diff --git a/.gitignore b/.gitignore index d25da52..3329d57 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,18 @@ *~ \#*\# +aclocal.m4 +autom4te.cache/** +config.log +config.status +configure +guix-commit.txt id_ed25519 id_ed25519.pub +index.html +install-sh +Makefile +Makefile.in +missing +mumble-vm-machine.scm +mumble-vm-system.scm signing-key.pub diff --git a/Makefile b/Makefile deleted file mode 100644 index a5cceec..0000000 --- a/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright (C) 2023 Denis 'GNUtoo' Carikli -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# You should have received a copy of the GNU General Public License -# along with this file. If not, see . - -DESTDIR ?= . - -.PHONY: all help install update $(DESTDIR)/mumble-vm.img - -IMAGE_SOURCE = \ - mumble-vm-system.scm \ - id_ed25519.pub \ - Makefile \ - signing-key.pub - -all: help - -help: - @printf "Available commands:\n\ - make help # prints this help\n\ - make install # install image to $(DESTDIR)/ \n\ - make deploy # update existing vm with guix deploy through SSH\n\ - " - -$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE) - sudo install \ - `guix system image \ - --image-type=mbr-raw \ - --image-size=6G mumble-vm-system.scm` \ - $@ - -install: $(DESTDIR)/mumble-vm.img - -deploy: - guix deploy -L . mumble-vm-machine.scm diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..a4dfb13 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,56 @@ +# Copyright (C) 2023 Denis 'GNUtoo' Carikli +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . + +dist_pkgdata_DATA = mumble-vm.img + +CLEANFILES = \ + first-boot.sh \ + guix-commit.txt \ + index.html \ + mumble-vm.img \ + mumble-vm-machine.scm \ + mumble-vm-system.scm + +# We want to only update the image when guix commit changes. The trick +# to make that work is to only create or update a file when the revision +# changes. +guix-commit.txt: Makefile + if [ ! -f $@ ] ; then \ + guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \ + elif [ "$(cat $@)" != \ + "$(guix describe | \ + grep '^ commit:' | awk '{print $$2}')" ] ; then \ + guix describe | grep '^ commit:' | awk '{print $$2}' > $@ ; \ + fi + +%.html: %.html.tmpl guix-commit.txt Makefile + sed 's#DOMAIN#$(DOMAIN)#g' $< > $@ + +%.scm: %.scm.tmpl guix-commit.txt Makefile + sed 's#DOMAIN#$(DOMAIN)#g' $< > $@ + +IMAGE_SOURCE = \ + guix-commit.txt \ + index.html \ + mumble-vm-machine.scm \ + mumble-vm-system.scm \ + id_ed25519.pub \ + Makefile \ + signing-key.pub + +mumble-vm.img: $(IMAGE_SOURCE) + sudo install \ + `guix system image \ + --image-type=mbr-raw \ + --image-size=6G mumble-vm-system.scm` \ + $@ + +deploy: $(IMAGE_SOURCE) + guix deploy -L . mumble-vm-machine.scm diff --git a/README b/README index 4aa9de8..a261991 100644 --- a/README +++ b/README @@ -1,3 +1,21 @@ +Deployment +========== +To build the virtual machine image you can use the following command: +$ ./autogen.sh && ./configure && make + +You can also check the configure option for configuring it for testing +on another infrastructure (for instance by using another domain). + +Note that letsencrypt has a limit of about 5 certificates per week, so +it's a good idea to use test domains before deployments. + +Once the image is booted: +- You will need to login inside and run the following command: + # certbot certonly --standalone -d audio.experimental.a-lec.org + # herd restart nginx + # herd restart mumble-server +- You then need to set the root password. + License ======= This project is free software: you can redistribute it and/or modify diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..a340f99 --- /dev/null +++ b/autogen.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Copyright (C) 2023 Denis 'GNUtoo' Carikli +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . +autoreconf -fi $@ diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..9df10be --- /dev/null +++ b/configure.ac @@ -0,0 +1,40 @@ +# Copyright (C) 2023 Denis 'GNUtoo' Carikli +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +AC_PREREQ([2.69]) +AC_INIT([mumble-vm], [0.1], [GNUtoo@cyberdimension.org]) +AC_CONFIG_SRCDIR([mumble-vm-system.scm.tmpl]) +AC_PROG_AWK +AC_PROG_MKDIR_P +AM_INIT_AUTOMAKE([foreign]) + +AC_CHECK_PROG([GUIX], [guix], [guix]) +AC_CHECK_PROG([SED], [sed], [sed]) + +AC_SUBST([DOMAIN], []) + +AC_ARG_WITH([domain], + [AS_HELP_STRING([--with-domain=DOMAIN], + [Use custom domain (default=audio.experimental.a-lec.org)])], + [DOMAIN=$withval], + [DOMAIN=audio.experimental.a-lec.org]) + +AC_CONFIG_FILES([Makefile]) +AC_OUTPUT + +echo +echo "Configuration options:" +echo "======================" +echo "- domain: $DOMAIN" diff --git a/index.html b/index.html.tmpl similarity index 97% rename from index.html rename to index.html.tmpl index 6166ffc..a837a29 100644 --- a/index.html +++ b/index.html.tmpl @@ -1,5 +1,4 @@ - - audio.experimental.a-lec.org + DOMAIN @@ -80,7 +79,7 @@

Informations de connexion

Les Information pour vous connecter :

    -
  • adresse : audio.experimental.a-lec.org
    • +
  • adresse : DOMAIN
  • port : 64738
  • nom d'utilisateur : votre pseudo
  • Nom : Libre en communs
    • diff --git a/mumble-vm-machine.scm b/mumble-vm-machine.scm.tmpl similarity index 96% rename from mumble-vm-machine.scm rename to mumble-vm-machine.scm.tmpl index f2d8174..5b94711 100644 --- a/mumble-vm-machine.scm +++ b/mumble-vm-machine.scm.tmpl @@ -31,7 +31,7 @@ "ssh-ed25519" " " "AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC")) - (host-name "audio.experimental.a-lec.org") + (host-name "DOMAIN") (identity "./id_ed25519") (port 222) (system "x86_64-linux") diff --git a/mumble-vm-system.scm b/mumble-vm-system.scm.tmpl similarity index 88% rename from mumble-vm-system.scm rename to mumble-vm-system.scm.tmpl index cb8568f..f04162f 100644 --- a/mumble-vm-system.scm +++ b/mumble-vm-system.scm.tmpl @@ -35,12 +35,12 @@ (arguments (list #:install-plan - #~(list '("index.html" "var/www/audio.experimental.chalec.org/")))) - (synopsis "The audio.experimental.chalec.org website.") + #~(list '("index.html" "var/www/DOMAIN/")))) + (synopsis "The DOMAIN website.") (description "The website contains how to use the service, and how to replicate or contribute to it.") - (home-page "audio.experimental.chalec.org") + (home-page "DOMAIN") (license license:gpl3+))) (define-public %nginx-deploy-hook @@ -90,7 +90,7 @@ replicate or contribute to it.") (certificates (list (certificate-configuration - (domains '("audio.experimental.a-lec.org")) + (domains '("DOMAIN")) (deploy-hook %nginx-deploy-hook)))))) ;; Mumble (service mumble-server-service-type @@ -98,14 +98,14 @@ replicate or contribute to it.") (welcome-text "
    Bienvenue sur le service d'audio-conférence de Libre en communs.
    -https://audio.experimental.a-lec.org/ +https://DOMAIN/
    ") (cert-required? #t) ;; Disallow text password logins (max-user-bandwidth 100000) (ssl-cert - "/etc/letsencrypt/live/audio.experimental.a-lec.org/fullchain.pem") + "/etc/letsencrypt/live/DOMAIN/fullchain.pem") (ssl-key - "/etc/letsencrypt/live/audio.experimental.a-lec.org/privkey.pem"))) + "/etc/letsencrypt/live/DOMAIN/privkey.pem"))) ;; Networking (service static-networking-service-type @@ -127,18 +127,18 @@ https://audio.experimental.a-lec.org/ (list (nginx-server-configuration (listen '("80" "443 ssl")) - (server-name '("audio.experimental.a-lec.org")) + (server-name '("DOMAIN")) (ssl-certificate (string-append "/etc/letsencrypt/live/" - "audio.experimental.a-lec.org/fullchain.pem")) + "DOMAIN/fullchain.pem")) (ssl-certificate-key (string-append "/etc/letsencrypt/live/" - "audio.experimental.a-lec.org/privkey.pem")) + "DOMAIN/privkey.pem")) (root (string-append "/run/current-system/profile/" - "var/www/audio.experimental.chalec.org"))))))) + "var/www/DOMAIN"))))))) ;; OpenSSH (service openssh-service-type (openssh-configuration