diff options
| author | EuAndreh <eu@euandre.org> | 2022-11-29 00:12:05 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2022-11-29 00:12:05 -0300 |
| commit | 6524a04bd59d8303a47f2df20164027198535fbb (patch) | |
| tree | cc78db2c78efef1c3be503600062872ae4dabb37 /src | |
| parent | src/infrastructure/guix/system.scm: Create "git-dir" variable to store "/srv/... (diff) | |
| download | toph-6524a04bd59d8303a47f2df20164027198535fbb.tar.gz toph-6524a04bd59d8303a47f2df20164027198535fbb.tar.xz | |
src/infrastructure/guix/system.scm: Move many services to package-repository
Diffstat (limited to 'src')
| -rw-r--r-- | src/infrastructure/guix/system.scm | 505 |
1 files changed, 0 insertions, 505 deletions
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index d49ccea..b6bf685 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -546,57 +546,6 @@ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;; /etc/shadow ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - - - -(define-record-type* <shadow-group-configuration> - shadow-group-configuration - make-shadow-group-configuration - shadow-group-configuration? - (group shadow-group-configuration-group (default "shadow"))) - -(define (shadow-group-activation config) - (match-record config <shadow-group-configuration> - (group) - #~(begin - (use-modules (guix build utils)) - (format (current-error-port) - "Setting ownership and permission for \"/etc/passwd\".~%") - (chown "/etc/shadow" - (passwd:uid (getpwnam "root")) - (group:gid (getgrnam #$group))) - (chmod "/etc/shadow" #o640)))) - -(define (shadow-group-accounts config) - (match-record config <shadow-group-configuration> - (group) - (list - (user-group - (name group) - (system? #t))))) - -(define shadow-group-service-type - (service-type - (name 'shadow-group) - (extensions - (list - (service-extension activation-service-type - shadow-group-activation) - (service-extension account-service-type - shadow-group-accounts))) - (default-value (shadow-group-configuration)) - (description - #"- - FIXME:DOCUMENTATION - "#))) - - - - - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Cyrus SASL ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -643,308 +592,6 @@ @end itemize"#) (license license:bsd-1))) -(define-record-type* <cyrus-service-configuration> - cyrus-service-configuration - make-cyrus-service-configuration - cyrus-service-configuration? - (name cyrus-service-configuration-name) - (authmech cyrus-service-configuration-authmech (default "saslauthd"))) - -(define-record-type* <cyrus-sasl-configuration> - cyrus-sasl-configuration - make-cyrus-sasl-configuration - cyrus-sasl-configuration? - (cyrus-sasl cyrus-sasl-configuration-cyrus-sasl (default cyrus-sasl)) - (authmech cyrus-sasl-configuration-authmech (default "shadow")) - (services cyrus-sasl-configuration-services (default '())) - (state-dir cyrus-sasl-configuration-state-dir (default "/var/lib/saslauthd"))) - -(define (cyrus-sasl-etc-files config) - (match-record config <cyrus-sasl-configuration> - (services state-dir) - `(("sasl2" - ,(file-union - "cyrus-sasl" - (map (lambda (service-config) - (match-record service-config <cyrus-service-configuration> - (name authmech) - `(,name ,(plain-file - name - (format #f - #"- - pwcheck_method: ~a - saslauthd_path: ~a/mux - log_level: 7 - "# - authmech - state-dir))))) - services)))))) - -(define (cyrus-sasl-activation config) - (match-record config <cyrus-sasl-configuration> - (state-dir) - #~(begin - (use-modules (guix build utils)) - (format (current-error-port) - "Creating Cyrus SASL socket directory: \"~a\".~%" #$state-dir) - (mkdir-p #$state-dir)))) - -(define (cyrus-sasl-shepherd-service config) - (match-record config <cyrus-sasl-configuration> - (cyrus-sasl authmech state-dir) - (list - (shepherd-service - (provision '(cyrus-sasl)) - (documentation - #"- - FIXME:DOCUMENTATION Run the Postfix MTA. - - This is the entrypoint for starting the "master" process. Then the - "master" process itself takes responsability of starting all the - required daemons and commands."#) - (start #~(make-forkexec-constructor - (list - #$(file-append cyrus-sasl "/sbin/saslauthd") - "-a" - #$authmech - "-d" - "-m" - #$state-dir) - #:user "root" - #:user "root")) - (stop #~(make-kill-destructor)))))) - -(define cyrus-sasl-service-type - (service-type - (name 'cyrus-sasl) - (extensions - (list - (service-extension etc-service-type - cyrus-sasl-etc-files) - (service-extension activation-service-type - cyrus-sasl-activation) - (service-extension profile-service-type - (compose list cyrus-sasl-configuration-cyrus-sasl)) - (service-extension shepherd-root-service-type - cyrus-sasl-shepherd-service))) - (compose srfi-1:concatenate) - (extend (lambda (config services) - (cyrus-sasl-configuration - (inherit config) - (services - (append - (cyrus-sasl-configuration-services config) - services))))) - (default-value (cyrus-sasl-configuration)) - (description - #"- - FIXME:DOCUMENTATION Run the Postfix MTA. - - This is the top-level system service for Postfix. - - It includes: - - populating /etc/postfix/ with read-only configuration files; - - the user and groups used by Postfix when handling email delivery; - - the special setgid binaries for daily usage, such as "sendmail"; - - the Shepherd service for starting, stopping and *reloading* the - service without restarting it; - - the activation script for creating the required directories and - configuring them with the correct permissions; - - the binaries in the system profile so that one doesn't need to explicilty - include the package when the service is already enabled. - - An extension to the log-rotation service isn't included: the default - rottlog configuration already includes /var/log/maillog in its routine, - so it is kept out. - - The defaults of <postfix-configuration> provide sane default values for - most things, such as group names, data and queue directories, etc. When - used as-is, it creates a Postfix server that sends email from local users - of the domain provided by "/etc/hostname"."#))) - - - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; dkimproxy ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - - - -(define-record-type* <dkimproxyout-configuration> - dkimproxyout-configuration - make-dkimproxyout-configuration - dkimproxyout-configuration? - (dkimproxy dkimproxyout-configuration-dkimproxy (default dkimproxy)) - (user dkimproxyout-configuration-user (default "dkimproxyout")) - (group dkimproxyout-configuration-group (default "dkimproxyout")) - (listen dkimproxyout-configuration-listen (default "127.0.0.1:10027")) - (relay dkimproxyout-configuration-relay (default "127.0.0.1:10028")) - (domains dkimproxyout-configuration-domains (default (list (gethostname)))) - (selector dkimproxyout-configuration-selector (default "dkimproxy")) - (key-size dkimproxyout-configuration-key-size (default 2048)) - (data-directory dkimproxyout-configuration-data-directory (default "/var/lib/dkimproxyout"))) - -(define (generate-out.cf config) - (match-record config <dkimproxyout-configuration> - (listen relay domains selector data-directory) - (format #f - #"- - listen ~a - relay ~a - - domain ~a - selector ~a - - signature dkim(c=relaxed/relaxed) - - # FIXME:DOCUMENTATION add this to the service documentation - # the corresponding public key is available at: - # ~a/public.key - keyfile ~a/private.key - "# - listen - relay - (string-join domains ",") - selector - data-directory - data-directory))) - -(define (dkimproxyout-etc-files config) - (match-record config <dkimproxyout-configuration> - () - `(("dkimproxy_out.conf" ,(plain-file "dkimproxy_out.conf" (generate-out.cf config)))))) - -(define (dkimproxyout-accounts config) - (match-record config <dkimproxyout-configuration> - (user group) - (list - (user-account - (name user) - (group group) - (comment "DKIMproxy-out signing system user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin")) - (system? #t)) - (user-group - (name group) - (system? #t))))) - -(define (dkimproxyout-activation config) - (match-record config <dkimproxyout-configuration> - (user group data-directory key-size) - #~(begin - (use-modules (guix build utils)) - (let ((uid (passwd:uid (getpwnam #$user))) - (gid (group:gid (getgrnam #$group)))) - (format (current-error-port) - "Creating DKIMproxy-out data directory: \"~a\".~%" #$data-directory) - (mkdir-p #$data-directory) - (chown #$data-directory uid gid) - (chmod #$data-directory #o755) - (let ((private-key (string-append #$data-directory "/private.key")) - (public-key (string-append #$data-directory "/public.key"))) - (unless (file-exists? private-key) - (cond - ((zero? (system* #$(file-append openssl "/bin/openssl") - "genrsa" - "-out" - private-key - (number->string #$key-size))) - (format (current-error-port) - "DKIMproxy private key file created: \"~a\".~%" private-key)) - (else - (format (current-error-port) - "Failed to create DKIMproxy private key file: \"~a\".~%" private-key)))) - (invoke #$(file-append openssl "/bin/openssl") - "rsa" - "-in" - private-key - "-pubout" - "-out" - public-key) - (format (current-error-port) - "Setting permissions for the public/private DKIMproxy keypair: \"~a/{public,private}.key\".~%" #$data-directory) - (chown private-key uid gid) - (chown public-key uid gid) - (chmod private-key #o400) - (chmod public-key #o644)))))) - -(define (dkimproxyout-shepherd-service config) - (match-record config <dkimproxyout-configuration> - (dkimproxy user group) - (list - (shepherd-service - (provision '(dkimproxy)) - (documentation - #"- - FIXME:DOCUMENTATION Run the Postfix MTA. - - This is the entrypoint for starting the "master" process. Then the - "master" process itself takes responsability of starting all the - required daemons and commands."#) - (start #~(make-forkexec-constructor - (list - #$(file-append dkimproxy "/bin/dkimproxy.out") - "--conf_file=/etc/dkimproxy_out.conf") - #:user #$user - #:group #$group)) - (stop #~(make-kill-destructor)) - (actions - (list - (shepherd-action - (name 'configuration) - (documentation - #"- - FIXME:DOCUMENTATION - "#) - (procedure - #~(lambda _ - (format #t "/etc/dkimproxy_out.conf~%")))))))))) - -(define dkimproxyout-service-type - (service-type - (name 'dkimproxy) - (extensions - (list - (service-extension etc-service-type - dkimproxyout-etc-files) - (service-extension account-service-type - dkimproxyout-accounts) - (service-extension activation-service-type - dkimproxyout-activation) - (service-extension profile-service-type - (compose list dkimproxyout-configuration-dkimproxy)) - (service-extension shepherd-root-service-type - dkimproxyout-shepherd-service))) - (default-value (dkimproxyout-configuration)) - (description - #"- - FIXME:DOCUMENTATION Run the Postfix MTA. - - This is the top-level system service for Postfix. - - It includes: - - populating /etc/postfix/ with read-only configuration files; - - the user and groups used by Postfix when handling email delivery; - - the special setgid binaries for daily usage, such as "sendmail"; - - the Shepherd service for starting, stopping and *reloading* the - service without restarting it; - - the activation script for creating the required directories and - configuring them with the correct permissions; - - the binaries in the system profile so that one doesn't need to explicilty - include the package when the service is already enabled. - - An extension to the log-rotation service isn't included: the default - rottlog configuration already includes /var/log/maillog in its routine, - so it is kept out. - - The defaults of <postfix-configuration> provide sane default values for - most things, such as group names, data and queue directories, etc. When - used as-is, it creates a Postfix server that sends email from local users - of the domain provided by "/etc/hostname"."#))) - - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -1513,158 +1160,6 @@ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;; nanolist ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - - - -(define-record-type* <nanolist-list-configuration> - nanolist-list-configuration - make-nanolist-list-configuration - nanolist-list-configuration? - (address nanolist-list-configuration-address) - (name nanolist-list-configuration-name) - (description nanolist-list-configuration-description) - (bcc nanolist-list-configuration-bcc (default '())) - (posters nanolist-list-configuration-posters (default '())) - (hidden? nanolist-list-configuration-hidden? (default #f)) - (subscribers-only? nanolist-list-configuration-subscribers-only? (default #f))) - -;; FIXME: where do the logs go to? -(define-record-type* <nanolist-configuration> - nanolist-configuration - make-nanolist-configuration - nanolist-configuration? - (nanolist nanolist-configuration-nanolist (default postfix #;nanolist)) - (user nanolist-configuration-user (default "nanolist")) - (group nanolist-configuration-group (default "nanolist")) - (alias-entry nanolist-configuration-alias-entry (default "nanolist")) - (config-name nanolist-configuration-config-name (default "nanolist.conf")) - (lists nanolist-configuration-lists (default '())) - (state-directory nanolist-configuration-state-directory (default "/var/lib/nanolist")) ) - -(define (generate-nanolist-conf config) - (match-record config <nanolist-configuration> - (state-directory lists) - (format #f - #"- - { - "state-directory": "~a", - "lists": [ - ~a - ] - } - "# - state-directory - (map (lambda (list-config) - (match-record list-config <nanolist-list-configuration> - (name description bcc posters hidden? subscribers-only?) - (format #f - #"- - { - "name": ~a, - "description": ~a, - "bcc": ~a, - "posters": ~a, - "hidden?": ~a, - "subscribers-only?": ~a - } - "# - name - description - bcc - posters - (if hidden? "true" "false") - (if subscribers-only? "true" "false")))) - lists)))) - -(define (nanolist-etc-files config) - (match-record config <nanolist-configuration> - (config-name) - `((,config-name ,(plain-file config-name (generate-nanolist-conf config)))))) - -(define (nanolist-accounts config) - (match-record config <nanolist-configuration> - (user group) - (list - (user-account - (name user) - (group group) - (comment "nanolist system user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin")) - (system? #t)) - (user-group - (name group) - (system? #t))))) - -(define (nanolist-activation config) - (match-record config <nanolist-configuration> - (user group state-directory) - #~(begin - (use-modules (guix build utils)) - (format (current-error-port) - "Creating nanolist's subscriptions directory: \"~a\".~%" #$state-directory) - (mkdir-p #$state-directory) - (chown #$state-directory - (passwd:uid (getpwnam #$user)) - (group:gid (getgrnam #$group))) - (chmod #$state-directory #o750)))) - -(define (nanolist-aliases config) - (match-record config <nanolist-configuration> - (nanolist alias-entry lists) - (append - (map (lambda (list) - `(,alias ,alias-entry)) - lists) - `((,alias-entry ,(string-append "|" "/tmp/nanotmp" "/bin/nanolist")))))) - -(define nanolist-service-type - (service-type - (name 'nanolist) - (extensions - (list - (service-extension etc-service-type - nanolist-etc-files) - (service-extension account-service-type - nanolist-accounts) - (service-extension activation-service-type - nanolist-activation) - (service-extension mail-aliases-service-type - nanolist-aliases) - (service-extension profile-service-type - (compose list nanolist-configuration-nanolist)))) - (default-value (nanolist-configuration)) - (description - #"- - FIXME:DOCUMENTATION Run the Postfix MTA. - - This is the top-level system service for Postfix. - - It includes: - - populating /etc/postfix/ with read-only configuration files; - - the user and groups used by Postfix when handling email delivery; - - the special setgid binaries for daily usage, such as "sendmail"; - - the Shepherd service for starting, stopping and *reloading* the - service without restarting it; - - the activation script for creating the required directories and - configuring them with the correct permissions; - - the binaries in the system profile so that one doesn't need to explicilty - include the package when the service is already enabled. - - An extension to the log-rotation service isn't included: the default - rottlog configuration already includes /var/log/maillog in its routine, - so it is kept out. - - The defaults of <postfix-configuration> provide sane default values for - most things, such as group names, data and queue directories, etc. When - used as-is, it creates a Postfix server that sends email from local users - of the domain provided by "/etc/hostname"."#))) - - - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;; OS ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |