Make the domain configurable

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-09-12 18:55:46 +02:00 · 2023-09-12 18:55:46 +02:00 · 375df9954e
parent 41e8b2fed0
commit 375df9954e
9 changed files with 152 additions and 55 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,18 @@
 *~
 \#*\#
+aclocal.m4
+autom4te.cache/**
+config.log
+config.status
+configure
+guix-commit.txt
 id_ed25519
 id_ed25519.pub
+index.html
+install-sh
+Makefile
+Makefile.in
+missing
+mumble-vm-machine.scm
+mumble-vm-system.scm
 signing-key.pub
--- a/40
+++ b/40
@ -1,40 +0,0 @@
-# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
-#
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or (at
-# your option) any later version.
-#
-# You should have received a copy of the GNU General Public License
-# along with this file.  If not, see <http://www.gnu.org/licenses/>.
-
-DESTDIR ?= .
-
-.PHONY: all help install update $(DESTDIR)/mumble-vm.img
-
-IMAGE_SOURCE = \
-	mumble-vm-system.scm \
-	id_ed25519.pub \
-	Makefile \
-	signing-key.pub
-
-all: help
-
-help:
-	@printf "Available commands:\n\
-		make help    # prints this help\n\
-		make install # install image to $(DESTDIR)/ \n\
-		make deploy  # update existing vm with guix deploy through SSH\n\
-	"
-
-$(DESTDIR)/mumble-vm.img: $(IMAGE_SOURCE)
-	sudo install \
-		`guix system image \
-			--image-type=mbr-raw \
-			--image-size=6G mumble-vm-system.scm` \
-		$@
-
-install: $(DESTDIR)/mumble-vm.img
-
-deploy:
-	guix deploy -L . mumble-vm-machine.scm
--- a/Makefile.am
+++ b/Makefile.am
@ -0,0 +1,56 @@
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+
+dist_pkgdata_DATA = mumble-vm.img
+
+CLEANFILES = \
+	first-boot.sh \
+	guix-commit.txt \
+	index.html \
+	mumble-vm.img \
+	mumble-vm-machine.scm \
+	mumble-vm-system.scm
+
+# We want to only update the image when guix commit changes. The trick
+# to make that work is to only create or update a file when the revision
+# changes.
+guix-commit.txt: Makefile
+	if [ ! -f $@ ] ; then \
+		guix describe | grep '^    commit:' | awk '{print $$2}' > $@ ; \
+	elif [ "$(cat $@)" != \
+	       "$(guix describe | \
+			grep '^    commit:' | awk '{print $$2}')" ] ; then \
+		guix describe | grep '^    commit:' | awk '{print $$2}' > $@ ; \
+	fi
+
+%.html: %.html.tmpl guix-commit.txt Makefile
+	sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
+
+%.scm: %.scm.tmpl guix-commit.txt Makefile
+	sed 's#DOMAIN#$(DOMAIN)#g' $< > $@
+
+IMAGE_SOURCE = \
+	guix-commit.txt \
+	index.html \
+	mumble-vm-machine.scm \
+	mumble-vm-system.scm \
+	id_ed25519.pub \
+	Makefile \
+	signing-key.pub
+
+mumble-vm.img: $(IMAGE_SOURCE)
+	sudo install \
+		`guix system image \
+			--image-type=mbr-raw \
+			--image-size=6G mumble-vm-system.scm` \
+		$@
+
+deploy: $(IMAGE_SOURCE)
+	guix deploy -L . mumble-vm-machine.scm
--- a/18
+++ b/18
@ -1,3 +1,21 @@
+Deployment
+==========
+To build the virtual machine image you can use the following command:
+$ ./autogen.sh && ./configure && make
+
+You can also check the configure option for configuring it for testing
+on another infrastructure (for instance by using another domain).
+
+Note that letsencrypt has a limit of about 5 certificates per week, so
+it's a good idea to use test domains before deployments.
+
+Once the image is booted:
+- You will need to login inside and run the following command:
+  # certbot certonly --standalone -d audio.experimental.a-lec.org
+  # herd restart nginx
+  # herd restart mumble-server
+- You then need to set the root password.
+
 License
 =======
 This project is free software: you can redistribute it and/or modify
--- a/autogen.sh
+++ b/autogen.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file.  If not, see <http://www.gnu.org/licenses/>.
+autoreconf -fi $@
--- a/configure.ac
+++ b/configure.ac
@ -0,0 +1,40 @@
+# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+AC_PREREQ([2.69])
+AC_INIT([mumble-vm], [0.1], [GNUtoo@cyberdimension.org])
+AC_CONFIG_SRCDIR([mumble-vm-system.scm.tmpl])
+AC_PROG_AWK
+AC_PROG_MKDIR_P
+AM_INIT_AUTOMAKE([foreign])
+
+AC_CHECK_PROG([GUIX], [guix], [guix])
+AC_CHECK_PROG([SED], [sed], [sed])
+
+AC_SUBST([DOMAIN], [])
+
+AC_ARG_WITH([domain],
+  [AS_HELP_STRING([--with-domain=DOMAIN],
+                  [Use custom domain (default=audio.experimental.a-lec.org)])],
+  [DOMAIN=$withval],
+  [DOMAIN=audio.experimental.a-lec.org])
+
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT
+
+echo
+echo "Configuration options:"
+echo "======================"
+echo "- domain: $DOMAIN"
--- a/index.html.tmpl
+++ b/index.html.tmpl
@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html>
 <!--
  -- Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
  --
@ -13,7 +12,7 @@
  -->
 <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
-    <title>audio.experimental.a-lec.org</title>
+    <title>DOMAIN</title>
    <meta name="keywords" content="a-lec, Libre en communs, logiciel libre" />
    <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
  </head>
@ -80,7 +79,7 @@
    <h2>Informations de connexion</h2>
    <p>Les Information pour vous connecter :</p>
    <ul>
-      <li>adresse : audio.experimental.a-lec.org</li>
+      <li>adresse : DOMAIN</li>
      <li>port : 64738</li>
      <li>nom d'utilisateur : votre pseudo</li>
      <li>Nom : Libre en communs</li>
--- a/mumble-vm-machine.scm.tmpl
+++ b/mumble-vm-machine.scm.tmpl
@ -31,7 +31,7 @@
      "ssh-ed25519"
      " "
      "AAAABBBBCCCCDDDDEEEEFFFFF1111222233334444555566667777888899990000ABC"))
-    (host-name "audio.experimental.a-lec.org")
+    (host-name "DOMAIN")
    (identity "./id_ed25519")
    (port 222)
    (system "x86_64-linux")
--- a/mumble-vm-system.scm.tmpl
+++ b/mumble-vm-system.scm.tmpl
@ -35,12 +35,12 @@
    (arguments
     (list
     #:install-plan
-     #~(list '("index.html" "var/www/audio.experimental.chalec.org/"))))
-    (synopsis "The audio.experimental.chalec.org website.")
+     #~(list '("index.html" "var/www/DOMAIN/"))))
+    (synopsis "The DOMAIN website.")
    (description
     "The website contains how to use the service, and how to
 replicate or contribute to it.")
-    (home-page "audio.experimental.chalec.org")
+    (home-page "DOMAIN")
    (license license:gpl3+)))

 (define-public %nginx-deploy-hook
@ -90,7 +90,7 @@ replicate or contribute to it.")
        (certificates
         (list
          (certificate-configuration
-           (domains '("audio.experimental.a-lec.org"))
+           (domains '("DOMAIN"))
           (deploy-hook %nginx-deploy-hook))))))
      ;; Mumble
      (service mumble-server-service-type
@ -98,14 +98,14 @@ replicate or contribute to it.")
          (welcome-text
           "<br />
 Bienvenue sur le service d'audio-conférence de <b>Libre en communs</b>.<br />
-https://audio.experimental.a-lec.org/
+https://DOMAIN/
 <br />")
          (cert-required? #t) ;; Disallow text password logins
          (max-user-bandwidth 100000)
          (ssl-cert
-           "/etc/letsencrypt/live/audio.experimental.a-lec.org/fullchain.pem")
+           "/etc/letsencrypt/live/DOMAIN/fullchain.pem")
          (ssl-key
-           "/etc/letsencrypt/live/audio.experimental.a-lec.org/privkey.pem")))
+           "/etc/letsencrypt/live/DOMAIN/privkey.pem")))
      ;; Networking
      (service
       static-networking-service-type
@ -127,18 +127,18 @@ https://audio.experimental.a-lec.org/
         (list
          (nginx-server-configuration
           (listen '("80" "443 ssl"))
-           (server-name '("audio.experimental.a-lec.org"))
+           (server-name '("DOMAIN"))
           (ssl-certificate
            (string-append
             "/etc/letsencrypt/live/"
-             "audio.experimental.a-lec.org/fullchain.pem"))
+             "DOMAIN/fullchain.pem"))
           (ssl-certificate-key
            (string-append
             "/etc/letsencrypt/live/"
-             "audio.experimental.a-lec.org/privkey.pem"))
+             "DOMAIN/privkey.pem"))
           (root (string-append
                  "/run/current-system/profile/"
-                  "var/www/audio.experimental.chalec.org")))))))
+                  "var/www/DOMAIN")))))))
      ;; OpenSSH
      (service openssh-service-type
               (openssh-configuration