From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34508) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9Ii1-0000YU-LV for guix-patches@gnu.org; Mon, 30 Oct 2017 18:39:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9Ihy-0004JX-Co for guix-patches@gnu.org; Mon, 30 Oct 2017 18:39:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:34155) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9Ihy-0004JH-6P for guix-patches@gnu.org; Mon, 30 Oct 2017 18:39:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e9Ihx-0002I5-T3 for guix-patches@gnu.org; Mon, 30 Oct 2017 18:39:01 -0400 Subject: [bug#28960] [PATCH] services: Add murmur. Resent-Message-ID: From: nee References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> <87wp3kmdr4.fsf@gnu.org> Message-ID: <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> Date: Mon, 30 Oct 2017 23:38:06 +0100 MIME-Version: 1.0 In-Reply-To: <87wp3kmdr4.fsf@gnu.org> Content-Type: multipart/mixed; boundary="------------D8B9D010772BFDF6EDA09694" Content-Language: en-GB List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 28960@debbugs.gnu.org This is a multi-part message in MIME format. --------------D8B9D010772BFDF6EDA09694 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Am 24.10.2017 um 23:34 schrieb Ludovic Courtès: > Indeed. I figured something like this works: > > --8<---------------cut here---------------start------------->8--- > scheme@(guile-user)> (define-syntax match-record > (syntax-rules () > ((_ record type (field fields ...) body ...) > (if (eq? (struct-vtable record) type) > (let ((field ((record-accessor type 'field) record))) > (match-record record type (fields ...) body ...)) > (throw 'wrong-type-arg record))) > ((_ record type () body ...) > (begin body ...)))) > scheme@(guile-user)> (match-record coreutils (@@ (guix packages) ) (home-page) home-page) > $6 = "https://www.gnu.org/software/coreutils/" > scheme@(guile-user)> (match-record coreutils (@@ (guix packages) ) (home-page synopsis) (list synopsis home-page)) > $7 = ("Core GNU utilities (file, text, shell)" "https://www.gnu.org/software/coreutils/") > --8<---------------cut here---------------end--------------->8--- Great! > > We could use that for now. > > Eventually though, we should have something better in (guix records) > that (1) computes indices and report wrong-field-name errors at > expansion time, and (2) accounts for thunked/delayed fields. > > WDYT? I didn't even know guix records had those features :) > > If the above macro is good enough, we can add it to (guix records) with > a TODO comment. That would already be better than the other options. > I added it for now. Personally I don't like having functions with big TODOs like this. What would be the solution for thunked delayed fields? Force them as they are bound in the let? >> I also noticed a missing equal sign after rememberchannel in the >> defaultconfig and added that. > > I noticed a couple of obvious mistakes: > > > > diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm > index 0c30b409f..a305a1be8 100644 > --- a/gnu/services/telephony.scm > +++ b/gnu/services/telephony.scm > @@ -240,7 +240,7 @@ Or set public-registration to #f"))))))))) > (define (murmur-activation config) > #~(begin > (use-modules (guix build utils)) > - (let ((log-dir (dirname #$(murmur-configuration-log-file config))) > + (let* ((log-dir (dirname #$(murmur-configuration-log-file config))) > (pid-dir (dirname #$(murmur-configuration-pid-file config))) > (db-dir (dirname #$(murmur-configuration-database-file config))) > (user (getpwnam #$(murmur-configuration-user config))) I think there was no mistake here the init-dir function took the user as argument, but I changed it into the let* form and removed the argument now. > @@ -283,7 +283,7 @@ Or set public-registration to #f"))))))))) > (documentation "Run the murmur mumble-server.") > (requirement '(networking)) > (start #~(make-forkexec-constructor > - '(#$(file-append (murmur-configuration-package) > + '(#$(file-append (murmur-configuration-package config) > "/bin/murmurd") > "-ini" > #$(or (murmur-configuration-file config) > Ouch, so much about me thinking that I could just make a quick change. > > This makes me think that it would be good to have a unit test. Would > you like to try writing one now (see the examples in gnu/tests/*.scm), > or do you prefer to leave it for later? I would like to write some tests, but right now I need to setup my guix development environment on a different computer first. On my current setup I have 15 gigabytes of free hard drive space and when I run `make check-system` it fails with some 'no space left on device' message. > > In the latter case, please test the system to make sure it actually > works (that can be done in a VM.) For this patch: I ran make and got no warnings. I deployed it on my server and connected with mumble from my computer and it worked. --------------D8B9D010772BFDF6EDA09694 Content-Type: text/x-patch; name="0001-guix-records-Add-match-record.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-guix-records-Add-match-record.patch" =46rom 07c47b5acc22589d466b5008ba42a191bbc33c11 Mon Sep 17 00:00:00 2001 From: nee Date: Wed, 25 Oct 2017 20:44:54 +0200 Subject: [PATCH 1/2] guix: records: Add match-record. * guix/records.scm: New syntax-rule. --- guix/records.scm | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/guix/records.scm b/guix/records.scm index 7de5fccef..1f00e1660 100644 --- a/guix/records.scm +++ b/guix/records.scm @@ -26,7 +26,8 @@ #:export (define-record-type* alist->record object->fields - recutils->alist)) + recutils->alist + match-record)) =20 ;;; Commentary: ;;; @@ -375,4 +376,19 @@ pairs. Stop upon an empty line (after consuming it)= or EOF." (else (error "unmatched line" line)))))))) =20 +(define-syntax match-record + (syntax-rules () + "Bind each FIELD of a RECORD of the given TYPE to it's FIELD name. +The current implementation does not support thunked and delayed fields."= + ((_ record type (field fields ...) body ...) + (if (eq? (struct-vtable record) type) + ;; TODO compute indices and report wrong-field-name errors at + ;; expansion time + ;; TODO support thunked and delayed fields + (let ((field ((record-accessor type 'field) record))) + (match-record record type (fields ...) body ...)) + (throw 'wrong-type-arg record))) + ((_ record type () body ...) + (begin body ...)))) + ;;; records.scm ends here --=20 2.14.1 --------------D8B9D010772BFDF6EDA09694 Content-Type: text/x-patch; name="0002-services-Add-murmur.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0002-services-Add-murmur.patch" =46rom 2836d82378ccd9ac4fd3678230d0daa2c5f1601d Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 14 Oct 2017 11:27:50 +0200 Subject: [PATCH 2/2] services: Add murmur. * gnu/services/telephony.scm: New file. * gnu/local.mk: Add it. * doc/guix.texi (Telephony Services): New node. --- doc/guix.texi | 163 ++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/telephony.scm | 305 +++++++++++++++++++++++++++++++++++++++= ++++++ 3 files changed, 469 insertions(+) create mode 100644 gnu/services/telephony.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7b5b71179..ee4913b29 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -9245,6 +9246,7 @@ declaration. * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -14025,6 +14027,167 @@ string, you could instantiate a prosody service= like this: (prosody.cfg.lua ""))) @end example =20 + +@node Telephony Services +@subsubsection Telephony Services +@cindex Murmur + +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. + +@deftp {Data Type} murmur-configuration +The service type for the murmur server. An example configuration can loo= k like this: +@example +(service murmur-service-type + (murmur-configuration + (welcome-text "Welcome to this mumble server running on GuixSD= !") + (cert-required? #t) ; disallow text password logins + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) +@end example + +After reconfiguring your system, you can manually set the murmur @code{"= SuperUser"} +password with the command that is printed during the activation phase. +It is recommended to register a normal mumble user account +and grant it admin or moderator rights. +You can use the @code{mumble} client to +login as new normal user, register yourself, and logout. +For the next step login with the name @code{"SuperUser"} use +the @code{SuperUser} password that you set previously, +and grant your newly registered mumble user admin/moderator +rights and create some channels. + +Available @code{murmur-configuration} fields are: +@table @asis +@item @code{package} (default: @code{mumble}) +Package that contains @code{bin/murmurd}. +@item @code{user} (default: @code{"murmur"}) +User who will run the murmur server. +@item @code{group} (default: @code{"murmur"}) +Group of the user who will run the murmur server. +@item @code{port} (default: @code{64738}) +Port on which the server will listen. +@item @code{welcome-text} (default: @code{""}) +Welcome text sent to clients when they connect. +@item @code{server-password} (default: @code{""}) +Password the clients have to enter in order to connect. +@item @code{max-users} (default: @code{100}) +Maximum of users that can be connected to the server at once. +@item @code{max-user-bandwidth} (default: @code{#f}) +Maximum voice traffic a user can send per second. +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})= +Filepath location of the sqlite database. +The service's user will become the owner of the directory. +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) +Filepath of the log file. +The service's user will become the owner of the directory. +@item @code{autoban-attempts} (default: @code{10}) +Maximum number of logins a user can make in @code{autoban-timeframe} +without getting auto banned for @code{autoban-time}. +@item @code{autoban-timeframe} (default: @code{120}) +Timeframe for autoban in seconds. +@item @code{autoban-time} (default: @code{300}) +Amount of time in seconds for which a client gets banned +when violating the autoban limits. +@item @code{opus-threshold} (default: @code{100}) +Percentage of clients that need to support opus +before switching over to opus audio codec. +@item @code{channel-nesting-limit} (default: @code{10}) +How deep channels can be nested at maximum. +@item @code{channelname-regex} (default: @code{#f}) +A string in from of a Qt regular expression that channel names must conf= orm to. +@item @code{username-regex} (default: @code{#f}) +A string in from of a Qt regular expression that user names must conform= to. +@item @code{text-message-length} (default: @code{5000}) +Maximum size in bytes that a user can send in one text chat message. +@item @code{image-message-length} (default: @code{(* 128 1024)}) +Maximum size in bytes that a user can send in one image message. +@item @code{cert-required?} (default: @code{#f}) +If it is set to @code{#t} clients that use weak password authentificatio= n +will not be accepted. Users must have completed the certificate wizard t= o join. +@item @code{remember-channel?} (defualt @code{#f}) +Should murmur remember the last channel each user was in when they disco= nnected +and put them into the remembered channel when they rejoin. +@item @code{allow-html?} (default: @code{#f}) +Should html be allowed in text messages, user comments, and channel desc= riptions. +@item @code{allow-ping?} (default: @code{#f}) +Setting to true exposes the current user count, the maximum user count, = and +the server's maximum bandwidth per client to unauthenticated users. In t= he +Mumble client, this information is shown in the Connect dialog. + +Disabling this setting will prevent public listing of the server. +@item @code{bonjour?} (default: @code{#f}) +Should the server advertise itself in the local network through the bonj= our protocol. +@item @code{send-version?} (default: @code{#f}) +Should the murmur server version be exposed in ping requests. +@item @code{log-days} (default: @code{31}) +Murmur also stores logs in the database, which are accessible via RPC. +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, +or -1 to disable logging to the database. +@item @code{obfuscate-ips?} (default @code{#t}) +Should logged ips be obfuscated to protect the privacy of users. +@item @code{ssl-cert} (default: @code{#f}) +Filepath to the ssl-cert used for encrypted connections. +@example +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") +@end example +@item @code{ssl-key} (default: @code{#f}) +Filepath to the ssl private key used for encrypted connections. +@example +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") +@end example +@item @code{ssl-dh-params} (default: @code{#f}) +Filepath to a PEM-encoded file with Diffie-Hellman parameters +for the ssl encryption. Alternatively you set it to +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. +@item @code{ssl-ciphers} (default: @code{#f}) +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use +in SSL/TLS. + +This option is specified using +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. + +It is recommended that you try your cipher string using 'openssl ciphers= ' +before setting it here, to get a feel for which cipher suites you will g= et. +After setting this option, it is recommend that you inspect your Murmur = log +to ensure that Murmur is using the cipher suites that you expected it to= =2E + +Note: Changing this option may impact the backwards compatibility of you= r +Murmur server, and can remove the ability for older Mumble clients to be= able +to connect to it. +@item @code{public-registration} (default: @code{#f}) +Must be a @code{} record or @c= ode{#f}. + +You can optionally register your server in the public server list that t= he +@code{mumble} client shows on startup. +You cannot register your server if you have set a @code{server-password}= , +or set @code{allow-ping} to @code{#f}. + +It might take a few hours until it shows up in the public list. + +@item @code{file} (default: @code{#f}) +Optional alternative override for this configuration. +@end table +@end deftp + +@deftp {Data Type} murmur-public-registration-configuration +Configuration for public registration of a murmur service. +@table @asis +@item @code{name} +This is a display name for your server. Not to be confused with the host= name. +@item @code{password} +A password to identify your registration. +Subsequent updates will need the same password. Don't lose your password= =2E +@item @code{url} +This should be a http(s):// link to your website. +@item @code{hostname} (default: @code{#f}) +By default your server will be listed by it's ip. +If it is set your server will be linked by this hostname instead. +@end table +@end deftp + + + @node Monitoring Services @subsubsection Monitoring Services =20 diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024..daa210a38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/services/spice.scm \ %D%/services/ssh.scm \ %D%/services/sysctl.scm \ + %D%/services/telephony.scm \ %D%/services/version-control.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm new file mode 100644 index 000000000..6c9121ad5 --- /dev/null +++ b/gnu/services/telephony.scm @@ -0,0 +1,305 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 nee +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services telephony) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages telephony) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export ( + murmur-configuration + make-murmur-configuration + murmur-configuration? + murmur-configuration-package + murmur-configuration-user + murmur-configuration-group + murmur-configuration-port + murmur-configuration-welcome-text + murmur-configuration-server-password + murmur-configuration-max-users + murmur-configuration-max-user-bandwidth + murmur-configuration-database-file + murmur-configuration-log-file + murmur-configuration-pid-file + murmur-configuration-autoban-attempts + murmur-configuration-autoban-timeframe + murmur-configuration-autoban-time + murmur-configuration-opus-threshold + murmur-configuration-channel-nesting-limit + murmur-configuration-channelname-regex + murmur-configuration-username-regex + murmur-configuration-text-message-length + murmur-configuration-image-message-length + murmur-configuration-cert-required? + murmur-configuration-remember-channel? + murmur-configuration-allow-html? + murmur-configuration-allow-ping? + murmur-configuration-bonjour? + murmur-configuration-send-version? + murmur-configuration-log-days + murmur-configuration-obfuscate-ips? + murmur-configuration-ssl-cert + murmur-configuration-ssl-key + murmur-configuration-ssl-dh-params + murmur-configuration-ssl-ciphers + murmur-configuration-public-registration + murmur-configuration-file + + + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + murmur-public-registration-configuration-name + murmur-public-registration-configuration-url + murmur-public-registration-configuration-password + murmur-public-registration-configuration-hostname + + murmur-service-type)) + +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini + +(define-record-type* murmur-configuration + make-murmur-configuration + murmur-configuration? + (package murmur-configuration-package ; + (default mumble)) + (user murmur-configuration-user + (default "murmur")) + (group murmur-configuration-group + (default "murmur")) + (port murmur-configuration-port + (default 64738)) + (welcome-text murmur-configuration-welcome-text + (default "")) + (server-password murmur-configuration-server-password + (default "")) + (max-users murmur-configuration-max-users + (default 100)) + (max-user-bandwidth murmur-configuration-max-user-bandwidth + (default #f)) + (database-file murmur-configuration-database-file + (default "/var/lib/murmur/db.sqlite")) + (log-file murmur-configuration-log-file + (default "/var/log/murmur/murmur.log")) + (pid-file murmur-configuration-pid-file + (default "/var/run/murmur/murmur.pid")) + (autoban-attempts murmur-configuration-autoban-attempts + (default 10)) + (autoban-timeframe murmur-configuration-autoban-timeframe + (default 120)) + (autoban-time murmur-configuration-autoban-time + (default 300)) + (opus-threshold murmur-configuration-opus-threshold + (default 100)) ; integer percent + (channel-nesting-limit murmur-configuration-channel-nesting-limit + (default 10)) + (channelname-regex murmur-configuration-channelname-regex + (default #f)) + (username-regex murmur-configuration-username-regex + (default #f)) + (text-message-length murmur-configuration-text-message-length + (default 5000)) + (image-message-length murmur-configuration-image-message-length + (default (* 128 1024))) ; 128 Kilobytes + (cert-required? murmur-configuration-cert-required? + (default #f)) + (remember-channel? murmur-configuration-remember-channel? + (default #f)) + (allow-html? murmur-configuration-allow-html? + (default #f)) + (allow-ping? murmur-configuration-allow-ping? + (default #f)) + (bonjour? murmur-configuration-bonjour? + (default #f)) + (send-version? murmur-configuration-send-version? + (default #f)) + (log-days murmur-configuration-log-days + (default 31)) + (obfuscate-ips? murmur-obfuscate-ips? + (default #t)) + (ssl-cert murmur-configuration-ssl-cert + (default #f)) + (ssl-key murmur-configuration-ssl-key + (default #f)) + (ssl-dh-params murmur-configuration-ssl-dh-params + (default #f)) + (ssl-ciphers murmur-configuration-ssl-ciphers + (default #f)) + (public-registration murmur-configuration-public-registration + (default #f)) ; + (file murmur-configuration-file + (default #f))) + +(define-record-type* + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + (name murmur-public-registration-configuration-name) + (password murmur-public-registration-configuration-password) + (url murmur-public-registration-configuration-url) + (hostname murmur-public-registration-configuration-hostname + (default #f))) + +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + +(define (default-murmur-config config) + (match-record + config + + (user port welcome-text server-password max-users max-user-bandwidth + database-file log-file pid-file autoban-attempts autoban-timeframe + autoban-time opus-threshold channel-nesting-limit channelname-regex + username-regex text-message-length image-message-length cert-require= d? + remember-channel? allow-html? allow-ping? bonjour? send-version? + log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers + public-registration) + (apply mixed-text-file "murmur.ini" + (flatten + "welcometext=3D" welcome-text "\n" + "port=3D" (number->string port) "\n" + (if server-password (list "serverpassword=3D" server-password= "\n") '()) + (if max-user-bandwidth (list "bandwidth=3D" (number->string m= ax-user-bandwidth)) '()) + "users=3D" (number->string max-users) "\n" + "uname=3D" user "\n" + "database=3D" database-file "\n" + "logfile=3D" log-file "\n" + "pidfile=3D" pid-file "\n" + (if autoban-attempts (list "autobanAttempts=3D" (number->stri= ng autoban-attempts) "\n") '()) + (if autoban-timeframe (list "autobanTimeframe=3D" (number->st= ring autoban-timeframe) "\n") '()) + (if autoban-time (list "autobanTime=3D" (number->string autob= an-time) "\n") '()) + (if opus-threshold (list "opusthreshold=3D" (number->string o= pus-threshold) "\n") '()) + (if channel-nesting-limit (list "channelnestinglimit=3D" (num= ber->string channel-nesting-limit) "\n") '()) + (if channelname-regex (list "channelname=3D" channelname-rege= x "\n") '()) + (if username-regex (list "username=3D" username-regex "\n") '= ()) + (if text-message-length (list "textmessagelength=3D" (number-= >string text-message-length) "\n") '()) + (if image-message-length (list "imagemessagelength=3D" (numbe= r->string image-message-length) "\n") '()) + (if log-days (list "logdays=3D" (number->string log-days) "\n= ") '()) + "obfuscate=3D" (if obfuscate-ips? "true" "false") "\n" + "certrequired=3D" (if cert-required? "true" "false") "\n" + "rememberchannel=3D" (if remember-channel? "true" "false") "\= n" + "allowhtml=3D" (if allow-html? "true" "false") "\n" + "allowping=3D" (if allow-ping? "true" "false") "\n" + "bonjour=3D" (if bonjour? "true" "false") "\n" + "sendversion=3D" (if send-version? "true" "false") "\n" + (cond ((and ssl-cert ssl-key) + (list + "sslCert=3D" ssl-cert "\n" + "sslKey=3D" ssl-key "\n")) + ((or ssl-cert ssl-key) + (error "ssl-cert and ssl-key must both be set" + ssl-cert ssl-key)) + (else '())) + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()) + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) + + (match public-registration + (#f '()) + (($ + name password url hostname) + (if (and (or (not server-password) (string-null? server-pa= ssword)) + allow-ping?) + (list + "registerName=3D" name "\n" + "registerPassword=3D" password "\n" + "registerUrl=3D" url "\n" + (if hostname + (string-append "registerHostname=3D" hostname "\n= ") + "")) + (error "To publicly register your murmur server your s= erver must be publicy visible +and users must be able to join without a password. To fix this set: +(allow-ping? #t) +(server-password \"\") +Or set public-registration to #f")))))))) + +(define (murmur-activation config) + #~(begin + (use-modules (guix build utils)) + (let* ((log-dir (dirname #$(murmur-configuration-log-file config))= ) + (pid-dir (dirname #$(murmur-configuration-pid-file config))= ) + (db-dir (dirname #$(murmur-configuration-database-file conf= ig))) + (user (getpwnam #$(murmur-configuration-user config))) + (init-dir + (lambda (name dir) + (format #t "creating murmur ~a directory '~a'\n" name di= r) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700))) + (ini #$(or (murmur-configuration-file config) + (default-murmur-config config)))) + (init-dir "log" log-dir) + (init-dir "pid" pid-dir) + (init-dir "database" db-dir) + + (format #t "murmur: use config file: ~a~%\n" ini) + (format #t "murmur: to set the SuperUser password run: + `~a -ini ~a -readsupw`\n" + #$(file-append (murmur-configuration-package config) + "/bin/murmurd") ini) + #t))) + +(define murmur-accounts + (match-lambda + (($ _ user group) + (list + (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Murmur Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))) + +(define (murmur-shepherd-service config) + (list (shepherd-service + (provision '(murmur)) + (documentation "Run the murmur mumble-server.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append (murmur-configuration-package config= ) + "/bin/murmurd") + "-ini" + #$(or (murmur-configuration-file config) + (default-murmur-config config))) + #:pid-file #$(murmur-configuration-pid-file config)))= + (stop #~(make-kill-destructor))))) + +(define murmur-service-type + (service-type (name 'murmur) + (description "The murmur service type.") + (extensions + (list (service-extension shepherd-root-service-type + murmur-shepherd-service) + (service-extension activation-service-type + murmur-activation) + (service-extension account-service-type + murmur-accounts))) + (default-value (murmur-configuration)))) --=20 2.14.1 --------------D8B9D010772BFDF6EDA09694--