1 files changed, 186 insertions, 0 deletions
diff --git a/hipis.scm b/hipis.scm
new file mode 100755
index 0000000..6cd5654
--- /dev/null
+++ b/hipis.scm
@@ -0,0 +1,186 @@
+(define-module (hipis)
+  #:use-module (guix)
+  #:use-module (gnu)
+  #:use-module (gnu system)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu services)
+  #:use-module (gnu services security)
+  #:use-module (gnu services networking)
+  #:use-module (gnu services ssh)
+  #:use-module (gnu services cgit)
+  #:use-module (gnu services version-control)
+  #:use-module (gnu services certbot)
+  #:use-module (gnu services web)
+  #:use-module (hipis services web))
+(define jdlugosz-ssh-pub
+  (local-file "./jdlugosz.pub"))
+(define %nginx-deploy-hook
+  (program-file
+   "nginx-deploy-hook"
+   #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+       (kill pid SIGHUP))))
+(define (letsencrypt-certificate domain)
+  (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
+(define (letsencrypt-key domain)
+  (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
+(define hipis
+  (operating-system
+   (locale "en_US.utf8")
+   (timezone "Europe/Warsaw")
+   (keyboard-layout (keyboard-layout "pl"))
+   (host-name "hipis")
+   (users (cons*
+           (user-account
+            (name "jakub")
+            (comment "Jakub Dlugosz")
+            (group "users")
+            (home-directory "/home/jakub")
+            (password (crypt "Init14ll-p455w0rd#$" "$6$abc"))
+            (supplementary-groups '("wheel"  ;; sudo
+                                    "netdev" ;; network devices
+                                    "tty"
+                                    "input")))
+           %base-user-accounts))
+   (packages (append
+              (specifications->packages '("emacs-no-x-toolkit"
+                                          "exfat-utils"
+                                          "git"
+                                          "nss-certs"
+                                          "nmap"
+                                          "curl"))
+              %base-packages))
+   (services (cons*
+              (service fail2ban-service-type
+                       (fail2ban-configuration
+                        (extra-jails
+                         (list
+                          (fail2ban-jail-configuration
+                           (name "sshd")
+                           (enabled? #t))))))
+              (service openssh-service-type
+                       (openssh-configuration
+                        (permit-root-login 'prohibit-password)
+                        (allow-empty-passwords? #f)
+                        (password-authentication? #f)
+                        (authorized-keys
+                         `(("jakub" ,jdlugosz-ssh-pub)))))
+              (service static-networking-service-type
+                       (list (static-networking
+                              (addresses
+                               (list (network-address
+                                      (device "eth0")
+                                      (value "193.200.51.92/27"))))
+                              (routes
+                               (list (network-route
+                                      (destination "default")
+                                      (gateway "193.200.51.89"))))
+                              (name-servers '("195.74.91.4 " "193.200.50.51")))
+                             %loopback-static-networking))
+              (service gitolite-service-type
+                       (gitolite-configuration
+                        (admin-pubkey jdlugosz-ssh-pub)
+                        (group "fcgiwrap")
+                        (rc-file
+                         (gitolite-rc-file (umask #o0027)
+                                           ;; Allow to set any configuration key
+                                           (git-config-keys ".*")))))
+               ;;; Note to myself:
+               ;;;
+               ;;; After fresh installation, nginx wont be working,
+               ;;; because the ssl certifications aren't generated yet,
+               ;;; you have to comment out the cgit and nginx service type
+               ;;; and after system reconfigure, run this script:
+               ;;; /var/lib/certbot/renew-certicates
+               ;;; after it, new certificates should appear in:
+               ;;; /etc/letsencrypt/live/{domain} directory
+               ;;; now you can uncomment cgit and nginx service type
+               ;;; and after system reconfigure everything should be up and running.
+              (service certbot-service-type
+                       (certbot-configuration
+                        (email "me@jdlugosz.com")
+                        (certificates
+                         (list
+                          (certificate-configuration
+                           (domains '("jdlugosz.com" "git.jdlugosz.com"))
+                           (deploy-hook %nginx-deploy-hook))))))
+              (service cgit-service-type
+                       (cgit-configuration
+                        (enable-commit-graph? #t)
+                        (enable-html-serving? #t)
+                        (remove-suffix? #t)
+                        (nocache? #t)
+                        (enable-log-filecount? #t)
+                        (enable-log-linecount? #t)
+                        (side-by-side-diffs? #t)
+                        (enable-git-config? #t)
+                        (section-from-path 1)
+                        (repository-directory "/var/lib/gitolite/repositories/public/")
+                        (source-filter (file-append cgit "/lib/cgit/filters/syntax-highlighting.py"))
+                        (about-filter (file-append cgit "/lib/cgit/filters/about-formatting.sh"))
+                        (max-stats "year")
+                        (snapshots '("tar.gz" "zip"))
+                        (readme "CGIT README")
+                        (nginx
+                         (list
+                          (nginx-server-configuration
+                           (inherit %cgit-configuration-nginx)
+                           (server-name '("git.jdlugosz.com"))
+                           (listen '("443 ssl"))
+                           (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+                           (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
+              (service nginx-service-type
+                       (nginx-configuration
+                        (server-blocks
+                         (list
+                          (nginx-server-configuration
+                           (server-name '("jdlugosz.com"))
+                           (listen '("443 ssl"))
+                           (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+                           (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))
+                           (root "/srv/http/jdlugosz.com"))))))
+              (service hwp-service-type
+                       (hwp-site-configuration
+                        (name "hwp-base")))
+              (modify-services %base-services
+                               (delete static-networking-service-type))))
+   (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (targets (list "/dev/sda"))
+                (keyboard-layout keyboard-layout)))
+   (initrd-modules (append '("virtio_scsi") %base-initrd-modules))
+   (swap-devices (list (swap-space
+                        (target (uuid
+                                 "1510f063-9936-494a-97ee-488fda7ff0fe")))))
+   ;; The list of file systems that get "mounted".  The unique
+   ;; file system identifiers there ("UUIDs") can be obtained
+   ;; by running 'blkid' in a terminal.
+   (file-systems (cons* (file-system
+                         (mount-point "/")
+                         (device (uuid
+                                  "21ea8fcd-d031-4f00-9e57-0bd4ed5b0230"
+                                  'ext4))
+                         (type "ext4")) %base-file-systems))))
+hipis

diff --git a/hipis.scm b/hipis.scm new file mode 100755 index 0000000..6cd5654 --- /dev/null +++ b/hipis.scm
@@ -0,0 +1,186 @@
	1	(define-module (hipis)
	2	#:use-module (guix)
	3	#:use-module (gnu)
	4	#:use-module (gnu system)
	5	#:use-module (gnu packages version-control)
	6	#:use-module (gnu services)
	7	#:use-module (gnu services security)
	8	#:use-module (gnu services networking)
	9	#:use-module (gnu services ssh)
	10	#:use-module (gnu services cgit)
	11	#:use-module (gnu services version-control)
	12	#:use-module (gnu services certbot)
	13	#:use-module (gnu services web)
	14
	15	#:use-module (hipis services web))
	16
	17	(define jdlugosz-ssh-pub
	18	(local-file "./jdlugosz.pub"))
	19
	20	(define %nginx-deploy-hook
	21	(program-file
	22	"nginx-deploy-hook"
	23	#~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
	24	(kill pid SIGHUP))))
	25
	26	(define (letsencrypt-certificate domain)
	27	(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
	28
	29	(define (letsencrypt-key domain)
	30	(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
	31
	32	(define hipis
	33	(operating-system
	34	(locale "en_US.utf8")
	35	(timezone "Europe/Warsaw")
	36	(keyboard-layout (keyboard-layout "pl"))
	37	(host-name "hipis")
	38
	39	(users (cons*
	40	(user-account
	41	(name "jakub")
	42	(comment "Jakub Dlugosz")
	43	(group "users")
	44	(home-directory "/home/jakub")
	45	(password (crypt "Init14ll-p455w0rd#$" "$6$abc"))
	46	(supplementary-groups '("wheel" ;; sudo
	47	"netdev" ;; network devices
	48	"tty"
	49	"input")))
	50	%base-user-accounts))
	51
	52	(packages (append
	53	(specifications->packages '("emacs-no-x-toolkit"
	54	"exfat-utils"
	55	"git"
	56	"nss-certs"
	57	"nmap"
	58	"curl"))
	59	%base-packages))
	60
	61	(services (cons*
	62	(service fail2ban-service-type
	63	(fail2ban-configuration
	64	(extra-jails
	65	(list
	66	(fail2ban-jail-configuration
	67	(name "sshd")
	68	(enabled? #t))))))
	69
	70	(service openssh-service-type
	71	(openssh-configuration
	72	(permit-root-login 'prohibit-password)
	73	(allow-empty-passwords? #f)
	74	(password-authentication? #f)
	75	(authorized-keys
	76	`(("jakub" ,jdlugosz-ssh-pub)))))
	77
	78	(service static-networking-service-type
	79	(list (static-networking
	80	(addresses
	81	(list (network-address
	82	(device "eth0")
	83	(value "193.200.51.92/27"))))
	84	(routes
	85	(list (network-route
	86	(destination "default")
	87	(gateway "193.200.51.89"))))
	88	(name-servers '("195.74.91.4 " "193.200.50.51")))
	89
	90	%loopback-static-networking))
	91
	92	(service gitolite-service-type
	93	(gitolite-configuration
	94	(admin-pubkey jdlugosz-ssh-pub)
	95	(group "fcgiwrap")
	96	(rc-file
	97	(gitolite-rc-file (umask #o0027)
	98	;; Allow to set any configuration key
	99	(git-config-keys ".*")))))
	100
	101	;;; Note to myself:
	102	;;;
	103	;;; After fresh installation, nginx wont be working,
	104	;;; because the ssl certifications aren't generated yet,
	105	;;; you have to comment out the cgit and nginx service type
	106	;;; and after system reconfigure, run this script:
	107	;;; /var/lib/certbot/renew-certicates
	108	;;; after it, new certificates should appear in:
	109	;;; /etc/letsencrypt/live/{domain} directory
	110	;;; now you can uncomment cgit and nginx service type
	111	;;; and after system reconfigure everything should be up and running.
	112	(service certbot-service-type
	113	(certbot-configuration
	114	(email "me@jdlugosz.com")
	115	(certificates
	116	(list
	117	(certificate-configuration
	118	(domains '("jdlugosz.com" "git.jdlugosz.com"))
	119	(deploy-hook %nginx-deploy-hook))))))
	120
	121	(service cgit-service-type
	122	(cgit-configuration
	123	(enable-commit-graph? #t)
	124	(enable-html-serving? #t)
	125	(remove-suffix? #t)
	126	(nocache? #t)
	127	(enable-log-filecount? #t)
	128	(enable-log-linecount? #t)
	129	(side-by-side-diffs? #t)
	130	(enable-git-config? #t)
	131	(section-from-path 1)
	132	(repository-directory "/var/lib/gitolite/repositories/public/")
	133	(source-filter (file-append cgit "/lib/cgit/filters/syntax-highlighting.py"))
	134	(about-filter (file-append cgit "/lib/cgit/filters/about-formatting.sh"))
	135	(max-stats "year")
	136	(snapshots '("tar.gz" "zip"))
	137	(readme "CGIT README")
	138
	139	(nginx
	140	(list
	141	(nginx-server-configuration
	142	(inherit %cgit-configuration-nginx)
	143	(server-name '("git.jdlugosz.com"))
	144	(listen '("443 ssl"))
	145	(ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
	146	(ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
	147
	148	(service nginx-service-type
	149	(nginx-configuration
	150	(server-blocks
	151	(list
	152	(nginx-server-configuration
	153	(server-name '("jdlugosz.com"))
	154	(listen '("443 ssl"))
	155	(ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
	156	(ssl-certificate-key (letsencrypt-key "jdlugosz.com"))
	157	(root "/srv/http/jdlugosz.com"))))))
	158
	159	(service hwp-service-type
	160	(hwp-site-configuration
	161	(name "hwp-base")))
	162
	163	(modify-services %base-services
	164	(delete static-networking-service-type))))
	165
	166	(bootloader (bootloader-configuration
	167	(bootloader grub-bootloader)
	168	(targets (list "/dev/sda"))
	169	(keyboard-layout keyboard-layout)))
	170	(initrd-modules (append '("virtio_scsi") %base-initrd-modules))
	171	(swap-devices (list (swap-space
	172	(target (uuid
	173	"1510f063-9936-494a-97ee-488fda7ff0fe")))))
	174
	175	;; The list of file systems that get "mounted". The unique
	176	;; file system identifiers there ("UUIDs") can be obtained
	177	;; by running 'blkid' in a terminal.
	178	(file-systems (cons* (file-system
	179	(mount-point "/")
	180	(device (uuid
	181	"21ea8fcd-d031-4f00-9e57-0bd4ed5b0230"
	182	'ext4))
	183	(type "ext4")) %base-file-systems))))
	184
	185	hipis
	186