[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-deployment] branch master updated: guix config + ngi
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-deployment] branch master updated: guix config + nginx |
|
Date: |
Mon, 29 Oct 2018 14:00:40 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new b47f4e2 guix config + nginx
b47f4e2 is described below
commit b47f4e2577d01ff57f165361d3c7b217ffc89331
Author: Nils Gillmann <address@hidden>
AuthorDate: Mon Oct 29 13:01:39 2018 +0000
guix config + nginx
Signed-off-by: Nils Gillmann <address@hidden>
---
guix/config.scm | 51 ++++++++++++++++++++++++++---------
guix/etc/nginx/sites-enabled/git.site | 5 ++--
2 files changed, 42 insertions(+), 14 deletions(-)
diff --git a/guix/config.scm b/guix/config.scm
index 32adf8c..134351f 100644
--- a/guix/config.scm
+++ b/guix/config.scm
@@ -4,14 +4,16 @@
(guix)
(guix gexp))
(use-system-modules nss)
-(use-service-modules networking ssh version-control databases admin web)
-(use-package-modules base bash shells web)
+(use-service-modules networking sshversion-control databases admin web)
+(use-package-modules base bash shells web tls)
;;; --- cron jobs start
-(define %gc-job
- ;; Collect garbage once a day.
- #~(job '(next-hour '(4))
- (string-append #$guix "/bin/guix gc -F80G")))
+(define %certbot-job
+ ;; LE cert renewal 7d / 2
+ #~(job (lambda (now)
+ (next-day-from (next-hour-from now '(3))
+ '(2 5)))
+ (string-append #$certbot "/bin/certbot renew")))
;;; --- cron jobs end
;;; --- nginx start
@@ -21,6 +23,12 @@
;; the way which allows us to work directly on nginx files instead
;; of generating them through Guix, for now. Every update of the
;; nginx config requires a reconfigure!
+(define %nginx-deploy-hook
+ (program-file
+ "nginx-deploy-hook"
+ #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+ (kill pid SIGHUP))))
+
(define %nginx-config
(computed-file "nginx-config"
(with-imported-modules '((guix build utils))
@@ -39,7 +47,7 @@
(copy-file #$(local-file
"etc/nginx/sites-enabled/git-ssl.site")
"sites-enabled/git-ssl.site")))))
-;; TODO: Change to our file.
+;; this includes defaults, so 'fastcgi' related files:
(define %nginx-mime-types
(simple-service 'nginx-mime.types
etc-service-type
@@ -110,10 +118,10 @@
"curl" "gnutls-dane"
"gitolite"
"acme-client"
+ "buildbot"
; Website dependencies:
"python" "python-jinja2"
"python-sphinx"))
- ; "buildbot"
%base-packages))
;; TODO: cgit service?
@@ -139,6 +147,16 @@
"/bin/env"))
("/bin/ksh" ,(file-append (canonical-package loksh)
"/bin/ksh"))))
+ ;; TODO: Use deploy-hook
+ ;; TODO: Add git.taler.net
+ ;; (service certbot-service-type
+ ;; (certbot-configuration
+ ;; ;; FIXME: switch over to taler.net domain
+ ;; (email "address@hidden")
+ ;; (certificates
+ ;; (list
+ ;; (certificate-configuration
+ ;; (domains '("gv.taler.net")))))))
;; TODO: acme-client cronjob for:
;; taler.net www.taler.net api.taler.net lcov.taler.net
;; git.taler.net gauger.taler.net buildbot.taler.net
@@ -161,10 +179,10 @@
(password-authentication? #f)
(permit-root-login 'without-password)))
- (service rottlog-service-type (rottlog-configuration))
- (service mcron-service-type
- (mcron-configuration
- (jobs (list %gc-job %thing1))))
+ ;; (service rottlog-service-type (rottlog-configuration))
+ ;; (service mcron-service-type
+ ;; (mcron-configuration
+ ;; (jobs (list %gc-job %thing1))))
(service postgresql-service-type)
(git-daemon-service
#:config (git-daemon-configuration
@@ -176,6 +194,15 @@
(constraint-from '("www.gnu.org"))
(constraints-from '("https://www.google.com/";))
(allow-large-adjustment? #t)))
+ ;; FIXME: To be able to better test and replicate this,
+ ;; we have to replicate what's done in nginx (copy into
+ ;; store, use location in store).
+ (service fcgiwrap-service-type
+ (fcgiwrap-configuration
+ (socket "/var/run/fcgiwrap.socket")))
+ ;; (service cgit-service-type
+ ;; (opaque-cgit-configuration
+ ;; (cgitrc "/etc/cgitrc")))
(service nginx-service-type
(nginx-configuration
(file (file-append %nginx-config
diff --git a/guix/etc/nginx/sites-enabled/git.site
b/guix/etc/nginx/sites-enabled/git.site
index 4c0c9ea..b9b9fc4 100644
--- a/guix/etc/nginx/sites-enabled/git.site
+++ b/guix/etc/nginx/sites-enabled/git.site
@@ -3,8 +3,9 @@ server {
listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
- root /var/git;
- server_name git.taler.net;
+ root /srv/git;
+ #server_name git.taler.net;
+ server_name gv.taler.net;
rewrite ^ https://$server_name$request_uri? permanent;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-deployment] branch master updated: guix config + nginx,
gnunet <=