cristiancmoises
/
zero
mirror of https://codeberg.org/anemofilia/zero
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

operating-systems: buer: Update to opendoas-service-type

impermanence
Luis Guilherme Coelho 2024-09-22 15:46:29 -03:00
parent a8ef1b1f24
commit 281d9ee65d
No known key found for this signature in database
GPG Key ID: 1F2E76ACE3F531C8
2 changed files with 54 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
operating-systems/buer.scm
View File

@ -79,6 +79,8 @@
#:prefix channel:) #:prefix channel:)
#|P|# #:use-module ((buer privilege) #|P|# #:use-module ((buer privilege)
#:prefix privileged-programs:) #:prefix privileged-programs:)
#|R|# #:use-module ((buer rules)
#:prefix rules:)
#|U|# #:use-module ((buer users) #|U|# #:use-module ((buer users)
#:prefix user:) #:prefix user:)
@ -145,7 +147,7 @@
#|System level packages|# #|System level packages|#
(packages (packages
(list #|admin |# btop inetutils isc-dhcp opendoas shadow zzz (list #|admin |# btop inetutils isc-dhcp shadow zzz
#|base |# coreutils diffutils findutils grep patch sed tar which #|base |# coreutils diffutils findutils grep patch sed tar which
#|certs |# nss-certs #|certs |# nss-certs
#|compression |# gzip xz zstd #|compression |# gzip xz zstd
@ -307,41 +309,13 @@
(size (round/ (ram-total) 2)) (size (round/ (ram-total) 2))
(compression-algorithm 'lz4))) (compression-algorithm 'lz4)))
#|Doas configuration services|# #|Permission services|#
(simple-service 'miscellaneous-permissions doas-service-type (service opendoas-service-type
(list (permit (identity ":wheel") (opendoas-configuration
(setenv (rules (append rules:general
`(("GUILE_LOAD_PATH" . #t) rules:text-editors
("GUILE_LOAD_COMPILED_PATH" . #t)))))) rules:power-management
(simple-service 'text-editors-permissions doas-service-type rules:service-management))))
(map (lambda (cmd)
(permit (identity ":wheel")
(keepenv? #t)
(command cmd)))
`("kak" "emacsclient")))
(simple-service 'power-management-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(nopass? #t)
(command cmd)
(args '())))
`("zzz" "halt" "reboot")))
(simple-service 'shepherd-status-permissions doas-service-type
(map (lambda (action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (list action))))
`("status" "detailed-status")))
(simple-service 'service-management-permissions doas-service-type
(flat-map (lambda (service action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (map symbol->string
(list action service)))))
'(networking wpa-supplicant)
'(doc stop start enable status restart disable)))
#|Special file services|# #|Special file services|#
(service special-files-service-type (service special-files-service-type

44
operating-systems/buer/rules.scm Normal file
View File

@ -0,0 +1,44 @@
(define-module (buer rules)
#:use-module (radix services admin)
#:use-module (radix utils)
#:export (general
text-editors
power-management
service-management))
(define general
(list (permit (identity ":wheel")
(setenv
`(("GUILE_LOAD_PATH" . #t)
("GUILE_LOAD_COMPILED_PATH" . #t))))))
(define text-editors
(map (lambda (cmd)
(permit (identity ":wheel")
(keepenv? #t)
(command cmd)))
`("kak" "emacsclient")))
(define power-management
(map (lambda (cmd)
(permit (identity ":wheel")
(nopass? #t)
(command cmd)
(args '())))
`("zzz" "halt" "reboot")))
(define service-management
(append (map (lambda (action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (list action))))
`("status" "detailed-status"))
(flat-map (lambda (service action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (map symbol->string
(list action service)))))
'(networking wpa-supplicant)
'(doc stop start enable status restart disable))))