Commit | Line | Data |
---|---|---|
ba69e8f7 JL |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> | |
8490a834 | 3 | ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> |
5a0b78e6 | 4 | ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com> |
520bac7e | 5 | ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be> |
ba69e8f7 JL |
6 | ;;; |
7 | ;;; This file is part of GNU Guix. | |
8 | ;;; | |
9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
10 | ;;; under the terms of the GNU General Public License as published by | |
11 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
12 | ;;; your option) any later version. | |
13 | ;;; | |
14 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | ;;; GNU General Public License for more details. | |
18 | ;;; | |
19 | ;;; You should have received a copy of the GNU General Public License | |
20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
21 | ||
22 | (define-module (gnu services dns) | |
23 | #:use-module (gnu services) | |
24 | #:use-module (gnu services configuration) | |
25 | #:use-module (gnu services shepherd) | |
26 | #:use-module (gnu system shadow) | |
27 | #:use-module (gnu packages admin) | |
28 | #:use-module (gnu packages dns) | |
29 | #:use-module (guix packages) | |
30 | #:use-module (guix records) | |
31 | #:use-module (guix gexp) | |
520bac7e | 32 | #:use-module (guix modules) |
ba69e8f7 | 33 | #:use-module (srfi srfi-1) |
97f6e913 | 34 | #:use-module (srfi srfi-26) |
ba69e8f7 JL |
35 | #:use-module (srfi srfi-34) |
36 | #:use-module (srfi srfi-35) | |
37 | #:use-module (ice-9 match) | |
38 | #:use-module (ice-9 regex) | |
39 | #:export (knot-service-type | |
40 | knot-acl-configuration | |
41 | knot-key-configuration | |
42 | knot-keystore-configuration | |
43 | knot-zone-configuration | |
44 | knot-remote-configuration | |
45 | knot-policy-configuration | |
46 | knot-configuration | |
47 | define-zone-entries | |
48 | zone-file | |
97f6e913 SB |
49 | zone-entry |
50 | ||
6ec68c69 SB |
51 | knot-resolver-service-type |
52 | knot-resolver-configuration | |
53 | ||
97f6e913 | 54 | dnsmasq-service-type |
8490a834 OP |
55 | dnsmasq-configuration |
56 | ||
57 | ddclient-service-type | |
58 | ddclient-configuration)) | |
ba69e8f7 JL |
59 | |
60 | ;;; | |
61 | ;;; Knot DNS. | |
62 | ;;; | |
63 | ||
64 | (define-record-type* <knot-key-configuration> | |
65 | knot-key-configuration make-knot-key-configuration | |
66 | knot-key-configuration? | |
67 | (id knot-key-configuration-id | |
68 | (default "")) | |
69 | (algorithm knot-key-configuration-algorithm | |
70 | (default #f)); one of #f, or an algorithm name | |
71 | (secret knot-key-configuration-secret | |
72 | (default ""))) | |
73 | ||
74 | (define-record-type* <knot-acl-configuration> | |
75 | knot-acl-configuration make-knot-acl-configuration | |
76 | knot-acl-configuration? | |
77 | (id knot-acl-configuration-id | |
78 | (default "")) | |
79 | (address knot-acl-configuration-address | |
80 | (default '())) | |
81 | (key knot-acl-configuration-key | |
82 | (default '())) | |
83 | (action knot-acl-configuration-action | |
84 | (default '())) | |
85 | (deny? knot-acl-configuration-deny? | |
86 | (default #f))) | |
87 | ||
88 | (define-record-type* <zone-entry> | |
89 | zone-entry make-zone-entry | |
90 | zone-entry? | |
91 | (name zone-entry-name | |
92 | (default "@")) | |
93 | (ttl zone-entry-ttl | |
94 | (default "")) | |
95 | (class zone-entry-class | |
96 | (default "IN")) | |
97 | (type zone-entry-type | |
98 | (default "A")) | |
99 | (data zone-entry-data | |
100 | (default ""))) | |
101 | ||
102 | (define-record-type* <zone-file> | |
103 | zone-file make-zone-file | |
104 | zone-file? | |
105 | (entries zone-file-entries | |
106 | (default '())) | |
107 | (origin zone-file-origin | |
108 | (default "")) | |
109 | (ns zone-file-ns | |
110 | (default "ns")) | |
111 | (mail zone-file-mail | |
112 | (default "hostmaster")) | |
113 | (serial zone-file-serial | |
114 | (default 1)) | |
115 | (refresh zone-file-refresh | |
f3853a25 | 116 | (default (* 2 24 3600))) |
ba69e8f7 | 117 | (retry zone-file-retry |
f3853a25 | 118 | (default (* 15 60))) |
ba69e8f7 | 119 | (expiry zone-file-expiry |
f3853a25 | 120 | (default (* 2 7 24 3600))) |
ba69e8f7 | 121 | (nx zone-file-nx |
f3853a25 | 122 | (default 3600))) |
ba69e8f7 JL |
123 | (define-record-type* <knot-keystore-configuration> |
124 | knot-keystore-configuration make-knot-keystore-configuration | |
125 | knot-keystore-configuration? | |
126 | (id knot-keystore-configuration-id | |
127 | (default "")) | |
128 | (backend knot-keystore-configuration-backend | |
129 | (default 'pem)) | |
130 | (config knot-keystore-configuration-config | |
131 | (default "/var/lib/knot/keys/keys"))) | |
132 | ||
133 | (define-record-type* <knot-policy-configuration> | |
134 | knot-policy-configuration make-knot-policy-configuration | |
135 | knot-policy-configuration? | |
136 | (id knot-policy-configuration-id | |
137 | (default "")) | |
138 | (keystore knot-policy-configuration-keystore | |
139 | (default "default")) | |
140 | (manual? knot-policy-configuration-manual? | |
141 | (default #f)) | |
142 | (single-type-signing? knot-policy-configuration-single-type-signing? | |
143 | (default #f)) | |
144 | (algorithm knot-policy-configuration-algorithm | |
145 | (default "ecdsap256sha256")) | |
146 | (ksk-size knot-policy-configuration-ksk-size | |
147 | (default 256)) | |
148 | (zsk-size knot-policy-configuration-zsk-size | |
149 | (default 256)) | |
150 | (dnskey-ttl knot-policy-configuration-dnskey-ttl | |
151 | (default 'default)) | |
152 | (zsk-lifetime knot-policy-configuration-zsk-lifetime | |
f3853a25 | 153 | (default (* 30 24 3600))) |
ba69e8f7 | 154 | (propagation-delay knot-policy-configuration-propagation-delay |
f3853a25 | 155 | (default (* 24 3600))) |
ba69e8f7 | 156 | (rrsig-lifetime knot-policy-configuration-rrsig-lifetime |
f3853a25 | 157 | (default (* 14 24 3600))) |
ba69e8f7 | 158 | (rrsig-refresh knot-policy-configuration-rrsig-refresh |
f3853a25 | 159 | (default (* 7 24 3600))) |
ba69e8f7 JL |
160 | (nsec3? knot-policy-configuration-nsec3? |
161 | (default #f)) | |
162 | (nsec3-iterations knot-policy-configuration-nsec3-iterations | |
163 | (default 5)) | |
164 | (nsec3-salt-length knot-policy-configuration-nsec3-salt-length | |
165 | (default 8)) | |
166 | (nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime | |
f3853a25 | 167 | (default (* 30 24 3600)))) |
ba69e8f7 JL |
168 | |
169 | (define-record-type* <knot-zone-configuration> | |
170 | knot-zone-configuration make-knot-zone-configuration | |
171 | knot-zone-configuration? | |
6cd7b1be JL |
172 | (domain knot-zone-configuration-domain |
173 | (default "")) | |
174 | (file knot-zone-configuration-file | |
175 | (default "")) ; the file where this zone is saved. | |
176 | (zone knot-zone-configuration-zone | |
177 | (default (zone-file))) ; initial content of the zone file | |
178 | (master knot-zone-configuration-master | |
179 | (default '())) | |
180 | (ddns-master knot-zone-configuration-ddns-master | |
181 | (default #f)) | |
182 | (notify knot-zone-configuration-notify | |
183 | (default '())) | |
184 | (acl knot-zone-configuration-acl | |
185 | (default '())) | |
186 | (semantic-checks? knot-zone-configuration-semantic-checks? | |
187 | (default #f)) | |
188 | (disable-any? knot-zone-configuration-disable-any? | |
189 | (default #f)) | |
190 | (zonefile-sync knot-zone-configuration-zonefile-sync | |
191 | (default 0)) | |
192 | (zonefile-load knot-zone-configuration-zonefile-load | |
193 | (default #f)) | |
194 | (journal-content knot-zone-configuration-journal-content | |
195 | (default #f)) | |
196 | (max-journal-usage knot-zone-configuration-max-journal-usage | |
197 | (default #f)) | |
198 | (max-journal-depth knot-zone-configuration-max-journal-depth | |
199 | (default #f)) | |
200 | (max-zone-size knot-zone-configuration-max-zone-size | |
201 | (default #f)) | |
202 | (dnssec-policy knot-zone-configuration-dnssec-policy | |
203 | (default #f)) | |
204 | (serial-policy knot-zone-configuration-serial-policy | |
205 | (default 'increment))) | |
ba69e8f7 JL |
206 | |
207 | (define-record-type* <knot-remote-configuration> | |
208 | knot-remote-configuration make-knot-remote-configuration | |
209 | knot-remote-configuration? | |
210 | (id knot-remote-configuration-id | |
211 | (default "")) | |
212 | (address knot-remote-configuration-address | |
213 | (default '())) | |
214 | (via knot-remote-configuration-via | |
215 | (default '())) | |
216 | (key knot-remote-configuration-key | |
217 | (default #f))) | |
218 | ||
219 | (define-record-type* <knot-configuration> | |
220 | knot-configuration make-knot-configuration | |
221 | knot-configuration? | |
222 | (knot knot-configuration-knot | |
223 | (default knot)) | |
224 | (run-directory knot-configuration-run-directory | |
225 | (default "/var/run/knot")) | |
92eb600f JL |
226 | (includes knot-configuration-includes |
227 | (default '())) | |
ba69e8f7 JL |
228 | (listen-v4 knot-configuration-listen-v4 |
229 | (default "0.0.0.0")) | |
230 | (listen-v6 knot-configuration-listen-v6 | |
231 | (default "::")) | |
232 | (listen-port knot-configuration-listen-port | |
233 | (default 53)) | |
234 | (keys knot-configuration-keys | |
235 | (default '())) | |
236 | (keystores knot-configuration-keystores | |
237 | (default '())) | |
238 | (acls knot-configuration-acls | |
239 | (default '())) | |
240 | (remotes knot-configuration-remotes | |
241 | (default '())) | |
242 | (policies knot-configuration-policies | |
243 | (default '())) | |
244 | (zones knot-configuration-zones | |
245 | (default '()))) | |
246 | ||
247 | (define-syntax define-zone-entries | |
248 | (syntax-rules () | |
249 | ((_ id (name ttl class type data) ...) | |
250 | (define id (list (make-zone-entry name ttl class type data) ...))))) | |
251 | ||
252 | (define (error-out msg) | |
253 | (raise (condition (&message (message msg))))) | |
254 | ||
255 | (define (verify-knot-key-configuration key) | |
256 | (unless (knot-key-configuration? key) | |
257 | (error-out "keys must be a list of only knot-key-configuration.")) | |
258 | (let ((id (knot-key-configuration-id key))) | |
259 | (unless (and (string? id) (not (equal? id ""))) | |
260 | (error-out "key id must be a non empty string."))) | |
408f0b4c AA |
261 | (unless (memq (knot-key-configuration-algorithm key) |
262 | '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512)) | |
263 | (error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1, | |
ba69e8f7 JL |
264 | 'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512"))) |
265 | ||
266 | (define (verify-knot-keystore-configuration keystore) | |
267 | (unless (knot-keystore-configuration? keystore) | |
268 | (error-out "keystores must be a list of only knot-keystore-configuration.")) | |
269 | (let ((id (knot-keystore-configuration-id keystore))) | |
270 | (unless (and (string? id) (not (equal? id ""))) | |
271 | (error-out "keystore id must be a non empty string."))) | |
408f0b4c AA |
272 | (unless (memq (knot-keystore-configuration-backend keystore) |
273 | '(pem pkcs11)) | |
274 | (error-out "backend must be one of: 'pem or 'pkcs11"))) | |
ba69e8f7 JL |
275 | |
276 | (define (verify-knot-policy-configuration policy) | |
f3853a25 | 277 | (unless (knot-policy-configuration? policy) |
ba69e8f7 JL |
278 | (error-out "policies must be a list of only knot-policy-configuration.")) |
279 | (let ((id (knot-policy-configuration-id policy))) | |
280 | (unless (and (string? id) (not (equal? id ""))) | |
281 | (error-out "policy id must be a non empty string.")))) | |
282 | ||
283 | (define (verify-knot-acl-configuration acl) | |
284 | (unless (knot-acl-configuration? acl) | |
285 | (error-out "acls must be a list of only knot-acl-configuration.")) | |
286 | (let ((id (knot-acl-configuration-id acl)) | |
287 | (address (knot-acl-configuration-address acl)) | |
288 | (key (knot-acl-configuration-key acl)) | |
289 | (action (knot-acl-configuration-action acl))) | |
290 | (unless (and (string? id) (not (equal? id ""))) | |
291 | (error-out "acl id must be a non empty string.")) | |
292 | (unless (and (list? address) | |
408f0b4c | 293 | (every string? address)) |
ba69e8f7 JL |
294 | (error-out "acl address must be a list of strings."))) |
295 | (unless (boolean? (knot-acl-configuration-deny? acl)) | |
296 | (error-out "deny? must be #t or #f."))) | |
297 | ||
298 | (define (verify-knot-zone-configuration zone) | |
299 | (unless (knot-zone-configuration? zone) | |
300 | (error-out "zones must be a list of only knot-zone-configuration.")) | |
301 | (let ((domain (knot-zone-configuration-domain zone))) | |
302 | (unless (and (string? domain) (not (equal? domain ""))) | |
303 | (error-out "zone domain must be a non empty string.")))) | |
304 | ||
305 | (define (verify-knot-remote-configuration remote) | |
306 | (unless (knot-remote-configuration? remote) | |
307 | (error-out "remotes must be a list of only knot-remote-configuration.")) | |
308 | (let ((id (knot-remote-configuration-id remote))) | |
309 | (unless (and (string? id) (not (equal? id ""))) | |
310 | (error-out "remote id must be a non empty string.")))) | |
311 | ||
312 | (define (verify-knot-configuration config) | |
313 | (unless (package? (knot-configuration-knot config)) | |
314 | (error-out "knot configuration field must be a package.")) | |
315 | (unless (string? (knot-configuration-run-directory config)) | |
316 | (error-out "run-directory must be a string.")) | |
92eb600f JL |
317 | (unless (list? (knot-configuration-includes config)) |
318 | (error-out "includes must be a list of strings or file-like objects.")) | |
ba69e8f7 JL |
319 | (unless (list? (knot-configuration-keys config)) |
320 | (error-out "keys must be a list of knot-key-configuration.")) | |
321 | (for-each (lambda (key) (verify-knot-key-configuration key)) | |
322 | (knot-configuration-keys config)) | |
323 | (unless (list? (knot-configuration-keystores config)) | |
324 | (error-out "keystores must be a list of knot-keystore-configuration.")) | |
325 | (for-each (lambda (keystore) (verify-knot-keystore-configuration keystore)) | |
326 | (knot-configuration-keystores config)) | |
327 | (unless (list? (knot-configuration-acls config)) | |
328 | (error-out "acls must be a list of knot-acl-configuration.")) | |
329 | (for-each (lambda (acl) (verify-knot-acl-configuration acl)) | |
330 | (knot-configuration-acls config)) | |
331 | (unless (list? (knot-configuration-zones config)) | |
332 | (error-out "zones must be a list of knot-zone-configuration.")) | |
333 | (for-each (lambda (zone) (verify-knot-zone-configuration zone)) | |
334 | (knot-configuration-zones config)) | |
335 | (unless (list? (knot-configuration-policies config)) | |
336 | (error-out "policies must be a list of knot-policy-configuration.")) | |
337 | (for-each (lambda (policy) (verify-knot-policy-configuration policy)) | |
338 | (knot-configuration-policies config)) | |
339 | (unless (list? (knot-configuration-remotes config)) | |
340 | (error-out "remotes must be a list of knot-remote-configuration.")) | |
341 | (for-each (lambda (remote) (verify-knot-remote-configuration remote)) | |
342 | (knot-configuration-remotes config)) | |
343 | #t) | |
344 | ||
345 | (define (format-string-list l) | |
346 | "Formats a list of string in YAML" | |
347 | (if (eq? l '()) | |
348 | "" | |
349 | (let ((l (reverse l))) | |
350 | (string-append | |
351 | "[" | |
352 | (fold (lambda (x1 x2) | |
353 | (string-append (if (symbol? x1) (symbol->string x1) x1) ", " | |
354 | (if (symbol? x2) (symbol->string x2) x2))) | |
e379d1b5 | 355 | (if (symbol? (car l)) (symbol->string (car l)) (car l)) (cdr l)) |
ba69e8f7 JL |
356 | "]")))) |
357 | ||
358 | (define (knot-acl-config acls) | |
359 | (with-output-to-string | |
360 | (lambda () | |
361 | (for-each | |
362 | (lambda (acl-config) | |
363 | (let ((id (knot-acl-configuration-id acl-config)) | |
364 | (address (knot-acl-configuration-address acl-config)) | |
365 | (key (knot-acl-configuration-key acl-config)) | |
366 | (action (knot-acl-configuration-action acl-config)) | |
367 | (deny? (knot-acl-configuration-deny? acl-config))) | |
368 | (format #t " - id: ~a\n" id) | |
369 | (unless (eq? address '()) | |
370 | (format #t " address: ~a\n" (format-string-list address))) | |
371 | (unless (eq? key '()) | |
372 | (format #t " key: ~a\n" (format-string-list key))) | |
373 | (unless (eq? action '()) | |
374 | (format #t " action: ~a\n" (format-string-list action))) | |
375 | (format #t " deny: ~a\n" (if deny? "on" "off")))) | |
376 | acls)))) | |
377 | ||
378 | (define (knot-key-config keys) | |
379 | (with-output-to-string | |
380 | (lambda () | |
381 | (for-each | |
382 | (lambda (key-config) | |
383 | (let ((id (knot-key-configuration-id key-config)) | |
384 | (algorithm (knot-key-configuration-algorithm key-config)) | |
385 | (secret (knot-key-configuration-secret key-config))) | |
386 | (format #t " - id: ~a\n" id) | |
387 | (if algorithm | |
388 | (format #t " algorithm: ~a\n" (symbol->string algorithm))) | |
389 | (format #t " secret: ~a\n" secret))) | |
390 | keys)))) | |
391 | ||
392 | (define (knot-keystore-config keystores) | |
393 | (with-output-to-string | |
394 | (lambda () | |
395 | (for-each | |
396 | (lambda (keystore-config) | |
397 | (let ((id (knot-keystore-configuration-id keystore-config)) | |
398 | (backend (knot-keystore-configuration-backend keystore-config)) | |
399 | (config (knot-keystore-configuration-config keystore-config))) | |
400 | (format #t " - id: ~a\n" id) | |
401 | (format #t " backend: ~a\n" (symbol->string backend)) | |
402 | (format #t " config: \"~a\"\n" config))) | |
403 | keystores)))) | |
404 | ||
405 | (define (knot-policy-config policies) | |
406 | (with-output-to-string | |
407 | (lambda () | |
408 | (for-each | |
409 | (lambda (policy-config) | |
410 | (let ((id (knot-policy-configuration-id policy-config)) | |
411 | (keystore (knot-policy-configuration-keystore policy-config)) | |
412 | (manual? (knot-policy-configuration-manual? policy-config)) | |
413 | (single-type-signing? (knot-policy-configuration-single-type-signing? | |
414 | policy-config)) | |
415 | (algorithm (knot-policy-configuration-algorithm policy-config)) | |
416 | (ksk-size (knot-policy-configuration-ksk-size policy-config)) | |
417 | (zsk-size (knot-policy-configuration-zsk-size policy-config)) | |
418 | (dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config)) | |
419 | (zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config)) | |
420 | (propagation-delay (knot-policy-configuration-propagation-delay | |
421 | policy-config)) | |
422 | (rrsig-lifetime (knot-policy-configuration-rrsig-lifetime | |
423 | policy-config)) | |
424 | (nsec3? (knot-policy-configuration-nsec3? policy-config)) | |
425 | (nsec3-iterations (knot-policy-configuration-nsec3-iterations | |
426 | policy-config)) | |
427 | (nsec3-salt-length (knot-policy-configuration-nsec3-salt-length | |
428 | policy-config)) | |
429 | (nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime | |
430 | policy-config))) | |
431 | (format #t " - id: ~a\n" id) | |
432 | (format #t " keystore: ~a\n" keystore) | |
433 | (format #t " manual: ~a\n" (if manual? "on" "off")) | |
434 | (format #t " single-type-signing: ~a\n" (if single-type-signing? | |
435 | "on" "off")) | |
436 | (format #t " algorithm: ~a\n" algorithm) | |
437 | (format #t " ksk-size: ~a\n" (number->string ksk-size)) | |
438 | (format #t " zsk-size: ~a\n" (number->string zsk-size)) | |
439 | (unless (eq? dnskey-ttl 'default) | |
440 | (format #t " dnskey-ttl: ~a\n" dnskey-ttl)) | |
441 | (format #t " zsk-lifetime: ~a\n" zsk-lifetime) | |
442 | (format #t " propagation-delay: ~a\n" propagation-delay) | |
443 | (format #t " rrsig-lifetime: ~a\n" rrsig-lifetime) | |
444 | (format #t " nsec3: ~a\n" (if nsec3? "on" "off")) | |
445 | (format #t " nsec3-iterations: ~a\n" | |
446 | (number->string nsec3-iterations)) | |
447 | (format #t " nsec3-salt-length: ~a\n" | |
448 | (number->string nsec3-salt-length)) | |
449 | (format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime))) | |
450 | policies)))) | |
451 | ||
452 | (define (knot-remote-config remotes) | |
453 | (with-output-to-string | |
454 | (lambda () | |
455 | (for-each | |
456 | (lambda (remote-config) | |
457 | (let ((id (knot-remote-configuration-id remote-config)) | |
458 | (address (knot-remote-configuration-address remote-config)) | |
459 | (via (knot-remote-configuration-via remote-config)) | |
460 | (key (knot-remote-configuration-key remote-config))) | |
461 | (format #t " - id: ~a\n" id) | |
462 | (unless (eq? address '()) | |
463 | (format #t " address: ~a\n" (format-string-list address))) | |
464 | (unless (eq? via '()) | |
465 | (format #t " via: ~a\n" (format-string-list via))) | |
466 | (if key | |
467 | (format #t " key: ~a\n" key)))) | |
468 | remotes)))) | |
469 | ||
470 | (define (serialize-zone-entries entries) | |
471 | (with-output-to-string | |
472 | (lambda () | |
473 | (for-each | |
474 | (lambda (entry) | |
475 | (let ((name (zone-entry-name entry)) | |
476 | (ttl (zone-entry-ttl entry)) | |
477 | (class (zone-entry-class entry)) | |
478 | (type (zone-entry-type entry)) | |
479 | (data (zone-entry-data entry))) | |
480 | (format #t "~a ~a ~a ~a ~a\n" name ttl class type data))) | |
481 | entries)))) | |
482 | ||
483 | (define (serialize-zone-file zone domain) | |
484 | (computed-file (string-append domain ".zone") | |
485 | #~(begin | |
486 | (call-with-output-file #$output | |
487 | (lambda (port) | |
488 | (format port "$ORIGIN ~a.\n" | |
489 | #$(zone-file-origin zone)) | |
490 | (format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n" | |
491 | #$(zone-file-ns zone) | |
492 | #$(zone-file-mail zone) | |
493 | #$(zone-file-serial zone) | |
494 | #$(zone-file-refresh zone) | |
495 | #$(zone-file-retry zone) | |
496 | #$(zone-file-expiry zone) | |
497 | #$(zone-file-nx zone)) | |
498 | (format port "~a\n" | |
499 | #$(serialize-zone-entries (zone-file-entries zone)))))))) | |
500 | ||
501 | (define (knot-zone-config zone) | |
502 | (let ((content (knot-zone-configuration-zone zone))) | |
503 | #~(with-output-to-string | |
504 | (lambda () | |
505 | (let ((domain #$(knot-zone-configuration-domain zone)) | |
506 | (file #$(knot-zone-configuration-file zone)) | |
507 | (master (list #$@(knot-zone-configuration-master zone))) | |
508 | (ddns-master #$(knot-zone-configuration-ddns-master zone)) | |
509 | (notify (list #$@(knot-zone-configuration-notify zone))) | |
510 | (acl (list #$@(knot-zone-configuration-acl zone))) | |
511 | (semantic-checks? #$(knot-zone-configuration-semantic-checks? zone)) | |
512 | (disable-any? #$(knot-zone-configuration-disable-any? zone)) | |
b8e2bd4f JL |
513 | (zonefile-sync #$(knot-zone-configuration-zonefile-sync zone)) |
514 | (zonefile-load '#$(knot-zone-configuration-zonefile-load zone)) | |
6cd7b1be JL |
515 | (journal-content #$(knot-zone-configuration-journal-content zone)) |
516 | (max-journal-usage #$(knot-zone-configuration-max-journal-usage zone)) | |
517 | (max-journal-depth #$(knot-zone-configuration-max-journal-depth zone)) | |
518 | (max-zone-size #$(knot-zone-configuration-max-zone-size zone)) | |
ba69e8f7 JL |
519 | (dnssec-policy #$(knot-zone-configuration-dnssec-policy zone)) |
520 | (serial-policy '#$(knot-zone-configuration-serial-policy zone))) | |
521 | (format #t " - domain: ~a\n" domain) | |
522 | (if (eq? master '()) | |
523 | ;; This server is a master | |
524 | (if (equal? file "") | |
525 | (format #t " file: ~a\n" | |
526 | #$(serialize-zone-file content | |
527 | (knot-zone-configuration-domain zone))) | |
528 | (format #t " file: ~a\n" file)) | |
529 | ;; This server is a slave (has masters) | |
530 | (begin | |
531 | (format #t " master: ~a\n" | |
532 | #$(format-string-list | |
533 | (knot-zone-configuration-master zone))) | |
534 | (if ddns-master (format #t " ddns-master ~a\n" ddns-master)))) | |
535 | (unless (eq? notify '()) | |
536 | (format #t " notify: ~a\n" | |
537 | #$(format-string-list | |
538 | (knot-zone-configuration-notify zone)))) | |
539 | (unless (eq? acl '()) | |
540 | (format #t " acl: ~a\n" | |
541 | #$(format-string-list | |
542 | (knot-zone-configuration-acl zone)))) | |
543 | (format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off")) | |
544 | (format #t " disable-any: ~a\n" (if disable-any? "on" "off")) | |
6cd7b1be JL |
545 | (if zonefile-sync |
546 | (format #t " zonefile-sync: ~a\n" zonefile-sync)) | |
547 | (if zonefile-load | |
548 | (format #t " zonefile-load: ~a\n" | |
549 | (symbol->string zonefile-load))) | |
550 | (if journal-content | |
551 | (format #t " journal-content: ~a\n" | |
552 | (symbol->string journal-content))) | |
553 | (if max-journal-usage | |
554 | (format #t " max-journal-usage: ~a\n" max-journal-usage)) | |
555 | (if max-journal-depth | |
556 | (format #t " max-journal-depth: ~a\n" max-journal-depth)) | |
557 | (if max-zone-size | |
558 | (format #t " max-zone-size: ~a\n" max-zone-size)) | |
ba69e8f7 JL |
559 | (if dnssec-policy |
560 | (begin | |
561 | (format #t " dnssec-signing: on\n") | |
562 | (format #t " dnssec-policy: ~a\n" dnssec-policy))) | |
563 | (format #t " serial-policy: ~a\n" | |
564 | (symbol->string serial-policy))))))) | |
565 | ||
566 | (define (knot-config-file config) | |
567 | (verify-knot-configuration config) | |
568 | (computed-file "knot.conf" | |
569 | #~(begin | |
570 | (call-with-output-file #$output | |
571 | (lambda (port) | |
435551f0 LC |
572 | (for-each (lambda (inc) |
573 | (format port "include: ~a\n" inc)) | |
574 | '#$(knot-configuration-includes config)) | |
ba69e8f7 JL |
575 | (format port "server:\n") |
576 | (format port " rundir: ~a\n" #$(knot-configuration-run-directory config)) | |
577 | (format port " user: knot\n") | |
578 | (format port " listen: ~a@~a\n" | |
579 | #$(knot-configuration-listen-v4 config) | |
580 | #$(knot-configuration-listen-port config)) | |
581 | (format port " listen: ~a@~a\n" | |
582 | #$(knot-configuration-listen-v6 config) | |
583 | #$(knot-configuration-listen-port config)) | |
584 | (format port "\nkey:\n") | |
585 | (format port #$(knot-key-config (knot-configuration-keys config))) | |
586 | (format port "\nkeystore:\n") | |
587 | (format port #$(knot-keystore-config (knot-configuration-keystores config))) | |
588 | (format port "\nacl:\n") | |
589 | (format port #$(knot-acl-config (knot-configuration-acls config))) | |
590 | (format port "\nremote:\n") | |
591 | (format port #$(knot-remote-config (knot-configuration-remotes config))) | |
592 | (format port "\npolicy:\n") | |
593 | (format port #$(knot-policy-config (knot-configuration-policies config))) | |
594 | (unless #$(eq? (knot-configuration-zones config) '()) | |
595 | (format port "\nzone:\n") | |
596 | (format port "~a\n" | |
597 | (string-concatenate | |
598 | (list #$@(map knot-zone-config | |
599 | (knot-configuration-zones config))))))))))) | |
600 | ||
601 | (define %knot-accounts | |
602 | (list (user-group (name "knot") (system? #t)) | |
603 | (user-account | |
604 | (name "knot") | |
605 | (group "knot") | |
606 | (system? #t) | |
607 | (comment "knot dns server user") | |
608 | (home-directory "/var/empty") | |
609 | (shell (file-append shadow "/sbin/nologin"))))) | |
610 | ||
611 | (define (knot-activation config) | |
520bac7e MD |
612 | (with-imported-modules (source-module-closure '((gnu build activation))) |
613 | #~(begin | |
614 | (use-modules (gnu build activation)) | |
615 | (mkdir-p/perms #$(knot-configuration-run-directory config) | |
616 | (getpwnam "knot") #o755) | |
617 | (mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755) | |
618 | (mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755) | |
619 | (mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755)))) | |
ba69e8f7 JL |
620 | |
621 | (define (knot-shepherd-service config) | |
622 | (let* ((config-file (knot-config-file config)) | |
623 | (knot (knot-configuration-knot config))) | |
624 | (list (shepherd-service | |
625 | (documentation "Run the Knot DNS daemon.") | |
626 | (provision '(knot dns)) | |
627 | (requirement '(networking)) | |
628 | (start #~(make-forkexec-constructor | |
629 | (list (string-append #$knot "/sbin/knotd") | |
630 | "-c" #$config-file))) | |
631 | (stop #~(make-kill-destructor)))))) | |
632 | ||
633 | (define knot-service-type | |
634 | (service-type (name 'knot) | |
635 | (extensions | |
636 | (list (service-extension shepherd-root-service-type | |
637 | knot-shepherd-service) | |
638 | (service-extension activation-service-type | |
639 | knot-activation) | |
640 | (service-extension account-service-type | |
dd0804c6 LC |
641 | (const %knot-accounts)))) |
642 | (description | |
643 | "Run @uref{https://www.knot-dns.cz/, Knot}, an authoritative | |
644 | name server for the @acronym{DNS, Domain Name System}."))) | |
97f6e913 SB |
645 | |
646 | \f | |
6ec68c69 SB |
647 | ;;; |
648 | ;;; Knot Resolver. | |
649 | ;;; | |
650 | ||
651 | (define-record-type* <knot-resolver-configuration> | |
652 | knot-resolver-configuration | |
653 | make-knot-resolver-configuration | |
654 | knot-resolver-configuration? | |
655 | (package knot-resolver-configuration-package | |
656 | (default knot-resolver)) | |
657 | (kresd-config-file knot-resolver-kresd-config-file | |
658 | (default %kresd.conf)) | |
659 | (garbage-collection-interval knot-resolver-garbage-collection-interval | |
660 | (default 1000))) | |
661 | ||
662 | (define %kresd.conf | |
663 | (plain-file "kresd.conf" "-- -*- mode: lua -*- | |
244db6bb | 664 | trust_anchors.add_file('/var/cache/knot-resolver/root.keys') |
6ec68c69 SB |
665 | net = { '127.0.0.1', '::1' } |
666 | user('knot-resolver', 'knot-resolver') | |
667 | modules = { 'hints > iterate', 'stats', 'predict' } | |
668 | cache.size = 100 * MB | |
669 | ")) | |
670 | ||
671 | (define %knot-resolver-accounts | |
672 | (list (user-group | |
673 | (name "knot-resolver") | |
674 | (system? #t)) | |
675 | (user-account | |
676 | (name "knot-resolver") | |
677 | (group "knot-resolver") | |
678 | (system? #t) | |
679 | (home-directory "/var/cache/knot-resolver") | |
680 | (shell (file-append shadow "/sbin/nologin"))))) | |
681 | ||
682 | (define (knot-resolver-activation config) | |
683 | #~(begin | |
684 | (use-modules (guix build utils)) | |
685 | (let ((rundir "/var/cache/knot-resolver") | |
686 | (owner (getpwnam "knot-resolver"))) | |
687 | (mkdir-p rundir) | |
688 | (chown rundir (passwd:uid owner) (passwd:gid owner))))) | |
689 | ||
690 | (define knot-resolver-shepherd-services | |
691 | (match-lambda | |
692 | (($ <knot-resolver-configuration> package | |
693 | kresd-config-file | |
694 | garbage-collection-interval) | |
695 | (list | |
696 | (shepherd-service | |
697 | (provision '(kresd)) | |
698 | (requirement '(networking)) | |
699 | (documentation "Run the Knot Resolver daemon.") | |
700 | (start #~(make-forkexec-constructor | |
701 | '(#$(file-append package "/sbin/kresd") | |
5ede2595 | 702 | "-c" #$kresd-config-file "-n" |
6ec68c69 SB |
703 | "/var/cache/knot-resolver"))) |
704 | (stop #~(make-kill-destructor))) | |
705 | (shepherd-service | |
706 | (provision '(kres-cache-gc)) | |
707 | (requirement '(user-processes)) | |
708 | (documentation "Run the Knot Resolver Garbage Collector daemon.") | |
709 | (start #~(make-forkexec-constructor | |
710 | '(#$(file-append package "/sbin/kres-cache-gc") | |
711 | "-d" #$(number->string garbage-collection-interval) | |
712 | "-c" "/var/cache/knot-resolver") | |
713 | #:user "knot-resolver" | |
714 | #:group "knot-resolver")) | |
715 | (stop #~(make-kill-destructor))))))) | |
716 | ||
717 | (define knot-resolver-service-type | |
718 | (service-type | |
719 | (name 'knot-resolver) | |
720 | (extensions | |
721 | (list (service-extension shepherd-root-service-type | |
722 | knot-resolver-shepherd-services) | |
723 | (service-extension activation-service-type | |
724 | knot-resolver-activation) | |
725 | (service-extension account-service-type | |
726 | (const %knot-resolver-accounts)))) | |
727 | (default-value (knot-resolver-configuration)) | |
728 | (description "Run the Knot DNS Resolver."))) | |
729 | ||
730 | \f | |
97f6e913 SB |
731 | ;;; |
732 | ;;; Dnsmasq. | |
733 | ;;; | |
734 | ||
735 | (define-record-type* <dnsmasq-configuration> | |
736 | dnsmasq-configuration make-dnsmasq-configuration | |
737 | dnsmasq-configuration? | |
738 | (package dnsmasq-configuration-package | |
739 | (default dnsmasq)) ;package | |
740 | (no-hosts? dnsmasq-configuration-no-hosts? | |
741 | (default #f)) ;boolean | |
742 | (port dnsmasq-configuration-port | |
743 | (default 53)) ;integer | |
744 | (local-service? dnsmasq-configuration-local-service? | |
745 | (default #t)) ;boolean | |
746 | (listen-addresses dnsmasq-configuration-listen-address | |
747 | (default '())) ;list of string | |
748 | (resolv-file dnsmasq-configuration-resolv-file | |
749 | (default "/etc/resolv.conf")) ;string | |
750 | (no-resolv? dnsmasq-configuration-no-resolv? | |
751 | (default #f)) ;boolean | |
752 | (servers dnsmasq-configuration-servers | |
753 | (default '())) ;list of string | |
5a0b78e6 PL |
754 | (addresses dnsmasq-configuration-addresses |
755 | (default '())) ;list of string | |
97f6e913 SB |
756 | (cache-size dnsmasq-configuration-cache-size |
757 | (default 150)) ;integer | |
c061eb58 | 758 | (negative-cache? dnsmasq-configuration-negative-cache? |
34d1c0a0 DM |
759 | (default #t)) ;boolean |
760 | (tftp-enable? dnsmasq-configuration-tftp-enable? | |
761 | (default #f)) ;boolean | |
762 | (tftp-no-fail? dnsmasq-configuration-tftp-no-fail? | |
763 | (default #f)) ;boolean | |
764 | (tftp-single-port? dnsmasq-configuration-tftp-single-port? | |
765 | (default #f)) ;boolean | |
766 | (tftp-secure? dnsmasq-tftp-secure? | |
767 | (default #f)) ;boolean | |
768 | (tftp-max dnsmasq-tftp-max | |
769 | (default #f)) ;integer | |
770 | (tftp-mtu dnsmasq-tftp-mtu | |
771 | (default #f)) ;integer | |
772 | (tftp-no-blocksize? dnsmasq-tftp-no-blocksize? | |
773 | (default #f)) ;boolean | |
774 | (tftp-lowercase? dnsmasq-tftp-lowercase? | |
775 | (default #f)) ;boolean | |
776 | (tftp-port-range dnsmasq-tftp-port-range | |
777 | (default #f)) ;string | |
778 | (tftp-root dnsmasq-tftp-root | |
779 | (default "/var/empty,lo")) ;string | |
780 | (tftp-unique-root dnsmasq-tftp-unique-root | |
781 | (default #f))) ;"" or "ip" or "mac" | |
97f6e913 SB |
782 | |
783 | (define dnsmasq-shepherd-service | |
784 | (match-lambda | |
785 | (($ <dnsmasq-configuration> package | |
786 | no-hosts? | |
787 | port local-service? listen-addresses | |
788 | resolv-file no-resolv? servers | |
34d1c0a0 DM |
789 | addresses cache-size negative-cache? |
790 | tftp-enable? tftp-no-fail? | |
791 | tftp-single-port? tftp-secure? | |
792 | tftp-max tftp-mtu tftp-no-blocksize? | |
793 | tftp-lowercase? tftp-port-range | |
794 | tftp-root tftp-unique-root) | |
97f6e913 SB |
795 | (shepherd-service |
796 | (provision '(dnsmasq)) | |
797 | (requirement '(networking)) | |
798 | (documentation "Run the dnsmasq DNS server.") | |
799 | (start #~(make-forkexec-constructor | |
800 | '(#$(file-append package "/sbin/dnsmasq") | |
801 | "--keep-in-foreground" | |
802 | "--pid-file=/run/dnsmasq.pid" | |
803 | #$@(if no-hosts? | |
804 | '("--no-hosts") | |
805 | '()) | |
806 | #$(format #f "--port=~a" port) | |
807 | #$@(if local-service? | |
808 | '("--local-service") | |
809 | '()) | |
810 | #$@(map (cut format #f "--listen-address=~a" <>) | |
811 | listen-addresses) | |
812 | #$(format #f "--resolv-file=~a" resolv-file) | |
813 | #$@(if no-resolv? | |
814 | '("--no-resolv") | |
815 | '()) | |
816 | #$@(map (cut format #f "--server=~a" <>) | |
817 | servers) | |
5a0b78e6 PL |
818 | #$@(map (cut format #f "--address=~a" <>) |
819 | addresses) | |
97f6e913 | 820 | #$(format #f "--cache-size=~a" cache-size) |
c061eb58 SB |
821 | #$@(if negative-cache? |
822 | '() | |
34d1c0a0 DM |
823 | '("--no-negcache")) |
824 | #$@(if tftp-enable? | |
825 | '("--enable-tftp") | |
826 | '()) | |
827 | #$@(if tftp-no-fail? | |
828 | '("--tftp-no-fail") | |
829 | '()) | |
830 | #$@(if tftp-single-port? | |
831 | '("--tftp-single-port") | |
832 | '()) | |
833 | #$@(if tftp-secure? | |
834 | '("--tftp-secure?") | |
835 | '()) | |
836 | #$@(if tftp-max | |
837 | (list (format #f "--tftp-max=~a" tftp-max)) | |
838 | '()) | |
839 | #$@(if tftp-mtu | |
840 | (list (format #f "--tftp-mtu=~a" tftp-mtu)) | |
841 | '()) | |
842 | #$@(if tftp-no-blocksize? | |
843 | '("--tftp-no-blocksize") | |
844 | '()) | |
845 | #$@(if tftp-lowercase? | |
846 | '("--tftp-lowercase") | |
847 | '()) | |
848 | #$@(if tftp-port-range | |
849 | (list (format #f "--tftp-port-range=~a" | |
850 | tftp-port-range)) | |
851 | '()) | |
852 | #$@(if tftp-root | |
853 | (list (format #f "--tftp-root=~a" tftp-root)) | |
854 | '()) | |
855 | #$@(if tftp-unique-root | |
856 | (list | |
857 | (if (> (length tftp-unique-root) 0) | |
858 | (format #f "--tftp-unique-root=~a" tftp-unique-root) | |
859 | (format #f "--tftp-unique-root"))) | |
860 | '())) | |
97f6e913 SB |
861 | #:pid-file "/run/dnsmasq.pid")) |
862 | (stop #~(make-kill-destructor)))))) | |
863 | ||
864 | (define dnsmasq-service-type | |
865 | (service-type | |
866 | (name 'dnsmasq) | |
867 | (extensions | |
868 | (list (service-extension shepherd-root-service-type | |
0d4c2d35 SB |
869 | (compose list dnsmasq-shepherd-service)))) |
870 | (default-value (dnsmasq-configuration)) | |
871 | (description "Run the dnsmasq DNS server."))) | |
8490a834 OP |
872 | |
873 | \f | |
874 | ;;; | |
875 | ;;; ddclient | |
876 | ;;; | |
877 | ||
878 | (define (uglify-field-name field-name) | |
879 | (string-delete #\? (symbol->string field-name))) | |
880 | ||
881 | (define (serialize-field field-name val) | |
9325533b OP |
882 | (when (not (member field-name '(group secret-file user))) |
883 | (format #t "~a=~a\n" (uglify-field-name field-name) val))) | |
8490a834 OP |
884 | |
885 | (define (serialize-boolean field-name val) | |
886 | (serialize-field field-name (if val "yes" "no"))) | |
887 | ||
888 | (define (serialize-integer field-name val) | |
889 | (serialize-field field-name (number->string val))) | |
890 | ||
891 | (define (serialize-string field-name val) | |
892 | (if (and (string? val) (string=? val "")) | |
893 | "" | |
894 | (serialize-field field-name val))) | |
895 | ||
896 | (define (serialize-list field-name val) | |
897 | (if (null? val) "" (serialize-field field-name (string-join val)))) | |
898 | ||
899 | (define (serialize-extra-options extra-options) | |
900 | (string-join extra-options "\n" 'suffix)) | |
901 | ||
902 | (define-configuration ddclient-configuration | |
903 | (ddclient | |
904 | (package ddclient) | |
905 | "The ddclient package.") | |
906 | (daemon | |
907 | (integer 300) | |
908 | "The period after which ddclient will retry to check IP and domain name.") | |
909 | (syslog | |
910 | (boolean #t) | |
911 | "Use syslog for the output.") | |
912 | ||
913 | (string "root") | |
914 | "Mail to user.") | |
915 | (mail-failure | |
916 | (string "root") | |
917 | "Mail failed update to user.") | |
918 | (pid | |
919 | (string "/var/run/ddclient/ddclient.pid") | |
920 | "The ddclient PID file.") | |
921 | (ssl | |
922 | (boolean #t) | |
923 | "Enable SSL support.") | |
924 | (user | |
925 | (string "ddclient") | |
926 | "Specifies the user name or ID that is used when running ddclient | |
927 | program.") | |
928 | (group | |
929 | (string "ddclient") | |
930 | "Group of the user who will run the ddclient program.") | |
931 | (secret-file | |
932 | (string "/etc/ddclient/secrets.conf") | |
933 | "Secret file which will be appended to @file{ddclient.conf} file. This | |
934 | file contains credentials for use by ddclient. You are expected to create it | |
935 | manually.") | |
936 | (extra-options | |
937 | (list '()) | |
938 | "Extra options will be appended to @file{ddclient.conf} file.")) | |
939 | ||
940 | (define (ddclient-account config) | |
941 | "Return the user accounts and user groups for CONFIG." | |
942 | (let ((ddclient-user (ddclient-configuration-user config)) | |
943 | (ddclient-group (ddclient-configuration-group config))) | |
944 | (list (user-group | |
945 | (name ddclient-group) | |
946 | (system? #t)) | |
947 | (user-account | |
948 | (name ddclient-user) | |
949 | (system? #t) | |
950 | (group ddclient-group) | |
951 | (comment "ddclientd privilege separation user") | |
952 | (home-directory (string-append "/var/run/" ddclient-user)))))) | |
953 | ||
954 | (define (ddclient-activation config) | |
955 | "Return the activation GEXP for CONFIG." | |
956 | (with-imported-modules '((guix build utils) | |
957 | (ice-9 rdelim)) | |
958 | #~(begin | |
959 | (use-modules (guix build utils) | |
960 | (ice-9 rdelim)) | |
961 | (let ((ddclient-user | |
7f860a8b | 962 | (passwd:uid (getpw #$(ddclient-configuration-user config)))) |
8490a834 | 963 | (ddclient-group |
7f860a8b | 964 | (passwd:gid (getpw #$(ddclient-configuration-group config)))) |
8490a834 OP |
965 | (ddclient-secret-file |
966 | #$(ddclient-configuration-secret-file config))) | |
967 | ;; 'ddclient' complains about ddclient.conf file permissions, which | |
968 | ;; rules out /gnu/store. Thus we copy the ddclient.conf to /etc. | |
969 | (for-each (lambda (dir) | |
970 | (mkdir-p dir) | |
971 | (chmod dir #o700) | |
972 | (chown dir ddclient-user ddclient-group)) | |
973 | '("/var/cache/ddclient" "/var/run/ddclient" | |
974 | "/etc/ddclient")) | |
975 | (with-output-to-file "/etc/ddclient/ddclient.conf" | |
976 | (lambda () | |
977 | (display | |
978 | (string-append | |
979 | "# Generated by 'ddclient-service'.\n\n" | |
980 | #$(with-output-to-string | |
981 | (lambda () | |
982 | (serialize-configuration config | |
983 | ddclient-configuration-fields))) | |
984 | (if (string-null? ddclient-secret-file) | |
985 | "" | |
986 | (format #f "\n\n# Appended from '~a'.\n\n~a" | |
987 | ddclient-secret-file | |
988 | (with-input-from-file ddclient-secret-file | |
989 | read-string))))))) | |
990 | (chmod "/etc/ddclient/ddclient.conf" #o600) | |
991 | (chown "/etc/ddclient/ddclient.conf" | |
992 | ddclient-user ddclient-group))))) | |
993 | ||
994 | (define (ddclient-shepherd-service config) | |
995 | "Return a <shepherd-service> for ddclient with CONFIG." | |
996 | (let ((ddclient (ddclient-configuration-ddclient config)) | |
997 | (ddclient-pid (ddclient-configuration-pid config)) | |
998 | (ddclient-user (ddclient-configuration-user config)) | |
999 | (ddclient-group (ddclient-configuration-group config))) | |
1000 | (list (shepherd-service | |
1001 | (provision '(ddclient)) | |
1002 | (documentation "Run ddclient daemon.") | |
1003 | (start #~(make-forkexec-constructor | |
1004 | (list #$(file-append ddclient "/bin/ddclient") | |
1005 | "-foreground" | |
1006 | "-file" "/etc/ddclient/ddclient.conf") | |
1007 | #:pid-file #$ddclient-pid | |
1008 | #:environment-variables | |
1009 | (list "SSL_CERT_DIR=/run/current-system/profile\ | |
1010 | /etc/ssl/certs" | |
1011 | "SSL_CERT_FILE=/run/current-system/profile\ | |
1012 | /etc/ssl/certs/ca-certificates.crt") | |
1013 | #:user #$ddclient-user | |
1014 | #:group #$ddclient-group)) | |
1015 | (stop #~(make-kill-destructor)))))) | |
1016 | ||
1017 | (define ddclient-service-type | |
1018 | (service-type | |
1019 | (name 'ddclient) | |
1020 | (extensions | |
1021 | (list (service-extension account-service-type | |
1022 | ddclient-account) | |
1023 | (service-extension shepherd-root-service-type | |
1024 | ddclient-shepherd-service) | |
1025 | (service-extension activation-service-type | |
1026 | ddclient-activation))) | |
1027 | (default-value (ddclient-configuration)) | |
1028 | (description "Configure address updating utility for dynamic DNS services, | |
1029 | ddclient."))) | |
1030 | ||
1031 | (define (generate-ddclient-documentation) | |
1032 | (generate-documentation | |
1033 | `((ddclient-configuration ,ddclient-configuration-fields)) | |
1034 | 'ddclient-configuration)) |