;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 ng0 <ng0@n0.is>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Nikita <nikita@n0.is>
;;; Copyright © 2016, 2017, 2018 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2017 nee <nee-git@hidamari.blue>
;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@posteo.ro>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu system pam)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin)
+ #:use-module (gnu packages base)
#:use-module (gnu packages databases)
#:use-module (gnu packages web)
#:use-module (gnu packages patchutils)
#:use-module (gnu packages guile)
#:use-module (gnu packages logging)
#:use-module (gnu packages mail)
+ #:use-module (gnu packages rust-apps)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (guix modules)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (ice-9 match)
- #:export (<httpd-configuration>
- httpd-configuration
+ #:use-module (ice-9 format)
+ #:export (httpd-configuration
httpd-configuration?
httpd-configuration-package
httpd-configuration-pid-file
httpd-configuration-config
- <httpd-virtualhost>
httpd-virtualhost
httpd-virtualhost?
httpd-virtualhost-addresses-and-ports
httpd-virtualhost-contents
- <httpd-config-file>
httpd-config-file
httpd-config-file?
httpd-config-file-modules
httpd-config-file-user
httpd-config-file-group
- <httpd-module>
httpd-module
httpd-module?
%default-httpd-modules
httpd-service-type
- <nginx-configuration>
nginx-configuration
nginx-configuration?
- nginx-configuartion-nginx
+ nginx-configuration-nginx
nginx-configuration-log-directory
nginx-configuration-run-directory
nginx-configuration-server-blocks
nginx-configuration-extra-content
nginx-configuration-file
- <nginx-server-configuration>
nginx-server-configuration
nginx-server-configuration?
nginx-server-configuration-listen
nginx-server-configuration-server-tokens?
nginx-server-configuration-raw-content
- <nginx-upstream-configuration>
nginx-upstream-configuration
nginx-upstream-configuration?
nginx-upstream-configuration-name
nginx-upstream-configuration-servers
- <nginx-location-configuration>
nginx-location-configuration
nginx-location-configuration?
nginx-location-configuration-uri
nginx-location-configuration-body
- <nginx-named-location-configuration>
nginx-named-location-configuration
nginx-named-location-configuration?
nginx-named-location-configuration-name
fcgiwrap-configuration?
fcgiwrap-service-type
- <php-fpm-configuration>
php-fpm-configuration
make-php-fpm-configuration
php-fpm-configuration?
php-fpm-configuration-timezone
php-fpm-configuration-workers-log-file
php-fpm-configuration-file
+ php-fpm-configuration-php-ini-file
- <php-fpm-dynamic-process-manager-configuration>
php-fpm-dynamic-process-manager-configuration
make-php-fpm-dynamic-process-manager-configuration
php-fpm-dynamic-process-manager-configuration?
php-fpm-dynamic-process-manager-configuration-min-spare-servers
php-fpm-dynamic-process-manager-configuration-max-spare-servers
- <php-fpm-static-process-manager-configuration>
php-fpm-static-process-manager-configuration
make-php-fpm-static-process-manager-configuration
php-fpm-static-process-manager-configuration?
php-fpm-static-process-manager-configuration-max-children
- <php-fpm-on-demand-process-manager-configuration>
php-fpm-on-demand-process-manager-configuration
make-php-fpm-on-demand-process-manager-configuration
php-fpm-on-demand-process-manager-configuration?
hpcguix-web-configuration?
hpcguix-web-service-type
- <tailon-configuration-file>
tailon-configuration-file
tailon-configuration-file?
tailon-configuration-file-files
tailon-configuration-file-http-auth
tailon-configuration-file-users
- <tailon-configuration>
tailon-configuration
tailon-configuration?
tailon-configuration-config-file
tailon-service-type
- <varnish-configuration>
varnish-configuration
varnish-configuration?
varnish-configuration-package
varnish-service-type
- <patchwork-database-configuration>
patchwork-database-configuration
patchwork-database-configuration?
patchwork-database-configuration-engine
patchwork-database-configuration-host
patchwork-database-configuration-port
- <patchwork-settings-module>
patchwork-settings-module
patchwork-settings-module?
patchwork-settings-module-database-configuration
patchwork-settings-module-force-https-links?
patchwork-settings-module-extra-settings
- <patchwork-configuration>
patchwork-configuration
patchwork-configuration?
patchwork-configuration-patchwork
patchwork-virtualhost
patchwork-service-type
- <mumi-configuration>
mumi-configuration
mumi-configuration?
mumi-configuration-mumi
mumi-configuration-sender
mumi-configuration-smtp
- mumi-service-type))
+ mumi-service-type
+
+ gmnisrv-configuration
+ gmnisrv-configuration?
+ gmnisrv-configuration-package
+ gmnisrv-configuration-config-file
+
+ gmnisrv-service-type
+
+ agate-configuration
+ agate-configuration?
+ agate-configuration-package
+ agate-configuration-content
+ agate-configuration-cert
+ agate-configuration-key
+ agate-configuration-addr
+ agate-configuration-hostname
+ agate-configuration-lang
+ agate-configuration-silent
+ agate-configuration-serve-secret
+ agate-configuration-log-ip
+ agate-configuration-user
+ agate-configuration-group
+ agate-configuration-log-file
+
+ agate-service-type))
;;; Commentary:
;;;
(modules nginx-configuration-modules (default '()))
(global-directives nginx-configuration-global-directives
(default '((events . ()))))
+ (lua-package-path nginx-lua-package-path ;list of <package>
+ (default #f))
+ (lua-package-cpath nginx-lua-package-cpath ;list of <package>
+ (default #f))
(extra-content nginx-configuration-extra-content
(default ""))
(file nginx-configuration-file ;#f | string | file-like
server-names-hash-bucket-max-size
modules
global-directives
+ lua-package-path
+ lua-package-cpath
extra-content)
(apply mixed-text-file "nginx.conf"
(flatten
" scgi_temp_path " run-directory "/scgi_temp;\n"
" access_log " log-directory "/access.log;\n"
" include " nginx "/share/nginx/conf/mime.types;\n"
+ (if lua-package-path
+ #~(format #f " lua_package_path ~s;~%"
+ (string-join (map (lambda (path)
+ (string-append path "/lib/?.lua"))
+ '#$lua-package-path)
+ ";"))
+ "")
+ (if lua-package-cpath
+ #~(format #f " lua_package_cpath ~s;~%"
+ (string-join (map (lambda (cpath)
+ (string-append cpath "/lib/lua/?.lua"))
+ '#$lua-package-cpath)
+ ";"))
+ "")
(if server-names-hash-bucket-size
(string-append
- " server_names_hash_bucket_size "
- (number->string server-names-hash-bucket-size)
- ";\n")
+ " server_names_hash_bucket_size "
+ (number->string server-names-hash-bucket-size)
+ ";\n")
"")
(if server-names-hash-bucket-max-size
(string-append
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/fcgiwrap")
- "-s" #$socket)
- #:user #$user #:group #$group))
+ "-s" #$socket)
+ #:user #$user #:group #$group
+ #:log-file "/var/log/fcgiwrap.log"))
(stop #~(make-kill-destructor)))))))
+(define fcgiwrap-activation
+ (match-lambda
+ (($ <fcgiwrap-configuration> package socket user group)
+ #~(begin
+ ;; When listening on a unix socket, create a parent directory for the
+ ;; socket with the correct permissions.
+ (when (string-prefix? "unix:" #$socket)
+ (let ((run-directory
+ (dirname (substring #$socket (string-length "unix:")))))
+ (mkdir-p run-directory)
+ (chown run-directory
+ (passwd:uid (getpw #$user))
+ (group:gid (getgr #$group)))))))))
+
(define fcgiwrap-service-type
(service-type (name 'fcgiwrap)
(extensions
(list (service-extension shepherd-root-service-type
fcgiwrap-shepherd-service)
- (service-extension account-service-type
- fcgiwrap-accounts)))
+ (service-extension account-service-type
+ fcgiwrap-accounts)
+ (service-extension activation-service-type
+ fcgiwrap-activation)))
(default-value (fcgiwrap-configuration))))
(define-record-type* <php-fpm-configuration> php-fpm-configuration
(version-major (package-version php))
"-fpm.www.log")))
(file php-fpm-configuration-file ;#f | file-like
+ (default #f))
+ (php-ini-file php-fpm-configuration-php-ini-file ;#f | file-like
(default #f)))
(define-record-type* <php-fpm-dynamic-process-manager-configuration>
(define php-fpm-accounts
(match-lambda
(($ <php-fpm-configuration> php socket user group socket-user socket-group _ _ _ _ _ _)
- (list
- (user-group (name "php-fpm") (system? #t))
- (user-group
- (name group)
- (system? #t))
- (user-account
- (name user)
- (group group)
- (supplementary-groups '("php-fpm"))
- (system? #t)
- (comment "php-fpm daemon user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))))
+ `(,@(if (equal? group "php-fpm")
+ '()
+ (list (user-group (name "php-fpm") (system? #t))))
+ ,(user-group
+ (name group)
+ (system? #t))
+ ,(user-account
+ (name user)
+ (group group)
+ (supplementary-groups '("php-fpm"))
+ (system? #t)
+ (comment "php-fpm daemon user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
(define (default-php-fpm-config socket user group socket-user socket-group
pid-file log-file pm display-errors timezone workers-log-file)
(match-lambda
(($ <php-fpm-configuration> php socket user group socket-user socket-group
pid-file log-file pm display-errors
- timezone workers-log-file file)
+ timezone workers-log-file file php-ini-file)
(list (shepherd-service
(provision '(php-fpm))
(documentation "Run the php-fpm daemon.")
#$(or file
(default-php-fpm-config socket user group
socket-user socket-group pid-file log-file
- pm display-errors timezone workers-log-file)))
+ pm display-errors timezone workers-log-file))
+ #$@(if php-ini-file
+ `("-c" ,php-ini-file)
+ '()))
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))))))
#:user "hpcguix-web"
#:group "hpcguix-web"
#:environment-variables
- (list "XDG_CACHE_HOME=/var/cache"
+ (list "XDG_CACHE_HOME=/var/cache/guix/web"
"SSL_CERT_DIR=/etc/ssl/certs")
#:log-file #$%hpcguix-web-log-file))
(stop #~(make-kill-destructor))))))
(shell (file-append shadow "/sbin/nologin")))))
(define (mumi-shepherd-services config)
+ (define environment
+ #~(list "LC_ALL=en_US.utf8"
+ (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ "/lib/locale")))
+
(match config
(($ <mumi-configuration> mumi mailer? sender smtp)
(list (shepherd-service
(start #~(make-forkexec-constructor
`(#$(file-append mumi "/bin/mumi") "web"
,@(if #$mailer? '() '("--disable-mailer")))
+ #:environment-variables #$environment
#:user "mumi" #:group "mumi"
#:log-file "/var/log/mumi.log"))
(stop #~(make-kill-destructor)))
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append mumi "/bin/mumi") "worker")
+ #:environment-variables #$environment
#:user "mumi" #:group "mumi"
#:log-file "/var/log/mumi.worker.log"))
(stop #~(make-kill-destructor)))
,@(if #$smtp
(list (string-append "--smtp=" #$smtp))
'()))
+ #:environment-variables #$environment
#:user "mumi" #:group "mumi"
#:log-file "/var/log/mumi.mailer.log"))
(stop #~(make-kill-destructor)))))))
"Run Mumi, a Web interface to the Debbugs bug-tracking server.")
(default-value
(mumi-configuration))))
+
+(define %default-gmnisrv-config-file
+ (plain-file "gmnisrv.ini" "
+listen=0.0.0.0:1965 [::]:1965
+
+[:tls]
+store=/var/lib/gemini/certs
+
+organization=gmnisrv on Guix user
+
+[localhost]
+root=/srv/gemini
+"))
+
+(define-record-type* <gmnisrv-configuration>
+ gmnisrv-configuration make-gmnisrv-configuration
+ gmnisrv-configuration?
+ (package gmnisrv-configuration-package
+ (default gmnisrv))
+ (config-file gmnisrv-configuration-config-file
+ (default %default-gmnisrv-config-file)))
+
+(define gmnisrv-shepherd-service
+ (match-lambda
+ (($ <gmnisrv-configuration> package config-file)
+ (list (shepherd-service
+ (provision '(gmnisrv))
+ (requirement '(networking))
+ (documentation "Run the gmnisrv Gemini server.")
+ (start (let ((gmnisrv (file-append package "/bin/gmnisrv")))
+ #~(make-forkexec-constructor
+ (list #$gmnisrv "-C" #$config-file)
+ #:user "gmnisrv" #:group "gmnisrv"
+ #:log-file "/var/log/gmnisrv.log")))
+ (stop #~(make-kill-destructor)))))))
+
+(define %gmnisrv-accounts
+ (list (user-group (name "gmnisrv") (system? #t))
+ (user-account
+ (name "gmnisrv")
+ (group "gmnisrv")
+ (system? #t)
+ (comment "gmnisrv Gemini server")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define %gmnisrv-activation
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p "/var/lib/gemini/certs")
+ (let* ((pw (getpwnam "gmnisrv"))
+ (uid (passwd:uid pw))
+ (gid (passwd:gid pw)))
+ (chown "/var/lib/gemini" uid gid)
+ (chown "/var/lib/gemini/certs" uid gid)))))
+
+(define gmnisrv-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension activation-service-type
+ (const %gmnisrv-activation))
+ (service-extension account-service-type
+ (const %gmnisrv-accounts))
+ (service-extension shepherd-root-service-type
+ gmnisrv-shepherd-service)))
+ (description
+ "Run the gmnisrv Gemini server.")
+ (default-value
+ (gmnisrv-configuration))))
+
+(define-record-type* <agate-configuration>
+ agate-configuration make-agate-configuration
+ agate-configuration?
+ (package agate-configuration-package
+ (default agate))
+ (content agate-configuration-content
+ (default "/srv/gemini"))
+ (cert agate-configuration-cert
+ (default #f))
+ (key agate-configuration-key
+ (default #f))
+ (addr agate-configuration-addr
+ (default '("0.0.0.0:1965" "[::]:1965")))
+ (hostname agate-configuration-hostname
+ (default #f))
+ (lang agate-configuration-lang
+ (default #f))
+ (silent? agate-configuration-silent
+ (default #f))
+ (serve-secret? agate-configuration-serve-secret
+ (default #f))
+ (log-ip? agate-configuration-log-ip
+ (default #t))
+ (user agate-configuration-user
+ (default "agate"))
+ (group agate-configuration-group
+ (default "agate"))
+ (log-file agate-configuration-log
+ (default "/var/log/agate.log")))
+
+(define agate-shepherd-service
+ (match-lambda
+ (($ <agate-configuration> package content cert key addr
+ hostname lang silent? serve-secret?
+ log-ip? user group log-file)
+ (list (shepherd-service
+ (provision '(agate))
+ (requirement '(networking))
+ (documentation "Run the agate Gemini server.")
+ (start (let ((agate (file-append package "/bin/agate")))
+ #~(make-forkexec-constructor
+ (list #$agate
+ "--content" #$content
+ "--cert" #$cert
+ "--key" #$key
+ "--addr" #$@addr
+ #$@(if lang
+ (list "--lang" lang)
+ '())
+ #$@(if hostname
+ (list "--hostname" hostname)
+ '())
+ #$@(if silent? '("--silent") '())
+ #$@(if serve-secret? '("--serve-secret") '())
+ #$@(if log-ip? '("--log-ip") '()))
+ #:user #$user #:group #$group
+ #:log-file #$log-file)))
+ (stop #~(make-kill-destructor)))))))
+
+(define agate-accounts
+ (match-lambda
+ (($ <agate-configuration> _ _ _ _ _
+ _ _ _ _
+ _ user group _)
+ `(,@(if (equal? group "agate")
+ '()
+ (list (user-group (name "agate") (system? #t))))
+ ,(user-group
+ (name group)
+ (system? #t))
+ ,(user-account
+ (name user)
+ (group group)
+ (supplementary-groups '("agate"))
+ (system? #t)
+ (comment "agate server user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
+
+(define agate-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension account-service-type
+ agate-accounts)
+ (service-extension shepherd-root-service-type
+ agate-shepherd-service)))
+ (default-value (agate-configuration))))