Use environment for paths

Makefile

@@ -1,7 +1,5 @@
-NONGUIX_DIR ?= ~/Code/nonguix
 GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
-GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR)
+GUIX_LIB_FLAGS ?= -L ./
-
 LIBVIRT_GROUP ?= libvirt
 LIBVIRT_USER ?= $(USER)
 GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS)
@@ -11,9 +9,13 @@ VM_CPU ?= 4
 
 %.qcow2: %.scm
 	$(eval RO := $(shell $(GUIX_IMAGE_CMD) $<))
-	install -C -m 666 -o $(LIBVIRT_USER) -g $(LIBVIRT_GROUP) $(RO) $@ 
+	install -C -m 666 -o $(LIBVIRT_USER) -g $(LIBVIRT_GROUP) $(RO) $@
+
+%: %.qcow2
+	$(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf))
+	qemu-system-x86_64 -nic user,model=virtio-net-pci -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin
 
 .PHONY: %
-%: %.scm
+%-ro: %.scm
 	$(eval VM_SCRIPT := $(shell guix system $(GUIX_LIB_FLAGS) $(GUIX_SUBSTITUTE_FLAG) vm $<))
 	$(VM_SCRIPT) -m $(VM_RAM) -smp $(VM_CPU) -nic user,model=virtio-net-pci

machines/ldap.scm

@@ -22,8 +22,14 @@
                    (service slapd-service-type
                             (slapd-configuration (uris
                                                   "ldap:// ldapi:// ldaps:// ldapis://")
-                                                 (backups (list (local-file
+                                                 (backups (let ((slapd-seeds (getenv
-                                                                 "0.ldif")
+                                                                              "SLAPD_SEEDS")))
-                                                                (local-file
+                                                            (if slapd-seeds
-                                                                 "1.ldif"))))))
+                                                                (map (lambda (ldif)
+                                                                       (local-file
+                                                                        ldif))
+                                                                     (string-split
+                                                                      slapd-seeds
+                                                                      #\:))
+                                                                '()))))))
              %metznet-server-services))))

machines/vpn.scm

@@ -20,8 +20,10 @@
                                                            "10.0.80.0 255.255.255.0")))
 
                    (simple-service 'vpn-server-etc etc-service-type
-                                   `(("openvpn/dh2048.pem" ,(local-file
+                                   (let ((pki-dir (getenv "VPN_PKI_DIR")))
-                                                             "dh2048.pem"))))
+                                     (if pki-dir
+                                       `(("openvpn/dh2048.pem" ,(local-file (string-append pki-dir "/dh2048.pem"))))
+                                       `())))
                    (service certbot-service-type
                             (certbot-configuration (email "admin@metznet.ca")
                                                    (certificates (list (certificate-configuration

system/base-system.scm

@@ -149,9 +149,23 @@
 (define list-of-strings?
   (list-of string?))
 
+(define-maybe/no-serialization string)
+
+(define (file-like-pair? val)
+  (let ((name (car val))
+        (file (cdr val)))
+    (and (string? name) (file-like? file))))
+
+(define alist-of-file-like? (list-of file-like-pair?))
+
 (define-configuration/no-serialization metznet-system-configuration
                                        (certs (file-like le-certs)
                                               "certificate package")
+                                       (vpn-pki-dir (maybe-string (let ((pki-dir (getenv "VPN_PKI_DIR")))
+                                                                        (or pki-dir
+                                                                          %unset-value)))
+                                                                       "openvpn pki directory")
+                                       (user-shells (alist-of-file-like (list (cons "/bin/zsh" zsh))) "user shells to link")
                                        (channels-file (file-like (scheme-file
                                                                   "channels.scm"
                                                                   #~(append (list
@@ -186,19 +200,34 @@
 (define (pam-mkhomedir-services configuration)
   (list (pam-mkhomedir-service configuration)))
 
+(define (shell-paths configuration)
+  (map car (metznet-system-configuration-user-shells configuration)))
+
+(define (shell-packages configuration)
+  (map cdr (metznet-system-configuration-user-shells configuration)))
+
 (define (metznet-activation configuration)
-  #~(if (access? "/bin/zsh" F_OK)
+    #~(for-each
-        (display "zsh already linked")
+      (lambda
+        (path package)
         (begin
-          (display "linking zsh")
+          (display path)
-          (symlink (string-append #$zsh "/bin/zsh") "/bin/zsh"))))
+          (display "\n")
+          (display package)
+          (display "\n")
+          (unless (access? path F_OK) (symlink (string-append package path) path))))
+      (list #$@(shell-paths configuration)) (list #$@(shell-packages configuration))))
 
 (define (metznet-etc-service configuration)
-  `(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration))
+  (let ((channels-file (metznet-system-configuration-channels-file configuration))
-    ("openvpn/ta.key" ,(local-file "ta.key"))
+         (pki-dir (metznet-system-configuration-vpn-pki-dir configuration)))
-    ("openvpn/ca.crt" ,(local-file "ca.crt"))
+     (if (maybe-value-set? pki-dir)
-    ("openvpn/client.crt" ,(local-file "client.crt"))
+       `(("guix/channels.scm" ,channels-file)
-    ("openvpn/client.key" ,(local-file "client.key"))))
+         ("openvpn/ta.key" ,(local-file (string-append pki-dir "/ta.key")))
+         ("openvpn/ca.crt" ,(local-file (string-append pki-dir "/ca.crt")))
+         ("openvpn/client.key" ,(local-file (string-append pki-dir "/client.key")))
+         ("openvpn/client.crt" ,(local-file (string-append pki-dir "/client.crt"))))
+       `(("guix/channels.scm" ,channels-file)))))
 
 (define metznet-service-type
   (service-type (name 'metznet-service)