diff options
Diffstat (limited to 'deployment')
| -rw-r--r-- | deployment/systems/aisaka.scm | 26 | ||||
| -rw-r--r-- | deployment/systems/akashi.scm | 11 | ||||
| -rw-r--r-- | deployment/systems/ayase.scm | 5 |
3 files changed, 27 insertions, 15 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm index e77f6c8..270cbf1 100644 --- a/deployment/systems/aisaka.scm +++ b/deployment/systems/aisaka.scm @@ -18,8 +18,6 @@ #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) #:use-module ((sovereign packages jekyll) #:prefix sovereign:packages:jekyll:) #:use-module ((sovereign systems) #:prefix sovereign:systems:) - #:use-module ((suweren system) #:prefix suweren:system:) - #:use-module ((suweren update) #:prefix suweren:update:) #:use-module ((users id1000) #:prefix users:id1000:) #:use-module ((users vmail) #:prefix users:vmail:)) @@ -40,9 +38,10 @@ ("dkim._domainkey" "3600" "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"") ("git" "3600" "IN" "A" "81.190.248.246") ("radicale" "3600" "IN" "A" "81.190.248.246") + ("schron" "3600" "IN" "A" "81.190.248.246") + ("sejf" "3600" "IN" "A" "81.190.248.246") ("test" "3600" "IN" "A" "81.190.248.246") - ("www" "3600" "IN" "A" "81.190.248.246") - ("schron" "3600" "IN" "A" "81.190.248.246")) + ("www" "3600" "IN" "A" "81.190.248.246")) (define master-zone (gnu:services:dns:knot-zone-configuration @@ -53,7 +52,7 @@ (origin "marekpasnikowski.pl") (ns "ns.marekpasnikowski.pl.") (mail "marek.marekpasnikowski.pl.") - (serial 2025061000))))) + (serial 2025072600))))) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -192,7 +191,6 @@ (hide? #t) (path "/srv/git/marek/packages")))) (project-list (list "deployment.git" - "distribution.git" "nonguix.git" "sovereign.git")) (repository-directory "/var/lib/gitolite/repositories")))) @@ -318,6 +316,22 @@ (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;" "ssl_verify_client on;"))) + ;; Sejf + (gnu:services:web:nginx-server-configuration + (locations (list (gnu:services:web:nginx-location-configuration + (body (list "proxy_set_header Host $host;" + "proxy_set_header X-Real-IP $remote_addr;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + "proxy_set_header X-Forwarded-Proto $scheme;" + "if ($ssl_client_verify != SUCCESS) {return 403;}")) + (uri "/")))) + (listen (list "192.168.10.2:443 ssl")) + (root "/home/marek/Publiczne/sejf") + (server-name (list "sejf.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") + (raw-content (list "ssl_client_certificate /secrets/ca/intermediate/certs/ca-chain.cert.pem;" + "ssl_verify_client on;"))) ;; Radicale ((@ (gnu services web) nginx-server-configuration) (locations diff --git a/deployment/systems/akashi.scm b/deployment/systems/akashi.scm index a7d48d2..dc2f65e 100644 --- a/deployment/systems/akashi.scm +++ b/deployment/systems/akashi.scm @@ -5,6 +5,7 @@ #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) #:use-module ((gnu services guix) #:prefix gnu:services:guix:) #:use-module ((gnu system) #:prefix gnu:system:) + #:use-module ((gnu system file-systems) #:prefix gnu:system:file-systems:) #:use-module ((machines thinkpad-x200) #:prefix machines:thinkpad-x200:) #:use-module ((sovereign systems) #:prefix sovereign:systems:) #:use-module (users id1000)) @@ -21,16 +22,14 @@ "akashi") (define (file-systems) - (use-modules (suweren system)) - (append %suweren-file-systems - (list root-partition))) + (cons* root-partition + gnu:system:file-systems:%base-file-systems)) (define keyboard-layout* ((@ (gnu system keyboard) keyboard-layout) "pl")) (define (services) - (use-modules (suweren system)) (let* ((home-environments `((,uid1000-name ,uid1000-home-environment))) (guix-home ((@ (gnu services) service) gnu:services:guix:guix-home-service-type @@ -63,7 +62,7 @@ (swap-devices (machines:thinkpad-x200:swap-devices* host-name*)) (users users) (timezone timezone*) - (locale polish-locale-string) - (locale-definitions %suweren-locale-definitions) + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) (services (services)) (sudoers-file sovereign:systems:%sovereign-sudoers-specification)))) diff --git a/deployment/systems/ayase.scm b/deployment/systems/ayase.scm index 9606c7b..933c211 100644 --- a/deployment/systems/ayase.scm +++ b/deployment/systems/ayase.scm @@ -10,7 +10,6 @@ #:use-module ((sovereign devices amd64) #:prefix sovereign:devices:amd64:) #:use-module ((sovereign packages protonmail) #:prefix sovereign:packages:protonmail:) #:use-module ((sovereign systems) #:prefix sovereign:systems:) - #:use-module ((suweren system) #:prefix suweren:system:) #:use-module ((users id1000) #:prefix users:id1000:)) (define efi-filesystem-uuid @@ -133,7 +132,7 @@ swap-device-2)) (users (users)) (timezone "Europe/Warsaw") - (locale suweren:system:polish-locale-string) - (locale-definitions suweren:system:%suweren-locale-definitions) + (locale sovereign:systems:pl-locale) + (locale-definitions sovereign:systems:%sovereign-locale-definitions) (services services) (sudoers-file sovereign:systems:%sovereign-sudoers-specification))) |