diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-08-30 11:40:19 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-08-30 11:40:19 +0200 |
| commit | 9e71165dd3fa31accbcce8d5875aa774ab8b8fe1 (patch) | |
| tree | 6de9d1246e80fd8ad391840c5da47aca24999592 /container.scm | |
| parent | 41d988a7ae42eb5038be051d208a6164b576e189 (diff) | |
| download | koszko-org-server-9e71165dd3fa31accbcce8d5875aa774ab8b8fe1.tar.gz koszko-org-server-9e71165dd3fa31accbcce8d5875aa774ab8b8fe1.zip | |
run Exim in container
Diffstat (limited to 'container.scm')
| -rw-r--r-- | container.scm | 106 |
1 files changed, 99 insertions, 7 deletions
diff --git a/container.scm b/container.scm index 7caf4fe..a513dda 100644 --- a/container.scm +++ b/container.scm @@ -4,15 +4,14 @@ ;; ;; Available under the terms of Creative Commons Zero v1.0 Universal. -(use-modules (gnu) +(use-modules ((srfi srfi-1) #:select (append-map filter-map)) + (gnu) (koszko-org-website) (sheets-websites) (hydrilla-website) (hydrilla-json-schemas) (hydrilla-base) (ice-9 match) - ;; srfi-1 provides `append-map`. - (srfi srfi-1) ;; srfi-26 provides `cut`. (srfi srfi-26) (guix records) @@ -24,14 +23,17 @@ (guix packages) (guix search-paths) (guix modules) + ((guix utils) #:select (substitute-keyword-arguments)) ;; The following exports account-service-type. (gnu system shadow)) (use-package-modules web python - version-control) + version-control + mail) (use-service-modules web shepherd - certbot) + certbot + mail) (define %here (getcwd)) @@ -376,6 +378,10 @@ "CustomLog /var/log/httpd/access.log combined" "\n" "ScriptSock /var/run/cgid.sock" "\n"))))))) +(define (extension-of-type? ext type) + (eq? (service-type-name (service-extension-target ext)) + (service-type-name type))) + (define %koszko-httpd-deploy-hook (program-file "httpd-deploy-hook" @@ -416,8 +422,7 @@ ;; Prevent certbot from pulling in Nginx — we use Apache here. (extensions (filter (lambda (ext) - (not (eq? (service-type-name (service-extension-target ext)) - (service-type-name nginx-service-type)))) + (not (extension-of-type? ext nginx-service-type))) (service-type-extensions certbot-service-type)))) (certbot-configuration (email "koszko@koszko.org") @@ -437,6 +442,66 @@ (deploy-hook %koszko-httpd-deploy-hook))))) %all-site-confs))))) +(define koszko-exim-service-type + (service-type + (inherit exim-service-type) + (extensions (filter-map + (lambda (ext) + (cond + ((extension-of-type? ext account-service-type) + ;; Avoid double declaration of "exim" user and group. + #f) + ((extension-of-type? ext activation-service-type) + ;; Make exim logs accessible under /var/log + (let ((old-activation (service-extension-compute ext))) + (define (new-activation exim-config) + #~(begin + (symlink "../spool/exim/log" "/var/log/exim") + #$(old-activation exim-config))) + + (service-extension activation-service-type + new-activation))) + (else + ext))) + (service-type-extensions exim-service-type))))) + +(define %koszko-exim-service + (service koszko-exim-service-type + (exim-configuration + (package (package/inherit exim + (arguments + (substitute-keyword-arguments + (package-arguments exim) + ((#:phases phases) + #~(modify-phases #$phases + (add-after 'configure 'configure-enable-maildir + (lambda _ + (substitute* "Local/Makefile" + (("# (SUPPORT_MAILDIR=yes)" all line) + line)))))))))) + (config-file (local-file "./exim.conf"))))) + +(define %koszko-mail-aliases-service + (service mail-aliases-service-type + '(("mailer-daemon" "postmaster") + ("postmaster" "root") + ("nobody" "root") + ("hostmaster" "root") + ("usenet" "root") + ("news" "root") + ("webmaster" "root") + ("www" "root") + ("ftp" "root") + ("abuse" "root") + ("noc" "root") + ("security" "root") + ("root" "urz") + ("dmarc" "urz") + ("admin" "urz") + ("wk" "urz") + ("koszko" "urz") + ("my-contribution-is-licensed-cc0" "urz")))) + (operating-system (host-name "koszko") (timezone "Europe/Warsaw") @@ -445,6 +510,10 @@ ;; files that are readable by certain daemons and not readable by the ;; world. (user-group + (name "exim") + (id 113) + (system? #t)) + (user-group (name "httpd") (id 133) (system? #t)) @@ -456,9 +525,21 @@ (name "certsaccess") (id 1001) (system? #t)) + (user-group + (name "urz") + (id 1000)) + (user-group + (name "joanna") + (id 1003)) %base-groups)) (users (cons* (user-account + (name "exim") + (group "exim") + (supplementary-groups '("certsaccess")) + (uid 106) + (system? #t)) + (user-account (name "httpd") (group "httpd") (supplementary-groups '("gitolite3" "certsaccess")) @@ -472,6 +553,15 @@ (group "gitolite3") (uid 110) (system? #t)) + (user-account + (name "urz") + (group "urz") + (supplementary-groups '("cdrom" "floppy" "audio" "video" "netdev")) + (uid 1000)) + (user-account + (name "joanna") + (group "joanna") + (uid 1001)) %base-user-accounts)) (file-systems (cons (file-system (device (file-system-label "does-not-matter")) @@ -498,4 +588,6 @@ (description "Make other services assume network is there.")) #f) %koszko-certbot-service + %koszko-exim-service + %koszko-mail-aliases-service %base-services))) |