taler-deployment

Deployment scripts and configuration files
Log | Files | Refs | README
commit 8d205b76dcfe4659e73ac3a97aa8792a517c5774
parent 430db6a55226ea4a9c33e322edc4a3a7b325393c
Author: Nils Gillmann <ng0@n0.is>
Date:   Mon, 15 Oct 2018 13:11:48 +0000

guix/config.scm (do not deploy this): work on adding more necessary bits in the system config.

Signed-off-by: Nils Gillmann <ng0@n0.is>

Diffstat:

Mguix/config.scm | 88+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----


1 file changed, 84 insertions(+), 4 deletions(-)

diff --git a/guix/config.scm b/guix/config.scm
@@ -1,10 +1,58 @@
 (use-modules 
  (srfi srfi-1)
  (gnu)
- (guix))
+ (guix)
+ (guix gexp))
 (use-system-modules nss)
-(use-service-modules networking ssh version-control databases admin)
-(use-package-modules base bash shells)
+(use-service-modules networking ssh version-control databases admin web)
+(use-package-modules base bash shells web)
+
+;;; --- cron jobs start
+(define %gc-job
+ ;; Collect garbage once a day.
+ #~(job '(next-hour '(4))
+        (string-append #$guix "/bin/guix gc -F80G")))
+;;; --- cron jobs end
+
+;;; --- nginx start
+;; TODO: Translate nginx code to guix nginx-service without a file
+;;       if possible wiht our config.
+;; DOCUMENTATION: There are 2 ways to run nginx on GuixSD, we use
+;; the way which allows us to work directly on nginx files instead
+;; of generating them through Guix, for now. Every update of the
+;; nginx config requires a reconfigure!
+(define %nginx-config
+  (computed-file "nginx-config"
+                 (with-imported-modules '((guix build utils))
+                   #~(begin
+                       (use-modules (guix build utils))
+                       (mkdir #$output)
+                       (chdir #$output)
+                       (symlink #$(local-file "etc/nginx/nginx.conf")
+                                "nginx.conf")
+                       (mkdir "conf.d")
+                       (copy-file #$(local-file "etc/nginx/conf.d/favicon_robots")
+                                  "conf.d/favicon_robots")
+                       (mkdir "sites-enabled")
+                       (copy-file #$(local-file "etc/nginx/sites-enabled/git.site")
+                                  "sites-enabled/git.site")
+                       (copy-file #$(local-file "etc/nginx/sites-enabled/git-ssl.site")
+                                  "sites-enabled/git-ssl.site")))))
+
+;; TODO: Change to our file.
+(define %nginx-mime-types
+  (simple-service 'nginx-mime.types
+                  etc-service-type
+                  `(("nginx" ,(file-append nginx "/share/nginx/conf")))))
+
+(define %nginx-cache-activation
+  (simple-service 'nginx-/var/cache/nginx
+                  activation-service-type
+                  (with-imported-modules '((guix build utils))
+                    #~(begin
+                        (use-modules (guix build utils))
+                        (mkdir-p "/var/cache/nginx")))))
+;;; --- nginx end
 
 (operating-system
   (host-name "gv")
@@ -61,8 +109,16 @@
                                                   "nss-certs"
                                                   "curl" "gnutls-dane"
                                                   "gitolite"
-                                                  "acme-client"))
+                                                  "acme-client"
+                                        ; Website dependencies:
+                                                  "python" "python-jinja2"
+                                                  "python-sphinx"))
+                                        ; "buildbot"
                     %base-packages))
+  
+  ;; TODO: cgit service?
+  ;; TODO: gitolite service?
+
   (services (cons*
              (service static-networking-service-type
                       (list
@@ -83,6 +139,21 @@
                                                       "/bin/env"))
                         ("/bin/ksh" ,(file-append (canonical-package loksh)
                                                   "/bin/ksh"))))
+             ;; TODO: acme-client cronjob for:
+             ;; taler.net www.taler.net api.taler.net lcov.taler.net
+             ;; git.taler.net  gauger.taler.net buildbot.taler.net
+             ;; test.taler.net playground.test.taler.net
+             ;; auditor.test.taler.net auditor.demo.taler.net
+             ;; demo.taler.net shop.test.taler.net
+             ;; shop.demo.taler.net survey.test.taler.net
+             ;; survey.demo.taler.net donations.demo.taler.net
+             ;; backend.test.taler.net backend.demo.taler.net
+             ;; bank.test.taler.net bank.demo.taler.net
+             ;; www.git.taler.net exchange.demo.taler.net
+             ;; exchange.test.taler.net env.taler.net
+             ;; envs.taler.net blog.demo.taler.net
+             ;; blog.test.taler.net donations.test.taler.net
+             ;; docs.taler.net intranet.taler.net stage.taler.net
              (service openssh-service-type
                       (openssh-configuration
                        (x11-forwarding? #t)
@@ -91,6 +162,9 @@
                        (permit-root-login 'without-password)))
                         
              (service rottlog-service-type (rottlog-configuration))
+             (service mcron-service-type
+                      (mcron-configuration
+                       (jobs (list %gc-job %thing1))))
              (service postgresql-service-type)
              (git-daemon-service
               #:config (git-daemon-configuration
@@ -102,6 +176,12 @@
                        (constraint-from '("www.gnu.org"))
                        (constraints-from '("https://www.google.com/"))
                        (allow-large-adjustment? #t)))
+             (service nginx-service-type
+                      (nginx-configuration
+                       (file (file-append %nginx-config
+                                          "/nginx.conf"))))
+             %nginx-mime-types
+             %nginx-cache-activation
              (modify-services %base-services
                (guix-service-type
                 config =>