(define-module (glicid services caddy) #:use-module (guix gexp) #:use-module (gnu packages bash) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (guix records) #:use-module (gnu system shadow) #:use-module (gnu system privilege) #:use-module (ice-9 match) #:use-module (glicid packages caddy)) (define %caddy-accounts (list (user-group (name "caddy")(system? #t)) (user-account (name "caddy") (group "caddy") (system? #t) (home-directory "/var/lib/caddy") (shell (file-append bash "/sbin/nologin"))))) (define-record-type* caddy-configuration make-caddy-configuration caddy-configuration? (caddy caddy-configuration-caddy (default caddy-dirty)) (config-file caddy-config-file (default "/etc/caddy/Caddyfile")) (log-file caddy-log-file (default "/var/log/caddy.log")) ) (define (caddy-shepherd-service config) (let* ((caddy (caddy-configuration-caddy config))) (shepherd-service (provision '(caddy)) (documentation "Run caddy daemon.") (requirement '(user-processes)) (start #~(make-forkexec-constructor (list (string-append #$caddy "/sbin/caddy") "run" "-c" #$config-file) #:log-file #$log-file #:environment-variables (list (string-append "PATH=" "/run/current-system/profile/bin" ":/run/current-system/profile/sbin" ":/run/current-system/profile/libexec")))) (stop #~(make-kill-destructor))))) (define caddy-service-type (service-type (name 'caddy) (default-value (caddy-configuration)) (extensions (list (service-extension shepherd-root-service-type (compose list caddy-shepherd-service)) (service-extension privileged-program-service-type (const (list (privileged-program (program (file-append caddy-dirty "/sbin/caddy")) (capabilities "cap_net_bind_service=+ep") (user "caddy") (group "caddy") )))) )) (description "run caddy web server service")))