andrew.scm (12726B)
1 (define-module (system andrew) 2 #:use-module (system andrew ci) 3 #:use-module (system andrew bta) 4 #:use-module (guix gexp) 5 #:use-module (guix packages) 6 #:use-module (guix modules) 7 #:use-module (guix git) 8 #:use-module (gnu bootloader) 9 #:use-module (gnu bootloader grub) 10 #:use-module (gnu services) 11 #:use-module (gnu services certbot) 12 #:use-module (gnu services networking) 13 #:use-module (gnu services version-control) 14 #:use-module (gnu services shepherd) 15 #:use-module (gnu services web) 16 #:use-module (gnu system) 17 #:use-module (gnu system keyboard) 18 #:use-module (gnu system shadow) 19 #:use-module (gnu packages rsync) 20 #:use-module (gnu packages version-control) 21 #:use-module (gnu packages wget) 22 #:use-module (nongnu packages linux) 23 #:use-module (nongnu system linux-initrd) 24 #:use-module (mt services) 25 #:use-module (mt services version-control) 26 #:use-module (mt system) 27 #:use-module (mt artwork) 28 #:use-module (mt utils) 29 #:export (andrew-os)) 30 31 ;;; 32 ;;; OS Configuration 33 ;;; 34 35 (define %issue " 36 Welcome to \"andrew\" the, first MonasTech server. 37 ") 38 39 (define %nftables-ruleset 40 (plain-file "nftables.conf" "\ 41 # A simple and safe firewall 42 table inet filter { 43 chain input { 44 type filter hook input priority 0; policy drop; 45 46 # early drop of invalid connections 47 ct state invalid drop 48 49 # allow established/related connections 50 ct state { established, related } accept 51 52 # allow from loopback 53 iif lo accept 54 # drop connections to lo not coming from lo 55 iif != lo ip daddr 127.0.0.1/8 drop 56 iif != lo ip6 daddr ::1/128 drop 57 58 # allow icmp 59 ip protocol icmp accept 60 ip6 nexthdr icmpv6 accept 61 62 # allow ssh 63 tcp dport ssh accept 64 65 # allow git 66 tcp dport 9418 accept 67 68 # allow ngninx 69 tcp dport { 80, 443 } accept 70 71 # allow minecraft / voice chat 72 th dport { 25565, 24454 } accept 73 74 # reject everything else 75 reject with icmpx type port-unreachable 76 } 77 chain forward { 78 type filter hook forward priority 0; policy drop; 79 } 80 chain output { 81 type filter hook output priority 0; policy accept; 82 } 83 } 84 ")) 85 86 (define %mod-list 87 (list 88 ;; Required mods 89 (bta-mod 90 (name "halplibe") 91 (display-name "HalpLibe") 92 (url "https://github.com/Turnip-Labs/bta-halplibe/releases/download/v5.4.1/halplibe-5.4.1.jar") 93 (sha256 (base32 "0vn64nh94zx6bv060bxgjkwjmn53759glvkjy5c1h8g4qmpghsd1"))) 94 (bta-mod 95 (name "modmenu") 96 (display-name "Mod Menu") 97 (url "https://github.com/Turnip-Labs/ModMenu/releases/download/4.0.1/modmenu-bta-4.0.1.jar") 98 (sha256 (base32 "0yhj3xsb4gljgjvc7c4xhf9g9dgkhgia6xbsv9gybnm8dkha0cm2"))) 99 (bta-mod 100 (name "orthodoxicons") 101 (display-name "Orthodox Icons") 102 (url "https://files.monastech.xyz/orthodoxicons-1.1.0.jar") 103 (sha256 (base32 "0y580h3bczghbp75zja4530pkm1kj4dj4r6858dl5f41dmxvgnf2"))) 104 (bta-mod 105 (name "baskettipping") 106 (display-name "Basket Tipping") 107 (url "https://github.com/BlueMoonJune/BasketTipping/releases/download/Release/baskettipping-1.0.2.jar") 108 (sha256 (base32 "1ayscx03lw26pi4ra0bdfyb8mpkh0706r77a3jk0wxqqnfwxaws4"))) 109 (bta-mod 110 (name "breeding") 111 (display-name "Breeding") 112 (url "https://github.com/UselessSolutions/bta-breeding-backport/releases/download/v1.1.0-7.3/btabreeding-1.1.0-7.3.jar") 113 (sha256 (base32 "1l3jwc4q1ygv31v19c50y1j1gvsfq286i0k9ndhpmbbdjhlab1cw"))) 114 ;; Optional mods 115 (bta-mod 116 (name "btwaila") 117 (display-name "Better Than WAILA") 118 (description "Adds additional tooltips when looking at things. If you do a \ 119 lot of inventory management or technical stuff, this is probably for you.") 120 (optional #t) 121 (url "https://github.com/ToufouMaster/BTWaila/releases/download/1.2.5-7.3_04/btwaila-1.2.5-7.3_04.jar") 122 (sha256 (base32 "12yxaisg7rixmpwyx3li0nc1jz1k55d9fybjbih1nrjbvlahmrvv"))) 123 (bta-mod 124 (name "legacyui") 125 (display-name "Legacy UI") 126 (description "Modifies the UI to be similar to the legacy console edition, \ 127 alongside improving controller support. If you use a controller, I recommend this.") 128 (optional #t) 129 (url "https://github.com/UselessSolutions/BTA_Babric_LegacyUI/releases/download/v1.3.1-7.3.3/legacyui-1.3.1-7.3.3.jar") 130 (sha256 (base32 "1xqdcs10y5xdjmlpqkwicsqzniin3wzzb4khfgi67qkhb70p6z0k"))) 131 (bta-mod 132 (name "piessuildingtweaks") 133 (display-name "Pie's Building Tweaks") 134 (description "Adds some options to assist with building: offhand, randomize, \ 135 refill, etc.") 136 (optional #t) 137 (url "https://cdn.modrinth.com/data/bODCFQpm/versions/pIctNkZy/BuildingTweaks-1.1.0-7.3_04.jar") 138 (sha256 (base32 "0nf3yi3bz7z6hm5jpf0bljbpp3ggmlry50aq0bhlhcl4n0496p4i"))))) 139 140 (define andrew-os 141 (operating-system 142 (host-name "andrew") 143 (timezone "America/New_York") ;; Located in vinthill 144 (locale "en_US.utf8") 145 146 (issue %issue) 147 148 (keyboard-layout (keyboard-layout "us")) 149 150 (kernel linux-lts) 151 (initrd microcode-initrd) 152 (firmware (list linux-firmware)) 153 154 (bootloader (bootloader-configuration 155 (bootloader grub-efi-bootloader) 156 (targets '("/boot/efi")) 157 (keyboard-layout keyboard-layout))) 158 159 (swap-devices %mt-swap-devices) 160 161 (file-systems %mt-file-systems) 162 163 (users 164 (cons* 165 (user-account 166 (name "lukejw") 167 (comment "Luke Willis") 168 (group "users") 169 (home-directory "/home/lukejw") 170 (supplementary-groups '("wheel"))) 171 %base-user-accounts)) 172 173 (packages 174 (cons* 175 rsync 176 %mt-base-packages)) 177 178 (services 179 (append 180 (list (service nftables-service-type 181 (nftables-configuration 182 (ruleset %nftables-ruleset))) 183 (service bta-service-type 184 (bta-configuration 185 (properties `(("motd" . "MonasTech Private Server") 186 ("difficulty" . "3") 187 ("allow-flight" . "true") 188 ("white-list" . "true") 189 ("online-mode" . "false"))) 190 (ops '("1a68c56c-0bbc-413d-8fe1-10a2e4e04ad2")) 191 (mods %mod-list) 192 (packwiz-home "/var/www/files.monastech.xyz/bta") 193 (packwiz-url "https://files.monastech.xyz/bta"))) 194 (service update-channels-locked-service-type '()) 195 (service nginx-service-type 196 (nginx-configuration 197 (server-blocks 198 (list (nginx-server-configuration 199 (server-name '("monastech.xyz" "www.monastech.xyz")) 200 (listen '("443 ssl")) 201 (root "/var/www/monastech.xyz") 202 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 203 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")) 204 (nginx-server-configuration 205 (server-name '("git.monastech.xyz" "www.git.monastech.xyz")) 206 (listen '("443 ssl")) 207 (root "/var/www/git.monastech.xyz") 208 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 209 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")) 210 (nginx-server-configuration 211 (server-name '("files.monastech.xyz" "www.files.monastech.xyz")) 212 (listen '("443 ssl")) 213 (root "/var/www/files.monastech.xyz") 214 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 215 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")) (nginx-server-configuration 216 (server-name '("loquat.dev" "www.loquat.dev")) 217 (listen '("443 ssl")) 218 (root "/var/www/loquat.dev") 219 (ssl-certificate "/etc/dehydrated/certs/loquat.dev/fullchain.pem") 220 (ssl-certificate-key "/etc/dehydrated/certs/loquat.dev/privkey.pem")) 221 (nginx-server-configuration 222 (server-name '("orthodox.kitchen" "www.orthodox.kitchen")) 223 (listen '("443 ssl")) 224 (root "/var/www/orthodox.kitchen") 225 (ssl-certificate "/etc/dehydrated/certs/orthodox.kitchen/fullchain.pem") 226 (ssl-certificate-key "/etc/dehydrated/certs/orthodox.kitchen/privkey.pem")) 227 (nginx-server-configuration 228 (server-name '("substitutes.monastech.xyz")) 229 (listen '("443 ssl")) 230 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 231 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem") 232 (locations 233 (list (nginx-location-configuration 234 (uri "/") 235 (body (list "proxy_pass http://127.0.0.1:8080;")))))) 236 ;; Default HTTP server 237 (nginx-server-configuration 238 (server-name '("_")) 239 (listen '("80 default_server")) 240 (root "/var/www/monastech.xyz") 241 (locations 242 (list ;; Serve ACME challenges 243 (nginx-location-configuration 244 (uri "^~ /.well-known/acme-challenge") 245 (body (list "alias /var/www/dehydrated;"))) 246 ;; Redirect to HTTPS 247 (nginx-location-configuration 248 (uri "/") 249 (body (list "return 301 https://$host$request_uri;"))))))))))) 250 (stagit-services 251 (stagit-configuration 252 (admin-pubkey (plain-file 253 "lukejw.pub" 254 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZ2qcwpwPdMmrXNrrqjqtuBw8lG9gxlAE+vwcZAHM3L lukejw@moses")) 255 (www-home "/var/www/git.monastech.xyz") 256 (clone-domain "monastech.xyz") 257 (logo (file-append %mt-artwork "/logo-dynamic.svg")) 258 (stylesheet (plain-file "stylesheet.css" "\ 259 :root { 260 --bg: #FFFCF0; 261 --bg-2: #F2F0E5; 262 --ui: #E6E4D9; 263 --ui-2: #DAD8CE; 264 --ui-3: #CECDC3; 265 --tx: #100F0F; 266 --tx-2: #6F6E69; 267 --ye: #AD8301; 268 --ye-2: #D0A215; 269 --cy: #24837B; 270 --cy-2: #3AA99F; 271 } 272 273 @media (prefers-color-scheme: dark) { 274 :root { 275 --bg: #100F0F; 276 --bg-2: #1C1B1A; 277 --ui: #282726; 278 --ui-2: #343331; 279 --ui-3: #403E3C; 280 --tx: #CECDC3; 281 --tx-2: #878580; 282 --ye: #D0A215; 283 --ye-2: #AD8301; 284 --cy: #3AA99F; 285 --cy-2: #24837B; 286 } 287 } 288 289 html { 290 background-color: var(--bg); 291 color: var(--tx); 292 font-family: serif; 293 } 294 295 body { 296 width: 100%; 297 max-width: 72rem; 298 margin-inline: auto; 299 } 300 301 #header { 302 margin-inline: 1rem; 303 } 304 305 hr { 306 border: 0.1rem solid var(--ui); 307 margin-inline: 1rem; 308 } 309 310 #content { 311 margin-inline: 1rem; 312 } 313 314 a { 315 color: var(--cy); 316 text-decoration: none; 317 } 318 319 a:hover { 320 color: var(--cy-2); 321 text-decoration: underline; 322 } 323 324 #header img { 325 width: 6.75rem; 326 height: 4.5rem; 327 } 328 329 #header h1 { 330 margin: 0 0 0.5rem 0; 331 font-size: 2rem; 332 font-weight: normal; 333 border-bottom: 2px solid var(--ui); 334 } 335 336 #header .desc { 337 color: var(--tx-2); 338 } 339 340 #header tbody tr:last-child td { 341 padding-top: 0.4rem; 342 } 343 344 #header .url > td:nth-child(2) { 345 font-family: monospace; 346 padding: 0.2rem 0.6rem; 347 border-radius: 0.5rem; 348 background-color: var(--bg-2); 349 } 350 351 #files tbody { 352 font-family: monospace; 353 } 354 355 #files tbody > tr td:first-child { 356 width: 0; 357 white-space: nowrap; 358 padding-right: 1rem; 359 } 360 361 #content table { 362 width: 100%; 363 border-collapse: collapse; 364 } 365 366 #content td { 367 padding: 1rem; 368 } 369 370 #content tbody tr:hover { 371 background: var(--bg-2); 372 } 373 374 #content td { 375 padding: 0.3rem; 376 } 377 ")))) 378 %mt-bishop-services)))) 379 380 andrew-os