diff options
| author | jdlugosz963 <jdlugosz963@gmail.com> | 2024-06-20 05:27:48 +0200 |
|---|---|---|
| committer | jdlugosz963 <jdlugosz963@gmail.com> | 2024-06-20 05:27:48 +0200 |
| commit | 9edde8a74589e8f50bf00044b96d4a7882cf5a63 (patch) | |
| tree | e71686fb825b35a6c6c3e5c430c669d8409fb79a /hipis.scm | |
| parent | aea4c7fda4cc6d746515a0aea6972a0914f9aedd (diff) | |
| download | hipis-system-master.tar.gz hipis-system-master.zip | |
Diffstat (limited to 'hipis.scm')
| -rwxr-xr-x | hipis.scm | 53 |
1 files changed, 42 insertions, 11 deletions
| @@ -11,9 +11,13 @@ | |||
| 11 | #:use-module (gnu services version-control) | 11 | #:use-module (gnu services version-control) |
| 12 | #:use-module (gnu services certbot) | 12 | #:use-module (gnu services certbot) |
| 13 | #:use-module (gnu services web) | 13 | #:use-module (gnu services web) |
| 14 | #:use-module (gnu services messaging) | 14 | #:use-module (gnu services dbus) |
| 15 | #:use-module (gnu services desktop) | ||
| 16 | #:use-module (gnu services docker) | ||
| 15 | 17 | ||
| 16 | #:use-module (hipis services web)) | 18 | #:use-module (hipis services web) |
| 19 | #:use-module (hipis services goaccess) | ||
| 20 | #:use-module (hipis services radicale)) | ||
| 17 | 21 | ||
| 18 | (define jdlugosz-ssh-pub | 22 | (define jdlugosz-ssh-pub |
| 19 | (local-file "./jdlugosz.pub")) | 23 | (local-file "./jdlugosz.pub")) |
| @@ -47,19 +51,25 @@ | |||
| 47 | (supplementary-groups '("wheel" ;; sudo | 51 | (supplementary-groups '("wheel" ;; sudo |
| 48 | "netdev" ;; network devices | 52 | "netdev" ;; network devices |
| 49 | "tty" | 53 | "tty" |
| 50 | "input"))) | 54 | "input" |
| 55 | "docker"))) | ||
| 51 | %base-user-accounts)) | 56 | %base-user-accounts)) |
| 52 | 57 | ||
| 53 | (packages (append | 58 | (packages (append |
| 54 | (specifications->packages '("emacs-no-x-toolkit" | 59 | (map car |
| 55 | "exfat-utils" | 60 | (specifications->packages '("emacs-no-x-toolkit" |
| 56 | "git" | 61 | "exfat-utils" |
| 57 | "nss-certs" | 62 | "git" |
| 58 | "nmap" | 63 | ;; "nss-certs" |
| 59 | "curl")) | 64 | "nmap" |
| 65 | "curl"))) | ||
| 60 | %base-packages)) | 66 | %base-packages)) |
| 61 | 67 | ||
| 62 | (services (cons* | 68 | (services (cons* |
| 69 | (service elogind-service-type) | ||
| 70 | (service dbus-root-service-type) | ||
| 71 | (service docker-service-type) | ||
| 72 | |||
| 63 | (service fail2ban-service-type | 73 | (service fail2ban-service-type |
| 64 | (fail2ban-configuration | 74 | (fail2ban-configuration |
| 65 | (extra-jails | 75 | (extra-jails |
| @@ -73,6 +83,7 @@ | |||
| 73 | (permit-root-login 'prohibit-password) | 83 | (permit-root-login 'prohibit-password) |
| 74 | (allow-empty-passwords? #f) | 84 | (allow-empty-passwords? #f) |
| 75 | (password-authentication? #f) | 85 | (password-authentication? #f) |
| 86 | (gateway-ports? #t) | ||
| 76 | (authorized-keys | 87 | (authorized-keys |
| 77 | `(("jakub" ,jdlugosz-ssh-pub))))) | 88 | `(("jakub" ,jdlugosz-ssh-pub))))) |
| 78 | 89 | ||
| @@ -116,7 +127,8 @@ | |||
| 116 | (certificates | 127 | (certificates |
| 117 | (list | 128 | (list |
| 118 | (certificate-configuration | 129 | (certificate-configuration |
| 119 | (domains '("jdlugosz.com" "git.jdlugosz.com")) | 130 | (domains '("jdlugosz.com" "git.jdlugosz.com" |
| 131 | "caldav.jdlugosz.com" "raport.jdlugosz.com")) | ||
| 120 | (deploy-hook %nginx-deploy-hook)))))) | 132 | (deploy-hook %nginx-deploy-hook)))))) |
| 121 | 133 | ||
| 122 | (service cgit-service-type | 134 | (service cgit-service-type |
| @@ -146,7 +158,26 @@ | |||
| 146 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | 158 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) |
| 147 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) | 159 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) |
| 148 | 160 | ||
| 149 | (service quassel-service-type) | 161 | (service goaccess-service-type |
| 162 | (goaccess-configuration | ||
| 163 | (goaccess-nginx-server-configuration | ||
| 164 | (nginx-server-configuration | ||
| 165 | (inherit %goaccess-nginx-server-configuration) | ||
| 166 | (server-name '("raport.jdlugosz.com")) | ||
| 167 | (listen '("443 ssl")) | ||
| 168 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
| 169 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
| 170 | |||
| 171 | (service radicale-service-type | ||
| 172 | (radicale-configuration | ||
| 173 | (users `(("admin" . ,(getenv "RADICALE_ADMIN_PASS")))) | ||
| 174 | (radicale-nginx-server-configuration | ||
| 175 | (nginx-server-configuration | ||
| 176 | (inherit %radicale-nginx-server-configuration) | ||
| 177 | (server-name '("caldav.jdlugosz.com")) | ||
| 178 | (listen '("443 ssl")) | ||
| 179 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
| 180 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
| 150 | 181 | ||
| 151 | (service hwp-service-type | 182 | (service hwp-service-type |
| 152 | (hwp-site-configuration | 183 | (hwp-site-configuration |