94 lines
3.3 KiB
Scheme
94 lines
3.3 KiB
Scheme
|
;; Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||
|
|
;;
|
||
|
|
;; This file is free software; you can redistribute it and/or modify it
|
||
|
|
;; under the terms of the GNU General Public License as published by
|
||
|
|
;; the Free Software Foundation; either version 3 of the License, or (at
|
||
|
|
;; your option) any later version.
|
||
|
|
;;
|
||
|
|
;; You should have received a copy of the GNU General Public License
|
||
|
|
;; along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||
|
|
|
||
|
|
(define-module (mumble-vm-system)
|
||
|
|
#:use-module (gnu)
|
||
|
|
#:use-module (gnu packages admin)
|
||
|
|
#:use-module (gnu packages dns)
|
||
|
|
#:use-module (gnu packages linux)
|
||
|
|
#:use-module (gnu packages ssh)
|
||
|
|
#:use-module (gnu services admin)
|
||
|
|
#:use-module (gnu services ssh)
|
||
|
|
#:export (mumble-vm-operating-system))
|
||
|
|
|
||
|
|
(define-public %nginx-deploy-hook
|
||
|
|
(program-file
|
||
|
|
"nginx-deploy-hook"
|
||
|
|
#~(let
|
||
|
|
((nginx-pid (call-with-input-file "/var/run/nginx/pid" read))
|
||
|
|
(mumble-server-pid
|
||
|
|
(call-with-input-file
|
||
|
|
"/var/run/mumble-server/mumble-server.pid" read)))
|
||
|
|
((lambda _
|
||
|
|
(kill nginx-pid SIGHUP)
|
||
|
|
(kill mumble-server-pid SIGUSR1))))))
|
||
|
|
|
||
|
|
(define mumble-vm-operating-system
|
||
|
|
(operating-system
|
||
|
|
(bootloader (bootloader-configuration
|
||
|
|
(bootloader grub-minimal-bootloader)
|
||
|
|
(targets '("/dev/vda"))))
|
||
|
|
;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4
|
||
|
|
;; without doing many fsck?
|
||
|
|
(file-systems (cons (file-system
|
||
|
|
(device (file-system-label "Guix_image"))
|
||
|
|
(mount-point "/")
|
||
|
|
(type "ext4")) %base-file-systems))
|
||
|
|
(host-name "mumble-vm")
|
||
|
|
(timezone "Europe/Paris")
|
||
|
|
(packages
|
||
|
|
(append
|
||
|
|
(list htop
|
||
|
|
iftop
|
||
|
|
`(,isc-bind "utils")
|
||
|
|
net-tools
|
||
|
|
nmon
|
||
|
|
openssh-sans-x)
|
||
|
|
%base-packages))
|
||
|
|
(services
|
||
|
|
(append
|
||
|
|
(list
|
||
|
|
;; Networking
|
||
|
|
(service
|
||
|
|
static-networking-service-type
|
||
|
|
(list
|
||
|
|
(static-networking
|
||
|
|
(addresses (list (network-address
|
||
|
|
(device "eth0")
|
||
|
|
(value "192.168.10.37/24"))))
|
||
|
|
(routes (list (network-route
|
||
|
|
(destination "default")
|
||
|
|
(gateway "192.168.10.1"))))
|
||
|
|
(name-servers '("192.168.10.1")))))
|
||
|
|
;; OpenSSH
|
||
|
|
(service openssh-service-type
|
||
|
|
(openssh-configuration
|
||
|
|
(openssh openssh-sans-x)
|
||
|
|
(use-pam? #f)
|
||
|
|
(port-number 222)
|
||
|
|
(permit-root-login #t)
|
||
|
|
(password-authentication? #f)
|
||
|
|
(challenge-response-authentication? #f)
|
||
|
|
(authorized-keys
|
||
|
|
`(("root" , (local-file "id_ed25519.pub"))
|
||
|
|
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||
|
|
;; Unattended Upgrades
|
||
|
|
(service unattended-upgrade-service-type))
|
||
|
|
(modify-services
|
||
|
|
%base-services
|
||
|
|
(guix-service-type config => (guix-configuration
|
||
|
|
(authorized-keys
|
||
|
|
(append
|
||
|
|
(list
|
||
|
|
(local-file
|
||
|
|
"signing-key.pub"))
|
||
|
|
%default-authorized-guix-keys)))))))))
|
||
|
|
mumble-vm-operating-system
|