operating-systems: buer: Configure CI and offloading through Yumiko (also misc changes)

pull/3/head
Luis Guilherme Coelho 2024-03-02 00:01:55 -03:00
parent 038436bd76
commit 36a783f31e
No known key found for this signature in database
GPG Key ID: 1F2E76ACE3F531C8
3 changed files with 55 additions and 22 deletions

View File

@ -36,9 +36,10 @@
#:use-module (guix)
#|Radix|#
#:use-module (radix artwork)
#:use-module (radix secrets)
#:use-module (radix utils)
#|A|# #:use-module (radix artwork)
#|C|# #:use-module (radix combinators)
#|S|# #:use-module (radix secrets)
#|U|# #:use-module (radix utils)
#|Radix packages|#
#|A|# #:use-module (radix packages admin)
@ -56,10 +57,11 @@
#|M|# #:use-module (radix system monitoring)
#|Buer files|#
#|S|# #:use-module ((buer files substitute-keys) #:prefix public-key:)
#|S|# #:use-module ((buer files substitute-keys) #:prefix substitute-key:)
#:use-module ((buer files ssh-keys) #:prefix ssh-key:)
#|T|# #:use-module ((buer files thinkfan) #:prefix file:thinkfan-)
#|SRFI's|#
#|SRFIs|#
#:use-module (srfi srfi-1)
#:export (operating-system))
@ -94,7 +96,7 @@
(kernel-arguments
(cons* "modprobe.blacklist=usbmouse,usbkbd,pcspkr"
"thinkpad_acpi.fan_control=1"
(kicksecure-delete "debugfs"
(filter (negate (partial string-prefix? "debugfs"))
%kicksecure-kernel-arguments)))
(file-systems
@ -141,8 +143,7 @@
#|gawk |# gawk
#|guile |# guile-next guile-colorized guile-readline
#|less |# less
#|linux |# e2fsprogs iproute kmod linux-libre-documentation
procps psmisc util-linux
#|linux |# e2fsprogs iproute kmod procps psmisc util-linux
#|man |# man-db man-pages
#|shells |# dash-next
#|texinfo |# info-reader
@ -210,8 +211,19 @@
(guix-configuration
(discover? #t)
(build-accounts 16)
(build-machines
(list #~(build-machine
(name "yumiko")
(systems (list "x86_64-linux"))
(host-key
(call-with-input-file ssh-key:yumiko.pub
(@ (ice-9 textual-ports) get-string-all)))
(private-key "/root/.ssh/id_ed25519")
(user "radio")
(port 2222))))
(authorized-keys
(cons* public-key:yuria
(cons* substitute-key:yuria.pub
substitute-key:yumiko.pub
%default-authorized-guix-keys))
(extra-options `("--max-jobs=8" "--cores=4"))))
(service guix-publish-service-type
@ -248,13 +260,18 @@
(service ntp-service-type)
(service wpa-supplicant-service-type
(wpa-supplicant-configuration
(config-file "/etc/wpa_supplicant.conf")
(config-file
(local-file "/etc/wpa_supplicant.conf"))
(interface "wlp2s0")
(extra-options `("-B"))))
(service dhcp-client-service-type
(dhcp-client-configuration
(interfaces 'all)))
(service tor-service-type)
(simple-service 'extra-hosts
hosts-service-type
(list (host "192.168.100.33" "yumiko.local"
`("yumiko" "substitutes.yumiko"))))
#|Power management services|#
(service tlp-service-type
@ -333,16 +350,12 @@
("vm.watermark_boost_factor" . "0")
("vm.watermark_scale_factor" . "125")
("vm.page-cluster" . "0")))
(simple-service 'security-syctl-settings sysctl-service-type
(alist-delete "net.core.bpf_jit_harden"
%kicksecure-sysctl-rules))
#|Miscellaneous services|#
#|Base services|#
(service urandom-seed-service-type)
(service nscd-service-type)
(service sysctl-service-type
(sysctl-configuration
(sysctl (file-append procps "/sbin/sysctl"))
(settings (fold kicksecure-delete
%kicksecure-sysctl-rules
'("net.core.bpf_jit_harden"
"kernel.unprivileged_bpf_disabled")))))))))
(service nscd-service-type)))))
operating-system

View File

@ -0,0 +1,10 @@
(define-module (buer files ssh-keys)
#:use-module (gnu)
#:export (yumiko.pub))
(define yumiko.pub
(plain-file "yumiko.pub"
(format #f
"ssh-ed25519 ~
AAAAC3NzaC1lZDI1NTE5AAAAIPaMmUA71F2BJPkVvArx6VGP21QMuJq4+mD7DHUPWcg9 ~
guix@yumiko")))

View File

@ -1,8 +1,9 @@
(define-module (buer files substitute-keys)
#:use-module (gnu)
#:export (yuria))
#:export (yuria.pub
yumiko.pub))
(define yuria
(define yuria.pub
(plain-file "yuria.pub"
"(public-key
(ecc
@ -10,3 +11,12 @@
(q #D5D0C1203D294B410DA106DDC1713B74CBB27353D53F4EE3D9D26972E8687424#)
)
)"))
(define yumiko.pub
(plain-file "yumiko.pub"
"(public-key
(ecc
(curve Ed25519)
(q #EBD4DD318A84F9F0AD13300D8A2ACF022F16088DA59B57E539F6DC3BD9C33A52#)
)
)"))