aboutsummaryrefslogtreecommitdiff
path: root/src/org/euandre/services.scm
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/euandre/services.scm')
-rw-r--r--src/org/euandre/services.scm562
1 files changed, 0 insertions, 562 deletions
diff --git a/src/org/euandre/services.scm b/src/org/euandre/services.scm
deleted file mode 100644
index d38110c..0000000
--- a/src/org/euandre/services.scm
+++ /dev/null
@@ -1,562 +0,0 @@
-(define-module (org euandre services)
- #:use-module ((org euandre packages) #:prefix pkg:)
- #:use-module ((org euandre queue) #:prefix q:)
- #:use-module ((ice-9 match) #:prefix m:)
- #:use-module ((ice-9 popen) #:prefix popen:)
- #:use-module ((ice-9 textual-ports) #:prefix textual-ports:)
- #:use-module ((gnu build linux-container) #:prefix container:)
- #:use-module ((srfi srfi-1) #:prefix s1:)
- #:use-module (gnu)
- #:use-module (guix build utils)
- #:use-module (guix least-authority)
- #:use-module (guix records)
- #:export (<syskeep-configuration>
- syskeep-configuration
- make-syskeep-configuration
- syskeep-configuration?
- syskeep-configuration-package
- syskeep-configuration-log-file
-
- <binder-configuration>
- binder-configuration
- make-binder-configuration
- binder-configuration?
- binder-configuration-name
- binder-configuration-package
- binder-configuration-user
- binder-configuration-group
- binder-configuration-log-file
- binder-configuration-data-directory
- binder-configuration-run-directory
- binder-configuration-run-in-container?
- binder-configuration-container-name
- binder-configuration-extra-mappings
- binder-configuration-options
- binder-configuration-listen-socket
- binder-configuration-upstream-socket
-
- <glaze-configuration>
- glaze-configuration
- make-glaze-configuration
- glaze-configuration?
- glaze-configuration-name
- glaze-configuration-package
- glaze-configuration-user
- glaze-configuration-group
- glaze-configuration-log-file
- glaze-configuration-data-directory
- glaze-configuration-run-directory
- glaze-configuration-run-in-container?
- glaze-configuration-container-name
- glaze-configuration-extra-mappings
- glaze-configuration-options
- glaze-configuration-listen-socket
- glaze-configuration-upstream-socket
-
- <untls-configuration>
- untls-configuration
- make-untls-configuration
- untls-configuration?
- untls-configuration-name
- untls-configuration-package
- untls-configuration-user
- untls-configuration-group
- untls-configuration-log-file
- untls-configuration-data-directory
- untls-configuration-run-directory
- untls-configuration-run-in-container?
- untls-configuration-container-name
- untls-configuration-extra-mappings
- untls-configuration-options
- untls-configuration-listen-socket
- untls-configuration-upstream-socket
-
- <wscat-configuration>
- wscat-configuration
- make-wscat-configuration
- wscat-configuration?
- wscat-configuration-name
- wscat-configuration-package
- wscat-configuration-user
- wscat-configuration-group
- wscat-configuration-log-file
- wscat-configuration-data-directory
- wscat-configuration-run-directory
- wscat-configuration-run-in-container?
- wscat-configuration-container-name
- wscat-configuration-extra-mappings
- wscat-configuration-options
- wscat-configuration-listen-socket
- wscat-configuration-upstream-socket
-
- <papod-configuration>
- papod-configuration
- make-papod-configuration
- papod-configuration?
- papod-configuration-name
- papod-configuration-package
- papod-configuration-user
- papod-configuration-group
- papod-configuration-log-file
- papod-configuration-data-directory
- papod-configuration-run-directory
- papod-configuration-run-in-container?
- papod-configuration-container-name
- papod-configuration-extra-mappings
- papod-configuration-options
- papod-configuration-listen-socket
- papod-configuration-upstream-socket))
-(use-package-modules
- admin
- version-control)
-(use-service-modules
- admin
- mcron
- shepherd)
-
-
-
-(define-public (mklist x)
- (if (not x)
- '()
- (if (pair? x)
- x
- (list x))))
-
-(define-public (slurp path)
- (call-with-input-file
- path
- textual-ports:get-string-all))
-
-(define-public (str . rest)
- (apply string-append rest))
-
-(define-public (fmt . rest)
- (apply format #f rest))
-
-(define-public (user-accounts users)
- (map (lambda (user)
- (let ((name (s1:first user))
- (comment (s1:second user))
- (groups (s1:third user)))
- (user-account
- (name name)
- (comment comment)
- (group "users")
- (supplementary-groups groups))))
- users))
-
-(define-public (users->keys users)
- (let ((users-with-keys (filter (compose not null? cdddr)
- users)))
- (append
- (map (lambda (user)
- (let ((name (s1:first user))
- (key (s1:fourth user)))
- `(,name ,(plain-file (str name "-id_rsa.pub") key))))
- users-with-keys)
- `(("git" ,@(map (lambda (user)
- (let ((name (s1:first user))
- (key (s1:fourth user)))
- (plain-file (str name "-git-id_rsa.pub")
- (slurp key))))
- users-with-keys))))))
-
-(define (tuple->entry tuple)
- (let* ((name (s1:first tuple))
- (package (s1:second tuple))
- (path (string-append "/etc/" name)))
- (list
- name
- (computed-file
- (string-append "syskeep-" name)
- #~(begin
- (use-modules
- ((ice-9 textual-ports) #:prefix textual-ports:))
-
- (define (slurp p)
- (call-with-input-file p textual-ports:get-string-all))
-
- (define (spit p s)
- (call-with-output-file
- p
- (lambda (port)
- (display s port))))
-
- (spit #$output
- (slurp #$(file-append package path))))))))
-
-(define (etc-entries package paths)
- (map
- tuple->entry
- (map (lambda (path)
- (list path package))
- paths)))
-
-(define-public (package-set symbols records)
- (append
- records
- (map
- (compose list specification->package+output symbol->string)
- symbols)))
-
-(define-public skeletons
- (etc-entries
- pkg:syskeep
- '(".profile")))
-
-(define-public base-services
- (modify-services %base-services
- (rottlog-service-type config =>
- (rottlog-configuration
- (inherit config)
- (rc-file
- (file-append q:rottlog-mailutils-sendmail "/etc/rc"))))))
-
-
-
-(define-record-type* <syskeep-configuration>
- syskeep-configuration
- make-syskeep-configuration
- syskeep-configuration?
- (package syskeep-configuration-package (default pkg:syskeep))
- (log-file syskeep-configuration-log-file (default "/var/log/cronjobs/cronjobs.log")))
-
-(define (syskeep-profile config)
- (match-record config <syskeep-configuration>
- (package)
- (package-set
- '(parted
- guile-heredoc
- acl
- bind:utils
- knot:tools
- file
- git
- lsof
- moreutils
- mailutils-sendmail
- curl
- make
- borg
- rsync
- sqlite
- strace
- rlwrap
- trash-cli
- tree)
- (list
- package))))
-
-(define (syskeep-rotations config)
- (match-record config <syskeep-configuration>
- (log-file)
- (list
- (log-rotation
- (frequency 'weekly)
- (files (list log-file))
- (options '("rotate 52"))))))
-
-(define (syskeep-cronjobs config)
- (match-record config <syskeep-configuration>
- ()
- (list
- #~(job "0 0 * * *" "cronjob check")
- #~(job "0 1 * * *" "cronjob env BORG_REPO=/mnt/backup/borg backup -q cron")
- #~(job "0 2 * * *" "cronjob backup -q cron")
- #~(job "0 3 * * 0" "cronjob gc")
- #~(job "0 4 * * *" "cronjob reconfigure -U"))))
-
-(define (syskeep-etc-files config)
- (match-record config <syskeep-configuration>
- (package)
- (etc-entries
- package
- '("rc.sh"
- "known_hosts"
- "ssh.conf"
- "init.scm"
- "gitconfig"))))
-
-(define (syskeep-accounts config)
- (match-record config <syskeep-configuration>
- ()
- (list
- (user-account
- (name "git")
- (group "git")
- (system? #t)
- (comment "External SSH Git user")
- (home-directory "/src/ĝit")
- (create-home-directory? #f)
- (shell
- (file-append git "/bin/git-shell")))
- (user-group
- (name "git")
- (system? #t)))))
-
-(define-public syskeep-service-type
- (service-type
- (name 'syskeep)
- (extensions
- (list
- (service-extension rottlog-service-type
- syskeep-rotations)
- (service-extension mcron-service-type
- syskeep-cronjobs)
- (service-extension etc-service-type
- syskeep-etc-files)
- (service-extension account-service-type
- syskeep-accounts)
- (service-extension profile-service-type
- syskeep-profile)))
- (default-value (syskeep-configuration))
- (description "Common configuration of maintained servers.")))
-
-
-
-(define-record-type* <binder-configuration>
- binder-configuration
- make-binder-configuration
- binder-configuration?
- (name binder-configuration-name (default "binder"))
- (package binder-configuration-package (default pkg:binder))
- (user binder-configuration-user (default "binder"))
- (group binder-configuration-group (default "binder"))
- (log-file binder-configuration-log-file (default "/var/log/binder/binder.log"))
- (data-directory binder-configuration-data-directory (default #f))
- (run-directory binder-configuration-run-directory (default "/var/run/binder"))
- (run-in-container? binder-configuration-run-in-container? (default #t))
- (container-name binder-configuration-container-name (default "binder-container"))
- (extra-mappings binder-configuration-extra-mappings (default '()))
- (options binder-configuration-options (default '()))
- (listen-socket binder-configuration-listen-socket (default "0.0.0.0:4443"))
- (upstream-socket binder-configuration-upstream-socket (default "/var/run/untls/untls.socket")))
-
-(define-record-type* <glaze-configuration>
- glaze-configuration
- make-glaze-configuration
- glaze-configuration?
- (name glaze-configuration-name (default "glaze"))
- (package glaze-configuration-package (default pkg:glaze))
- (user glaze-configuration-user (default "glaze"))
- (group glaze-configuration-group (default "glaze"))
- (log-file glaze-configuration-log-file (default "/var/log/glaze/glaze.log"))
- (data-directory glaze-configuration-data-directory (default #f))
- (run-directory glaze-configuration-run-directory (default "/var/run/glaze"))
- (run-in-container? glaze-configuration-run-in-container? (default #t))
- (container-name glaze-configuration-container-name (default "glaze-container"))
- (extra-mappings glaze-configuration-extra-mappings (default '()))
- (options glaze-configuration-options (default '()))
- (listen-socket glaze-configuration-listen-socket (default "/var/run/glaze/glaze.socket"))
- (upstream-socket glaze-configuration-upstream-socket (default #f)))
-
-(define-record-type* <untls-configuration>
- untls-configuration
- make-untls-configuration
- untls-configuration?
- (name untls-configuration-name (default "untls"))
- (package untls-configuration-package (default pkg:untls))
- (user untls-configuration-user (default "untls"))
- (group untls-configuration-group (default "untls"))
- (log-file untls-configuration-log-file (default "/var/log/untls/untls.log"))
- (data-directory untls-configuration-data-directory (default #f))
- (run-directory untls-configuration-run-directory (default "/var/run/untls"))
- (run-in-container? untls-configuration-run-in-container? (default #t))
- (container-name untls-configuration-container-name (default "untls-container"))
- (extra-mappings untls-configuration-extra-mappings (default '()))
- (options untls-configuration-options (default '()))
- (listen-socket untls-configuration-listen-socket (default "/var/run/untls/untls.socket"))
- (upstream-socket untls-configuration-upstream-socket (default #f)))
-
-(define-record-type* <wscat-configuration>
- wscat-configuration
- make-wscat-configuration
- wscat-configuration?
- (name wscat-configuration-name (default "wscat"))
- (package wscat-configuration-package (default pkg:wscat))
- (user wscat-configuration-user (default "wscat"))
- (group wscat-configuration-group (default "wscat"))
- (log-file wscat-configuration-log-file (default "/var/log/wscat/wscat.log"))
- (data-directory wscat-configuration-data-directory (default #f))
- (run-directory wscat-configuration-run-directory (default "/var/run/wscat"))
- (run-in-container? wscat-configuration-run-in-container? (default #t))
- (container-name wscat-configuration-container-name (default "wscat-container"))
- (extra-mappings wscat-configuration-extra-mappings (default '()))
- (options wscat-configuration-options (default '()))
- (listen-socket wscat-configuration-listen-socket (default "/var/run/wscat/wscat.socket"))
- (upstream-socket wscat-configuration-upstream-socket (default #f)))
-
-(define-record-type* <papod-configuration>
- papod-configuration
- make-papod-configuration
- papod-configuration?
- (name papod-configuration-name (default "papod"))
- (package papod-configuration-package (default pkg:papod))
- (user papod-configuration-user (default "papod"))
- (group papod-configuration-group (default "papod"))
- (log-file papod-configuration-log-file (default "/var/log/papod/papod.log"))
- (data-directory papod-configuration-data-directory (default "/var/lib/papod"))
- (run-directory papod-configuration-run-directory (default "/var/run/papod"))
- (run-in-container? papod-configuration-run-in-container? (default #t))
- (container-name papod-configuration-container-name (default "papod-container"))
- (extra-mappings papod-configuration-extra-mappings (default '()))
- (options papod-configuration-options (default '()))
- (listen-socket papod-configuration-listen-socket (default #f))
- (upstream-socket papod-configuration-upstream-socket (default #f)))
-
-(define-public (profile-for type)
- (lambda (config)
- (m:match config
- (($ type _name package)
- (list package)))))
-
-(define-public (rotations-for type)
- (lambda (config)
- (m:match config
- (($ type _name _package _user _group log-file)
- (list
- (log-rotation
- (frequency 'weekly)
- (files (list log-file))
- (options '("rotate 5200"))))))))
-
-(define-public (activation-for type)
- (lambda (config)
- (m:match config
- (($ type name _package user _group log-file data-directory run-directory)
- #~(begin
- (use-modules (guix build utils))
- (when #$log-file
- (format (current-error-port)
- "Creating ~a log directory for '~a'.~%" #$name #$log-file)
- (mkdir-p (dirname #$log-file))
- (when (not (file-exists? #$log-file))
- (call-with-output-file #$log-file (const #t)))
- (chmod #$log-file #o644))
- (let ((user (getpwnam #$user)))
- (when #$data-directory
- (format (current-error-port)
- "Creating ~a data directory '~a'.~%" #$name #$data-directory)
- (mkdir-p #$data-directory)
- (chown #$data-directory (passwd:uid user) (passwd:gid user))
- (chmod #$data-directory #o750))
- (when #$run-directory
- (format (current-error-port)
- "Creating ~a run directory '~a'.~%" #$name #$run-directory)
- (mkdir-p #$run-directory)
- (chown #$run-directory (passwd:uid user) (passwd:gid user))
- (chmod #$run-directory #o755))))))))
-
-(define-public (accounts-for type)
- (lambda (config)
- (m:match config
- (($ type name _package user group)
- (list
- (user-group
- (name group)
- (system? #t))
- (user-account
- (name user)
- (group group)
- (system? #t)
- (comment (format #f "The user for runtime execution of ~a code" name))
- (home-directory "/var/empty")
- (shell
- (file-append shadow "/sbin/nologin"))))))))
-
-(define-public (cmd-for type config)
- (m:match config
- (($ type name package user group _log-file data-directory _run-directory
- run-in-container? container-name extra-mappings)
- (let ((bin (file-append package (string-append "/bin/" name))))
- (if (not run-in-container?)
- bin
- (least-authority-wrapper
- bin
- #:user user
- #:group group
- #:name container-name
- #:directory (or data-directory "/")
- #:preserved-environment-variables
- '()
- #:mappings
- (append
- (mklist
- (and data-directory
- (file-system-mapping
- (source data-directory)
- (target source)
- (writable? #t))))
- extra-mappings)))))))
-
-(define-public (shepherd-services-for type)
- (lambda (config)
- (m:match config
- (($ type name _package user group log-file data-directory _run-directory
- _run-in-container? _container-name _extra-mappings options
- listen-socket upstream-socket)
- (list
- (shepherd-service
- (provision (list (string->symbol name)))
- (requirement '())
- (start
- #~(make-forkexec-constructor ;; FIXME: add #:resource-limits
- (list #$(cmd-for type config)
- #$@options
- #$@(mklist listen-socket)
- #$@(mklist upstream-socket))
- #:user #$user
- #:group #$group
- #:log-file #$log-file
- #:directory #$data-directory))
- (stop #~(make-kill-destructor SIGKILL))
- (documentation
- (fmt "The Shepherd service that runs the server via \"~a\"." name))))))))
-
-(define-public (service-type-for name type config extensions)
- (service-type
- (name name)
- (extensions
- (append
- (list
- (service-extension shepherd-root-service-type
- (shepherd-services-for type))
- (service-extension profile-service-type
- (profile-for type))
- (service-extension activation-service-type
- (activation-for type))
- (service-extension account-service-type
- (accounts-for type))
- (service-extension rottlog-service-type
- (rotations-for type)))
- extensions))
- (default-value config)
- (description
- (fmt "The top-level generic system service, generated for ~a code.
-
-It includes:
-- the Shepherd service for starting, stopping and reloading the service;
-- activation script for setting up the initial directories and permissions;
-- the group and account for running the production service;
-- log management (storage and rotation) for logs produced by the running services.
-
-The default configuration should provide sane values for all of these."
- name))))
-
-
-
-(define-public binder-service-type
- (service-type-for 'binder <binder-configuration> (binder-configuration) '()))
-
-(define-public glaze-service-type
- (service-type-for 'glaze <glaze-configuration> (glaze-configuration) '()))
-
-(define-public untls-service-type
- (service-type-for 'untls <untls-configuration> (untls-configuration) '()))
-
-(define-public wscat-service-type
- (service-type-for 'wscat <wscat-configuration> (wscat-configuration) '()))
-
-(define-public papod-service-type
- (service-type-for 'papod <papod-configuration> (papod-configuration) '()))
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-13 19:08:13 +0000