance " "start -dusage=50 -musage=70 /"))) ;; The actual machine. (operating-system (host-name "monokuma") (timezone "Europe/London") (locale "en_US.UTF-8") (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (target "/boot/efi"))) (initrd-modules (cons* "xhci-pci" "ahci_platform" "sg" "sd_mod" %base-initrd-modules)) (file-systems (cons* (file-system (device "/dev/sda2") (mount-point "/") (type "btrfs")) (file-system (device "/dev/sda1") (mount-point "/boot/efi") ;; original options: ;; (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro) (type "vfat")) %base-file-systems)) (swap-devices '("/dev/sda3")) (users (append %accounts %base-user-accounts)) (services (cons* (service openssh-service-type (openssh-configuration (password-authentication? #f) (authorized-keys `(("ludo" ,(local-file "keys/ssh/ludo.pub")) ("rekado" ,(local-file "keys/ssh/rekado.pub")) ("roptat" ,(local-file "keys/ssh/roptat.pub")) ("lfam" ,(local-file "keys/ssh/lfam.pub")) ("dannym" ,(local-file "keys/ssh/dannym.pub")))))) (service dhcp-client-service-type) (service mcron-service-type (mcron-configuration (jobs (list gc-job btrfs-job)))) (service agetty-service-type (agetty-configuration (tty "ttyAMA0") (keep-baud? #t) (term "vt220") (baud-rate "115200,38400,9600"))) (service ntp-service-type) (service prometheus-node-exporter-service-type) (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) (max-silent-time 21600) (authorized-keys %authorized-guix-keys) (extra-options '("--max-jobs=4"))))))) (packages (cons* btrfs-progs screen openssh strace nss-certs %base-packages)))