seasharp/Rosenthal
1
0
Fork 0
mirror of https://codeberg.org/hako/Rosenthal.git synced 2025-11-07 13:04:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

services: Add user-id and group-id configuration options.

Browse Source
This commit is contained in:
Hilton Chain 2025-11-04 16:45:28 +08:00
parent 0d15cfdb28
commit ee65ec0e89
No known key found for this signature in database
GPG Key ID: ACC66D09CA528292
7 changed files with 346 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
modules/rosenthal/services/bittorrent.scm
View File

@ -6,6 +6,7 @@
#:use-module (ice-9 format)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (rosenthal utils predicates)
#:use-module (gnu packages admin)
#:use-module (gnu packages bittorrent)
#:use-module (gnu services)
@ -36,17 +37,30 @@
(extra-options
(list-of-strings '())
"List of extra options.")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(no-serialization))
(define %qbittorrent-accounts
(list (user-group (name "qbittorrent") (system? #t))
(user-account
(name "qbittorrent")
(group "qbittorrent")
(system? #t)
(comment "qBittorrent user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define qbittorrent-account
(match-record-lambda <qbittorrent-configuration>
(group-id user-id)
(list (user-group
(name "qbittorrent")
(id group-id)
(system? #t))
(user-account
(name "qbittorrent")
(group "qbittorrent")
(uid user-id)
(system? #t)
(comment "qBittorrent user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
;; Set default password to adminadmin
(define %qbittorrent-default-config-file
@ -106,7 +120,7 @@ WebUI\\Password_PBKDF2=\"@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtH
(service-extension activation-service-type
qbittorrent-activation)
(service-extension account-service-type
(const %qbittorrent-accounts))))
qbittorrent-account)))
(default-value (qbittorrent-configuration))
(description "Run qBittorrent daemon.")))

43
modules/rosenthal/services/child-error.scm
View File

@ -17,6 +17,7 @@
#:use-module (gnu system shadow)
#:use-module (rosenthal packages binaries)
#:use-module (rosenthal packages networking)
#:use-module (rosenthal utils predicates)
#:use-module (rosenthal utils serializers yaml)
#:export (clash-configuration
clash-service-type
@ -60,14 +61,23 @@
(config
(file-like (plain-file "empty" ""))
"Clash configuration file.")
;; Account
(group-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision
(list '(clash))
"A list of Shepherd service names (symbols) provided by this service.")
(no-serialization))
(define %clash-accounts
(list (user-group (name "clash") (system? #t))))
(define clash-account
(match-record-lambda <clash-configuration>
(group-id)
(list (user-group
(name "clash")
(id group-id)
(system? #t)))))
(define clash-activation
(match-record-lambda <clash-configuration>
@ -112,7 +122,7 @@
(service-extension activation-service-type
clash-activation)
(service-extension account-service-type
(const %clash-accounts))
clash-account)
(service-extension log-rotation-service-type
(compose list clash-configuration-log-file))))
(default-value (clash-configuration))
@ -155,16 +165,23 @@ headers. This can expose sensitive information in your logs.")
(extra-options
(list-of-strings '())
"List of extra options.")
;; Account
(user-id
(user-and-group-id #f)
"")
(no-serialization))
(define %cloudflare-tunnel-accounts
(list (user-account
(name "cloudflared")
(group "nogroup")
(system? #t)
(home-directory "/var/empty")
(create-home-directory? #f)
(shell (file-append shadow "/sbin/nologin")))))
(define cloudflare-tunnel-account
(match-record-lambda <cloudflare-tunnel-configuration>
(user-id)
(list (user-account
(name "cloudflared")
(group "nogroup")
(uid user-id)
(system? #t)
(home-directory "/var/empty")
(create-home-directory? #f)
(shell (file-append shadow "/sbin/nologin"))))))
(define cloudflare-tunnel-shepherd-service
(match-record-lambda <cloudflare-tunnel-configuration>
@ -203,7 +220,7 @@ headers. This can expose sensitive information in your logs.")
(list (service-extension shepherd-root-service-type
cloudflare-tunnel-shepherd-service)
(service-extension account-service-type
(const %cloudflare-tunnel-accounts))
cloudflare-tunnel-account)
(service-extension log-rotation-service-type
(compose list cloudflare-tunnel-configuration-log-file))))
(default-value (cloudflare-tunnel-configuration))

55
modules/rosenthal/services/messaging.scm
View File

@ -12,6 +12,7 @@
#:use-module (guix modules)
#:use-module (guix records)
#:use-module (rosenthal packages messaging)
#:use-module (rosenthal utils predicates)
#:export (heisenbridge-service-type
heisenbridge-configuration
@ -32,6 +33,12 @@
(config
file-like
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(heisenbridge))
"")
@ -43,12 +50,18 @@
""))
(define heisenbridge-account
(list (user-group (name "heisenbridge") (system? #t))
(user-account
(name "heisenbridge")
(group "heisenbridge")
(system? #t)
(home-directory "/var/empty"))))
(match-record-lambda <heisenbridge-configuration>
(group-id user-id)
(list (user-group
(name "heisenbridge")
(id group-id)
(system? #t))
(user-account
(name "heisenbridge")
(group "heisenbridge")
(uid user-id)
(system? #t)
(home-directory "/var/empty")))))
(define heisenbridge-shepherd
(match-record-lambda <heisenbridge-configuration>
@ -75,7 +88,7 @@
(name 'heisenbridge)
(extensions
(list (service-extension account-service-type
(const heisenbridge-account))
heisenbridge-account)
(service-extension shepherd-root-service-type
heisenbridge-shepherd)))
(description "")))
@ -92,6 +105,12 @@
(config
file-like
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(mautrix-telegram))
"")
@ -103,12 +122,18 @@
""))
(define mautrix-telegram-account
(list (user-group (name "mautrix") (system? #t))
(user-account
(name "mautrix-telegram")
(group "mautrix")
(system? #t)
(home-directory "/var/lib/mautrix-telegram"))))
(match-record-lambda <mautrix-telegram-configuration>
(group-id user-id)
(list (user-group
(name "mautrix-telegram")
(id group-id)
(system? #t))
(user-account
(name "mautrix-telegram")
(group "mautrix-telegram")
(uid user-id)
(system? #t)
(home-directory "/var/lib/mautrix-telegram")))))
(define mautrix-telegram-activation
(with-imported-modules (source-module-closure '((gnu build activation)))
@ -134,7 +159,7 @@
(list #$(file-append mautrix-telegram "/bin/mautrix-telegram")
"--no-update" "--config" #$config)
#:user "mautrix-telegram"
#:group "mautrix"
#:group "mautrix-telegram"
#:directory "/var/lib/mautrix-telegram"))
(stop #~(make-kill-destructor))
(auto-start? auto-start?)
@ -145,7 +170,7 @@
(name 'mautrix-telegram)
(extensions
(list (service-extension account-service-type
(const mautrix-telegram-account))
mautrix-telegram-account)
(service-extension activation-service-type
(const mautrix-telegram-activation))
(service-extension postgresql-role-service-type

61
modules/rosenthal/services/monitoring.scm
View File

@ -15,6 +15,7 @@
#:use-module (gnu services shepherd)
#:use-module (gnu packages guile-xyz)
#:use-module (rosenthal packages binaries)
#:use-module (rosenthal utils predicates)
#:export (alloy-configuration
alloy-service-type
@ -99,6 +100,12 @@
(postgresql-password-file
string
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(grafana))
"")
@ -110,11 +117,16 @@
""))
(define grafana-account
(lambda _
(list (user-group (name "grafana") (system? #t))
(match-record-lambda <grafana-configuration>
(group-id user-id)
(list (user-group
(name "grafana")
(id group-id)
(system? #t))
(user-account
(name "grafana")
(group "grafana")
(uid user-id)
(system? #t)
(comment "Grafana user")
(home-directory "/var/lib/grafana")))))
@ -190,6 +202,12 @@
(config
yaml-config
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(loki))
"")
@ -201,11 +219,16 @@
""))
(define loki-account
(lambda _
(list (user-group (name "loki") (system? #t))
(match-record-lambda <loki-configuration>
(group-id user-id)
(list (user-group
(name "loki")
(id group-id)
(system? #t))
(user-account
(name "loki")
(group "loki")
(uid user-id)
(system? #t)
(comment "Loki user")
(home-directory "/var/lib/loki")))))
@ -272,6 +295,12 @@
(config
yaml-config
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(mimir))
"")
@ -283,11 +312,16 @@
""))
(define mimir-account
(lambda _
(list (user-group (name "mimir") (system? #t))
(match-record-lambda <mimir-configuration>
(group-id user-id)
(list (user-group
(name "mimir")
(id group-id)
(system? #t))
(user-account
(name "mimir")
(group "mimir")
(uid user-id)
(system? #t)
(comment "Mimir user")
(home-directory "/var/lib/mimir")))))
@ -357,6 +391,12 @@
(config
yaml-config
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(shepherd-provision
(list-of-symbols '(prometheus))
"")
@ -368,11 +408,16 @@
""))
(define prometheus-account
(lambda _
(list (user-group (name "prometheus") (system? #t))
(match-record-lambda <prometheus-configuration>
(group-id user-id)
(list (user-group
(name "prometheus")
(id group-id)
(system? #t))
(user-account
(name "prometheus")
(group "prometheus")
(uid user-id)
(system? #t)
(comment "Prometheus user")
(home-directory "/var/lib/prometheus")))))

18
modules/rosenthal/services/networking.scm
View File

@ -16,6 +16,7 @@
#:use-module (gnu services dbus)
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
#:use-module (rosenthal utils predicates)
#:export (sing-box-service-type
sing-box-configuration
@ -26,10 +27,6 @@
;;; sing-box
;;;
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define-configuration/no-serialization sing-box-configuration
(sing-box
(file-like sing-box)
@ -40,6 +37,10 @@
(data-directory
(string "/var/lib/sing-box")
"")
;; Account
(group-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision
(list-of-symbols '(sing-box))
@ -55,7 +56,12 @@
""))
(define sing-box-account
(list (user-group (name "sing-box") (system? #t))))
(match-record-lambda <sing-box-configuration>
(group-id)
(list (user-group
(name "sing-box")
(id group-id)
(system? #t)))))
(define sing-box-activation
(match-record-lambda <sing-box-configuration>
@ -87,7 +93,7 @@
(name 'sing-box)
(extensions
(list (service-extension account-service-type
(const sing-box-account))
sing-box-account)
(service-extension activation-service-type
sing-box-activation)
(service-extension shepherd-root-service-type

252
modules/rosenthal/services/web.scm
View File

@ -22,6 +22,7 @@
#:use-module (guix records)
#:use-module (rosenthal packages binaries)
#:use-module (rosenthal packages web)
#:use-module (rosenthal utils predicates)
#:use-module (rosenthal utils serializers ini)
#:use-module (rosenthal utils serializers yaml)
#:export (caddy-configuration
@ -62,6 +63,13 @@
(caddyfile
file-like
"")
;; User
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision
(list-of-symbols '(caddy))
@ -73,14 +81,20 @@
(boolean #t)
""))
(define (caddy-accounts config)
(list (user-group (name "caddy") (system? #t))
(user-account
(name "caddy")
(group "caddy")
(system? #t)
(comment "Caddy user")
(home-directory "/var/lib/caddy"))))
(define caddy-accounts
(match-record-lambda <caddy-configuration>
(group-id user-id)
(list (user-group
(name "caddy")
(id group-id)
(system? #t))
(user-account
(name "caddy")
(group "caddy")
(uid user-id)
(system? #t)
(comment "Caddy user")
(home-directory "/var/lib/caddy")))))
(define caddy-privileged-programs
(match-record-lambda <caddy-configuration>
@ -171,6 +185,14 @@ reload its configuration file."))
(config
file-like
"")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd
(auto-start?
(boolean #t)
"")
@ -182,13 +204,19 @@ reload its configuration file."))
""))
(define conduit-account
(list (user-group (name "conduit") (system? #t))
(user-account
(name "conduit")
(group "conduit")
(system? #t)
(comment "Conduit user")
(home-directory "/var/empty"))))
(match-record-lambda <conduit-configuration>
(group-id user-id)
(list (user-group
(name "conduit")
(id group-id)
(system? #t))
(user-account
(name "conduit")
(group "conduit")
(uid user-id)
(system? #t)
(comment "Conduit user")
(home-directory "/var/empty")))))
(define conduit-activation
(match-record-lambda <conduit-configuration>
@ -225,7 +253,7 @@ reload its configuration file."))
(name 'conduit)
(extensions
(list (service-extension account-service-type
(const conduit-account))
conduit-account)
(service-extension activation-service-type
conduit-activation)
(service-extension shepherd-root-service-type
@ -239,10 +267,6 @@ reload its configuration file."))
;;;
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define list-of-file-likes?
(list-of file-like?))
@ -259,16 +283,28 @@ reload its configuration file."))
(postgresql-password-file
string
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(no-serialization))
(define %forgejo-accounts
(list (user-group (name "forgejo") (system? #t))
(user-account
(name "forgejo")
(group "forgejo")
(system? #t)
(comment "Forgejo user")
(home-directory "/var/lib/forgejo"))))
(define forgejo-account
(match-record-lambda <forgejo-configuration>
(group-id user-id)
(list (user-group
(name "forgejo")
(id group-id)
(system? #t))
(user-account
(name "forgejo")
(group "forgejo")
(uid user-id)
(system? #t)
(comment "Forgejo user")
(home-directory "/var/lib/forgejo")))))
(define forgejo-postgresql-role
(match-record-lambda <forgejo-configuration>
@ -328,7 +364,7 @@ reload its configuration file."))
(name 'forgejo)
(extensions
(list (service-extension account-service-type
(const %forgejo-accounts))
forgejo-account)
(service-extension postgresql-role-service-type
forgejo-postgresql-role)
(service-extension profile-service-type
@ -357,6 +393,14 @@ reload its configuration file."))
(log-file
(string "/var/log/iocaine.log")
"")
;; Account
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
;; Shepherd
(shepherd-provision
(list-of-symbols '(iocaine))
"")
@ -367,14 +411,20 @@ reload its configuration file."))
(boolean #t)
""))
(define iocaine-accounts
(list (user-group (name "iocaine") (system? #t))
(user-account
(name "iocaine")
(group "iocaine")
(system? #t)
(comment "Iocaine user")
(home-directory "/var/empty"))))
(define iocaine-account
(match-record-lambda <iocaine-configuration>
(group-id user-id)
(list (user-group
(name "iocaine")
(id group-id)
(system? #t))
(user-account
(name "iocaine")
(group "iocaine")
(uid user-id)
(system? #t)
(comment "Iocaine user")
(home-directory "/var/empty")))))
(define iocaine-etc
(match-record-lambda <iocaine-configuration>
@ -417,7 +467,7 @@ test its configuration file."))
(name 'iocaine)
(extensions
(list (service-extension account-service-type
(const iocaine-accounts))
iocaine-account)
(service-extension etc-service-type
iocaine-etc)
(service-extension shepherd-root-service-type
@ -447,6 +497,9 @@ test its configuration file."))
(log-file
(string "/var/log/jellyfin.log")
"Path to log file.")
(user-id
(user-and-group-id #f)
"")
(auto-start?
(boolean #t)
"Whether to start automatically.")
@ -455,13 +508,16 @@ test its configuration file."))
"List of extra options.")
(no-serialization))
(define %jellyfin-accounts
(list (user-account
(name "jellyfin")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define jellyfin-account
(match-record-lambda <jellyfin-configuration>
(user-id)
(list (user-account
(name "jellyfin")
(group "docker")
(uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define jellyfin-activation
(match-record-lambda <jellyfin-configuration>
@ -504,7 +560,7 @@ test its configuration file."))
(name 'jellyfin)
(extensions
(list (service-extension account-service-type
(const %jellyfin-accounts))
(const jellyfin-account))
(service-extension activation-service-type
jellyfin-activation)
(service-extension log-rotation-service-type
@ -527,19 +583,31 @@ test its configuration file."))
(port
(integer 25600)
"Port to listen to for the API and web interface.")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(auto-start?
(boolean #t)
"Whether to start automatically.")
(no-serialization))
(define %komga-accounts
(list (user-group (name "komga") (system? #t))
(user-account
(name "komga")
(group "komga")
(system? #t)
(comment "Komga user")
(home-directory "/var/lib/komga"))))
(define komga-account
(match-record-lambda <komga-configuration>
(group-id user-id)
(list (user-group
(name "komga")
(id group-id)
(system? #t))
(user-account
(name "komga")
(group "komga")
(uid user-id)
(system? #t)
(comment "Komga user")
(home-directory "/var/lib/komga")))))
(define komga-shepherd-service
(match-record-lambda <komga-configuration>
@ -566,7 +634,7 @@ test its configuration file."))
(name 'komga)
(extensions
(list (service-extension account-service-type
(const %komga-accounts))
komga-account)
(service-extension shepherd-root-service-type
komga-shepherd-service)))
(default-value (komga-configuration))
@ -588,6 +656,9 @@ test its configuration file."))
(data-directory
(string "/var/lib/misskey")
"Directory to store @file{files} in.")
(user-id
(user-and-group-id #f)
"")
(log-file
(string "/var/log/misskey.log")
"Log file to use.")
@ -596,13 +667,16 @@ test its configuration file."))
"")
(no-serialization))
(define %misskey-accounts
(list (user-account
(name "misskey")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define misskey-account
(match-record-lambda <misskey-configuration>
(user-id)
(list (user-account
(name "misskey")
(group "docker")
(uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define misskey-postgresql-role
(match-record-lambda <misskey-configuration>
@ -655,7 +729,7 @@ test its configuration file."))
(name 'misskey)
(extensions
(list (service-extension account-service-type
(const %misskey-accounts))
misskey-account)
(service-extension postgresql-role-service-type
misskey-postgresql-role)
(service-extension log-rotation-service-type
@ -679,6 +753,12 @@ test its configuration file."))
(ffmpeg
(file-like ffmpeg)
"")
(group-id
(user-and-group-id #f)
"")
(user-id
(user-and-group-id #f)
"")
(auto-start?
(boolean #t)
"")
@ -687,14 +767,20 @@ test its configuration file."))
"")
(no-serialization))
(define %navidrome-accounts
(list (user-group (name "navidrome") (system? #t))
(user-account
(name "navidrome")
(group "navidrome")
(system? #t)
(comment "Navidrome user")
(home-directory "/var/lib/navidrome"))))
(define navidrome-account
(match-record-lambda <navidrome-configuration>
(group-id user-id)
(list (user-group
(name "navidrome")
(id group-id)
(system? #t))
(user-account
(name "navidrome")
(group "navidrome")
(uid user-id)
(system? #t)
(comment "Navidrome user")
(home-directory "/var/lib/navidrome")))))
(define navidrome-shepherd-service
(match-record-lambda <navidrome-configuration>
@ -731,7 +817,7 @@ test its configuration file."))
(name 'navidrome)
(extensions
(list (service-extension account-service-type
(const %navidrome-accounts))
navidrome-account)
(service-extension shepherd-root-service-type
navidrome-shepherd-service)))
(default-value (navidrome-configuration))
@ -768,15 +854,21 @@ test its configuration file."))
(postgresql-password-file
string
"")
(user-id
(user-and-group-id #f)
"")
(no-serialization))
(define %vaultwarden-accounts
(list (user-account
(name "vaultwarden")
(group "docker")
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define vaultwarden-account
(match-record-lambda <vaultwarden-configuration>
(user-id)
(list (user-account
(name "vaultwarden")
(group "docker")
(uid user-id)
(system? #t)
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))))
(define vaultwarden-postgresql-role
(match-record-lambda <vaultwarden-configuration>
@ -842,7 +934,7 @@ test its configuration file."))
(name 'vaultwarden)
(extensions
(list (service-extension account-service-type
(const %vaultwarden-accounts))
vaultwarden-account)
(service-extension postgresql-role-service-type
vaultwarden-postgresql-role)
(service-extension activation-service-type

15
modules/rosenthal/utils/predicates.scm Normal file
View File

@ -0,0 +1,15 @@
;;; SPDX-License-Identifier: GPL-3.0-or-later
;;; Copyright © 2025 Hilton Chain <hako@ultrarare.space>
(define-module (rosenthal utils predicates)
#:use-module (guix gexp)
#:export (file-object?
user-and-group-id?))
(define (file-object? val)
(or (string? val)
(file-like? val)))
(define (user-and-group-id? val)
(or (integer? val)
(eqv? val #f)))