|
|
@ -1,9 +1,6 @@
|
|
|
|
(define-module (system base-system)
|
|
|
|
(define-module (system base-system)
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
|
|
|
|
|
|
|
|
#:use-module (nongnu system linux-initrd)
|
|
|
|
|
|
|
|
#:use-module (nongnu packages linux)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#:use-module (gnu bootloader)
|
|
|
|
#:use-module (gnu bootloader)
|
|
|
|
#:use-module (gnu bootloader grub)
|
|
|
|
#:use-module (gnu bootloader grub)
|
|
|
|
#:use-module (gnu system accounts)
|
|
|
|
#:use-module (gnu system accounts)
|
|
|
@ -163,30 +160,25 @@
|
|
|
|
(define-configuration/no-serialization metznet-system-configuration
|
|
|
|
(define-configuration/no-serialization metznet-system-configuration
|
|
|
|
(certs (file-like le-certs)
|
|
|
|
(certs (file-like le-certs)
|
|
|
|
"certificate package")
|
|
|
|
"certificate package")
|
|
|
|
(vpn-pki-dir (maybe-string (let ((pki-dir
|
|
|
|
(vpn-ta-key (file-like (computed-file "ta.key" (with-imported-modules '((guix build utils)) #~(begin
|
|
|
|
(getenv
|
|
|
|
(use-modules (guix build utils))
|
|
|
|
"VPN_PKI_DIR")))
|
|
|
|
(invoke #$(file-append openvpn "/sbin/openvpn") "--genkey" "secret" #$output)))))
|
|
|
|
(or
|
|
|
|
"ta.key for openvpn")
|
|
|
|
pki-dir
|
|
|
|
(vpn-ca (file-like (local-file (or (getenv "VPN_CA") "pki/ca.crt"))) "ca.crt for openvpn")
|
|
|
|
%unset-value)))
|
|
|
|
(vpn-cert (file-like (local-file (or (getenv "VPN_CERT") "pki/vpn.crt"))) "certificate for openvpn")
|
|
|
|
"openvpn pki directory")
|
|
|
|
(vpn-key (file-like (local-file (or (getenv "VPN_KEY") "pki/vpn.key"))) "key for openvpn")
|
|
|
|
(user-shells (alist-of-file-like (list (cons
|
|
|
|
(user-shells (alist-of-file-like (list (cons
|
|
|
|
"/bin/zsh"
|
|
|
|
"/bin/zsh"
|
|
|
|
zsh)))
|
|
|
|
zsh)))
|
|
|
|
"user shells to link")
|
|
|
|
"user shells to link")
|
|
|
|
(channels-file (file-like (scheme-file
|
|
|
|
(channels-file (file-like (scheme-file
|
|
|
|
"channels.scm"
|
|
|
|
"channels.scm"
|
|
|
|
#~(append (list
|
|
|
|
#~(cons
|
|
|
|
(channel
|
|
|
|
(channel
|
|
|
|
(name 'metznet-channel)
|
|
|
|
(name 'metznet-channel)
|
|
|
|
|
|
|
|
|
|
|
|
(url
|
|
|
|
(url
|
|
|
|
"https://git.metznet.ca/MetzNet/metznet-channel.git"))
|
|
|
|
"https://git.metznet.ca/MetzNet/metznet-channel.git"))
|
|
|
|
(channel
|
|
|
|
|
|
|
|
(name 'nonguix)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(url
|
|
|
|
|
|
|
|
"https://gitlab.com/nonguix/nonguix.git")))
|
|
|
|
|
|
|
|
%default-channels)))
|
|
|
|
%default-channels)))
|
|
|
|
"channels.scm")
|
|
|
|
"channels.scm")
|
|
|
|
(pam-services (list-of-strings (list
|
|
|
|
(pam-services (list-of-strings (list
|
|
|
@ -231,18 +223,11 @@
|
|
|
|
(list #$@(shell-packages configuration))))
|
|
|
|
(list #$@(shell-packages configuration))))
|
|
|
|
|
|
|
|
|
|
|
|
(define (metznet-etc-service configuration)
|
|
|
|
(define (metznet-etc-service configuration)
|
|
|
|
(let ((channels-file (metznet-system-configuration-channels-file
|
|
|
|
`(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration))
|
|
|
|
configuration))
|
|
|
|
("openvpn/ta.key" ,(metznet-system-configuration-vpn-ta-key configuration))
|
|
|
|
(pki-dir (metznet-system-configuration-vpn-pki-dir configuration)))
|
|
|
|
("openvpn/ca.crt" ,(metznet-system-configuration-vpn-ca configuration))
|
|
|
|
(if (maybe-value-set? pki-dir)
|
|
|
|
("openvpn/client.key" ,(metznet-system-configuration-vpn-cert configuration))
|
|
|
|
`(("guix/channels.scm" ,channels-file)
|
|
|
|
("openvpn/client.crt" ,(metznet-system-configuration-vpn-key configuration))))
|
|
|
|
("openvpn/ta.key" ,(local-file (string-append pki-dir "/ta.key")))
|
|
|
|
|
|
|
|
("openvpn/ca.crt" ,(local-file (string-append pki-dir "/ca.crt")))
|
|
|
|
|
|
|
|
("openvpn/client.key" ,(local-file (string-append pki-dir
|
|
|
|
|
|
|
|
"/client.key")))
|
|
|
|
|
|
|
|
("openvpn/client.crt" ,(local-file (string-append pki-dir
|
|
|
|
|
|
|
|
"/client.crt"))))
|
|
|
|
|
|
|
|
`(("guix/channels.scm" ,channels-file)))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(define metznet-service-type
|
|
|
|
(define metznet-service-type
|
|
|
|
(service-type (name 'metznet-service)
|
|
|
|
(service-type (name 'metznet-service)
|
|
|
@ -291,16 +276,6 @@
|
|
|
|
(append %metznet-services
|
|
|
|
(append %metznet-services
|
|
|
|
(modify-services %desktop-services
|
|
|
|
(modify-services %desktop-services
|
|
|
|
(nscd-service-type config => %metznet-nscd-configuration)
|
|
|
|
(nscd-service-type config => %metznet-nscd-configuration)
|
|
|
|
(guix-service-type config =>
|
|
|
|
|
|
|
|
(guix-configuration (inherit config)
|
|
|
|
|
|
|
|
(substitute-urls (append (list
|
|
|
|
|
|
|
|
"https://substitutes.nonguix.org")
|
|
|
|
|
|
|
|
%default-substitute-urls))
|
|
|
|
|
|
|
|
(authorized-keys (append (list
|
|
|
|
|
|
|
|
(plain-file
|
|
|
|
|
|
|
|
"nonguix.pub"
|
|
|
|
|
|
|
|
"(public-key\n (ecc\n (curve Ed25519)\n (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
|
|
|
|
|
|
|
|
%default-authorized-guix-keys))))
|
|
|
|
|
|
|
|
(udev-service-type config =>
|
|
|
|
(udev-service-type config =>
|
|
|
|
(udev-configuration (inherit config)
|
|
|
|
(udev-configuration (inherit config)
|
|
|
|
(rules (append (list
|
|
|
|
(rules (append (list
|
|
|
@ -317,9 +292,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
(define %metznet-server-services
|
|
|
|
(define %metznet-server-services
|
|
|
|
(append %metznet-services
|
|
|
|
(append %metznet-services
|
|
|
|
(list (dbus-service)
|
|
|
|
(list (service dbus-root-service-type)
|
|
|
|
(service dhcp-client-service-type)
|
|
|
|
(service dhcp-client-service-type)
|
|
|
|
(openvpn-client-service #:config (openvpn-client-configuration
|
|
|
|
(service openvpn-client-service-type (openvpn-client-configuration
|
|
|
|
(openvpn openvpn)
|
|
|
|
(openvpn openvpn)
|
|
|
|
(pid-file
|
|
|
|
(pid-file
|
|
|
|
"/var/run/openvpn/client.pid")
|
|
|
|
"/var/run/openvpn/client.pid")
|
|
|
@ -334,18 +309,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
(define %metznet-base-operating-system
|
|
|
|
(define %metznet-base-operating-system
|
|
|
|
(operating-system
|
|
|
|
(operating-system
|
|
|
|
;; Hostname and localization information
|
|
|
|
|
|
|
|
(host-name "base")
|
|
|
|
(host-name "base")
|
|
|
|
(timezone "America/Edmonton")
|
|
|
|
(timezone "America/Edmonton")
|
|
|
|
(locale "en_CA.utf8")
|
|
|
|
(locale "en_CA.utf8")
|
|
|
|
(keyboard-layout %default-keyboard-layout)
|
|
|
|
(keyboard-layout %default-keyboard-layout)
|
|
|
|
(name-service-switch %metznet-name-service-switch)
|
|
|
|
(name-service-switch %metznet-name-service-switch)
|
|
|
|
;; Kernel and firmware definitions
|
|
|
|
|
|
|
|
(kernel linux)
|
|
|
|
|
|
|
|
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
|
|
|
|
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
|
|
|
|
(firmware (list linux-firmware))
|
|
|
|
|
|
|
|
(initrd microcode-initrd)
|
|
|
|
|
|
|
|
;; Grub UEFI Bootloader installed to /boot/efi
|
|
|
|
|
|
|
|
(bootloader (bootloader-configuration
|
|
|
|
(bootloader (bootloader-configuration
|
|
|
|
(bootloader grub-efi-bootloader)
|
|
|
|
(bootloader grub-efi-bootloader)
|
|
|
|
(targets '("/boot/efi"))
|
|
|
|
(targets '("/boot/efi"))
|
|
|
|