(define-module (system base-system) #:use-module (metznet) #:use-module (gnu) #:use-module (guix gexp) #:use-module (nongnu packages linux) #:use-module (gnu packages vim) #:use-module (gnu system nss) #:use-module (gnu packages certs) #:use-module (gnu services pm) #:use-module (gnu services vpn) #:use-module (gnu packages vpn) #:use-module (gnu services networking) #:use-module (gnu packages networking) #:use-module (gnu services ssh) #:use-module (gnu packages dns) #:use-module (gnu packages openldap) #:use-module (gnu services kerberos) #:use-module (gnu packages kerberos) #:use-module (gnu packages admin) #:use-module (gnu packages shells) #:use-module (gnu services desktop) #:use-module (gnu packages gnome) #:use-module (gnu packages wm) #:use-module (gnu services xorg) #:use-module (gnu packages suckless) #:use-module (gnu packages gnuzilla) #:use-module (gnu packages terminals) #:use-module (gnu packages virtualization) #:use-module (gnu packages version-control) #:use-module (nongnu system linux-initrd) #:use-module (gnu system setuid) #:use-module (ice-9 exceptions)) (define-public get-env-default (lambda (env default) (or (getenv env) default))) (define kadmin-prefix (get-env-default "KADMIN_PREFIX" "kadmin.")) (define kdc-prefix (get-env-default "KDC_PREFIX" "kadmin.")) (define-public %domain-caps (get-env-default "DOMAIN_CAPS" "METZNET.CA")) (define-public %domain-name (get-env-default "DOMAIN_NAME" "metznet.ca")) (define-public %domain-kadmin (string-append kadmin-prefix %domain-name)) (define-public %domain-kdc (string-append kdc-prefix %domain-name)) (define-public %my-base-user-accounts (append (list (user-account (name "root") (group "root") (uid 0) (password (crypt "root" "$6$salt")) (shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) (define-public %my-base-groups (append (list (user-group (system? #t) (name "realtime")) (user-group (system? #t) (name "usb"))) %base-groups)) (define-public %my-base-packages (append (list openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define-public %metznet-desktop-packages (append (list i3-wm i3status dmenu alacritty icecat) %my-base-packages)) (define-public %metznet-server-packages (append (list isc-dhcp) %my-base-packages)) (define-public %desktop-setuid-programs (append (list (setuid-program (program #~(string-append #$openvpn "/sbin/openvpn"))) (setuid-program (program #~(string-append #$openresolv "/sbin/resolvconf")))) %setuid-programs)) (define (krb5-config kdc-server kadmin) (krb5-configuration (default-realm %domain-caps) (allow-weak-crypto? #t) (rdns? #f) (realms (list (krb5-realm (name %domain-caps) (admin-server kadmin) (kdc kdc-server)))))) (define pam-krb5-config (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000))) (define-public %default-keyboard-layout (keyboard-layout "us")) (define-public %kvm-udev-rule (udev-rule "65-kvm.rules" "KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\"")) (define-public %usb-udev-rule (udev-rule "51-usb.rules" (string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n" "SUBSYSTEM==\"usbmisc\", GROUP=\"usb\""))) (define %tun-udev-rule (udev-rule "90-tun.rules" "KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\"")) (define %backlight-udev-rule (udev-rule "55-backlight.rules" "RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\"")) (define-public %metznet-desktop-services (append (list (service openssh-service-type) (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) (service pam-krb5-service-type pam-krb5-config) ;(set-xorg-configuration ; (xorg-configuration ; (keyboard-layout %default-keyboard-layout))) ) (modify-services %desktop-services (guix-service-type config => (guix-configuration (inherit config) (substitute-urls (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys (append (list (plain-file "nonguix.pub" "(public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) %default-authorized-guix-keys)))) (elogind-service-type config => (elogind-configuration (inherit config) (handle-lid-switch-external-power 'suspend))) (udev-service-type config => (udev-configuration (inherit config) (rules (append (list %tun-udev-rule %backlight-udev-rule) (udev-configuration-rules config))))) (network-manager-service-type config => (network-manager-configuration (inherit config) (vpn-plugins (list network-manager-openvpn))))))) (define-public %my-base-services (append (list (service openssh-service-type) (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) (service pam-krb5-service-type pam-krb5-config)) %base-services)) (define-public %metznet-server-services (append (list (service dhcp-client-service-type) (openvpn-client-service #:config (openvpn-client-configuration (openvpn openvpn) (pid-file "/var/run/openvpn/client.pid") (persist-key? #f) (tls-auth "/etc/openvpn/ta.key")))) %my-base-services)) (define-public base-operating-system (operating-system ;; Hostname and localization information (host-name "base") (timezone "America/Edmonton") (locale "en_CA.utf8") (keyboard-layout %default-keyboard-layout) ;; Kernel and firmware definitions (kernel linux) (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments)) (firmware (list linux-firmware)) (initrd microcode-initrd) ;; Grub UEFI Bootloader installed to /boot/efi (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (targets '("/boot/efi")) (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/boot/efi") (device "/dev/vda1") (type "vfat") (check? #f)) (file-system (mount-point "/") (device "/dev/vda3") (type "xfs") (check? #f)) %base-file-systems)) (users %my-base-user-accounts) (groups %my-base-groups) (packages %my-base-packages) (services %my-base-services))) (define-public base-server-system (operating-system (inherit base-operating-system) (host-name "base-server") (packages %metznet-server-packages) (services %metznet-server-services))) (define-public base-desktop-system (operating-system (inherit base-operating-system) (host-name "base-desktop") (setuid-programs %desktop-setuid-programs) (packages %metznet-desktop-packages) (services %metznet-desktop-services)))