105 lines
5.3 KiB
Scheme
105 lines
5.3 KiB
Scheme
;; This is an operating system configuration template
|
|
;; for a "bare bones" setup, with no X11 display server.
|
|
|
|
(use-modules (gnu)
|
|
(gnu system shadow) ;for 'subids-service-type'
|
|
(gnu system accounts)) ;for 'subid-range'
|
|
(use-service-modules networking ssh desktop)
|
|
(use-package-modules screen ssh containers)
|
|
|
|
(operating-system
|
|
(host-name "little-rascal")
|
|
(timezone "Europe/London")
|
|
(locale "en_GB.utf8")
|
|
(keyboard-layout (keyboard-layout "gb" "dvorak"))
|
|
|
|
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
|
|
;; target hard disk, and "my-root" is the label of the target
|
|
;; root file system.
|
|
(bootloader (bootloader-configuration
|
|
(bootloader grub-bootloader)
|
|
(targets '("/dev/sda"))))
|
|
;; It's fitting to support the equally bare bones `-nographic`
|
|
;; QEMU option, which also nicely sidesteps forcing QWERTY.
|
|
(kernel-arguments (list "console=ttyS0,115200"))
|
|
(file-systems (cons (file-system
|
|
(device "/dev/sda2")
|
|
(mount-point "/")
|
|
(type "ext4"))
|
|
%base-file-systems))
|
|
|
|
;; This is where user accounts are specified. The "root"
|
|
;; account is implicit, and is initially created with the
|
|
;; empty password.
|
|
(users (cons (user-account
|
|
(name "ray")
|
|
(comment "Ray Miller")
|
|
(group "users")
|
|
|
|
;; Adding the account to the "wheel" group
|
|
;; makes it a sudoer. Adding it to "audio"
|
|
;; and "video" allows the user to play sound
|
|
;; and access the webcam.
|
|
(supplementary-groups '("wheel")))
|
|
%base-user-accounts))
|
|
|
|
(sudoers-file (plain-file "sudoers" "\
|
|
root ALL=(ALL) ALL
|
|
%wheel ALL=(ALL) NOPASSWD:ALL\n"))
|
|
|
|
;; Globally-installed packages.
|
|
(packages (cons* podman screen %base-packages))
|
|
|
|
;; Add services to the baseline: static networking and an SSH server.
|
|
(services (append (list (simple-service 'add-extra-hosts
|
|
hosts-service-type
|
|
(list (host "192.168.1.110" "limiting-factor" '("forge.1729.org.uk"))
|
|
(host "192.168.1.167" "cargo-cult" '())
|
|
(host "192.168.1.9" "screw-loose")
|
|
(host "192.168.1.57" "control-surface")
|
|
(host "192.168.1.83" "grey-area")
|
|
(host "192.168.1.81" "zeus")))
|
|
;; Curretly there's an upper limit of 600100000 on subid-range so this mechanism
|
|
;; does not work.
|
|
;; (simple-service 'container-subids
|
|
;; subids-service-type
|
|
;; (subids-extension
|
|
;; (subgids
|
|
;; (list (subid-range
|
|
;; (name "containers")
|
|
;; (start 2147483647)
|
|
;; (count 2147483648))))
|
|
;; (subuids
|
|
;; (list (subid-range
|
|
;; (name "containers")
|
|
;; (start 2147483647)
|
|
;; (count 2147483648))))))
|
|
(simple-service 'user-subids
|
|
subids-service-type
|
|
(subids-extension
|
|
(subgids
|
|
(list (subid-range (name "ray"))))
|
|
(subuids
|
|
(list (subid-range (name "ray"))))))
|
|
(service static-networking-service-type
|
|
(list (static-networking
|
|
(addresses
|
|
(list (network-address
|
|
(device "ens3")
|
|
(value "192.168.200.2/24"))))
|
|
(routes
|
|
(list (network-route
|
|
(destination "default")
|
|
(gateway "192.168.200.1"))))
|
|
(name-servers '("192.168.200.1")))))
|
|
(service openssh-service-type
|
|
(openssh-configuration
|
|
(password-authentication? #f)
|
|
(permit-root-login 'prohibit-password)
|
|
(authorized-keys
|
|
`(("ray" ,(local-file "./files/authorized_keys"))
|
|
("root" ,(local-file "./files/authorized_keys"))))
|
|
(openssh openssh-sans-x)
|
|
(port-number 22)))
|
|
(service elogind-service-type))
|
|
%base-services)))
|