services: ngircd: Revert to use make-forkexec-constructor.

The use of make-systemd-constructor appears to cause problems when connecting
via TLS (see: https://github.com/ngircd/ngircd/issues/330).

* gnu/services/messaging.scm (ngircd-global): [pid-file]: Set default value
and remove maybeness.  Adjust doc.
* gnu/services/messaging.scm (ngircd-configuration): Adjust comment.
(ngircd-wrapper): Expose writable PID file and preserve pid namespace.
(ngircd-shepherd-service): Replace make-systemd-constructor with
make-forkexec-constructor and adjust surrounding accordingly.
(ngircd-activation): New procedure.
(ngircd-service-type): Extend activation-service-type with it.

Change-Id: Ic7c135ab45122e180107cde8bb9976426e3afbc4

2 files changed, 36 insertions, 35 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 94e57b3d8a..3fb5d99fae 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30492,9 +30492,8 @@ Global password or all users needed to connect to the server.  By
 default, no password is required.  PAM must be disabled for this option
 to have an effect.
 
-@item @code{pid-file} (type: maybe-string)
+@item @code{pid-file} (default: @code{"/run/ngircd/ngircd.pid"}) (type: string)
 The file name where the PID of ngIRCd should be written after it starts.
-By default, no PID file is created.
 
 @item @code{ports} (default: @code{(6667)}) (type: list-of-ports)
 Port number(s) on which the server should listen for @emph{unencrypted}
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 0efda9f052..50f1cdf55e 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -1124,9 +1124,8 @@ is only used to inform clients.")
 no password is required.  PAM must be disabled for this option to have an
 effect.")
   (pid-file
-   maybe-string
-   "The file name where the PID of ngIRCd should be written after it starts.
-By default, no PID file is created.")
+   (string "/run/ngircd/ngircd.pid")
+   "The file name where the PID of ngIRCd should be written after it starts.")
   (ports
    (list-of-ports (list 6667))
    "Port number(s) on which the server should listen for @emph{unencrypted}
@@ -1429,8 +1428,7 @@ for different users.  Refer to @samp{man 5 ngircd.conf} for more details.")
    "Shepherd requirements the service should depend on."
    (serializer empty-serializer))
   (global
-   ;; Always use a ngircd-global default to ensure the default addresses
-   ;; listened to are known (used to compute the socket endpoints).
+   ;; Always use a ngircd-global default to ensure 'pid-file' is defined.
    (ngircd-global (ngircd-global))
    "A ngircd-global record object used to specify global options.")
   (limits
@@ -1526,6 +1524,7 @@ wrapper for the 'ngircd' command."
   (let* ((ngircd.conf (serialize-ngircd-configuration config))
          (user group (ngircd-user+group config))
          (global (ngircd-configuration-global config))
+         (pid-file (ngircd-global-pid-file global))
          (help-file (ngircd-global-help-file global))
          (motd-file (ngircd-global-motd-file global))
          (ssl (ngircd-configuration-ssl config))
@@ -1543,7 +1542,11 @@ wrapper for the 'ngircd' command."
              (writable? #t))
             (file-system-mapping
              (source ngircd.conf)
-             (target source)))
+             (target source))
+            (file-system-mapping
+             (source (string-append (dirname pid-file)))
+             (target source)
+             (writable? #t)))
       (if (maybe-value-set? help-file)
           (list (file-system-mapping
                  (source help-file)
@@ -1592,48 +1595,45 @@ wrapper for the 'ngircd' command."
      #:user user
      #:group group
      ;; ngircd wants to look up users in /etc/passwd so run in the global user
-     ;; namespace.
-     #:namespaces (fold delq %namespaces '(net user)))))
+     ;; namespace.  Also preserve the PID namespaces otherwise the PID file
+     ;; would contain an unrelated PID number and confuse Shepherd.
+     #:namespaces (fold delq %namespaces '(net pid user)))))
 
 (define (ngircd-shepherd-service config)
   (match-record config <ngircd-configuration>
-                (ngircd debug? global shepherd-requirement ssl)
+                (debug? global shepherd-requirement ssl)
     (let* ((ngircd.conf (serialize-ngircd-configuration config))
-           (ngircd (file-append ngircd "/sbin/ngircd"))
-           (addresses (ngircd-global-listen global))
-           (ports* (ngircd-global-ports global))
-           (ports (if (and (maybe-value-set? ssl)
-                           (maybe-value-set? (ngircd-ssl-ports ssl)))
-                      (append ports* (ngircd-ssl-ports ssl))
-                      ports*)))
+           (pid-file (ngircd-global-pid-file global)))
       (list (shepherd-service
              (provision '(ngircd))
              (requirement shepherd-requirement)
              (modules (cons '(srfi srfi-1) %default-modules))
              (actions (list (shepherd-configuration-action ngircd.conf)))
-             (start #~(make-systemd-constructor
+             ;; Sadly, 'make-systemd-constructor' doesn't work with TLS
+             ;; connections, which hang up (see:
+             ;; https://github.com/ngircd/ngircd/issues/330).
+             (start #~(make-forkexec-constructor
                        (append (list #$(ngircd-wrapper config)
                                      "--nodaemon"
                                      "--config" #$ngircd.conf)
                                (if #$debug?
                                    '("--debug")
                                    '()))
-                       ;; Compute endpoints for each listen addresses/ports
-                       ;; combinations.
-                       (append-map
-                        (lambda (port)
-                          (map (lambda (addr)
-                                 (endpoint
-                                  (addrinfo:addr
-                                   (car (getaddrinfo
-                                         addr
-                                         (number->string port)
-                                         (logior AI_NUMERICHOST
-                                                 AI_NUMERICSERV))))))
-                               (list #$@addresses)))
-                        (list #$@ports))
+                       #:pid-file #$pid-file
                        #:log-file "/var/log/ngircd.log"))
-             (stop  #~(make-systemd-destructor)))))))
+             (stop  #~(make-kill-destructor)))))))
+
+(define (ngircd-activation config)
+  (let* ((pid-file (ngircd-global-pid-file
+                    (ngircd-configuration-global config)))
+         (user _ (ngircd-user+group config)))
+    #~(begin
+        (use-modules (guix build utils)
+                     (ice-9 match))
+        (define pw (match #$user
+                     ((? number?) (getpwuid #$user))
+                     ((? string?) (getpwnam #$user))))
+        (mkdir-p/perms #$(dirname pid-file) pw #o755))))
 
 (define ngircd-service-type
   (service-type
@@ -1644,7 +1644,9 @@ wrapper for the 'ngircd' command."
           (service-extension profile-service-type
                              (compose list ngircd-configuration-ngircd))
           (service-extension account-service-type
-                             ngircd-account)))
+                             ngircd-account)
+          (service-extension activation-service-type
+                             ngircd-activation)))
    (default-value (ngircd-configuration))
    (description
     "Run @url{https://ngircd.barton.de/, ngIRCd}, a lightweight @acronym{IRC,