From ca5dee05f66a930a3ba19f3b0a93b034de12a80f Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Tue, 17 Mar 2026 18:03:21 +0100 Subject: (deployment systems aisaka): implement public substitute server --- deployment/systems/aisaka.scm | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm index a0a2766..5174e61 100644 --- a/deployment/systems/aisaka.scm +++ b/deployment/systems/aisaka.scm @@ -98,6 +98,7 @@ ("_dmarc" ttl "IN" "TXT" "\"v=DMARC1; p=reject; sp=reject; pct=100; aspf=s; adkim=s; fo=1; rua=mailto:abuse@marekpasnikowski.pl; ruf=mailto:abuse@marekpasnikowski.pl\"") ("dkim._domainkey" ttl "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"") ("git" ttl "IN" "CNAME" "www") + ("guix" ttl "IN" "CNAME" "www") ("radicale" ttl "IN" "CNAME" "www") ("schron" ttl "IN" "CNAME" "www") ("sejf" ttl "IN" "CNAME" "www") @@ -109,7 +110,7 @@ (origin "marekpasnikowski.pl") (ns "ns1.marekpasnikowski.pl.") (mail "marek.marekpasnikowski.pl.") - (serial 2026031601))) + (serial 2026031700))) (define master-zone (gnu:services:dns:knot-zone-configuration @@ -215,7 +216,7 @@ "fastcgi_pass 127.0.0.1:9000 ;")) (uri "@cgit"))) -(define nginx-location-proxy +(define nginx-location-proxy-guix (gnu:services:web:nginx-location-configuration (body (list "proxy_pass http://localhost:5232/ ;" "proxy_set_header X-Script-Name \"\" ;" @@ -224,6 +225,15 @@ "proxy_pass_header Authorization ;")) (uri "/"))) +(define nginx-location-proxy-radicale + (gnu:services:web:nginx-location-configuration + (body (list "proxy_pass http://localhost:8080/ ;" + "proxy_set_header X-Script-Name \"\" ;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;" + "proxy_set_header Host $http_host ;" + "proxy_pass_header Authorization ;")) + (uri "/"))) + (define nginx-location-proxy-auth (gnu:services:web:nginx-location-configuration (body (list "proxy_set_header Host $host;" @@ -252,6 +262,12 @@ (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem") (try-files (list "$uri" "@cgit"))))) +(define nginx-server-guix + (gnu:services:web:nginx-server-configuration + (locations (list nginx-location-proxy-guix)) + (listen (list "192.168.10.2:443 ssl")) + (server-name (list "guix.marekpasnikowski.pl")))) + (define nginx-server-portal (gnu:services:web:nginx-server-configuration (locations (list nginx-location-well-known)) @@ -263,7 +279,7 @@ (define nginx-server-radicale (gnu:services:web:nginx-server-configuration - (locations (list nginx-location-proxy + (locations (list nginx-location-proxy-radicale nginx-location-well-known)) (listen (list "192.168.10.2:443 ssl")) (server-name (list "radicale.marekpasnikowski.pl")))) @@ -321,6 +337,7 @@ (shepherd-requirement (list 'networking)) (server-blocks (list nginx-server-portal nginx-server-www + nginx-server-guix nginx-server-test nginx-server-schron nginx-server-sejf @@ -360,6 +377,7 @@ nginx-deploy-hook-file)) (domains (list "marekpasnikowski.pl" "git.marekpasnikowski.pl" + "guix.marekpasnikowski.pl" "radicale.marekpasnikowski.pl" "schron.marekpasnikowski.pl" "sejf.marekpasnikowski.pl" @@ -634,6 +652,15 @@ (name "vmail") (system? #t))) +(define guix-publish-service + (let + ((configuration (gnu:services:base:guix-publish-configuration + (host "192.168.10.2") + (port 8080) + (advertise? #t)))) + (gnu:services:service gnu:services:base:guix-publish-service-type + configuration))) + (define-public system (let* ((home-environments- (list users:id1000:name/home-environment)) -- cgit v1.3