batch commit my GPL3 shepherd service file WIP collection

Signed-off-by: Nils Gillmann <ng0@n0.is>
author: Nils Gillmann <ng0@n0.is> 2018-06-28 10:18:01 +0000
committer: Nils Gillmann <ng0@n0.is> 2018-06-28 10:18:01 +0000
commit: 481936c2d82bbadad798f91b2cdad67252e89d96 (patch)
tree: 8f934508e7075bf3f368e673b591685e058fcceb
parent: bdce99417112727263204dfc3194e926d6f96b03 (diff)
download: gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.tar.gz
gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.zip
3 files changed, 246 insertions, 0 deletions
diff --git a/contrib/services/shepherd/ng0_wip/README b/contrib/services/shepherd/ng0_wip/README
new file mode 100644
index 000000000..c36c10959
--- /dev/null
+++ b/contrib/services/shepherd/ng0_wip/README
@@ -0,0 +1,11 @@
+short notes:
+* you are not expected to be able to run this as-is.
+* you must keep it GPL3 licensed and NOT license it to GNUnet e.V.,
+  for changes add your line to the header.
+* does not apply to a guix checkout, you have to search and replace
+  the imported modules. in my development of plant, infotropique
+  services is equivalent to gnu services (same for packages) and plant
+  XYZ is guix XYZ.
+* Understanding is optional.
+* Patches come as context reading material.
+\ No newline at end of file
diff --git a/contrib/services/shepherd/ng0_wip/gnunet.scm b/contrib/services/shepherd/ng0_wip/gnunet.scm
new file mode 100644
index 000000000..80b807e74
--- /dev/null
+++ b/contrib/services/shepherd/ng0_wip/gnunet.scm
@@ -0,0 +1,173 @@
+;;; plant ---
+;;; Copyright (C) 2016, 2017, 2018 Nils Gillmann <gillmann@infotropique.org>
+;;;
+;;; This file is part of plant.
+;;;
+;;; plant is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; plant is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of thye GNU General Public License
+;;; along with plant.  If not, see <http://www.gnu.org/licenses/>.
+(define-module (infotropique services networking)
+  #:use-module (infotropique services)
+  #:use-module (infotropique services shepherd)
+  #:use-module (infotropique services dbus)
+  #:use-module (infotropique system shadow)
+  #:use-module (infotropique system pam)
+  #:use-module (infotropique packages admin)
+  #:use-module (infotropique packages connman)
+  #:use-module (infotropique packages linux)
+  #:use-module (infotropique packages tor)
+  #:use-module (infotropique packages messaging)
+  #:use-module (infotropique packages networking)
+  #:use-module (infotropique packages ntp)
+  #:use-module (infotropique packages wicd)
+  #:use-module (infotropique packages gnome)
+  #:use-module (infotropique packages gnunet)
+  #:use-module (plant gexp)
+  #:use-module (plant records)
+  #:use-module (plant modules)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
+  #:use-module (srfi srfi-26)
+  #:use-module (ice-9 match)
+  #:export (gnunet-configuration
+            gnunet-configuration?
+            gnunet-service
+            gnunet-service-type))
+;;;
+;;; Commentary:
+;;; gnunet (GNUnet) related services, mainly gnunet itself.
+;;;
+;; GENTOO OpenRC:
+DONE: depends on "net".
+DONE: PIDFILE=/run/gnunet/arm-service.pid
+SUID_ROOT_HELPERS=exit, nat-server, nat-client, transport-bluetooth, transport-wlan, vpn
+/var/lib/gnunet/.local/share/gnunet/gnunet.conf must be chmod 600 and chown gnunet:gnunet
+/var/lib/gnunet/.cache/gnunet must exist.
+/usr/lib/gnunet/libexec/gnunet-helper-SUID_ROOT_HELPERS must be s+u (--> suid)
+/usr/lib/gnunet/libexec/gnunet-helper-dns must be: chown root:gnunetdns and chmod 4750
+/usr/lib/gnunet/libexec/gnunet-service-dns must be: chown gnunet:gnunetdns and chmod 2750
+directory with PID file must then be chowned by gnunet:gnunet
+user gnunet startet dann /usr/lib/gnunet/libexec/gnunet-service-arm -d
+stop process hat:
+start-stop-daemon --stop --signal QUIT --pidfile ${PIDFILE}
+sleep 1
+killall -u gnunet
+sleep 1
+rm -rf /tmp/gnunet-gnunet-runtime >/dev/null 2>&1
+rm -rf /tmp/gnunet-system-runtime >/dev/null 2>&1
+/etc/nsswitch.conf kriegt den eintrag:
+hosts:       files gns [NOTFOUND=return] dns
+und die dateien die in der source rumliegen bzgl nss müssen noch kopiert werden
+UND nss muss sie finden.
+(define-record-type* <gnunet-configuration>
+  gnunet-configuration make-gnunet-configuration
+  gnunet-configuration?
+  (package           gnunet-configuration-package
+                     (default gnunet))
+  (config-file       gnunet-configuration-config-file
+                     (default %default-gnunet-config-file)))
+;; TODO: [PATHS] DEFAULTCONFIG = ?
+(define %default-gnunet-config-file
+  (plain-file "gnunet.conf" "
+[PATHS]
+SERVICEHOME = /var/lib/gnunet
+GNUNET_CONFIG_HOME = /var/lib/gnunet
+[arm]
+SYSTEM_ONLY = YES
+USER_ONLY = NO
+[nat]
+BEHIND_NAT = YES
+ENABLE_UPNP = NO
+USE_LOCALADDR = NO
+DISABLEV6 = YES
+[hostlist]
+OPTIONS = -b -e
+"))
+(define gnunet-shepherd-service
+  (match-lambda
+    (($ <gnunet-configuration> package config-file)
+     (list (shepherd-service
+            (provision '(gnunet))
+            ;; do we require networking? arm will try to reconnect until a connection
+            ;; exists (again), but we might also set up vpn and not succeed at service
+            ;; boot time as well as the general certificate issue we have especially on
+            ;; Guix-on-GuixSD systems.
+            (requirement '(loopback))
+            (documentation "Run the GNUnet service.")
+            (start
+             (let ((gnunet
+                    (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
+               #~(make-forkexec-constructor
+                  (list #$gnunet "-c" #$config-file)
+                  #:log-file "/var/log/gnunet.log"
+                  #:pid-file "/var/run/gnunet/arm-service.pid")))
+            (stop
+             #~(make-kill-destructor)))))))
+(define %gnunet-accounts
+  (list (user-group
+         (name "gnunetdns")
+         (system? #t))
+        (user-group
+         (name "gnunet")
+         (system? #t))
+        (user-account
+         (name "gnunet")
+         (group "gnunet")
+         (system? #t)
+         (comment "GNUnet system user")
+         (home-directory "/var/lib/gnunet")
+         (shell #~(string-append #$shadow "/sbin/nologin")))))
+;; TODO: setuids.
+;; TODO: certificate issues -- gnunet should honor CURL_CA_BUNDLE!
+(define gnunet-activation
+  (match-lambda
+    (($ <gnunet-configuration> package config-file)
+     (let ((gnunet
+            (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
+       #~(begin
+           ;; Create the .config + .cache for gnunet user
+           (mkdir-p "/var/lib/gnunet/.config/gnunet")
+           (mkdir-p "/var/lib/gnunet/.cache/gnunet"))))))
+(define gnunet-service-type
+  (service-type
+   (name 'gnunet)
+   (extensions (list (service-extension account-service-type
+                                        (const %gnunet-accounts))
+                     (service-extension activation-service-type
+                                        gnunet-activation)
+                     (service-extension profile-service-type
+                                        (compose list gnunet-configuration-package))
+                     (service-extension shepherd-root-service-type
+                                        gnunet-shepherd-service)))))
+;;; gnunet.scm ends here
diff --git a/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm
new file mode 100644
index 000000000..d75d14598
--- /dev/null
+++ b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm
@@ -0,0 +1,62 @@
+(use-modules (gnu))
+(use-service-modules
+;; admin
+ base
+ mcron
+ networking
+ ssh)
+(use-package-modules
+ admin
+ ssh
+ version-control
+ gnunet)
+(define %user (getenv "USER"))
+(define os
+  (operating-system
+    (host-name "os")
+    (timezone "Europe/Amsterdam")
+    (locale "en_US.UTF-8")
+    (bootloader
+     (grub-configuration
+      (device "/dev/sda")))
+    
+    (file-systems
+     (cons* (file-system (mount-point "/")
+                         (device "/dev/sda1")
+                         (type "ext4"))
+            %base-file-systems))
+    
+    (groups
+     (cons* (user-group (name %user))
+          %base-groups))
+    
+    (users
+     (cons* (user-account (name %user)
+                          (group %user)
+                          (password (crypt "" "xx"))
+                          (uid 1000)
+                          (supplementary-groups '("wheel" "gnunet"))
+                          (home-directory (string-append "/home/" %user)))
+            %base-user-accounts))
+    (packages
+     (cons*
+      git
+      openssh
+      gnunet
+      %base-packages))
+    (services
+     (cons*
+      (dhcp-client-service)
+      (lsh-service #:port-number 2222
+                   #:allow-empty-passwords? #t
+                   #:root-login? #t)
+      (gnunet-service)
+      %base-services
+      ))))
+os
author	Nils Gillmann <ng0@n0.is>	2018-06-28 10:18:01 +0000
committer	Nils Gillmann <ng0@n0.is>	2018-06-28 10:18:01 +0000
commit	481936c2d82bbadad798f91b2cdad67252e89d96 (patch)
tree	8f934508e7075bf3f368e673b591685e058fcceb
parent	bdce99417112727263204dfc3194e926d6f96b03 (diff)
download	gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.tar.gz gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.zip

diff --git a/contrib/services/shepherd/ng0_wip/README b/contrib/services/shepherd/ng0_wip/README new file mode 100644 index 000000000..c36c10959 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/README
@@ -0,0 +1,11 @@
	1	short notes:
	2
	3	* you are not expected to be able to run this as-is.
	4	* you must keep it GPL3 licensed and NOT license it to GNUnet e.V.,
	5	for changes add your line to the header.
	6	* does not apply to a guix checkout, you have to search and replace
	7	the imported modules. in my development of plant, infotropique
	8	services is equivalent to gnu services (same for packages) and plant
	9	XYZ is guix XYZ.
	10	* Understanding is optional.
	11	* Patches come as context reading material. \ No newline at end of file


diff --git a/contrib/services/shepherd/ng0_wip/gnunet.scm b/contrib/services/shepherd/ng0_wip/gnunet.scm new file mode 100644 index 000000000..80b807e74 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/gnunet.scm
@@ -0,0 +1,173 @@
	1	;;; plant ---
	2	;;; Copyright (C) 2016, 2017, 2018 Nils Gillmann <gillmann@infotropique.org>
	3	;;;
	4	;;; This file is part of plant.
	5	;;;
	6	;;; plant is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; plant is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of thye GNU General Public License
	17	;;; along with plant. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (infotropique services networking)
	20	#:use-module (infotropique services)
	21	#:use-module (infotropique services shepherd)
	22	#:use-module (infotropique services dbus)
	23	#:use-module (infotropique system shadow)
	24	#:use-module (infotropique system pam)
	25	#:use-module (infotropique packages admin)
	26	#:use-module (infotropique packages connman)
	27	#:use-module (infotropique packages linux)
	28	#:use-module (infotropique packages tor)
	29	#:use-module (infotropique packages messaging)
	30	#:use-module (infotropique packages networking)
	31	#:use-module (infotropique packages ntp)
	32	#:use-module (infotropique packages wicd)
	33	#:use-module (infotropique packages gnome)
	34	#:use-module (infotropique packages gnunet)
	35	#:use-module (plant gexp)
	36	#:use-module (plant records)
	37	#:use-module (plant modules)
	38	#:use-module (srfi srfi-1)
	39	#:use-module (srfi srfi-9)
	40	#:use-module (srfi srfi-26)
	41	#:use-module (ice-9 match)
	42	#:export (gnunet-configuration
	43	gnunet-configuration?
	44	gnunet-service
	45	gnunet-service-type))
	46
	47	;;;
	48	;;; Commentary:
	49	;;; gnunet (GNUnet) related services, mainly gnunet itself.
	50	;;;
	51
	52	;; GENTOO OpenRC:
	53	DONE: depends on "net".
	54	DONE: PIDFILE=/run/gnunet/arm-service.pid
	55	SUID_ROOT_HELPERS=exit, nat-server, nat-client, transport-bluetooth, transport-wlan, vpn
	56
	57	/var/lib/gnunet/.local/share/gnunet/gnunet.conf must be chmod 600 and chown gnunet:gnunet
	58	/var/lib/gnunet/.cache/gnunet must exist.
	59	/usr/lib/gnunet/libexec/gnunet-helper-SUID_ROOT_HELPERS must be s+u (--> suid)
	60
	61	/usr/lib/gnunet/libexec/gnunet-helper-dns must be: chown root:gnunetdns and chmod 4750
	62	/usr/lib/gnunet/libexec/gnunet-service-dns must be: chown gnunet:gnunetdns and chmod 2750
	63
	64	directory with PID file must then be chowned by gnunet:gnunet
	65
	66	user gnunet startet dann /usr/lib/gnunet/libexec/gnunet-service-arm -d
	67
	68	stop process hat:
	69	start-stop-daemon --stop --signal QUIT --pidfile ${PIDFILE}
	70	sleep 1
	71	killall -u gnunet
	72	sleep 1
	73	rm -rf /tmp/gnunet-gnunet-runtime >/dev/null 2>&1
	74	rm -rf /tmp/gnunet-system-runtime >/dev/null 2>&1
	75
	76	/etc/nsswitch.conf kriegt den eintrag:
	77	hosts: files gns [NOTFOUND=return] dns
	78
	79	und die dateien die in der source rumliegen bzgl nss müssen noch kopiert werden
	80	UND nss muss sie finden.
	81
	82
	83
	84	(define-record-type* <gnunet-configuration>
	85	gnunet-configuration make-gnunet-configuration
	86	gnunet-configuration?
	87	(package gnunet-configuration-package
	88	(default gnunet))
	89	(config-file gnunet-configuration-config-file
	90	(default %default-gnunet-config-file)))
	91
	92	;; TODO: [PATHS] DEFAULTCONFIG = ?
	93	(define %default-gnunet-config-file
	94	(plain-file "gnunet.conf" "
	95	[PATHS]
	96	SERVICEHOME = /var/lib/gnunet
	97	GNUNET_CONFIG_HOME = /var/lib/gnunet
	98
	99	[arm]
	100	SYSTEM_ONLY = YES
	101	USER_ONLY = NO
	102
	103	[nat]
	104	BEHIND_NAT = YES
	105	ENABLE_UPNP = NO
	106	USE_LOCALADDR = NO
	107	DISABLEV6 = YES
	108
	109	[hostlist]
	110	OPTIONS = -b -e
	111	"))
	112
	113	(define gnunet-shepherd-service
	114	(match-lambda
	115	(($ <gnunet-configuration> package config-file)
	116	(list (shepherd-service
	117	(provision '(gnunet))
	118	;; do we require networking? arm will try to reconnect until a connection
	119	;; exists (again), but we might also set up vpn and not succeed at service
	120	;; boot time as well as the general certificate issue we have especially on
	121	;; Guix-on-GuixSD systems.
	122	(requirement '(loopback))
	123	(documentation "Run the GNUnet service.")
	124	(start
	125	(let ((gnunet
	126	(file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
	127	#~(make-forkexec-constructor
	128	(list #$gnunet "-c" #$config-file)
	129	#:log-file "/var/log/gnunet.log"
	130	#:pid-file "/var/run/gnunet/arm-service.pid")))
	131	(stop
	132	#~(make-kill-destructor)))))))
	133
	134	(define %gnunet-accounts
	135	(list (user-group
	136	(name "gnunetdns")
	137	(system? #t))
	138	(user-group
	139	(name "gnunet")
	140	(system? #t))
	141	(user-account
	142	(name "gnunet")
	143	(group "gnunet")
	144	(system? #t)
	145	(comment "GNUnet system user")
	146	(home-directory "/var/lib/gnunet")
	147	(shell #~(string-append #$shadow "/sbin/nologin")))))
	148
	149	;; TODO: setuids.
	150	;; TODO: certificate issues -- gnunet should honor CURL_CA_BUNDLE!
	151	(define gnunet-activation
	152	(match-lambda
	153	(($ <gnunet-configuration> package config-file)
	154	(let ((gnunet
	155	(file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
	156	#~(begin
	157	;; Create the .config + .cache for gnunet user
	158	(mkdir-p "/var/lib/gnunet/.config/gnunet")
	159	(mkdir-p "/var/lib/gnunet/.cache/gnunet"))))))
	160
	161	(define gnunet-service-type
	162	(service-type
	163	(name 'gnunet)
	164	(extensions (list (service-extension account-service-type
	165	(const %gnunet-accounts))
	166	(service-extension activation-service-type
	167	gnunet-activation)
	168	(service-extension profile-service-type
	169	(compose list gnunet-configuration-package))
	170	(service-extension shepherd-root-service-type
	171	gnunet-shepherd-service)))))
	172
	173	;;; gnunet.scm ends here


diff --git a/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm new file mode 100644 index 000000000..d75d14598 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm
@@ -0,0 +1,62 @@
	1	(use-modules (gnu))
	2	(use-service-modules
	3	;; admin
	4	base
	5	mcron
	6	networking
	7	ssh)
	8
	9	(use-package-modules
	10	admin
	11	ssh
	12	version-control
	13	gnunet)
	14
	15	(define %user (getenv "USER"))
	16
	17	(define os
	18	(operating-system
	19	(host-name "os")
	20	(timezone "Europe/Amsterdam")
	21	(locale "en_US.UTF-8")
	22
	23	(bootloader
	24	(grub-configuration
	25	(device "/dev/sda")))
	26
	27	(file-systems
	28	(cons* (file-system (mount-point "/")
	29	(device "/dev/sda1")
	30	(type "ext4"))
	31	%base-file-systems))
	32
	33	(groups
	34	(cons* (user-group (name %user))
	35	%base-groups))
	36
	37	(users
	38	(cons* (user-account (name %user)
	39	(group %user)
	40	(password (crypt "" "xx"))
	41	(uid 1000)
	42	(supplementary-groups '("wheel" "gnunet"))
	43	(home-directory (string-append "/home/" %user)))
	44	%base-user-accounts))
	45
	46	(packages
	47	(cons*
	48	git
	49	openssh
	50	gnunet
	51	%base-packages))
	52
	53	(services
	54	(cons*
	55	(dhcp-client-service)
	56	(lsh-service #:port-number 2222
	57	#:allow-empty-passwords? #t
	58	#:root-login? #t)
	59	(gnunet-service)
	60	%base-services
	61	))))
	62	os