174 lines
6.0 KiB
Scheme
174 lines
6.0 KiB
Scheme
;; Guix System configuration for milano-guix-1.unimi.it build machine
|
|
;; HP ProLiantDL380p Gen8
|
|
;; Copyright © 2019 Giovanni Biscuolo <g@xelera.eu>
|
|
;; Released under the GNU GPLv3 or any later version.
|
|
|
|
;; DNS name in UNIMI data centre: milano-guix-1.mips.di.unimi.it.
|
|
|
|
;; SHA256:NMG2qnisy+qm8KXyTAg5kcyzkghmnYiWiM+Eyt83PcY.
|
|
|
|
(use-modules (gnu)
|
|
(guix gexp))
|
|
(use-service-modules databases getmail guix networking mcron ssh
|
|
virtualization web monitoring)
|
|
(use-package-modules certs screen tmux ssh linux)
|
|
|
|
;; The following definition are **almost** copied from dover.scm: a
|
|
;; quick hack to have a(n almost) self contained config file
|
|
|
|
;; FIXME: refactor using modules (e.g. like berlin.scm)
|
|
|
|
(define (sysadmin name full-name)
|
|
(user-account
|
|
(name name)
|
|
(comment full-name)
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "kvm"))
|
|
(home-directory (string-append "/home/" name))))
|
|
|
|
(define %accounts
|
|
(list (sysadmin "ludo" "Ludovic Courtès")
|
|
(sysadmin "rekado" "Ricardo Wurmus")
|
|
(sysadmin "andreas" "Andreas Enge")
|
|
(sysadmin "cbaines" "Christopher Baines")
|
|
(sysadmin "degrees380" "Giovanni Biscuolo")
|
|
(sysadmin "atrent" "Andrea Trentini")
|
|
(user-account
|
|
(name "hydra")
|
|
(comment "Hydra User")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))
|
|
(user-account
|
|
(name "bayfront")
|
|
(comment "Bayfront Offload")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))))
|
|
|
|
(define %authorized-guix-keys
|
|
;; List of authorized 'guix archive' keys.
|
|
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")
|
|
(local-file "keys/guix/bayfront.guix.info-export.pub")))
|
|
|
|
(define gc-job
|
|
;; Run 'guix gc' at 3AM every day.
|
|
#~(job '(next-hour '(3)) "guix gc -F 500G"))
|
|
|
|
(define btrfs-job
|
|
;; Run 'btrfs balance' every three days to make free space.
|
|
#~(job (lambda (now)
|
|
(next-day-from now (range 1 31 3)))
|
|
(string-append #$btrfs-progs "/bin/btrfs balance "
|
|
"start -dusage=50 /")))
|
|
|
|
;; The actual machine
|
|
|
|
(operating-system
|
|
(locale "en_US.utf8")
|
|
(timezone "Europe/Rome")
|
|
(keyboard-layout
|
|
(keyboard-layout "us" "winkeys"))
|
|
|
|
(kernel-arguments '("vga=791"))
|
|
|
|
(initrd-modules (append (list "hpsa") ;; Smart Array P420i controller
|
|
%base-initrd-modules))
|
|
|
|
(bootloader
|
|
(bootloader-configuration
|
|
(bootloader grub-bootloader)
|
|
(target "/dev/sda")
|
|
(keyboard-layout keyboard-layout)))
|
|
|
|
(file-systems
|
|
(cons* (file-system
|
|
(mount-point "/")
|
|
(device
|
|
(uuid "5ec7b1a5-3db5-49d6-87d8-452931db91c4"))
|
|
(type "btrfs"))
|
|
(file-system
|
|
(mount-point "/tmp")
|
|
(device "tmpfs")
|
|
(type "tmpfs"))
|
|
%base-file-systems))
|
|
|
|
(swap-devices '("/dev/sda2" "/dev/sdb2"))
|
|
|
|
(host-name "milano-guix-1")
|
|
|
|
(users (append %accounts %base-user-accounts))
|
|
|
|
(packages (cons* btrfs-progs screen tmux openssh strace
|
|
nss-certs %base-packages))
|
|
|
|
;; Services
|
|
(services
|
|
(append (list
|
|
(service dhcp-client-service-type)
|
|
|
|
(service openssh-service-type
|
|
(openssh-configuration
|
|
(port-number 22)
|
|
(password-authentication? #f)
|
|
(extra-content "ListenAddress 0.0.0.0")
|
|
(authorized-keys
|
|
`(("degrees380" ,(local-file "keys/ssh/degrees380.pub"))
|
|
("bayfront" ,(local-file "keys/ssh/bayfront.pub"))
|
|
("atrent" ,(local-file "keys/ssh/atrent.pub"))
|
|
("ludo" ,(local-file "keys/ssh/ludo.pub"))
|
|
("andreas" ,(local-file "keys/ssh/andreas.pub"))
|
|
("cbaines" ,(local-file "keys/ssh/cbaines.pub"))
|
|
("rekado" ,(local-file "keys/ssh/rekado.pub"))))))
|
|
|
|
(service ntp-service-type)
|
|
|
|
(service prometheus-node-exporter-service-type)
|
|
|
|
;; (service qemu-binfmt-service-type
|
|
;; (qemu-binfmt-configuration
|
|
;; (platforms (lookup-qemu-platforms "arm" "aarch64"))))
|
|
|
|
(service mcron-service-type
|
|
(mcron-configuration
|
|
(jobs (list gc-job btrfs-job))))
|
|
|
|
(service guix-build-coordinator-agent-service-type
|
|
(guix-build-coordinator-agent-configuration
|
|
(coordinator "https://coordinator.bayfront.guix.gnu.org")
|
|
(authentication
|
|
(guix-build-coordinator-agent-password-file-auth
|
|
(uuid "b57898c3-7187-4c56-9d3c-4e68b954b79a")
|
|
(password-file
|
|
"/etc/guix-build-coordinator-agent-password")))
|
|
(max-parallel-builds 8)
|
|
(max-1min-load-average 24)
|
|
(systems '("x86_64-linux" "i686-linux"))
|
|
(derivation-substitute-urls
|
|
(list "https://data.guix.gnu.org"))
|
|
(non-derivation-substitute-urls
|
|
(list "https://bordeaux.guix.gnu.org")))))
|
|
|
|
(modify-services %base-services
|
|
(guix-service-type
|
|
config => (guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
'("https://bordeaux.guix.gnu.org"))
|
|
|
|
(max-silent-time 3600)
|
|
(timeout (* 12 3600))
|
|
|
|
(authorized-keys
|
|
(cons*
|
|
(local-file "keys/guix/bayfront.guix.info-export.pub")
|
|
;; for substituting derivations
|
|
(plain-file
|
|
"data.guix.gnu.org.pub"
|
|
"
|
|
(public-key
|
|
(ecc
|
|
(curve Ed25519)
|
|
(q #1EEE5340C3AAD6E062A1395A88A86FC75982E8BC7DCBAE171858EEAAB14AAB77#)
|
|
)
|
|
)")
|
|
%authorized-guix-keys))))))))
|