From 20c51c1d2ce8fd4b32203343c3afbfe2622a22d7 Mon Sep 17 00:00:00 2001
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Fri, 12 May 2023 11:52:48 -0700
Subject: services: pam-limits: Keep 'limits.conf' in the store.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'.  Pass that in the <pam-entry>
'arguments' field.  Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 gnu/services/base.scm | 63 ++++++++++++++++++++++++---------------------------
 1 file changed, 30 insertions(+), 33 deletions(-)

(limited to 'gnu/services/base.scm')

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 492cf8a693..b557af24af 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1603,38 +1603,36 @@ information on the configuration file syntax."
 
 (define pam-limits-service-type
   (let ((pam-extension
-         (pam-extension
-          (transformer
-           (lambda (pam)
-             (let ((pam-limits (pam-entry
-                                (control "required")
-                                (module "pam_limits.so")
-                                (arguments
-                                 '("conf=/etc/security/limits.conf")))))
-               (if (member (pam-service-name pam)
-                           '("login" "greetd" "su" "slim" "gdm-password"
-                             "sddm" "sudo" "sshd" "lightdm"))
-                   (pam-service
-                    (inherit pam)
-                    (session (cons pam-limits
-                                   (pam-service-session pam))))
-                   pam))))))
-
-        ;; XXX: Using file-like objects is deprecated, use lists instead.
-        ;;      This is to be reduced into the list? case when the deprecated
-        ;;      code gets removed.
-        ;; Create /etc/security containing the provided "limits.conf" file.
-        (security-limits
+         (lambda (limits-file)
+           (pam-extension
+            (transformer
+             (lambda (pam)
+               (let ((pam-limits (pam-entry
+                                  (control "required")
+                                  (module "pam_limits.so")
+                                  (arguments
+                                   (list #~(string-append "conf=" #$limits-file))))))
+                 (if (member (pam-service-name pam)
+                             '("login" "greetd" "su" "slim" "gdm-password"
+                               "sddm" "lightdm" "sudo" "sshd"))
+                     (pam-service
+                      (inherit pam)
+                      (session (cons pam-limits
+                                     (pam-service-session pam))))
+                     pam)))))))
+        (make-limits-file
          (match-lambda
+           ;; XXX: Using file-like objects is deprecated, use lists instead.
+           ;;      This is to be reduced into the list? case when the deprecated
+           ;;      code gets removed.
            ((? file-like? obj)
             (warning (G_ "Using file-like value for \
 'pam-limits-service-type' is deprecated~%"))
-            `(("security/limits.conf" ,obj)))
+            obj)
            ((? list? lst)
-            `(("security/limits.conf"
-               ,(plain-file "limits.conf"
-                            (string-join (map pam-limits-entry->string lst)
-                                         "\n" 'suffix)))))
+            (plain-file "limits.conf"
+                        (string-join (map pam-limits-entry->string lst)
+                                     "\n" 'suffix)))
            (_ (raise
                (formatted-message
                 (G_ "invalid input for 'pam-limits-service-type'~%")))))))
@@ -1642,13 +1640,12 @@ information on the configuration file syntax."
     (service-type
      (name 'limits)
      (extensions
-      (list (service-extension etc-service-type security-limits)
-            (service-extension pam-root-service-type
-                               (lambda _ (list pam-extension)))))
+      (list (service-extension pam-root-service-type
+                               (lambda (config)
+                                 (list (pam-extension (make-limits-file config)))))))
      (description
-      "Install the specified resource usage limits by populating
-@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module.")
+      "Use the @code{pam_limits} authentication module to set the specified
+resource usage limits.")
      (default-value '()))))
 
 (define-deprecated (pam-limits-service #:optional (limits '()))
-- 
cgit v1.2.3


From 48d06aee7b39c8e72644d665bd1995cb1ae1b094 Mon Sep 17 00:00:00 2001
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Fri, 12 May 2023 11:52:50 -0700
Subject: services: Use more 'file-append'.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/services/authentication.scm (pam-ldap-pam-service): Use
'file-append' instead of #~(string-append ...).
* gnu/services/base.scm (greetd-pam-service): Likewise.
* gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 gnu/services/authentication.scm | 2 +-
 gnu/services/base.scm           | 2 +-
 gnu/services/kerberos.scm       | 4 ++--
 gnu/services/pam-mount.scm      | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'gnu/services/base.scm')

diff --git a/gnu/services/authentication.scm b/gnu/services/authentication.scm
index f1ad1b1afe..fbfef2d3d0 100644
--- a/gnu/services/authentication.scm
+++ b/gnu/services/authentication.scm
@@ -504,7 +504,7 @@ password.")
 (define (pam-ldap-pam-service config)
   "Return a PAM service for LDAP authentication."
   (define pam-ldap-module
-    #~(string-append #$(nslcd-configuration-nss-pam-ldapd config)
+    (file-append (nslcd-configuration-nss-pam-ldapd config)
                      "/lib/security/pam_ldap.so"))
   (pam-extension
     (transformer
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b557af24af..b3f2d2e8b8 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -3263,7 +3263,7 @@ to handle."
   (define optional-pam-mount
     (pam-entry
      (control "optional")
-     (module #~(string-append #$greetd-pam-mount "/lib/security/pam_mount.so"))
+     (module (file-append greetd-pam-mount "/lib/security/pam_mount.so"))
      (arguments '("disable_interactive"))))
 
   (list
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
index 1a1b37f890..a6f540a9b6 100644
--- a/gnu/services/kerberos.scm
+++ b/gnu/services/kerberos.scm
@@ -432,8 +432,8 @@ generates such a file.  It does not cause any daemon to be started.")))
    (transformer
     (lambda (pam)
       (define pam-krb5-module
-        #~(string-append #$(pam-krb5-configuration-pam-krb5 config)
-                         "/lib/security/pam_krb5.so"))
+        (file-append (pam-krb5-configuration-pam-krb5 config)
+                     "/lib/security/pam_krb5.so"))
 
       (let ((pam-krb5-sufficient
              (pam-entry
diff --git a/gnu/services/pam-mount.scm b/gnu/services/pam-mount.scm
index dbb9d0285f..b3a02e82e9 100644
--- a/gnu/services/pam-mount.scm
+++ b/gnu/services/pam-mount.scm
@@ -94,7 +94,7 @@
   (define optional-pam-mount
     (pam-entry
      (control "optional")
-     (module #~(string-append #$pam-mount "/lib/security/pam_mount.so"))))
+     (module (file-append pam-mount "/lib/security/pam_mount.so"))))
   (list
    (pam-extension
     (transformer
-- 
cgit v1.2.3