diff options
| author | EuAndreh <eu@euandre.org> | 2025-03-14 06:30:12 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2025-03-14 06:30:12 -0300 |
| commit | f755bc31292ad92bab07f4ad16617d07abd436b0 (patch) | |
| tree | 4ef8ddbdfd05e3c2f475c1e1379631c8e685a7f6 | |
| parent | system.scm: Add cicd-service-type (diff) | |
| download | asami-f755bc31292ad92bab07f4ad16617d07abd436b0.tar.gz asami-f755bc31292ad92bab07f4ad16617d07abd436b0.tar.xz | |
system.scm: Enable cgit and nginx services
| -rw-r--r-- | src/guix/system.scm | 49 |
1 files changed, 45 insertions, 4 deletions
diff --git a/src/guix/system.scm b/src/guix/system.scm index 470bb1d..a325f37 100644 --- a/src/guix/system.scm +++ b/src/guix/system.scm @@ -1,5 +1,4 @@ (use-modules - ((ice-9 match) #:prefix m:) ((srfi srfi-1) #:prefix s1:) ((xyz euandreh heredoc) #:prefix heredoc:) ((org euandre papo) #:prefix papo:) @@ -10,7 +9,8 @@ (guix packages) (guix transformations) (guix utils)) -(use-package-modules) +(use-package-modules + version-control) (use-service-modules certbot cgit @@ -18,8 +18,8 @@ mail networking security - shepherd - ssh) + ssh + web) (heredoc:enable-syntax) @@ -154,6 +154,47 @@ (pkg:users->keys +users+))) (service certbot-service-type (q:tld-certbot-configuration +tld+)) + (service nginx-service-type + (nginx-configuration + (server-blocks + (list + (nginx-server-configuration + (server-name (list +tld+)) + (listen '("[::]:443 ssl" "443 ssl")) + (root "/srv/www") + (ssl-certificate (pkg:fmt "/etc/letsencrypt/live/~a/fullchain.pem" +tld+)) + (ssl-certificate-key (pkg:fmt "/etc/letsencrypt/live/~a/privkey.pem" +tld+)) + (locations + (list + (nginx-location-configuration + (uri "/git/static/") + (body + (list + (list "alias " cgit "/share/cgit/;")))) + (nginx-location-configuration + (uri "/git/") + (body + (list + (list "fastcgi_param SCRIPT_FILENAME " cgit "/lib/cgit/cgit.cgi;") + #"- + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass localhost:9000; + rewrite /git(.*) $1 break; + "#))))) + (raw-content + '(#"- + ssl_protocols TLSv1.3; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; + ssl_prefer_server_ciphers on; + gzip off; # Disable dynamic compression altogether due to BREACH + gzip_static on; + charset utf-8; + autoindex on; + add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains' always; + "#))))))) + (service cgit-service-type q:cgit-pre-configuration) (service pkg:syskeep-service-type (pkg:syskeep-configuration (tld +tld+))) |