testing caddy service

2025-04-29 13:48:36 +02:00 · 2024-10-14 15:25:39 +02:00 · 2024-10-14 15:25:39 +02:00 · 7d2afb1b3a
commit 7d2afb1b3a
parent f472bdf592
1 changed files with 28 additions and 5 deletions
--- a/glicid/services/caddy.scm
+++ b/glicid/services/caddy.scm
@ -5,8 +5,21 @@
               #:use-module (gnu services shepherd)
               #:use-module (guix records)
               #:use-module (gnu system shadow)
+               #:use-module (gnu system privilege)
+               #:use-module (ice-9 match)
               #:use-module (glicid packages caddy))

+
+(define %caddy-accounts
+  (list
+    (user-group (name "caddy")(system? #t))
+    (user-account
+      (name "caddy")
+      (group "caddy")
+      (system? #t)
+      (home-directory "/var/lib/caddy")
+      (shell (file-append bash "/sbin/nologin")))))
+
 (define-record-type* <caddy-configuration> caddy-configuration
                     make-caddy-configuration
                     caddy-configuration?
@ -23,11 +36,14 @@
      (requirement '(user-processes))
      (start #~(make-forkexec-constructor (list (string-append #$caddy "/sbin/caddy")
                                                "run"
-                                                "--config"
+                                                "-c"
                                                #$config-file)
                                          #:log-file #$log-file
                                          #:environment-variables (list 
-                                                                   "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec")))
+                                                                    (string-append "PATH="
+                                                                                   "/run/current-system/profile/bin"
+                                                                                   ":/run/current-system/profile/sbin"
+                                                                                   ":/run/current-system/profile/libexec"))))
      (stop #~(make-kill-destructor)))))

 (define caddy-service-type
@ -35,6 +51,13 @@
    (name 'caddy)
    (default-value (caddy-configuration))
    (extensions (list
-                  ;(service-extension activation-service-type (const %caddy-activation))
-                  (service-extension shepherd-root-service-type (compose list caddy-shepherd-service))))
+                  (service-extension shepherd-root-service-type (compose list caddy-shepherd-service))
+                  (service-extension privileged-program-service-type (const (list
+                                                                              (privileged-program
+                                                                                (program (file-append caddy-dirty "/sbin/caddy"))
+                                                                                (capabilities "cap_net_bind_service=+ep")
+                                                                                (user "caddy")
+                                                                                (group "caddy")
+                                                                                ))))
+                  ))
    (description "run caddy web server service")))