nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lots of commits, mostly related to cl-gemini

Browse Source
This commit is contained in:
root@procul 2020-07-16 15:46:14 -05:00
parent d429825817
commit 8af542c16b
9 changed files with 231 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/fudo/slynk.nix
View File

@ -14,6 +14,12 @@ let
(loop (sleep 60)) (loop (sleep 60))
''; '';
sbcl-with-ssl = pkgs.sbcl.overrideAttrs (oldAttrs: rec {
extraLibs = with pkgs; [
openssl_1_1.dev
];
});
in { in {
options.fudo.slynk = { options.fudo.slynk = {
enable = mkEnableOption "Enable Slynk emacs common lisp server."; enable = mkEnableOption "Enable Slynk emacs common lisp server.";
@ -30,9 +36,8 @@ in {
description = "Slynk Common Lisp server."; description = "Slynk Common Lisp server.";
serviceConfig = { serviceConfig = {
# Type = "simple";
ExecStartPre = "${pkgs.lispPackages.quicklisp}/bin/quicklisp init"; ExecStartPre = "${pkgs.lispPackages.quicklisp}/bin/quicklisp init";
ExecStart = "${pkgs.sbcl-with-libs}/bin/sbcl --load ${initScript cfg.port}"; ExecStart = "${pkgs.sbcl-with-ssl}/bin/sbcl --load ${initScript cfg.port}";
Restart = "on-failure"; Restart = "on-failure";
PIDFile = "/run/slynk.$USERNAME.pid"; PIDFile = "/run/slynk.$USERNAME.pid";
}; };
@ -40,9 +45,6 @@ in {
environment = { environment = {
LD_LIBRARY_PATH = "${pkgs.openssl_1_1.out}/lib:${pkgs.libuv.out}/lib"; LD_LIBRARY_PATH = "${pkgs.openssl_1_1.out}/lib:${pkgs.libuv.out}/lib";
}; };
## Starts on login. But what about ports?
# wantedBy = [ "default.target" ];
}; };
}; };
} }

159
config/informis/cl-gemini.nix Normal file
View File

@ -0,0 +1,159 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.informis.cl-gemini;
lisp-libs = with pkgs.lispPackages; [
alexandria
asdf-package-system
asdf-system-connections
cl_plus_ssl
cl-ppcre
quicklisp
quri
uiop
usocket
];
launchServer = load-paths: ip: port: root: public-dir: key: cert: slynk-port:
let
load-path-string =
concatStringsSep " " (map (path: "\"${path}\"") load-paths);
in pkgs.writeText "launch-server.lisp" ''
(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))
(setf asdf:*central-registry*
(append asdf:*central-registry*
(list ${load-path-string})))
(ql:quickload :slynk)
(ql:quickload :cl-gemini)
${optionalString (slynk-port != null) "(slynk:create-server :port ${toString slynk-port} :dont-close t)"}
(cl-gemini:start-gemini-server "${ip}" "${key}" "${cert}"
:port ${toString port}
:document-root "${root}"
:file-cmd "${pkgs.file}/bin/file"
:log-stream *standard-output*
:threaded t
:separate-thread t)
(loop (sleep 60))
'';
sbcl-with-ssl = pkgs.sbcl.overrideAttrs (oldAttrs: rec {
extraLibs = with pkgs; [
openssl_1_1.dev
];
});
in {
options.informis.cl-gemini = with types; {
enable = mkEnableOption "Enable the cl-gemini server.";
port = mkOption {
type = port;
description = "Port on which to serve Gemini traffic.";
default = 1965;
};
server-ip = mkOption {
type = str;
description = "IP on which to serve Gemini traffic.";
example = "1.2.3.4";
};
document-root = mkOption {
type = path;
description = "Root at which to look for gemini files.";
example = /my/gemini/root;
};
user-public = mkOption {
type = str;
description = "Subdirectory of user homes to check for gemini files.";
default = "gemini-public";
};
ssl-private-key = mkOption {
type = path;
description = "Path to the pem-encoded server private key.";
example = /path/to/secret/key.pem;
};
ssl-certificate = mkOption {
type = path;
description = "Path to the pem-encoded server public certificate.";
example = /path/to/cert.pem;
};
slynk-port = mkOption {
type = nullOr port;
description = "Port on which to open a slynk server, if any.";
default = null;
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
cl-gemini
];
users.users = {
cl-gemini = {
isSystemUser = true;
group = "nogroup";
createHome = true;
home = "/var/lib/cl-gemini";
};
};
environment.etc = {
"cl-gemini/key.pem" = {
mode = "0400";
user = "cl-gemini";
source = cfg.ssl-private-key;
};
"cl-gemini/cert.pem" = {
mode = "0444";
user = "cl-gemini";
source = cfg.ssl-certificate;
};
};
systemd.services.cl-gemini = {
description = "cl-gemini Gemini server (https://gemini.circumlunar.space/)";
serviceConfig = let
load-paths = (map (pkg: "${pkg}/lib/common-lisp//")
(lisp-libs ++ [pkgs.cl-gemini]));
in {
ExecStartPre = "${pkgs.lispPackages.quicklisp}/bin/quicklisp init";
ExecStart = "${sbcl-with-ssl}/bin/sbcl --load ${
launchServer
load-paths
cfg.server-ip
cfg.port
cfg.document-root
cfg.user-public
"/etc/cl-gemini/key.pem"
"/etc/cl-gemini/cert.pem"
cfg.slynk-port
}";
Restart = "on-failure";
PIDFile = "/run/cl-gemini.$USERNAME.uid";
User = "cl-gemini";
};
environment = {
LD_LIBRARY_PATH = "${pkgs.openssl_1_1.out}/lib";
};
path = with pkgs; [
file
getent
];
wantedBy = [ "default.target" ];
};
};
}

2
config/local.nix
View File

@ -24,6 +24,8 @@ with lib;
./fudo/system.nix ./fudo/system.nix
./fudo/webmail.nix ./fudo/webmail.nix
./informis/cl-gemini.nix
../fudo/profiles ../fudo/profiles
../fudo/sites ../fudo/sites
]; ];

4
defaults.nix
View File

@ -55,6 +55,7 @@
mkpasswd mkpasswd
ncurses5 ncurses5
nix-index nix-index
nix-prefetch-git
nmap nmap
oidentd oidentd
openldap openldap
@ -81,14 +82,13 @@
yubikey-manager yubikey-manager
]; ];
system.stateVersion = "19.09"; system.stateVersion = "20.03";
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
environment.etc.current-nixos-config.source = ./.; environment.etc.current-nixos-config.source = ./.;
krb5.enable = true; krb5.enable = true;
krb5.libdefaults.default_realm = "FUDO.ORG";
krb5.kerberos = pkgs.heimdalFull; krb5.kerberos = pkgs.heimdalFull;
console.keyMap = "dvp"; console.keyMap = "dvp";

23
fudo/sites/joes.nix
View File

@ -2,12 +2,14 @@
with lib; with lib;
let let
admin = "admin@informis.land";
hostname = config.networking.hostName; hostname = config.networking.hostName;
gateway = "172.86.179.17"; gateway = "172.86.179.17";
local-domain = "informis.land";
admin = "admin@${local-domain}";
in { in {
config = mkIf (config.fudo.common.site == "joes") { config = mkIf (config.fudo.common.site == "joes") {
time.timeZone = "America/Winnipeg"; time.timeZone = "America/Winnipeg";
@ -17,21 +19,30 @@ in {
}; };
networking = { networking = {
domain = "informis.land"; domain = local-domain;
search = ["informis.land" "fudo.org"]; search = [ local-domain "fudo.org" ];
firewall.enable = false; firewall.enable = false;
defaultGateway = gateway; defaultGateway = gateway;
# defaultGateway6 = gateway6; # defaultGateway6 = gateway6;
hosts = {
"127.0.0.1" = [
"${config.networking.hostName}.${local-domain}"
config.networking.hostName
];
};
}; };
krb5.libdefaults.default_realm = "INFORMIS.LAND";
fudo.node-exporter = { fudo.node-exporter = {
enable = false; enable = false;
hostname = hostname; hostname = hostname;
}; };
security.acme.certs."${hostname}.informis.land" = { security.acme.certs."${hostname}.${local-domain}" = {
email = "admin@informis.land"; email = "admin@${local-domain}";
}; };
services.nginx = { services.nginx = {

2
fudo/sites/seattle.nix
View File

@ -22,6 +22,8 @@ in {
mailto = admin; mailto = admin;
}; };
krb5.libdefaults.default_realm = "FUDO.ORG";
networking = { networking = {
domain = local-domain; domain = local-domain;
search = [local-domain "fudo.org"]; search = [local-domain "fudo.org"];

12
hosts/procul.nix
View File

@ -238,8 +238,10 @@ in {
admin-address = "admin@${domain}"; admin-address = "admin@${domain}";
hostnames = [ hostnames = [
"informis.land"
"imap.informis.land" "imap.informis.land"
"smtp.informis.land" "smtp.informis.land"
"gemini.informis.land"
]; ];
}; };
}; };
@ -260,4 +262,14 @@ in {
}; };
}; };
}; };
informis.cl-gemini = {
enable = true;
server-ip = host_ipv4;
document-root = /srv/gemini;
ssl-private-key = acme-private-key "informis.land";
ssl-certificate = acme-certificate "informis.land";
slynk-port = 4005;
};
} }

24
packages/cl-gemini.nix Normal file
View File

@ -0,0 +1,24 @@
{ stdenv, fetchgit, pkgs }:
let
url = "https://git.informis.land/viator/cl-gemini.git";
version = "0.1";
in stdenv.mkDerivation {
name = "cl-gemini-${version}";
src = fetchgit {
url = "https://git.informis.land/viator/cl-gemini.git";
rev = "a4596703a4e7ff628639ea4a2350591e4db9a32d";
sha256 = "18zqgx200fd32kgbpfhvcnlwanzmjk3f0ggiks0n579zkhzslxs0";
fetchSubmodules = false;
};
phases = ["installPhase"];
installPhase = ''
mkdir -p "$out/lib/common-lisp/cl-gemini"
cp "$src/cl-gemini.asd" "$out/lib/common-lisp/cl-gemini"
cp -R "$src/src" "$out/lib/common-lisp/cl-gemini"
'';
}

11
packages/local.nix
View File

@ -36,14 +36,15 @@
configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ]; configureFlags = oldAttrs.configureFlags ++ [ "--with-gssapi" ];
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ]; buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
}); });
sbcl-with-libs = pkgs.sbcl.overrideAttrs (oldAttrs: rec {
extraLibs = with pkgs; [
openssl_1_1.dev
];
});
hll2380dw-cups = import ./hll2380dw-cups.nix { hll2380dw-cups = import ./hll2380dw-cups.nix {
inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused coreutils file perl which; inherit (pkgs) stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused coreutils file perl which;
}; };
cl-gemini = import ./cl-gemini.nix {
pkgs = pkgs;
stdenv = pkgs.stdenv;
fetchgit = pkgs.fetchgit;
};
}; };
} }