commit f46dea1c6656ec6af92f96b66d24b8c1f5e2773b
Author: Luke Willis <lukejw@loquat.dev>
Date: Thu, 11 Dec 2025 13:03:13 -0500
Initial setup
Diffstat:
6 files changed, 289 insertions(+), 0 deletions(-)
diff --git a/README.md b/README.md
@@ -0,0 +1,10 @@
+# MonasTech
+This is the Guix channel used by all of MonasTech's systems.
+
+All modules are under `mt` for convenience.
+
+## Installation Image
+To build the installation image, run the following command (from the project root):
+```
+guix time-machine -C mt/channels.scm -- system image -t iso9660 -L . mt/system/install.scm
+```
diff --git a/mt/channels.scm b/mt/channels.scm
@@ -0,0 +1,43 @@
+(define-module (mt channels)
+ #:use-module (gnu services base)
+ #:use-module (guix channels)
+ #:use-module (guix gexp)
+ #:export (%mt-channels
+ %mt-substitute-urls
+ %mt-authorized-guix-keys))
+
+(define %mt-channels
+ (list (channel
+ (name 'nonguix)
+ (url "https://gitlab.com/nonguix/nonguix")
+ (introduction
+ (make-channel-introduction
+ "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
+ (openpgp-fingerprint
+ "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
+ (channel
+ (name 'guix)
+ (branch "master")
+ (url "https://git.guix.gnu.org/guix.git")
+ (introduction
+ (make-channel-introduction
+ "9edb3f66fd807b096b48283debdcddccfea34bad"
+ (openpgp-fingerprint
+ "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))))
+
+(define %mt-substitute-urls
+ `(,@%default-substitute-urls
+ "https://substitutes.nonguix.org"))
+
+;; TODO: Add server keys
+(define %mt-authorized-guix-keys
+ (cons*
+ (plain-file "nonguix.pub" "\
+(public-key
+ (ecc
+ (curve Ed25519)
+ (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")
+ %default-authorized-guix-keys))
+
+;; For use on command line
+%loquat-channels
diff --git a/mt/services.scm b/mt/services.scm
@@ -0,0 +1,89 @@
+(define-module (mt services)
+ #:use-module (guix gexp)
+ #:use-module (gnu packages libusb)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages nfs)
+ #:use-module (gnu services)
+ #:use-module (gnu services avahi)
+ #:use-module (gnu services base)
+ #:use-module (gnu services dbus)
+ #:use-module (gnu services desktop)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services sound)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu system)
+ #:use-module (gnu system privilege)
+ #:use-module (mt channels)
+ #:export (%mt-bishop-services
+ %mt-clergy-services
+ %mt-laity-services))
+
+;; Provide substitutes for all machines and perform build farm capabilities
+;; TODO: Add anti-spam measures
+;; TODO: Add build farm capabilities
+(define %mt-bishop-services
+ (append
+ (list
+ ;; Ethernet-only internet
+ (service dhcpcd-service-type)
+ ;; Required by guix-publish
+ (service avahi-service-type)
+ ;; Host a substitute server on locahost.
+ ;; Each server should ideally serve this from a subdomain
+ (service guix-publish-service-type
+ (guix-publish-configuration
+ (port 8080)))
+ ;; Allow SSH access but do not take passwords
+ (service openssh-service-type
+ (openssh-configuration
+ (password-authentication? #f))))
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (channels %mt-channels)
+ (substitute-urls %mt-substitute-urls)
+ (authorized-keys %mt-authorized-guix-keys))))))
+
+;; Provide substitutes for laity on the same network
+(define %mt-clergy-services
+ (append
+ (list
+ ;; Host a local substitute server
+ (service guix-publish-service-type
+ (guix-publish-configuration
+ (host "0.0.0.0") ;; Open to any connections
+ (advertise? #t))) ;; Allow automatic detection by other systems
+ (service openssh-service-type
+ (openssh-configuration
+ (password-authentication? #f))))
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (channels %mt-channels)
+ (substitute-urls %mt-substitute-urls)
+ (authorized-keys %mt-authorized-guix-keys))))))
+
+;; Discover clergy on the local network and use them as a substitute
+;; TODO: Work out how to properly authorize local clergy systems
+(define %mt-laity-services
+ (modify-services %base-services
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (channels %mt-channels)
+ (substitute-urls %mt-substitute-urls)
+ ;; Attempt to substitute from clergy on the local network
+ (discover? #t)
+ (authorized-keys %mt-authorized-guix-keys)))))
+
+;; TODO: Create something similar to %desktop-services
+;; I'm going to lean toward wayland for user configurations but I will likely
+;; need to support x11 to an extent.
+
+;; TODO: Create automatic update services
+;; This would be for laity and clergy machines. It would basically check for
+;; configuration / channel updates daily and notify users that updates are
+;; available. They will not be forced to update. It would also prompt monthly to
+;; perform a guix update.
diff --git a/mt/system.scm b/mt/system.scm
@@ -0,0 +1,38 @@
+(define-module (mt system)
+ #:use-module (guix gexp)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages curl)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:export (%mt-file-systems
+ %mt-swap-devices
+ %mt-base-packages))
+
+;; Keeping these for compatibility, may change them later, namely boot partition
+(define %mt-file-systems
+ (append
+ (list (file-system
+ (mount-point "/boot/efi")
+ (device (file-system-label "guix-boot"))
+ (type "vfat"))
+ (file-system
+ (mount-point "/")
+ (device (file-system-label "guix-root"))
+ (type "ext4"))
+ (file-system
+ (mount-point "/home")
+ (device (file-system-label "guix-home"))
+ (type "ext4")))
+ %base-file-systems))
+
+(define %mt-swap-devices
+ (list (swap-space
+ (target (file-system-label "guix-swap")))))
+
+(define %mt-base-packages
+ (append
+ (list fastfetch
+ git
+ curl)
+ %base-packages))
diff --git a/mt/system/andrew.scm b/mt/system/andrew.scm
@@ -0,0 +1,74 @@
+(define-module (orchard system moses)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix git)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader grub)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages bash)
+ #:use-module (gnu packages freedesktop)
+ #:use-module (gnu packages games)
+ #:use-module (gnu packages wm)
+ #:use-module (gnu services)
+ #:use-module (gnu services avahi)
+ #:use-module (gnu services base)
+ #:use-module (gnu services desktop)
+ #:use-module (gnu services guix)
+ #:use-module (gnu services networking)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system keyboard)
+ #:use-module (gnu system linux-initrd)
+ #:use-module (gnu system nss)
+ #:use-module (gnu system shadow)
+ #:use-module (nongnu packages linux)
+ #:use-module (nongnu system linux-initrd)
+ #:use-module (mt channels)
+ #:use-module (mt services)
+ #:use-module (mt system)
+ #:export (andrew-os))
+
+(define %issue "
+Welcome to \"andrew\" the, first MonasTech server.
+")
+
+(define andrew-os
+ (operating-system
+ (host-name "andrew")
+ (timezone "America/New_York") ;; Located in vinthill
+ (locale "en_US.utf8")
+
+ (issue %issue)
+
+ (keyboard-layout (keyboard-layout "us"))
+
+ (kernel linux-lts)
+ (initrd microcode-initrd)
+ (firmware (list linux-firmware))
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-efi-bootloader)
+ (targets '("/boot/efi"))
+ (keyboard-layout keyboard-layout)))
+
+ (swap-devices %mt-swap-devices)
+
+ (file-systems %mt-file-systems)
+
+ ;; TODO: Strip down
+ ;; I'm not sure I even need audio, video or even netdev since it's a server
+ (users
+ (cons*
+ (user-account
+ (name "lukejw")
+ (comment "Luke Willis")
+ (group "users")
+ (home-directory "/home/lukejw")
+ (supplementary-groups '("wheel" "netdev" "audio" "video")))
+ %base-user-accounts))
+
+ (packages %mt-base-packages)
+
+ (services %mt-bishop-services)))
+
+andrew-os
diff --git a/mt/system/install.scm b/mt/system/install.scm
@@ -0,0 +1,35 @@
+(define-module (mt system install)
+ #:use-module (guix gexp)
+ #:use-module (gnu packages text-editors)
+ #:use-module (gnu packages package-management)
+ #:use-module (gnu packages version-control)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu system)
+ #:use-module (gnu system install)
+ #:use-module (nongnu packages linux)
+ #:use-module (mt channels))
+
+(operating-system
+ (inherit installation-os)
+
+ (kernel linux-lts)
+ (firmware (list linux-firmware))
+
+ (packages
+ (append
+ (list git kakoune)
+ (operating-system-packages installation-os)))
+
+ (services
+ (modify-services (operating-system-user-services installation-os)
+ ;; Configure Guix to have all the needed channels, substitutes and signing keys by default
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (guix (guix-for-channels %mt-channels))
+ (channels %mt-channels)
+ (substitute-urls %mt-substitute-urls)
+ (discover? #t)
+ (authorized-keys %mt-authorized-guix-keys))))))
