guix-glicid/glicid/services/networking.scm

(define-module (glicid services networking)
               #:use-module (gnu packages bash)
               #:use-module (glicid packages networking)
               #:use-module (gnu services)
               #:use-module (gnu services shepherd)
               #:use-module (gnu system privilege)
               #:use-module (gnu system shadow)
               #:use-module (guix)
               #:use-module (guix records)
               #:use-module (ice-9 match)
               #: export (
                          squid-configuration
                          squid-configuration?
                          squid-shepherd-service
                          squid-privileged-shepherd-service
                          squid-service-type
                          squid-privileged-service-type
                          ))



(define-record-type* 
  <squid-configuration>
  squid-configuration make-squid-configuration
  squid-configuration?
  (pkg pkg (default squid))
  (port port (default 3128))
  (loglevel loglevel (default 1))
  (config-file config-file (default (file-append squid "/etc/squid.conf")))
  (pid-file pid-file (default "/var/run/squid/squid.pid"))
  (log-file log-file (default "/var/log/squid/squid.log")))

(define squid-shepherd-service
  (match-lambda
    (($ <squid-configuration> pkg port loglevel config-file pid-file log-file)
     (list
       (shepherd-service
         (provision '(squid))
         (documentation "Run squid.")
         (requirement '(user-processes))
         (respawn? #t)
         (respawn-delay 10)
         (start #~(make-forkexec-constructor
                    (list
                      #$(file-append pkg "/sbin/squid")
                      "-f" #$config-file
                      )
                    #:pid-file #$pid-file 
                    #:log-file #$log-file
                    #:user (passwd:uid (getpwnam "squid"))
                    #:group (passwd:gid (getpwnam "squid"))
                    #:resource-limits '((nofile 65535 65535))))
         (stop #~(make-kill-destructor)))))))

(define squid-privileged-shepherd-service
  (match-lambda
    (($ <squid-configuration> pkg port loglevel config-file pid-file log-file)
     (list
       (shepherd-service
         (provision '(squid))
         (documentation "Run squid.")
         (requirement '(user-processes))
         (respawn? #t)
         (respawn-delay 10)
         (start #~(make-forkexec-constructor
                    (list
                      "/run/privileged/bin/squid"
                      "-f" #$config-file
                      )
                    #:pid-file #$pid-file 
                    #:log-file #$log-file
                    #:user (passwd:uid (getpwnam "squid"))
                    #:group (passwd:gid (getpwnam "squid"))
                    #:resource-limits '((nofile 65535 65535))))
         (stop #~(make-kill-destructor)))))))

(define %squid-activation
  #~(begin
      (mkdir-p "/var/run/squid")
      (mkdir-p "/var/log/squid")
      (mkdir-p "/var/cache/squid")
      (mkdir-p "/var/spool/squid")
      (touch "/var/log/squid/squid.log")
      (touch "/var/log/squid/squid_access.log")
      (touch "/var/log/squid/squid_cache.log")
      (touch "/var/log/squid/squid_cache_store.log")
      (chown "/var/run/squid" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/cache/squid" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/log/squid" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/spool/squid" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/log/squid/squid.log" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/log/squid/squid_access.log" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/log/squid/squid_cache.log" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      (chown "/var/log/squid/squid_cache_store.log" (passwd:uid (getpwnam "squid")) (passwd:gid (getpwnam "squid")))
      #t )) 

(define %squid-accounts
  (list
    (user-group (name "squid") (system? #t))
    (user-account
      (name "squid")
      (group "squid")
      (system? #t)
      (comment "Squid server user")
      (home-directory "/var/spool/squid")
      (shell (file-append bash "/bin/bash")))))

(define %squid-priv
  (list
    (privileged-program
      (program (file-append squid "/sbin/squid"))
      (capabilities "cap_net_admin,cap_net_bind_service,cap_net_raw,cap_syslog,cap_bpf=+ep"))))

(define squid-service-type
  (service-type 
    (name 'squid)
    (extensions (list
                  (service-extension shepherd-root-service-type squid-shepherd-service)
                  (service-extension account-service-type (const %squid-accounts))
                  (service-extension activation-service-type (const %squid-activation))))
    (description "Run @uref{http://www.squid-cache.org/, squid} community developped Squid software.")))

(define squid-privileged-service-type
  (service-type 
    (name 'squid)
    (extensions (list
                  (service-extension shepherd-root-service-type squid-shepherd-service)
                  (service-extension privileged-program-service-type (const %squid-priv))
                  (service-extension account-service-type (const %squid-accounts))
                  (service-extension activation-service-type (const %squid-activation))))
    (description "Run @uref{http://www.squid-cache.org/, squid} community developped Squid software.")))