guix-glicid/glicid/services/vpn.scm

(define-module (glicid services vpn)
               #:use-module (guix gexp)
               #:use-module (gnu packages bash)
               #:use-module (gnu services)
               #:use-module (gnu services shepherd)
               #:use-module (guix records)
               #:use-module (gnu system shadow)
               #:use-module (glicid packages vpn)
               #:use-module (ice-9 match)
               #:export (
                         %netbird-accounts
                         %netbird-user
                         %netbird-group
                         %netbird-activation
                         netbird-configuration
                         netbird-configuration?
                         netbird-shepherd-service
                         netbird-service-type
                         ))

(define %netbird-group
  (user-group
    (name "netbird")
    (system? #t)))

(define %netbird-user
  (user-account
    (name "netbird")
    (group "netbird")
    (system? #t)
    (comment "netbird server user")
    (home-directory "/etc/netbird")
    (shell (file-append bash "/bin/bash"))))

(define %netbird-accounts
  (list %netbird-group %netbird-user))

(define-record-type* <netbird-configuration> netbird-configuration
                     make-netbird-configuration
                     netbird-configuration?
                     (instance-name instance-name (default '(netbird)))
                     (netbird netbird (default netbird-cli))
                     (config-file config-file (default "/etc/netbird/config.json"))
                     (daemon-addr daemon-addr (default "unix:///var/run/netbird.sock"))
                     (log-file log-file (default "/var/log/netbird.log")))

(define %netbird-activation
  #~(begin
      (mkdir-p "/etc/netbird")
      #t))

(define netbird-shepherd-service
  (match-lambda
    (($ <netbird-configuration> instance-name netbird config-file daemon-addr log-file)
     (list
       (shepherd-service
         (provision instance-name)
         (documentation "Run netbird daemon.")
         (requirement '(user-processes networking))
         (respawn? #t)
         (start #~(make-forkexec-constructor
                    (list (string-append #$netbird "/bin/netbird")
                          "service"
                          "run"
                          "--config" #$config-file
                          "--log-level"
                          "info"
                          "--daemon-addr" #$daemon-addr
                          "--log-file" "console")
                    #:environment-variables (list
                                              "PATH=/run/current-system/profile/bin:/run/current-system/profile/sbin:/run/current-system/profile/libexec"
                                              "CURL_CA_BUNDLE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
                                              "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
                                              "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs")
                    #:log-file #$log-file ))
         (stop #~(make-kill-destructor)))))))

(define netbird-service-type
  (service-type
    (name 'netbird)
    (default-value (netbird-configuration))
    (extensions (list
                  (service-extension activation-service-type (const %netbird-activation))
                  (service-extension shepherd-root-service-type netbird-shepherd-service)))
    (description "run netbird vpn service")))