aboutsummaryrefslogtreecommitdiff
path: root/src/org
diff options
context:
space:
mode:
Diffstat (limited to 'src/org')
-rw-r--r--src/org/euandre/services.scm105
1 files changed, 75 insertions, 30 deletions
diff --git a/src/org/euandre/services.scm b/src/org/euandre/services.scm
index 4980f54..d38110c 100644
--- a/src/org/euandre/services.scm
+++ b/src/org/euandre/services.scm
@@ -31,6 +31,9 @@
binder-configuration-run-in-container?
binder-configuration-container-name
binder-configuration-extra-mappings
+ binder-configuration-options
+ binder-configuration-listen-socket
+ binder-configuration-upstream-socket
<glaze-configuration>
glaze-configuration
@@ -46,6 +49,9 @@
glaze-configuration-run-in-container?
glaze-configuration-container-name
glaze-configuration-extra-mappings
+ glaze-configuration-options
+ glaze-configuration-listen-socket
+ glaze-configuration-upstream-socket
<untls-configuration>
untls-configuration
@@ -61,6 +67,9 @@
untls-configuration-run-in-container?
untls-configuration-container-name
untls-configuration-extra-mappings
+ untls-configuration-options
+ untls-configuration-listen-socket
+ untls-configuration-upstream-socket
<wscat-configuration>
wscat-configuration
@@ -76,6 +85,9 @@
wscat-configuration-run-in-container?
wscat-configuration-container-name
wscat-configuration-extra-mappings
+ wscat-configuration-options
+ wscat-configuration-listen-socket
+ wscat-configuration-upstream-socket
<papod-configuration>
papod-configuration
@@ -90,7 +102,10 @@
papod-configuration-run-directory
papod-configuration-run-in-container?
papod-configuration-container-name
- papod-configuration-extra-mappings))
+ papod-configuration-extra-mappings
+ papod-configuration-options
+ papod-configuration-listen-socket
+ papod-configuration-upstream-socket))
(use-package-modules
admin
version-control)
@@ -101,6 +116,13 @@
+(define-public (mklist x)
+ (if (not x)
+ '()
+ (if (pair? x)
+ x
+ (list x))))
+
(define-public (slurp path)
(call-with-input-file
path
@@ -306,7 +328,10 @@
(run-directory binder-configuration-run-directory (default "/var/run/binder"))
(run-in-container? binder-configuration-run-in-container? (default #t))
(container-name binder-configuration-container-name (default "binder-container"))
- (extra-mappings binder-configuration-extra-mappings (default '())))
+ (extra-mappings binder-configuration-extra-mappings (default '()))
+ (options binder-configuration-options (default '()))
+ (listen-socket binder-configuration-listen-socket (default "0.0.0.0:4443"))
+ (upstream-socket binder-configuration-upstream-socket (default "/var/run/untls/untls.socket")))
(define-record-type* <glaze-configuration>
glaze-configuration
@@ -321,7 +346,10 @@
(run-directory glaze-configuration-run-directory (default "/var/run/glaze"))
(run-in-container? glaze-configuration-run-in-container? (default #t))
(container-name glaze-configuration-container-name (default "glaze-container"))
- (extra-mappings glaze-configuration-extra-mappings (default '())))
+ (extra-mappings glaze-configuration-extra-mappings (default '()))
+ (options glaze-configuration-options (default '()))
+ (listen-socket glaze-configuration-listen-socket (default "/var/run/glaze/glaze.socket"))
+ (upstream-socket glaze-configuration-upstream-socket (default #f)))
(define-record-type* <untls-configuration>
untls-configuration
@@ -336,7 +364,10 @@
(run-directory untls-configuration-run-directory (default "/var/run/untls"))
(run-in-container? untls-configuration-run-in-container? (default #t))
(container-name untls-configuration-container-name (default "untls-container"))
- (extra-mappings untls-configuration-extra-mappings (default '())))
+ (extra-mappings untls-configuration-extra-mappings (default '()))
+ (options untls-configuration-options (default '()))
+ (listen-socket untls-configuration-listen-socket (default "/var/run/untls/untls.socket"))
+ (upstream-socket untls-configuration-upstream-socket (default #f)))
(define-record-type* <wscat-configuration>
wscat-configuration
@@ -351,7 +382,10 @@
(run-directory wscat-configuration-run-directory (default "/var/run/wscat"))
(run-in-container? wscat-configuration-run-in-container? (default #t))
(container-name wscat-configuration-container-name (default "wscat-container"))
- (extra-mappings wscat-configuration-extra-mappings (default '())))
+ (extra-mappings wscat-configuration-extra-mappings (default '()))
+ (options wscat-configuration-options (default '()))
+ (listen-socket wscat-configuration-listen-socket (default "/var/run/wscat/wscat.socket"))
+ (upstream-socket wscat-configuration-upstream-socket (default #f)))
(define-record-type* <papod-configuration>
papod-configuration
@@ -366,8 +400,10 @@
(run-directory papod-configuration-run-directory (default "/var/run/papod"))
(run-in-container? papod-configuration-run-in-container? (default #t))
(container-name papod-configuration-container-name (default "papod-container"))
- (extra-mappings papod-configuration-extra-mappings (default '())))
-
+ (extra-mappings papod-configuration-extra-mappings (default '()))
+ (options papod-configuration-options (default '()))
+ (listen-socket papod-configuration-listen-socket (default #f))
+ (upstream-socket papod-configuration-upstream-socket (default #f)))
(define-public (profile-for type)
(lambda (config)
@@ -429,38 +465,47 @@
(shell
(file-append shadow "/sbin/nologin"))))))))
+(define-public (cmd-for type config)
+ (m:match config
+ (($ type name package user group _log-file data-directory _run-directory
+ run-in-container? container-name extra-mappings)
+ (let ((bin (file-append package (string-append "/bin/" name))))
+ (if (not run-in-container?)
+ bin
+ (least-authority-wrapper
+ bin
+ #:user user
+ #:group group
+ #:name container-name
+ #:directory (or data-directory "/")
+ #:preserved-environment-variables
+ '()
+ #:mappings
+ (append
+ (mklist
+ (and data-directory
+ (file-system-mapping
+ (source data-directory)
+ (target source)
+ (writable? #t))))
+ extra-mappings)))))))
+
(define-public (shepherd-services-for type)
(lambda (config)
(m:match config
- (($ type name package user group log-file data-directory _run-directory run-in-container? container-name extra-mappings)
+ (($ type name _package user group log-file data-directory _run-directory
+ _run-in-container? _container-name _extra-mappings options
+ listen-socket upstream-socket)
(list
(shepherd-service
(provision (list (string->symbol name)))
(requirement '())
(start
#~(make-forkexec-constructor ;; FIXME: add #:resource-limits
- (list
- #$(let ((bin (file-append package (string-append "/bin/" name))))
- (if (not run-in-container?)
- bin
- (least-authority-wrapper
- bin
- #:user user
- #:group group
- #:name container-name
- #:directory (or data-directory "/")
- #:preserved-environment-variables
- '()
- #:mappings
- (append
- (if data-directory
- (list
- (file-system-mapping
- (source data-directory)
- (target source)
- (writable? #t)))
- (list))
- extra-mappings)))))
+ (list #$(cmd-for type config)
+ #$@options
+ #$@(mklist listen-socket)
+ #$@(mklist upstream-socket))
#:user #$user
#:group #$group
#:log-file #$log-file
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-13 20:40:08 +0000