blob: eb3eaface2677145943a74f39961098ba573fd4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
;; OS configuration for the taler.net server
(use-modules (gnu)
(guix)
(sysadmin people)
(sysadmin services))
(use-service-modules base networking mcron ssh mail
version-control databases admin
web certbot cgit)
(use-package-modules admin linux ssh tls vim zile wget
ntp version-control)
;;; Cron jobs
;; FIXME: Create jobs.
(define %sysadmins
(list (sysadmin (name "gillmann")
(full-name "Nils Gillmann")
(ssh-public-key (local-file "keys/ssh/ng0.pub")))
(sysadmin (name "dold")
(ssh-public-key (local-file "keys/ssh/dold.pub")))
(sysadmin (name "stanisci")
(ssh-public-key (local-file "keys/ssh/stanisci.pub")))
(sysadmin (name "grothoff")
(full-name "Christian Grothoff")
(ssh-public-key (local-file "keys/ssh/grothoff.pub")))))
;;; /etc/aliases
;; Takes the local aliases file contained in this repository (../etc/aliases)
;; and copy it to "/etc/aliases" in the OS resulting from this config.
(define %aliases-etc-service
(simple-service 'etc-/etc/aliases-init
activation-service-type
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(copy-file #$(local-file "../etc/aliases")
"/etc/aliases")))))
;; TODO: Do we need more than this hook?
(define %nginx-deploy-hook
(program-file "nginx-deploy-hook"
#~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
(kill pid SIGHUP))))
;;;
;;; The OS definition
;;;
(operating-system
;; TODO: Hostname should be loaded from external file and be substituted,
;; same for some other basic values.
(host-name "bfh.taler.net")
(timezone "Europe/Berlin")
(locale "en_US.UTF-8")
;; bootloader
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")
(terminal-outputs '(console))))
;; file-systems
;; TODO: Write functions for Hardware RAID
;; TODO: /home should be on luks encrypted device
;; single-disk configuration.
(file-systems (cons* (file-system
(device "my-root")
(title 'label)
(mount-point "/")
(type "ext4"))
(file-system
(device "my-home")
(title 'label)
(mount-point "/home")
(type "ext4"))
%base-file-systems))
(packages (append (map specification->package '("nvi" "mg" "emacs-no-x"
"openssh"
"curl" "libmicrohttpd" "gnutls-dane"
"sqlite" "jansson" "nss" "gmp"
"bluez" "glib" "libogg" "python2"
"perl" "doxygen"
"opus" "pulseaudio"
"libunistring" "libltdl" "zlib" "libgcrypt" "libextractor"
"gstreamer" "gst-plugins-base" "libidn" "glpk"
"gitolite"
"nss-certs"
"wget" "openssl"
"postgresql"
"certbot"))
%base-packages))
(services (cons*
(ntp-service)
(service sysadmin-service-type %sysadmins)
;; Log rotation
(service rottlog-service-type (rottlog-configuration))
;; certificates
(service certbot-service-type
(certbot-configuration
(email "admin@taler.net")
(certificates
(list
(certificate-configuration
(domains '("taler.net" "git.taler.net"))
(deploy-hook %nginx-deploy-hook))
(certificate-configuration
(domains '("2.taler.net")))))))
;; MAIL
;; FIXME: Policy is to just RECEIVE mail.
;; Produce the /etc/alias file:
;; insert a service to copy local file to /etc/aliases here.
;; Depending on the final server policies, adjust to
;; not send email or send email:
;; Dovecot
(dovecot-service #:config
(dovecot-configuration
(mail-location "maildir:~/Maildir")))
;; OpenSMTPD:
(service opensmtpd-service-type
(opensmtpd-configuration
(config-file (local-file "./opensmtpd/opensmtpd.conf"))))
;; Extend the /etc-service. This creates the files OpenSMTPD
;; wants and adds them to the /etc/ folder.
;; (service etc-service-type
;; (list `("vdoms.conf"
;; ,(plain-file "vdoms.conf"
;; "gnunet.org\n"))
;; `("vusers.conf"
;; ,(plain-file "vusers.conf"
;; "grothoff@gnunet.org grothoff"))))
;; SSH
(service openssh-service-type
(openssh-configuration
(port-number 22)
(password-authentication? #f)))
;; Databases
;; (mysql-service
;; #:config
;; (mysql-configuration
;; ;; Defaults to mariadb,
;; ;; read `info guix services`, section databases.
;; ;;(mysql "mysql")
;; ;; Default portnumber, must be a NUMBER not a string.
;; (port 3306)))
;; TODO: PostgreSQL -> exact config: ???
(service postgresql-service-type)
;; WEBSERVER
;;(service nginx-service-type)
(service nginx-service-type
(nginx-configuration
(file
(file-append %nginx-config "/bhf.conf"))))
;;(service fcgiwrap-service-type)
;; FIXME: Check cgit-service-type + gitolite options.
;; FIXME: Extend cgit service.
;;(service cgit-service-type)
(service cgit-service-type
(opaque-cgit-configuration
(cgitrc "")))
;; CGIT:
;;(service nginx-service-type)
;; (service fcgiwrap-service-type)
;; (service cgit-service-type)
;; GIT
;; Defaults to base-folder "/srv/git/"
(git-daemon-service
#:config (git-daemon-configuration
(user-path "git")))
;; Networking
;; FIXME: Complete this
(static-networking-service
"eth0" "2001:4ca0:2001:42:225:90ff:fe6b:d60"
#:netmask ""
#:gateway "2001:4ca0:2001:42::1"
#:name-servers '("" "" ""))
(static-networking-service
"eth1" "131.159.74.67"
#:netmask "255.255.255.240"
#:gateway "131.159.74.78"
#:name-servers '("" "" ""))
%base-services)))
|
