(use-modules ((ice-9 match) #:prefix m:) ((srfi srfi-1) #:prefix s1:) ((xyz euandreh heredoc) #:prefix heredoc:) ((org euandre packages) #:prefix pkg:) ((org euandre queue) #:prefix q:) (gnu)) (use-package-modules) (use-service-modules certbot cgit dns mail networking security shepherd ssh) (heredoc:enable-syntax) (define (path s) ;; src/guix/system.scm + ../../../ = ./ (pkg:str (dirname (dirname (dirname (current-filename)))) "/" s)) (define +users+ `(("andre" "EuAndreh" ("wheel") ,(path "src/keys/SSH/andre.pub.txt")))) (add-to-load-path (dirname (current-filename))) (use-modules ((packages) #:prefix packages:)) (define +ipv4+ "216.238.73.1") (define +ipv6+ "2001:19f0:b400:1582:5400:04ff:fea9:370e") (define +tld+ ((compose string-trim-right pkg:slurp path) "src/tld.txt")) (define +cert.pem+ (pkg:str "/etc/letsencrypt/live/" +tld+ "/cert.pem")) (define +privkey.pem+ (pkg:str "/etc/letsencrypt/live/" +tld+ "/privkey.pem")) (define package-symbols '()) (define package-records (list #; packages:papo.im)) ;; FIXME: move to "website" repository (define binder-service-type (pkg:with-services-from-args pkg:binder-service-type pkg:; FIXME: /var/run/glaze/redirect/glaze.socket, etc '(((binder-http) ("0.0.0.0:80" "/var/run/glaze/redirect.socket")) ((binder-https) ("0.0.0.0:443" "/var/run/untls/https.socket")) ((binder-ircs) ("0.0.0.0:6697" "/var/run/untls/ircs.socket"))))) (define glaze-service-type (pkg:with-services-from-args pkg:glaze-service-type pkg: '(((glaze-http) ("-X" "/var/run/glaze/redirect.socket")) ((glaze-https) ("-P/ws:/var/run/wscat/wscat.socket" ;; -P/git/*:/var/run/fcgiwrap.sock" FIXME "-P/*:/var/lib/glaze/" "/var/run/glaze/glaze.socket"))))) (define certs (list +cert.pem+ +privkey.pem+)) (define untls-service-type (pkg:with-services-from-args pkg:untls-service-type pkg: `(((untls-https) (,@certs "/var/run/untls/https.socket" "/var/run/glaze/glaze.socket")) ((untls-ircs) (,@certs "/var/run/untls/ircs.socket" "/var/run/papod/papod.socket"))))) (operating-system (locale "fr_FR.UTF-8") (timezone "America/Sao_Paulo") (host-name +tld+) (skeletons pkg:skeletons) (users (append (pkg:user-accounts +users+) %base-user-accounts)) (packages (pkg:package-set package-symbols package-records)) (services (append (list (service ntp-service-type) (service dhcp-client-service-type) (service fail2ban-service-type) ;; (service binder-service-type (pkg:binder-configuration (package packages:binder))) ;; (service glaze-service-type (pkg:glaze-configuration (package packages:glaze))) ;; (service untls-service-type (pkg:untls-configuration (package packages:untls))) ;; (service pkg:wscat-service-type (pkg:wscat-configuration (package packages:wscat))) ;; (service pkg:papod-service-type (pkg:papod-configuration (package packages:papod))) (service knot-service-type (q:knot-zones-configuration +tld+ +ipv4+ +ipv6+)) (service openssh-service-type (q:openssh-default-configuration (pkg:users->keys +users+))) (service certbot-service-type (q:tld-certbot-configuration +tld+)) (service cgit-service-type q:cgit-pre-configuration) (service pkg:syskeep-service-type) (service q:shadow-group-service-type) (service q:dkimproxyout-service-type) (service q:cyrus-sasl-service-type) (service q:dovecot-service-type) (service q:internet-postfix-service-type) (service mail-aliases-service-type `(("root" "andre") ("support" ,@(map s1:first +users+))))) pkg:base-services)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/vda")))) (file-systems (append (list (file-system (mount-point "/") (device (uuid "da72be6a-0c6b-4874-a57f-2046fcba13af" 'btrfs)) (type "btrfs")) (file-system (mount-point "/mnt/production") (needed-for-boot? #t) (device (uuid "c50ad9fa-c7a1-49a1-93d2-6633f3cf929f" 'btrfs)) (type "btrfs")) (file-system (mount-point "/mnt/backup") (device (uuid "d675e98c-3f48-44d1-b085-36c476d9313f" 'btrfs)) (type "btrfs"))) %base-file-systems)) (swap-devices (list (swap-space ;; # rm /swapfile ;; # fallocate -l 8G /swapfile ;; # chmod 600 /swapfile ;; # mkswap /swapfile ;; # swapon /swapfile (target "/swapfile") (dependencies (filter (file-system-mount-point-predicate "/") file-systems))) (swap-space (target (uuid "fde5e4a8-acc2-4c9a-9712-5494724c2c04"))))))