;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 nee ;;; Copyright © 2021, 2022 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu services telephony) #:use-module ((gnu build jami-service) #:select (account-fingerprint?)) #:use-module ((gnu services) #:hide (delete)) #:use-module (gnu services configuration) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module (gnu packages admin) #:use-module (gnu packages certs) #:use-module (gnu packages glib) #:use-module (gnu packages guile-xyz) #:use-module (
summaryrefslogtreecommitdiff
path: root/test/unit
diff options
context:
space:
mode:
Diffstat (limited to 'test/unit')
-rw-r--r--test/unit/test_policy_enforcing.py38
-rw-r--r--test/unit/utils.py6
2 files changed, 24 insertions, 20 deletions
diff --git a/test/unit/test_policy_enforcing.py b/test/unit/test_policy_enforcing.py
index 2f7bc80..4b7c173 100644
--- a/test/unit/test_policy_enforcing.py
+++ b/test/unit/test_policy_enforcing.py
@@ -41,25 +41,17 @@ payload_policy = {
content_script = load_script('content/policy_enforcing.js') + ''';{
const smuggled_what_to_do = /^[^#]*#?(.*)$/.exec(document.URL)[1];
-const what_to_do = smuggled_what_to_do === "" ? {allow: true} :
+const what_to_do = smuggled_what_to_do === "" ? {policy: {allow: true}} :
JSON.parse(decodeURIComponent(smuggled_what_to_do));
if (what_to_do.csp_off) {
const orig_DOMParser = window.DOMParser;
window.DOMParser = function() {
- parser = new orig_DOMParser();
+ const parser = new orig_DOMParser();
this.parseFromString = () => parser.parseFromString('', 'text/html');
}
}
-if (what_to_do.onbeforescriptexecute_off)
- prevent_script_execution = () => {};
-
-if (what_to_do.sanitize_script_off) {
- sanitize_script = () => {};
- desanitize_script = () => {};
-}
-
enforce_blocking(what_to_do.policy);
}'''
@@ -71,13 +63,22 @@ def get(driver, page, what_to_do):
@pytest.mark.ext_data({'content_script': content_script})
@pytest.mark.usefixtures('webextension')
-def test_policy_enforcing(driver, execute_in_page):
+# Under Mozilla we use several mechanisms of script blocking. Some serve as
+# fallbacks in case others break. CSP one of those mechanisms. Here we run the
+# test once with CSP blocking on and once without it. This allows us to verify
+# that the CSP-less blocking approaches by themselves also work. We don't do the
+# reverse (CSP on and other mechanisms off) because CSP rules added through
+# <meta> injection are not reliable enough - they do not always take effect
+# immediately and there's nothing we can do to fix it.
+@pytest.mark.parametrize('csp_off_setting', [{}, {'csp_off': True}])
+def test_policy_enforcing_html(driver, execute_in_page, csp_off_setting):
"""
- A test case of sanitizing <script>s and <meta>s in pages.
+ A test case of sanitizing <script>s and intrinsic javascript in pages.
"""
# First, see if scripts run when not blocked.
get(driver, 'https://gotmyowndoma.in/scripts_to_block_1.html', {
- 'policy': allow_policy
+ 'policy': allow_policy,
+ **csp_off_setting
})
for i in range(1, 3):
@@ -85,26 +86,29 @@ def test_policy_enforcing(driver, execute_in_page):
assert set(driver.execute_script('return window.__run || [];')) == \
{'inline', 'on', 'href', 'src', 'data'}
+ assert are_scripts_allowed(driver)
# Now, verify scripts don't run when blocked.
get(driver, 'https://gotmyowndoma.in/scripts_to_block_1.html', {
- 'policy': block_policy
+ 'policy': block_policy,
+ **csp_off_setting
})
for i in range(1, 3):
driver.find_element_by_id(f'clickme{i}').click()
assert set(driver.execute_script('return window.__run || [];')) == set()
- assert not are_scripts_allowed(driver)
+ assert bool(csp_off_setting) == are_scripts_allowed(driver)
# Now, verify only scripts with nonce can run when payload is injected.
get(driver, 'https://gotmyowndoma.in/scripts_to_block_1.html', {
- 'policy': payload_policy
+ 'policy': payload_policy,
+ **csp_off_setting
})
for i in range(1, 3):
driver.find_element_by_id(f'clickme{i}').click()
assert set(driver.execute_script('return window.__run || [];')) == set()
- assert not are_scripts_allowed(driver)
+ assert bool(csp_off_setting) == are_scripts_allowed(driver)
assert are_scripts_allowed(driver, nonce)
diff --git a/test/unit/utils.py b/test/unit/utils.py
index 8e04d91..4d8766e 100644
--- a/test/unit/utils.py
+++ b/test/unit/utils.py
@@ -191,12 +191,12 @@ broker_js = lambda: load_script('background/broadcast_broker.js') + ';start();'
def are_scripts_allowed(driver, nonce=None):
return driver.execute_script(
'''
- document.scripts_allowed = false;
+ document.haketilo_scripts_allowed = false;
const script = document.createElement("script");
- script.innerHTML = "document.scripts_allowed = true;";
+ script.innerHTML = "document.haketilo_scripts_allowed = true;";
if (arguments[0])
script.setAttribute("nonce", arguments[0]);
document.head.append(script);
- return document.scripts_allowed;
+ return document.haketilo_scripts_allowed;
''',
nonce)
s keyed by their account username.") (procedure #~(lambda _ ;; Print the accounts summary or long listing, according to ;; user-provided option. (let* ((usernames (get-usernames)) (accounts (map-in-order username->account usernames))) (match accounts (() ;empty list (format #t "There is no Jami account available.~%")) ((one two ...) (format #t "The following Jami accounts are available:~%") (for-each (lambda (account) (define fingerprint (assoc-ref account "Account.username")) (define human-friendly-name (or (assoc-ref account "Account.registeredName") (assoc-ref account "Account.displayName") (assoc-ref account "Account.alias"))) (define disabled? (and=> (assoc-ref account "Account.enable") (cut string=? "false" <>))) (format #t " - ~a~@[ (~a)~] ~:[~;[disabled]~]~%" fingerprint human-friendly-name disabled?)) accounts) (display "\n"))) ;; Return the account-details-list alist. (map cons usernames accounts)))))) (define list-account-details-action (shepherd-action (name 'list-account-details) (documentation "Display the account details of the available Jami accounts in the @code{recutils} format. Return the account details alists keyed by their account username.") (procedure #~(lambda _ (let* ((usernames (get-usernames)) (accounts (map-in-order username->account usernames))) (for-each (lambda (account) (display (account-details->recutil account)) (display "\n\n")) accounts) (map cons usernames accounts)))))) (define list-contacts-action (shepherd-action (name 'list-contacts) (documentation "Display the contacts for each Jami account. Return an alist containing the contacts keyed by the account usernames.") (procedure #~(lambda _ (let* ((usernames (get-usernames)) (contacts (map-in-order username->contacts usernames))) (for-each (lambda (username contacts) (format #t "Contacts for account ~a:~%" username) (format #t "~{ - ~a~%~}~%" contacts)) usernames contacts) (map cons usernames contacts)))))) (define list-moderators-action (shepherd-action (name 'list-moderators) (documentation "Display the moderators for each Jami account. Return an alist containing the moderators keyed by the account usernames.") (procedure #~(lambda _ (let* ((usernames (get-usernames)) (moderators (map-in-order username->moderators usernames))) (for-each (lambda (username moderators) (if (username->all-moderators? username) (format #t "Anyone can moderate for account ~a~%" username) (begin (format #t "Moderators for account ~a:~%" username) (format #t "~{ - ~a~%~}~%" moderators)))) usernames moderators) (map cons usernames moderators)))))) (define add-moderator-action (shepherd-action (name 'add-moderator) (documentation "Add a moderator for a given Jami account. The MODERATOR contact must be given as its 40 characters fingerprint, while the Jami account can be provided as its registered USERNAME or fingerprint. @example herd add-moderator jami 1dbcb0f5f37324228235564b79f2b9737e9a008f username @end example Return the moderators for the account known by USERNAME.") (procedure #~(lambda (_ moderator username) (set-all-moderators #f username) (add-contact moderator username) (set-moderator moderator #t username) (username->moderators username))))) (define ban-contact-action (shepherd-action (name 'ban-contact) (documentation "Ban a contact for a given or all Jami accounts, and clear their moderator flag. The CONTACT must be given as its 40 characters fingerprint, while the Jami account can be provided as its registered USERNAME or fingerprint, or omitted. When the account is omitted, CONTACT is banned from all accounts. @example herd ban-contact jami 1dbcb0f5f37324228235564b79f2b9737e9a008f [username] @end example") (procedure #~(lambda* (_ contact #:optional username) (let ((usernames (or (and=> username list) (get-usernames)))) (for-each (lambda (username) (set-moderator contact #f username) (remove-contact contact username #:ban? #t)) usernames)))))) (define list-banned-contacts-action (shepherd-action (name 'list-banned-contacts) (documentation "List the banned contacts for each accounts. Return an alist of the banned contacts, keyed by the account usernames.") (procedure #~(lambda _ (define banned-contacts (let ((usernames (get-usernames))) (map cons usernames (map-in-order (lambda (x) (receive (_ banned) (username->contacts x) banned)) usernames)))) (for-each (match-lambda ((username . banned) (unless (null? banned) (format #t "Banned contacts for account ~a:~%" username) (format #t "~{ - ~a~%~}~%" banned)))) banned-contacts) banned-contacts)))) (define enable-account-action (shepherd-action (name 'enable-account) (documentation "Enable an account. It takes USERNAME as an argument, either a registered username or the fingerprint of the account.") (procedure #~(lambda (_ username) (enable-account username))))) (define disable-account-action (shepherd-action (name 'disable-account) (documentation "Disable an account. It takes USERNAME as an argument, either a registered username or the fingerprint of the account.") (procedure #~(lambda (_ username) (disable-account username))))) (list (shepherd-service (documentation "Run a D-Bus session for the Jami daemon.") (provision '(jami-dbus-session)) (modules `((gnu build shepherd) (gnu build dbus-service) (gnu build jami-service) (gnu system file-systems) ,@%default-modules)) ;; The requirement on dbus-system is to ensure other required ;; activation for D-Bus, such as a /etc/machine-id file. (requirement '(dbus-system syslogd)) (start #~(make-forkexec-constructor/container (list #$dbus-daemon "--session" "--address=unix:path=/var/run/jami/bus" "--syslog-only") #:pid-file "/var/run/jami/pid" #:mappings (list (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/jami") (target source) (writable? #t))) #:user "jami" #:group "jami" #:environment-variables ;; This is so that the cx.ring.Ring service D-Bus ;; definition is found by dbus-daemon. (list (string-append "XDG_DATA_DIRS=" #$libjami:bin "/share")))) (stop #~(make-kill-destructor))) (shepherd-service (documentation "Run the Jami daemon.") (provision '(jami)) (actions (list list-accounts-action list-account-details-action list-contacts-action list-moderators-action add-moderator-action ban-contact-action list-banned-contacts-action enable-account-action disable-account-action)) (requirement '(jami-dbus-session)) (modules `((ice-9 format) (ice-9 ftw) (ice-9 match) (ice-9 receive) (srfi srfi-1) (srfi srfi-26) (gnu build dbus-service) (gnu build jami-service) (gnu build shepherd) (gnu system file-systems) ,@%default-modules)) (start #~(lambda args (define (delete-file-recursively/safe file) ;; Ensure we're not deleting things outside of ;; /var/lib/jami. This prevents a possible attack in case ;; the daemon is compromised and an attacker gains write ;; access to /var/lib/jami. (let ((parent-directory (dirname file))) (if (eq? 'symlink (stat:type (stat parent-directory))) (error "abnormality detected; unexpected symlink found at" parent-directory) (delete-file-recursively file)))) (when #$declarative-mode? ;; Clear the Jami configuration and accounts, to enforce the ;; declared state. (catch #t (lambda () (for-each (cut delete-file-recursively/safe <>) '("/var/lib/jami/.cache/jami" "/var/lib/jami/.config/jami" "/var/lib/jami/.local/share/jami" "/var/lib/jami/accounts"))) (lambda args #t)) ;; Copy the Jami account archives from somewhere readable ;; by root to a place only the jami user can read. (let* ((accounts-dir "/var/lib/jami/accounts/") (pwd (getpwnam "jami")) (user (passwd:uid pwd)) (group (passwd:gid pwd))) (mkdir-p accounts-dir) (chown accounts-dir user group) (for-each (lambda (f) (let ((dest (string-append accounts-dir (basename f)))) (copy-file f dest) (chown dest user group))) '#$(and declarative-mode? (map jami-account-archive accounts))))) ;; Start the daemon. (define daemon-pid ((make-forkexec-constructor/container (list #$@(jami-configuration->command-line-arguments config)) #:mappings (list (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/lib/jami") (target source) (writable? #t)) (file-system-mapping (source "/var/run/jami") (target source) (writable? #t)) ;; Expose TLS certificates for GnuTLS. (file-system-mapping (source #$(file-append nss-certs "/etc/ssl/certs")) (target "/etc/ssl/certs"))) #:user "jami" #:group "jami" #:environment-variables (list (string-append "DBUS_SESSION_BUS_ADDRESS=" "unix:path=/var/run/jami/bus") ;; Expose TLS certificates for OpenSSL. "SSL_CERT_DIR=/etc/ssl/certs")))) (setenv "DBUS_SESSION_BUS_ADDRESS" "unix:path=/var/run/jami/bus") ;; Wait until the service name has been acquired by D-Bus. (with-retries 20 1 (jami-service-available?)) (when #$declarative-mode? ;; Provision the accounts via the D-Bus API of the daemon. (let* ((jami-account-archives (map (cut string-append "/var/lib/jami/accounts/" <>) (scandir "/var/lib/jami/accounts/" (lambda (f) (not (member f '("." ".."))))))) (usernames (map-in-order (cut add-account <>) jami-account-archives))) (define (archive-name->username archive) (list-ref usernames (list-index (lambda (f) (string-suffix? (basename archive) f)) jami-account-archives))) (for-each (lambda (archive allowed-contacts moderators account-details) (let ((username (archive-name->username archive))) (when (not (eq? '#$%unset-value allowed-contacts)) ;; Reject calls from unknown contacts. (set-account-details '(("DHT.PublicInCalls" . "false")) username) ;; Remove all contacts. (for-each (cut remove-contact <> username) (username->contacts username)) ;; Add allowed ones. (for-each (cut add-contact <> username) allowed-contacts)) (when (not (eq? '#$%unset-value moderators)) ;; Disable the 'AllModerators' property. (set-all-moderators #f username) ;; Remove all moderators. (for-each (cut set-moderator <> #f username) (username->moderators username)) ;; Add declared moderators. (for-each (cut set-moderator <> #t username) moderators)) ;; Set the various account parameters. (set-account-details account-details username))) '#$(and declarative-mode? (map-in-order (cut jami-account-archive <>) accounts)) '#$(and declarative-mode? (map-in-order (cut jami-account-allowed-contacts <>) accounts)) '#$(and declarative-mode? (map-in-order (cut jami-account-moderators <>) accounts)) '#$(and declarative-mode? (map-in-order jami-account->alist accounts))))) ;; Finally, return the PID of the daemon process. daemon-pid)) ;; XXX: jamid takes some time to terminate, and GNU Shepherd ;; doesn't block when calling waitpid (see: ;; https://issues.guix.gnu.org/57922). Using SIGKILL instead ;; of SIGTERM works around that. (stop #~(make-kill-destructor SIGKILL)))))))) (define jami-service-type (service-type (name 'jami) (default-value (jami-configuration)) (extensions (list (service-extension shepherd-root-service-type jami-shepherd-services) (service-extension account-service-type (const %jami-accounts)) (service-extension activation-service-type jami-dbus-session-activation))) (description "Run the Jami daemon (@command{jamid}). This service is geared toward the use case of hosting Jami rendezvous points over a headless server. If you use Jami on your local machine, you may prefer to setup a user Shepherd service for it instead; this way, the daemon will be shared via your normal user D-Bus session bus."))) ;;; ;;; Mumble server. ;;; ;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini (define-record-type* mumble-server-configuration make-mumble-server-configuration mumble-server-configuration? (package mumble-server-configuration-package ;file-like (default mumble)) (user mumble-server-configuration-user (default "mumble-server")) (group mumble-server-configuration-group (default "mumble-server")) (port mumble-server-configuration-port (default 64738)) (welcome-text mumble-server-configuration-welcome-text (default "")) (server-password mumble-server-configuration-server-password (default "")) (max-users mumble-server-configuration-max-users (default 100)) (max-user-bandwidth mumble-server-configuration-max-user-bandwidth (default #f)) (database-file mumble-server-configuration-database-file (default "/var/lib/mumble-server/db.sqlite")) (log-file mumble-server-configuration-log-file (default "/var/log/mumble-server/mumble-server.log")) (pid-file mumble-server-configuration-pid-file (default "/var/run/mumble-server/mumble-server.pid")) (autoban-attempts mumble-server-configuration-autoban-attempts (default 10)) (autoban-timeframe mumble-server-configuration-autoban-timeframe (default 120)) (autoban-time mumble-server-configuration-autoban-time (default 300)) (opus-threshold mumble-server-configuration-opus-threshold (default 100)) ; integer percent (channel-nesting-limit mumble-server-configuration-channel-nesting-limit (default 10)) (channelname-regex mumble-server-configuration-channelname-regex (default #f)) (username-regex mumble-server-configuration-username-regex (default #f)) (text-message-length mumble-server-configuration-text-message-length (default 5000)) (image-message-length mumble-server-configuration-image-message-length (default (* 128 1024))) ; 128 Kilobytes (cert-required? mumble-server-configuration-cert-required? (default #f)) (remember-channel? mumble-server-configuration-remember-channel? (default #f)) (allow-html? mumble-server-configuration-allow-html? (default #f)) (allow-ping? mumble-server-configuration-allow-ping? (default #f)) (bonjour? mumble-server-configuration-bonjour? (default #f)) (send-version? mumble-server-configuration-send-version? (default #f)) (log-days mumble-server-configuration-log-days (default 31)) (obfuscate-ips? mumble-server-obfuscate-ips? (default #t)) (ssl-cert mumble-server-configuration-ssl-cert (default #f)) (ssl-key mumble-server-configuration-ssl-key (default #f)) (ssl-dh-params mumble-server-configuration-ssl-dh-params (default #f)) (ssl-ciphers mumble-server-configuration-ssl-ciphers (default #f)) (public-registration mumble-server-configuration-public-registration (default #f)) ; (file mumble-server-configuration-file (default #f))) (define-record-type* mumble-server-public-registration-configuration make-mumble-server-public-registration-configuration mumble-server-public-registration-configuration? (name mumble-server-public-registration-configuration-name) (password mumble-server-public-registration-configuration-password) (url mumble-server-public-registration-configuration-url) (hostname mumble-server-public-registration-configuration-hostname (default #f))) (define (flatten . lst) "Return a list that recursively concatenates all sub-lists of LST." (define (flatten1 head out) (if (list? head) (fold-right flatten1 out head) (cons head out))) (fold-right flatten1 '() lst)) (define (default-mumble-server-config config) (match-record config (user port welcome-text server-password max-users max-user-bandwidth database-file log-file pid-file autoban-attempts autoban-timeframe autoban-time opus-threshold channel-nesting-limit channelname-regex username-regex text-message-length image-message-length cert-required? remember-channel? allow-html? allow-ping? bonjour? send-version? log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration) (apply mixed-text-file "mumble-server.ini" (flatten "welcometext=" welcome-text "\n" "port=" (number->string port) "\n" (if server-password (list "serverpassword=" server-password "\n") '()) (if max-user-bandwidth (list "bandwidth=" (number->string max-user-bandwidth) "\n") '()) "users=" (number->string max-users) "\n" "uname=" user "\n" "database=" database-file "\n" "logfile=" log-file "\n" "pidfile=" pid-file "\n" (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '()) (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '()) (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '()) (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '()) (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '()) (if channelname-regex (list "channelname=" channelname-regex "\n") '()) (if username-regex (list "username=" username-regex "\n") '()) (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '()) (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '()) (if log-days (list "logdays=" (number->string log-days) "\n") '()) "obfuscate=" (if obfuscate-ips? "true" "false") "\n" "certrequired=" (if cert-required? "true" "false") "\n" "rememberchannel=" (if remember-channel? "true" "false") "\n" "allowhtml=" (if allow-html? "true" "false") "\n" "allowping=" (if allow-ping? "true" "false") "\n" "bonjour=" (if bonjour? "true" "false") "\n" "sendversion=" (if send-version? "true" "false") "\n" (cond ((and ssl-cert ssl-key) (list "sslCert=" ssl-cert "\n" "sslKey=" ssl-key "\n")) ((or ssl-cert ssl-key) (error "ssl-cert and ssl-key must both be set" ssl-cert ssl-key)) (else '())) (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '()) (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '()) (match public-registration (#f '()) (($ name password url hostname) (if (and (or (not server-password) (string-null? server-password)) allow-ping?) (list "registerName=" name "\n" "registerPassword=" password "\n" "registerUrl=" url "\n" (if hostname (string-append "registerHostname=" hostname "\n") "")) (error "To publicly register your mumble-server server your server must be publicy visible and users must be able to join without a password. To fix this set: (allow-ping? #t) (server-password \"\") Or set public-registration to #f")))))))) (define (mumble-server-activation config) #~(begin (use-modules (guix build utils)) (let* ((log-dir (dirname #$(mumble-server-configuration-log-file config))) (pid-dir (dirname #$(mumble-server-configuration-pid-file config))) (db-dir (dirname #$(mumble-server-configuration-database-file config))) (user (getpwnam #$(mumble-server-configuration-user config))) (init-dir (lambda (name dir) (format #t "creating mumble-server ~a directory '~a'\n" name dir) (mkdir-p dir) (chown dir (passwd:uid user) (passwd:gid user)) (chmod dir #o700))) (ini #$(or (mumble-server-configuration-file config) (default-mumble-server-config config)))) (init-dir "log" log-dir) (init-dir "pid" pid-dir) (init-dir "database" db-dir) (format #t "mumble-server: use config file: ~a~%\n" ini) (format #t "mumble-server: to set the SuperUser password run: `~a -ini ~a -readsupw`\n" #$(file-append (mumble-server-configuration-package config) "/bin/mumble-server") ini) #t))) (define mumble-server-accounts (match-lambda (($ _ user group) (list (user-group (name group) (system? #t)) (user-account (name user) (group group) (system? #t) (comment "Mumble server daemon") (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))))) (define (mumble-server-shepherd-service config) (list (shepherd-service (provision '(mumble-server)) (documentation "Run the Mumble server.") (requirement '(networking)) (start #~(make-forkexec-constructor '(#$(file-append (mumble-server-configuration-package config) "/bin/mumble-server") "-ini" #$(or (mumble-server-configuration-file config) (default-mumble-server-config config))) #:pid-file #$(mumble-server-configuration-pid-file config))) (stop #~(make-kill-destructor))))) (define mumble-server-service-type (service-type (name 'mumble-server) (description "Run the Mumble voice-over-IP (VoIP) server.") (extensions (list (service-extension shepherd-root-service-type mumble-server-shepherd-service) (service-extension activation-service-type mumble-server-activation) (service-extension account-service-type mumble-server-accounts))) (default-value (mumble-server-configuration)))) (define-deprecated/public-alias murmur-configuration mumble-server-configuration) (define-deprecated/public-alias make-murmur-configuration make-mumble-server-configuration) (define-deprecated/public-alias murmur-configuration? mumble-server-configuration?) (define-deprecated/public-alias murmur-configuration-package mumble-server-configuration-package) (define-deprecated/public-alias murmur-configuration-user mumble-server-configuration-user) (define-deprecated/public-alias murmur-configuration-group mumble-server-configuration-group) (define-deprecated/public-alias murmur-configuration-port mumble-server-configuration-port) (define-deprecated/public-alias murmur-configuration-welcome-text mumble-server-configuration-welcome-text) (define-deprecated/public-alias murmur-configuration-server-password mumble-server-configuration-server-password) (define-deprecated/public-alias murmur-configuration-max-users mumble-server-configuration-max-users) (define-deprecated/public-alias murmur-configuration-max-user-bandwidth mumble-server-configuration-max-user-bandwidth) (define-deprecated/public-alias murmur-configuration-database-file mumble-server-configuration-database-file) (define-deprecated/public-alias murmur-configuration-log-file mumble-server-configuration-log-file) (define-deprecated/public-alias murmur-configuration-pid-file mumble-server-configuration-pid-file) (define-deprecated/public-alias murmur-configuration-autoban-attempts mumble-server-configuration-autoban-attempts) (define-deprecated/public-alias murmur-configuration-autoban-timeframe mumble-server-configuration-autoban-timeframe) (define-deprecated/public-alias murmur-configuration-autoban-time mumble-server-configuration-autoban-time) (define-deprecated/public-alias murmur-configuration-opus-threshold mumble-server-configuration-opus-threshold) (define-deprecated/public-alias murmur-configuration-channel-nesting-limit mumble-server-configuration-channel-nesting-limit) (define-deprecated/public-alias murmur-configuration-channelname-regex mumble-server-configuration-channelname-regex) (define-deprecated/public-alias murmur-configuration-username-regex mumble-server-configuration-username-regex) (define-deprecated/public-alias murmur-configuration-text-message-length mumble-server-configuration-text-message-length) (define-deprecated/public-alias murmur-configuration-image-message-length mumble-server-configuration-image-message-length) (define-deprecated/public-alias murmur-configuration-cert-required? mumble-server-configuration-cert-required?) (define-deprecated/public-alias murmur-configuration-remember-channel? mumble-server-configuration-remember-channel?) (define-deprecated/public-alias murmur-configuration-allow-html? mumble-server-configuration-allow-html?) (define-deprecated/public-alias murmur-configuration-allow-ping? mumble-server-configuration-allow-ping?) (define-deprecated/public-alias murmur-configuration-bonjour? mumble-server-configuration-bonjour?) (define-deprecated/public-alias murmur-configuration-send-version? mumble-server-configuration-send-version?) (define-deprecated/public-alias murmur-configuration-log-days mumble-server-configuration-log-days) (define-deprecated/public-alias murmur-configuration-obfuscate-ips? mumble-server-configuration-obfuscate-ips?) (define-deprecated/public-alias murmur-configuration-ssl-cert mumble-server-configuration-ssl-cert) (define-deprecated/public-alias murmur-configuration-ssl-key mumble-server-configuration-ssl-key) (define-deprecated/public-alias murmur-configuration-ssl-dh-params mumble-server-configuration-ssl-dh-params) (define-deprecated/public-alias murmur-configuration-ssl-ciphers mumble-server-configuration-ssl-ciphers) (define-deprecated/public-alias murmur-configuration-public-registration mumble-server-configuration-public-registration) (define-deprecated/public-alias murmur-configuration-file mumble-server-configuration-file) (define-deprecated/public-alias murmur-public-registration-configuration mumble-server-public-registration-configuration) (define-deprecated/public-alias make-murmur-public-registration-configuration make-mumble-server-public-registration-configuration) (define-deprecated/public-alias murmur-public-registration-configuration? mumble-server-public-registration-configuration?) (define-deprecated/public-alias murmur-public-registration-configuration-name mumble-server-public-registration-configuration-name) (define-deprecated/public-alias murmur-public-registration-configuration-url mumble-server-public-registration-configuration-url) (define-deprecated/public-alias murmur-public-registration-configuration-password mumble-server-public-registration-configuration-password) (define-deprecated/public-alias murmur-public-registration-configuration-hostname mumble-server-public-registration-configuration-hostname) (define-deprecated/public-alias murmur-service-type mumble-server-service-type) ;; Local Variables: ;; eval: (put 'with-retries 'scheme-indent-function 2) ;; End: