From 27083fb5620378cabb9db8ad670a2b4dc9c42ebe Mon Sep 17 00:00:00 2001
From: JEAN-FRANCOIS GUILLAUME <mrbear@yam-it.net>
Date: Thu, 12 May 2022 10:33:22 +0200
Subject: [PATCH] updating squid config

---
 glicid/services/networking.scm | 83 +++++++++++++++++++++++++++-------
 1 file changed, 67 insertions(+), 16 deletions(-)

diff --git a/glicid/services/networking.scm b/glicid/services/networking.scm
index baef292..817201c 100644
--- a/glicid/services/networking.scm
+++ b/glicid/services/networking.scm
@@ -1,4 +1,5 @@
 (define-module (glicid services networking)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages networking)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
@@ -22,6 +23,9 @@
   (port squid-configuration-port
     (default 3128)
   )
+  (loglevel squid-configuration-loglevel
+    (default 1)
+  )
   (pid-file squid-configuration-pid-file
     (default "/var/run/squid/squid.pid")
   )
@@ -45,25 +49,25 @@
           (start #~(make-forkexec-constructor
             (list
               #$(file-append squid "/sbin/squid")
-              "-d 1"
-              "--foreground"
+              "-d" #$loglevel
+              "-N"
               "-f" #$config-file
             )
             #:pid-file #$pid-file 
             #:log-file #$log-file
-            #:user (passwd:uid (getpwnam "nobody"))
+            #:user (passwd:uid (getpwnam "squid"))
           ))
           (stop #~(exec-command
             (list
               #$(file-append squid "/sbin/squid")
-              "-d 1"
-              "--foreground"
+              "-d" #$loglevel
+              "-N"
               "-k" "shutdown"
               "-f" #$config-file
             )
             #:pid-file #$pid-file 
             #:log-file #$log-file
-            #:user (passwd:uid (getpwnam "nobody"))
+            #:user (passwd:uid (getpwnam "squid"))
           ))
           (actions (list
             (shepherd-action
@@ -72,14 +76,46 @@
               (procedure #~(exec-command
                 (list
                   #$(file-append squid "/sbin/squid")
-                  "-d 1"
-                  "--foreground"
+                  "-d" #$loglevel
+                  "-N"
                   "-k" "reconfigure"
                   "-f" #$config-file
                 )
                 #:pid-file #$pid-file 
                 #:log-file #$log-file
-                #:user (passwd:uid (getpwnam "nobody"))
+                #:user (passwd:uid (getpwnam "squid"))
+              ))
+            )
+            (shepherd-action
+              (name 'check-config)
+              (documentation "Check the settings file from disk.")
+              (procedure #~(exec-command
+                (list
+                  #$(file-append squid "/sbin/squid")
+                  "-d" #$loglevel
+                  "-N"
+                  "-k" "parse"
+                  "-f" #$config-file
+                )
+                #:pid-file #$pid-file 
+                #:log-file #$log-file
+                #:user (passwd:uid (getpwnam "squid"))
+              ))
+            )
+            (shepherd-action
+              (name 'kill)
+              (documentation "Ultimatly kill the squid process.")
+              (procedure #~(exec-command
+                (list
+                  #$(file-append squid "/sbin/squid")
+                  "-d" #$loglevel
+                  "-N"
+                  "-k" "kill"
+                  "-f" #$config-file
+                )
+                #:pid-file #$pid-file 
+                #:log-file #$log-file
+                #:user (passwd:uid (getpwnam "squid"))
               ))
             )
           ))
@@ -104,24 +140,39 @@
         (touch "/var/log/squid/squid_access.log")
         (touch "/var/log/squid/squid_cache.log")
         (touch "/var/log/squid/squid_cache_store.log")
-        (chown "/var/run/squid" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/log/squid" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/cache/squid" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/spool/squid" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/log/squid/squid_access.log" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/log/squid/squid_cache.log" (passwd:uid (getpwnam "nobody")))
-        (chown "/var/log/squid/squid_cache_store.log" (passwd:uid (getpwnam "nobody")))
+        (chown "/var/run/squid" (passwd:uid (getpwnam "squid")))
+        (chown "/var/log/squid" (passwd:uid (getpwnam "squid")))
+        (chown "/var/cache/squid" (passwd:uid (getpwnam "squid")))
+        (chown "/var/spool/squid" (passwd:uid (getpwnam "squid")))
+        (chown "/var/log/squid/squid_access.log" (passwd:uid (getpwnam "squid")))
+        (chown "/var/log/squid/squid_cache.log" (passwd:uid (getpwnam "squid")))
+        (chown "/var/log/squid/squid_cache_store.log" (passwd:uid (getpwnam "squid")))
         #t
     )
   )
 )
 
+(define %squid-accounts
+  (list
+    (user-group (name "squid") (system? #t))
+    (user-account
+      (name "squid")
+      (group "squid")
+      (system? #t)
+      (comment "Squid server user")
+      (home-directory "/var/spool/squid")
+      (shell (file-append bash "/bin/bash"))
+    )
+  )
+)
+
 (define squid-service-type
   (service-type (name 'squid)
     (extensions 
       (list
         (service-extension shepherd-root-service-type squid-shepherd-service)
         (service-extension activation-service-type (const %squid-activation))
+        (service-extension account-service-type (const %squid-accounts))
       )
     )
     (description "Run @uref{http://www.squid-cache.org/, squid} community developped Squid software.")