system.scm: Get pkg:git-service-type and q:knot-zones-configuration from packages repository

2 files changed, 15 insertions, 209 deletions

diff --git a/src/config/tld.txt b/src/config/tld.txt
new file mode 100644
index 0000000..fd7ea0f
--- /dev/null
+++ b/src/config/tld.txt
@@ -0,0 +1 @@
+euandre.org
diff --git a/src/guix/system.scm b/src/guix/system.scm
index 3b840bd..2d3a332 100644
--- a/src/guix/system.scm
+++ b/src/guix/system.scm
@@ -1,40 +1,23 @@
 (use-modules
-  ((ice-9 textual-ports) #:prefix textual-ports:)
-  ((srfi srfi-1) #:prefix s1:)
   ((xyz euandreh heredoc) #:prefix heredoc:)
   ((org euandre packages) #:prefix pkg:)
   ((org euandre queue) #:prefix q:)
-  (gnu)
-  (guix build-system trivial)
-  (guix build utils)
-  (guix packages)
-  (guix records))
+  (gnu))
 (use-package-modules
-  admin
-  ssh
   version-control)
 (use-service-modules
-  admin
   certbot
   cgit
   dns
   mail
-  mcron
   networking
   security
-  shepherd
   ssh
-  version-control
   vpn
   web)
 (heredoc:enable-syntax)
 
 
-(define ipv4 "216.238.68.100")
-(define ipv6 "2001:19f0:b400:1f0c:5400:04ff:fe35:8c89")
-(define tld "euandre.org")
-(define +tld+ tld)
-
 
 (define (path s)
   ;; src/guix/system.scm + ../../../ = ./
@@ -43,191 +26,15 @@
 (define +users+
   `(("andreh" "EuAndreh" ("wheel") ,(path "src/keys/SSH/andreh.pub.txt"))))
 
+(define +ipv4+ "216.238.68.100")
+(define +ipv6+ "2001:19f0:b400:1f0c:5400:04ff:fe35:8c89")
+(define +tld+
+  ((compose string-trim-right
+            pkg:slurp
+            path)
+   "src/config/tld.txt"))
 
 
-(define ns (pkg:fmt "ns1.~a." tld))
-(define mail (pkg:fmt "hostmaster.~a." tld))
-(define dkim-selector "dkimproxyout")
-(define dkim-public-key-path "/var/lib/dkimproxyout/public.key")
-
-(define dkim-name (pkg:str dkim-selector "._domainkey"))
-(define dkim-public-key
-  (if (file-exists? dkim-public-key-path)
-    (string-join (reverse
-                  (cdr
-                   (reverse
-                    (cdr
-                     (string-split (pkg:slurp dkim-public-key-path)
-                                   #\newline)))))
-                 "")
-    "stub-public-key-for-building"))
-
-(define ipv4-reverse-domain
-  (pkg:str
-   (string-join (reverse
-                 (string-split ipv4
-                               #\.))
-                ".")
-   ".in-addr.arpa"))
-
-(define ipv6-reverse-domain
-  (pkg:str
-   (string-join (reverse
-                 (map (lambda (s) (pkg:fmt "~a" s))
-                      (string->list
-                       (string-delete #\: ipv6))))
-                ".")
-   ".ip6.arpa"))
-
-(define-zone-entries tld-zone
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns1.~a." tld))
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns2.~a." tld))
-  ("ns1"       ""   "IN"   "A"     ipv4)
-  ("ns1"       ""   "IN"   "AAAA"  ipv6)
-  ("ns2"       ""   "IN"   "A"     ipv4)
-  ("ns2"       ""   "IN"   "AAAA"  ipv6)
-
-  ("@"         ""   "IN"   "A"     ipv4)
-  ("@"         ""   "IN"   "AAAA"  ipv6)
-
-  ("@"         ""   "IN"   "CAA"   "0 issue \"letsencrypt.org\"")
-  ("@"         ""   "IN"   "CAA"   "0 issuewild \";\"")
-  ("@"         ""   "IN"   "CAA"   "0 iodef \"mailto:eu@euandre.org\"")
-
-  ("mta-sts"   ""   "IN"   "A"     ipv4)
-  ("mta-sts"   ""   "IN"   "AAAA"  ipv6)
-  ("_mta-sts"  ""   "IN"   "TXT"   "\"v=STSv1; id=20230314\"")
-  ("@"         ""   "IN"   "MX"    (pkg:fmt "10 ~a." tld))
-  ("_dmarc"    ""   "IN"   "TXT"   "\"v=DMARC1; p=quarantine\"")
-  ("@"         ""   "IN"   "TXT"   (pkg:fmt "\"v=spf1 a:~a -all\"" tld))
-  (dkim-name   ""   "IN"   "TXT"   (pkg:fmt "\"v=DKIM1; k=rsa; t=s; p=~a\"" dkim-public-key)))
-
-(define-zone-entries ipv4-reverse-domain-zone
-  ("@"         ""   "IN"   "PTR"   (pkg:str tld "."))
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns1.~a." tld))
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns2.~a." tld)))
-
-(define-zone-entries ipv6-reverse-domain-zone
-  ("@"         ""   "IN"   "PTR"   (pkg:str tld "."))
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns1.~a." tld))
-  ("@"         ""   "IN"   "NS"    (pkg:fmt "ns2.~a." tld)))
-
-(define zones
-  (list
-   (knot-zone-configuration
-     (domain tld)
-     (semantic-checks? #t)
-     (zone
-       (zone-file
-         (origin tld)
-         (ns ns)
-         (mail mail)
-         (entries tld-zone))))
-   (knot-zone-configuration
-     (domain ipv4-reverse-domain)
-     (semantic-checks? #t)
-     (zone
-       (zone-file
-         (origin ipv4-reverse-domain)
-         (ns ns)
-         (mail mail)
-         (entries ipv4-reverse-domain-zone))))
-   (knot-zone-configuration
-     (domain ipv6-reverse-domain)
-     (semantic-checks? #t)
-     (zone
-       (zone-file
-         (origin ipv6-reverse-domain)
-         (ns ns)
-         (mail mail)
-         (entries ipv6-reverse-domain-zone))))))
-
-
-(define-record-type* <git-configuration>
-  git-configuration
-  make-git-configuration
-  git-configuration?
-  (package           git-configuration-package           (default git))
-  (user              git-configuration-user              (default "git"))
-  (group             git-configuration-group             (default "git"))
-  (export-all?       git-configuration-export-all?       (default #f))
-  (base-path         git-configuration-base-path         (default "/srv/git"))
-  (user-path         git-configuration-user-path         (default #f))
-  (run-in-container? git-configuration-run-in-container? (default #f))
-  (container-name    git-configuration-container-name    (default "git-contaner")))
-
-(define (git-command config)
-  (match-record config <git-configuration>
-      (package user group base-path run-in-container? container-name)
-    (let ((bin (file-append package "/bin/git")))
-      (if (not run-in-container?)
-        bin
-        (least-authority-wrapper
-         bin
-         #:user      user
-         #:group     group
-         #:name      container-name
-         #:directory base-path
-         #:preserved-environment-variables
-         '()
-         #:mappings
-         (list
-          (file-system-mapping
-            (source base-path)
-            (target source)
-            (writable? #t))))))))
-
-(define (git-shepherd-services config)
-  (match-record config <git-configuration>
-      (user group export-all? base-path user-path)
-    (list
-     (shepherd-service
-       (provision '(git))
-       (requirement '(networking))
-       (start
-         #~(make-forkexec-constructor
-            (list #$(git-command config)
-                  "daemon" "--syslog" "--reuseaddr"
-                  #$@(pkg:mklist (and export-all? "--export-all"))
-                  #$@(pkg:mklist (and base-path (pkg:str "--base-path=" base-path)))
-                  #$@(pkg:mklist (and user-path (pkg:str "--user-path=" user-path))))
-            #:user  #$user
-            #:group #$group))
-       (stop #~(make-kill-destructor SIGKILL))
-       (documentation "")))))
-
-(define (git-accounts config)
-  (match-record config <git-configuration>
-      (user group)
-    (list
-     (user-group
-       (name group)
-       (system? #t))
-     (user-account
-       (name user)
-       (group group)
-       (system? #t)
-       (comment "External SSH Git service user")
-       (home-directory "/srv/git")
-       (create-home-directory? #f)
-       (shell
-         (file-append git "/bin/git-shell"))))))
-
-
-(define git-service-type
-  (service-type
-    (name 'git)
-    (extensions
-      (list
-       (service-extension shepherd-root-service-type
-                          git-shepherd-services)
-       (service-extension account-service-type
-                          git-accounts)
-       (service-extension profile-service-type
-                          (compose list git-configuration-package))))
-    (default-value (git-configuration))
-    (description "Better git:// service.")))
-
 
 (define package-symbols
   '())
@@ -247,12 +54,10 @@
   (services
     (append
      (list
-      (service knot-service-type
-        (knot-configuration
-          (zones zones)))
       (service ntp-service-type)
       (service dhcp-client-service-type)
       (service fail2ban-service-type)
+      (service knot-service-type    (q:knot-zones-configuration +tld+ +ipv4+ +ipv6+))
       (service openssh-service-type (q:openssh-default-configuration (pkg:users->keys +users+)))
       (service certbot-service-type (q:tld-certbot-configuration +tld+))
       (service nginx-service-type
@@ -260,11 +65,11 @@
           (server-blocks
             (list
              (nginx-server-configuration
-               (server-name (list tld))
+               (server-name (list +tld+))
                (listen '("[::]:443 ssl http2" "443 ssl http2"))
                (root "/srv/www")
-               (ssl-certificate     (pkg:fmt "/etc/letsencrypt/live/~a/fullchain.pem" tld))
-               (ssl-certificate-key (pkg:fmt "/etc/letsencrypt/live/~a/privkey.pem"   tld))
+               (ssl-certificate     (pkg:fmt "/etc/letsencrypt/live/~a/fullchain.pem" +tld+))
+               (ssl-certificate-key (pkg:fmt "/etc/letsencrypt/live/~a/privkey.pem"   +tld+))
                (locations
                  (list
                   (nginx-location-configuration
@@ -296,8 +101,8 @@
                      "#)))))))
       (service cgit-service-type q:cgit-pre-configuration)
       (service pkg:syskeep-service-type)
-      (service git-service-type
-        (git-configuration
+      (service pkg:git-service-type
+        (pkg:git-configuration
           (export-all? #t)))
       (simple-service 'add-wireguard-aliases hosts-service-type
         (list