[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-deployment] branch master updated: config
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-deployment] branch master updated: config |
|
Date: |
Tue, 25 Sep 2018 22:05:20 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new d2617c6 config
new 13881c4 Merge branch 'master' of git.taler.net:deployment
d2617c6 is described below
commit d2617c6bb3b87c157e20a9df8ca6dfb8063756fe
Author: Nils Gillmann <address@hidden>
AuthorDate: Tue Sep 25 20:05:43 2018 +0000
config
Signed-off-by: Nils Gillmann <address@hidden>
---
guix/config.scm | 242 ++++++++++++++++----------------------------------------
1 file changed, 69 insertions(+), 173 deletions(-)
diff --git a/guix/config.scm b/guix/config.scm
index eb3eafa..ca1769a 100644
--- a/guix/config.scm
+++ b/guix/config.scm
@@ -1,193 +1,89 @@
-;; OS configuration for the taler.net server
-
-(use-modules (gnu)
- (guix)
- (sysadmin people)
- (sysadmin services))
-(use-service-modules base networking mcron ssh mail
- version-control databases admin
- web certbot cgit)
-(use-package-modules admin linux ssh tls vim zile wget
- ntp version-control)
-
-;;; Cron jobs
-;; FIXME: Create jobs.
-
-(define %sysadmins
- (list (sysadmin (name "gillmann")
- (full-name "Nils Gillmann")
- (ssh-public-key (local-file "keys/ssh/ng0.pub")))
- (sysadmin (name "dold")
- (ssh-public-key (local-file "keys/ssh/dold.pub")))
- (sysadmin (name "stanisci")
- (ssh-public-key (local-file "keys/ssh/stanisci.pub")))
- (sysadmin (name "grothoff")
- (full-name "Christian Grothoff")
- (ssh-public-key (local-file "keys/ssh/grothoff.pub")))))
-
-;;; /etc/aliases
-;; Takes the local aliases file contained in this repository (../etc/aliases)
-;; and copy it to "/etc/aliases" in the OS resulting from this config.
-(define %aliases-etc-service
- (simple-service 'etc-/etc/aliases-init
- activation-service-type
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (copy-file #$(local-file "../etc/aliases")
- "/etc/aliases")))))
-
-;; TODO: Do we need more than this hook?
-(define %nginx-deploy-hook
- (program-file "nginx-deploy-hook"
- #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
- (kill pid SIGHUP))))
-
-;;;
-;;; The OS definition
-;;;
+(use-modules
+ (srfi srfi-1)
+ (gnu)
+ (gnu services networking)
+ (gnu services ssh)
+ (gnu packages bootloaders)
+ (gnu packages wget)
+ (gnu packages base)
+ (gnu packages certs)
+ (gnu system nss)
+ (gnu packages vim)
+ (gnu packages cryptsetup))
+
+(use-package-modules certs screen text-editors tmux ssh)
+(use-service-modules networking ssh version-control databases admin)
(operating-system
- ;; TODO: Hostname should be loaded from external file and be substituted,
- ;; same for some other basic values.
- (host-name "bfh.taler.net")
- (timezone "Europe/Berlin")
- (locale "en_US.UTF-8")
+ (host-name "gv")
+ (timezone "Europe/Paris")
+ (locale "en_US.utf8")
+ (initrd-modules (append (list "megaraid_sas")
+ ;; FIXME: Is this dropped from Linux entirely
+ ;; or is it a BUILT-IN now?
+ ;; LTS of linux still has "shpchp"
+ %base-initrd-modules))
- ;; bootloader
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (target "/dev/sda")
- (terminal-outputs '(console))))
-
- ;; file-systems
- ;; TODO: Write functions for Hardware RAID
- ;; TODO: /home should be on luks encrypted device
- ;; single-disk configuration.
+ (target "/dev/sda")))
+
+ (users (cons* (user-account
+ (name "grothoff")
+ (comment "Christian Grothoff")
+ (group "users")
+ (supplementary-groups '("wheel" "netdev"))
+ (home-directory "/home/grothoff"))
+ (user-account
+ (name "dold")
+ (comment "Florian Dold")
+ (group "users")
+ (supplementary-groups '("wheel" "netdev"))
+ (home-directory "/home/dold"))
+ %base-user-accounts))
+
(file-systems (cons* (file-system
- (device "my-root")
- (title 'label)
+ (device (uuid "304189db-f9df-4222-810d-94c993598c3b"))
(mount-point "/")
(type "ext4"))
- (file-system
- (device "my-home")
- (title 'label)
- (mount-point "/home")
- (type "ext4"))
+ ;;(file-system
+ ;;(mapped-device
+ ;; (source (uuid
"6631d48c-1371-4b50-aa94-5863c706773e"))
+ ;; (target "home")
+ ;; (type luks-device-mapping))
+ ;; (mount-piont "/home")
+ ;; (type "ext4"))
%base-file-systems))
- (packages (append (map specification->package '("nvi" "mg" "emacs-no-x"
- "openssh"
- "curl" "libmicrohttpd"
"gnutls-dane"
- "sqlite" "jansson" "nss"
"gmp"
- "bluez" "glib" "libogg"
"python2"
- "perl" "doxygen"
- "opus" "pulseaudio"
- "libunistring" "libltdl"
"zlib" "libgcrypt" "libextractor"
- "gstreamer"
"gst-plugins-base" "libidn" "glpk"
- "gitolite"
- "nss-certs"
- "wget" "openssl"
- "postgresql"
- "certbot"))
+ (packages (append (map specification->package '("nvi" "mg" "cryptsetup"
+ "screen" "tmux" "wget"
+ "vim" "openssh"
+ "postgresql" "certbot"
+ "nss-certs"))
%base-packages))
-
(services (cons*
- (ntp-service)
- (service sysadmin-service-type %sysadmins)
+ (service static-networking-service-type
+ (list
+ (static-networking
+ (interface "enp4s0f1")
+ (ip "147.87.255.221")
+ (netmask "255.255.255.240")
+ (gateway "147.87.255.209")
+ (name-servers '("8.8.8.8")))))
- ;; Log rotation
- (service rottlog-service-type (rottlog-configuration))
-
- ;; certificates
- (service certbot-service-type
- (certbot-configuration
- (email "address@hidden")
- (certificates
- (list
- (certificate-configuration
- (domains '("taler.net" "git.taler.net"))
- (deploy-hook %nginx-deploy-hook))
- (certificate-configuration
- (domains '("2.taler.net")))))))
-
- ;; MAIL
- ;; FIXME: Policy is to just RECEIVE mail.
- ;; Produce the /etc/alias file:
- ;; insert a service to copy local file to /etc/aliases here.
- ;; Depending on the final server policies, adjust to
- ;; not send email or send email:
- ;; Dovecot
- (dovecot-service #:config
- (dovecot-configuration
- (mail-location "maildir:~/Maildir")))
- ;; OpenSMTPD:
- (service opensmtpd-service-type
- (opensmtpd-configuration
- (config-file (local-file
"./opensmtpd/opensmtpd.conf"))))
- ;; Extend the /etc-service. This creates the files OpenSMTPD
- ;; wants and adds them to the /etc/ folder.
- ;; (service etc-service-type
- ;; (list `("vdoms.conf"
- ;; ,(plain-file "vdoms.conf"
- ;; "gnunet.org\n"))
- ;; `("vusers.conf"
- ;; ,(plain-file "vusers.conf"
- ;; "address@hidden grothoff"))))
-
- ;; SSH
(service openssh-service-type
(openssh-configuration
+ (x11-forwarding? #t)
(port-number 22)
- (password-authentication? #f)))
-
- ;; Databases
- ;; (mysql-service
- ;; #:config
- ;; (mysql-configuration
- ;; ;; Defaults to mariadb,
- ;; ;; read `info guix services`, section databases.
- ;; ;;(mysql "mysql")
- ;; ;; Default portnumber, must be a NUMBER not a string.
- ;; (port 3306)))
- ;; TODO: PostgreSQL -> exact config: ???
+ (password-authentication? #f)
+ (permit-root-login 'without-password)))
+
+ (service rottlog-service-type (rottlog-configuration))
(service postgresql-service-type)
-
- ;; WEBSERVER
- ;;(service nginx-service-type)
- (service nginx-service-type
- (nginx-configuration
- (file
- (file-append %nginx-config "/bhf.conf"))))
- ;;(service fcgiwrap-service-type)
- ;; FIXME: Check cgit-service-type + gitolite options.
- ;; FIXME: Extend cgit service.
- ;;(service cgit-service-type)
- (service cgit-service-type
- (opaque-cgit-configuration
- (cgitrc "")))
-
- ;; CGIT:
- ;;(service nginx-service-type)
- ;; (service fcgiwrap-service-type)
- ;; (service cgit-service-type)
-
- ;; GIT
- ;; Defaults to base-folder "/srv/git/"
(git-daemon-service
#:config (git-daemon-configuration
(user-path "git")))
-
- ;; Networking
- ;; FIXME: Complete this
- (static-networking-service
- "eth0" "2001:4ca0:2001:42:225:90ff:fe6b:d60"
- #:netmask ""
- #:gateway "2001:4ca0:2001:42::1"
- #:name-servers '("" "" ""))
- (static-networking-service
- "eth1" "131.159.74.67"
- #:netmask "255.255.255.240"
- #:gateway "131.159.74.78"
- #:name-servers '("" "" ""))
- %base-services)))
+ %base-services))
+
+ ;; Allow resolution of '.local' host names with mDNS.
+ (name-service-switch %mdns-host-lookup-nss))
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-deployment] branch master updated: config,
gnunet <=