Move the code under guix/ and add a service definition

4 files changed, 79 insertions, 0 deletions

diff --git a/.guix-channel b/.guix-channel
new file mode 100644
index 0000000..523da3b
--- /dev/null
+++ b/.guix-channel
@@ -0,0 +1,7 @@
+(channel
+ (version 0)
+ (directory "guix")
+ (dependencies
+  (channel
+   (name guix-extra-services)
+   (url "https://labo.planete-kraus.eu/guix-extra-services.git"))))
diff --git a/vkraus/config/blog-release.scm b/guix/vkraus/config/blog-release.scm
index 1ab7747..1ab7747 100644
--- a/vkraus/config/blog-release.scm
+++ b/guix/vkraus/config/blog-release.scm
diff --git a/vkraus/packages/blog.scm b/guix/vkraus/packages/blog.scm
index 0435225..0435225 100644
--- a/vkraus/packages/blog.scm
+++ b/guix/vkraus/packages/blog.scm
diff --git a/guix/vkraus/services/blog.scm b/guix/vkraus/services/blog.scm
new file mode 100644
index 0000000..e1ca015
--- /dev/null
+++ b/guix/vkraus/services/blog.scm
@@ -0,0 +1,72 @@
+(define-module (vkraus services blog)
+  #:use-module ((gnu services)
+                #:select (service-type
+                          service-extension))
+  #:use-module ((gnu services web)
+                #:select (nginx-service-type
+                          nginx-server-configuration
+                          nginx-location-configuration))
+  #:use-module ((gnu services certbot)
+                #:select (certbot-service-type
+                          certificate-configuration))
+  #:use-module ((vkraus services simple-firewall)
+                #:select (simple-firewall-configuration
+                          simple-firewall-service-type))
+  #:use-module ((vkraus packages blog)
+                #:select (blog))
+  #:use-module ((guix gexp)
+                #:select (file-append program-file gexp))
+  #:use-module ((oop goops)
+                #:select (define-class
+                           define-method
+                           make
+                           slot-ref
+                           slot-set!
+                           deep-clone))
+  #:re-export (make)
+  #:export (<blog-configuration>
+            blog-service-type)
+  #:duplicates (merge-generics)
+  #:declarative? #t)
+
+(define-class <blog-configuration> ()
+  (blog #:init-keyword #:blog #:init-value blog)
+  (domain-name #:init-keyword #:domain-name))
+
+(define-method (nginx-extension (cfg <blog-configuration>))
+  (list
+   (nginx-server-configuration
+    (server-name (list (slot-ref cfg 'domain-name)))
+    (listen '("443 ssl" "[::]:443 ssl"))
+    (ssl-certificate
+     (format #f "/etc/letsencrypt/live/~a/fullchain.pem"
+             (slot-ref cfg 'domain-name)))
+    (ssl-certificate-key
+     (format #f "/etc/letsencrypt/live/~a/privkey.pem"
+             (slot-ref cfg 'domain-name)))
+    (root (file-append (slot-ref cfg 'blog) "/share/www/blog/")))))
+
+(define-method (certbot-extension (cfg <blog-configuration>))
+  (list
+   (certificate-configuration
+    (domains (list (slot-ref cfg 'domain-name)))
+    (deploy-hook
+     (program-file
+      "refresh-nginx"
+      #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+	  (kill pid SIGHUP)))))))
+
+(define-method (simple-firewall-extension (cfg <blog-configuration>))
+  (list
+   (simple-firewall-configuration #f '(http https) '(http https))))
+
+(define blog-service-type
+  (service-type
+   (name 'blog)
+   (description
+    "Serve the blog pages.")
+   (extensions
+    (list
+     (service-extension nginx-service-type nginx-extension)
+     (service-extension certbot-service-type certbot-extension)
+     (service-extension simple-firewall-service-type simple-firewall-extension)))))