diff --git a/system/base-system.scm b/system/base-system.scm index 1789da2..1111dda 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -53,6 +53,9 @@ #:export (%metznet-desktop-services) #:export (%metznet-server-services) + #:export (metznet-service-type) + #:export (metznet-system-configuration) + #:export (%metznet-base-server-system) #:export (%metznet-base-desktop-system)) @@ -157,28 +160,51 @@ (define alist-of-file-like? (list-of file-like-pair?)) +(define-maybe file-like) + (define-configuration/no-serialization metznet-system-configuration (certs (file-like le-certs) "certificate package") - (vpn-ta-key (file-like (computed-file "ta.key" (with-imported-modules '((guix build utils)) #~(begin - (use-modules (guix build utils)) - (invoke #$(file-append openvpn "/sbin/openvpn") "--genkey" "secret" #$output))))) + (vpn-ta-key (file-like (computed-file + "ta.key" + (with-imported-modules ' + ((guix build + utils)) + #~(begin + (use-modules + (guix + build + utils)) + (invoke #$ + (file-append + openvpn + "/sbin/openvpn") + "--genkey" + "secret" + #$output))))) "ta.key for openvpn") - (vpn-ca (file-like (local-file (or (getenv "VPN_CA") "pki/ca.crt"))) "ca.crt for openvpn") - (vpn-cert (file-like (local-file (or (getenv "VPN_CERT") "pki/vpn.crt"))) "certificate for openvpn") - (vpn-key (file-like (local-file (or (getenv "VPN_KEY") "pki/vpn.key"))) "key for openvpn") + (vpn-ca (file-like (local-file (or (getenv + "VPN_CA") + "pki/ca.crt"))) + "ca.crt for openvpn") + (vpn-cert (file-like (local-file (or (getenv + "VPN_CERT") + "pki/vpn.crt"))) + "certificate for openvpn") + (vpn-key (file-like (local-file (or (getenv + "VPN_KEY") + "pki/vpn.key"))) + "key for openvpn") (user-shells (alist-of-file-like (list (cons "/bin/zsh" zsh))) "user shells to link") - (channels-file (file-like (scheme-file + (channels-file (maybe-file-like (scheme-file "channels.scm" - #~(cons - (channel - (name 'metznet-channel) - - (url - "https://git.metznet.ca/MetzNet/metznet-channel.git")) + #~(cons (channel + (name 'metznet-channel) + (url + "https://git.metznet.ca/MetzNet/metznet-channel.git")) %default-channels))) "channels.scm") (pam-services (list-of-strings (list @@ -223,13 +249,17 @@ (list #$@(shell-packages configuration)))) (define (metznet-etc-service configuration) - `(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration)) - ("openvpn/ta.key" ,(metznet-system-configuration-vpn-ta-key configuration)) - ("openvpn/ca.crt" ,(metznet-system-configuration-vpn-ca configuration)) - ("openvpn/client.key" ,(metznet-system-configuration-vpn-cert configuration)) - ("openvpn/client.crt" ,(metznet-system-configuration-vpn-key configuration)))) - -(define metznet-service-type + `(,@(if (maybe-value-set? (metznet-system-configuration-channels-file configuration)) + `("guix/channels.scm" ,(metznet-system-configuration-channels-file + configuration)) + '()) + ("openvpn/ta.key" ,(metznet-system-configuration-vpn-ta-key configuration)) + ("openvpn/ca.crt" ,(metznet-system-configuration-vpn-ca configuration)) + ("openvpn/client.key" ,(metznet-system-configuration-vpn-cert + configuration)) + ("openvpn/client.crt" ,(metznet-system-configuration-vpn-key configuration)))) + +(define-public metznet-service-type (service-type (name 'metznet-service) (description "MetzNet Services") (extensions (list (service-extension activation-service-type @@ -290,26 +320,31 @@ (list network-manager-openvpn))))))) -(define %metznet-server-services +(define %base-services-nscd + (modify-services %base-services + (nscd-service-type config => %metznet-nscd-configuration))) + +(define %server-services (append %metznet-services (list (service dbus-root-service-type) (service dhcp-client-service-type) - (service openvpn-client-service-type (openvpn-client-configuration - (openvpn openvpn) - (pid-file - "/var/run/openvpn/client.pid") - (persist-key? #f) - (remote (list (openvpn-remote-configuration - (name - "vpn.metznet.ca")))) - (tls-auth - "/etc/openvpn/ta.key")))) - (modify-services %base-services - (nscd-service-type config => %metznet-nscd-configuration)))) - -(define %metznet-base-operating-system + (service openvpn-client-service-type + (openvpn-client-configuration (openvpn openvpn) + (pid-file + "/var/run/openvpn/client.pid") + (persist-key? #f) + (remote (list (openvpn-remote-configuration + (name + "vpn.metznet.ca")))) + (tls-auth + "/etc/openvpn/ta.key")))))) + +(define %metznet-server-services + (append %server-services %base-services-nscd)) + +(define %metznet-base-server-system (operating-system - (host-name "base") + (host-name "metznet-base-server") (timezone "America/Edmonton") (locale "en_CA.utf8") (keyboard-layout %default-keyboard-layout) @@ -332,20 +367,12 @@ (users %metznet-base-user-accounts) (groups %metznet-base-groups) (packages %metznet-base-packages) - (services - (append %metznet-services %base-services)))) - -(define %metznet-base-server-system - (operating-system - (inherit %metznet-base-operating-system) - (host-name "metznet-base-server") - (packages %metznet-base-packages) (services %metznet-server-services))) (define %metznet-base-desktop-system (operating-system - (inherit %metznet-base-operating-system) + (inherit %metznet-base-server-system) (host-name "metznet-base-desktop") (setuid-programs %desktop-setuid-programs) (packages %metznet-desktop-packages)