[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/04: hydra: bayfront: Do not use frontend services, but copy the relev
From: |
Andreas Enge |
Subject: |
04/04: hydra: bayfront: Do not use frontend services, but copy the relevant parts. Compared to the previous configuration, the cuirass service is not declared any more. |
Date: |
Tue, 9 Apr 2019 16:50:27 -0400 (EDT) |
andreas pushed a commit to branch wip-bayfront
in repository maintenance.
commit 22bab044aab757db4e04e88104d736275e097b97
Author: Andreas Enge <address@hidden>
Date: Tue Apr 9 22:44:50 2019 +0200
hydra: bayfront: Do not use frontend services, but copy the relevant parts.
Compared to the previous configuration, the cuirass service is not declared
any more.
* hydra/bayfront.scm (%sysadmins): Remove variable.
(sysadmin, user, %accounts): New variables.
(operating-system): Do not call (sysadmin services frontend-services).
---
hydra/bayfront.scm | 89 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 62 insertions(+), 27 deletions(-)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index fae5cb5..79525b6 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1,26 +1,30 @@
;; OS configuration for bayfront, the frontend of the compile farm.
(use-modules (gnu) (guix) (sysadmin people) (sysadmin services))
-(use-service-modules base networking admin shepherd)
+(use-service-modules base networking admin shepherd ssh web)
(use-package-modules admin certs linux ssh tls vim package-management web wget)
-(define %sysadmins
- ;; The sysadmins.
- (list (sysadmin (name "ludo")
- (full-name "Ludovic Courtès")
- (ssh-public-key (local-file "keys/ssh/ludo.pub")))
- (sysadmin (name "andreas")
- (full-name "Andreas Enge")
- (ssh-public-key (local-file "keys/ssh/andreas.pub")))
- (sysadmin (name "dannym")
- (full-name "Danny Milosavljevic")
- (ssh-public-key (local-file "keys/ssh/dannym.pub")))
- (sysadmin (name "efraim")
- (full-name "Efraim Flashner")
- (ssh-public-key (local-file "keys/ssh/efraim.pub")))
- (sysadmin (name "rekado")
- (full-name "Ricardo Wurmus")
- (ssh-public-key (local-file "keys/ssh/rekado.pub")))))
+(define (sysadmin name full-name)
+ (user-account
+ (name name)
+ (comment full-name)
+ (group "users")
+ (supplementary-groups '("wheel" "kvm"))
+ (home-directory (string-append "/home/" name))))
+
+(define (user name full-name)
+ (user-account
+ (name name)
+ (comment full-name)
+ (group "users")
+ (home-directory (string-append "/home/" name))))
+
+(define %accounts
+ (list (sysadmin "ludo" "Ludovic Courtès")
+ (sysadmin "rekado" "Ricardo Wurmus")
+ (sysadmin "andreas" "Andreas Enge")
+ (user "dannym" "Danny Milosavljevic")
+ (user "efraim" "Efraim Flashner")))
(define %nginx-config
;; Our nginx configuration directory. It expects 'guix publish' to be
@@ -98,6 +102,8 @@ Happy hacking!\n"))
nss-certs
%base-packages))
+ (users (append %accounts %base-user-accounts))
+
(services (cons* ;; TODO: create a bonding interface over ens9 + ens10
;; TODO: configure ens10 as with:
;; ip a add dev ens10 2a01:474:0::56/48
@@ -124,12 +130,41 @@ Happy hacking!\n"))
(service ntp-service-type)
- (frontend-services %sysadmins
- #:nar-ttl (* 45 24 3600)
- #:motd %motd
- #:max-jobs 10
- #:cores 6
- #:systems '("x86_64-linux" "armhf-linux")
- #:nginx-config-file
- (file-append %nginx-config
- "/bayfront.conf")))))
+ mcron-service
+ firewall-service
+
+ ;; The Web services.
+ (service guix-publish-service-type
+ (guix-publish-configuration
+ (port 3000)
+ (cache "/var/cache/guix/publish")
+ (ttl (* 45 24 3600))
+ (compression-level 9)
+ (workers 6)))
+
+ (service nginx-service-type
+ (nginx-configuration
+ (file (file-append %nginx-config
+ "/bayfront.conf"))))
+
+ %nginx-mime-types
+ %nginx-cache-activation
+
+ (service openssh-service-type
+ (openssh-configuration
+ (permit-root-login 'without-password)
+ (authorized-keys
+ `(("ludo" ,(local-file "keys/ssh/ludo.pub"))
+ ("rekado" ,(local-file "keys/ssh/rekado.pub"))
+ ("andreas" ,(local-file
"keys/ssh/andreas.pub"))
+ ("dannym" ,(local-file "keys/ssh/dannym.pub"))
+ ("efraim" ,(local-file "keys/ssh/efraim.pub"))
+ ("root" ,(local-file
"keys/ssh/andreas.pub"))))))
+
+ (modify-services %base-services
+ (guix-service-type config =>
+ (guix-daemon-config #:max-jobs 10
+ #:cores 6))
+ (login-service-type config => (login-configuration
+ (inherit config)
+ (motd %motd)))))))