channel

The Guix channel used by MonasTech systems
Log | Files | Refs | README
commit 0fe59d9c6477affe7e34c249e0ac6664af41e17c
parent 1f43b49b0a548463784fe7f10378ef8aa60d9559
Author: Luke Willis <lukejw@loquat.dev>
Date:   Tue, 16 Dec 2025 18:28:33 -0500

Tweak nginx and clean up services

Diffstat:

Mmt/services/web.scm | 51+++++++++++----------------------------------------


Mmt/system/andrew.scm | 18+++++++++++++++---


2 files changed, 26 insertions(+), 43 deletions(-)

diff --git a/mt/services/web.scm b/mt/services/web.scm
@@ -4,45 +4,16 @@
   #:use-module (gnu packages admin)
   #:use-module (gnu packages web)
   #:use-module (gnu system shadow)
-  #:use-module (guix gexp)
-  #:export (quark-service-type))
+  #:use-module (guix gexp))
 
-;; TODO: Make a fleshed out certbot + quark + hitch service
-
-(define %quark-accounts
-  (list (user-account
-         (name "quark")
-         (group "quark")
-         (system? #t)
-         (comment "quark user")
-         (home-directory "/var/empty")
-         (shell (file-append shadow "/sbin/nologin")))
-        (user-group
-         (name "quark")
-         (system? #t))))
-
-(define (quark-shepherd-service path)
-  (list (shepherd-service
-         (provision '(quark))
-         (documentation "Run quark.")
-         (requirement '(user-processes))
-         (start #~(make-forkexec-constructor
-                   (list #$(file-append quark "/bin/quark")
-                         "-p" "80"
-                         "-h" "0.0.0.0"
-                         "-u" "quark"
-                         "-g" "quark"
-                         "-d" #$path)
-                   #:log-file "/var/log/quark.log"))
-         (stop #~(make-kill-destructor)))))
-
-(define quark-service-type
-  (service-type (name 'quark)
-                (extensions
-                 (list (service-extension shepherd-root-service-type
-                                          quark-shepherd-service)
-                       (service-extension account-service-type
-                                          (const %quark-accounts))))
-                (description
-                 "Serve a specified path's contents over http using quark.")))
+;; TODO: Write custom git service
+;; - Creates git user and group
+;; - Sets up my custom git-shell environment
+;; - Sets up stagit hooks to build directory
+;; - Extends nginx to serve stagit pages
 
+;; TODO: Write dehydrated service for certs
+;; - Write configuration files
+;; - Extend nginx to automatically serve challenges
+;; - Extend ? to create a daily cronjob
+;; - One-shot registration
diff --git a/mt/system/andrew.scm b/mt/system/andrew.scm
@@ -82,14 +82,26 @@ Welcome to \"andrew\" the, first MonasTech server.
                       (server-blocks
                        (list (nginx-server-configuration
                               (server-name '("monastech.xyz" "www.monastech.xyz"))
+                              (listen '("443 ssl"))
                               (root "/var/www/monastech.xyz")
                               (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem")
-                              (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")
+                              (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem"))
+                             ;; Default HTTP server
+                             (nginx-server-configuration
+                              (server-name '("_"))
+                              (listen '("80 default_server"))
+                              (root "/var/www/monastech.xyz")
                               (locations
-                               (list (nginx-location-configuration
+                               (list ;; Serve ACME challenges 
+                                     (nginx-location-configuration
                                       (uri "^~ /.well-known/acme-challenge")
-                                      (body (list "alias /var/www/dehydrated;"))))))))))
+                                      (body (list "alias /var/www/dehydrated;")))
+                                     ;; Redirect to HTTPS
+                                     (nginx-location-configuration
+                                      (uri "/")
+                                      (body (list "return 301 https://$host$request_uri;"))))))))))
             ;; TODO: Certbot is weird, write my own service based off dehydrated
+            ;; FIXME: Currently does not work
             (service git-daemon-service-type
                      (git-daemon-configuration
                       (base-path "/home/git/repo"))))