metznet-channel/metznet/system/base-system.scm

220 lines
9.1 KiB
Scheme

(define-module (base-system)
#:use-module (homelab)
#:use-module (gnu)
#:use-module (guix gexp)
#:use-module (nongnu packages linux)
#:use-module (gnu packages vim)
#:use-module (gnu system nss)
#:use-module (gnu packages certs)
#:use-module (gnu services pm)
#:use-module (gnu services vpn)
#:use-module (gnu packages vpn)
#:use-module (gnu services networking)
#:use-module (gnu packages networking)
#:use-module (gnu services ssh)
#:use-module (gnu packages dns)
#:use-module (gnu packages openldap)
#:use-module (gnu services kerberos)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages admin)
#:use-module (gnu packages shells)
#:use-module (gnu services desktop)
#:use-module (gnu packages gnome)
#:use-module (gnu packages wm)
#:use-module (gnu services xorg)
#:use-module (gnu packages suckless)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages terminals)
#:use-module (gnu packages virtualization)
#:use-module (gnu packages version-control)
#:use-module (nongnu system linux-initrd)
#:use-module (gnu system setuid)
#:use-module (ice-9 exceptions))
(define-public get-env-default
(lambda (env default)
(or
(getenv env)
default)))
(define kadmin-prefix
(get-env-default "KADMIN_PREFIX" "kadmin."))
(define kdc-prefix
(get-env-default "KDC_PREFIX" "kadmin."))
(define-public %domain-caps
(get-env-default "DOMAIN_CAPS" "METZNET.CA"))
(define-public %domain-name
(get-env-default "DOMAIN_NAME" "metznet.ca"))
(define-public %domain-kadmin (string-append kadmin-prefix %domain-name))
(define-public %domain-kdc (string-append kdc-prefix %domain-name))
(define-public %my-base-user-accounts (append (list
(user-account
(name "root")
(group "root")
(uid 0)
(password (crypt "root" "$6$salt"))
(shell (file-append zsh "/bin/zsh"))))
%base-user-accounts))
(define-public %my-base-groups (append (list
(user-group
(system? #t)
(name "realtime"))
(user-group
(system? #t)
(name "usb")))
%base-groups))
(define-public %my-base-packages (append (list metznet-system openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define-public %my-desktop-packages (append (list i3-wm i3status dmenu alacritty icecat) %my-base-packages))
(define-public %my-server-packages (append (list isc-dhcp) %my-base-packages))
(define-public %desktop-setuid-programs (append
(list (setuid-program
(program #~(string-append #$openvpn "/sbin/openvpn")))
(setuid-program
(program #~(string-append #$openresolv "/sbin/resolvconf"))))
%setuid-programs))
(define (krb5-config kdc-server kadmin) (krb5-configuration
(default-realm %domain-caps)
(allow-weak-crypto? #t)
(rdns? #f)
(realms (list (krb5-realm
(name %domain-caps)
(admin-server kadmin)
(kdc kdc-server))))))
(define pam-krb5-config (pam-krb5-configuration
(pam-krb5 pam-krb5)
(minimum-uid 1000)))
(define-public %default-keyboard-layout (keyboard-layout "us"))
(define-public %kvm-udev-rule
(udev-rule
"65-kvm.rules"
"KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))
(define-public %usb-udev-rule
(udev-rule
"51-usb.rules"
(string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"
"SUBSYSTEM==\"usbmisc\", GROUP=\"usb\"")))
(define %tun-udev-rule
(udev-rule
"90-tun.rules"
"KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\""))
(define %backlight-udev-rule
(udev-rule
"55-backlight.rules"
"RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))
(define-public %my-desktop-services
(append (list (service openssh-service-type)
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
(service pam-krb5-service-type pam-krb5-config)
;(set-xorg-configuration
; (xorg-configuration
; (keyboard-layout %default-keyboard-layout)))
)
(modify-services %desktop-services
(guix-service-type config => (guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (plain-file "nonguix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
%default-authorized-guix-keys))))
(elogind-service-type config =>
(elogind-configuration (inherit config)
(handle-lid-switch-external-power 'suspend)))
(udev-service-type config =>
(udev-configuration (inherit config)
(rules (append (list %tun-udev-rule
%backlight-udev-rule)
(udev-configuration-rules config)))))
(network-manager-service-type config =>
(network-manager-configuration (inherit config)
(vpn-plugins (list network-manager-openvpn)))))))
(define-public %my-base-services (append (list
(service openssh-service-type)
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
(service pam-krb5-service-type pam-krb5-config))
%base-services))
(define-public %my-server-services (append (list
(service dhcp-client-service-type)
(openvpn-client-service
#:config (openvpn-client-configuration
(openvpn openvpn)
(pid-file "/var/run/openvpn/client.pid")
(persist-key? #f)
(tls-auth "/etc/openvpn/ta.key"))))
%my-base-services))
(define-public base-operating-system
(operating-system
;; Hostname and localization information
(host-name "base")
(timezone "America/Edmonton")
(locale "en_CA.utf8")
(keyboard-layout %default-keyboard-layout)
;; Kernel and firmware definitions
(kernel linux)
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
(firmware (list linux-firmware))
(initrd microcode-initrd)
;; Grub UEFI Bootloader installed to /boot/efi
(bootloader
(bootloader-configuration
(bootloader grub-efi-bootloader)
(targets '("/boot/efi"))
(keyboard-layout keyboard-layout)))
(file-systems (cons*
(file-system
(mount-point "/boot/efi")
(device "/dev/vda1")
(type "vfat")
(check? #f))
(file-system
(mount-point "/")
(device "/dev/vda3")
(type "xfs")
(check? #f))
%base-file-systems))
(users %my-base-user-accounts)
(groups %my-base-groups)
(packages %my-base-packages)
(services %my-base-services)))
(define-public base-server-system
(operating-system
(inherit base-operating-system)
(host-name "base-server")
(packages %my-server-packages)
(services %my-server-services)))
(define-public base-desktop-system
(operating-system
(inherit base-operating-system)
(host-name "base-desktop")
(setuid-programs %desktop-setuid-programs)
(packages %my-desktop-packages)
(services %my-desktop-services)))