From patchwork Wed Nov 6 18:19:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alex Griffin X-Patchwork-Id: 15982 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 48543176E5; Wed, 6 Nov 2019 18:21:17 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id C0A92176E3 for ; Wed, 6 Nov 2019 18:21:16 +0000 (GMT) Received: from localhost ([::1]:34022 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iSPvg-0005jH-5E for patchwork@mira.cbaines.net; Wed, 06 Nov 2019 13:21:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:55415) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iSPvV-0005j1-CV for guix-patches@gnu.org; Wed, 06 Nov 2019 13:21:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iSPvT-0007Mr-JC for guix-patches@gnu.org; Wed, 06 Nov 2019 13:21:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:60675) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iSPvT-0007MO-2l for guix-patches@gnu.org; Wed, 06 Nov 2019 13:21:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iSPvS-0001Vs-H4 for guix-patches@gnu.org; Wed, 06 Nov 2019 13:21:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#38059] [PATCH 3/3] services: Add pagekite-service-type. References: <2303a2c2-9d07-4986-9444-0f371592643f@www.fastmail.com> In-Reply-To: <2303a2c2-9d07-4986-9444-0f371592643f@www.fastmail.com> Resent-From: "Alex Griffin" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 06 Nov 2019 18:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38059 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38059@debbugs.gnu.org Received: via spool by 38059-submit@debbugs.gnu.org id=B38059.15730644185728 (code B ref 38059); Wed, 06 Nov 2019 18:21:02 +0000 Received: (at 38059) by debbugs.gnu.org; 6 Nov 2019 18:20:18 +0000 Received: from localhost ([127.0.0.1]:41263 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iSPuf-0001U4-G4 for submit@debbugs.gnu.org; Wed, 06 Nov 2019 13:20:18 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:43653) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iSPuc-0001Tj-JO for 38059@debbugs.gnu.org; Wed, 06 Nov 2019 13:20:12 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id C5B8049C for <38059@debbugs.gnu.org>; Wed, 6 Nov 2019 13:20:04 -0500 (EST) Received: from imap6 ([10.202.2.56]) by compute6.internal (MEProxy); Wed, 06 Nov 2019 13:20:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ajgrf.com; h= mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=J7D0pOx6QlmQwt9BSWX7wLSeG8RT3ozvrN6HHEAZduo=; b=ZAPcyO3E 37S92Kc9ajZVQl5O5WkuzSKQ0BbI1i9woJIgGjyVGHbDHzTj8TS6U/6Tjtq9VI3a kIqbXoqKNdOG6GvqO2hBG6xZGdhbzfAz5VBlVnlyHWBNhTI+Wu0Icq0FruC/p6wn tepqAOyMZtNfdHNZkYE0jLRhzalzQO97sYY4cAP4Ma+9CY1GQVFfvK1gAnUSSe33 klsoOsGQdvdCsbj7Qrauq/A+a/YPn2yG5k+Qmit0xtEX6x+rmsD//lsWkFEnsGoi rLIXuN0NGwXo5sniS909YqCBkGLqTia8oCDJHsFOiPFM3CMHcOfdTNpb9/5w/nb7 sFVARGUCcJn/Iw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=J7D0pOx6QlmQwt9BSWX7wLSeG8RT3 ozvrN6HHEAZduo=; b=tLdhZhmy2fojBrXj1mGEbAmiKfJ37N3sL0pE0Ceja9hcd 2eZI93ySE2ZitE1APJgVtZEehGplOCaqSpxvDfquwVDqU3oV8fnw1T6NaqmJnUTJ mUZ9ofGG2J0mSEOupIwo8+fsvRc0v7uiqUuFT5m990Rw83Xyew+ggeU1fUupschc oWAN24FJOpDooDSDc1izDRhaErA+5fKU8p5mReOWis+vIZ4Pug4Uyxo5JsS600Tx gFmnvCeInllZFdest9xLdkMR+l9lHN9n2kZupOR1h4H3nhaMzGFz57iMq5oegDRQ xPQu09KwDVoTsCvSh64BG3gg90noheImeW0rT82xg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddujedgudduvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesmhdtre erreertdenucfhrhhomhepfdetlhgvgicuifhrihhffhhinhdfuceorgesrghjghhrfhdr tghomheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrsegrjhhgrhhfrdgtohhmnecuve hluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id BDB681400A2; Wed, 6 Nov 2019 13:20:03 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-509-ge3ec61c-fmstable-20191030v1 Mime-Version: 1.0 Message-Id: <04d1c886-0279-4ca1-8005-4fa1526d834d@www.fastmail.com> Date: Wed, 06 Nov 2019 18:19:43 +0000 From: "Alex Griffin" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This patch fixes a bug where the service wouldn't compile if you omitted `extra-file`, as well as some minor mistakes in the comments and documentation. From 46a5e48f5e89be4da3611bd11b55ed0e325c6538 Mon Sep 17 00:00:00 2001 From: Alex Griffin Date: Mon, 4 Nov 2019 19:29:24 -0600 Subject: [PATCH 3/3] services: Add pagekite-service-type. * gnu/services/networking.scm (pagekite-service-type): New service type. (): New record type. (pagekite-shepherd-service): New procedure. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 47 +++++++++++++++ gnu/services/networking.scm | 111 +++++++++++++++++++++++++++++++++++- 2 files changed, 157 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 7b1ee163c4..f01eb4ebe2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -66,6 +66,7 @@ Copyright @copyright{} 2019 Josh Holland@* Copyright @copyright{} 2019 Diego Nicola Barbato@* Copyright @copyright{} 2019 Ivan Petkov@* Copyright @copyright{} 2019 Jakob L. Kreuze@* +Copyright @copyright{} 2019 Alex Griffin@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -13953,6 +13954,52 @@ Package object of the Open vSwitch. @end table @end deftp +@defvr {Scheme Variable} pagekite-service-type +This is the service type for the @uref{https://pagekite.net, PageKite} service, +a tunneling solution for making localhost servers publicly visible, even from +behind NAT or restrictive firewalls. The value for this service type is a +@code{pagekite-configuration} record. + +Here's an example exposing the local HTTP and SSH daemons: + +@lisp +(service pagekite-service-type + (pagekite-configuration + (kites '("http:@@kitename:localhost:80:@@kitesecret" + "raw/22:@@kitename:localhost:22:@@kitesecret")) + (extra-file "/etc/pagekite.rc"))) +@end lisp +@end defvr + +@deftp {Data Type} pagekite-configuration +Data type representing the configuration of PageKite. + +@table @asis +@item @code{package} (default: @var{pagekite}) +Package object of PageKite. + +@item @code{kitename} (default: @code{#f}) +PageKite name for authenticating to the frontend server. + +@item @code{kitesecret} (default: @code{#f}) +Shared secret for authenticating to the frontend server. You should probably +put this inside @code{extra-file} instead. + +@item @code{frontend} (default: @code{#f}) +Connect to the named PageKite frontend server instead of the +@uref{https://pagekite.net,,pagekite.net} service. + +@item @code{kites} (default: @code{'("http:@@kitename:localhost:80:@@kitesecret")}) +List of service kites to use. Exposes HTTP on port 80 by default. The format +is @code{proto:kitename:host:port:secret}. + +@item @code{extra-file} (default: @code{#f}) +Extra configuration file to read, which you are expected to create manually. +Use this to add additional options and manage shared secrets out-of-band. + +@end table +@end deftp + @node X Window @subsection X Window diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index a1c1aad9f6..cd3402255d 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2019 Florian Pelz ;;; Copyright © 2019 Maxim Cournoyer ;;; Copyright © 2019 Sou Bunnbu +;;; Copyright © 2019 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -154,7 +155,17 @@ nftables-configuration? nftables-configuration-package nftables-configuration-ruleset - %default-nftables-ruleset)) + %default-nftables-ruleset + + pagekite-service-type + pagekite-configuration + pagekite-configuration? + pagekite-configuration-package + pagekite-configuration-kitename + pagekite-configuration-kitesecret + pagekite-configuration-frontend + pagekite-configuration-kites + pagekite-configuration-extra-file)) ;;; Commentary: ;;; @@ -1527,4 +1538,102 @@ table inet filter { (compose list nftables-configuration-package)))) (default-value (nftables-configuration)))) + +;;; +;;; PageKite +;;; + +(define-record-type* + pagekite-configuration + make-pagekite-configuration + pagekite-configuration? + (package pagekite-configuration-package + (default pagekite)) + (kitename pagekite-configuration-kitename + (default #f)) + (kitesecret pagekite-configuration-kitesecret + (default #f)) + (frontend pagekite-configuration-frontend + (default #f)) + (kites pagekite-configuration-kites + (default '("http:@kitename:localhost:80:@kitesecret"))) + (extra-file pagekite-configuration-extra-file + (default #f))) + +(define pagekite-configuration-file + (match-lambda + (($ package kitename kitesecret + frontend kites extra-file) + (mixed-text-file "pagekite.rc" + (if extra-file + (string-append "optfile = " extra-file "\n") + "") + (if kitename + (string-append "kitename = " kitename "\n") + "") + (if kitesecret + (string-append "kitesecret = " kitesecret "\n") + "") + (if frontend + (string-append "frontend = " frontend "\n") + "defaults\n") + (string-join (map (lambda (kite) + (string-append "service_on = " kite)) + kites) + "\n" + 'suffix))))) + +(define (pagekite-shepherd-service config) + (match config + (($ package kitename kitesecret + frontend kites extra-file) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (shepherd-service + (documentation "Run the PageKite service.") + (provision '(pagekite)) + (requirement '(networking)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start #~(make-forkexec-constructor/container + (list #$(file-append package "/bin/pagekite") + "--clean" + "--nullui" + "--nocrashreport" + "--runas=pagekite:pagekite" + (string-append "--optfile=" + #$(pagekite-configuration-file config))) + #:log-file "/var/log/pagekite.log" + #:mappings #$(if extra-file + #~(list (file-system-mapping + (source #$extra-file) + (target source))) + #~'()))) + ;; SIGTERM doesn't always work for some reason. + (stop #~(make-kill-destructor SIGINT))))))) + +(define %pagekite-accounts + (list (user-group (name "pagekite") (system? #t)) + (user-account + (name "pagekite") + (group "pagekite") + (system? #t) + (comment "PageKite user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define pagekite-service-type + (service-type + (name 'pagekite) + (default-value (pagekite-configuration)) + (extensions + (list (service-extension shepherd-root-service-type + (compose list pagekite-shepherd-service)) + (service-extension account-service-type + (const %pagekite-accounts)))) + (description + "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make +local servers publicly accessible on the web, even behind NATs and firewalls."))) + ;;; networking.scm ends here -- 2.23.0