M .envrc => .envrc +2 -2
@@ 7,5 7,5 @@ export TEST_PEERTUBE_RTMP_KEY=key2
export EMACSLOADPATH=
-use guixs
-
+# use guixs
+eval `guix shell jq emacs-htmlize emacs-next-pgtk-stable --search-paths`
M Makefile => Makefile +24 -15
@@ 1,3 1,12 @@
+GUIX_EXTRA_ARGS=-L ./src \
+--substitute-urls="https://ci.guix.trop.in https://substitutes.nonguix.org"
+
+include profiles.mk
+
+GUIX_PROFILE=target/profiles/guix
+GUIX=${GUIX_PROFILE}/bin/guix
+PINKY_CONFIGURATION=src/tropin/machines.scm
+
RDE_DIR=~/work/abcdw/rde
GUIX_DIR=~/work/gnu/guix
@@ 12,7 21,7 @@ deploy-guix-home-docs: target/guix-home-docs.tar.gz
-Fcontent=@target/guix-home-docs.tar.gz \
https://pages.sr.ht/publish/guix-home.trop.in
-target/rde-readme.html: target
+target/rde-readme.html: target ${RDE_DIR}/README.html
cp ${RDE_DIR}/README.html ./target/rde-readme.html
deploy-rde-readme: target/rde-readme.html
@@ 21,16 30,14 @@ deploy-rde-readme: target/rde-readme.html
-H "Content-Type: application/json" \
-d@- https://git.sr.ht/query
-deploy-restream:
- guix deploy ./guix/restream.scm
-
-deploy-pinky:
- guix deploy ./guix/pinky.scm
- guix deploy ./guix/pinky.scm -x -- sudo herd restart nginx
+deploy-pinky: guix
+ ${GUIX} deploy ${PINKY_CONFIGURATION} ${GUIX_EXTRA_ARGS}
+ ${GUIX} deploy ${PINKY_CONFIGURATION} ${GUIX_EXTRA_ARGS} \
+ -x -- sudo herd restart nginx
rde-manual: target ../rde/doc/rde.html
mkdir -p ./target/site/html/rde
- cp ../rde/doc/rde.html ./target/site/html/rde/manual
+ cp ../rde/doc/rde.html ./target/site/html/rde/manual.html
site/html: target rde-manual
echo ${EMACSLOADPATH}
@@ 38,17 45,19 @@ site/html: target rde-manual
emacs -Q --script scripts/build-site.el
site/html.tar.gz: site/html
- cp ./target/site/html/index ./target/site/html/index.html
- cp ./target/site/html/rde/index ./target/site/html/rde/index.html
- cp ./target/site/html/notes/index ./target/site/html/notes/index.html
+ # cp ./target/site/html/index ./target/site/html/index.html
+ # cp ./target/site/html/rde/index ./target/site/html/rde/index.html
+ # cp ./target/site/html/notes/index ./target/site/html/notes/index.html
tar -cvzf ./target/site/html.tar.gz -C ./target/site/html .
site: site/html
-deploy-site: site/html.tar.gz
- curl --oauth2-bearer `pass show sr.ht/guix-pages-token | head -n1` \
- -Fcontent=@target/site/html.tar.gz \
- https://pages.sr.ht/publish/trop.in
+deploy-site:
+ scp -r ./target/site/html/* pinky:/srv/nginx/trop.in
+ # site/html.tar.gz
+ # curl --oauth2-bearer `pass show sr.ht/guix-pages-token | head -n1` \
+ # -Fcontent=@target/site/html.tar.gz \
+ # https://pages.sr.ht/publish/abcdw.srht.site
clean:
rm -rf target/
M channels-lock.scm => channels-lock.scm +2 -3
@@ 1,9 1,8 @@
(list (channel
(name 'guix)
- (url "file:///home/bob/work/gnu/guix")
+ (url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
- (commit
- "adad94dca9f8693207b59da2abd06781a45d9ace")
+ (commit "c546a776d59e0950d65530dd6d4b8f21f789783f")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
M guix/pinky.scm => guix/pinky.scm +158 -14
@@ 1,5 1,6 @@
-(use-modules (gnu) (guix) (gnu services) (gnu system))
-(use-service-modules networking ssh web)
+
+(use-modules (gnu) (guix) (gnu services) (gnu system) (gnu system pam))
+(use-service-modules networking ssh web shepherd)
(use-package-modules bootloaders ssh web)
;; Operating system description
@@ 44,13 45,33 @@
(services
(append (list
- (service dhcp-client-service-type)
- ;; (service static-networking-service-type
- ;; (list
- ;; (static-networking
- ;; (addresses '())
- ;; (name-servers '("208.67.222.222"
- ;; "2001:470:1f07:38b::1")))))
+; (service dhcp-client-service-type)
+ (service
+ static-networking-service-type
+ (list
+ (static-networking
+ (addresses (list (network-address
+ (device "eth0")
+ (value "23.137.249.202/24"))
+ (network-address
+ (device "eth0")
+ (value "2602:fc24:11:541b:0:0:0:13/64"))))
+ (routes (list (network-route
+ (destination "default")
+ (gateway "23.137.249.1"))
+ (network-route
+ (destination "2602:fc24:11::1/128")
+ (device "eth0"))
+ (network-route
+ (destination "default")
+ (gateway "2602:fc24:11::1"))))
+ (name-servers '("2620:fe::fe"
+ "2620:fe::9"
+ ;; "9.9.9.9"
+ ;; "149.112.112.112"
+ )))))
+ ;; nameserver 9.9.9.9
+ ;; nameserver 149.112.112.112
(service tor-service-type)
(service yggdrasil-service-type
(yggdrasil-configuration
@@ 70,12 91,44 @@
(authorized-keys
`((,user ,(local-file "ssh.key"))))))
+ (pam-limits-service
+ (list
+ (pam-limits-entry "bob" 'both 'nofile 50000)
+ (pam-limits-entry "@users" 'both 'nofile 50000)))
+ (simple-service
+ 'hundredrps-bot
+ shepherd-root-service-type
+ (list
+ (shepherd-service
+ (documentation "hundredrps cards bot.")
+ (provision '(hundredrps))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append
+ (@ (gnu packages java) openjdk)
+ "/bin/java") "-jar"
+ #$(local-file "/home/bob/work/abcdw/hundredrps-tg-bot/target/hundredrps-standalone.jar"))
+ #:user "bob"
+ #:group "users"
+ #:environment-variables
+ (list "PORT=50080"
+ (string-append
+ "PAYMENT_PROVIDER_TOKEN="
+ #$(getenv "HUNDREDRPS_PAYMENT_PROVIDER_TOKEN"))
+ (string-append
+ "AMPLITUDE_TOKEN="
+ #$(getenv "HUNDREDRPS_AMPLITUDE_TOKEN"))
+ (string-append
+ "TELEGRAM_TOKEN="
+ #$(getenv "HUNDREDRPS_TELEGRAM_TOKEN")))
+ #:log-file "/tmp/hundredrps.log"))
+ (stop #~(make-kill-destructor)))))
+
(service nginx-service-type
(nginx-configuration
-;; (modules
-;; (list
-;; (file-append nginx-rtmp-module "\
-;; /etc/nginx/modules/ngx_rtmp_module.so")))
+ (modules
+ (list
+ (file-append nginx-rtmp-module "\
+/etc/nginx/modules/ngx_rtmp_module.so")))
(extra-content
(format #f "\
server {
@@ 105,6 158,12 @@ server {
server {
listen 80;
listen [::]:80;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ ssl_certificate /srv/nginx/ssl/hundredrps.pem;
+ ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
+ ssl_protocols TLSv1.2;
server_name ci.guix.trop.in ci.guix.ygg.trop.in;
@@ 118,11 177,88 @@ server {
listen 80;
listen [::]:80;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem;
+ ssl_protocols TLSv1.2;
+
+ server_name trop.in *.trop.in;
+
+ location / {
+ root /srv/nginx/trop.in;
+ if ($request_uri ~~ ^/(.*)\\.html(\\?|$)) {
+ return 302 /$1;
+ }
+ try_files $uri $uri.html $uri/ =404;
+ }
+
+ # rtmp stat
+ location /stat {
+ rtmp_stat all;
+ rtmp_stat_stylesheet stat.xsl;
+ }
+
+ location /stat.xsl {
+ root /var/www/html/rtmp;
+ }
+
+ # rtmp control
+ location /control {
+ rtmp_control all;
+ }
+
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+
server_name files.trop.in files.ygg.trop.in;
root /srv/nginx/public;
autoindex on;
}
-")))))
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name hundredrps.project.trop.in;
+ root /srv/nginx/public;
+ autoindex on;
+}
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name hundredrps.project.trop.in;
+ ssl_certificate /srv/nginx/ssl/hundredrps.pem;
+ ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
+ ssl_protocols TLSv1.2;
+
+ location / {
+ proxy_pass http://localhost:50080;
+ }
+}
+
+}
+rtmp {
+ server {
+ listen 1935;
+ chunk_size 4096;
+
+ application live {
+ live on;
+ record off;
+ push rtmp://a.rtmp.youtube.com/live2/~a;
+ push rtmp://diode.zone:1935/live/~a;
+ }
+ }
+"
+ (getenv "YOUTUBE_RTMP_KEY")
+ (getenv "PEERTUBE_RTMP_KEY"))))))
(modify-services %base-services
(guix-service-type
@@ 133,6 269,14 @@ server {
(append (list (local-file "/etc/guix/signing-key.pub"))
%default-authorized-guix-keys)))))))))
+;;; my nginx config
+;; TODO: Add gzip for big static files
+;; TODO: Cache big files?
+;; TODO: Image filter module for resizing images
+;; TODO: Add expire directives to cache files on client side
+;; TODO: Add monitoring https://github.com/vozlt/nginx-module-vts
+;; https://www.nginx.com/resources/wiki/modules/
+
(define host "pinky")
(define user "bob")
(define os
M guix/restream.scm => guix/restream.scm +17 -8
@@ 1,5 1,5 @@
;; Module imports
-(use-modules (gnu) (guix))
+(use-modules (gnu) (guix) (gnu services))
(use-service-modules networking ssh web)
(use-package-modules bootloaders ssh web)
@@ 36,6 36,17 @@
(extra-content
(format #f "\
}
+server {
+ listen 80;
+ location / {
+ # internal;
+ proxy_pass https://guix.gnu.org/;
+ proxy_set_header X-SERVER-PORT $server_port;
+ proxy_set_header X-SERVER-ADDR $server_addr;
+ proxy_set_header HOST $http_host;
+ proxy_set_header X-REAL-IP $remote_addr;
+ }
+}
rtmp {
server {
listen 1935;
@@ 52,16 63,13 @@ rtmp {
(server-blocks
(list (nginx-server-configuration
- ;; (locations
- ;; (list
- ;; (nginx-location-configuration
- ;; (uri "/stat")
- ;; (body '("rtmp_stat all;"
- ;; "rtmp_stat_stylesheet stat.xsl;")))))
(server-name `(,ip))
(listen '("8088"))
(root "/var/www/"))))))
-
+ ;; (simple-service
+ ;; 'restart-nginx-on-activation
+ ;; activation-service-type
+ ;; #~(invoke/quiet "sh" "-c" "sleep 5s && herd restart nginx"))
(service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
@@ 89,6 97,7 @@ rtmp {
(environment managed-host-environment-type)
(configuration (machine-ssh-configuration
(host-name host)
+ (allow-downgrades? #t)
(system "x86_64-linux")
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWfLPNTst91Ezts/bsdEGsMoknXz8NDltBHR+zjDmZO")
(user "root")
M scripts/build-site.el => scripts/build-site.el +26 -23
@@ 3,23 3,26 @@
;; There is a bug in ox-html, which doesn't check for empty string in
;; properties, so `org-html-extension' should set using variable.
-(setq org-html-extension "")
+;; (setq org-html-extension "")
-(let ((org-roam-v2-ack t))
- (require 'org-roam))
-(setq org-roam-directory "../notes/notes")
+;; (let ((org-roam-v2-ack t))
+;; (require 'org-roam))
+;; (setq org-roam-directory "../notes/notes")
;; (org-roam-db-autosync-enable)
-(org-roam-update-org-id-locations)
+;; (org-roam-update-org-id-locations)
(require 'find-lisp)
(setq org-publish-timestamp-directory "./target/")
+(setq pub-dir "./target/site/html/")
+;; (setq pub-dir "/ssh:pinky:~/")
+
(setq
org-publish-project-alist
- '(("pages"
+ `(("pages"
:base-directory "./pages/"
:base-extension "org"
- :publishing-directory "./target/site/html/"
+ :publishing-directory ,pub-dir
:publishing-function org-html-publish-to-html
:html-head "<link rel=\"stylesheet\" href=\"/assets/simple.min.css\" type=\"text/css\"/>"
:recursive t
@@ 31,28 34,28 @@
:html-head-include-default-style nil
:html-head-include-scripts nil
:time-stamp-file nil)
- ("notes"
- :base-directory "../notes/notes/"
- :base-extension "org"
- :publishing-directory "./target/site/html/notes/"
- :publishing-function org-html-publish-to-html
- :html-head "<link rel=\"stylesheet\" href=\"/assets/simple.min.css\" type=\"text/css\"/>"
- :section-numbers nil
- :with-author nil
- :with-creator nil
- :with-toc nil
- :html-validation-link nil
- :html-head-include-default-style nil
- :html-head-include-scripts nil
- :time-stamp-file nil)
+ ;; ("notes"
+ ;; :base-directory "../notes/notes/"
+ ;; :base-extension "org"
+ ;; :publishing-directory "./target/site/html/notes/"
+ ;; :publishing-function org-html-publish-to-html
+ ;; :html-head "<link rel=\"stylesheet\" href=\"/assets/simple.min.css\" type=\"text/css\"/>"
+ ;; :section-numbers nil
+ ;; :with-author nil
+ ;; :with-creator nil
+ ;; :with-toc nil
+ ;; :html-validation-link nil
+ ;; :html-head-include-default-style nil
+ ;; :html-head-include-scripts nil
+ ;; :time-stamp-file nil)
("assets"
:base-directory "./assets/"
:base-extension any
- :publishing-directory "./target/site/html/assets/"
+ :publishing-directory ,(concat pub-dir "/assets")
:publishing-function org-publish-attachment)
- ("site" :components ("pages" "assets" "notes"))))
+ ("site" :components ("pages" "assets"))))
;; (let ((org-id-extra-files (find-lisp-find-files "../notes/notes/" "\.org$")))
;; )