trying-to-get-various-things-to-work.org 9.4 KB
Trying to get various things to work.
trying to get a guile service to start my locally running web app.
;; (gpg-agent)
;;(gnu services guile-web)
;; (use-service-modules avahi databases dict desktop
;; networking shepherd sysctl xorg web)
;; (use-package-modules certs)
;; (display
;; (module-variable (resolve-interface
;; '(guile-web)) 'guile-web-service-type))
;; (display "\n")
;; (display
;; (module-variable (resolve-interface
;; '(guile-web)) 'guile-web-service))
;; (display "\n")
;; (display
;; (module-variable (resolve-interface
;; '(guile-web)) 'guile-web-configuration))
;; (display "\n")
;; (display
;; (module-variable (resolve-interface
;; '(guile-web)) 'guile-web-configuration?))
;; (display "\n")
;; (display
;; (module-variable (resolve-module
;; '(guile-web)) 'guile-web-service-type))
;; (display "\n")
;; (display
;; (module-variable (resolve-module
;; '(guile-web)) 'guile-web-service))
;; (display "\n")
;; (display
;; (module-variable (resolve-module
;; '(guile-web)) 'guile-web-configuration))
;; (display "\n")
;; (display
;; (module-variable (resolve-module
;; '(guile-web)) 'guile-web-configuration?))
;; (display "\n")
DONE auto logging into virtual console
-
CLOSED: [2021-06-06 Sun 13:30]
:LOGBOOK:
- State "DONE" from [2021-06-06 Sun 13:30] :END:
(define %my-desktop-services
(modify-services
(remove (lambda (service)
(member (service-kind service)
(list
;; Do I need accountsservice-service ??
avahi-service-type
bluetooth-service
;;elogind-service
gdm-service-type
geoclue-service
;; I customize my pulseaudio-service down below,
;; so I need to remove it here.
pulseaudio-service-type
)))
%desktop-services) ;;end of remove services
(guix-service-type
config =>
(guix-configuration
(inherit config)
(max-silent-time %15-minutes)
;;(timeout %15-minutes)
;; ok specifying the --fallback breaks the daemon. weird.
;; (extra-options '("--fallback"))
;; I have two CPUs...
(extra-options '("--max-jobs=2"))
;; it would be nice to use the guix build coordinator
;; http://guix.cbaines.net/
;; (substitute-urls
;; (append (list "https://guix.cbaines.net")
;; %default-substitute-urls))
;; (authorized-keys
;; (append (list (public-key
;; (ecc
;; (curve Ed25519)
;; (q #5F5F4F321533D3A38F909785E682798933BA9BE257C97E5ABC07DD08F27B8DBF#)
;; )))
;; %default-authorized-guix-keys))
))
(network-manager-service-type
config =>
(network-manager-configuration
(inherit config)
;;(dns "none") ;;DO NOT update resolve.conf
(vpn-plugins (list network-manager-openvpn))
))
(mingetty-service-type config =>
(mingetty-configuration
(inherit config)
;;auto login as joshua
(auto-login "joshua")))))
openvpn. Currently express vpn requires a username and password to login.
this works: cd prog/guile/guix-config/; sudo openvpn my_expressvpn_switzerland.opvn
However, guix's configuration syntax does not support using usernames and passwords...
I've added a file to my custom channel. But the myvpn module does not does...guix is not certain where to find it.
guix system search myvpn
guix system search vpn
name: openvpn-server location: gnu/services/vpn.scm:456:2 extends: shepherd-root account activate relevance: 8
name: openvpn-client location: gnu/services/vpn.scm:466:2 extends: shepherd-root account activate relevance: 8
;; -- ‘openvpn-client-configuration’ parameter: proto proto
;; The protocol (UDP or TCP) used to open a channel between clients
;; and servers.
;; Defaults to ‘udp’.
;; -- ‘openvpn-client-configuration’ parameter: tls-auth-client tls-auth
;; Add an additional layer of HMAC authentication on top of the TLS
;; control channel to protect against DoS attacks.
;; Defaults to ‘#f’.
;; -- ‘openvpn-client-configuration’ parameter: key-usage
;; verify-key-usage?
;; Whether to check the server certificate has server usage extension.
;; Defaults to ‘#t’.
;; -- ‘openvpn-client-configuration’ parameter: bind bind?
;; Bind to a specific local port number.
;; Defaults to ‘#f’.
;; -- ‘openvpn-client-configuration’ parameter: resolv-retry resolv-retry?
;; Retry resolving server address.
;; Defaults to ‘#t’.
;; it looks like express vpn will query you for the password...
;; https://forums.openvpn.net/viewtopic.php?t=11342#p25150
;;I know that this works. AKA guile will generate a config from this.
(openvpn-client-service
#:config
(openvpn-client-configuration
(ca "/home/joshua/prog/guile/guix-config/vpn/ca2.crt")
(cert "/home/joshua/prog/guile/guix-config/vpn/client.crt")
(key "/home/joshua/prog/guile/guix-config/vpn/client.key")
;; the expressvpn file I use disables lzo compression
(comp-lzo? #f)
(remote
(list
(openvpn-remote-configuration
(name "switzerland-ca-version-2.expressnetw.com")
(port 1195))))))
;; will the following work?
(openvpn-client-service
#:config
(let ([base-dir "/home/joshua/prog/guile/guix-config/vpn/"]))
(openvpn-client-configuration
(ca (string-append base-dir "ca2.crt"))
(cert (string-append base-dir "client.crt"))
(key (string-append base-dir "client.key"))
;; the expressvpn file I use disables lzo compression
(comp-lzo? #f)
(remote
(list
(openvpn-remote-configuration
(name "switzerland-ca-version-2.expressnetw.com")
(port 1195))))))
;; I believe that the following will not work
(service openvpn-client-service-type
(openvpn-client-configuration
(ca "/home/joshua/prog/guile/guix-config/vpn/ca2.crt")
(cert "/home/joshua/prog/guile/guix-config/vpn/client.crt")
(key "/home/joshua/prog/guile/guix-config/vpn/client.key")
;; the expressvpn file I use disables lzo compression
(comp-lzo? #f)
(remote
(list
(openvpn-remote-configuration
(name "switzerland-ca-version-2.expressnetw.com")
(port 1195))))))
wireguard
opensmtpd service configuration syntax
(service opensmptpd-service-type
(opensmptpd-configuration
(pki
(cert
(name "mail.gnucode.me")
(file "/etc/letsencrypt/live/gnucode.me/fullchain.pem"))
(key
(name "mail.gnucode.me")
(file "/etc/letsencrypt/live/gnucode.me/privkey.pem")))
(tables (list
;; fix these weird table values. What's good syntax?
(table
(name "creds")
(values (list "joshua" "someEncryptedPassword"
"root" "someEncreyptedPasswordHash")))
(table
(name "vdoms")
(values (list "gnucode.me"
"gnu-hurd.com")))
(table
(name "vusers")
(values (list "joshua@gnucode.me joshua"
"jbranso@gnucode.me joshua"
"postmaster@gnucode.me joshua")))))
(filters (list
(filter
(name "dkimsign")
(command "filter-dkimsign -d gnucode.me -s 20201004 -k /path/to/key")
(user "joshua")
(group "joshua"))))
(listens (list
(listen
(on "eth0")
(tls #t)
(pki "mail.gnucode.me")
(filter "dkimsign"))
(listen
(on "eth0")
(port 465)
(smtps #t)
(pki "mail.gnucode.me")
(auth "creds"))
(listen
(on "oth0")
(port "587")
(tls-require #t)
(pki "mail.gnucode.me")
(auth "creds"))))
(actions (list
(action
(name "receive")
(maildir #t)
(virtual "users"))))))