seasharp/Rosenthal
1
0
Fork 0
mirror of https://codeberg.org/hako/Rosenthal.git synced 2025-11-07 13:04:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

services: Add user-id and group-id configuration options.

Browse Source
This commit is contained in:
Hilton Chain 2025-11-04 16:45:28 +08:00
parent 0d15cfdb28
commit ee65ec0e89
No known key found for this signature in database
GPG Key ID: ACC66D09CA528292
7 changed files with 346 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
modules/rosenthal/services/bittorrent.scm
View File

@ -6,6 +6,7 @@
#:use-module (ice-9 format) #:use-module (ice-9 format)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix records) #:use-module (guix records)
#:use-module (rosenthal utils predicates)
#:use-module (gnu packages admin) #:use-module (gnu packages admin)
#:use-module (gnu packages bittorrent) #:use-module (gnu packages bittorrent)
#:use-module (gnu services) #:use-module (gnu services)
@ -36,17 +37,30 @@
(extra-options (extra-options
(list-of-strings '()) (list-of-strings '())
"List of extra options.") "List of extra options.")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(no-serialization)) (no-serialization))
(define %qbittorrent-accounts (define qbittorrent-account
(list (user-group (name "qbittorrent") (system? #t)) (match-record-lambda <qbittorrent-configuration>
(user-account (group-id user-id)
(name "qbittorrent") (list (user-group
(group "qbittorrent") (name "qbittorrent")
(system? #t) (id group-id)
(comment "qBittorrent user") (system? #t))
(home-directory "/var/empty") (user-account
(shell (file-append shadow "/sbin/nologin"))))) (name "qbittorrent")
(group "qbittorrent")
(uid user-id)
(system? #t)
(comment "qBittorrent user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
;; Set default password to adminadmin ;; Set default password to adminadmin
(define %qbittorrent-default-config-file (define %qbittorrent-default-config-file
@ -106,7 +120,7 @@ WebUI\\Password_PBKDF2=\"@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtH
(service-extension activation-service-type (service-extension activation-service-type
qbittorrent-activation) qbittorrent-activation)
(service-extension account-service-type (service-extension account-service-type
(const %qbittorrent-accounts)))) qbittorrent-account)))
(default-value (qbittorrent-configuration)) (default-value (qbittorrent-configuration))
(description "Run qBittorrent daemon."))) (description "Run qBittorrent daemon.")))

43
modules/rosenthal/services/child-error.scm
View File

@ -17,6 +17,7 @@
#:use-module (gnu system shadow) #:use-module (gnu system shadow)
#:use-module (rosenthal packages binaries) #:use-module (rosenthal packages binaries)
#:use-module (rosenthal packages networking) #:use-module (rosenthal packages networking)
#:use-module (rosenthal utils predicates)
#:use-module (rosenthal utils serializers yaml) #:use-module (rosenthal utils serializers yaml)
#:export (clash-configuration #:export (clash-configuration
clash-service-type clash-service-type
@ -60,14 +61,23 @@
(config (config
(file-like (plain-file "empty" "")) (file-like (plain-file "empty" ""))
"Clash configuration file.") "Clash configuration file.")
;; Account
(group-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision (shepherd-provision
(list '(clash)) (list '(clash))
"A list of Shepherd service names (symbols) provided by this service.") "A list of Shepherd service names (symbols) provided by this service.")
(no-serialization)) (no-serialization))
(define %clash-accounts (define clash-account
(list (user-group (name "clash") (system? #t)))) (match-record-lambda <clash-configuration>
(group-id)
(list (user-group
(name "clash")
(id group-id)
(system? #t)))))
(define clash-activation (define clash-activation
(match-record-lambda <clash-configuration> (match-record-lambda <clash-configuration>
@ -112,7 +122,7 @@
(service-extension activation-service-type (service-extension activation-service-type
clash-activation) clash-activation)
(service-extension account-service-type (service-extension account-service-type
(const %clash-accounts)) clash-account)
(service-extension log-rotation-service-type (service-extension log-rotation-service-type
(compose list clash-configuration-log-file)))) (compose list clash-configuration-log-file))))
(default-value (clash-configuration)) (default-value (clash-configuration))
@ -155,16 +165,23 @@ headers. This can expose sensitive information in your logs.")
(extra-options (extra-options
(list-of-strings '()) (list-of-strings '())
"List of extra options.") "List of extra options.")
;; Account
(user-id
(user-and-group-id #f)
"")
(no-serialization)) (no-serialization))
(define %cloudflare-tunnel-accounts (define cloudflare-tunnel-account
(list (user-account (match-record-lambda <cloudflare-tunnel-configuration>
(name "cloudflared") (user-id)
(group "nogroup") (list (user-account
(system? #t) (name "cloudflared")
(home-directory "/var/empty") (group "nogroup")
(create-home-directory? #f) (uid user-id)
(shell (file-append shadow "/sbin/nologin"))))) (system? #t)
(home-directory "/var/empty")
(create-home-directory? #f)
(shell (file-append shadow "/sbin/nologin"))))))
(define cloudflare-tunnel-shepherd-service (define cloudflare-tunnel-shepherd-service
(match-record-lambda <cloudflare-tunnel-configuration> (match-record-lambda <cloudflare-tunnel-configuration>
@ -203,7 +220,7 @@ headers. This can expose sensitive information in your logs.")
(list (service-extension shepherd-root-service-type (list (service-extension shepherd-root-service-type
cloudflare-tunnel-shepherd-service) cloudflare-tunnel-shepherd-service)
(service-extension account-service-type (service-extension account-service-type
(const %cloudflare-tunnel-accounts)) cloudflare-tunnel-account)
(service-extension log-rotation-service-type (service-extension log-rotation-service-type
(compose list cloudflare-tunnel-configuration-log-file)))) (compose list cloudflare-tunnel-configuration-log-file))))
(default-value (cloudflare-tunnel-configuration)) (default-value (cloudflare-tunnel-configuration))

55
modules/rosenthal/services/messaging.scm
View File

@ -12,6 +12,7 @@
#:use-module (guix modules) #:use-module (guix modules)
#:use-module (guix records) #:use-module (guix records)
#:use-module (rosenthal packages messaging) #:use-module (rosenthal packages messaging)
#:use-module (rosenthal utils predicates)
#:export (heisenbridge-service-type #:export (heisenbridge-service-type
heisenbridge-configuration heisenbridge-configuration
@ -32,6 +33,12 @@
(config (config
file-like file-like
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(heisenbridge)) (list-of-symbols '(heisenbridge))
"") "")
@ -43,12 +50,18 @@
"")) ""))
(define heisenbridge-account (define heisenbridge-account
(list (user-group (name "heisenbridge") (system? #t)) (match-record-lambda <heisenbridge-configuration>
(user-account (group-id user-id)
(name "heisenbridge") (list (user-group
(group "heisenbridge") (name "heisenbridge")
(system? #t) (id group-id)
(home-directory "/var/empty")))) (system? #t))
(user-account
(name "heisenbridge")
(group "heisenbridge")
(uid user-id)
(system? #t)
(home-directory "/var/empty")))))
(define heisenbridge-shepherd (define heisenbridge-shepherd
(match-record-lambda <heisenbridge-configuration> (match-record-lambda <heisenbridge-configuration>
@ -75,7 +88,7 @@
(name 'heisenbridge) (name 'heisenbridge)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const heisenbridge-account)) heisenbridge-account)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type
heisenbridge-shepherd))) heisenbridge-shepherd)))
(description ""))) (description "")))
@ -92,6 +105,12 @@
(config (config
file-like file-like
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(mautrix-telegram)) (list-of-symbols '(mautrix-telegram))
"") "")
@ -103,12 +122,18 @@
"")) ""))
(define mautrix-telegram-account (define mautrix-telegram-account
(list (user-group (name "mautrix") (system? #t)) (match-record-lambda <mautrix-telegram-configuration>
(user-account (group-id user-id)
(name "mautrix-telegram") (list (user-group
(group "mautrix") (name "mautrix-telegram")
(system? #t) (id group-id)
(home-directory "/var/lib/mautrix-telegram")))) (system? #t))
(user-account
(name "mautrix-telegram")
(group "mautrix-telegram")
(uid user-id)
(system? #t)
(home-directory "/var/lib/mautrix-telegram")))))
(define mautrix-telegram-activation (define mautrix-telegram-activation
(with-imported-modules (source-module-closure '((gnu build activation))) (with-imported-modules (source-module-closure '((gnu build activation)))
@ -134,7 +159,7 @@
(list #$(file-append mautrix-telegram "/bin/mautrix-telegram") (list #$(file-append mautrix-telegram "/bin/mautrix-telegram")
"--no-update" "--config" #$config) "--no-update" "--config" #$config)
#:user "mautrix-telegram" #:user "mautrix-telegram"
#:group "mautrix" #:group "mautrix-telegram"
#:directory "/var/lib/mautrix-telegram")) #:directory "/var/lib/mautrix-telegram"))
(stop #~(make-kill-destructor)) (stop #~(make-kill-destructor))
(auto-start? auto-start?) (auto-start? auto-start?)
@ -145,7 +170,7 @@
(name 'mautrix-telegram) (name 'mautrix-telegram)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const mautrix-telegram-account)) mautrix-telegram-account)
(service-extension activation-service-type (service-extension activation-service-type
(const mautrix-telegram-activation)) (const mautrix-telegram-activation))
(service-extension postgresql-role-service-type (service-extension postgresql-role-service-type

61
modules/rosenthal/services/monitoring.scm
View File

@ -15,6 +15,7 @@
#:use-module (gnu services shepherd) #:use-module (gnu services shepherd)
#:use-module (gnu packages guile-xyz) #:use-module (gnu packages guile-xyz)
#:use-module (rosenthal packages binaries) #:use-module (rosenthal packages binaries)
#:use-module (rosenthal utils predicates)
#:export (alloy-configuration #:export (alloy-configuration
alloy-service-type alloy-service-type
@ -99,6 +100,12 @@
(postgresql-password-file (postgresql-password-file
string string
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(grafana)) (list-of-symbols '(grafana))
"") "")
@ -110,11 +117,16 @@
"")) ""))
(define grafana-account (define grafana-account
(lambda _ (match-record-lambda <grafana-configuration>
(list (user-group (name "grafana") (system? #t)) (group-id user-id)
(list (user-group
(name "grafana")
(id group-id)
(system? #t))
(user-account (user-account
(name "grafana") (name "grafana")
(group "grafana") (group "grafana")
(uid user-id)
(system? #t) (system? #t)
(comment "Grafana user") (comment "Grafana user")
(home-directory "/var/lib/grafana"))))) (home-directory "/var/lib/grafana")))))
@ -190,6 +202,12 @@
(config (config
yaml-config yaml-config
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(loki)) (list-of-symbols '(loki))
"") "")
@ -201,11 +219,16 @@
"")) ""))
(define loki-account (define loki-account
(lambda _ (match-record-lambda <loki-configuration>
(list (user-group (name "loki") (system? #t)) (group-id user-id)
(list (user-group
(name "loki")
(id group-id)
(system? #t))
(user-account (user-account
(name "loki") (name "loki")
(group "loki") (group "loki")
(uid user-id)
(system? #t) (system? #t)
(comment "Loki user") (comment "Loki user")
(home-directory "/var/lib/loki"))))) (home-directory "/var/lib/loki")))))
@ -272,6 +295,12 @@
(config (config
yaml-config yaml-config
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(mimir)) (list-of-symbols '(mimir))
"") "")
@ -283,11 +312,16 @@
"")) ""))
(define mimir-account (define mimir-account
(lambda _ (match-record-lambda <mimir-configuration>
(list (user-group (name "mimir") (system? #t)) (group-id user-id)
(list (user-group
(name "mimir")
(id group-id)
(system? #t))
(user-account (user-account
(name "mimir") (name "mimir")
(group "mimir") (group "mimir")
(uid user-id)
(system? #t) (system? #t)
(comment "Mimir user") (comment "Mimir user")
(home-directory "/var/lib/mimir"))))) (home-directory "/var/lib/mimir")))))
@ -357,6 +391,12 @@
(config (config
yaml-config yaml-config
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision (shepherd-provision
(list-of-symbols '(prometheus)) (list-of-symbols '(prometheus))
"") "")
@ -368,11 +408,16 @@
"")) ""))
(define prometheus-account (define prometheus-account
(lambda _ (match-record-lambda <prometheus-configuration>
(list (user-group (name "prometheus") (system? #t)) (group-id user-id)
(list (user-group
(name "prometheus")
(id group-id)
(system? #t))
(user-account (user-account
(name "prometheus") (name "prometheus")
(group "prometheus") (group "prometheus")
(uid user-id)
(system? #t) (system? #t)
(comment "Prometheus user") (comment "Prometheus user")
(home-directory "/var/lib/prometheus"))))) (home-directory "/var/lib/prometheus")))))

18
modules/rosenthal/services/networking.scm
View File

@ -16,6 +16,7 @@
#:use-module (gnu services dbus) #:use-module (gnu services dbus)
#:use-module (gnu services shepherd) #:use-module (gnu services shepherd)
#:use-module (gnu system shadow) #:use-module (gnu system shadow)
#:use-module (rosenthal utils predicates)
#:export (sing-box-service-type #:export (sing-box-service-type
sing-box-configuration sing-box-configuration
@ -26,10 +27,6 @@
;;; sing-box ;;; sing-box
;;; ;;;
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define-configuration/no-serialization sing-box-configuration (define-configuration/no-serialization sing-box-configuration
(sing-box (sing-box
(file-like sing-box) (file-like sing-box)
@ -40,6 +37,10 @@
(data-directory (data-directory
(string "/var/lib/sing-box") (string "/var/lib/sing-box")
"") "")
;; Account
(group-id
(user-and-group-id #f)
"")
;; Shepherd ;; Shepherd
(shepherd-provision (shepherd-provision
(list-of-symbols '(sing-box)) (list-of-symbols '(sing-box))
@ -55,7 +56,12 @@
"")) ""))
(define sing-box-account (define sing-box-account
(list (user-group (name "sing-box") (system? #t)))) (match-record-lambda <sing-box-configuration>
(group-id)
(list (user-group
(name "sing-box")
(id group-id)
(system? #t)))))
(define sing-box-activation (define sing-box-activation
(match-record-lambda <sing-box-configuration> (match-record-lambda <sing-box-configuration>
@ -87,7 +93,7 @@
(name 'sing-box) (name 'sing-box)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const sing-box-account)) sing-box-account)
(service-extension activation-service-type (service-extension activation-service-type
sing-box-activation) sing-box-activation)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type

252
modules/rosenthal/services/web.scm
View File

@ -22,6 +22,7 @@
#:use-module (guix records) #:use-module (guix records)
#:use-module (rosenthal packages binaries) #:use-module (rosenthal packages binaries)
#:use-module (rosenthal packages web) #:use-module (rosenthal packages web)
#:use-module (rosenthal utils predicates)
#:use-module (rosenthal utils serializers ini) #:use-module (rosenthal utils serializers ini)
#:use-module (rosenthal utils serializers yaml) #:use-module (rosenthal utils serializers yaml)
#:export (caddy-configuration #:export (caddy-configuration
@ -62,6 +63,13 @@
(caddyfile (caddyfile
file-like file-like
"") "")
;; User
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd ;; Shepherd
(shepherd-provision (shepherd-provision
(list-of-symbols '(caddy)) (list-of-symbols '(caddy))
@ -73,14 +81,20 @@
(boolean #t) (boolean #t)
"")) ""))
(define (caddy-accounts config) (define caddy-accounts
(list (user-group (name "caddy") (system? #t)) (match-record-lambda <caddy-configuration>
(user-account (group-id user-id)
(name "caddy") (list (user-group
(group "caddy") (name "caddy")
(system? #t) (id group-id)
(comment "Caddy user") (system? #t))
(home-directory "/var/lib/caddy")))) (user-account
(name "caddy")
(group "caddy")
(uid user-id)
(system? #t)
(comment "Caddy user")
(home-directory "/var/lib/caddy")))))
(define caddy-privileged-programs (define caddy-privileged-programs
(match-record-lambda <caddy-configuration> (match-record-lambda <caddy-configuration>
@ -171,6 +185,14 @@ reload its configuration file."))
(config (config
file-like file-like
"") "")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd
(auto-start? (auto-start?
(boolean #t) (boolean #t)
"") "")
@ -182,13 +204,19 @@ reload its configuration file."))
"")) ""))
(define conduit-account (define conduit-account
(list (user-group (name "conduit") (system? #t)) (match-record-lambda <conduit-configuration>
(user-account (group-id user-id)
(name "conduit") (list (user-group
(group "conduit") (name "conduit")
(system? #t) (id group-id)
(comment "Conduit user") (system? #t))
(home-directory "/var/empty")))) (user-account
(name "conduit")
(group "conduit")
(uid user-id)
(system? #t)
(comment "Conduit user")
(home-directory "/var/empty")))))
(define conduit-activation (define conduit-activation
(match-record-lambda <conduit-configuration> (match-record-lambda <conduit-configuration>
@ -225,7 +253,7 @@ reload its configuration file."))
(name 'conduit) (name 'conduit)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const conduit-account)) conduit-account)
(service-extension activation-service-type (service-extension activation-service-type
conduit-activation) conduit-activation)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type
@ -239,10 +267,6 @@ reload its configuration file."))
;;; ;;;
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define list-of-file-likes? (define list-of-file-likes?
(list-of file-like?)) (list-of file-like?))
@ -259,16 +283,28 @@ reload its configuration file."))
(postgresql-password-file (postgresql-password-file
string string
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(no-serialization)) (no-serialization))
(define %forgejo-accounts (define forgejo-account
(list (user-group (name "forgejo") (system? #t)) (match-record-lambda <forgejo-configuration>
(user-account (group-id user-id)
(name "forgejo") (list (user-group
(group "forgejo") (name "forgejo")
(system? #t) (id group-id)
(comment "Forgejo user") (system? #t))
(home-directory "/var/lib/forgejo")))) (user-account
(name "forgejo")
(group "forgejo")
(uid user-id)
(system? #t)
(comment "Forgejo user")
(home-directory "/var/lib/forgejo")))))
(define forgejo-postgresql-role (define forgejo-postgresql-role
(match-record-lambda <forgejo-configuration> (match-record-lambda <forgejo-configuration>
@ -328,7 +364,7 @@ reload its configuration file."))
(name 'forgejo) (name 'forgejo)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %forgejo-accounts)) forgejo-account)
(service-extension postgresql-role-service-type (service-extension postgresql-role-service-type
forgejo-postgresql-role) forgejo-postgresql-role)
(service-extension profile-service-type (service-extension profile-service-type
@ -357,6 +393,14 @@ reload its configuration file."))
(log-file (log-file
(string "/var/log/iocaine.log") (string "/var/log/iocaine.log")
"") "")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision (shepherd-provision
(list-of-symbols '(iocaine)) (list-of-symbols '(iocaine))
"") "")
@ -367,14 +411,20 @@ reload its configuration file."))
(boolean #t) (boolean #t)
"")) ""))
(define iocaine-accounts (define iocaine-account
(list (user-group (name "iocaine") (system? #t)) (match-record-lambda <iocaine-configuration>
(user-account (group-id user-id)
(name "iocaine") (list (user-group
(group "iocaine") (name "iocaine")
(system? #t) (id group-id)
(comment "Iocaine user") (system? #t))
(home-directory "/var/empty")))) (user-account
(name "iocaine")
(group "iocaine")
(uid user-id)
(system? #t)
(comment "Iocaine user")
(home-directory "/var/empty")))))
(define iocaine-etc (define iocaine-etc
(match-record-lambda <iocaine-configuration> (match-record-lambda <iocaine-configuration>
@ -417,7 +467,7 @@ test its configuration file."))
(name 'iocaine) (name 'iocaine)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const iocaine-accounts)) iocaine-account)
(service-extension etc-service-type (service-extension etc-service-type
iocaine-etc) iocaine-etc)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type
@ -447,6 +497,9 @@ test its configuration file."))
(log-file (log-file
(string "/var/log/jellyfin.log") (string "/var/log/jellyfin.log")
"Path to log file.") "Path to log file.")
(user-id
(user-and-group-id #f)
"")
(auto-start? (auto-start?
(boolean #t) (boolean #t)
"Whether to start automatically.") "Whether to start automatically.")
@ -455,13 +508,16 @@ test its configuration file."))
"List of extra options.") "List of extra options.")
(no-serialization)) (no-serialization))
(define %jellyfin-accounts (define jellyfin-account
(list (user-account (match-record-lambda <jellyfin-configuration>
(name "jellyfin") (user-id)
(group "docker") (list (user-account
(system? #t) (name "jellyfin")
(home-directory "/var/empty") (group "docker")
(shell (file-append shadow "/sbin/nologin"))))) (uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define jellyfin-activation (define jellyfin-activation
(match-record-lambda <jellyfin-configuration> (match-record-lambda <jellyfin-configuration>
@ -504,7 +560,7 @@ test its configuration file."))
(name 'jellyfin) (name 'jellyfin)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %jellyfin-accounts)) (const jellyfin-account))
(service-extension activation-service-type (service-extension activation-service-type
jellyfin-activation) jellyfin-activation)
(service-extension log-rotation-service-type (service-extension log-rotation-service-type
@ -527,19 +583,31 @@ test its configuration file."))
(port (port
(integer 25600) (integer 25600)
"Port to listen to for the API and web interface.") "Port to listen to for the API and web interface.")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(auto-start? (auto-start?
(boolean #t) (boolean #t)
"Whether to start automatically.") "Whether to start automatically.")
(no-serialization)) (no-serialization))
(define %komga-accounts (define komga-account
(list (user-group (name "komga") (system? #t)) (match-record-lambda <komga-configuration>
(user-account (group-id user-id)
(name "komga") (list (user-group
(group "komga") (name "komga")
(system? #t) (id group-id)
(comment "Komga user") (system? #t))
(home-directory "/var/lib/komga")))) (user-account
(name "komga")
(group "komga")
(uid user-id)
(system? #t)
(comment "Komga user")
(home-directory "/var/lib/komga")))))
(define komga-shepherd-service (define komga-shepherd-service
(match-record-lambda <komga-configuration> (match-record-lambda <komga-configuration>
@ -566,7 +634,7 @@ test its configuration file."))
(name 'komga) (name 'komga)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %komga-accounts)) komga-account)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type
komga-shepherd-service))) komga-shepherd-service)))
(default-value (komga-configuration)) (default-value (komga-configuration))
@ -588,6 +656,9 @@ test its configuration file."))
(data-directory (data-directory
(string "/var/lib/misskey") (string "/var/lib/misskey")
"Directory to store @file{files} in.") "Directory to store @file{files} in.")
(user-id
(user-and-group-id #f)
"")
(log-file (log-file
(string "/var/log/misskey.log") (string "/var/log/misskey.log")
"Log file to use.") "Log file to use.")
@ -596,13 +667,16 @@ test its configuration file."))
"") "")
(no-serialization)) (no-serialization))
(define %misskey-accounts (define misskey-account
(list (user-account (match-record-lambda <misskey-configuration>
(name "misskey") (user-id)
(group "docker") (list (user-account
(system? #t) (name "misskey")
(home-directory "/var/empty") (group "docker")
(shell (file-append shadow "/sbin/nologin"))))) (uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define misskey-postgresql-role (define misskey-postgresql-role
(match-record-lambda <misskey-configuration> (match-record-lambda <misskey-configuration>
@ -655,7 +729,7 @@ test its configuration file."))
(name 'misskey) (name 'misskey)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %misskey-accounts)) misskey-account)
(service-extension postgresql-role-service-type (service-extension postgresql-role-service-type
misskey-postgresql-role) misskey-postgresql-role)
(service-extension log-rotation-service-type (service-extension log-rotation-service-type
@ -679,6 +753,12 @@ test its configuration file."))
(ffmpeg (ffmpeg
(file-like ffmpeg) (file-like ffmpeg)
"") "")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(auto-start? (auto-start?
(boolean #t) (boolean #t)
"") "")
@ -687,14 +767,20 @@ test its configuration file."))
"") "")
(no-serialization)) (no-serialization))
(define %navidrome-accounts (define navidrome-account
(list (user-group (name "navidrome") (system? #t)) (match-record-lambda <navidrome-configuration>
(user-account (group-id user-id)
(name "navidrome") (list (user-group
(group "navidrome") (name "navidrome")
(system? #t) (id group-id)
(comment "Navidrome user") (system? #t))
(home-directory "/var/lib/navidrome")))) (user-account
(name "navidrome")
(group "navidrome")
(uid user-id)
(system? #t)
(comment "Navidrome user")
(home-directory "/var/lib/navidrome")))))
(define navidrome-shepherd-service (define navidrome-shepherd-service
(match-record-lambda <navidrome-configuration> (match-record-lambda <navidrome-configuration>
@ -731,7 +817,7 @@ test its configuration file."))
(name 'navidrome) (name 'navidrome)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %navidrome-accounts)) navidrome-account)
(service-extension shepherd-root-service-type (service-extension shepherd-root-service-type
navidrome-shepherd-service))) navidrome-shepherd-service)))
(default-value (navidrome-configuration)) (default-value (navidrome-configuration))
@ -768,15 +854,21 @@ test its configuration file."))
(postgresql-password-file (postgresql-password-file
string string
"") "")
(user-id
(user-and-group-id #f)
"")
(no-serialization)) (no-serialization))
(define %vaultwarden-accounts (define vaultwarden-account
(list (user-account (match-record-lambda <vaultwarden-configuration>
(name "vaultwarden") (user-id)
(group "docker") (list (user-account
(system? #t) (name "vaultwarden")
(home-directory "/var/empty") (group "docker")
(shell (file-append shadow "/sbin/nologin"))))) (uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define vaultwarden-postgresql-role (define vaultwarden-postgresql-role
(match-record-lambda <vaultwarden-configuration> (match-record-lambda <vaultwarden-configuration>
@ -842,7 +934,7 @@ test its configuration file."))
(name 'vaultwarden) (name 'vaultwarden)
(extensions (extensions
(list (service-extension account-service-type (list (service-extension account-service-type
(const %vaultwarden-accounts)) vaultwarden-account)
(service-extension postgresql-role-service-type (service-extension postgresql-role-service-type
vaultwarden-postgresql-role) vaultwarden-postgresql-role)
(service-extension activation-service-type (service-extension activation-service-type

15
modules/rosenthal/utils/predicates.scm Normal file
View File

@ -0,0 +1,15 @@
;;; SPDX-License-Identifier: GPL-3.0-or-later
;;; Copyright © 2025 Hilton Chain <hako@ultrarare.space>
(define-module (rosenthal utils predicates)
#:use-module (guix gexp)
#:export (file-object?
user-and-group-id?))
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define (user-and-group-id? val)
(or (integer? val)
(eqv? val #f)))