diff options
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/admin.scm | 119 | ||||
-rw-r--r-- | gnu/services/nfs.scm | 4 | ||||
-rw-r--r-- | gnu/services/ssh.scm | 51 |
3 files changed, 140 insertions, 34 deletions
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm new file mode 100644 index 0000000000..d8086b78d4 --- /dev/null +++ b/gnu/services/admin.scm @@ -0,0 +1,119 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of thye GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu services admin) + #:use-module (gnu packages admin) + #:use-module (gnu packages base) + #:use-module (gnu services) + #:use-module (gnu services mcron) + #:use-module (gnu services shepherd) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (guix records) + #:use-module (srfi srfi-1) + #:export (%default-rotations + %rotated-files + rottlog-configuration + rottlog-configuration? + rottlog-service + rottlog-service-type)) + +;;; Commentary: +;;; +;;; This module implements configuration of rottlog by writing +;;; /etc/rottlog/{rc,hourly|daily|weekly}. Example usage +;;; +;;; (mcron-service) +;;; (service rottlog-service-type (rottlog-configuration)) +;;; +;;; Code: + +(define %rotated-files + ;; Syslog files subject to rotation. + '("/var/log/messages" "/var/log/secure" "/var/log/maillog")) + +(define (syslog-rotation-config files) + #~(string-append #$(string-join files ",") + " { + sharedscripts + postrotate + " #$coreutils "/bin/kill -HUP $(cat /var/run/syslog.pid) 2> /dev/null + endscript +} +")) + +(define (simple-rotation-config file) + (string-append file " { + sharedscripts +} +")) + +(define %default-rotations + `(("weekly" + ,(computed-file "rottlog.weekly" + #~(call-with-output-file #$output + (lambda (port) + (display #$(syslog-rotation-config %rotated-files) + port) + (display #$(simple-rotation-config + "/var/log/shepherd.log") + port))))))) + +(define (default-jobs rottlog) + (list #~(job '(next-hour '(0)) ;midnight + (lambda () + (system* #$(file-append rottlog "/sbin/rottlog")))) + #~(job '(next-hour '(12)) ;noon + (lambda () + (system* #$(file-append rottlog "/sbin/rottlog")))))) + +(define-record-type* <rottlog-configuration> + rottlog-configuration make-rottlog-configuration + rottlog-configuration? + (rottlog rottlog-rottlog ;package + (default rottlog)) + (rc-file rottlog-rc-file ;file-like + (default (file-append rottlog "/etc/rc"))) + (periodic-rotations rottlog-periodic-rotations ;list of (name file) tuples + (default %default-rotations)) + (jobs rottlog-jobs ;list of <mcron-job> + (default #f))) + +(define (rottlog-etc config) + `(("rottlog" ,(file-union "rottlog" + (cons `("rc" ,(rottlog-rc-file config)) + (rottlog-periodic-rotations config)))))) + +(define (rottlog-jobs-or-default config) + (or (rottlog-jobs config) + (default-jobs (rottlog-rottlog config)))) + +(define rottlog-service-type + (service-type + (name 'rottlog) + (extensions (list (service-extension etc-service-type rottlog-etc) + (service-extension mcron-service-type + rottlog-jobs-or-default) + + ;; Add Rottlog to the global profile so users can access + ;; the documentation. + (service-extension profile-service-type + (compose list rottlog-rottlog)))))) + +;;; admin.scm ends here diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm index 82713d8133..b1e1f53fb6 100644 --- a/gnu/services/nfs.scm +++ b/gnu/services/nfs.scm @@ -38,11 +38,11 @@ (shepherd-service-type 'rpcbind (lambda (config) - (define pkg + (define nfs-utils (rpcbind-configuration-rpcbind config)) (define rpcbind-command - #~(list (string-append #$pkg "/bin/rpcbind") "-f" + #~(list (string-append #$nfs-utils "/bin/rpcbind") "-f" #$@(if (rpcbind-configuration-warm-start? config) '("-w") '()))) (shepherd-service diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 084f8fa4ea..6da612da67 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -50,7 +50,6 @@ ;;; ;;; Code: -;; TODO: Export. (define-record-type* <lsh-configuration> lsh-configuration make-lsh-configuration lsh-configuration? @@ -261,15 +260,24 @@ The other options should be self-descriptive." (define-record-type* <openssh-configuration> openssh-configuration make-openssh-configuration openssh-configuration? - (pid-file openssh-configuration-pid-file) ;string - (port-number openssh-configuration-port-number) ;integer - (permit-root-login openssh-configuration-permit-root-login) ;Boolean | 'without-password - (allow-empty-passwords? openssh-configuration-allow-empty-passwords?) ;Boolean - (password-authentication? openssh-configuration-password-authentication?) ;Boolean - (pubkey-authentication? openssh-configuration-pubkey-authentication?) ;Boolean - (rsa-authentication? openssh-configuration-rsa-authentication?) ;Boolean - (x11-forwarding? openssh-configuration-x11-forwarding?) ;Boolean - (protocol-number openssh-configuration-protocol-number)) ;integer + (pid-file openssh-configuration-pid-file + (default "/var/run/sshd.pid")) + (port-number openssh-configuration-port-number ;integer + (default 22)) + (permit-root-login openssh-configuration-permit-root-login ;Boolean | 'without-password + (default #f)) + (allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean + (default #f)) + (password-authentication? openssh-configuration-password-authentication? ;Boolean + (default #t)) + (public-key-authentication? openssh-configuration-public-key-authentication? + (default #t)) ;Boolean + (rsa-authentication? openssh-configuration-rsa-authentication? ;Boolean + (default #t)) + (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean + (default #f)) + (protocol-number openssh-configuration-protocol-number ;integer + (default 2))) (define %openssh-accounts (list (user-group (name "sshd") (system? #t)) @@ -314,7 +322,7 @@ The other options should be self-descriptive." #$(if (openssh-configuration-password-authentication? config) "yes" "no")) (format port "PubkeyAuthentication ~a\n" - #$(if (openssh-configuration-pubkey-authentication? config) + #$(if (openssh-configuration-public-key-authentication? config) "yes" "no")) (format port "RSAAuthentication ~a\n" #$(if (openssh-configuration-rsa-authentication? config) @@ -354,27 +362,6 @@ The other options should be self-descriptive." (service-extension account-service-type (const %openssh-accounts)))))) -(define* (openssh-service #:key - (pid-file "/var/run/sshd.pid") - (port-number 22) - (permit-root-login 'without-password) - (allow-empty-passwords? #f) - (password-authentication? #t) - (pubkey-authentication? #t) - (rsa-authentication? #t) - (x11-forwarding? #f) - (protocol-number 2)) - (service openssh-service-type (openssh-configuration - (pid-file pid-file) - (port-number port-number) - (permit-root-login permit-root-login) - (allow-empty-passwords? allow-empty-passwords?) - (password-authentication? password-authentication?) - (pubkey-authentication? pubkey-authentication?) - (rsa-authentication? rsa-authentication?) - (x11-forwarding? x11-forwarding?) - (protocol-number protocol-number)))) - ;;; ;;; Dropbear. |