system-configuration/systems/xana.scm

xana.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2020 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
(use-modules (gnu))
19
(use-modules (gnu system))
20
(use-modules (gnu bootloader) (gnu bootloader grub))
21
(use-modules (gnu services mcron))
22
(use-modules (gnu services networking))
23
(use-modules (gnu services web))
24
(use-modules (config certbot) (config cuirass) (config network) (config os) (config web))
25
(use-modules (guix gexp))
26
(use-package-modules base compression gettext guile guile-xyz linux version-control
27
                     wget)
28
29
(define lepiller-policy
30
  (append
31
    web-base-policy
32
    '("# accept-language: en,en-US;q=0.8,ja;q=0.6"
33
      "set $first_language '';"
34
      "if ($http_accept_language ~* '(en|eo|fr)') {"
35
      "  set $first_language $1;"
36
      "}"
37
      "if ($first_language = '') {"
38
      "  set $first_language 'en';"
39
      "}"
40
      "set $my_uri $first_language/$uri;"
41
      "location ~ ^/[^/]*$ {"
42
      "  return 301 /$first_language/$uri;"
43
      "}"
44
      )
45
    (web-html-policy
46
      '("    try_files $my_uri $uri $uri/ =404;"))
47
    '("error_page 404 /404.html;")))
48
49
(define (makefile-job directory target packages env)
50
  #~(lambda ()
51
      (define path
52
        (string-join
53
          (map (lambda (p) (string-append p "/bin")) (list #$@packages))
54
          ":"))
55
      (define (get-path dir)
56
        (string-join
57
          (map (lambda (p) (string-append p "/" path) (list #$@packages)))
58
          ":"))
59
      (setenv "PATH" path)
60
      (setenv "GIT_SSL_CAINFO" "/etc/ssl/certs/ca-certificates.crt")
61
      (setenv "SSL_CERT_DIR" "/etc/ssl/certs")
62
      (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt")
63
      (setenv "LANG" "en_US.UTF-8")
64
      (for-each
65
        (lambda (env)
66
         (setenv (car env) (get-path (cdr env))))
67
        (quote #$env))
68
      (execl #$(file-append gnu-make "/bin/make") "make" "-C" #$directory #$target)))
69
70
(define i18n-download-job
71
  #~(job '(next-minute-from (next-hour '(05)) '(51))
72
         #$(makefile-job "/srv/http/i18n" "fdroid-update"
73
                         (list gnu-make coreutils findutils git)
74
                         '())))
75
76
(define i18n-compile-job
77
  #~(job '(next-minute-from (next-hour '(06)) '(21))
78
         #$(makefile-job "/srv/http/i18n" "all"
79
                         (list gnu-make coreutils findutils git grep util-linux)
80
                         '())))
81
82
(define nani-download-job
83
  #~(job '(next-minute-from (next-hour-from (next-day (range 1 31 5)) '(02)) '(12))
84
         #$(makefile-job "/srv/http/nani" "download"
85
                         (list gnu-make coreutils findutils grep gzip libiconv
86
                               sed tar unzip util-linux wget xz)
87
                         '())))
88
89
(define nani-update-job
90
  #~(job '(next-minute-from (next-hour-from (next-day (range 1 31 5)) '(03)) '(12))
91
         #$(makefile-job "/srv/http/nani" "all"
92
                         (list gnu-make coreutils findutils gnu-gettext grep guile-3.0
93
                               haunt sed)
94
                         '(("GUILE_LOAD_PATH" . "share/guile/site/3.0")
95
                           ("GUILE_LOAD_COMPILED_PATH" . "share/guile/site/3.0")))))
96
97
(operating-system
98
  (inherit (tyreunom-os "xana"))
99
  (bootloader
100
    (bootloader-configuration
101
      (target "/dev/sda")
102
      (bootloader grub-bootloader)))
103
  (file-systems (cons (file-system
104
                        (mount-point "/")
105
                        (device (uuid "27207be8-f30a-4ac6-a5ec-41859e90ee94"))
106
                        (type "ext4"))
107
                      %base-file-systems))
108
  (swap-devices '("/dev/sda1"))
109
  (services
110
    (append
111
      (list
112
        (service dhcp-client-service-type)
113
        (service nginx-service-type)
114
        (simple-service 'website-cron mcron-service-type
115
          (list i18n-download-job i18n-compile-job
116
                nani-download-job nani-update-job))
117
        (certbot-service `(("xana.lepiller.eu")
118
                           ("nani.lepiller.eu")
119
                           ("i18n.lepiller.eu")
120
                           ("offlate.lepiller.eu")))
121
        (simple-service 'nani-http-server nginx-service-type
122
          (list (nginx-server-configuration
123
                  (ssl-certificate
124
                    "/etc/letsencrypt/live/nani.lepiller.eu/fullchain.pem")
125
                  (ssl-certificate-key
126
                    "/etc/letsencrypt/live/nani.lepiller.eu/privkey.pem")
127
                  (listen '("443 ssl http2" "[::]:443 ssl http2"))
128
                  (server-name '("nani.lepiller.eu"))
129
                  (root "/srv/http/nani/public"))))
130
        (simple-service 'nani-http-server nginx-service-type
131
          (list (nginx-server-configuration
132
                  (ssl-certificate
133
                    "/etc/letsencrypt/live/offlate.lepiller.eu/fullchain.pem")
134
                  (ssl-certificate-key
135
                    "/etc/letsencrypt/live/offlate.lepiller.eu/privkey.pem")
136
                  (listen '("443 ssl http2" "[::]:443 ssl http2"))
137
                  (server-name '("offlate.lepiller.eu"))
138
                  (root "/srv/http/offlate/public")
139
                  (index '("index.html"))
140
                  (try-files '("$uri" "$uri/" "=404"))
141
                  (raw-content lepiller-policy))))
142
        (simple-service 'i18n-http-server nginx-service-type
143
          (list (nginx-server-configuration
144
                  (ssl-certificate
145
                    "/etc/letsencrypt/live/i18n.lepiller.eu/fullchain.pem")
146
                  (ssl-certificate-key
147
                    "/etc/letsencrypt/live/i18n.lepiller.eu/privkey.pem")
148
                  (listen '("443 ssl http2" "[::]:443 ssl http2"))
149
                  (server-name '("i18n.lepiller.eu"))
150
                  (root "/srv/http/i18n/public"))))
151
        (simple-service 'default-http-server nginx-service-type
152
          (list (nginx-server-configuration
153
                  (ssl-certificate
154
                    "/etc/letsencrypt/live/xana.lepiller.eu/fullchain.pem")
155
                  (ssl-certificate-key
156
                    "/etc/letsencrypt/live/xana.lepiller.eu/privkey.pem")
157
                  (listen '("443 ssl http2" "[::]:443 ssl http2"))
158
                  (server-name '(default "xana.lepiller.eu"))
159
                  (root "/srv/http/default")))))
160
      (modify-services (server-services "xana")
161
	(guix-service-type config =>
162
	  (guix-configuration
163
	    (inherit config)
164
	    (authorized-keys
165
	      (cons
166
		(local-file "../keys/tachikoma.pub")
167
		%default-authorized-guix-keys))))))))
168