From 8af542c16b62df9b6ac14d47e1a451a84fcd3134 Mon Sep 17 00:00:00 2001 From: "root@procul" Date: Thu, 16 Jul 2020 15:46:14 -0500 Subject: [PATCH] Lots of commits, mostly related to cl-gemini --- config/fudo/slynk.nix | 12 +-- config/informis/cl-gemini.nix | 159 ++++++++++++++++++++++++++++++++++ config/local.nix | 2 + defaults.nix | 4 +- fudo/sites/joes.nix | 23 +++-- fudo/sites/seattle.nix | 2 + hosts/procul.nix | 12 +++ packages/cl-gemini.nix | 24 +++++ packages/local.nix | 11 +-- 9 files changed, 231 insertions(+), 18 deletions(-) create mode 100644 config/informis/cl-gemini.nix create mode 100644 packages/cl-gemini.nix diff --git a/config/fudo/slynk.nix b/config/fudo/slynk.nix index e2ad7b8..cbfdf14 100644 --- a/config/fudo/slynk.nix +++ b/config/fudo/slynk.nix @@ -14,6 +14,12 @@ let (loop (sleep 60)) ''; + sbcl-with-ssl = pkgs.sbcl.overrideAttrs (oldAttrs: rec { + extraLibs = with pkgs; [ + openssl_1_1.dev + ]; + }); + in { options.fudo.slynk = { enable = mkEnableOption "Enable Slynk emacs common lisp server."; @@ -30,9 +36,8 @@ in { description = "Slynk Common Lisp server."; serviceConfig = { - # Type = "simple"; ExecStartPre = "${pkgs.lispPackages.quicklisp}/bin/quicklisp init"; - ExecStart = "${pkgs.sbcl-with-libs}/bin/sbcl --load ${initScript cfg.port}"; + ExecStart = "${pkgs.sbcl-with-ssl}/bin/sbcl --load ${initScript cfg.port}"; Restart = "on-failure"; PIDFile = "/run/slynk.$USERNAME.pid"; }; @@ -40,9 +45,6 @@ in { environment = { LD_LIBRARY_PATH = "${pkgs.openssl_1_1.out}/lib:${pkgs.libuv.out}/lib"; }; - - ## Starts on login. But what about ports? - # wantedBy = [ "default.target" ]; }; }; } diff --git a/config/informis/cl-gemini.nix b/config/informis/cl-gemini.nix new file mode 100644 index 0000000..ccab8bc --- /dev/null +++ b/config/informis/cl-gemini.nix @@ -0,0 +1,159 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.informis.cl-gemini; + + lisp-libs = with pkgs.lispPackages; [ + alexandria + asdf-package-system + asdf-system-connections + cl_plus_ssl + cl-ppcre + quicklisp + quri + uiop + usocket + ]; + + launchServer = load-paths: ip: port: root: public-dir: key: cert: slynk-port: + let + load-path-string = + concatStringsSep " " (map (path: "\"${path}\"") load-paths); + in pkgs.writeText "launch-server.lisp" '' + (load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname))) + (setf asdf:*central-registry* + (append asdf:*central-registry* + (list ${load-path-string}))) + (ql:quickload :slynk) + (ql:quickload :cl-gemini) + ${optionalString (slynk-port != null) "(slynk:create-server :port ${toString slynk-port} :dont-close t)"} + (cl-gemini:start-gemini-server "${ip}" "${key}" "${cert}" + :port ${toString port} + :document-root "${root}" + :file-cmd "${pkgs.file}/bin/file" + :log-stream *standard-output* + :threaded t + :separate-thread t) + (loop (sleep 60)) + ''; + + sbcl-with-ssl = pkgs.sbcl.overrideAttrs (oldAttrs: rec { + extraLibs = with pkgs; [ + openssl_1_1.dev + ]; + }); + +in { + options.informis.cl-gemini = with types; { + enable = mkEnableOption "Enable the cl-gemini server."; + + port = mkOption { + type = port; + description = "Port on which to serve Gemini traffic."; + default = 1965; + }; + + server-ip = mkOption { + type = str; + description = "IP on which to serve Gemini traffic."; + example = "1.2.3.4"; + }; + + document-root = mkOption { + type = path; + description = "Root at which to look for gemini files."; + example = /my/gemini/root; + }; + + user-public = mkOption { + type = str; + description = "Subdirectory of user homes to check for gemini files."; + default = "gemini-public"; + }; + + ssl-private-key = mkOption { + type = path; + description = "Path to the pem-encoded server private key."; + example = /path/to/secret/key.pem; + }; + + ssl-certificate = mkOption { + type = path; + description = "Path to the pem-encoded server public certificate."; + example = /path/to/cert.pem; + }; + + slynk-port = mkOption { + type = nullOr port; + description = "Port on which to open a slynk server, if any."; + default = null; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = with pkgs; [ + cl-gemini + ]; + + users.users = { + cl-gemini = { + isSystemUser = true; + group = "nogroup"; + createHome = true; + home = "/var/lib/cl-gemini"; + }; + }; + + environment.etc = { + "cl-gemini/key.pem" = { + mode = "0400"; + user = "cl-gemini"; + source = cfg.ssl-private-key; + }; + + "cl-gemini/cert.pem" = { + mode = "0444"; + user = "cl-gemini"; + source = cfg.ssl-certificate; + }; + }; + + systemd.services.cl-gemini = { + description = "cl-gemini Gemini server (https://gemini.circumlunar.space/)"; + + serviceConfig = let + load-paths = (map (pkg: "${pkg}/lib/common-lisp//") + (lisp-libs ++ [pkgs.cl-gemini])); + in { + ExecStartPre = "${pkgs.lispPackages.quicklisp}/bin/quicklisp init"; + ExecStart = "${sbcl-with-ssl}/bin/sbcl --load ${ + launchServer + load-paths + cfg.server-ip + cfg.port + cfg.document-root + cfg.user-public + "/etc/cl-gemini/key.pem" + "/etc/cl-gemini/cert.pem" + cfg.slynk-port + }"; + Restart = "on-failure"; + PIDFile = "/run/cl-gemini.$USERNAME.uid"; + User = "cl-gemini"; + }; + + environment = { + LD_LIBRARY_PATH = "${pkgs.openssl_1_1.out}/lib"; + }; + + path = with pkgs; [ + file + getent + ]; + + wantedBy = [ "default.target" ]; + }; + }; +} diff --git a/config/local.nix b/config/local.nix index 31d794c..a3e43b2 100644 --- a/config/local.nix +++ b/config/local.nix @@ -24,6 +24,8 @@ with lib; ./fudo/system.nix ./fudo/webmail.nix + ./informis/cl-gemini.nix + ../fudo/profiles ../fudo/sites ]; diff --git a/defaults.nix b/defaults.nix index 5c4242c..9f06d1f 100644 --- a/defaults.nix +++ b/defaults.nix @@ -55,6 +55,7 @@ mkpasswd ncurses5 nix-index + nix-prefetch-git nmap oidentd openldap @@ -81,14 +82,13 @@ yubikey-manager ]; - system.stateVersion = "19.09"; + system.stateVersion = "20.03"; system.autoUpgrade.enable = true; environment.etc.current-nixos-config.source = ./.; krb5.enable = true; - krb5.libdefaults.default_realm = "FUDO.ORG"; krb5.kerberos = pkgs.heimdalFull; console.keyMap = "dvp"; diff --git a/fudo/sites/joes.nix b/fudo/sites/joes.nix index 8f541ed..5fcb5a7 100644 --- a/fudo/sites/joes.nix +++ b/fudo/sites/joes.nix @@ -2,12 +2,14 @@ with lib; let - admin = "admin@informis.land"; - hostname = config.networking.hostName; gateway = "172.86.179.17"; + local-domain = "informis.land"; + + admin = "admin@${local-domain}"; + in { config = mkIf (config.fudo.common.site == "joes") { time.timeZone = "America/Winnipeg"; @@ -17,21 +19,30 @@ in { }; networking = { - domain = "informis.land"; - search = ["informis.land" "fudo.org"]; + domain = local-domain; + search = [ local-domain "fudo.org" ]; firewall.enable = false; defaultGateway = gateway; # defaultGateway6 = gateway6; + + hosts = { + "127.0.0.1" = [ + "${config.networking.hostName}.${local-domain}" + config.networking.hostName + ]; + }; }; + krb5.libdefaults.default_realm = "INFORMIS.LAND"; + fudo.node-exporter = { enable = false; hostname = hostname; }; - security.acme.certs."${hostname}.informis.land" = { - email = "admin@informis.land"; + security.acme.certs."${hostname}.${local-domain}" = { + email = "admin@${local-domain}"; }; services.nginx = { diff --git a/fudo/sites/seattle.nix b/fudo/sites/seattle.nix index 83788cd..8d58e61 100644 --- a/fudo/sites/seattle.nix +++ b/fudo/sites/seattle.nix @@ -22,6 +22,8 @@ in { mailto = admin; }; + krb5.libdefaults.default_realm = "FUDO.ORG"; + networking = { domain = local-domain; search = [local-domain "fudo.org"]; diff --git a/hosts/procul.nix b/hosts/procul.nix index 5237977..754d83a 100644 --- a/hosts/procul.nix +++ b/hosts/procul.nix @@ -238,8 +238,10 @@ in { admin-address = "admin@${domain}"; hostnames = [ + "informis.land" "imap.informis.land" "smtp.informis.land" + "gemini.informis.land" ]; }; }; @@ -260,4 +262,14 @@ in { }; }; }; + + informis.cl-gemini = { + enable = true; + + server-ip = host_ipv4; + document-root = /srv/gemini; + ssl-private-key = acme-private-key "informis.land"; + ssl-certificate = acme-certificate "informis.land"; + slynk-port = 4005; + }; } diff --git a/packages/cl-gemini.nix b/packages/cl-gemini.nix new file mode 100644 index 0000000..5577e17 --- /dev/null +++ b/packages/cl-gemini.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchgit, pkgs }: + +let + url = "https://git.informis.land/viator/cl-gemini.git"; + version = "0.1"; + +in stdenv.mkDerivation { + name = "cl-gemini-${version}"; + + src = fetchgit { + url = "https://git.informis.land/viator/cl-gemini.git"; + rev = "a4596703a4e7ff628639ea4a2350591e4db9a32d"; + sha256 = "18zqgx200fd32kgbpfhvcnlwanzmjk3f0ggiks0n579zkhzslxs0"; + fetchSubmodules = false; + }; + + phases = ["installPhase"]; + + installPhase = '' + mkdir -p "$out/lib/common-lisp/cl-gemini" + cp "$src/cl-gemini.asd" "$out/lib/common-lisp/cl-gemini" + cp -R "$src/src" "$out/lib/common-lisp/cl-gemini" + ''; +} diff --git a/packages/local.nix b/packages/local.nix index deda25e..caba142 100644 --- a/packages/local.nix +++ b/packages/local.nix @@ -36,14 +36,15 @@ configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; }); - sbcl-with-libs = pkgs.sbcl.overrideAttrs (oldAttrs: rec { - extraLibs = with pkgs; [ - openssl_1_1.dev - ]; - }); hll2380dw-cups = import ./hll2380dw-cups.nix { inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused coreutils file perl which; }; + + cl-gemini = import ./cl-gemini.nix { + pkgs = pkgs; + stdenv = pkgs.stdenv; + fetchgit = pkgs.fetchgit; + }; }; }