From 5f024759dc62a09c52b7a3d11060bebf682a0162 Mon Sep 17 00:00:00 2001
From: Jeff MrBear <mrbear@yam-it.net>
Date: Fri, 13 Jun 2025 15:07:53 +0200
Subject: [PATCH] squid unprivilleged

---
 glicid/services/networking.scm | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/glicid/services/networking.scm b/glicid/services/networking.scm
index b97417b..fa521ed 100644
--- a/glicid/services/networking.scm
+++ b/glicid/services/networking.scm
@@ -40,7 +40,7 @@
          (respawn-delay 10)
          (start #~(make-forkexec-constructor
                     (list
-                      "/run/privileged/bin/squid"
+                      #$(file-append pkg "/sbin/squid")
                       "-f" #$config-file
                       )
                     #:pid-file #$pid-file 
@@ -50,6 +50,27 @@
                     #:resource-limits '((nofile 65535 65535))))
          (stop #~(make-kill-destructor)))))))
 
+(define squid-privileged-shepherd-service
+  (match-lambda
+    (($ <squid-configuration> pkg port loglevel config-file pid-file log-file)
+     (list
+       (shepherd-service
+         (provision '(squid))
+         (documentation "Run squid.")
+         (requirement '(user-processes))
+         (respawn? #t)
+         (respawn-delay 10)
+         (start #~(make-forkexec-constructor
+                    (list
+                      "/run/privileged/bin/squid"
+                      "-f" #$config-file
+                      )
+                    #:pid-file #$pid-file 
+                    #:log-file #$log-file
+                    #:user (passwd:uid (getpwnam "squid"))
+                    #:group (passwd:gid (getpwnam "squid"))
+                    #:resource-limits '((nofile 65535 65535))))
+         (stop #~(make-kill-destructor)))))))
 
 (define %squid-activation
   #~(begin