jetomit/monguix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hosts/oswald: add mail, web and certificate services

Browse source
This commit is contained in:
Timotej Lazar 2023-04-28 09:11:50 +02:00
parent b755649cee
commit 8c2a9dd805
1 changed files with 62 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

90
hosts/oswald/system.scm
View file

@ -8,10 +8,15 @@
#:use-module (gnu services admin) #:use-module (gnu services admin)
#:use-module (gnu services networking) #:use-module (gnu services networking)
#:use-module (gnu services ssh) #:use-module (gnu services ssh)
#:use-module (gnu services web)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix utils) #:use-module (guix utils)
#:use-module (srfi srfi-26) #:use-module (services certbot)
#:use-module (services chrony)) #:use-module (config base)
#:use-module (config mail))
(define domain "kosobr.in")
(define dkim-selector "20220826")
;; Use a lower DDR frequency to avoid random segfaults. ;; Use a lower DDR frequency to avoid random segfaults.
;; See <https://forum.pine64.org/showthread.php?tid=11209>. ;; See <https://forum.pine64.org/showthread.php?tid=11209>.
@ -27,11 +32,13 @@
(substitute* "arch/arm/dts/rk3328-rock64-u-boot.dtsi" (substitute* "arch/arm/dts/rk3328-rock64-u-boot.dtsi"
(("rk3328-sdram-lpddr3-1600.dtsi") "rk3328-sdram-lpddr3-666.dtsi")))))))))) (("rk3328-sdram-lpddr3-1600.dtsi") "rk3328-sdram-lpddr3-666.dtsi"))))))))))
(define chrony-config "\ ; Reload servers on certificate update.
pool pool.ntp.org iburst (define (cert-deploy-hook pid-files)
makestep 1.0 3 (program-file
driftfile /var/lib/chrony/drift "cert-deploy-hook"
") #~(for-each (lambda (pid-file)
(kill (call-with-input-file pid-file read) SIGHUP))
'#$pid-files)))
(operating-system (operating-system
(host-name "oswald") (host-name "oswald")
@ -74,28 +81,55 @@ driftfile /var/lib/chrony/drift
(cons* nss-certs rsync %base-packages)) (cons* nss-certs rsync %base-packages))
(services (services
(cons* (append
(service static-networking-service-type (list
(list (static-networking (service static-networking-service-type
(addresses (list (network-address (list (static-networking
(device "eth0") (addresses (list (network-address
(value "192.168.0.3/24")))) (device "eth0")
(routes (list (network-route (value "192.168.1.3/24"))))
(destination "default") (routes (list (network-route
(gateway "192.168.0.1")))) (destination "default")
(name-servers '("193.2.1.66" "193.2.1.72"))))) (gateway "192.168.1.1"))))
(name-servers '("193.2.1.66" "193.2.1.72")))))
(service chrony-service-type (service nginx-service-type
(chrony-configuration (nginx-configuration
(config-file (plain-file "chrony.conf" chrony-config)) (extra-content "autoindex on;")
(syscall-filter "1"))) (server-blocks
(list (nginx-server-configuration
(listen '("443 ssl"))
(server-name (list domain))
(ssl-certificate
(string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))
(ssl-certificate-key
(string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
(root (string-append "/srv/http/" domain)))))))
(service openssh-service-type (service certbot-service-type
(openssh-configuration (certbot-configuration
(password-authentication? #f))) (certificates
(list
(certificate-configuration
(domains '("kosobr.in"))
(deploy-hook (cert-deploy-hook
'("/var/run/nginx/pid"
"/var/run/smtpd.pid"))))))))
(service unattended-upgrade-service-type (service openssh-service-type
(unattended-upgrade-configuration (openssh-configuration
(channels #~(load "/run/current-system/channels.scm")))) (password-authentication? #f)))
%base-services))) (service unattended-upgrade-service-type
(unattended-upgrade-configuration
(channels #~(map (lambda (c) (channel (inherit c) (commit #f)))
(load "/run/current-system/channels.scm")))
(services-to-restart '(mcron ntpd smtpd)))))
(mail-services
#:interface "eth0"
#:domain domain
#:aliases (list '("root" "timotej") '("timotej.lazar" "timotej"))
#:dkim-selector dkim-selector)
(base-services))))