;;; GNU Guix system administration tools.

;;;

;;; Copyright ?? 2019, 2020 Ludovic Court??s <ludo@gnu.org>

;;; Copyright ?? 2020 Ricardo Wurmus <rekado@elephly.net>

;;;

;;; This program is free software: you can redistribute it and/or modify

;;; it under the terms of the GNU General Public License as published by

;;; the Free Software Foundation, either version 3 of the License, or

;;; (at your option) any later version.

;;;

;;; This program is distributed in the hope that it will be useful,

;;; but WITHOUT ANY WARRANTY; without even the implied warranty of

;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

;;; GNU General Public License for more details.

;;;

;;; You should have received a copy of the GNU General Public License

;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.

;;; NOTE: this file is taken from

;;; https://git.savannah.gnu.org/cgit/guix/maintenance.git/plain/hydra/modules/sysadmin/web.scm

(define-module (config static-web)

  #:use-module (guix git)

  #:use-module (guix gexp)

  #:use-module (guix modules)

  #:use-module (guix packages)

  #:use-module (guix records)

  #:use-module (guix git-download)

  #:use-module (gnu packages)

  #:use-module (gnu packages autotools)

  #:use-module (gnu packages graphviz)

  #:use-module (gnu packages guile)

  #:use-module (gnu packages guile-xyz)

  #:use-module (gnu packages package-management)

  #:use-module (gnu packages pkg-config)

  #:use-module (gnu packages texinfo)

  #:use-module (gnu services)

  #:use-module (gnu services mcron)

  #:use-module (gnu services shepherd)

  #:use-module (gnu services web)

  #:use-module (gnu system shadow)

  #:use-module (ice-9 match)

  #:export (build-program

            static-web-site-configuration

            static-web-site-configuration?

            static-web-site-service-type))

(define guix-extensions

  (match (package-transitive-propagated-inputs

          (specification->package "guix"))

    (((labels packages) ...)

     (cons (specification->package "guix") packages))))

(define* (build-program url root

                        #:key

                        (file "guix.scm")

                        (ref '(branch . "master"))

                        (name "build-program")

                        (environment-variables '())

                        (cache-directory #f))

  "Return a program that pulls code from URL, builds it by loading FILE from

that checkout (usually a 'guix.scm' file), and registers the result as

ROOT (an indirect GC root) upon success.  FILE is loaded in a content where

ENVIRONMENT-VARIABLES, a list of key/value pairs, are defined.

The typical use case is polling from the source repository of a web site

that's built with Haunt or similar."

  (define build

    (with-extensions guix-extensions

      #~(begin

          (use-modules (guix) (guix git) (guix ui)

                       (srfi srfi-11) (ice-9 match))

          (define (root-installed drv root)

            (mbegin %store-monad

              ((store-lift add-indirect-root) root)

              (let ((pivot (string-append root ".tmp")))

                (symlink (derivation->output-path drv) pivot)

                (rename-file pivot root)

                (return #t))))

          (define cache

            (and=> #$cache-directory

                   (lambda (directory)

                     ;; Interpret DIRECTORY as relative to $HOME/.cache.

                     (string-append (%repository-cache-directory)

                                    "/" directory))))

          (define-values (checkout commit relation)

            (apply update-cached-checkout #$url #:ref '#$ref

                   (if cache

                       `(#:cache-directory ,cache)

                       '())))

          (define obj

            (let ((variables '#$environment-variables))

              (for-each (match-lambda

                          ((name . value)

                           (setenv name value)))

                        variables)

              (primitive-load (string-append checkout "/" #$file))))

          (with-store store

            (run-with-store store

              (mlet %store-monad ((drv (lower-object obj)))

                (mbegin %store-monad

                  (show-what-to-build* (list drv))

                  (built-derivations (list drv))

                  (root-installed drv #$root))))))))

  (program-file name build

                #:guile guile-3.0-latest))

;;;

;;; Service.

;;;

(define-record-type* <static-web-site-configuration>

  static-web-site-configuration make-static-web-site-configuration

  static-web-site-configuration?

  (git-url     static-web-site-configuration-git-url)

  (git-ref     static-web-site-configuration-git-ref

               (default '(branch . "master")))

  (build-file  static-web-site-configuration-build-file

               (default "guix.scm"))

  (environment-variables static-web-site-configuration-environment-variable

                         (default '()))

  (cache-directory static-web-site-configuration-cache-directory

                   (default #f))

  (directory   static-web-site-configuration-directory

               (default "/srv/www")))

(define (static-web-site-mcron-jobs config)

  (define update

    (build-program (static-web-site-configuration-git-url config)

                   (static-web-site-configuration-directory config)

                   #:file (static-web-site-configuration-build-file config)

                   #:ref (static-web-site-configuration-git-ref config)

                   #:environment-variables

                   (static-web-site-configuration-environment-variable config)

                   #:cache-directory

                   (static-web-site-configuration-cache-directory config)

                   #:name (string-append

                           "update-"

                           (basename

                            (static-web-site-configuration-directory config)))))

  (list #~(job '(next-minute '(0)) #$update

               #:user "static-web-site")))

(define (static-web-site-activation config)

  (with-imported-modules '((guix build utils))

    #~(begin

        (use-modules (guix build utils))

        (let ((directory (dirname

                          #$(static-web-site-configuration-directory config))))

          (mkdir-p directory)

          (chown directory

                 (passwd:uid (getpw "static-web-site"))

                 (group:gid (getgr "static-web-site")))))))

(define (static-web-site-accounts config)

  (list (user-account

         (name "static-web-site")

         (group "static-web-site")

         (system? #t))

        (user-group

         (name "static-web-site")

         (system? #t))))

(define static-web-site-service-type

  (service-type (name 'static-web-site)

                (extensions

                 ;; TODO: Extend nginx directly from here?

                 (list (service-extension mcron-service-type

                                          static-web-site-mcron-jobs)

                       (service-extension account-service-type

                                          static-web-site-accounts)

                       (service-extension activation-service-type

                                          static-web-site-activation)))

                (description

                 "Update and publish a web site that is built from source

taken from a Git repository.")))

;;; GNU Guix --- Functional package management for GNU

;;; Copyright ?? 2020 Julien Lepiller <julien@lepiller.eu>

;;;

;;; This file is part of GNU Guix.

;;;

;;; GNU Guix is free software; you can redistribute it and/or modify it

;;; under the terms of the GNU General Public License as published by

;;; the Free Software Foundation; either version 3 of the License, or (at

;;; your option) any later version.

;;;

;;; GNU Guix is distributed in the hope that it will be useful, but

;;; WITHOUT ANY WARRANTY; without even the implied warranty of

;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

;;; GNU General Public License for more details.

;;;

;;; You should have received a copy of the GNU General Public License

;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;;;

;;; Some of the help text was taken from the default dovecot.conf files.

(define-module (packages gitile)

  #:use-module (gnu packages autotools)

  #:use-module (gnu packages guile)

  #:use-module (gnu packages guile-xyz)

  #:use-module (gnu packages pkg-config)

  #:use-module (gnu packages tls)

  #:use-module (guix build-system gnu)

  #:use-module (guix git-download)

  #:use-module (guix packages)

  #:use-module (guix licenses))

(define-public gitile

  (package

    (name "gitile")

    (version "0.1")

    (source (origin

              (method git-fetch)

              (uri (git-reference

                     (url "https://git.lepiller.eu/git/gitile")

                     (commit "e78303702bdc16fe49246a97e53b33dc47bb64de")))

              (file-name (git-file-name name (string-append version "-e783037")))

              (sha256

               (base32

                "10v5ffdlr2f1p4mf485r6p7f9vi3ypil4y70p8x1w87s5qa3dwxr"))))

    (build-system gnu-build-system)

    (arguments

     `(#:modules ((guix build utils)

                  (guix build gnu-build-system)

                  (ice-9 rdelim)

                  (ice-9 popen))

       #:make-flags (list "GUILE_AUTO_COMPILE=0")

       #:phases

       (modify-phases %standard-phases

         (add-after 'install 'install-bin

           (lambda* (#:key outputs #:allow-other-keys)

             (install-file "scripts/gitile"

                           (string-append (assoc-ref outputs "out")

                                          "/bin"))

             #t))

         (add-after 'install-bin 'wrap-program

             (lambda* (#:key inputs outputs #:allow-other-keys)

               ;; Wrap the 'cuirass' command to refer to the right modules.

               (let* ((out    (assoc-ref outputs "out"))

                      (git    (assoc-ref inputs "guile-git"))

                      (bytes  (assoc-ref inputs "guile-bytestructures"))

                      (fibers (assoc-ref inputs "guile-fibers"))

                      (deps   (list out git bytes fibers))

                      (guile  (assoc-ref %build-inputs "guile"))

                      (effective (read-line

                                  (open-pipe* OPEN_READ

                                              (string-append guile "/bin/guile")

                                              "-c" "(display (effective-version))")))

                      (mods   (string-drop-right  ;drop trailing colon

                               (string-join deps

                                            (string-append "/share/guile/site/"

                                                           effective ":")

                                            'suffix)

                               1))

                      (objs   (string-drop-right

                               (string-join deps

                                            (string-append "/lib/guile/" effective

                                                           "/site-ccache:")

                                            'suffix)

                               1)))

                 (wrap-program (string-append out "/bin/gitile")

                   `("GUILE_LOAD_PATH" ":" prefix (,mods))

                   `("GUILE_LOAD_COMPILED_PATH" ":" prefix (,objs)))

                 #t))))))

    (native-inputs

     `(("autoconf" ,autoconf)

       ("automake" ,automake)

       ("guile" ,guile-3.0)

       ("pkg-config" ,pkg-config)))

    (inputs

     `(("guile" ,guile-3.0)

       ("guile-fibers" ,guile-fibers)

       ("guile-git" ,guile-git)

       ("gnutls" ,gnutls)))

    (home-page "")

    (synopsis "")

    (description "")

    (license gpl3+)))

gitile

;;; GNU Guix --- Functional package management for GNU

;;; Copyright ?? 2020 Julien Lepiller <julien@lepiller.eu>

;;;

;;; This file is part of GNU Guix.

;;;

;;; GNU Guix is free software; you can redistribute it and/or modify it

;;; under the terms of the GNU General Public License as published by

;;; the Free Software Foundation; either version 3 of the License, or (at

;;; your option) any later version.

;;;

;;; GNU Guix is distributed in the hope that it will be useful, but

;;; WITHOUT ANY WARRANTY; without even the implied warranty of

;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

;;; GNU General Public License for more details.

;;;

;;; You should have received a copy of the GNU General Public License

;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;;;

;;; Some of the help text was taken from the default dovecot.conf files.

(define-module (services gitile)

  #:use-module (gnu services)

  #:use-module (gnu services base)

  #:use-module (gnu services configuration)

  #:use-module (gnu services shepherd)

  #:use-module (gnu system pam)

  #:use-module (gnu system shadow)

  #:use-module (gnu packages admin)

  #:use-module (packages gitile)

  #:use-module (guix gexp)

  #:use-module (guix records)

  #:use-module (ice-9 match)

  #:export (gitile-service-type

	    gitile-configuration))

(define-record-type* <gitile-configuration>

  gitile-configuration make-gitile-configuration gitile-configuration?

  (package gitile-configuration-package

	   (default gitile))

  (host gitile-configuration-host

	(default "localhost"))

  (port gitile-configuration-port

	(default 8080))

  (database gitile-configuration-database

	    (default "/var/lib/gitile/gitile-db.sql"))

  (repositories gitile-configuration-repositories

		(default "/var/lib/gitolite/repositories")))

(define (gitile-config-file host port database repositories) 

  (define build

    #~(write `(config

		(port #$port)

	        (host #$host)

                (database #$database)

                (repositories #$repositories))

	     (open-output-file #$output)))

  (computed-file "gitile.conf" build))

(define gitile-shepherd-service

  (match-lambda

    (($ <gitile-configuration> package host port database repositories)

     (list (shepherd-service

             (provision '(gitile))

             (requirement '(loopback))

             (documentation "gitile")

             (start (let ((gitile (file-append package "/bin/gitile")))

                          #~(make-forkexec-constructor

                              `(,#$gitile "-c" #$(gitile-config-file

						   host port database

						   repositories)))))

             (stop #~(make-kill-destructor)))))))

(define %gitile-accounts

  (list (user-account

          (name "gitile")

          (group "git")

          (system? #t)

          (comment "Gitile user")

          (home-directory "/var/empty")

          (shell (file-append shadow "/sbin/nologin")))))

(define gitile-service-type

  (service-type

    (name 'gitile)

    (extensions

      (list (service-extension account-service-type

                               (const %gitile-accounts))

            (service-extension shepherd-root-service-type

                               gitile-shepherd-service)))

    (default-value

      (gitile-configuration))))

             (config mail) (config os) (config static-web)

	     (services gitile) (packages gitile))

                           ("git.lepiller.eu")))

        (service fcgiwrap-service-type

                 (fcgiwrap-configuration

                   (group "git")))

              "/etc/letsencrypt/live/avatar.lepiller.eu/fullchain.pem")

              "/etc/letsencrypt/live/avatar.lepiller.eu/privkey.pem")

                    "/etc/letsencrypt/live/ene.lepiller.eu/fullchain.pem")

                    "/etc/letsencrypt/live/ene.lepiller.eu/privkey.pem")

	(service gitile-service-type)

                    "/etc/letsencrypt/live/git.lepiller.eu/fullchain.pem")

                    "/etc/letsencrypt/live/git.lepiller.eu/privkey.pem")

                  (server-name '("git.lepiller.eu"))

                  (root "/srv/http/git/public")

                  (locations

                    (append

                      (list

                        (git-http-nginx-location-configuration

                          (git-http-configuration

                            (uri-path "/git/")

                            (git-root "/var/lib/gitolite/repositories")))

                        (nginx-location-configuration

                          (uri "/")

                          (body

                            (list

                              "proxy_pass http://127.0.0.1:8080/;"))))

                      (map

                        (lambda (loc)

                          (nginx-location-configuration

                            (uri loc)

                            (body

                              (list

                                "root /srv/http/git/public;"))))

                        '("/css" "/images" "~* .*/manual/.*" "= /"

                          "= /index.html")))))))

        (service static-web-site-service-type

                 (static-web-site-configuration

                  (git-url "https://git.lepiller.eu/git/guile-netlink")

                  (git-ref '(branch . "master"))

                  (directory "/srv/http/git/guile-netlink-manual")

                  (build-file "doc/build.scm")))

        ;; on activation, gitolite chmods its home directory to #o700, disabling

        ;; access to git-http-backend.  Re-enable that access.

        (simple-service 'gitolite-home-permissions

                        activation-service-type

                        #~(chmod "/var/lib/gitolite" #o750))

        (service gitolite-service-type

          (gitolite-configuration

            (admin-pubkey (local-file "../keys/tyreunom.pub"))

            (rc-file

              (gitolite-rc-file

                (umask #o0027)

                (git-config-keys "gitweb.*"))))))