1 files changed, 21 insertions, 10 deletions

diff --git a/public-sparql.scm b/public-sparql.scm
index 76c9f3a..4603cec 100644
--- a/public-sparql.scm
+++ b/public-sparql.scm
@@ -19,15 +19,17 @@
 
 (use-modules (gnu)
              (gn services databases)
-             (gnu services web))
+             (gnu services web)
+             ((gnu packages admin) #:select (shepherd))
+             (forge nginx)
+             (forge socket))
 
-(define (virtuoso-reverse-proxy-server-block listen sparql-port)
+(define (virtuoso-reverse-proxy-server-block sparql-port)
   "Return an <nginx-server-configuration> object listening on LISTEN to
 reverse proxy the Virtuoso server. SPARQL-PORT is the port virtuoso's
 SPARQL endpoint is listening on."
   (nginx-server-configuration
    (server-name '("sparql.genenetwork.org"))
-   (listen (list listen))
    (locations
     (list (nginx-location-configuration
            (uri "/")
@@ -35,9 +37,10 @@ SPARQL endpoint is listening on."
                                       (number->string sparql-port) ";")
                        "proxy_set_header Host $host;")))))))
 
-(define %reverse-proxy-port 8990)
+(define %reverse-http-proxy-port 8990)
 (define %virtuoso-port 8981)
 (define %sparql-port 8982)
+(define %reverse-https-proxy-port 8993)
 
 (operating-system
   (host-name "sparql")
@@ -48,20 +51,28 @@ SPARQL endpoint is listening on."
                (targets (list "/dev/sdX"))))
   (file-systems %base-file-systems)
   (users %base-user-accounts)
+  (sudoers-file
+   (mixed-text-file "sudoers"
+                    "@include " %sudoers-specification
+                    "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n"))
   (packages %base-packages)
   (services (cons* (service virtuoso-service-type
                             (virtuoso-configuration
                              (server-port %virtuoso-port)
                              (http-server-port %sparql-port)
 			     (number-of-buffers 4000000)
-			     (dirs-allowed "/var/lib/virtuoso")
+			     (dirs-allowed (list "/export/data/virtuoso"))
 			     (maximum-dirty-buffers 3000000)
                              (database-file "/var/lib/virtuoso/public-virtuoso.db")
                              (transaction-file "/var/lib/virtuoso/public-virtuoso.trx")))
-                   (service nginx-service-type
-                            (nginx-configuration
+                   (service forge-nginx-service-type
+                            (forge-nginx-configuration
+                             (http-listen (forge-ip-socket
+                                           (ip "0.0.0.0")
+                                           (port %reverse-http-proxy-port)))
+                             (https-listen (forge-ip-socket
+                                            (ip "0.0.0.0")
+                                            (port %reverse-https-proxy-port)))
                              (server-blocks
-                              (list (virtuoso-reverse-proxy-server-block
-                                     (number->string %reverse-proxy-port)
-                                     %sparql-port)))))
+                              (list (virtuoso-reverse-proxy-server-block %sparql-port)))))
                    %base-services)))