diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rwxr-xr-x | hipis.scm | 53 | ||||
-rw-r--r-- | hipis/packages/web.scm | 8 | ||||
-rw-r--r-- | hipis/services/goaccess.scm | 83 | ||||
-rw-r--r-- | hipis/services/radicale.scm | 149 |
5 files changed, 282 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30bd623 --- /dev/null +++ b/.gitignore | |||
@@ -0,0 +1,2 @@ | |||
1 | .env | ||
2 | |||
@@ -11,9 +11,13 @@ | |||
11 | #:use-module (gnu services version-control) | 11 | #:use-module (gnu services version-control) |
12 | #:use-module (gnu services certbot) | 12 | #:use-module (gnu services certbot) |
13 | #:use-module (gnu services web) | 13 | #:use-module (gnu services web) |
14 | #:use-module (gnu services messaging) | 14 | #:use-module (gnu services dbus) |
15 | #:use-module (gnu services desktop) | ||
16 | #:use-module (gnu services docker) | ||
15 | 17 | ||
16 | #:use-module (hipis services web)) | 18 | #:use-module (hipis services web) |
19 | #:use-module (hipis services goaccess) | ||
20 | #:use-module (hipis services radicale)) | ||
17 | 21 | ||
18 | (define jdlugosz-ssh-pub | 22 | (define jdlugosz-ssh-pub |
19 | (local-file "./jdlugosz.pub")) | 23 | (local-file "./jdlugosz.pub")) |
@@ -47,19 +51,25 @@ | |||
47 | (supplementary-groups '("wheel" ;; sudo | 51 | (supplementary-groups '("wheel" ;; sudo |
48 | "netdev" ;; network devices | 52 | "netdev" ;; network devices |
49 | "tty" | 53 | "tty" |
50 | "input"))) | 54 | "input" |
55 | "docker"))) | ||
51 | %base-user-accounts)) | 56 | %base-user-accounts)) |
52 | 57 | ||
53 | (packages (append | 58 | (packages (append |
54 | (specifications->packages '("emacs-no-x-toolkit" | 59 | (map car |
55 | "exfat-utils" | 60 | (specifications->packages '("emacs-no-x-toolkit" |
56 | "git" | 61 | "exfat-utils" |
57 | "nss-certs" | 62 | "git" |
58 | "nmap" | 63 | ;; "nss-certs" |
59 | "curl")) | 64 | "nmap" |
65 | "curl"))) | ||
60 | %base-packages)) | 66 | %base-packages)) |
61 | 67 | ||
62 | (services (cons* | 68 | (services (cons* |
69 | (service elogind-service-type) | ||
70 | (service dbus-root-service-type) | ||
71 | (service docker-service-type) | ||
72 | |||
63 | (service fail2ban-service-type | 73 | (service fail2ban-service-type |
64 | (fail2ban-configuration | 74 | (fail2ban-configuration |
65 | (extra-jails | 75 | (extra-jails |
@@ -73,6 +83,7 @@ | |||
73 | (permit-root-login 'prohibit-password) | 83 | (permit-root-login 'prohibit-password) |
74 | (allow-empty-passwords? #f) | 84 | (allow-empty-passwords? #f) |
75 | (password-authentication? #f) | 85 | (password-authentication? #f) |
86 | (gateway-ports? #t) | ||
76 | (authorized-keys | 87 | (authorized-keys |
77 | `(("jakub" ,jdlugosz-ssh-pub))))) | 88 | `(("jakub" ,jdlugosz-ssh-pub))))) |
78 | 89 | ||
@@ -116,7 +127,8 @@ | |||
116 | (certificates | 127 | (certificates |
117 | (list | 128 | (list |
118 | (certificate-configuration | 129 | (certificate-configuration |
119 | (domains '("jdlugosz.com" "git.jdlugosz.com")) | 130 | (domains '("jdlugosz.com" "git.jdlugosz.com" |
131 | "caldav.jdlugosz.com" "raport.jdlugosz.com")) | ||
120 | (deploy-hook %nginx-deploy-hook)))))) | 132 | (deploy-hook %nginx-deploy-hook)))))) |
121 | 133 | ||
122 | (service cgit-service-type | 134 | (service cgit-service-type |
@@ -146,7 +158,26 @@ | |||
146 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | 158 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) |
147 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) | 159 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) |
148 | 160 | ||
149 | (service quassel-service-type) | 161 | (service goaccess-service-type |
162 | (goaccess-configuration | ||
163 | (goaccess-nginx-server-configuration | ||
164 | (nginx-server-configuration | ||
165 | (inherit %goaccess-nginx-server-configuration) | ||
166 | (server-name '("raport.jdlugosz.com")) | ||
167 | (listen '("443 ssl")) | ||
168 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
169 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
170 | |||
171 | (service radicale-service-type | ||
172 | (radicale-configuration | ||
173 | (users `(("admin" . ,(getenv "RADICALE_ADMIN_PASS")))) | ||
174 | (radicale-nginx-server-configuration | ||
175 | (nginx-server-configuration | ||
176 | (inherit %radicale-nginx-server-configuration) | ||
177 | (server-name '("caldav.jdlugosz.com")) | ||
178 | (listen '("443 ssl")) | ||
179 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
180 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
150 | 181 | ||
151 | (service hwp-service-type | 182 | (service hwp-service-type |
152 | (hwp-site-configuration | 183 | (hwp-site-configuration |
diff --git a/hipis/packages/web.scm b/hipis/packages/web.scm index e4f4f6c..94ebcbf 100644 --- a/hipis/packages/web.scm +++ b/hipis/packages/web.scm | |||
@@ -26,7 +26,7 @@ | |||
26 | (description "Build scripts to *.jdlugosz.com pages.") | 26 | (description "Build scripts to *.jdlugosz.com pages.") |
27 | (home-page "https://git.jdlugosz.com/hipis/hipis-system/") | 27 | (home-page "https://git.jdlugosz.com/hipis/hipis-system/") |
28 | (source | 28 | (source |
29 | (local-file "/home/jakub/Projects/hipis/hipis/packages/source/hwp" #:recursive? #t)) | 29 | (local-file "/home/jakub/hipis-system/hipis/packages/source/hwp" #:recursive? #t)) |
30 | (build-system guile-build-system) | 30 | (build-system guile-build-system) |
31 | 31 | ||
32 | (arguments | 32 | (arguments |
@@ -35,11 +35,14 @@ | |||
35 | (lambda* (#:key inputs outputs #:allow-other-keys) | 35 | (lambda* (#:key inputs outputs #:allow-other-keys) |
36 | (let* ((out (assoc-ref outputs "out")) | 36 | (let* ((out (assoc-ref outputs "out")) |
37 | (bin (string-append out "/bin/")) | 37 | (bin (string-append out "/bin/")) |
38 | (site (string-append out "/share/guile/site/3.0/")) | ||
38 | (haunt (assoc-ref inputs "haunt")) | 39 | (haunt (assoc-ref inputs "haunt")) |
39 | (hwp "hwp-build")) | 40 | (hwp "hwp-build")) |
40 | (mkdir-p bin) | 41 | (mkdir-p bin) |
41 | (chmod hwp #o555) | 42 | (chmod hwp #o555) |
42 | (copy-recursively hwp (string-append bin hwp)) | 43 | (copy-recursively hwp (string-append bin hwp)) |
44 | (copy-recursively "hwp/static/" | ||
45 | (string-append site "hwp/static/")) | ||
43 | (delete-file-recursively hwp)))) | 46 | (delete-file-recursively hwp)))) |
44 | 47 | ||
45 | (add-before 'install 'wrap-hipis-build-web-page | 48 | (add-before 'install 'wrap-hipis-build-web-page |
@@ -66,7 +69,8 @@ | |||
66 | ;; (native-inputs (list haunt)) | 69 | ;; (native-inputs (list haunt)) |
67 | (inputs (list guile-3.0 | 70 | (inputs (list guile-3.0 |
68 | guile-reader | 71 | guile-reader |
69 | guile-commonmark)) | 72 | guile-commonmark |
73 | guile-syntax-highlight)) | ||
70 | (propagated-inputs (list haunt)) | 74 | (propagated-inputs (list haunt)) |
71 | (license license:gpl3+))) | 75 | (license license:gpl3+))) |
72 | 76 | ||
diff --git a/hipis/services/goaccess.scm b/hipis/services/goaccess.scm new file mode 100644 index 0000000..e71ca2b --- /dev/null +++ b/hipis/services/goaccess.scm | |||
@@ -0,0 +1,83 @@ | |||
1 | (define-module (hipis services goaccess) | ||
2 | #:use-module ((guix licenses) #:prefix license:) | ||
3 | #:use-module (guix packages) | ||
4 | #:use-module (guix profiles) | ||
5 | #:use-module (guix gexp) | ||
6 | #:use-module (guix records) | ||
7 | #:use-module (guix download) | ||
8 | |||
9 | #:use-module (gnu packages) | ||
10 | #:use-module (gnu packages web) | ||
11 | #:use-module (gnu services) | ||
12 | #:use-module (gnu services web) | ||
13 | #:use-module (gnu services guix) | ||
14 | #:use-module (gnu services mcron) | ||
15 | #:export (goaccess-service-type | ||
16 | goaccess-configuration | ||
17 | %goaccess-nginx-server-configuration)) | ||
18 | |||
19 | (define %goaccess-nginx-server-configuration | ||
20 | (nginx-server-configuration | ||
21 | (root "/var/www/raport/") | ||
22 | (listen '("80")) | ||
23 | (ssl-certificate #f) | ||
24 | (ssl-certificate-key #f))) | ||
25 | |||
26 | (define-record-type* <goaccess-configuration> | ||
27 | goaccess-configuration make-goaccess-configuration | ||
28 | goaccess-configuration-configuration? | ||
29 | (nginx-log-access goaccess-configuration-nginx-log-access | ||
30 | (default "/var/log/nginx/access.log")) | ||
31 | (goaccess-run-script-dir goaccess-configuration-goaccess-run-script | ||
32 | (default "/var/lib/goaccess/")) | ||
33 | (goaccess-run-script-name goaccess-configuration-goaccess-run-script-name | ||
34 | (default "generate-raport")) | ||
35 | (goaccess-additional-args goaccess-configuration-goaccess-additional-args | ||
36 | (default '())) | ||
37 | (goaccess-nginx-server-configuration goaccess-configuration-goaccess-nginx-server-configuration | ||
38 | (default %goaccess-nginx-configuration))) | ||
39 | |||
40 | (define (goaccess-run-script config) | ||
41 | (match-record config <goaccess-configuration> | ||
42 | (goaccess-additional-args goaccess-nginx-server-configuration goaccess-run-script-name) | ||
43 | (program-file goaccess-run-script-name | ||
44 | #~(begin | ||
45 | (use-modules (guix build utils)) | ||
46 | (system* (string-append #$goaccess "/bin/goaccess") | ||
47 | "/var/log/nginx/access.log" | ||
48 | "--log-format" "COMBINED" | ||
49 | "-o" #$(string-append (nginx-server-configuration-root | ||
50 | goaccess-nginx-server-configuration) | ||
51 | "index.html") | ||
52 | #$@goaccess-additional-args))))) | ||
53 | |||
54 | (define (goaccess-activation config) | ||
55 | (match-record config <goaccess-configuration> | ||
56 | (goaccess-run-script-dir goaccess-run-script-name goaccess-nginx-server-configuration) | ||
57 | #~(begin | ||
58 | (use-modules (guix build utils)) | ||
59 | |||
60 | (format #t "creating goaccess run script at '~a'~%" #$goaccess-run-script-dir) | ||
61 | (mkdir-p #$goaccess-run-script-dir) | ||
62 | (mkdir-p #$(nginx-server-configuration-root | ||
63 | goaccess-nginx-server-configuration)) | ||
64 | (copy-file #$(goaccess-run-script config) | ||
65 | #$(string-append goaccess-run-script-dir | ||
66 | goaccess-run-script-name))))) | ||
67 | |||
68 | (define goaccess-service-type | ||
69 | (service-type | ||
70 | (name 'goaccess) | ||
71 | (extensions | ||
72 | (list (service-extension activation-service-type | ||
73 | goaccess-activation) | ||
74 | (service-extension nginx-service-type | ||
75 | (lambda (config) | ||
76 | (list (goaccess-configuration-goaccess-nginx-server-configuration | ||
77 | config)))) | ||
78 | (service-extension mcron-service-type | ||
79 | (lambda (config) | ||
80 | (list #~(job '(next-hour '(0 12)) | ||
81 | #$(goaccess-run-script config))))))) | ||
82 | (description | ||
83 | "Create static raports for various types of web server using goaccess."))) | ||
diff --git a/hipis/services/radicale.scm b/hipis/services/radicale.scm new file mode 100644 index 0000000..4198095 --- /dev/null +++ b/hipis/services/radicale.scm | |||
@@ -0,0 +1,149 @@ | |||
1 | (define-module (hipis services radicale) | ||
2 | #:use-module (ice-9 match) | ||
3 | |||
4 | #:use-module ((guix licenses) #:prefix license:) | ||
5 | #:use-module (guix packages) | ||
6 | #:use-module (guix profiles) | ||
7 | #:use-module (guix gexp) | ||
8 | #:use-module (guix records) | ||
9 | #:use-module (guix download) | ||
10 | |||
11 | #:use-module (gnu packages) | ||
12 | #:use-module (gnu packages web) | ||
13 | #:use-module (gnu packages base) | ||
14 | #:use-module (gnu packages dav) | ||
15 | #:use-module (gnu packages admin) | ||
16 | |||
17 | #:use-module (gnu services) | ||
18 | #:use-module (gnu services web) | ||
19 | #:use-module (gnu services guix) | ||
20 | #:use-module (gnu services shepherd) | ||
21 | |||
22 | #:use-module (gnu system shadow) | ||
23 | |||
24 | #:export (radicale-service-type | ||
25 | radicale-configuration | ||
26 | radicale-nginx-server-configuration | ||
27 | %radicale-config-file | ||
28 | %radicale-nginx-server-configuration)) | ||
29 | |||
30 | (define %radicale-config-file | ||
31 | (plain-file "radicale.conf" " | ||
32 | [auth] | ||
33 | type = htpasswd | ||
34 | htpasswd_filename = /var/lib/radicale/users | ||
35 | htpasswd_encryption = md5 | ||
36 | |||
37 | [server] | ||
38 | hosts = localhost:5232 | ||
39 | ")) | ||
40 | |||
41 | |||
42 | (define %radicale-nginx-server-configuration | ||
43 | (nginx-server-configuration | ||
44 | (locations | ||
45 | (list | ||
46 | (nginx-location-configuration | ||
47 | (uri "/radicale/") | ||
48 | (body '("proxy_pass http://localhost:5232/;" | ||
49 | "proxy_set_header X-Script-Name /radicale;" | ||
50 | "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" | ||
51 | "proxy_set_header Host $http_host;" | ||
52 | "proxy_pass_header Authorization;"))))) | ||
53 | (root "") | ||
54 | (try-files #nil) | ||
55 | (index #nil) | ||
56 | (listen '("80")) | ||
57 | (ssl-certificate #f) | ||
58 | (ssl-certificate-key #f))) | ||
59 | |||
60 | (define %radicale-accounts | ||
61 | (list (user-group | ||
62 | (name "radicale") | ||
63 | (system? #t)) | ||
64 | (user-account | ||
65 | (name "radicale") | ||
66 | (group "radicale") | ||
67 | (system? #t) | ||
68 | (comment "Radicale Daemon") | ||
69 | (home-directory "/var/empty") | ||
70 | (shell (file-append shadow "/sbin/nologin"))))) | ||
71 | |||
72 | (define-record-type* <radicale-configuration> | ||
73 | radicale-configuration make-radicale-configuration | ||
74 | radicale-configuration-configuration? | ||
75 | (radicale-nginx-server-configuration radicale-configuration-radicale-nginx-server-configuration | ||
76 | (default %radicale-nginx-server-configuration)) | ||
77 | (package radicale-configuration-package | ||
78 | (default radicale)) | ||
79 | (config-file radicale-configuration-config-file | ||
80 | (default %radicale-config-file)) | ||
81 | (users radicale-configuration-users | ||
82 | (default '()))) | ||
83 | |||
84 | (define (radicale-nginx-service config) | ||
85 | (list (radicale-configuration-radicale-nginx-server-configuration | ||
86 | config))) | ||
87 | |||
88 | (define (radicale-activation config) | ||
89 | (match-record config <radicale-configuration> | ||
90 | (users) | ||
91 | (with-imported-modules '((guix build utils)) | ||
92 | #~(begin | ||
93 | (use-modules (guix build utils) | ||
94 | (ice-9 match)) | ||
95 | (let* ((uid (passwd:uid (getpw "radicale"))) | ||
96 | (gid (group:gid (getgr "radicale"))) | ||
97 | (radicale-lib "/var/lib/radicale") | ||
98 | (radicale-collections | ||
99 | (string-append radicale-lib "/collections")) | ||
100 | (radicale-users | ||
101 | (string-append radicale-lib "/users"))) | ||
102 | (mkdir-p radicale-collections) | ||
103 | (chown radicale-collections uid gid) | ||
104 | (chown radicale-lib uid gid) | ||
105 | (chmod radicale-lib #o700) | ||
106 | (when (file-exists? radicale-users) | ||
107 | (system* #$(file-append coreutils "/bin/rm") | ||
108 | radicale-users)) | ||
109 | (system* #$(file-append coreutils "/bin/touch") | ||
110 | radicale-users) | ||
111 | (chown radicale-users uid gid) | ||
112 | (map (match-lambda | ||
113 | ((user . pass) | ||
114 | (system* #$(file-append httpd "/bin/htpasswd") | ||
115 | "-b" radicale-users user pass)) | ||
116 | (_ (error "Expected list of cons lists with username and password."))) | ||
117 | '#$users)))))) | ||
118 | |||
119 | |||
120 | (define (radicale-shepherd-service config) | ||
121 | (match-record config <radicale-configuration> | ||
122 | (package config-file) | ||
123 | (list (shepherd-service | ||
124 | (provision '(radicale)) | ||
125 | (documentation "Run the radicale daemon.") | ||
126 | (requirement '(networking)) | ||
127 | (start #~(make-forkexec-constructor | ||
128 | (list #$(file-append package "/bin/radicale") | ||
129 | "-C" #$config-file) | ||
130 | #:user "radicale" | ||
131 | #:group "radicale")) | ||
132 | (stop #~(make-kill-destructor)))))) | ||
133 | |||
134 | (define radicale-service-type | ||
135 | (service-type | ||
136 | (name 'radicale) | ||
137 | (extensions | ||
138 | (list (service-extension nginx-service-type | ||
139 | radicale-nginx-service) | ||
140 | (service-extension shepherd-root-service-type | ||
141 | radicale-shepherd-service) | ||
142 | (service-extension account-service-type | ||
143 | (const %radicale-accounts)) | ||
144 | (service-extension activation-service-type | ||
145 | radicale-activation))) | ||
146 | (default-value (radicale-configuration)) | ||
147 | (description | ||
148 | "Create static raports for various types of web server using goaccess."))) | ||
149 | |||