summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rwxr-xr-xhipis.scm53
-rw-r--r--hipis/packages/web.scm8
-rw-r--r--hipis/services/goaccess.scm83
-rw-r--r--hipis/services/radicale.scm149
5 files changed, 282 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..30bd623
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
1.env
2
diff --git a/hipis.scm b/hipis.scm
index e3f4b93..d66bec7 100755
--- a/hipis.scm
+++ b/hipis.scm
@@ -11,9 +11,13 @@
11 #:use-module (gnu services version-control) 11 #:use-module (gnu services version-control)
12 #:use-module (gnu services certbot) 12 #:use-module (gnu services certbot)
13 #:use-module (gnu services web) 13 #:use-module (gnu services web)
14 #:use-module (gnu services messaging) 14 #:use-module (gnu services dbus)
15 #:use-module (gnu services desktop)
16 #:use-module (gnu services docker)
15 17
16 #:use-module (hipis services web)) 18 #:use-module (hipis services web)
19 #:use-module (hipis services goaccess)
20 #:use-module (hipis services radicale))
17 21
18(define jdlugosz-ssh-pub 22(define jdlugosz-ssh-pub
19 (local-file "./jdlugosz.pub")) 23 (local-file "./jdlugosz.pub"))
@@ -47,19 +51,25 @@
47 (supplementary-groups '("wheel" ;; sudo 51 (supplementary-groups '("wheel" ;; sudo
48 "netdev" ;; network devices 52 "netdev" ;; network devices
49 "tty" 53 "tty"
50 "input"))) 54 "input"
55 "docker")))
51 %base-user-accounts)) 56 %base-user-accounts))
52 57
53 (packages (append 58 (packages (append
54 (specifications->packages '("emacs-no-x-toolkit" 59 (map car
55 "exfat-utils" 60 (specifications->packages '("emacs-no-x-toolkit"
56 "git" 61 "exfat-utils"
57 "nss-certs" 62 "git"
58 "nmap" 63 ;; "nss-certs"
59 "curl")) 64 "nmap"
65 "curl")))
60 %base-packages)) 66 %base-packages))
61 67
62 (services (cons* 68 (services (cons*
69 (service elogind-service-type)
70 (service dbus-root-service-type)
71 (service docker-service-type)
72
63 (service fail2ban-service-type 73 (service fail2ban-service-type
64 (fail2ban-configuration 74 (fail2ban-configuration
65 (extra-jails 75 (extra-jails
@@ -73,6 +83,7 @@
73 (permit-root-login 'prohibit-password) 83 (permit-root-login 'prohibit-password)
74 (allow-empty-passwords? #f) 84 (allow-empty-passwords? #f)
75 (password-authentication? #f) 85 (password-authentication? #f)
86 (gateway-ports? #t)
76 (authorized-keys 87 (authorized-keys
77 `(("jakub" ,jdlugosz-ssh-pub))))) 88 `(("jakub" ,jdlugosz-ssh-pub)))))
78 89
@@ -116,7 +127,8 @@
116 (certificates 127 (certificates
117 (list 128 (list
118 (certificate-configuration 129 (certificate-configuration
119 (domains '("jdlugosz.com" "git.jdlugosz.com")) 130 (domains '("jdlugosz.com" "git.jdlugosz.com"
131 "caldav.jdlugosz.com" "raport.jdlugosz.com"))
120 (deploy-hook %nginx-deploy-hook)))))) 132 (deploy-hook %nginx-deploy-hook))))))
121 133
122 (service cgit-service-type 134 (service cgit-service-type
@@ -146,7 +158,26 @@
146 (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) 158 (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
147 (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) 159 (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
148 160
149 (service quassel-service-type) 161 (service goaccess-service-type
162 (goaccess-configuration
163 (goaccess-nginx-server-configuration
164 (nginx-server-configuration
165 (inherit %goaccess-nginx-server-configuration)
166 (server-name '("raport.jdlugosz.com"))
167 (listen '("443 ssl"))
168 (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
169 (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))
170
171 (service radicale-service-type
172 (radicale-configuration
173 (users `(("admin" . ,(getenv "RADICALE_ADMIN_PASS"))))
174 (radicale-nginx-server-configuration
175 (nginx-server-configuration
176 (inherit %radicale-nginx-server-configuration)
177 (server-name '("caldav.jdlugosz.com"))
178 (listen '("443 ssl"))
179 (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
180 (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))
150 181
151 (service hwp-service-type 182 (service hwp-service-type
152 (hwp-site-configuration 183 (hwp-site-configuration
diff --git a/hipis/packages/web.scm b/hipis/packages/web.scm
index e4f4f6c..94ebcbf 100644
--- a/hipis/packages/web.scm
+++ b/hipis/packages/web.scm
@@ -26,7 +26,7 @@
26 (description "Build scripts to *.jdlugosz.com pages.") 26 (description "Build scripts to *.jdlugosz.com pages.")
27 (home-page "https://git.jdlugosz.com/hipis/hipis-system/") 27 (home-page "https://git.jdlugosz.com/hipis/hipis-system/")
28 (source 28 (source
29 (local-file "/home/jakub/Projects/hipis/hipis/packages/source/hwp" #:recursive? #t)) 29 (local-file "/home/jakub/hipis-system/hipis/packages/source/hwp" #:recursive? #t))
30 (build-system guile-build-system) 30 (build-system guile-build-system)
31 31
32 (arguments 32 (arguments
@@ -35,11 +35,14 @@
35 (lambda* (#:key inputs outputs #:allow-other-keys) 35 (lambda* (#:key inputs outputs #:allow-other-keys)
36 (let* ((out (assoc-ref outputs "out")) 36 (let* ((out (assoc-ref outputs "out"))
37 (bin (string-append out "/bin/")) 37 (bin (string-append out "/bin/"))
38 (site (string-append out "/share/guile/site/3.0/"))
38 (haunt (assoc-ref inputs "haunt")) 39 (haunt (assoc-ref inputs "haunt"))
39 (hwp "hwp-build")) 40 (hwp "hwp-build"))
40 (mkdir-p bin) 41 (mkdir-p bin)
41 (chmod hwp #o555) 42 (chmod hwp #o555)
42 (copy-recursively hwp (string-append bin hwp)) 43 (copy-recursively hwp (string-append bin hwp))
44 (copy-recursively "hwp/static/"
45 (string-append site "hwp/static/"))
43 (delete-file-recursively hwp)))) 46 (delete-file-recursively hwp))))
44 47
45 (add-before 'install 'wrap-hipis-build-web-page 48 (add-before 'install 'wrap-hipis-build-web-page
@@ -66,7 +69,8 @@
66 ;; (native-inputs (list haunt)) 69 ;; (native-inputs (list haunt))
67 (inputs (list guile-3.0 70 (inputs (list guile-3.0
68 guile-reader 71 guile-reader
69 guile-commonmark)) 72 guile-commonmark
73 guile-syntax-highlight))
70 (propagated-inputs (list haunt)) 74 (propagated-inputs (list haunt))
71 (license license:gpl3+))) 75 (license license:gpl3+)))
72 76
diff --git a/hipis/services/goaccess.scm b/hipis/services/goaccess.scm
new file mode 100644
index 0000000..e71ca2b
--- /dev/null
+++ b/hipis/services/goaccess.scm
@@ -0,0 +1,83 @@
1(define-module (hipis services goaccess)
2 #:use-module ((guix licenses) #:prefix license:)
3 #:use-module (guix packages)
4 #:use-module (guix profiles)
5 #:use-module (guix gexp)
6 #:use-module (guix records)
7 #:use-module (guix download)
8
9 #:use-module (gnu packages)
10 #:use-module (gnu packages web)
11 #:use-module (gnu services)
12 #:use-module (gnu services web)
13 #:use-module (gnu services guix)
14 #:use-module (gnu services mcron)
15 #:export (goaccess-service-type
16 goaccess-configuration
17 %goaccess-nginx-server-configuration))
18
19(define %goaccess-nginx-server-configuration
20 (nginx-server-configuration
21 (root "/var/www/raport/")
22 (listen '("80"))
23 (ssl-certificate #f)
24 (ssl-certificate-key #f)))
25
26(define-record-type* <goaccess-configuration>
27 goaccess-configuration make-goaccess-configuration
28 goaccess-configuration-configuration?
29 (nginx-log-access goaccess-configuration-nginx-log-access
30 (default "/var/log/nginx/access.log"))
31 (goaccess-run-script-dir goaccess-configuration-goaccess-run-script
32 (default "/var/lib/goaccess/"))
33 (goaccess-run-script-name goaccess-configuration-goaccess-run-script-name
34 (default "generate-raport"))
35 (goaccess-additional-args goaccess-configuration-goaccess-additional-args
36 (default '()))
37 (goaccess-nginx-server-configuration goaccess-configuration-goaccess-nginx-server-configuration
38 (default %goaccess-nginx-configuration)))
39
40(define (goaccess-run-script config)
41 (match-record config <goaccess-configuration>
42 (goaccess-additional-args goaccess-nginx-server-configuration goaccess-run-script-name)
43 (program-file goaccess-run-script-name
44 #~(begin
45 (use-modules (guix build utils))
46 (system* (string-append #$goaccess "/bin/goaccess")
47 "/var/log/nginx/access.log"
48 "--log-format" "COMBINED"
49 "-o" #$(string-append (nginx-server-configuration-root
50 goaccess-nginx-server-configuration)
51 "index.html")
52 #$@goaccess-additional-args)))))
53
54(define (goaccess-activation config)
55 (match-record config <goaccess-configuration>
56 (goaccess-run-script-dir goaccess-run-script-name goaccess-nginx-server-configuration)
57 #~(begin
58 (use-modules (guix build utils))
59
60 (format #t "creating goaccess run script at '~a'~%" #$goaccess-run-script-dir)
61 (mkdir-p #$goaccess-run-script-dir)
62 (mkdir-p #$(nginx-server-configuration-root
63 goaccess-nginx-server-configuration))
64 (copy-file #$(goaccess-run-script config)
65 #$(string-append goaccess-run-script-dir
66 goaccess-run-script-name)))))
67
68(define goaccess-service-type
69 (service-type
70 (name 'goaccess)
71 (extensions
72 (list (service-extension activation-service-type
73 goaccess-activation)
74 (service-extension nginx-service-type
75 (lambda (config)
76 (list (goaccess-configuration-goaccess-nginx-server-configuration
77 config))))
78 (service-extension mcron-service-type
79 (lambda (config)
80 (list #~(job '(next-hour '(0 12))
81 #$(goaccess-run-script config)))))))
82 (description
83 "Create static raports for various types of web server using goaccess.")))
diff --git a/hipis/services/radicale.scm b/hipis/services/radicale.scm
new file mode 100644
index 0000000..4198095
--- /dev/null
+++ b/hipis/services/radicale.scm
@@ -0,0 +1,149 @@
1(define-module (hipis services radicale)
2 #:use-module (ice-9 match)
3
4 #:use-module ((guix licenses) #:prefix license:)
5 #:use-module (guix packages)
6 #:use-module (guix profiles)
7 #:use-module (guix gexp)
8 #:use-module (guix records)
9 #:use-module (guix download)
10
11 #:use-module (gnu packages)
12 #:use-module (gnu packages web)
13 #:use-module (gnu packages base)
14 #:use-module (gnu packages dav)
15 #:use-module (gnu packages admin)
16
17 #:use-module (gnu services)
18 #:use-module (gnu services web)
19 #:use-module (gnu services guix)
20 #:use-module (gnu services shepherd)
21
22 #:use-module (gnu system shadow)
23
24 #:export (radicale-service-type
25 radicale-configuration
26 radicale-nginx-server-configuration
27 %radicale-config-file
28 %radicale-nginx-server-configuration))
29
30(define %radicale-config-file
31 (plain-file "radicale.conf" "
32[auth]
33type = htpasswd
34htpasswd_filename = /var/lib/radicale/users
35htpasswd_encryption = md5
36
37[server]
38hosts = localhost:5232
39"))
40
41
42(define %radicale-nginx-server-configuration
43 (nginx-server-configuration
44 (locations
45 (list
46 (nginx-location-configuration
47 (uri "/radicale/")
48 (body '("proxy_pass http://localhost:5232/;"
49 "proxy_set_header X-Script-Name /radicale;"
50 "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
51 "proxy_set_header Host $http_host;"
52 "proxy_pass_header Authorization;")))))
53 (root "")
54 (try-files #nil)
55 (index #nil)
56 (listen '("80"))
57 (ssl-certificate #f)
58 (ssl-certificate-key #f)))
59
60(define %radicale-accounts
61 (list (user-group
62 (name "radicale")
63 (system? #t))
64 (user-account
65 (name "radicale")
66 (group "radicale")
67 (system? #t)
68 (comment "Radicale Daemon")
69 (home-directory "/var/empty")
70 (shell (file-append shadow "/sbin/nologin")))))
71
72(define-record-type* <radicale-configuration>
73 radicale-configuration make-radicale-configuration
74 radicale-configuration-configuration?
75 (radicale-nginx-server-configuration radicale-configuration-radicale-nginx-server-configuration
76 (default %radicale-nginx-server-configuration))
77 (package radicale-configuration-package
78 (default radicale))
79 (config-file radicale-configuration-config-file
80 (default %radicale-config-file))
81 (users radicale-configuration-users
82 (default '())))
83
84(define (radicale-nginx-service config)
85 (list (radicale-configuration-radicale-nginx-server-configuration
86 config)))
87
88(define (radicale-activation config)
89 (match-record config <radicale-configuration>
90 (users)
91 (with-imported-modules '((guix build utils))
92 #~(begin
93 (use-modules (guix build utils)
94 (ice-9 match))
95 (let* ((uid (passwd:uid (getpw "radicale")))
96 (gid (group:gid (getgr "radicale")))
97 (radicale-lib "/var/lib/radicale")
98 (radicale-collections
99 (string-append radicale-lib "/collections"))
100 (radicale-users
101 (string-append radicale-lib "/users")))
102 (mkdir-p radicale-collections)
103 (chown radicale-collections uid gid)
104 (chown radicale-lib uid gid)
105 (chmod radicale-lib #o700)
106 (when (file-exists? radicale-users)
107 (system* #$(file-append coreutils "/bin/rm")
108 radicale-users))
109 (system* #$(file-append coreutils "/bin/touch")
110 radicale-users)
111 (chown radicale-users uid gid)
112 (map (match-lambda
113 ((user . pass)
114 (system* #$(file-append httpd "/bin/htpasswd")
115 "-b" radicale-users user pass))
116 (_ (error "Expected list of cons lists with username and password.")))
117 '#$users))))))
118
119
120(define (radicale-shepherd-service config)
121 (match-record config <radicale-configuration>
122 (package config-file)
123 (list (shepherd-service
124 (provision '(radicale))
125 (documentation "Run the radicale daemon.")
126 (requirement '(networking))
127 (start #~(make-forkexec-constructor
128 (list #$(file-append package "/bin/radicale")
129 "-C" #$config-file)
130 #:user "radicale"
131 #:group "radicale"))
132 (stop #~(make-kill-destructor))))))
133
134(define radicale-service-type
135 (service-type
136 (name 'radicale)
137 (extensions
138 (list (service-extension nginx-service-type
139 radicale-nginx-service)
140 (service-extension shepherd-root-service-type
141 radicale-shepherd-service)
142 (service-extension account-service-type
143 (const %radicale-accounts))
144 (service-extension activation-service-type
145 radicale-activation)))
146 (default-value (radicale-configuration))
147 (description
148 "Create static raports for various types of web server using goaccess.")))
149