diff options
Diffstat (limited to 'gnu/services/security.scm')
| -rw-r--r-- | gnu/services/security.scm | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/gnu/services/security.scm b/gnu/services/security.scm index 15fae7a628..8116072920 100644 --- a/gnu/services/security.scm +++ b/gnu/services/security.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 muradm <mail@muradm.net> +;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -41,11 +42,11 @@ (max-count integer "Cache size.") (max-time integer "Cache time.")) -(define serialize-fail2ban-ignore-cache-configuration - (match-lambda - (($ <fail2ban-ignore-cache-configuration> _ key max-count max-time) - (format #f "key=\"~a\", max-count=~d, max-time=~d" - key max-count max-time)))) +(define (serialize-fail2ban-ignore-cache-configuration config) + (match-record config <fail2ban-ignore-cache-configuration> + (key max-count max-time) + (format #f "key=\"~a\", max-count=~d, max-time=~d" + key max-count max-time))) (define-maybe/no-serialization string) @@ -53,10 +54,10 @@ (name string "Filter to use.") (mode maybe-string "Mode for filter.")) -(define serialize-fail2ban-jail-filter-configuration - (match-lambda - (($ <fail2ban-jail-filter-configuration> _ name mode) - (format #f "~a~@[[mode=~a]~]" name (maybe-value mode))))) +(define (serialize-fail2ban-jail-filter-configuration config) + (match-record config <fail2ban-jail-filter-configuration> + (name mode) + (format #f "~a~@[[mode=~a]~]" name (maybe-value mode)))) (define (argument? a) (and (pair? a) @@ -85,17 +86,17 @@ (format #f "~a=~a" (car e) (any-value (cdr e)))))) (format #f "~a" (string-join (map key-value args) ",")))) -(define serialize-fail2ban-jail-action-configuration - (match-lambda - (($ <fail2ban-jail-action-configuration> _ name arguments) - (format - #f "~a~a" - name - (if (null? arguments) "" - (format - #f "[~a]" - (serialize-fail2ban-jail-action-configuration-arguments - arguments))))))) +(define (serialize-fail2ban-jail-action-configuration config) + (match-record config <fail2ban-jail-action-configuration> + (name arguments) + (format + #f "~a~a" + name + (if (null? arguments) "" + (format + #f "[~a]" + (serialize-fail2ban-jail-action-configuration-arguments + arguments)))))) (define fail2ban-backend->string (match-lambda @@ -351,28 +352,27 @@ provided as a list of file-like objects.")) (match-record config <fail2ban-configuration> (fail2ban run-directory) (let* ((fail2ban-server (file-append fail2ban "/bin/fail2ban-server")) + (fail2ban-client (file-append fail2ban "/bin/fail2ban-client")) (pid-file (in-vicinity run-directory "fail2ban.pid")) (socket-file (in-vicinity run-directory "fail2ban.sock")) (config-dir (file-append (config->fail2ban-etc-directory config) "/etc/fail2ban")) (fail2ban-action (lambda args - #~(lambda _ - (invoke #$fail2ban-server - "-c" #$config-dir - "-p" #$pid-file - "-s" #$socket-file - "-b" - #$@args))))) - - ;; TODO: Add 'reload' action. + #~(invoke #$fail2ban-client #$@args)))) + + ;; TODO: Add 'reload' action (see 'fail2ban.service.in' in the source). (list (shepherd-service (provision '(fail2ban)) (documentation "Run the fail2ban daemon.") (requirement '(user-processes)) - (modules `((ice-9 match) - ,@%default-modules)) - (start (fail2ban-action "start")) - (stop (fail2ban-action "stop"))))))) + (start #~(make-forkexec-constructor + (list #$fail2ban-server + "-c" #$config-dir "-s" #$socket-file + "-p" #$pid-file "-xf" "start") + #:pid-file #$pid-file)) + (stop #~(lambda (_) + #$(fail2ban-action "stop") + #f))))))) ;successfully stopped (define fail2ban-service-type (service-type (name 'fail2ban) |