diff options
Diffstat (limited to 'src/guix')
| -rw-r--r-- | src/guix/channels.scm | 4 | ||||
| -rw-r--r-- | src/guix/packages.scm | 55 | ||||
| -rw-r--r-- | src/guix/services.scm | 187 | ||||
| -rw-r--r-- | src/guix/system.scm | 448 |
4 files changed, 79 insertions, 615 deletions
diff --git a/src/guix/channels.scm b/src/guix/channels.scm index 16a9c7d..697eb4f 100644 --- a/src/guix/channels.scm +++ b/src/guix/channels.scm @@ -1,8 +1,8 @@ (append (list (channel - (name 'org-euandre) - (url "git://euandre.org/package-repository") + (name 'EuAndreh) + (url "git://euandre.org/packages") (branch "main") (introduction (make-channel-introduction diff --git a/src/guix/packages.scm b/src/guix/packages.scm index 7458488..31bdaca 100644 --- a/src/guix/packages.scm +++ b/src/guix/packages.scm @@ -1,35 +1,22 @@ (define-module (packages) - #:use-module ((ice-9 textual-ports) #:prefix textual-ports:) - #:use-module ((guix licenses) #:prefix licenses:) - #:use-module ((org euandre packages) #:prefix packages:) - #:use-module ((org euandre queue) #:prefix q:) #:use-module ((org euandre packages) #:prefix pkg:) + #:use-module ((org euandre services) #:prefix serv:) #:use-module (gnu) - #:use-module (guix build-system gnu) - #:use-module (guix download) #:use-module (guix packages) #:use-module (guix utils)) -(use-package-modules - golang - golang-xyz - networking - sqlite) +(use-package-modules) -(define (slurp f) - (string-trim-both - (call-with-input-file - f - textual-ports:get-string-all))) - -(define (file name s) - (slurp (string-append "src/versions/" name "/" s))) +(define (cat name s) + (string-trim-right + (serv:slurp + (string-append "src/versions/" name "/" s)))) (define (go-latest package) (let* ((name (package-name package)) - (version (file name "version")) - (checksum (file name "sha256"))) + (version (cat name "version")) + (checksum (cat name "sha256"))) (package/inherit package (version version) (source @@ -55,12 +42,20 @@ (string-append "CC=" #$(cc-for-target))))))))) -(map go-latest - (list - pkg:gobang - pkg:golite - pkg:binder - pkg:glaze - pkg:untls - pkg:wscat - pkg:papod)) +(define-public gobang (go-latest pkg:gobang)) +(define-public golite (go-latest pkg:golite)) +(define-public binder (go-latest pkg:binder)) +(define-public glaze (go-latest pkg:glaze)) +(define-public untls (go-latest pkg:untls)) +(define-public wscat (go-latest pkg:wscat)) +(define-public papod (go-latest pkg:papod)) + + +(list + gobang + golite + binder + glaze + untls + wscat + papod) diff --git a/src/guix/services.scm b/src/guix/services.scm deleted file mode 100644 index 1e5ae4e..0000000 --- a/src/guix/services.scm +++ /dev/null @@ -1,187 +0,0 @@ -(define-module (services) - #:use-module ((ice-9 popen) #:prefix popen:) - #:use-module ((ice-9 textual-ports) #:prefix textual-ports:) - #:use-module ((gnu build linux-container) #:prefix container:) - #:use-module ((srfi srfi-1) #:prefix srfi-1:) - #:use-module ((xyz euandreh heredoc) #:prefix heredoc:) - #:use-module (gnu) - #:use-module (guix build utils) - #:use-module (guix least-authority) - #:use-module (guix records)) -(use-package-modules - admin) -(use-service-modules - admin - mcron - shepherd) -(heredoc:enable-syntax) - - -(define +working-dir+ - (if (directory-exists? "/opt/deploy/current") - "/opt/deploy/current" - (canonicalize-path "."))) - -(add-to-load-path - (string-append +working-dir+ "/src/infrastructure/guix")) -(use-modules - ((packages) #:prefix packages:)) - - - -(define-record-type* <papo-configuration> - papo-configuration - make-papo-configuration - papo-configuration? - (package papo-configuration-package (default packages:papo)) - (user papo-configuration-user (default "papo")) - (group papo-configuration-group (default "papo")) - (config-dirname papo-configuration-config (default "papo")) - (port papo-configuration-port (default 6666)) - (log-file papo-configuration-log-file (default "/var/log/papo.log")) - (data-directory papo-configuration-data-directory (default "/var/lib/papo")) - (run-directory papo-configuration-run-directory (default "/var/run/papo")) - (run-in-container? papo-configuration-run-in-container? (default #t)) - (container-name papo-configuration-container-name (default "papo-container")) - (container-namespaces papo-configuration-container-namespaces (default container:%namespaces)) - (extra-mappings papo-configuration-extra-mappings (default '()))) - -(define (papo-etc-files config) - (match-record config <papo-configuration> - () - `(("papo.json" ,(plain-file "papo.json" ""))))) - -(define (papo-log-rotations config) - (match-record config <papo-configuration> - (log-file) - (list - (log-rotation - (frequency 'weekly) - (files (list log-file)) - (options '("rotate 5200")))))) - -(define (papo-activation config) - (match-record config <papo-configuration> - (user log-file data-directory run-directory) - #~(begin - (use-modules (guix build utils)) - (format (current-error-port) - "Creating papo log directory for '~a'.~%" #$log-file) - (mkdir-p (dirname #$log-file)) - (when (not (file-exists? #$log-file)) - (call-with-output-file #$log-file (const #t))) - (chmod #$log-file #o644) - (let ((user (getpwnam #$user))) - (format (current-error-port) - "Creating papo data directory '~a'.~%" #$data-directory) - (mkdir-p #$data-directory) - (chown #$data-directory (passwd:uid user) (passwd:gid user)) - (chmod #$data-directory #o750) - (format (current-error-port) - "Creating papo run directory '~a'.~%" #$run-directory) - (mkdir-p #$run-directory) - (chown #$run-directory (passwd:uid user) (passwd:gid user)) - (chmod #$run-directory #o755))))) - -(define (papo-cronjobs _config) - (list)) - -(define (papo-accounts config) - (match-record config <papo-configuration> - (user group) - (list - (user-group - (name group) - (system? #t)) - (user-account - (name user) - (group group) - (system? #t) - (comment "The user for runtime execution of papo code") - (home-directory "/var/empty") - (shell - (file-append shadow "/sbin/nologin")))))) - -(define (wrapped-command config) - (match-record config <papo-configuration> - (package data-directory - run-in-container? container-name container-namespaces extra-mappings) - (let ((bin (file-append package "/bin/papo"))) - (if (not run-in-container?) - bin - (least-authority-wrapper - bin - #:name container-name - #:namespaces container-namespaces - #:directory data-directory - #:preserved-environment-variables - '() - #:mappings - (append - (list - (file-system-mapping - (source data-directory) - (target source) - (writable? #t)) - (file-system-mapping - (source (file-append glibc-locales "/lib/locale")) - (target "/run/current-system/locale"))) - extra-mappings)))))) - -(define (exec-action config . static-args) - (match-record config <papo-configuration> - (user group log-file data-directory) - #~(lambda dynamic-args - (fork+exec-command - (append '(#$@static-args) dynamic-args) - #:user #$user - #:group #$group - #:directory #$data-directory - #:log-file #$log-file)))) - -(define (papo-shepherd-services config) - (let ((cmd (wrapped-command config))) - (list - (shepherd-service - (provision '(papo)) - (requirement '()) - (start (exec-action config cmd "ircd")) - (stop #~(make-kill-destructor SIGKILL)) - (documentation - #"- - The Shepherd service that runs the server via "papo-ircd"."#))))) - -(define-public papo-service-type - (service-type - (name 'papo) - (extensions - (list - (service-extension shepherd-root-service-type - papo-shepherd-services) - (service-extension etc-service-type - papo-etc-files) - (service-extension profile-service-type - (compose list papo-configuration-package)) - (service-extension activation-service-type - papo-activation) - (service-extension account-service-type - papo-accounts) - (service-extension mcron-service-type - papo-cronjobs) - (service-extension rottlog-service-type - papo-log-rotations))) - (default-value (papo-configuration)) - (description - #"- - The top-level system service for papo code. - - It includes: - - the Shepherd service for starting, stopping and reloading the - service ("papo"); - - a list of cronjobs to be added to the system for sending documents - proactively; - - activation script for setting up the initial directories and permissions; - - the "papo" group and "papo" account for running the production service; - - log management (storage and rotation) for logs produced by the running services. - - The defaults of <papo-configuration> provide sane values for all of these."#))) diff --git a/src/guix/system.scm b/src/guix/system.scm index f5c2368..bb0faee 100644 --- a/src/guix/system.scm +++ b/src/guix/system.scm @@ -1,23 +1,15 @@ (use-modules - ((ice-9 textual-ports) #:prefix textual-ports:) ((srfi srfi-1) #:prefix s1:) ((xyz euandreh heredoc) #:prefix heredoc:) - ((org euandre queue) #:prefix queue:) - (gnu) - (guix build-system trivial) - (guix build utils) - (guix packages)) + ((org euandre queue) #:prefix q:) + ((org euandre services) #:prefix serv:) + (gnu)) (use-package-modules - admin - ssh version-control) (use-service-modules - admin certbot cgit - dns mail - mcron networking security ssh @@ -25,380 +17,68 @@ (heredoc:enable-syntax) -(define +ipv4+ "216.238.73.1") -(define +ipv6+ "2001:19f0:b400:1582:5400:04ff:fea9:370e") + +(define (path s) + ;; src/guix/system.scm + ../../../ = ./ + (serv:str (dirname (dirname (dirname (current-filename)))) "/" s)) (define +users+ - '(("andre" "EuAndreh" ("wheel" "become-deployer" "become-secrets-keeper")) - ("laisse" "LaĆsses" ()))) + `(("andre" "EuAndreh" ("wheel") ,(path "src/keys/SSH/andre.pub.txt")))) -(define +working-dir+ - (if (directory-exists? "/opt/deploy/current") - "/opt/deploy/current" - (canonicalize-path "."))) -(add-to-load-path - (string-append +working-dir+ "/src/guix")) +(add-to-load-path (dirname (current-filename))) (use-modules - ((packages) #:prefix packages:) - ((services) #:prefix services:)) - - -(define (str . rest) - (apply string-append rest)) + ((packages) #:prefix packages:)) -(define (fmt . rest) - (apply format #f rest)) - -(define (path s) - (str +working-dir+ "/" s)) - -(define (slurp s) - (call-with-input-file - s - textual-ports:get-string-all)) (define file - (compose slurp path)) + (compose serv:slurp path)) (define +tld+ - (string-trim-right - (file "src/config/tld.txt"))) - - -(define +user-accounts+ - (map (lambda (user) - (let ((name (s1:first user)) - (comment (s1:second user)) - (groups (s1:third user))) - (user-account - (name name) - (comment comment) - (group "users") - (supplementary-groups groups)))) - +users+)) - -(define (ssh-file-for user) - (let ((name (s1:first user))) - (path (fmt "src/keys/SSH/~a.pub.txt" name)))) - -(define +authorized-keys+ - (let ((users-with-keys - (map (lambda (user) - `(,@user ,(slurp (ssh-file-for user)))) - (filter (lambda (user) - (file-exists? (ssh-file-for user))) - +users+)))) - (append - (map (lambda (user) - (let ((name (s1:first user)) - (key (s1:fourth user))) - `(,name ,(plain-file (str name "-id_rsa.pub") - key)))) - users-with-keys) - `(("git" ,@(map (lambda (user) - (let ((name (s1:first user)) - (key (s1:fourth user))) - (plain-file (str name "-git-id_rsa.pub") - key))) - users-with-keys)))))) - -(define (script name content) - (package - (name name) - (version "latest") - (source #f) - (build-system trivial-build-system) - (arguments - (list - #:modules '((guix build utils)) - #:builder - #~(begin - (use-modules (guix build utils)) - (let* ((bin (string-append %output "/bin")) - (prog (string-append bin "/" #$name))) - (mkdir-p bin) - (call-with-output-file prog - (lambda (port) - (display #$content port))) - (chmod prog #o755))))) - (home-page #f) - (synopsis #f) - (description #f) - (license #f))) - - -(define ns1 (fmt "ns1.~a." +tld+)) -(define ns2 (fmt "ns2.~a." +tld+)) -(define ns ns1) -(define mail (fmt "hostmaster.~a." +tld+)) -(define dkim-selector "dkimproxyout") -(define dkim-public-key-path "/var/lib/dkimproxyout/public.key") - -(define dkim-name (str dkim-selector "._domainkey")) -(define dkim-public-key - (if (file-exists? dkim-public-key-path) - (string-join - (reverse - (cdr - (reverse - (cdr - (string-split (slurp dkim-public-key-path) - #\newline))))) - "") - "stub-public-key-for-building")) - -(define ipv4-reverse-domain - (str - (string-join (reverse - (string-split +ipv4+ - #\.)) - ".") - ".in-addr.arpa")) - -(define ipv6-reverse-domain - (str - (string-join (reverse - (map (lambda (s) (fmt "~a" s)) - (string->list - (string-delete #\: +ipv6+)))) - ".") - ".ip6.arpa")) + ((compose string-trim-right + serv:slurp + path) + "src/config/tld.txt")) -(define-zone-entries tld-zone - ("@" "" "IN" "NS" ns1) - ("@" "" "IN" "NS" ns2) - ("ns1" "" "IN" "A" +ipv4+) - ("ns1" "" "IN" "AAAA" +ipv6+) - ("ns2" "" "IN" "A" +ipv4+) - ("ns2" "" "IN" "AAAA" +ipv6+) - ("@" "" "IN" "A" +ipv4+) - ("@" "" "IN" "AAAA" +ipv6+) - ("@" "" "IN" "CAA" "0 issue \"letsencrypt.org\"") - ("@" "" "IN" "CAA" "0 issuewild \";\"") - ("@" "" "IN" "CAA" (fmt "0 iodef \"mailto:root@~a\"" +tld+)) +(define package-symbols + '()) - ("mta-sts" "" "IN" "A" +ipv4+) - ("mta-sts" "" "IN" "AAAA" +ipv6+) - ("_mta-sts" "" "IN" "TXT" "\"v=STSv1; id=20230314\"") - ("@" "" "IN" "MX" (fmt "10 ~a." +tld+)) - ("_dmarc" "" "IN" "TXT" "\"v=DMARC1; p=quarantine\"") - ("@" "" "IN" "TXT" (fmt "\"v=spf1 a:~a -all\"" +tld+)) - (dkim-name "" "IN" "TXT" (fmt "\"v=DKIM1; k=rsa; t=s; p=~a\"" dkim-public-key))) - -(define-zone-entries ipv4-reverse-domain-zone - ("@" "" "IN" "PTR" (str +tld+ ".")) - ("@" "" "IN" "NS" ns1) - ("@" "" "IN" "NS" ns2)) - -(define-zone-entries ipv6-reverse-domain-zone - ("@" "" "IN" "PTR" (str +tld+ ".")) - ("@" "" "IN" "NS" ns1) - ("@" "" "IN" "NS" ns2)) - -(define zones - (list - (knot-zone-configuration - (domain +tld+) - (semantic-checks? #t) - (zone - (zone-file - (origin +tld+) - (ns ns) - (mail mail) - (entries tld-zone)))) - (knot-zone-configuration - (domain ipv4-reverse-domain) - (semantic-checks? #t) - (zone - (zone-file - (origin ipv4-reverse-domain) - (ns ns) - (mail mail) - (entries ipv4-reverse-domain-zone)))) - (knot-zone-configuration - (domain ipv6-reverse-domain) - (semantic-checks? #t) - (zone - (zone-file - (origin ipv6-reverse-domain) - (ns ns) - (mail mail) - (entries ipv6-reverse-domain-zone)))))) - -(define private-http - '(#"- - auth_basic "Private area"; - auth_basic_user_file /opt/secrets/htpasswd.txt; - "#)) - -(define cgit-nginx-config +(define package-records (list - (list "fastcgi_param SCRIPT_FILENAME " cgit "/lib/cgit/cgit.cgi;") - #"- - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass localhost:9000; - rewrite /git(.*) $1 break; - "#)) + #; + packages:papo.im)) ;; FIXME: move to "website" repository (operating-system (locale "en_GB.UTF-8") (timezone "America/Sao_Paulo") (host-name +tld+) - (skeletons - `((".profile" - ,(plain-file - "user-profile" - (file "src/config/profile.sh"))))) - (users - (append - (list - (user-account - (name "git") - (group "git") - (system? #t) - (comment "External SSH Git user") - (home-directory "/srv/git") - (create-home-directory? #f) - (shell - (file-append git "/bin/git-shell"))) - (user-account - (name "deployer") - (group "deployer") - (system? #t) - (comment "The account used to run deployment commands") - (home-directory "/var/empty") - (create-home-directory? #f) - (shell - (file-append shadow "/sbin/nologin"))) - (user-account - (name "secrets-keeper") - (group "secrets-keeper") - (system? #t) - (comment "The account used to manage production secrets") - (home-directory "/var/empty") - (create-home-directory? #f) - (shell - (file-append shadow "/sbin/nologin")))) - +user-accounts+ - %base-user-accounts)) - (groups - (append - (list - (user-group - (name "git") - (system? #t)) - (user-group - (name "deployer") - (system? #t)) - (user-group - (name "become-deployer") - (system? #t)) - (user-group - (name "secrets-keeper") - (system? #t)) - (user-group - (name "become-secrets-keeper") - (system? #t))) - %base-groups)) - (sudoers-file - (plain-file "sudoers" #"- - root ALL=(ALL) ALL - %wheel ALL= ALL - %become-deployer ALL=(deployer) NOPASSWD: ALL - %become-secrets-keeper ALL=(secrets-keeper) NOPASSWD: /run/current-system/profile/bin/rsync, /run/current-system/profile/bin/setfacl, /run/current-system/profile/bin/rm - git ALL= NOPASSWD: /run/current-system/profile/bin/reconfigure, /run/current-system/profile/bin/cicd - git ALL=(deployer) NOPASSWD: /run/current-system/profile/bin/rsync, /run/current-system/profile/bin/mkdir - "#)) - (packages - (append - (map - (compose list specification->package+output symbol->string) - '(nss-certs - guile-heredoc - parted - acl - bind:utils - knot:tools - file - git - lsof - moreutils - mailutils-sendmail - curl - make - borg - rsync - sqlite - strace - rlwrap - trash-cli - tree)) - (list - (script "gc" (file "src/scripts/gc.sh")) - (script "cicd" (file "src/scripts/cicd.sh")) - (script "check" (file "src/scripts/check.sh")) - (script "backup" (file "src/scripts/backup.sh")) - (script "deploy" (file "src/scripts/deploy.sh")) - (script "report" (file "src/scripts/report.sh")) - (script "cronjob" (file "src/scripts/cronjob.sh")) - (script "reconfigure" (file "src/scripts/reconfigure.sh"))) - (list - packages:papo.im) ;; FIXME: move to "website" repository - %base-packages)) + (skeletons serv:skeletons) + (users (append (serv:user-accounts +users+) %base-user-accounts)) + (packages (serv:package-set package-symbols package-records)) (services (append (list (service ntp-service-type) (service dhcp-client-service-type) - (service knot-service-type - (knot-configuration - (zones zones))) - (service openssh-service-type - (openssh-configuration - (openssh openssh-sans-x) - (password-authentication? #f) - (authorized-keys +authorized-keys+) - (extra-content #"- - ClientAliveInterval 30 - ClientAliveCountMax 20 - MaxSessions 20 - SetEnv GIT_CONFIG_GLOBAL=/etc/gitconfig - "#))) - (simple-service 'extra-rottlog-rotations rottlog-service-type - (list - (log-rotation - (frequency 'weekly) - (files '("/var/log/cronjobs.log")) - (options '("rotate 5200"))))) (service fail2ban-service-type) - (service mcron-service-type - (mcron-configuration - (jobs - (list - #~(job "0 0 * * *" "cronjob check") - #~(job "0 1 * * *" "cronjob env BORG_REPO=/mnt/backup/borg backup -q cron") - #~(job "0 2 * * *" "cronjob backup -q cron") - #~(job "0 3 * * 0" "cronjob gc") - #~(job "0 4 * * *" "cronjob reconfigure -U"))))) - (service certbot-service-type - (certbot-configuration - (email (str "root@" +tld+)) - (certificates - (list - (certificate-configuration - (domains (list +tld+)) - (deploy-hook - (program-file - "nginx-deploy-hook" - #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) - (kill pid SIGHUP))))))))) + (service serv:binder-service-type (serv:binder-configuration (package packages:binder))) + (service serv:glaze-service-type (serv:glaze-configuration (package packages:glaze))) + (service serv:untls-service-type (serv:untls-configuration (package packages:untls))) + (service serv:wscat-service-type (serv:wscat-configuration (package packages:wscat))) + (service serv:papod-service-type (serv:papod-configuration (package packages:papod))) + (service openssh-service-type (q:openssh-default-configuration (serv:users->keys +users+))) + (service certbot-service-type (q:tld-certbot-configuration +tld+)) + (service cgit-service-type q:cgit-pre-configuration) + (service serv:syskeep-service-type) + (service q:shadow-group-service-type) + (service q:dkimproxyout-service-type) + (service q:cyrus-sasl-service-type) + (service q:dovecot-service-type) + (service q:internet-postfix-service-type) (service nginx-service-type (nginx-configuration (server-blocks @@ -407,8 +87,8 @@ (server-name (list +tld+)) (listen '("[::]:443 ssl http2" "443 ssl http2")) (root "/srv/www") - (ssl-certificate (fmt "/etc/letsencrypt/live/~a/fullchain.pem" +tld+)) - (ssl-certificate-key (fmt "/etc/letsencrypt/live/~a/privkey.pem" +tld+)) + (ssl-certificate (serv:fmt "/etc/letsencrypt/live/~a/fullchain.pem" +tld+)) + (ssl-certificate-key (serv:fmt "/etc/letsencrypt/live/~a/privkey.pem" +tld+)) (locations (list (nginx-location-configuration @@ -417,26 +97,27 @@ (list ;; FIXME: use this for blue/green deployment #; - (fmt "include /var/run/~a/curr.conf;~%" +tld+)))) + (serv:fmt "include /var/run/~a/curr.conf;~%" +tld+)))) (nginx-location-configuration (uri "/git/static/") (body (list (list "alias " cgit "/share/cgit/;")))) (nginx-location-configuration - (uri "/git/private/") - (body - (append - cgit-nginx-config - private-http))) - (nginx-location-configuration (uri "/git/") - (body cgit-nginx-config)))) + (body + (list + (list "fastcgi_param SCRIPT_FILENAME " cgit "/lib/cgit/cgit.cgi;") + #"- + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass localhost:9000; + rewrite /git(.*) $1 break; + "#))))) (raw-content '(#"- - # BearSSL still doesn't do TLSv1.3, so we deem TLSv1.2 as - # acceptable - ssl_protocols TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.3; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; ssl_prefer_server_ciphers on; gzip off; # Disable catch-all compression due to BREACH @@ -444,35 +125,10 @@ autoindex on; add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains' always; "#))))))) - (service cgit-service-type queue:cgit-pre-configuration) - (simple-service 'extra-etc-file etc-service-type - `(("rc" ,(plain-file "rc.sh" (file "src/config/rc.sh"))) - ("known_hosts" ,(plain-file "known_hosts" (file "src/config/known_hosts.txt"))) - ("id_rsa.pub" ,(plain-file "id_rsa.pub" (file (fmt "src/keys/SSH/root@~a.id_rsa.pub.stripped" +tld+)))) - ("ssh.conf" ,(plain-file "ssh.conf" (file "src/config/ssh.conf"))) - ("init.scm" ,(plain-file "init.scm" (file "src/config/init.scm"))) - ("conf.env" ,(plain-file "conf.env" (file "src/config/conf.env"))) - ("gitconfig" ,(plain-file "gitconfig" (file "src/config/gitconfig"))))) - (service queue:shadow-group-service-type) - (service queue:dkimproxyout-service-type) - (service queue:cyrus-sasl-service-type) - (service queue:dovecot-service-type) - (service queue:internet-postfix-service-type - (queue:postfix-configuration - (enable-submission? #t) - (main.cf-extra #"- - message_size_limit = 102400000 - mailbox_size_limit = 5120000000 - "#))) (service mail-aliases-service-type `(("root" "andre") ("support" ,@(map s1:first +users+))))) - (modify-services %base-services - (rottlog-service-type config => - (rottlog-configuration - (inherit config) - (rc-file - (file-append queue:rottlog-mailutils-sendmail "/etc/rc"))))))) + serv:base-services)) (bootloader (bootloader-configuration (bootloader grub-bootloader) |