From db58f18d93e87527c7a0786648562166ce894668 Mon Sep 17 00:00:00 2001 From: anemofilia Date: Sat, 23 Sep 2023 20:57:54 -0300 Subject: [PATCH] feat: add doas-service type to (radix services admin) --- modules/radix/services/admin.scm | 133 +++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 modules/radix/services/admin.scm diff --git a/modules/radix/services/admin.scm b/modules/radix/services/admin.scm new file mode 100644 index 0000000..03f3d39 --- /dev/null +++ b/modules/radix/services/admin.scm @@ -0,0 +1,133 @@ +(define-module (radix services admin) + #:use-module (gnu packages admin) + #:use-module (gnu services configuration) + #:use-module ((gnu services) #:hide (delete)) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (ice-9 format) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:export (doas-service-type + doas-service-configuration + + permit + make-permit-statement + permit-statement? + permit-statement-args + permit-statement-as-user + permit-statement-command + permit-statement-identity + permit-statement-keepenv? + permit-statement-nolog? + permit-statement-nopass? + permit-statement-persist? + permit-statement-setenv + + deny + make-deny-statement + deny-statement? + deny-statement-args + deny-statement-as-user + deny-statement-command + deny-statement-identity + deny-statement-keepenv? + deny-statement-nolog? + deny-statement-nopass? + deny-statement-persist? + deny-statement-setenv)) + +(define-record-type* + permit make-permit-statement + permit-statement? + (identity permit-statement-identity) ; string + (as-user permit-statement-as-user ; string | #f + (default #f)) + (command permit-statement-command ; string | #f + (default #f)) + (args permit-statement-args ; list | #f + (default #f)) + (nopass? permit-statement-nopass? ; bool + (default #f)) + (nolog? permit-statement-nolog? ; bool + (default #f)) + (persist? permit-statement-persist? ; bool + (default #f)) + (keepenv? permit-statement-keepenv? ; bool + (default #f)) + (setenv permit-statement-setenv ; list + (default #f))) + +(define-record-type* + deny make-deny-statement + deny-statement? + (identity deny-statement-identity) ; string + (as-user deny-statement-as-user ; string | #f + (default #f)) + (command deny-statement-command ; string | #f + (default #f)) + (args deny-statement-args ; list | #f + (default #f)) + (setenv deny-statement-setenv ; list | #f + (default #f)) + (keepenv? deny-statement-keepenv? ; bool + (default #f)) + (nopass? deny-statement-nopass? ; bool + (default #f)) + (nolog? deny-statement-nolog? ; bool + (default #f)) + (persist? deny-statement-persist? ; bool + (default #f))) + +(define (doas-config-file config) + (plain-file "doas.conf" + (apply string-append + (map (lambda (statement) + (match-record + statement + #;(cond ((permit-statement? statement) ) + ((deny-statement? statement) ) + (else (error "Invalid statement in configuration" + statement))) + (identity as-user command args setenv + keepenv? nopass? nolog? persist?) + ((@@ (ice-9 format) format) #f + "~:[~;permit ~]~:[~;deny ~]~ + ~:[~;keepenv ~]~ + ~:[~;nopass ~]~ + ~:[~;nolog ~]~ + ~:[~;persist ~]~ + ~@[setenv { ~{ ~a ~} } ~]~ + ~a~@[ as ~a~]~ + ~@[ cmd ~a~]~ + ~@[ args~{ ~a~}~]~%" + (permit-statement? statement) + (deny-statement? statement) + keepenv? + nopass? + nolog? + persist? + (and setenv + (map (match-lambda + ((var . value) + (string-append var "=" value)) + (var var)) + setenv)) + identity + as-user + command + args))) + config)))) + +(define (doas-etc-service config) + (list `("doas.conf" ,(doas-config-file config)))) + +(define doas-service-type + (service-type (name 'doas-service) + (extensions + (list (service-extension + etc-service-type + doas-etc-service))) + (compose concatenate) + (extend append) + (default-value '()) + (description "Set /etc/doas.conf")))