Build machine sysadmin support

[Ludovic Courtès]

Hello!

After my talk yesterday at the GHM, Nacho and I talked a bit and Nacho
kindly offered to help make chapters.gnu.org the first build machine
that would use GuixSD.

So I quickly hacked up together, in guix-maintenance.git, a couple of
modules that allow us to give the high-level view of a build machine,
such that the GuixSD configuration of one machine is just:

--8<---------------cut here---------------start------------->8---
(use-modules (sysadmin people)
             (sysadmin build-machines)
             (guix))

(define %sysadmins
  ;; The fine folks!
  (list (sysadmin (name "ludo")
                  (full-name "Ludovic Courtès")
                  (lsh-public-key (local-file "keys/lsh/ludo.pub")))
        (sysadmin (name "hydra")                  ;fake sysadmin
                  (full-name "Hydra User")
                  (restricted? #t)
                  (lsh-public-key
                   (local-file "keys/lsh/hydra.gnu.org.pub")))))

(define %authorized-guix-keys
  ;; List of authorized 'guix archive' keys.
  (list (local-file "keys/guix/hydra.gnu.org-export.pub")))

;; The actual machine.
(build-machine-os "chapters" %sysadmins
                  #:authorized-guix-keys %authorized-guix-keys)
--8<---------------cut here---------------end--------------->8---

… and we get a GuixSD config with the relevant accounts created, and
with the right lsh and Guix keys authorized.

I’ll see with Nacho if we can deploy it on chapters.gnu.org, and from
there we can incrementally migrate our build machines to GuixSD!  \o/

Also, all the sysadmin work will happen in a bunch of Scheme files,
which means that everyone can now contribute to sysadmin, without
necessarily having shell access to the machines.  No excuses!  :-)

Ludo’, live from the GHM.

signature.asc
Description: PGP signature