From 281d9ee65dd149d82eaf64fc5c7cdf8ce3433dc2 Mon Sep 17 00:00:00 2001
From: Luis Guilherme Coelho <lgcoelho@disroot.org>
Date: Sun, 22 Sep 2024 15:46:29 -0300
Subject: [PATCH] operating-systems: buer: Update to opendoas-service-type

---
 operating-systems/buer.scm       | 46 +++++++-------------------------
 operating-systems/buer/rules.scm | 44 ++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 36 deletions(-)
 create mode 100644 operating-systems/buer/rules.scm

diff --git a/operating-systems/buer.scm b/operating-systems/buer.scm
index 133ac60..204b41c 100644
--- a/operating-systems/buer.scm
+++ b/operating-systems/buer.scm
@@ -79,6 +79,8 @@
                       #:prefix channel:)
   #|P|# #:use-module ((buer privilege)
                       #:prefix privileged-programs:)
+  #|R|# #:use-module ((buer rules)
+                      #:prefix rules:)
   #|U|# #:use-module ((buer users)
                       #:prefix user:)
 
@@ -145,7 +147,7 @@
 
    #|System level packages|#
    (packages
-    (list #|admin       |# btop inetutils isc-dhcp opendoas shadow zzz
+    (list #|admin       |# btop inetutils isc-dhcp shadow zzz
           #|base        |# coreutils diffutils findutils grep patch sed tar which
           #|certs       |# nss-certs
           #|compression |# gzip xz zstd
@@ -307,41 +309,13 @@
                     (size (round/ (ram-total) 2))
                     (compression-algorithm 'lz4)))
 
-          #|Doas configuration services|#
-          (simple-service 'miscellaneous-permissions doas-service-type
-                          (list (permit (identity ":wheel")
-                                        (setenv
-                                          `(("GUILE_LOAD_PATH" . #t)
-                                            ("GUILE_LOAD_COMPILED_PATH" . #t))))))
-          (simple-service 'text-editors-permissions doas-service-type
-                          (map (lambda (cmd)
-                                 (permit (identity ":wheel")
-                                         (keepenv? #t)
-                                         (command cmd)))
-                               `("kak" "emacsclient")))
-          (simple-service 'power-management-permissions doas-service-type
-                          (map (lambda (cmd)
-                                 (permit (identity ":wheel")
-                                         (nopass? #t)
-                                         (command cmd)
-                                         (args '())))
-                               `("zzz" "halt" "reboot")))
-          (simple-service 'shepherd-status-permissions doas-service-type
-                          (map (lambda (action)
-                                 (permit (identity ":wheel")
-                                         (nopass? #t)
-                                         (command "herd")
-                                         (args (list action))))
-                               `("status" "detailed-status")))
-          (simple-service 'service-management-permissions doas-service-type
-                          (flat-map (lambda (service action)
-                                      (permit (identity ":wheel")
-                                              (nopass? #t)
-                                              (command "herd")
-                                              (args (map symbol->string
-                                                         (list action service)))))
-                                    '(networking wpa-supplicant)
-                                    '(doc stop start enable status restart disable)))
+          #|Permission services|#
+          (service opendoas-service-type
+                   (opendoas-configuration
+                     (rules (append rules:general
+                                    rules:text-editors
+                                    rules:power-management
+                                    rules:service-management))))
 
           #|Special file services|#
           (service special-files-service-type
diff --git a/operating-systems/buer/rules.scm b/operating-systems/buer/rules.scm
new file mode 100644
index 0000000..74227cb
--- /dev/null
+++ b/operating-systems/buer/rules.scm
@@ -0,0 +1,44 @@
+(define-module (buer rules)
+  #:use-module (radix services admin)
+  #:use-module (radix utils)
+  #:export (general
+            text-editors
+            power-management
+            service-management))
+
+(define general
+  (list (permit (identity ":wheel")
+                (setenv
+                  `(("GUILE_LOAD_PATH" . #t)
+                    ("GUILE_LOAD_COMPILED_PATH" . #t))))))
+
+(define text-editors
+  (map (lambda (cmd)
+         (permit (identity ":wheel")
+                 (keepenv? #t)
+                 (command cmd)))
+       `("kak" "emacsclient")))
+
+(define power-management
+  (map (lambda (cmd)
+         (permit (identity ":wheel")
+                 (nopass? #t)
+                 (command cmd)
+                 (args '())))
+       `("zzz" "halt" "reboot")))
+
+(define service-management
+  (append (map (lambda (action)
+                 (permit (identity ":wheel")
+                         (nopass? #t)
+                         (command "herd")
+                         (args (list action))))
+               `("status" "detailed-status"))
+          (flat-map (lambda (service action)
+                      (permit (identity ":wheel")
+                              (nopass? #t)
+                              (command "herd")
+                              (args (map symbol->string
+                                         (list action service)))))
+                    '(networking wpa-supplicant)
+                    '(doc stop start enable status restart disable))))