From: Alexandru-Sergiu Marton <brown121407@posteo.ro>
To: 46513@debbugs.gnu.org
Cc: Alexandru-Sergiu Marton <brown121407@posteo.ro>
Subject: [bug#46513] [PATCH 6/6] services: Add agate web service.
Date: Sun, 14 Feb 2021 20:57:31 +0200 [thread overview]
Message-ID: <20210214185731.31197-6-brown121407@posteo.ro> (raw)
In-Reply-To: <20210214185731.31197-1-brown121407@posteo.ro>
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
---
doc/guix.texi | 89 +++++++++++++++++++++++++++++++++-
gnu/services/web.scm | 112 ++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 198 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 68abb968b0..c10d6877e2 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -81,7 +81,7 @@ Copyright @copyright{} 2020 R Veera Kumar@*
Copyright @copyright{} 2020 Pierre Langlois@*
Copyright @copyright{} 2020 pinoaffe@*
Copyright @copyright{} 2020 André Batista@*
-Copyright @copyright{} 2020 Alexandru-Sergiu Marton@*
+Copyright @copyright{} 2020, 2021 Alexandru-Sergiu Marton@*
Copyright @copyright{} 2020 raingloom@*
Copyright @copyright{} 2020 Daniel Brooks@*
Copyright @copyright{} 2020 John Soo@*
@@ -25316,6 +25316,93 @@ gmnisrv} and @command{man gmnisrv.ini}.
@end table
@end deftp
+@subsubheading agate
+
+@cindex agate
+The @uref{gemini://qwertqwefsday.eu/agate.gmi, Agate}
+(@uref{https://github.com/mbrubeck/agate, GitHub page over HTTPS})
+program is a simple @uref{https://gemini.circumlunar.space/, Gemini}
+protocol server written in Rust.
+
+@deffn {Scheme Variable} agate-service-type
+This is the type of the agate service, whose value should be an
+@code{agate-service-type} object, as in this example:
+
+@lisp
+(service agate-service-type
+ (agate-configuration
+ (content "/srv/gemini")
+ (cert "/srv/cert.pem")
+ (key "/srv/key.rsa")))
+@end lisp
+
+The example above represents the minimal tweaking necessary to get Agate
+up and running. Specifying the path to the certificate and key is always
+necessary, as the Gemini protocol requires TLS by default.
+
+To obtain a certificate and a key, you could, for example, use OpenSSL,
+running a command similar to the following example:
+
+@example
+openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
+ -days 3650 -nodes -subj "/CN=example.com"
+@end example
+
+Of course, you'll have to replace @i{example.com} with your own domain
+name, and then point the Agate configuration towards the path of the
+generated key and certificate.
+
+@end deffn
+
+@deftp {Data Type} agate-configuration
+Data type representing the configuration of Agate.
+
+@table @asis
+@item @code{package} (default: @var{agate})
+The package object of the Agate server.
+
+@item @code{content} (default: @code{"/srv/gemini"})
+The path of the directory from which Agate will serve files.
+
+@item @code{cert} (default: @code{#f})
+The path to the TLS certificate PEM file to be used for encrypted
+connections. Must be filled in with a value from the user.
+
+@item @code{key} (default: @code{#f})
+The path to the PKCS8 private key file to be used for encrypted
+connections. Must be filled in with a value from the user.
+
+@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
+A list of the addresses to listen on.
+
+@item @code{hostname} (default: @code{#f})
+The domain name of this Gemini server. Optional.
+
+@item @code{lang} (default: @code{#f})
+RFC 4646 Language code(s) for text/gemini documents. Optional.
+
+@item @code{silent?} (default: @code{#f})
+Set to @code{#t} to disable logging output.
+
+@item @code{serve-secret?} (default: @code{#f})
+Set to @code{#t} to serve secret files (files/directories starting with
+a dot).
+
+@item @code{log-ip?} (default: @code{#t})
+Whether or not to output IP addresses when logging.
+
+@item @code{user} (default: @code{"agate"})
+Owner of the @code{agate} process.
+
+@item @code{group} (default: @code{"agate"})
+Owner's group of the @code{agate} process.
+
+@item @code{log-file} (default: @code{"/var/log/agate.log"})
+The path of the file which should store the logging output of Agate.
+
+@end table
+@end deftp
+
@node Certificate Services
@subsection Certificate Services
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index ff7b262b6a..aa688a4328 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -14,7 +14,7 @@
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
-;;; Copyright © 2020 Alexandru-Sergiu Marton <brown121407@posteo.ro>
+;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@posteo.ro>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -50,6 +50,7 @@
#:use-module (gnu packages guile)
#:use-module (gnu packages logging)
#:use-module (gnu packages mail)
+ #:use-module (gnu packages rust-apps)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (guix modules)
@@ -263,7 +264,25 @@
gmnisrv-configuration-package
gmnisrv-configuration-config-file
- gmnisrv-service-type))
+ gmnisrv-service-type
+
+ agate-configuration
+ agate-configuration?
+ agate-configuration-package
+ agate-configuration-content
+ agate-configuration-cert
+ agate-configuration-key
+ agate-configuration-addr
+ agate-configuration-hostname
+ agate-configuration-lang
+ agate-configuration-silent
+ agate-configuration-serve-secret
+ agate-configuration-log-ip
+ agate-configuration-user
+ agate-configuration-group
+ agate-configuration-log-file
+
+ agate-service-type))
;;; Commentary:
;;;
@@ -1885,3 +1904,92 @@ root=/srv/gemini
"Run the gmnisrv Gemini server.")
(default-value
(gmnisrv-configuration))))
+
+(define-record-type* <agate-configuration>
+ agate-configuration make-agate-configuration
+ agate-configuration?
+ (package agate-configuration-package
+ (default agate))
+ (content agate-configuration-content
+ (default "/srv/gemini"))
+ (cert agate-configuration-cert
+ (default #f))
+ (key agate-configuration-key
+ (default #f))
+ (addr agate-configuration-addr
+ (default '("0.0.0.0:1965" "[::]:1965")))
+ (hostname agate-configuration-hostname
+ (default #f))
+ (lang agate-configuration-lang
+ (default #f))
+ (silent? agate-configuration-silent
+ (default #f))
+ (serve-secret? agate-configuration-serve-secret
+ (default #f))
+ (log-ip? agate-configuration-log-ip
+ (default #t))
+ (user agate-configuration-user
+ (default "agate"))
+ (group agate-configuration-group
+ (default "agate"))
+ (log-file agate-configuration-log
+ (default "/var/log/agate.log")))
+
+(define agate-shepherd-service
+ (match-lambda
+ (($ <agate-configuration> package content cert key addr
+ hostname lang silent? serve-secret?
+ log-ip? user group log-file)
+ (list (shepherd-service
+ (provision '(agate))
+ (requirement '(networking))
+ (documentation "Run the agate Gemini server.")
+ (start (let ((agate (file-append package "/bin/agate")))
+ #~(make-forkexec-constructor
+ (list #$agate
+ "--content" #$content
+ "--cert" #$cert
+ "--key" #$key
+ "--addr" #$@addr
+ #$@(if lang
+ (list "--lang" lang)
+ '())
+ #$@(if hostname
+ (list "--hostname" hostname)
+ '())
+ #$@(if silent? '("--silent") '())
+ #$@(if serve-secret? '("--serve-secret") '())
+ #$@(if log-ip? '("--log-ip") '()))
+ #:user #$user #:group #$group
+ #:log-file #$log-file)))
+ (stop #~(make-kill-destructor)))))))
+
+(define agate-accounts
+ (match-lambda
+ (($ <agate-configuration> _ _ _ _ _
+ _ _ _ _
+ _ user group _)
+ `(,@(if (equal? group "agate")
+ '()
+ (list (user-group (name "agate") (system? #t))))
+ ,(user-group
+ (name group)
+ (system? #t))
+ ,(user-account
+ (name user)
+ (group group)
+ (supplementary-groups '("agate"))
+ (system? #t)
+ (comment "agate server user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
+
+(define agate-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension account-service-type
+ agate-accounts)
+ (service-extension shepherd-root-service-type
+ agate-shepherd-service)))
+ (default-value (agate-configuration))))
--
2.30.0
next prev parent reply other threads:[~2021-02-14 19:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-14 18:51 [bug#46513] [PATCH 0/6] Add Agate Gemini server Alexandru-Sergiu Marton
2021-02-14 18:57 ` [bug#46513] [PATCH 1/6] gnu: Add rust-rustls-0.19 Alexandru-Sergiu Marton
2021-02-14 18:57 ` [bug#46513] [PATCH 2/6] gnu: rust-tokio-macros-1: Update to 1.1.0 Alexandru-Sergiu Marton
2021-02-14 18:57 ` [bug#46513] [PATCH 3/6] gnu: rust-tokio-1: Update to 1.2.0 Alexandru-Sergiu Marton
2021-02-14 18:57 ` [bug#46513] [PATCH 4/6] gnu: Add rust-tokio-rustls-0.22 Alexandru-Sergiu Marton
2021-02-14 18:57 ` [bug#46513] [PATCH 5/6] gnu: Add agate Alexandru-Sergiu Marton
2021-02-14 18:57 ` Alexandru-Sergiu Marton [this message]
2021-02-15 12:42 ` bug#46513: [PATCH 0/6] Add Agate Gemini server Nicolas Goaziou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210214185731.31197-6-brown121407@posteo.ro \
--to=brown121407@posteo.ro \
--cc=46513@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).