services: cloudflare-tunnel-service-type: Add %cloudflare-tunnel-accounts.

* rosenthal/services/child-error.scm (%cloudflare-tunnel-accounts): New variable. (cloudflare-tunnel-shepherd-service,cloudflare-tunnel-service-type): Honor it.
2025-11-04 11:44:48 +00:00 · 2022-12-01 22:36:03 +08:00 · 2022-12-01 22:36:03 +08:00 · 0c0571462b
commit 0c0571462b
parent 2370498264
1 changed files with 17 additions and 3 deletions
--- a/rosenthal/services/child-error.scm
+++ b/rosenthal/services/child-error.scm
@ -8,9 +8,11 @@
  #:use-module (guix gexp)
  #:use-module (gnu home services)
  #:use-module (gnu home services shepherd)
+  #:use-module (gnu packages admin)
  #:use-module (gnu services)
  #:use-module (gnu services configuration)
  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
  #:use-module (rosenthal utils home-services-utils)
  #:export (cloudflare-tunnel-configuration
            cloudflare-tunnel-service-type))
@ -47,6 +49,16 @@
  (extra-options cloudflare-tunnel-configuration-extra-options ;list of string
                 (default '())))

+(define %cloudflare-tunnel-accounts
+  (list (user-group (name "cloudflared") (system? #t))
+        (user-account
+         (name "cloudflared")
+         (group "cloudflared")
+         (system? #t)
+         (comment "Cloudflare Tunnel user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
 (define cloudflare-tunnel-shepherd-service
  (match-lambda
    (($ <cloudflare-tunnel-configuration> cloudflared metrics
@ -69,8 +81,8 @@
                                     '("--post-quantum")
                                     '())
                              #$@extra-options)
-                        #:user "nobody"
-                        #:group "nogroup"
+                        #:user "cloudflared"
+                        #:group "cloudflared"
                        #:log-file #$log-file))
              (stop #~(make-kill-destructor))))))))

@ -79,6 +91,8 @@
   (name 'cloudflare-tunnel)
   (extensions
    (list (service-extension shepherd-root-service-type
-                             cloudflare-tunnel-shepherd-service)))
+                             cloudflare-tunnel-shepherd-service)
+          (service-extension account-service-type
+                             (const %cloudflare-tunnel-accounts))))
   (default-value (cloudflare-tunnel-configuration))
   (description "Run cloudflared, the Cloudflare Tunnel daemon.")))