04/04: hydra: bayfront: Do not use frontend services, but copy the relevant parts. Compared to the previous configuration, the cuirass service is not declared any more.

[Andreas Enge]

andreas pushed a commit to branch wip-bayfront
in repository maintenance.

commit 22bab044aab757db4e04e88104d736275e097b97
Author: Andreas Enge <address@hidden>
Date:   Tue Apr 9 22:44:50 2019 +0200

    hydra: bayfront: Do not use frontend services, but copy the relevant parts.
    Compared to the previous configuration, the cuirass service is not declared
    any more.
    
    * hydra/bayfront.scm (%sysadmins): Remove variable.
    (sysadmin, user, %accounts): New variables.
    (operating-system): Do not call (sysadmin services frontend-services).
---
 hydra/bayfront.scm | 89 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 62 insertions(+), 27 deletions(-)

diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index fae5cb5..79525b6 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1,26 +1,30 @@
 ;; OS configuration for bayfront, the frontend of the compile farm.
 
 (use-modules (gnu) (guix) (sysadmin people) (sysadmin services))
-(use-service-modules base networking admin shepherd)
+(use-service-modules base networking admin shepherd ssh web)
 (use-package-modules admin certs linux ssh tls vim package-management web wget)
 
-(define %sysadmins
-  ;; The sysadmins.
-  (list (sysadmin (name "ludo")
-                  (full-name "Ludovic Courtès")
-                  (ssh-public-key (local-file "keys/ssh/ludo.pub")))
-        (sysadmin (name "andreas")
-                  (full-name "Andreas Enge")
-                  (ssh-public-key (local-file "keys/ssh/andreas.pub")))
-        (sysadmin (name "dannym")
-                  (full-name "Danny Milosavljevic")
-                  (ssh-public-key (local-file "keys/ssh/dannym.pub")))
-        (sysadmin (name "efraim")
-                  (full-name "Efraim Flashner")
-                  (ssh-public-key (local-file "keys/ssh/efraim.pub")))
-        (sysadmin (name "rekado")
-                  (full-name "Ricardo Wurmus")
-                  (ssh-public-key (local-file "keys/ssh/rekado.pub")))))
+(define (sysadmin name full-name)
+  (user-account
+   (name name)
+   (comment full-name)
+   (group "users")
+   (supplementary-groups '("wheel" "kvm"))
+   (home-directory (string-append "/home/" name))))
+
+(define (user name full-name)
+  (user-account
+   (name name)
+   (comment full-name)
+   (group "users")
+   (home-directory (string-append "/home/" name))))
+
+(define %accounts
+  (list (sysadmin "ludo" "Ludovic Courtès")
+        (sysadmin "rekado" "Ricardo Wurmus")
+        (sysadmin "andreas" "Andreas Enge")
+        (user "dannym" "Danny Milosavljevic")
+        (user "efraim" "Efraim Flashner")))
 
 (define %nginx-config
   ;; Our nginx configuration directory.  It expects 'guix publish' to be
@@ -98,6 +102,8 @@ Happy hacking!\n"))
                    nss-certs
                    %base-packages))
 
+  (users (append %accounts %base-user-accounts))
+
   (services (cons* ;; TODO: create a bonding interface over ens9 + ens10
                    ;; TODO: configure ens10 as with:
                    ;;   ip a add dev ens10 2a01:474:0::56/48
@@ -124,12 +130,41 @@ Happy hacking!\n"))
 
                    (service ntp-service-type)
 
-                   (frontend-services %sysadmins
-                                      #:nar-ttl (* 45 24 3600)
-                                      #:motd %motd
-                                      #:max-jobs 10
-                                      #:cores 6
-                                      #:systems '("x86_64-linux" "armhf-linux")
-                                      #:nginx-config-file
-                                      (file-append %nginx-config
-                                                   "/bayfront.conf")))))
+                   mcron-service
+                   firewall-service
+
+                   ;; The Web services.
+                   (service guix-publish-service-type
+                            (guix-publish-configuration
+                             (port 3000)
+                             (cache "/var/cache/guix/publish")
+                             (ttl (* 45 24 3600))
+                             (compression-level 9)
+                             (workers 6)))
+
+                   (service nginx-service-type
+                            (nginx-configuration
+                             (file (file-append %nginx-config
+                                                "/bayfront.conf"))))
+
+                   %nginx-mime-types
+                   %nginx-cache-activation
+
+                   (service openssh-service-type
+                            (openssh-configuration
+                             (permit-root-login 'without-password)
+                             (authorized-keys
+                              `(("ludo" ,(local-file "keys/ssh/ludo.pub"))
+                                ("rekado" ,(local-file "keys/ssh/rekado.pub"))
+                                ("andreas" ,(local-file 
"keys/ssh/andreas.pub"))
+                                ("dannym" ,(local-file "keys/ssh/dannym.pub"))
+                                ("efraim" ,(local-file "keys/ssh/efraim.pub"))
+                                ("root" ,(local-file 
"keys/ssh/andreas.pub"))))))
+
+                   (modify-services %base-services
+                     (guix-service-type config =>
+                                        (guix-daemon-config #:max-jobs 10
+                                                            #:cores 6))
+                     (login-service-type config => (login-configuration
+                                                    (inherit config)
+                                                    (motd %motd)))))))