seasharp/Rosenthal
1
0
Fork 0
mirror of https://codeberg.org/hako/Rosenthal.git synced 2025-10-30 09:15:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: seasharp:1deb97ada4d7d8c2d501738fcc1532a605de51a7
Branches Tags
seasharp:trunk
seasharp:keyring
..
compare: seasharp:4c0e2a31665109294ae1bebe7f049ca51f8b8e65
Branches Tags
seasharp:trunk
seasharp:keyring

No commits in common. "1deb97ada4d7d8c2d501738fcc1532a605de51a7" and "4c0e2a31665109294ae1bebe7f049ca51f8b8e65" have entirely different histories.
1deb97ada4 ... 4c0e2a3166

6 changed files with 87 additions and 389 deletions
Show Stats Expand all files Collapse all files

8
rosenthal/packages/binaries.scm
View File

@ -52,7 +52,7 @@ protocols out-of-the-box.")
(define-public mihomo-bin (define-public mihomo-bin
(package (package
(name "mihomo-bin") (name "mihomo-bin")
(version "1.18.9") (version "1.18.7")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append (uri (string-append
@ -60,7 +60,7 @@ protocols out-of-the-box.")
version "/mihomo-linux-amd64-v" version ".gz")) version "/mihomo-linux-amd64-v" version ".gz"))
(sha256 (sha256
(base32 (base32
"0xq2baqcfd6hnyl1h3q34ymqd227dm06r7dz76s46k7mx7yz7jsb")))) "1mfbh21x1vzmi0vglk68r21rfbklllxpa5q4978li7n44r0v6hbr"))))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
(list #:install-plan (list #:install-plan
@ -242,14 +242,14 @@ monster-in-the-middle}.")
(define-public tailscale-bin (define-public tailscale-bin
(package (package
(name "tailscale-bin") (name "tailscale-bin")
(version "1.74.1") (version "1.72.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://pkgs.tailscale.com" (uri (string-append "https://pkgs.tailscale.com"
"/stable/tailscale_" version "_amd64.tgz")) "/stable/tailscale_" version "_amd64.tgz"))
(sha256 (sha256
(base32 (base32
"12196z8dhdzxq8mjj0rlvhr6wchmi6z33ym36yqqrp4m52xjz7q5")))) "1dngi0cs3p423b9j5ihypq3s95w4ns0pjlmyi54kpfwi31nk3s0i"))))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
(list #:install-plan (list #:install-plan

6
rosenthal/packages/networking.scm
View File

@ -14,7 +14,7 @@
(define-public cloudflared (define-public cloudflared
(package (package
(name "cloudflared") (name "cloudflared")
(version "2024.9.1") (version "2024.8.3")
(source (origin (source (origin
(method git-fetch) (method git-fetch)
(uri (git-reference (uri (git-reference
@ -26,10 +26,10 @@
;; (snippet '(delete-file-recursively "vendor")) ;; (snippet '(delete-file-recursively "vendor"))
(sha256 (sha256
(base32 (base32
"0391nrvxi1hlqgd20p0jh0c8smgqfazviijs5ins8wsbszrbjmrw")))) "1q97279qjajbdblg6ggvgkw2x02p8vvzcv3f9jw5na9psdq6hif3"))))
(build-system go-build-system) (build-system go-build-system)
(arguments (arguments
(list #:go go-1.23 (list #:go go-1.22
#:install-source? #f #:install-source? #f
#:import-path "github.com/cloudflare/cloudflared/cmd/cloudflared" #:import-path "github.com/cloudflare/cloudflared/cmd/cloudflared"
#:unpack-path "github.com/cloudflare/cloudflared" #:unpack-path "github.com/cloudflare/cloudflared"

42
rosenthal/services/bittorrent.scm
View File

@ -11,12 +11,9 @@
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services configuration) #:use-module (gnu services configuration)
#:use-module (gnu services shepherd) #:use-module (gnu services shepherd)
#:use-module (gnu home services)
#:use-module (gnu home services shepherd)
#:use-module (gnu system shadow) #:use-module (gnu system shadow)
#:export (qbittorrent-configuration #:export (qbittorrent-configuration
qbittorrent-service-type qbittorrent-service-type))
home-qbittorrent-service-type))
;; ;;
;; qBittorrent ;; qBittorrent
@ -109,40 +106,3 @@ WebUI\\Password_PBKDF2=\"@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtH
(const %qbittorrent-accounts)))) (const %qbittorrent-accounts))))
(default-value (qbittorrent-configuration)) (default-value (qbittorrent-configuration))
(description "Run qBittorrent daemon."))) (description "Run qBittorrent daemon.")))
(define home-qbittorrent-activation
#~(let ((config-file
(string-append
(or (getenv "XDG_CONFIG_HOME")
(string-append user-homedir "/.config"))
"/qBittorrent/qBittorrent.conf")))
(unless (file-exists? config-file)
(mkdir-p (dirname config-file))
(copy-file #$%qbittorrent-default-config-file config-file))))
(define home-qbittorrent-shepherd-service
(match-record-lambda <qbittorrent-configuration>
(qbittorrent webui-port extra-options)
(list (shepherd-service
(documentation "Run qbittorrent.")
(provision '(qbittorrent))
(requirement '())
(start
#~(make-forkexec-constructor
(list
#$(file-append qbittorrent "/bin/qbittorrent-nox")
#$(string-append "--webui-port=" (number->string webui-port))
#$@extra-options)))
(stop #~(make-kill-destructor #:grace-period 1800))
(auto-start? #f)))))
(define home-qbittorrent-service-type
(service-type
(name 'qbittorrent)
(extensions
(list (service-extension home-activation-service-type
(const home-qbittorrent-activation))
(service-extension home-shepherd-service-type
home-qbittorrent-shepherd-service)))
(default-value (qbittorrent-configuration))
(description "Run qBittorrent daemon.")))

43
rosenthal/services/child-error.scm
View File

@ -146,6 +146,9 @@
"The cloudflared executable.") "The cloudflared executable.")
;; Tunnel options ;; Tunnel options
(metrics
(string "localhost:")
"Listen address for metrics reporting.")
(log-level (log-level
(string "info") (string "info")
"Application logging level (@code{debug}, @code{info}, @code{warn}, "Application logging level (@code{debug}, @code{info}, @code{warn},
@ -163,6 +166,12 @@ headers. This can expose sensitive information in your logs.")
(token (token
(string "") (string "")
"The Tunnel token.") "The Tunnel token.")
(http2-origin?
(boolean #f)
"Enable HTTP/2 origin servers.")
(post-quantum?
(boolean #f)
"Create an experimental post-quantum secure tunnel.")
(extra-options (extra-options
(list-of-strings '()) (list-of-strings '())
"List of extra options.") "List of extra options.")
@ -174,8 +183,8 @@ headers. This can expose sensitive information in your logs.")
(define cloudflare-tunnel-shepherd-service (define cloudflare-tunnel-shepherd-service
(match-record-lambda <cloudflare-tunnel-configuration> (match-record-lambda <cloudflare-tunnel-configuration>
(cloudflared log-level log-file extra-tunnel-options (cloudflared metrics log-level log-file extra-tunnel-options
token extra-options) token http2-origin? post-quantum? extra-options)
(list (shepherd-service (list (shepherd-service
(documentation "Run cloudflared.") (documentation "Run cloudflared.")
(provision '(cloudflare-tunnel)) (provision '(cloudflare-tunnel))
@ -184,9 +193,17 @@ headers. This can expose sensitive information in your logs.")
(list #$(file-append cloudflared "/bin/cloudflared") (list #$(file-append cloudflared "/bin/cloudflared")
"tunnel" "tunnel"
"--no-autoupdate" "--no-autoupdate"
"--metrics" #$metrics
"--loglevel" #$log-level "--loglevel" #$log-level
#$@extra-tunnel-options #$@extra-tunnel-options
"run" "run"
#$@(if http2-origin?
'("--http2-origin")
'())
#$@(if post-quantum?
'("--post-quantum")
'())
#$@extra-options) #$@extra-options)
#:user "nobody" #:user "nobody"
#:group "nogroup" #:group "nogroup"
@ -225,10 +242,7 @@ headers. This can expose sensitive information in your logs.")
(documentation "Run warp-svc.") (documentation "Run warp-svc.")
(provision '(cloudflare-warp)) (provision '(cloudflare-warp))
(start #~(make-forkexec-constructor (start #~(make-forkexec-constructor
(list #$(file-append cloudflare-warp "/bin/warp-svc")) (list #$(file-append cloudflare-warp "/bin/warp-svc"))))
;; Logs are written to
;; /var/lib/cloudflare-warp/cfwarp_service_log.txt.
#:log-file "/dev/null"))
(stop #~(make-kill-destructor)))))) (stop #~(make-kill-destructor))))))
(define cloudflare-warp-service-type (define cloudflare-warp-service-type
@ -249,8 +263,6 @@ headers. This can expose sensitive information in your logs.")
;; ;;
(define-maybe string)
(define-configuration miniflux-configuration (define-configuration miniflux-configuration
(miniflux (miniflux
(file-like miniflux) (file-like miniflux)
@ -258,9 +270,6 @@ headers. This can expose sensitive information in your logs.")
(log-file (log-file
(string "/var/log/miniflux.log") (string "/var/log/miniflux.log")
"Where the logs go.") "Where the logs go.")
(proxy-url
maybe-string
"Proxy URL to use.")
(options (options
(alist '()) (alist '())
"Association list of miniflux configuration options.") "Association list of miniflux configuration options.")
@ -281,7 +290,7 @@ headers. This can expose sensitive information in your logs.")
(define miniflux-shepherd-service (define miniflux-shepherd-service
(match-record-lambda <miniflux-configuration> (match-record-lambda <miniflux-configuration>
(miniflux log-file proxy-url options) (miniflux log-file options)
(let ((config-file (mixed-text-file (let ((config-file (mixed-text-file
"miniflux.conf" "miniflux.conf"
(apply string-append (apply string-append
@ -294,16 +303,10 @@ headers. This can expose sensitive information in your logs.")
(provision '(miniflux)) (provision '(miniflux))
(requirement '(postgres user-processes)) (requirement '(postgres user-processes))
(start #~(make-forkexec-constructor (start #~(make-forkexec-constructor
(list #$(file-append miniflux "/bin/miniflux") (list #$miniflux "-config-file" #$config-file)
"-config-file" #$config-file)
#:user "miniflux" #:user "miniflux"
#:group "nogroup" #:group "nogroup"
#:log-file #$log-file #:log-file #$log-file))
#:environment-variables
'#$(if (maybe-value-set? proxy-url)
(list (string-append "HTTP_PROXY=" proxy-url)
(string-append "HTTPS_PROXY=" proxy-url))
'())))
(stop #~(make-kill-destructor))))))) (stop #~(make-kill-destructor)))))))
(define miniflux-service-type (define miniflux-service-type

66
rosenthal/services/networking.scm
View File

@ -375,23 +375,56 @@ list, power save will be disabled."))
"The tailscale package to use.") "The tailscale package to use.")
(iptables (iptables
(file-like iptables-nft) (file-like iptables)
"The iptables package to use.") "The iptables package to use.")
(log-file (log-file
(string "/var/log/tailscaled.log") (string "/var/log/tailscaled.log")
"Path to log file.") "Path to log file.")
(bird-socket
maybe-string
"Path of the bird UNIX socket.")
(debug-server
maybe-string
"Listen address ([ip]:port) of optional debug server.")
(port
(integer 0)
"UDP port to listen for WireGuard and peer-to-peer traffic; 0 means
automatically select.")
(socket (socket
(string "/run/tailscale/tailscaled.sock") (string "/var/run/tailscale/tailscaled.sock")
"Path of the service UNIX socket.") "Path of the service UNIX socket.")
(http-proxy-server
maybe-string
"[ip]:port to run an outbound HTTP proxy (e.g. \"localhost:8080\").")
(socks5-server
maybe-string
"[ip]:port to run a SOCKS5 server (e.g. \"localhost:1080\").")
(state-directory (state-directory
(string "/var/lib/tailscale") (string "/var/lib/tailscale")
"Path to directory for storage of config state, TLS certs, temporary incoming "Path to directory for storage of config state, TLS certs, temporary incoming
Taildrop files, etc. If empty, it's derived from @code{state-file} when Taildrop files, etc. If empty, it's derived from @code{state-file} when
possible.") possible.")
(state-file
maybe-string
"Absolute path of state file; use @code{kube:<secret-name>} to use Kubernetes
secrets or @code{arn:aws:ssm:...} to store in AWS SSM; use 'mem:' to not store
state and register as an ephemeral node. If empty and @code{state-directory} is
provided, the default is @code{<state-directory>/tailscaled.state}.")
(tunnel-interface
(string "tailscale0")
"Tunnel interface name; use @code{\"userspace-networking\"} (beta) to not use
TUN.")
(upload-log? (upload-log?
(boolean #f) (boolean #f)
"Whether to upload logs or not, technical support is also disabled when set "Whether to upload logs or not, technical support is also disabled when set
@ -400,10 +433,6 @@ to #f.")
(verbosity (verbosity
(integer 0) (integer 0)
"Log verbosity level; 0 is default, 1 or higher are increasingly verbose.") "Log verbosity level; 0 is default, 1 or higher are increasingly verbose.")
(extra-options
(list-of-strings '())
"List of extra options.")
(no-serialization)) (no-serialization))
(define (tailscale-log-rotations config) (define (tailscale-log-rotations config)
@ -412,8 +441,9 @@ to #f.")
(define tailscale-shepherd-service (define tailscale-shepherd-service
(match-record-lambda <tailscale-configuration> (match-record-lambda <tailscale-configuration>
(tailscale iptables log-file socket state-directory (tailscale iptables log-file bird-socket debug-server port socket
upload-log? verbosity extra-options) http-proxy-server socks5-server state-directory state-file
tunnel-interface upload-log? verbosity)
(let ((environment (let ((environment
#~(list (string-append "PATH=" #~(list (string-append "PATH="
(string-join (string-join
@ -428,13 +458,29 @@ to #f.")
#~(make-forkexec-constructor #~(make-forkexec-constructor
(list (list
#$(file-append tailscale "/bin/tailscaled") #$(file-append tailscale "/bin/tailscaled")
#$@(if (maybe-value-set? bird-socket)
`("-bird-socket" ,bird-socket)
'())
#$@(if (maybe-value-set? debug-server)
`("-debug" ,debug-server)
'())
#$@(if upload-log? #$@(if upload-log?
'() '()
'("-no-logs-no-support")) '("-no-logs-no-support"))
#$@(if (maybe-value-set? http-proxy-server)
`("-outbound-http-proxy-listen" ,http-proxy-server)
'())
"-port" #$(number->string port)
"-socket" #$socket "-socket" #$socket
#$@(if (maybe-value-set? socks5-server)
`("-socks5-server" ,socks5-server)
'())
#$@(if (maybe-value-set? state-file)
`("-state" ,state-file)
'())
"-statedir" #$state-directory "-statedir" #$state-directory
"-verbose" #$(number->string verbosity) "-tun" #$tunnel-interface
#$@extra-options) "-verbose" #$(number->string verbosity))
#:environment-variables #$environment #:environment-variables #$environment
#:log-file #$log-file)) #:log-file #$log-file))
(stop #~(make-kill-destructor))))))) (stop #~(make-kill-destructor)))))))

311
rosenthal/services/web.scm
View File

@ -1,311 +0,0 @@
;; SPDX-FileCopyrightText: 2024 Hilton Chain <hako@ultrarare.space>
;;
;; SPDX-License-Identifier: GPL-3.0-or-later
(define-module (rosenthal services web)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (gnu packages admin)
#:use-module (gnu services)
#:use-module (gnu services admin)
#:use-module (gnu services configuration)
#:use-module (gnu services databases)
#:use-module (gnu services docker)
#:use-module (gnu system shadow)
#:use-module (rosenthal utils home-services-utils)
#:export (jellyfin-configuration
jellyfin-service-type
misskey-configuration
misskey-service-type
vaultwarden-configuration
vaultwarden-service-type))
;;
;; Jellyfin
;;
(define-maybe string)
(define-configuration jellyfin-configuration
(cache-directory
(string "/var/cache/jellyfin")
"Path to cache directory.")
(config-directory
(string "/var/lib/jellyfin")
"Path to configuration directory.")
(proxy-url
maybe-string
"Proxy URL.")
(log-file
(string "/var/log/jellyfin.log")
"Path to log file.")
(extra-options
(list-of-strings '())
"List of extra options.")
(no-serialization))
(define %jellyfin-accounts
(list (user-account
(name "jellyfin")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define jellyfin-log-rotations
(match-record-lambda <jellyfin-configuration>
(log-file)
(list (log-rotation
(files (list log-file))))))
(define jellyfin-activation
(match-record-lambda <jellyfin-configuration>
(cache-directory config-directory)
#~(let ((user (getpwnam "jellyfin")))
(for-each
(lambda (directory)
(unless (file-exists? directory)
(mkdir-p directory)
(chown directory (passwd:uid user) (passwd:gid user))))
'#$(list cache-directory config-directory)))))
(define jellyfin-oci-containers
(match-record-lambda <jellyfin-configuration>
(cache-directory config-directory proxy-url log-file extra-options)
(list (oci-container-configuration
(user "jellyfin")
(group "docker")
(environment
(if (maybe-value-set? proxy-url)
`(("http_proxy" . ,proxy-url)
("https_proxy" . ,proxy-url))
'()))
(image "jellyfin/jellyfin:latest")
(provision "jellyfin")
(log-file log-file)
(respawn? #t)
(network "host")
(volumes
`((,cache-directory . "/cache")
(,config-directory . "/config")))
(extra-arguments extra-options)))))
(define jellyfin-service-type
(service-type
(name 'jellyfin)
(extensions
(list (service-extension account-service-type
(const %jellyfin-accounts))
(service-extension activation-service-type
jellyfin-activation)
(service-extension rottlog-service-type
jellyfin-log-rotations)
(service-extension oci-container-service-type
jellyfin-oci-containers)))
(default-value (jellyfin-configuration))
(description "Run Jellyfin, a media system.")))
;;
;; Misskey
;;
(define-configuration misskey-configuration
(image
(string "misskey/misskey:latest")
"Misskey docker image to use.")
(config
(yaml-config '())
"Alist of Misskey configuration, to be serialized to YAML format.")
(data-directory
(string "/var/lib/misskey")
"Directory to store @file{files} in.")
(log-file
(string "/var/log/misskey.log")
"Log file to use.")
(no-serialization))
(define %misskey-accounts
(list (user-account
(name "misskey")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define %misskey-postgresql-role
(list (postgresql-role
(name "misskey")
(create-database? #t))))
(define misskey-log-rotations
(match-record-lambda <misskey-configuration>
(log-file)
(list (log-rotation
(files (list log-file))))))
(define misskey-activation
(match-record-lambda <misskey-configuration>
(data-directory)
#~(begin
(use-modules (guix build utils))
(let ((user (getpwnam "misskey")))
(unless (file-exists? #$data-directory)
(mkdir-p #$data-directory)
(chown #$data-directory (passwd:uid user) (passwd:gid user)))))))
(define misskey-oci-containers
(match-record-lambda <misskey-configuration>
(image config data-directory log-file )
(let ((config-file
(mixed-text-file
"misskey.yaml"
#~(string-append #$@(serialize-yaml-config config) "\n"))))
(list (oci-container-configuration
(user "misskey")
(group "docker")
(image image)
(provision "misskey")
(requirement '(postgresql redis))
(log-file log-file)
(respawn? #t)
(network "host")
(volumes
`((,(string-append data-directory "/files") . "/misskey/files")
(,config-file . "/misskey/.config/default.yml"))))))))
(define misskey-service-type
(service-type
(name 'misskey)
(extensions
(list (service-extension account-service-type
(const %misskey-accounts))
(service-extension postgresql-role-service-type
(const %misskey-postgresql-role))
(service-extension rottlog-service-type
misskey-log-rotations)
(service-extension activation-service-type
misskey-activation)
(service-extension oci-container-service-type
misskey-oci-containers)))
(default-value (misskey-configuration))
(description "Run Misskey, an interplanetary microblogging platform.")))
;;
;; Vaultwarden
;;
(define-configuration vaultwarden-configuration
(admin-token
maybe-string
"Token for the admin interface, preferably an Argon2 PCH string.")
(database-url
(string "postgresql://user:password@host:port/database")
"Database URL.")
(port
(integer 8000)
"Port to listen on.")
(data-directory
(string "/var/lib/vaultwarden")
"Main data folder.")
(log-file
(string "/var/log/vaultwarden.log")
"Logging to this file.")
(proxy-url
maybe-string
"Proxy URL to use.")
(extra-options
(alist '())
"Extra options.")
(no-serialization))
(define %vaultwarden-accounts
(list (user-account
(name "vaultwarden")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define %vaultwarden-postgresql-role
(list (postgresql-role
(name "vaultwarden")
(create-database? #t))))
(define vaultwarden-log-rotations
(match-record-lambda <vaultwarden-configuration>
(log-file)
(list (log-rotation
(files (list log-file))))))
(define vaultwarden-activation
(match-record-lambda <vaultwarden-configuration>
(data-directory log-file)
#~(begin
(use-modules (guix build utils))
(let ((user (getpwnam "vaultwarden")))
(unless (file-exists? #$data-directory)
(mkdir-p #$data-directory)
(chown #$data-directory (passwd:uid user) (passwd:gid user)))
(unless (file-exists? #$log-file)
(mkdir-p (dirname #$log-file))
(call-with-output-file #$log-file
(lambda (port)
(write-char #\newline port)))
(chown #$log-file (passwd:uid user) (passwd:gid user)))))))
(define vaultwarden-oci-containers
(match-record-lambda <vaultwarden-configuration>
(admin-token database-url port data-directory log-file proxy-url extra-options)
(list (oci-container-configuration
(user "vaultwarden")
(group "docker")
(host-environment
`(,@(if (maybe-value-set? admin-token)
`(("ADMIN_TOKEN" . ,admin-token))
'())
("DATABASE_URL" . ,database-url)))
(environment
`(,@(if (maybe-value-set? proxy-url)
`(("HTTP_PROXY" . ,proxy-url))
'())
("LOG_FILE" . "vaultwarden.log")
("ROCKET_PORT" . ,(number->string port))
("USE_SYSLOG" . "True")
,@extra-options))
(image "vaultwarden/server:latest-alpine")
(provision "vaultwarden")
(requirement '(postgresql))
(respawn? #t)
(network "host")
(volumes
`((,data-directory . "/data")
(,log-file . "/vaultwarden.log")))
(extra-arguments
`(,@(if (maybe-value-set? admin-token)
'("--env" "ADMIN_TOKEN")
'())
"--env" "DATABASE_URL"))))))
(define vaultwarden-service-type
(service-type
(name 'vaultwarden)
(extensions
(list (service-extension account-service-type
(const %vaultwarden-accounts))
(service-extension postgresql-role-service-type
(const %vaultwarden-postgresql-role))
(service-extension activation-service-type
vaultwarden-activation)
(service-extension rottlog-service-type
vaultwarden-log-rotations)
(service-extension oci-container-service-type
vaultwarden-oci-containers)))
(default-value (vaultwarden-configuration))
(description "Run Vaultwarden, a Bitwarden compatible server.")))