8 files changed, 0 insertions(+), 534 deletions(-)
D channels-lock.scm
D guix/base.scm
D guix/init.sh
D guix/pinky.scm
D guix/restream.scm
D guix/ssh.key
D guix/system.scm
D manifest.yml
D channels-lock.scm => channels-lock.scm +0 -10
@@ 1,10 0,0 @@
-(list (channel
- (name 'guix)
- (url "https://git.savannah.gnu.org/git/guix.git")
- (branch "master")
- (commit "c546a776d59e0950d65530dd6d4b8f21f789783f")
- (introduction
- (make-channel-introduction
- "9edb3f66fd807b096b48283debdcddccfea34bad"
- (openpgp-fingerprint
- "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA")))))
D guix/base.scm => guix/base.scm +0 -38
@@ 1,38 0,0 @@
-(use-modules (gnu))
-(use-service-modules networking ssh)
-(use-package-modules bootloaders ssh)
-
-(define (get-os ip mask gateway name-servers)
- (operating-system
- (host-name "vm")
- (timezone "Etc/UTC")
- (bootloader (bootloader-configuration
- (bootloader grub-bootloader)
- (targets '("/dev/vda"))
- (terminal-outputs '(console))))
- (file-systems (cons (file-system
- (mount-point "/")
- (device "/dev/vda1")
- (type "ext4"))
- %base-file-systems))
- (services
- (append (list
- ;; (service dhcp-client-service-type)
- (static-networking-service "eth0" ip
- #:netmask mask
- #:gateway gateway
- #:name-servers name-servers)
- (service openssh-service-type
- (openssh-configuration
- (openssh openssh-sans-x)
- (permit-root-login #t)
- (authorized-keys
- `(("root" ,(local-file "ssh.key")))))))
- %base-services))))
-
-
-(get-os "64.227.112.147" "255.255.240.0" "64.227.112.1"
- '("84.200.69.80" "84.200.70.40"))
-
-
-
D guix/init.sh => guix/init.sh +0 -3
@@ 1,3 0,0 @@
-mv /etc /old-etc
-mkdir /etc
-cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix} /etc/
D guix/pinky.scm => guix/pinky.scm +0 -293
@@ 1,293 0,0 @@
-
-(use-modules (gnu) (guix) (gnu services) (gnu system) (gnu system pam))
-(use-service-modules networking ssh web shepherd)
-(use-package-modules bootloaders ssh web)
-
-;; Operating system description
-(define* (get-os #:key (user "bob"))
- (operating-system
- (host-name "pinky")
- (timezone "Europe/Amsterdam")
- ;; (timezone "Etc/UTC")
- (bootloader
- (bootloader-configuration
- (bootloader grub-bootloader)
- (targets '("/dev/vda"))))
- (mapped-devices
- (list (mapped-device
- (source
- (uuid "e4f3107f-110b-44ee-a93e-c5127296948c"))
- (target "cryptroot")
- (type luks-device-mapping))))
- (file-systems
- (cons* (file-system
- (mount-point "/")
- (device "/dev/mapper/cryptroot")
- (type "ext4")
- (dependencies mapped-devices))
- %base-file-systems))
- (users (cons* (user-account
- (name user)
- (comment "Bob")
- (group "users")
- (home-directory "/home/bob")
- (supplementary-groups
- '("wheel" "netdev" "audio" "video")))
- %base-user-accounts))
- (sudoers-file
- (plain-file "sudoers"
- (string-append (plain-file-content %sudoers-specification)
- (format #f "~a ALL = NOPASSWD: ALL~%" user))))
- (packages
- (append
- (map specification->package '("nss-certs" "htop"))
- %base-packages))
-
- (services
- (append (list
-; (service dhcp-client-service-type)
- (service
- static-networking-service-type
- (list
- (static-networking
- (addresses (list (network-address
- (device "eth0")
- (value "23.137.249.202/24"))
- (network-address
- (device "eth0")
- (value "2602:fc24:11:541b:0:0:0:13/64"))))
- (routes (list (network-route
- (destination "default")
- (gateway "23.137.249.1"))
- (network-route
- (destination "2602:fc24:11::1/128")
- (device "eth0"))
- (network-route
- (destination "default")
- (gateway "2602:fc24:11::1"))))
- (name-servers '("2620:fe::fe"
- "2620:fe::9"
- ;; "9.9.9.9"
- ;; "149.112.112.112"
- )))))
- ;; nameserver 9.9.9.9
- ;; nameserver 149.112.112.112
- (service tor-service-type)
- (service yggdrasil-service-type
- (yggdrasil-configuration
- (json-config
- '((IfName . "ygg0")
- (NodeInfoPrivacy . #t)
- (Peers . #("tls://ygg-nl.incognet.io:8884"
- "tls://ygg2.ezdomain.ru:11130"
- "tls://188.225.9.167:18227"))))))
-
- (service openssh-service-type
- (openssh-configuration
- (openssh openssh-sans-x)
- (permit-root-login #f)
- (password-authentication? #f)
- (port-number 50621)
- (authorized-keys
- `((,user ,(local-file "ssh.key"))))))
-
- (pam-limits-service
- (list
- (pam-limits-entry "bob" 'both 'nofile 50000)
- (pam-limits-entry "@users" 'both 'nofile 50000)))
- (simple-service
- 'hundredrps-bot
- shepherd-root-service-type
- (list
- (shepherd-service
- (documentation "hundredrps cards bot.")
- (provision '(hundredrps))
- (start #~(make-forkexec-constructor
- (list #$(file-append
- (@ (gnu packages java) openjdk)
- "/bin/java") "-jar"
- #$(local-file "/home/bob/work/abcdw/hundredrps-tg-bot/target/hundredrps-standalone.jar"))
- #:user "bob"
- #:group "users"
- #:environment-variables
- (list "PORT=50080"
- (string-append
- "PAYMENT_PROVIDER_TOKEN="
- #$(getenv "HUNDREDRPS_PAYMENT_PROVIDER_TOKEN"))
- (string-append
- "AMPLITUDE_TOKEN="
- #$(getenv "HUNDREDRPS_AMPLITUDE_TOKEN"))
- (string-append
- "TELEGRAM_TOKEN="
- #$(getenv "HUNDREDRPS_TELEGRAM_TOKEN")))
- #:log-file "/tmp/hundredrps.log"))
- (stop #~(make-kill-destructor)))))
-
- (service nginx-service-type
- (nginx-configuration
- (modules
- (list
- (file-append nginx-rtmp-module "\
-/etc/nginx/modules/ngx_rtmp_module.so")))
- (extra-content
- (format #f "\
-server {
- listen 80;
- listen [::]:80;
-
- server_name guix.trop.in guix.ygg.trop.in;
-
- location / {
- proxy_pass https://guix.gnu.org;
- proxy_set_header HOST guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- server_name issues.guix.trop.in issues.guix.ygg.trop.in;
-
- location / {
- proxy_pass https://issues.guix.gnu.org;
- proxy_set_header HOST issues.guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- server_name ci.guix.trop.in ci.guix.ygg.trop.in;
-
- location / {
- proxy_pass https://ci.guix.gnu.org;
- proxy_set_header HOST ci.guix.gnu.org;
- }
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- listen 443 ssl;
- listen [::]:443 ssl;
-
- ssl_certificate /etc/letsencrypt/live/trop.in/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/trop.in/privkey.pem;
- ssl_protocols TLSv1.2;
-
- server_name trop.in *.trop.in;
-
- location / {
- root /srv/nginx/trop.in;
- if ($request_uri ~~ ^/(.*)\\.html(\\?|$)) {
- return 302 /$1;
- }
- try_files $uri $uri.html $uri/ =404;
- }
-
- # rtmp stat
- location /stat {
- rtmp_stat all;
- rtmp_stat_stylesheet stat.xsl;
- }
-
- location /stat.xsl {
- root /var/www/html/rtmp;
- }
-
- # rtmp control
- location /control {
- rtmp_control all;
- }
-
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- server_name files.trop.in files.ygg.trop.in;
- root /srv/nginx/public;
- autoindex on;
-}
-
-server {
- listen 80;
- listen [::]:80;
-
- server_name hundredrps.project.trop.in;
- root /srv/nginx/public;
- autoindex on;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
-
- server_name hundredrps.project.trop.in;
- ssl_certificate /srv/nginx/ssl/hundredrps.pem;
- ssl_certificate_key /srv/nginx/ssl/hundredrps.key;
- ssl_protocols TLSv1.2;
-
- location / {
- proxy_pass http://localhost:50080;
- }
-}
-
-}
-rtmp {
- server {
- listen 1935;
- chunk_size 4096;
-
- application live {
- live on;
- record off;
- push rtmp://a.rtmp.youtube.com/live2/~a;
- push rtmp://diode.zone:1935/live/~a;
- }
- }
-"
- (getenv "YOUTUBE_RTMP_KEY")
- (getenv "PEERTUBE_RTMP_KEY"))))))
-
- (modify-services %base-services
- (guix-service-type
- config =>
- (guix-configuration
- (inherit config)
- (authorized-keys
- (append (list (local-file "/etc/guix/signing-key.pub"))
- %default-authorized-guix-keys)))))))))
-
-;;; my nginx config
-;; TODO: Add gzip for big static files
-;; TODO: Cache big files?
-;; TODO: Image filter module for resizing images
-;; TODO: Add expire directives to cache files on client side
-;; TODO: Add monitoring https://github.com/vozlt/nginx-module-vts
-;; https://www.nginx.com/resources/wiki/modules/
-
-(define host "pinky")
-(define user "bob")
-(define os
- (get-os #:user user))
-
-(list (machine
- (operating-system os)
- (environment managed-host-environment-type)
- (configuration (machine-ssh-configuration
- (host-name host)
- (allow-downgrades? #t)
- (system "x86_64-linux")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vEutTS539N4LbxwxqOGepQRP3mkfnarQ1PBVj5O+v")
- (user user)))))
D guix/restream.scm => guix/restream.scm +0 -104
@@ 1,104 0,0 @@
-;; Module imports
-(use-modules (gnu) (guix) (gnu services))
-(use-service-modules networking ssh web)
-(use-package-modules bootloaders ssh web)
-
-;; Operating system description
-(define* (get-os ip mask gateway name-servers
- #:key youtube-key peertube-key)
- (operating-system
- (host-name "vm")
- (timezone "Etc/UTC")
- (bootloader (bootloader-configuration
- (bootloader grub-bootloader)
- (targets '("/dev/vda"))
- (terminal-outputs '(console))))
- (file-systems (cons (file-system
- (mount-point "/")
- (device "/dev/vda1")
- (type "ext4"))
- %base-file-systems))
- ;; (packages
- ;; (list (@ (gnu packages admin) htop)))
- (services
- (append (list
- ;; (service dhcp-client-service-type)
- (static-networking-service "eth0" ip
- #:netmask mask
- #:gateway gateway
- #:name-servers name-servers)
- (service nginx-service-type
- (nginx-configuration
- (modules
- (list
- (file-append nginx-rtmp-module "\
-/etc/nginx/modules/ngx_rtmp_module.so")))
- (extra-content
- (format #f "\
-}
-server {
- listen 80;
- location / {
- # internal;
- proxy_pass https://guix.gnu.org/;
- proxy_set_header X-SERVER-PORT $server_port;
- proxy_set_header X-SERVER-ADDR $server_addr;
- proxy_set_header HOST $http_host;
- proxy_set_header X-REAL-IP $remote_addr;
- }
-}
-rtmp {
- server {
- listen 1935;
- chunk_size 4096;
-
- application live {
- live on;
- record off;
- push rtmp://a.rtmp.youtube.com/live2/~a;
- push rtmp://diode.zone:1935/live/~a;
- }
- }
-" youtube-key peertube-key))
-
- (server-blocks
- (list (nginx-server-configuration
- (server-name `(,ip))
- (listen '("8088"))
- (root "/var/www/"))))))
- ;; (simple-service
- ;; 'restart-nginx-on-activation
- ;; activation-service-type
- ;; #~(invoke/quiet "sh" "-c" "sleep 5s && herd restart nginx"))
- (service openssh-service-type
- (openssh-configuration
- (openssh openssh-sans-x)
- (permit-root-login #t)
- (authorized-keys
- `(("root" ,(local-file "ssh.key")))))))
-
- (modify-services %base-services
- (guix-service-type config =>
- (guix-configuration
- (inherit config)
- (authorized-keys
- (append (list (local-file "/etc/guix/signing-key.pub"))
- %default-authorized-guix-keys)))))))))
-
-(define host "104.248.245.11")
-(define os
- (get-os host "255.255.240.0" "104.248.240.1"
- '("84.200.69.80" "84.200.70.40")
- #:youtube-key (getenv "YOUTUBE_RTMP_KEY")
- #:peertube-key (getenv "PEERTUBE_RTMP_KEY")))
-
-(list (machine
- (operating-system os)
- (environment managed-host-environment-type)
- (configuration (machine-ssh-configuration
- (host-name host)
- (allow-downgrades? #t)
- (system "x86_64-linux")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWfLPNTst91Ezts/bsdEGsMoknXz8NDltBHR+zjDmZO")
- (user "root")
- (port 22)))))
D guix/ssh.key => guix/ssh.key +0 -1
@@ 1,1 0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoOUCeQaIcqCzLUq7W0QDrnDhZnWhwhDqRYZkpLWcsRZVTT2apalEO1Iq4FUjWpiDcAt2nfVY9XfztQDvblmO/KX5WPi86IIep7HtWrTtjcYkAqaqW7Jh7tTgDBVYZ05si0pzDRJZvjOEOccnH9zBIRLL6NGy/wHsvTCi2Tt2O36jOg50n3MrWLYe5GUa/7fxXFuJy9bM7ijMG9UJLT4KJjNxCvo41360p5ED8r8cUN95zVopEuj3lc1dBCur2iYKadeZSjm+W9Q1YxSw0pehwfsxLDzTLPkP52ffKFpsBCPIIcQr6LZ7IkThajgMvor1pbxNvdDFk4dHsO1xJ9H6EWJ2K/j11Z05GJcrEsHT8vFRtsm7QGONaa3EkeD0On2a0qhKXk/xPOHmWpOksrM/zd9dCiVVj9eTA8Hf7fRWNOscLhVOk6M0207++pRruDE+xWpOje6U3GqhZnBTqK/1KiTM9Zpfz7TKw83Fup5kyxM6s92AZfW3yiu1t8+qN3tmz/RZuLcPd/8dsP7XfU66seC+gSKd+SkMcFce6IB5K8FOsInZX0oLkJeu3QoH4a9aDxWRsvvHHVuc7inakpex6jE8KR9M4zfOOk7mvrnbv+kx382lScIZ82z32PmZ+E0iY72vCHg9BNISaUDH5QP/3fYN8obTcH06nntpFRUEeqQ== cardno:10 496 392
D guix/system.scm => guix/system.scm +0 -66
@@ 1,66 0,0 @@
-(use-modules (gnu))
-(use-service-modules networking ssh web)
-(use-package-modules bootloaders ssh web)
-
-(define (get-os ip mask gateway name-servers)
- (operating-system
- (host-name "nginx-test-server")
- (timezone "Etc/UTC")
- (bootloader (bootloader-configuration
- (bootloader grub-bootloader)
- (target "/dev/vda")
- (terminal-outputs '(console))))
- (file-systems (cons (file-system
- (mount-point "/")
- (device "/dev/vda1")
- (type "ext4"))
- %base-file-systems))
- (services
- (append
- (list
- ;; (service dhcp-client-service-type)
- (static-networking-service "eth0" ip
- #:netmask mask
- #:gateway gateway
- #:name-servers name-servers)
- (service nginx-service-type
- (nginx-configuration
- (modules
- (list
- (file-append nginx-rtmp-module "\
-/etc/nginx/modules/ngx_rtmp_module.so")))
- (server-blocks
- (list (nginx-server-configuration
- (server-name (list ip))
- (listen '("8081"))
- (root "/srv/www"))))))
- (service openssh-service-type
- (openssh-configuration
- (openssh openssh-sans-x)
- (permit-root-login #t)
- (authorized-keys
- `(("root" ,(local-file "ssh.key")))))))
- (modify-services %base-services
- (guix-service-type config =>
- (guix-configuration
- (inherit config)
- (authorized-keys
- (append (list (local-file "/etc/guix/signing-key.pub"))
- %default-authorized-guix-keys)))))))))
-
-(define host "64.227.112.147")
-(define os
- (get-os host "255.255.240.0" "64.227.112.1"
- '("84.200.69.80" "84.200.70.40")))
-
-(list (machine
- (operating-system os)
- (environment managed-host-environment-type)
- (configuration (machine-ssh-configuration
- (host-name host)
- (system "x86_64-linux")
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQCgnD8+SWnfZv5wKvUEac9yXCD4Jsc+irTqFh26oKF")
- (user "root")
- (port 22)))))
-
-
D manifest.yml => manifest.yml +0 -19
@@ 1,19 0,0 @@
-image: debian/testing
-packages:
- - guix
-sources:
- - https://git.sr.ht/~abcdw/guix
-environment:
- PATH: "$HOME/.config/guix/current/bin:$PATH"
-tasks:
- - prepare: |
- guix pull
- - build: |
- cd guix
- guix environment guix -- ./bootstrap
- guix environment guix -- ./configure
- guix environment guix -- make
- guix environment guix -- make doc/guix.html
- tar -cvf site.tar.gz -C doc/guix.html .
-artifacts:
- - site.tar.gz