GLiCID/guix-glicid
7
0
Fork 0
mirror of https://gitlab.univ-nantes.fr/glicid-public/guix-glicid.git synced 2025-04-29 13:48:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

updating caddy service

Browse source
This commit is contained in:
Jean-François GUILLAUME 2024-10-17 14:30:28 +02:00
parent edb6a815a0
commit a7d20c978c
Signed by: Jean-François GUILLAUME
GPG key ID: 38751DAE145EFB5A
1 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
glicid/services/caddy.scm
View file

@ -24,13 +24,13 @@
(group "caddy") (group "caddy")
(system? #t) (system? #t)
(home-directory "/var/lib/caddy") (home-directory "/var/lib/caddy")
(shell (file-append bash "/sbin/nologin"))))) (shell (file-append shadow "/sbin/nologin")))))
(define-record-type* <caddy-configuration> caddy-configuration (define-record-type* <caddy-configuration> caddy-configuration
make-caddy-configuration make-caddy-configuration
caddy-configuration? caddy-configuration?
(caddy caddy (default caddy-dirty)) (caddy caddy (default caddy-dirty))
(config-file config-file (default "/etc/caddy/Caddyfile")) (config-file config-file (default ""))
(log-file log-file (default "/var/log/caddy.log")) (log-file log-file (default "/var/log/caddy.log"))
) )
@ -42,26 +42,33 @@
(requirement '(user-processes)) (requirement '(user-processes))
(respawn? #t) (respawn? #t)
(respawn-delay 10) (respawn-delay 10)
(start #~(make-forkexec-constructor (list #$(file-append caddy "/sbin/caddy") (start #~(make-forkexec-constructor (list "/run/privileged/bin/caddy"
"run" "run"
"-c" #$@(if config-file
#$config-file (list "-c" config-file)
'())
) )
#:log-file #$log-file #:log-file #$log-file
#:environment-variables (list "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec") #:environment-variables (list
"PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec:/run/privileged/bin"
"HOME=/var/lib/caddy")
#:user "caddy" #:user "caddy"
#:group "caddy" #:group "caddy"
)) ))
(stop #~(make-kill-destructor))))))) (stop #~(make-kill-destructor)))))))
(define %caddy-priv (define %caddy-priv
(list (list
(privileged-program (privileged-program
(program (file-append caddy-dirty "/sbin/caddy")) (program (file-append caddy-dirty "/sbin/caddy"))
(capabilities "cap_net_bind_service=+ep") (capabilities "cap_net_admin,cap_net_bind_service=+ep")
))) )))
(define %caddy-activation
#~(begin
(chmod "/var/lib/caddy" #o0770)
#t ))
(define caddy-service-type (define caddy-service-type
(service-type (service-type
(name 'caddy) (name 'caddy)
@ -70,6 +77,7 @@
(service-extension shepherd-root-service-type caddy-service) (service-extension shepherd-root-service-type caddy-service)
(service-extension privileged-program-service-type (const %caddy-priv)) (service-extension privileged-program-service-type (const %caddy-priv))
(service-extension account-service-type (const %caddy-accounts)) (service-extension account-service-type (const %caddy-accounts))
(service-extension activation-service-type (const %caddy-activation))
)) ))
(description "run caddy web server service"))) (description "run caddy web server service")))