Add nono
files/gitolite.rc unknown status 1
1 | + | %RC = ( | |
2 | + | UMASK => 0027, | |
3 | + | GIT_CONFIG_KEYS => '.*', | |
4 | + | ROLES => { | |
5 | + | READERS => 1, | |
6 | + | WRITERS => 1, | |
7 | + | }, | |
8 | + | ||
9 | + | ENABLE => [ | |
10 | + | 'help', | |
11 | + | 'desc', | |
12 | + | 'info', | |
13 | + | 'perms', | |
14 | + | 'writable', | |
15 | + | 'ssh-authkeys', | |
16 | + | 'git-config', | |
17 | + | 'daemon', | |
18 | + | 'gitweb', | |
19 | + | ], | |
20 | + | ); | |
21 | + | $UNSAFE_PATT = qr(^$); | |
22 | + | 1; | |
23 | + |
keys/tyreunom.pub
1 | - | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3TVocwtltvnqz1Es/C6UIn2RGYHPyFz/Il/8yKLghrJ2gn0k+z4Zhj9NeEOVDeNdIjllvTppEhvf4RNUcy+ipGupvIGWnw7Ec4CFi3xaRtjZBiQFAJZHHfFBVHc2si9GLHxV8J7UB0EO/PhpsM1rvXIOO0kgY2zq2xBhm4On9YeQLGfi1Q+/ZNzXxBtspKi0KlESW6swSpbU0NysbuMpEsFKWRrQwHbO5kuuFGfnluKiH0ufqNBYcgNxJkncPReZ3OQLdf2WwFJX5I2vWMmBaozD5kTPOnSascxMQIjBiHYg8lezfho9OqitZ56IbFUQB1b4i3ZWuLv8HSUJLLXUkURg+nNPMuldSwziOLzxrDtlgIfQkBrkO5uYpKMhbk5QwQy+9kVo6j7O3rg+eAtWnTk8eSiTrvLvqghUOUx6ghY+vERrB2S7USYaLtkG76HNrBE/F6Y9B5OknBoL/2cG1D24IDiBa83W/jV9tf9ueYgwl1ljQqV5fMGyfkM6raN4dTH4kTK5NOVuLDqhlN2/0OWIUBlDWyz6fHwll4RUKMtKPuhSztuGGeYvfoX+KMLgbiCe2vhMCc5zCAYlXizMVDvuGCHC6Bdy6VGnPLTyM9RxUGAAS+ybIBX0fTHv8CfHUCDuvF4lmDbHYPBUqmIHROs2NoA5zdldCU7NB6JM4rw== tyreunom@tachikoma | |
1 | + | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINLdP7LvMVcyvrxosnVYiFhIF9/ylZw+OLADqNxZS5WX tyreunom@sybil |
modules/config/os.scm
120 | 120 | (string-append "127.0.0.1 lepiller.eu localhost " host-name "\n" | |
121 | 121 | "::1 lepiller.eu localhost " host-name "\n" | |
122 | 122 | %facebook-host-aliases))) | |
123 | - | (packages (cons* openssh tmux neovim nss-certs %base-packages)) | |
123 | + | (packages (cons* openssh tmux vim nss-certs %base-packages)) | |
124 | 124 | (services %base-services))) | |
125 | 125 | ||
126 | 126 | (define (tyreunom-desktop-os host-name) |
modules/services/gitile.scm
128 | 128 | (define gitile-service-type | |
129 | 129 | (service-type | |
130 | 130 | (name 'gitile) | |
131 | + | (description "gitile git forge service") | |
131 | 132 | (extensions | |
132 | 133 | (list (service-extension account-service-type | |
133 | 134 | (const %gitile-accounts)) |
modules/services/mail.scm
229 | 229 | (define dkimproxy-out-service-type | |
230 | 230 | (service-type | |
231 | 231 | (name 'dkimproxy-out) | |
232 | + | (description "dkimproxy-out service") | |
232 | 233 | (extensions | |
233 | 234 | (list (service-extension account-service-type | |
234 | 235 | (const %dkimproxy-accounts)) |
motd/nono unknown status 1
1 | + | l'ami d'Ulysses |
systems/nono.scm unknown status 1
1 | + | ;;; Tyreunom's system administration and configuration tools. | |
2 | + | ;;; | |
3 | + | ;;; Copyright ?? 2019, 2020 Julien Lepiller <julien@lepiller.eu> | |
4 | + | ;;; | |
5 | + | ;;; This program is free software: you can redistribute it and/or modify | |
6 | + | ;;; it under the terms of the GNU General Public License as published by | |
7 | + | ;;; the Free Software Foundation, either version 3 of the License, or | |
8 | + | ;;; (at your option) any later version. | |
9 | + | ;;; | |
10 | + | ;;; This program is distributed in the hope that it will be useful, | |
11 | + | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | + | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | + | ;;; GNU General Public License for more details. | |
14 | + | ;;; | |
15 | + | ;;; You should have received a copy of the GNU General Public License | |
16 | + | ;;; along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 | + | ||
18 | + | (use-modules (gnu)) | |
19 | + | (use-modules (gnu bootloader)) | |
20 | + | (use-modules (gnu bootloader u-boot)) | |
21 | + | (use-modules (gnu services dns)) | |
22 | + | (use-modules (gnu services mail)) | |
23 | + | (use-modules (gnu services networking)) | |
24 | + | (use-modules (gnu services version-control)) | |
25 | + | (use-modules (gnu services web)) | |
26 | + | (use-modules (gnu system)) | |
27 | + | ||
28 | + | (use-modules (gnu packages bootloaders)) | |
29 | + | (use-modules (gnu packages dns)) | |
30 | + | (use-modules (gnu packages firmware)) | |
31 | + | (use-modules (gnu packages libunwind)) | |
32 | + | (use-modules (gnu packages linux)) | |
33 | + | (use-modules (gnu packages mail)) | |
34 | + | (use-modules (gnu packages package-management)) | |
35 | + | (use-modules (gnu packages php)) | |
36 | + | (use-modules (gnu packages tor)) | |
37 | + | (use-modules (gnu packages web)) | |
38 | + | ||
39 | + | (use-modules (guix packages)) | |
40 | + | (use-modules (guix utils)) | |
41 | + | (use-modules (guix transformations)) | |
42 | + | ||
43 | + | (use-modules (config certbot) (config dns) (config iptables) | |
44 | + | (config mail) (config os) (config static-web) | |
45 | + | (config web) | |
46 | + | (packages gitile)) | |
47 | + | ||
48 | + | ;; Copy from (gnu bootloader u-boot) | |
49 | + | ||
50 | + | (define-public u-boot-rock-pi-4-rk3399 | |
51 | + | (let ((base (make-u-boot-package "rock-pi-4-rk3399" "aarch64-linux-gnu"))) | |
52 | + | (package | |
53 | + | (inherit base) | |
54 | + | (arguments | |
55 | + | (substitute-keyword-arguments (package-arguments base) | |
56 | + | ((#:phases phases) | |
57 | + | `(modify-phases ,phases | |
58 | + | (add-after 'unpack 'set-environment | |
59 | + | (lambda* (#:key inputs #:allow-other-keys) | |
60 | + | (setenv "BL31" | |
61 | + | (search-input-file inputs "/bl31.elf")))) | |
62 | + | ;; Phases do not succeed on the bl31 ELF. | |
63 | + | (delete 'strip) | |
64 | + | (delete 'validate-runpath))))) | |
65 | + | (native-inputs | |
66 | + | `(("firmware" ,arm-trusted-firmware-rk3399) | |
67 | + | ,@(package-native-inputs base)))))) | |
68 | + | ||
69 | + | ;; Same as install-rockpro64-rk3399-u-boot | |
70 | + | (define install-rock-pi-4-rk3399-u-boot | |
71 | + | #~(lambda (bootloader root-index image) | |
72 | + | (let ((idb (string-append bootloader "/libexec/idbloader.img")) | |
73 | + | (u-boot (string-append bootloader "/libexec/u-boot.itb"))) | |
74 | + | ;(write-file-on-device idb (stat:size (stat idb)) | |
75 | + | ; (string-append image "boot0") 0) | |
76 | + | ;(write-file-on-device u-boot (stat:size (stat u-boot)) | |
77 | + | ; (string-append image "boot1") 0)))) | |
78 | + | (write-file-on-device idb (stat:size (stat idb)) | |
79 | + | image (* 64 512)) | |
80 | + | (write-file-on-device u-boot (stat:size (stat u-boot)) | |
81 | + | image (* 16384 512))))) | |
82 | + | ||
83 | + | (define u-boot-rockpi4-bootloader | |
84 | + | (bootloader | |
85 | + | (inherit u-boot-bootloader) | |
86 | + | (package u-boot-rock-pi-4-rk3399) | |
87 | + | (disk-image-installer install-rock-pi-4-rk3399-u-boot))) | |
88 | + | ||
89 | + | (operating-system | |
90 | + | (inherit (tyreunom-os "nono")) | |
91 | + | (bootloader | |
92 | + | (bootloader-configuration | |
93 | + | (targets '("/dev/mmcblk2")) | |
94 | + | (bootloader u-boot-rockpi4-bootloader))) | |
95 | + | (kernel-arguments '("modprobe.blacklist=usbmouse" | |
96 | + | "modprobe.blacklist=usbkbd" | |
97 | + | "console=ttyS2,1500000n8")) | |
98 | + | (kernel linux-libre-arm64-generic) | |
99 | + | (initrd-modules '()) | |
100 | + | #;(initrd-modules | |
101 | + | '("phy-rockchip-emmc" | |
102 | + | "phy-rockchip-usb" | |
103 | + | "phy-rockchip-inno-usb2" | |
104 | + | "dw_mmc-rockchip" | |
105 | + | "sdhci" | |
106 | + | "sdhci-pltfm")) | |
107 | + | (file-systems (cons* (file-system | |
108 | + | (mount-point "/") | |
109 | + | (device (file-system-label "my-root")) | |
110 | + | (type "ext4")) | |
111 | + | %base-file-systems)) | |
112 | + | (services | |
113 | + | (append | |
114 | + | (list | |
115 | + | (service dhcp-client-service-type) | |
116 | + | lepiller-iptables-service | |
117 | + | (agetty-service | |
118 | + | (agetty-configuration | |
119 | + | (baud-rate "1500000,n8") | |
120 | + | (term "vt100") | |
121 | + | (tty "ttyS2"))) | |
122 | + | (service tor-service-type) | |
123 | + | (tor-hidden-service "mail" | |
124 | + | '((25 "127.0.0.1:25") | |
125 | + | (143 "127.0.0.1:143") | |
126 | + | (587 "127.0.0.1:587") | |
127 | + | (993 "127.0.0.1:993"))) | |
128 | + | (tor-hidden-service "ssh" | |
129 | + | '(("22" "127.0.0.1:22"))) | |
130 | + | (service knot-service-type | |
131 | + | (knot-configuration | |
132 | + | (includes '("/etc/knot/secrets.conf")) | |
133 | + | (acls (list slave-acl)) | |
134 | + | (remotes (list hermes)) | |
135 | + | (zones (list lepiller-slave-zone | |
136 | + | ipv4-reverse-master-zone | |
137 | + | ipv6-reverse-master-zone)))) | |
138 | + | (certbot-service `(("courriel.lepiller.eu" "imap.lepiller.eu") | |
139 | + | ("nono.lepiller.eu" "toulouse.lepiller.eu") | |
140 | + | ("avatar.lepiller.eu") | |
141 | + | ("git.lepiller.eu") | |
142 | + | ("social.lepiller.eu"))) | |
143 | + | (service nginx-service-type) | |
144 | + | (service php-fpm-service-type) | |
145 | + | (service fcgiwrap-service-type | |
146 | + | (fcgiwrap-configuration | |
147 | + | (group "git"))) | |
148 | + | (cat-avatar-generator-service | |
149 | + | #:configuration | |
150 | + | (nginx-server-configuration | |
151 | + | (server-name '("avatar.lepiller.eu")) | |
152 | + | (ssl-certificate | |
153 | + | "/etc/letsencrypt/live/avatar.lepiller.eu/fullchain.pem") | |
154 | + | (ssl-certificate-key | |
155 | + | "/etc/letsencrypt/live/avatar.lepiller.eu/privkey.pem") | |
156 | + | (listen '("443 ssl http2" "[::]:443 ssl http2")))) | |
157 | + | (simple-service 'default-http-server nginx-service-type | |
158 | + | (list (nginx-server-configuration | |
159 | + | (ssl-certificate | |
160 | + | "/etc/letsencrypt/live/nono.lepiller.eu/fullchain.pem") | |
161 | + | (ssl-certificate-key | |
162 | + | "/etc/letsencrypt/live/nono.lepiller.eu/privkey.pem") | |
163 | + | (listen '("443 ssl http2" "[::]:443 ssl http2")) | |
164 | + | (server-name '(default)) | |
165 | + | (root "/srv/http/default")))) | |
166 | + | (simple-service 'social-http-server nginx-service-type | |
167 | + | (list (nginx-server-configuration | |
168 | + | (ssl-certificate "/etc/letsencrypt/live/social.lepiller.eu/fullchain.pem") | |
169 | + | (ssl-certificate-key "/etc/letsencrypt/live/social.lepiller.eu/privkey.pem") | |
170 | + | (listen '("443 ssl http2" "[::]:443 ssl http2")) | |
171 | + | (server-name '("social.lepiller.eu")) | |
172 | + | (root "/srv/http/social/public") | |
173 | + | (locations | |
174 | + | (list | |
175 | + | (nginx-location-configuration | |
176 | + | (uri "/content/") | |
177 | + | (body '("alias /var/lib/social/user-data/public/;"))) | |
178 | + | (nginx-location-configuration | |
179 | + | (uri "/") | |
180 | + | (body '("proxy_pass http://localhost:8081;"))))) | |
181 | + | (raw-content default-web-policy)))) | |
182 | + | (service gitile-service-type | |
183 | + | (gitile-configuration | |
184 | + | (package gitile) | |
185 | + | (base-git-url "https://git.lepiller.eu/git") | |
186 | + | (intro '((p "Hey there, I'm Julien, also known as " | |
187 | + | (code "roptat") " or " (code "tyreunom") | |
188 | + | " on the internet. If you reached this page, it | |
189 | + | probably means you are interested in the kind of software projects I make. Thank | |
190 | + | you for your interest! Here is a list of projects I host here.") | |
191 | + | (p "Note that I am in the process of migrating from | |
192 | + | framagit. Every new project will appear here, but older projects might take | |
193 | + | time to migrate. I'm also planning to add some features at some point, like | |
194 | + | issues and merge requests, but that will take some time. I'd like to implement | |
195 | + | these features myself, using " (a (@ (href "https://notabug.org/peers/forgefed")) "forgefed") "."))) | |
196 | + | (footer '((p (a (@ (href "https://lepiller.eu")) "Who am I?")))) | |
197 | + | (nginx | |
198 | + | (nginx-server-configuration | |
199 | + | (ssl-certificate | |
200 | + | "/etc/letsencrypt/live/git.lepiller.eu/fullchain.pem") | |
201 | + | (ssl-certificate-key | |
202 | + | "/etc/letsencrypt/live/git.lepiller.eu/privkey.pem") | |
203 | + | (listen '("443 ssl http2" "[::]:443 ssl http2")) | |
204 | + | (server-name '("git.lepiller.eu")) | |
205 | + | (root "/srv/http/git/public") | |
206 | + | (locations | |
207 | + | (list | |
208 | + | (git-http-nginx-location-configuration | |
209 | + | (git-http-configuration | |
210 | + | (uri-path "/git/") | |
211 | + | (git-root "/var/lib/gitolite/repositories"))) | |
212 | + | (nginx-location-configuration | |
213 | + | (uri "~* .*/manual/.*") | |
214 | + | (body | |
215 | + | (list | |
216 | + | "root /srv/http/git/public;"))))))))) | |
217 | + | (service static-web-site-service-type | |
218 | + | (static-web-site-configuration | |
219 | + | (git-url "https://git.lepiller.eu/git/guile-netlink") | |
220 | + | (git-ref '(branch . "master")) | |
221 | + | (directory "/srv/http/git/guile-netlink-manual") | |
222 | + | (build-file "doc/build.scm"))) | |
223 | + | ;; on activation, gitolite chmods its home directory to #o700, disabling | |
224 | + | ;; access to git-http-backend. Re-enable that access. | |
225 | + | (simple-service 'gitolite-home-permissions | |
226 | + | activation-service-type | |
227 | + | #~(chmod "/var/lib/gitolite" #o750)) | |
228 | + | (service gitolite-service-type | |
229 | + | (gitolite-configuration | |
230 | + | (admin-pubkey (local-file "../keys/tyreunom.pub")) | |
231 | + | (rc-file | |
232 | + | (local-file "../files/gitolite.rc") | |
233 | + | #;(gitolite-rc-file | |
234 | + | (umask #o0027) | |
235 | + | (git-config-keys ".*")))))) | |
236 | + | (lepiller-mail-services | |
237 | + | #:interface "eth1" | |
238 | + | #:domain "courriel.lepiller.eu") | |
239 | + | (server-services "nono")))) |