diff --git a/Makefile b/Makefile index 3b44ba3..907ae1a 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,5 @@ -NONGUIX_DIR ?= ~/Code/nonguix GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org' -GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR) - +GUIX_LIB_FLAGS ?= -L ./ LIBVIRT_GROUP ?= libvirt LIBVIRT_USER ?= $(USER) GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS) @@ -11,9 +9,13 @@ VM_CPU ?= 4 %.qcow2: %.scm $(eval RO := $(shell $(GUIX_IMAGE_CMD) $<)) - install -C -m 666 -o $(LIBVIRT_USER) -g $(LIBVIRT_GROUP) $(RO) $@ + install -C -m 666 -o $(LIBVIRT_USER) -g $(LIBVIRT_GROUP) $(RO) $@ + +%: %.qcow2 + $(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf)) + qemu-system-x86_64 -nic user,model=virtio-net-pci -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin .PHONY: % -%: %.scm +%-ro: %.scm $(eval VM_SCRIPT := $(shell guix system $(GUIX_LIB_FLAGS) $(GUIX_SUBSTITUTE_FLAG) vm $<)) $(VM_SCRIPT) -m $(VM_RAM) -smp $(VM_CPU) -nic user,model=virtio-net-pci diff --git a/machines/ldap.scm b/machines/ldap.scm index 48ef2d6..c97fb33 100644 --- a/machines/ldap.scm +++ b/machines/ldap.scm @@ -22,8 +22,14 @@ (service slapd-service-type (slapd-configuration (uris "ldap:// ldapi:// ldaps:// ldapis://") - (backups (list (local-file - "0.ldif") - (local-file - "1.ldif")))))) + (backups (let ((slapd-seeds (getenv + "SLAPD_SEEDS"))) + (if slapd-seeds + (map (lambda (ldif) + (local-file + ldif)) + (string-split + slapd-seeds + #\:)) + '())))))) %metznet-server-services)))) diff --git a/machines/vpn.scm b/machines/vpn.scm index d7389f7..d9b700b 100644 --- a/machines/vpn.scm +++ b/machines/vpn.scm @@ -20,8 +20,10 @@ "10.0.80.0 255.255.255.0"))) (simple-service 'vpn-server-etc etc-service-type - `(("openvpn/dh2048.pem" ,(local-file - "dh2048.pem")))) + (let ((pki-dir (getenv "VPN_PKI_DIR"))) + (if pki-dir + `(("openvpn/dh2048.pem" ,(local-file (string-append pki-dir "/dh2048.pem")))) + `()))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration diff --git a/system/base-system.scm b/system/base-system.scm index 71e6366..217463f 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -149,9 +149,23 @@ (define list-of-strings? (list-of string?)) +(define-maybe/no-serialization string) + +(define (file-like-pair? val) + (let ((name (car val)) + (file (cdr val))) + (and (string? name) (file-like? file)))) + +(define alist-of-file-like? (list-of file-like-pair?)) + (define-configuration/no-serialization metznet-system-configuration (certs (file-like le-certs) "certificate package") + (vpn-pki-dir (maybe-string (let ((pki-dir (getenv "VPN_PKI_DIR"))) + (or pki-dir + %unset-value))) + "openvpn pki directory") + (user-shells (alist-of-file-like (list (cons "/bin/zsh" zsh))) "user shells to link") (channels-file (file-like (scheme-file "channels.scm" #~(append (list @@ -186,19 +200,34 @@ (define (pam-mkhomedir-services configuration) (list (pam-mkhomedir-service configuration))) +(define (shell-paths configuration) + (map car (metznet-system-configuration-user-shells configuration))) + +(define (shell-packages configuration) + (map cdr (metznet-system-configuration-user-shells configuration))) + (define (metznet-activation configuration) - #~(if (access? "/bin/zsh" F_OK) - (display "zsh already linked") + #~(for-each + (lambda + (path package) (begin - (display "linking zsh") - (symlink (string-append #$zsh "/bin/zsh") "/bin/zsh")))) + (display path) + (display "\n") + (display package) + (display "\n") + (unless (access? path F_OK) (symlink (string-append package path) path)))) + (list #$@(shell-paths configuration)) (list #$@(shell-packages configuration)))) (define (metznet-etc-service configuration) - `(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration)) - ("openvpn/ta.key" ,(local-file "ta.key")) - ("openvpn/ca.crt" ,(local-file "ca.crt")) - ("openvpn/client.crt" ,(local-file "client.crt")) - ("openvpn/client.key" ,(local-file "client.key")))) + (let ((channels-file (metznet-system-configuration-channels-file configuration)) + (pki-dir (metznet-system-configuration-vpn-pki-dir configuration))) + (if (maybe-value-set? pki-dir) + `(("guix/channels.scm" ,channels-file) + ("openvpn/ta.key" ,(local-file (string-append pki-dir "/ta.key"))) + ("openvpn/ca.crt" ,(local-file (string-append pki-dir "/ca.crt"))) + ("openvpn/client.key" ,(local-file (string-append pki-dir "/client.key"))) + ("openvpn/client.crt" ,(local-file (string-append pki-dir "/client.crt")))) + `(("guix/channels.scm" ,channels-file))))) (define metznet-service-type (service-type (name 'metznet-service)