Add hipis operating-system config.

author: jdlugosz963 <jdlugosz963@gmail.com> 2023-08-27 13:08:46 +0200
committer: jdlugosz963 <jdlugosz963@gmail.com> 2023-08-27 13:08:46 +0200
commit: 4835ace9cd07038e72b34681da487ad6bcd41b76 (patch)
tree: da891ce6ff1d15a2cfac0c3a6708cc80044403a5 /hipis.scm
download: hipis-system-4835ace9cd07038e72b34681da487ad6bcd41b76.tar.gz
hipis-system-4835ace9cd07038e72b34681da487ad6bcd41b76.zip
1 files changed, 153 insertions, 0 deletions
diff --git a/hipis.scm b/hipis.scm
new file mode 100755
index 0000000..615aa80
--- /dev/null
+++ b/hipis.scm
@@ -0,0 +1,153 @@
+(use-modules (gnu)
+             (guix)
+             (gnu system)
+             (gnu services))
+(use-service-modules networking
+                     ssh
+                     cgit
+                     version-control
+                     certbot
+                     web)
+(define jdlugosz-ssh-pub
+  (plain-file
+   "jdlugosz.pub"
+   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkGxuhaYzgocomFeJfFSdxq8KNwFdoVG4qvby6GYnx7Psmf4kb+ZhCWxiwjZDVKTGTnBkr4vBWCGEnUkZnADdwWA/sIj1GvKjIpxaoluxLvIKn7sujJjahgfEgZPuSi6CW6rW/9CBlGtHuWR1xXTWhhZa3YqmIWiUdsil3COzRf3uD6LrwbO/8LiHTmJ4g7su9O3w3zjS+UgoT6Flw6Z1zVOk5A146XlLXK+ZovGmq+j8Mqa4kzLERqexotAGcYXbsWQknTJZE4Wbt7ZlUHNu/tp08z1FnGix/OO2mzXMkJFh7wYGSD5j3qBDUok1G/oEIbRWOV6W7x5lTffpi1wb1u9eqHPDJKWeA6AC1nKs/TTrmDkXiJBAh6siHpunkX6EnIms4vrWnPiviNCe+yofZkj3IOaertapmB89eGhasDgf3/HgMd5PAoKejGwot/q0afBEEF+PTkYU9b4It7xty2nWzs0uKTITzbU0zbuuJ1PcOQ5J7hW4PWCrylTasfF0= jakub@berserker"))
+(define %nginx-deploy-hook
+  (program-file
+   "nginx-deploy-hook"
+   #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+       (kill pid SIGHUP))))
+(define uuid-root "1ec6339b-4918-45d2-b77e-b32cf265265d")
+(define dev-bootloader "/dev/xvda")
+(define (letsencrypt-certificate domain)
+  (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
+(define (letsencrypt-key domain)
+  (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
+(define hipis
+  (operating-system
+    (locale "en_US.utf8")
+    (timezone "Europe/Warsaw")
+    (keyboard-layout (keyboard-layout "pl"))
+    (host-name "hipis")
+    (users (cons*
+            (user-account
+             (name "jakub")
+             (comment "Jakub Dlugosz")
+             (group "users")
+             (home-directory "/home/jakub")
+             (password (crypt "Init14ll-p455w0rd#$" "$6$abc"))
+             (supplementary-groups '("wheel"  ;; sudo
+                                     "netdev" ;; network devices
+                                     "tty"
+                                     "input")))
+            (user-account
+             (name "fcgiwrap")
+             (group "fcgiwrap")
+             (supplementary-groups '("git")))
+            %base-user-accounts))
+;;    (user-group (name "git"))
+    (packages (append
+               (specifications->packages '("emacs-no-x-toolkit"
+                                           "exfat-utils"
+                                           "git"
+                                           "nss-certs"
+                                           "nmap"
+                                           "curl"))
+               %base-packages))
+    (services (cons*
+               (service openssh-service-type
+                        (openssh-configuration
+                         (permit-root-login 'prohibit-password)
+                         (allow-empty-passwords? #f)
+                         (password-authentication? #f)
+                         (authorized-keys
+                          `(("jakub" ,jdlugosz-ssh-pub)))))
+               (service static-networking-service-type
+                        (list (static-networking
+                               (addresses
+                                (list (network-address
+                                       (device "eth0")
+                                       (value "195.74.91.18/26"))))
+                               (routes
+                                (list (network-route
+                                       (destination "default")
+                                       (gateway "195.74.91.1"))))
+                               (name-servers '("195.74.91.4 " "193.200.50.51")))
+                              %loopback-static-networking))
+               (service gitolite-service-type
+                        (gitolite-configuration
+                         (admin-pubkey jdlugosz-ssh-pub)
+                         (rc-file
+                          (gitolite-rc-file (umask #o0027)))))
+               (service certbot-service-type
+                        (certbot-configuration
+                         (email "me@jdlugosz.com")
+                         (certificates
+                          (list
+                           (certificate-configuration
+                            (domains '("jdlugosz.com" "git.jdlugosz.com"))
+                            (deploy-hook %nginx-deploy-hook))))))
+               (service cgit-service-type
+                        (cgit-configuration
+                         (enable-commit-graph? #t)
+                         (enable-html-serving? #t)
+                         (remove-suffix? #t)
+                         (repository-directory "/var/lib/gitolite/repositories/public")
+                         (nocache? #t)
+                         (enable-log-filecount? #t)
+                         (enable-log-linecount? #t)
+                         (readme "CGIT README")
+                         (nginx
+                          (list
+                           (nginx-server-configuration
+                            (inherit %cgit-configuration-nginx)
+                            (server-name '("git.jdlugosz.com"))
+                            (listen '("443 ssl"))
+                            (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+                            (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
+               (service nginx-service-type
+                        (nginx-configuration
+                         (server-blocks
+                          (list
+                           (nginx-server-configuration
+                            (server-name '("jdlugosz.com"))
+                            (listen '("443 ssl"))
+                            (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+                            (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))
+                            (root "/srv/http/jdlugosz.com"))))))
+               (modify-services %base-services
+                 (delete static-networking-service-type))))
+    (bootloader (bootloader-configuration
+                 (bootloader grub-bootloader)
+                 (targets (list dev-bootloader))
+                 (keyboard-layout keyboard-layout)))
+    (file-systems (cons* (file-system
+                           (mount-point "/")
+                           (device (uuid
+                                    uuid-root
+                                    'ext4))
+                           (type "ext4")) %base-file-systems))))
+hipis
author	jdlugosz963 <jdlugosz963@gmail.com>	2023-08-27 13:08:46 +0200
committer	jdlugosz963 <jdlugosz963@gmail.com>	2023-08-27 13:08:46 +0200
commit	4835ace9cd07038e72b34681da487ad6bcd41b76 (patch)
tree	da891ce6ff1d15a2cfac0c3a6708cc80044403a5 /hipis.scm
download	hipis-system-4835ace9cd07038e72b34681da487ad6bcd41b76.tar.gz hipis-system-4835ace9cd07038e72b34681da487ad6bcd41b76.zip

diff --git a/hipis.scm b/hipis.scm new file mode 100755 index 0000000..615aa80 --- /dev/null +++ b/hipis.scm
@@ -0,0 +1,153 @@
	1	(use-modules (gnu)
	2	(guix)
	3	(gnu system)
	4	(gnu services))
	5
	6	(use-service-modules networking
	7	ssh
	8	cgit
	9	version-control
	10	certbot
	11	web)
	12
	13	(define jdlugosz-ssh-pub
	14	(plain-file
	15	"jdlugosz.pub"
	16	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkGxuhaYzgocomFeJfFSdxq8KNwFdoVG4qvby6GYnx7Psmf4kb+ZhCWxiwjZDVKTGTnBkr4vBWCGEnUkZnADdwWA/sIj1GvKjIpxaoluxLvIKn7sujJjahgfEgZPuSi6CW6rW/9CBlGtHuWR1xXTWhhZa3YqmIWiUdsil3COzRf3uD6LrwbO/8LiHTmJ4g7su9O3w3zjS+UgoT6Flw6Z1zVOk5A146XlLXK+ZovGmq+j8Mqa4kzLERqexotAGcYXbsWQknTJZE4Wbt7ZlUHNu/tp08z1FnGix/OO2mzXMkJFh7wYGSD5j3qBDUok1G/oEIbRWOV6W7x5lTffpi1wb1u9eqHPDJKWeA6AC1nKs/TTrmDkXiJBAh6siHpunkX6EnIms4vrWnPiviNCe+yofZkj3IOaertapmB89eGhasDgf3/HgMd5PAoKejGwot/q0afBEEF+PTkYU9b4It7xty2nWzs0uKTITzbU0zbuuJ1PcOQ5J7hW4PWCrylTasfF0= jakub@berserker"))
	17
	18	(define %nginx-deploy-hook
	19	(program-file
	20	"nginx-deploy-hook"
	21	#~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
	22	(kill pid SIGHUP))))
	23
	24	(define uuid-root "1ec6339b-4918-45d2-b77e-b32cf265265d")
	25	(define dev-bootloader "/dev/xvda")
	26
	27	(define (letsencrypt-certificate domain)
	28	(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
	29
	30	(define (letsencrypt-key domain)
	31	(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
	32
	33	(define hipis
	34	(operating-system
	35	(locale "en_US.utf8")
	36	(timezone "Europe/Warsaw")
	37	(keyboard-layout (keyboard-layout "pl"))
	38	(host-name "hipis")
	39
	40	(users (cons*
	41	(user-account
	42	(name "jakub")
	43	(comment "Jakub Dlugosz")
	44	(group "users")
	45	(home-directory "/home/jakub")
	46	(password (crypt "Init14ll-p455w0rd#$" "$6$abc"))
	47	(supplementary-groups '("wheel" ;; sudo
	48	"netdev" ;; network devices
	49	"tty"
	50	"input")))
	51	(user-account
	52	(name "fcgiwrap")
	53	(group "fcgiwrap")
	54	(supplementary-groups '("git")))
	55	%base-user-accounts))
	56
	57	;; (user-group (name "git"))
	58
	59	(packages (append
	60	(specifications->packages '("emacs-no-x-toolkit"
	61	"exfat-utils"
	62	"git"
	63	"nss-certs"
	64	"nmap"
	65	"curl"))
	66	%base-packages))
	67
	68	(services (cons*
	69	(service openssh-service-type
	70	(openssh-configuration
	71	(permit-root-login 'prohibit-password)
	72	(allow-empty-passwords? #f)
	73	(password-authentication? #f)
	74	(authorized-keys
	75	`(("jakub" ,jdlugosz-ssh-pub)))))
	76
	77	(service static-networking-service-type
	78	(list (static-networking
	79	(addresses
	80	(list (network-address
	81	(device "eth0")
	82	(value "195.74.91.18/26"))))
	83	(routes
	84	(list (network-route
	85	(destination "default")
	86	(gateway "195.74.91.1"))))
	87	(name-servers '("195.74.91.4 " "193.200.50.51")))
	88
	89	%loopback-static-networking))
	90
	91	(service gitolite-service-type
	92	(gitolite-configuration
	93	(admin-pubkey jdlugosz-ssh-pub)
	94	(rc-file
	95	(gitolite-rc-file (umask #o0027)))))
	96
	97	(service certbot-service-type
	98	(certbot-configuration
	99	(email "me@jdlugosz.com")
	100	(certificates
	101	(list
	102	(certificate-configuration
	103	(domains '("jdlugosz.com" "git.jdlugosz.com"))
	104	(deploy-hook %nginx-deploy-hook))))))
	105
	106	(service cgit-service-type
	107	(cgit-configuration
	108	(enable-commit-graph? #t)
	109	(enable-html-serving? #t)
	110	(remove-suffix? #t)
	111	(repository-directory "/var/lib/gitolite/repositories/public")
	112	(nocache? #t)
	113	(enable-log-filecount? #t)
	114	(enable-log-linecount? #t)
	115	(readme "CGIT README")
	116
	117	(nginx
	118	(list
	119	(nginx-server-configuration
	120	(inherit %cgit-configuration-nginx)
	121	(server-name '("git.jdlugosz.com"))
	122	(listen '("443 ssl"))
	123	(ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
	124	(ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
	125
	126	(service nginx-service-type
	127	(nginx-configuration
	128	(server-blocks
	129	(list
	130	(nginx-server-configuration
	131	(server-name '("jdlugosz.com"))
	132	(listen '("443 ssl"))
	133	(ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
	134	(ssl-certificate-key (letsencrypt-key "jdlugosz.com"))
	135	(root "/srv/http/jdlugosz.com"))))))
	136
	137	(modify-services %base-services
	138	(delete static-networking-service-type))))
	139
	140	(bootloader (bootloader-configuration
	141	(bootloader grub-bootloader)
	142	(targets (list dev-bootloader))
	143	(keyboard-layout keyboard-layout)))
	144
	145	(file-systems (cons* (file-system
	146	(mount-point "/")
	147	(device (uuid
	148	uuid-root
	149	'ext4))
	150	(type "ext4")) %base-file-systems))))
	151
	152	hipis
	153