[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
potluck in the house
From: |
Andy Wingo |
Subject: |
potluck in the house |
Date: |
Thu, 13 Apr 2017 15:25:53 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hi!
This is an update on "guix potluck", an attempt to support a more
decentralized way of developing Guix packages, as a complement to the
main package set.
I have a number of packages that I never packaged for external use, at
least beyond putting them in a git repo somewhere. Here's an example of
packaging one of these with guix potluck. Guile-Present is a library
that lets you write presentations in Texinfo and uses Cairo to render
nthat to slides.
I dug up the repo and pushed it to gitlab at
https://gitlab.com/wingo/guile-present. Then in the root directory of
that checkout I ran:
guix potluck init
and it carps, saying
guix potluck init: wrong number of arguments
usage: guix potluck init [OPT...] REMOTE-GIT-URL
Try 'guix potluck --help' for more information.
If you run help you see you need a URL for the public git repo. Cool, I
have that:
guix potluck init https://gitlab.com/wingo/guile-present
Now it says:
guix potluck: error: init: missing --build-system; try --build-system=help
for options
OK, I do that:
guix potluck: Available build systems:
ant The standard Ant build system
asdf/ecl The build system for ASDF binary packages using ECL
asdf/sbcl The build system for ASDF binary packages using SBCL
asdf/source The build system for ASDF source packages
cargo Cargo build system, to build Rust crates
cmake The standard CMake build system
dub DUB build system, to build D packages
emacs The build system for Emacs packages
glib-or-gtk The GNU Build System—i.e., ./configure && make &&
make install,
augmented with definition of suitable environment variables for glib and
gtk+
in program wrappers.
gnu The GNU Build System—i.e., ./configure && make &&
make install
haskell The standard Haskell build system
ocaml The standard OCaml build system
perl The standard Perl build system
python The standard Python build system
r The standard R build system
ruby The standard Ruby build system
trivial Trivial build system, to run arbitrary Scheme build
expressions
waf The standard waf build system
Additionally, --autotools is like --build-system=gnu, but also indicating
that the package needs autoreconf before running ./configure.
OK great, sounds like --autotools is what I need.
guix potluck init --autotools https://gitlab.com/wingo/guile-present
Yaargh:
guix potluck: error: init: missing --license; try --license=help for options
OK let's get help then with --license=help:
guix potluck: Available licenses:
agpl1 https://gnu.org/licenses/agpl.html
agpl3 https://gnu.org/licenses/agpl.html
agpl3+ https://gnu.org/licenses/agpl.html
artistic2.0 http://www.perlfoundation.org/artistic_license_2_0
asl1.1 http://directory.fsf.org/wiki/License:Apache1.1
asl2.0 http://directory.fsf.org/wiki/License:Apache2.0
boost1.0 http://directory.fsf.org/wiki/License:Boost1.0
bsd-2 http://directory.fsf.org/wiki/License:FreeBSD
bsd-3 http://directory.fsf.org/wiki/License:BSD_3Clause
bsd-4 http://directory.fsf.org/wiki/License:BSD_4Clause
cc-by-sa2.0 http://creativecommons.org/licenses/by-sa/2.0/
cc-by-sa3.0 http://creativecommons.org/licenses/by-sa/3.0/
cc-by-sa4.0 http://creativecommons.org/licenses/by-sa/4.0/
cc-by2.0 http://creativecommons.org/licenses/by/2.0/
cc-by3.0 http://creativecommons.org/licenses/by/3.0/
cc0 http://directory.fsf.org/wiki/License:CC0
cddl1.0 http://directory.fsf.org/wiki/License:CDDLv1.0
cecill-c
http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html
clarified-artistic
http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/
copyleft-next
https://raw.github.com/richardfontana/copyleft-next/master/Releases/copyleft-next-0.3.0
cpl1.0 http://directory.fsf.org/wiki/License:CPLv1.0
epl1.0 http://directory.fsf.org/wiki/License:EPLv1.0
expat http://directory.fsf.org/wiki/License:Expat
fdl1.1+ https://www.gnu.org/licenses/fdl-1.1
fdl1.2+ https://www.gnu.org/licenses/fdl-1.2
fdl1.3+ https://www.gnu.org/licenses/fdl.html
freebsd-doc
https://www.freebsd.org/copyright/freebsd-doc-license.html
freetype http://directory.fsf.org/wiki/License:Freetype
gfl1.0
http://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-LICENSE.txt
giftware http://liballeg.org/license.html
gpl1
https://www.gnu.org/licenses/old-licenses/gpl-1.0.html
gpl1+
https://www.gnu.org/licenses/old-licenses/gpl-1.0.html
gpl2
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
gpl2+
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
gpl3 https://www.gnu.org/licenses/gpl.html
gpl3+ https://www.gnu.org/licenses/gpl.html
ibmpl1.0 http://directory.fsf.org/wiki/License:IBMPLv1.0
ijg http://directory.fsf.org/wiki/License:JPEG
imlib2 http://directory.fsf.org/wiki/License:Imlib2
ipa
http://directory.fsf.org/wiki/License:IPA_Font_License
isc http://directory.fsf.org/wiki/License:ISC
lgpl2.0
https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
lgpl2.0+
https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
lgpl2.1
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
lgpl2.1+
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
lgpl3 https://www.gnu.org/licenses/lgpl.html
lgpl3+ https://www.gnu.org/licenses/lgpl.html
mpl1.0 http://www.mozilla.org/MPL/1.0/
mpl1.1 http://directory.fsf.org/wiki/License:MPLv1.1
mpl2.0 http://directory.fsf.org/wiki/License:MPLv2.0
ms-pl http://directory.fsf.org/wiki/License:MsPL
ncsa http://directory.fsf.org/wiki/License:IllinoisNCSA
nmap https://svn.nmap.org/nmap/COPYING
openldap2.8 http://directory.fsf.org/wiki/License:OpenLDAPv2.8
openssl http://directory.fsf.org/wiki/License:OpenSSL
opl1.0+ http://opencontent.org/openpub/
psfl http://docs.python.org/license.html
public-domain http://directory.fsf.org/wiki/License:PublicDomain
qpl http://directory.fsf.org/wiki/License:QPLv1.0
repoze http://repoze.org/LICENSE.txt
ruby http://directory.fsf.org/wiki/License:Ruby
sgifreeb2.0 http://directory.fsf.org/wiki/License:SGIFreeBv2
silofl1.1 http://scripts.sil.org/OFL_web
sleepycat http://directory.fsf.org/wiki/License:Sleepycat
tcl/tk http://www.tcl.tk/software/tcltk/license.html
unlicense https://unlicense.org/
vim http://directory.fsf.org/wiki/License:Vim7.2
wtfpl2 http://www.wtfpl.net
x11 http://directory.fsf.org/wiki/License:X11
zlib http://www.gzip.org/zlib/zlib_license.html
zpl2.1
http://directory.fsf.org/wiki?title=License:ZopePLv2.1
If your package's license is not in this list, add it to Guix first.
What is this package's license anyway????? I look and it's LGPLv3+
apparently. So now:
guix potluck init --autotools --license=lgpl3+
https://gitlab.com/wingo/guile-present
And voilà:
Cloning into '/tmp/guix-directory.861r57/git-checkout'... done.
Creating guix-potluck/
Creating guix-potluck/README.md
Creating guix-potluck/guile-present.scm
Done. Now open guix-potluck/guile-present.scm in your editor, fill out its
"synopsis"
and "description" fields, add dependencies to the 'inputs' field, and try to
build with
guix build --file=guix-potluck/guile-present.scm
When you get that working, commit your results to git via:
git add guix-potluck && git commit -m 'Add initial Guix potluck files.'
Once you push them out, add your dish to the communal potluck by running:
guix potluck update https://gitlab.com/wingo/guile-present master
OK that's interesting! What I get in the file looks like this:
;;; guix potluck package
;;; Copyright (C) 2017 Andy Wingo
;;; This file is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version. No warranty. See
;;; https://www.gnu.org/licenses/gpl.html for a copy of the GPLv3.
(potluck-package
(name "guile-present")
(version "v0.3.0-14-g3b0d2d9")
(source
(potluck-source
(git-uri "https://gitlab.com/wingo/guile-present")
(git-commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")
(sha256 "0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals")))
(build-system 'gnu)
(inputs '())
(native-inputs '("autoconf" "automake" "libtool" "pkg-config"))
(propagated-inputs '())
(arguments
'(#:phases
(modify-phases
%standard-phases
(add-before
'configure
'autoconf
(lambda _ (zero? (system* "autoreconf" "-vfi")))))))
(home-page "https://gitlab.com/wingo/guile-present")
(synopsis "Declarative synopsis here")
(description "Guile-Present is a ...")
(license 'lgpl3+))
It pulled the copyright author from "git config user.name", the version
from "git describe", the commit from HEAD, and the sha256 from guix hash
-g. The inputs are as for --autotools, and the build system and license
come from the command line.
So I fill in the synopsis and add "guile", "guile-lib", and
"guile-cairo" to inputs list, and after trying the guix build -f line a
few times "texinfo" to native-inputs, and I change "guile" to
"address@hidden" because of how guile-lib and guile-cairo are built. Final
version looks like this:
(potluck-package
(name "guile-present")
(version "v0.3.0-14-g3b0d2d9")
(source
(potluck-source
(git-uri "https://gitlab.com/wingo/guile-present")
(git-commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")
(sha256 "0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals")))
(build-system 'gnu)
(inputs '("address@hidden" "guile-cairo" "guile-lib"))
(native-inputs '("autoconf" "automake" "libtool" "pkg-config" "texinfo"))
(propagated-inputs '())
(arguments
'(#:phases
(modify-phases
%standard-phases
(add-before
'configure
'autoconf
(lambda _ (zero? (system* "autoreconf" "-vfi")))))))
(home-page "https://gitlab.com/wingo/guile-present")
(synopsis "Presentation software that can generate PDF slides from
Texinfo.")
(description "Guile-Present is a library for slide rendering. It
uses Guile's Texinfo parser to parse presentations written in that
language, and renders them to PDF using Guile-Cairo.")
(license 'lgpl3+))
It builds, which is pretty cool. (The wip-potluck branch extends guix
build -f to recognize potluck packages.)
Now I pushed this out to the public gitlab repo. You can include
guix-potluck files in the repo of the projects they package, or you can
include them in a separate repo -- doesn't really matter.
Now here's the cool thing, when you run the "update" command as
mentioned:
guix potluck update https://gitlab.com/wingo/guile-present master
By default it connects to guix-potluck.org; you can use --host to
specify a different host. All connections to the potluck host are over
HTTPS. OK it spews some trash on stdout:
ERROR: In procedure get-bytevector-n:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum The TLS
connection was non-properly terminated.> read_from_session_record_port)'.
I don't understand this entirely; shouldn't nginx be terminating things
fine? I have never used the HTTP client with HTTPS though.
Anyway, fine. So the server received this request, checked out that git
repo and branch, looked for potluck packages in guix-potluck/, and added
those packages to a "source" git repo:
address@hidden:~/src$ mkdir guix-potluck
address@hidden:~/src$ cd guix-potluck/
address@hidden:~/src/guix-potluck$ git clone
https://guix-potluck.org/git/source.git
Cloning into 'source'...
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 10 (delta 3), reused 0 (delta 0)
Unpacking objects: 100% (10/10), done.
address@hidden:~/src/guix-potluck$ ls source
https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg
https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present
address@hidden:~/src/guix-potluck$ find
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm
Indeed that's my file, just as it was above. But the cooler thing is
that it also compiles this potluck package to a "standard" Guix package
and module:
address@hidden:~/src/guix-potluck$ git clone
https://guix-potluck.org/git/target.git
Cloning into 'target'...
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 16 (delta 3), reused 0 (delta 0)
Unpacking objects: 100% (16/16), done.
address@hidden:~/src/guix-potluck$ cd target/
address@hidden:~/src/guix-potluck/target$ ls
gnu
address@hidden:~/src/guix-potluck/target$ find gnu
gnu
gnu/packages
gnu/packages/potluck
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg/master
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg/master/guile-jpeg.scm
address@hidden:~/src/guix-potluck/target$ cat
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm
;;; guix potluck package
;;; Copyright (C) 2017 Andy Wingo
;;; This file is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version. No warranty. See
;;; https://www.gnu.org/licenses/gpl.html for a copy of the GPLv3.
(define-module (gnu packages potluck
https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present master guile-present)
#:pure
#:use-module ((guile) #:select (list quote define-public))
#:use-module ((guix packages) #:select (package origin base32))
#:use-module ((guix git-download) #:select (git-fetch git-reference))
#:use-module ((guix licenses) #:select ((lgpl3+ . license:lgpl3+)))
#:use-module ((guix build-system gnu) #:select (gnu-build-system))
#:use-module ((gnu packages pkg-config) #:select (%pkg-config))
#:use-module ((gnu packages texinfo) #:select (texinfo))
#:use-module ((gnu packages autotools) #:select (libtool automake autoconf))
#:use-module ((gnu packages gtk) #:select (guile-cairo))
#:use-module ((gnu packages guile) #:select (guile-lib guile-2.0)))
(define-public guile-present
(package
(name "guile-present")
(version "v0.3.0-14-g3b0d2d9")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://gitlab.com/wingo/guile-present")
(commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")))
(sha256 (base32
"0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals"))))
(build-system gnu-build-system)
(inputs
(list (list "guile" guile-2.0)
(list "guile-cairo" guile-cairo)
(list "guile-lib" guile-lib)))
(native-inputs
(list (list "autoconf" autoconf)
(list "automake" automake)
(list "libtool" libtool)
(list "pkg-config" %pkg-config)
(list "texinfo" texinfo)))
(arguments
'(#:phases
(modify-phases
%standard-phases
(add-before
'configure
'autoconf
(lambda _ (zero? (system* "autoreconf" "-vfi")))))))
(home-page "https://gitlab.com/wingo/guile-present")
(synopsis "Presentation software that can generate PDF slides
from\nTexinfo.")
(description "Guile-Present is a library for slide rendering. It\nuses
Guile's Texinfo parser to parse presentations written in that\nlanguage, and
renders them to PDF using Guile-Cairo.")
(license license:lgpl3+)))
Now this git repo should be able to be added to the GUIX_PACKAGE_PATH.
It's effectively a "channel" managed by "guix potluck host-channel"
running on guix-potluck.org. If you have a checkout of this repo, you
can build Guile-Present just via "guix build -L /path/to/target/checkout
guile-jpeg". Pretty cool, right??!!!?!?!
Incidentally here is the configuration for that server:
(use-modules (ice-9 match) (gnu) (guix records))
(use-service-modules networking mcron shepherd ssh web)
(use-package-modules admin certs guile package-management ssh tls
version-control web)
(define-record-type* <fcgiwrap-configuration> fcgiwrap-configuration
make-fcgiwrap-configuration
fcgiwrap-configuration?
(package fcgiwrap-configuration-package ;<package>
(default fcgiwrap))
(socket fcgiwrap-configuration-socket
(default "tcp:127.0.0.1:9000")))
(define %fcgiwrap-accounts
(list (user-group
(name "fcgiwrap")
(system? #t))
(user-account
(name "fcgiwrap")
(group "fcgiwrap")
(system? #t)
(comment "Fcgiwrap Daemon")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define fcgiwrap-shepherd-service
(match-lambda
(($ <fcgiwrap-configuration> package socket)
(list (shepherd-service
(provision '(fcgiwrap))
(documentation "Run the fcgiwrap daemon.")
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/fcgiwrap")
"-s" #$socket)
#:user "fcgiwrap" #:group "fcgiwrap"))
(stop #~(make-kill-destructor)))))))
(define fcgiwrap-service-type
(service-type (name 'fcgiwrap)
(extensions
(list (service-extension shepherd-root-service-type
fcgiwrap-shepherd-service)
(service-extension account-service-type
(const %fcgiwrap-accounts))))))
(define %guix-potluck-accounts
(list (user-group
(name "guix-potluck")
(system? #t))
(user-account
(name "guix-potluck")
(group "guix-potluck")
(system? #t)
(comment "Guix potluck host")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define-record-type* <guix-potluck-configuration> guix-potluck-configuration
make-guix-potluck-configuration
guix-potluck-configuration?
#;
(package guix-potluck-configuration-package ;<package>
(default guix-potluck))
(scratch guix-potluck-configuration-scratch
(default "/var/cache/guix-potluck/scratch"))
(source guix-potluck-configuration-source
(default "/var/cache/guix-potluck/source"))
(source-repo guix-potluck-configuration-source-repo
(default "/srv/git/source.git"))
(target guix-potluck-configuration-target
(default "/var/cache/guix-potluck/target"))
(target-repo guix-potluck-configuration-target-repo
(default "/srv/git/target.git")))
(define guix-potluck-activation-service
(match-lambda
(($ <guix-potluck-configuration>
scratch source source-repo target target-repo)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils) (ice-9 ftw))
(define (chown-r dir user group)
(let ((uid (passwd:uid (getpwnam user)))
(gid (group:gid (getgrnam group))))
(for-each (lambda (f) (chown f uid gid))
(find-files dir #:directories? #t))))
(define (ensure-git-repo dir)
(unless (file-exists? dir)
(mkdir-p dir)
(unless (zero? (system* (string-append #$git "/bin/git")
"init" "--bare" dir))
(error "failed to create repository" dir))
(chown-r dir "guix-potluck" "guix-potluck")))
(define (ensure-checkout repo dir)
(unless (file-exists? dir)
(mkdir-p (dirname dir))
(unless (zero? (system* (string-append #$git "/bin/git")
"clone" repo dir))
(error "failed to check out repository" repo dir))
(chown-r dir "guix-potluck" "guix-potluck")))
(mkdir-p #$scratch)
(chown-r #$scratch "guix-potluck" "guix-potluck")
(ensure-git-repo #$source-repo)
(ensure-git-repo #$target-repo)
(ensure-checkout #$source-repo #$source)
(ensure-checkout #$target-repo #$target))))))
(define guix-potluck-shepherd-service
(match-lambda
(($ <guix-potluck-configuration>
scratch source source-repo target target-repo)
(list (shepherd-service
(provision '(guix-potluck))
(documentation "Run the guix-potluck daemon.")
(requirement '(networking))
(start #~(make-forkexec-constructor
'("/home/wingo/src/guix/pre-inst-env" "guix"
"host-potluck"
#$(format #f "--scratch=~a" scratch)
#$(format #f "--source=~a" source)
#$(format #f "--target=~a" target))
#:user "guix-potluck" #:group "guix-potluck"))
(stop #~(make-kill-destructor)))))))
(define guix-potluck-service-type
(service-type (name 'guix-potluck)
(extensions
(list (service-extension activation-service-type
guix-potluck-activation-service)
(service-extension shepherd-root-service-type
guix-potluck-shepherd-service)
(service-extension account-service-type
(const %guix-potluck-accounts))))))
(define %gc-job
;; The garbage collection mcron job, once per day.
#~(job '(next-hour '(4))
(string-append #$guix "/bin/guix gc -F80G")))
(define %certbot-job
;; Attempt to renew the Let's Encrypt certificate twice a week.
#~(job (lambda (now)
(next-day-from (next-hour-from now '(3))
'(2 5)))
(string-append #$certbot "/bin/certbot renew")))
;;;
;;; NGINX.
;;;
(define %nginx-config
;; Our nginx configuration directory. It expects 'guix publish' to be
;; running on port 3000.
(computed-file
"nginx-config"
#~(call-with-output-file #$output
(lambda (port)
(format port "
# This is the nginx config file for guix-potluck.org.
user nginx;
worker_processes 2;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log error;
events {
worker_connections 768;
# multi_accept on;
}
http {
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip off;
# We need to specify all these or nginx picks its own directory to
# store them, which doesn't work because the store is read-only.
client_body_temp_path /var/run/nginx/body;
proxy_temp_path /var/run/nginx/proxy;
fastcgi_temp_path /var/run/nginx/fastcgi;
uwsgi_temp_path /var/run/nginx/uwsgi;
scgi_temp_path /var/run/nginx/scgi;
# Use HTTP 1.1 to talk to the backend so we benefit from
# keep-alive connections and chunked transfer encoding. The
# latter allows us to make sure we do not cache partial downloads.
proxy_http_version 1.1;
server {
listen 80;
server_name guix-potluck.org;
# For use by Certbot.
location /.well-known { root /var/www; }
# Otherwise redirect to HTTPS.
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl;
server_name guix-potluck.org;
ssl on;
ssl_certificate
/etc/letsencrypt/live/guix-potluck.org/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/guix-potluck.org/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers \"HIGH:!DSS:address@hidden";
ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:8080/; }
location ~~ /git(/.*) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME ~a/libexec/git-core/git-http-backend;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GIT_HTTP_EXPORT_ALL \"\";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO $1;
}
}
}
" #$git)))))
(define %nginx-mime-types
;; Provide /etc/nginx/mime.types (and a bunch of other files.)
(simple-service 'nginx-mime.types
etc-service-type
`(("nginx" ,(file-append nginx "/share/nginx/conf")))))
(define %nginx-cache-activation
;; Make sure /var/cache/nginx exists on the first run.
(simple-service 'nginx-/var/cache/nginx
activation-service-type
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(mkdir-p "/var/cache/nginx")))))
(operating-system
(host-name "guix-potluck")
(timezone "Europe/Berlin")
(locale "en_US.UTF-8")
;; Assuming /dev/sdX is the target hard disk, and "my-root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/vda")))
(file-systems (cons (file-system
(device "/dev/vda1")
(mount-point "/")
(type "ext4"))
%base-file-systems))
;; This is where user accounts are specified. The "root"
;; account is implicit, and is initially created with the
;; empty password.
(users (cons (user-account
(name "wingo")
(group "users")
;; Adding the account to the "wheel" group
;; makes it a sudoer.
(supplementary-groups '("wheel"))
(home-directory "/home/wingo"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* git guile-json gnutls openssh certbot nss-certs
%base-packages))
(services (cons* (static-networking-service "eth0" "46.101.231.54"
#:netmask "255.255.192.0"
#:gateway "46.101.192.1"
#:name-servers '("8.8.8.8"
"8.8.4.4"))
(nginx-service #:config-file %nginx-config)
%nginx-mime-types
%nginx-cache-activation
(service fcgiwrap-service-type
(fcgiwrap-configuration))
(service guix-potluck-service-type
(guix-potluck-configuration))
(service openssh-service-type
(openssh-configuration
(permit-root-login 'without-password)))
(service mcron-service-type
(mcron-configuration
(jobs (list %gc-job %certbot-job))))
%base-services)))
Hi! You scrolled down all this way, congratulations!
So, remaining tasks to do:
(1) All of this is currently in a WIP branch, wip-potluck. I need to
submit to upstream. It needs some documentation too.
(2) The host-channel facilities run user-supplied Scheme code. To do
so safely, that needs sandbox facilities from Guile. That will
need Guile 2.2.1. For the time being I have disabled the server.
(3) Someone needs to design and implement a "guix channel" facility to
take advantage of this branch :) Until then, GUIX_PACKAGE_PATH
and the -L argument are the things to use.
(4) Probably we need a story about what happens when Guix updates. We
can compile target repositories for Guix dev and also for Guix
stable branches, understanding that maybe packages move around to
different modules during Guix development.
(5) We need the main https://guix-potluck.org/ to show progress on the
work queue.
(6) We will need better facilities for updating potluck packages to
new repository versions. Maybe this is what "guix package update"
should do and the notify-the-server thing should be called
something else.
I think that's it though for an MVP. What do yall think?
Cheers,
Andy
- potluck in the house,
Andy Wingo <=