po/packages/vi.po


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322

# Vietnamese translation for guix.
# Copyright © 2013 Free Software Foundation, Inc.
# This file is distributed under the same license as the guix package.
# Trần Ngọc Quân <vnwildman@gmail.com>, 2013.
#
msgid ""
msgstr ""
"Project-Id-Version: guix 0.5-pre2\n"
"Report-Msgid-Bugs-To: ludo@gnu.org\n"
"POT-Creation-Date: 2014-06-25 22:55+0200\n"
"PO-Revision-Date: 2013-12-04 07:48+0700\n"
"Last-Translator: Trần Ngọc Quân <vnwildman@gmail.com>\n"
"Language-Team: Vietnamese <translation-team-vi@lists.sourceforge.net>\n"
"Language: vi\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Poedit-SourceCharset: UTF-8\n"
"X-Generator: Poedit 1.5.5\n"

#: gnu/packages/base.scm:65
msgid "Hello, GNU world: An example GNU package"
msgstr "Xin chào, gia đình GNU: Một gói GNU ví dụ"

#: gnu/packages/base.scm:67
msgid ""
"GNU Hello prints the message \"Hello, world!\" and then exits.  It\n"
"serves as an example of standard GNU coding practices.  As such, it supports\n"
"command-line arguments, multiple languages, and so on."
msgstr ""

#: gnu/packages/base.scm:85
msgid "Print lines matching a pattern"
msgstr "In ra những dòng khớp với một mẫu"

#: gnu/packages/base.scm:87
msgid ""
"grep is a tool for finding text inside files.  Text is found by\n"
"matching a pattern provided by the user in one or many files.  The pattern\n"
"may be provided as a basic or extended regular expression, or as fixed\n"
"strings.  By default, the matching text is simply printed to the screen,\n"
"however the output can be greatly customized to include, for example, line\n"
"numbers.  GNU grep offers many extensions over the standard utility,\n"
"including, for example, recursive directory searching."
msgstr ""

#: gnu/packages/base.scm:109
msgid "Stream editor"
msgstr "Trình soạn thảo luồng dữ liệu"

#: gnu/packages/base.scm:124
msgid ""
"Sed is a non-interactive, text stream editor.  It receives a text\n"
"input from a file or from standard input and it then applies a series of text\n"
"editing commands to the stream and prints its output to standard output.  It\n"
"is often used for substituting text patterns in a stream.  The GNU\n"
"implementation offers several extensions over the standard utility."
msgstr ""

#: gnu/packages/base.scm:144
msgid "Managing tar archives"
msgstr "Quản lý kho lưu tar"

#: gnu/packages/base.scm:146
msgid ""
"Tar provides the ability to create tar archives, as well as the\n"
"ability to extract, update or list files in an existing archive.  It is\n"
"useful for combining many files into one larger file, while maintaining\n"
"directory structure and file information such as permissions and\n"
"creation/modification dates.  GNU tar offers many extensions over the\n"
"standard utility."
msgstr ""

#: gnu/packages/base.scm:173
msgid "Apply differences to originals, with optional backups"
msgstr "Áp dụng những khác biệt này vào bản gốc, với các sao lưu tùy chọn"

#: gnu/packages/base.scm:175
msgid ""
"Patch is a program that applies changes to files based on differences\n"
"laid out as by the program \"diff\".  The changes may be applied to one or more\n"
"files depending on the contents of the diff file.  It accepts several\n"
"different diff formats.  It may also be used to revert previously applied\n"
"differences."
msgstr ""

#: gnu/packages/base.scm:195
msgid "Comparing and merging files"
msgstr "So sánh và hòa trộn các tập tin"

#: gnu/packages/base.scm:197
msgid ""
"GNU Diffutils is a package containing tools for finding the\n"
"differences between files.  The \"diff\" command is used to show how two files\n"
"differ, while \"cmp\" shows the offsets and line numbers where they differ. \n"
"\"diff3\" allows you to compare three files.  Finally, \"sdiff\" offers an\n"
"interactive means to merge two files."
msgstr ""

#: gnu/packages/base.scm:224
msgid "Operating on files matching given criteria"
msgstr "Thực hiện trên những tập tin khớp với điều kiện đã cho"

#: gnu/packages/base.scm:226
msgid ""
"Findutils supplies the basic file directory searching utilities of the\n"
"GNU system.  It consists of two primary searching utilities: \"find\"\n"
"recursively searches for files in a directory according to given criteria and\n"
"\"locate\" lists files in a database that match a query.  Two auxiliary tools\n"
"are included: \"updatedb\" updates the file name database and \"xargs\" may be\n"
"used to apply commands with arbitrarily long arguments."
msgstr ""

#: gnu/packages/base.scm:278
msgid "Core GNU utilities (file, text, shell)"
msgstr "Tiện ích lõi GNU (file, text, shell)"

#: gnu/packages/base.scm:280
msgid ""
"GNU Coreutils includes all of the basic command-line tools that are\n"
"expected in a POSIX system.  These provide the basic file, shell and text\n"
"manipulation functions of the GNU system.  Most of these tools offer extended\n"
"functionality beyond that which is outlined in the POSIX standard."
msgstr ""

#: gnu/packages/base.scm:314
msgid "Remake files automatically"
msgstr "Tạo lại các tập tin một cách tự động"

#: gnu/packages/base.scm:316
msgid ""
"Make is a program that is used to control the production of\n"
"executables or other files from their source files.  The process is\n"
"controlled from a Makefile, in which the developer specifies how each file is\n"
"generated from its source.  It has powerful dependency resolution and the\n"
"ability to determine when files have to be regenerated after their sources\n"
"change.  GNU make offers many powerful extensions over the standard utility."
msgstr ""

#: gnu/packages/base.scm:361
msgid "Binary utilities: bfd gas gprof ld"
msgstr "Tiện ích nhị phân: bfd gas gprof ld"

#: gnu/packages/base.scm:363
msgid ""
"GNU Binutils is a collection of tools for working with binary files.\n"
"Perhaps the most notable are \"ld\", a linker, and \"as\", an assembler. Other\n"
"tools include programs to display binary profiling information, list the\n"
"strings in a binary file, and utilities for working with archives.  The \"bfd\"\n"
"library for working with executable and object formats is also included."
msgstr ""

#: gnu/packages/base.scm:504
msgid "The GNU C Library"
msgstr "Thư viện C từ GNU"

#: gnu/packages/base.scm:506
msgid ""
"Any Unix-like operating system needs a C library: the library which\n"
"defines the \"system calls\" and other basic facilities such as open, malloc,\n"
"printf, exit...\n"
"\n"
"The GNU C library is used as the C library in the GNU system and most systems\n"
"with the Linux kernel."
msgstr ""

#: gnu/packages/base.scm:575
msgid "Database of current and historical time zones"
msgstr "Cơ sở dữ liệu của hiện tại và múi giờ lịch sử"

#: gnu/packages/base.scm:576
msgid ""
"The Time Zone Database (often called tz or zoneinfo)\n"
"contains code and data that represent the history of local time for many\n"
"representative locations around the globe. It is updated periodically to\n"
"reflect changes made by political bodies to time zone boundaries, UTC offsets,\n"
"and daylight-saving rules."
msgstr ""

#: gnu/packages/base.scm:1004
msgid "GNU C++ standard library (intermediate)"
msgstr "Thư viện GNU C++ chuẩn (khâu trung gian)"

#: gnu/packages/base.scm:1098
msgid "The linker wrapper"
msgstr "Bộ bao liên kết"

#: gnu/packages/base.scm:1100
msgid ""
"The linker wrapper (or `ld-wrapper') wraps the linker to add any\n"
"missing `-rpath' flags, and to detect any misuse of libraries outside of the\n"
"store."
msgstr ""

#: gnu/packages/base.scm:1264
msgid "Complete GCC tool chain for C/C++ development"
msgstr ""

#: gnu/packages/base.scm:1266
msgid ""
"This package provides a complete GCC tool chain for C/C++ development to\n"
"be installed in user profiles.  This includes GCC, as well as libc (headers\n"
"and binaries, plus debugging symbols in the 'debug' output), and Binutils."
msgstr ""

#: gnu/packages/guile.scm:99 gnu/packages/guile.scm:166
msgid "Scheme implementation intended especially for extensions"
msgstr "Lược đồ thực thi có dụng ý đặc biệt cho phần mở rộng"

#: gnu/packages/guile.scm:101 gnu/packages/guile.scm:168
msgid ""
"Guile is the GNU Ubiquitous Intelligent Language for Extensions, the\n"
"official extension language of the GNU system.  It is an implementation of\n"
"the Scheme language which can be easily embedded in other applications to\n"
"provide a convenient means of extending the functionality of the application\n"
"without requiring the source code to be rewritten."
msgstr ""

#: gnu/packages/guile.scm:211
msgid "Framework for building readers for GNU Guile"
msgstr "Một framework để xây dựng bộ đọc dành cho GNU Guile"

#: gnu/packages/guile.scm:213
msgid ""
"Guile-Reader is a simple framework for building readers for GNU Guile.\n"
"\n"
"The idea is to make it easy to build procedures that extend Guile’s read\n"
"procedure. Readers supporting various syntax variants can easily be written,\n"
"possibly by re-using existing “token readers” of a standard Scheme\n"
"readers. For example, it is used to implement Skribilo’s R5RS-derived\n"
"document syntax.\n"
"\n"
"Guile-Reader’s approach is similar to Common Lisp’s “read table”, but\n"
"hopefully more powerful and flexible (for instance, one may instantiate as\n"
"many readers as needed)."
msgstr ""

#: gnu/packages/guile.scm:267
msgid "Guile bindings to ncurses"
msgstr "Guile ràng buộc vào ncurses"

#: gnu/packages/guile.scm:269
msgid ""
"guile-ncurses provides Guile language bindings for the ncurses\n"
"library."
msgstr ""

#: gnu/packages/guile.scm:289
msgid "Run jobs at scheduled times"
msgstr "Chạy các công việc theo lịch biểu"

#: gnu/packages/guile.scm:291
msgid ""
"GNU Mcron is a complete replacement for Vixie cron.  It is used to run\n"
"tasks on a schedule, such as every hour or every Monday.  Mcron is written in\n"
"Guile, so its configuration can be written in Scheme; the original cron\n"
"format is also supported."
msgstr ""

#: gnu/packages/guile.scm:319
msgid "Collection of useful Guile Scheme modules"
msgstr "Bộ sưu tập của các mô-đun Lược đồ Guile"

#: gnu/packages/guile.scm:321
msgid ""
"guile-lib is intended as an accumulation place for pure-scheme Guile\n"
"modules, allowing for people to cooperate integrating their generic Guile\n"
"modules into a coherent library.  Think \"a down-scaled, limited-scope CPAN\n"
"for Guile\"."
msgstr ""

#: gnu/packages/guile.scm:352
msgid "JSON module for Guile"
msgstr ""

#: gnu/packages/guile.scm:354
msgid ""
"Guile-json supports parsing and building JSON documents according to the\n"
"http:://json.org specification. These are the main features:\n"
"- Strictly complies to http://json.org specification.\n"
"- Build JSON documents programmatically via macros.\n"
"- Unicode support for strings.\n"
"- Allows JSON pretty printing."
msgstr ""

#: gnu/packages/lout.scm:109
msgid "Lout, a document layout system similar in style to LaTeX"
msgstr ""

#: gnu/packages/lout.scm:111
msgid ""
"The Lout document formatting system is now reads a high-level description of\n"
"a document similar in style to LaTeX and produces a PostScript or plain text\n"
"output file.\n"
"\n"
"Lout offers an unprecedented range of advanced features, including optimal\n"
"paragraph and page breaking, automatic hyphenation, PostScript EPS file\n"
"inclusion and generation, equation formatting, tables, diagrams, rotation and\n"
"scaling, sorted indexes, bibliographic databases, running headers and\n"
"odd-even pages, automatic cross referencing, multilingual documents including\n"
"hyphenation (most European languages are supported), formatting of computer\n"
"programs, and much more, all ready to use.  Furthermore, Lout is easily\n"
"extended with definitions which are very much easier to write than troff of\n"
"TeX macros because Lout is a high-level, purely functional language, the\n"
"outcome of an eight-year research project that went back to the\n"
"beginning."
msgstr ""

#: gnu/packages/recutils.scm:58
msgid "Manipulate plain text files as databases"
msgstr "Thao tác các tập tin văn bản thường như là cơ sở dữ liệu"

#: gnu/packages/recutils.scm:60
msgid ""
"GNU Recutils is a set of tools and libraries for creating and\n"
"manipulating text-based, human-editable databases.  Despite being text-based,\n"
"databases created with Recutils carry all of the expected features such as\n"
"unique fields, primary keys, time stamps and more. Many different field types\n"
"are supported, as is encryption."
msgstr ""
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services cups)
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (gnu services configuration)
  #:use-module (gnu system shadow)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages cups)
  #:use-module (gnu packages tls)
  #:use-module (guix packages)
  #:use-module (guix records)
  #:use-module (guix gexp)
  #:use-module (ice-9 match)
  #:use-module ((srfi srfi-1) #:select (append-map))
  #:export (cups-service-type
            cups-configuration
            opaque-cups-configuration

            files-configuration
            policy-configuration
            location-access-control
            operation-access-control
            method-access-control))

;;; Commentary:
;;;
;;; Service defininition for the CUPS printing system.
;;;
;;; Code:

(define %cups-accounts
  (list (user-group (name "lp") (system? #t))
        (user-group (name "lpadmin") (system? #t))
        (user-account
         (name "lp")
         (group "lp")
         (system? #t)
         (comment "System user for invoking printing helper programs")
         (home-directory "/var/empty")
         (shell (file-append shadow "/sbin/nologin")))))

(define (uglify-field-name field-name)
  (let ((str (symbol->string field-name)))
    (string-concatenate
     (map string-titlecase
          (string-split (if (string-suffix? "?" str)
                            (substring str 0 (1- (string-length str)))
                            str)
                        #\-)))))

(define (serialize-field field-name val)
  (format #t "~a ~a\n" (uglify-field-name field-name) val))

(define (serialize-string field-name val)
  (serialize-field field-name val))

(define (multiline-string-list? val)
  (and (list? val)
       (and-map (lambda (x)
                  (and (string? x) (not (string-index x #\space))))
                val)))
(define (serialize-multiline-string-list field-name val)
  (for-each (lambda (str) (serialize-field field-name str)) val))

(define (comma-separated-string-list? val)
  (and (list? val)
       (and-map (lambda (x)
                  (and (string? x) (not (string-index x #\,))))
                val)))
(define (serialize-comma-separated-string-list field-name val)
  (serialize-field field-name (string-join val ",")))

(define (space-separated-string-list? val)
  (and (list? val)
       (and-map (lambda (x)
                  (and (string? x) (not (string-index x #\space))))
                val)))
(define (serialize-space-separated-string-list field-name val)
  (serialize-field field-name (string-join val " ")))

(define (space-separated-symbol-list? val)
  (and (list? val) (and-map symbol? val)))
(define (serialize-space-separated-symbol-list field-name val)
  (serialize-field field-name (string-join (map symbol->string val) " ")))

(define (file-name? val)
  (and (string? val)
       (string-prefix? "/" val)))
(define (serialize-file-name field-name val)
  (serialize-string field-name val))

(define (serialize-boolean field-name val)
  (serialize-string field-name (if val "yes" "no")))

(define (non-negative-integer? val)
  (and (exact-integer? val) (not (negative? val))))
(define (serialize-non-negative-integer field-name val)
  (serialize-field field-name val))

(define-syntax define-enumerated-field-type
  (lambda (x)
    (define (id-append ctx . parts)
      (datum->syntax ctx (apply symbol-append (map syntax->datum parts))))
    (syntax-case x ()
      ((_ name (option ...))
       #`(begin
           (define (#,(id-append #'name #'name #'?) x)
             (memq x '(option ...)))
           (define (#,(id-append #'name #'serialize- #'name) field-name val)
             (serialize-field field-name val)))))))

(define-enumerated-field-type access-log-level
  (config actions all))
(define-enumerated-field-type browse-local-protocols
  (all dnssd none))
(define-enumerated-field-type default-auth-type
  (Basic Negotiate))
(define-enumerated-field-type default-encryption
  (Never IfRequested Required))
(define-enumerated-field-type error-policy
  (abort-job retry-job retry-current-job stop-printer))
(define-enumerated-field-type log-level
  (none emerg alert crit error warn notice info debug debug2))
(define-enumerated-field-type log-time-format
  (standard usecs))
(define-enumerated-field-type server-tokens
  (None ProductOnly Major Minor Minimal OS Full))
(define-enumerated-field-type method
  (DELETE GET HEAD OPTIONS POST PUT TRACE))
(define-enumerated-field-type sandboxing
  (relaxed strict))

(define (method-list? val)
  (and (list? val) (and-map method? val)))
(define (serialize-method-list field-name val)
  (serialize-field field-name (string-join (map symbol->string val) " ")))

(define (host-name-lookups? val)
  (memq val '(#f #t 'double)))
(define (serialize-host-name-lookups field-name val)
  (serialize-field field-name
                   (match val (#f "No") (#t "Yes") ('double "Double"))))
  
(define (host-name-list-or-*? x)
    (or (eq? x '*)
        (and (list? x) (and-map string? x))))
(define (serialize-host-name-list-or-* field-name val)
  (serialize-field field-name (match val
                                ('* '*)
                                (names (string-join names " ")))))

(define (boolean-or-non-negative-integer? x)
  (or (boolean? x) (non-negative-integer? x)))
(define (serialize-boolean-or-non-negative-integer field-name x)
  (if (boolean? x)
      (serialize-boolean field-name x)
      (serialize-non-negative-integer field-name x)))

(define (ssl-options? x)
  (and (list? x)
       (and-map (lambda (elt) (memq elt '(AllowRC4
                                          AllowSSL3
                                          DenyCBC
                                          DenyTLS1.0))) x)))
(define (serialize-ssl-options field-name val)
  (serialize-field field-name
                   (match val
                     (() "None")
                     (opts (string-join (map symbol->string opts) " ")))))

(define (serialize-access-control x)
  (display x)
  (newline))
(define (serialize-access-control-list field-name val)
  (for-each serialize-access-control val))
(define (access-control-list? val)
  (and (list? val) (and-map string? val)))

(define-configuration operation-access-control
  (operations
   (space-separated-symbol-list '())
   "IPP operations to which this access control applies.")
  (access-controls
   (access-control-list '())
   "Access control directives, as a list of strings.  Each string should be one directive, such as \"Order allow,deny\"."))

(define-configuration method-access-control
  (reverse?
   (boolean #f)
   "If @code{#t}, apply access controls to all methods except the listed
methods.  Otherwise apply to only the listed methods.")
  (methods
   (method-list '())
   "Methods to which this access control applies.")
  (access-controls
   (access-control-list '())
   "Access control directives, as a list of strings.  Each string should be one directive, such as \"Order allow,deny\"."))

(define (serialize-operation-access-control x)
  (format #t "<Limit ~a>\n"
          (string-join (map symbol->string
                            (operation-access-control-operations x)) " "))
  (serialize-configuration
   x
   (filter (lambda (field)
             (not (eq? (configuration-field-name field) 'operations)))
           operation-access-control-fields))
  (format #t "</Limit>\n"))

(define (serialize-method-access-control x)
  (let ((limit (if (method-access-control-reverse? x) "LimitExcept" "Limit")))
    (format #t "<~a ~a>\n" limit
            (string-join (map symbol->string
                              (method-access-control-methods x)) " "))
    (serialize-configuration
     x
     (filter (lambda (field)
               (case (configuration-field-name field)
                 ((reverse? methods) #f)
                 (else #t)))
             method-access-control-fields))
    (format #t "</~a>\n" limit)))

(define (operation-access-control-list? val)
  (and (list? val) (and-map operation-access-control? val)))
(define (serialize-operation-access-control-list field-name val)
  (for-each serialize-operation-access-control val))

(define (method-access-control-list? val)
  (and (list? val) (and-map method-access-control? val)))
(define (serialize-method-access-control-list field-name val)
  (for-each serialize-method-access-control val))

(define-configuration location-access-control
  (path
   (file-name (configuration-missing-field 'location-access-control 'path))
   "Specifies the URI path to which the access control applies.")
  (access-controls
   (access-control-list '())
   "Access controls for all access to this path, in the same format as the
@code{access-controls} of @code{operation-access-control}.")
  (method-access-controls
   (method-access-control-list '())
   "Access controls for method-specific access to this path."))

(define (serialize-location-access-control x)
  (format #t "<Location ~a>\n" (location-access-control-path x))
  (serialize-configuration
   x
   (filter (lambda (field)
             (not (eq? (configuration-field-name field) 'path)))
           location-access-control-fields))
  (format #t "</Location>\n"))

(define (location-access-control-list? val)
  (and (list? val) (and-map location-access-control? val)))
(define (serialize-location-access-control-list field-name val)
  (for-each serialize-location-access-control val))

(define-configuration policy-configuration
  (name
   (string (configuration-missing-field 'policy-configuration 'name))
   "Name of the policy.")
  (job-private-access
   (string "@OWNER @SYSTEM")
   "Specifies an access list for a job's private values.  @code{@@ACL} maps to
the printer's requesting-user-name-allowed or requesting-user-name-denied
values.  @code{@@OWNER} maps to the job's owner.  @code{@@SYSTEM} maps to the
groups listed for the @code{system-group} field of the @code{files-config}
configuration, which is reified into the @code{cups-files.conf(5)} file.
Other possible elements of the access list include specific user names, and
@code{@@@var{group}} to indicate members of a specific group.  The access list
may also be simply @code{all} or @code{default}.")
  (job-private-values
   (string (string-join '("job-name" "job-originating-host-name"
                          "job-originating-user-name" "phone")))
   "Specifies the list of job values to make private, or @code{all},
@code{default}, or @code{none}.")

  (subscription-private-access
   (string "@OWNER @SYSTEM")
   "Specifies an access list for a subscription's private values.
@code{@@ACL} maps to the printer's requesting-user-name-allowed or
requesting-user-name-denied values.  @code{@@OWNER} maps to the job's owner.
@code{@@SYSTEM} maps to the groups listed for the @code{system-group} field of
the @code{files-config} configuration, which is reified into the
@code{cups-files.conf(5)} file.  Other possible elements of the access list
include specific user names, and @code{@@@var{group}} to indicate members of a
specific group.  The access list may also be simply @code{all} or
@code{default}.")
  (subscription-private-values
   (string (string-join '("notify-events" "notify-pull-method"
                          "notify-recipient-uri" "notify-subscriber-user-name"
                          "notify-user-data")
                        " "))
   "Specifies the list of job values to make private, or @code{all},
@code{default}, or @code{none}.")

  (access-controls
   (operation-access-control-list '())
   "Access control by IPP operation."))

(define (serialize-policy-configuration x)
  (format #t "<Policy ~a>\n" (policy-configuration-name x))
  (serialize-configuration
   x
   (filter (lambda (field)
             (not (eq? (configuration-field-name field) 'name)))
           policy-configuration-fields))
  (format #t "</Policy>\n"))

(define (policy-configuration-list? x)
  (and (list? x) (and-map policy-configuration? x)))
(define (serialize-policy-configuration-list field-name x)
  (for-each serialize-policy-configuration x))

(define (log-location? x)
  (or (file-name? x)
      (eq? x 'stderr)
      (eq? x 'syslog)))
(define (serialize-log-location field-name x)
  (if (string? x)
      (serialize-file-name field-name x)
      (serialize-field field-name x)))

(define-configuration files-configuration
  (access-log
   (log-location "/var/log/cups/access_log")
   "Defines the access log filename.  Specifying a blank filename disables
access log generation.  The value @code{stderr} causes log entries to be sent
to the standard error file when the scheduler is running in the foreground, or
to the system log daemon when run in the background.  The value @code{syslog}
causes log entries to be sent to the system log daemon.  The server name may
be included in filenames using the string @code{%s}, as in
@code{/var/log/cups/%s-access_log}.")
  (cache-dir
   (file-name "/var/cache/cups")
   "Where CUPS should cache data.")
  (config-file-perm
   (string "0640")
   "Specifies the permissions for all configuration files that the scheduler
writes.

Note that the permissions for the printers.conf file are currently masked to
only allow access from the scheduler user (typically root).  This is done
because printer device URIs sometimes contain sensitive authentication
information that should not be generally known on the system.  There is no way
to disable this security feature.")
  ;; Not specifying data-dir and server-bin options as we handle these
  ;; manually.  For document-root, the CUPS package has that path
  ;; preconfigured.
  (error-log
   (log-location "/var/log/cups/error_log")
   "Defines the error log filename.  Specifying a blank filename disables
access log generation.  The value @code{stderr} causes log entries to be sent
to the standard error file when the scheduler is running in the foreground, or
to the system log daemon when run in the background.  The value @code{syslog}
causes log entries to be sent to the system log daemon.  The server name may
be included in filenames using the string @code{%s}, as in
@code{/var/log/cups/%s-error_log}.")
  (fatal-errors
   (string "all -browse")
   "Specifies which errors are fatal, causing the scheduler to exit.  The kind
strings are:
@table @code
@item none
No errors are fatal.
@item all
All of the errors below are fatal.
@item browse
Browsing initialization errors are fatal, for example failed connections to
the DNS-SD daemon.
@item config
Configuration file syntax errors are fatal.
@item listen
Listen or Port errors are fatal, except for IPv6 failures on the loopback or
@code{any} addresses.
@item log
Log file creation or write errors are fatal.
@item permissions
Bad startup file permissions are fatal, for example shared TLS certificate and
key files with world-read permissions.
@end table")
  (file-device?
   (boolean #f)
   "Specifies whether the file pseudo-device can be used for new printer
queues.  The URI @url{file:///dev/null} is always allowed.")
  (group
   (string "lp")
   "Specifies the group name or ID that will be used when executing external
programs.")
  (log-file-perm
   (string "0644")
   "Specifies the permissions for all log files that the scheduler writes.")
  (page-log
   (log-location "/var/log/cups/page_log")
   "Defines the page log filename.  Specifying a blank filename disables
access log generation.  The value @code{stderr} causes log entries to be sent
to the standard error file when the scheduler is running in the foreground, or
to the system log daemon when run in the background.  The value @code{syslog}
causes log entries to be sent to the system log daemon.  The server name may
be included in filenames using the string @code{%s}, as in
@code{/var/log/cups/%s-page_log}.")
  (remote-root
   (string "remroot")
   "Specifies the username that is associated with unauthenticated accesses by
clients claiming to be the root user.  The default is @code{remroot}.")
  (request-root
   (file-name "/var/spool/cups")
   "Specifies the directory that contains print jobs and other HTTP request
data.")
  (sandboxing
   (sandboxing 'strict)
   "Specifies the level of security sandboxing that is applied to print
filters, backends, and other child processes of the scheduler; either
@code{relaxed} or @code{strict}.  This directive is currently only
used/supported on macOS.")
  (server-keychain
   (file-name "/etc/cups/ssl")
   "Specifies the location of TLS certificates and private keys.  CUPS will
look for public and private keys in this directory: a @code{.crt} files for
PEM-encoded certificates and corresponding @code{.key} files for PEM-encoded
private keys.")
  (server-root
   (file-name "/etc/cups")
   "Specifies the directory containing the server configuration files.")
  (sync-on-close?
   (boolean #f)
   "Specifies whether the scheduler calls fsync(2) after writing configuration
or state files.")
  (system-group
   (space-separated-string-list '("lpadmin" "wheel" "root"))
   "Specifies the group(s) to use for @code{@@SYSTEM} group authentication.")
  (temp-dir
   (file-name "/var/spool/cups/tmp")
   "Specifies the directory where temporary files are stored.")
  (user
   (string "lp")
   "Specifies the user name or ID that is used when running external
programs.")
  (set-env
   (string "variable value")
   "Set the specified environment variable to be passed to child processes."))

(define (serialize-files-configuration field-name val)
  #f)

(define (environment-variables? vars)
  (space-separated-string-list? vars))
(define (serialize-environment-variables field-name vars)
  (unless (null? vars)
    (serialize-space-separated-string-list field-name vars)))

(define (package-list? val)
  (and (list? val) (and-map package? val)))
(define (serialize-package-list field-name val)
  #f)

(define-configuration cups-configuration
  (cups
   (package cups)
   "The CUPS package.")
  (extensions
   (package-list (list cups-filters epson-inkjet-printer-escpr
                       foomatic-filters hplip-minimal splix))
   "Drivers and other extensions to the CUPS package.")
  (files-configuration
   (files-configuration (files-configuration))
   "Configuration of where to write logs, what directories to use for print
spools, and related privileged configuration parameters.")
  (access-log-level
   (access-log-level 'actions)
   "Specifies the logging level for the AccessLog file.  The @code{config}
level logs when printers and classes are added, deleted, or modified and when
configuration files are accessed or updated.  The @code{actions} level logs
when print jobs are submitted, held, released, modified, or canceled, and any
of the conditions for @code{config}.  The @code{all} level logs all
requests.")
  (auto-purge-jobs?
   (boolean #f)
   "Specifies whether to purge job history data automatically when it is no
longer required for quotas.")
  (browse-dns-sd-sub-types
   (comma-separated-string-list (list "_cups"))
   "Specifies a list of DNS-SD sub-types to advertise for each shared printer.
For example, @samp{\"_cups\" \"_print\"} will tell network clients that both
CUPS sharing and IPP Everywhere are supported.")
  (browse-local-protocols
   (browse-local-protocols 'dnssd)
   "Specifies which protocols to use for local printer sharing.")
  (browse-web-if?
   (boolean #f)
   "Specifies whether the CUPS web interface is advertised.")
  (browsing?
   (boolean #f)
   "Specifies whether shared printers are advertised.")
  (classification
   (string "")
   "Specifies the security classification of the server.
Any valid banner name can be used, including \"classified\", \"confidential\",
\"secret\", \"topsecret\", and \"unclassified\", or the banner can be omitted
to disable secure printing functions.")
  (classify-override?
   (boolean #f)
   "Specifies whether users may override the classification (cover page) of
individual print jobs using the @code{job-sheets} option.")
  (default-auth-type
    (default-auth-type 'Basic)
    "Specifies the default type of authentication to use.")
  (default-encryption
    (default-encryption 'Required)
    "Specifies whether encryption will be used for authenticated requests.")
  (default-language
    (string "en")
    "Specifies the default language to use for text and web content.")
  (default-paper-size
    (string "Auto")
    "Specifies the default paper size for new print queues.  @samp{\"Auto\"}
uses a locale-specific default, while @samp{\"None\"} specifies there is no
default paper size.  Specific size names are typically @samp{\"Letter\"} or
@samp{\"A4\"}.")
  (default-policy
    (string "default")
    "Specifies the default access policy to use.")
  (default-shared?
    (boolean #t)
    "Specifies whether local printers are shared by default.")
  (dirty-clean-interval
   (non-negative-integer 30)
   "Specifies the delay for updating of configuration and state files, in
seconds.  A value of 0 causes the update to happen as soon as possible,
typically within a few milliseconds.")
  (error-policy
   (error-policy 'stop-printer)
   "Specifies what to do when an error occurs.  Possible values are
@code{abort-job}, which will discard the failed print job; @code{retry-job},
which will retry the job at a later time; @code{retry-current-job}, which retries
the failed job immediately; and @code{stop-printer}, which stops the
printer.")
  (filter-limit
   (non-negative-integer 0)
   "Specifies the maximum cost of filters that are run concurrently, which can
be used to minimize disk, memory, and CPU resource problems.  A limit of 0
disables filter limiting.  An average print to a non-PostScript printer needs
a filter limit of about 200.  A PostScript printer needs about half
that (100).  Setting the limit below these thresholds will effectively limit
the scheduler to printing a single job at any time.")
  (filter-nice
   (non-negative-integer 0)
   "Specifies the scheduling priority of filters that are run to print a job.
The nice value ranges from 0, the highest priority, to 19, the lowest
priority.")
  ;; Add this option if the package is built with Kerberos support.
  ;; (gss-service-name
  ;;  (string "http")
  ;;  "Specifies the service name when using Kerberos authentication.")
  (host-name-lookups
   (host-name-lookups #f)
   "Specifies whether to do reverse lookups on connecting clients.
The @code{double} setting causes @code{cupsd} to verify that the hostname
resolved from the address matches one of the addresses returned for that
hostname.  Double lookups also prevent clients with unregistered addresses
from connecting to your server.  Only set this option to @code{#t} or
@code{double} if absolutely required.")
  ;; Add this option if the package is built with launchd/systemd support.
  ;;   (idle-exit-timeout
  ;;    (non-negative-integer 60)
  ;;    "Specifies the length of time to wait before shutting down due to
  ;; inactivity.  Note: Only applicable when @code{cupsd} is run on-demand
  ;; (e.g., with @code{-l}).")
  (job-kill-delay
   (non-negative-integer 30)
   "Specifies the number of seconds to wait before killing the filters and
backend associated with a canceled or held job.")
  (job-retry-interval
   (non-negative-integer 30)
   "Specifies the interval between retries of jobs in seconds.  This is
typically used for fax queues but can also be used with normal print queues
whose error policy is @code{retry-job} or @code{retry-current-job}.")
  (job-retry-limit
   (non-negative-integer 5)
   "Specifies the number of retries that are done for jobs.  This is typically
used for fax queues but can also be used with normal print queues whose error
policy is @code{retry-job} or @code{retry-current-job}.")
  (keep-alive?
   (boolean #t)
   "Specifies whether to support HTTP keep-alive connections.")
  (keep-alive-timeout
   (non-negative-integer 30)
   "Specifies how long an idle client connection remains open, in seconds.")
  (limit-request-body
   (non-negative-integer 0)
   "Specifies the maximum size of print files, IPP requests, and HTML form
data.  A limit of 0 disables the limit check.")
  (listen
   (multiline-string-list '("localhost:631" "/var/run/cups/cups.sock"))
   "Listens on the specified interfaces for connections.  Valid values are of
the form @var{address}:@var{port}, where @var{address} is either an IPv6
address enclosed in brackets, an IPv4 address, or @code{*} to indicate all
addresses.  Values can also be file names of local UNIX domain sockets.  The
Listen directive is similar to the Port directive but allows you to restrict
access to specific interfaces or networks.")
  (listen-back-log
   (non-negative-integer 128)
   "Specifies the number of pending connections that will be allowed.  This
normally only affects very busy servers that have reached the MaxClients
limit, but can also be triggered by large numbers of simultaneous connections.
When the limit is reached, the operating system will refuse additional
connections until the scheduler can accept the pending ones.")
  (location-access-controls
   (location-access-control-list
    (list (location-access-control
           (path "/")
           (access-controls '("Order allow,deny"
                              "Allow localhost")))
          (location-access-control
           (path "/admin")
           (access-controls '("Order allow,deny"
                              "Allow localhost")))
          (location-access-control
           (path "/admin/conf")
           (access-controls '("Order allow,deny"
                              "AuthType Basic"
                              "Require user @SYSTEM"
                              "Allow localhost")))))
   "Specifies a set of additional access controls.")
  (log-debug-history
   (non-negative-integer 100)
   "Specifies the number of debugging messages that are retained for logging
if an error occurs in a print job.  Debug messages are logged regardless of
the LogLevel setting.")
  (log-level
   (log-level 'info)
   "Specifies the level of logging for the ErrorLog file.  The value
@code{none} stops all logging while @code{debug2} logs everything.")
  (log-time-format
   (log-time-format 'standard)
   "Specifies the format of the date and time in the log files.  The value
@code{standard} logs whole seconds while @code{usecs} logs microseconds.")
  (max-clients
   (non-negative-integer 100)
   "Specifies the maximum number of simultaneous clients that are allowed by
the scheduler.")
  (max-clients-per-host
   (non-negative-integer 100)
   "Specifies the maximum number of simultaneous clients that are allowed from
a single address.")
  (max-copies
   (non-negative-integer 9999)
   "Specifies the maximum number of copies that a user can print of each
job.")
  (max-hold-time
   (non-negative-integer 0)
   "Specifies the maximum time a job may remain in the @code{indefinite} hold
state before it is canceled.  A value of 0 disables cancellation of held
jobs.")
  (max-jobs
   (non-negative-integer 500)
   "Specifies the maximum number of simultaneous jobs that are allowed.  Set
to 0 to allow an unlimited number of jobs.")
  (max-jobs-per-printer
   (non-negative-integer 0)
   "Specifies the maximum number of simultaneous jobs that are allowed per
printer.  A value of 0 allows up to MaxJobs jobs per printer.")
  (max-jobs-per-user
   (non-negative-integer 0)
   "Specifies the maximum number of simultaneous jobs that are allowed per
user.  A value of 0 allows up to MaxJobs jobs per user.")
  (max-job-time
   (non-negative-integer 10800)
   "Specifies the maximum time a job may take to print before it is canceled,
in seconds.  Set to 0 to disable cancellation of \"stuck\" jobs.")
  (max-log-size
   (non-negative-integer 1048576)
   "Specifies the maximum size of the log files before they are rotated, in
bytes.  The value 0 disables log rotation.")
  (multiple-operation-timeout
   (non-negative-integer 300)
   "Specifies the maximum amount of time to allow between files in a multiple
file print job, in seconds.")
  (page-log-format
   (string "")
   "Specifies the format of PageLog lines.  Sequences beginning with
percent (@samp{%}) characters are replaced with the corresponding information,
while all other characters are copied literally.  The following percent
sequences are recognized:

@table @samp
@item %%
insert a single percent character
@item %@{name@}
insert the value of the specified IPP attribute
@item %C
insert the number of copies for the current page
@item %P
insert the current page number
@item %T
insert the current date and time in common log format
@item %j
insert the job ID
@item %p
insert the printer name
@item %u
insert the username
@end table

A value of the empty string disables page logging.  The string @code{%p %u %j
%T %P %C %@{job-billing@} %@{job-originating-host-name@} %@{job-name@}
%@{media@} %@{sides@}} creates a page log with the standard items.")
  (environment-variables
   (environment-variables '())
   "Passes the specified environment variable(s) to child processes; a list of
strings.")
  (policies
   (policy-configuration-list
    (list (policy-configuration
           (name "default")
           (access-controls
            (list
             (operation-access-control
              (operations
               '(Send-Document
                 Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs
                 Cancel-Job Close-Job Cancel-My-Jobs Set-Job-Attributes
                 Create-Job-Subscription Renew-Subscription
                 Cancel-Subscription Get-Notifications
                 Reprocess-Job Cancel-Current-Job Suspend-Current-Job
                 Resume-Job CUPS-Move-Job Validate-Job
                 CUPS-Get-Document))
              (access-controls '("Require user @OWNER @SYSTEM"
                                 "Order deny,allow")))
             (operation-access-control
              (operations
               '(Pause-Printer
                 Cancel-Jobs
                 Resume-Printer Set-Printer-Attributes Enable-Printer
                 Disable-Printer Pause-Printer-After-Current-Job
                 Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer
                 Activate-Printer Restart-Printer Shutdown-Printer
                 Startup-Printer Promote-Job Schedule-Job-After
                 CUPS-Authenticate-Job CUPS-Add-Printer
                 CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class
                 CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default))
              (access-controls '("AuthType Basic"
                                 "Require user @SYSTEM"
                                 "Order deny,allow")))
             (operation-access-control
              (operations '(All))
              (access-controls '("Order deny,allow"))))))))
   "Specifies named access control policies.")
  #;
  (port
   (non-negative-integer 631)
   "Listens to the specified port number for connections.")
  (preserve-job-files
   (boolean-or-non-negative-integer 86400)
   "Specifies whether job files (documents) are preserved after a job is
printed.  If a numeric value is specified, job files are preserved for the
indicated number of seconds after printing.  Otherwise a boolean value applies
indefinitely.")
  (preserve-job-history
   (boolean-or-non-negative-integer #t)
   "Specifies whether the job history is preserved after a job is printed.
If a numeric value is specified, the job history is preserved for the
indicated number of seconds after printing.  If @code{#t}, the job history is
preserved until the MaxJobs limit is reached.")
  (reload-timeout
   (non-negative-integer 30)
   "Specifies the amount of time to wait for job completion before restarting
the scheduler.")
  (rip-cache
   (string "128m")
   "Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.")
  (server-admin
   (string "root@localhost.localdomain")
   "Specifies the email address of the server administrator.")
  (server-alias
   (host-name-list-or-* '*)
   "The ServerAlias directive is used for HTTP Host header validation when
clients connect to the scheduler from external interfaces.  Using the special
name @code{*} can expose your system to known browser-based DNS rebinding
attacks, even when accessing sites through a firewall.  If the auto-discovery
of alternate names does not work, we recommend listing each alternate name
with a ServerAlias directive instead of using @code{*}.")
  (server-name
   (string "localhost")
   "Specifies the fully-qualified host name of the server.")
  (server-tokens
   (server-tokens 'Minimal)
   "Specifies what information is included in the Server header of HTTP
responses.  @code{None} disables the Server header.  @code{ProductOnly}
reports @code{CUPS}.  @code{Major} reports @code{CUPS 2}.  @code{Minor}
reports @code{CUPS 2.0}.  @code{Minimal} reports @code{CUPS 2.0.0}.  @code{OS}
reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the output of the
@code{uname} command.  @code{Full} reports @code{CUPS 2.0.0 (@var{uname})
IPP/2.0}.")
  (ssl-listen
   (multiline-string-list '())
   "Listens on the specified interfaces for encrypted connections.  Valid
values are of the form @var{address}:@var{port}, where @var{address} is either
an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate
all addresses.")
  (ssl-options
   (ssl-options '())
   "Sets encryption options.  By default, CUPS only supports encryption
using TLS v1.0 or higher using known secure cipher suites.  Security is
reduced when @code{Allow} options are used, and enhanced when @code{Deny}
options are used.  The @code{AllowRC4} option enables the 128-bit RC4 cipher
suites, which are required for some older clients.  The @code{AllowSSL3} option
enables SSL v3.0, which is required for some older clients that do not support
TLS v1.0.  The @code{DenyCBC} option disables all CBC cipher suites.  The
@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
protocol version to TLS v1.1.")
  #;
  (ssl-port
   (non-negative-integer 631)
   "Listens on the specified port for encrypted connections.")
  (strict-conformance?
   (boolean #f)
   "Specifies whether the scheduler requires clients to strictly adhere to the
IPP specifications.")
  (timeout
   (non-negative-integer 300)
   "Specifies the HTTP request timeout, in seconds.")
  (web-interface?
   (boolean #f)
   "Specifies whether the web interface is enabled."))

(define-configuration opaque-cups-configuration
  (cups
   (package cups)
   "The CUPS package.")
  (extensions
   (package-list '())
   "Drivers and other extensions to the CUPS package.")
  (cupsd.conf
   (string (configuration-missing-field 'opaque-cups-configuration
                                        'cupsd.conf))
   "The contents of the @code{cupsd.conf} to use.")
  (cups-files.conf
   (string (configuration-missing-field 'opaque-cups-configuration
                                        'cups-files.conf))
   "The contents of the @code{cups-files.conf} to use."))

(define %cups-activation
  ;; Activation gexp.
  (with-imported-modules '((guix build utils))
    #~(begin
        (use-modules (guix build utils))
        (define (mkdir-p/perms directory owner perms)
          (mkdir-p directory)
          (chown directory (passwd:uid owner) (passwd:gid owner))
          (chmod directory perms))
        (define (build-subject parameters)
          (string-concatenate
           (map (lambda (pair)
                  (let ((k (car pair)) (v (cdr pair)))
                    (define (escape-char str chr)
                      (string-join (string-split str chr) (string #\\ chr)))
                    (string-append "/" k "="
                                   (escape-char (escape-char v #\=) #\/))))
                (filter (lambda (pair) (cdr pair)) parameters))))
        (define* (create-self-signed-certificate-if-absent
                  #:key private-key public-key (owner (getpwnam "root"))
                  (common-name (gethostname))
                  (organization-name "Guix")
                  (organization-unit-name "Default Self-Signed Certificate")
                  (subject-parameters `(("CN" . ,common-name)
                                        ("O" . ,organization-name)
                                        ("OU" . ,organization-unit-name)))
                  (subject (build-subject subject-parameters)))
          ;; Note that by default, OpenSSL outputs keys in PEM format.  This
          ;; is what we want.
          (unless (file-exists? private-key)
            (cond
             ((zero? (system* (string-append #$openssl "/bin/openssl")
                              "genrsa" "-out" private-key "2048"))
              (chown private-key (passwd:uid owner) (passwd:gid owner))
              (chmod private-key #o400))
             (else
              (format (current-error-port)
                      "Failed to create private key at ~a.\n" private-key))))
          (unless (file-exists? public-key)
            (cond
             ((zero? (system* (string-append #$openssl "/bin/openssl")
                              "req" "-new" "-x509" "-key" private-key
                              "-out" public-key "-days" "3650"
                              "-batch" "-subj" subject))
              (chown public-key (passwd:uid owner) (passwd:gid owner))
              (chmod public-key #o444))
             (else
              (format (current-error-port)
                      "Failed to create public key at ~a.\n" public-key)))))
        (let ((user (getpwnam "lp")))
          (mkdir-p/perms "/var/run/cups" user #o755)
          (mkdir-p/perms "/var/spool/cups" user #o755)
          (mkdir-p/perms "/var/spool/cups/tmp" user #o755)
          (mkdir-p/perms "/var/log/cups" user #o755)
          (mkdir-p/perms "/var/cache/cups" user #o770)
          (mkdir-p/perms "/etc/cups" user #o755)
          (mkdir-p/perms "/etc/cups/ssl" user #o700)
          ;; This certificate is used for HTTPS connections to the CUPS web
          ;; interface.
          (create-self-signed-certificate-if-absent
           #:private-key "/etc/cups/ssl/localhost.key"
           #:public-key "/etc/cups/ssl/localhost.crt"
           #:owner (getpwnam "root")
           #:common-name (format #f "CUPS service on ~a" (gethostname)))))))

(define (union-directory name packages paths)
  (computed-file
   name
   (with-imported-modules '((guix build utils))
     #~(begin
         (use-modules (guix build utils)
                      (srfi srfi-1))
         (mkdir #$output)
         (for-each
          (lambda (package)
            (for-each
             (lambda (path)
               (for-each
                (lambda (src)
                  (let* ((tail (substring src (string-length package)))
                         (dst (string-append #$output tail)))
                    (mkdir-p (dirname dst))
                    ;; CUPS currently symlinks in some data from cups-filters
                    ;; to its output dir.  Probably we should stop doing this
                    ;; and instead rely only on the CUPS service to union the
                    ;; relevant set of CUPS packages.
                    (if (file-exists? dst)
                        (format (current-error-port) "warning: ~a exists\n" dst)
                        (symlink src dst))))
                (find-files (string-append package path) #:stat stat)))
             (list #$@paths)))
          (list #$@packages))
         #t))))

(define (cups-server-bin-directory extensions)
  "Return the CUPS ServerBin directory, containing binaries for CUPS and all
extensions that it uses."
  (union-directory "cups-server-bin" extensions
                   ;; /bin
                   '("/lib/cups" "/share/ppd" "/share/cups")))

(define (cups-shepherd-service config)
  "Return a list of <shepherd-service> for CONFIG."
  (let* ((cupsd.conf-str
          (cond
           ((opaque-cups-configuration? config)
            (opaque-cups-configuration-cupsd.conf config))
           (else
            (with-output-to-string
              (lambda ()
                (serialize-configuration config
                                         cups-configuration-fields))))))
         (cups-files.conf-str
          (cond
           ((opaque-cups-configuration? config)
            (opaque-cups-configuration-cups-files.conf config))
           (else
            (with-output-to-string
              (lambda ()
                (serialize-configuration
                 (cups-configuration-files-configuration config)
                 files-configuration-fields))))))
         (cups (if (opaque-cups-configuration? config)
                   (opaque-cups-configuration-cups config)
                   (cups-configuration-cups config)))
         (server-bin
          (cups-server-bin-directory
           (cons cups
                 (cond
                  ((opaque-cups-configuration? config)
                   (opaque-cups-configuration-extensions config))
                  (else
                   (cups-configuration-extensions config))))))
         ;;"SetEnv PATH " server-bin "/bin" "\n"
         (cupsd.conf
          (plain-file "cupsd.conf" cupsd.conf-str))
         (cups-files.conf
          (mixed-text-file
           "cups-files.conf"
           cups-files.conf-str
           "CacheDir /var/cache/cups\n"
           "StateDir /var/run/cups\n"
           "DataDir " server-bin "/share/cups" "\n"
           "ServerBin " server-bin "/lib/cups" "\n")))
    (list (shepherd-service
           (documentation "Run the CUPS print server.")
           (provision '(cups))
           (requirement '(networking))
           (start #~(make-forkexec-constructor
                     (list (string-append #$cups "/sbin/cupsd")
                           "-f" "-c" #$cupsd.conf "-s" #$cups-files.conf)))
           (stop #~(make-kill-destructor))))))

(define cups-service-type
  (service-type (name 'cups)
                (extensions
                 (list (service-extension shepherd-root-service-type
                                          cups-shepherd-service)
                       (service-extension activation-service-type
                                          (const %cups-activation))
                       (service-extension account-service-type
                                          (const %cups-accounts))))

                ;; Extensions consist of lists of packages (representing CUPS
                ;; drivers, etc) that we just concatenate.
                (compose append)

                ;; Add extension packages by augmenting the cups-configuration
                ;; 'extensions' field.
                (extend
                 (lambda (config extensions)
                   (cond
                    ((cups-configuration? config)
                     (cups-configuration
                      (inherit config)
                      (extensions
                       (append (cups-configuration-extensions config)
                               extensions))))
                    (else
                     (opaque-cups-configuration
                      (inherit config)
                      (extensions
                       (append (opaque-cups-configuration-extensions config)
                               extensions)))))))

                (default-value (cups-configuration))
                (description
                 "Run the CUPS print server.")))

;; A little helper to make it easier to document all those fields.
(define (generate-cups-documentation)
  (generate-documentation
    `((cups-configuration
       ,cups-configuration-fields
       (files-configuration files-configuration)
       (policies policy-configuration)
       (location-access-controls location-access-controls))
      (files-configuration ,files-configuration-fields)
      (policy-configuration
       ,policy-configuration-fields
       (operation-access-controls operation-access-controls))
      (location-access-controls
       ,location-access-control-fields
       (method-access-controls method-access-controls))
      (operation-access-controls ,operation-access-control-fields)
      (method-access-controls ,method-access-control-fields))
    'cups-configuration))