5 files changed, 389 insertions, 62 deletions
diff --git a/debian_server/etc/caddy/Caddyfile b/debian_server/etc/caddy/Caddyfile
new file mode 100644
index 0000000..e1bb5b1
--- /dev/null
+++ b/debian_server/etc/caddy/Caddyfile
@@ -0,0 +1,64 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+#
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+{
+    admin off
+}
+
+cdn.elenq.tech {
+    root * /var/www/elenq
+    file_server
+}
+
+ekaitz.elenq.tech {
+    root * /var/www/ekaitz
+    file_server
+}
+
+thoughts.elenq.tech {
+    root * /var/www/thoughts
+    file_server
+}
+
+publishing.elenq.tech {
+    root * /var/www/elenq_publishing
+    file_server
+    redir / /en
+}
+
+www.publishing.elenq.tech {
+  redir https://publishing.elenq.tech{uri} permanent
+}
+
+postdata.biz {
+    root * /var/www/postdata
+    file_server
+    redir / /es
+}
+
+www.postdata.biz {
+    redir https://postdata.biz{uri} permanent
+}
+
+git.elenq.tech {
+    @assets path /cgit.css /cgit.js /cgit.png /favicon.ico /robots.txt
+    handle @assets {
+        root * /usr/share/cgit
+        file_server
+    }
+
+    reverse_proxy unix//run/fcgiwrap.socket {
+    transport fastcgi {
+        env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi
+    }
+}
diff --git a/debian_server/etc/cgitrc b/debian_server/etc/cgitrc
new file mode 100644
index 0000000..ef0387d
--- /dev/null
+++ b/debian_server/etc/cgitrc
@@ -0,0 +1,48 @@
+#
+# cgit config
+# see cgitrc(5) for details
+
+css=/cgit.css
+logo=/cgit.png
+footer=/usr/share/cgit/footer.html
+
+repository-sort=age
+
+# if you do not want that webcrawler (like google) index your site
+# robots=noindex, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+
+clone-url=git://$HTTP_HOST/$CGIT_REPO_URL
+# gitolite3@$HTTP_HOST:$CGIT_REPO_URL
+
+enable-http-clone=1
+enable-index-links=1
+enable-index-owner=1
+enable-git-config=1
+enable-gitweb-owner=1
+remove-suffix=1
+
+# Readmes to use
+# readme=:README.md
+# Requires some extra stuff for markdown, better make our own later
+# about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+# Set title and description
+root-title=ElenQ Technology
+root-desc=Software repository for ElenQ
+root-readme=/usr/share/cgit/root-readme.html
+
+project-list=/var/lib/gitolite3/projects.list
+scan-path=/var/lib/gitolite3/repositories
+
+# Mimetypes
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
diff --git a/debian_server/etc/gitolite3/gitolite.rc b/debian_server/etc/gitolite3/gitolite.rc
new file mode 100644
index 0000000..37c9b40
--- /dev/null
+++ b/debian_server/etc/gitolite3/gitolite.rc
@@ -0,0 +1,200 @@
+# configuration variables for gitolite
+
+# This file is in perl syntax.  But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+
+# (Tip: perl allows a comma after the last item in a list also!)
+
+# HELP for commands can be had by running the command with "-h".
+
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+
+%RC = (
+
+    # ------------------------------------------------------------------
+
+    # default umask gives you perms of '0700'; see the rc file docs for
+    # how/why you might change this
+    UMASK                           =>  0027,
+
+    # look for "git-config" in the documentation
+    GIT_CONFIG_KEYS                 =>  '.*',
+
+    # comment out if you don't need all the extra detail in the logfile
+    LOG_EXTRA                       =>  1,
+    # logging options
+    # 1. leave this section as is for 'normal' gitolite logging (default)
+    # 2. uncomment this line to log ONLY to syslog:
+    # LOG_DEST                      => 'syslog',
+    # 3. uncomment this line to log to syslog and the normal gitolite log:
+    # LOG_DEST                      => 'syslog,normal',
+    # 4. prefixing "repo-log," to any of the above will **also** log just the
+    #    update records to "gl-log" in the bare repo directory:
+    # LOG_DEST                      => 'repo-log,normal',
+    # LOG_DEST                      => 'repo-log,syslog',
+    # LOG_DEST                      => 'repo-log,syslog,normal',
+
+    # roles.  add more roles (like MANAGER, TESTER, ...) here.
+    #   WARNING: if you make changes to this hash, you MUST run 'gitolite
+    #   compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+    ROLES => {
+        READERS                     =>  1,
+        WRITERS                     =>  1,
+    },
+
+    # enable caching (currently only Redis).  PLEASE RTFM BEFORE USING!!!
+    # CACHE                         =>  'Redis',
+
+    # ------------------------------------------------------------------
+
+    # rc variables used by various features
+
+    # the 'info' command prints this as additional info, if it is set
+        # SITE_INFO                 =>  'Please see http://blahblah/gitolite for more help',
+
+    # the CpuTime feature uses these
+        # display user, system, and elapsed times to user after each git operation
+        # DISPLAY_CPU_TIME          =>  1,
+        # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+        # CPU_TIME_WARN_LIMIT       =>  0.1,
+
+    # the Mirroring feature needs this
+        # HOSTNAME                  =>  "foo",
+
+    # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
+        # CACHE_TTL                 =>  600,
+
+    # ------------------------------------------------------------------
+
+    # suggested locations for site-local gitolite code (see cust.html)
+
+        # this one is managed directly on the server
+        # LOCAL_CODE                =>  "$ENV{HOME}/local",
+
+        # or you can use this, which lets you put everything in a subdirectory
+        # called "local" in your gitolite-admin repo.  For a SECURITY WARNING
+        # on this, see http://gitolite.com/gitolite/non-core.html#pushcode
+        # LOCAL_CODE                =>  "$rc{GL_ADMIN_BASE}/local",
+
+    # ------------------------------------------------------------------
+
+    # List of commands and features to enable
+
+    ENABLE => [
+
+        # COMMANDS
+
+            # These are the commands enabled by default
+            'help',
+            'desc',
+            'info',
+            'perms',
+            'writable',
+
+            # Uncomment or add new commands here.
+            # 'create',
+            # 'fork',
+            # 'mirror',
+            # 'readme',
+            # 'sskm',
+            # 'D',
+
+        # These FEATURES are enabled by default.
+
+            # essential (unless you're using smart-http mode)
+            'ssh-authkeys',
+
+            # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
+            'git-config',
+
+            # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+            'daemon',
+
+            # creates projects.list file; if you don't use gitweb, comment this out
+            'gitweb',
+
+        # These FEATURES are disabled by default; uncomment to enable.  If you
+        # need to add new ones, ask on the mailing list :-)
+
+        # user-visible behaviour
+
+            # prevent wild repos auto-create on fetch/clone
+            # 'no-create-on-read',
+            # no auto-create at all (don't forget to enable the 'create' command!)
+            # 'no-auto-create',
+
+            # access a repo by another (possibly legacy) name
+            # 'Alias',
+
+            # give some users direct shell access.  See documentation in
+            # sts.html for details on the following two choices.
+            # "Shell $ENV{HOME}/.gitolite.shell-users",
+            # 'Shell alice bob',
+
+            # set default roles from lines like 'option default.roles-1 = ...', etc.
+            # 'set-default-roles',
+
+            # show more detailed messages on deny
+            # 'expand-deny-messages',
+
+            # show a message of the day
+            # 'Motd',
+
+        # system admin stuff
+
+            # enable mirroring (don't forget to set the HOSTNAME too!)
+            # 'Mirroring',
+
+            # allow people to submit pub files with more than one key in them
+            # 'ssh-authkeys-split',
+
+            # selective read control hack
+            # 'partial-copy',
+
+            # manage local, gitolite-controlled, copies of read-only upstream repos
+            # 'upstream',
+
+            # updates 'description' file instead of 'gitweb.description' config item
+            # 'cgit',
+
+            # allow repo-specific hooks to be added
+            # 'repo-specific-hooks',
+
+        # performance, logging, monitoring...
+
+            # be nice
+            # 'renice 10',
+
+            # log CPU times (user, system, cumulative user, cumulative system)
+            # 'CpuTime',
+
+        # syntactic_sugar for gitolite.conf and included files
+
+            # allow backslash-escaped continuation lines in gitolite.conf
+            # 'continuation-lines',
+
+            # create implicit user groups from directory names in keydir/
+            # 'keysubdirs-as-groups',
+
+            # allow simple line-oriented macros
+            # 'macros',
+
+        # Kindergarten mode
+
+            # disallow various things that sensible people shouldn't be doing anyway
+            # 'Kindergarten',
+    ],
+
+);
+
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+1;
+
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/debian_server/git.service b/debian_server/git.service
new file mode 100644
index 0000000..d86c8ad
--- /dev/null
+++ b/debian_server/git.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Start Git Daemon
+
+[Service]
+ExecStart=/usr/bin/git daemon  --base-path=/var/lib/gitolite3/repositories --reuseaddr /var/lib/gitolite3/repositories
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User=gitdaemon
+Group=gitolite3
+
+[Install]
+WantedBy=multi-user.target
diff --git a/desktop.scm b/desktop.scm
index 9128241..321f8e9 100644
--- a/desktop.scm
+++ b/desktop.scm
@@ -1,76 +1,67 @@
 (use-modules (gnu)
              (srfi srfi-1)
              ((gnu packages linux) #:prefix gnu-linux:)
-             (gnu packages admin)
-             (gnu packages certs)
-             (gnu packages freedesktop)
-             (gnu packages linux)
-             (gnu packages ssh)
-             (gnu packages vim)
-             (gnu packages wm)
-             (gnu packages wget)
-             (gnu packages xdisorg)
-             (gnu packages xorg)
-             (gnu packages video)
-             (gnu packages virtualization)
-             (gnu services virtualization)
-             (gnu services pm)
+             (gnu system locale)
              (nongnu packages linux)
              (nongnu system linux-initrd))
 
+(use-package-modules admin certs freedesktop linux ssh vim wm wget xdisorg xorg
+                     video virtualization)
+(use-service-modules desktop networking ssh xorg pm sddm virtualization security-token)
 
-;; Keyboard layout
-(define us-keyboard-for-bootloader-and-linux (keyboard-layout "us"))
-(define my-real-keyboard-layout
-  (keyboard-layout "es,us,ru" #:options '("grp:alt_space_toggle")))
+(define keyboard-layout
+  (keyboard-layout "us,es"
+                   #:options '("eurosign:e"
+                               "grp:alt_space_toggle"
+                               "lv3:ralt_switch")))
 
-;; My services
-(use-service-modules desktop networking ssh xorg)
 
 (define my-services
   (list (udev-rules-service 'light gnu-linux:light)
-        (service gnome-desktop-service-type)
+        (service pcscd-service-type)
+        (service tor-service-type)
         (service thermald-service-type)
         (service power-profiles-daemon-service-type)
         (simple-service 'adwaita-dark-theme session-environment-service-type
                         '(("GTK_THEME" . "Adwaita:dark")))
-        (service bluetooth-service-type
-                 (bluetooth-configuration (auto-enable? #t)))
-        (set-xorg-configuration
-          (xorg-configuration
-            (keyboard-layout my-real-keyboard-layout)
-            (modules (append %default-xorg-modules
-                             (list xf86-input-wacom)))
-            (extra-config
-              '("\n"
-                "\n"
-                "Section \"InputClass\"\n"
-                "  Identifier \"libinput touchpad catchall\"\n"
-                "  Driver \"libinput\"\n"
-                "  MatchIsTouchpad \"on\"\n"
-                "  MatchDevicePath \"/dev/input/event*\"\n"
-                "  Option \"Tapping\" \"on\"\n"
-                "  Option \"TappingDrag\" \"on\"\n"
-                "  Option \"DisableWhileTyping\" \"on\"\n"
-                "EndSection\n"
-                "\n"
-                ; https://wiki.archlinux.org/title/Libinput#Via_xinput
-                "Section \"InputClass\"\n"
-                "  Identifier \"USB Mouse Pad USB Mouse Pad Mouse\"\n"
-                "  Driver \"libinput\"\n"
-                "  MatchDevicePath \"/dev/input/event*\"\n"
-                "  MatchUSBID \"062a:8255\"\n"
-                "  Option \"Middle Emulation\" \"on\"\n"
-                "  Option \"AccelSpeed\"  \"-0.9\""
-                "EndSection\n"
-                "\n"
-                "\n"
-                "Section \"Device\"\n"
-                "  Identifier \"modesetting\"\n"
-                "  Driver \"modesetting\"\n"
-                "  Option \"TearFree\" \"True\"\n"
-                "EndSection"
-                "\n"))))
+        (service bluetooth-service-type)
+        (service sddm-service-type
+          (sddm-configuration
+            (xorg-configuration
+              (xorg-configuration
+                (keyboard-layout keyboard-layout)
+                (modules (append %default-xorg-modules
+                                 (list xf86-input-wacom)))
+                (extra-config
+                  '("\n"
+                    "\n"
+                    "Section \"InputClass\"\n"
+                    "  Identifier \"libinput touchpad catchall\"\n"
+                    "  Driver \"libinput\"\n"
+                    "  MatchIsTouchpad \"on\"\n"
+                    "  MatchDevicePath \"/dev/input/event*\"\n"
+                    "  Option \"Tapping\" \"on\"\n"
+                    "  Option \"TappingDrag\" \"on\"\n"
+                    "  Option \"DisableWhileTyping\" \"on\"\n"
+                    "EndSection\n"
+                    "\n"
+                    ; https://wiki.archlinux.org/title/Libinput#Via_xinput
+                    "Section \"InputClass\"\n"
+                    "  Identifier \"USB Mouse Pad USB Mouse Pad Mouse\"\n"
+                    "  Driver \"libinput\"\n"
+                    "  MatchDevicePath \"/dev/input/event*\"\n"
+                    "  MatchUSBID \"062a:8255\"\n"
+                    "  Option \"Middle Emulation\" \"on\"\n"
+                    "  Option \"AccelSpeed\"  \"-0.9\""
+                    "EndSection\n"
+                    "\n"
+                    "\n"
+                    "Section \"Device\"\n"
+                    "  Identifier \"modesetting\"\n"
+                    "  Driver \"modesetting\"\n"
+                    "  Option \"TearFree\" \"True\"\n"
+                    "EndSection"
+                    "\n"))))))
         (service qemu-binfmt-service-type
                  (qemu-binfmt-configuration
                    (platforms (lookup-qemu-platforms "riscv64" "aarch64"))
@@ -83,14 +74,19 @@
   (kernel-loadable-modules `(,tuxedo-keyboard))
   (initrd microcode-initrd)
   (firmware (list linux-firmware))
-  (locale "en_US.utf8")
+  (locale "en_IE.utf8")
+  (locale-definitions
+    (list (locale-definition (name "en_IE.utf8") (source "en_IE"))
+          (locale-definition (name "en_US.utf8") (source "en_US"))
+          (locale-definition (name "es_ES.utf8") (source "es_ES"))
+          (locale-definition (name "eu_ES.utf8") (source "eu_ES"))))
   (timezone "Europe/Madrid")
-  (keyboard-layout us-keyboard-for-bootloader-and-linux)
+  (keyboard-layout keyboard-layout)
   (bootloader
     (bootloader-configuration
       (bootloader grub-efi-bootloader)
       (targets (list "/boot/efi"))
-      (keyboard-layout us-keyboard-for-bootloader-and-linux)))
+      (keyboard-layout keyboard-layout)))
   (swap-devices
     (list (swap-space (target "/dev/sda3"))))
   (file-systems
@@ -137,7 +133,7 @@
       intel-vaapi-driver
       xf86-input-wacom
       gnu-linux:ntfs-3g
-      qemu
+      qemu-7.2.4
       %base-packages))
 
   (services
@@ -147,6 +143,7 @@
                ;; development. If using a 3/4G modem or something we have
                ;; to activate it.
                (delete modem-manager-service-type)
+               (delete gdm-service-type)
 
                ;; Configure nonguix substitutes
                (guix-service-type config =>