diff --git a/machines/base-desktop.scm b/machines/base-desktop.scm new file mode 100644 index 0000000..65dbcdc --- /dev/null +++ b/machines/base-desktop.scm @@ -0,0 +1,4 @@ +(define-module (machines base-desktop) + #:use-module (system base-system)) + +%metznet-base-desktop-system diff --git a/system/clients/otto.scm b/machines/otto.scm similarity index 90% rename from system/clients/otto.scm rename to machines/otto.scm index a92bc1f..d7ebb07 100644 --- a/system/clients/otto.scm +++ b/machines/otto.scm @@ -1,8 +1,7 @@ -(define-module (system clients otto) +(define-module (machines otto) #:use-module (gnu) #:use-module (system base-system) - #:use-module (gnu packages tex) - #:use-module (nongnu packages mozilla) + #:use-module (gnu packages ) #:use-module (nongnu packages nvidia) #:use-module (gnu packages networking) #:use-module (gnu packages shells) @@ -36,11 +35,11 @@ (define otto-operating-system (operating-system - (inherit base-desktop-system) + (inherit %metznet-base-desktop-system) (host-name "otto") (kernel-arguments '("modprobe.blacklist=nouveau")) (packages (append (list blueman bluez bluez-alsa pulseaudio docker python openvswitch - qemu texlive firefox pavucontrol mupdf gcc-toolchain gnu-make + qemu pavucontrol mupdf gcc-toolchain gnu-make gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane cups xf86-video-nv xf86-input-libinput vulkan-loader vulkan-tools (list isc-bind "utils")) %metznet-desktop-packages)) @@ -63,14 +62,14 @@ %usb-udev-rule) (udev-configuration-rules config)))))))) (users (cons* (user-account - (name "nmetz") + (name "noah") (comment "Noah Metz") (group "users") - (home-directory "/home/nmetz") + (home-directory "/home/noah") (shell (file-append zsh "/bin/zsh")) (supplementary-groups `("wheel" "netdev" "audio" "video" "usb" "kvm" "lp" "docker"))) - %my-base-user-accounts)) + %metznet-base-user-accounts)) (file-systems (cons* (file-system (mount-point "/boot/efi") @@ -84,3 +83,4 @@ (type "ext4")) %base-file-systems)))) +otto-operating-system diff --git a/system/base-system.scm b/system/base-system.scm index 15df8ec..a455965 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -7,6 +7,7 @@ #:use-module (gnu system nss) #:use-module (gnu packages certs) #:use-module (gnu services pm) + #:use-module (gnu services authentication) #:use-module (gnu services vpn) #:use-module (gnu packages vpn) #:use-module (gnu services networking) @@ -29,30 +30,35 @@ #:use-module (gnu packages version-control) #:use-module (nongnu system linux-initrd) #:use-module (gnu system setuid) - #:use-module (ice-9 exceptions)) - -(define-public get-env-default - (lambda (env default) - (or - (getenv env) - default))) - -(define kadmin-prefix - (get-env-default "KADMIN_PREFIX" "kadmin.")) - -(define kdc-prefix - (get-env-default "KDC_PREFIX" "kadmin.")) - -(define-public %domain-caps - (get-env-default "DOMAIN_CAPS" "METZNET.CA")) - -(define-public %domain-name - (get-env-default "DOMAIN_NAME" "metznet.ca")) - -(define-public %domain-kadmin (string-append kadmin-prefix %domain-name)) -(define-public %domain-kdc (string-append kdc-prefix %domain-name)) - -(define-public %my-base-user-accounts (append (list + #:use-module (ice-9 exceptions) + #:export (get-env-default) + #:export (%domain-realm) + #:export (%domain-name) + #:export (%domain-kadmin) + #:export (%domain-kdc) + #:export (%metznet-base-user-accounts) + #:export (%metznet-base-groups) + #:export (%metznet-base-packages) + #:export (%metznet-desktop-packages) + #:export (%metznet-server-packages) + #:export (%metznet-setuid-programs) + #:export (%default-keyboard-layout) + #:export (%kvm-udev-rule) + #:export (%usb-udev-rule) + #:export (%tun-udev-rule) + #:export (%metznet-desktop-services) + #:export (%metznet-server-services) + #:export (%metznet-base-server-system) + #:export (%metznet-base-desktop-system)) + +(define %domain-realm "METZNET.CA") + +(define %domain-name "metznet.ca") + +(define %domain-kadmin (string-append "kerberos." %domain-name)) +(define %domain-kdc (string-append "kerberos." %domain-name)) + +(define %metznet-base-user-accounts (append (list (user-account (name "root") (group "root") @@ -61,7 +67,7 @@ (shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) -(define-public %my-base-groups (append (list +(define %metznet-base-groups (append (list (user-group (system? #t) (name "realtime")) @@ -70,13 +76,13 @@ (name "usb"))) %base-groups)) -(define-public %my-base-packages (append (list openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages)) +(define %metznet-base-packages (append (list nss-pam-ldapd openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages)) -(define-public %metznet-desktop-packages (append (list i3-wm i3status dmenu alacritty icecat) %my-base-packages)) +(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) -(define-public %metznet-server-packages (append (list isc-dhcp) %my-base-packages)) +(define %metznet-server-packages (append (list isc-dhcp) %metznet-base-packages)) -(define-public %desktop-setuid-programs (append +(define %desktop-setuid-programs (append (list (setuid-program (program #~(string-append #$openvpn "/sbin/openvpn"))) (setuid-program @@ -84,11 +90,11 @@ %setuid-programs)) (define (krb5-config kdc-server kadmin) (krb5-configuration - (default-realm %domain-caps) + (default-realm %domain-realm) (allow-weak-crypto? #t) (rdns? #f) (realms (list (krb5-realm - (name %domain-caps) + (name %domain-realm) (admin-server kadmin) (kdc kdc-server)))))) @@ -96,14 +102,14 @@ (pam-krb5 pam-krb5) (minimum-uid 1000))) -(define-public %default-keyboard-layout (keyboard-layout "us")) +(define %default-keyboard-layout (keyboard-layout "us")) -(define-public %kvm-udev-rule +(define %kvm-udev-rule (udev-rule "65-kvm.rules" "KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\"")) -(define-public %usb-udev-rule +(define %usb-udev-rule (udev-rule "51-usb.rules" (string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n" @@ -119,10 +125,21 @@ "55-backlight.rules" "RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\"")) -(define-public %metznet-desktop-services +(define %metznet-name-service-switch + (let ((services (list (name-service (name "files")) + (name-service (name "ldap"))))) + (name-service-switch + (password services) + (shadow services) + (group services)))) + +(define %metznet-desktop-services (append (list (service openssh-service-type) (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) (service pam-krb5-service-type pam-krb5-config) + (service nslcd-service-type (nslcd-configuration (base "dc=metznet,dc=ca") + (nss-pam-ldapd nss-pam-ldapd) + (uri (list "ldaps://ldap.metznet.ca/")))) ;(set-xorg-configuration ; (xorg-configuration ; (keyboard-layout %default-keyboard-layout))) @@ -152,13 +169,10 @@ (network-manager-configuration (inherit config) (vpn-plugins (list network-manager-openvpn))))))) -(define-public %my-base-services (append (list - (service openssh-service-type) - (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) - (service pam-krb5-service-type pam-krb5-config)) - %base-services)) - -(define-public %metznet-server-services (append (list +(define %metznet-server-services (append (list + (service openssh-service-type) + (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) + (service pam-krb5-service-type pam-krb5-config) (service dhcp-client-service-type) (openvpn-client-service #:config (openvpn-client-configuration @@ -166,15 +180,16 @@ (pid-file "/var/run/openvpn/client.pid") (persist-key? #f) (tls-auth "/etc/openvpn/ta.key")))) - %my-base-services)) + %base-services)) -(define-public base-operating-system +(define %metznet-base-operating-system (operating-system ;; Hostname and localization information (host-name "base") (timezone "America/Edmonton") (locale "en_CA.utf8") (keyboard-layout %default-keyboard-layout) + (name-service-switch %metznet-name-service-switch) ;; Kernel and firmware definitions (kernel linux) (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments)) @@ -198,22 +213,22 @@ (type "xfs") (check? #f)) %base-file-systems)) - (users %my-base-user-accounts) - (groups %my-base-groups) - (packages %my-base-packages) - (services %my-base-services))) + (users %metznet-base-user-accounts) + (groups %metznet-base-groups) + (packages %metznet-base-packages) + (services %metznet-base-services))) -(define-public base-server-system +(define %metznet-base-server-system (operating-system - (inherit base-operating-system) - (host-name "base-server") + (inherit %metznet-base-operating-system) + (host-name "metznet-base-server") (packages %metznet-server-packages) (services %metznet-server-services))) -(define-public base-desktop-system +(define %metznet-base-desktop-system (operating-system - (inherit base-operating-system) - (host-name "base-desktop") + (inherit %metznet-base-operating-system) + (host-name "metznet-base-desktop") (setuid-programs %desktop-setuid-programs) (packages %metznet-desktop-packages) (services %metznet-desktop-services))) diff --git a/system/servers/ci.scm b/system/servers/ci.scm deleted file mode 100644 index 07f9e4b..0000000 --- a/system/servers/ci.scm +++ /dev/null @@ -1,38 +0,0 @@ -(define-module (system servers ci) - #:use-module (gnu) - #:use-module (gnu packages ci) - #:use-module (gnu services cuirass) - #:use-module (system base-system) - #:use-module (guix gexp) - #:export (ci-operating-system)) - -(define ci-operating-system - (operating-system - (inherit base-server-system) - (host-name "ci") - (packages (append (list cuirass) %metznet-server-packages)) - (services (append (list - (service cuirass-service-type - (cuirass-configuration - (specifications #~(list (specification - (name "metznet-channel") - (build '(channels metznet-channel)) - (channels - (cons (channel - (name 'metznet-channel) - (url "git://git.metznet.ca:metznet-channel.git")) - %default-channels)))))))) %metznet-server-services)) - (file-systems - (cons* (file-system - (mount-point "/boot/efi") - (device (uuid "6E88-FE62" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device - (uuid "ba93a043-9e58-466f-b90f-bf2a6bbf91fe" - 'ext4)) - (type "ext4")) - %base-file-systems)))) - -ci-operating-system