aboutsummaryrefslogtreecommitdiff
path: root/container.scm
diff options
context:
space:
mode:
Diffstat (limited to 'container.scm')
-rw-r--r--container.scm103
1 files changed, 82 insertions, 21 deletions
diff --git a/container.scm b/container.scm
index c7fcf79..2896c3f 100644
--- a/container.scm
+++ b/container.scm
@@ -25,7 +25,8 @@
(guix modules)
((guix utils) #:select (substitute-keyword-arguments))
;; The following exports account-service-type.
- (gnu system shadow))
+ (gnu system shadow)
+ ((gnu system setuid) #:select (setuid-program)))
(use-package-modules web
python
version-control
@@ -442,6 +443,56 @@
(deploy-hook %koszko-httpd-deploy-hook)))))
%all-site-confs)))))
+(define exim-configuration-config-file
+ (@@ (gnu services mail) exim-configuration-config-file))
+
+(define exim-configuration-package
+ (@@ (gnu services mail) exim-configuration-package))
+
+(define (adapt-exim-activation-extension ext)
+ ;; Make exim logs accessible under /var/log/exim and symlink current
+ ;; configuration as /etc/exim.conf.
+ (let ((old-activation (service-extension-compute ext)))
+ (define (new-activation exim-config)
+ #~(begin
+ ;; There's unfortunately no option to tell file-exist? or stat not to
+ ;; follow symlinks, hence we use statat...
+ (unless (with-input-from-file "/var/log"
+ (lambda _
+ (false-if-exception (statat (current-input-port)
+ "exim" AT_SYMLINK_NOFOLLOW))))
+ (symlink "../spool/exim/log" "/var/log/exim"))
+ ;; Exim often rereads its config file. Let's substitute it
+ ;; atomiacally.
+ (with-output-to-file "/etc/exim.conf.new"
+ (lambda _
+ (format #t "
+exim_user = exim
+exim_group = exim
+exim_path = /run/setuid-programs/exim
+.include ~a"
+ #$(exim-configuration-config-file exim-config))))
+ (rename-file "/etc/exim.conf.new" "/etc/exim.conf")
+ #$(old-activation exim-config)))
+
+ (service-extension activation-service-type new-activation)))
+
+(define (adapt-exim-shepherd-extension ext)
+ ;; Make exim daemon use /etc/exim.conf which we made a symlink to the real
+ ;; config file.
+ (let ((old-activation (service-extension-compute ext)))
+ (define (new-activation exim-config)
+ (let ((exim-package (exim-configuration-package exim-config)))
+ (map (lambda (shepherd-service-record)
+ (shepherd-service
+ (inherit shepherd-service-record)
+ (start #~(make-forkexec-constructor
+ '(#$(file-append exim-package "/bin/exim")
+ "-bd" "-v")))))
+ (old-activation exim-config))))
+
+ (service-extension shepherd-root-service-type new-activation)))
+
(define koszko-exim-service-type
(service-type
(inherit exim-service-type)
@@ -452,33 +503,39 @@
;; Avoid double declaration of "exim" user and group.
#f)
((extension-of-type? ext activation-service-type)
- ;; Make exim logs accessible under /var/log
- (let ((old-activation (service-extension-compute ext)))
- (define (new-activation exim-config)
- #~(begin
- (symlink "../spool/exim/log" "/var/log/exim")
- #$(old-activation exim-config)))
-
- (service-extension activation-service-type
- new-activation)))
+ (adapt-exim-activation-extension ext))
+ ((extension-of-type? ext shepherd-root-service-type)
+ (adapt-exim-shepherd-extension ext))
(else
ext)))
(service-type-extensions exim-service-type)))))
+(define koszko-adapted-exim
+ (package/inherit exim
+ (arguments
+ (substitute-keyword-arguments
+ (package-arguments exim)
+ ((#:phases phases)
+ #~(modify-phases #$phases
+ (add-after 'configure 'configure*
+ (lambda _
+ (substitute* "Local/Makefile"
+ (("# (SUPPORT_MAILDIR=yes)" all line)
+ line)
+ (("(EXIM_USER=).*" all var)
+ (string-append var "106\n"))
+ (("# (EXIM_GROUP=).*" all var)
+ (string-append var "113\n")))))
+ (add-after 'install 'symlink-config-file
+ (lambda _
+ (let ((config-path (string-append #$output "/etc/exim.conf")))
+ (delete-file config-path)
+ (symlink "/etc/exim.conf" config-path))))))))))
+
(define %koszko-exim-service
(service koszko-exim-service-type
(exim-configuration
- (package (package/inherit exim
- (arguments
- (substitute-keyword-arguments
- (package-arguments exim)
- ((#:phases phases)
- #~(modify-phases #$phases
- (add-after 'configure 'configure-enable-maildir
- (lambda _
- (substitute* "Local/Makefile"
- (("# (SUPPORT_MAILDIR=yes)" all line)
- line))))))))))
+ (package koszko-adapted-exim)
(config-file (local-file "./exim.conf")))))
(define %koszko-mail-aliases-service
@@ -571,6 +628,10 @@
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets '("/dev/sdDOES-NOT-MATTER"))))
+ (setuid-programs
+ (cons* (setuid-program
+ (program (file-append koszko-adapted-exim "/bin/exim")))
+ %setuid-programs))
(services
(cons* %koszko-httpd-service
(simple-service 'koszko-org-website koszko-httpd-service-type