ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 07:26:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

services: laminar: Add configuration option for supplementary groups.

Browse source 
* gnu/services/ci (<laminar-configuration>)[supplemental-groups]: New field.
(laminar-shepherd-service): Exec laminard with supplementary groups.
(laminar-account): Add supplementary groups to laminar user.
* doc/guix.texi (Laminar): Document new configuration field.

Change-Id: Iebfdbb58ea8c6dfa22bb8f64f6463e3ad133d2f9
This commit is contained in:
David Thompson 2023-11-19 14:46:52 -05:00
parent 9c0a06c98c
commit 7722da6fa5
No known key found for this signature in database
GPG key ID: 8328C7470FF1D807
2 changed files with 27 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/guix.texi
View file

@ -34163,6 +34163,9 @@ The Laminar package to use.
@item @code{home-directory} (default: @code{"/var/lib/laminar"})
The directory for job configurations and run directories.
@item @code{supplementary-groups} (default: @code{()})
Supplementary groups for the Laminar user account.
@item @code{bind-http} (default: @code{"*:8080"})
The interface/port or unix socket on which laminard should listen for
incoming connections to the web frontend.

42
gnu/services/ci.scm
View file

@ -31,6 +31,7 @@ (define-module (gnu services ci)
#:export (laminar-configuration
laminar-configuration?
laminar-configuration-home-directory
laminar-configuration-supplementary-groups
laminar-configuration-bind-http
laminar-configuration-bind-rpc
laminar-configuration-title
@ -50,26 +51,28 @@ (define-module (gnu services ci)
(define-record-type* <laminar-configuration>
laminar-configuration make-laminar-configuration
laminar-configuration?
(laminar laminars-configuration-laminar
(default laminar))
(home-directory laminar-configuration-home-directory
(default "/var/lib/laminar"))
(bind-http laminar-configuration-bind-http
(default "*:8080"))
(bind-rpc laminar-configuration-bind-rpc
(default "unix-abstract:laminar"))
(title laminar-configuration-title
(default "Laminar"))
(keep-rundirs laminar-keep-rundirs
(default 0))
(archive-url laminar-archive-url
(default #f))
(base-url laminar-base-url
(default #f)))
(laminar laminars-configuration-laminar
(default laminar))
(home-directory laminar-configuration-home-directory
(default "/var/lib/laminar"))
(supplementary-groups laminar-configuration-supplementary-groups
(default '()))
(bind-http laminar-configuration-bind-http
(default "*:8080"))
(bind-rpc laminar-configuration-bind-rpc
(default "unix-abstract:laminar"))
(title laminar-configuration-title
(default "Laminar"))
(keep-rundirs laminar-keep-rundirs
(default 0))
(archive-url laminar-archive-url
(default #f))
(base-url laminar-base-url
(default #f)))
(define laminar-shepherd-service
(match-lambda
(($ <laminar-configuration> laminar home-directory
(($ <laminar-configuration> laminar home-directory supplementary-groups
bind-http bind-rpc
title keep-rundirs archive-url
base-url)
@ -102,7 +105,8 @@ (define laminar-shepherd-service
#$base-url))
'()))
#:user "laminar"
#:group "laminar"))
#:group "laminar"
#:supplementary-groups '#$supplementary-groups))
(stop #~(make-kill-destructor)))))))
(define (laminar-account config)
@ -113,6 +117,8 @@ (define (laminar-account config)
(user-account
(name "laminar")
(group "laminar")
(supplementary-groups
(laminar-configuration-supplementary-groups config))
(system? #t)
(comment "Laminar privilege separation user")
(home-directory (laminar-configuration-home-directory config))