mirror of
https://codeberg.org/hako/Rosenthal.git
synced 2025-09-18 12:44:37 +00:00
services: cloudflare-tunnel: Add dedicated account.
* modules/rosenthal/services/child-error.scm (%cloudflare-tunnel-accounts): New variable. (cloudflare-tunnel-service-type)[extensions]: Add it. (cloudflare-tunnel-shepherd-service)[start]: Use the new user.
This commit is contained in:
Hilton Chain
parent
5d336ad0cf
commit
bbeaebcd8e
@ -160,13 +160,22 @@ headers. This can expose sensitive information in your logs.")
|
|||||||
"List of extra options.")
|
"List of extra options.")
|
||||||
(no-serialization))
|
(no-serialization))
|
||||||
|
|
||||||
|
(define %cloudflare-tunnel-accounts
|
||||||
|
(list (user-account
|
||||||
|
(name "cloudflared")
|
||||||
|
(group "nogroup")
|
||||||
|
(system? #t)
|
||||||
|
(home-directory "/var/empty")
|
||||||
|
(create-home-directory? #f)
|
||||||
|
(shell (file-append shadow "/sbin/nologin")))))
|
||||||
|
|
||||||
(define cloudflare-tunnel-shepherd-service
|
(define cloudflare-tunnel-shepherd-service
|
||||||
(match-record-lambda <cloudflare-tunnel-configuration>
|
(match-record-lambda <cloudflare-tunnel-configuration>
|
||||||
(cloudflared log-level log-file extra-tunnel-options
|
(cloudflared log-level log-file extra-tunnel-options
|
||||||
token token-file extra-options)
|
token token-file extra-options)
|
||||||
(list (shepherd-service
|
(list (shepherd-service
|
||||||
(documentation "Run cloudflared.")
|
(documentation "Run cloudflared.")
|
||||||
(provision '(cloudflare-tunnel))
|
(provision '(cloudflare-tunnel cloudflared))
|
||||||
(requirement '(loopback networking))
|
(requirement '(loopback networking))
|
||||||
(start #~(make-forkexec-constructor
|
(start #~(make-forkexec-constructor
|
||||||
(list #$(file-append cloudflared "/bin/cloudflared")
|
(list #$(file-append cloudflared "/bin/cloudflared")
|
||||||
@ -176,7 +185,7 @@ headers. This can expose sensitive information in your logs.")
|
|||||||
#$@extra-tunnel-options
|
#$@extra-tunnel-options
|
||||||
"run"
|
"run"
|
||||||
#$@extra-options)
|
#$@extra-options)
|
||||||
#:user "nobody"
|
#:user "cloudflared"
|
||||||
#:group "nogroup"
|
#:group "nogroup"
|
||||||
#:log-file #$log-file
|
#:log-file #$log-file
|
||||||
#:environment-variables
|
#:environment-variables
|
||||||
@ -196,6 +205,8 @@ headers. This can expose sensitive information in your logs.")
|
|||||||
(extensions
|
(extensions
|
||||||
(list (service-extension shepherd-root-service-type
|
(list (service-extension shepherd-root-service-type
|
||||||
cloudflare-tunnel-shepherd-service)
|
cloudflare-tunnel-shepherd-service)
|
||||||
|
(service-extension account-service-type
|
||||||
|
(const %cloudflare-tunnel-accounts))
|
||||||
(service-extension log-rotation-service-type
|
(service-extension log-rotation-service-type
|
||||||
(compose list cloudflare-tunnel-configuration-log-file))))
|
(compose list cloudflare-tunnel-configuration-log-file))))
|
||||||
(default-value (cloudflare-tunnel-configuration))
|
(default-value (cloudflare-tunnel-configuration))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user