guix/theodora.scm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

(define-module (theodora)
  #:use-module (gnu)
  #:use-module (gnu services)
  #:use-module (gnu services web)
  #:use-module (gnu services dbus)
  #:use-module (gnu services docker)
  #:use-module (gnu services version-control)
  #:use-module (gnu services cgit)
  #:use-module (rosenthal services networking)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages haskell-apps)
  #:use-module (gnu packages version-control))

(use-service-modules cups desktop networking ssh docker xorg)

(make-gitolite (list redis git-annex))

(operating-system
  (locale "en_US.utf8")
  (timezone "Europe/Athens")
  (keyboard-layout (keyboard-layout "us"))
  (host-name "theodora")
  (users (cons* (user-account
                  (name "thanos")
                  (comment "Thanos Apollo")
                  (group "users")
                  (home-directory "/home/thanos")
                  (supplementary-groups '("wheel" "netdev" "audio" "video" "docker" "git-daemon")))
		(user-account
		 (name "git")
		 (comment "Git user")
		 (group "users")
		 (home-directory "/home/git")
		 (supplementary-groups '("netdev" "git-daemon")))
                %base-user-accounts))
  (packages
   (append (map specification->package '("docker" "dbus" "docker-cli" "sqlite"
					 "docker-compose" "cloudflared" "nginx"))
	   %base-packages))
  (services
   (append (list
            (service openssh-service-type
		      (openssh-configuration
		       (permit-root-login 'prohibit-password)))

	    (service tailscale-service-type)

	    (service git-daemon-service-type
		     (git-daemon-configuration
		      (export-all? #t)
		      (base-path "/srv/git")
		      (listen '("git.thanosapollo.org" "localhost" "192.168.0.101" "theodora"))))

	    (service cgit-service-type
		     (cgit-configuration
		      (root-desc "Δωρεὰν ἐλάβετε, δωρεὰν δότε. | Freely you have received; freely give.  (Mathew 10:8)")
		      (project-list
		       '("dotfiles" "gnosis" "yeetube" "org-gnosis"
			 "hecate" "pcmpl-emerge" "pcmpl-rc" "hunspell-dict-el" "hunspell-dict-en-med"
			 "pcmpl-tailscale" "greek-polytonic.el" "org-gnosis-ui" "hunspell-dict-el-polytonic"))
		      (repository-directory "/srv/git")
		      (root-title "Thanos Apollo | Git server")
		      (enable-index-owner? #f)
		      (enable-http-clone? #t) ;; change this to #f when we get git-daemon working properly
		      (clone-prefix '("https://git.thanosapollo.org"))
		      (nginx
		       (list
			(nginx-server-configuration
			 (server-name '("git.thanosapollo.org"))
			 (root cgit)
			 (locations
			  (list
			   (nginx-location-configuration
			    (uri "@cgit")
			    (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;"
				    "fastcgi_param PATH_INFO $uri;"
				    "fastcgi_param QUERY_STRING $args;"
				    "fastcgi_param HTTP_HOST $server_name;"
				    "fastcgi_pass 127.0.0.1:9000;")))
			   (nginx-location-configuration
			    (uri "/.git/")
			    (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;"
				    "fastcgi_param GIT_HTTP_EXPORT_ALL 1;"
				    "fastcgi_param GIT_PROJECT_ROOT /srv/git;"
				    "fastcgi_param HOME /srv/git;"
				    "fastcgi_param PATH_INFO $uri;"
				    "fastcgi_pass unix:/run/fcgiwrap.socket;")))
			   (git-http-nginx-location-configuration
                            (git-http-configuration
			     (uri-path "/")
			     (export-all? #t)))))
			 (try-files (list "$uri" "@cgit"))
			 (listen '("80"))
			 (ssl-certificate #f)
			 (ssl-certificate-key #f))))))

	    (service nginx-service-type
                     (nginx-configuration
                      (server-blocks
                       (list (nginx-server-configuration
                              (server-name '("thanosapollo.org"))
                              (root "/srv/http/thanosapollo.org")
			      (listen '("80"))
			      (ssl-certificate #f)
			      (ssl-certificate-key #f))))))

	    (service elogind-service-type
		     (elogind-configuration
		      (handle-lid-switch 'ignore)))
	    
            (service dhcp-client-service-type)
            (service ntp-service-type)
            (service cups-service-type)
	    (service containerd-service-type)
	    (service docker-service-type))
           %base-services))
  (bootloader (bootloader-configuration
                (bootloader grub-efi-bootloader)
                (targets (list "/boot/efi"))
                (keyboard-layout keyboard-layout)))
  (swap-devices (list (swap-space
                        (target (uuid
                                 "630773c3-a65d-4b80-9485-04f9760a6b8c")))))

  (file-systems (cons* (file-system
                         (mount-point "/boot/efi")
                         (device (uuid "84FE-6DBB"
                                       'fat32))
                         (type "vfat"))
                       (file-system
                         (mount-point "/")
                         (device (uuid
                                  "9f93a61b-76dc-4b68-8e55-e694f02b6ba9"
                                  'ext4))
                         (type "ext4")) %base-file-systems)))