system-configuration

System administratorSat Jun 18 19:34:31+0200 2022

a3e27ec

Add nono

files/gitolite.rc unknown status 1

 %RC = (
     UMASK => 0027,
     GIT_CONFIG_KEYS => '.*',
     ROLES => {
         READERS => 1,
         WRITERS => 1,
     },
     ENABLE => [
         'help',
         'desc',
         'info',
         'perms',
         'writable',
         'ssh-authkeys',
         'git-config',
         'daemon',
         'gitweb',
     ],
 );
 $UNSAFE_PATT = qr(^$);
 ;

keys/tyreunom.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3TVocwtltvnqz1Es/C6UIn2RGYHPyFz/Il/8yKLghrJ2gn0k+z4Zhj9NeEOVDeNdIjllvTppEhvf4RNUcy+ipGupvIGWnw7Ec4CFi3xaRtjZBiQFAJZHHfFBVHc2si9GLHxV8J7UB0EO/PhpsM1rvXIOO0kgY2zq2xBhm4On9YeQLGfi1Q+/ZNzXxBtspKi0KlESW6swSpbU0NysbuMpEsFKWRrQwHbO5kuuFGfnluKiH0ufqNBYcgNxJkncPReZ3OQLdf2WwFJX5I2vWMmBaozD5kTPOnSascxMQIjBiHYg8lezfho9OqitZ56IbFUQB1b4i3ZWuLv8HSUJLLXUkURg+nNPMuldSwziOLzxrDtlgIfQkBrkO5uYpKMhbk5QwQy+9kVo6j7O3rg+eAtWnTk8eSiTrvLvqghUOUx6ghY+vERrB2S7USYaLtkG76HNrBE/F6Y9B5OknBoL/2cG1D24IDiBa83W/jV9tf9ueYgwl1ljQqV5fMGyfkM6raN4dTH4kTK5NOVuLDqhlN2/0OWIUBlDWyz6fHwll4RUKMtKPuhSztuGGeYvfoX+KMLgbiCe2vhMCc5zCAYlXizMVDvuGCHC6Bdy6VGnPLTyM9RxUGAAS+ybIBX0fTHv8CfHUCDuvF4lmDbHYPBUqmIHROs2NoA5zdldCU7NB6JM4rw== tyreunom@tachikoma

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINLdP7LvMVcyvrxosnVYiFhIF9/ylZw+OLADqNxZS5WX tyreunom@sybil

modules/config/os.scm

         (string-append "127.0.0.1 lepiller.eu localhost " host-name "\n"
                        "::1       lepiller.eu localhost " host-name "\n"
                        %facebook-host-aliases)))
     (packages (cons* openssh tmux neovim nss-certs %base-packages))
     (packages (cons* openssh tmux vim nss-certs %base-packages))
     (services %base-services)))
 (define (tyreunom-desktop-os host-name)

modules/services/gitile.scm

 (define gitile-service-type
   (service-type
     (name 'gitile)
     (description "gitile git forge service")
     (extensions
       (list (service-extension account-service-type
                                (const %gitile-accounts))

modules/services/mail.scm

 (define dkimproxy-out-service-type
   (service-type
     (name 'dkimproxy-out)
     (description "dkimproxy-out service")
     (extensions
       (list (service-extension account-service-type
                                (const %dkimproxy-accounts))

motd/nono unknown status 1

l'ami d'Ulysses

systems/nono.scm unknown status 1

 ;;; Tyreunom's system administration and configuration tools.
 ;;;
 ;;; Copyright ?? 2019, 2020 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This program is free software: you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation, either version 3 of the License, or
 ;;; (at your option) any later version.
 ;;;
 ;;; This program is distributed in the hope that it will be useful,
 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ;;; GNU General Public License for more details.
 ;;;
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
 (use-modules (gnu))
 (use-modules (gnu bootloader))
 (use-modules (gnu bootloader u-boot))
 (use-modules (gnu services dns))
 (use-modules (gnu services mail))
 (use-modules (gnu services networking))
 (use-modules (gnu services version-control))
 (use-modules (gnu services web))
 (use-modules (gnu system))
 (use-modules (gnu packages bootloaders))
 (use-modules (gnu packages dns))
 (use-modules (gnu packages firmware))
 (use-modules (gnu packages libunwind))
 (use-modules (gnu packages linux))
 (use-modules (gnu packages mail))
 (use-modules (gnu packages package-management))
 (use-modules (gnu packages php))
 (use-modules (gnu packages tor))
 (use-modules (gnu packages web))
 (use-modules (guix packages))
 (use-modules (guix utils))
 (use-modules (guix transformations))
 (use-modules (config certbot) (config dns) (config iptables)
              (config mail) (config os) (config static-web)
              (config web)
              (packages gitile))
 ;; Copy from (gnu bootloader u-boot)
 (define-public u-boot-rock-pi-4-rk3399
   (let ((base (make-u-boot-package "rock-pi-4-rk3399" "aarch64-linux-gnu")))
     (package
       (inherit base)
       (arguments
         (substitute-keyword-arguments (package-arguments base)
           ((#:phases phases)
            `(modify-phases ,phases
               (add-after 'unpack 'set-environment
                 (lambda* (#:key inputs #:allow-other-keys)
                   (setenv "BL31"
                           (search-input-file inputs "/bl31.elf"))))
               ;; Phases do not succeed on the bl31 ELF.
               (delete 'strip)
               (delete 'validate-runpath)))))
       (native-inputs
        `(("firmware" ,arm-trusted-firmware-rk3399)
          ,@(package-native-inputs base))))))
 ;; Same as install-rockpro64-rk3399-u-boot
 (define install-rock-pi-4-rk3399-u-boot
   #~(lambda (bootloader root-index image)
       (let ((idb (string-append bootloader "/libexec/idbloader.img"))
             (u-boot (string-append bootloader "/libexec/u-boot.itb")))
 	;(write-file-on-device idb (stat:size (stat idb))
         ;                      (string-append image "boot0") 0)
         ;(write-file-on-device u-boot (stat:size (stat u-boot))
         ;                      (string-append image "boot1") 0))))
 	(write-file-on-device idb (stat:size (stat idb))
                               image (* 64 512))
         (write-file-on-device u-boot (stat:size (stat u-boot))
                               image (* 16384 512)))))
 (define u-boot-rockpi4-bootloader
   (bootloader
     (inherit u-boot-bootloader)
     (package u-boot-rock-pi-4-rk3399)
     (disk-image-installer install-rock-pi-4-rk3399-u-boot)))
 (operating-system
   (inherit (tyreunom-os "nono"))
   (bootloader
     (bootloader-configuration
       (targets '("/dev/mmcblk2"))
       (bootloader u-boot-rockpi4-bootloader)))
   (kernel-arguments '("modprobe.blacklist=usbmouse"
 		      "modprobe.blacklist=usbkbd"
 		      "console=ttyS2,1500000n8"))
   (kernel linux-libre-arm64-generic)
   (initrd-modules '())
   #;(initrd-modules
     '("phy-rockchip-emmc"
       "phy-rockchip-usb"
       "phy-rockchip-inno-usb2"
       "dw_mmc-rockchip"
       "sdhci"
       "sdhci-pltfm"))
   (file-systems (cons* (file-system
                          (mount-point "/")
                          (device (file-system-label "my-root"))
                          (type "ext4"))
                        %base-file-systems))
   (services
     (append
       (list
         (service dhcp-client-service-type)
         lepiller-iptables-service
         (agetty-service
           (agetty-configuration
             (baud-rate "1500000,n8")
             (term "vt100")
             (tty "ttyS2")))
         (service tor-service-type)
         (tor-hidden-service "mail"
                             '((25 "127.0.0.1:25")
                               (143 "127.0.0.1:143")
                               (587 "127.0.0.1:587")
                               (993 "127.0.0.1:993")))
         (tor-hidden-service "ssh"
                             '(("22" "127.0.0.1:22")))
         (service knot-service-type
                  (knot-configuration
                    (includes '("/etc/knot/secrets.conf"))
                    (acls (list slave-acl))
                    (remotes (list hermes))
                    (zones (list lepiller-slave-zone
                                 ipv4-reverse-master-zone
                                 ipv6-reverse-master-zone))))
         (certbot-service `(("courriel.lepiller.eu" "imap.lepiller.eu")
                            ("nono.lepiller.eu" "toulouse.lepiller.eu")
                            ("avatar.lepiller.eu")
                            ("git.lepiller.eu")
                            ("social.lepiller.eu")))
         (service nginx-service-type)
         (service php-fpm-service-type)
         (service fcgiwrap-service-type
                  (fcgiwrap-configuration
                    (group "git")))
         (cat-avatar-generator-service
           #:configuration
           (nginx-server-configuration
             (server-name '("avatar.lepiller.eu"))
             (ssl-certificate
               "/etc/letsencrypt/live/avatar.lepiller.eu/fullchain.pem")
             (ssl-certificate-key
               "/etc/letsencrypt/live/avatar.lepiller.eu/privkey.pem")
             (listen '("443 ssl http2" "[::]:443 ssl http2"))))
         (simple-service 'default-http-server nginx-service-type
           (list (nginx-server-configuration
                   (ssl-certificate
                     "/etc/letsencrypt/live/nono.lepiller.eu/fullchain.pem")
                   (ssl-certificate-key
                     "/etc/letsencrypt/live/nono.lepiller.eu/privkey.pem")
                   (listen '("443 ssl http2" "[::]:443 ssl http2"))
                   (server-name '(default))
 		  (root "/srv/http/default"))))
         (simple-service 'social-http-server nginx-service-type
           (list (nginx-server-configuration
                   (ssl-certificate "/etc/letsencrypt/live/social.lepiller.eu/fullchain.pem")
                   (ssl-certificate-key "/etc/letsencrypt/live/social.lepiller.eu/privkey.pem")
                   (listen '("443 ssl http2" "[::]:443 ssl http2"))
                   (server-name '("social.lepiller.eu"))
                   (root "/srv/http/social/public")
                   (locations
                     (list
                       (nginx-location-configuration
                         (uri "/content/")
                         (body '("alias /var/lib/social/user-data/public/;")))
                       (nginx-location-configuration
                         (uri "/")
                         (body '("proxy_pass http://localhost:8081;")))))
                   (raw-content default-web-policy))))
         (service gitile-service-type
                  (gitile-configuration
 		   (package gitile)
                    (base-git-url "https://git.lepiller.eu/git")
                    (intro '((p "Hey there, I'm Julien, also known as "
                                (code "roptat") " or " (code "tyreunom")
                                " on the internet. If you reached this page, it
 probably means you are interested in the kind of software projects I make. Thank
 you for your interest! Here is a list of projects I host here.")
                             (p "Note that I am in the process of migrating from
 framagit. Every new project will appear here, but older projects might take
 time to migrate. I'm also planning to add some features at some point, like
 issues and merge requests, but that will take some time. I'd like to implement
 these features myself, using " (a (@ (href "https://notabug.org/peers/forgefed")) "forgefed") ".")))
                    (footer '((p (a (@ (href "https://lepiller.eu")) "Who am I?"))))
                    (nginx
                      (nginx-server-configuration
                        (ssl-certificate
                          "/etc/letsencrypt/live/git.lepiller.eu/fullchain.pem")
                        (ssl-certificate-key
                          "/etc/letsencrypt/live/git.lepiller.eu/privkey.pem")
                        (listen '("443 ssl http2" "[::]:443 ssl http2"))
                        (server-name '("git.lepiller.eu"))
                        (root "/srv/http/git/public")
                        (locations
                          (list
                            (git-http-nginx-location-configuration
                              (git-http-configuration
                                (uri-path "/git/")
                                (git-root "/var/lib/gitolite/repositories")))
                            (nginx-location-configuration
                              (uri "~* .*/manual/.*")
                              (body
                                (list
                                  "root /srv/http/git/public;")))))))))
         (service static-web-site-service-type
                  (static-web-site-configuration
                   (git-url "https://git.lepiller.eu/git/guile-netlink")
                   (git-ref '(branch . "master"))
                   (directory "/srv/http/git/guile-netlink-manual")
                   (build-file "doc/build.scm")))
         ;; on activation, gitolite chmods its home directory to #o700, disabling
         ;; access to git-http-backend.  Re-enable that access.
         (simple-service 'gitolite-home-permissions
                         activation-service-type
                         #~(chmod "/var/lib/gitolite" #o750))
         (service gitolite-service-type
           (gitolite-configuration
             (admin-pubkey (local-file "../keys/tyreunom.pub"))
             (rc-file
               (local-file "../files/gitolite.rc")
               #;(gitolite-rc-file
                 (umask #o0027)
                 (git-config-keys ".*"))))))
       (lepiller-mail-services
         #:interface "eth1"
         #:domain "courriel.lepiller.eu")
       (server-services "nono"))))