01/01: hydra: milano-guix-1: Add the Guix Data Service.

[Christopher Baines]

cbaines pushed a commit to branch master
in repository maintenance.

commit 825bbc00e5d34a25709676d2e7b66df427024c56
Author: Christopher Baines <address@hidden>
Date:   Wed Oct 2 07:43:15 2019 +0100

    hydra: milano-guix-1: Add the Guix Data Service.
    
    Along with PostgreSQL that it depends on, and NGinx to act as a
    caching proxy.
    
    * hydra/milano-guix-1.scm (%nginx-configuration): New variable.
    (operating-system)[packages]: Add nss-certs.
    [services] Add PostgreSQL, the Guix Data Service and NGinx.
---
 hydra/milano-guix-1.scm | 102 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 98 insertions(+), 4 deletions(-)

diff --git a/hydra/milano-guix-1.scm b/hydra/milano-guix-1.scm
index 255e407..bed1887 100644
--- a/hydra/milano-guix-1.scm
+++ b/hydra/milano-guix-1.scm
@@ -3,9 +3,11 @@
 ;; Copyright © 2019 Giovanni Biscuolo <address@hidden>
 ;; Released under the GNU GPLv3 or any later version.
 
-(use-modules (gnu))
-(use-service-modules networking mcron ssh virtualization)
-(use-package-modules screen ssh linux)
+(use-modules (gnu)
+             (guix gexp))
+(use-service-modules databases getmail guix networking mcron ssh
+                     virtualization web)
+(use-package-modules certs screen ssh linux)
 
 ;; The following definition are **almost** copied from dover.scm: a
 ;; quick hack to have a(n almost) self contained config file
@@ -54,6 +56,65 @@
          (string-append #$btrfs-progs "/bin/btrfs balance "
                         "start -dusage=50 -musage=70 /")))
 
+(define %nginx-configuration
+  (nginx-configuration
+   (server-names-hash-bucket-size 64)
+   (extra-content
+    "
+    proxy_cache_path /var/cache/nginx/guix-data-service
+                     levels=2
+                     inactive=2d
+                     keys_zone=guix-data-service:4m  # ~32K keys
+                     max_size=1g
+                     use_temp_path=off;")
+   (upstream-blocks
+    (list
+     (nginx-upstream-configuration
+      (name "guix-data-service-proxy")
+      (servers '("localhost:8765")))))
+   (server-blocks
+    (list
+     (nginx-server-configuration
+      (server-name '("_"))
+      (listen '("80"))
+      (locations
+       (list
+        (nginx-location-configuration
+         (uri "/")
+         (body '("return 404;"))))))
+     (nginx-server-configuration
+      (server-name '("data.guix.gnu.org"))
+      (listen '("80"))
+      (locations
+       (list
+        (nginx-location-configuration
+         (uri "/")
+         (body '("proxy_pass http://guix-data-service-proxy;";
+                 "proxy_set_header Host            $host;"
+                 "proxy_set_header X-Forwarded-For $remote_addr;"
+
+                 "proxy_cache guix-data-service;"
+                 "proxy_cache_revalidate on;"
+                 "proxy_cache_min_uses 3;"
+                 "proxy_cache_use_stale error timeout updating http_500 
http_502 http_503 http_504;"
+                 "proxy_cache_background_update on;"
+                 "proxy_cache_lock on;"
+                 "add_header X-Cache-Status $upstream_cache_status;"
+
+                 "gzip on;"
+                 "gzip_types text/html application/json;"
+                 "gzip_proxied any;")))
+        (nginx-location-configuration
+         (uri "/dumps")
+         (body '("root /var/lib/guix-data-service;"
+                 "autoindex on;")))
+        (nginx-location-configuration
+         (uri "^~ /.well-known/acme-challenge/")
+         (body '("root /srv/http/data.guix.gnu.org;")))
+        (nginx-location-configuration
+         (uri "= /.well-known/acme-challenge/")
+         (body '("return 404;"))))))))))
+
 ;; The actual machine
 
 (operating-system
@@ -87,7 +148,9 @@
 
   (users (append %accounts %base-user-accounts))
 
-  (packages (cons* btrfs-progs screen openssh strace %base-packages))
+  (packages (cons* btrfs-progs screen openssh strace
+                   nss-certs ; Needed for the Guix Data Service
+                   %base-packages))
 
   ;; Services
   (services
@@ -114,6 +177,37 @@
                       (platforms (lookup-qemu-platforms "arm" "aarch64"))
                       (guix-support? #t)))
 
+            (service postgresql-service-type
+                     (postgresql-configuration
+                      (config-file
+                       (postgresql-config-file
+                        (hba-file
+                         (plain-file "pg_hba.conf"
+                                    "
+local  all     all                     trust
+host   all     all     127.0.0.1/32    md5
+host   all     all     ::1/128         md5
+"))
+                        (extra-config
+                         '(("work_mem" "'500MB'")))))))
+
+            (service guix-data-service-type
+                     (guix-data-service-configuration
+                      (getmail-idle-mailboxes '("Commits"))
+                      (commits-getmail-retriever-configuration
+                       (getmail-retriever-configuration
+                        (type "SimpleIMAPSSLRetriever")
+                        (server "imap.cbaines.net")
+                        (port 993)
+                        (username "patchwork")
+                        (password-command
+                         (list (file-append coreutils "/bin/cat")
+                               "/etc/guix-data-service-commits-imap-password"))
+                        (extra-parameters
+                         '((mailboxes . ("Commits"))))))))
+
+            (service nginx-service-type %nginx-configuration)
+
             (service mcron-service-type
                      (mcron-configuration
                       (jobs (list gc-job btrfs-job)))))