130 lines
4.4 KiB
Scheme
130 lines
4.4 KiB
Scheme
(define-module (rekahsoft guix-config proxmox-vm-lvm-minimal)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu packages)
|
|
#:use-module (gnu system nss)
|
|
#:use-module (srfi srfi-1)
|
|
|
|
#:use-module (gnu services dbus)
|
|
#:use-module (gnu services desktop)
|
|
#:use-module (gnu services networking)
|
|
#:use-module (gnu services monitoring)
|
|
#:use-module (gnu services ssh)
|
|
#:use-module (gnu services xorg)
|
|
#:use-module (gnu packages bash)
|
|
#:use-module (gnu packages shells)
|
|
#:export (%proxmox-vm-lvm-minimal-services
|
|
proxmox-vm-lvm-minimal))
|
|
|
|
(define %automation-user "auto")
|
|
(define %guix-key (local-file "../../../.pubkeys/guix-coordinator-key.pub"))
|
|
|
|
;; Services need to be exposed this way so they can be overriden via guix's special
|
|
;; record inheritance. Otherwise, if trying to directly use an operating-system's
|
|
;; services, an error will be recieved about an abiguous-service called 'system.
|
|
(define %proxmox-vm-lvm-minimal-services
|
|
(append
|
|
(list (service openssh-service-type
|
|
(openssh-configuration
|
|
(password-authentication? #f)
|
|
(authorized-keys
|
|
`(("auto" ,(local-file "../../../.deploy-key/key.pub"))
|
|
("collin" ,(local-file "../../../.pubkeys/collin.pub"))
|
|
("root" ,(local-file "../../../.pubkeys/collin.pub"))))))
|
|
(service prometheus-node-exporter-service-type)
|
|
|
|
;;
|
|
;; All below services were taken from %desktop-services
|
|
|
|
;; Add polkit rules, so that non-root users in the wheel group can
|
|
;; perform administrative tasks (similar to "sudo").
|
|
polkit-wheel-service
|
|
|
|
;; The global fontconfig cache directory can sometimes contain
|
|
;; stale entries, possibly referencing fonts that have been GC'd,
|
|
;; so mount it read-only.
|
|
fontconfig-file-system-service
|
|
|
|
;; NetworkManager
|
|
(service network-manager-service-type)
|
|
(service wpa-supplicant-service-type) ;needed by NetworkManager
|
|
|
|
;; The D-Bus clique.
|
|
(accountsservice-service)
|
|
(service polkit-service-type)
|
|
(elogind-service)
|
|
(dbus-service)
|
|
|
|
(service ntp-service-type))
|
|
(modify-services
|
|
%base-services
|
|
(guix-service-type
|
|
config => (guix-configuration
|
|
(inherit config)
|
|
(authorized-keys (cons %guix-key %default-authorized-guix-keys))
|
|
(substitute-urls %default-substitute-urls))))))
|
|
|
|
(define (proxmox-vm-lvm-minimal host-name)
|
|
(operating-system
|
|
(host-name host-name)
|
|
(timezone "America/Toronto")
|
|
(locale "en_US.utf8")
|
|
(keyboard-layout (keyboard-layout "us"))
|
|
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-bootloader)
|
|
(targets '("/dev/sda"))))
|
|
|
|
(initrd-modules
|
|
(append '("virtio_scsi") %base-initrd-modules))
|
|
|
|
(mapped-devices
|
|
(list (mapped-device
|
|
(source "vg0")
|
|
(targets (list "vg0-root" "vg0-swap"))
|
|
(type lvm-device-mapping))))
|
|
|
|
(swap-devices
|
|
(list (swap-space
|
|
(target (file-system-label "swap"))
|
|
(dependencies mapped-devices))))
|
|
|
|
(file-systems (append
|
|
(list (file-system
|
|
(device (file-system-label "root"))
|
|
(mount-point "/")
|
|
(type "ext4")
|
|
(dependencies mapped-devices)))
|
|
%base-file-systems))
|
|
|
|
(users (cons* (user-account
|
|
(name %automation-user)
|
|
(comment "Automation User")
|
|
(group "users")
|
|
(shell #~(string-append #$bash "/bin/bash"))
|
|
(supplementary-groups
|
|
'("wheel" "netdev" "audio" "video"))
|
|
(home-directory "/home/auto"))
|
|
%base-user-accounts))
|
|
|
|
(sudoers-file
|
|
(plain-file "sudoers"
|
|
(string-append (plain-file-content %sudoers-specification)
|
|
(format #f "~a ALL = NOPASSWD: ALL~%"
|
|
%automation-user))))
|
|
|
|
(packages
|
|
(append
|
|
(map specification->package
|
|
'("nss-certs"
|
|
"recutils"
|
|
"openssh"
|
|
"tmux"
|
|
"emacs"
|
|
"emacs-guix"))
|
|
%base-packages))
|
|
|
|
(services %proxmox-vm-lvm-minimal-services)
|
|
|
|
;; Allow resolution of '.local' host names with mDNS.
|
|
(name-service-switch %mdns-host-lookup-nss)))
|