2024-10-23 01:02:08 +00:00
|
|
|
(use-modules (freya system)
|
2024-10-23 22:07:33 +00:00
|
|
|
(ice-9 match)
|
|
|
|
(gnu packages ci)
|
|
|
|
(gnu services cuirass)
|
|
|
|
(gnu services avahi)
|
|
|
|
(gnu services mcron)
|
|
|
|
(gnu services web)
|
|
|
|
(gnu services networking)
|
2024-10-23 01:02:08 +00:00
|
|
|
(gnu))
|
|
|
|
|
2024-10-23 22:07:33 +00:00
|
|
|
;; Cuirass specification
|
|
|
|
(define %cuirass-specs
|
|
|
|
#~(list
|
|
|
|
(specification
|
|
|
|
(name "sakura")
|
|
|
|
(build '(channels sakura))
|
|
|
|
(channels
|
|
|
|
(list %default-guix-channel
|
|
|
|
(channel
|
|
|
|
(name 'sakura)
|
|
|
|
(url "https://g.freya.cat/freya/sakura")
|
|
|
|
(branch "main")
|
|
|
|
(introduction
|
|
|
|
(make-channel-introduction
|
|
|
|
"490f9018f0de343c7192c8a2d1f3d9d66f180c8d"
|
|
|
|
(openpgp-fingerprint
|
|
|
|
"4F6B C11C EBB2 F242 14B9 0FAC 9FF6 937B 829E 565A"))))))
|
|
|
|
(priority 0)
|
|
|
|
(systems '("x86_64-linux")))))
|
|
|
|
|
|
|
|
;; Run the garbe collector every day at 3:00 AM
|
|
|
|
(define garbage-collector-job
|
|
|
|
#~(job "0 3 * * *"
|
|
|
|
"guix gc -F 50G"))
|
|
|
|
|
|
|
|
;; Restart the cuiras worker every night
|
|
|
|
(define restart-worker-job
|
|
|
|
#~(job "0 2 * * *"
|
|
|
|
"herd restart cuirass-remote-worker"))
|
|
|
|
|
|
|
|
;; Curiass module filter
|
|
|
|
(define default-module-filter
|
|
|
|
(match-lambda
|
|
|
|
(('guix 'config) #f)
|
|
|
|
(('guix _ ...) #t)
|
|
|
|
(('gnu _ ...) #t)
|
|
|
|
(('nongnu _ ...) #f)
|
|
|
|
(('nonguix _ ...) #f)
|
|
|
|
(('sakura _ ...) #t)
|
|
|
|
(_ #f)))
|
|
|
|
|
|
|
|
;; Curiass operating system
|
2024-10-23 01:02:08 +00:00
|
|
|
(operating-system
|
|
|
|
(inherit %virt-freya-operating-system)
|
2024-10-23 04:19:24 +00:00
|
|
|
(host-name "cuirass")
|
2024-10-23 22:07:33 +00:00
|
|
|
(packages (cons* ; ci
|
|
|
|
cuirass
|
|
|
|
%virt-freya-packages))
|
|
|
|
(services (cons* ; avahi
|
|
|
|
(service avahi-service-type)
|
|
|
|
; cuirass
|
|
|
|
(service cuirass-service-type
|
|
|
|
(cuirass-configuration
|
|
|
|
(remote-server
|
|
|
|
(cuirass-remote-server-configuration
|
|
|
|
(private-key "/etc/guix/signing-key.sec")
|
|
|
|
(public-key "/etc/guix/signing-key.pub")
|
|
|
|
(publish? #f)
|
|
|
|
(trigger-url "localhost:8080")))
|
|
|
|
(specifications %cuirass-specs)))
|
|
|
|
; cuirass worker
|
|
|
|
(service cuirass-remote-worker-service-type
|
|
|
|
(cuirass-remote-worker-configuration
|
|
|
|
(private-key "/etc/guix/signing-key.sec")
|
|
|
|
(public-key "/etc/guix/signing-key.pub")
|
|
|
|
(server "localhost:5555")
|
|
|
|
(substitute-urls (list "https://ci.guix.gnu.org"
|
|
|
|
"https://substitutes.freya.cat"))
|
|
|
|
(systems '("x86_64-linux"))
|
|
|
|
(workers 2)))
|
|
|
|
; guix publish
|
|
|
|
(service guix-publish-service-type
|
|
|
|
(guix-publish-configuration
|
|
|
|
(cache "/var/cache/publish")
|
|
|
|
(compression '(("zstd" 19)))
|
|
|
|
(port 8080)))
|
|
|
|
; cron
|
|
|
|
(simple-service 'cron
|
|
|
|
mcron-service-type
|
|
|
|
(list garbage-collector-job
|
|
|
|
restart-worker-job))
|
|
|
|
; iptables
|
|
|
|
(service iptables-service-type
|
|
|
|
(iptables-configuration
|
|
|
|
(ipv4-rules (plain-file "iptables.rules" "*filter
|
|
|
|
-A INPUT -p tcp --dport 5522 ! -s 127.0.0.1 -j REJECT
|
|
|
|
-A INPUT -p tcp --dport 5555:5558 ! -s 127.0.0.1 -j REJECT
|
|
|
|
-A INPUT -p tcp --dport 8080:8081 ! -s 127.0.0.1 -j REJECT
|
|
|
|
COMMIT
|
|
|
|
"))))
|
|
|
|
; nginx
|
|
|
|
(service nginx-service-type
|
|
|
|
(nginx-configuration
|
|
|
|
(upstream-blocks
|
|
|
|
(list
|
|
|
|
(nginx-upstream-configuration
|
|
|
|
(name "cuirass")
|
|
|
|
(servers (list "localhost:8081")))
|
|
|
|
(nginx-upstream-configuration
|
|
|
|
(name "publish")
|
|
|
|
(servers (list "localhost:8080")))))
|
|
|
|
(server-blocks
|
|
|
|
(list
|
|
|
|
(nginx-server-configuration
|
|
|
|
(server-name '("cuirass.in.freya.cat"))
|
|
|
|
(listen '("80"))
|
|
|
|
(locations
|
|
|
|
(list
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/")
|
|
|
|
(body
|
|
|
|
(list "proxy_pass http://cuirass;"))))))
|
|
|
|
(nginx-server-configuration
|
|
|
|
(server-name '("substitutes.in.freya.cat"))
|
|
|
|
(listen '("80"))
|
|
|
|
(raw-content '("rewrite ^//(.*)$ /$1 redirect;"))
|
|
|
|
(index (list "index.html"))
|
|
|
|
(locations
|
|
|
|
(list
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/signing-key.pub")
|
|
|
|
(body '("proxy_pass http://publish;")))
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/file/")
|
|
|
|
(body '("proxy_pass http://publish;")))
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/log/")
|
|
|
|
(body '("proxy_pass http://publish;")))
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/nix-cache-info")
|
|
|
|
(body (list
|
|
|
|
"proxy_pass http://publish;"
|
|
|
|
"proxy_hide_header Set-Cookie;")))
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "/nar/")
|
|
|
|
(body (list
|
|
|
|
"proxy_pass http://publish;"
|
|
|
|
"client_body_buffer_size 256k;"
|
|
|
|
;; Nars are already compressed. -> no perf change
|
|
|
|
"gzip off;"
|
|
|
|
"proxy_pass_header Cache-Control;")))
|
|
|
|
(nginx-location-configuration
|
|
|
|
(uri "~ \\.narinfo$")
|
|
|
|
(body
|
|
|
|
(list
|
|
|
|
"proxy_pass http://publish;"
|
|
|
|
"client_body_buffer_size 128k;"
|
|
|
|
"proxy_connect_timeout 2s;"
|
|
|
|
"proxy_read_timeout 2s;"
|
|
|
|
"proxy_send_timeout 2s;"
|
|
|
|
"proxy_pass_header Cache-Control;"
|
|
|
|
"proxy_ignore_client_abort on;"))))))))))
|
|
|
|
%base-freya-services))
|
2024-10-23 01:15:56 +00:00
|
|
|
(swap-devices (list (swap-space
|
2024-10-23 22:07:33 +00:00
|
|
|
(target (uuid
|
|
|
|
"8ffa6d73-06e9-4dc5-9b15-569b3b176dbc")))))
|
2024-10-23 01:02:08 +00:00
|
|
|
(file-systems (cons* (file-system
|
|
|
|
(mount-point "/")
|
2024-10-23 02:53:48 +00:00
|
|
|
(device (uuid "fae7deed-d630-40a1-adac-87f49b431ad4"))
|
2024-10-23 01:02:08 +00:00
|
|
|
(type "btrfs"))
|
|
|
|
(file-system
|
|
|
|
(mount-point "/boot")
|
2024-10-23 02:53:48 +00:00
|
|
|
(device (uuid "027A-4AA1"
|
2024-10-23 01:02:08 +00:00
|
|
|
'fat32))
|
|
|
|
(type "vfat"))
|
2024-10-23 22:07:33 +00:00
|
|
|
%base-freya-file-systems))
|
2024-10-23 01:02:08 +00:00
|
|
|
(bootloader (bootloader-configuration
|
|
|
|
(bootloader grub-bootloader)
|
2024-10-23 01:15:56 +00:00
|
|
|
(targets '("/dev/sda")))))
|