commit d8f02430fddf352573e6f372b9e4be359707ad17
parent 951ff63bd5ae5f4e593351dcb65cce8dd1121da5
Author: Nils Gillmann <gillmann@infotropique.org>
Date: Thu, 14 Jun 2018 10:51:49 +0000
config guix
Signed-off-by: Nils Gillmann <gillmann@infotropique.org>
Diffstat:
| M | guix/config.scm | | | 62 | ++++++++++++++++++++++++++++++++++++++++++-------------------- |
1 file changed, 42 insertions(+), 20 deletions(-)
diff --git a/guix/config.scm b/guix/config.scm
@@ -13,7 +13,7 @@
;; FIXME: Create jobs.
(define %sysadmins
- ;; The sys-admins
+ ;; The sys-admins. TODO: More.
(list (sysadmin (name "gillmann")
(full-name "Nils Gillmann")
(ssh-public-key (local-file "keys/ssh/ng0.pub")))
@@ -53,13 +53,13 @@
;; Local admin account
;; FIXME: Do we really need this?
- (users (cons (user-account
- (name "local-admin")
- (comment "Local admin")
- (group "users")
- (supplementary-groups '("wheel"))
- (home-directory "/home/local-admin"))
- %base-user-accounts))
+ ;; (users (cons (user-account
+ ;; (name "local-admin")
+ ;; (comment "Local admin")
+ ;; (group "users")
+ ;; (supplementary-groups '("wheel"))
+ ;; (home-directory "/home/local-admin"))
+ ;; %base-user-accounts))
(packages (append (map specification->package '("nvi" "mg" ;editors
"openssh"
@@ -67,7 +67,7 @@
;; FIXME: better would be to read gnunet-inputs and -native-inputs.
"curl" "libmicrohttpd" "gnutls/dane"
"sqlite" "jansson" "nss" "gmp"
- "bluez" "glib" "libogg" "python-2"
+ "bluez" "glib" "libogg" "python2"
"perl" "doxygen" ; FIXME: is perl necessary?
"opus" "pulseaudio" ;PA on server, for building?
"libunistring" "libltdl" "zlib" "libgcrypt" "libextractor"
@@ -89,10 +89,12 @@
;; CERTIFICATES
(service certbot-service-type
(certbot-configuration
- (hosts '(("taler.net")))))
+ ;; TODO: Any other (sub)domains?
+ (hosts '(("taler.net")
+ ("git.taler.net")))))
;; MAIL
- ;; FIXME: Policy is to just receive mail.
+ ;; FIXME: Policy is to just RECEIVE mail.
;; Produce the /etc/alias file:
;; insert a service to copy local file to /etc/aliases here.
;; Depending on the final server policies, adjust to
@@ -122,21 +124,41 @@
(password-authentication? #f)))
;; Databases
- (mysql-service
- #:config
- (mysql-configuration
- ;; Defaults to mariadb,
- ;; read `info guix services`, section databases.
- ;;(mysql "mysql")
- ;; Default portnumber, must be a NUMBER not a string.
- (port 3306)))
+ ;; (mysql-service
+ ;; #:config
+ ;; (mysql-configuration
+ ;; ;; Defaults to mariadb,
+ ;; ;; read `info guix services`, section databases.
+ ;; ;;(mysql "mysql")
+ ;; ;; Default portnumber, must be a NUMBER not a string.
+ ;; (port 3306)))
+ ;; TODO: PostgreSQL -> exact config: ???
+ (swervice postgresql-service-type)
;; WEBSERVER
;;(service nginx-service-type)
+ (service nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list
+ (nginx-server-configuration
+ (listen '("443 ssl"))
+ (server-name "git.taler.net")
+ (ssl-certificate
+ "/etc/letsencrypt/live/git.taler.net/fullchain.pem")
+ (ssl-certificate-key
+ "/etc/letsencrypt/live/git.taler.net/privkey.pem")
+ (locations
+ (list
+ (git-http-nginx-location-configuration
+ (git-http-configuration (uri-path "/"))))))))))
;;(service fcgiwrap-service-type)
;; FIXME: Check cgit-service-type + gitolite options.
;; FIXME: Extend cgit service.
;;(service cgit-service-type)
+ (service cgit-service-type
+ (opaque-cgit-configuration
+ (cgitrc "")))
;; CGIT:
;;(service nginx-service-type)
@@ -179,4 +201,4 @@
#:netmask "255.255.255.240"
#:gateway "131.159.74.78"
#:name-servers '("" "" ""))
- %base-services)))
+ %base-services)))
