guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

potluck in the house


From: Andy Wingo
Subject: potluck in the house
Date: Thu, 13 Apr 2017 15:25:53 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Hi!

This is an update on "guix potluck", an attempt to support a more
decentralized way of developing Guix packages, as a complement to the
main package set.

I have a number of packages that I never packaged for external use, at
least beyond putting them in a git repo somewhere.  Here's an example of
packaging one of these with guix potluck.  Guile-Present is a library
that lets you write presentations in Texinfo and uses Cairo to render
nthat to slides.

I dug up the repo and pushed it to gitlab at
https://gitlab.com/wingo/guile-present.  Then in the root directory of
that checkout I ran:

  guix potluck init

and it carps, saying

  guix potluck init: wrong number of arguments
  usage: guix potluck init [OPT...] REMOTE-GIT-URL
  Try 'guix potluck --help' for more information.

If you run help you see you need a URL for the public git repo.  Cool, I
have that:

  guix potluck init https://gitlab.com/wingo/guile-present

Now it says:

  guix potluck: error: init: missing --build-system; try --build-system=help 
for options

OK, I do that:

  guix potluck: Available build systems:
    ant                    The standard Ant build system
    asdf/ecl               The build system for ASDF binary packages using ECL
    asdf/sbcl              The build system for ASDF binary packages using SBCL
    asdf/source            The build system for ASDF source packages
    cargo                  Cargo build system, to build Rust crates
    cmake                  The standard CMake build system
    dub                    DUB build system, to build D packages
    emacs                  The build system for Emacs packages
    glib-or-gtk            The GNU Build System—i.e., ./configure && make && 
make install,
    augmented with definition of suitable environment variables for glib and 
gtk+
    in program wrappers.
    gnu                    The GNU Build System—i.e., ./configure && make && 
make install
    haskell                The standard Haskell build system
    ocaml                  The standard OCaml build system
    perl                   The standard Perl build system
    python                 The standard Python build system
    r                      The standard R build system
    ruby                   The standard Ruby build system
    trivial                Trivial build system, to run arbitrary Scheme build 
expressions
    waf                    The standard waf build system

  Additionally, --autotools is like --build-system=gnu, but also indicating
  that the package needs autoreconf before running ./configure.

OK great, sounds like --autotools is what I need.

  guix potluck init --autotools https://gitlab.com/wingo/guile-present

Yaargh:

  guix potluck: error: init: missing --license; try --license=help for options

OK let's get help then with --license=help:

  guix potluck: Available licenses:
    agpl1                  https://gnu.org/licenses/agpl.html
    agpl3                  https://gnu.org/licenses/agpl.html
    agpl3+                 https://gnu.org/licenses/agpl.html
    artistic2.0            http://www.perlfoundation.org/artistic_license_2_0
    asl1.1                 http://directory.fsf.org/wiki/License:Apache1.1
    asl2.0                 http://directory.fsf.org/wiki/License:Apache2.0
    boost1.0               http://directory.fsf.org/wiki/License:Boost1.0
    bsd-2                  http://directory.fsf.org/wiki/License:FreeBSD
    bsd-3                  http://directory.fsf.org/wiki/License:BSD_3Clause
    bsd-4                  http://directory.fsf.org/wiki/License:BSD_4Clause
    cc-by-sa2.0            http://creativecommons.org/licenses/by-sa/2.0/
    cc-by-sa3.0            http://creativecommons.org/licenses/by-sa/3.0/
    cc-by-sa4.0            http://creativecommons.org/licenses/by-sa/4.0/
    cc-by2.0               http://creativecommons.org/licenses/by/2.0/
    cc-by3.0               http://creativecommons.org/licenses/by/3.0/
    cc0                    http://directory.fsf.org/wiki/License:CC0
    cddl1.0                http://directory.fsf.org/wiki/License:CDDLv1.0
    cecill-c               
http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html
    clarified-artistic     
http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/
    copyleft-next          
https://raw.github.com/richardfontana/copyleft-next/master/Releases/copyleft-next-0.3.0
    cpl1.0                 http://directory.fsf.org/wiki/License:CPLv1.0
    epl1.0                 http://directory.fsf.org/wiki/License:EPLv1.0
    expat                  http://directory.fsf.org/wiki/License:Expat
    fdl1.1+                https://www.gnu.org/licenses/fdl-1.1
    fdl1.2+                https://www.gnu.org/licenses/fdl-1.2
    fdl1.3+                https://www.gnu.org/licenses/fdl.html
    freebsd-doc            
https://www.freebsd.org/copyright/freebsd-doc-license.html
    freetype               http://directory.fsf.org/wiki/License:Freetype
    gfl1.0                 
http://www.gust.org.pl/projects/e-foundry/licenses/GUST-FONT-LICENSE.txt
    giftware               http://liballeg.org/license.html
    gpl1                   
https://www.gnu.org/licenses/old-licenses/gpl-1.0.html
    gpl1+                  
https://www.gnu.org/licenses/old-licenses/gpl-1.0.html
    gpl2                   
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
    gpl2+                  
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
    gpl3                   https://www.gnu.org/licenses/gpl.html
    gpl3+                  https://www.gnu.org/licenses/gpl.html
    ibmpl1.0               http://directory.fsf.org/wiki/License:IBMPLv1.0
    ijg                    http://directory.fsf.org/wiki/License:JPEG
    imlib2                 http://directory.fsf.org/wiki/License:Imlib2
    ipa                    
http://directory.fsf.org/wiki/License:IPA_Font_License
    isc                    http://directory.fsf.org/wiki/License:ISC
    lgpl2.0                
https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
    lgpl2.0+               
https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
    lgpl2.1                
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
    lgpl2.1+               
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
    lgpl3                  https://www.gnu.org/licenses/lgpl.html
    lgpl3+                 https://www.gnu.org/licenses/lgpl.html
    mpl1.0                 http://www.mozilla.org/MPL/1.0/
    mpl1.1                 http://directory.fsf.org/wiki/License:MPLv1.1
    mpl2.0                 http://directory.fsf.org/wiki/License:MPLv2.0
    ms-pl                  http://directory.fsf.org/wiki/License:MsPL
    ncsa                   http://directory.fsf.org/wiki/License:IllinoisNCSA
    nmap                   https://svn.nmap.org/nmap/COPYING
    openldap2.8            http://directory.fsf.org/wiki/License:OpenLDAPv2.8
    openssl                http://directory.fsf.org/wiki/License:OpenSSL
    opl1.0+                http://opencontent.org/openpub/
    psfl                   http://docs.python.org/license.html
    public-domain          http://directory.fsf.org/wiki/License:PublicDomain
    qpl                    http://directory.fsf.org/wiki/License:QPLv1.0
    repoze                 http://repoze.org/LICENSE.txt
    ruby                   http://directory.fsf.org/wiki/License:Ruby
    sgifreeb2.0            http://directory.fsf.org/wiki/License:SGIFreeBv2
    silofl1.1              http://scripts.sil.org/OFL_web
    sleepycat              http://directory.fsf.org/wiki/License:Sleepycat
    tcl/tk                 http://www.tcl.tk/software/tcltk/license.html
    unlicense              https://unlicense.org/
    vim                    http://directory.fsf.org/wiki/License:Vim7.2
    wtfpl2                 http://www.wtfpl.net
    x11                    http://directory.fsf.org/wiki/License:X11
    zlib                   http://www.gzip.org/zlib/zlib_license.html
    zpl2.1                 
http://directory.fsf.org/wiki?title=License:ZopePLv2.1

  If your package's license is not in this list, add it to Guix first.

What is this package's license anyway????? I look and it's LGPLv3+
apparently.  So now:

  guix potluck init --autotools --license=lgpl3+ 
https://gitlab.com/wingo/guile-present

And voilà:

  Cloning into '/tmp/guix-directory.861r57/git-checkout'...  done.
  Creating guix-potluck/
  Creating guix-potluck/README.md
  Creating guix-potluck/guile-present.scm

  Done.  Now open guix-potluck/guile-present.scm in your editor, fill out its 
"synopsis"
  and "description" fields, add dependencies to the 'inputs' field, and try to
  build with

    guix build --file=guix-potluck/guile-present.scm

  When you get that working, commit your results to git via:

    git add guix-potluck && git commit -m 'Add initial Guix potluck files.'

  Once you push them out, add your dish to the communal potluck by running:

    guix potluck update https://gitlab.com/wingo/guile-present master
  
OK that's interesting!  What I get in the file looks like this:

  ;;; guix potluck package
  ;;; Copyright (C) 2017 Andy Wingo

  ;;; This file is free software: you can redistribute it and/or modify
  ;;; it under the terms of the GNU General Public License as published by
  ;;; the Free Software Foundation, either version 3 of the License, or
  ;;; (at your option) any later version.  No warranty.  See
  ;;; https://www.gnu.org/licenses/gpl.html for a copy of the GPLv3.

  (potluck-package
    (name "guile-present")
    (version "v0.3.0-14-g3b0d2d9")
    (source
      (potluck-source
        (git-uri "https://gitlab.com/wingo/guile-present";)
        (git-commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")
        (sha256 "0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals")))
    (build-system 'gnu)
    (inputs '())
    (native-inputs '("autoconf" "automake" "libtool" "pkg-config"))
    (propagated-inputs '())
    (arguments
      '(#:phases
        (modify-phases
          %standard-phases
          (add-before
            'configure
            'autoconf
            (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
    (home-page "https://gitlab.com/wingo/guile-present";)
    (synopsis "Declarative synopsis here")
    (description "Guile-Present is a ...")
    (license 'lgpl3+))

It pulled the copyright author from "git config user.name", the version
from "git describe", the commit from HEAD, and the sha256 from guix hash
-g.  The inputs are as for --autotools, and the build system and license
come from the command line.

So I fill in the synopsis and add "guile", "guile-lib", and
"guile-cairo" to inputs list, and after trying the guix build -f line a
few times "texinfo" to native-inputs, and I change "guile" to
"address@hidden" because of how guile-lib and guile-cairo are built.  Final
version looks like this:

  (potluck-package
    (name "guile-present")
    (version "v0.3.0-14-g3b0d2d9")
    (source
      (potluck-source
        (git-uri "https://gitlab.com/wingo/guile-present";)
        (git-commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")
        (sha256 "0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals")))
    (build-system 'gnu)
    (inputs '("address@hidden" "guile-cairo" "guile-lib"))
    (native-inputs '("autoconf" "automake" "libtool" "pkg-config" "texinfo"))
    (propagated-inputs '())
    (arguments
      '(#:phases
        (modify-phases
          %standard-phases
          (add-before
            'configure
            'autoconf
            (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
    (home-page "https://gitlab.com/wingo/guile-present";)
    (synopsis "Presentation software that can generate PDF slides from
  Texinfo.")
    (description "Guile-Present is a library for slide rendering.  It
  uses Guile's Texinfo parser to parse presentations written in that
  language, and renders them to PDF using Guile-Cairo.")
    (license 'lgpl3+))

It builds, which is pretty cool.  (The wip-potluck branch extends guix
build -f to recognize potluck packages.)

Now I pushed this out to the public gitlab repo.  You can include
guix-potluck files in the repo of the projects they package, or you can
include them in a separate repo -- doesn't really matter.

Now here's the cool thing, when you run the "update" command as
mentioned:

  guix potluck update https://gitlab.com/wingo/guile-present master

By default it connects to guix-potluck.org; you can use --host to
specify a different host.  All connections to the potluck host are over
HTTPS.  OK it spews some trash on stdout:

  ERROR: In procedure get-bytevector-n:
  ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum The TLS 
connection was non-properly terminated.> read_from_session_record_port)'.

I don't understand this entirely; shouldn't nginx be terminating things
fine?  I have never used the HTTP client with HTTPS though.

Anyway, fine.  So the server received this request, checked out that git
repo and branch, looked for potluck packages in guix-potluck/, and added
those packages to a "source" git repo:

  address@hidden:~/src$ mkdir guix-potluck
  address@hidden:~/src$ cd guix-potluck/
  address@hidden:~/src/guix-potluck$ git clone 
https://guix-potluck.org/git/source.git
  Cloning into 'source'...
  remote: Counting objects: 10, done.
  remote: Compressing objects: 100% (6/6), done.
  remote: Total 10 (delta 3), reused 0 (delta 0)
  Unpacking objects: 100% (10/10), done.
  address@hidden:~/src/guix-potluck$ ls source
  https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg  
https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present
  address@hidden:~/src/guix-potluck$ find 
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/
  source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/
  source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master
  
source/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm

Indeed that's my file, just as it was above.  But the cooler thing is
that it also compiles this potluck package to a "standard" Guix package
and module:

  address@hidden:~/src/guix-potluck$ git clone 
https://guix-potluck.org/git/target.git
  Cloning into 'target'...
  remote: Counting objects: 16, done.
  remote: Compressing objects: 100% (6/6), done.
  remote: Total 16 (delta 3), reused 0 (delta 0)
  Unpacking objects: 100% (16/16), done.
  address@hidden:~/src/guix-potluck$ cd target/
  address@hidden:~/src/guix-potluck/target$ ls
  gnu
  address@hidden:~/src/guix-potluck/target$ find gnu
  gnu
  gnu/packages
  gnu/packages/potluck
  gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present
  gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master
  
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm
  gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg
  gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg/master
  
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-jpeg/master/guile-jpeg.scm
  address@hidden:~/src/guix-potluck/target$ cat 
gnu/packages/potluck/https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present/master/guile-present.scm
  ;;; guix potluck package
  ;;; Copyright (C) 2017 Andy Wingo

  ;;; This file is free software: you can redistribute it and/or modify
  ;;; it under the terms of the GNU General Public License as published by
  ;;; the Free Software Foundation, either version 3 of the License, or
  ;;; (at your option) any later version.  No warranty.  See
  ;;; https://www.gnu.org/licenses/gpl.html for a copy of the GPLv3.

  (define-module (gnu packages potluck 
https%3A%2F%2Fgitlab.com%2Fwingo%2Fguile-present master guile-present)
    #:pure
    #:use-module ((guile) #:select (list quote define-public))
    #:use-module ((guix packages) #:select (package origin base32))
    #:use-module ((guix git-download) #:select (git-fetch git-reference))
    #:use-module ((guix licenses) #:select ((lgpl3+ . license:lgpl3+)))
    #:use-module ((guix build-system gnu) #:select (gnu-build-system))
    #:use-module ((gnu packages pkg-config) #:select (%pkg-config))
    #:use-module ((gnu packages texinfo) #:select (texinfo))
    #:use-module ((gnu packages autotools) #:select (libtool automake autoconf))
    #:use-module ((gnu packages gtk) #:select (guile-cairo))
    #:use-module ((gnu packages guile) #:select (guile-lib guile-2.0)))
  (define-public guile-present
    (package
      (name "guile-present")
      (version "v0.3.0-14-g3b0d2d9")
      (source
        (origin
          (method git-fetch)
          (uri (git-reference
                (url "https://gitlab.com/wingo/guile-present";)
                (commit "3b0d2d967909dabdd3f86d3a50da79c6b1a8aeb2")))
          (sha256 (base32 
"0sr5snj921k91frh5dx1gsqrc3679liydv3b6nwxkl48m7h5mals"))))
      (build-system gnu-build-system)
      (inputs
        (list (list "guile" guile-2.0)
              (list "guile-cairo" guile-cairo)
              (list "guile-lib" guile-lib)))
      (native-inputs
        (list (list "autoconf" autoconf)
              (list "automake" automake)
              (list "libtool" libtool)
              (list "pkg-config" %pkg-config)
              (list "texinfo" texinfo)))
      (arguments
        '(#:phases
          (modify-phases
            %standard-phases
            (add-before
              'configure
              'autoconf
              (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
      (home-page "https://gitlab.com/wingo/guile-present";)
      (synopsis "Presentation software that can generate PDF slides 
from\nTexinfo.")
      (description "Guile-Present is a library for slide rendering.  It\nuses 
Guile's Texinfo parser to parse presentations written in that\nlanguage, and 
renders them to PDF using Guile-Cairo.")
      (license license:lgpl3+)))

Now this git repo should be able to be added to the GUIX_PACKAGE_PATH.
It's effectively a "channel" managed by "guix potluck host-channel"
running on guix-potluck.org.  If you have a checkout of this repo, you
can build Guile-Present just via "guix build -L /path/to/target/checkout
guile-jpeg".  Pretty cool, right??!!!?!?!

Incidentally here is the configuration for that server:

  (use-modules (ice-9 match) (gnu) (guix records))
  (use-service-modules networking mcron shepherd ssh web)
  (use-package-modules admin certs guile package-management ssh tls 
version-control web)

  (define-record-type* <fcgiwrap-configuration> fcgiwrap-configuration
    make-fcgiwrap-configuration
    fcgiwrap-configuration?
    (package       fcgiwrap-configuration-package ;<package>
                   (default fcgiwrap))
    (socket        fcgiwrap-configuration-socket
                   (default "tcp:127.0.0.1:9000")))

  (define %fcgiwrap-accounts
    (list (user-group
           (name "fcgiwrap")
           (system? #t))
          (user-account
           (name "fcgiwrap")
           (group "fcgiwrap")
           (system? #t)
           (comment "Fcgiwrap Daemon")
           (home-directory "/var/empty")
           (shell (file-append shadow "/sbin/nologin")))))

  (define fcgiwrap-shepherd-service
    (match-lambda
      (($ <fcgiwrap-configuration> package socket)
       (list (shepherd-service
              (provision '(fcgiwrap))
              (documentation "Run the fcgiwrap daemon.")
              (requirement '(networking))
              (start #~(make-forkexec-constructor
                        '(#$(file-append package "/sbin/fcgiwrap")
                          "-s" #$socket)
                      #:user "fcgiwrap" #:group "fcgiwrap"))
              (stop #~(make-kill-destructor)))))))

  (define fcgiwrap-service-type
    (service-type (name 'fcgiwrap)
                  (extensions
                   (list (service-extension shepherd-root-service-type
                                            fcgiwrap-shepherd-service)
                       (service-extension account-service-type
                                          (const %fcgiwrap-accounts))))))

  (define %guix-potluck-accounts
    (list (user-group
           (name "guix-potluck")
           (system? #t))
          (user-account
           (name "guix-potluck")
           (group "guix-potluck")
           (system? #t)
           (comment "Guix potluck host")
           (home-directory "/var/empty")
           (shell (file-append shadow "/sbin/nologin")))))

  (define-record-type* <guix-potluck-configuration> guix-potluck-configuration
    make-guix-potluck-configuration
    guix-potluck-configuration?
    #;
    (package       guix-potluck-configuration-package ;<package>
                   (default guix-potluck))
    (scratch       guix-potluck-configuration-scratch
                   (default "/var/cache/guix-potluck/scratch"))
    (source        guix-potluck-configuration-source
                   (default "/var/cache/guix-potluck/source"))
    (source-repo   guix-potluck-configuration-source-repo
                   (default "/srv/git/source.git"))
    (target        guix-potluck-configuration-target
                   (default "/var/cache/guix-potluck/target"))
    (target-repo   guix-potluck-configuration-target-repo
                   (default "/srv/git/target.git")))

  (define guix-potluck-activation-service
    (match-lambda
      (($ <guix-potluck-configuration>
         scratch source source-repo target target-repo)
       (with-imported-modules '((guix build utils))
         #~(begin
           (use-modules (guix build utils) (ice-9 ftw))
           (define (chown-r dir user group)
               (let ((uid (passwd:uid (getpwnam user)))
                   (gid (group:gid (getgrnam group))))
               (for-each (lambda (f) (chown f uid gid))
                         (find-files dir #:directories? #t))))
           (define (ensure-git-repo dir)
             (unless (file-exists? dir)
               (mkdir-p dir)
               (unless (zero? (system* (string-append #$git "/bin/git")
                                       "init" "--bare" dir))
                 (error "failed to create repository" dir))
               (chown-r dir "guix-potluck" "guix-potluck")))
           (define (ensure-checkout repo dir)
             (unless (file-exists? dir)
               (mkdir-p (dirname dir))
               (unless (zero? (system* (string-append #$git "/bin/git")
                                       "clone" repo dir))
                 (error "failed to check out repository" repo dir))
               (chown-r dir "guix-potluck" "guix-potluck")))
           (mkdir-p #$scratch)
           (chown-r #$scratch "guix-potluck" "guix-potluck")
           (ensure-git-repo #$source-repo)
           (ensure-git-repo #$target-repo)
           (ensure-checkout #$source-repo #$source)
           (ensure-checkout #$target-repo #$target))))))

  (define guix-potluck-shepherd-service
    (match-lambda
      (($ <guix-potluck-configuration>
         scratch source source-repo target target-repo)
       (list (shepherd-service
              (provision '(guix-potluck))
              (documentation "Run the guix-potluck daemon.")
              (requirement '(networking))
            

              (start #~(make-forkexec-constructor
                        '("/home/wingo/src/guix/pre-inst-env" "guix" 
"host-potluck"
                        #$(format #f "--scratch=~a" scratch)
                        #$(format #f "--source=~a" source)
                        #$(format #f "--target=~a" target))
                      #:user "guix-potluck" #:group "guix-potluck"))
              (stop #~(make-kill-destructor)))))))

  (define guix-potluck-service-type
    (service-type (name 'guix-potluck)
                  (extensions
                   (list (service-extension activation-service-type
                                            guix-potluck-activation-service)
                       (service-extension shepherd-root-service-type
                                            guix-potluck-shepherd-service)
                       (service-extension account-service-type
                                          (const %guix-potluck-accounts))))))

  (define %gc-job
    ;; The garbage collection mcron job, once per day.
    #~(job '(next-hour '(4))
           (string-append #$guix "/bin/guix gc -F80G")))

  (define %certbot-job
    ;; Attempt to renew the Let's Encrypt certificate twice a week.
    #~(job (lambda (now)
             (next-day-from (next-hour-from now '(3))
                            '(2 5)))
           (string-append #$certbot "/bin/certbot renew")))

  ;;;
  ;;; NGINX.
  ;;;

  (define %nginx-config
    ;; Our nginx configuration directory.  It expects 'guix publish' to be
    ;; running on port 3000.
    (computed-file
     "nginx-config"
     #~(call-with-output-file #$output
         (lambda (port)
         (format port "
  # This is the nginx config file for guix-potluck.org.

  user nginx;
  worker_processes 2;
  pid /var/run/nginx.pid;
  error_log  /var/log/nginx/error.log error;

  events {
      worker_connections 768;
      # multi_accept on;
  }

  http {
      tcp_nopush on;
      tcp_nodelay on;
      keepalive_timeout 65;
      types_hash_max_size 2048;
      # server_tokens off;

      # server_names_hash_bucket_size 64;
      # server_name_in_redirect off;

      include /etc/nginx/mime.types;
      default_type application/octet-stream;

      access_log /var/log/nginx/access.log;
      error_log /var/log/nginx/error.log;

      gzip off;

      # We need to specify all these or nginx picks its own directory to
      # store them, which doesn't work because the store is read-only.
      client_body_temp_path /var/run/nginx/body;
      proxy_temp_path       /var/run/nginx/proxy;
      fastcgi_temp_path     /var/run/nginx/fastcgi;
      uwsgi_temp_path       /var/run/nginx/uwsgi;
      scgi_temp_path        /var/run/nginx/scgi;

      # Use HTTP 1.1 to talk to the backend so we benefit from
      # keep-alive connections and chunked transfer encoding.  The
      # latter allows us to make sure we do not cache partial downloads.
      proxy_http_version 1.1;

      server {
          listen 80;
          server_name guix-potluck.org;

          # For use by Certbot.
          location /.well-known { root /var/www; }

          # Otherwise redirect to HTTPS.
          location / { return 301 https://$host$request_uri; }
      }

      server {
          listen 443 ssl;
          server_name guix-potluck.org;

          ssl on;
          ssl_certificate     
/etc/letsencrypt/live/guix-potluck.org/fullchain.pem;
          ssl_certificate_key 
/etc/letsencrypt/live/guix-potluck.org/privkey.pem;

          ssl_session_timeout 5m;

          ssl_protocols TLSv1.2;
          ssl_ciphers \"HIGH:!DSS:address@hidden";
          ssl_prefer_server_ciphers on;

          location / { proxy_pass http://127.0.0.1:8080/; }

          location ~~ /git(/.*) {
            fastcgi_pass  127.0.0.1:9000;

            fastcgi_param SCRIPT_FILENAME ~a/libexec/git-core/git-http-backend;
            fastcgi_param QUERY_STRING    $query_string;
            fastcgi_param REQUEST_METHOD  $request_method;
            fastcgi_param CONTENT_TYPE    $content_type;
            fastcgi_param CONTENT_LENGTH  $content_length;
              fastcgi_param GIT_HTTP_EXPORT_ALL \"\";
              fastcgi_param GIT_PROJECT_ROOT    /srv/git;
              fastcgi_param PATH_INFO           $1;
          }
      }
  }
  " #$git)))))

  (define %nginx-mime-types
    ;; Provide /etc/nginx/mime.types (and a bunch of other files.)
    (simple-service 'nginx-mime.types
                    etc-service-type
                    `(("nginx" ,(file-append nginx "/share/nginx/conf")))))

  (define %nginx-cache-activation
    ;; Make sure /var/cache/nginx exists on the first run.
    (simple-service 'nginx-/var/cache/nginx
                    activation-service-type
                    (with-imported-modules '((guix build utils))
                                         #~(begin
                                             (use-modules (guix build utils))
                                             (mkdir-p "/var/cache/nginx")))))

  (operating-system
   (host-name "guix-potluck")
   (timezone "Europe/Berlin")
   (locale "en_US.UTF-8")

   ;; Assuming /dev/sdX is the target hard disk, and "my-root" is
   ;; the label of the target root file system.
   (bootloader (grub-configuration (device "/dev/vda")))
   (file-systems (cons (file-system
                      (device "/dev/vda1")
                      (mount-point "/")
                      (type "ext4"))
                     %base-file-systems))

   ;; This is where user accounts are specified.  The "root"
   ;; account is implicit, and is initially created with the
   ;; empty password.
   (users (cons (user-account
               (name "wingo")
               (group "users")
               ;; Adding the account to the "wheel" group
               ;; makes it a sudoer.
               (supplementary-groups '("wheel"))
               (home-directory "/home/wingo"))
              %base-user-accounts))

   ;; Globally-installed packages.
   (packages (cons* git guile-json gnutls openssh certbot nss-certs 
%base-packages))

   (services (cons* (static-networking-service "eth0" "46.101.231.54"
                                             #:netmask "255.255.192.0"
                                             #:gateway "46.101.192.1"
                                             #:name-servers '("8.8.8.8" 
"8.8.4.4"))
                  (nginx-service #:config-file %nginx-config)
                  %nginx-mime-types
                  %nginx-cache-activation
                  (service fcgiwrap-service-type
                           (fcgiwrap-configuration))
                  (service guix-potluck-service-type
                           (guix-potluck-configuration))
                  (service openssh-service-type
                           (openssh-configuration
                            (permit-root-login 'without-password)))
                  (service mcron-service-type
                           (mcron-configuration
                            (jobs (list %gc-job %certbot-job))))
                  %base-services)))






Hi!  You scrolled down all this way, congratulations!

So, remaining tasks to do:

  (1) All of this is currently in a WIP branch, wip-potluck.  I need to
      submit to upstream.  It needs some documentation too.

  (2) The host-channel facilities run user-supplied Scheme code.  To do
      so safely, that needs sandbox facilities from Guile.  That will
      need Guile 2.2.1.  For the time being I have disabled the server.

  (3) Someone needs to design and implement a "guix channel" facility to
      take advantage of this branch :)  Until then, GUIX_PACKAGE_PATH
      and the -L argument are the things to use.

  (4) Probably we need a story about what happens when Guix updates.  We
      can compile target repositories for Guix dev and also for Guix
      stable branches, understanding that maybe packages move around to
      different modules during Guix development.

  (5) We need the main https://guix-potluck.org/ to show progress on the
      work queue.

  (6) We will need better facilities for updating potluck packages to
      new repository versions.  Maybe this is what "guix package update"
      should do and the notify-the-server thing should be called
      something else.

I think that's it though for an MVP.  What do yall think?

Cheers,

Andy



reply via email to

[Prev in Thread] Current Thread [Next in Thread]