131 lines
5.1 KiB
Scheme
131 lines
5.1 KiB
Scheme
;; GuixSD configuration file for the SoftIron OverDrive 1000 build machines.
|
|
;; Copyright © 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
|
|
;; Copyright © 2019, 2021 Andreas Enge <andreas@enge.fr`
|
|
;; Released under the GNU GPLv3 or any later version.
|
|
|
|
(use-modules (guix) (gnu))
|
|
(use-service-modules networking mcron ssh avahi cuirass vpn)
|
|
(use-package-modules screen ssh linux vim)
|
|
|
|
(define (sysadmin name full-name)
|
|
(user-account
|
|
(name name)
|
|
(comment full-name)
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "kvm"))
|
|
(home-directory (string-append "/home/" name))))
|
|
|
|
(define %accounts
|
|
(list (sysadmin "ludo" "Ludovic Courtès")
|
|
(sysadmin "rekado" "Ricardo Wurmus")
|
|
(sysadmin "andreas" "Andreas Enge")
|
|
(sysadmin "dannym" "Danny Milosavljevic")
|
|
(sysadmin "mathieu" "Mathieu Othacehe")
|
|
(user-account
|
|
(name "hydra")
|
|
(comment "Hydra User")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))
|
|
(user-account
|
|
(name "bayfront")
|
|
(comment "Bayfront Offload")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))))
|
|
|
|
(define %authorized-guix-keys
|
|
;; List of authorized 'guix archive' keys.
|
|
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
|
|
|
|
(define gc-job
|
|
;; Run 'guix gc' at 3AM every day.
|
|
#~(job '(next-hour '(3)) "guix gc -F 50G"))
|
|
|
|
(define btrfs-job
|
|
;; Run 'btrfs balance' every three days to make free space.
|
|
#~(job (lambda (now)
|
|
(next-day-from now (range 1 31 3)))
|
|
(string-append #$btrfs-progs "/bin/btrfs balance "
|
|
"start -dusage=50 -musage=70 /")))
|
|
|
|
(define berlin-peer
|
|
(wireguard-peer
|
|
(name "peer")
|
|
(endpoint "ci.guix.gnu.org:51820")
|
|
(public-key "wOIfhHqQ+JQmskRS2qSvNRgZGh33UxFDi8uuSXOltF0=")
|
|
(allowed-ips '("10.0.0.1/32"))
|
|
(keep-alive 25)))
|
|
|
|
;; The actual machine.
|
|
|
|
(operating-system
|
|
(host-name "dover")
|
|
(timezone "Europe/Paris")
|
|
(locale "en_US.UTF-8")
|
|
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-efi-bootloader)
|
|
(target "/boot/efi")))
|
|
(initrd-modules (cons* "xhci-pci" "ahci_platform" "sg" "sd_mod"
|
|
%base-initrd-modules))
|
|
(file-systems (cons* (file-system
|
|
(device "/dev/sda3")
|
|
(mount-point "/")
|
|
(type "btrfs"))
|
|
(file-system
|
|
(device "/dev/sda1")
|
|
(mount-point "/boot/efi")
|
|
;; original options:
|
|
;; (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
|
|
(type "vfat"))
|
|
%base-file-systems))
|
|
|
|
(swap-devices '("/dev/sda4"))
|
|
|
|
(users (append %accounts %base-user-accounts))
|
|
(services (cons* (service openssh-service-type
|
|
(openssh-configuration
|
|
(permit-root-login 'without-password)
|
|
(authorized-keys
|
|
`(("ludo" ,(local-file "keys/ssh/ludo.pub"))
|
|
("rekado" ,(local-file "keys/ssh/rekado.pub"))
|
|
("andreas" ,(local-file "keys/ssh/andreas.pub"))
|
|
("dannym" ,(local-file "keys/ssh/dannym.pub"))
|
|
("mathieu" ,(local-file "keys/ssh/mathieu.pub"))
|
|
("root" ,(local-file "keys/ssh/andreas.pub"))))))
|
|
(service dhcp-client-service-type)
|
|
(service mcron-service-type
|
|
(mcron-configuration
|
|
(jobs (list gc-job btrfs-job))))
|
|
|
|
(service agetty-service-type
|
|
(agetty-configuration
|
|
(tty "ttyAMA0")
|
|
(keep-baud? #t)
|
|
(term "vt220")
|
|
(baud-rate "115200,38400,9600")))
|
|
|
|
(service ntp-service-type)
|
|
|
|
(service avahi-service-type)
|
|
(service cuirass-remote-worker-service-type
|
|
(cuirass-remote-worker-configuration
|
|
(workers 2)
|
|
(server "10.0.0.1:5555") ;berlin
|
|
(systems '("armhf-linux" "aarch64-linux"))
|
|
(substitute-urls '("http://10.0.0.1"))))
|
|
(service wireguard-service-type
|
|
(wireguard-configuration
|
|
(addresses '("10.0.0.4/32"))
|
|
(peers (list berlin-peer))))
|
|
|
|
(modify-services %base-services
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(use-substitutes? #t)
|
|
(max-silent-time 7200)
|
|
(authorized-keys
|
|
%authorized-guix-keys))))))
|
|
|
|
(packages (cons* btrfs-progs screen openssh vim %base-packages)))
|