diff options
Diffstat (limited to 'hipis.scm')
-rwxr-xr-x | hipis.scm | 53 |
1 files changed, 42 insertions, 11 deletions
@@ -11,9 +11,13 @@ | |||
11 | #:use-module (gnu services version-control) | 11 | #:use-module (gnu services version-control) |
12 | #:use-module (gnu services certbot) | 12 | #:use-module (gnu services certbot) |
13 | #:use-module (gnu services web) | 13 | #:use-module (gnu services web) |
14 | #:use-module (gnu services messaging) | 14 | #:use-module (gnu services dbus) |
15 | #:use-module (gnu services desktop) | ||
16 | #:use-module (gnu services docker) | ||
15 | 17 | ||
16 | #:use-module (hipis services web)) | 18 | #:use-module (hipis services web) |
19 | #:use-module (hipis services goaccess) | ||
20 | #:use-module (hipis services radicale)) | ||
17 | 21 | ||
18 | (define jdlugosz-ssh-pub | 22 | (define jdlugosz-ssh-pub |
19 | (local-file "./jdlugosz.pub")) | 23 | (local-file "./jdlugosz.pub")) |
@@ -47,19 +51,25 @@ | |||
47 | (supplementary-groups '("wheel" ;; sudo | 51 | (supplementary-groups '("wheel" ;; sudo |
48 | "netdev" ;; network devices | 52 | "netdev" ;; network devices |
49 | "tty" | 53 | "tty" |
50 | "input"))) | 54 | "input" |
55 | "docker"))) | ||
51 | %base-user-accounts)) | 56 | %base-user-accounts)) |
52 | 57 | ||
53 | (packages (append | 58 | (packages (append |
54 | (specifications->packages '("emacs-no-x-toolkit" | 59 | (map car |
55 | "exfat-utils" | 60 | (specifications->packages '("emacs-no-x-toolkit" |
56 | "git" | 61 | "exfat-utils" |
57 | "nss-certs" | 62 | "git" |
58 | "nmap" | 63 | ;; "nss-certs" |
59 | "curl")) | 64 | "nmap" |
65 | "curl"))) | ||
60 | %base-packages)) | 66 | %base-packages)) |
61 | 67 | ||
62 | (services (cons* | 68 | (services (cons* |
69 | (service elogind-service-type) | ||
70 | (service dbus-root-service-type) | ||
71 | (service docker-service-type) | ||
72 | |||
63 | (service fail2ban-service-type | 73 | (service fail2ban-service-type |
64 | (fail2ban-configuration | 74 | (fail2ban-configuration |
65 | (extra-jails | 75 | (extra-jails |
@@ -73,6 +83,7 @@ | |||
73 | (permit-root-login 'prohibit-password) | 83 | (permit-root-login 'prohibit-password) |
74 | (allow-empty-passwords? #f) | 84 | (allow-empty-passwords? #f) |
75 | (password-authentication? #f) | 85 | (password-authentication? #f) |
86 | (gateway-ports? #t) | ||
76 | (authorized-keys | 87 | (authorized-keys |
77 | `(("jakub" ,jdlugosz-ssh-pub))))) | 88 | `(("jakub" ,jdlugosz-ssh-pub))))) |
78 | 89 | ||
@@ -116,7 +127,8 @@ | |||
116 | (certificates | 127 | (certificates |
117 | (list | 128 | (list |
118 | (certificate-configuration | 129 | (certificate-configuration |
119 | (domains '("jdlugosz.com" "git.jdlugosz.com")) | 130 | (domains '("jdlugosz.com" "git.jdlugosz.com" |
131 | "caldav.jdlugosz.com" "raport.jdlugosz.com")) | ||
120 | (deploy-hook %nginx-deploy-hook)))))) | 132 | (deploy-hook %nginx-deploy-hook)))))) |
121 | 133 | ||
122 | (service cgit-service-type | 134 | (service cgit-service-type |
@@ -146,7 +158,26 @@ | |||
146 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | 158 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) |
147 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) | 159 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) |
148 | 160 | ||
149 | (service quassel-service-type) | 161 | (service goaccess-service-type |
162 | (goaccess-configuration | ||
163 | (goaccess-nginx-server-configuration | ||
164 | (nginx-server-configuration | ||
165 | (inherit %goaccess-nginx-server-configuration) | ||
166 | (server-name '("raport.jdlugosz.com")) | ||
167 | (listen '("443 ssl")) | ||
168 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
169 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
170 | |||
171 | (service radicale-service-type | ||
172 | (radicale-configuration | ||
173 | (users `(("admin" . ,(getenv "RADICALE_ADMIN_PASS")))) | ||
174 | (radicale-nginx-server-configuration | ||
175 | (nginx-server-configuration | ||
176 | (inherit %radicale-nginx-server-configuration) | ||
177 | (server-name '("caldav.jdlugosz.com")) | ||
178 | (listen '("443 ssl")) | ||
179 | (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) | ||
180 | (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) | ||
150 | 181 | ||
151 | (service hwp-service-type | 182 | (service hwp-service-type |
152 | (hwp-site-configuration | 183 | (hwp-site-configuration |