@@ 13,166 13,122 @@
#:use-module (gnu services base)
#:use-module (gnu services networking)
#:use-module (gnu services ssh)
- #:use-module (gnu services web)
#:use-module (gnu services shepherd)
#:use-module (gnu packages bootloaders)
#:use-module (gnu packages)
#:use-module (gnu packages ssh)
#:use-module (gnu packages web)
+ #:use-module (rde system services web)
#:use-module (guix gexp))
+(define* (guix-mirror-server-context
+ #:key
+ domain-prefix
+ (cert-path-prefix "/srv/nginx/ssl"))
+ (let ((backend-host (string-append domain-prefix "gnu.org")))
+ `(server
+ ((listen 80)
+ (listen ,#~"[::]:80")
+ (listen 443 ssl)
+ (listen ,#~"[::]:443" ssl)
+ ,#~""
+ (ssl_certificate
+ ,#~#$(string-append cert-path-prefix "/hundredrps.pem"))
+ (ssl_certificate_key
+ ,#~#$(string-append cert-path-prefix "/hundredrps.key"))
+ (ssl_protocols TLSv1.2)
+ ,#~""
+ (server_name ,#~#$(string-append domain-prefix "trop.in")
+ ,#~#$(string-append domain-prefix "ygg.trop.in"))
+ ,#~""
+ (location
+ /
+ ((proxy_pass ,#~#$(string-append "https://" backend-host))
+ (proxy_set_header HOST ,#~#$backend-host)))))))
+
+(define main-server-context
+ `(server
+ ((listen 80)
+ (listen ,#~"[::]:80")
+ (listen 443 ssl)
+ (listen ,#~"[::]:443" ssl)
+ ,#~""
+ (ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem)
+ (ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem)
+ (ssl_protocols TLSv1.2)
+ ,#~""
+ (server_name trop.in *.trop.in)
+ ,#~""
+ (location
+ /
+ ((root /srv/nginx/trop.in)
+ (if ,#~"($request_uri ~ ^/(.*)\\.html(\\?|$))"
+ ((return 302 /$1)))
+ (try_files $uri $uri.html $uri/ =404))))))
+
+(define files-server-context
+ `(server
+ ((listen 80)
+ (listen ,#~"[::]:80")
+ ,#~""
+ (server_name files.trop.in files.ygg.trop.in)
+ (root /srv/nginx/public)
+ (autoindex on))))
+
+(define interpose (@ (rde serializers utils) interpose))
+
+(define* (rtmp-context
+ #:key
+ youtube-rtmp-key
+ peertube-rtmp-key)
+ `(rtmp
+ ((server
+ ((listen 1935)
+ (chunk_size 4096)
+ (application
+ live
+ ((live on)
+ (push ,#~#$(string-append
+ "rtmp://a.rtmp.youtube.com/live2/" youtube-rtmp-key))
+ (push ,#~#$(string-append
+ "rtmp://diode.zone:1935/live/" peertube-rtmp-key))
+ (record off))))))))
+
+(define (get-nginx-conf)
+ `(;; TODO: Move it to nginx service
+ (user nginx nginx)
+ (pid /var/run/nginx/pid)
+
+ (load_module ,(file-append nginx-rtmp-module
+ "/etc/nginx/modules/ngx_rtmp_module.so"))
+ ,#~""
+ (events ())
+ ,#~""
+ (http
+ ,(append
+ `((include ,(file-append nginx "/share/nginx/conf/mime.types")))
+ (interpose
+ (list
+ (guix-mirror-server-context
+ #:domain-prefix "guix.")
+ (guix-mirror-server-context
+ #:domain-prefix "ci.guix.")
+ (guix-mirror-server-context
+ #:domain-prefix "issues.guix.")
+ main-server-context
+ files-server-context)
+ #~"")))
+ ,#~""
+ ,(rtmp-context
+ #:youtube-rtmp-key (getenv "YOUTUBE_RTMP_KEY")
+ #:peertube-rtmp-key (getenv "PEERTUBE_RTMP_KEY"))))
+
(define nginx-service
(service
nginx-service-type
(nginx-configuration
- (modules
- (list
- (file-append nginx-rtmp-module "\
-/etc/nginx/modules/ngx_rtmp_module.so")))
- (extra-content
- (format #f "\
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- server_name guix.trop.in guix.ygg.trop.in;
-
- location / {
- proxy_pass https://guix.gnu.org;
- proxy_set_header HOST guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- server_name issues.guix.trop.in issues.guix.ygg.trop.in;
-
- location / {
- proxy_pass https://issues.guix.gnu.org;
- proxy_set_header HOST issues.guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- server_name ci.guix.trop.in ci.guix.ygg.trop.in;
-
- location / {
- proxy_pass https://ci.guix.gnu.org;
- proxy_set_header HOST ci.guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem;
- ssl_protocols TLSv1.2;
-
- server_name trop.in *.trop.in;
-
- location / {
- root /srv/nginx/trop.in;
- if ($request_uri ~~ ^/(.*)\\.html(\\?|$)) {
- return 302 /$1;
- }
- try_files $uri $uri.html $uri/ =404;
- }
-
- # rtmp stat
- location /stat {
- rtmp_stat all;
- rtmp_stat_stylesheet stat.xsl;
- }
-
- location /stat.xsl {
- root /var/www/html/rtmp;
- }
-
- # rtmp control
- location /control {
- rtmp_control all;
- }
-
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- server_name files.trop.in files.ygg.trop.in;
- root /srv/nginx/public;
- autoindex on;
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- server_name hundredrps.project.trop.in;
- root /srv/nginx/public;
- autoindex on;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
-
- server_name hundredrps.project.trop.in;
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- location / {
- proxy_pass http://localhost:50080;
- }
-}
-
-}
-rtmp {
- server {
- listen 1935;
- chunk_size 4096;
-
- application live {
- live on;
- record off;
- push rtmp://a.rtmp.youtube.com/live2/~a;
- push rtmp://diode.zone:1935/live/~a;
- }
- }
-"
- (getenv "YOUTUBE_RTMP_KEY")
- (getenv "PEERTUBE_RTMP_KEY"))))))
+ (nginx-conf (get-nginx-conf)))))
-;; Operating system description
(define* (get-os #:key (user "bob"))
(operating-system
(host-name "pinky")