1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
4 ;;; This file is part of GNU Guix.
6 ;;; GNU Guix is free software; you can redistribute it and/or modify it
7 ;;; under the terms of the GNU General Public License as published by
8 ;;; the Free Software Foundation; either version 3 of the License, or (at
9 ;;; your option) any later version.
11 ;;; GNU Guix is distributed in the hope that it will be useful, but
12 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
13 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ;;; GNU General Public License for more details.
16 ;;; You should have received a copy of the GNU General Public License
17 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
19 (define-module (gnu services rsync)
20 #:use-module (gnu services)
21 #:use-module (gnu services base)
22 #:use-module (gnu services shepherd)
23 #:use-module (gnu system shadow)
24 #:use-module (gnu packages rsync)
25 #:use-module (gnu packages admin)
26 #:use-module (guix records)
27 #:use-module (guix gexp)
28 #:use-module (srfi srfi-1)
29 #:use-module (srfi srfi-26)
30 #:use-module (ice-9 match)
31 #:export (rsync-configuration
37 ;;; This module implements a service that to run instance of Rsync,
38 ;;; files synchronization tool.
42 (define-record-type* <rsync-configuration>
44 make-rsync-configuration
46 (package rsync-configuration-package ; package
48 (port-number rsync-configuration-port-number ; integer
50 (pid-file rsync-configuration-pid-file ; string
51 (default "/var/run/rsyncd/rsyncd.pid"))
52 (lock-file rsync-configuration-lock-file ; string
53 (default "/var/run/rsyncd/rsyncd.lock"))
54 (log-file rsync-configuration-log-file ; string
55 (default "/var/log/rsyncd.log"))
56 (use-chroot? rsync-configuration-use-chroot? ; boolean
58 (share-path rsync-configuration-share-path ; string
59 (default "/srv/rsyncd"))
60 (share-comment rsync-configuration-share-comment ; string
61 (default "Rsync share"))
62 (read-only? rsync-configuration-read-only? ; boolean
64 (timeout rsync-configuration-timeout ; integer
66 (user rsync-configuration-user ; string
68 (group rsync-configuration-group ; string
70 (uid rsync-configuration-uid ; string
72 (gid rsync-configuration-gid ; string
75 (define (rsync-account config)
76 "Return the user accounts and user groups for CONFIG."
77 (let ((rsync-user (if (rsync-configuration-uid config)
78 (rsync-configuration-uid config)
79 (rsync-configuration-user config)))
80 (rsync-group (if (rsync-configuration-gid config)
81 (rsync-configuration-gid config)
82 (rsync-configuration-group config))))
83 (list (user-group (name rsync-group) (system? #t))
88 (comment "rsyncd privilege separation user")
89 (home-directory (string-append "/var/run/"
91 (shell #~(string-append #$shadow "/sbin/nologin"))))))
93 (define (rsync-activation config)
94 "Return the activation GEXP for CONFIG."
95 (with-imported-modules '((guix build utils))
97 (let ((share-directory #$(rsync-configuration-share-path config))
98 (user (getpw (if #$(rsync-configuration-uid config)
99 #$(rsync-configuration-uid config)
100 #$(rsync-configuration-user config))))
101 (group (getpw (if #$(rsync-configuration-gid config)
102 #$(rsync-configuration-gid config)
103 #$(rsync-configuration-group config)))))
104 (mkdir-p (dirname #$(rsync-configuration-pid-file config)))
105 (and=> share-directory mkdir-p)
106 (chown share-directory
108 (group:gid group))))))
110 (define rsync-config-file
111 ;; Return the rsync configuration file corresponding to CONFIG.
113 (($ <rsync-configuration> package port-number pid-file lock-file log-file
114 use-chroot? share-path share-comment read-only?
115 timeout user group uid gid)
116 (if (not (string=? user "root"))
118 ((<= port-number 1024)
119 (error (string-append "rsync-service: to run on port "
120 (number->string port-number)
121 ", user must be root.")))
123 (error (string-append "rsync-service: to run in a chroot"
124 ", user must be root.")))
126 (error "rsync-service: to use uid, user must be root."))
128 (error "rsync-service: to use gid, user must be root."))))
131 "# Generated by 'rsync-service'.\n\n"
132 "pid file = " pid-file "\n"
133 "lock file = " lock-file "\n"
134 "log file = " log-file "\n"
135 "port = " (number->string port-number) "\n"
136 "use chroot = " (if use-chroot? "true" "false") "\n"
137 (if uid (string-append "uid = " uid "\n") "")
138 "gid = " (if gid gid "nogroup") "\n" ; no group nobody
141 "path = " share-path "\n"
142 "comment = " share-comment "\n"
143 "read only = " (if read-only? "true" "false") "\n"
144 "timeout = " (number->string timeout) "\n"))))
146 (define (rsync-shepherd-service config)
147 "Return a <shepherd-service> for rsync with CONFIG."
148 (let* ((rsync (rsync-configuration-package config))
149 (pid-file (rsync-configuration-pid-file config))
150 (port-number (rsync-configuration-port-number config))
151 (user (rsync-configuration-user config))
152 (group (rsync-configuration-group config)))
153 (list (shepherd-service
155 (documentation "Run rsync daemon.")
156 (start #~(make-forkexec-constructor
157 (list (string-append #$rsync "/bin/rsync")
158 "--config" #$(rsync-config-file config)
160 #:pid-file #$pid-file
163 (stop #~(make-kill-destructor))))))
165 (define rsync-service-type
169 (list (service-extension shepherd-root-service-type rsync-shepherd-service)
170 (service-extension account-service-type rsync-account)
171 (service-extension activation-service-type rsync-activation)))
172 (default-value (rsync-configuration))))