From a6597e899194823eb65ec50e5e1e201f2bfb6c5b Mon Sep 17 00:00:00 2001 From: Hilton Chain Date: Fri, 23 May 2025 19:07:31 +0800 Subject: [PATCH] services: Add caddy-service-type. * modules/rosenthal/services/web.scm (caddy-configuration): New data type. (caddy-accounts, caddy-privileged-programs, caddy-activation) (caddy-shepherd-services): New procedures. (caddy-service-type): New variable. --- modules/rosenthal/services/web.scm | 91 +++++++++++++++++++++++++++++- 1 file changed, 90 insertions(+), 1 deletion(-) diff --git a/modules/rosenthal/services/web.scm b/modules/rosenthal/services/web.scm index a33a425..92baac7 100644 --- a/modules/rosenthal/services/web.scm +++ b/modules/rosenthal/services/web.scm @@ -4,6 +4,7 @@ (define-module (rosenthal services web) #:use-module (guix gexp) + #:use-module (guix modules) #:use-module (guix records) #:use-module (gnu packages admin) #:use-module (gnu packages version-control) @@ -16,9 +17,13 @@ #:use-module (gnu services databases) #:use-module (gnu services docker) #:use-module (gnu services shepherd) + #:use-module (gnu system privilege) #:use-module (gnu system shadow) #:use-module (rosenthal utils home-services-utils) - #:export (forgejo-configuration + #:export (caddy-configuration + caddy-service-type + + forgejo-configuration forgejo-service-type jellyfin-configuration @@ -36,6 +41,90 @@ vaultwarden-configuration vaultwarden-service-type)) +;;; +;;; Caddy +;;; + +(define-configuration/no-serialization caddy-configuration + (caddy + (file-like caddy) + "") + (caddyfile + file-like + "")) + +(define (caddy-accounts config) + (list (user-group (name "caddy") (system? #t)) + (user-account + (name "caddy") + (group "caddy") + (system? #t) + (comment "Caddy user") + (home-directory "/var/lib/caddy")))) + +(define caddy-privileged-programs + (match-record-lambda + (caddy) + (list (privileged-program + (program (file-append caddy "/bin/caddy")) + (capabilities "cap_net_bind_service=+ep"))))) + +(define caddy-activation + (match-record-lambda + (caddyfile) + (with-imported-modules + (source-module-closure '((guix build utils) + (gnu build activation))) + #~(begin + (use-modules (srfi srfi-26) + (guix build utils) + (gnu build activation)) + (let* ((config-dir "/etc/caddy") + (data-dir "/var/lib/caddy") + (config-file (in-vicinity config-dir "Caddyfile")) + (user (getpwnam "caddy"))) + (for-each (cut mkdir-p/perms <> user #o750) + (list config-dir data-dir)) + (copy-file #$caddyfile config-file) + (for-each + (lambda (file) + (chown file (passwd:uid user) (passwd:gid user))) + (find-files data-dir #:directories? #t))))))) + +(define (caddy-shepherd-services config) + (list (shepherd-service + (provision '(caddy)) + (requirement '(user-processes loopback)) + (start + #~(make-forkexec-constructor + (list "/run/privileged/bin/caddy" "run" + "--environ" "--config" "/etc/caddy/Caddyfile") + #:user "caddy" + #:group "caddy" + #:directory "/var/lib/caddy" + #:log-file "/var/log/caddy.log" + #:resource-limits '((nofile 1048576 1048576)) + #:environment-variables '("HOME=/var/lib/caddy"))) + (stop + #~(make-kill-destructor))))) + +(define caddy-service-type + (service-type + (name 'caddy) + (extensions + (list (service-extension account-service-type + caddy-accounts) + (service-extension privileged-program-service-type + caddy-privileged-programs) + (service-extension activation-service-type + caddy-activation) + (service-extension shepherd-root-service-type + caddy-shepherd-services))) + (default-value #f) + (description ""))) + + + ;; ;; Forgejo ;;