~tieong/bootstrap-guix

ec9dd2bd1943682e33ff192867de4eca7d7d201d — Thomas Ieong 1 year, 29 days ago 3c0c4c6
Added os definition
1 files changed, 97 insertions(+), 0 deletions(-)

A os.scm
A os.scm => os.scm +97 -0
@@ 0,0 1,97 @@
(use-modules (gnu) (guix))
(use-service-modules networking ssh vpn virtualization sysctl admin mcron)
(use-package-modules ssh certs tls tmux vpn virtualization)

(define garbage-collector-job
  ;; Collect garbage 5 minutes after midnight every day.
  ;; The job's action is a shell command.
  #~(job "5 0 * * *"            ;Vixie cron syntax
	 "guix gc -F 1G"))

(operating-system
 (host-name "kimsufi")
 (timezone "Etc/UTC")

 (bootloader (bootloader-configuration
	      (bootloader grub-bootloader)
	      (targets (list "/dev/sda" "/dev/sdb"))
	      (terminal-outputs '(console))))

 ;; Add a kernel module for RAID-1 (aka. "mirror").
 (initrd-modules (cons* "raid1"  %base-initrd-modules))

 (mapped-devices
  (list
   (mapped-device
    (source (list "/dev/sda2" "/dev/sdb2"))
    (target "/dev/md127")
    (type raid-device-mapping))))

 (swap-devices
  (list
   (swap-space
    (target "/dev/sda3"))
   (swap-space
    (target "/dev/sdb3"))))

 (issue
  ;; Default contents for /etc/issue.
  "\
This is the GNU system at Kimsufi.  Welcome.\n")

 (file-systems (cons* (file-system
		       (mount-point "/")
		       (device "/dev/md127")
		       (type "ext4")
		       (dependencies mapped-devices))
		      %base-file-systems))

 (users (cons (user-account
	       (name "guix")
	       (comment "guix")
	       (group "users")
	       (supplementary-groups '("wheel"))
	       (home-directory "/home/guix"))
	      %base-user-accounts))

 (sudoers-file
  (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
guix ALL=(ALL) NOPASSWD:ALL\n"))


 ;; Globally-installed packages.
 (packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages))
 (services
  (cons*
   (service static-networking-service-type
	    (list (static-networking
		   (addresses (list (network-address
				     (device "enp3s0")
				     (value "37.187.79.64/24"))))
		   (routes (list (network-route
				  (destination "default")
				  (gateway "37.187.79.254"))))
		   (name-servers '("213.186.33.99")))))

   (service unattended-upgrade-service-type)

   (simple-service 'my-cron-jobs
		   mcron-service-type
		   (list garbage-collector-job))

   (service openssh-service-type
	    (openssh-configuration
	     (openssh openssh-sans-x)
	     (permit-root-login #f)
	     (port-number 2222)
	     (authorized-keys
	      (quasiquote
	       (("guix" (unquote (plain-file "kimsufi-infra.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYGq2Ryy8hnMkvK+3/ADzhH9WPmO8lvTKiC3Q8NHwqw user@linux"))))))))
   (modify-services %base-services
		    (sysctl-service-type config =>
					 (sysctl-configuration
					  (settings (append '(("net.ipv6.conf.all.autoconf" . "0")
							      ("net.ipv6.conf.all.accept_ra" . "0"))
							    %default-sysctl-settings))))))))