operating-systems: buer: Configure CI and offloading through Yumiko (also misc changes)
parent
038436bd76
commit
36a783f31e
|
@ -36,9 +36,10 @@
|
|||
#:use-module (guix)
|
||||
|
||||
#|Radix|#
|
||||
#:use-module (radix artwork)
|
||||
#:use-module (radix secrets)
|
||||
#:use-module (radix utils)
|
||||
#|A|# #:use-module (radix artwork)
|
||||
#|C|# #:use-module (radix combinators)
|
||||
#|S|# #:use-module (radix secrets)
|
||||
#|U|# #:use-module (radix utils)
|
||||
|
||||
#|Radix packages|#
|
||||
#|A|# #:use-module (radix packages admin)
|
||||
|
@ -56,10 +57,11 @@
|
|||
#|M|# #:use-module (radix system monitoring)
|
||||
|
||||
#|Buer files|#
|
||||
#|S|# #:use-module ((buer files substitute-keys) #:prefix public-key:)
|
||||
#|S|# #:use-module ((buer files substitute-keys) #:prefix substitute-key:)
|
||||
#:use-module ((buer files ssh-keys) #:prefix ssh-key:)
|
||||
#|T|# #:use-module ((buer files thinkfan) #:prefix file:thinkfan-)
|
||||
|
||||
#|SRFI's|#
|
||||
#|SRFIs|#
|
||||
#:use-module (srfi srfi-1)
|
||||
|
||||
#:export (operating-system))
|
||||
|
@ -94,7 +96,7 @@
|
|||
(kernel-arguments
|
||||
(cons* "modprobe.blacklist=usbmouse,usbkbd,pcspkr"
|
||||
"thinkpad_acpi.fan_control=1"
|
||||
(kicksecure-delete "debugfs"
|
||||
(filter (negate (partial string-prefix? "debugfs"))
|
||||
%kicksecure-kernel-arguments)))
|
||||
|
||||
(file-systems
|
||||
|
@ -141,8 +143,7 @@
|
|||
#|gawk |# gawk
|
||||
#|guile |# guile-next guile-colorized guile-readline
|
||||
#|less |# less
|
||||
#|linux |# e2fsprogs iproute kmod linux-libre-documentation
|
||||
procps psmisc util-linux
|
||||
#|linux |# e2fsprogs iproute kmod procps psmisc util-linux
|
||||
#|man |# man-db man-pages
|
||||
#|shells |# dash-next
|
||||
#|texinfo |# info-reader
|
||||
|
@ -210,8 +211,19 @@
|
|||
(guix-configuration
|
||||
(discover? #t)
|
||||
(build-accounts 16)
|
||||
(build-machines
|
||||
(list #~(build-machine
|
||||
(name "yumiko")
|
||||
(systems (list "x86_64-linux"))
|
||||
(host-key
|
||||
(call-with-input-file ssh-key:yumiko.pub
|
||||
(@ (ice-9 textual-ports) get-string-all)))
|
||||
(private-key "/root/.ssh/id_ed25519")
|
||||
(user "radio")
|
||||
(port 2222))))
|
||||
(authorized-keys
|
||||
(cons* public-key:yuria
|
||||
(cons* substitute-key:yuria.pub
|
||||
substitute-key:yumiko.pub
|
||||
%default-authorized-guix-keys))
|
||||
(extra-options `("--max-jobs=8" "--cores=4"))))
|
||||
(service guix-publish-service-type
|
||||
|
@ -248,13 +260,18 @@
|
|||
(service ntp-service-type)
|
||||
(service wpa-supplicant-service-type
|
||||
(wpa-supplicant-configuration
|
||||
(config-file "/etc/wpa_supplicant.conf")
|
||||
(config-file
|
||||
(local-file "/etc/wpa_supplicant.conf"))
|
||||
(interface "wlp2s0")
|
||||
(extra-options `("-B"))))
|
||||
(service dhcp-client-service-type
|
||||
(dhcp-client-configuration
|
||||
(interfaces 'all)))
|
||||
(service tor-service-type)
|
||||
(simple-service 'extra-hosts
|
||||
hosts-service-type
|
||||
(list (host "192.168.100.33" "yumiko.local"
|
||||
`("yumiko" "substitutes.yumiko"))))
|
||||
|
||||
#|Power management services|#
|
||||
(service tlp-service-type
|
||||
|
@ -333,16 +350,12 @@
|
|||
("vm.watermark_boost_factor" . "0")
|
||||
("vm.watermark_scale_factor" . "125")
|
||||
("vm.page-cluster" . "0")))
|
||||
(simple-service 'security-syctl-settings sysctl-service-type
|
||||
(alist-delete "net.core.bpf_jit_harden"
|
||||
%kicksecure-sysctl-rules))
|
||||
|
||||
#|Miscellaneous services|#
|
||||
#|Base services|#
|
||||
(service urandom-seed-service-type)
|
||||
(service nscd-service-type)
|
||||
(service sysctl-service-type
|
||||
(sysctl-configuration
|
||||
(sysctl (file-append procps "/sbin/sysctl"))
|
||||
(settings (fold kicksecure-delete
|
||||
%kicksecure-sysctl-rules
|
||||
'("net.core.bpf_jit_harden"
|
||||
"kernel.unprivileged_bpf_disabled")))))))))
|
||||
(service nscd-service-type)))))
|
||||
|
||||
operating-system
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
(define-module (buer files ssh-keys)
|
||||
#:use-module (gnu)
|
||||
#:export (yumiko.pub))
|
||||
|
||||
(define yumiko.pub
|
||||
(plain-file "yumiko.pub"
|
||||
(format #f
|
||||
"ssh-ed25519 ~
|
||||
AAAAC3NzaC1lZDI1NTE5AAAAIPaMmUA71F2BJPkVvArx6VGP21QMuJq4+mD7DHUPWcg9 ~
|
||||
guix@yumiko")))
|
|
@ -1,8 +1,9 @@
|
|||
(define-module (buer files substitute-keys)
|
||||
#:use-module (gnu)
|
||||
#:export (yuria))
|
||||
#:export (yuria.pub
|
||||
yumiko.pub))
|
||||
|
||||
(define yuria
|
||||
(define yuria.pub
|
||||
(plain-file "yuria.pub"
|
||||
"(public-key
|
||||
(ecc
|
||||
|
@ -10,3 +11,12 @@
|
|||
(q #D5D0C1203D294B410DA106DDC1713B74CBB27353D53F4EE3D9D26972E8687424#)
|
||||
)
|
||||
)"))
|
||||
|
||||
(define yumiko.pub
|
||||
(plain-file "yumiko.pub"
|
||||
"(public-key
|
||||
(ecc
|
||||
(curve Ed25519)
|
||||
(q #EBD4DD318A84F9F0AD13300D8A2ACF022F16088DA59B57E539F6DC3BD9C33A52#)
|
||||
)
|
||||
)"))
|
||||
|
|
Loading…
Reference in New Issue