From patchwork Sat Nov 19 22:24:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 44688 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8478227BBEC; Sat, 19 Nov 2022 22:26:32 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8202C27BBE9 for ; Sat, 19 Nov 2022 22:26:28 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1owWHw-0007LE-Ha; Sat, 19 Nov 2022 17:26:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owWHj-0007Jr-S3 for guix-patches@gnu.org; Sat, 19 Nov 2022 17:26:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1owWHj-0004Sw-Cn for guix-patches@gnu.org; Sat, 19 Nov 2022 17:26:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1owWHj-0004h1-8y for guix-patches@gnu.org; Sat, 19 Nov 2022 17:26:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#59390] [PATCH 5/5] services: networking: Avoid 'match' on records. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 19 Nov 2022 22:26:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59390 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 59390@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 59390-submit@debbugs.gnu.org id=B59390.166889674417983 (code B ref 59390); Sat, 19 Nov 2022 22:26:03 +0000 Received: (at 59390) by debbugs.gnu.org; 19 Nov 2022 22:25:44 +0000 Received: from localhost ([127.0.0.1]:41595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owWHP-0004fx-5m for submit@debbugs.gnu.org; Sat, 19 Nov 2022 17:25:44 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50508) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1owWHJ-0004fG-RI for 59390@debbugs.gnu.org; Sat, 19 Nov 2022 17:25:39 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1owWHE-0004Kw-Kw; Sat, 19 Nov 2022 17:25:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=y+lM6rHtL2znr+Kaz1pTsVqaFIcwAVG5/SaibPBMQmE=; b=V7DHjEXexqZC6BnwRoaS xVw7quaecs7vVCFOUSwtHl/cpYbF2MukU/gFMPSfVgcyJ0Sw0TGAC2Xg8OFOdKlg/s0MM0+OryTEu 9gtX+sqT4gGghglZV2Mq00gqeFSFgf/+nDYmm9DY5rl3525/U54tCEgUGHtLhnG3Lp6rnxQfU+cwJ LHNUNOjC3TkNo2nsqIkqP6GqTlq13T4APaWJ1RBDoeVeVTkO9UthjPH83Zr57qL9g3tjBj3+zHlCj sIsEKvK6Ge6Y45VWGW011JT3+k7mh7fVVUbxTizhNau2nBJobGFJJtr7arUgZjYctMSnVHqEzqDKX j6F18i+S3gN8lw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1owWHD-0006LD-Ok; Sat, 19 Nov 2022 17:25:32 -0500 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Sat, 19 Nov 2022 23:24:54 +0100 Message-Id: <20221119222454.10759-5-ludo@gnu.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221119222454.10759-1-ludo@gnu.org> References: <20221119222454.10759-1-ludo@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/networking.scm (dhcp-client-shepherd-service): Use accessors instead of 'match'. (inetd-shepherd-service): Likewise. (tor-shepherd-service): Likewise. (network-manager-service-type): Likewise. (modem-manager-service-type): Likewise. (wpa-supplicant-service-type): Likewise. (openvswitch-activation): Likewise. (openvswitch-shepherd-service): Likewise. (dhcpd-shepherd-service): Use 'match-record' instead of 'match'. (dhcpd-activation): Likewise. (ntp-server->string): Likewise. (ntp-shepherd-service): Likewise. (tor-configuration->torrc): Likewise. (network-manager-activation): Likewise. (network-manager-environment): Likewise. (network-manager-shepherd-service): Likewise. (usb-modeswitch-configuration->udev-rules): Likewise. (wpa-supplicant-shepherd-service): Likewise. (iptables-shepherd-service): Likewise. (nftables-shepherd-service): Likewise. (keepalived-shepherd-service): Likewise. --- gnu/services/networking.scm | 661 ++++++++++++++++++------------------ 1 file changed, 327 insertions(+), 334 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index de02f16a34..4f5af1beb0 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -277,8 +277,10 @@ (define-record-type* (define dhcp-client-shepherd-service (match-lambda - (($ package interfaces) - (let ((pid-file "/var/run/dhclient.pid")) + ((? dhcp-client-configuration? config) + (let ((package (dhcp-client-configuration-package config)) + (interfaces (dhcp-client-configuration-interfaces config)) + (pid-file "/var/run/dhclient.pid")) (list (shepherd-service (documentation "Set up networking via DHCP.") (requirement '(user-processes udev)) @@ -359,46 +361,46 @@ (define-record-type* (interfaces dhcpd-configuration-interfaces (default '()))) -(define dhcpd-shepherd-service - (match-lambda - (($ package config-file version run-directory - lease-file pid-file interfaces) - (unless config-file - (error "Must supply a config-file")) - (list (shepherd-service - ;; Allow users to easily run multiple versions simultaneously. - (provision (list (string->symbol - (string-append "dhcpv" version "-daemon")))) - (documentation (string-append "Run the DHCPv" version " daemon")) - (requirement '(networking)) - (start #~(make-forkexec-constructor - '(#$(file-append package "/sbin/dhcpd") - #$(string-append "-" version) - "-lf" #$lease-file - "-pf" #$pid-file - "-cf" #$config-file - #$@interfaces) - #:pid-file #$pid-file)) - (stop #~(make-kill-destructor))))))) +(define (dhcpd-shepherd-service config) + (match-record config + (package config-file version run-directory + lease-file pid-file interfaces) + (unless config-file + (error "Must supply a config-file")) + (list (shepherd-service + ;; Allow users to easily run multiple versions simultaneously. + (provision (list (string->symbol + (string-append "dhcpv" version "-daemon")))) + (documentation (string-append "Run the DHCPv" version " daemon")) + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append package "/sbin/dhcpd") + #$(string-append "-" version) + "-lf" #$lease-file + "-pf" #$pid-file + "-cf" #$config-file + #$@interfaces) + #:pid-file #$pid-file)) + (stop #~(make-kill-destructor)))))) -(define dhcpd-activation - (match-lambda - (($ package config-file version run-directory - lease-file pid-file interfaces) - (with-imported-modules '((guix build utils)) - #~(begin - (unless (file-exists? #$run-directory) - (mkdir #$run-directory)) - ;; According to the DHCP manual (man dhcpd.leases), the lease - ;; database must be present for dhcpd to start successfully. - (unless (file-exists? #$lease-file) - (with-output-to-file #$lease-file - (lambda _ (display "")))) - ;; Validate the config. - (invoke/quiet - #$(file-append package "/sbin/dhcpd") - #$(string-append "-" version) - "-t" "-cf" #$config-file)))))) +(define (dhcpd-activation config) + (match-record config + (package config-file version run-directory + lease-file pid-file interfaces) + (with-imported-modules '((guix build utils)) + #~(begin + (unless (file-exists? #$run-directory) + (mkdir #$run-directory)) + ;; According to the DHCP manual (man dhcpd.leases), the lease + ;; database must be present for dhcpd to start successfully. + (unless (file-exists? #$lease-file) + (with-output-to-file #$lease-file + (lambda _ (display "")))) + ;; Validate the config. + (invoke/quiet + #$(file-append package "/sbin/dhcpd") + #$(string-append "-" version) + "-t" "-cf" #$config-file))))) (define dhcpd-service-type (service-type @@ -449,16 +451,16 @@ (define (flatten lst) (fold loop res x) (cons (format #f "~a" x) res))))) - (match ntp-server - (($ type address options) - ;; XXX: It'd be neater if fields were validated at the syntax level (for - ;; static ones at least). Perhaps the Guix record type could support a - ;; predicate property on a field? - (unless (enum-set-member? type ntp-server-types) - (error "Invalid NTP server type" type)) - (string-join (cons* (symbol->string type) - address - (flatten options)))))) + (match-record ntp-server + (type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (for + ;; static ones at least). Perhaps the Guix record type could support a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options))))) (define %ntp-servers ;; Default set of NTP servers. These URLs are managed by the NTP Pool project. @@ -497,17 +499,16 @@ (define (ntp-configuration-servers ntp-configuration) ((($ ) ($ ) ...) ntp-servers)))) -(define ntp-shepherd-service - (lambda (config) - (match config - (($ ntp servers allow-large-adjustment?) - (let ((servers (ntp-configuration-servers config))) - ;; TODO: Add authentication support. - (define config - (string-append "driftfile /var/run/ntpd/ntp.drift\n" - (string-join (map ntp-server->string servers) - "\n") - " +(define (ntp-shepherd-service config) + (match-record config + (ntp servers allow-large-adjustment?) + (let ((servers (ntp-configuration-servers config))) + ;; TODO: Add authentication support. + (define config + (string-append "driftfile /var/run/ntpd/ntp.drift\n" + (string-join (map ntp-server->string servers) + "\n") + " # Disable status queries as a workaround for CVE-2013-5211: # . restrict default kod nomodify notrap nopeer noquery limited @@ -521,21 +522,21 @@ (define config # option by default, as documented in the 'ntp.conf' manual. restrict source notrap nomodify noquery\n")) - (define ntpd.conf - (plain-file "ntpd.conf" config)) + (define ntpd.conf + (plain-file "ntpd.conf" config)) - (list (shepherd-service - (provision '(ntpd)) - (documentation "Run the Network Time Protocol (NTP) daemon.") - (requirement '(user-processes networking)) - (start #~(make-forkexec-constructor - (list (string-append #$ntp "/bin/ntpd") "-n" - "-c" #$ntpd.conf "-u" "ntpd" - #$@(if allow-large-adjustment? - '("-g") - '())) - #:log-file "/var/log/ntpd.log")) - (stop #~(make-kill-destructor))))))))) + (list (shepherd-service + (provision '(ntpd)) + (documentation "Run the Network Time Protocol (NTP) daemon.") + (requirement '(user-processes networking)) + (start #~(make-forkexec-constructor + (list (string-append #$ntp "/bin/ntpd") "-n" + "-c" #$ntpd.conf "-u" "ntpd" + #$@(if allow-large-adjustment? + '("-g") + '())) + #:log-file "/var/log/ntpd.log")) + (stop #~(make-kill-destructor))))))) (define %ntp-accounts (list (user-account @@ -742,19 +743,19 @@ (define (inetd-config-file entries) " ") "\n"))) entries))) -(define inetd-shepherd-service - (match-lambda - (($ program ()) '()) ; empty list of entries -> do nothing - (($ program entries) - (list - (shepherd-service - (documentation "Run inetd.") - (provision '(inetd)) - (requirement '(user-processes networking syslogd)) - (start #~(make-forkexec-constructor - (list #$program #$(inetd-config-file entries)) - #:pid-file "/var/run/inetd.pid")) - (stop #~(make-kill-destructor))))))) +(define (inetd-shepherd-service config) + (let ((entries (inetd-configuration-entries config))) + (if (null? entries) + '() ;do nothing + (let ((program (inetd-configuration-program config))) + (list (shepherd-service + (documentation "Run inetd.") + (provision '(inetd)) + (requirement '(user-processes networking syslogd)) + (start #~(make-forkexec-constructor + (list #$program #$(inetd-config-file entries)) + #:pid-file "/var/run/inetd.pid")) + (stop #~(make-kill-destructor)))))))) (define-public inetd-service-type (service-type @@ -938,97 +939,94 @@ (define-record-type (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." - (match config - (($ tor config-file services - socks-socket-type control-socket?) - (computed-file - "torrc" - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils) - (ice-9 match)) + (match-record config + (tor config-file hidden-services socks-socket-type control-socket?) + (computed-file + "torrc" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) - (call-with-output-file #$output - (lambda (port) - (display "\ + (call-with-output-file #$output + (lambda (port) + (display "\ ### These lines were generated from your system configuration: DataDirectory /var/lib/tor Log notice syslog\n" port) - (when (eq? 'unix '#$socks-socket-type) - (display "\ + (when (eq? 'unix '#$socks-socket-type) + (display "\ SocksPort unix:/var/run/tor/socks-sock UnixSocksGroupWritable 1\n" port)) - (when #$control-socket? - (display "\ + (when #$control-socket? + (display "\ ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck ControlSocketsGroupWritable 1\n" - port)) + port)) - (for-each (match-lambda - ((service (ports hosts) ...) - (format port "\ + (for-each (match-lambda + ((service (ports hosts) ...) + (format port "\ HiddenServiceDir /var/lib/tor/hidden-services/~a~%" - service) - (for-each (lambda (tcp-port host) - (format port "\ + service) + (for-each (lambda (tcp-port host) + (format port "\ HiddenServicePort ~a ~a~%" - tcp-port host)) - ports hosts))) - '#$(map (match-lambda - (($ name mapping) - (cons name mapping))) - services)) + tcp-port host)) + ports hosts))) + '#$(map (match-lambda + (($ name mapping) + (cons name mapping))) + hidden-services)) - (display "\ + (display "\ ### End of automatically generated lines.\n\n" port) - ;; Append the user's config file. - (call-with-input-file #$config-file - (lambda (input) - (dump-port input port))) - #t)))))))) + ;; Append the user's config file. + (call-with-input-file #$config-file + (lambda (input) + (dump-port input port))) + #t))))))) (define (tor-shepherd-service config) "Return a running Tor." - (match config - (($ tor) - (let* ((torrc (tor-configuration->torrc config)) - (tor (least-authority-wrapper - (file-append tor "/bin/tor") - #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) - #:namespaces (delq 'net %namespaces)))) - (list (shepherd-service - (provision '(tor)) + (let* ((torrc (tor-configuration->torrc config)) + (tor (least-authority-wrapper + (file-append (tor-configuration-tor config) "/bin/tor") + #:name "tor" + #:mappings (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + #:namespaces (delq 'net %namespaces)))) + (list (shepherd-service + (provision '(tor)) - ;; Tor needs at least one network interface to be up, hence the - ;; dependency on 'loopback'. - (requirement '(user-processes loopback syslogd)) + ;; Tor needs at least one network interface to be up, hence the + ;; dependency on 'loopback'. + (requirement '(user-processes loopback syslogd)) - ;; XXX: #:pid-file won't work because the wrapped 'tor' - ;; program would print its PID within the user namespace - ;; instead of its actual PID outside. There's no inetd or - ;; systemd socket activation support either (there's - ;; 'sd_notify' though), so we're stuck with that. - (start #~(make-forkexec-constructor - (list #$tor "-f" #$torrc) - #:user "tor" #:group "tor")) - (stop #~(make-kill-destructor)) - (actions (list (shepherd-configuration-action torrc))) - (documentation "Run the Tor anonymous network overlay."))))))) + ;; XXX: #:pid-file won't work because the wrapped 'tor' + ;; program would print its PID within the user namespace + ;; instead of its actual PID outside. There's no inetd or + ;; systemd socket activation support either (there's + ;; 'sd_notify' though), so we're stuck with that. + (start #~(make-forkexec-constructor + (list #$tor "-f" #$torrc) + #:user "tor" #:group "tor")) + (stop #~(make-kill-destructor)) + (actions (list (shepherd-configuration-action torrc))) + (documentation "Run the Tor anonymous network overlay."))))) (define (tor-activation config) "Set up directories for Tor and its hidden services, if any." @@ -1145,17 +1143,17 @@ (define-record-type* (vpn-plugins network-manager-configuration-vpn-plugins ;list of file-like (default '()))) -(define network-manager-activation +(define (network-manager-activation config) ;; Activation gexp for NetworkManager - (match-lambda - (($ network-manager dns vpn-plugins) - #~(begin - (use-modules (guix build utils)) - (mkdir-p "/etc/NetworkManager/system-connections") - #$@(if (equal? dns "dnsmasq") - ;; create directory to store dnsmasq lease file - '((mkdir-p "/var/lib/misc")) - '()))))) + (match-record config + (network-manager dns vpn-plugins) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/etc/NetworkManager/system-connections") + #$@(if (equal? dns "dnsmasq") + ;; create directory to store dnsmasq lease file + '((mkdir-p "/var/lib/misc")) + '())))) (define (vpn-plugin-directory plugins) "Return a directory containing PLUGINS, the NM VPN plugins." @@ -1188,44 +1186,44 @@ (define accounts (cons (user-group (name "network-manager") (system? #t)) accounts)))) -(define network-manager-environment - (match-lambda - (($ network-manager dns vpn-plugins) - ;; Define this variable in the global environment such that - ;; "nmcli connection import type openvpn file foo.ovpn" works. - `(("NM_VPN_PLUGIN_DIR" - . ,(file-append (vpn-plugin-directory vpn-plugins) - "/lib/NetworkManager/VPN")))))) +(define (network-manager-environment config) + (match-record config + (network-manager dns vpn-plugins) + ;; Define this variable in the global environment such that + ;; "nmcli connection import type openvpn file foo.ovpn" works. + `(("NM_VPN_PLUGIN_DIR" + . ,(file-append (vpn-plugin-directory vpn-plugins) + "/lib/NetworkManager/VPN"))))) -(define network-manager-shepherd-service - (match-lambda - (($ network-manager dns vpn-plugins) - (let ((conf (plain-file "NetworkManager.conf" - (string-append "[main]\ndns=" dns "\n"))) - (vpn (vpn-plugin-directory vpn-plugins))) - (list (shepherd-service - (documentation "Run the NetworkManager.") - (provision '(networking)) - (requirement '(user-processes dbus-system wpa-supplicant loopback)) - (start #~(make-forkexec-constructor - (list (string-append #$network-manager - "/sbin/NetworkManager") - (string-append "--config=" #$conf) - "--no-daemon") - #:environment-variables - (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn - "/lib/NetworkManager/VPN") - ;; Override non-existent default users - "NM_OPENVPN_USER=" - "NM_OPENVPN_GROUP="))) - (stop #~(make-kill-destructor)))))))) +(define (network-manager-shepherd-service config) + (match-record config + (network-manager dns vpn-plugins) + (let ((conf (plain-file "NetworkManager.conf" + (string-append "[main]\ndns=" dns "\n"))) + (vpn (vpn-plugin-directory vpn-plugins))) + (list (shepherd-service + (documentation "Run the NetworkManager.") + (provision '(networking)) + (requirement '(user-processes dbus-system wpa-supplicant loopback)) + (start #~(make-forkexec-constructor + (list (string-append #$network-manager + "/sbin/NetworkManager") + (string-append "--config=" #$conf) + "--no-daemon") + #:environment-variables + (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn + "/lib/NetworkManager/VPN") + ;; Override non-existent default users + "NM_OPENVPN_USER=" + "NM_OPENVPN_GROUP="))) + (stop #~(make-kill-destructor))))))) (define network-manager-service-type - (let - ((config->packages - (match-lambda - (($ network-manager _ vpn-plugins) - `(,network-manager ,@vpn-plugins))))) + (let ((config->packages + (lambda (config) + (match-record config + (network-manager vpn-plugins) + `(,network-manager ,@vpn-plugins))))) (service-type (name 'network-manager) @@ -1332,9 +1330,8 @@ (define connman-service-type (define modem-manager-service-type (let ((config->package - (match-lambda - (($ modem-manager) - (list modem-manager))))) + (lambda (config) + (list (modem-manager-configuration-modem-manager config))))) (service-type (name 'modem-manager) (extensions (list (service-extension dbus-root-service-type @@ -1405,24 +1402,25 @@ (define (usb-modeswitch-configuration->udev-rules config) usb-modeswitch package specified in CONFIG. The rules file will invoke usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right config file." - (match config - (($ usb-modeswitch data config-file) - (computed-file - "usb_modeswitch.rules" - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils)) - (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules")) - (out (string-append #$output "/lib/udev/rules.d")) - (script #$(usb-modeswitch-sh usb-modeswitch config-file))) - (mkdir-p out) - (chdir out) - (install-file in out) - (substitute* "40-usb_modeswitch.rules" - (("PROGRAM=\"usb_modeswitch") - (string-append "PROGRAM=\"" script "/usb_modeswitch")) - (("RUN\\+=\"usb_modeswitch") - (string-append "RUN+=\"" script "/usb_modeswitch")))))))))) + (match-record config + (usb-modeswitch usb-modeswitch-data config-file) + (computed-file + "usb_modeswitch.rules" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (let ((in (string-append #$usb-modeswitch-data + "/udev/40-usb_modeswitch.rules")) + (out (string-append #$output "/lib/udev/rules.d")) + (script #$(usb-modeswitch-sh usb-modeswitch config-file))) + (mkdir-p out) + (chdir out) + (install-file in out) + (substitute* "40-usb_modeswitch.rules" + (("PROGRAM=\"usb_modeswitch") + (string-append "PROGRAM=\"" script "/usb_modeswitch")) + (("RUN\\+=\"usb_modeswitch") + (string-append "RUN+=\"" script "/usb_modeswitch"))))))))) (define usb-modeswitch-service-type (service-type @@ -1466,40 +1464,39 @@ (define-record-type* (extra-options wpa-supplicant-configuration-extra-options ;list of strings (default '()))) -(define wpa-supplicant-shepherd-service - (match-lambda - (($ wpa-supplicant requirement pid-file dbus? - interface config-file extra-options) - (list (shepherd-service - (documentation "Run the WPA supplicant daemon") - (provision '(wpa-supplicant)) - (requirement (if dbus? - (cons 'dbus-system requirement) - requirement)) - (start #~(make-forkexec-constructor - (list (string-append #$wpa-supplicant - "/sbin/wpa_supplicant") - (string-append "-P" #$pid-file) - "-B" ;run in background - "-s" ;log to syslogd - #$@(if dbus? - #~("-u") - #~()) - #$@(if interface - #~((string-append "-i" #$interface)) - #~()) - #$@(if config-file - #~((string-append "-c" #$config-file)) - #~()) - #$@extra-options) - #:pid-file #$pid-file)) - (stop #~(make-kill-destructor))))))) +(define (wpa-supplicant-shepherd-service config) + (match-record config + (wpa-supplicant requirement pid-file dbus? + interface config-file extra-options) + (list (shepherd-service + (documentation "Run the WPA supplicant daemon") + (provision '(wpa-supplicant)) + (requirement (if dbus? + (cons 'dbus-system requirement) + requirement)) + (start #~(make-forkexec-constructor + (list (string-append #$wpa-supplicant + "/sbin/wpa_supplicant") + (string-append "-P" #$pid-file) + "-B" ;run in background + "-s" ;log to syslogd + #$@(if dbus? + #~("-u") + #~()) + #$@(if interface + #~((string-append "-i" #$interface)) + #~()) + #$@(if config-file + #~((string-append "-c" #$config-file)) + #~()) + #$@extra-options) + #:pid-file #$pid-file)) + (stop #~(make-kill-destructor)))))) (define wpa-supplicant-service-type (let ((config->package - (match-lambda - (($ wpa-supplicant) - (list wpa-supplicant))))) + (lambda (config) + (list (wpa-supplicant-configuration-wpa-supplicant config))))) (service-type (name 'wpa-supplicant) (extensions (list (service-extension shepherd-root-service-type @@ -1621,41 +1618,38 @@ (define-record-type* (package openvswitch-configuration-package (default openvswitch))) -(define openvswitch-activation - (match-lambda - (($ package) - (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool"))) - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils)) - (mkdir-p "/var/run/openvswitch") - (mkdir-p "/var/lib/openvswitch") - (let ((conf.db "/var/lib/openvswitch/conf.db")) - (unless (file-exists? conf.db) - (system* #$ovsdb-tool "create" conf.db))))))))) +(define (openvswitch-activation config) + (let ((ovsdb-tool (file-append (openvswitch-configuration-package config) + "/bin/ovsdb-tool"))) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/run/openvswitch") + (mkdir-p "/var/lib/openvswitch") + (let ((conf.db "/var/lib/openvswitch/conf.db")) + (unless (file-exists? conf.db) + (system* #$ovsdb-tool "create" conf.db))))))) -(define openvswitch-shepherd-service - (match-lambda - (($ package) - (let ((ovsdb-server (file-append package "/sbin/ovsdb-server")) - (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd"))) - (list - (shepherd-service - (provision '(ovsdb)) - (documentation "Run the Open vSwitch database server.") - (start #~(make-forkexec-constructor - (list #$ovsdb-server "--pidfile" - "--remote=punix:/var/run/openvswitch/db.sock") - #:pid-file "/var/run/openvswitch/ovsdb-server.pid")) - (stop #~(make-kill-destructor))) - (shepherd-service - (provision '(vswitchd)) - (requirement '(ovsdb)) - (documentation "Run the Open vSwitch daemon.") - (start #~(make-forkexec-constructor - (list #$ovs-vswitchd "--pidfile") - #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid")) - (stop #~(make-kill-destructor)))))))) +(define (openvswitch-shepherd-service config) + (let* ((package (openvswitch-configuration-package config)) + (ovsdb-server (file-append package "/sbin/ovsdb-server")) + (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd"))) + (list (shepherd-service + (provision '(ovsdb)) + (documentation "Run the Open vSwitch database server.") + (start #~(make-forkexec-constructor + (list #$ovsdb-server "--pidfile" + "--remote=punix:/var/run/openvswitch/db.sock") + #:pid-file "/var/run/openvswitch/ovsdb-server.pid")) + (stop #~(make-kill-destructor))) + (shepherd-service + (provision '(vswitchd)) + (requirement '(ovsdb)) + (documentation "Run the Open vSwitch daemon.") + (start #~(make-forkexec-constructor + (list #$ovs-vswitchd "--pidfile") + #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid")) + (stop #~(make-kill-destructor)))))) (define openvswitch-service-type (service-type @@ -1695,20 +1689,20 @@ (define-record-type* (ipv6-rules iptables-configuration-ipv6-rules (default %iptables-accept-all-rules))) -(define iptables-shepherd-service - (match-lambda - (($ iptables ipv4-rules ipv6-rules) - (let ((iptables-restore (file-append iptables "/sbin/iptables-restore")) - (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore"))) - (shepherd-service - (documentation "Packet filtering framework") - (provision '(iptables)) - (start #~(lambda _ - (invoke #$iptables-restore #$ipv4-rules) - (invoke #$ip6tables-restore #$ipv6-rules))) - (stop #~(lambda _ - (invoke #$iptables-restore #$%iptables-accept-all-rules) - (invoke #$ip6tables-restore #$%iptables-accept-all-rules)))))))) +(define (iptables-shepherd-service config) + (match-record config + (iptables ipv4-rules ipv6-rules) + (let ((iptables-restore (file-append iptables "/sbin/iptables-restore")) + (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore"))) + (shepherd-service + (documentation "Packet filtering framework") + (provision '(iptables)) + (start #~(lambda _ + (invoke #$iptables-restore #$ipv4-rules) + (invoke #$ip6tables-restore #$ipv6-rules))) + (stop #~(lambda _ + (invoke #$iptables-restore #$%iptables-accept-all-rules) + (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))) (define iptables-service-type (service-type @@ -1767,17 +1761,17 @@ (define-record-type* (ruleset nftables-configuration-ruleset ; file-like object (default %default-nftables-ruleset))) -(define nftables-shepherd-service - (match-lambda - (($ package ruleset) - (let ((nft (file-append package "/sbin/nft"))) - (shepherd-service - (documentation "Packet filtering and classification") - (provision '(nftables)) - (start #~(lambda _ - (invoke #$nft "--file" #$ruleset))) - (stop #~(lambda _ - (invoke #$nft "flush" "ruleset")))))))) +(define (nftables-shepherd-service config) + (match-record config + (package ruleset) + (let ((nft (file-append package "/sbin/nft"))) + (shepherd-service + (documentation "Packet filtering and classification") + (provision '(nftables)) + (start #~(lambda _ + (invoke #$nft "--file" #$ruleset))) + (stop #~(lambda _ + (invoke #$nft "flush" "ruleset"))))))) (define nftables-service-type (service-type @@ -2150,23 +2144,22 @@ (define-record-type* (config-file keepalived-configuration-config-file ;file-like (default #f))) -(define keepalived-shepherd-service - (match-lambda - (($ keepalived config-file) - (list - (shepherd-service - (provision '(keepalived)) - (documentation "Run keepalived.") - (requirement '(loopback)) - (start #~(make-forkexec-constructor - (list (string-append #$keepalived "/sbin/keepalived") - "--dont-fork" "--log-console" "--log-detail" - "--pid=/var/run/keepalived.pid" - (string-append "--use-file=" #$config-file)) - #:pid-file "/var/run/keepalived.pid" - #:log-file "/var/log/keepalived.log")) - (respawn? #f) - (stop #~(make-kill-destructor))))))) +(define (keepalived-shepherd-service config) + (match-record config + (keepalived config-file) + (list (shepherd-service + (provision '(keepalived)) + (documentation "Run keepalived.") + (requirement '(loopback)) + (start #~(make-forkexec-constructor + (list (string-append #$keepalived "/sbin/keepalived") + "--dont-fork" "--log-console" "--log-detail" + "--pid=/var/run/keepalived.pid" + (string-append "--use-file=" #$config-file)) + #:pid-file "/var/run/keepalived.pid" + #:log-file "/var/log/keepalived.log")) + (respawn? #f) + (stop #~(make-kill-destructor)))))) (define %keepalived-log-rotation (list (log-rotation