xana.scm
| 1 | ;;; Tyreunom's system administration and configuration tools. |
| 2 | ;;; |
| 3 | ;;; Copyright © 2020 Julien Lepiller <julien@lepiller.eu> |
| 4 | ;;; |
| 5 | ;;; This program is free software: you can redistribute it and/or modify |
| 6 | ;;; it under the terms of the GNU General Public License as published by |
| 7 | ;;; the Free Software Foundation, either version 3 of the License, or |
| 8 | ;;; (at your option) any later version. |
| 9 | ;;; |
| 10 | ;;; This program is distributed in the hope that it will be useful, |
| 11 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | ;;; GNU General Public License for more details. |
| 14 | ;;; |
| 15 | ;;; You should have received a copy of the GNU General Public License |
| 16 | ;;; along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 17 | |
| 18 | (use-modules (gnu)) |
| 19 | (use-modules (gnu system)) |
| 20 | (use-modules (gnu bootloader) (gnu bootloader grub)) |
| 21 | (use-modules (gnu services mcron)) |
| 22 | (use-modules (gnu services networking)) |
| 23 | (use-modules (gnu services web)) |
| 24 | (use-modules (config certbot) (config network) (config os) (config web)) |
| 25 | (use-modules (guix gexp)) |
| 26 | (use-package-modules base compression gettext gnupg guile guile-xyz linux |
| 27 | version-control web wget) |
| 28 | (use-modules (packages mecab)) |
| 29 | |
| 30 | (define lepiller-policy |
| 31 | (append |
| 32 | web-base-policy |
| 33 | (web-html-policy |
| 34 | '(" try_files $uri /$lang/$uri /$lang/$uri/index.html =404;")) |
| 35 | '("error_page 404 /$lang/404.html;"))) |
| 36 | |
| 37 | (define (makefile-job directory target packages env) |
| 38 | #~(begin |
| 39 | (define path |
| 40 | (string-join |
| 41 | (map (lambda (p) (string-append p "/bin")) (list #$@packages)) |
| 42 | ":")) |
| 43 | (define (get-path dir) |
| 44 | (string-join |
| 45 | (map (lambda (p) (string-append p "/" dir)) (list #$@packages)) |
| 46 | ":")) |
| 47 | (setenv "PATH" path) |
| 48 | (setenv "GIT_SSL_CAINFO" "/etc/ssl/certs/ca-certificates.crt") |
| 49 | (setenv "SSL_CERT_DIR" "/etc/ssl/certs") |
| 50 | (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt") |
| 51 | (setenv "LANG" "en_US.UTF-8") |
| 52 | (for-each |
| 53 | (lambda (env) |
| 54 | (setenv (car env) (get-path (cdr env)))) |
| 55 | (quote #$env)) |
| 56 | (execl #$(file-append gnu-make "/bin/make") "make" "-C" #$directory #$target))) |
| 57 | |
| 58 | (define i18n-download-job |
| 59 | #~(job '(next-minute-from (next-hour '(05)) '(51)) |
| 60 | #$(program-file |
| 61 | "i18n-download" |
| 62 | (makefile-job "/srv/http/i18n" "fdroid-update" |
| 63 | (list gnu-make coreutils findutils git) |
| 64 | '())))) |
| 65 | |
| 66 | (define i18n-compile-job |
| 67 | #~(job '(next-minute-from (next-hour '(06)) '(21)) |
| 68 | #$(program-file |
| 69 | "i18n-compile" |
| 70 | (makefile-job "/srv/http/i18n" "all" |
| 71 | (list gnu-make coreutils findutils git grep util-linux) |
| 72 | '())))) |
| 73 | |
| 74 | (define nani-download-job |
| 75 | #~(job '(next-minute-from (next-hour-from (next-day (range 1 31 5)) '(02)) '(12)) |
| 76 | #$(program-file |
| 77 | "nani-download" |
| 78 | (makefile-job "/srv/http/nani" "download" |
| 79 | (list gnu-make coreutils findutils grep gzip libiconv |
| 80 | git sed tar unzip util-linux wget xz) |
| 81 | '())))) |
| 82 | |
| 83 | (define nani-update-job |
| 84 | #~(job '(next-minute-from (next-hour-from (next-day (range 1 31 5)) '(03)) '(12)) |
| 85 | #$(program-file |
| 86 | "nani-update" |
| 87 | (makefile-job "/srv/http/nani" "all" |
| 88 | (list gnu-make coreutils findutils gnu-gettext grep |
| 89 | guile-3.0 haunt sed guile-gcrypt |
| 90 | mecab mecab-ipadic guile-mecab) |
| 91 | '(("GUILE_LOAD_PATH" . "share/guile/site/3.0") |
| 92 | ("GUILE_LOAD_COMPILED_PATH" . "lib/guile/3.0/site-ccache") |
| 93 | ("MECAB_DICDIR" . "lib/mecab/dic")))))) |
| 94 | |
| 95 | (operating-system |
| 96 | (inherit (tyreunom-os "xana")) |
| 97 | (bootloader |
| 98 | (bootloader-configuration |
| 99 | (targets '("/dev/sda")) |
| 100 | (bootloader grub-bootloader))) |
| 101 | (file-systems (cons (file-system |
| 102 | (mount-point "/") |
| 103 | (device (uuid "27207be8-f30a-4ac6-a5ec-41859e90ee94")) |
| 104 | (type "ext4")) |
| 105 | %base-file-systems)) |
| 106 | (swap-devices (list |
| 107 | (swap-space |
| 108 | (target "/dev/sda1")))) |
| 109 | (services |
| 110 | (append |
| 111 | (list |
| 112 | (service dhcp-client-service-type) |
| 113 | (service nginx-service-type |
| 114 | (nginx-configuration |
| 115 | (modules |
| 116 | (list |
| 117 | (file-append nginx-accept-language-module |
| 118 | "/etc/nginx/modules/ngx_http_accept_language_module.so"))) |
| 119 | (extra-content |
| 120 | (accept-languages |
| 121 | '(("en") |
| 122 | ("fr") |
| 123 | ("uk") |
| 124 | ("zh_CN" "zh-CN" "zh" "zh-Hans" "zh-Hans-CN")))))) |
| 125 | (simple-service 'website-cron mcron-service-type |
| 126 | (list i18n-download-job i18n-compile-job |
| 127 | nani-download-job nani-update-job)) |
| 128 | (certbot-service `(("xana.lepiller.eu") |
| 129 | ("nani.lepiller.eu") |
| 130 | ("i18n.lepiller.eu") |
| 131 | ("offlate.lepiller.eu"))) |
| 132 | (simple-service 'nani-http-server nginx-service-type |
| 133 | (list (nginx-server-configuration |
| 134 | (ssl-certificate |
| 135 | "/etc/letsencrypt/live/nani.lepiller.eu/fullchain.pem") |
| 136 | (ssl-certificate-key |
| 137 | "/etc/letsencrypt/live/nani.lepiller.eu/privkey.pem") |
| 138 | (listen '("443 ssl http2" "[::]:443 ssl http2")) |
| 139 | (server-name '("nani.lepiller.eu")) |
| 140 | (root "/srv/http/nani/public")))) |
| 141 | (simple-service 'nani-http-server nginx-service-type |
| 142 | (list (nginx-server-configuration |
| 143 | (ssl-certificate |
| 144 | "/etc/letsencrypt/live/offlate.lepiller.eu/fullchain.pem") |
| 145 | (ssl-certificate-key |
| 146 | "/etc/letsencrypt/live/offlate.lepiller.eu/privkey.pem") |
| 147 | (listen '("443 ssl http2" "[::]:443 ssl http2")) |
| 148 | (server-name '("offlate.lepiller.eu")) |
| 149 | (root "/srv/http/offlate/public") |
| 150 | (index '("index.html")) |
| 151 | (try-files '("$uri" "$uri/" "=404")) |
| 152 | (raw-content lepiller-policy)))) |
| 153 | (simple-service 'i18n-http-server nginx-service-type |
| 154 | (list (nginx-server-configuration |
| 155 | (ssl-certificate |
| 156 | "/etc/letsencrypt/live/i18n.lepiller.eu/fullchain.pem") |
| 157 | (ssl-certificate-key |
| 158 | "/etc/letsencrypt/live/i18n.lepiller.eu/privkey.pem") |
| 159 | (listen '("443 ssl http2" "[::]:443 ssl http2")) |
| 160 | (server-name '("i18n.lepiller.eu")) |
| 161 | (root "/srv/http/i18n/public")))) |
| 162 | (simple-service 'default-http-server nginx-service-type |
| 163 | (list (nginx-server-configuration |
| 164 | (ssl-certificate |
| 165 | "/etc/letsencrypt/live/xana.lepiller.eu/fullchain.pem") |
| 166 | (ssl-certificate-key |
| 167 | "/etc/letsencrypt/live/xana.lepiller.eu/privkey.pem") |
| 168 | (listen '("443 ssl http2" "[::]:443 ssl http2")) |
| 169 | (server-name '(default "xana.lepiller.eu")) |
| 170 | (root "/srv/http/default"))))) |
| 171 | (modify-services (server-services "xana") |
| 172 | (guix-service-type config => |
| 173 | (guix-configuration |
| 174 | (inherit config) |
| 175 | (authorized-keys |
| 176 | (cons |
| 177 | (local-file "../keys/tachikoma.pub") |
| 178 | %default-authorized-guix-keys)))))))) |
| 179 |