Make the domain configurable

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
Denis 'GNUtoo' Carikli 2023-09-12 18:55:46 +02:00
parent 41e8b2fed0
commit 375df9954e
Signed by: GNUtoo
GPG Key ID: 5F5DFCC14177E263
9 changed files with 152 additions and 55 deletions

13
.gitignore vendored
View File

@ -1,5 +1,18 @@
*~
\#*\#
aclocal.m4
autom4te.cache/**
config.log
config.status
configure
guix-commit.txt
id_ed25519
id_ed25519.pub
index.html
install-sh
Makefile
Makefile.in
missing
mumble-vm-machine.scm
mumble-vm-system.scm
signing-key.pub

View File

@ -1,40 +0,0 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
DESTDIR ?= .
.PHONY: all help install update $(DESTDIR)/mumble-vm.img
IMAGE_SOURCE = \
mumble-vm-system.scm \
id_ed25519.pub \
Makefile \
signing-key.pub
all: help
help:
@printf "Available commands:\n\
make help # prints this help\n\
make install # install image to $(DESTDIR)/ \n\
make deploy # update existing vm with guix deploy through SSH\n\
"
$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE)
sudo install \
`guix system image \
--image-type=mbr-raw \
--image-size=6G mumble-vm-system.scm` \
$@
install: $(DESTDIR)/mumble-vm.img
deploy:
guix deploy -L . mumble-vm-machine.scm

56
Makefile.am Normal file
View File

@ -0,0 +1,56 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
dist_pkgdata_DATA = mumble-vm.img
CLEANFILES = \
first-boot.sh \
guix-commit.txt \
index.html \
mumble-vm.img \
mumble-vm-machine.scm \
mumble-vm-system.scm
# We want to only update the image when guix commit changes. The trick
# to make that work is to only create or update a file when the revision
# changes.
guix-commit.txt: Makefile
if [ ! -f $@ ] ; then \
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
elif [ "$(cat $@)" != \
"$(guix describe | \
grep '^ commit:' | awk '{print $$2}')" ] ; then \
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
fi
%.html: %.html.tmpl guix-commit.txt Makefile
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
%.scm: %.scm.tmpl guix-commit.txt Makefile
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
IMAGE_SOURCE = \
guix-commit.txt \
index.html \
mumble-vm-machine.scm \
mumble-vm-system.scm \
id_ed25519.pub \
Makefile \
signing-key.pub
mumble-vm.img: $(IMAGE_SOURCE)
sudo install \
`guix system image \
--image-type=mbr-raw \
--image-size=6G mumble-vm-system.scm` \
$@
deploy: $(IMAGE_SOURCE)
guix deploy -L . mumble-vm-machine.scm

18
README
View File

@ -1,3 +1,21 @@
Deployment
==========
To build the virtual machine image you can use the following command:
$ ./autogen.sh && ./configure && make
You can also check the configure option for configuring it for testing
on another infrastructure (for instance by using another domain).
Note that letsencrypt has a limit of about 5 certificates per week, so
it's a good idea to use test domains before deployments.
Once the image is booted:
- You will need to login inside and run the following command:
# certbot certonly --standalone -d audio.experimental.a-lec.org
# herd restart nginx
# herd restart mumble-server
- You then need to set the root password.
License
=======
This project is free software: you can redistribute it and/or modify

11
autogen.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
autoreconf -fi $@

40
configure.ac Normal file
View File

@ -0,0 +1,40 @@
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
AC_PREREQ([2.69])
AC_INIT([mumble-vm], [0.1], [GNUtoo@cyberdimension.org])
AC_CONFIG_SRCDIR([mumble-vm-system.scm.tmpl])
AC_PROG_AWK
AC_PROG_MKDIR_P
AM_INIT_AUTOMAKE([foreign])
AC_CHECK_PROG([GUIX], [guix], [guix])
AC_CHECK_PROG([SED], [sed], [sed])
AC_SUBST([DOMAIN], [])
AC_ARG_WITH([domain],
[AS_HELP_STRING([--with-domain=DOMAIN],
[Use custom domain (default=audio.experimental.a-lec.org)])],
[DOMAIN=$withval],
[DOMAIN=audio.experimental.a-lec.org])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
echo
echo "Configuration options:"
echo "======================"
echo "- domain: $DOMAIN"

View File

@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html>
<!--
-- Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
--
@ -13,7 +12,7 @@
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>audio.experimental.a-lec.org</title>
<title>DOMAIN</title>
<meta name="keywords" content="a-lec, Libre en communs, logiciel libre" />
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
</head>
@ -80,7 +79,7 @@
<h2>Informations de connexion</h2>
<p>Les Information pour vous connecter :</p>
<ul>
<li>adresse : audio.experimental.a-lec.org</li>
<li>adresse : DOMAIN</li>
<li>port : 64738</li>
<li>nom d'utilisateur : votre pseudo</li>
<li>Nom : Libre en communs</li>

View File

@ -31,7 +31,7 @@
"ssh-ed25519"
" "
"AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC"))
(host-name "audio.experimental.a-lec.org")
(host-name "DOMAIN")
(identity "./id_ed25519")
(port 222)
(system "x86_64-linux")

View File

@ -35,12 +35,12 @@
(arguments
(list
#:install-plan
#~(list '("index.html" "var/www/audio.experimental.chalec.org/"))))
(synopsis "The audio.experimental.chalec.org website.")
#~(list '("index.html" "var/www/DOMAIN/"))))
(synopsis "The DOMAIN website.")
(description
"The website contains how to use the service, and how to
replicate or contribute to it.")
(home-page "audio.experimental.chalec.org")
(home-page "DOMAIN")
(license license:gpl3+)))
(define-public %nginx-deploy-hook
@ -90,7 +90,7 @@ replicate or contribute to it.")
(certificates
(list
(certificate-configuration
(domains '("audio.experimental.a-lec.org"))
(domains '("DOMAIN"))
(deploy-hook %nginx-deploy-hook))))))
;; Mumble
(service mumble-server-service-type
@ -98,14 +98,14 @@ replicate or contribute to it.")
(welcome-text
"<br />
Bienvenue sur le service d'audio-conférence de <b>Libre en communs</b>.<br />
https://audio.experimental.a-lec.org/
https://DOMAIN/
<br />")
(cert-required? #t) ;; Disallow text password logins
(max-user-bandwidth 100000)
(ssl-cert
"/etc/letsencrypt/live/audio.experimental.a-lec.org/fullchain.pem")
"/etc/letsencrypt/live/DOMAIN/fullchain.pem")
(ssl-key
"/etc/letsencrypt/live/audio.experimental.a-lec.org/privkey.pem")))
"/etc/letsencrypt/live/DOMAIN/privkey.pem")))
;; Networking
(service
static-networking-service-type
@ -127,18 +127,18 @@ https://audio.experimental.a-lec.org/
(list
(nginx-server-configuration
(listen '("80" "443 ssl"))
(server-name '("audio.experimental.a-lec.org"))
(server-name '("DOMAIN"))
(ssl-certificate
(string-append
"/etc/letsencrypt/live/"
"audio.experimental.a-lec.org/fullchain.pem"))
"DOMAIN/fullchain.pem"))
(ssl-certificate-key
(string-append
"/etc/letsencrypt/live/"
"audio.experimental.a-lec.org/privkey.pem"))
"DOMAIN/privkey.pem"))
(root (string-append
"/run/current-system/profile/"
"var/www/audio.experimental.chalec.org")))))))
"var/www/DOMAIN")))))))
;; OpenSSH
(service openssh-service-type
(openssh-configuration