vps.scm: WIP setup cgit

author: EuAndreh <eu@euandre.org> 2020-11-29 00:39:36 -0300
committer: EuAndreh <eu@euandre.org> 2020-11-29 00:39:36 -0300
commit: 2719472071a81d007a1782ff5f89f9adf512b01c (patch)
tree: 546c602687815897e983e99598f3c9ebbe7b0a8a /sync
parent: Move shell.sh to container (diff)
download: server-2719472071a81d007a1782ff5f89f9adf512b01c.tar.gz
server-2719472071a81d007a1782ff5f89f9adf512b01c.tar.xz
1 files changed, 83 insertions, 25 deletions
diff --git a/sync/vps.scm b/sync/vps.scm
index fa1a595..a7b8aa1 100644
--- a/sync/vps.scm
+++ b/sync/vps.scm
@@ -1,10 +1,20 @@
 (use-modules (gnu)
              (ice-9 textual-ports)
              (guix gexp))
-(use-service-modules networking ssh mcron admin mail web certbot)
-(use-package-modules ssh backup)
+(use-package-modules ssh
+                     backup
+                     version-control)
+(use-service-modules networking
+                     ssh
+                     mcron
+                     admin
+                     mail
+                     web
+                     certbot
+                     cgit)
 
-(define user "andreh")
+(define user
+  "andreh")
 
 (define (slurp f)
   (string-trim-both
@@ -20,8 +30,13 @@ root ALL=(ALL) ALL
 (define tld
   (slurp "tld.txt"))
 
+(define mail-domain-prefix "mail")
 (define mail-domain
-  (string-append "mail." tld))
+  (string-append mail-domain-prefix "." tld))
+
+(define git-domain-prefix "git")
+(define git-domain
+  (string-append git-domain-prefix "." tld))
 
 (define certbot-alias
   "certbot")
@@ -48,7 +63,12 @@ pki " mail-domain " cert \"" (tls-pub-for  mail-domain) "\"
 pki " mail-domain " key  \"" (tls-priv-for mail-domain) "\""))
 
 (define tls-prefixes
-  '("mail" "ci"))
+  (list "www"
+        mail-domain-prefix
+        "ci"
+        git-domain-prefix
+        "chat"
+        "meet"))
 
 (define tls-domains
   (cons tld
@@ -95,31 +115,69 @@ pki " mail-domain " key  \"" (tls-priv-for mail-domain) "\""))
                      ("webmaster" "root")
                      ("abuse" "root")
                      (,certbot-alias "root")))
-          (service nginx-service-type
-                   (nginx-configuration
-                    (server-blocks
-                     (list
-                      (nginx-server-configuration
-                       ;; FIXME: force redirect
-                       ;; FIXME: hook for "mkdir -p /srv/http/ && chmod"
-                       ;; FIXME: permanent redirect www
-                       (server-name (list tld))
-                       (ssl-certificate     (tls-pub-for  tld))
-                       (ssl-certificate-key (tls-priv-for tld)))))))
-          (service certbot-service-type
-                   (certbot-configuration
-                    (email (string-append certbot-alias "@" tld))
-                    (certificates
-                     (list
-                      (certificate-configuration
-                       (domains tls-domains))))))
+          ;; (service nginx-service-type
+          ;;          (nginx-configuration
+          ;;           (server-blocks
+          ;;            (list
+          ;;             (nginx-server-configuration
+          ;;              ;; FIXME: force redirect HTTPS
+          ;;              ;; FIXME: permanent redirect www and everything else to non-www
+          ;;              (server-name (list tld))
+          ;;              (ssl-certificate     (tls-pub-for  tld))
+          ;;              (ssl-certificate-key (tls-priv-for tld)))))))
+          ;; (service certbot-service-type
+          ;;          (certbot-configuration
+          ;;           (email (string-append certbot-alias "@" tld))
+          ;;           (certificates
+          ;;            (list
+          ;;             (certificate-configuration
+          ;;              (domains tls-domains))))))
           (simple-service 'automatic-certbot-renewal
                           activation-service-type
                           (with-imported-modules '((gnu services herd))
                             #~(begin
                                 (use-modules (gnu services herd))
-                                (execl "/var/lib/certbot/renew-certificates")
-                                (restart-service 'nginx)))))
+                                ;; (execl "/var/lib/certbot/renew-certificates")
+                                (restart-service 'nginx))))
+          (service cgit-service-type
+                   (cgit-configuration
+                    (remove-suffix? #t)
+                    (root-title "EuAndreh's repositories")
+                    (root-desc "Patches welcome!")
+                    (snapshots '("tar.gz" "zip"))
+                    (clone-prefix (list (string-append "https://" git-domain)))
+                    (source-filter (file-append cgit "/lib/cgit/filters/syntax-highlighting.py"))
+                    (about-filter  (file-append cgit "/lib/cgit/filters/about-formatting.sh"))
+                    ;; about-filter
+                    ;;(clone-url "dunno")
+                    (enable-commit-graph? #t)
+                    (enable-follow-links? #t)
+                    (enable-index-links? #t)
+                    (enable-log-filecount? #t)
+                    (enable-log-linecount? #t)
+                    (max-repodesc-length 120)
+                    (max-stats "year")
+                    (nocache? #t)
+                    (readme "README.md") ;; FIXME
+                    ;()
+                    ;; (repositories
+                    ;;  (list
+                    ;;   (repository-cgit-configuration
+                    ;;    ))
+                    ;;   )
+                     ;; (map (lambda (f)
+                     ;;        (repository-cgit-configuration (readme f)))
+                     ;;      '("README.md" "README" "README.rst" "README.org"))
+                     ))
+          (simple-service 'init-srv-directories
+                          activation-service-type
+                          #~(begin
+                              (for-each (lambda (p)
+                                          (mkdir-p p)
+                                          (chmod p #o777))
+                                        '("/srv/http"
+                                          "/srv/git"
+                                          "/srv/ci")))))
     %base-services))
   (bootloader
    (bootloader-configuration
author	EuAndreh <eu@euandre.org>	2020-11-29 00:39:36 -0300
committer	EuAndreh <eu@euandre.org>	2020-11-29 00:39:36 -0300
commit	2719472071a81d007a1782ff5f89f9adf512b01c (patch)
tree	546c602687815897e983e99598f3c9ebbe7b0a8a /sync
parent	Move shell.sh to container (diff)
download	server-2719472071a81d007a1782ff5f89f9adf512b01c.tar.gz server-2719472071a81d007a1782ff5f89f9adf512b01c.tar.xz