Wed Jan 08 11:40:40+0300 2025
b393278
Add unbound service
modules/cogd/services/dns.scm unknown status 1
| 1 | + | ;;; SPDX-FileCopyrightText: 2025 Evgeny Pisemsky <mail@pisemsky.site> | |
| 2 | + | ;;; | |
| 3 | + | ;;; SPDX-License-Identifier: GPL-3.0-or-later | |
| 4 | + | ||
| 5 | + | (define-module (cogd services dns)) | |
| 6 | + | ||
| 7 | + | (use-modules (guix records) | |
| 8 | + | (guix gexp) | |
| 9 | + | (gnu packages dns) | |
| 10 | + | (gnu packages admin) | |
| 11 | + | (gnu system shadow) | |
| 12 | + | (gnu services) | |
| 13 | + | (gnu services shepherd)) | |
| 14 | + | ||
| 15 | + | (export unbound-configuration | |
| 16 | + | unbound-configuration? | |
| 17 | + | unbound-configuration-package | |
| 18 | + | unbound-configuration-config-file | |
| 19 | + | unbound-configuration-requirement | |
| 20 | + | unbound-service-type) | |
| 21 | + | ||
| 22 | + | (define-record-type* <unbound-configuration> | |
| 23 | + | unbound-configuration | |
| 24 | + | make-unbound-configuration | |
| 25 | + | unbound-configuration? | |
| 26 | + | (package unbound-configuration-package | |
| 27 | + | (default unbound)) | |
| 28 | + | (config-file unbound-configuration-config-file | |
| 29 | + | (default #f)) | |
| 30 | + | (requirement unbound-configuration-requirement | |
| 31 | + | (default '(loopback)))) | |
| 32 | + | ||
| 33 | + | (define unbound-accounts | |
| 34 | + | (const | |
| 35 | + | (list (user-group | |
| 36 | + | (name "unbound") | |
| 37 | + | (system? #t)) | |
| 38 | + | (user-account | |
| 39 | + | (name "unbound") | |
| 40 | + | (group "unbound") | |
| 41 | + | (system? #t) | |
| 42 | + | (home-directory "/var/empty") | |
| 43 | + | (shell (file-append shadow "/sbin/nologin")))))) | |
| 44 | + | ||
| 45 | + | (define (unbound-shepherd-service config) | |
| 46 | + | (match-record | |
| 47 | + | config <unbound-configuration> | |
| 48 | + | (package config-file requirement) | |
| 49 | + | (list (shepherd-service | |
| 50 | + | (documentation "Run the Unbound DNS resolver.") | |
| 51 | + | (provision '(unbound)) | |
| 52 | + | (requirement requirement) | |
| 53 | + | (start #~(make-forkexec-constructor | |
| 54 | + | (list #$(file-append package "/sbin/unbound") | |
| 55 | + | "-d" "-p" | |
| 56 | + | #$@(if config-file | |
| 57 | + | (list "-c" config-file) | |
| 58 | + | '())))) | |
| 59 | + | (stop #~(make-kill-destructor)))))) | |
| 60 | + | ||
| 61 | + | (define unbound-service-type | |
| 62 | + | (service-type | |
| 63 | + | (description "Run the Unbound DNS resolver.") | |
| 64 | + | (name 'unbound) | |
| 65 | + | (extensions | |
| 66 | + | (list (service-extension account-service-type unbound-accounts) | |
| 67 | + | (service-extension shepherd-root-service-type unbound-shepherd-service))) | |
| 68 | + | (default-value (unbound-configuration)))) |