diff options
Diffstat (limited to 'systems/izumi/system-configuration.scm')
-rw-r--r-- | systems/izumi/system-configuration.scm | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm index ec8bc29..ad99c80 100644 --- a/systems/izumi/system-configuration.scm +++ b/systems/izumi/system-configuration.scm @@ -19,6 +19,28 @@ ( use-service-modules base certbot cgit desktop mail shepherd ssh version-control web xorg ) +(define nginx-accounts + (list (user-group (name "nginx") + (system? #t)) + (user-account (name "nginx") + (group "nginx") + (supplementary-groups '("git")) + (system? #t) + (comment "nginx server user") + (home-directory "/var/empty") + (shell (file-append (specification->package "shadow") + "/sbin/nologin"))))) + +(define nginx-service-type* + (service-type (inherit nginx-service-type) + (extensions (map (lambda (extension) + (if (eq? (service-extension-target extension) + account-service-type) + (service-extension account-service-type + (const nginx-accounts)) + extension)) + (service-type-extensions nginx-service-type))))) + (define hosts-izumi (local-file "system-files/hosts")) @@ -536,7 +558,15 @@ #:interface "enp1s0" #:domain "marekpasnikowski.pl" ) ( list - ( service certbot-service-type + (service (service-type (inherit certbot-service-type) + (extensions (map (lambda (extension) + (if (eq? (service-extension-target extension) + nginx-service-type) + (service-extension nginx-service-type* + (@@ (gnu services certbot) + certbot-nginx-server-configurations)) + extension)) + (service-type-extensions certbot-service-type)))) ( certbot-configuration ( certificates ( list @@ -559,7 +589,7 @@ (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) - (service-extension nginx-service-type + (service-extension nginx-service-type* cgit-configuration-nginx-config) extension)) (service-type-extensions cgit-service-type)))) @@ -599,14 +629,15 @@ ( hide? #t ) ( path "/srv/git/marek/packages" ) ) ) ) ( repository-directory "/var/lib/gitolite/repositories" ) ) ) - ( service fcgiwrap-service-type ) + (service fcgiwrap-service-type + (fcgiwrap-configuration (group "git"))) ( service gitolite-service-type ( gitolite-configuration - ( rc-file ( gitolite-rc-file ( umask #o0022 ) ) ) + ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service gnome-desktop-service-type ) - ( service nginx-service-type + (service nginx-service-type* ( nginx-configuration ( server-blocks ( list |