diff options
author | Alex Griffin <a@ajgrf.com> | 2019-11-04 19:29:24 -0600 |
---|---|---|
committer | Alex Griffin <a@ajgrf.com> | 2019-11-11 14:03:45 -0600 |
commit | a2161c861f8c971c5b9e547f1997be4b1d4ba529 (patch) | |
tree | fd60db8920cce68b31c1563990d801e59fbad8f1 | |
parent | 079ec5479cdfa16b0e9daa1d66119d9292ef4528 (diff) | |
download | guix-a2161c861f8c971c5b9e547f1997be4b1d4ba529.tar guix-a2161c861f8c971c5b9e547f1997be4b1d4ba529.tar.gz |
services: Add pagekite-service-type.
* gnu/services/networking.scm (pagekite-service-type): New service type.
(<pagekite-configuration>): New record type.
(pagekite-shepherd-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
-rw-r--r-- | doc/guix.texi | 47 | ||||
-rw-r--r-- | gnu/services/networking.scm | 109 |
2 files changed, 155 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 2622079bcb..242beb18c8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -67,6 +67,7 @@ Copyright @copyright{} 2019 Diego Nicola Barbato@* Copyright @copyright{} 2019 Ivan Petkov@* Copyright @copyright{} 2019 Jakob L. Kreuze@* Copyright @copyright{} 2019 Kyle Andrews@* +Copyright @copyright{} 2019 Alex Griffin@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -13978,6 +13979,52 @@ Package object of the Open vSwitch. @end table @end deftp +@defvr {Scheme Variable} pagekite-service-type +This is the service type for the @uref{https://pagekite.net, PageKite} service, +a tunneling solution for making localhost servers publicly visible, even from +behind NAT or restrictive firewalls. The value for this service type is a +@code{pagekite-configuration} record. + +Here's an example exposing the local HTTP and SSH daemons: + +@lisp +(service pagekite-service-type + (pagekite-configuration + (kites '("http:@@kitename:localhost:80:@@kitesecret" + "raw/22:@@kitename:localhost:22:@@kitesecret")) + (extra-file "/etc/pagekite.rc"))) +@end lisp +@end defvr + +@deftp {Data Type} pagekite-configuration +Data type representing the configuration of PageKite. + +@table @asis +@item @code{package} (default: @var{pagekite}) +Package object of PageKite. + +@item @code{kitename} (default: @code{#f}) +PageKite name for authenticating to the frontend server. + +@item @code{kitesecret} (default: @code{#f}) +Shared secret for authenticating to the frontend server. You should probably +put this inside @code{extra-file} instead. + +@item @code{frontend} (default: @code{#f}) +Connect to the named PageKite frontend server instead of the +@uref{https://pagekite.net,,pagekite.net} service. + +@item @code{kites} (default: @code{'("http:@@kitename:localhost:80:@@kitesecret")}) +List of service kites to use. Exposes HTTP on port 80 by default. The format +is @code{proto:kitename:host:port:secret}. + +@item @code{extra-file} (default: @code{#f}) +Extra configuration file to read, which you are expected to create manually. +Use this to add additional options and manage shared secrets out-of-band. + +@end table +@end deftp + @node X Window @subsection X Window diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index a1c1aad9f6..6485c08ff7 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de> ;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org> +;;; Copyright © 2019 Alex Griffin <a@ajgrf.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -154,7 +155,17 @@ nftables-configuration? nftables-configuration-package nftables-configuration-ruleset - %default-nftables-ruleset)) + %default-nftables-ruleset + + pagekite-service-type + pagekite-configuration + pagekite-configuration? + pagekite-configuration-package + pagekite-configuration-kitename + pagekite-configuration-kitesecret + pagekite-configuration-frontend + pagekite-configuration-kites + pagekite-configuration-extra-file)) ;;; Commentary: ;;; @@ -1527,4 +1538,100 @@ table inet filter { (compose list nftables-configuration-package)))) (default-value (nftables-configuration)))) + +;;; +;;; PageKite +;;; + +(define-record-type* <pagekite-configuration> + pagekite-configuration + make-pagekite-configuration + pagekite-configuration? + (package pagekite-configuration-package + (default pagekite)) + (kitename pagekite-configuration-kitename + (default #f)) + (kitesecret pagekite-configuration-kitesecret + (default #f)) + (frontend pagekite-configuration-frontend + (default #f)) + (kites pagekite-configuration-kites + (default '("http:@kitename:localhost:80:@kitesecret"))) + (extra-file pagekite-configuration-extra-file + (default #f))) + +(define (pagekite-configuration-file config) + (match-record config <pagekite-configuration> + (package kitename kitesecret frontend kites extra-file) + (mixed-text-file "pagekite.rc" + (if extra-file + (string-append "optfile = " extra-file "\n") + "") + (if kitename + (string-append "kitename = " kitename "\n") + "") + (if kitesecret + (string-append "kitesecret = " kitesecret "\n") + "") + (if frontend + (string-append "frontend = " frontend "\n") + "defaults\n") + (string-join (map (lambda (kite) + (string-append "service_on = " kite)) + kites) + "\n" + 'suffix)))) + +(define (pagekite-shepherd-service config) + (match-record config <pagekite-configuration> + (package kitename kitesecret frontend kites extra-file) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (shepherd-service + (documentation "Run the PageKite service.") + (provision '(pagekite)) + (requirement '(networking)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start #~(make-forkexec-constructor/container + (list #$(file-append package "/bin/pagekite") + "--clean" + "--nullui" + "--nocrashreport" + "--runas=pagekite:pagekite" + (string-append "--optfile=" + #$(pagekite-configuration-file config))) + #:log-file "/var/log/pagekite.log" + #:mappings #$(if extra-file + #~(list (file-system-mapping + (source #$extra-file) + (target source))) + #~'()))) + ;; SIGTERM doesn't always work for some reason. + (stop #~(make-kill-destructor SIGINT)))))) + +(define %pagekite-accounts + (list (user-group (name "pagekite") (system? #t)) + (user-account + (name "pagekite") + (group "pagekite") + (system? #t) + (comment "PageKite user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define pagekite-service-type + (service-type + (name 'pagekite) + (default-value (pagekite-configuration)) + (extensions + (list (service-extension shepherd-root-service-type + (compose list pagekite-shepherd-service)) + (service-extension account-service-type + (const %pagekite-accounts)))) + (description + "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make +local servers publicly accessible on the web, even behind NATs and firewalls."))) + ;;; networking.scm ends here |