Commit | Line | Data |
---|---|---|
9db7e9be OP |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com> | |
3 | ;;; | |
4 | ;;; This file is part of GNU Guix. | |
5 | ;;; | |
6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
7 | ;;; under the terms of the GNU General Public License as published by | |
8 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
9 | ;;; your option) any later version. | |
10 | ;;; | |
11 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | ;;; GNU General Public License for more details. | |
15 | ;;; | |
16 | ;;; You should have received a copy of the GNU General Public License | |
17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
18 | ||
19 | (define-module (gnu services rsync) | |
20 | #:use-module (gnu services) | |
21 | #:use-module (gnu services base) | |
22 | #:use-module (gnu services shepherd) | |
23 | #:use-module (gnu system shadow) | |
24 | #:use-module (gnu packages rsync) | |
25 | #:use-module (gnu packages admin) | |
26 | #:use-module (guix records) | |
27 | #:use-module (guix gexp) | |
28 | #:use-module (srfi srfi-1) | |
29 | #:use-module (srfi srfi-26) | |
30 | #:use-module (ice-9 match) | |
31 | #:export (rsync-configuration | |
32 | rsync-configuration? | |
33 | rsync-service-type)) | |
34 | ||
35 | ;;;; Commentary: | |
36 | ;;; | |
37 | ;;; This module implements a service that to run instance of Rsync, | |
38 | ;;; files synchronization tool. | |
39 | ;;; | |
40 | ;;;; Code: | |
41 | ||
42 | (define-record-type* <rsync-configuration> | |
43 | rsync-configuration | |
44 | make-rsync-configuration | |
45 | rsync-configuration? | |
46 | (package rsync-configuration-package ; package | |
47 | (default rsync)) | |
48 | (port-number rsync-configuration-port-number ; integer | |
49 | (default 873)) | |
50 | (pid-file rsync-configuration-pid-file ; string | |
51 | (default "/var/run/rsyncd/rsyncd.pid")) | |
52 | (lock-file rsync-configuration-lock-file ; string | |
53 | (default "/var/run/rsyncd/rsyncd.lock")) | |
54 | (log-file rsync-configuration-log-file ; string | |
55 | (default "/var/log/rsyncd.log")) | |
56 | (use-chroot? rsync-configuration-use-chroot? ; boolean | |
57 | (default #t)) | |
58 | (share-path rsync-configuration-share-path ; string | |
59 | (default "/srv/rsyncd")) | |
60 | (share-comment rsync-configuration-share-comment ; string | |
61 | (default "Rsync share")) | |
62 | (read-only? rsync-configuration-read-only? ; boolean | |
63 | (default #f)) | |
64 | (timeout rsync-configuration-timeout ; integer | |
65 | (default 300)) | |
66 | (user rsync-configuration-user ; string | |
67 | (default "root")) | |
68 | (group rsync-configuration-group ; string | |
69 | (default "root")) | |
70 | (uid rsync-configuration-uid ; string | |
71 | (default "rsyncd")) | |
72 | (gid rsync-configuration-gid ; string | |
73 | (default "rsyncd"))) | |
74 | ||
75 | (define (rsync-account config) | |
76 | "Return the user accounts and user groups for CONFIG." | |
77 | (let ((rsync-user (if (rsync-configuration-uid config) | |
78 | (rsync-configuration-uid config) | |
79 | (rsync-configuration-user config))) | |
80 | (rsync-group (if (rsync-configuration-gid config) | |
81 | (rsync-configuration-gid config) | |
82 | (rsync-configuration-group config)))) | |
83 | (list (user-group (name rsync-group) (system? #t)) | |
84 | (user-account | |
85 | (name rsync-user) | |
86 | (system? #t) | |
87 | (group rsync-group) | |
88 | (comment "rsyncd privilege separation user") | |
89 | (home-directory (string-append "/var/run/" | |
90 | rsync-user)) | |
56a93cb9 | 91 | (shell (file-append shadow "/sbin/nologin")))))) |
9db7e9be OP |
92 | |
93 | (define (rsync-activation config) | |
94 | "Return the activation GEXP for CONFIG." | |
95 | (with-imported-modules '((guix build utils)) | |
96 | #~(begin | |
97 | (let ((share-directory #$(rsync-configuration-share-path config)) | |
98 | (user (getpw (if #$(rsync-configuration-uid config) | |
99 | #$(rsync-configuration-uid config) | |
100 | #$(rsync-configuration-user config)))) | |
101 | (group (getpw (if #$(rsync-configuration-gid config) | |
102 | #$(rsync-configuration-gid config) | |
103 | #$(rsync-configuration-group config))))) | |
104 | (mkdir-p (dirname #$(rsync-configuration-pid-file config))) | |
105 | (and=> share-directory mkdir-p) | |
106 | (chown share-directory | |
107 | (passwd:uid user) | |
108 | (group:gid group)))))) | |
109 | ||
110 | (define rsync-config-file | |
111 | ;; Return the rsync configuration file corresponding to CONFIG. | |
112 | (match-lambda | |
113 | (($ <rsync-configuration> package port-number pid-file lock-file log-file | |
114 | use-chroot? share-path share-comment read-only? | |
115 | timeout user group uid gid) | |
116 | (if (not (string=? user "root")) | |
117 | (cond | |
118 | ((<= port-number 1024) | |
119 | (error (string-append "rsync-service: to run on port " | |
120 | (number->string port-number) | |
121 | ", user must be root."))) | |
122 | (use-chroot? | |
123 | (error (string-append "rsync-service: to run in a chroot" | |
124 | ", user must be root."))) | |
125 | (uid | |
126 | (error "rsync-service: to use uid, user must be root.")) | |
127 | (gid | |
128 | (error "rsync-service: to use gid, user must be root.")))) | |
129 | (mixed-text-file | |
130 | "rsync.conf" | |
131 | "# Generated by 'rsync-service'.\n\n" | |
132 | "pid file = " pid-file "\n" | |
133 | "lock file = " lock-file "\n" | |
134 | "log file = " log-file "\n" | |
135 | "port = " (number->string port-number) "\n" | |
136 | "use chroot = " (if use-chroot? "true" "false") "\n" | |
137 | (if uid (string-append "uid = " uid "\n") "") | |
138 | "gid = " (if gid gid "nogroup") "\n" ; no group nobody | |
139 | "\n" | |
140 | "[files]\n" | |
141 | "path = " share-path "\n" | |
142 | "comment = " share-comment "\n" | |
143 | "read only = " (if read-only? "true" "false") "\n" | |
144 | "timeout = " (number->string timeout) "\n")))) | |
145 | ||
146 | (define (rsync-shepherd-service config) | |
147 | "Return a <shepherd-service> for rsync with CONFIG." | |
148 | (let* ((rsync (rsync-configuration-package config)) | |
149 | (pid-file (rsync-configuration-pid-file config)) | |
150 | (port-number (rsync-configuration-port-number config)) | |
151 | (user (rsync-configuration-user config)) | |
152 | (group (rsync-configuration-group config))) | |
153 | (list (shepherd-service | |
154 | (provision '(rsync)) | |
155 | (documentation "Run rsync daemon.") | |
156 | (start #~(make-forkexec-constructor | |
157 | (list (string-append #$rsync "/bin/rsync") | |
158 | "--config" #$(rsync-config-file config) | |
159 | "--daemon") | |
160 | #:pid-file #$pid-file | |
161 | #:user #$user | |
162 | #:group #$group)) | |
163 | (stop #~(make-kill-destructor)))))) | |
164 | ||
165 | (define rsync-service-type | |
166 | (service-type | |
167 | (name 'rsync) | |
168 | (extensions | |
169 | (list (service-extension shepherd-root-service-type rsync-shepherd-service) | |
170 | (service-extension account-service-type rsync-account) | |
171 | (service-extension activation-service-type rsync-activation))) | |
172 | (default-value (rsync-configuration)))) |