[jackhill/guix/guix.git] / gnu / services / cuirass.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services cuirass)
  #:use-module (guix channels)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix utils)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages ci)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages version-control)
  #:use-module (gnu services)
  #:use-module (gnu services base)
  #:use-module (gnu services databases)
  #:use-module (gnu services shepherd)
  #:use-module (gnu services admin)
  #:use-module (gnu system shadow)
  #:use-module (srfi srfi-1)
  #:use-module (ice-9 match)
  #:export (<cuirass-remote-server-configuration>
            cuirass-remote-server-configuration
            cuirass-remote-server-configuration?

            <cuirass-configuration>
            cuirass-configuration
            cuirass-configuration?
            cuirass-service-type

            <cuirass-remote-worker-configuration>
            cuirass-remote-worker-configuration
            cuirass-remote-worker-configuration?
            cuirass-remote-worker-service-type))

;;;; Commentary:
;;;
;;; This module implements a service that to run instances of Cuirass, a
;;; continuous integration tool.
;;;
;;;; Code:

(define %cuirass-default-database
  "dbname=cuirass host=/tmp")

(define-record-type* <cuirass-remote-server-configuration>
  cuirass-remote-server-configuration make-cuirass-remote-server-configuration
  cuirass-remote-server-configuration?
  (backend-port     cuirass-remote-server-configuration-backend-port ;int
                    (default 5555))
  (log-port         cuirass-remote-server-configuration-log-port ;int
                    (default 5556))
  (publish-port     cuirass-remote-server-configuration-publish-port ;int
                    (default 5557))
  (log-file         cuirass-remote-server-log-file ;string
                    (default "/var/log/cuirass-remote-server.log"))
  (cache            cuirass-remote-server-configuration-cache ;string
                    (default "/var/cache/cuirass/remote/"))
  (trigger-url      cuirass-remote-server-trigger-url ;string
                    (default #f))
  (public-key       cuirass-remote-server-configuration-public-key ;string
                    (default #f))
  (private-key      cuirass-remote-server-configuration-private-key ;string
                    (default #f)))

(define-record-type* <cuirass-configuration>
  cuirass-configuration make-cuirass-configuration
  cuirass-configuration?
  (cuirass          cuirass-configuration-cuirass ;package
                    (default cuirass))
  (log-file         cuirass-configuration-log-file ;string
                    (default "/var/log/cuirass.log"))
  (web-log-file     cuirass-configuration-web-log-file ;string
                    (default "/var/log/cuirass-web.log"))
  (cache-directory  cuirass-configuration-cache-directory ;string (dir-name)
                    (default "/var/cache/cuirass"))
  (user             cuirass-configuration-user ;string
                    (default "cuirass"))
  (group            cuirass-configuration-group ;string
                    (default "cuirass"))
  (interval         cuirass-configuration-interval ;integer (seconds)
                    (default 60))
  (parameters       cuirass-configuration-parameters ;string
                    (default #f))
  (remote-server    cuirass-configuration-remote-server
                    (default #f))
  (database         cuirass-configuration-database ;string
                    (default %cuirass-default-database))
  (port             cuirass-configuration-port ;integer (port)
                    (default 8081))
  (host             cuirass-configuration-host ;string
                    (default "localhost"))
  (specifications   cuirass-configuration-specifications)
                                  ;gexp that evaluates to specification-alist
  (use-substitutes? cuirass-configuration-use-substitutes? ;boolean
                    (default #f))
  (one-shot?        cuirass-configuration-one-shot? ;boolean
                    (default #f))
  (fallback?        cuirass-configuration-fallback? ;boolean
                    (default #f))
  (extra-options    cuirass-configuration-extra-options
                    (default '())))

(define (cuirass-shepherd-service config)
  "Return a <shepherd-service> for the Cuirass service with CONFIG."
  (let ((cuirass          (cuirass-configuration-cuirass config))
        (cache-directory  (cuirass-configuration-cache-directory config))
        (web-log-file     (cuirass-configuration-web-log-file config))
        (log-file         (cuirass-configuration-log-file config))
        (user             (cuirass-configuration-user config))
        (group            (cuirass-configuration-group config))
        (interval         (cuirass-configuration-interval config))
        (parameters       (cuirass-configuration-parameters config))
        (remote-server    (cuirass-configuration-remote-server config))
        (database         (cuirass-configuration-database config))
        (port             (cuirass-configuration-port config))
        (host             (cuirass-configuration-host config))
        (specs            (cuirass-configuration-specifications config))
        (use-substitutes? (cuirass-configuration-use-substitutes? config))
        (one-shot?        (cuirass-configuration-one-shot? config))
        (fallback?        (cuirass-configuration-fallback? config))
        (extra-options    (cuirass-configuration-extra-options config)))
    `(,(shepherd-service
        (documentation "Run Cuirass.")
        (provision '(cuirass))
        (requirement '(guix-daemon postgres postgres-roles networking))
        (start #~(make-forkexec-constructor
                  (list (string-append #$cuirass "/bin/cuirass")
                        "register"
                        "--cache-directory" #$cache-directory
                        "--specifications"
                        #$(scheme-file "cuirass-specs.scm" specs)
                        "--database" #$database
                        "--interval" #$(number->string interval)
                        #$@(if parameters
                               (list (string-append
                                      "--parameters="
                                      parameters))
                               '())
                        #$@(if remote-server '("--build-remote") '())
                        #$@(if use-substitutes? '("--use-substitutes") '())
                        #$@(if one-shot? '("--one-shot") '())
                        #$@(if fallback? '("--fallback") '())
                        #$@extra-options)

                  #:environment-variables
                  (list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt"
                        (string-append "GIT_EXEC_PATH=" #$git
                                       "/libexec/git-core"))

                  #:user #$user
                  #:group #$group
                  #:log-file #$log-file))
        (stop #~(make-kill-destructor)))
      ,(shepherd-service
        (documentation "Run Cuirass web interface.")
        (provision '(cuirass-web))
        (requirement '(cuirass))
        (start #~(make-forkexec-constructor
                  (list (string-append #$cuirass "/bin/cuirass")
                        "web"
                        "--database" #$database
                        "--listen" #$host
                        "--port" #$(number->string port)
                        #$@(if parameters
                               (list (string-append
                                      "--parameters="
                                      parameters))
                               '())
                        #$@extra-options)

                  #:user #$user
                  #:group #$group
                  #:log-file #$web-log-file))
        (stop #~(make-kill-destructor)))
      ,@(if remote-server
            (match-record remote-server <cuirass-remote-server-configuration>
              (backend-port publish-port log-file cache trigger-url
                            public-key private-key)
              (list
               (shepherd-service
                (documentation "Run Cuirass remote build server.")
                (provision '(cuirass-remote-server))
                (requirement '(avahi-daemon cuirass))
                (start #~(make-forkexec-constructor
                          (list (string-append #$cuirass "/bin/cuirass")
                                "remote-server"
                                (string-append "--database=" #$database)
                                (string-append "--cache=" #$cache)
                                (string-append "--user=" #$user)
                                #$@(if backend-port
                                       (list (string-append
                                              "--backend-port="
                                              (number->string backend-port)))
                                       '())
                                #$@(if publish-port
                                       (list (string-append
                                              "--publish-port="
                                              (number->string publish-port)))
                                       '())
                                #$@(if parameters
                                       (list (string-append
                                              "--parameters="
                                              parameters))
                                       '())
                                #$@(if trigger-url
                                       (list
                                        (string-append
                                         "--trigger-substitute-url="
                                         trigger-url))
                                       '())
                                #$@(if public-key
                                       (list
                                        (string-append "--public-key="
                                                       public-key))
                                       '())
                                #$@(if private-key
                                       (list
                                        (string-append "--private-key="
                                                       private-key))
                                       '()))
                          #:log-file #$log-file))
                (stop #~(make-kill-destructor)))))
            '()))))

(define (cuirass-account config)
  "Return the user accounts and user groups for CONFIG."
  (let ((cuirass-user  (cuirass-configuration-user config))
        (cuirass-group (cuirass-configuration-group config)))
    (list (user-group
           (name cuirass-group)
           (system? #t))
          (user-account
           (name cuirass-user)
           (group cuirass-group)
           (system? #t)
           (comment "Cuirass privilege separation user")
           (home-directory (string-append "/var/lib/" cuirass-user))
           (shell (file-append shadow "/sbin/nologin"))))))

(define (cuirass-postgresql-role config)
  (let ((user (cuirass-configuration-user config)))
    (list (postgresql-role
           (name user)
           (create-database? #t)))))

(define (cuirass-activation config)
  "Return the activation code for CONFIG."
  (let* ((cache          (cuirass-configuration-cache-directory config))
         (remote-server  (cuirass-configuration-remote-server config))
         (remote-cache   (and remote-server
                              (cuirass-remote-server-configuration-cache
                               remote-server)))
         (user           (cuirass-configuration-user config))
         (log            "/var/log/cuirass")
         (group          (cuirass-configuration-group config)))
    (with-imported-modules '((guix build utils))
      #~(begin
          (use-modules (guix build utils))

          (mkdir-p #$cache)
          (mkdir-p #$log)

          (when #$remote-cache
            (mkdir-p #$remote-cache))

          (let ((uid (passwd:uid (getpw #$user)))
                (gid (group:gid (getgr #$group))))
            (chown #$cache uid gid)
            (chown #$log uid gid)

            (when #$remote-cache
              (chown #$remote-cache uid gid)))))))

(define (cuirass-log-rotations config)
  "Return the list of log rotations that corresponds to CONFIG."
  (list (log-rotation
         (files (list (cuirass-configuration-log-file config)))
         (frequency 'weekly)
         (options '("rotate 40")))))              ;worth keeping

(define cuirass-service-type
  (service-type
   (name 'cuirass)
   (extensions
    (list
     (service-extension profile-service-type      ;for 'info cuirass'
                        (compose list cuirass-configuration-cuirass))
     (service-extension rottlog-service-type cuirass-log-rotations)
     (service-extension activation-service-type cuirass-activation)
     (service-extension shepherd-root-service-type cuirass-shepherd-service)
     (service-extension account-service-type cuirass-account)
     ;; Make sure postgresql and postgresql-role are instantiated.
     (service-extension postgresql-service-type (const #t))
     (service-extension postgresql-role-service-type
                        cuirass-postgresql-role)))
   (description
    "Run the Cuirass continuous integration service.")))

(define-record-type* <cuirass-remote-worker-configuration>
  cuirass-remote-worker-configuration make-cuirass-remote-worker-configuration
  cuirass-remote-worker-configuration?
  (cuirass          cuirass-remote-worker-configuration-cuirass ;package
                    (default cuirass))
  (workers          cuirass-remote-worker-workers ;int
                    (default 1))
  (server           cuirass-remote-worker-server ;string
                    (default #f))
  (systems          cuirass-remote-worker-systems ;list
                    (default (list (%current-system))))
  (log-file         cuirass-remote-worker-log-file ;string
                    (default "/var/log/cuirass-remote-worker.log"))
  (publish-port     cuirass-remote-worker-configuration-publish-port ;int
                    (default 5558))
  (public-key       cuirass-remote-worker-configuration-public-key ;string
                    (default #f))
  (private-key      cuirass-remote-worker-configuration-private-key ;string
                    (default #f)))

(define (cuirass-remote-worker-shepherd-service config)
  "Return a <shepherd-service> for the Cuirass remote worker service with
CONFIG."
  (match-record config <cuirass-remote-worker-configuration>
    (cuirass workers server systems log-file publish-port
             public-key private-key)
    (list (shepherd-service
           (documentation "Run Cuirass remote build worker.")
           (provision '(cuirass-remote-worker))
           (requirement '(avahi-daemon guix-daemon networking))
           (start #~(make-forkexec-constructor
                     (list (string-append #$cuirass "/bin/cuirass")
                           "remote-worker"
                           (string-append "--workers="
                                          #$(number->string workers))
                           #$@(if server
                                  (list (string-append "--server=" server))
                                  '())
                           #$@(if systems
                                  (list (string-append
                                         "--systems="
                                         (string-join systems ",")))
                                  '())
                           #$@(if publish-port
                                  (list (string-append
                                         "--publish-port="
                                         (number->string publish-port)))
                                  '())
                           #$@(if public-key
                                  (list
                                   (string-append "--public-key="
                                                  public-key))
                                  '())
                           #$@(if private-key
                                  (list
                                   (string-append "--private-key="
                                                  private-key))
                                  '()))
                    #:log-file #$log-file))
           (stop #~(make-kill-destructor))))))

(define cuirass-remote-worker-service-type
  (service-type
   (name 'cuirass-remote-worker)
   (extensions
    (list
     (service-extension shepherd-root-service-type
                        cuirass-remote-worker-shepherd-service)))
   (description
    "Run the Cuirass remote build worker service.")))
Commit	Line	Data
a7cf4eb6 ML	1	;;; GNU Guix --- Functional package management for GNU
a7cf4eb6 ML	2	;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
6a7c4636	3	;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
189e62fa	4	;;; Copyright © 2017, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
326f6ef1	5	;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
3e7a62e2	6	;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
cd62e5d3	7	;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
a7cf4eb6 ML	8	;;;
	9	;;; This file is part of GNU Guix.
	10	;;;
6a18183f	11	;;; GNU Guix is free software; you can redistribute it and/or modify
a7cf4eb6 ML	12	;;; it under the terms of the GNU General Public License as published by
	13	;;; the Free Software Foundation, either version 3 of the License, or
	14	;;; (at your option) any later version.
	15	;;;
	16	;;; GNU Guix is distributed in the hope that it will be useful,
	17	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	;;; GNU General Public License for more details.
	20	;;;
	21	;;; You should have received a copy of the GNU General Public License
	22	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	23
	24	(define-module (gnu services cuirass)
e9bf5110	25	#:use-module (guix channels)
a7cf4eb6 ML	26	#:use-module (guix gexp)
a7cf4eb6 ML	27	#:use-module (guix records)
8d8bbe7c	28	#:use-module (guix utils)
a7cf4eb6	29	#:use-module (gnu packages admin)
6a7c4636	30	#:use-module (gnu packages ci)
e9bf5110	31	#:use-module (gnu packages databases)
6a7c4636	32	#:use-module (gnu packages version-control)
a7cf4eb6 ML	33	#:use-module (gnu services)
a7cf4eb6 ML	34	#:use-module (gnu services base)
0f01493d	35	#:use-module (gnu services databases)
a7cf4eb6	36	#:use-module (gnu services shepherd)
d782de17	37	#:use-module (gnu services admin)
a7cf4eb6	38	#:use-module (gnu system shadow)
e9bf5110 MO	39	#:use-module (srfi srfi-1)
e9bf5110 MO	40	#:use-module (ice-9 match)
189e62fa MO	41	#:export (<cuirass-remote-server-configuration>
	42	cuirass-remote-server-configuration
	43	cuirass-remote-server-configuration?
	44
	45	<cuirass-configuration>
a7cf4eb6 ML	46	cuirass-configuration
a7cf4eb6 ML	47	cuirass-configuration?
189e62fa	48	cuirass-service-type
a7cf4eb6	49
189e62fa MO	50	<cuirass-remote-worker-configuration>
	51	cuirass-remote-worker-configuration
	52	cuirass-remote-worker-configuration?
6c883d0f	53	cuirass-remote-worker-service-type))
a7cf4eb6 ML	54
	55	;;;; Commentary:
	56	;;;
	57	;;; This module implements a service that to run instances of Cuirass, a
	58	;;; continuous integration tool.
	59	;;;
	60	;;;; Code:
	61
189e62fa	62	(define %cuirass-default-database
3f3d6637	63	"dbname=cuirass host=/tmp")
189e62fa MO	64
	65	(define-record-type* <cuirass-remote-server-configuration>
	66	cuirass-remote-server-configuration make-cuirass-remote-server-configuration
	67	cuirass-remote-server-configuration?
	68	(backend-port cuirass-remote-server-configuration-backend-port ;int
3c9a3538 MO	69	(default 5555))
	70	(log-port cuirass-remote-server-configuration-log-port ;int
	71	(default 5556))
189e62fa	72	(publish-port cuirass-remote-server-configuration-publish-port ;int
3c9a3538	73	(default 5557))
189e62fa MO	74	(log-file cuirass-remote-server-log-file ;string
	75	(default "/var/log/cuirass-remote-server.log"))
	76	(cache cuirass-remote-server-configuration-cache ;string
	77	(default "/var/cache/cuirass/remote/"))
	78	(trigger-url cuirass-remote-server-trigger-url ;string
	79	(default #f))
	80	(public-key cuirass-remote-server-configuration-public-key ;string
	81	(default #f))
	82	(private-key cuirass-remote-server-configuration-private-key ;string
	83	(default #f)))
	84
a7cf4eb6 ML	85	(define-record-type* <cuirass-configuration>
	86	cuirass-configuration make-cuirass-configuration
	87	cuirass-configuration?
379b6ba5 LC	88	(cuirass cuirass-configuration-cuirass ;package
379b6ba5 LC	89	(default cuirass))
b17e326f LC	90	(log-file cuirass-configuration-log-file ;string
b17e326f LC	91	(default "/var/log/cuirass.log"))
3e7a62e2 RW	92	(web-log-file cuirass-configuration-web-log-file ;string
3e7a62e2 RW	93	(default "/var/log/cuirass-web.log"))
a7cf4eb6	94	(cache-directory cuirass-configuration-cache-directory ;string (dir-name)
463995da	95	(default "/var/cache/cuirass"))
a7cf4eb6 ML	96	(user cuirass-configuration-user ;string
	97	(default "cuirass"))
	98	(group cuirass-configuration-group ;string
	99	(default "cuirass"))
	100	(interval cuirass-configuration-interval ;integer (seconds)
	101	(default 60))
1443e2dd MO	102	(parameters cuirass-configuration-parameters ;string
1443e2dd MO	103	(default #f))
189e62fa MO	104	(remote-server cuirass-configuration-remote-server
189e62fa MO	105	(default #f))
0f01493d	106	(database cuirass-configuration-database ;string
189e62fa	107	(default %cuirass-default-database))
11b7717d	108	(port cuirass-configuration-port ;integer (port)
1c05aab4	109	(default 8081))
326f6ef1 JN	110	(host cuirass-configuration-host ;string
326f6ef1 JN	111	(default "localhost"))
231eddc8 LC	112	(specifications cuirass-configuration-specifications)
231eddc8 LC	113	;gexp that evaluates to specification-alist
a7cf4eb6 ML	114	(use-substitutes? cuirass-configuration-use-substitutes? ;boolean
	115	(default #f))
	116	(one-shot? cuirass-configuration-one-shot? ;boolean
eb122280	117	(default #f))
c800fd56	118	(fallback? cuirass-configuration-fallback? ;boolean
af96c1e0 CB	119	(default #f))
	120	(extra-options cuirass-configuration-extra-options
	121	(default '())))
a7cf4eb6 ML	122
	123	(define (cuirass-shepherd-service config)
	124	"Return a <shepherd-service> for the Cuirass service with CONFIG."
46e552cb LC	125	(let ((cuirass (cuirass-configuration-cuirass config))
	126	(cache-directory (cuirass-configuration-cache-directory config))
	127	(web-log-file (cuirass-configuration-web-log-file config))
	128	(log-file (cuirass-configuration-log-file config))
	129	(user (cuirass-configuration-user config))
	130	(group (cuirass-configuration-group config))
	131	(interval (cuirass-configuration-interval config))
1443e2dd	132	(parameters (cuirass-configuration-parameters config))
189e62fa	133	(remote-server (cuirass-configuration-remote-server config))
46e552cb	134	(database (cuirass-configuration-database config))
46e552cb LC	135	(port (cuirass-configuration-port config))
	136	(host (cuirass-configuration-host config))
	137	(specs (cuirass-configuration-specifications config))
	138	(use-substitutes? (cuirass-configuration-use-substitutes? config))
	139	(one-shot? (cuirass-configuration-one-shot? config))
af96c1e0 CB	140	(fallback? (cuirass-configuration-fallback? config))
af96c1e0 CB	141	(extra-options (cuirass-configuration-extra-options config)))
189e62fa MO	142	`(,(shepherd-service
	143	(documentation "Run Cuirass.")
	144	(provision '(cuirass))
f2b10e1b	145	(requirement '(guix-daemon postgres postgres-roles networking))
189e62fa MO	146	(start #~(make-forkexec-constructor
189e62fa MO	147	(list (string-append #$cuirass "/bin/cuirass")
eda735fb	148	"register"
189e62fa MO	149	"--cache-directory" #$cache-directory
	150	"--specifications"
	151	#$(scheme-file "cuirass-specs.scm" specs)
	152	"--database" #$database
	153	"--interval" #$(number->string interval)
1443e2dd MO	154	#$@(if parameters
	155	(list (string-append
	156	"--parameters="
	157	parameters))
	158	'())
189e62fa MO	159	#$@(if remote-server '("--build-remote") '())
	160	#$@(if use-substitutes? '("--use-substitutes") '())
	161	#$@(if one-shot? '("--one-shot") '())
	162	#$@(if fallback? '("--fallback") '())
	163	#$@extra-options)
	164
	165	#:environment-variables
	166	(list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt"
	167	(string-append "GIT_EXEC_PATH=" #$git
	168	"/libexec/git-core"))
	169
	170	#:user #$user
	171	#:group #$group
	172	#:log-file #$log-file))
	173	(stop #~(make-kill-destructor)))
	174	,(shepherd-service
	175	(documentation "Run Cuirass web interface.")
	176	(provision '(cuirass-web))
f2b10e1b	177	(requirement '(cuirass))
189e62fa MO	178	(start #~(make-forkexec-constructor
189e62fa MO	179	(list (string-append #$cuirass "/bin/cuirass")
eda735fb	180	"web"
189e62fa	181	"--database" #$database
189e62fa	182	"--listen" #$host
eda735fb	183	"--port" #$(number->string port)
1443e2dd	184	#$@(if parameters
91911b93	185	(list (string-append
1443e2dd MO	186	"--parameters="
1443e2dd MO	187	parameters))
91911b93	188	'())
189e62fa MO	189	#$@extra-options)
	190
	191	#:user #$user
	192	#:group #$group
	193	#:log-file #$web-log-file))
	194	(stop #~(make-kill-destructor)))
	195	,@(if remote-server
	196	(match-record remote-server <cuirass-remote-server-configuration>
	197	(backend-port publish-port log-file cache trigger-url
	198	public-key private-key)
	199	(list
	200	(shepherd-service
	201	(documentation "Run Cuirass remote build server.")
	202	(provision '(cuirass-remote-server))
f2b10e1b	203	(requirement '(avahi-daemon cuirass))
189e62fa	204	(start #~(make-forkexec-constructor
eda735fb MO	205	(list (string-append #$cuirass "/bin/cuirass")
eda735fb MO	206	"remote-server"
189e62fa MO	207	(string-append "--database=" #$database)
	208	(string-append "--cache=" #$cache)
	209	(string-append "--user=" #$user)
	210	#$@(if backend-port
	211	(list (string-append
	212	"--backend-port="
	213	(number->string backend-port)))
	214	'())
	215	#$@(if publish-port
	216	(list (string-append
	217	"--publish-port="
	218	(number->string publish-port)))
	219	'())
1443e2dd MO	220	#$@(if parameters
	221	(list (string-append
	222	"--parameters="
	223	parameters))
	224	'())
189e62fa MO	225	#$@(if trigger-url
	226	(list
	227	(string-append
	228	"--trigger-substitute-url="
	229	trigger-url))
	230	'())
	231	#$@(if public-key
	232	(list
	233	(string-append "--public-key="
	234	public-key))
	235	'())
	236	#$@(if private-key
	237	(list
	238	(string-append "--private-key="
	239	private-key))
	240	'()))
	241	#:log-file #$log-file))
	242	(stop #~(make-kill-destructor)))))
	243	'()))))
a7cf4eb6 ML	244
	245	(define (cuirass-account config)
	246	"Return the user accounts and user groups for CONFIG."
	247	(let ((cuirass-user (cuirass-configuration-user config))
	248	(cuirass-group (cuirass-configuration-group config)))
	249	(list (user-group
	250	(name cuirass-group)
	251	(system? #t))
	252	(user-account
	253	(name cuirass-user)
	254	(group cuirass-group)
	255	(system? #t)
	256	(comment "Cuirass privilege separation user")
8d4805ba	257	(home-directory (string-append "/var/lib/" cuirass-user))
56a93cb9	258	(shell (file-append shadow "/sbin/nologin"))))))
a7cf4eb6	259
0f01493d MO	260	(define (cuirass-postgresql-role config)
	261	(let ((user (cuirass-configuration-user config)))
	262	(list (postgresql-role
	263	(name user)
	264	(create-database? #t)))))
	265
463995da LC	266	(define (cuirass-activation config)
463995da LC	267	"Return the activation code for CONFIG."
5ba7e828 MO	268	(let* ((cache (cuirass-configuration-cache-directory config))
	269	(remote-server (cuirass-configuration-remote-server config))
	270	(remote-cache (and remote-server
	271	(cuirass-remote-server-configuration-cache
	272	remote-server)))
5ba7e828 MO	273	(user (cuirass-configuration-user config))
	274	(log "/var/log/cuirass")
	275	(group (cuirass-configuration-group config)))
463995da LC	276	(with-imported-modules '((guix build utils))
	277	#~(begin
	278	(use-modules (guix build utils))
	279
	280	(mkdir-p #$cache)
b40f4a59	281	(mkdir-p #$log)
463995da	282
5ba7e828 MO	283	(when #$remote-cache
	284	(mkdir-p #$remote-cache))
	285
463995da LC	286	(let ((uid (passwd:uid (getpw #$user)))
463995da LC	287	(gid (group:gid (getgr #$group))))
137f8df6	288	(chown #$cache uid gid)
5ba7e828 MO	289	(chown #$log uid gid)
	290
	291	(when #$remote-cache
	292	(chown #$remote-cache uid gid)))))))
463995da	293
d782de17 LC	294	(define (cuirass-log-rotations config)
d782de17 LC	295	"Return the list of log rotations that corresponds to CONFIG."
0f01493d MO	296	(list (log-rotation
	297	(files (list (cuirass-configuration-log-file config)))
	298	(frequency 'weekly)
	299	(options '("rotate 40"))))) ;worth keeping
d782de17	300
a7cf4eb6 ML	301	(define cuirass-service-type
	302	(service-type
	303	(name 'cuirass)
	304	(extensions
	305	(list
38d6aa05 LC	306	(service-extension profile-service-type ;for 'info cuirass'
38d6aa05 LC	307	(compose list cuirass-configuration-cuirass))
d782de17	308	(service-extension rottlog-service-type cuirass-log-rotations)
463995da	309	(service-extension activation-service-type cuirass-activation)
a7cf4eb6	310	(service-extension shepherd-root-service-type cuirass-shepherd-service)
0f01493d	311	(service-extension account-service-type cuirass-account)
3bcfd416 MO	312	;; Make sure postgresql and postgresql-role are instantiated.
3bcfd416 MO	313	(service-extension postgresql-service-type (const #t))
0f01493d MO	314	(service-extension postgresql-role-service-type
0f01493d MO	315	cuirass-postgresql-role)))
a64160d2 RW	316	(description
a64160d2 RW	317	"Run the Cuirass continuous integration service.")))
189e62fa MO	318
	319	(define-record-type* <cuirass-remote-worker-configuration>
	320	cuirass-remote-worker-configuration make-cuirass-remote-worker-configuration
	321	cuirass-remote-worker-configuration?
	322	(cuirass cuirass-remote-worker-configuration-cuirass ;package
	323	(default cuirass))
	324	(workers cuirass-remote-worker-workers ;int
	325	(default 1))
66c31d50 MO	326	(server cuirass-remote-worker-server ;string
66c31d50 MO	327	(default #f))
a19b6889	328	(systems cuirass-remote-worker-systems ;list
8d8bbe7c	329	(default (list (%current-system))))
189e62fa MO	330	(log-file cuirass-remote-worker-log-file ;string
	331	(default "/var/log/cuirass-remote-worker.log"))
	332	(publish-port cuirass-remote-worker-configuration-publish-port ;int
3c9a3538	333	(default 5558))
189e62fa MO	334	(public-key cuirass-remote-worker-configuration-public-key ;string
	335	(default #f))
	336	(private-key cuirass-remote-worker-configuration-private-key ;string
	337	(default #f)))
	338
	339	(define (cuirass-remote-worker-shepherd-service config)
	340	"Return a <shepherd-service> for the Cuirass remote worker service with
	341	CONFIG."
	342	(match-record config <cuirass-remote-worker-configuration>
66c31d50 MO	343	(cuirass workers server systems log-file publish-port
66c31d50 MO	344	public-key private-key)
189e62fa MO	345	(list (shepherd-service
	346	(documentation "Run Cuirass remote build worker.")
	347	(provision '(cuirass-remote-worker))
	348	(requirement '(avahi-daemon guix-daemon networking))
	349	(start #~(make-forkexec-constructor
eda735fb MO	350	(list (string-append #$cuirass "/bin/cuirass")
eda735fb MO	351	"remote-worker"
eb9adede MO	352	(string-append "--workers="
eb9adede MO	353	#$(number->string workers))
66c31d50 MO	354	#$@(if server
	355	(list (string-append "--server=" server))
	356	'())
a19b6889 MO	357	#$@(if systems
	358	(list (string-append
	359	"--systems="
	360	(string-join systems ",")))
	361	'())
189e62fa MO	362	#$@(if publish-port
	363	(list (string-append
	364	"--publish-port="
	365	(number->string publish-port)))
	366	'())
	367	#$@(if public-key
	368	(list
	369	(string-append "--public-key="
	370	public-key))
	371	'())
	372	#$@(if private-key
	373	(list
	374	(string-append "--private-key="
	375	private-key))
eff80711 MO	376	'()))
eff80711 MO	377	#:log-file #$log-file))
189e62fa MO	378	(stop #~(make-kill-destructor))))))
	379
	380	(define cuirass-remote-worker-service-type
	381	(service-type
	382	(name 'cuirass-remote-worker)
	383	(extensions
	384	(list
	385	(service-extension shepherd-root-service-type
	386	cuirass-remote-worker-shepherd-service)))
	387	(description
	388	"Run the Cuirass remote build worker service.")))