;;  Nu-2 --- Operating system for headless production servers.
;;  Copyright © 2024  Dale Mellor
;;
;;  This file is part of nu-2.
;;
;;  Nu-2 is free software; you can redistribute it and/or modify it under
;;  the terms of the GNU General Public License as published by the Free
;;  Software Foundation; either version 3 of the License, or (at your
;;  option) any later version.
;;
;;  Nu-2 is distributed in the hope that it will be useful, but WITHOUT
;;  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
;;  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
;;  for more details.
;;
;;  You should have received a copy of the GNU General Public License
;;  along with Nu-2.  If not, see <http://www.gnu.org/licenses/>.


(use-modules (gnu) (guix) (ice-9 textual-ports))

(use-service-modules admin
                     base
                     mcron
                     networking
                     ssh  security  shepherd  sysctl
                     web)

(use-package-modules bash
                     certs   compression
                     emacs
                     file
                     gawk   guile
                     less   linux
                     package-management
                     ssh
                     tls
                     version-control)

(define vm-image-motd (plain-file "motd" "
\x1b[1;37mThis is the Nu-2 system.  Welcome!\x1b[0m
"))


(operating-system
 
 (host-name "nu-2")

 (kernel (customize-linux #:name "nu-2-linux"
			  #:linux (specification->package "linux-libre@6.8")
                          #:defconfig (local-file "linux.config")))
 (kernel-loadable-modules '())
 (kernel-arguments (list "console=ttyS0,115200"))

 (initrd-modules '("virtio_blk" "virtio_pci"))

 (bootloader (bootloader-configuration
              (bootloader grub-bootloader)
              ;;  Set to some number of seconds (like, 20) if you want to
              ;;  give yourself a chance at interrupting the GRUB boot
              ;;  sequence.
              (timeout 0)
              (targets '("/dev/vda"))
              (terminal-outputs '(console))))

 ;; Label for the GRUB boot menu.
 (label (string-append "nu-2 "
                       (or (getenv "GUIX_DISPLAYED_VERSION")
                           (package-version guix))))

 ;; Modify these to taste.
 (timezone "Etc/UTC")
 (locale "en_US.utf8")

 ;; You might not like this (just take it out!)
 (keyboard-layout (keyboard-layout "us" "dvorak"
                                   #:options '("ctrl:nocaps")))

 (firmware '())

 (file-systems (cons (file-system
                      (device "/dev/vda2")
                      (mount-point "/")
                      (type "ext4"))
                     %base-file-systems))

 (users (cons (user-account
               (name "admin")
               ;; If you want to log in to the console as admin user, you
               ;; will need to put a password in here.
               (password "*")
               (group "users")
               (supplementary-groups '("wheel" "netdev"
                                       "audio" "video")))
              %base-user-accounts))

  ;; Our /etc/sudoers file.  Since 'admin' initially has an empty
  ;; password, allow for password-less sudo.
 (sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n"))

  ;; Just enough essential parts to get us out of a sticky situation if
  ;; necessary.
  (packages (list bash
                  coreutils
                  diffutils
                  ;;  Change to vim if you must.
                  emacs-minimal
                  file  findutils
                  gawk  git  glibc   ;; Utilities like ldd.
                        grep
                  iproute
                  less
                  module-init-tools  ;; Utilities like lsmod.
                  nss-certs
                  procps
                  sed
                  tar
                  which
                  ))

 (services
   (list

    (service dhcp-client-service-type)

    (service ntp-service-type)

    (service openssh-service-type
             (openssh-configuration
              (openssh openssh-sans-x)
              ;; Use anything you want here, or delete this line to use
              ;; the standard port 22.
              (port-number 26544)
              (password-authentication? #f)
              (use-pam? #f)
              (subsystems
               `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))
              (authorized-keys
               `(("admin"
                  ,(local-file "ssh-key.public"))))))

    ;;  This allows root to get in without a password on the console.
    ;;  Remove this line if you can reliably log in by SSH.
    (service login-service-type)

    (service syslog-service-type)

    (service agetty-service-type (agetty-configuration
                                  (extra-options '("-L")) ; no carrier detect
                                  (term "vt100")
                                  (tty #f) ; automatic
                                  (shepherd-requirement '(syslogd))))

    (service static-networking-service-type
             (list %loopback-static-networking))
    (service urandom-seed-service-type)
    (service guix-service-type)
    (service nscd-service-type)

    (service rottlog-service-type)

    ;; Periodically delete old build logs.
    (service log-cleanup-service-type
             (log-cleanup-configuration
              (directory "/var/log/guix/drvs")))
    
    ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
    ;; used, so enable them by default.  The FUSE and ALSA rules are
    ;; less critical, but handy.
    (service udev-service-type
             (udev-configuration
              (rules (list lvm2 fuse alsa-utils crda))))
    
    (service sysctl-service-type)
    
    (service special-files-service-type
             `(("/bin/sh" ,(file-append bash "/bin/sh"))
               ("/usr/bin/env" ,(file-append coreutils "/bin/env")))))
   
   ))