diff options
author | jdlugosz963 <jdlugosz963@gmail.com> | 2023-12-19 23:17:04 +0100 |
---|---|---|
committer | jdlugosz963 <jdlugosz963@gmail.com> | 2023-12-20 00:33:46 +0100 |
commit | 4b12e65402efe3ce0b33943fce1e27a19d1f445c (patch) | |
tree | c2c68c4c98fe592abddafbaa00f565545f3ac070 /hipis.scm | |
parent | 2dc8e8ff5adcc6432e7a2ff2883f2d94a4f4412a (diff) | |
download | hipis-system-4b12e65402efe3ce0b33943fce1e27a19d1f445c.tar.gz hipis-system-4b12e65402efe3ce0b33943fce1e27a19d1f445c.zip |
Add basic hwp package and service template.
Diffstat (limited to 'hipis.scm')
-rwxr-xr-x | hipis.scm | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/hipis.scm b/hipis.scm new file mode 100755 index 0000000..6cd5654 --- /dev/null +++ b/hipis.scm | |||
@@ -0,0 +1,186 @@ | |||
1 | (define-module (hipis) | ||
2 | #:use-module (guix) | ||
3 | #:use-module (gnu) | ||
4 | #:use-module (gnu system) | ||
5 | #:use-module (gnu packages version-control) | ||
6 | #:use-module (gnu services) | ||
7 | #:use-module (gnu services security) | ||
8 | #:use-module (gnu services networking) | ||
9 | #:use-module (gnu services ssh) | ||
10 | #:use-module (gnu services cgit) | ||
11 | #:use-module (gnu services version-control) | ||
12 | #:use-module (gnu services certbot) | ||
13 | #:use-module (gnu services web) | ||
14 | |||
15 | #:use-module (hipis services web)) | ||
16 | |||
17 | (define jdlugosz-ssh-pub | ||
18 | (local-file "./jdlugosz.pub")) | ||
19 | |||
20 | (define %nginx-deploy-hook | ||
21 | (program-file | ||
22 | "nginx-deploy-hook" | ||
23 | #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) | ||
24 | (kill pid SIGHUP)))) | ||
25 | |||
26 | (define (letsencrypt-certificate domain) | ||
27 | (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem")) | ||
28 | |||
29 | (define (letsencrypt-key domain) | ||
30 | (string-append "/etc/letsencrypt/live/" domain "/privkey.pem")) | ||
31 | |||
32 | (define hipis | ||
33 | (operating-system | ||
34 | (locale "en_US.utf8") | ||
35 | (timezone "Europe/Warsaw") | ||
36 | (keyboard-layout (keyboard-layout "pl")) | ||
37 | (host-name "hipis") | ||
38 | |||
39 | (users (cons* | ||
40 | (user-account | ||
41 | (name "jakub") | ||
42 | (comment "Jakub Dlugosz") | ||
43 | (group "users") | ||
44 | (home-directory "/home/jakub") | ||
45 | (password (crypt "Init14ll-p455w0rd#$" "$6$abc")) | ||
46 | (supplementary-groups '("wheel" ;; sudo | ||
47 | "netdev" ;; network devices | ||
48 | "tty" | ||
49 | "input"))) | ||
50 | %base-user-accounts)) | ||
51 | |||
52 | (packages (append | ||
53 | (specifications->packages '("emacs-no-x-toolkit" | ||
54 | "exfat-utils" | ||
55 | "git" | ||
56 | "nss-certs" | ||
57 | "nmap" | ||
58 | "curl")) | ||
59 | %base-packages)) | ||
60 | |||
61 | (services (cons* | ||
62 | (service fail2ban-service-type | ||
63 | (fail2ban-configuration | ||
64 | (extra-jails | ||
65 | (list | ||
66 | (fail2ban-jail-configuration | ||
67 | (name "sshd") | ||
68 | (enabled? #t)))))) | ||
69 | |||
70 | (service openssh-service-type | ||
71 | (openssh-configuration | ||
72 | (permit-root-login 'prohibit-password) | ||
73 | (allow-empty-passwords? #f) | ||
74 | (password-authentication? #f) | ||
75 | (authorized-keys | ||
76 | `(("jakub" ,jdlugosz-ssh-pub))))) | ||
77 | |||
78 | (service static-networking-service-type | ||
79 | (list (static-networking | ||
80 | (addresses | ||
81 | (list (network-address | ||
82 | (device "eth0") | ||
83 | (value "193.200.51.92/27")))) | ||
84 | (routes | ||
85 | (list (network-route | ||
86 | (destination "default") | ||
87 | (gateway "193.200.51.89")))) | ||
88 | (name-servers '("195.74.91.4 " "193.200.50.51"))) | ||
89 | |||
90 | %loopback-static-networking)) | ||
91 | |||
92 | (service gitolite-service-type | ||
93 | (gitolite-configuration | ||
94 | (admin-pubkey jdlugosz-ssh-pub) | ||
95 | (group "fcgiwrap") | ||
96 | (rc-file | ||
97 | (gitolite-rc-file (umask #o0027) | ||
98 | ;; Allow to set any configuration key | ||
99 | (git-config-keys ".*"))))) | ||
100 | |||
101 | ;;; Note to myself: | ||
102 | ;;; | ||
103 | ;;; After fresh installation, nginx wont be working, | ||
104 | ;;; because the ssl certifications aren't generated yet, | ||
105 | ;;; you have to comment out the cgit and nginx service type | ||
106 | ;;; and after system reconfigure, run this script: | ||
107 | ;;; /var/lib/certbot/renew-certicates | ||
108 | ;;; after it, new certificates should appear in: | ||
109 | ;;; /etc/letsencrypt/live/{domain} directory | ||
110 | ;;; now you can uncomment cgit and nginx service type | ||
111 | ;;; and after system reconfigure everything should be up and running. | ||
112 | (service certbot-service-type | ||
113 | (certbot-configuration | ||
114 | (email "me@jdlugosz.com") | ||
115 | (certificates | ||
116 | (list | ||
117 | (certificate-configuration | ||
118 | (domains '("jdlugosz.com" "git.jdlugosz.com")) | ||
119 | (deploy-hook %nginx-deploy-hook)))))) | ||
120 | |||
121 | (service cgit-service-type | ||
122 | (cgit-configuration | ||
123 | (enable-commit-graph? #t) | ||
124 | (enable-html-serving? #t) | ||
125 | (remove-suffix? #t) | ||
126 | (nocache? #t) | ||
127 | (enable-log-filecount? #t) | ||
128 | (enable-log-linecount? #t) | ||
129 | (side-by-side-diffs? #t) | ||
130 | (enable-git-config? #t) | ||
131 | (section-from-path 1) | ||
132 | (repository-directory "/var/lib/gitolite/repositories/public/") | ||
133 | (source-filter (file-append cgit "/lib/cgit/filters/syntax-highlighting.py")) | ||
134 | (about-filter (file-append cgit "/lib/cgit/filters/about-formatting.sh")) | ||
135 | (max-stats "year") | ||
136 | (snapshots '("tar.gz" "zip")) | ||
137 | (readme "CGIT README") | ||
138 | |||
139 | (nginx | ||
140 | (list | ||
141 | (nginx-server-configuration | ||
142 | (inherit %cgit-configuration-nginx) | ||
143 | (server-name '("git.jdlugosz.com")) | ||
144 | (listen '("443 ssl")) | ||
145 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
146 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) | ||
147 | |||
148 | (service nginx-service-type | ||
149 | (nginx-configuration | ||
150 | (server-blocks | ||
151 | (list | ||
152 | (nginx-server-configuration | ||
153 | (server-name '("jdlugosz.com")) | ||
154 | (listen '("443 ssl")) | ||
155 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
156 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")) | ||
157 | (root "/srv/http/jdlugosz.com")))))) | ||
158 | |||
159 | (service hwp-service-type | ||
160 | (hwp-site-configuration | ||
161 | (name "hwp-base"))) | ||
162 | |||
163 | (modify-services %base-services | ||
164 | (delete static-networking-service-type)))) | ||
165 | |||
166 | (bootloader (bootloader-configuration | ||
167 | (bootloader grub-bootloader) | ||
168 | (targets (list "/dev/sda")) | ||
169 | (keyboard-layout keyboard-layout))) | ||
170 | (initrd-modules (append '("virtio_scsi") %base-initrd-modules)) | ||
171 | (swap-devices (list (swap-space | ||
172 | (target (uuid | ||
173 | "1510f063-9936-494a-97ee-488fda7ff0fe"))))) | ||
174 | |||
175 | ;; The list of file systems that get "mounted". The unique | ||
176 | ;; file system identifiers there ("UUIDs") can be obtained | ||
177 | ;; by running 'blkid' in a terminal. | ||
178 | (file-systems (cons* (file-system | ||
179 | (mount-point "/") | ||
180 | (device (uuid | ||
181 | "21ea8fcd-d031-4f00-9e57-0bd4ed5b0230" | ||
182 | 'ext4)) | ||
183 | (type "ext4")) %base-file-systems)))) | ||
184 | |||
185 | hipis | ||
186 | |||