Make the domain configurable
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
41e8b2fed0
commit
375df9954e
|
@ -1,5 +1,18 @@
|
|||
*~
|
||||
\#*\#
|
||||
aclocal.m4
|
||||
autom4te.cache/**
|
||||
config.log
|
||||
config.status
|
||||
configure
|
||||
guix-commit.txt
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
index.html
|
||||
install-sh
|
||||
Makefile
|
||||
Makefile.in
|
||||
missing
|
||||
mumble-vm-machine.scm
|
||||
mumble-vm-system.scm
|
||||
signing-key.pub
|
||||
|
|
40
Makefile
40
Makefile
|
@ -1,40 +0,0 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
DESTDIR ?= .
|
||||
|
||||
.PHONY: all help install update $(DESTDIR)/mumble-vm.img
|
||||
|
||||
IMAGE_SOURCE = \
|
||||
mumble-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
|
||||
all: help
|
||||
|
||||
help:
|
||||
@printf "Available commands:\n\
|
||||
make help # prints this help\n\
|
||||
make install # install image to $(DESTDIR)/ \n\
|
||||
make deploy # update existing vm with guix deploy through SSH\n\
|
||||
"
|
||||
|
||||
$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE)
|
||||
sudo install \
|
||||
`guix system image \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=6G mumble-vm-system.scm` \
|
||||
$@
|
||||
|
||||
install: $(DESTDIR)/mumble-vm.img
|
||||
|
||||
deploy:
|
||||
guix deploy -L . mumble-vm-machine.scm
|
|
@ -0,0 +1,56 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
dist_pkgdata_DATA = mumble-vm.img
|
||||
|
||||
CLEANFILES = \
|
||||
first-boot.sh \
|
||||
guix-commit.txt \
|
||||
index.html \
|
||||
mumble-vm.img \
|
||||
mumble-vm-machine.scm \
|
||||
mumble-vm-system.scm
|
||||
|
||||
# We want to only update the image when guix commit changes. The trick
|
||||
# to make that work is to only create or update a file when the revision
|
||||
# changes.
|
||||
guix-commit.txt: Makefile
|
||||
if [ ! -f $@ ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
elif [ "$(cat $@)" != \
|
||||
"$(guix describe | \
|
||||
grep '^ commit:' | awk '{print $$2}')" ] ; then \
|
||||
guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \
|
||||
fi
|
||||
|
||||
%.html: %.html.tmpl guix-commit.txt Makefile
|
||||
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
|
||||
|
||||
%.scm: %.scm.tmpl guix-commit.txt Makefile
|
||||
sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
|
||||
|
||||
IMAGE_SOURCE = \
|
||||
guix-commit.txt \
|
||||
index.html \
|
||||
mumble-vm-machine.scm \
|
||||
mumble-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
|
||||
mumble-vm.img: $(IMAGE_SOURCE)
|
||||
sudo install \
|
||||
`guix system image \
|
||||
--image-type=mbr-raw \
|
||||
--image-size=6G mumble-vm-system.scm` \
|
||||
$@
|
||||
|
||||
deploy: $(IMAGE_SOURCE)
|
||||
guix deploy -L . mumble-vm-machine.scm
|
18
README
18
README
|
@ -1,3 +1,21 @@
|
|||
Deployment
|
||||
==========
|
||||
To build the virtual machine image you can use the following command:
|
||||
$ ./autogen.sh && ./configure && make
|
||||
|
||||
You can also check the configure option for configuring it for testing
|
||||
on another infrastructure (for instance by using another domain).
|
||||
|
||||
Note that letsencrypt has a limit of about 5 certificates per week, so
|
||||
it's a good idea to use test domains before deployments.
|
||||
|
||||
Once the image is booted:
|
||||
- You will need to login inside and run the following command:
|
||||
# certbot certonly --standalone -d audio.experimental.a-lec.org
|
||||
# herd restart nginx
|
||||
# herd restart mumble-server
|
||||
- You then need to set the root password.
|
||||
|
||||
License
|
||||
=======
|
||||
This project is free software: you can redistribute it and/or modify
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
autoreconf -fi $@
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
AC_PREREQ([2.69])
|
||||
AC_INIT([mumble-vm], [0.1], [GNUtoo@cyberdimension.org])
|
||||
AC_CONFIG_SRCDIR([mumble-vm-system.scm.tmpl])
|
||||
AC_PROG_AWK
|
||||
AC_PROG_MKDIR_P
|
||||
AM_INIT_AUTOMAKE([foreign])
|
||||
|
||||
AC_CHECK_PROG([GUIX], [guix], [guix])
|
||||
AC_CHECK_PROG([SED], [sed], [sed])
|
||||
|
||||
AC_SUBST([DOMAIN], [])
|
||||
|
||||
AC_ARG_WITH([domain],
|
||||
[AS_HELP_STRING([--with-domain=DOMAIN],
|
||||
[Use custom domain (default=audio.experimental.a-lec.org)])],
|
||||
[DOMAIN=$withval],
|
||||
[DOMAIN=audio.experimental.a-lec.org])
|
||||
|
||||
AC_CONFIG_FILES([Makefile])
|
||||
AC_OUTPUT
|
||||
|
||||
echo
|
||||
echo "Configuration options:"
|
||||
echo "======================"
|
||||
echo "- domain: $DOMAIN"
|
|
@ -1,5 +1,4 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE html>
|
||||
<!--
|
||||
-- Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
--
|
||||
|
@ -13,7 +12,7 @@
|
|||
-->
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>audio.experimental.a-lec.org</title>
|
||||
<title>DOMAIN</title>
|
||||
<meta name="keywords" content="a-lec, Libre en communs, logiciel libre" />
|
||||
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
|
||||
</head>
|
||||
|
@ -80,7 +79,7 @@
|
|||
<h2>Informations de connexion</h2>
|
||||
<p>Les Information pour vous connecter :</p>
|
||||
<ul>
|
||||
<li>adresse : audio.experimental.a-lec.org</li>
|
||||
<li>adresse : DOMAIN</li>
|
||||
<li>port : 64738</li>
|
||||
<li>nom d'utilisateur : votre pseudo</li>
|
||||
<li>Nom : Libre en communs</li>
|
|
@ -31,7 +31,7 @@
|
|||
"ssh-ed25519"
|
||||
" "
|
||||
"AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC"))
|
||||
(host-name "audio.experimental.a-lec.org")
|
||||
(host-name "DOMAIN")
|
||||
(identity "./id_ed25519")
|
||||
(port 222)
|
||||
(system "x86_64-linux")
|
|
@ -35,12 +35,12 @@
|
|||
(arguments
|
||||
(list
|
||||
#:install-plan
|
||||
#~(list '("index.html" "var/www/audio.experimental.chalec.org/"))))
|
||||
(synopsis "The audio.experimental.chalec.org website.")
|
||||
#~(list '("index.html" "var/www/DOMAIN/"))))
|
||||
(synopsis "The DOMAIN website.")
|
||||
(description
|
||||
"The website contains how to use the service, and how to
|
||||
replicate or contribute to it.")
|
||||
(home-page "audio.experimental.chalec.org")
|
||||
(home-page "DOMAIN")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public %nginx-deploy-hook
|
||||
|
@ -90,7 +90,7 @@ replicate or contribute to it.")
|
|||
(certificates
|
||||
(list
|
||||
(certificate-configuration
|
||||
(domains '("audio.experimental.a-lec.org"))
|
||||
(domains '("DOMAIN"))
|
||||
(deploy-hook %nginx-deploy-hook))))))
|
||||
;; Mumble
|
||||
(service mumble-server-service-type
|
||||
|
@ -98,14 +98,14 @@ replicate or contribute to it.")
|
|||
(welcome-text
|
||||
"<br />
|
||||
Bienvenue sur le service d'audio-conférence de <b>Libre en communs</b>.<br />
|
||||
https://audio.experimental.a-lec.org/
|
||||
https://DOMAIN/
|
||||
<br />")
|
||||
(cert-required? #t) ;; Disallow text password logins
|
||||
(max-user-bandwidth 100000)
|
||||
(ssl-cert
|
||||
"/etc/letsencrypt/live/audio.experimental.a-lec.org/fullchain.pem")
|
||||
"/etc/letsencrypt/live/DOMAIN/fullchain.pem")
|
||||
(ssl-key
|
||||
"/etc/letsencrypt/live/audio.experimental.a-lec.org/privkey.pem")))
|
||||
"/etc/letsencrypt/live/DOMAIN/privkey.pem")))
|
||||
;; Networking
|
||||
(service
|
||||
static-networking-service-type
|
||||
|
@ -127,18 +127,18 @@ https://audio.experimental.a-lec.org/
|
|||
(list
|
||||
(nginx-server-configuration
|
||||
(listen '("80" "443 ssl"))
|
||||
(server-name '("audio.experimental.a-lec.org"))
|
||||
(server-name '("DOMAIN"))
|
||||
(ssl-certificate
|
||||
(string-append
|
||||
"/etc/letsencrypt/live/"
|
||||
"audio.experimental.a-lec.org/fullchain.pem"))
|
||||
"DOMAIN/fullchain.pem"))
|
||||
(ssl-certificate-key
|
||||
(string-append
|
||||
"/etc/letsencrypt/live/"
|
||||
"audio.experimental.a-lec.org/privkey.pem"))
|
||||
"DOMAIN/privkey.pem"))
|
||||
(root (string-append
|
||||
"/run/current-system/profile/"
|
||||
"var/www/audio.experimental.chalec.org")))))))
|
||||
"var/www/DOMAIN")))))))
|
||||
;; OpenSSH
|
||||
(service openssh-service-type
|
||||
(openssh-configuration
|
Loading…
Reference in New Issue