From dd278fa4e3330884547db8713531efa6ee956e0b Mon Sep 17 00:00:00 2001 From: David Thompson Date: Sat, 12 Aug 2023 10:18:13 -0400 Subject: Reorganize! Delete cruft! Use guix home! --- aigis.scm | 64 ------------ common-home.scm | 39 +++++++ dave.pub | 2 - ikaruga-home.scm | 71 +++++++++++++ ikaruga-os.scm | 98 ++++++++++++++++++ ikaruga.scm | 98 ------------------ keys/dave.pub | 2 + keys/nonguix-signing-key.pub | 6 ++ keys/signing-key.pub | 6 ++ laptop-manifest.scm | 104 ------------------- nonguix-signing-key.pub | 6 -- rise-home.scm | 38 +++---- rise-os.scm | 4 +- signing-key.pub | 6 -- takemi-os.scm | 241 +++++++++++++++++++++++++++++++++++++++++++ takemi.scm | 241 ------------------------------------------- vhl-profile.scm | 45 -------- 17 files changed, 482 insertions(+), 589 deletions(-) delete mode 100644 aigis.scm create mode 100644 common-home.scm delete mode 100644 dave.pub create mode 100644 ikaruga-home.scm create mode 100644 ikaruga-os.scm delete mode 100644 ikaruga.scm create mode 100644 keys/dave.pub create mode 100644 keys/nonguix-signing-key.pub create mode 100644 keys/signing-key.pub delete mode 100644 laptop-manifest.scm delete mode 100644 nonguix-signing-key.pub delete mode 100644 signing-key.pub create mode 100644 takemi-os.scm delete mode 100644 takemi.scm delete mode 100644 vhl-profile.scm diff --git a/aigis.scm b/aigis.scm deleted file mode 100644 index 46bdb82..0000000 --- a/aigis.scm +++ /dev/null @@ -1,64 +0,0 @@ -;;; Copyright © 2015 David Thompson -;;; -;;; This program is free software; you can redistribute it and/or -;;; modify it under the terms of the GNU General Public License as -;;; published by the Free Software Foundation; either version 3 of the -;;; License, or (at your option) any later version. -;;; -;;; This program is distributed in the hope that it will be useful, -;;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -;;; General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with this program. If not, see -;;; . - -;;; Commentary: -;; -;; HTPC configuration. - -(use-modules (srfi srfi-1) - (gnu) - (gnu services)) -(use-service-modules desktop networking ssh xorg) -(use-package-modules certs kodi rsync) - -(define (wicd-service? service) - (eq? (service-kind service) wicd-service-type)) - -(operating-system - (host-name "aigis") - (timezone "America/New_York") - (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/sda"))) - (file-systems (cons* (file-system - (device "root") - (title 'label) - (mount-point "/") - (type "ext4")) - (file-system - (device "home") - (title 'label) - (mount-point "/home") - (type "ext4")) - %base-file-systems)) - (users (list (user-account - (name "dave") - (comment "David Thompson") - (group "users") - (supplementary-groups '("wheel" "netdev" "audio" - "video" "cdrom")) - (home-directory "/home/dave")))) - (packages (cons* nss-certs rsync %base-packages)) - (services - (let ((kodi-session #~(string-append #$kodi "/bin/kodi-standalone"))) - (cons* (static-networking-service "enp0s10" "192.168.1.222") - (lsh-service #:initialize? #t) - (modify-services (remove wicd-service? %desktop-services) - (slim-service-type config => - (slim-configuration - (inherit config) - (auto-login? #t) - (default-user "dave") - (auto-login-session kodi-session)))))))) diff --git a/common-home.scm b/common-home.scm new file mode 100644 index 0000000..e4b979c --- /dev/null +++ b/common-home.scm @@ -0,0 +1,39 @@ +;;; Copyright © 2023 David Thompson +;;; +;;; This program is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU General Public License as +;;; published by the Free Software Foundation; either version 3 of the +;;; License, or (at your option) any later version. +;;; +;;; This program is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see +;;; . + +(use-modules (gnu home) + (gnu packages) + (gnu services) + (guix gexp) + (gnu home services) + (gnu home services shells)) + +(define (dotfiles . file-names) + (define dir (dirname (current-filename))) + (map (lambda (file-name) + (list file-name + (local-file (string-append dir "/dotfiles/" file-name) + (string-append "dotfile-" (basename file-name))))) + file-names)) + +(define common-services + (list (service home-bash-service-type + (home-bash-configuration + (aliases '(("grep" . "grep --color=auto") + ("ls" . "ls -ahlp --color=auto"))))) + (simple-service 'dotfiles + home-files-service-type + (dotfiles ".emacs.d/init.el" ".guile")))) diff --git a/dave.pub b/dave.pub deleted file mode 100644 index 861655c..0000000 --- a/dave.pub +++ /dev/null @@ -1,2 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCdmBovaM1lA1DgJPr8X1gBZWB5pBOhbQwgRmdC5JK0VfeEld7zNhOPwRTxL61Ak9WI/EmvkhQNrvDQotOJXj59JmIvHWK7Ldqan3uXmHWR7Hi8xIgQWxTCXHZ68Xx6AdPBo9d49IkdEfH39BaQ///cqwHrZlm0ayCUDiRZI/gXp5vC1I3xsTdNk7GrfCbxKyN3m9XwMbTtAb0d5F9Z9FqDJUidsb6ND8fl2GnZWhb9geofXK88gC9bdUCf39uPLuZpUVUiL89/IG+AFT8mhfyqIb6v7J98wN3yfsv9HnySXPoqa30uO2SDVs5hl7BOvfhguzVD2k51LTPgrkpDirBmsSD5oxCgO+rVmMucZ7Nm/s5HGXGjbfC9zPQ+8PHDK7tyoIqaPQrvNVGQ3yTzy2oY7x9wOrCW8Le/GVfNQPz+QxGk9T3Lm4vLqpjWzeWbtx5M5u8PNoXZhwaKKLLY3kwcGvEVQIgIPY0/KRqlEFvfurQRi0yZS9iBNOaCa8GbekB2nawBQNdwyFs0EdSmb27OZLpDk2bbvuSMwGuGovT5aomjQ4uzgeoS1af01mtviyW/w380HhIytIiRIUiF0BxIBvasbjFl2XrbIv4IO4Im2zFtG/e0UNm6cUk27grXFo2QNnyFE0FifpXXk1ILs+KDINq4rOMf5cB9lYMHlUo3Yw== dthompson@DT-ThinkPad-X1-Carbon-6th -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkGFopyTXgqnLxccSUoOdS21T8+c2areKbetKN/W+MW dave@izanagi \ No newline at end of file diff --git a/ikaruga-home.scm b/ikaruga-home.scm new file mode 100644 index 0000000..9b1e9b4 --- /dev/null +++ b/ikaruga-home.scm @@ -0,0 +1,71 @@ +;;; Copyright © 2023 David Thompson +;;; +;;; This program is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU General Public License as +;;; published by the Free Software Foundation; either version 3 of the +;;; License, or (at your option) any later version. +;;; +;;; This program is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see +;;; . + +(include "common-home.scm") + +(home-environment + (packages (specifications->packages + '("emacs" + "emacs-better-defaults" + "emacs-buffer-env" + "emacs-doom-modeline" + "emacs-doom-themes" + "emacs-flycheck-guile" + "emacs-geiser-guile" + "emacs-htmlize" + "emacs-js2-mode" + "emacs-magit" + "emacs-magit-annex" + "emacs-markdown-mode" + "emacs-org-reveal" + "emacs-paredit" + "emacs-racket-mode" + "emacs-rainbow-delimiters" + "emacs-smex" + "emacs-typo" + "emacs-use-package" + "emacs-web-mode" + "emacs-which-key" + "emacs-yaml-mode" + "firefox" + "font-google-noto-sans-cjk" + "font-google-noto-serif-cjk" + "font-inconsolata" + "gimp" + "git" + "git:send-email" + "git-annex" + "gnome-tweaks" + "gnupg" + "gst-plugins-bad" + "guile@3" + "keepassxc" + "libreoffice" + "libresprite" + "milkytracker" + "ncurses" + "obs" + "openssh" + "pavucontrol" + "pinentry" + "sfxr" + "sicp" + "steam" + "strace" + "tor" + "ungoogled-chromium" + "xournal"))) + (services common-services)) diff --git a/ikaruga-os.scm b/ikaruga-os.scm new file mode 100644 index 0000000..ac341bb --- /dev/null +++ b/ikaruga-os.scm @@ -0,0 +1,98 @@ +;;; Copyright © 2022 David Thompson +;;; +;;; This program is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU General Public License as +;;; published by the Free Software Foundation; either version 3 of the +;;; License, or (at your option) any later version. +;;; +;;; This program is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see +;;; . + +;;; Commentary: +;; +;; Laptop OS configuration. +;; +;; To update using this OS configuration, run: +;; +;; guix system reconfigure ikaruga.scm + +(use-modules (gnu) + (gnu services cups) + (gnu services desktop) + (gnu services games) + (gnu services pm) + (nongnu packages linux) + (nongnu system linux-initrd)) + +(operating-system + (locale "en_US.utf8") + (timezone "America/New_York") + (keyboard-layout (keyboard-layout "us")) + (host-name "ikaruga") + (bootloader (bootloader-configuration + (bootloader grub-efi-bootloader) + (targets (list "/boot/efi")) + (keyboard-layout keyboard-layout))) + ;; Use regular Linux with the big bad proprietary firmware blobs. + (kernel linux) + (initrd microcode-initrd) + ;; sof-firmware is required for sound to work, linux-firmware takes + ;; care of everything else. + (firmware (list sof-firmware linux-firmware)) + (users (cons* (user-account + (name "dave") + (comment "David Thompson") + (group "users") + (home-directory "/home/dave") + (supplementary-groups + '("audio" + "kvm" ; for running VMs + "lp" ; for bluetooth + "netdev" + "video" + "wheel"))) ; for sudo + %base-user-accounts)) + (packages (append (list (specification->package "nss-certs")) + %base-packages)) + (services (modify-services (cons* (service gnome-desktop-service-type) + (service bluetooth-service-type) + (service thermald-service-type) + (service joycond-service-type) + (service cups-service-type + (cups-configuration + (web-interface? #t) + (extensions + (list (specification->package "cups-filters") + (specification->package "brlaser"))))) + %desktop-services) + ;; Get nonguix substitutes. + (guix-service-type config => + (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "keys/nonguix-signing-key.pub")) + %default-authorized-guix-keys)))))) + (mapped-devices (list (mapped-device + (source (uuid "02b1ffb4-d868-4e5f-ab9b-8be3092e3a3c")) + (target "cryptroot") + (type luks-device-mapping)))) + (file-systems (cons* (file-system + (mount-point "/boot/efi") + (device (uuid "91D3-F76B" 'fat32)) + (type "vfat")) + (file-system + (mount-point "/") + (device "/dev/mapper/cryptroot") + (type "ext4") + (dependencies mapped-devices)) + %base-file-systems)) + (name-service-switch %mdns-host-lookup-nss)) diff --git a/ikaruga.scm b/ikaruga.scm deleted file mode 100644 index c22883d..0000000 --- a/ikaruga.scm +++ /dev/null @@ -1,98 +0,0 @@ -;;; Copyright © 2022 David Thompson -;;; -;;; This program is free software; you can redistribute it and/or -;;; modify it under the terms of the GNU General Public License as -;;; published by the Free Software Foundation; either version 3 of the -;;; License, or (at your option) any later version. -;;; -;;; This program is distributed in the hope that it will be useful, -;;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -;;; General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with this program. If not, see -;;; . - -;;; Commentary: -;; -;; Laptop OS configuration. -;; -;; To update using this OS configuration, run: -;; -;; guix system reconfigure ikaruga.scm - -(use-modules (gnu) - (gnu services cups) - (gnu services desktop) - (gnu services games) - (gnu services pm) - (nongnu packages linux) - (nongnu system linux-initrd)) - -(operating-system - (locale "en_US.utf8") - (timezone "America/New_York") - (keyboard-layout (keyboard-layout "us")) - (host-name "ikaruga") - (bootloader (bootloader-configuration - (bootloader grub-efi-bootloader) - (targets (list "/boot/efi")) - (keyboard-layout keyboard-layout))) - ;; Use regular Linux with the big bad proprietary firmware blobs. - (kernel linux) - (initrd microcode-initrd) - ;; sof-firmware is required for sound to work, linux-firmware takes - ;; care of everything else. - (firmware (list sof-firmware linux-firmware)) - (users (cons* (user-account - (name "dave") - (comment "David Thompson") - (group "users") - (home-directory "/home/dave") - (supplementary-groups - '("audio" - "kvm" ; for running VMs - "lp" ; for bluetooth - "netdev" - "video" - "wheel"))) ; for sudo - %base-user-accounts)) - (packages (append (list (specification->package "nss-certs")) - %base-packages)) - (services (modify-services (cons* (service gnome-desktop-service-type) - (service bluetooth-service-type) - (service thermald-service-type) - (service joycond-service-type) - (service cups-service-type - (cups-configuration - (web-interface? #t) - (extensions - (list (specification->package "cups-filters") - (specification->package "brlaser"))))) - %desktop-services) - ;; Get nonguix substitutes. - (guix-service-type config => - (guix-configuration - (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org") - %default-substitute-urls)) - (authorized-keys - (append (list (local-file "./nonguix-signing-key.pub")) - %default-authorized-guix-keys)))))) - (mapped-devices (list (mapped-device - (source (uuid "02b1ffb4-d868-4e5f-ab9b-8be3092e3a3c")) - (target "cryptroot") - (type luks-device-mapping)))) - (file-systems (cons* (file-system - (mount-point "/boot/efi") - (device (uuid "91D3-F76B" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device "/dev/mapper/cryptroot") - (type "ext4") - (dependencies mapped-devices)) - %base-file-systems)) - (name-service-switch %mdns-host-lookup-nss)) diff --git a/keys/dave.pub b/keys/dave.pub new file mode 100644 index 0000000..861655c --- /dev/null +++ b/keys/dave.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCdmBovaM1lA1DgJPr8X1gBZWB5pBOhbQwgRmdC5JK0VfeEld7zNhOPwRTxL61Ak9WI/EmvkhQNrvDQotOJXj59JmIvHWK7Ldqan3uXmHWR7Hi8xIgQWxTCXHZ68Xx6AdPBo9d49IkdEfH39BaQ///cqwHrZlm0ayCUDiRZI/gXp5vC1I3xsTdNk7GrfCbxKyN3m9XwMbTtAb0d5F9Z9FqDJUidsb6ND8fl2GnZWhb9geofXK88gC9bdUCf39uPLuZpUVUiL89/IG+AFT8mhfyqIb6v7J98wN3yfsv9HnySXPoqa30uO2SDVs5hl7BOvfhguzVD2k51LTPgrkpDirBmsSD5oxCgO+rVmMucZ7Nm/s5HGXGjbfC9zPQ+8PHDK7tyoIqaPQrvNVGQ3yTzy2oY7x9wOrCW8Le/GVfNQPz+QxGk9T3Lm4vLqpjWzeWbtx5M5u8PNoXZhwaKKLLY3kwcGvEVQIgIPY0/KRqlEFvfurQRi0yZS9iBNOaCa8GbekB2nawBQNdwyFs0EdSmb27OZLpDk2bbvuSMwGuGovT5aomjQ4uzgeoS1af01mtviyW/w380HhIytIiRIUiF0BxIBvasbjFl2XrbIv4IO4Im2zFtG/e0UNm6cUk27grXFo2QNnyFE0FifpXXk1ILs+KDINq4rOMf5cB9lYMHlUo3Yw== dthompson@DT-ThinkPad-X1-Carbon-6th +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkGFopyTXgqnLxccSUoOdS21T8+c2areKbetKN/W+MW dave@izanagi \ No newline at end of file diff --git a/keys/nonguix-signing-key.pub b/keys/nonguix-signing-key.pub new file mode 100644 index 0000000..56ee811 --- /dev/null +++ b/keys/nonguix-signing-key.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) + ) + ) diff --git a/keys/signing-key.pub b/keys/signing-key.pub new file mode 100644 index 0000000..27151f3 --- /dev/null +++ b/keys/signing-key.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #C9568CD6A214D8E9931F3C1A8F83B77F2C30E6B207F4BCAB90323DD5CBD71FF9#) + ) + ) diff --git a/laptop-manifest.scm b/laptop-manifest.scm deleted file mode 100644 index 1fa1b43..0000000 --- a/laptop-manifest.scm +++ /dev/null @@ -1,104 +0,0 @@ -;;; Copyright © 2022 David Thompson -;;; -;;; This program is free software; you can redistribute it and/or -;;; modify it under the terms of the GNU General Public License as -;;; published by the Free Software Foundation; either version 3 of the -;;; License, or (at your option) any later version. -;;; -;;; This program is distributed in the hope that it will be useful, -;;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -;;; General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with this program. If not, see -;;; . - -;;; Commentary: -;; -;; User package profile. -;; -;; To install this profile, run: -;; -;; guix package -m profile.scm - -(use-modules (guix git-download) - (guix packages) - (nongnu packages mozilla) - (nongnu packages steam-client)) -(use-package-modules chromium - emacs - emacs-xyz - fonts - game-development - gimp - gnome - gnupg - gstreamer - guile - haskell-apps - libreoffice - linux - music - ncurses - password-utils - pdf - pulseaudio - version-control - scheme - ssh - tor - video) - -(packages->manifest - (list emacs - emacs-better-defaults - emacs-buffer-env - emacs-doom-modeline - emacs-doom-themes - emacs-flycheck-guile - emacs-geiser-guile - emacs-htmlize - ;;emacs-ido-ubiquitous - emacs-js2-mode - emacs-magit - emacs-magit-annex - emacs-markdown-mode - emacs-org-reveal - emacs-paredit - emacs-racket-mode - emacs-rainbow-delimiters - emacs-smex - emacs-typo - emacs-use-package - emacs-web-mode - emacs-which-key - emacs-yaml-mode - firefox - font-google-noto-sans-cjk - font-google-noto-serif-cjk - font-inconsolata - gimp - git - (list git "send-email") - git-annex - gnome-tweaks - gnupg - gst-plugins-bad - guile-3.0 - keepassxc - libreoffice - libresprite - milkytracker - ncurses - obs - openssh - pavucontrol - pinentry - sfxr - sicp - steam - strace - tor - ungoogled-chromium - xournal)) diff --git a/nonguix-signing-key.pub b/nonguix-signing-key.pub deleted file mode 100644 index 56ee811..0000000 --- a/nonguix-signing-key.pub +++ /dev/null @@ -1,6 +0,0 @@ -(public-key - (ecc - (curve Ed25519) - (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) - ) - ) diff --git a/rise-home.scm b/rise-home.scm index ae5051c..bc1dd47 100644 --- a/rise-home.scm +++ b/rise-home.scm @@ -1,17 +1,20 @@ -(use-modules (gnu home) - (gnu packages) - (gnu services) - (guix gexp) - (gnu home services) - (gnu home services shells)) +;;; Copyright © 2023 David Thompson +;;; +;;; This program is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU General Public License as +;;; published by the Free Software Foundation; either version 3 of the +;;; License, or (at your option) any later version. +;;; +;;; This program is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see +;;; . -(define (dotfiles . file-names) - (define dir (dirname (current-filename))) - (map (lambda (file-name) - (list file-name - (local-file (string-append dir "/dotfiles/" file-name) - (string-append "dotfile-" (basename file-name))))) - file-names)) +(include "common-home.scm") (home-environment (packages (specifications->packages @@ -52,11 +55,4 @@ "qjackctl" "sfxr" "x42-plugins"))) - (services - (list (service home-bash-service-type - (home-bash-configuration - (aliases '(("grep" . "grep --color=auto") - ("ls" . "ls -ahlp --color=auto"))))) - (simple-service 'dotfiles - home-files-service-type - (dotfiles ".emacs.d/init.el" ".guile"))))) + (services common-services)) diff --git a/rise-os.scm b/rise-os.scm index ce8f039..7dc5247 100644 --- a/rise-os.scm +++ b/rise-os.scm @@ -102,7 +102,7 @@ (append (list "https://substitutes.nonguix.org") %default-substitute-urls)) (authorized-keys - (append (list (local-file "./nonguix-signing-key.pub")) + (append (list (local-file "keys/nonguix-signing-key.pub")) %default-authorized-guix-keys)))))) (mapped-devices (list (mapped-device (source (uuid "ee0a37d1-36d6-4e50-8af0-fc0bfe8c22ef")) @@ -116,5 +116,5 @@ (mount-point "/") (device "/dev/mapper/cryptroot") (type "ext4") - (dependencies mapped-devices)) %base-file-systems)) + (dependencies mapped-devices)) %base-file-systems)) (name-service-switch %mdns-host-lookup-nss)) diff --git a/signing-key.pub b/signing-key.pub deleted file mode 100644 index 27151f3..0000000 --- a/signing-key.pub +++ /dev/null @@ -1,6 +0,0 @@ -(public-key - (ecc - (curve Ed25519) - (q #C9568CD6A214D8E9931F3C1A8F83B77F2C30E6B207F4BCAB90323DD5CBD71FF9#) - ) - ) diff --git a/takemi-os.scm b/takemi-os.scm new file mode 100644 index 0000000..bd24040 --- /dev/null +++ b/takemi-os.scm @@ -0,0 +1,241 @@ +(use-modules (gnu)) +(use-service-modules certbot cgit networking ssh version-control web) + +(define letsencrypt-cert + "/etc/letsencrypt/live/dthompson.us/fullchain.pem") +(define letsencrypt-cert-key + "/etc/letsencrypt/live/dthompson.us/privkey.pem") +(define dave-pub-key (local-file "keys/dave.pub")) + +(define nginx-accounts + (list (user-group (name "nginx") (system? #t)) + (user-account + (name "nginx") + (group "nginx") + (supplementary-groups '("git")) + (system? #t) + (comment "nginx server user") + (home-directory "/var/empty") + (shell (file-append (specification->package "shadow") + "/sbin/nologin"))))) + +;; Need to override the default nginx service account configuration so +;; that the nginx user is a member of the git group. +(define nginx-service-type* + (service-type + (inherit nginx-service-type) + (extensions + (map (lambda (extension) + (if (eq? (service-extension-target extension) + account-service-type) + (service-extension account-service-type + (const nginx-accounts)) + extension)) + (service-type-extensions nginx-service-type))))) + +(define takemi-os + (operating-system + (locale "en_US.utf8") + (timezone "America/New_York") + (keyboard-layout (keyboard-layout "us")) + (host-name "takemi") + (users (cons* (user-account + (name "dave") + (comment "David Thompson") + (group "users") + (home-directory "/home/dave") + (supplementary-groups + '("wheel" "netdev"))) + (user-account + (name "publish") + (comment "Web file publisher") + (group "publish") + (home-directory "/var/www") + (system? #t) + (create-home-directory? #f)) + %base-user-accounts)) + (groups (cons* (user-group + (name "publish") + (system? #t)) + %base-groups)) + (sudoers-file + (plain-file "sudoers" + (string-append (plain-file-content %sudoers-specification) + ;; 'guix deploy' requires no password + ;; sudo capability. + "dave ALL = NOPASSWD: ALL\n"))) + (packages + (append (map specification->package '("emacs" "nss-certs" "rsync")) + %base-packages)) + (services + (append + (list (service dhcp-client-service-type) + (service openssh-service-type + (openssh-configuration + (password-authentication? #f) + ;; So I can forward ports from my local host to + ;; the server and have the ports accessible from + ;; the internet. + (gateway-ports? #t) + (authorized-keys + `(("dave" ,dave-pub-key) + ("publish" ,dave-pub-key))))) + (service gitolite-service-type + (gitolite-configuration + (admin-pubkey dave-pub-key) + (rc-file (gitolite-rc-file + ;; Grant read access to git group so + ;; cgit will work. + (umask #o0027) + (git-config-keys "gitweb\\..*"))))) + (service (service-type + (inherit certbot-service-type) + (extensions + ;; Replace original nginx-service-type with + ;; our modified one. + (map (lambda (extension) + (if (eq? (service-extension-target extension) + nginx-service-type) + (service-extension nginx-service-type* + (@@ (gnu services certbot) + certbot-nginx-server-configurations)) + extension)) + (service-type-extensions certbot-service-type)))) + (certbot-configuration + (email "dthompson2@worcester.edu") + (certificates + (list + (certificate-configuration + (domains '("dthompson.us" + "www.dthompson.us" + "git.dthompson.us" + "files.dthompson.us" + "haunt.dthompson.us")) + ;; Send SIGHUP signal to nginx to trigger a + ;; configuration reload, thus loading the + ;; updated certificates. + (deploy-hook (program-file + "nginx-deploy-hook" + #~(let ((pid (call-with-input-file + "/var/run/nginx/pid" + read))) + (kill pid SIGHUP))))))) + (webroot "/var/www/certbot"))) + (service nginx-service-type* + (nginx-configuration + (server-blocks + (list (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("www.dthompson.us")) + (root "/var/www/blog") + (ssl-certificate letsencrypt-cert) + (ssl-certificate-key letsencrypt-cert-key)) + (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("files.dthompson.us")) + (root "/var/www/files") + (raw-content '("autoindex on;")) + (ssl-certificate letsencrypt-cert) + (ssl-certificate-key letsencrypt-cert-key)) + ;; I used to have the Haunt website under + ;; its own subdomain, and some sites still + ;; point to it. + (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("haunt.dthompson.us")) + (root "/var/www/haunt") + (locations + (list + (nginx-location-configuration + (uri "/") + (body '("rewrite .* https://dthompson.us/projects/haunt.html permanent;"))))) + (ssl-certificate letsencrypt-cert) + (ssl-certificate-key letsencrypt-cert-key)))))) + (service fcgiwrap-service-type + (fcgiwrap-configuration + ;; Use git group for read-only access to gitolite + ;; repos. + (group "git"))) + (let ((cgit (specification->package "cgit"))) + (service (service-type + (inherit cgit-service-type) + (extensions + ;; Replace original nginx-service-type with + ;; our modified one. + (map (lambda (extension) + (if (eq? (service-extension-target extension) + nginx-service-type) + (service-extension nginx-service-type* + cgit-configuration-nginx-config) + extension)) + (service-type-extensions cgit-service-type)))) + (cgit-configuration + (project-list "/var/lib/gitolite/projects.list") + (repository-directory "/var/lib/gitolite/repositories") + (root-desc "all i wanted was a pepsi") + (enable-git-config? #t) + (enable-index-links? #t) + (enable-index-owner? #f) + (enable-commit-graph? #t) + (enable-log-filecount? #t) + (enable-log-linecount? #t) + (clone-url '("https://git.dthompson.us/$CGIT_REPO_URL")) + ;; Is there a way to avoid this wrapper script? + (source-filter (program-file + "cgit-syntax-highlight" + #~(apply execl + (string-append #$cgit "/lib/cgit/filters/syntax-highlighting.py") + (command-line)))) + (nginx + (list (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("git.dthompson.us")) + (root cgit) + (locations + (list + (nginx-location-configuration + (uri "@cgit") + (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;" + "fastcgi_param PATH_INFO $uri;" + "fastcgi_param QUERY_STRING $args;" + "fastcgi_param HTTP_HOST $server_name;" + "fastcgi_pass 127.0.0.1:9000;"))))) + (try-files (list "$uri" "@cgit")) + (ssl-certificate letsencrypt-cert) + (ssl-certificate-key letsencrypt-cert-key)))))))) + (map (lambda (s) + (if (eq? (service-kind s) guix-service-type) + (service guix-service-type + (guix-configuration + (authorized-keys (cons (local-file "keys/signing-key.pub") + %default-authorized-guix-keys)))) + s)) + %base-services))) + (bootloader + (bootloader-configuration + (bootloader grub-bootloader) + (targets '("/dev/vda")) + (keyboard-layout keyboard-layout))) + (initrd-modules + (append '("virtio_scsi") %base-initrd-modules)) + (swap-devices (list "/dev/vda2")) + (file-systems + (cons* (file-system + (mount-point "/") + (device + (uuid "f99d3ff5-57ea-4b20-bca7-bc2d58b4c364" + 'ext4)) + (type "ext4")) + %base-file-systems)))) + +(define takemi-host-key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrptBAMgs8dGDerBkcmZQ2W/0nEXtOBCl8nLlEwjKdI") + +(list (machine + (operating-system takemi-os) + (environment managed-host-environment-type) + (configuration (machine-ssh-configuration + (host-name "dthompson.us") + (system "x86_64-linux") + (user "dave") + (host-key takemi-host-key))))) diff --git a/takemi.scm b/takemi.scm deleted file mode 100644 index 0b74473..0000000 --- a/takemi.scm +++ /dev/null @@ -1,241 +0,0 @@ -(use-modules (gnu)) -(use-service-modules certbot cgit networking ssh version-control web) - -(define letsencrypt-cert - "/etc/letsencrypt/live/dthompson.us/fullchain.pem") -(define letsencrypt-cert-key - "/etc/letsencrypt/live/dthompson.us/privkey.pem") -(define dave-pub-key (local-file "dave.pub")) - -(define nginx-accounts - (list (user-group (name "nginx") (system? #t)) - (user-account - (name "nginx") - (group "nginx") - (supplementary-groups '("git")) - (system? #t) - (comment "nginx server user") - (home-directory "/var/empty") - (shell (file-append (specification->package "shadow") - "/sbin/nologin"))))) - -;; Need to override the default nginx service account configuration so -;; that the nginx user is a member of the git group. -(define nginx-service-type* - (service-type - (inherit nginx-service-type) - (extensions - (map (lambda (extension) - (if (eq? (service-extension-target extension) - account-service-type) - (service-extension account-service-type - (const nginx-accounts)) - extension)) - (service-type-extensions nginx-service-type))))) - -(define takemi-os - (operating-system - (locale "en_US.utf8") - (timezone "America/New_York") - (keyboard-layout (keyboard-layout "us")) - (host-name "takemi") - (users (cons* (user-account - (name "dave") - (comment "David Thompson") - (group "users") - (home-directory "/home/dave") - (supplementary-groups - '("wheel" "netdev"))) - (user-account - (name "publish") - (comment "Web file publisher") - (group "publish") - (home-directory "/var/www") - (system? #t) - (create-home-directory? #f)) - %base-user-accounts)) - (groups (cons* (user-group - (name "publish") - (system? #t)) - %base-groups)) - (sudoers-file - (plain-file "sudoers" - (string-append (plain-file-content %sudoers-specification) - ;; 'guix deploy' requires no password - ;; sudo capability. - "dave ALL = NOPASSWD: ALL\n"))) - (packages - (append (map specification->package '("emacs" "nss-certs" "rsync")) - %base-packages)) - (services - (append - (list (service dhcp-client-service-type) - (service openssh-service-type - (openssh-configuration - (password-authentication? #f) - ;; So I can forward ports from my local host to - ;; the server and have the ports accessible from - ;; the internet. - (gateway-ports? #t) - (authorized-keys - `(("dave" ,dave-pub-key) - ("publish" ,dave-pub-key))))) - (service gitolite-service-type - (gitolite-configuration - (admin-pubkey dave-pub-key) - (rc-file (gitolite-rc-file - ;; Grant read access to git group so - ;; cgit will work. - (umask #o0027) - (git-config-keys "gitweb\\..*"))))) - (service (service-type - (inherit certbot-service-type) - (extensions - ;; Replace original nginx-service-type with - ;; our modified one. - (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - (@@ (gnu services certbot) - certbot-nginx-server-configurations)) - extension)) - (service-type-extensions certbot-service-type)))) - (certbot-configuration - (email "dthompson2@worcester.edu") - (certificates - (list - (certificate-configuration - (domains '("dthompson.us" - "www.dthompson.us" - "git.dthompson.us" - "files.dthompson.us" - "haunt.dthompson.us")) - ;; Send SIGHUP signal to nginx to trigger a - ;; configuration reload, thus loading the - ;; updated certificates. - (deploy-hook (program-file - "nginx-deploy-hook" - #~(let ((pid (call-with-input-file - "/var/run/nginx/pid" - read))) - (kill pid SIGHUP))))))) - (webroot "/var/www/certbot"))) - (service nginx-service-type* - (nginx-configuration - (server-blocks - (list (nginx-server-configuration - (listen '("443 ssl")) - (server-name '("www.dthompson.us")) - (root "/var/www/blog") - (ssl-certificate letsencrypt-cert) - (ssl-certificate-key letsencrypt-cert-key)) - (nginx-server-configuration - (listen '("443 ssl")) - (server-name '("files.dthompson.us")) - (root "/var/www/files") - (raw-content '("autoindex on;")) - (ssl-certificate letsencrypt-cert) - (ssl-certificate-key letsencrypt-cert-key)) - ;; I used to have the Haunt website under - ;; its own subdomain, and some sites still - ;; point to it. - (nginx-server-configuration - (listen '("443 ssl")) - (server-name '("haunt.dthompson.us")) - (root "/var/www/haunt") - (locations - (list - (nginx-location-configuration - (uri "/") - (body '("rewrite .* https://dthompson.us/projects/haunt.html permanent;"))))) - (ssl-certificate letsencrypt-cert) - (ssl-certificate-key letsencrypt-cert-key)))))) - (service fcgiwrap-service-type - (fcgiwrap-configuration - ;; Use git group for read-only access to gitolite - ;; repos. - (group "git"))) - (let ((cgit (specification->package "cgit"))) - (service (service-type - (inherit cgit-service-type) - (extensions - ;; Replace original nginx-service-type with - ;; our modified one. - (map (lambda (extension) - (if (eq? (service-extension-target extension) - nginx-service-type) - (service-extension nginx-service-type* - cgit-configuration-nginx-config) - extension)) - (service-type-extensions cgit-service-type)))) - (cgit-configuration - (project-list "/var/lib/gitolite/projects.list") - (repository-directory "/var/lib/gitolite/repositories") - (root-desc "all i wanted was a pepsi") - (enable-git-config? #t) - (enable-index-links? #t) - (enable-index-owner? #f) - (enable-commit-graph? #t) - (enable-log-filecount? #t) - (enable-log-linecount? #t) - (clone-url '("https://git.dthompson.us/$CGIT_REPO_URL")) - ;; Is there a way to avoid this wrapper script? - (source-filter (program-file - "cgit-syntax-highlight" - #~(apply execl - (string-append #$cgit "/lib/cgit/filters/syntax-highlighting.py") - (command-line)))) - (nginx - (list (nginx-server-configuration - (listen '("443 ssl")) - (server-name '("git.dthompson.us")) - (root cgit) - (locations - (list - (nginx-location-configuration - (uri "@cgit") - (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;" - "fastcgi_param PATH_INFO $uri;" - "fastcgi_param QUERY_STRING $args;" - "fastcgi_param HTTP_HOST $server_name;" - "fastcgi_pass 127.0.0.1:9000;"))))) - (try-files (list "$uri" "@cgit")) - (ssl-certificate letsencrypt-cert) - (ssl-certificate-key letsencrypt-cert-key)))))))) - (map (lambda (s) - (if (eq? (service-kind s) guix-service-type) - (service guix-service-type - (guix-configuration - (authorized-keys (cons (local-file "signing-key.pub") - %default-authorized-guix-keys)))) - s)) - %base-services))) - (bootloader - (bootloader-configuration - (bootloader grub-bootloader) - (targets '("/dev/vda")) - (keyboard-layout keyboard-layout))) - (initrd-modules - (append '("virtio_scsi") %base-initrd-modules)) - (swap-devices (list "/dev/vda2")) - (file-systems - (cons* (file-system - (mount-point "/") - (device - (uuid "f99d3ff5-57ea-4b20-bca7-bc2d58b4c364" - 'ext4)) - (type "ext4")) - %base-file-systems)))) - -(define takemi-host-key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrptBAMgs8dGDerBkcmZQ2W/0nEXtOBCl8nLlEwjKdI") - -(list (machine - (operating-system takemi-os) - (environment managed-host-environment-type) - (configuration (machine-ssh-configuration - (host-name "dthompson.us") - (system "x86_64-linux") - (user "dave") - (host-key takemi-host-key))))) diff --git a/vhl-profile.scm b/vhl-profile.scm deleted file mode 100644 index 5459b2e..0000000 --- a/vhl-profile.scm +++ /dev/null @@ -1,45 +0,0 @@ -(use-modules (guix git-download) - (guix packages)) -(use-package-modules emacs emacs-xyz guile version-control) - -;; (define emacs-flycheck-guile* -;; (let ((commit "e3ab25245b14fdb267c41532f8035f8aff329952")) -;; (package -;; (inherit emacs-flycheck-guile) -;; (version (git-version "0.2" "1" commit)) -;; (source -;; (origin -;; (method git-fetch) -;; (uri -;; (git-reference -;; (url "https://github.com/flatwhatson/flycheck-guile") -;; (commit commit))) -;; (file-name (git-file-name (package-name emacs-flycheck-guile) version)) -;; (sha256 -;; (base32 "1lxrcp4j7bapq3b4xbh4l042wakkbq6jjqp0i2aj8kdnpqq8z42g"))))))) - -(packages->manifest - (list emacs - emacs-better-defaults - ;;emacs-buffer-env - emacs-doom-modeline - emacs-doom-themes - emacs-flycheck-guile - emacs-geiser-guile - emacs-guix - emacs-ido-ubiquitous - ;;emacs-inheritenv - emacs-js2-mode - emacs-magit - emacs-markdown-mode - emacs-paredit - emacs-rainbow-delimiters - emacs-smex - emacs-typo - emacs-use-package - emacs-web-mode - emacs-which-key - emacs-yaml-mode - git - (list git "send-email") - guile-3.0)) -- cgit v1.2.3