andrew.scm (5091B)
1 (define-module (mt system andrew) 2 #:use-module (guix gexp) 3 #:use-module (guix packages) 4 #:use-module (guix git) 5 #:use-module (gnu bootloader) 6 #:use-module (gnu bootloader grub) 7 #:use-module (gnu services) 8 #:use-module (gnu services certbot) 9 #:use-module (gnu services version-control) 10 #:use-module (gnu services web) 11 #:use-module (gnu system) 12 #:use-module (gnu system keyboard) 13 #:use-module (gnu system shadow) 14 #:use-module (gnu packages rsync) 15 #:use-module (gnu packages version-control) 16 #:use-module (nongnu packages linux) 17 #:use-module (nongnu system linux-initrd) 18 #:use-module (mt services) 19 #:use-module (mt system) 20 #:export (andrew-os)) 21 22 (define %issue " 23 Welcome to \"andrew\" the, first MonasTech server. 24 ") 25 26 (define andrew-os 27 (operating-system 28 (host-name "andrew") 29 (timezone "America/New_York") ;; Located in vinthill 30 (locale "en_US.utf8") 31 32 (issue %issue) 33 34 (keyboard-layout (keyboard-layout "us")) 35 36 (kernel linux-lts) 37 (initrd microcode-initrd) 38 (firmware (list linux-firmware)) 39 40 (bootloader (bootloader-configuration 41 (bootloader grub-efi-bootloader) 42 (targets '("/boot/efi")) 43 (keyboard-layout keyboard-layout))) 44 45 (swap-devices %mt-swap-devices) 46 47 (file-systems %mt-file-systems) 48 49 (users 50 (cons* 51 (user-account 52 (name "lukejw") 53 (comment "Luke Willis") 54 (group "users") 55 (home-directory "/home/lukejw") 56 (supplementary-groups '("wheel"))) 57 (user-account 58 (name "git") 59 (group "git") 60 (home-directory "/home/git") 61 (shell (file-append git-minimal "/bin/git-shell"))) 62 %base-user-accounts)) 63 64 ;; TODO: Move git setup to service 65 (groups 66 (cons* 67 (user-group (name "git")) 68 %base-groups)) 69 70 (packages 71 (cons* 72 rsync 73 %mt-base-packages)) 74 75 ;; TODO: Add git home environment with custom commands 76 ;; TODO: Create special service that creates git user, group and environment 77 78 (services 79 (append 80 (list (service nginx-service-type 81 (nginx-configuration 82 (server-blocks 83 (list (nginx-server-configuration 84 (server-name '("monastech.xyz" "www.monastech.xyz")) 85 (listen '("443 ssl")) 86 (root "/var/www/monastech.xyz") 87 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 88 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")) 89 (nginx-server-configuration 90 (server-name '("git.monastech.xyz")) 91 (listen '("443 ssl")) 92 (root "/var/www/git.monastech.xyz") 93 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 94 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem")) 95 ;; Serve substitutes over HTTPS 96 (nginx-server-configuration 97 (server-name '("substitutes.monastech.xyz")) 98 (listen '("443 ssl")) 99 (ssl-certificate "/etc/dehydrated/certs/monastech.xyz/fullchain.pem") 100 (ssl-certificate-key "/etc/dehydrated/certs/monastech.xyz/privkey.pem") 101 (locations 102 (list ;; Redirect to HTTPS 103 (nginx-location-configuration 104 (uri "/") 105 (body (list "proxy_pass http://127.0.0.1:8080;")))))) 106 ;; Default HTTP server 107 (nginx-server-configuration 108 (server-name '("_")) 109 (listen '("80 default_server")) 110 (root "/var/www/monastech.xyz") 111 (locations 112 (list ;; Serve ACME challenges 113 (nginx-location-configuration 114 (uri "^~ /.well-known/acme-challenge") 115 (body (list "alias /var/www/dehydrated;"))) 116 ;; Redirect to HTTPS 117 (nginx-location-configuration 118 (uri "/") 119 (body (list "return 301 https://$host$request_uri;")))))))))) 120 ;; TODO: Certbot is weird, write my own service based off dehydrated 121 ;; FIXME: Currently does not work 122 (service git-daemon-service-type 123 (git-daemon-configuration 124 (base-path "/home/git/repo")))) 125 %mt-bishop-services)))) 126 127 andrew-os