HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
services: postgresql: Use "/tmp" host directory.
[jackhill/guix/guix.git] / gnu / services / dns.scm
CommitLineData
ba69e8f7
JL		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
8490a834 3;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
5a0b78e6 4;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
520bac7e 5;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
ba69e8f7
JL		 6;;;
7;;; This file is part of GNU Guix.
8;;;
9;;; GNU Guix is free software; you can redistribute it and/or modify it
10;;; under the terms of the GNU General Public License as published by
11;;; the Free Software Foundation; either version 3 of the License, or (at
12;;; your option) any later version.
13;;;
14;;; GNU Guix is distributed in the hope that it will be useful, but
15;;; WITHOUT ANY WARRANTY; without even the implied warranty of
16;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17;;; GNU General Public License for more details.
18;;;
19;;; You should have received a copy of the GNU General Public License
20;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
21
22(define-module (gnu services dns)
23 #:use-module (gnu services)
24 #:use-module (gnu services configuration)
25 #:use-module (gnu services shepherd)
26 #:use-module (gnu system shadow)
27 #:use-module (gnu packages admin)
28 #:use-module (gnu packages dns)
29 #:use-module (guix packages)
30 #:use-module (guix records)
31 #:use-module (guix gexp)
520bac7e 32 #:use-module (guix modules)
ba69e8f7 33 #:use-module (srfi srfi-1)
97f6e913 34 #:use-module (srfi srfi-26)
ba69e8f7
JL		 35 #:use-module (srfi srfi-34)
36 #:use-module (srfi srfi-35)
37 #:use-module (ice-9 match)
38 #:use-module (ice-9 regex)
39 #:export (knot-service-type
40 knot-acl-configuration
41 knot-key-configuration
42 knot-keystore-configuration
43 knot-zone-configuration
44 knot-remote-configuration
45 knot-policy-configuration
46 knot-configuration
47 define-zone-entries
48 zone-file
97f6e913
SB		 49 zone-entry
50
6ec68c69
SB		 51 knot-resolver-service-type
52 knot-resolver-configuration
53
97f6e913 54 dnsmasq-service-type
8490a834
OP		 55 dnsmasq-configuration
56
57 ddclient-service-type
58 ddclient-configuration))
ba69e8f7
JL		 59
60;;;
61;;; Knot DNS.
62;;;
63
64(define-record-type* <knot-key-configuration>
65 knot-key-configuration make-knot-key-configuration
66 knot-key-configuration?
67 (id knot-key-configuration-id
68 (default ""))
69 (algorithm knot-key-configuration-algorithm
70 (default #f)); one of #f, or an algorithm name
71 (secret knot-key-configuration-secret
72 (default "")))
73
74(define-record-type* <knot-acl-configuration>
75 knot-acl-configuration make-knot-acl-configuration
76 knot-acl-configuration?
77 (id knot-acl-configuration-id
78 (default ""))
79 (address knot-acl-configuration-address
80 (default '()))
81 (key knot-acl-configuration-key
82 (default '()))
83 (action knot-acl-configuration-action
84 (default '()))
85 (deny? knot-acl-configuration-deny?
86 (default #f)))
87
88(define-record-type* <zone-entry>
89 zone-entry make-zone-entry
90 zone-entry?
91 (name zone-entry-name
92 (default "@"))
93 (ttl zone-entry-ttl
94 (default ""))
95 (class zone-entry-class
96 (default "IN"))
97 (type zone-entry-type
98 (default "A"))
99 (data zone-entry-data
100 (default "")))
101
102(define-record-type* <zone-file>
103 zone-file make-zone-file
104 zone-file?
105 (entries zone-file-entries
106 (default '()))
107 (origin zone-file-origin
108 (default ""))
109 (ns zone-file-ns
110 (default "ns"))
111 (mail zone-file-mail
112 (default "hostmaster"))
113 (serial zone-file-serial
114 (default 1))
115 (refresh zone-file-refresh
f3853a25 116 (default (* 2 24 3600)))
ba69e8f7 117 (retry zone-file-retry
f3853a25 118 (default (* 15 60)))
ba69e8f7 119 (expiry zone-file-expiry
f3853a25 120 (default (* 2 7 24 3600)))
ba69e8f7 121 (nx zone-file-nx
f3853a25 122 (default 3600)))
ba69e8f7
JL		 123(define-record-type* <knot-keystore-configuration>
124 knot-keystore-configuration make-knot-keystore-configuration
125 knot-keystore-configuration?
126 (id knot-keystore-configuration-id
127 (default ""))
128 (backend knot-keystore-configuration-backend
129 (default 'pem))
130 (config knot-keystore-configuration-config
131 (default "/var/lib/knot/keys/keys")))
132
133(define-record-type* <knot-policy-configuration>
134 knot-policy-configuration make-knot-policy-configuration
135 knot-policy-configuration?
136 (id knot-policy-configuration-id
137 (default ""))
138 (keystore knot-policy-configuration-keystore
139 (default "default"))
140 (manual? knot-policy-configuration-manual?
141 (default #f))
142 (single-type-signing? knot-policy-configuration-single-type-signing?
143 (default #f))
144 (algorithm knot-policy-configuration-algorithm
145 (default "ecdsap256sha256"))
146 (ksk-size knot-policy-configuration-ksk-size
147 (default 256))
148 (zsk-size knot-policy-configuration-zsk-size
149 (default 256))
150 (dnskey-ttl knot-policy-configuration-dnskey-ttl
151 (default 'default))
152 (zsk-lifetime knot-policy-configuration-zsk-lifetime
f3853a25 153 (default (* 30 24 3600)))
ba69e8f7 154 (propagation-delay knot-policy-configuration-propagation-delay
f3853a25 155 (default (* 24 3600)))
ba69e8f7 156 (rrsig-lifetime knot-policy-configuration-rrsig-lifetime
f3853a25 157 (default (* 14 24 3600)))
ba69e8f7 158 (rrsig-refresh knot-policy-configuration-rrsig-refresh
f3853a25 159 (default (* 7 24 3600)))
ba69e8f7
JL		 160 (nsec3? knot-policy-configuration-nsec3?
161 (default #f))
162 (nsec3-iterations knot-policy-configuration-nsec3-iterations
163 (default 5))
164 (nsec3-salt-length knot-policy-configuration-nsec3-salt-length
165 (default 8))
166 (nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
f3853a25 167 (default (* 30 24 3600))))
ba69e8f7
JL		 168
169(define-record-type* <knot-zone-configuration>
170 knot-zone-configuration make-knot-zone-configuration
171 knot-zone-configuration?
6cd7b1be
JL		 172 (domain knot-zone-configuration-domain
173 (default ""))
174 (file knot-zone-configuration-file
175 (default "")) ; the file where this zone is saved.
176 (zone knot-zone-configuration-zone
177 (default (zone-file))) ; initial content of the zone file
178 (master knot-zone-configuration-master
179 (default '()))
180 (ddns-master knot-zone-configuration-ddns-master
181 (default #f))
182 (notify knot-zone-configuration-notify
183 (default '()))
184 (acl knot-zone-configuration-acl
185 (default '()))
186 (semantic-checks? knot-zone-configuration-semantic-checks?
187 (default #f))
188 (disable-any? knot-zone-configuration-disable-any?
189 (default #f))
190 (zonefile-sync knot-zone-configuration-zonefile-sync
191 (default 0))
192 (zonefile-load knot-zone-configuration-zonefile-load
193 (default #f))
194 (journal-content knot-zone-configuration-journal-content
195 (default #f))
196 (max-journal-usage knot-zone-configuration-max-journal-usage
197 (default #f))
198 (max-journal-depth knot-zone-configuration-max-journal-depth
199 (default #f))
200 (max-zone-size knot-zone-configuration-max-zone-size
201 (default #f))
202 (dnssec-policy knot-zone-configuration-dnssec-policy
203 (default #f))
204 (serial-policy knot-zone-configuration-serial-policy
205 (default 'increment)))
ba69e8f7
JL		 206
207(define-record-type* <knot-remote-configuration>
208 knot-remote-configuration make-knot-remote-configuration
209 knot-remote-configuration?
210 (id knot-remote-configuration-id
211 (default ""))
212 (address knot-remote-configuration-address
213 (default '()))
214 (via knot-remote-configuration-via
215 (default '()))
216 (key knot-remote-configuration-key
217 (default #f)))
218
219(define-record-type* <knot-configuration>
220 knot-configuration make-knot-configuration
221 knot-configuration?
222 (knot knot-configuration-knot
223 (default knot))
224 (run-directory knot-configuration-run-directory
225 (default "/var/run/knot"))
92eb600f
JL		 226 (includes knot-configuration-includes
227 (default '()))
ba69e8f7
JL		 228 (listen-v4 knot-configuration-listen-v4
229 (default "0.0.0.0"))
230 (listen-v6 knot-configuration-listen-v6
231 (default "::"))
232 (listen-port knot-configuration-listen-port
233 (default 53))
234 (keys knot-configuration-keys
235 (default '()))
236 (keystores knot-configuration-keystores
237 (default '()))
238 (acls knot-configuration-acls
239 (default '()))
240 (remotes knot-configuration-remotes
241 (default '()))
242 (policies knot-configuration-policies
243 (default '()))
244 (zones knot-configuration-zones
245 (default '())))
246
247(define-syntax define-zone-entries
248 (syntax-rules ()
249 ((_ id (name ttl class type data) ...)
250 (define id (list (make-zone-entry name ttl class type data) ...)))))
251
252(define (error-out msg)
253 (raise (condition (&message (message msg)))))
254
255(define (verify-knot-key-configuration key)
256 (unless (knot-key-configuration? key)
257 (error-out "keys must be a list of only knot-key-configuration."))
258 (let ((id (knot-key-configuration-id key)))
259 (unless (and (string? id) (not (equal? id "")))
260 (error-out "key id must be a non empty string.")))
408f0b4c
AA		 261 (unless (memq (knot-key-configuration-algorithm key)
262 '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512))
263 (error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1,
ba69e8f7
JL		 264'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512")))
265
266(define (verify-knot-keystore-configuration keystore)
267 (unless (knot-keystore-configuration? keystore)
268 (error-out "keystores must be a list of only knot-keystore-configuration."))
269 (let ((id (knot-keystore-configuration-id keystore)))
270 (unless (and (string? id) (not (equal? id "")))
271 (error-out "keystore id must be a non empty string.")))
408f0b4c
AA		 272 (unless (memq (knot-keystore-configuration-backend keystore)
273 '(pem pkcs11))
274 (error-out "backend must be one of: 'pem or 'pkcs11")))
ba69e8f7
JL		 275
276(define (verify-knot-policy-configuration policy)
f3853a25 277 (unless (knot-policy-configuration? policy)
ba69e8f7
JL		 278 (error-out "policies must be a list of only knot-policy-configuration."))
279 (let ((id (knot-policy-configuration-id policy)))
280 (unless (and (string? id) (not (equal? id "")))
281 (error-out "policy id must be a non empty string."))))
282
283(define (verify-knot-acl-configuration acl)
284 (unless (knot-acl-configuration? acl)
285 (error-out "acls must be a list of only knot-acl-configuration."))
286 (let ((id (knot-acl-configuration-id acl))
287 (address (knot-acl-configuration-address acl))
288 (key (knot-acl-configuration-key acl))
289 (action (knot-acl-configuration-action acl)))
290 (unless (and (string? id) (not (equal? id "")))
291 (error-out "acl id must be a non empty string."))
292 (unless (and (list? address)
408f0b4c 293 (every string? address))
ba69e8f7
JL		 294 (error-out "acl address must be a list of strings.")))
295 (unless (boolean? (knot-acl-configuration-deny? acl))
296 (error-out "deny? must be #t or #f.")))
297
298(define (verify-knot-zone-configuration zone)
299 (unless (knot-zone-configuration? zone)
300 (error-out "zones must be a list of only knot-zone-configuration."))
301 (let ((domain (knot-zone-configuration-domain zone)))
302 (unless (and (string? domain) (not (equal? domain "")))
303 (error-out "zone domain must be a non empty string."))))
304
305(define (verify-knot-remote-configuration remote)
306 (unless (knot-remote-configuration? remote)
307 (error-out "remotes must be a list of only knot-remote-configuration."))
308 (let ((id (knot-remote-configuration-id remote)))
309 (unless (and (string? id) (not (equal? id "")))
310 (error-out "remote id must be a non empty string."))))
311
312(define (verify-knot-configuration config)
313 (unless (package? (knot-configuration-knot config))
314 (error-out "knot configuration field must be a package."))
315 (unless (string? (knot-configuration-run-directory config))
316 (error-out "run-directory must be a string."))
92eb600f
JL		 317 (unless (list? (knot-configuration-includes config))
318 (error-out "includes must be a list of strings or file-like objects."))
ba69e8f7
JL		 319 (unless (list? (knot-configuration-keys config))
320 (error-out "keys must be a list of knot-key-configuration."))
321 (for-each (lambda (key) (verify-knot-key-configuration key))
322 (knot-configuration-keys config))
323 (unless (list? (knot-configuration-keystores config))
324 (error-out "keystores must be a list of knot-keystore-configuration."))
325 (for-each (lambda (keystore) (verify-knot-keystore-configuration keystore))
326 (knot-configuration-keystores config))
327 (unless (list? (knot-configuration-acls config))
328 (error-out "acls must be a list of knot-acl-configuration."))
329 (for-each (lambda (acl) (verify-knot-acl-configuration acl))
330 (knot-configuration-acls config))
331 (unless (list? (knot-configuration-zones config))
332 (error-out "zones must be a list of knot-zone-configuration."))
333 (for-each (lambda (zone) (verify-knot-zone-configuration zone))
334 (knot-configuration-zones config))
335 (unless (list? (knot-configuration-policies config))
336 (error-out "policies must be a list of knot-policy-configuration."))
337 (for-each (lambda (policy) (verify-knot-policy-configuration policy))
338 (knot-configuration-policies config))
339 (unless (list? (knot-configuration-remotes config))
340 (error-out "remotes must be a list of knot-remote-configuration."))
341 (for-each (lambda (remote) (verify-knot-remote-configuration remote))
342 (knot-configuration-remotes config))
343 #t)
344
345(define (format-string-list l)
346 "Formats a list of string in YAML"
347 (if (eq? l '())
348 ""
349 (let ((l (reverse l)))
350 (string-append
351 "["
352 (fold (lambda (x1 x2)
353 (string-append (if (symbol? x1) (symbol->string x1) x1) ", "
354 (if (symbol? x2) (symbol->string x2) x2)))
e379d1b5 355 (if (symbol? (car l)) (symbol->string (car l)) (car l)) (cdr l))
ba69e8f7
JL		 356 "]"))))
357
358(define (knot-acl-config acls)
359 (with-output-to-string
360 (lambda ()
361 (for-each
362 (lambda (acl-config)
363 (let ((id (knot-acl-configuration-id acl-config))
364 (address (knot-acl-configuration-address acl-config))
365 (key (knot-acl-configuration-key acl-config))
366 (action (knot-acl-configuration-action acl-config))
367 (deny? (knot-acl-configuration-deny? acl-config)))
368 (format #t " - id: ~a\n" id)
369 (unless (eq? address '())
370 (format #t " address: ~a\n" (format-string-list address)))
371 (unless (eq? key '())
372 (format #t " key: ~a\n" (format-string-list key)))
373 (unless (eq? action '())
374 (format #t " action: ~a\n" (format-string-list action)))
375 (format #t " deny: ~a\n" (if deny? "on" "off"))))
376 acls))))
377
378(define (knot-key-config keys)
379 (with-output-to-string
380 (lambda ()
381 (for-each
382 (lambda (key-config)
383 (let ((id (knot-key-configuration-id key-config))
384 (algorithm (knot-key-configuration-algorithm key-config))
385 (secret (knot-key-configuration-secret key-config)))
386 (format #t " - id: ~a\n" id)
387 (if algorithm
388 (format #t " algorithm: ~a\n" (symbol->string algorithm)))
389 (format #t " secret: ~a\n" secret)))
390 keys))))
391
392(define (knot-keystore-config keystores)
393 (with-output-to-string
394 (lambda ()
395 (for-each
396 (lambda (keystore-config)
397 (let ((id (knot-keystore-configuration-id keystore-config))
398 (backend (knot-keystore-configuration-backend keystore-config))
399 (config (knot-keystore-configuration-config keystore-config)))
400 (format #t " - id: ~a\n" id)
401 (format #t " backend: ~a\n" (symbol->string backend))
402 (format #t " config: \"~a\"\n" config)))
403 keystores))))
404
405(define (knot-policy-config policies)
406 (with-output-to-string
407 (lambda ()
408 (for-each
409 (lambda (policy-config)
410 (let ((id (knot-policy-configuration-id policy-config))
411 (keystore (knot-policy-configuration-keystore policy-config))
412 (manual? (knot-policy-configuration-manual? policy-config))
413 (single-type-signing? (knot-policy-configuration-single-type-signing?
414 policy-config))
415 (algorithm (knot-policy-configuration-algorithm policy-config))
416 (ksk-size (knot-policy-configuration-ksk-size policy-config))
417 (zsk-size (knot-policy-configuration-zsk-size policy-config))
418 (dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config))
419 (zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config))
420 (propagation-delay (knot-policy-configuration-propagation-delay
421 policy-config))
422 (rrsig-lifetime (knot-policy-configuration-rrsig-lifetime
423 policy-config))
424 (nsec3? (knot-policy-configuration-nsec3? policy-config))
425 (nsec3-iterations (knot-policy-configuration-nsec3-iterations
426 policy-config))
427 (nsec3-salt-length (knot-policy-configuration-nsec3-salt-length
428 policy-config))
429 (nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime
430 policy-config)))
431 (format #t " - id: ~a\n" id)
432 (format #t " keystore: ~a\n" keystore)
433 (format #t " manual: ~a\n" (if manual? "on" "off"))
434 (format #t " single-type-signing: ~a\n" (if single-type-signing?
435 "on" "off"))
436 (format #t " algorithm: ~a\n" algorithm)
437 (format #t " ksk-size: ~a\n" (number->string ksk-size))
438 (format #t " zsk-size: ~a\n" (number->string zsk-size))
439 (unless (eq? dnskey-ttl 'default)
440 (format #t " dnskey-ttl: ~a\n" dnskey-ttl))
441 (format #t " zsk-lifetime: ~a\n" zsk-lifetime)
442 (format #t " propagation-delay: ~a\n" propagation-delay)
443 (format #t " rrsig-lifetime: ~a\n" rrsig-lifetime)
444 (format #t " nsec3: ~a\n" (if nsec3? "on" "off"))
445 (format #t " nsec3-iterations: ~a\n"
446 (number->string nsec3-iterations))
447 (format #t " nsec3-salt-length: ~a\n"
448 (number->string nsec3-salt-length))
449 (format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime)))
450 policies))))
451
452(define (knot-remote-config remotes)
453 (with-output-to-string
454 (lambda ()
455 (for-each
456 (lambda (remote-config)
457 (let ((id (knot-remote-configuration-id remote-config))
458 (address (knot-remote-configuration-address remote-config))
459 (via (knot-remote-configuration-via remote-config))
460 (key (knot-remote-configuration-key remote-config)))
461 (format #t " - id: ~a\n" id)
462 (unless (eq? address '())
463 (format #t " address: ~a\n" (format-string-list address)))
464 (unless (eq? via '())
465 (format #t " via: ~a\n" (format-string-list via)))
466 (if key
467 (format #t " key: ~a\n" key))))
468 remotes))))
469
470(define (serialize-zone-entries entries)
471 (with-output-to-string
472 (lambda ()
473 (for-each
474 (lambda (entry)
475 (let ((name (zone-entry-name entry))
476 (ttl (zone-entry-ttl entry))
477 (class (zone-entry-class entry))
478 (type (zone-entry-type entry))
479 (data (zone-entry-data entry)))
480 (format #t "~a ~a ~a ~a ~a\n" name ttl class type data)))
481 entries))))
482
483(define (serialize-zone-file zone domain)
484 (computed-file (string-append domain ".zone")
485 #~(begin
486 (call-with-output-file #$output
487 (lambda (port)
488 (format port "$ORIGIN ~a.\n"
489 #$(zone-file-origin zone))
490 (format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n"
491 #$(zone-file-ns zone)
492 #$(zone-file-mail zone)
493 #$(zone-file-serial zone)
494 #$(zone-file-refresh zone)
495 #$(zone-file-retry zone)
496 #$(zone-file-expiry zone)
497 #$(zone-file-nx zone))
498 (format port "~a\n"
499 #$(serialize-zone-entries (zone-file-entries zone))))))))
500
501(define (knot-zone-config zone)
502 (let ((content (knot-zone-configuration-zone zone)))
503 #~(with-output-to-string
504 (lambda ()
505 (let ((domain #$(knot-zone-configuration-domain zone))
506 (file #$(knot-zone-configuration-file zone))
507 (master (list #$@(knot-zone-configuration-master zone)))
508 (ddns-master #$(knot-zone-configuration-ddns-master zone))
509 (notify (list #$@(knot-zone-configuration-notify zone)))
510 (acl (list #$@(knot-zone-configuration-acl zone)))
511 (semantic-checks? #$(knot-zone-configuration-semantic-checks? zone))
512 (disable-any? #$(knot-zone-configuration-disable-any? zone))
b8e2bd4f
JL		 513 (zonefile-sync #$(knot-zone-configuration-zonefile-sync zone))
514 (zonefile-load '#$(knot-zone-configuration-zonefile-load zone))
6cd7b1be
JL		 515 (journal-content #$(knot-zone-configuration-journal-content zone))
516 (max-journal-usage #$(knot-zone-configuration-max-journal-usage zone))
517 (max-journal-depth #$(knot-zone-configuration-max-journal-depth zone))
518 (max-zone-size #$(knot-zone-configuration-max-zone-size zone))
ba69e8f7
JL		 519 (dnssec-policy #$(knot-zone-configuration-dnssec-policy zone))
520 (serial-policy '#$(knot-zone-configuration-serial-policy zone)))
521 (format #t " - domain: ~a\n" domain)
522 (if (eq? master '())
523 ;; This server is a master
524 (if (equal? file "")
525 (format #t " file: ~a\n"
526 #$(serialize-zone-file content
527 (knot-zone-configuration-domain zone)))
528 (format #t " file: ~a\n" file))
529 ;; This server is a slave (has masters)
530 (begin
531 (format #t " master: ~a\n"
532 #$(format-string-list
533 (knot-zone-configuration-master zone)))
534 (if ddns-master (format #t " ddns-master ~a\n" ddns-master))))
535 (unless (eq? notify '())
536 (format #t " notify: ~a\n"
537 #$(format-string-list
538 (knot-zone-configuration-notify zone))))
539 (unless (eq? acl '())
540 (format #t " acl: ~a\n"
541 #$(format-string-list
542 (knot-zone-configuration-acl zone))))
543 (format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off"))
544 (format #t " disable-any: ~a\n" (if disable-any? "on" "off"))
6cd7b1be
JL		 545 (if zonefile-sync
546 (format #t " zonefile-sync: ~a\n" zonefile-sync))
547 (if zonefile-load
548 (format #t " zonefile-load: ~a\n"
549 (symbol->string zonefile-load)))
550 (if journal-content
551 (format #t " journal-content: ~a\n"
552 (symbol->string journal-content)))
553 (if max-journal-usage
554 (format #t " max-journal-usage: ~a\n" max-journal-usage))
555 (if max-journal-depth
556 (format #t " max-journal-depth: ~a\n" max-journal-depth))
557 (if max-zone-size
558 (format #t " max-zone-size: ~a\n" max-zone-size))
ba69e8f7
JL		 559 (if dnssec-policy
560 (begin
561 (format #t " dnssec-signing: on\n")
562 (format #t " dnssec-policy: ~a\n" dnssec-policy)))
563 (format #t " serial-policy: ~a\n"
564 (symbol->string serial-policy)))))))
565
566(define (knot-config-file config)
567 (verify-knot-configuration config)
568 (computed-file "knot.conf"
569 #~(begin
570 (call-with-output-file #$output
571 (lambda (port)
435551f0
LC		 572 (for-each (lambda (inc)
573 (format port "include: ~a\n" inc))
574 '#$(knot-configuration-includes config))
ba69e8f7
JL		 575 (format port "server:\n")
576 (format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
577 (format port " user: knot\n")
578 (format port " listen: ~a@~a\n"
579 #$(knot-configuration-listen-v4 config)
580 #$(knot-configuration-listen-port config))
581 (format port " listen: ~a@~a\n"
582 #$(knot-configuration-listen-v6 config)
583 #$(knot-configuration-listen-port config))
584 (format port "\nkey:\n")
585 (format port #$(knot-key-config (knot-configuration-keys config)))
586 (format port "\nkeystore:\n")
587 (format port #$(knot-keystore-config (knot-configuration-keystores config)))
588 (format port "\nacl:\n")
589 (format port #$(knot-acl-config (knot-configuration-acls config)))
590 (format port "\nremote:\n")
591 (format port #$(knot-remote-config (knot-configuration-remotes config)))
592 (format port "\npolicy:\n")
593 (format port #$(knot-policy-config (knot-configuration-policies config)))
594 (unless #$(eq? (knot-configuration-zones config) '())
595 (format port "\nzone:\n")
596 (format port "~a\n"
597 (string-concatenate
598 (list #$@(map knot-zone-config
599 (knot-configuration-zones config)))))))))))
600
601(define %knot-accounts
602 (list (user-group (name "knot") (system? #t))
603 (user-account
604 (name "knot")
605 (group "knot")
606 (system? #t)
607 (comment "knot dns server user")
608 (home-directory "/var/empty")
609 (shell (file-append shadow "/sbin/nologin")))))
610
611(define (knot-activation config)
520bac7e
MD		 612 (with-imported-modules (source-module-closure '((gnu build activation)))
613 #~(begin
614 (use-modules (gnu build activation))
615 (mkdir-p/perms #$(knot-configuration-run-directory config)
616 (getpwnam "knot") #o755)
617 (mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755)
618 (mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755)
619 (mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755))))
ba69e8f7
JL		 620
621(define (knot-shepherd-service config)
622 (let* ((config-file (knot-config-file config))
623 (knot (knot-configuration-knot config)))
624 (list (shepherd-service
625 (documentation "Run the Knot DNS daemon.")
626 (provision '(knot dns))
627 (requirement '(networking))
628 (start #~(make-forkexec-constructor
629 (list (string-append #$knot "/sbin/knotd")
630 "-c" #$config-file)))
631 (stop #~(make-kill-destructor))))))
632
633(define knot-service-type
634 (service-type (name 'knot)
635 (extensions
636 (list (service-extension shepherd-root-service-type
637 knot-shepherd-service)
638 (service-extension activation-service-type
639 knot-activation)
640 (service-extension account-service-type
dd0804c6
LC		 641 (const %knot-accounts))))
642 (description
643 "Run @uref{https://www.knot-dns.cz/, Knot}, an authoritative
644name server for the @acronym{DNS, Domain Name System}.")))
97f6e913
SB		 645
646\f
6ec68c69
SB		 647;;;
648;;; Knot Resolver.
649;;;
650
651(define-record-type* <knot-resolver-configuration>
652 knot-resolver-configuration
653 make-knot-resolver-configuration
654 knot-resolver-configuration?
655 (package knot-resolver-configuration-package
656 (default knot-resolver))
657 (kresd-config-file knot-resolver-kresd-config-file
658 (default %kresd.conf))
659 (garbage-collection-interval knot-resolver-garbage-collection-interval
660 (default 1000)))
661
662(define %kresd.conf
663 (plain-file "kresd.conf" "-- -*- mode: lua -*-
244db6bb 664trust_anchors.add_file('/var/cache/knot-resolver/root.keys')
6ec68c69
SB		 665net = { '127.0.0.1', '::1' }
666user('knot-resolver', 'knot-resolver')
667modules = { 'hints > iterate', 'stats', 'predict' }
668cache.size = 100 * MB
669"))
670
671(define %knot-resolver-accounts
672 (list (user-group
673 (name "knot-resolver")
674 (system? #t))
675 (user-account
676 (name "knot-resolver")
677 (group "knot-resolver")
678 (system? #t)
679 (home-directory "/var/cache/knot-resolver")
680 (shell (file-append shadow "/sbin/nologin")))))
681
682(define (knot-resolver-activation config)
683 #~(begin
684 (use-modules (guix build utils))
685 (let ((rundir "/var/cache/knot-resolver")
686 (owner (getpwnam "knot-resolver")))
687 (mkdir-p rundir)
688 (chown rundir (passwd:uid owner) (passwd:gid owner)))))
689
690(define knot-resolver-shepherd-services
691 (match-lambda
692 (($ <knot-resolver-configuration> package
693 kresd-config-file
694 garbage-collection-interval)
695 (list
696 (shepherd-service
697 (provision '(kresd))
698 (requirement '(networking))
699 (documentation "Run the Knot Resolver daemon.")
700 (start #~(make-forkexec-constructor
701 '(#$(file-append package "/sbin/kresd")
5ede2595 702 "-c" #$kresd-config-file "-n"
6ec68c69
SB		 703 "/var/cache/knot-resolver")))
704 (stop #~(make-kill-destructor)))
705 (shepherd-service
706 (provision '(kres-cache-gc))
707 (requirement '(user-processes))
708 (documentation "Run the Knot Resolver Garbage Collector daemon.")
709 (start #~(make-forkexec-constructor
710 '(#$(file-append package "/sbin/kres-cache-gc")
711 "-d" #$(number->string garbage-collection-interval)
712 "-c" "/var/cache/knot-resolver")
713 #:user "knot-resolver"
714 #:group "knot-resolver"))
715 (stop #~(make-kill-destructor)))))))
716
717(define knot-resolver-service-type
718 (service-type
719 (name 'knot-resolver)
720 (extensions
721 (list (service-extension shepherd-root-service-type
722 knot-resolver-shepherd-services)
723 (service-extension activation-service-type
724 knot-resolver-activation)
725 (service-extension account-service-type
726 (const %knot-resolver-accounts))))
727 (default-value (knot-resolver-configuration))
728 (description "Run the Knot DNS Resolver.")))
729
730\f
97f6e913
SB		 731;;;
732;;; Dnsmasq.
733;;;
734
735(define-record-type* <dnsmasq-configuration>
736 dnsmasq-configuration make-dnsmasq-configuration
737 dnsmasq-configuration?
738 (package dnsmasq-configuration-package
739 (default dnsmasq)) ;package
740 (no-hosts? dnsmasq-configuration-no-hosts?
741 (default #f)) ;boolean
742 (port dnsmasq-configuration-port
743 (default 53)) ;integer
744 (local-service? dnsmasq-configuration-local-service?
745 (default #t)) ;boolean
746 (listen-addresses dnsmasq-configuration-listen-address
747 (default '())) ;list of string
748 (resolv-file dnsmasq-configuration-resolv-file
749 (default "/etc/resolv.conf")) ;string
750 (no-resolv? dnsmasq-configuration-no-resolv?
751 (default #f)) ;boolean
752 (servers dnsmasq-configuration-servers
753 (default '())) ;list of string
5a0b78e6
PL		 754 (addresses dnsmasq-configuration-addresses
755 (default '())) ;list of string
97f6e913
SB		 756 (cache-size dnsmasq-configuration-cache-size
757 (default 150)) ;integer
c061eb58 758 (negative-cache? dnsmasq-configuration-negative-cache?
34d1c0a0
DM		 759 (default #t)) ;boolean
760 (tftp-enable? dnsmasq-configuration-tftp-enable?
761 (default #f)) ;boolean
762 (tftp-no-fail? dnsmasq-configuration-tftp-no-fail?
763 (default #f)) ;boolean
764 (tftp-single-port? dnsmasq-configuration-tftp-single-port?
765 (default #f)) ;boolean
766 (tftp-secure? dnsmasq-tftp-secure?
767 (default #f)) ;boolean
768 (tftp-max dnsmasq-tftp-max
769 (default #f)) ;integer
770 (tftp-mtu dnsmasq-tftp-mtu
771 (default #f)) ;integer
772 (tftp-no-blocksize? dnsmasq-tftp-no-blocksize?
773 (default #f)) ;boolean
774 (tftp-lowercase? dnsmasq-tftp-lowercase?
775 (default #f)) ;boolean
776 (tftp-port-range dnsmasq-tftp-port-range
777 (default #f)) ;string
778 (tftp-root dnsmasq-tftp-root
779 (default "/var/empty,lo")) ;string
780 (tftp-unique-root dnsmasq-tftp-unique-root
781 (default #f))) ;"" or "ip" or "mac"
97f6e913
SB		 782
783(define dnsmasq-shepherd-service
784 (match-lambda
785 (($ <dnsmasq-configuration> package
786 no-hosts?
787 port local-service? listen-addresses
788 resolv-file no-resolv? servers
34d1c0a0
DM		 789 addresses cache-size negative-cache?
790 tftp-enable? tftp-no-fail?
791 tftp-single-port? tftp-secure?
792 tftp-max tftp-mtu tftp-no-blocksize?
793 tftp-lowercase? tftp-port-range
794 tftp-root tftp-unique-root)
97f6e913
SB		 795 (shepherd-service
796 (provision '(dnsmasq))
797 (requirement '(networking))
798 (documentation "Run the dnsmasq DNS server.")
799 (start #~(make-forkexec-constructor
800 '(#$(file-append package "/sbin/dnsmasq")
801 "--keep-in-foreground"
802 "--pid-file=/run/dnsmasq.pid"
803 #$@(if no-hosts?
804 '("--no-hosts")
805 '())
806 #$(format #f "--port=~a" port)
807 #$@(if local-service?
808 '("--local-service")
809 '())
810 #$@(map (cut format #f "--listen-address=~a" <>)
811 listen-addresses)
812 #$(format #f "--resolv-file=~a" resolv-file)
813 #$@(if no-resolv?
814 '("--no-resolv")
815 '())
816 #$@(map (cut format #f "--server=~a" <>)
817 servers)
5a0b78e6
PL		 818 #$@(map (cut format #f "--address=~a" <>)
819 addresses)
97f6e913 820 #$(format #f "--cache-size=~a" cache-size)
c061eb58
SB		 821 #$@(if negative-cache?
822 '()
34d1c0a0
DM		 823 '("--no-negcache"))
824 #$@(if tftp-enable?
825 '("--enable-tftp")
826 '())
827 #$@(if tftp-no-fail?
828 '("--tftp-no-fail")
829 '())
830 #$@(if tftp-single-port?
831 '("--tftp-single-port")
832 '())
833 #$@(if tftp-secure?
834 '("--tftp-secure?")
835 '())
836 #$@(if tftp-max
837 (list (format #f "--tftp-max=~a" tftp-max))
838 '())
839 #$@(if tftp-mtu
840 (list (format #f "--tftp-mtu=~a" tftp-mtu))
841 '())
842 #$@(if tftp-no-blocksize?
843 '("--tftp-no-blocksize")
844 '())
845 #$@(if tftp-lowercase?
846 '("--tftp-lowercase")
847 '())
848 #$@(if tftp-port-range
849 (list (format #f "--tftp-port-range=~a"
850 tftp-port-range))
851 '())
852 #$@(if tftp-root
853 (list (format #f "--tftp-root=~a" tftp-root))
854 '())
855 #$@(if tftp-unique-root
856 (list
857 (if (> (length tftp-unique-root) 0)
858 (format #f "--tftp-unique-root=~a" tftp-unique-root)
859 (format #f "--tftp-unique-root")))
860 '()))
97f6e913
SB		 861 #:pid-file "/run/dnsmasq.pid"))
862 (stop #~(make-kill-destructor))))))
863
864(define dnsmasq-service-type
865 (service-type
866 (name 'dnsmasq)
867 (extensions
868 (list (service-extension shepherd-root-service-type
0d4c2d35
SB		 869 (compose list dnsmasq-shepherd-service))))
870 (default-value (dnsmasq-configuration))
871 (description "Run the dnsmasq DNS server.")))
8490a834
OP		 872
873\f
874;;;
875;;; ddclient
876;;;
877
878(define (uglify-field-name field-name)
879 (string-delete #\? (symbol->string field-name)))
880
881(define (serialize-field field-name val)
9325533b
OP		 882 (when (not (member field-name '(group secret-file user)))
883 (format #t "~a=~a\n" (uglify-field-name field-name) val)))
8490a834
OP		 884
885(define (serialize-boolean field-name val)
886 (serialize-field field-name (if val "yes" "no")))
887
888(define (serialize-integer field-name val)
889 (serialize-field field-name (number->string val)))
890
891(define (serialize-string field-name val)
892 (if (and (string? val) (string=? val ""))
893 ""
894 (serialize-field field-name val)))
895
896(define (serialize-list field-name val)
897 (if (null? val) "" (serialize-field field-name (string-join val))))
898
899(define (serialize-extra-options extra-options)
900 (string-join extra-options "\n" 'suffix))
901
902(define-configuration ddclient-configuration
903 (ddclient
904 (package ddclient)
905 "The ddclient package.")
906 (daemon
907 (integer 300)
908 "The period after which ddclient will retry to check IP and domain name.")
909 (syslog
910 (boolean #t)
911 "Use syslog for the output.")
912 (mail
913 (string "root")
914 "Mail to user.")
915 (mail-failure
916 (string "root")
917 "Mail failed update to user.")
918 (pid
919 (string "/var/run/ddclient/ddclient.pid")
920 "The ddclient PID file.")
921 (ssl
922 (boolean #t)
923 "Enable SSL support.")
924 (user
925 (string "ddclient")
926 "Specifies the user name or ID that is used when running ddclient
927program.")
928 (group
929 (string "ddclient")
930 "Group of the user who will run the ddclient program.")
931 (secret-file
932 (string "/etc/ddclient/secrets.conf")
933 "Secret file which will be appended to @file{ddclient.conf} file. This
934file contains credentials for use by ddclient. You are expected to create it
935manually.")
936 (extra-options
937 (list '())
938 "Extra options will be appended to @file{ddclient.conf} file."))
939
940(define (ddclient-account config)
941 "Return the user accounts and user groups for CONFIG."
942 (let ((ddclient-user (ddclient-configuration-user config))
943 (ddclient-group (ddclient-configuration-group config)))
944 (list (user-group
945 (name ddclient-group)
946 (system? #t))
947 (user-account
948 (name ddclient-user)
949 (system? #t)
950 (group ddclient-group)
951 (comment "ddclientd privilege separation user")
952 (home-directory (string-append "/var/run/" ddclient-user))))))
953
954(define (ddclient-activation config)
955 "Return the activation GEXP for CONFIG."
956 (with-imported-modules '((guix build utils)
957 (ice-9 rdelim))
958 #~(begin
959 (use-modules (guix build utils)
960 (ice-9 rdelim))
961 (let ((ddclient-user
7f860a8b 962 (passwd:uid (getpw #$(ddclient-configuration-user config))))
8490a834 963 (ddclient-group
7f860a8b 964 (passwd:gid (getpw #$(ddclient-configuration-group config))))
8490a834
OP		 965 (ddclient-secret-file
966 #$(ddclient-configuration-secret-file config)))
967 ;; 'ddclient' complains about ddclient.conf file permissions, which
968 ;; rules out /gnu/store. Thus we copy the ddclient.conf to /etc.
969 (for-each (lambda (dir)
970 (mkdir-p dir)
971 (chmod dir #o700)
972 (chown dir ddclient-user ddclient-group))
973 '("/var/cache/ddclient" "/var/run/ddclient"
974 "/etc/ddclient"))
975 (with-output-to-file "/etc/ddclient/ddclient.conf"
976 (lambda ()
977 (display
978 (string-append
979 "# Generated by 'ddclient-service'.\n\n"
980 #$(with-output-to-string
981 (lambda ()
982 (serialize-configuration config
983 ddclient-configuration-fields)))
984 (if (string-null? ddclient-secret-file)
985 ""
986 (format #f "\n\n# Appended from '~a'.\n\n~a"
987 ddclient-secret-file
988 (with-input-from-file ddclient-secret-file
989 read-string)))))))
990 (chmod "/etc/ddclient/ddclient.conf" #o600)
991 (chown "/etc/ddclient/ddclient.conf"
992 ddclient-user ddclient-group)))))
993
994(define (ddclient-shepherd-service config)
995 "Return a <shepherd-service> for ddclient with CONFIG."
996 (let ((ddclient (ddclient-configuration-ddclient config))
997 (ddclient-pid (ddclient-configuration-pid config))
998 (ddclient-user (ddclient-configuration-user config))
999 (ddclient-group (ddclient-configuration-group config)))
1000 (list (shepherd-service
1001 (provision '(ddclient))
1002 (documentation "Run ddclient daemon.")
1003 (start #~(make-forkexec-constructor
1004 (list #$(file-append ddclient "/bin/ddclient")
1005 "-foreground"
1006 "-file" "/etc/ddclient/ddclient.conf")
1007 #:pid-file #$ddclient-pid
1008 #:environment-variables
1009 (list "SSL_CERT_DIR=/run/current-system/profile\
1010/etc/ssl/certs"
1011 "SSL_CERT_FILE=/run/current-system/profile\
1012/etc/ssl/certs/ca-certificates.crt")
1013 #:user #$ddclient-user
1014 #:group #$ddclient-group))
1015 (stop #~(make-kill-destructor))))))
1016
1017(define ddclient-service-type
1018 (service-type
1019 (name 'ddclient)
1020 (extensions
1021 (list (service-extension account-service-type
1022 ddclient-account)
1023 (service-extension shepherd-root-service-type
1024 ddclient-shepherd-service)
1025 (service-extension activation-service-type
1026 ddclient-activation)))
1027 (default-value (ddclient-configuration))
1028 (description "Configure address updating utility for dynamic DNS services,
1029ddclient.")))
1030
1031(define (generate-ddclient-documentation)
1032 (generate-documentation
1033 `((ddclient-configuration ,ddclient-configuration-fields))
1034 'ddclient-configuration))
jackhill's copy of GNU Guix: https://guix.gnu.org/