(use-modules (freya system) (ice-9 match) (gnu packages ci) (gnu packages databases) (gnu services cuirass) (gnu services avahi) (gnu services mcron) (gnu services web) (gnu services databases) (gnu services networking) (guix gexp) (gnu)) ;; Cuirass specification (define %cuirass-specs #~(list (specification (name "sakura") (build '(channels sakura)) (channels (list %default-guix-channel (channel (name 'sakura) (url "https://g.freya.cat/freya/sakura") (branch "main") (introduction (make-channel-introduction "8fb2f9c2fa414754c41c1c73665e3e73e12693ab" (openpgp-fingerprint "3CD3 65F0 373C EB13 853A F568 9FBC 6FFD 6D2D BF17")))))) (priority 0) (systems '("x86_64-linux"))))) ;; Run the garbe collector every day at 3:00 AM (define garbage-collector-job #~(job "0 3 * * *" "guix gc -F 50G")) ;; Restart the cuiras worker every night (define restart-worker-job #~(job "0 2 * * *" "herd restart cuirass-remote-worker")) ;; Curiass module filter (define default-module-filter (match-lambda (('guix 'config) #f) (('guix _ ...) #t) (('gnu _ ...) #t) (('nongnu _ ...) #f) (('nonguix _ ...) #f) (('sakura _ ...) #t) (_ #f))) ;; Curiass operating system (operating-system (inherit %virt-freya-operating-system) (host-name "cuirass") (packages (cons* ; ci cuirass %virt-freya-packages)) (services (cons* ; avahi (service avahi-service-type) ; cuirass (service cuirass-service-type (cuirass-configuration (specifications %cuirass-specs))) ; guix publish (service guix-publish-service-type (guix-publish-configuration (cache "/var/cache/publish") (compression '(("zstd" 19))) (port 8080))) ; postgresql (service postgresql-service-type (postgresql-configuration (postgresql postgresql-14))) ; cron (simple-service 'cron mcron-service-type (list garbage-collector-job restart-worker-job)) ; iptables (service iptables-service-type (iptables-configuration (ipv4-rules (plain-file "iptables.rules" "*filter -A INPUT -p tcp --dport 5522 ! -s 127.0.0.1 -j REJECT -A INPUT -p tcp --dport 5555:5558 ! -s 127.0.0.1 -j REJECT -A INPUT -p tcp --dport 8080:8081 ! -s 127.0.0.1 -j REJECT COMMIT ")))) ; nginx (service nginx-service-type (nginx-configuration (upstream-blocks (list (nginx-upstream-configuration (name "cuirass") (servers (list "localhost:8081"))) (nginx-upstream-configuration (name "publish") (servers (list "localhost:8080"))))) (server-blocks (list (nginx-server-configuration (server-name '("cuirass.in.freya.cat")) (listen '("80")) (locations (list (nginx-location-configuration (uri "/") (body (list "proxy_pass http://cuirass;" "proxy_set_header X-Forwarded-Proto https;")))))) (nginx-server-configuration (server-name '("substitutes.in.freya.cat")) (listen '("80")) (raw-content '("rewrite ^//(.*)$ /$1 redirect;")) (index (list "index.html")) (locations (list (nginx-location-configuration (uri "/signing-key.pub") (body '("proxy_pass http://publish;"))) (nginx-location-configuration (uri "/file/") (body '("proxy_pass http://publish;"))) (nginx-location-configuration (uri "/log/") (body '("proxy_pass http://publish;"))) (nginx-location-configuration (uri "/nix-cache-info") (body (list "proxy_pass http://publish;" "proxy_hide_header Set-Cookie;"))) (nginx-location-configuration (uri "/nar/") (body (list "proxy_pass http://publish;" "client_body_buffer_size 256k;" ;; Nars are already compressed. -> no perf change "gzip off;" "proxy_pass_header Cache-Control;"))) (nginx-location-configuration (uri "~ \\.narinfo$") (body (list "proxy_pass http://publish;" "client_body_buffer_size 128k;" "proxy_connect_timeout 2s;" "proxy_read_timeout 2s;" "proxy_send_timeout 2s;" "proxy_pass_header Cache-Control;" "proxy_ignore_client_abort on;")))))))))) %base-freya-services)) (swap-devices (list (swap-space (target (uuid "8ffa6d73-06e9-4dc5-9b15-569b3b176dbc"))))) (file-systems (cons* (file-system (mount-point "/") (device (uuid "fae7deed-d630-40a1-adac-87f49b431ad4")) (type "btrfs")) (file-system (mount-point "/boot") (device (uuid "027A-4AA1" 'fat32)) (type "vfat")) %base-freya-file-systems)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sda")))))