From 9edde8a74589e8f50bf00044b96d4a7882cf5a63 Mon Sep 17 00:00:00 2001 From: jdlugosz963 Date: Thu, 20 Jun 2024 05:27:48 +0200 Subject: Add goaccess and radicale service. --- .gitignore | 2 + hipis.scm | 53 ++++++++++++---- hipis/packages/web.scm | 8 ++- hipis/services/goaccess.scm | 83 ++++++++++++++++++++++++ hipis/services/radicale.scm | 149 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 282 insertions(+), 13 deletions(-) create mode 100644 .gitignore create mode 100644 hipis/services/goaccess.scm create mode 100644 hipis/services/radicale.scm diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30bd623 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env + diff --git a/hipis.scm b/hipis.scm index e3f4b93..d66bec7 100755 --- a/hipis.scm +++ b/hipis.scm @@ -11,9 +11,13 @@ #:use-module (gnu services version-control) #:use-module (gnu services certbot) #:use-module (gnu services web) - #:use-module (gnu services messaging) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu services docker) - #:use-module (hipis services web)) + #:use-module (hipis services web) + #:use-module (hipis services goaccess) + #:use-module (hipis services radicale)) (define jdlugosz-ssh-pub (local-file "./jdlugosz.pub")) @@ -47,19 +51,25 @@ (supplementary-groups '("wheel" ;; sudo "netdev" ;; network devices "tty" - "input"))) + "input" + "docker"))) %base-user-accounts)) (packages (append - (specifications->packages '("emacs-no-x-toolkit" - "exfat-utils" - "git" - "nss-certs" - "nmap" - "curl")) + (map car + (specifications->packages '("emacs-no-x-toolkit" + "exfat-utils" + "git" + ;; "nss-certs" + "nmap" + "curl"))) %base-packages)) (services (cons* + (service elogind-service-type) + (service dbus-root-service-type) + (service docker-service-type) + (service fail2ban-service-type (fail2ban-configuration (extra-jails @@ -73,6 +83,7 @@ (permit-root-login 'prohibit-password) (allow-empty-passwords? #f) (password-authentication? #f) + (gateway-ports? #t) (authorized-keys `(("jakub" ,jdlugosz-ssh-pub))))) @@ -116,7 +127,8 @@ (certificates (list (certificate-configuration - (domains '("jdlugosz.com" "git.jdlugosz.com")) + (domains '("jdlugosz.com" "git.jdlugosz.com" + "caldav.jdlugosz.com" "raport.jdlugosz.com")) (deploy-hook %nginx-deploy-hook)))))) (service cgit-service-type @@ -146,7 +158,26 @@ (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) - (service quassel-service-type) + (service goaccess-service-type + (goaccess-configuration + (goaccess-nginx-server-configuration + (nginx-server-configuration + (inherit %goaccess-nginx-server-configuration) + (server-name '("raport.jdlugosz.com")) + (listen '("443 ssl")) + (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) + (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) + + (service radicale-service-type + (radicale-configuration + (users `(("admin" . ,(getenv "RADICALE_ADMIN_PASS")))) + (radicale-nginx-server-configuration + (nginx-server-configuration + (inherit %radicale-nginx-server-configuration) + (server-name '("caldav.jdlugosz.com")) + (listen '("443 ssl")) + (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) + (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))) (service hwp-service-type (hwp-site-configuration diff --git a/hipis/packages/web.scm b/hipis/packages/web.scm index e4f4f6c..94ebcbf 100644 --- a/hipis/packages/web.scm +++ b/hipis/packages/web.scm @@ -26,7 +26,7 @@ (description "Build scripts to *.jdlugosz.com pages.") (home-page "https://git.jdlugosz.com/hipis/hipis-system/") (source - (local-file "/home/jakub/Projects/hipis/hipis/packages/source/hwp" #:recursive? #t)) + (local-file "/home/jakub/hipis-system/hipis/packages/source/hwp" #:recursive? #t)) (build-system guile-build-system) (arguments @@ -35,11 +35,14 @@ (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin/")) + (site (string-append out "/share/guile/site/3.0/")) (haunt (assoc-ref inputs "haunt")) (hwp "hwp-build")) (mkdir-p bin) (chmod hwp #o555) (copy-recursively hwp (string-append bin hwp)) + (copy-recursively "hwp/static/" + (string-append site "hwp/static/")) (delete-file-recursively hwp)))) (add-before 'install 'wrap-hipis-build-web-page @@ -66,7 +69,8 @@ ;; (native-inputs (list haunt)) (inputs (list guile-3.0 guile-reader - guile-commonmark)) + guile-commonmark + guile-syntax-highlight)) (propagated-inputs (list haunt)) (license license:gpl3+))) diff --git a/hipis/services/goaccess.scm b/hipis/services/goaccess.scm new file mode 100644 index 0000000..e71ca2b --- /dev/null +++ b/hipis/services/goaccess.scm @@ -0,0 +1,83 @@ +(define-module (hipis services goaccess) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix download) + + #:use-module (gnu packages) + #:use-module (gnu packages web) + #:use-module (gnu services) + #:use-module (gnu services web) + #:use-module (gnu services guix) + #:use-module (gnu services mcron) + #:export (goaccess-service-type + goaccess-configuration + %goaccess-nginx-server-configuration)) + +(define %goaccess-nginx-server-configuration + (nginx-server-configuration + (root "/var/www/raport/") + (listen '("80")) + (ssl-certificate #f) + (ssl-certificate-key #f))) + +(define-record-type* + goaccess-configuration make-goaccess-configuration + goaccess-configuration-configuration? + (nginx-log-access goaccess-configuration-nginx-log-access + (default "/var/log/nginx/access.log")) + (goaccess-run-script-dir goaccess-configuration-goaccess-run-script + (default "/var/lib/goaccess/")) + (goaccess-run-script-name goaccess-configuration-goaccess-run-script-name + (default "generate-raport")) + (goaccess-additional-args goaccess-configuration-goaccess-additional-args + (default '())) + (goaccess-nginx-server-configuration goaccess-configuration-goaccess-nginx-server-configuration + (default %goaccess-nginx-configuration))) + +(define (goaccess-run-script config) + (match-record config + (goaccess-additional-args goaccess-nginx-server-configuration goaccess-run-script-name) + (program-file goaccess-run-script-name + #~(begin + (use-modules (guix build utils)) + (system* (string-append #$goaccess "/bin/goaccess") + "/var/log/nginx/access.log" + "--log-format" "COMBINED" + "-o" #$(string-append (nginx-server-configuration-root + goaccess-nginx-server-configuration) + "index.html") + #$@goaccess-additional-args))))) + +(define (goaccess-activation config) + (match-record config + (goaccess-run-script-dir goaccess-run-script-name goaccess-nginx-server-configuration) + #~(begin + (use-modules (guix build utils)) + + (format #t "creating goaccess run script at '~a'~%" #$goaccess-run-script-dir) + (mkdir-p #$goaccess-run-script-dir) + (mkdir-p #$(nginx-server-configuration-root + goaccess-nginx-server-configuration)) + (copy-file #$(goaccess-run-script config) + #$(string-append goaccess-run-script-dir + goaccess-run-script-name))))) + +(define goaccess-service-type + (service-type + (name 'goaccess) + (extensions + (list (service-extension activation-service-type + goaccess-activation) + (service-extension nginx-service-type + (lambda (config) + (list (goaccess-configuration-goaccess-nginx-server-configuration + config)))) + (service-extension mcron-service-type + (lambda (config) + (list #~(job '(next-hour '(0 12)) + #$(goaccess-run-script config))))))) + (description + "Create static raports for various types of web server using goaccess."))) diff --git a/hipis/services/radicale.scm b/hipis/services/radicale.scm new file mode 100644 index 0000000..4198095 --- /dev/null +++ b/hipis/services/radicale.scm @@ -0,0 +1,149 @@ +(define-module (hipis services radicale) + #:use-module (ice-9 match) + + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix download) + + #:use-module (gnu packages) + #:use-module (gnu packages web) + #:use-module (gnu packages base) + #:use-module (gnu packages dav) + #:use-module (gnu packages admin) + + #:use-module (gnu services) + #:use-module (gnu services web) + #:use-module (gnu services guix) + #:use-module (gnu services shepherd) + + #:use-module (gnu system shadow) + + #:export (radicale-service-type + radicale-configuration + radicale-nginx-server-configuration + %radicale-config-file + %radicale-nginx-server-configuration)) + +(define %radicale-config-file + (plain-file "radicale.conf" " +[auth] +type = htpasswd +htpasswd_filename = /var/lib/radicale/users +htpasswd_encryption = md5 + +[server] +hosts = localhost:5232 +")) + + +(define %radicale-nginx-server-configuration + (nginx-server-configuration + (locations + (list + (nginx-location-configuration + (uri "/radicale/") + (body '("proxy_pass http://localhost:5232/;" + "proxy_set_header X-Script-Name /radicale;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + "proxy_set_header Host $http_host;" + "proxy_pass_header Authorization;"))))) + (root "") + (try-files #nil) + (index #nil) + (listen '("80")) + (ssl-certificate #f) + (ssl-certificate-key #f))) + +(define %radicale-accounts + (list (user-group + (name "radicale") + (system? #t)) + (user-account + (name "radicale") + (group "radicale") + (system? #t) + (comment "Radicale Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define-record-type* + radicale-configuration make-radicale-configuration + radicale-configuration-configuration? + (radicale-nginx-server-configuration radicale-configuration-radicale-nginx-server-configuration + (default %radicale-nginx-server-configuration)) + (package radicale-configuration-package + (default radicale)) + (config-file radicale-configuration-config-file + (default %radicale-config-file)) + (users radicale-configuration-users + (default '()))) + +(define (radicale-nginx-service config) + (list (radicale-configuration-radicale-nginx-server-configuration + config))) + +(define (radicale-activation config) + (match-record config + (users) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) + (let* ((uid (passwd:uid (getpw "radicale"))) + (gid (group:gid (getgr "radicale"))) + (radicale-lib "/var/lib/radicale") + (radicale-collections + (string-append radicale-lib "/collections")) + (radicale-users + (string-append radicale-lib "/users"))) + (mkdir-p radicale-collections) + (chown radicale-collections uid gid) + (chown radicale-lib uid gid) + (chmod radicale-lib #o700) + (when (file-exists? radicale-users) + (system* #$(file-append coreutils "/bin/rm") + radicale-users)) + (system* #$(file-append coreutils "/bin/touch") + radicale-users) + (chown radicale-users uid gid) + (map (match-lambda + ((user . pass) + (system* #$(file-append httpd "/bin/htpasswd") + "-b" radicale-users user pass)) + (_ (error "Expected list of cons lists with username and password."))) + '#$users)))))) + + +(define (radicale-shepherd-service config) + (match-record config + (package config-file) + (list (shepherd-service + (provision '(radicale)) + (documentation "Run the radicale daemon.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/bin/radicale") + "-C" #$config-file) + #:user "radicale" + #:group "radicale")) + (stop #~(make-kill-destructor)))))) + +(define radicale-service-type + (service-type + (name 'radicale) + (extensions + (list (service-extension nginx-service-type + radicale-nginx-service) + (service-extension shepherd-root-service-type + radicale-shepherd-service) + (service-extension account-service-type + (const %radicale-accounts)) + (service-extension activation-service-type + radicale-activation))) + (default-value (radicale-configuration)) + (description + "Create static raports for various types of web server using goaccess."))) + -- cgit v1.2.3