diff options
| author | Frederick Muriuki Muriithi | 2024-11-07 08:51:43 -0600 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-11-07 10:56:23 -0600 |
| commit | 4e6b192bd61e2d93dede6bd104e00f1a952544fa (patch) | |
| tree | f25a72548680568d4d2098d41d1f2571690ccea5 | |
| parent | b6f6efa585940b1c20908262b01519baef6d671a (diff) | |
| download | gn-machines-4e6b192bd61e2d93dede6bd104e00f1a952544fa.tar.gz | |
Update service to handle HTTPS certificates in container.
Add the uacme service to the public-sparql container and update the services in order to automate the retrieval and update of HTTPS certificates within the container.
| -rwxr-xr-x | public-sparql-deploy.sh | 1 | ||||
| -rw-r--r-- | public-sparql.scm | 119 |
2 files changed, 76 insertions, 44 deletions
diff --git a/public-sparql-deploy.sh b/public-sparql-deploy.sh index d910747..7344979 100755 --- a/public-sparql-deploy.sh +++ b/public-sparql-deploy.sh @@ -23,6 +23,7 @@ container_script=$(guix system container \ --network \ --verbosity=3 \ --share=/export2/guix-containers/public-sparql/var/lib/virtuoso=/var/lib/virtuoso \ + --share=/export2/guix-containers/public-sparql/var/lib/acme=/var/lib/acme \ --share=/export2/guix-containers/public-sparql/tmp=/tmp \ --share=/export2/guix-containers/public-sparql/var/log=/var/log \ public-sparql.scm) diff --git a/public-sparql.scm b/public-sparql.scm index 76c9f3a..9ea307f 100644 --- a/public-sparql.scm +++ b/public-sparql.scm @@ -17,51 +17,82 @@ ;;; along with genenetwork-machines. If not, see ;;; <https://www.gnu.org/licenses/>. -(use-modules (gnu) +(use-modules (guix records) + (gnu) + (gnu services web) + (gnu packages admin) (gn services databases) - (gnu services web)) + (forge acme) + (forge nginx) + (forge socket)) -(define (virtuoso-reverse-proxy-server-block listen sparql-port) - "Return an <nginx-server-configuration> object listening on LISTEN to -reverse proxy the Virtuoso server. SPARQL-PORT is the port virtuoso's -SPARQL endpoint is listening on." - (nginx-server-configuration - (server-name '("sparql.genenetwork.org")) - (listen (list listen)) - (locations - (list (nginx-location-configuration - (uri "/") - (body (list (string-append "proxy_pass http://localhost:" - (number->string sparql-port) ";") - "proxy_set_header Host $host;"))))))) - -(define %reverse-proxy-port 8990) (define %virtuoso-port 8981) -(define %sparql-port 8982) -(operating-system - (host-name "sparql") - (timezone "UTC") - (locale "en_US.utf8") - (bootloader (bootloader-configuration - (bootloader grub-bootloader) - (targets (list "/dev/sdX")))) - (file-systems %base-file-systems) - (users %base-user-accounts) - (packages %base-packages) - (services (cons* (service virtuoso-service-type - (virtuoso-configuration - (server-port %virtuoso-port) - (http-server-port %sparql-port) - (number-of-buffers 4000000) - (dirs-allowed "/var/lib/virtuoso") - (maximum-dirty-buffers 3000000) - (database-file "/var/lib/virtuoso/public-virtuoso.db") - (transaction-file "/var/lib/virtuoso/public-virtuoso.trx"))) - (service nginx-service-type - (nginx-configuration - (server-blocks - (list (virtuoso-reverse-proxy-server-block - (number->string %reverse-proxy-port) - %sparql-port))))) - %base-services))) +(define-record-type* <sparql-configuration> + sparql-configuration make-sparql-configuration sparql-configuration? + + (server-name sparql-configuration-server-name + (default "sparql.genenetwork.org")) + (virtuoso-configuration sparql-configuration-virtuoso-configuration + (default (virtuoso-configuration + (server-port 8981) + (http-server-port 8982) + (number-of-buffers 4000000) + (dirs-allowed "/var/lib/virtuoso") + (maximum-dirty-buffers 3000000) + (database-file "/var/lib/virtuoso/public-virtuoso.db") + (transaction-file "/var/lib/virtuoso/public-virtuoso.trx"))))) + +(define (virtuoso-reverse-proxy-server-block config) + "Return an <nginx-server-configuration> to reverse proxy the Virtuoso server." + (match-record config <sparql-configuration> (server-name virtuoso-configuration) + (list (nginx-server-configuration + (server-name (list server-name)) + (locations + (list (nginx-location-configuration + (uri "/") + (body (list (string-append + "proxy_pass http://localhost:" + (number->string + (virtuoso-configuration-http-server-port virtuoso-configuration)) + ";") + "proxy_set_header Host $host;"))))))))) + +(define sparql-service-type + (service-type + (name 'public-sparql) + (description "Expose a virtuoso service to the public") + (extensions + (list (service-extension forge-nginx-service-type + virtuoso-reverse-proxy-server-block))))) + +(let ((sparql-config (sparql-configuration))) + (operating-system + (host-name "sparql") + (timezone "UTC") + (locale "en_US.utf8") + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (targets (list "/dev/sdX")))) + (file-systems %base-file-systems) + (users %base-user-accounts) + (sudoers-file + (mixed-text-file "sudoers" + "@include " %sudoers-specification + "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n")) + (packages %base-packages) + (services (cons* (service forge-nginx-service-type + (forge-nginx-configuration + (http-listen (forge-ip-socket + (ip "0.0.0.0") + (port 8990))) + (https-listen (forge-ip-socket + (ip "0.0.0.0") + (port 8991))))) + (service acme-service-type + (acme-configuration + (email "arunisaac@systemreboot.net"))) + (service virtuoso-service-type + (sparql-configuration-virtuoso-configuration sparql-config)) + (service sparql-service-type sparql-config) + %base-services)))) |