2024-10-14 08:49:12 +02:00
|
|
|
(define-module (glicid services caddy)
|
2024-10-14 08:38:35 +02:00
|
|
|
#:use-module (guix gexp)
|
|
|
|
|
#:use-module (gnu packages bash)
|
|
|
|
|
#:use-module (gnu services)
|
|
|
|
|
#:use-module (gnu services shepherd)
|
|
|
|
|
#:use-module (guix records)
|
|
|
|
|
#:use-module (gnu system shadow)
|
2024-10-14 15:25:39 +02:00
|
|
|
#:use-module (gnu system privilege)
|
|
|
|
|
#:use-module (ice-9 match)
|
2024-10-14 15:36:02 +02:00
|
|
|
#:use-module (glicid packages caddy)
|
|
|
|
|
#:export (%caddy-accounts
|
|
|
|
|
caddy-configuration
|
|
|
|
|
caddy-configuration?
|
|
|
|
|
caddy-shepherd-service
|
|
|
|
|
caddy-service-type
|
2024-10-14 15:52:49 +02:00
|
|
|
))
|
2024-10-14 08:38:35 +02:00
|
|
|
|
2024-10-14 15:25:39 +02:00
|
|
|
|
|
|
|
|
(define %caddy-accounts
|
|
|
|
|
(list
|
|
|
|
|
(user-group (name "caddy")(system? #t))
|
|
|
|
|
(user-account
|
|
|
|
|
(name "caddy")
|
|
|
|
|
(group "caddy")
|
|
|
|
|
(system? #t)
|
|
|
|
|
(home-directory "/var/lib/caddy")
|
2024-10-17 14:30:28 +02:00
|
|
|
(shell (file-append shadow "/sbin/nologin")))))
|
2024-10-14 15:25:39 +02:00
|
|
|
|
2024-10-14 08:38:35 +02:00
|
|
|
(define-record-type* <caddy-configuration> caddy-configuration
|
|
|
|
|
make-caddy-configuration
|
|
|
|
|
caddy-configuration?
|
2024-10-15 09:01:21 +02:00
|
|
|
(caddy caddy (default caddy-dirty))
|
2024-10-17 14:30:28 +02:00
|
|
|
(config-file config-file (default ""))
|
2024-10-15 09:01:21 +02:00
|
|
|
(log-file log-file (default "/var/log/caddy.log"))
|
2024-10-14 08:38:35 +02:00
|
|
|
)
|
|
|
|
|
|
2024-10-14 15:52:49 +02:00
|
|
|
(define caddy-service
|
|
|
|
|
(match-lambda
|
|
|
|
|
(($ <caddy-configuration> caddy config-file log-file)
|
|
|
|
|
(list (shepherd-service (provision '(caddy))
|
|
|
|
|
(documentation "Run caddy.")
|
|
|
|
|
(requirement '(user-processes))
|
|
|
|
|
(respawn? #t)
|
2024-10-15 09:01:21 +02:00
|
|
|
(respawn-delay 10)
|
2024-10-17 14:30:28 +02:00
|
|
|
(start #~(make-forkexec-constructor (list "/run/privileged/bin/caddy"
|
2024-10-15 09:01:21 +02:00
|
|
|
"run"
|
2024-10-17 14:30:28 +02:00
|
|
|
#$@(if config-file
|
|
|
|
|
(list "-c" config-file)
|
|
|
|
|
'())
|
2024-10-15 09:01:21 +02:00
|
|
|
)
|
2024-10-14 15:52:49 +02:00
|
|
|
#:log-file #$log-file
|
2024-10-17 14:30:28 +02:00
|
|
|
#:environment-variables (list
|
|
|
|
|
"PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec:/run/privileged/bin"
|
|
|
|
|
"HOME=/var/lib/caddy")
|
2024-10-15 09:01:21 +02:00
|
|
|
#:user "caddy"
|
|
|
|
|
#:group "caddy"
|
|
|
|
|
))
|
2024-10-14 15:52:49 +02:00
|
|
|
(stop #~(make-kill-destructor)))))))
|
|
|
|
|
|
2024-10-15 09:01:21 +02:00
|
|
|
(define %caddy-priv
|
|
|
|
|
(list
|
|
|
|
|
(privileged-program
|
|
|
|
|
(program (file-append caddy-dirty "/sbin/caddy"))
|
2024-10-17 14:30:28 +02:00
|
|
|
(capabilities "cap_net_admin,cap_net_bind_service=+ep")
|
2024-10-15 09:01:21 +02:00
|
|
|
)))
|
|
|
|
|
|
2024-10-17 14:30:28 +02:00
|
|
|
(define %caddy-activation
|
|
|
|
|
#~(begin
|
|
|
|
|
(chmod "/var/lib/caddy" #o0770)
|
|
|
|
|
#t ))
|
|
|
|
|
|
2024-10-14 08:38:35 +02:00
|
|
|
(define caddy-service-type
|
|
|
|
|
(service-type
|
|
|
|
|
(name 'caddy)
|
|
|
|
|
(default-value (caddy-configuration))
|
|
|
|
|
(extensions (list
|
2024-10-15 09:01:21 +02:00
|
|
|
(service-extension shepherd-root-service-type caddy-service)
|
|
|
|
|
(service-extension privileged-program-service-type (const %caddy-priv))
|
|
|
|
|
(service-extension account-service-type (const %caddy-accounts))
|
2024-10-17 14:30:28 +02:00
|
|
|
(service-extension activation-service-type (const %caddy-activation))
|
2024-10-14 15:25:39 +02:00
|
|
|
))
|
2024-10-14 08:38:35 +02:00
|
|
|
(description "run caddy web server service")))
|
2024-10-15 09:01:21 +02:00
|
|
|
|
