From 4835ace9cd07038e72b34681da487ad6bcd41b76 Mon Sep 17 00:00:00 2001
From: jdlugosz963 <jdlugosz963@gmail.com>
Date: Sun, 27 Aug 2023 13:08:46 +0200
Subject: Add hipis operating-system config.

---
 hipis.scm | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100755 hipis.scm

(limited to 'hipis.scm')

diff --git a/hipis.scm b/hipis.scm
new file mode 100755
index 0000000..615aa80
--- /dev/null
+++ b/hipis.scm
@@ -0,0 +1,153 @@
+(use-modules (gnu)
+	     (guix)
+	     (gnu system)
+	     (gnu services))
+
+(use-service-modules networking
+		     ssh
+		     cgit
+		     version-control
+		     certbot
+		     web)
+
+(define jdlugosz-ssh-pub
+  (plain-file
+   "jdlugosz.pub"
+   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkGxuhaYzgocomFeJfFSdxq8KNwFdoVG4qvby6GYnx7Psmf4kb+ZhCWxiwjZDVKTGTnBkr4vBWCGEnUkZnADdwWA/sIj1GvKjIpxaoluxLvIKn7sujJjahgfEgZPuSi6CW6rW/9CBlGtHuWR1xXTWhhZa3YqmIWiUdsil3COzRf3uD6LrwbO/8LiHTmJ4g7su9O3w3zjS+UgoT6Flw6Z1zVOk5A146XlLXK+ZovGmq+j8Mqa4kzLERqexotAGcYXbsWQknTJZE4Wbt7ZlUHNu/tp08z1FnGix/OO2mzXMkJFh7wYGSD5j3qBDUok1G/oEIbRWOV6W7x5lTffpi1wb1u9eqHPDJKWeA6AC1nKs/TTrmDkXiJBAh6siHpunkX6EnIms4vrWnPiviNCe+yofZkj3IOaertapmB89eGhasDgf3/HgMd5PAoKejGwot/q0afBEEF+PTkYU9b4It7xty2nWzs0uKTITzbU0zbuuJ1PcOQ5J7hW4PWCrylTasfF0= jakub@berserker"))
+
+(define %nginx-deploy-hook
+  (program-file
+   "nginx-deploy-hook"
+   #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+       (kill pid SIGHUP))))
+
+(define uuid-root "1ec6339b-4918-45d2-b77e-b32cf265265d")
+(define dev-bootloader "/dev/xvda")
+
+(define (letsencrypt-certificate domain)
+  (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
+
+(define (letsencrypt-key domain)
+  (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
+
+(define hipis
+  (operating-system
+    (locale "en_US.utf8")
+    (timezone "Europe/Warsaw")
+    (keyboard-layout (keyboard-layout "pl"))
+    (host-name "hipis")
+
+    (users (cons*
+	    (user-account
+	     (name "jakub")
+	     (comment "Jakub Dlugosz")
+	     (group "users")
+	     (home-directory "/home/jakub")
+	     (password (crypt "Init14ll-p455w0rd#$" "$6$abc"))
+	     (supplementary-groups '("wheel"  ;; sudo
+				     "netdev" ;; network devices
+				     "tty"
+				     "input")))
+	    (user-account
+	     (name "fcgiwrap")
+	     (group "fcgiwrap")
+	     (supplementary-groups '("git")))
+	    %base-user-accounts))
+
+;;    (user-group (name "git"))
+
+    (packages (append
+	       (specifications->packages '("emacs-no-x-toolkit"
+					   "exfat-utils"
+					   "git"
+					   "nss-certs"
+					   "nmap"
+					   "curl"))
+	       %base-packages))
+
+    (services (cons*
+	       (service openssh-service-type
+			(openssh-configuration
+			 (permit-root-login 'prohibit-password)
+			 (allow-empty-passwords? #f)
+			 (password-authentication? #f)
+			 (authorized-keys
+			  `(("jakub" ,jdlugosz-ssh-pub)))))
+
+	       (service static-networking-service-type
+			(list (static-networking
+			       (addresses
+				(list (network-address
+				       (device "eth0")
+				       (value "195.74.91.18/26"))))
+			       (routes
+				(list (network-route
+				       (destination "default")
+				       (gateway "195.74.91.1"))))
+			       (name-servers '("195.74.91.4 " "193.200.50.51")))
+
+			      %loopback-static-networking))
+
+	       (service gitolite-service-type
+			(gitolite-configuration
+			 (admin-pubkey jdlugosz-ssh-pub)
+			 (rc-file
+			  (gitolite-rc-file (umask #o0027)))))
+
+	       (service certbot-service-type
+			(certbot-configuration
+			 (email "me@jdlugosz.com")
+			 (certificates
+			  (list
+			   (certificate-configuration
+			    (domains '("jdlugosz.com" "git.jdlugosz.com"))
+			    (deploy-hook %nginx-deploy-hook))))))
+
+	       (service cgit-service-type
+			(cgit-configuration
+			 (enable-commit-graph? #t)
+			 (enable-html-serving? #t)
+			 (remove-suffix? #t)
+			 (repository-directory "/var/lib/gitolite/repositories/public")
+			 (nocache? #t)
+			 (enable-log-filecount? #t)
+			 (enable-log-linecount? #t)
+			 (readme "CGIT README")
+
+			 (nginx
+			  (list
+			   (nginx-server-configuration
+			    (inherit %cgit-configuration-nginx)
+			    (server-name '("git.jdlugosz.com"))
+			    (listen '("443 ssl"))
+			    (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+			    (ssl-certificate-key (letsencrypt-key "jdlugosz.com")))))))
+
+	       (service nginx-service-type
+			(nginx-configuration
+			 (server-blocks
+			  (list
+			   (nginx-server-configuration
+			    (server-name '("jdlugosz.com"))
+			    (listen '("443 ssl"))
+			    (ssl-certificate (letsencrypt-certificate "jdlugosz.com"))
+			    (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))
+			    (root "/srv/http/jdlugosz.com"))))))
+
+	       (modify-services %base-services
+		 (delete static-networking-service-type))))
+
+    (bootloader (bootloader-configuration
+                 (bootloader grub-bootloader)
+                 (targets (list dev-bootloader))
+                 (keyboard-layout keyboard-layout)))
+
+    (file-systems (cons* (file-system
+                           (mount-point "/")
+                           (device (uuid
+                                    uuid-root
+                                    'ext4))
+                           (type "ext4")) %base-file-systems))))
+
+hipis
+
-- 
cgit v1.2.3