diff options
| author | David Thompson <dthompson2@worcester.edu> | 2023-11-19 14:46:52 -0500 |
|---|---|---|
| committer | David Thompson <dthompson2@worcester.edu> | 2023-12-28 11:02:56 -0500 |
| commit | 7722da6fa5422c4fec69d6c8b9536c7d6fc3d326 (patch) | |
| tree | 24cc9829fe3ee10a4bc2493aeb8891e3c63817d2 | |
| parent | 9c0a06c98cef9e7445c9134e49add25f9beb48e5 (diff) | |
services: laminar: Add configuration option for supplementary groups.
* gnu/services/ci (<laminar-configuration>)[supplemental-groups]: New field.
(laminar-shepherd-service): Exec laminard with supplementary groups.
(laminar-account): Add supplementary groups to laminar user.
* doc/guix.texi (Laminar): Document new configuration field.
Change-Id: Iebfdbb58ea8c6dfa22bb8f64f6463e3ad133d2f9
| -rw-r--r-- | doc/guix.texi | 3 | ||||
| -rw-r--r-- | gnu/services/ci.scm | 42 |
2 files changed, 27 insertions, 18 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index a9a9272c35..bc04bb8150 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -34163,6 +34163,9 @@ The Laminar package to use. @item @code{home-directory} (default: @code{"/var/lib/laminar"}) The directory for job configurations and run directories. +@item @code{supplementary-groups} (default: @code{()}) +Supplementary groups for the Laminar user account. + @item @code{bind-http} (default: @code{"*:8080"}) The interface/port or unix socket on which laminard should listen for incoming connections to the web frontend. diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm index 172f85fe8e..01cc7c7d86 100644 --- a/gnu/services/ci.scm +++ b/gnu/services/ci.scm @@ -31,6 +31,7 @@ #:export (laminar-configuration laminar-configuration? laminar-configuration-home-directory + laminar-configuration-supplementary-groups laminar-configuration-bind-http laminar-configuration-bind-rpc laminar-configuration-title @@ -50,26 +51,28 @@ (define-record-type* <laminar-configuration> laminar-configuration make-laminar-configuration laminar-configuration? - (laminar laminars-configuration-laminar - (default laminar)) - (home-directory laminar-configuration-home-directory - (default "/var/lib/laminar")) - (bind-http laminar-configuration-bind-http - (default "*:8080")) - (bind-rpc laminar-configuration-bind-rpc - (default "unix-abstract:laminar")) - (title laminar-configuration-title - (default "Laminar")) - (keep-rundirs laminar-keep-rundirs - (default 0)) - (archive-url laminar-archive-url - (default #f)) - (base-url laminar-base-url - (default #f))) + (laminar laminars-configuration-laminar + (default laminar)) + (home-directory laminar-configuration-home-directory + (default "/var/lib/laminar")) + (supplementary-groups laminar-configuration-supplementary-groups + (default '())) + (bind-http laminar-configuration-bind-http + (default "*:8080")) + (bind-rpc laminar-configuration-bind-rpc + (default "unix-abstract:laminar")) + (title laminar-configuration-title + (default "Laminar")) + (keep-rundirs laminar-keep-rundirs + (default 0)) + (archive-url laminar-archive-url + (default #f)) + (base-url laminar-base-url + (default #f))) (define laminar-shepherd-service (match-lambda - (($ <laminar-configuration> laminar home-directory + (($ <laminar-configuration> laminar home-directory supplementary-groups bind-http bind-rpc title keep-rundirs archive-url base-url) @@ -102,7 +105,8 @@ #$base-url)) '())) #:user "laminar" - #:group "laminar")) + #:group "laminar" + #:supplementary-groups '#$supplementary-groups)) (stop #~(make-kill-destructor))))))) (define (laminar-account config) @@ -113,6 +117,8 @@ (user-account (name "laminar") (group "laminar") + (supplementary-groups + (laminar-configuration-supplementary-groups config)) (system? #t) (comment "Laminar privilege separation user") (home-directory (laminar-configuration-home-directory config)) |