Merge branch 'squid' into 'main'

squid unprivilleged See merge request glicid-public/guix-glicid!533
2025-06-17 17:51:45 +02:00 · 2025-06-13 13:08:22 +00:00 · 2025-06-13 13:08:22 +00:00 · 50f3ebbf15
commit 50f3ebbf15
parent 4d03dff59d 5f024759dc
1 changed files with 22 additions and 1 deletions
--- a/glicid/services/networking.scm
+++ b/glicid/services/networking.scm
@ -40,7 +40,7 @@
         (respawn-delay 10)
         (start #~(make-forkexec-constructor
                    (list
-                      "/run/privileged/bin/squid"
+                      #$(file-append pkg "/sbin/squid")
                      "-f" #$config-file
                      )
                    #:pid-file #$pid-file 
@ -50,6 +50,27 @@
                    #:resource-limits '((nofile 65535 65535))))
         (stop #~(make-kill-destructor)))))))

+(define squid-privileged-shepherd-service
+  (match-lambda
+    (($ <squid-configuration> pkg port loglevel config-file pid-file log-file)
+     (list
+       (shepherd-service
+         (provision '(squid))
+         (documentation "Run squid.")
+         (requirement '(user-processes))
+         (respawn? #t)
+         (respawn-delay 10)
+         (start #~(make-forkexec-constructor
+                    (list
+                      "/run/privileged/bin/squid"
+                      "-f" #$config-file
+                      )
+                    #:pid-file #$pid-file 
+                    #:log-file #$log-file
+                    #:user (passwd:uid (getpwnam "squid"))
+                    #:group (passwd:gid (getpwnam "squid"))
+                    #:resource-limits '((nofile 65535 65535))))
+         (stop #~(make-kill-destructor)))))))

 (define %squid-activation
  #~(begin