(define-module (rekahsoft guix-config proxmox-vm-lvm-minimal) #:use-module (gnu) #:use-module (gnu packages) #:use-module (gnu system nss) #:use-module (srfi srfi-1) #:use-module (gnu services dbus) #:use-module (gnu services desktop) #:use-module (gnu services networking) #:use-module (gnu services monitoring) #:use-module (gnu services ssh) #:use-module (gnu services xorg) #:use-module (gnu packages bash) #:use-module (gnu packages shells) #:export (%proxmox-vm-lvm-minimal-services proxmox-vm-lvm-minimal)) (define %automation-user "auto") (define %guix-key (local-file "../../../.pubkeys/guix-coordinator-key.pub")) ;; Services need to be exposed this way so they can be overriden via guix's special ;; record inheritance. Otherwise, if trying to directly use an operating-system's ;; services, an error will be recieved about an abiguous-service called 'system. (define %proxmox-vm-lvm-minimal-services (append (list (service openssh-service-type (openssh-configuration (password-authentication? #f) (authorized-keys `(("auto" ,(local-file "../../../.deploy-key/key.pub")) ("collin" ,(local-file "../../../.pubkeys/collin.pub")) ("root" ,(local-file "../../../.pubkeys/collin.pub")))))) (service prometheus-node-exporter-service-type) ;; ;; All below services were taken from %desktop-services ;; Add polkit rules, so that non-root users in the wheel group can ;; perform administrative tasks (similar to "sudo"). polkit-wheel-service ;; The global fontconfig cache directory can sometimes contain ;; stale entries, possibly referencing fonts that have been GC'd, ;; so mount it read-only. fontconfig-file-system-service ;; NetworkManager (service network-manager-service-type) (service wpa-supplicant-service-type) ;needed by NetworkManager ;; The D-Bus clique. (accountsservice-service) (service polkit-service-type) (elogind-service) (dbus-service) (service ntp-service-type)) (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) (authorized-keys (cons %guix-key %default-authorized-guix-keys)) (substitute-urls %default-substitute-urls)))))) (define (proxmox-vm-lvm-minimal host-name) (operating-system (host-name host-name) (timezone "America/Toronto") (locale "en_US.utf8") (keyboard-layout (keyboard-layout "us")) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sda")))) (initrd-modules (append '("virtio_scsi") %base-initrd-modules)) (mapped-devices (list (mapped-device (source "vg0") (targets (list "vg0-root" "vg0-swap")) (type lvm-device-mapping)))) (swap-devices (list (swap-space (target (file-system-label "swap")) (dependencies mapped-devices)))) (file-systems (append (list (file-system (device (file-system-label "root")) (mount-point "/") (type "ext4") (dependencies mapped-devices))) %base-file-systems)) (users (cons* (user-account (name %automation-user) (comment "Automation User") (group "users") (shell #~(string-append #$bash "/bin/bash")) (supplementary-groups '("wheel" "netdev" "audio" "video")) (home-directory "/home/auto")) %base-user-accounts)) (sudoers-file (plain-file "sudoers" (string-append (plain-file-content %sudoers-specification) (format #f "~a ALL = NOPASSWD: ALL~%" %automation-user)))) (packages (append (map specification->package '("nss-certs" "recutils" "openssh" "tmux" "emacs" "emacs-guix")) %base-packages)) (services %proxmox-vm-lvm-minimal-services) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)))