experimental-vms/mumble-vm-system.scm

94 lines
3.3 KiB
Scheme
Raw Normal View History

;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;
;; This file is free software; you can redistribute it and/or modify it
;; under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or (at
;; your option) any later version.
;;
;; You should have received a copy of the GNU General Public License
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
(define-module (mumble-vm-system)
#:use-module (gnu)
#:use-module (gnu packages admin)
#:use-module (gnu packages dns)
#:use-module (gnu packages linux)
#:use-module (gnu packages ssh)
#:use-module (gnu services admin)
#:use-module (gnu services ssh)
#:export (mumble-vm-operating-system))
(define-public %nginx-deploy-hook
(program-file
"nginx-deploy-hook"
#~(let
((nginx-pid (call-with-input-file "/var/run/nginx/pid" read))
(mumble-server-pid
(call-with-input-file
"/var/run/mumble-server/mumble-server.pid" read)))
((lambda _
(kill nginx-pid SIGHUP)
(kill mumble-server-pid SIGUSR1))))))
(define mumble-vm-operating-system
(operating-system
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
(targets '("/dev/vda"))))
;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4
;; without doing many fsck?
(file-systems (cons (file-system
(device (file-system-label "Guix_image"))
(mount-point "/")
(type "ext4")) %base-file-systems))
(host-name "mumble-vm")
(timezone "Europe/Paris")
(packages
(append
(list htop
iftop
`(,isc-bind "utils")
net-tools
nmon
openssh-sans-x)
%base-packages))
(services
(append
(list
;; Networking
(service
static-networking-service-type
(list
(static-networking
(addresses (list (network-address
(device "eth0")
(value "192.168.10.37/24"))))
(routes (list (network-route
(destination "default")
(gateway "192.168.10.1"))))
(name-servers '("192.168.10.1")))))
;; OpenSSH
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(use-pam? #f)
(port-number 222)
(permit-root-login #t)
(password-authentication? #f)
(challenge-response-authentication? #f)
(authorized-keys
`(("root" , (local-file "id_ed25519.pub"))
("gnutoo" ,(local-file "id_ed25519.pub"))))))
;; Unattended Upgrades
(service unattended-upgrade-service-type))
(modify-services
%base-services
(guix-service-type config => (guix-configuration
(authorized-keys
(append
(list
(local-file
"signing-key.pub"))
%default-authorized-guix-keys)))))))))
mumble-vm-operating-system