From a7d20c978c4b832305ff00f015d0efb0348a3fd1 Mon Sep 17 00:00:00 2001
From: JEAN-FRANCOIS GUILLAUME <mrbear@yam-it.net>
Date: Thu, 17 Oct 2024 14:30:28 +0200
Subject: [PATCH] updating caddy service

---
 glicid/services/caddy.scm | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/glicid/services/caddy.scm b/glicid/services/caddy.scm
index b118f09..db56e21 100644
--- a/glicid/services/caddy.scm
+++ b/glicid/services/caddy.scm
@@ -24,13 +24,13 @@
       (group "caddy")
       (system? #t)
       (home-directory "/var/lib/caddy")
-      (shell (file-append bash "/sbin/nologin")))))
+      (shell (file-append shadow "/sbin/nologin")))))
 
 (define-record-type* <caddy-configuration> caddy-configuration
                      make-caddy-configuration
                      caddy-configuration?
                      (caddy caddy (default caddy-dirty))
-                     (config-file config-file (default "/etc/caddy/Caddyfile"))
+                     (config-file config-file (default ""))
                      (log-file log-file (default "/var/log/caddy.log"))
                      )
 
@@ -42,26 +42,33 @@
                              (requirement '(user-processes))
                              (respawn? #t)
                              (respawn-delay 10)
-                             (start #~(make-forkexec-constructor (list #$(file-append caddy "/sbin/caddy")
+                             (start #~(make-forkexec-constructor (list "/run/privileged/bin/caddy"
                                                                        "run"
-                                                                       "-c"
-                                                                       #$config-file
+                                                                       #$@(if config-file
+                                                                            (list "-c" config-file)
+                                                                            '())
                                                                        )
                                                                  #:log-file #$log-file
-                                                                 #:environment-variables (list "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec")
+                                                                 #:environment-variables (list
+                                                                                           "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec:/run/privileged/bin"
+                                                                                           "HOME=/var/lib/caddy")
                                                                  #:user "caddy"
                                                                  #:group "caddy"
                                                                  ))
                              (stop #~(make-kill-destructor)))))))
 
-
 (define %caddy-priv
   (list
     (privileged-program
       (program (file-append caddy-dirty "/sbin/caddy"))
-      (capabilities "cap_net_bind_service=+ep")
+      (capabilities "cap_net_admin,cap_net_bind_service=+ep")
       )))
 
+(define %caddy-activation
+  #~(begin
+      (chmod "/var/lib/caddy" #o0770)
+      #t ))
+
 (define caddy-service-type
   (service-type
     (name 'caddy)
@@ -70,6 +77,7 @@
                   (service-extension shepherd-root-service-type caddy-service)
                   (service-extension privileged-program-service-type (const %caddy-priv))
                   (service-extension account-service-type (const %caddy-accounts))
+                  (service-extension activation-service-type (const %caddy-activation))
                   ))
     (description "run caddy web server service")))