Commit | Line | Data |
---|---|---|
a7cf4eb6 ML |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> | |
6a7c4636 | 3 | ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> |
11b7717d | 4 | ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> |
326f6ef1 | 5 | ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org> |
3e7a62e2 | 6 | ;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net> |
cd62e5d3 | 7 | ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> |
a7cf4eb6 ML |
8 | ;;; |
9 | ;;; This file is part of GNU Guix. | |
10 | ;;; | |
6a18183f | 11 | ;;; GNU Guix is free software; you can redistribute it and/or modify |
a7cf4eb6 ML |
12 | ;;; it under the terms of the GNU General Public License as published by |
13 | ;;; the Free Software Foundation, either version 3 of the License, or | |
14 | ;;; (at your option) any later version. | |
15 | ;;; | |
16 | ;;; GNU Guix is distributed in the hope that it will be useful, | |
17 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ;;; GNU General Public License for more details. | |
20 | ;;; | |
21 | ;;; You should have received a copy of the GNU General Public License | |
22 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
23 | ||
24 | (define-module (gnu services cuirass) | |
25 | #:use-module (guix gexp) | |
26 | #:use-module (guix records) | |
27 | #:use-module (gnu packages admin) | |
6a7c4636 LC |
28 | #:use-module (gnu packages ci) |
29 | #:use-module (gnu packages version-control) | |
a7cf4eb6 ML |
30 | #:use-module (gnu services) |
31 | #:use-module (gnu services base) | |
32 | #:use-module (gnu services shepherd) | |
d782de17 | 33 | #:use-module (gnu services admin) |
a7cf4eb6 ML |
34 | #:use-module (gnu system shadow) |
35 | #:export (<cuirass-configuration> | |
36 | cuirass-configuration | |
37 | cuirass-configuration? | |
38 | ||
231eddc8 | 39 | cuirass-service-type)) |
a7cf4eb6 ML |
40 | |
41 | ;;;; Commentary: | |
42 | ;;; | |
43 | ;;; This module implements a service that to run instances of Cuirass, a | |
44 | ;;; continuous integration tool. | |
45 | ;;; | |
46 | ;;;; Code: | |
47 | ||
48 | (define-record-type* <cuirass-configuration> | |
49 | cuirass-configuration make-cuirass-configuration | |
50 | cuirass-configuration? | |
379b6ba5 LC |
51 | (cuirass cuirass-configuration-cuirass ;package |
52 | (default cuirass)) | |
b17e326f LC |
53 | (log-file cuirass-configuration-log-file ;string |
54 | (default "/var/log/cuirass.log")) | |
3e7a62e2 RW |
55 | (web-log-file cuirass-configuration-web-log-file ;string |
56 | (default "/var/log/cuirass-web.log")) | |
92e507c9 MO |
57 | (queries-log-file cuirass-configuration-queries-log-file ;string |
58 | (default #f)) | |
80e26d74 MO |
59 | (web-queries-log-file |
60 | cuirass-configuration-web-queries-log-file ;string | |
61 | (default #f)) | |
a7cf4eb6 | 62 | (cache-directory cuirass-configuration-cache-directory ;string (dir-name) |
463995da | 63 | (default "/var/cache/cuirass")) |
dcb45127 LC |
64 | (ttl cuirass-configuration-ttl ;integer |
65 | (default (* 30 24 3600))) | |
a7cf4eb6 ML |
66 | (user cuirass-configuration-user ;string |
67 | (default "cuirass")) | |
68 | (group cuirass-configuration-group ;string | |
69 | (default "cuirass")) | |
70 | (interval cuirass-configuration-interval ;integer (seconds) | |
71 | (default 60)) | |
72 | (database cuirass-configuration-database ;string (file-name) | |
8d4805ba | 73 | (default "/var/lib/cuirass/cuirass.db")) |
11b7717d | 74 | (port cuirass-configuration-port ;integer (port) |
1c05aab4 | 75 | (default 8081)) |
326f6ef1 JN |
76 | (host cuirass-configuration-host ;string |
77 | (default "localhost")) | |
231eddc8 LC |
78 | (specifications cuirass-configuration-specifications) |
79 | ;gexp that evaluates to specification-alist | |
a7cf4eb6 ML |
80 | (use-substitutes? cuirass-configuration-use-substitutes? ;boolean |
81 | (default #f)) | |
82 | (one-shot? cuirass-configuration-one-shot? ;boolean | |
eb122280 | 83 | (default #f)) |
c800fd56 | 84 | (fallback? cuirass-configuration-fallback? ;boolean |
af96c1e0 CB |
85 | (default #f)) |
86 | (extra-options cuirass-configuration-extra-options | |
87 | (default '()))) | |
a7cf4eb6 ML |
88 | |
89 | (define (cuirass-shepherd-service config) | |
90 | "Return a <shepherd-service> for the Cuirass service with CONFIG." | |
46e552cb LC |
91 | (let ((cuirass (cuirass-configuration-cuirass config)) |
92 | (cache-directory (cuirass-configuration-cache-directory config)) | |
93 | (web-log-file (cuirass-configuration-web-log-file config)) | |
94 | (log-file (cuirass-configuration-log-file config)) | |
92e507c9 | 95 | (queries-log-file (cuirass-configuration-queries-log-file config)) |
80e26d74 MO |
96 | (web-queries-log-file |
97 | (cuirass-configuration-web-queries-log-file config)) | |
46e552cb LC |
98 | (user (cuirass-configuration-user config)) |
99 | (group (cuirass-configuration-group config)) | |
100 | (interval (cuirass-configuration-interval config)) | |
101 | (database (cuirass-configuration-database config)) | |
102 | (ttl (cuirass-configuration-ttl config)) | |
103 | (port (cuirass-configuration-port config)) | |
104 | (host (cuirass-configuration-host config)) | |
105 | (specs (cuirass-configuration-specifications config)) | |
106 | (use-substitutes? (cuirass-configuration-use-substitutes? config)) | |
107 | (one-shot? (cuirass-configuration-one-shot? config)) | |
af96c1e0 CB |
108 | (fallback? (cuirass-configuration-fallback? config)) |
109 | (extra-options (cuirass-configuration-extra-options config))) | |
46e552cb LC |
110 | (list (shepherd-service |
111 | (documentation "Run Cuirass.") | |
112 | (provision '(cuirass)) | |
113 | (requirement '(guix-daemon networking)) | |
114 | (start #~(make-forkexec-constructor | |
115 | (list (string-append #$cuirass "/bin/cuirass") | |
116 | "--cache-directory" #$cache-directory | |
117 | "--specifications" | |
118 | #$(scheme-file "cuirass-specs.scm" specs) | |
119 | "--database" #$database | |
120 | "--ttl" #$(string-append (number->string ttl) "s") | |
121 | "--interval" #$(number->string interval) | |
92e507c9 MO |
122 | #$@(if queries-log-file |
123 | (list (string-append "--log-queries=" | |
124 | queries-log-file)) | |
125 | '()) | |
46e552cb LC |
126 | #$@(if use-substitutes? '("--use-substitutes") '()) |
127 | #$@(if one-shot? '("--one-shot") '()) | |
af96c1e0 CB |
128 | #$@(if fallback? '("--fallback") '()) |
129 | #$@extra-options) | |
75bddb13 | 130 | |
46e552cb LC |
131 | #:environment-variables |
132 | (list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt" | |
133 | (string-append "GIT_EXEC_PATH=" #$git | |
134 | "/libexec/git-core")) | |
75bddb13 | 135 | |
46e552cb LC |
136 | #:user #$user |
137 | #:group #$group | |
138 | #:log-file #$log-file)) | |
139 | (stop #~(make-kill-destructor))) | |
140 | (shepherd-service | |
141 | (documentation "Run Cuirass web interface.") | |
142 | (provision '(cuirass-web)) | |
143 | (requirement '(guix-daemon networking)) | |
144 | (start #~(make-forkexec-constructor | |
145 | (list (string-append #$cuirass "/bin/cuirass") | |
146 | "--cache-directory" #$cache-directory | |
147 | "--specifications" | |
148 | #$(scheme-file "cuirass-specs.scm" specs) | |
149 | "--database" #$database | |
150 | "--ttl" #$(string-append (number->string ttl) "s") | |
151 | "--web" | |
152 | "--port" #$(number->string port) | |
153 | "--listen" #$host | |
154 | "--interval" #$(number->string interval) | |
80e26d74 | 155 | #$@(if web-queries-log-file |
92e507c9 | 156 | (list (string-append "--log-queries=" |
80e26d74 | 157 | web-queries-log-file)) |
92e507c9 | 158 | '()) |
46e552cb | 159 | #$@(if use-substitutes? '("--use-substitutes") '()) |
af96c1e0 CB |
160 | #$@(if fallback? '("--fallback") '()) |
161 | #$@extra-options) | |
159b5e1f | 162 | |
46e552cb LC |
163 | #:user #$user |
164 | #:group #$group | |
165 | #:log-file #$web-log-file)) | |
166 | (stop #~(make-kill-destructor)))))) | |
a7cf4eb6 ML |
167 | |
168 | (define (cuirass-account config) | |
169 | "Return the user accounts and user groups for CONFIG." | |
170 | (let ((cuirass-user (cuirass-configuration-user config)) | |
171 | (cuirass-group (cuirass-configuration-group config))) | |
172 | (list (user-group | |
173 | (name cuirass-group) | |
174 | (system? #t)) | |
175 | (user-account | |
176 | (name cuirass-user) | |
177 | (group cuirass-group) | |
178 | (system? #t) | |
179 | (comment "Cuirass privilege separation user") | |
8d4805ba | 180 | (home-directory (string-append "/var/lib/" cuirass-user)) |
56a93cb9 | 181 | (shell (file-append shadow "/sbin/nologin")))))) |
a7cf4eb6 | 182 | |
463995da LC |
183 | (define (cuirass-activation config) |
184 | "Return the activation code for CONFIG." | |
185 | (let ((cache (cuirass-configuration-cache-directory config)) | |
137f8df6 | 186 | (db (dirname (cuirass-configuration-database config))) |
463995da | 187 | (user (cuirass-configuration-user config)) |
b40f4a59 | 188 | (log "/var/log/cuirass") |
a024eedb MO |
189 | (queries-log-file (cuirass-configuration-queries-log-file config)) |
190 | (web-queries-log-file | |
191 | (cuirass-configuration-web-queries-log-file config)) | |
463995da LC |
192 | (group (cuirass-configuration-group config))) |
193 | (with-imported-modules '((guix build utils)) | |
194 | #~(begin | |
195 | (use-modules (guix build utils)) | |
196 | ||
197 | (mkdir-p #$cache) | |
137f8df6 | 198 | (mkdir-p #$db) |
b40f4a59 | 199 | (mkdir-p #$log) |
463995da LC |
200 | |
201 | (let ((uid (passwd:uid (getpw #$user))) | |
202 | (gid (group:gid (getgr #$group)))) | |
137f8df6 | 203 | (chown #$cache uid gid) |
b40f4a59 | 204 | (chown #$db uid gid) |
a024eedb MO |
205 | (chown #$log uid gid) |
206 | ||
d6a8f0a9 MO |
207 | (let ((queries-log-file #$queries-log-file)) |
208 | (when queries-log-file | |
209 | (call-with-output-file queries-log-file (const #t)) | |
210 | (chown #$queries-log-file uid gid))) | |
a024eedb | 211 | |
d6a8f0a9 MO |
212 | (let ((web-queries-log-file #$web-queries-log-file)) |
213 | (when web-queries-log-file | |
214 | (call-with-output-file web-queries-log-file (const #t)) | |
215 | (chown web-queries-log-file uid gid)))))))) | |
463995da | 216 | |
d782de17 LC |
217 | (define (cuirass-log-rotations config) |
218 | "Return the list of log rotations that corresponds to CONFIG." | |
80e26d74 MO |
219 | (let ((queries-log-file (cuirass-configuration-queries-log-file config)) |
220 | (web-queries-log-file | |
221 | (cuirass-configuration-web-queries-log-file config))) | |
92e507c9 MO |
222 | (list (log-rotation |
223 | (files `(,(cuirass-configuration-log-file config) | |
224 | ,@(if queries-log-file | |
225 | (list queries-log-file) | |
80e26d74 MO |
226 | '()) |
227 | ,@(if web-queries-log-file | |
228 | (list web-queries-log-file) | |
92e507c9 MO |
229 | '()))) |
230 | (frequency 'weekly) | |
231 | (options '("rotate 40")))))) ;worth keeping | |
d782de17 | 232 | |
a7cf4eb6 ML |
233 | (define cuirass-service-type |
234 | (service-type | |
235 | (name 'cuirass) | |
236 | (extensions | |
237 | (list | |
38d6aa05 LC |
238 | (service-extension profile-service-type ;for 'info cuirass' |
239 | (compose list cuirass-configuration-cuirass)) | |
d782de17 | 240 | (service-extension rottlog-service-type cuirass-log-rotations) |
463995da | 241 | (service-extension activation-service-type cuirass-activation) |
a7cf4eb6 | 242 | (service-extension shepherd-root-service-type cuirass-shepherd-service) |
a64160d2 RW |
243 | (service-extension account-service-type cuirass-account))) |
244 | (description | |
245 | "Run the Cuirass continuous integration service."))) | |
a7cf4eb6 | 246 |