(use-modules (gnu) (guix) (gnu system) (gnu services)) (use-service-modules networking ssh cgit version-control certbot web) (define jdlugosz-ssh-pub (local-file "./jdlugosz.pub")) (define %nginx-deploy-hook (program-file "nginx-deploy-hook" #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) (kill pid SIGHUP)))) (define uuid-root "1ec6339b-4918-45d2-b77e-b32cf265265d") (define dev-bootloader "/dev/xvda") (define (letsencrypt-certificate domain) (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem")) (define (letsencrypt-key domain) (string-append "/etc/letsencrypt/live/" domain "/privkey.pem")) (define hipis (operating-system (locale "en_US.utf8") (timezone "Europe/Warsaw") (keyboard-layout (keyboard-layout "pl")) (host-name "hipis") (users (cons* (user-account (name "jakub") (comment "Jakub Dlugosz") (group "users") (home-directory "/home/jakub") (password (crypt "Init14ll-p455w0rd#$" "$6$abc")) (supplementary-groups '("wheel" ;; sudo "netdev" ;; network devices "tty" "input"))) (user-account (name "fcgiwrap") (group "fcgiwrap") (supplementary-groups '("git"))) %base-user-accounts)) ;; (user-group (name "git")) (packages (append (specifications->packages '("emacs-no-x-toolkit" "exfat-utils" "git" "nss-certs" "nmap" "curl")) %base-packages)) (services (cons* (service openssh-service-type (openssh-configuration (permit-root-login 'prohibit-password) (allow-empty-passwords? #f) (password-authentication? #f) (authorized-keys `(("jakub" ,jdlugosz-ssh-pub))))) (service static-networking-service-type (list (static-networking (addresses (list (network-address (device "eth0") (value "195.74.91.18/26")))) (routes (list (network-route (destination "default") (gateway "195.74.91.1")))) (name-servers '("195.74.91.4 " "193.200.50.51"))) %loopback-static-networking)) (service gitolite-service-type (gitolite-configuration (admin-pubkey jdlugosz-ssh-pub) (rc-file (gitolite-rc-file (umask #o0027))))) (service certbot-service-type (certbot-configuration (email "me@jdlugosz.com") (certificates (list (certificate-configuration (domains '("jdlugosz.com" "git.jdlugosz.com")) (deploy-hook %nginx-deploy-hook)))))) (service cgit-service-type (cgit-configuration (enable-commit-graph? #t) (enable-html-serving? #t) (remove-suffix? #t) (repository-directory "/var/lib/gitolite/repositories/public") (nocache? #t) (enable-log-filecount? #t) (enable-log-linecount? #t) (readme "CGIT README") (nginx (list (nginx-server-configuration (inherit %cgit-configuration-nginx) (server-name '("git.jdlugosz.com")) (listen '("443 ssl")) (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) (ssl-certificate-key (letsencrypt-key "jdlugosz.com"))))))) (service nginx-service-type (nginx-configuration (server-blocks (list (nginx-server-configuration (server-name '("jdlugosz.com")) (listen '("443 ssl")) (ssl-certificate (letsencrypt-certificate "jdlugosz.com")) (ssl-certificate-key (letsencrypt-key "jdlugosz.com")) (root "/srv/http/jdlugosz.com")))))) (modify-services %base-services (delete static-networking-service-type)))) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list dev-bootloader)) (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/") (device (uuid uuid-root 'ext4)) (type "ext4")) %base-file-systems)))) hipis