(define-module (glicid services caddy) #:use-module (guix gexp) #:use-module (gnu packages bash) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (guix records) #:use-module (gnu system privilege) #:use-module (gnu system shadow) #:use-module (ice-9 match) #:use-module (glicid packages caddy) #:export (%caddy-accounts caddy-configuration caddy-configuration? caddy-shepherd-service caddy-service-type caddy-with-extensions-service-type )) (define %caddy-accounts (list (user-group (name "caddy")(system? #t)) (user-account (name "caddy") (group "caddy") (system? #t) (home-directory "/var/lib/caddy") (shell (file-append bash "/bin/bash"))))) (define-record-type* caddy-configuration make-caddy-configuration caddy-configuration? (caddy caddy (default caddy-dirty)) (config-file config-file (default "")) (log-file log-file (default "/var/log/caddy.log")) (proxy proxy (default #f)) (noproxy noproxy (default #f)) ) (define caddy-service (match-lambda (($ caddy config-file log-file proxy noproxy) (list (shepherd-service (provision '(caddy)) (documentation "Run caddy.") (requirement '(user-processes)) (respawn? #t) (respawn-delay 10) (start #~(make-forkexec-constructor (list "/run/privileged/bin/caddy" "run" #$@(if config-file (list "-c" config-file) '()) ) #:log-file #$log-file #:environment-variables (list "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec:/run/privileged/bin" "HOME=/var/lib/caddy" #$@(if proxy (list string-append "http_proxy=" #$proxy string-append "https_proxy=" #$proxy) '()) #$@(if noproxy (list string-append "no_proxy=" #$noproxy) '()) ) #:user "caddy" #:group "caddy" )) (stop #~(make-kill-destructor))))))) (define %caddy-priv (list (privileged-program (program (file-append caddy-dirty "/sbin/caddy")) (capabilities "cap_net_admin,cap_net_bind_service=+ep") ))) (define %caddy-with-extensions-priv (list (privileged-program (program (file-append caddy-dirty-with-extensions "/sbin/caddy")) (capabilities "cap_net_admin,cap_net_bind_service=+ep") ))) (define %caddy-activation #~(begin (chmod "/var/lib/caddy" #o0770) #t )) (define caddy-with-extensions-service-type (service-type (name 'caddy) (default-value (caddy-configuration)) (extensions (list (service-extension shepherd-root-service-type caddy-service) (service-extension privileged-program-service-type (const %caddy-with-extensions-priv)) (service-extension account-service-type (const %caddy-accounts)) (service-extension activation-service-type (const %caddy-activation)) )) (description "run caddy web server service"))) (define caddy-service-type (service-type (name 'caddy) (default-value (caddy-configuration)) (extensions (list (service-extension shepherd-root-service-type caddy-service) (service-extension privileged-program-service-type (const %caddy-priv)) (service-extension account-service-type (const %caddy-accounts)) (service-extension activation-service-type (const %caddy-activation)) )) (description "run caddy web server service")))