summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/admin.scm6
-rw-r--r--gnu/services/base.scm32
-rw-r--r--gnu/services/desktop.scm4
-rw-r--r--gnu/services/herd.scm20
-rw-r--r--gnu/services/networking.scm118
-rw-r--r--gnu/services/shepherd.scm39
-rw-r--r--gnu/services/version-control.scm180
-rw-r--r--gnu/services/web.scm96
8 files changed, 419 insertions, 76 deletions
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm
index f08c896334..d7bda61ed7 100644
--- a/gnu/services/admin.scm
+++ b/gnu/services/admin.scm
@@ -125,11 +125,9 @@ for ROTATION."
(define (default-jobs rottlog)
(list #~(job '(next-hour '(0)) ;midnight
- (lambda ()
- (system* #$(file-append rottlog "/sbin/rottlog"))))
+ #$(file-append rottlog "/sbin/rottlog"))
#~(job '(next-hour '(12)) ;noon
- (lambda ()
- (system* #$(file-append rottlog "/sbin/rottlog"))))))
+ #$(file-append rottlog "/sbin/rottlog"))))
(define-record-type* <rottlog-configuration>
rottlog-configuration make-rottlog-configuration
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 5ba2c6b86d..47c7d8bb27 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -685,17 +685,20 @@ to add @var{device} to the kernel's entropy pool. The service will fail if
(shepherd-service-type
'virtual-terminal
(lambda (utf8?)
- (shepherd-service
- (documentation "Set virtual terminals in UTF-8 module.")
- (provision '(virtual-terminal))
- (requirement '(root-file-system))
- (start #~(lambda _
- (call-with-output-file
- "/sys/module/vt/parameters/default_utf8"
- (lambda (port)
- (display 1 port)))
- #t))
- (stop #~(const #f))))
+ (let ((knob "/sys/module/vt/parameters/default_utf8"))
+ (shepherd-service
+ (documentation "Set virtual terminals in UTF-8 module.")
+ (provision '(virtual-terminal))
+ (requirement '(root-file-system))
+ (start #~(lambda _
+ ;; In containers /sys is read-only so don't insist on
+ ;; writing to this file.
+ (unless (= 1 (call-with-input-file #$knob read))
+ (call-with-output-file #$knob
+ (lambda (port)
+ (display 1 port))))
+ #t))
+ (stop #~(const #f)))))
#t)) ;default to UTF-8
(define console-keymap-service-type
@@ -1881,7 +1884,12 @@ item of @var{packages}."
(string-append linux-module-directory "/"
kernel-release))
(old-umask (umask #o022)))
- (make-static-device-nodes directory)
+ ;; If we're in a container, DIRECTORY might not exist,
+ ;; for instance because the host runs a different
+ ;; kernel. In that case, skip it; we'll just miss a few
+ ;; nodes like /dev/fuse.
+ (when (file-exists? directory)
+ (make-static-device-nodes directory))
(umask old-umask))
(let ((pid (fork+exec-command (list udevd))))
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 1e8c02c02a..e038f97683 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <[email protected]>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <[email protected]>
;;; Copyright © 2015 Andy Wingo <[email protected]>
;;; Copyright © 2015 Mark H Weaver <[email protected]>
;;; Copyright © 2016 Sou Bunnbu <[email protected]>
@@ -996,7 +996,7 @@ as expected.")))
(elogind-service)
(dbus-service)
- (ntp-service)
+ (service ntp-service-type)
x11-socket-directory-service
diff --git a/gnu/services/herd.scm b/gnu/services/herd.scm
index 8c96b70731..8ff817759d 100644
--- a/gnu/services/herd.scm
+++ b/gnu/services/herd.scm
@@ -50,6 +50,7 @@
unload-services
unload-service
load-services
+ load-services/safe
start-service
stop-service))
@@ -232,6 +233,25 @@ returns a shepherd <service> object."
`(primitive-load ,file))
files))))
+(define (load-services/safe files)
+ "This is like 'load-services', but make sure only the subset of FILES that
+can be safely reloaded is actually reloaded.
+
+This is done to accommodate the Shepherd < 0.15.0 where services lacked the
+'replacement' slot, and where 'register-services' would throw an exception
+when passed a service with an already-registered name."
+ (eval-there `(let* ((services (map primitive-load ',files))
+ (slots (map slot-definition-name
+ (class-slots <service>)))
+ (can-replace? (memq 'replacement slots)))
+ (define (registered? service)
+ (not (null? (lookup-services (canonical-name service)))))
+
+ (apply register-services
+ (if can-replace?
+ services
+ (remove registered? services))))))
+
(define (start-service name)
(with-shepherd-action name ('start) result
result))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index bd1d5a2706..bfa6e297e6 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,11 +1,11 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <[email protected]>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <[email protected]>
;;; Copyright © 2015 Mark H Weaver <[email protected]>
;;; Copyright © 2016, 2018 Efraim Flashner <[email protected]>
;;; Copyright © 2016 John Darrington <[email protected]>
;;; Copyright © 2017 Clément Lassieur <[email protected]>
;;; Copyright © 2017 Thomas Danckaert <[email protected]>
-;;; Copyright © 2017 Marius Bakke <[email protected]>
+;;; Copyright © 2017, 2018 Marius Bakke <[email protected]>
;;; Copyright © 2018 Tobias Geerinckx-Rice <[email protected]>
;;; Copyright © 2018 Chris Marusich <[email protected]>
;;; Copyright © 2018 Arun Isaac <[email protected]>
@@ -53,6 +53,7 @@
static-networking-service-type)
#:export (%facebook-host-aliases
dhcp-client-service
+ dhcp-client-service-type
dhcpd-service-type
dhcpd-configuration
@@ -101,6 +102,16 @@
modem-manager-configuration
modem-manager-configuration?
modem-manager-service-type
+
+ <wpa-supplicant-configuration>
+ wpa-supplicant-configuration
+ wpa-supplicant-configuration?
+ wpa-supplicant-configuration-wpa-supplicant
+ wpa-supplicant-configuration-pid-file
+ wpa-supplicant-configuration-dbus?
+ wpa-supplicant-configuration-interface
+ wpa-supplicant-configuration-config-file
+ wpa-supplicant-configuration-extra-options
wpa-supplicant-service-type
openvswitch-service-type
@@ -191,22 +202,11 @@ fe80::1%lo0 apps.facebook.com\n")
(cons* #$dhclient "-nw"
"-pf" #$pid-file ifaces))))
(and (zero? (cdr (waitpid pid)))
- (let loop ()
- (catch 'system-error
- (lambda ()
- (call-with-input-file #$pid-file read))
- (lambda args
- ;; 'dhclient' returned before PID-FILE was created,
- ;; so try again.
- (let ((errno (system-error-errno args)))
- (if (= ENOENT errno)
- (begin
- (sleep 1)
- (loop))
- (apply throw args))))))))))
- (stop #~(make-kill-destructor))))))
-
-(define* (dhcp-client-service #:key (dhcp isc-dhcp))
+ (read-pid-file #$pid-file)))))
+ (stop #~(make-kill-destructor))))
+ isc-dhcp))
+
+(define* (dhcp-client-service #:key (dhcp isc-dhcp)) ;deprecated
"Return a service that runs @var{dhcp}, a Dynamic Host Configuration
Protocol (DHCP) client, on all the non-loopback network interfaces."
(service dhcp-client-service-type dhcp))
@@ -297,7 +297,8 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
ntp-configuration?
(ntp ntp-configuration-ntp
(default ntp))
- (servers ntp-configuration-servers)
+ (servers ntp-configuration-servers
+ (default %ntp-servers))
(allow-large-adjustment? ntp-allow-large-adjustment?
(default #f)))
@@ -370,9 +371,10 @@ restrict -6 ::1\n"))
(description
"Run the @command{ntpd}, the Network Time Protocol (NTP)
daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
-will keep the system clock synchronized with that of the given servers.")))
+will keep the system clock synchronized with that of the given servers.")
+ (default-value (ntp-configuration))))
-(define* (ntp-service #:key (ntp ntp)
+(define* (ntp-service #:key (ntp ntp) ;deprecated
(servers %ntp-servers)
allow-large-adjustment?)
"Return a service that runs the daemon from @var{ntp}, the
@@ -1031,28 +1033,62 @@ networking."))))
;;; WPA supplicant
;;;
-
-(define (wpa-supplicant-shepherd-service wpa-supplicant)
- "Return a shepherd service for wpa_supplicant"
- (list (shepherd-service
- (documentation "Run WPA supplicant with dbus interface")
- (provision '(wpa-supplicant))
- (requirement '(user-processes dbus-system loopback))
- (start #~(make-forkexec-constructor
- (list (string-append #$wpa-supplicant
- "/sbin/wpa_supplicant")
- "-u" "-B" "-P/var/run/wpa_supplicant.pid")
- #:pid-file "/var/run/wpa_supplicant.pid"))
- (stop #~(make-kill-destructor)))))
+(define-record-type* <wpa-supplicant-configuration>
+ wpa-supplicant-configuration make-wpa-supplicant-configuration
+ wpa-supplicant-configuration?
+ (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
+ (default wpa-supplicant))
+ (pid-file wpa-supplicant-configuration-pid-file ;string
+ (default "/var/run/wpa_supplicant.pid"))
+ (dbus? wpa-supplicant-configuration-dbus? ;Boolean
+ (default #t))
+ (interface wpa-supplicant-configuration-interface ;#f | string
+ (default #f))
+ (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
+ (default #f))
+ (extra-options wpa-supplicant-configuration-extra-options ;list of strings
+ (default '())))
+
+(define wpa-supplicant-shepherd-service
+ (match-lambda
+ (($ <wpa-supplicant-configuration> wpa-supplicant pid-file dbus? interface
+ config-file extra-options)
+ (list (shepherd-service
+ (documentation "Run the WPA supplicant daemon")
+ (provision '(wpa-supplicant))
+ (requirement '(user-processes dbus-system loopback))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$wpa-supplicant
+ "/sbin/wpa_supplicant")
+ (string-append "-P" #$pid-file)
+ "-B" ;run in background
+ #$@(if dbus?
+ #~("-u")
+ #~())
+ #$@(if interface
+ #~((string-append "-i" #$interface))
+ #~())
+ #$@(if config-file
+ #~((string-append "-c" #$config-file))
+ #~())
+ #$@extra-options)
+ #:pid-file #$pid-file))
+ (stop #~(make-kill-destructor)))))))
(define wpa-supplicant-service-type
- (service-type (name 'wpa-supplicant)
- (extensions
- (list (service-extension shepherd-root-service-type
- wpa-supplicant-shepherd-service)
- (service-extension dbus-root-service-type list)
- (service-extension profile-service-type list)))
- (default-value wpa-supplicant)))
+ (let ((config->package
+ (match-lambda
+ (($ <wpa-supplicant-configuration> wpa-supplicant)
+ (list wpa-supplicant)))))
+ (service-type (name 'wpa-supplicant)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ wpa-supplicant-shepherd-service)
+ (service-extension dbus-root-service-type config->package)
+ (service-extension profile-service-type config->package)))
+ (description "Run the WPA Supplicant daemon, a service that
+implements authentication, key negotiation and more for wireless networks.")
+ (default-value (wpa-supplicant-configuration)))))
;;;
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 4cd2249841..49d08cc30f 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2018 Ludovic Courtès <[email protected]>
;;; Copyright © 2017 Clément Lassieur <[email protected]>
+;;; Copyright © 2018 Carlo Zancanaro <[email protected]>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -58,6 +59,7 @@
%default-modules
shepherd-service-file
+ %containerized-shepherd-service
shepherd-service-lookup-procedure
shepherd-service-back-edges
@@ -326,10 +328,25 @@ symbols provided/required by a service."
(lambda (service)
(vhash-foldq* cons '() service edges)))
+(define %containerized-shepherd-service
+ ;; XXX: This service works around a bug in the Shepherd 0.5.0: shepherd
+ ;; calls reboot(2) (via 'disable-reboot-on-ctrl-alt-del') when it starts,
+ ;; but in a container that fails with EINVAL. This was fixed in Shepherd
+ ;; commit 92e806bac1abaeeaf5d60f0ab50d1ae85ba6a62f.
+ (simple-service 'containerized-shepherd
+ shepherd-root-service-type
+ (list (shepherd-service
+ (provision '(containerized-shepherd))
+ (start #~(lambda ()
+ (set! (@@ (shepherd)
+ disable-reboot-on-ctrl-alt-del)
+ (const #t))
+ #t))))))
+
(define (shepherd-service-upgrade live target)
"Return two values: the subset of LIVE (a list of <live-service>) that needs
to be unloaded, and the subset of TARGET (a list of <shepherd-service>) that
-needs to be loaded."
+need to be restarted to complete their upgrade."
(define (essential? service)
(memq (first (live-service-provision service))
'(root shepherd)))
@@ -346,12 +363,6 @@ needs to be loaded."
(and=> (lookup-live (shepherd-service-canonical-name service))
live-service-running))
- (define (stopped service)
- (match (lookup-live (shepherd-service-canonical-name service))
- (#f #f)
- (service (and (not (live-service-running service))
- service))))
-
(define live-service-dependents
(shepherd-service-back-edges live
#:provision live-service-provision
@@ -362,16 +373,14 @@ needs to be loaded."
(#f (every obsolete? (live-service-dependents service)))
(_ #f)))
- (define to-load
- ;; Only load services that are either new or currently stopped.
- (remove running? target))
+ (define to-restart
+ ;; Restart services that are currently running.
+ (filter running? target))
(define to-unload
- ;; Unload services that are (1) no longer required, or (2) are in TO-LOAD.
- (remove essential?
- (append (filter obsolete? live)
- (filter-map stopped to-load))))
+ ;; Unload services that are no longer required.
+ (remove essential? (filter obsolete? live)))
- (values to-unload to-load))
+ (values to-unload to-restart))
;;; shepherd.scm ends here
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index 58274c8bee..13669925ab 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016 Sou Bunnbu <[email protected]>
;;; Copyright © 2017 Oleg Pykhalov <[email protected]>
;;; Copyright © 2017 Clément Lassieur <[email protected]>
+;;; Copyright © 2018 Christopher Baines <[email protected]>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -32,6 +33,7 @@
#:use-module (guix store)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
+ #:use-module (ice-9 format)
#:use-module (ice-9 match)
#:export (git-daemon-service
git-daemon-service-type
@@ -40,7 +42,23 @@
git-http-configuration
git-http-configuration?
- git-http-nginx-location-configuration))
+ git-http-nginx-location-configuration
+
+ <gitolite-configuration>
+ gitolite-configuration
+ gitolite-configuration-package
+ gitolite-configuration-user
+ gitolite-configuration-rc-file
+ gitolite-configuration-admin-pubkey
+
+ <gitolite-rc-file>
+ gitolite-rc-file
+ gitolite-rc-file-umask
+ gitolite-rc-file-git-config-keys
+ gitolite-rc-file-roles
+ gitolite-rc-file-enable
+
+ gitolite-service-type))
;;; Commentary:
;;;
@@ -197,3 +215,163 @@ access to exported repositories under @file{/srv/git}."
"")
(list "fastcgi_param GIT_PROJECT_ROOT " git-root ";")
"fastcgi_param PATH_INFO $1;"))))))
+
+
+;;;
+;;; Gitolite
+;;;
+
+(define-record-type* <gitolite-rc-file>
+ gitolite-rc-file make-gitolite-rc-file
+ gitolite-rc-file?
+ (umask gitolite-rc-file-umask
+ (default #o0077))
+ (git-config-keys gitolite-rc-file-git-config-keys
+ (default ""))
+ (roles gitolite-rc-file-roles
+ (default '(("READERS" . 1)
+ ("WRITERS" . 1))))
+ (enable gitolite-rc-file-enable
+ (default '("help"
+ "desc"
+ "info"
+ "perms"
+ "writable"
+ "ssh-authkeys"
+ "git-config"
+ "daemon"
+ "gitweb"))))
+
+(define-gexp-compiler (gitolite-rc-file-compiler
+ (file <gitolite-rc-file>) system target)
+ (match file
+ (($ <gitolite-rc-file> umask git-config-keys roles enable)
+ (apply text-file* "gitolite.rc"
+ `("%RC = (\n"
+ " UMASK => " ,(format #f "~4,'0o" umask) ",\n"
+ " GIT_CONFIG_KEYS => '" ,git-config-keys "',\n"
+ " ROLES => {\n"
+ ,@(map (match-lambda
+ ((role . value)
+ (simple-format #f " ~A => ~A,\n" role value)))
+ roles)
+ " },\n"
+ "\n"
+ " ENABLE => [\n"
+ ,@(map (lambda (value)
+ (simple-format #f " '~A',\n" value))
+ enable)
+ " ],\n"
+ ");\n"
+ "\n"
+ "1;\n")))))
+
+(define-record-type* <gitolite-configuration>
+ gitolite-configuration make-gitolite-configuration
+ gitolite-configuration?
+ (package gitolite-configuration-package
+ (default gitolite))
+ (user gitolite-configuration-user
+ (default "git"))
+ (group gitolite-configuration-group
+ (default "git"))
+ (home-directory gitolite-configuration-home-directory
+ (default "/var/lib/gitolite"))
+ (rc-file gitolite-configuration-rc-file
+ (default (gitolite-rc-file)))
+ (admin-pubkey gitolite-configuration-admin-pubkey))
+
+(define gitolite-accounts
+ (match-lambda
+ (($ <gitolite-configuration> package user group home-directory
+ rc-file admin-pubkey)
+ ;; User group and account to run Gitolite.
+ (list (user-group (name user) (system? #t))
+ (user-account
+ (name user)
+ (group group)
+ (system? #t)
+ (comment "Gitolite user")
+ (home-directory home-directory))))))
+
+(define gitolite-activation
+ (match-lambda
+ (($ <gitolite-configuration> package user group home
+ rc-file admin-pubkey)
+ #~(begin
+ (use-modules (ice-9 match)
+ (guix build utils))
+
+ (let* ((user-info (getpwnam #$user))
+ (admin-pubkey #$admin-pubkey)
+ (pubkey-file (string-append
+ #$home "/"
+ (basename
+ (strip-store-file-name admin-pubkey)))))
+
+ (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file)
+ (copy-file #$rc-file #$(string-append home "/.gitolite.rc"))
+
+ ;; The key must be writable, so copy it from the store
+ (copy-file admin-pubkey pubkey-file)
+
+ (chmod pubkey-file #o500)
+ (chown pubkey-file
+ (passwd:uid user-info)
+ (passwd:gid user-info))
+
+ ;; Set the git configuration, to avoid gitolite trying to use
+ ;; the hostname command, as the network might not be up yet
+ (with-output-to-file #$(string-append home "/.gitconfig")
+ (lambda ()
+ (display "[user]
+ name = GNU Guix
+ email = guix@localhost
+")))
+ ;; Run Gitolite setup, as this updates the hooks and include the
+ ;; admin pubkey if specified. The admin pubkey is required for
+ ;; initial setup, and will replace the previous key if run after
+ ;; initial setup
+ (match (primitive-fork)
+ (0
+ ;; Exit with a non-zero status code if an exception is thrown.
+ (dynamic-wind
+ (const #t)
+ (lambda ()
+ (setenv "HOME" (passwd:dir user-info))
+ (setenv "USER" #$user)
+ (setgid (passwd:gid user-info))
+ (setuid (passwd:uid user-info))
+ (primitive-exit
+ (system* #$(file-append package "/bin/gitolite")
+ "setup"
+ "-m" "gitolite setup by GNU Guix"
+ "-pk" pubkey-file)))
+ (lambda ()
+ (primitive-exit 1))))
+ (pid (waitpid pid)))
+
+ (when (file-exists? pubkey-file)
+ (delete-file pubkey-file)))))))
+
+(define gitolite-service-type
+ (service-type
+ (name 'gitolite)
+ (extensions
+ (list (service-extension activation-service-type
+ gitolite-activation)
+ (service-extension account-service-type
+ gitolite-accounts)
+ (service-extension profile-service-type
+ ;; The Gitolite package in Guix uses
+ ;; gitolite-shell in the authorized_keys file, so
+ ;; gitolite-shell needs to be on the PATH for
+ ;; gitolite to work.
+ (lambda (config)
+ (list
+ (gitolite-configuration-package config))))))
+ (description
+ "Setup @command{gitolite}, a Git hosting tool providing access over SSH..
+By default, the @code{git} user is used, but this is configurable.
+Additionally, Gitolite can integrate with with tools like gitweb or cgit to
+provide a web interface to view selected repositories.")))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 1c38e7d8d3..1edb1f4d34 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2017, 2018 Clément Lassieur <[email protected]>
;;; Copyright © 2018 Pierre-Antoine Rouby <[email protected]>
;;; Copyright © 2017 Christopher Baines <[email protected]>
+;;; Copyright © 2018 Marius Bakke <[email protected]>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -190,7 +191,21 @@
tailon-configuration-config-file
tailon-configuration-package
- tailon-service-type))
+ tailon-service-type
+
+ <varnish-configuration>
+ varnish-configuration
+ varnish-configuration?
+ varnish-configuration-package
+ varnish-configuration-name
+ varnish-configuration-backend
+ varnish-configuration-vcl
+ varnish-configuration-listen
+ varnish-configuration-storage
+ varnish-configuration-parameters
+ varnish-configuration-extra-options
+
+ varnish-service-type))
;;; Commentary:
;;;
@@ -1162,3 +1177,82 @@ files.")
(files (append (tailon-configuration-file-files old-config-file)
files))))))))
(default-value (tailon-configuration))))
+
+
+;;;
+;;; Varnish
+;;;
+
+(define-record-type* <varnish-configuration>
+ varnish-configuration make-varnish-configuration
+ varnish-configuration?
+ (package varnish-configuration-package ;<package>
+ (default varnish))
+ (name varnish-configuration-name ;string
+ (default "default"))
+ (backend varnish-configuration-backend ;string
+ (default "localhost:8080"))
+ (vcl varnish-configuration-vcl ;#f | <file-like>
+ (default #f))
+ (listen varnish-configuration-listen ;list of strings
+ (default '("localhost:80")))
+ (storage varnish-configuration-storage ;list of strings
+ (default '("malloc,128m")))
+ (parameters varnish-configuration-parameters ;list of string pairs
+ (default '()))
+ (extra-options varnish-configuration-extra-options ;list of strings
+ (default '())))
+
+(define %varnish-accounts
+ (list (user-group
+ (name "varnish")
+ (system? #t))
+ (user-account
+ (name "varnish")
+ (group "varnish")
+ (system? #t)
+ (comment "Varnish Cache User")
+ (home-directory "/var/varnish")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define varnish-shepherd-service
+ (match-lambda
+ (($ <varnish-configuration> package name backend vcl listen storage
+ parameters extra-options)
+ (list (shepherd-service
+ (provision (list (symbol-append 'varnish- (string->symbol name))))
+ (documentation (string-append "The Varnish Web Accelerator"
+ " (" name ")"))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/varnishd")
+ "-n" #$name
+ #$@(if vcl
+ #~("-f" #$vcl)
+ #~("-b" #$backend))
+ #$@(append-map (lambda (a) (list "-a" a)) listen)
+ #$@(append-map (lambda (s) (list "-s" s)) storage)
+ #$@(append-map (lambda (p)
+ (list "-p" (format #f "~a=~a"
+ (car p) (cdr p))))
+ parameters)
+ #$@extra-options)
+ ;; Varnish will drop privileges to the "varnish" user when
+ ;; it exists. Not passing #:user here allows the service
+ ;; to bind to ports < 1024.
+ #:pid-file (if (string-prefix? "/" #$name)
+ (string-append #$name "/_.pid")
+ (string-append "/var/varnish/" #$name "/_.pid"))))
+ (stop #~(make-kill-destructor)))))))
+
+(define varnish-service-type
+ (service-type
+ (name 'varnish)
+ (description "Run the Varnish cache server.")
+ (extensions
+ (list (service-extension account-service-type
+ (const %varnish-accounts))
+ (service-extension shepherd-root-service-type
+ varnish-shepherd-service)))
+ (default-value
+ (varnish-configuration))))
generated by cgit v1.2.3 (git 2.45.2) at 2025-06-20 20:05:04 +0000