From 7d2afb1b3a494cb8e568a8e3b7c3b1a0e0fec905 Mon Sep 17 00:00:00 2001
From: JEAN-FRANCOIS GUILLAUME <mrbear@yam-it.net>
Date: Mon, 14 Oct 2024 15:25:39 +0200
Subject: [PATCH] testing caddy service

---
 glicid/services/caddy.scm | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/glicid/services/caddy.scm b/glicid/services/caddy.scm
index 85f997c..7f7e101 100644
--- a/glicid/services/caddy.scm
+++ b/glicid/services/caddy.scm
@@ -5,8 +5,21 @@
                #:use-module (gnu services shepherd)
                #:use-module (guix records)
                #:use-module (gnu system shadow)
+               #:use-module (gnu system privilege)
+               #:use-module (ice-9 match)
                #:use-module (glicid packages caddy))
 
+
+(define %caddy-accounts
+  (list
+    (user-group (name "caddy")(system? #t))
+    (user-account
+      (name "caddy")
+      (group "caddy")
+      (system? #t)
+      (home-directory "/var/lib/caddy")
+      (shell (file-append bash "/sbin/nologin")))))
+
 (define-record-type* <caddy-configuration> caddy-configuration
                      make-caddy-configuration
                      caddy-configuration?
@@ -23,11 +36,14 @@
       (requirement '(user-processes))
       (start #~(make-forkexec-constructor (list (string-append #$caddy "/sbin/caddy")
                                                 "run"
-                                                "--config"
+                                                "-c"
                                                 #$config-file)
                                           #:log-file #$log-file
-                                          #:environment-variables (list
-                                                                   "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec")))
+                                          #:environment-variables (list 
+                                                                    (string-append "PATH="
+                                                                                   "/run/current-system/profile/bin"
+                                                                                   ":/run/current-system/profile/sbin"
+                                                                                   ":/run/current-system/profile/libexec"))))
       (stop #~(make-kill-destructor)))))
 
 (define caddy-service-type
@@ -35,6 +51,13 @@
     (name 'caddy)
     (default-value (caddy-configuration))
     (extensions (list
-                  ;(service-extension activation-service-type (const %caddy-activation))
-                  (service-extension shepherd-root-service-type (compose list caddy-shepherd-service))))
+                  (service-extension shepherd-root-service-type (compose list caddy-shepherd-service))
+                  (service-extension privileged-program-service-type (const (list
+                                                                              (privileged-program
+                                                                                (program (file-append caddy-dirty "/sbin/caddy"))
+                                                                                (capabilities "cap_net_bind_service=+ep")
+                                                                                (user "caddy")
+                                                                                (group "caddy")
+                                                                                ))))
+                  ))
     (description "run caddy web server service")))