diff options
author | Nils Gillmann <ng0@n0.is> | 2018-06-28 10:18:01 +0000 |
---|---|---|
committer | Nils Gillmann <ng0@n0.is> | 2018-06-28 10:18:01 +0000 |
commit | 481936c2d82bbadad798f91b2cdad67252e89d96 (patch) | |
tree | 8f934508e7075bf3f368e673b591685e058fcceb | |
parent | bdce99417112727263204dfc3194e926d6f96b03 (diff) | |
download | gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.tar.gz gnunet-481936c2d82bbadad798f91b2cdad67252e89d96.zip |
batch commit my GPL3 shepherd service file WIP collection
Signed-off-by: Nils Gillmann <ng0@n0.is>
-rw-r--r-- | contrib/services/shepherd/ng0_wip/README | 11 | ||||
-rw-r--r-- | contrib/services/shepherd/ng0_wip/gnunet.scm | 173 | ||||
-rw-r--r-- | contrib/services/shepherd/ng0_wip/janneke-os-modified.scm | 62 |
3 files changed, 246 insertions, 0 deletions
diff --git a/contrib/services/shepherd/ng0_wip/README b/contrib/services/shepherd/ng0_wip/README new file mode 100644 index 000000000..c36c10959 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/README | |||
@@ -0,0 +1,11 @@ | |||
1 | short notes: | ||
2 | |||
3 | * you are not expected to be able to run this as-is. | ||
4 | * you must keep it GPL3 licensed and NOT license it to GNUnet e.V., | ||
5 | for changes add your line to the header. | ||
6 | * does not apply to a guix checkout, you have to search and replace | ||
7 | the imported modules. in my development of plant, infotropique | ||
8 | services is equivalent to gnu services (same for packages) and plant | ||
9 | XYZ is guix XYZ. | ||
10 | * Understanding is optional. | ||
11 | * Patches come as context reading material. \ No newline at end of file | ||
diff --git a/contrib/services/shepherd/ng0_wip/gnunet.scm b/contrib/services/shepherd/ng0_wip/gnunet.scm new file mode 100644 index 000000000..80b807e74 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/gnunet.scm | |||
@@ -0,0 +1,173 @@ | |||
1 | ;;; plant --- | ||
2 | ;;; Copyright (C) 2016, 2017, 2018 Nils Gillmann <gillmann@infotropique.org> | ||
3 | ;;; | ||
4 | ;;; This file is part of plant. | ||
5 | ;;; | ||
6 | ;;; plant is free software; you can redistribute it and/or modify it | ||
7 | ;;; under the terms of the GNU General Public License as published by | ||
8 | ;;; the Free Software Foundation; either version 3 of the License, or (at | ||
9 | ;;; your option) any later version. | ||
10 | ;;; | ||
11 | ;;; plant is distributed in the hope that it will be useful, but | ||
12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | ;;; GNU General Public License for more details. | ||
15 | ;;; | ||
16 | ;;; You should have received a copy of thye GNU General Public License | ||
17 | ;;; along with plant. If not, see <http://www.gnu.org/licenses/>. | ||
18 | |||
19 | (define-module (infotropique services networking) | ||
20 | #:use-module (infotropique services) | ||
21 | #:use-module (infotropique services shepherd) | ||
22 | #:use-module (infotropique services dbus) | ||
23 | #:use-module (infotropique system shadow) | ||
24 | #:use-module (infotropique system pam) | ||
25 | #:use-module (infotropique packages admin) | ||
26 | #:use-module (infotropique packages connman) | ||
27 | #:use-module (infotropique packages linux) | ||
28 | #:use-module (infotropique packages tor) | ||
29 | #:use-module (infotropique packages messaging) | ||
30 | #:use-module (infotropique packages networking) | ||
31 | #:use-module (infotropique packages ntp) | ||
32 | #:use-module (infotropique packages wicd) | ||
33 | #:use-module (infotropique packages gnome) | ||
34 | #:use-module (infotropique packages gnunet) | ||
35 | #:use-module (plant gexp) | ||
36 | #:use-module (plant records) | ||
37 | #:use-module (plant modules) | ||
38 | #:use-module (srfi srfi-1) | ||
39 | #:use-module (srfi srfi-9) | ||
40 | #:use-module (srfi srfi-26) | ||
41 | #:use-module (ice-9 match) | ||
42 | #:export (gnunet-configuration | ||
43 | gnunet-configuration? | ||
44 | gnunet-service | ||
45 | gnunet-service-type)) | ||
46 | |||
47 | ;;; | ||
48 | ;;; Commentary: | ||
49 | ;;; gnunet (GNUnet) related services, mainly gnunet itself. | ||
50 | ;;; | ||
51 | |||
52 | ;; GENTOO OpenRC: | ||
53 | DONE: depends on "net". | ||
54 | DONE: PIDFILE=/run/gnunet/arm-service.pid | ||
55 | SUID_ROOT_HELPERS=exit, nat-server, nat-client, transport-bluetooth, transport-wlan, vpn | ||
56 | |||
57 | /var/lib/gnunet/.local/share/gnunet/gnunet.conf must be chmod 600 and chown gnunet:gnunet | ||
58 | /var/lib/gnunet/.cache/gnunet must exist. | ||
59 | /usr/lib/gnunet/libexec/gnunet-helper-SUID_ROOT_HELPERS must be s+u (--> suid) | ||
60 | |||
61 | /usr/lib/gnunet/libexec/gnunet-helper-dns must be: chown root:gnunetdns and chmod 4750 | ||
62 | /usr/lib/gnunet/libexec/gnunet-service-dns must be: chown gnunet:gnunetdns and chmod 2750 | ||
63 | |||
64 | directory with PID file must then be chowned by gnunet:gnunet | ||
65 | |||
66 | user gnunet startet dann /usr/lib/gnunet/libexec/gnunet-service-arm -d | ||
67 | |||
68 | stop process hat: | ||
69 | start-stop-daemon --stop --signal QUIT --pidfile ${PIDFILE} | ||
70 | sleep 1 | ||
71 | killall -u gnunet | ||
72 | sleep 1 | ||
73 | rm -rf /tmp/gnunet-gnunet-runtime >/dev/null 2>&1 | ||
74 | rm -rf /tmp/gnunet-system-runtime >/dev/null 2>&1 | ||
75 | |||
76 | /etc/nsswitch.conf kriegt den eintrag: | ||
77 | hosts: files gns [NOTFOUND=return] dns | ||
78 | |||
79 | und die dateien die in der source rumliegen bzgl nss müssen noch kopiert werden | ||
80 | UND nss muss sie finden. | ||
81 | |||
82 | |||
83 | |||
84 | (define-record-type* <gnunet-configuration> | ||
85 | gnunet-configuration make-gnunet-configuration | ||
86 | gnunet-configuration? | ||
87 | (package gnunet-configuration-package | ||
88 | (default gnunet)) | ||
89 | (config-file gnunet-configuration-config-file | ||
90 | (default %default-gnunet-config-file))) | ||
91 | |||
92 | ;; TODO: [PATHS] DEFAULTCONFIG = ? | ||
93 | (define %default-gnunet-config-file | ||
94 | (plain-file "gnunet.conf" " | ||
95 | [PATHS] | ||
96 | SERVICEHOME = /var/lib/gnunet | ||
97 | GNUNET_CONFIG_HOME = /var/lib/gnunet | ||
98 | |||
99 | [arm] | ||
100 | SYSTEM_ONLY = YES | ||
101 | USER_ONLY = NO | ||
102 | |||
103 | [nat] | ||
104 | BEHIND_NAT = YES | ||
105 | ENABLE_UPNP = NO | ||
106 | USE_LOCALADDR = NO | ||
107 | DISABLEV6 = YES | ||
108 | |||
109 | [hostlist] | ||
110 | OPTIONS = -b -e | ||
111 | ")) | ||
112 | |||
113 | (define gnunet-shepherd-service | ||
114 | (match-lambda | ||
115 | (($ <gnunet-configuration> package config-file) | ||
116 | (list (shepherd-service | ||
117 | (provision '(gnunet)) | ||
118 | ;; do we require networking? arm will try to reconnect until a connection | ||
119 | ;; exists (again), but we might also set up vpn and not succeed at service | ||
120 | ;; boot time as well as the general certificate issue we have especially on | ||
121 | ;; Guix-on-GuixSD systems. | ||
122 | (requirement '(loopback)) | ||
123 | (documentation "Run the GNUnet service.") | ||
124 | (start | ||
125 | (let ((gnunet | ||
126 | (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) | ||
127 | #~(make-forkexec-constructor | ||
128 | (list #$gnunet "-c" #$config-file) | ||
129 | #:log-file "/var/log/gnunet.log" | ||
130 | #:pid-file "/var/run/gnunet/arm-service.pid"))) | ||
131 | (stop | ||
132 | #~(make-kill-destructor))))))) | ||
133 | |||
134 | (define %gnunet-accounts | ||
135 | (list (user-group | ||
136 | (name "gnunetdns") | ||
137 | (system? #t)) | ||
138 | (user-group | ||
139 | (name "gnunet") | ||
140 | (system? #t)) | ||
141 | (user-account | ||
142 | (name "gnunet") | ||
143 | (group "gnunet") | ||
144 | (system? #t) | ||
145 | (comment "GNUnet system user") | ||
146 | (home-directory "/var/lib/gnunet") | ||
147 | (shell #~(string-append #$shadow "/sbin/nologin"))))) | ||
148 | |||
149 | ;; TODO: setuids. | ||
150 | ;; TODO: certificate issues -- gnunet should honor CURL_CA_BUNDLE! | ||
151 | (define gnunet-activation | ||
152 | (match-lambda | ||
153 | (($ <gnunet-configuration> package config-file) | ||
154 | (let ((gnunet | ||
155 | (file-append package "/lib/gnunet/libexec/gnunet-service-arm"))) | ||
156 | #~(begin | ||
157 | ;; Create the .config + .cache for gnunet user | ||
158 | (mkdir-p "/var/lib/gnunet/.config/gnunet") | ||
159 | (mkdir-p "/var/lib/gnunet/.cache/gnunet")))))) | ||
160 | |||
161 | (define gnunet-service-type | ||
162 | (service-type | ||
163 | (name 'gnunet) | ||
164 | (extensions (list (service-extension account-service-type | ||
165 | (const %gnunet-accounts)) | ||
166 | (service-extension activation-service-type | ||
167 | gnunet-activation) | ||
168 | (service-extension profile-service-type | ||
169 | (compose list gnunet-configuration-package)) | ||
170 | (service-extension shepherd-root-service-type | ||
171 | gnunet-shepherd-service))))) | ||
172 | |||
173 | ;;; gnunet.scm ends here | ||
diff --git a/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm new file mode 100644 index 000000000..d75d14598 --- /dev/null +++ b/contrib/services/shepherd/ng0_wip/janneke-os-modified.scm | |||
@@ -0,0 +1,62 @@ | |||
1 | (use-modules (gnu)) | ||
2 | (use-service-modules | ||
3 | ;; admin | ||
4 | base | ||
5 | mcron | ||
6 | networking | ||
7 | ssh) | ||
8 | |||
9 | (use-package-modules | ||
10 | admin | ||
11 | ssh | ||
12 | version-control | ||
13 | gnunet) | ||
14 | |||
15 | (define %user (getenv "USER")) | ||
16 | |||
17 | (define os | ||
18 | (operating-system | ||
19 | (host-name "os") | ||
20 | (timezone "Europe/Amsterdam") | ||
21 | (locale "en_US.UTF-8") | ||
22 | |||
23 | (bootloader | ||
24 | (grub-configuration | ||
25 | (device "/dev/sda"))) | ||
26 | |||
27 | (file-systems | ||
28 | (cons* (file-system (mount-point "/") | ||
29 | (device "/dev/sda1") | ||
30 | (type "ext4")) | ||
31 | %base-file-systems)) | ||
32 | |||
33 | (groups | ||
34 | (cons* (user-group (name %user)) | ||
35 | %base-groups)) | ||
36 | |||
37 | (users | ||
38 | (cons* (user-account (name %user) | ||
39 | (group %user) | ||
40 | (password (crypt "" "xx")) | ||
41 | (uid 1000) | ||
42 | (supplementary-groups '("wheel" "gnunet")) | ||
43 | (home-directory (string-append "/home/" %user))) | ||
44 | %base-user-accounts)) | ||
45 | |||
46 | (packages | ||
47 | (cons* | ||
48 | git | ||
49 | openssh | ||
50 | gnunet | ||
51 | %base-packages)) | ||
52 | |||
53 | (services | ||
54 | (cons* | ||
55 | (dhcp-client-service) | ||
56 | (lsh-service #:port-number 2222 | ||
57 | #:allow-empty-passwords? #t | ||
58 | #:root-login? #t) | ||
59 | (gnunet-service) | ||
60 | %base-services | ||
61 | )))) | ||
62 | os | ||