mirror of
git://git.savannah.gnu.org/guix/maintenance.git
synced 2023-12-14 03:33:04 +01:00
57e568e75f
Never balance metadata during a scheduled job otherwise if free space gets full during balance the operation aborts with ENOSPC and the (root) filesystem will be RO until manual rescue using a rescue system. * hydra/milano-guix-1.scm: (btrfs-job) Remove -musage parameter.
226 lines
7.8 KiB
Scheme
226 lines
7.8 KiB
Scheme
;; Guix System configuration for milano-guix-1.unimi.it build machine
|
|
;; HP ProLiantDL380p Gen8
|
|
;; Copyright © 2019 Giovanni Biscuolo <g@xelera.eu>
|
|
;; Released under the GNU GPLv3 or any later version.
|
|
|
|
;; DNS name in UNIMI data centre: milano-guix-1.mips.di.unimi.it.
|
|
|
|
;; SHA256:NMG2qnisy+qm8KXyTAg5kcyzkghmnYiWiM+Eyt83PcY.
|
|
|
|
(use-modules (gnu)
|
|
(guix gexp))
|
|
(use-service-modules databases getmail guix networking mcron ssh
|
|
virtualization web)
|
|
(use-package-modules certs screen tmux ssh linux)
|
|
|
|
;; The following definition are **almost** copied from dover.scm: a
|
|
;; quick hack to have a(n almost) self contained config file
|
|
|
|
;; FIXME: refactor using modules (e.g. like berlin.scm)
|
|
|
|
(define (sysadmin name full-name)
|
|
(user-account
|
|
(name name)
|
|
(comment full-name)
|
|
(group "users")
|
|
(supplementary-groups '("wheel" "kvm"))
|
|
(home-directory (string-append "/home/" name))))
|
|
|
|
(define %accounts
|
|
(list (sysadmin "ludo" "Ludovic Courtès")
|
|
(sysadmin "rekado" "Ricardo Wurmus")
|
|
(sysadmin "andreas" "Andreas Enge")
|
|
(sysadmin "cbaines" "Christopher Baines")
|
|
(sysadmin "degrees380" "Giovanni Biscuolo")
|
|
(sysadmin "atrent" "Andrea Trentini")
|
|
(user-account
|
|
(name "hydra")
|
|
(comment "Hydra User")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))
|
|
(user-account
|
|
(name "bayfront")
|
|
(comment "Bayfront Offload")
|
|
(group "users")
|
|
(home-directory (string-append "/home/" name)))))
|
|
|
|
(define %authorized-guix-keys
|
|
;; List of authorized 'guix archive' keys.
|
|
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")
|
|
(local-file "keys/guix/bayfront.guix.info-export.pub")))
|
|
|
|
(define gc-job
|
|
;; Run 'guix gc' at 3AM every day.
|
|
#~(job '(next-hour '(3)) "guix gc -F 50G"))
|
|
|
|
(define btrfs-job
|
|
;; Run 'btrfs balance' every three days to make free space.
|
|
#~(job (lambda (now)
|
|
(next-day-from now (range 1 31 3)))
|
|
(string-append #$btrfs-progs "/bin/btrfs balance "
|
|
"start -dusage=50 /")))
|
|
|
|
(define %nginx-configuration
|
|
(nginx-configuration
|
|
(server-names-hash-bucket-size 64)
|
|
(extra-content
|
|
"
|
|
proxy_cache_path /var/cache/nginx/guix-data-service
|
|
levels=2
|
|
inactive=2d
|
|
keys_zone=guix-data-service:4m # ~32K keys
|
|
max_size=1g
|
|
use_temp_path=off;")
|
|
(upstream-blocks
|
|
(list
|
|
(nginx-upstream-configuration
|
|
(name "guix-data-service-proxy")
|
|
(servers '("localhost:8765")))))
|
|
(server-blocks
|
|
(list
|
|
(nginx-server-configuration
|
|
(server-name '("_"))
|
|
(listen '("80"))
|
|
(locations
|
|
(list
|
|
(nginx-location-configuration
|
|
(uri "/")
|
|
(body '("return 404;"))))))
|
|
(nginx-server-configuration
|
|
(server-name '("data.guix.gnu.org"))
|
|
(listen '("80"))
|
|
(locations
|
|
(list
|
|
(nginx-location-configuration
|
|
(uri "/")
|
|
(body '("proxy_pass http://guix-data-service-proxy;"
|
|
"proxy_set_header Host $host;"
|
|
"proxy_set_header X-Forwarded-For $remote_addr;"
|
|
|
|
"proxy_cache guix-data-service;"
|
|
"proxy_cache_revalidate on;"
|
|
"proxy_cache_min_uses 3;"
|
|
"proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;"
|
|
"proxy_cache_background_update on;"
|
|
"proxy_cache_lock on;"
|
|
"add_header X-Cache-Status $upstream_cache_status;"
|
|
|
|
"gzip on;"
|
|
"gzip_types text/html application/json;"
|
|
"gzip_proxied any;")))
|
|
(nginx-location-configuration
|
|
(uri "/dumps")
|
|
(body '("root /var/lib/guix-data-service;"
|
|
"autoindex on;")))
|
|
(nginx-location-configuration
|
|
(uri "^~ /.well-known/acme-challenge/")
|
|
(body '("root /srv/http/data.guix.gnu.org;")))
|
|
(nginx-location-configuration
|
|
(uri "= /.well-known/acme-challenge/")
|
|
(body '("return 404;"))))))))))
|
|
|
|
;; The actual machine
|
|
|
|
(operating-system
|
|
(locale "en_US.utf8")
|
|
(timezone "Europe/Rome")
|
|
(keyboard-layout
|
|
(keyboard-layout "us" "winkeys"))
|
|
|
|
(kernel-arguments '("vga=791"))
|
|
|
|
(initrd-modules (append (list "hpsa") ;; Smart Array P420i controller
|
|
%base-initrd-modules))
|
|
|
|
(bootloader
|
|
(bootloader-configuration
|
|
(bootloader grub-bootloader)
|
|
(target "/dev/sda")
|
|
(keyboard-layout keyboard-layout)))
|
|
|
|
(file-systems
|
|
(cons* (file-system
|
|
(mount-point "/")
|
|
(device
|
|
(uuid "5ec7b1a5-3db5-49d6-87d8-452931db91c4"))
|
|
(type "btrfs"))
|
|
%base-file-systems))
|
|
|
|
(swap-devices '("/dev/sda2"))
|
|
|
|
(host-name "milano-guix-1")
|
|
|
|
(users (append %accounts %base-user-accounts))
|
|
|
|
(packages (cons* btrfs-progs screen tmux openssh strace
|
|
nss-certs ; Needed for the Guix Data Service
|
|
%base-packages))
|
|
|
|
;; Services
|
|
(services
|
|
(append (list
|
|
(service dhcp-client-service-type)
|
|
|
|
(service openssh-service-type
|
|
(openssh-configuration
|
|
(port-number 22)
|
|
(extra-content "ListenAddress 0.0.0.0")
|
|
(authorized-keys
|
|
`(("degrees380" ,(local-file "keys/ssh/degrees380.pub"))
|
|
("bayfront" ,(local-file "keys/ssh/bayfront.pub"))
|
|
("atrent" ,(local-file "keys/ssh/atrent.pub"))
|
|
("ludo" ,(local-file "keys/ssh/ludo.pub"))
|
|
("andreas" ,(local-file "keys/ssh/andreas.pub"))
|
|
("cbaines" ,(local-file "keys/ssh/cbaines.pub"))
|
|
("rekado" ,(local-file "keys/ssh/rekado.pub"))))))
|
|
|
|
(service ntp-service-type)
|
|
|
|
(service qemu-binfmt-service-type
|
|
(qemu-binfmt-configuration
|
|
(platforms (lookup-qemu-platforms "arm" "aarch64"))
|
|
(guix-support? #t)))
|
|
|
|
(service postgresql-service-type
|
|
(postgresql-configuration
|
|
(config-file
|
|
(postgresql-config-file
|
|
(hba-file
|
|
(plain-file "pg_hba.conf"
|
|
"
|
|
local all all trust
|
|
host all all 127.0.0.1/32 md5
|
|
host all all ::1/128 md5
|
|
"))
|
|
(extra-config
|
|
'(("work_mem" "'500MB'")))))))
|
|
|
|
;; (service guix-data-service-type
|
|
;; (guix-data-service-configuration
|
|
;; (getmail-idle-mailboxes '("Commits"))
|
|
;; (commits-getmail-retriever-configuration
|
|
;; (getmail-retriever-configuration
|
|
;; (type "SimpleIMAPSSLRetriever")
|
|
;; (server "imap.cbaines.net")
|
|
;; (port 993)
|
|
;; (username "patchwork")
|
|
;; (password-command
|
|
;; (list (file-append coreutils "/bin/cat")
|
|
;; "/etc/guix-data-service-commits-imap-password"))
|
|
;; (extra-parameters
|
|
;; '((mailboxes . ("Commits"))))))))
|
|
|
|
;; (service nginx-service-type %nginx-configuration)
|
|
|
|
(service mcron-service-type
|
|
(mcron-configuration
|
|
(jobs (list gc-job btrfs-job)))))
|
|
|
|
(modify-services %base-services
|
|
(guix-service-type config =>
|
|
(guix-configuration
|
|
(inherit config)
|
|
(use-substitutes? #f)
|
|
(authorized-keys
|
|
%authorized-guix-keys)))))))
|