cristiancmoises
/
radix
mirror of https://codeberg.org/anemofilia/radix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: add doas-service type to (radix services admin)

pull/1/head
anemofilia 2023-09-23 20:57:54 -03:00
parent 654a3f9ac9
commit db58f18d93
No known key found for this signature in database
GPG Key ID: 5A8F3D62C87A2B33
1 changed files with 133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
modules/radix/services/admin.scm Normal file
View File

@ -0,0 +1,133 @@
(define-module (radix services admin)
#:use-module (gnu packages admin)
#:use-module (gnu services configuration)
#:use-module ((gnu services) #:hide (delete))
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (ice-9 format)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1)
#:export (doas-service-type
doas-service-configuration
permit
make-permit-statement
permit-statement?
permit-statement-args
permit-statement-as-user
permit-statement-command
permit-statement-identity
permit-statement-keepenv?
permit-statement-nolog?
permit-statement-nopass?
permit-statement-persist?
permit-statement-setenv
deny
make-deny-statement
deny-statement?
deny-statement-args
deny-statement-as-user
deny-statement-command
deny-statement-identity
deny-statement-keepenv?
deny-statement-nolog?
deny-statement-nopass?
deny-statement-persist?
deny-statement-setenv))
(define-record-type* <permit-statement>
permit make-permit-statement
permit-statement?
(identity permit-statement-identity) ; string
(as-user permit-statement-as-user ; string | #f
(default #f))
(command permit-statement-command ; string | #f
(default #f))
(args permit-statement-args ; list | #f
(default #f))
(nopass? permit-statement-nopass? ; bool
(default #f))
(nolog? permit-statement-nolog? ; bool
(default #f))
(persist? permit-statement-persist? ; bool
(default #f))
(keepenv? permit-statement-keepenv? ; bool
(default #f))
(setenv permit-statement-setenv ; list
(default #f)))
(define-record-type* <deny-statement>
deny make-deny-statement
deny-statement?
(identity deny-statement-identity) ; string
(as-user deny-statement-as-user ; string | #f
(default #f))
(command deny-statement-command ; string | #f
(default #f))
(args deny-statement-args ; list | #f
(default #f))
(setenv deny-statement-setenv ; list | #f
(default #f))
(keepenv? deny-statement-keepenv? ; bool
(default #f))
(nopass? deny-statement-nopass? ; bool
(default #f))
(nolog? deny-statement-nolog? ; bool
(default #f))
(persist? deny-statement-persist? ; bool
(default #f)))
(define (doas-config-file config)
(plain-file "doas.conf"
(apply string-append
(map (lambda (statement)
(match-record
statement <permit-statement>
#;(cond ((permit-statement? statement) <permit-statement>)
((deny-statement? statement) <deny-statement>)
(else (error "Invalid statement in configuration"
statement)))
(identity as-user command args setenv
keepenv? nopass? nolog? persist?)
((@@ (ice-9 format) format) #f
"~:[~;permit ~]~:[~;deny ~]~
~:[~;keepenv ~]~
~:[~;nopass ~]~
~:[~;nolog ~]~
~:[~;persist ~]~
~@[setenv { ~{ ~a ~} } ~]~
~a~@[ as ~a~]~
~@[ cmd ~a~]~
~@[ args~{ ~a~}~]~%"
(permit-statement? statement)
(deny-statement? statement)
keepenv?
nopass?
nolog?
persist?
(and setenv
(map (match-lambda
((var . value)
(string-append var "=" value))
(var var))
setenv))
identity
as-user
command
args)))
config))))
(define (doas-etc-service config)
(list `("doas.conf" ,(doas-config-file config))))
(define doas-service-type
(service-type (name 'doas-service)
(extensions
(list (service-extension
etc-service-type
doas-etc-service)))
(compose concatenate)
(extend append)
(default-value '())
(description "Set /etc/doas.conf")))