gnucode.me/site/status-update-november-2021.html

<!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>Status Update November 2021 — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>Status Update November 2021</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — December 01, 2021</h3><div><p>It has been a fun November! You may have noticed that this blog lost the <code>https</code>
connectivity for a few days! As a reminder, Guix system renews certificates for
domains via</p><pre><code>sudo /var/lib/certbot/renew-certificates</code></pre><p>The above script is called automatically, but I figured that a good start would
be to manually try to run this script and see what happens. So I <code>sshed</code> into
the server to give it a try. I got this error message:</p><pre><code>Certbot failed to authenticate some domains (authenticator: webroot).
 The Certificate Authority reported these problems:
  Domain: mail.gnucode.me
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for mail.gnucode.me
   - check that a DNS record exists for this domain

  Domain: wireguard.gnucode.me
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for wireguard.gnucode.me
  - check that a DNS record exists for this domain</code></pre><p>To fix it I just removed the subdomains “mail.gnucode.me”, and
“wireguard.gnucode.me”, from the <a href="https://notabug.org/jbranso/linode-guix-system-configuration/src/master/linode-locke-lamora-current-config.scm">config file for this website.</a></p><p>Then re-running certbot totally worked. While we are talking about certbot. I
am glad that guix has support for it. They use the python acme client, which
certainly works, but I have recently discovered that the OpenBSD folks have made
<a href="https://man.openbsd.org/acme-client.1">their own acme client</a>. It looks like their client might be dependent on their
httpd daemon, which is potentially why Guix System doesn’t use it. Anywho…</p><p>In other news, I have still been working on my opensmtpd service using guix
records. I made the decision to tweak the records that I am using for my
opensmtpd service. Before I had set up the configuration to follow nckx’s advice
from <code>#guix</code> irc channel:</p><pre><code>&quot;...as I think Guix services ought to faithfully wrap the native syntax whenever
possible (implement alternative simple APIs on top of that — fine).&quot;</code></pre><p>To follow this advice, I avoided trying to develop something like this:</p><pre><code>(service email-service-type
   (email-configuration
     (domains (list &quot;gnucode.me&quot; &quot;gnu-hurd.com&quot;))
     (use-letsencrypt #t)))</code></pre><p>Instead I originally tried this type of service configuration, where I had
several lists of records of <code>includes</code>, <code>tables</code>, <code>pkis</code>, etc. Other records
like the filters, which may have <code>tables</code>, would refer to the <code>table</code> record via
a string. This could cause issues where the user mispelled the <code>table</code> name.</p><pre><code>(service opensmtpd-service
  (opensmtpd-configuration
    (includes ...)
    (tables ...)
    (pkis ...)
    (filters ...)
    (listen-on ...)
    (actions ...)
    (matches ...)))</code></pre><p>I also thought of other annoyances. Why would have a list of <code>actions</code>, and then
have the <code>match</code> record have a fieldname <code>action</code> that accepts a string of the
<code>action</code> name. It would be more robust if instead it accepted an
<code>&lt;opensmtpd-action-configuration&gt;</code> record. Well when you start to think like
this, the resulting example config may turn into:</p><pre><code>(service opensmtpd-service-type
         (opensmtpd-configuration
          (listen-ons
           (list (opensmtpd-listen-on
                  (interface &quot;eth0&quot;)
                  (filter
                   (opensmtpd-filter-chain-configuration
                    (list
                     (opensmtpd-filter-phase ...)
                     (opensmtpd-filter-phase ...))))
                  (hostnames (opensmtpd-table-configuration
                              (values &quot;gnucode.me&quot; &quot;gnu-hurd.com&quot;)))
                  (ca
                   (opensmtpd-ca-configuration ...))
                  (pkis
                   (list
                    (opensmtpd-pki-configuration ...)
                    (opensmtpd-pki-configuration ...))))))
          (matches
           (list
            (opensmtpd-match
             (options
              (list
               (opensmtpd-match-options-configuration
                (table
                 (opensmtpd-table ...)))
               (opensmtpd-match-options-configuration ...)))
             (action
              (opensmtpd-action
               (opensmtpd-local-delivery-configuration
                (method
                 (opensmtpd-maildir-configuration ...))
                (alias (opensmtpd-table ...))))))))))</code></pre><p>I believe this change will fix various mispelling errors and should make the
service more robust.</p><p>Tweaking the datastructure has helped me to find other things that
could be simpler. One example is the <code>&lt;opensmtpd-action&gt;</code> record. I used to have
the datastructure be the <code>&lt;opensmtpd-action&gt;</code>, which included a fieldname that
has as its value either a <code>&lt;opensmtpd-local-delivery-configuration&gt;</code> or a <code>&lt;opensmtpd-relay-configuration&gt;</code>
like this:</p><pre><code>                              &lt;opensmtpd-action&gt;
                              opensmtpd-action-name
                              opensmtpd-action-method
                                       |
                                      / \
                                     /   \
                                    /     \
                                   /       \
                                  /         \
&lt;opensmtpd-local-delivery-configuration&gt;   &lt;opensmtpd-relay-configuration&gt;</code></pre><p>It is actually simpler to delete the <code>&lt;opensmtpd-action&gt;</code> record, and replace it with
two records: <code>&lt;opensmtpd-local-delivery-action&gt;</code> and
<code>&lt;opensmtpd-relay-configuration-action&gt;</code></p><p>Of course when you tweak datastructures, then you have to deal with tweaking the
code to work with the new datastructures. That is interesting. Most of the
TODO items I have for this project are in my <a href="https://notabug.org/jbranso/linode-guix-system-configuration/src/master/opensmtpd.org">opensmtpd.org</a> file.</p><p>Thanks for reading!</p></div></article></section></main><footer><p>© 2020 Joshua Branson.  The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme.  Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>