[jackhill/guix/guix.git] / gnu / services / rsync.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services rsync)
  #:use-module (gnu services)
  #:use-module (gnu services base)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system shadow)
  #:use-module (gnu packages rsync)
  #:use-module (gnu packages admin)
  #:use-module (guix records)
  #:use-module (guix gexp)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (ice-9 match)
  #:export (rsync-configuration
            rsync-configuration?
            rsync-service-type))

;;;; Commentary:
;;;
;;; This module implements a service that to run instance of Rsync,
;;; files synchronization tool.
;;;
;;;; Code:

(define-record-type* <rsync-configuration>
  rsync-configuration
  make-rsync-configuration
  rsync-configuration?
  (package       rsync-configuration-package              ; package
                 (default rsync))
  (port-number   rsync-configuration-port-number          ; integer
                 (default 873))
  (pid-file      rsync-configuration-pid-file             ; string
                 (default "/var/run/rsyncd/rsyncd.pid"))
  (lock-file     rsync-configuration-lock-file            ; string
                 (default "/var/run/rsyncd/rsyncd.lock"))
  (log-file      rsync-configuration-log-file             ; string
                 (default "/var/log/rsyncd.log"))
  (use-chroot?   rsync-configuration-use-chroot?          ; boolean
                 (default #t))
  (share-path    rsync-configuration-share-path           ; string
                 (default "/srv/rsyncd"))
  (share-comment rsync-configuration-share-comment        ; string
                 (default "Rsync share"))
  (read-only?    rsync-configuration-read-only?           ; boolean
                 (default #f))
  (timeout       rsync-configuration-timeout              ; integer
                 (default 300))
  (user          rsync-configuration-user                 ; string
                 (default "root"))
  (group         rsync-configuration-group                ; string
                 (default "root"))
  (uid           rsync-configuration-uid                  ; string
                 (default "rsyncd"))
  (gid           rsync-configuration-gid                  ; string
                 (default "rsyncd")))

(define (rsync-account config)
  "Return the user accounts and user groups for CONFIG."
  (let ((rsync-user (if (rsync-configuration-uid config)
                        (rsync-configuration-uid config)
                        (rsync-configuration-user config)))
        (rsync-group (if (rsync-configuration-gid config)
                         (rsync-configuration-gid config)
                         (rsync-configuration-group config))))
    (list (user-group (name rsync-group) (system? #t))
          (user-account
           (name rsync-user)
           (system? #t)
           (group rsync-group)
           (comment "rsyncd privilege separation user")
           (home-directory (string-append "/var/run/"
                                          rsync-user))
           (shell (file-append shadow "/sbin/nologin"))))))

(define (rsync-activation config)
  "Return the activation GEXP for CONFIG."
  (with-imported-modules '((guix build utils))
    #~(begin
        (let ((share-directory  #$(rsync-configuration-share-path config))
              (user  (getpw (if #$(rsync-configuration-uid config)
                                #$(rsync-configuration-uid config)
                                #$(rsync-configuration-user config))))
              (group (getpw (if #$(rsync-configuration-gid config)
                                #$(rsync-configuration-gid config)
                                #$(rsync-configuration-group config)))))
          (mkdir-p (dirname #$(rsync-configuration-pid-file config)))
          (and=> share-directory mkdir-p)
          (chown share-directory
                 (passwd:uid user)
                 (group:gid group))))))

(define rsync-config-file
  ;; Return the rsync configuration file corresponding to CONFIG.
  (match-lambda
    (($ <rsync-configuration> package port-number pid-file lock-file log-file
                              use-chroot? share-path share-comment read-only?
                              timeout user group uid gid)
     (if (not (string=? user "root"))
         (cond
          ((<= port-number 1024)
           (error (string-append "rsync-service: to run on port "
                                 (number->string port-number)
                                 ", user must be root.")))
          (use-chroot?
           (error (string-append "rsync-service: to run in a chroot"
                                 ", user must be root.")))
          (uid
           (error "rsync-service: to use uid, user must be root."))
          (gid
           (error "rsync-service: to use gid, user must be root."))))
     (mixed-text-file
      "rsync.conf"
      "# Generated by 'rsync-service'.\n\n"
      "pid file = " pid-file "\n"
      "lock file = " lock-file "\n"
      "log file = " log-file "\n"
      "port = " (number->string port-number) "\n"
      "use chroot = " (if use-chroot? "true" "false") "\n"
      (if uid (string-append "uid = " uid "\n") "")
      "gid = " (if gid gid "nogroup") "\n" ; no group nobody
      "\n"
      "[files]\n"
      "path = " share-path "\n"
      "comment = " share-comment "\n"
      "read only = " (if read-only? "true" "false") "\n"
      "timeout = " (number->string timeout) "\n"))))

(define (rsync-shepherd-service config)
  "Return a <shepherd-service> for rsync with CONFIG."
  (let* ((rsync       (rsync-configuration-package config))
         (pid-file    (rsync-configuration-pid-file config))
         (port-number (rsync-configuration-port-number config))
         (user        (rsync-configuration-user config))
         (group       (rsync-configuration-group config)))
    (list (shepherd-service
           (provision '(rsync))
           (documentation "Run rsync daemon.")
           (start #~(make-forkexec-constructor
                     (list (string-append #$rsync "/bin/rsync")
                           "--config" #$(rsync-config-file config)
                           "--daemon")
                     #:pid-file #$pid-file
                     #:user #$user
                     #:group #$group))
           (stop #~(make-kill-destructor))))))

(define rsync-service-type
  (service-type
   (name 'rsync)
   (extensions
    (list (service-extension shepherd-root-service-type rsync-shepherd-service)
          (service-extension account-service-type rsync-account)
          (service-extension activation-service-type rsync-activation)))
   (default-value (rsync-configuration))))
Commit	Line	Data
9db7e9be OP	1	;;; GNU Guix --- Functional package management for GNU
	2	;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (gnu services rsync)
	20	#:use-module (gnu services)
	21	#:use-module (gnu services base)
	22	#:use-module (gnu services shepherd)
	23	#:use-module (gnu system shadow)
	24	#:use-module (gnu packages rsync)
	25	#:use-module (gnu packages admin)
	26	#:use-module (guix records)
	27	#:use-module (guix gexp)
	28	#:use-module (srfi srfi-1)
	29	#:use-module (srfi srfi-26)
	30	#:use-module (ice-9 match)
	31	#:export (rsync-configuration
	32	rsync-configuration?
	33	rsync-service-type))
	34
	35	;;;; Commentary:
	36	;;;
	37	;;; This module implements a service that to run instance of Rsync,
	38	;;; files synchronization tool.
	39	;;;
	40	;;;; Code:
	41
	42	(define-record-type* <rsync-configuration>
	43	rsync-configuration
	44	make-rsync-configuration
	45	rsync-configuration?
	46	(package rsync-configuration-package ; package
	47	(default rsync))
	48	(port-number rsync-configuration-port-number ; integer
	49	(default 873))
	50	(pid-file rsync-configuration-pid-file ; string
	51	(default "/var/run/rsyncd/rsyncd.pid"))
	52	(lock-file rsync-configuration-lock-file ; string
	53	(default "/var/run/rsyncd/rsyncd.lock"))
	54	(log-file rsync-configuration-log-file ; string
	55	(default "/var/log/rsyncd.log"))
	56	(use-chroot? rsync-configuration-use-chroot? ; boolean
	57	(default #t))
	58	(share-path rsync-configuration-share-path ; string
	59	(default "/srv/rsyncd"))
	60	(share-comment rsync-configuration-share-comment ; string
	61	(default "Rsync share"))
	62	(read-only? rsync-configuration-read-only? ; boolean
	63	(default #f))
	64	(timeout rsync-configuration-timeout ; integer
65	(default 300))
66	(user rsync-configuration-user ; string
67	(default "root"))
68	(group rsync-configuration-group ; string
69	(default "root"))
70	(uid rsync-configuration-uid ; string
71	(default "rsyncd"))
72	(gid rsync-configuration-gid ; string
73	(default "rsyncd")))
74
75	(define (rsync-account config)
76	"Return the user accounts and user groups for CONFIG."
77	(let ((rsync-user (if (rsync-configuration-uid config)
78	(rsync-configuration-uid config)
79	(rsync-configuration-user config)))
80	(rsync-group (if (rsync-configuration-gid config)
81	(rsync-configuration-gid config)
82	(rsync-configuration-group config))))
83	(list (user-group (name rsync-group) (system? #t))
84	(user-account
85	(name rsync-user)
86	(system? #t)
87	(group rsync-group)
88	(comment "rsyncd privilege separation user")
89	(home-directory (string-append "/var/run/"
90	rsync-user))
56a93cb9	91	(shell (file-append shadow "/sbin/nologin"))))))
9db7e9be OP	92
	93	(define (rsync-activation config)
	94	"Return the activation GEXP for CONFIG."
	95	(with-imported-modules '((guix build utils))
	96	#~(begin
	97	(let ((share-directory #$(rsync-configuration-share-path config))
	98	(user (getpw (if #$(rsync-configuration-uid config)
	99	#$(rsync-configuration-uid config)
	100	#$(rsync-configuration-user config))))
	101	(group (getpw (if #$(rsync-configuration-gid config)
	102	#$(rsync-configuration-gid config)
	103	#$(rsync-configuration-group config)))))
	104	(mkdir-p (dirname #$(rsync-configuration-pid-file config)))
	105	(and=> share-directory mkdir-p)
	106	(chown share-directory
	107	(passwd:uid user)
	108	(group:gid group))))))
	109
	110	(define rsync-config-file
	111	;; Return the rsync configuration file corresponding to CONFIG.
	112	(match-lambda
	113	(($ <rsync-configuration> package port-number pid-file lock-file log-file
	114	use-chroot? share-path share-comment read-only?
	115	timeout user group uid gid)
	116	(if (not (string=? user "root"))
	117	(cond
	118	((<= port-number 1024)
	119	(error (string-append "rsync-service: to run on port "
	120	(number->string port-number)
	121	", user must be root.")))
	122	(use-chroot?
	123	(error (string-append "rsync-service: to run in a chroot"
	124	", user must be root.")))
	125	(uid
	126	(error "rsync-service: to use uid, user must be root."))
	127	(gid
	128	(error "rsync-service: to use gid, user must be root."))))
	129	(mixed-text-file
	130	"rsync.conf"
	131	"# Generated by 'rsync-service'.\n\n"
	132	"pid file = " pid-file "\n"
	133	"lock file = " lock-file "\n"
	134	"log file = " log-file "\n"
	135	"port = " (number->string port-number) "\n"
	136	"use chroot = " (if use-chroot? "true" "false") "\n"
	137	(if uid (string-append "uid = " uid "\n") "")
	138	"gid = " (if gid gid "nogroup") "\n" ; no group nobody
	139	"\n"
	140	"[files]\n"
	141	"path = " share-path "\n"
	142	"comment = " share-comment "\n"
	143	"read only = " (if read-only? "true" "false") "\n"
	144	"timeout = " (number->string timeout) "\n"))))
	145
	146	(define (rsync-shepherd-service config)
	147	"Return a <shepherd-service> for rsync with CONFIG."
	148	(let* ((rsync (rsync-configuration-package config))
	149	(pid-file (rsync-configuration-pid-file config))
	150	(port-number (rsync-configuration-port-number config))
	151	(user (rsync-configuration-user config))
	152	(group (rsync-configuration-group config)))
	153	(list (shepherd-service
	154	(provision '(rsync))
	155	(documentation "Run rsync daemon.")
156	(start #~(make-forkexec-constructor
157	(list (string-append #$rsync "/bin/rsync")
158	"--config" #$(rsync-config-file config)
159	"--daemon")
160	#:pid-file #$pid-file
161	#:user #$user
162	#:group #$group))
163	(stop #~(make-kill-destructor))))))
164
165	(define rsync-service-type
166	(service-type
167	(name 'rsync)
168	(extensions
169	(list (service-extension shepherd-root-service-type rsync-shepherd-service)
170	(service-extension account-service-type rsync-account)
171	(service-extension activation-service-type rsync-activation)))
172	(default-value (rsync-configuration))))