guix
/
maintenance
mirror of git://git.savannah.gnu.org/guix/maintenance.git
2
0
Fork 0
Code Issues Releases Wiki Activity
maintenance/hydra/dover.scm

131 lines
5.1 KiB
Scheme
Raw Blame History

;; GuixSD configuration file for the SoftIron OverDrive 1000 build machines.
;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;; Copyright © 2019, 2021 Andreas Enge <andreas@enge.fr`
;; Released under the GNU GPLv3 or any later version.
(use-modules (guix) (gnu))
(use-service-modules networking mcron ssh avahi cuirass vpn)
(use-package-modules screen ssh linux vim)
(define (sysadmin name full-name)
(user-account
(name name)
(comment full-name)
(group "users")
(supplementary-groups '("wheel" "kvm"))
(home-directory (string-append "/home/" name))))
(define %accounts
(list (sysadmin "ludo" "Ludovic Courtès")
(sysadmin "rekado" "Ricardo Wurmus")
(sysadmin "andreas" "Andreas Enge")
(sysadmin "dannym" "Danny Milosavljevic")
(sysadmin "mathieu" "Mathieu Othacehe")
(user-account
(name "hydra")
(comment "Hydra User")
(group "users")
(home-directory (string-append "/home/" name)))
(user-account
(name "bayfront")
(comment "Bayfront Offload")
(group "users")
(home-directory (string-append "/home/" name)))))
(define %authorized-guix-keys
;; List of authorized 'guix archive' keys.
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
(define gc-job
;; Run 'guix gc' at 3AM every day.
#~(job '(next-hour '(3)) "guix gc -F 50G"))
(define btrfs-job
;; Run 'btrfs balance' every three days to make free space.
#~(job (lambda (now)
(next-day-from now (range 1 31 3)))
(string-append #$btrfs-progs "/bin/btrfs balance "
"start -dusage=50 -musage=70 /")))
(define berlin-peer
(wireguard-peer
(name "peer")
(endpoint "ci.guix.gnu.org:51820")
(public-key "wOIfhHqQ+JQmskRS2qSvNRgZGh33UxFDi8uuSXOltF0=")
(allowed-ips '("10.0.0.1/32"))
(keep-alive 25)))
;; The actual machine.
(operating-system
(host-name "dover")
(timezone "Europe/Paris")
(locale "en_US.UTF-8")
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")))
(initrd-modules (cons* "xhci-pci" "ahci_platform" "sg" "sd_mod"
%base-initrd-modules))
(file-systems (cons* (file-system
(device "/dev/sda3")
(mount-point "/")
(type "btrfs"))
(file-system
(device "/dev/sda1")
(mount-point "/boot/efi")
;; original options:
;; (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
(type "vfat"))
%base-file-systems))
(swap-devices '("/dev/sda4"))
(users (append %accounts %base-user-accounts))
(services (cons* (service openssh-service-type
(openssh-configuration
(permit-root-login 'without-password)
(authorized-keys
`(("ludo" ,(local-file "keys/ssh/ludo.pub"))
("rekado" ,(local-file "keys/ssh/rekado.pub"))
("andreas" ,(local-file "keys/ssh/andreas.pub"))
("dannym" ,(local-file "keys/ssh/dannym.pub"))
("mathieu" ,(local-file "keys/ssh/mathieu.pub"))
("root" ,(local-file "keys/ssh/andreas.pub"))))))
(service dhcp-client-service-type)
(service mcron-service-type
(mcron-configuration
(jobs (list gc-job btrfs-job))))
(service agetty-service-type
(agetty-configuration
(tty "ttyAMA0")
(keep-baud? #t)
(term "vt220")
(baud-rate "115200,38400,9600")))
(service ntp-service-type)
(service avahi-service-type)
(service cuirass-remote-worker-service-type
(cuirass-remote-worker-configuration
(workers 2)
(server "10.0.0.1:5555") ;berlin
(systems '("armhf-linux" "aarch64-linux"))
(substitute-urls '("http://10.0.0.1"))))
(service wireguard-service-type
(wireguard-configuration
(addresses '("10.0.0.4/32"))
(peers (list berlin-peer))))
(modify-services %base-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(use-substitutes? #t)
(max-silent-time 7200)
(authorized-keys
%authorized-guix-keys))))))
(packages (cons* btrfs-progs screen openssh vim %base-packages)))
View Git Blame Copy Permalink