* [bug#28960] [PATCH] services: Add murmur.
@ 2017-10-23 21:34 nee
2017-10-24 4:32 ` ng0
2017-10-24 5:04 ` Ludovic Courtès
0 siblings, 2 replies; 8+ messages in thread
From: nee @ 2017-10-23 21:34 UTC (permalink / raw)
To: 28960
[-- Attachment #1: Type: text/plain, Size: 577 bytes --]
Hello, this patch adds a murmur service.
Murmur is the biggest implementation of a mumble voice chat server. The
murmur executable is already packaged in the mumble package.
I added most of the available options to the configuration.
I consciously did not include the following settings:
-settings for changing the .ini at runtime through "ZeroC Ice" or "dbus"
-settings for different databases, because the wiki mentions problems
with other databases and strongly recommends using the default sqlite¹.
1) https://wiki.mumble.info/wiki/Murmur.ini (ctrl-f sqlite)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-services-Add-murmur.patch --]
[-- Type: text/x-patch; name="0001-services-Add-murmur.patch", Size: 27732 bytes --]
From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001
From: nee <nee.git@cock.li>
Date: Sat, 14 Oct 2017 11:27:50 +0200
Subject: [PATCH] services: Add murmur.
* gnu/services/telephony.scm: New file.
* gnu/local.mk: Add it.
* doc/guix.texi: Document it.
---
doc/guix.texi | 161 ++++++++++++++++++++-
gnu/local.mk | 1 +
gnu/services/telephony.scm | 344 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 505 insertions(+), 1 deletion(-)
create mode 100644 gnu/services/telephony.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b5b71179..c06e596aa 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -221,6 +221,7 @@ Services
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -9245,6 +9246,7 @@ declaration.
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -14025,6 +14027,164 @@ string, you could instantiate a prosody service like this:
(prosody.cfg.lua "")))
@end example
+
+@node Telephony Services
+@subsubsection Telephony Services
+@cindex Murmur
+
+Murmur is the official server of the @code{mumble} voice over IP (VoIP) software.
+
+@deftp {Data Type} murmur-configuration
+The service type for the murmur server. An example configuration can look like this:
+@example
+(service murmur-service-type
+ (murmur-configuration
+ (welcome-text "Welcome to this mumble server running on GuixSD!")
+ (cert-required #t) ; disallow text password logins
+ (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
+ (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
+@end example
+
+After reconfiguring your system, you have to manually set the
+SuperUser password with the command that is printed during the activation phase.
+Then you can use the @code{mumble} client to
+login as new user, register, and logout.
+For the next step login with the name "SuperUser" and the SuperUser password
+you set previously, and grant your newly registered user admin/moderator rights
+and create some channels.
+
+Available @code{murmur-configuration} fields are:
+@table @asis
+@item @code{package} (default: @code{mumble})
+Package that contains @code{bin/murmurd}.
+@item @code{user} (default: @code{"murmur"})
+User who will run the murmur server.
+@item @code{group} (default: @code{"murmur"})
+Group of the user who will run the murmur server.
+@item @code{port} (default: @code{64738})
+Port on which the server will listen.
+@item @code{welcome-text} (default: @code{""})
+Welcome text sent to clients when they connect.
+@item @code{server-password} (default: @code{""})
+Password the clients have to enter in order to connect.
+@item @code{max-users} (default: @code{100})
+Maximum of users that can be connected to the server at once.
+@item @code{max-user-bandwidth} (default: @code{#f})
+Maximum voice traffic a user can send per second.
+@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
+Filepath location of the sqlite database.
+The service's user will become the owner of the directory.
+@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
+Filepath of the log file.
+The service's user will become the owner of the directory.
+@item @code{autoban-attempts} (default: @code{10})
+Maximum number of logins a user can make in @code{autoban-timeframe}
+without getting auto banned for @code{autoban-time}.
+@item @code{autoban-timeframe} (default: @code{120})
+Timeframe for autoban in seconds.
+@item @code{autoban-time} (default: @code{300})
+Amount of time in seconds for which a client gets banned
+when violating the autoban limits.
+@item @code{opus-threshold} (default: @code{100})
+Percentage of clients that need to support opus
+before switching over to opus audio codec.
+@item @code{channel-nesting-limit} (default: @code{10})
+How deep channels can be nested at maximum.
+@item @code{channelname-regex} (default: @code{#f})
+A string in from of a Qt regular expression that channel names must conform to.
+@item @code{username-regex} (default: @code{#f})
+A string in from of a Qt regular expression that user names must conform to.
+@item @code{text-message-length} (default: @code{5000})
+Maximum size in bytes that a user can send in one text chat message.
+@item @code{image-message-length} (default: @code{(* 128 1024)})
+Maximum size in bytes that a user can send in one image message.
+@item @code{cert-required} (default: @code{#f})
+If it is set to @code{#t} clients that use weak password authentification
+will not be accepted. Users must have completed the certificate wizard to join.
+@item @code{remember-channel} (defualt @code{#f})
+Should murmur remember the last channel each user was in when they disconnected
+and put them into the remembered channel when they rejoin.
+@item @code{allow-html} (default: @code{#f})
+Should html be allowed in text messages, user comments, and channel descriptions.
+@item @code{allow-ping} (default: @code{#f})
+Setting to true exposes the current user count, the maximum user count, and
+the server's maximum bandwidth per client to unauthenticated users. In the
+Mumble client, this information is shown in the Connect dialog.
+
+Disabling this setting will prevent public listing of the server.
+@item @code{bonjour} (default: @code{#f})
+Should the server advertise itself in the local network through the bonjour protocol.
+@item @code{send-version} (default: @code{#f})
+Should the murmur server version be exposed in ping requests.
+@item @code{log-days} (default: @code{31})
+Murmur also stores logs in the database, which are accessible via RPC.
+The default is 31 days of months, but you can set this setting to 0 to keep logs forever,
+or -1 to disable logging to the database.
+@item @code{obfuscate-ips} (default @code{#t})
+Should logged ips be obfuscated to protect the privacy of users.
+@item @code{ssl-cert} (default: @code{#f})
+Filepath to the ssl-cert used for encrypted connections.
+@example
+(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
+@end example
+@item @code{ssl-key} (default: @code{#f})
+Filepath to the ssl private key used for encrypted connections.
+@example
+(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
+@end example
+@item @code{ssl-dh-params} (default: @code{#f})
+Filepath to a PEM-encoded file with Diffie-Hellman parameters
+for the ssl encryption. Alternatively you set it to
+@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"}
+or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
+@item @code{ssl-ciphers} (default: @code{#f})
+The @code{ssl-ciphers} option chooses the cipher suites to make available for use
+in SSL/TLS.
+
+This option is specified using
+@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}.
+
+It is recommended that you try your cipher string using 'openssl ciphers <string>'
+before setting it here, to get a feel for which cipher suites you will get.
+After setting this option, it is recommend that you inspect your Murmur log
+to ensure that Murmur is using the cipher suites that you expected it to.
+
+Note: Changing this option may impact the backwards compatibility of your
+Murmur server, and can remove the ability for older Mumble clients to be able
+to connect to it.
+@item @code{public-registration} (default: @code{#f})
+Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}.
+
+You can optionally register your server in the public server list that the
+@code{mumble} client shows on startup.
+You cannot register your server if you have set a @code{server-password},
+or set @code{allow-ping} to @code{#f}.
+
+It might take a few hours until it shows up in the public list.
+
+@item @code{file} (default: @code{#f})
+Optional alternative override for this configuration.
+@end table
+@end deftp
+
+@deftp {Data Type} murmur-public-registration-configuration
+Configuration for public registration of a murmur service.
+@table @asis
+@item @code{name}
+This is a display name for your server. Not to be confused with the hostname.
+@item @code{password}
+A password to identify your registration.
+Subsequent updates will need the same password. Don't lose your password.
+@item @code{url}
+This should be a http(s):// link to your website.
+@item @code{hostname} (default: @code{#f})
+By default your server will be listed by it's ip.
+If it is set your server will be linked by this hostname instead.
+@end table
+@end deftp
+
+
+
@node Monitoring Services
@subsubsection Monitoring Services
@@ -14135,7 +14295,6 @@ the 2nd element of the pair is the password.
@end table
@end deftp
-
@node Kerberos Services
@subsubsection Kerberos Services
@cindex Kerberos
diff --git a/gnu/local.mk b/gnu/local.mk
index b71b36024..daa210a38 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/spice.scm \
%D%/services/ssh.scm \
%D%/services/sysctl.scm \
+ %D%/services/telephony.scm \
%D%/services/version-control.scm \
%D%/services/vpn.scm \
%D%/services/web.scm \
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
new file mode 100644
index 000000000..1fc5cb834
--- /dev/null
+++ b/gnu/services/telephony.scm
@@ -0,0 +1,344 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 nee <nee-git@hidamari.blue>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services telephony)
+ #:use-module (gnu services)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages telephony)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 match)
+ #:export (<murmur-configuration>
+ murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ murmur-configuration-package
+ murmur-configuration-user
+ murmur-configuration-group
+ murmur-configuration-port
+ murmur-configuration-welcome-text
+ murmur-configuration-server-password
+ murmur-configuration-max-users
+ murmur-configuration-max-user-bandwidth
+ murmur-configuration-database-file
+ murmur-configuration-log-file
+ murmur-configuration-pid-file
+ murmur-configuration-autoban-attempts
+ murmur-configuration-autoban-timeframe
+ murmur-configuration-autoban-time
+ murmur-configuration-opus-threshold
+ murmur-configuration-channel-nesting-limit
+ murmur-configuration-channelname-regex
+ murmur-configuration-username-regex
+ murmur-configuration-text-message-length
+ murmur-configuration-image-message-length
+ murmur-configuration-cert-required
+ murmur-configuration-remember-channel
+ murmur-configuration-allow-html
+ murmur-configuration-allow-ping
+ murmur-configuration-bonjour
+ murmur-configuration-send-version
+ murmur-configuration-log-days
+ murmur-configuration-obfuscate-ips
+ murmur-configuration-ssl-cert
+ murmur-configuration-ssl-key
+ murmur-configuration-ssl-dh-params
+ murmur-configuration-ssl-ciphers
+ murmur-configuration-public-registration
+ murmur-configuration-file
+
+ <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ murmur-public-registration-configuration-name
+ murmur-public-registration-configuration-url
+ murmur-public-registration-configuration-password
+ murmur-public-registration-configuration-hostname
+
+ murmur-service-type))
+
+;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini
+
+(define-record-type* <murmur-configuration> murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ (package murmur-configuration-package ;<package>
+ (default mumble))
+ (user murmur-configuration-user
+ (default "murmur"))
+ (group murmur-configuration-group
+ (default "murmur"))
+ (port murmur-configuration-port
+ (default 64738))
+ (welcome-text murmur-configuration-welcome-text
+ (default ""))
+ (server-password murmur-configuration-server-password
+ (default ""))
+ (max-users murmur-configuration-max-users
+ (default 100))
+ (max-user-bandwidth murmur-configuration-max-user-bandwidth
+ (default #f))
+ (database-file murmur-configuration-database-file
+ (default "/var/lib/murmur/db.sqlite"))
+ (log-file murmur-configuration-log-file
+ (default "/var/log/murmur/murmur.log"))
+ (pid-file murmur-configuration-pid-file
+ (default "/var/run/murmur/murmur.pid"))
+ (autoban-attempts murmur-configuration-autoban-attempts
+ (default 10))
+ (autoban-timeframe murmur-configuration-autoban-timeframe
+ (default 120))
+ (autoban-time murmur-configuration-autoban-time
+ (default 300))
+ (opus-threshold murmur-configuration-opus-threshold
+ (default 100)) ; integer percent
+ (channel-nesting-limit murmur-configuration-channel-nesting-limit
+ (default 10))
+ (channelname-regex murmur-configuration-channelname-regex
+ (default #f))
+ (username-regex murmur-configuration-username-regex
+ (default #f))
+ (text-message-length murmur-configuration-text-message-length
+ (default 5000))
+ (image-message-length murmur-configuration-image-message-length
+ (default (* 128 1024))) ; 128 Kilobytes
+ (cert-required murmur-configuration-cert-required
+ (default #f))
+ (remember-channel murmur-configuration-remember-channel
+ (default #f))
+ (allow-html murmur-configuration-allow-html
+ (default #f))
+ (allow-ping murmur-configuration-allow-ping
+ (default #f))
+ (bonjour murmur-configuration-bonjour
+ (default #f))
+ (send-version murmur-configuration-send-version
+ (default #f))
+ (log-days murmur-configuration-log-days
+ (default 31))
+ (obfuscate-ips murmur-obfuscate-ips
+ (default #t))
+ (ssl-cert murmur-configuration-ssl-cert
+ (default #f))
+ (ssl-key murmur-configuration-ssl-key
+ (default #f))
+ (ssl-dh-params murmur-configuration-ssl-dh-params
+ (default #f))
+ (ssl-ciphers murmur-configuration-ssl-ciphers
+ (default #f))
+ (public-registration murmur-configuration-public-registration
+ (default #f)) ; <murmur-public-registration-configuration>
+ (file murmur-configuration-file
+ (default #f)))
+
+(define-record-type* <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ (name murmur-public-registration-configuration-name)
+ (password murmur-public-registration-configuration-password)
+ (url murmur-public-registration-configuration-url)
+ (hostname murmur-public-registration-configuration-hostname
+ (default #f)))
+
+(define (flatten . lst)
+ "Return a list that recursively concatenates all sub-lists of LST."
+ (define (flatten1 head out)
+ (if (list? head)
+ (fold-right flatten1 out head)
+ (cons head out)))
+ (fold-right flatten1 '() lst))
+
+(define (default-murmur-config
+ package user group port welcome-text server-password
+ max-users max-user-bandwidth database-file log-file pid-file
+ autoban-attempts autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit channelname-regex username-regex
+ text-message-length image-message-length cert-required
+ remember-channel allow-html allow-ping bonjour send-version log-days
+ obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers
+ public-registration)
+ (apply mixed-text-file "murmur.ini"
+ (flatten
+ "welcometext=" welcome-text "\n"
+ "port=" (number->string port) "\n"
+ "serverpassword=" server-password "\n"
+ (if max-user-bandwidth (list "bandwidth=" (number->string max-user-bandwidth)) '())
+ "users=" (number->string max-users) "\n"
+ "uname=" user "\n"
+ "database=" database-file "\n"
+ "logfile=" log-file "\n"
+ "pidfile=" pid-file "\n"
+ (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '())
+ (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '())
+ (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '())
+ (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '())
+ (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '())
+ (if channelname-regex (list "channelname=" channelname-regex "\n") '())
+ (if username-regex (list "username=" username-regex "\n") '())
+ (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '())
+ (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '())
+ (if log-days (list "logdays=" (number->string log-days) "\n") '())
+ "obfuscate=" (if obfuscate-ips "true" "false") "\n"
+ "certrequired=" (if cert-required "true" "false") "\n"
+ "rememberchannel" (if remember-channel "true" "false") "\n"
+ "allowhtml=" (if allow-html "true" "false") "\n"
+ "allowping=" (if allow-ping "true" "false") "\n"
+ "bonjour=" (if bonjour "true" "false") "\n"
+ "sendversion=" (if send-version "true" "false") "\n"
+ (cond ((and ssl-cert ssl-key)
+ (list
+ "sslCert=" ssl-cert "\n"
+ "sslKey=" ssl-key "\n"))
+ ((or ssl-cert ssl-key)
+ (error "ssl-cert and ssl-key must both be set"
+ ssl-cert ssl-key))
+ (else '()))
+ (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '())
+ (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '())
+
+ (match public-registration
+ (#f '())
+ (($ <murmur-public-registration-configuration>
+ name password url hostname)
+ (if (and (or (not server-password) (string-null? server-password))
+ allow-ping)
+ (list
+ "registerName=" name "\n"
+ "registerPassword=" password "\n"
+ "registerUrl=" url "\n"
+ (if hostname
+ (string-append "registerHostname=" hostname "\n")
+ ""))
+ (error "To publicly register your murmur server your server must be publicy visible
+and users must be able to join without a password. To fix this set:
+(allow-ping #t)
+(server-password "")
+Or set public-registration to #f")))))))
+
+(define murmur-activation
+ (match-lambda
+ (($ <murmur-configuration>
+ package user group port welcome-text server-password
+ max-users max-user-bandwidth database-file log-file pid-file
+ autoban-attempts autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit channelname-regex username-regex
+ text-message-length image-message-length cert-required remember-channel
+ allow-html allow-ping bonjour send-version log-days obfuscate-ips
+ ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((log-dir (dirname #$log-file))
+ (pid-dir (dirname #$pid-file))
+ (db-dir (dirname #$database-file))
+ (user (getpwnam #$user))
+ (init-dir
+ (lambda (name dir user)
+ (format #t "creating murmur ~a directory '~a'\n" name dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700)))
+ (ini #$(or file
+ (default-murmur-config
+ package user group port welcome-text
+ server-password max-users max-user-bandwidth
+ database-file log-file pid-file autoban-attempts
+ autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit
+ channelname-regex username-regex
+ text-message-length image-message-length
+ cert-required remember-channel allow-html allow-ping
+ bonjour send-version log-days obfuscate-ips ssl-cert
+ ssl-key ssl-dh-params ssl-ciphers
+ public-registration))))
+ (init-dir "log" log-dir user)
+ (init-dir "pid" pid-dir user)
+ (init-dir "database" db-dir user)
+
+ (format #t "murmur: use config file: ~a~%\n" ini)
+ (format #t "murmur: to set the SuperUser password run:
+ `~a -ini ~a -readsupw`\n"
+ #$(file-append package "/bin/murmurd") ini)
+ #t)))))
+
+(define murmur-accounts
+ (match-lambda
+ (($ <murmur-configuration> _ user group)
+ (filter identity
+ (list
+ (and (equal? group "murmur")
+ (user-group
+ (name "murmur")
+ (system? #t)))
+ (and (equal? user "murmur")
+ (user-account
+ (name "murmur")
+ (group group)
+ (system? #t)
+ (comment "Murmur Daemon")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))))
+
+(define murmur-shepherd-service
+ (match-lambda
+ (($ <murmur-configuration>
+ package user group port welcome-text server-password
+ max-users max-user-bandwidth database-file log-file pid-file
+ autoban-attempts autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit channelname-regex username-regex
+ text-message-length image-message-length cert-required remember-channel
+ allow-html allow-ping bonjour send-version log-days obfuscate-ips
+ ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
+ (list (shepherd-service
+ (provision '(murmur))
+ (documentation "Run the murmur mumble-server.")
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ '(#$(file-append package "/bin/murmurd")
+ "-ini"
+ #$(or file
+ (default-murmur-config
+ package user group port welcome-text
+ server-password max-users max-user-bandwidth
+ database-file log-file pid-file autoban-attempts
+ autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit
+ channelname-regex username-regex
+ text-message-length image-message-length
+ cert-required remember-channel allow-html
+ allow-ping bonjour send-version log-days
+ obfuscate-ips ssl-cert ssl-key ssl-dh-params
+ ssl-ciphers public-registration)))
+ #:pid-file #$pid-file))
+ (stop #~(make-kill-destructor)))))))
+
+(define murmur-service-type
+ (service-type (name 'murmur)
+ (description "The murmur service type.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ murmur-shepherd-service)
+ (service-extension activation-service-type
+ murmur-activation)
+ (service-extension account-service-type
+ murmur-accounts)))
+ (default-value (murmur-configuration))))
--
2.14.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-23 21:34 [bug#28960] [PATCH] services: Add murmur nee
@ 2017-10-24 4:32 ` ng0
2017-10-24 5:04 ` Ludovic Courtès
1 sibling, 0 replies; 8+ messages in thread
From: ng0 @ 2017-10-24 4:32 UTC (permalink / raw)
To: nee; +Cc: 28960
[-- Attachment #1: Type: text/plain, Size: 29827 bytes --]
nee transcribed 27K bytes:
> Hello, this patch adds a murmur service.
> Murmur is the biggest implementation of a mumble voice chat server. The
> murmur executable is already packaged in the mumble package.
>
> I added most of the available options to the configuration.
> I consciously did not include the following settings:
> -settings for changing the .ini at runtime through "ZeroC Ice" or "dbus"
> -settings for different databases, because the wiki mentions problems
> with other databases and strongly recommends using the default sqlite¹.
>
> 1) https://wiki.mumble.info/wiki/Murmur.ini (ctrl-f sqlite)
Hey, this looks good so far. I need to test it today to give it some more
detailed check, but I found nothing obvious wrong about it so far.
> From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001
> From: nee <nee.git@cock.li>
> Date: Sat, 14 Oct 2017 11:27:50 +0200
> Subject: [PATCH] services: Add murmur.
>
> * gnu/services/telephony.scm: New file.
> * gnu/local.mk: Add it.
> * doc/guix.texi: Document it.
> ---
> doc/guix.texi | 161 ++++++++++++++++++++-
> gnu/local.mk | 1 +
> gnu/services/telephony.scm | 344 +++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 505 insertions(+), 1 deletion(-)
> create mode 100644 gnu/services/telephony.scm
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 7b5b71179..c06e596aa 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -221,6 +221,7 @@ Services
> * Database Services:: SQL databases, key-value stores, etc.
> * Mail Services:: IMAP, POP3, SMTP, and all that.
> * Messaging Services:: Messaging services.
> +* Telephony Services:: Telephony services.
> * Monitoring Services:: Monitoring services.
> * Kerberos Services:: Kerberos services.
> * Web Services:: Web servers.
> @@ -9245,6 +9246,7 @@ declaration.
> * Database Services:: SQL databases, key-value stores, etc.
> * Mail Services:: IMAP, POP3, SMTP, and all that.
> * Messaging Services:: Messaging services.
> +* Telephony Services:: Telephony services.
> * Monitoring Services:: Monitoring services.
> * Kerberos Services:: Kerberos services.
> * Web Services:: Web servers.
> @@ -14025,6 +14027,164 @@ string, you could instantiate a prosody service like this:
> (prosody.cfg.lua "")))
> @end example
>
> +
> +@node Telephony Services
> +@subsubsection Telephony Services
> +@cindex Murmur
> +
> +Murmur is the official server of the @code{mumble} voice over IP (VoIP) software.
> +
> +@deftp {Data Type} murmur-configuration
> +The service type for the murmur server. An example configuration can look like this:
> +@example
> +(service murmur-service-type
> + (murmur-configuration
> + (welcome-text "Welcome to this mumble server running on GuixSD!")
> + (cert-required #t) ; disallow text password logins
> + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
> + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
> +@end example
> +
> +After reconfiguring your system, you have to manually set the
> +SuperUser password with the command that is printed during the activation phase.
> +Then you can use the @code{mumble} client to
> +login as new user, register, and logout.
> +For the next step login with the name "SuperUser" and the SuperUser password
> +you set previously, and grant your newly registered user admin/moderator rights
> +and create some channels.
> +
> +Available @code{murmur-configuration} fields are:
> +@table @asis
> +@item @code{package} (default: @code{mumble})
> +Package that contains @code{bin/murmurd}.
> +@item @code{user} (default: @code{"murmur"})
> +User who will run the murmur server.
> +@item @code{group} (default: @code{"murmur"})
> +Group of the user who will run the murmur server.
> +@item @code{port} (default: @code{64738})
> +Port on which the server will listen.
> +@item @code{welcome-text} (default: @code{""})
> +Welcome text sent to clients when they connect.
> +@item @code{server-password} (default: @code{""})
> +Password the clients have to enter in order to connect.
> +@item @code{max-users} (default: @code{100})
> +Maximum of users that can be connected to the server at once.
> +@item @code{max-user-bandwidth} (default: @code{#f})
> +Maximum voice traffic a user can send per second.
> +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
> +Filepath location of the sqlite database.
> +The service's user will become the owner of the directory.
> +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
> +Filepath of the log file.
> +The service's user will become the owner of the directory.
> +@item @code{autoban-attempts} (default: @code{10})
> +Maximum number of logins a user can make in @code{autoban-timeframe}
> +without getting auto banned for @code{autoban-time}.
> +@item @code{autoban-timeframe} (default: @code{120})
> +Timeframe for autoban in seconds.
> +@item @code{autoban-time} (default: @code{300})
> +Amount of time in seconds for which a client gets banned
> +when violating the autoban limits.
> +@item @code{opus-threshold} (default: @code{100})
> +Percentage of clients that need to support opus
> +before switching over to opus audio codec.
> +@item @code{channel-nesting-limit} (default: @code{10})
> +How deep channels can be nested at maximum.
> +@item @code{channelname-regex} (default: @code{#f})
> +A string in from of a Qt regular expression that channel names must conform to.
> +@item @code{username-regex} (default: @code{#f})
> +A string in from of a Qt regular expression that user names must conform to.
> +@item @code{text-message-length} (default: @code{5000})
> +Maximum size in bytes that a user can send in one text chat message.
> +@item @code{image-message-length} (default: @code{(* 128 1024)})
> +Maximum size in bytes that a user can send in one image message.
> +@item @code{cert-required} (default: @code{#f})
> +If it is set to @code{#t} clients that use weak password authentification
> +will not be accepted. Users must have completed the certificate wizard to join.
> +@item @code{remember-channel} (defualt @code{#f})
> +Should murmur remember the last channel each user was in when they disconnected
> +and put them into the remembered channel when they rejoin.
> +@item @code{allow-html} (default: @code{#f})
> +Should html be allowed in text messages, user comments, and channel descriptions.
> +@item @code{allow-ping} (default: @code{#f})
> +Setting to true exposes the current user count, the maximum user count, and
> +the server's maximum bandwidth per client to unauthenticated users. In the
> +Mumble client, this information is shown in the Connect dialog.
> +
> +Disabling this setting will prevent public listing of the server.
> +@item @code{bonjour} (default: @code{#f})
> +Should the server advertise itself in the local network through the bonjour protocol.
> +@item @code{send-version} (default: @code{#f})
> +Should the murmur server version be exposed in ping requests.
> +@item @code{log-days} (default: @code{31})
> +Murmur also stores logs in the database, which are accessible via RPC.
> +The default is 31 days of months, but you can set this setting to 0 to keep logs forever,
> +or -1 to disable logging to the database.
> +@item @code{obfuscate-ips} (default @code{#t})
> +Should logged ips be obfuscated to protect the privacy of users.
> +@item @code{ssl-cert} (default: @code{#f})
> +Filepath to the ssl-cert used for encrypted connections.
> +@example
> +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
> +@end example
> +@item @code{ssl-key} (default: @code{#f})
> +Filepath to the ssl private key used for encrypted connections.
> +@example
> +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
> +@end example
> +@item @code{ssl-dh-params} (default: @code{#f})
> +Filepath to a PEM-encoded file with Diffie-Hellman parameters
> +for the ssl encryption. Alternatively you set it to
> +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"}
> +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
> +@item @code{ssl-ciphers} (default: @code{#f})
> +The @code{ssl-ciphers} option chooses the cipher suites to make available for use
> +in SSL/TLS.
> +
> +This option is specified using
> +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}.
> +
> +It is recommended that you try your cipher string using 'openssl ciphers <string>'
> +before setting it here, to get a feel for which cipher suites you will get.
> +After setting this option, it is recommend that you inspect your Murmur log
> +to ensure that Murmur is using the cipher suites that you expected it to.
> +
> +Note: Changing this option may impact the backwards compatibility of your
> +Murmur server, and can remove the ability for older Mumble clients to be able
> +to connect to it.
> +@item @code{public-registration} (default: @code{#f})
> +Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}.
> +
> +You can optionally register your server in the public server list that the
> +@code{mumble} client shows on startup.
> +You cannot register your server if you have set a @code{server-password},
> +or set @code{allow-ping} to @code{#f}.
> +
> +It might take a few hours until it shows up in the public list.
> +
> +@item @code{file} (default: @code{#f})
> +Optional alternative override for this configuration.
> +@end table
> +@end deftp
> +
> +@deftp {Data Type} murmur-public-registration-configuration
> +Configuration for public registration of a murmur service.
> +@table @asis
> +@item @code{name}
> +This is a display name for your server. Not to be confused with the hostname.
> +@item @code{password}
> +A password to identify your registration.
> +Subsequent updates will need the same password. Don't lose your password.
> +@item @code{url}
> +This should be a http(s):// link to your website.
> +@item @code{hostname} (default: @code{#f})
> +By default your server will be listed by it's ip.
> +If it is set your server will be linked by this hostname instead.
> +@end table
> +@end deftp
> +
> +
> +
> @node Monitoring Services
> @subsubsection Monitoring Services
>
> @@ -14135,7 +14295,6 @@ the 2nd element of the pair is the password.
> @end table
> @end deftp
>
> -
> @node Kerberos Services
> @subsubsection Kerberos Services
> @cindex Kerberos
> diff --git a/gnu/local.mk b/gnu/local.mk
> index b71b36024..daa210a38 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES = \
> %D%/services/spice.scm \
> %D%/services/ssh.scm \
> %D%/services/sysctl.scm \
> + %D%/services/telephony.scm \
> %D%/services/version-control.scm \
> %D%/services/vpn.scm \
> %D%/services/web.scm \
> diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
> new file mode 100644
> index 000000000..1fc5cb834
> --- /dev/null
> +++ b/gnu/services/telephony.scm
> @@ -0,0 +1,344 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2017 nee <nee-git@hidamari.blue>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu services telephony)
> + #:use-module (gnu services)
> + #:use-module (gnu services shepherd)
> + #:use-module (gnu system shadow)
> + #:use-module (gnu packages admin)
> + #:use-module (gnu packages telephony)
> + #:use-module (guix records)
> + #:use-module (guix gexp)
> + #:use-module (srfi srfi-1)
> + #:use-module (ice-9 match)
> + #:export (<murmur-configuration>
> + murmur-configuration
> + make-murmur-configuration
> + murmur-configuration?
> + murmur-configuration-package
> + murmur-configuration-user
> + murmur-configuration-group
> + murmur-configuration-port
> + murmur-configuration-welcome-text
> + murmur-configuration-server-password
> + murmur-configuration-max-users
> + murmur-configuration-max-user-bandwidth
> + murmur-configuration-database-file
> + murmur-configuration-log-file
> + murmur-configuration-pid-file
> + murmur-configuration-autoban-attempts
> + murmur-configuration-autoban-timeframe
> + murmur-configuration-autoban-time
> + murmur-configuration-opus-threshold
> + murmur-configuration-channel-nesting-limit
> + murmur-configuration-channelname-regex
> + murmur-configuration-username-regex
> + murmur-configuration-text-message-length
> + murmur-configuration-image-message-length
> + murmur-configuration-cert-required
> + murmur-configuration-remember-channel
> + murmur-configuration-allow-html
> + murmur-configuration-allow-ping
> + murmur-configuration-bonjour
> + murmur-configuration-send-version
> + murmur-configuration-log-days
> + murmur-configuration-obfuscate-ips
> + murmur-configuration-ssl-cert
> + murmur-configuration-ssl-key
> + murmur-configuration-ssl-dh-params
> + murmur-configuration-ssl-ciphers
> + murmur-configuration-public-registration
> + murmur-configuration-file
> +
> + <murmur-public-registration-configuration>
> + murmur-public-registration-configuration
> + make-murmur-public-registration-configuration
> + murmur-public-registration-configuration?
> + murmur-public-registration-configuration-name
> + murmur-public-registration-configuration-url
> + murmur-public-registration-configuration-password
> + murmur-public-registration-configuration-hostname
> +
> + murmur-service-type))
> +
> +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini
> +
> +(define-record-type* <murmur-configuration> murmur-configuration
> + make-murmur-configuration
> + murmur-configuration?
> + (package murmur-configuration-package ;<package>
> + (default mumble))
> + (user murmur-configuration-user
> + (default "murmur"))
> + (group murmur-configuration-group
> + (default "murmur"))
> + (port murmur-configuration-port
> + (default 64738))
> + (welcome-text murmur-configuration-welcome-text
> + (default ""))
> + (server-password murmur-configuration-server-password
> + (default ""))
> + (max-users murmur-configuration-max-users
> + (default 100))
> + (max-user-bandwidth murmur-configuration-max-user-bandwidth
> + (default #f))
> + (database-file murmur-configuration-database-file
> + (default "/var/lib/murmur/db.sqlite"))
> + (log-file murmur-configuration-log-file
> + (default "/var/log/murmur/murmur.log"))
> + (pid-file murmur-configuration-pid-file
> + (default "/var/run/murmur/murmur.pid"))
> + (autoban-attempts murmur-configuration-autoban-attempts
> + (default 10))
> + (autoban-timeframe murmur-configuration-autoban-timeframe
> + (default 120))
> + (autoban-time murmur-configuration-autoban-time
> + (default 300))
> + (opus-threshold murmur-configuration-opus-threshold
> + (default 100)) ; integer percent
> + (channel-nesting-limit murmur-configuration-channel-nesting-limit
> + (default 10))
> + (channelname-regex murmur-configuration-channelname-regex
> + (default #f))
> + (username-regex murmur-configuration-username-regex
> + (default #f))
> + (text-message-length murmur-configuration-text-message-length
> + (default 5000))
> + (image-message-length murmur-configuration-image-message-length
> + (default (* 128 1024))) ; 128 Kilobytes
> + (cert-required murmur-configuration-cert-required
> + (default #f))
> + (remember-channel murmur-configuration-remember-channel
> + (default #f))
> + (allow-html murmur-configuration-allow-html
> + (default #f))
> + (allow-ping murmur-configuration-allow-ping
> + (default #f))
> + (bonjour murmur-configuration-bonjour
> + (default #f))
> + (send-version murmur-configuration-send-version
> + (default #f))
> + (log-days murmur-configuration-log-days
> + (default 31))
> + (obfuscate-ips murmur-obfuscate-ips
> + (default #t))
> + (ssl-cert murmur-configuration-ssl-cert
> + (default #f))
> + (ssl-key murmur-configuration-ssl-key
> + (default #f))
> + (ssl-dh-params murmur-configuration-ssl-dh-params
> + (default #f))
> + (ssl-ciphers murmur-configuration-ssl-ciphers
> + (default #f))
> + (public-registration murmur-configuration-public-registration
> + (default #f)) ; <murmur-public-registration-configuration>
> + (file murmur-configuration-file
> + (default #f)))
> +
> +(define-record-type* <murmur-public-registration-configuration>
> + murmur-public-registration-configuration
> + make-murmur-public-registration-configuration
> + murmur-public-registration-configuration?
> + (name murmur-public-registration-configuration-name)
> + (password murmur-public-registration-configuration-password)
> + (url murmur-public-registration-configuration-url)
> + (hostname murmur-public-registration-configuration-hostname
> + (default #f)))
> +
> +(define (flatten . lst)
> + "Return a list that recursively concatenates all sub-lists of LST."
> + (define (flatten1 head out)
> + (if (list? head)
> + (fold-right flatten1 out head)
> + (cons head out)))
> + (fold-right flatten1 '() lst))
> +
> +(define (default-murmur-config
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required
> + remember-channel allow-html allow-ping bonjour send-version log-days
> + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers
> + public-registration)
> + (apply mixed-text-file "murmur.ini"
> + (flatten
> + "welcometext=" welcome-text "\n"
> + "port=" (number->string port) "\n"
> + "serverpassword=" server-password "\n"
> + (if max-user-bandwidth (list "bandwidth=" (number->string max-user-bandwidth)) '())
> + "users=" (number->string max-users) "\n"
> + "uname=" user "\n"
> + "database=" database-file "\n"
> + "logfile=" log-file "\n"
> + "pidfile=" pid-file "\n"
> + (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '())
> + (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '())
> + (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '())
> + (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '())
> + (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '())
> + (if channelname-regex (list "channelname=" channelname-regex "\n") '())
> + (if username-regex (list "username=" username-regex "\n") '())
> + (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '())
> + (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '())
> + (if log-days (list "logdays=" (number->string log-days) "\n") '())
> + "obfuscate=" (if obfuscate-ips "true" "false") "\n"
> + "certrequired=" (if cert-required "true" "false") "\n"
> + "rememberchannel" (if remember-channel "true" "false") "\n"
> + "allowhtml=" (if allow-html "true" "false") "\n"
> + "allowping=" (if allow-ping "true" "false") "\n"
> + "bonjour=" (if bonjour "true" "false") "\n"
> + "sendversion=" (if send-version "true" "false") "\n"
> + (cond ((and ssl-cert ssl-key)
> + (list
> + "sslCert=" ssl-cert "\n"
> + "sslKey=" ssl-key "\n"))
> + ((or ssl-cert ssl-key)
> + (error "ssl-cert and ssl-key must both be set"
> + ssl-cert ssl-key))
> + (else '()))
> + (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '())
> + (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '())
> +
> + (match public-registration
> + (#f '())
> + (($ <murmur-public-registration-configuration>
> + name password url hostname)
> + (if (and (or (not server-password) (string-null? server-password))
> + allow-ping)
> + (list
> + "registerName=" name "\n"
> + "registerPassword=" password "\n"
> + "registerUrl=" url "\n"
> + (if hostname
> + (string-append "registerHostname=" hostname "\n")
> + ""))
> + (error "To publicly register your murmur server your server must be publicy visible
> +and users must be able to join without a password. To fix this set:
> +(allow-ping #t)
> +(server-password "")
> +Or set public-registration to #f")))))))
> +
> +(define murmur-activation
> + (match-lambda
> + (($ <murmur-configuration>
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required remember-channel
> + allow-html allow-ping bonjour send-version log-days obfuscate-ips
> + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
> + #~(begin
> + (use-modules (guix build utils))
> + (let ((log-dir (dirname #$log-file))
> + (pid-dir (dirname #$pid-file))
> + (db-dir (dirname #$database-file))
> + (user (getpwnam #$user))
> + (init-dir
> + (lambda (name dir user)
> + (format #t "creating murmur ~a directory '~a'\n" name dir)
> + (mkdir-p dir)
> + (chown dir (passwd:uid user) (passwd:gid user))
> + (chmod dir #o700)))
> + (ini #$(or file
> + (default-murmur-config
> + package user group port welcome-text
> + server-password max-users max-user-bandwidth
> + database-file log-file pid-file autoban-attempts
> + autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit
> + channelname-regex username-regex
> + text-message-length image-message-length
> + cert-required remember-channel allow-html allow-ping
> + bonjour send-version log-days obfuscate-ips ssl-cert
> + ssl-key ssl-dh-params ssl-ciphers
> + public-registration))))
> + (init-dir "log" log-dir user)
> + (init-dir "pid" pid-dir user)
> + (init-dir "database" db-dir user)
> +
> + (format #t "murmur: use config file: ~a~%\n" ini)
> + (format #t "murmur: to set the SuperUser password run:
> + `~a -ini ~a -readsupw`\n"
> + #$(file-append package "/bin/murmurd") ini)
> + #t)))))
> +
> +(define murmur-accounts
> + (match-lambda
> + (($ <murmur-configuration> _ user group)
> + (filter identity
> + (list
> + (and (equal? group "murmur")
> + (user-group
> + (name "murmur")
> + (system? #t)))
> + (and (equal? user "murmur")
> + (user-account
> + (name "murmur")
> + (group group)
> + (system? #t)
> + (comment "Murmur Daemon")
> + (home-directory "/var/empty")
> + (shell (file-append shadow "/sbin/nologin")))))))))
> +
> +(define murmur-shepherd-service
> + (match-lambda
> + (($ <murmur-configuration>
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required remember-channel
> + allow-html allow-ping bonjour send-version log-days obfuscate-ips
> + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
> + (list (shepherd-service
> + (provision '(murmur))
> + (documentation "Run the murmur mumble-server.")
> + (requirement '(networking))
> + (start #~(make-forkexec-constructor
> + '(#$(file-append package "/bin/murmurd")
> + "-ini"
> + #$(or file
> + (default-murmur-config
> + package user group port welcome-text
> + server-password max-users max-user-bandwidth
> + database-file log-file pid-file autoban-attempts
> + autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit
> + channelname-regex username-regex
> + text-message-length image-message-length
> + cert-required remember-channel allow-html
> + allow-ping bonjour send-version log-days
> + obfuscate-ips ssl-cert ssl-key ssl-dh-params
> + ssl-ciphers public-registration)))
> + #:pid-file #$pid-file))
> + (stop #~(make-kill-destructor)))))))
> +
> +(define murmur-service-type
> + (service-type (name 'murmur)
> + (description "The murmur service type.")
> + (extensions
> + (list (service-extension shepherd-root-service-type
> + murmur-shepherd-service)
> + (service-extension activation-service-type
> + murmur-activation)
> + (service-extension account-service-type
> + murmur-accounts)))
> + (default-value (murmur-configuration))))
> --
> 2.14.1
>
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-23 21:34 [bug#28960] [PATCH] services: Add murmur nee
2017-10-24 4:32 ` ng0
@ 2017-10-24 5:04 ` Ludovic Courtès
2017-10-24 17:19 ` nee
1 sibling, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2017-10-24 5:04 UTC (permalink / raw)
To: nee; +Cc: 28960
Hi nee,
nee <nee@cock.li> skribis:
> Hello, this patch adds a murmur service.
> Murmur is the biggest implementation of a mumble voice chat server. The
> murmur executable is already packaged in the mumble package.
Neat!
> From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001
> From: nee <nee.git@cock.li>
> Date: Sat, 14 Oct 2017 11:27:50 +0200
> Subject: [PATCH] services: Add murmur.
>
> * gnu/services/telephony.scm: New file.
> * gnu/local.mk: Add it.
> * doc/guix.texi: Document it.
You can write:
* doc/guix.texi (Telephony Services): New node.
> +@deftp {Data Type} murmur-configuration
> +The service type for the murmur server. An example configuration can look like this:
> +@example
> +(service murmur-service-type
> + (murmur-configuration
> + (welcome-text "Welcome to this mumble server running on GuixSD!")
> + (cert-required #t) ; disallow text password logins
> + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
> + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
> +@end example
Please don’t use tabs.
> +After reconfiguring your system, you have to manually set the
> +SuperUser password with the command that is printed during the activation phase.
That sounds quite unusual. Perhaps you need @code{SuperUser}, if you
literally mean the “SuperUser” account in Mumble?
> +Then you can use the @code{mumble} client to
> +login as new user, register, and logout.
> +For the next step login with the name "SuperUser" and the SuperUser password
Same here.
> +(define-record-type* <murmur-configuration> murmur-configuration
> + make-murmur-configuration
> + murmur-configuration?
> + (package murmur-configuration-package ;<package>
> + (default mumble))
> + (user murmur-configuration-user
> + (default "murmur"))
> + (group murmur-configuration-group
> + (default "murmur"))
> + (port murmur-configuration-port
> + (default 64738))
[...]
> + (allow-html murmur-configuration-allow-html
> + (default #f))
> + (allow-ping murmur-configuration-allow-ping
> + (default #f))
Add a question mark since these are Boolean options. So ‘allow-html?’
and ‘allow-ping?’.
> +(define (default-murmur-config
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required
> + remember-channel allow-html allow-ping bonjour send-version log-days
> + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers
> + public-registration)
This many positional parameters is not reasonable. :-) Just pass a
<murmur-configuration> directly, and use the accessor procedures.
> +(define murmur-activation
> + (match-lambda
> + (($ <murmur-configuration>
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required remember-channel
> + allow-html allow-ping bonjour send-version log-days obfuscate-ips
> + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
Likewise: use the accessor procedures instead of this.
> +(define murmur-accounts
> + (match-lambda
> + (($ <murmur-configuration> _ user group)
> + (filter identity
> + (list
> + (and (equal? group "murmur")
> + (user-group
> + (name "murmur")
> + (system? #t)))
> + (and (equal? user "murmur")
> + (user-account
> + (name "murmur")
> + (group group)
> + (system? #t)
> + (comment "Murmur Daemon")
> + (home-directory "/var/empty")
> + (shell (file-append shadow "/sbin/nologin")))))))))
Why not just
(match-lambda
(($ <murmur-configuration> _ user group)
(list (user-group (name group) (system? #t))
(user-account
(name user)
(group group)
(system? #t)
…
))))
?
> +(define murmur-shepherd-service
> + (match-lambda
> + (($ <murmur-configuration>
> + package user group port welcome-text server-password
> + max-users max-user-bandwidth database-file log-file pid-file
> + autoban-attempts autoban-timeframe autoban-time
> + opus-threshold channel-nesting-limit channelname-regex username-regex
> + text-message-length image-message-length cert-required remember-channel
> + allow-html allow-ping bonjour send-version log-days obfuscate-ips
> + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration file)
Use the accessors instead.
Could you send an updated patch?
Thanks,
Ludo’.’
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-24 5:04 ` Ludovic Courtès
@ 2017-10-24 17:19 ` nee
2017-10-24 21:34 ` Ludovic Courtès
0 siblings, 1 reply; 8+ messages in thread
From: nee @ 2017-10-24 17:19 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 28960
[-- Attachment #1: Type: text/plain, Size: 5449 bytes --]
Hello,
thanks to both ludo and ng0 looking at my patch.
24.10.2017 07:04 Ludovic Courtès:
>> From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001
>> From: nee <nee.git@cock.li>
>> Date: Sat, 14 Oct 2017 11:27:50 +0200
>> Subject: [PATCH] services: Add murmur.
>>
>> * gnu/services/telephony.scm: New file.
>> * gnu/local.mk: Add it.
>> * doc/guix.texi: Document it.
>
> You can write:
>
> * doc/guix.texi (Telephony Services): New node.
>
Okay, I changed this line in the commit message.
>> +@deftp {Data Type} murmur-configuration
>> +The service type for the murmur server. An example configuration can look like this:
>> +@example
>> +(service murmur-service-type
>> + (murmur-configuration
>> + (welcome-text "Welcome to this mumble server running on GuixSD!")
>> + (cert-required #t) ; disallow text password logins
>> + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
>> + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
>> +@end example
>
> Please don’t use tabs.
>
Whoops, I untabified it.
>> +After reconfiguring your system, you have to manually set the
>> +SuperUser password with the command that is printed during the activation phase.
>
> That sounds quite unusual. Perhaps you need @code{SuperUser}, if you
> literally mean the “SuperUser” account in Mumble?
>
>> +Then you can use the @code{mumble} client to
>> +login as new user, register, and logout.
>> +For the next step login with the name "SuperUser" and the SuperUser password
>
> Same here.
>
I reworded that part a little. It's about the mumble "SuperUser" who can
create channels and do moderator stuff like muting, banning, and
promoting users.
>> +(define-record-type* <murmur-configuration> murmur-configuration
>> + make-murmur-configuration
>> + murmur-configuration?
>> + (package murmur-configuration-package ;<package>
>> + (default mumble))
>> + (user murmur-configuration-user
>> + (default "murmur"))
>> + (group murmur-configuration-group
>> + (default "murmur"))
>> + (port murmur-configuration-port
>> + (default 64738))
>
> [...]
>
>> + (allow-html murmur-configuration-allow-html
>> + (default #f))
>> + (allow-ping murmur-configuration-allow-ping
>> + (default #f))
>
> Add a question mark since these are Boolean options. So ‘allow-html?’
> and ‘allow-ping?’.
>
Okay, I'm just slightly confused whether the question mark is only used
for predicate procedures or everything that related to booleans.
I think there was discussion on the guile list about this, I'll read up
on it later.
>> +(define (default-murmur-config
>> + package user group port welcome-text server-password
>> + max-users max-user-bandwidth database-file log-file pid-file
>> + autoban-attempts autoban-timeframe autoban-time
>> + opus-threshold channel-nesting-limit channelname-regex username-regex
>> + text-message-length image-message-length cert-required
>> + remember-channel allow-html allow-ping bonjour send-version log-days
>> + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers
>> + public-registration)
>
> This many positional parameters is not reasonable. :-) Just pass a
> <murmur-configuration> directly, and use the accessor procedures.
>
>> +(define murmur-activation
>> …
>
> Likewise: use the accessor procedures instead of this.
>
>> +(define murmur-shepherd-service
>> …
> Use the accessors instead.
>
Right, that grew way too big. I removed most of the match blocks.
I like having the short names when it comes to stitching together the
actual config though, so I kept that one.
If that's still a no-go I'll make another update with accessors.
If the main problem here is the positional binding, is there a function
to match record fields by name that I could use instead?
It doesn't seem like it would be too complicated to write a macro for
this with the record-accessor procedure from srfi-9.
>> +(define murmur-accounts
>> + (match-lambda
>> + (($ <murmur-configuration> _ user group)
>> + (filter identity
>> + (list
>> + (and (equal? group "murmur")
>> + (user-group
>> + (name "murmur")
>> + (system? #t)))
>> + (and (equal? user "murmur")
>> + (user-account
>> + (name "murmur")
>> + (group group)
>> + (system? #t)
>> + (comment "Murmur Daemon")
>> + (home-directory "/var/empty")
>> + (shell (file-append shadow "/sbin/nologin")))))))))
>
>
> Why not just
>
> (match-lambda
> (($ <murmur-configuration> _ user group)
> (list (user-group (name group) (system? #t))
> (user-account
> (name user)
> (group group)
> (system? #t)
> …
> ))))
>
> ?
>
Okay I changed it. I had copied this from the fcgiwrap service.
> Could you send an updated patch?
Here it is :-)
I also noticed a missing equal sign after rememberchannel in the
defaultconfig and added that.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-services-Add-murmur.patch --]
[-- Type: text/x-patch; name="0001-services-Add-murmur.patch", Size: 25280 bytes --]
From d707744d406adb51d44087dcd329e53db7dfeb50 Mon Sep 17 00:00:00 2001
From: nee <nee.git@cock.li>
Date: Sat, 14 Oct 2017 11:27:50 +0200
Subject: [PATCH] services: Add murmur.
* gnu/services/telephony.scm: New file.
* gnu/local.mk: Add it.
* doc/guix.texi (Telephony Services): New node.
---
doc/guix.texi | 163 ++++++++++++++++++++++++
gnu/local.mk | 1 +
gnu/services/telephony.scm | 304 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 468 insertions(+)
create mode 100644 gnu/services/telephony.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b5b71179..71c6e8dca 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -221,6 +221,7 @@ Services
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -9245,6 +9246,7 @@ declaration.
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -14025,6 +14027,167 @@ string, you could instantiate a prosody service like this:
(prosody.cfg.lua "")))
@end example
+
+@node Telephony Services
+@subsubsection Telephony Services
+@cindex Murmur
+
+Murmur is the official server of the @code{mumble} voice over IP (VoIP) software.
+
+@deftp {Data Type} murmur-configuration
+The service type for the murmur server. An example configuration can look like this:
+@example
+(service murmur-service-type
+ (murmur-configuration
+ (welcome-text "Welcome to this mumble server running on GuixSD!")
+ (cert-required #t) ; disallow text password logins
+ (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
+ (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
+@end example
+
+After reconfiguring your system, you can manually set the murmur @code{"SuperUser"}
+password with the command that is printed during the activation phase.
+It is recommended to register a normal mumble user account
+and grant it admin or moderator rights.
+You can use the @code{mumble} client to
+login as new normal user, register yourself, and logout.
+For the next step login with the name @code{"SuperUser"} use
+the @code{SuperUser} password that you set previously,
+and grant your newly registered mumble user admin/moderator
+rights and create some channels.
+
+Available @code{murmur-configuration} fields are:
+@table @asis
+@item @code{package} (default: @code{mumble})
+Package that contains @code{bin/murmurd}.
+@item @code{user} (default: @code{"murmur"})
+User who will run the murmur server.
+@item @code{group} (default: @code{"murmur"})
+Group of the user who will run the murmur server.
+@item @code{port} (default: @code{64738})
+Port on which the server will listen.
+@item @code{welcome-text} (default: @code{""})
+Welcome text sent to clients when they connect.
+@item @code{server-password} (default: @code{""})
+Password the clients have to enter in order to connect.
+@item @code{max-users} (default: @code{100})
+Maximum of users that can be connected to the server at once.
+@item @code{max-user-bandwidth} (default: @code{#f})
+Maximum voice traffic a user can send per second.
+@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
+Filepath location of the sqlite database.
+The service's user will become the owner of the directory.
+@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
+Filepath of the log file.
+The service's user will become the owner of the directory.
+@item @code{autoban-attempts} (default: @code{10})
+Maximum number of logins a user can make in @code{autoban-timeframe}
+without getting auto banned for @code{autoban-time}.
+@item @code{autoban-timeframe} (default: @code{120})
+Timeframe for autoban in seconds.
+@item @code{autoban-time} (default: @code{300})
+Amount of time in seconds for which a client gets banned
+when violating the autoban limits.
+@item @code{opus-threshold} (default: @code{100})
+Percentage of clients that need to support opus
+before switching over to opus audio codec.
+@item @code{channel-nesting-limit} (default: @code{10})
+How deep channels can be nested at maximum.
+@item @code{channelname-regex} (default: @code{#f})
+A string in from of a Qt regular expression that channel names must conform to.
+@item @code{username-regex} (default: @code{#f})
+A string in from of a Qt regular expression that user names must conform to.
+@item @code{text-message-length} (default: @code{5000})
+Maximum size in bytes that a user can send in one text chat message.
+@item @code{image-message-length} (default: @code{(* 128 1024)})
+Maximum size in bytes that a user can send in one image message.
+@item @code{cert-required?} (default: @code{#f})
+If it is set to @code{#t} clients that use weak password authentification
+will not be accepted. Users must have completed the certificate wizard to join.
+@item @code{remember-channel?} (defualt @code{#f})
+Should murmur remember the last channel each user was in when they disconnected
+and put them into the remembered channel when they rejoin.
+@item @code{allow-html?} (default: @code{#f})
+Should html be allowed in text messages, user comments, and channel descriptions.
+@item @code{allow-ping?} (default: @code{#f})
+Setting to true exposes the current user count, the maximum user count, and
+the server's maximum bandwidth per client to unauthenticated users. In the
+Mumble client, this information is shown in the Connect dialog.
+
+Disabling this setting will prevent public listing of the server.
+@item @code{bonjour?} (default: @code{#f})
+Should the server advertise itself in the local network through the bonjour protocol.
+@item @code{send-version?} (default: @code{#f})
+Should the murmur server version be exposed in ping requests.
+@item @code{log-days} (default: @code{31})
+Murmur also stores logs in the database, which are accessible via RPC.
+The default is 31 days of months, but you can set this setting to 0 to keep logs forever,
+or -1 to disable logging to the database.
+@item @code{obfuscate-ips?} (default @code{#t})
+Should logged ips be obfuscated to protect the privacy of users.
+@item @code{ssl-cert} (default: @code{#f})
+Filepath to the ssl-cert used for encrypted connections.
+@example
+(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
+@end example
+@item @code{ssl-key} (default: @code{#f})
+Filepath to the ssl private key used for encrypted connections.
+@example
+(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
+@end example
+@item @code{ssl-dh-params} (default: @code{#f})
+Filepath to a PEM-encoded file with Diffie-Hellman parameters
+for the ssl encryption. Alternatively you set it to
+@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"}
+or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
+@item @code{ssl-ciphers} (default: @code{#f})
+The @code{ssl-ciphers} option chooses the cipher suites to make available for use
+in SSL/TLS.
+
+This option is specified using
+@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}.
+
+It is recommended that you try your cipher string using 'openssl ciphers <string>'
+before setting it here, to get a feel for which cipher suites you will get.
+After setting this option, it is recommend that you inspect your Murmur log
+to ensure that Murmur is using the cipher suites that you expected it to.
+
+Note: Changing this option may impact the backwards compatibility of your
+Murmur server, and can remove the ability for older Mumble clients to be able
+to connect to it.
+@item @code{public-registration} (default: @code{#f})
+Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}.
+
+You can optionally register your server in the public server list that the
+@code{mumble} client shows on startup.
+You cannot register your server if you have set a @code{server-password},
+or set @code{allow-ping} to @code{#f}.
+
+It might take a few hours until it shows up in the public list.
+
+@item @code{file} (default: @code{#f})
+Optional alternative override for this configuration.
+@end table
+@end deftp
+
+@deftp {Data Type} murmur-public-registration-configuration
+Configuration for public registration of a murmur service.
+@table @asis
+@item @code{name}
+This is a display name for your server. Not to be confused with the hostname.
+@item @code{password}
+A password to identify your registration.
+Subsequent updates will need the same password. Don't lose your password.
+@item @code{url}
+This should be a http(s):// link to your website.
+@item @code{hostname} (default: @code{#f})
+By default your server will be listed by it's ip.
+If it is set your server will be linked by this hostname instead.
+@end table
+@end deftp
+
+
+
@node Monitoring Services
@subsubsection Monitoring Services
diff --git a/gnu/local.mk b/gnu/local.mk
index b71b36024..daa210a38 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/spice.scm \
%D%/services/ssh.scm \
%D%/services/sysctl.scm \
+ %D%/services/telephony.scm \
%D%/services/version-control.scm \
%D%/services/vpn.scm \
%D%/services/web.scm \
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
new file mode 100644
index 000000000..0c30b409f
--- /dev/null
+++ b/gnu/services/telephony.scm
@@ -0,0 +1,304 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 nee <nee-git@hidamari.blue>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services telephony)
+ #:use-module (gnu services)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages telephony)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 match)
+ #:export (<murmur-configuration>
+ murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ murmur-configuration-package
+ murmur-configuration-user
+ murmur-configuration-group
+ murmur-configuration-port
+ murmur-configuration-welcome-text
+ murmur-configuration-server-password
+ murmur-configuration-max-users
+ murmur-configuration-max-user-bandwidth
+ murmur-configuration-database-file
+ murmur-configuration-log-file
+ murmur-configuration-pid-file
+ murmur-configuration-autoban-attempts
+ murmur-configuration-autoban-timeframe
+ murmur-configuration-autoban-time
+ murmur-configuration-opus-threshold
+ murmur-configuration-channel-nesting-limit
+ murmur-configuration-channelname-regex
+ murmur-configuration-username-regex
+ murmur-configuration-text-message-length
+ murmur-configuration-image-message-length
+ murmur-configuration-cert-required?
+ murmur-configuration-remember-channel?
+ murmur-configuration-allow-html?
+ murmur-configuration-allow-ping?
+ murmur-configuration-bonjour?
+ murmur-configuration-send-version?
+ murmur-configuration-log-days
+ murmur-configuration-obfuscate-ips?
+ murmur-configuration-ssl-cert
+ murmur-configuration-ssl-key
+ murmur-configuration-ssl-dh-params
+ murmur-configuration-ssl-ciphers
+ murmur-configuration-public-registration
+ murmur-configuration-file
+
+ <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ murmur-public-registration-configuration-name
+ murmur-public-registration-configuration-url
+ murmur-public-registration-configuration-password
+ murmur-public-registration-configuration-hostname
+
+ murmur-service-type))
+
+;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini
+
+(define-record-type* <murmur-configuration> murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ (package murmur-configuration-package ;<package>
+ (default mumble))
+ (user murmur-configuration-user
+ (default "murmur"))
+ (group murmur-configuration-group
+ (default "murmur"))
+ (port murmur-configuration-port
+ (default 64738))
+ (welcome-text murmur-configuration-welcome-text
+ (default ""))
+ (server-password murmur-configuration-server-password
+ (default ""))
+ (max-users murmur-configuration-max-users
+ (default 100))
+ (max-user-bandwidth murmur-configuration-max-user-bandwidth
+ (default #f))
+ (database-file murmur-configuration-database-file
+ (default "/var/lib/murmur/db.sqlite"))
+ (log-file murmur-configuration-log-file
+ (default "/var/log/murmur/murmur.log"))
+ (pid-file murmur-configuration-pid-file
+ (default "/var/run/murmur/murmur.pid"))
+ (autoban-attempts murmur-configuration-autoban-attempts
+ (default 10))
+ (autoban-timeframe murmur-configuration-autoban-timeframe
+ (default 120))
+ (autoban-time murmur-configuration-autoban-time
+ (default 300))
+ (opus-threshold murmur-configuration-opus-threshold
+ (default 100)) ; integer percent
+ (channel-nesting-limit murmur-configuration-channel-nesting-limit
+ (default 10))
+ (channelname-regex murmur-configuration-channelname-regex
+ (default #f))
+ (username-regex murmur-configuration-username-regex
+ (default #f))
+ (text-message-length murmur-configuration-text-message-length
+ (default 5000))
+ (image-message-length murmur-configuration-image-message-length
+ (default (* 128 1024))) ; 128 Kilobytes
+ (cert-required? murmur-configuration-cert-required?
+ (default #f))
+ (remember-channel? murmur-configuration-remember-channel?
+ (default #f))
+ (allow-html? murmur-configuration-allow-html?
+ (default #f))
+ (allow-ping? murmur-configuration-allow-ping?
+ (default #f))
+ (bonjour? murmur-configuration-bonjour?
+ (default #f))
+ (send-version? murmur-configuration-send-version?
+ (default #f))
+ (log-days murmur-configuration-log-days
+ (default 31))
+ (obfuscate-ips? murmur-obfuscate-ips?
+ (default #t))
+ (ssl-cert murmur-configuration-ssl-cert
+ (default #f))
+ (ssl-key murmur-configuration-ssl-key
+ (default #f))
+ (ssl-dh-params murmur-configuration-ssl-dh-params
+ (default #f))
+ (ssl-ciphers murmur-configuration-ssl-ciphers
+ (default #f))
+ (public-registration murmur-configuration-public-registration
+ (default #f)) ; <murmur-public-registration-configuration>
+ (file murmur-configuration-file
+ (default #f)))
+
+(define-record-type* <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ (name murmur-public-registration-configuration-name)
+ (password murmur-public-registration-configuration-password)
+ (url murmur-public-registration-configuration-url)
+ (hostname murmur-public-registration-configuration-hostname
+ (default #f)))
+
+(define (flatten . lst)
+ "Return a list that recursively concatenates all sub-lists of LST."
+ (define (flatten1 head out)
+ (if (list? head)
+ (fold-right flatten1 out head)
+ (cons head out)))
+ (fold-right flatten1 '() lst))
+
+(define default-murmur-config
+ (match-lambda
+ (($ <murmur-configuration>
+ package user group port welcome-text server-password
+ max-users max-user-bandwidth database-file log-file pid-file
+ autoban-attempts autoban-timeframe autoban-time
+ opus-threshold channel-nesting-limit channelname-regex username-regex
+ text-message-length image-message-length cert-required?
+ remember-channel? allow-html? allow-ping? bonjour? send-version?
+ log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers
+ public-registration)
+ (apply mixed-text-file "murmur.ini"
+ (flatten
+ "welcometext=" welcome-text "\n"
+ "port=" (number->string port) "\n"
+ (if server-password (list "serverpassword=" server-password "\n") '())
+ (if max-user-bandwidth (list "bandwidth=" (number->string max-user-bandwidth)) '())
+ "users=" (number->string max-users) "\n"
+ "uname=" user "\n"
+ "database=" database-file "\n"
+ "logfile=" log-file "\n"
+ "pidfile=" pid-file "\n"
+ (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '())
+ (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '())
+ (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '())
+ (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '())
+ (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '())
+ (if channelname-regex (list "channelname=" channelname-regex "\n") '())
+ (if username-regex (list "username=" username-regex "\n") '())
+ (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '())
+ (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '())
+ (if log-days (list "logdays=" (number->string log-days) "\n") '())
+ "obfuscate=" (if obfuscate-ips? "true" "false") "\n"
+ "certrequired=" (if cert-required? "true" "false") "\n"
+ "rememberchannel=" (if remember-channel? "true" "false") "\n"
+ "allowhtml=" (if allow-html? "true" "false") "\n"
+ "allowping=" (if allow-ping? "true" "false") "\n"
+ "bonjour=" (if bonjour? "true" "false") "\n"
+ "sendversion=" (if send-version? "true" "false") "\n"
+ (cond ((and ssl-cert ssl-key)
+ (list
+ "sslCert=" ssl-cert "\n"
+ "sslKey=" ssl-key "\n"))
+ ((or ssl-cert ssl-key)
+ (error "ssl-cert and ssl-key must both be set"
+ ssl-cert ssl-key))
+ (else '()))
+ (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '())
+ (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '())
+
+ (match public-registration
+ (#f '())
+ (($ <murmur-public-registration-configuration>
+ name password url hostname)
+ (if (and (or (not server-password) (string-null? server-password))
+ allow-ping?)
+ (list
+ "registerName=" name "\n"
+ "registerPassword=" password "\n"
+ "registerUrl=" url "\n"
+ (if hostname
+ (string-append "registerHostname=" hostname "\n")
+ ""))
+ (error "To publicly register your murmur server your server must be publicy visible
+and users must be able to join without a password. To fix this set:
+(allow-ping? #t)
+(server-password \"\")
+Or set public-registration to #f")))))))))
+
+(define (murmur-activation config)
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((log-dir (dirname #$(murmur-configuration-log-file config)))
+ (pid-dir (dirname #$(murmur-configuration-pid-file config)))
+ (db-dir (dirname #$(murmur-configuration-database-file config)))
+ (user (getpwnam #$(murmur-configuration-user config)))
+ (init-dir
+ (lambda (name dir user)
+ (format #t "creating murmur ~a directory '~a'\n" name dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700)))
+ (ini #$(or (murmur-configuration-file config)
+ (default-murmur-config config))))
+ (init-dir "log" log-dir user)
+ (init-dir "pid" pid-dir user)
+ (init-dir "database" db-dir user)
+
+ (format #t "murmur: use config file: ~a~%\n" ini)
+ (format #t "murmur: to set the SuperUser password run:
+ `~a -ini ~a -readsupw`\n"
+ #$(file-append (murmur-configuration-package config) "/bin/murmurd") ini)
+ #t)))
+
+(define murmur-accounts
+ (match-lambda
+ (($ <murmur-configuration> _ user group)
+ (list
+ (user-group
+ (name group)
+ (system? #t))
+ (user-account
+ (name user)
+ (group group)
+ (system? #t)
+ (comment "Murmur Daemon")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
+
+(define (murmur-shepherd-service config)
+ (list (shepherd-service
+ (provision '(murmur))
+ (documentation "Run the murmur mumble-server.")
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ '(#$(file-append (murmur-configuration-package)
+ "/bin/murmurd")
+ "-ini"
+ #$(or (murmur-configuration-file config)
+ (default-murmur-config config)))
+ #:pid-file #$(murmur-configuration-pid-file config)))
+ (stop #~(make-kill-destructor)))))
+
+(define murmur-service-type
+ (service-type (name 'murmur)
+ (description "The murmur service type.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ murmur-shepherd-service)
+ (service-extension activation-service-type
+ murmur-activation)
+ (service-extension account-service-type
+ murmur-accounts)))
+ (default-value (murmur-configuration))))
--
2.14.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-24 17:19 ` nee
@ 2017-10-24 21:34 ` Ludovic Courtès
2017-10-30 22:38 ` nee
0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2017-10-24 21:34 UTC (permalink / raw)
To: nee; +Cc: 28960
[-- Attachment #1: Type: text/plain, Size: 2142 bytes --]
Hi nee,
nee <nee@cock.li> skribis:
>>> +(define murmur-shepherd-service
>>> …
>> Use the accessors instead.
>>
> Right, that grew way too big. I removed most of the match blocks.
> I like having the short names when it comes to stitching together the
> actual config though, so I kept that one.
> If that's still a no-go I'll make another update with accessors.
>
> If the main problem here is the positional binding, is there a function
> to match record fields by name that I could use instead?
Unfortunately no.
> It doesn't seem like it would be too complicated to write a macro for
> this with the record-accessor procedure from srfi-9.
Indeed. I figured something like this works:
--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (define-syntax match-record
(syntax-rules ()
((_ record type (field fields ...) body ...)
(if (eq? (struct-vtable record) type)
(let ((field ((record-accessor type 'field) record)))
(match-record record type (fields ...) body ...))
(throw 'wrong-type-arg record)))
((_ record type () body ...)
(begin body ...))))
scheme@(guile-user)> (match-record coreutils (@@ (guix packages) <package>) (home-page) home-page)
$6 = "https://www.gnu.org/software/coreutils/"
scheme@(guile-user)> (match-record coreutils (@@ (guix packages) <package>) (home-page synopsis) (list synopsis home-page))
$7 = ("Core GNU utilities (file, text, shell)" "https://www.gnu.org/software/coreutils/")
--8<---------------cut here---------------end--------------->8---
We could use that for now.
Eventually though, we should have something better in (guix records)
that (1) computes indices and report wrong-field-name errors at
expansion time, and (2) accounts for thunked/delayed fields.
WDYT?
If the above macro is good enough, we can add it to (guix records) with
a TODO comment. That would already be better than the other options.
> I also noticed a missing equal sign after rememberchannel in the
> defaultconfig and added that.
I noticed a couple of obvious mistakes:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1185 bytes --]
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
index 0c30b409f..a305a1be8 100644
--- a/gnu/services/telephony.scm
+++ b/gnu/services/telephony.scm
@@ -240,7 +240,7 @@ Or set public-registration to #f")))))))))
(define (murmur-activation config)
#~(begin
(use-modules (guix build utils))
- (let ((log-dir (dirname #$(murmur-configuration-log-file config)))
+ (let* ((log-dir (dirname #$(murmur-configuration-log-file config)))
(pid-dir (dirname #$(murmur-configuration-pid-file config)))
(db-dir (dirname #$(murmur-configuration-database-file config)))
(user (getpwnam #$(murmur-configuration-user config)))
@@ -283,7 +283,7 @@ Or set public-registration to #f")))))))))
(documentation "Run the murmur mumble-server.")
(requirement '(networking))
(start #~(make-forkexec-constructor
- '(#$(file-append (murmur-configuration-package)
+ '(#$(file-append (murmur-configuration-package config)
"/bin/murmurd")
"-ini"
#$(or (murmur-configuration-file config)
[-- Attachment #3: Type: text/plain, Size: 318 bytes --]
This makes me think that it would be good to have a unit test. Would
you like to try writing one now (see the examples in gnu/tests/*.scm),
or do you prefer to leave it for later?
In the latter case, please test the system to make sure it actually
works (that can be done in a VM.)
Thank you!
Ludo’.
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-24 21:34 ` Ludovic Courtès
@ 2017-10-30 22:38 ` nee
2017-10-31 0:02 ` Ludovic Courtès
2017-11-05 10:42 ` bug#28960: " Ludovic Courtès
0 siblings, 2 replies; 8+ messages in thread
From: nee @ 2017-10-30 22:38 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 28960
[-- Attachment #1: Type: text/plain, Size: 3979 bytes --]
Am 24.10.2017 um 23:34 schrieb Ludovic Courtès:
> Indeed. I figured something like this works:
>
> --8<---------------cut here---------------start------------->8---
> scheme@(guile-user)> (define-syntax match-record
> (syntax-rules ()
> ((_ record type (field fields ...) body ...)
> (if (eq? (struct-vtable record) type)
> (let ((field ((record-accessor type 'field) record)))
> (match-record record type (fields ...) body ...))
> (throw 'wrong-type-arg record)))
> ((_ record type () body ...)
> (begin body ...))))
> scheme@(guile-user)> (match-record coreutils (@@ (guix packages) <package>) (home-page) home-page)
> $6 = "https://www.gnu.org/software/coreutils/"
> scheme@(guile-user)> (match-record coreutils (@@ (guix packages) <package>) (home-page synopsis) (list synopsis home-page))
> $7 = ("Core GNU utilities (file, text, shell)" "https://www.gnu.org/software/coreutils/")
> --8<---------------cut here---------------end--------------->8---
Great!
>
> We could use that for now.
>
> Eventually though, we should have something better in (guix records)
> that (1) computes indices and report wrong-field-name errors at
> expansion time, and (2) accounts for thunked/delayed fields.
>
> WDYT?
I didn't even know guix records had those features :)
>
> If the above macro is good enough, we can add it to (guix records) with
> a TODO comment. That would already be better than the other options.
>
I added it for now. Personally I don't like having functions with big
TODOs like this. What would be the solution for thunked delayed fields?
Force them as they are bound in the let?
>> I also noticed a missing equal sign after rememberchannel in the
>> defaultconfig and added that.
>
> I noticed a couple of obvious mistakes:
>
>
>
> diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
> index 0c30b409f..a305a1be8 100644
> --- a/gnu/services/telephony.scm
> +++ b/gnu/services/telephony.scm
> @@ -240,7 +240,7 @@ Or set public-registration to #f")))))))))
> (define (murmur-activation config)
> #~(begin
> (use-modules (guix build utils))
> - (let ((log-dir (dirname #$(murmur-configuration-log-file config)))
> + (let* ((log-dir (dirname #$(murmur-configuration-log-file config)))
> (pid-dir (dirname #$(murmur-configuration-pid-file config)))
> (db-dir (dirname #$(murmur-configuration-database-file config)))
> (user (getpwnam #$(murmur-configuration-user config)))
I think there was no mistake here the init-dir function took the user as
argument, but I changed it into the let* form and removed the argument now.
> @@ -283,7 +283,7 @@ Or set public-registration to #f")))))))))
> (documentation "Run the murmur mumble-server.")
> (requirement '(networking))
> (start #~(make-forkexec-constructor
> - '(#$(file-append (murmur-configuration-package)
> + '(#$(file-append (murmur-configuration-package config)
> "/bin/murmurd")
> "-ini"
> #$(or (murmur-configuration-file config)
>
Ouch, so much about me thinking that I could just make a quick change.
>
> This makes me think that it would be good to have a unit test. Would
> you like to try writing one now (see the examples in gnu/tests/*.scm),
> or do you prefer to leave it for later?
I would like to write some tests, but right now I need to setup my guix
development environment on a different computer first. On my current
setup I have 15 gigabytes of free hard drive space and when I run `make
check-system` it fails with some 'no space left on device' message.
>
> In the latter case, please test the system to make sure it actually
> works (that can be done in a VM.)
For this patch:
I ran make and got no warnings.
I deployed it on my server and connected with mumble from my computer
and it worked.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-guix-records-Add-match-record.patch --]
[-- Type: text/x-patch; name="0001-guix-records-Add-match-record.patch", Size: 1595 bytes --]
From 07c47b5acc22589d466b5008ba42a191bbc33c11 Mon Sep 17 00:00:00 2001
From: nee <nee.git@cock.li>
Date: Wed, 25 Oct 2017 20:44:54 +0200
Subject: [PATCH 1/2] guix: records: Add match-record.
* guix/records.scm: New syntax-rule.
---
guix/records.scm | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/guix/records.scm b/guix/records.scm
index 7de5fccef..1f00e1660 100644
--- a/guix/records.scm
+++ b/guix/records.scm
@@ -26,7 +26,8 @@
#:export (define-record-type*
alist->record
object->fields
- recutils->alist))
+ recutils->alist
+ match-record))
;;; Commentary:
;;;
@@ -375,4 +376,19 @@ pairs. Stop upon an empty line (after consuming it) or EOF."
(else
(error "unmatched line" line))))))))
+(define-syntax match-record
+ (syntax-rules ()
+ "Bind each FIELD of a RECORD of the given TYPE to it's FIELD name.
+The current implementation does not support thunked and delayed fields."
+ ((_ record type (field fields ...) body ...)
+ (if (eq? (struct-vtable record) type)
+ ;; TODO compute indices and report wrong-field-name errors at
+ ;; expansion time
+ ;; TODO support thunked and delayed fields
+ (let ((field ((record-accessor type 'field) record)))
+ (match-record record type (fields ...) body ...))
+ (throw 'wrong-type-arg record)))
+ ((_ record type () body ...)
+ (begin body ...))))
+
;;; records.scm ends here
--
2.14.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0002-services-Add-murmur.patch --]
[-- Type: text/x-patch; name="0002-services-Add-murmur.patch", Size: 25175 bytes --]
From 2836d82378ccd9ac4fd3678230d0daa2c5f1601d Mon Sep 17 00:00:00 2001
From: nee <nee.git@cock.li>
Date: Sat, 14 Oct 2017 11:27:50 +0200
Subject: [PATCH 2/2] services: Add murmur.
* gnu/services/telephony.scm: New file.
* gnu/local.mk: Add it.
* doc/guix.texi (Telephony Services): New node.
---
doc/guix.texi | 163 ++++++++++++++++++++++++
gnu/local.mk | 1 +
gnu/services/telephony.scm | 305 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 469 insertions(+)
create mode 100644 gnu/services/telephony.scm
diff --git a/doc/guix.texi b/doc/guix.texi
index 7b5b71179..ee4913b29 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -221,6 +221,7 @@ Services
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -9245,6 +9246,7 @@ declaration.
* Database Services:: SQL databases, key-value stores, etc.
* Mail Services:: IMAP, POP3, SMTP, and all that.
* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
* Monitoring Services:: Monitoring services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
@@ -14025,6 +14027,167 @@ string, you could instantiate a prosody service like this:
(prosody.cfg.lua "")))
@end example
+
+@node Telephony Services
+@subsubsection Telephony Services
+@cindex Murmur
+
+Murmur is the official server of the @code{mumble} voice over IP (VoIP) software.
+
+@deftp {Data Type} murmur-configuration
+The service type for the murmur server. An example configuration can look like this:
+@example
+(service murmur-service-type
+ (murmur-configuration
+ (welcome-text "Welcome to this mumble server running on GuixSD!")
+ (cert-required? #t) ; disallow text password logins
+ (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
+ (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
+@end example
+
+After reconfiguring your system, you can manually set the murmur @code{"SuperUser"}
+password with the command that is printed during the activation phase.
+It is recommended to register a normal mumble user account
+and grant it admin or moderator rights.
+You can use the @code{mumble} client to
+login as new normal user, register yourself, and logout.
+For the next step login with the name @code{"SuperUser"} use
+the @code{SuperUser} password that you set previously,
+and grant your newly registered mumble user admin/moderator
+rights and create some channels.
+
+Available @code{murmur-configuration} fields are:
+@table @asis
+@item @code{package} (default: @code{mumble})
+Package that contains @code{bin/murmurd}.
+@item @code{user} (default: @code{"murmur"})
+User who will run the murmur server.
+@item @code{group} (default: @code{"murmur"})
+Group of the user who will run the murmur server.
+@item @code{port} (default: @code{64738})
+Port on which the server will listen.
+@item @code{welcome-text} (default: @code{""})
+Welcome text sent to clients when they connect.
+@item @code{server-password} (default: @code{""})
+Password the clients have to enter in order to connect.
+@item @code{max-users} (default: @code{100})
+Maximum of users that can be connected to the server at once.
+@item @code{max-user-bandwidth} (default: @code{#f})
+Maximum voice traffic a user can send per second.
+@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
+Filepath location of the sqlite database.
+The service's user will become the owner of the directory.
+@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
+Filepath of the log file.
+The service's user will become the owner of the directory.
+@item @code{autoban-attempts} (default: @code{10})
+Maximum number of logins a user can make in @code{autoban-timeframe}
+without getting auto banned for @code{autoban-time}.
+@item @code{autoban-timeframe} (default: @code{120})
+Timeframe for autoban in seconds.
+@item @code{autoban-time} (default: @code{300})
+Amount of time in seconds for which a client gets banned
+when violating the autoban limits.
+@item @code{opus-threshold} (default: @code{100})
+Percentage of clients that need to support opus
+before switching over to opus audio codec.
+@item @code{channel-nesting-limit} (default: @code{10})
+How deep channels can be nested at maximum.
+@item @code{channelname-regex} (default: @code{#f})
+A string in from of a Qt regular expression that channel names must conform to.
+@item @code{username-regex} (default: @code{#f})
+A string in from of a Qt regular expression that user names must conform to.
+@item @code{text-message-length} (default: @code{5000})
+Maximum size in bytes that a user can send in one text chat message.
+@item @code{image-message-length} (default: @code{(* 128 1024)})
+Maximum size in bytes that a user can send in one image message.
+@item @code{cert-required?} (default: @code{#f})
+If it is set to @code{#t} clients that use weak password authentification
+will not be accepted. Users must have completed the certificate wizard to join.
+@item @code{remember-channel?} (defualt @code{#f})
+Should murmur remember the last channel each user was in when they disconnected
+and put them into the remembered channel when they rejoin.
+@item @code{allow-html?} (default: @code{#f})
+Should html be allowed in text messages, user comments, and channel descriptions.
+@item @code{allow-ping?} (default: @code{#f})
+Setting to true exposes the current user count, the maximum user count, and
+the server's maximum bandwidth per client to unauthenticated users. In the
+Mumble client, this information is shown in the Connect dialog.
+
+Disabling this setting will prevent public listing of the server.
+@item @code{bonjour?} (default: @code{#f})
+Should the server advertise itself in the local network through the bonjour protocol.
+@item @code{send-version?} (default: @code{#f})
+Should the murmur server version be exposed in ping requests.
+@item @code{log-days} (default: @code{31})
+Murmur also stores logs in the database, which are accessible via RPC.
+The default is 31 days of months, but you can set this setting to 0 to keep logs forever,
+or -1 to disable logging to the database.
+@item @code{obfuscate-ips?} (default @code{#t})
+Should logged ips be obfuscated to protect the privacy of users.
+@item @code{ssl-cert} (default: @code{#f})
+Filepath to the ssl-cert used for encrypted connections.
+@example
+(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
+@end example
+@item @code{ssl-key} (default: @code{#f})
+Filepath to the ssl private key used for encrypted connections.
+@example
+(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
+@end example
+@item @code{ssl-dh-params} (default: @code{#f})
+Filepath to a PEM-encoded file with Diffie-Hellman parameters
+for the ssl encryption. Alternatively you set it to
+@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"}
+or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
+@item @code{ssl-ciphers} (default: @code{#f})
+The @code{ssl-ciphers} option chooses the cipher suites to make available for use
+in SSL/TLS.
+
+This option is specified using
+@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}.
+
+It is recommended that you try your cipher string using 'openssl ciphers <string>'
+before setting it here, to get a feel for which cipher suites you will get.
+After setting this option, it is recommend that you inspect your Murmur log
+to ensure that Murmur is using the cipher suites that you expected it to.
+
+Note: Changing this option may impact the backwards compatibility of your
+Murmur server, and can remove the ability for older Mumble clients to be able
+to connect to it.
+@item @code{public-registration} (default: @code{#f})
+Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}.
+
+You can optionally register your server in the public server list that the
+@code{mumble} client shows on startup.
+You cannot register your server if you have set a @code{server-password},
+or set @code{allow-ping} to @code{#f}.
+
+It might take a few hours until it shows up in the public list.
+
+@item @code{file} (default: @code{#f})
+Optional alternative override for this configuration.
+@end table
+@end deftp
+
+@deftp {Data Type} murmur-public-registration-configuration
+Configuration for public registration of a murmur service.
+@table @asis
+@item @code{name}
+This is a display name for your server. Not to be confused with the hostname.
+@item @code{password}
+A password to identify your registration.
+Subsequent updates will need the same password. Don't lose your password.
+@item @code{url}
+This should be a http(s):// link to your website.
+@item @code{hostname} (default: @code{#f})
+By default your server will be listed by it's ip.
+If it is set your server will be linked by this hostname instead.
+@end table
+@end deftp
+
+
+
@node Monitoring Services
@subsubsection Monitoring Services
diff --git a/gnu/local.mk b/gnu/local.mk
index b71b36024..daa210a38 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/spice.scm \
%D%/services/ssh.scm \
%D%/services/sysctl.scm \
+ %D%/services/telephony.scm \
%D%/services/version-control.scm \
%D%/services/vpn.scm \
%D%/services/web.scm \
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
new file mode 100644
index 000000000..6c9121ad5
--- /dev/null
+++ b/gnu/services/telephony.scm
@@ -0,0 +1,305 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 nee <nee-git@hidamari.blue>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services telephony)
+ #:use-module (gnu services)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages telephony)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 match)
+ #:export (<murmur-configuration>
+ murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ murmur-configuration-package
+ murmur-configuration-user
+ murmur-configuration-group
+ murmur-configuration-port
+ murmur-configuration-welcome-text
+ murmur-configuration-server-password
+ murmur-configuration-max-users
+ murmur-configuration-max-user-bandwidth
+ murmur-configuration-database-file
+ murmur-configuration-log-file
+ murmur-configuration-pid-file
+ murmur-configuration-autoban-attempts
+ murmur-configuration-autoban-timeframe
+ murmur-configuration-autoban-time
+ murmur-configuration-opus-threshold
+ murmur-configuration-channel-nesting-limit
+ murmur-configuration-channelname-regex
+ murmur-configuration-username-regex
+ murmur-configuration-text-message-length
+ murmur-configuration-image-message-length
+ murmur-configuration-cert-required?
+ murmur-configuration-remember-channel?
+ murmur-configuration-allow-html?
+ murmur-configuration-allow-ping?
+ murmur-configuration-bonjour?
+ murmur-configuration-send-version?
+ murmur-configuration-log-days
+ murmur-configuration-obfuscate-ips?
+ murmur-configuration-ssl-cert
+ murmur-configuration-ssl-key
+ murmur-configuration-ssl-dh-params
+ murmur-configuration-ssl-ciphers
+ murmur-configuration-public-registration
+ murmur-configuration-file
+
+ <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ murmur-public-registration-configuration-name
+ murmur-public-registration-configuration-url
+ murmur-public-registration-configuration-password
+ murmur-public-registration-configuration-hostname
+
+ murmur-service-type))
+
+;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini
+
+(define-record-type* <murmur-configuration> murmur-configuration
+ make-murmur-configuration
+ murmur-configuration?
+ (package murmur-configuration-package ;<package>
+ (default mumble))
+ (user murmur-configuration-user
+ (default "murmur"))
+ (group murmur-configuration-group
+ (default "murmur"))
+ (port murmur-configuration-port
+ (default 64738))
+ (welcome-text murmur-configuration-welcome-text
+ (default ""))
+ (server-password murmur-configuration-server-password
+ (default ""))
+ (max-users murmur-configuration-max-users
+ (default 100))
+ (max-user-bandwidth murmur-configuration-max-user-bandwidth
+ (default #f))
+ (database-file murmur-configuration-database-file
+ (default "/var/lib/murmur/db.sqlite"))
+ (log-file murmur-configuration-log-file
+ (default "/var/log/murmur/murmur.log"))
+ (pid-file murmur-configuration-pid-file
+ (default "/var/run/murmur/murmur.pid"))
+ (autoban-attempts murmur-configuration-autoban-attempts
+ (default 10))
+ (autoban-timeframe murmur-configuration-autoban-timeframe
+ (default 120))
+ (autoban-time murmur-configuration-autoban-time
+ (default 300))
+ (opus-threshold murmur-configuration-opus-threshold
+ (default 100)) ; integer percent
+ (channel-nesting-limit murmur-configuration-channel-nesting-limit
+ (default 10))
+ (channelname-regex murmur-configuration-channelname-regex
+ (default #f))
+ (username-regex murmur-configuration-username-regex
+ (default #f))
+ (text-message-length murmur-configuration-text-message-length
+ (default 5000))
+ (image-message-length murmur-configuration-image-message-length
+ (default (* 128 1024))) ; 128 Kilobytes
+ (cert-required? murmur-configuration-cert-required?
+ (default #f))
+ (remember-channel? murmur-configuration-remember-channel?
+ (default #f))
+ (allow-html? murmur-configuration-allow-html?
+ (default #f))
+ (allow-ping? murmur-configuration-allow-ping?
+ (default #f))
+ (bonjour? murmur-configuration-bonjour?
+ (default #f))
+ (send-version? murmur-configuration-send-version?
+ (default #f))
+ (log-days murmur-configuration-log-days
+ (default 31))
+ (obfuscate-ips? murmur-obfuscate-ips?
+ (default #t))
+ (ssl-cert murmur-configuration-ssl-cert
+ (default #f))
+ (ssl-key murmur-configuration-ssl-key
+ (default #f))
+ (ssl-dh-params murmur-configuration-ssl-dh-params
+ (default #f))
+ (ssl-ciphers murmur-configuration-ssl-ciphers
+ (default #f))
+ (public-registration murmur-configuration-public-registration
+ (default #f)) ; <murmur-public-registration-configuration>
+ (file murmur-configuration-file
+ (default #f)))
+
+(define-record-type* <murmur-public-registration-configuration>
+ murmur-public-registration-configuration
+ make-murmur-public-registration-configuration
+ murmur-public-registration-configuration?
+ (name murmur-public-registration-configuration-name)
+ (password murmur-public-registration-configuration-password)
+ (url murmur-public-registration-configuration-url)
+ (hostname murmur-public-registration-configuration-hostname
+ (default #f)))
+
+(define (flatten . lst)
+ "Return a list that recursively concatenates all sub-lists of LST."
+ (define (flatten1 head out)
+ (if (list? head)
+ (fold-right flatten1 out head)
+ (cons head out)))
+ (fold-right flatten1 '() lst))
+
+(define (default-murmur-config config)
+ (match-record
+ config
+ <murmur-configuration>
+ (user port welcome-text server-password max-users max-user-bandwidth
+ database-file log-file pid-file autoban-attempts autoban-timeframe
+ autoban-time opus-threshold channel-nesting-limit channelname-regex
+ username-regex text-message-length image-message-length cert-required?
+ remember-channel? allow-html? allow-ping? bonjour? send-version?
+ log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers
+ public-registration)
+ (apply mixed-text-file "murmur.ini"
+ (flatten
+ "welcometext=" welcome-text "\n"
+ "port=" (number->string port) "\n"
+ (if server-password (list "serverpassword=" server-password "\n") '())
+ (if max-user-bandwidth (list "bandwidth=" (number->string max-user-bandwidth)) '())
+ "users=" (number->string max-users) "\n"
+ "uname=" user "\n"
+ "database=" database-file "\n"
+ "logfile=" log-file "\n"
+ "pidfile=" pid-file "\n"
+ (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '())
+ (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '())
+ (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '())
+ (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '())
+ (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '())
+ (if channelname-regex (list "channelname=" channelname-regex "\n") '())
+ (if username-regex (list "username=" username-regex "\n") '())
+ (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '())
+ (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '())
+ (if log-days (list "logdays=" (number->string log-days) "\n") '())
+ "obfuscate=" (if obfuscate-ips? "true" "false") "\n"
+ "certrequired=" (if cert-required? "true" "false") "\n"
+ "rememberchannel=" (if remember-channel? "true" "false") "\n"
+ "allowhtml=" (if allow-html? "true" "false") "\n"
+ "allowping=" (if allow-ping? "true" "false") "\n"
+ "bonjour=" (if bonjour? "true" "false") "\n"
+ "sendversion=" (if send-version? "true" "false") "\n"
+ (cond ((and ssl-cert ssl-key)
+ (list
+ "sslCert=" ssl-cert "\n"
+ "sslKey=" ssl-key "\n"))
+ ((or ssl-cert ssl-key)
+ (error "ssl-cert and ssl-key must both be set"
+ ssl-cert ssl-key))
+ (else '()))
+ (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '())
+ (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '())
+
+ (match public-registration
+ (#f '())
+ (($ <murmur-public-registration-configuration>
+ name password url hostname)
+ (if (and (or (not server-password) (string-null? server-password))
+ allow-ping?)
+ (list
+ "registerName=" name "\n"
+ "registerPassword=" password "\n"
+ "registerUrl=" url "\n"
+ (if hostname
+ (string-append "registerHostname=" hostname "\n")
+ ""))
+ (error "To publicly register your murmur server your server must be publicy visible
+and users must be able to join without a password. To fix this set:
+(allow-ping? #t)
+(server-password \"\")
+Or set public-registration to #f"))))))))
+
+(define (murmur-activation config)
+ #~(begin
+ (use-modules (guix build utils))
+ (let* ((log-dir (dirname #$(murmur-configuration-log-file config)))
+ (pid-dir (dirname #$(murmur-configuration-pid-file config)))
+ (db-dir (dirname #$(murmur-configuration-database-file config)))
+ (user (getpwnam #$(murmur-configuration-user config)))
+ (init-dir
+ (lambda (name dir)
+ (format #t "creating murmur ~a directory '~a'\n" name dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700)))
+ (ini #$(or (murmur-configuration-file config)
+ (default-murmur-config config))))
+ (init-dir "log" log-dir)
+ (init-dir "pid" pid-dir)
+ (init-dir "database" db-dir)
+
+ (format #t "murmur: use config file: ~a~%\n" ini)
+ (format #t "murmur: to set the SuperUser password run:
+ `~a -ini ~a -readsupw`\n"
+ #$(file-append (murmur-configuration-package config)
+ "/bin/murmurd") ini)
+ #t)))
+
+(define murmur-accounts
+ (match-lambda
+ (($ <murmur-configuration> _ user group)
+ (list
+ (user-group
+ (name group)
+ (system? #t))
+ (user-account
+ (name user)
+ (group group)
+ (system? #t)
+ (comment "Murmur Daemon")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
+
+(define (murmur-shepherd-service config)
+ (list (shepherd-service
+ (provision '(murmur))
+ (documentation "Run the murmur mumble-server.")
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ '(#$(file-append (murmur-configuration-package config)
+ "/bin/murmurd")
+ "-ini"
+ #$(or (murmur-configuration-file config)
+ (default-murmur-config config)))
+ #:pid-file #$(murmur-configuration-pid-file config)))
+ (stop #~(make-kill-destructor)))))
+
+(define murmur-service-type
+ (service-type (name 'murmur)
+ (description "The murmur service type.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ murmur-shepherd-service)
+ (service-extension activation-service-type
+ murmur-activation)
+ (service-extension account-service-type
+ murmur-accounts)))
+ (default-value (murmur-configuration))))
--
2.14.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#28960] [PATCH] services: Add murmur.
2017-10-30 22:38 ` nee
@ 2017-10-31 0:02 ` Ludovic Courtès
2017-11-05 10:42 ` bug#28960: " Ludovic Courtès
1 sibling, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2017-10-31 0:02 UTC (permalink / raw)
To: nee; +Cc: 28960
Heya!
nee <nee@cock.li> skribis:
> Am 24.10.2017 um 23:34 schrieb Ludovic Courtès:
[...]
>> If the above macro is good enough, we can add it to (guix records) with
>> a TODO comment. That would already be better than the other options.
>>
>
> I added it for now. Personally I don't like having functions with big
> TODOs like this. What would be the solution for thunked delayed fields?
> Force them as they are bound in the let?
The solution would be to do what the accessors do, which is to
transparently force the promise or call the thunk. Well, for later!
>> This makes me think that it would be good to have a unit test. Would
>> you like to try writing one now (see the examples in gnu/tests/*.scm),
>> or do you prefer to leave it for later?
> I would like to write some tests, but right now I need to setup my guix
> development environment on a different computer first. On my current
> setup I have 15 gigabytes of free hard drive space and when I run `make
> check-system` it fails with some 'no space left on device' message.
You should probably just run the test you want, as in:
make check-system TESTS=basic
This is much more reasonable in terms of disk space usage. See
<https://www.gnu.org/software/guix/manual/html_node/Running-the-Test-Suite.html>.
I’ll take another look soonish and apply the patches if everything’s
alright!
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* bug#28960: [PATCH] services: Add murmur.
2017-10-30 22:38 ` nee
2017-10-31 0:02 ` Ludovic Courtès
@ 2017-11-05 10:42 ` Ludovic Courtès
1 sibling, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2017-11-05 10:42 UTC (permalink / raw)
To: nee; +Cc: 28960-done
[-- Attachment #1: Type: text/plain, Size: 668 bytes --]
Hi nee,
nee <nee@cock.li> skribis:
> From 2836d82378ccd9ac4fd3678230d0daa2c5f1601d Mon Sep 17 00:00:00 2001
> From: nee <nee.git@cock.li>
> Date: Sat, 14 Oct 2017 11:27:50 +0200
> Subject: [PATCH 2/2] services: Add murmur.
>
> * gnu/services/telephony.scm: New file.
> * gnu/local.mk: Add it.
> * doc/guix.texi (Telephony Services): New node.
Sorry for the delay, I’ve been MIA. I’ve applied both patches with the
attached cosmetic changes to the second one, mostly so that the manual
would be correctly typeset and so that “guix system search voip” turns
up the Murmur service. I hope that’s fine with you.
Thank you!
Ludo’.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 10715 bytes --]
diff --git a/doc/guix.texi b/doc/guix.texi
index e2c9edd27..11a9de689 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14194,103 +14194,139 @@ string, you could instantiate a prosody service like this:
@node Telephony Services
@subsubsection Telephony Services
-@cindex Murmur
-Murmur is the official server of the @code{mumble} voice over IP (VoIP) software.
+@cindex Murmur (VoIP server)
+@cindex VoIP server
+This section describes how to set up and run a Murmur server. Murmur is
+the server of the @uref{https://mumble.info, Mumble} voice-over-IP
+(VoIP) suite.
@deftp {Data Type} murmur-configuration
-The service type for the murmur server. An example configuration can look like this:
+The service type for the Murmur server. An example configuration can
+look like this:
+
@example
(service murmur-service-type
(murmur-configuration
- (welcome-text "Welcome to this mumble server running on GuixSD!")
- (cert-required? #t) ; disallow text password logins
+ (welcome-text
+ "Welcome to this Mumble server running on GuixSD!")
+ (cert-required? #t) ;disallow text password logins
(ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
(ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
@end example
-After reconfiguring your system, you can manually set the murmur @code{"SuperUser"}
+After reconfiguring your system, you can manually set the murmur @code{SuperUser}
password with the command that is printed during the activation phase.
-It is recommended to register a normal mumble user account
+
+It is recommended to register a normal Mumble user account
and grant it admin or moderator rights.
You can use the @code{mumble} client to
-login as new normal user, register yourself, and logout.
-For the next step login with the name @code{"SuperUser"} use
+login as new normal user, register yourself, and log out.
+For the next step login with the name @code{SuperUser} use
the @code{SuperUser} password that you set previously,
-and grant your newly registered mumble user admin/moderator
+and grant your newly registered mumble user administrator or moderator
rights and create some channels.
Available @code{murmur-configuration} fields are:
+
@table @asis
@item @code{package} (default: @code{mumble})
Package that contains @code{bin/murmurd}.
+
@item @code{user} (default: @code{"murmur"})
-User who will run the murmur server.
+User who will run the Murmur server.
+
@item @code{group} (default: @code{"murmur"})
Group of the user who will run the murmur server.
+
@item @code{port} (default: @code{64738})
Port on which the server will listen.
+
@item @code{welcome-text} (default: @code{""})
Welcome text sent to clients when they connect.
+
@item @code{server-password} (default: @code{""})
Password the clients have to enter in order to connect.
+
@item @code{max-users} (default: @code{100})
Maximum of users that can be connected to the server at once.
+
@item @code{max-user-bandwidth} (default: @code{#f})
Maximum voice traffic a user can send per second.
+
@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
-Filepath location of the sqlite database.
+File name of the sqlite database.
The service's user will become the owner of the directory.
+
@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
-Filepath of the log file.
+File name of the log file.
The service's user will become the owner of the directory.
+
@item @code{autoban-attempts} (default: @code{10})
Maximum number of logins a user can make in @code{autoban-timeframe}
without getting auto banned for @code{autoban-time}.
+
@item @code{autoban-timeframe} (default: @code{120})
Timeframe for autoban in seconds.
+
@item @code{autoban-time} (default: @code{300})
Amount of time in seconds for which a client gets banned
when violating the autoban limits.
+
@item @code{opus-threshold} (default: @code{100})
Percentage of clients that need to support opus
before switching over to opus audio codec.
+
@item @code{channel-nesting-limit} (default: @code{10})
How deep channels can be nested at maximum.
+
@item @code{channelname-regex} (default: @code{#f})
A string in from of a Qt regular expression that channel names must conform to.
+
@item @code{username-regex} (default: @code{#f})
A string in from of a Qt regular expression that user names must conform to.
+
@item @code{text-message-length} (default: @code{5000})
Maximum size in bytes that a user can send in one text chat message.
+
@item @code{image-message-length} (default: @code{(* 128 1024)})
Maximum size in bytes that a user can send in one image message.
+
@item @code{cert-required?} (default: @code{#f})
If it is set to @code{#t} clients that use weak password authentification
will not be accepted. Users must have completed the certificate wizard to join.
+
@item @code{remember-channel?} (defualt @code{#f})
Should murmur remember the last channel each user was in when they disconnected
and put them into the remembered channel when they rejoin.
+
@item @code{allow-html?} (default: @code{#f})
Should html be allowed in text messages, user comments, and channel descriptions.
+
@item @code{allow-ping?} (default: @code{#f})
Setting to true exposes the current user count, the maximum user count, and
the server's maximum bandwidth per client to unauthenticated users. In the
Mumble client, this information is shown in the Connect dialog.
Disabling this setting will prevent public listing of the server.
+
@item @code{bonjour?} (default: @code{#f})
Should the server advertise itself in the local network through the bonjour protocol.
+
@item @code{send-version?} (default: @code{#f})
Should the murmur server version be exposed in ping requests.
+
@item @code{log-days} (default: @code{31})
Murmur also stores logs in the database, which are accessible via RPC.
The default is 31 days of months, but you can set this setting to 0 to keep logs forever,
or -1 to disable logging to the database.
+
@item @code{obfuscate-ips?} (default @code{#t})
Should logged ips be obfuscated to protect the privacy of users.
+
@item @code{ssl-cert} (default: @code{#f})
-Filepath to the ssl-cert used for encrypted connections.
+File name of the SSL/TLS certificate used for encrypted connections.
+
@example
(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
@end example
@@ -14299,17 +14335,20 @@ Filepath to the ssl private key used for encrypted connections.
@example
(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
@end example
+
@item @code{ssl-dh-params} (default: @code{#f})
-Filepath to a PEM-encoded file with Diffie-Hellman parameters
-for the ssl encryption. Alternatively you set it to
+File name of a PEM-encoded file with Diffie-Hellman parameters
+for the SSL/TLS encryption. Alternatively you set it to
@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"}
or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
+
@item @code{ssl-ciphers} (default: @code{#f})
The @code{ssl-ciphers} option chooses the cipher suites to make available for use
in SSL/TLS.
This option is specified using
-@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}.
+@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,
+OpenSSL cipher list notation}.
It is recommended that you try your cipher string using 'openssl ciphers <string>'
before setting it here, to get a feel for which cipher suites you will get.
@@ -14319,6 +14358,7 @@ to ensure that Murmur is using the cipher suites that you expected it to.
Note: Changing this option may impact the backwards compatibility of your
Murmur server, and can remove the ability for older Mumble clients to be able
to connect to it.
+
@item @code{public-registration} (default: @code{#f})
Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}.
@@ -14336,17 +14376,22 @@ Optional alternative override for this configuration.
@deftp {Data Type} murmur-public-registration-configuration
Configuration for public registration of a murmur service.
+
@table @asis
@item @code{name}
This is a display name for your server. Not to be confused with the hostname.
+
@item @code{password}
A password to identify your registration.
Subsequent updates will need the same password. Don't lose your password.
+
@item @code{url}
-This should be a http(s):// link to your website.
+This should be a @code{http://} or @code{https://} link to your web
+site.
+
@item @code{hostname} (default: @code{#f})
-By default your server will be listed by it's ip.
-If it is set your server will be linked by this hostname instead.
+By default your server will be listed by its IP address.
+If it is set your server will be linked by this host name instead.
@end table
@end deftp
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
index 6c9121ad5..0a735315b 100644
--- a/gnu/services/telephony.scm
+++ b/gnu/services/telephony.scm
@@ -26,8 +26,7 @@
#:use-module (guix gexp)
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
- #:export (<murmur-configuration>
- murmur-configuration
+ #:export (murmur-configuration
make-murmur-configuration
murmur-configuration?
murmur-configuration-package
@@ -65,7 +64,6 @@
murmur-configuration-public-registration
murmur-configuration-file
- <murmur-public-registration-configuration>
murmur-public-registration-configuration
make-murmur-public-registration-configuration
murmur-public-registration-configuration?
@@ -281,7 +279,7 @@ Or set public-registration to #f"))))))))
(define (murmur-shepherd-service config)
(list (shepherd-service
(provision '(murmur))
- (documentation "Run the murmur mumble-server.")
+ (documentation "Run the Murmur Mumble server.")
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append (murmur-configuration-package config)
@@ -294,7 +292,9 @@ Or set public-registration to #f"))))))))
(define murmur-service-type
(service-type (name 'murmur)
- (description "The murmur service type.")
+ (description
+ "Run the Murmur voice-over-IP (VoIP) server of the Mumble
+suite.")
(extensions
(list (service-extension shepherd-root-service-type
murmur-shepherd-service)
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-11-05 10:43 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-23 21:34 [bug#28960] [PATCH] services: Add murmur nee
2017-10-24 4:32 ` ng0
2017-10-24 5:04 ` Ludovic Courtès
2017-10-24 17:19 ` nee
2017-10-24 21:34 ` Ludovic Courtès
2017-10-30 22:38 ` nee
2017-10-31 0:02 ` Ludovic Courtès
2017-11-05 10:42 ` bug#28960: " Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).