From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id WJBaDQIQx2acaAAAqHPOHw:P1 (envelope-from ) for ; Thu, 22 Aug 2024 10:16:34 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id WJBaDQIQx2acaAAAqHPOHw (envelope-from ) for ; Thu, 22 Aug 2024 12:16:34 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FVndWrvt; dkim=fail ("headers rsa verify failed") header.d=fabionatali.com header.s=gm1 header.b=cKIhTAEQ; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1724321794; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=WtIXmLZJSg8HZlIVcUuNaMKMDjfhMlGWOUUdq3/JHY0=; b=lz1PdgFhXp0G3v1Tth7onfWy6ckStJ9bG5Zq1z87xIrPsZZaU1e1HHCM42gJ47URFe9Va4 XZ2ZWJbZ5NrjhoSpVzmXF/uMHcVN4tfMixg3Z7sFsLBWzc8pEoTjByd6DVI5IqO/P2o6es mw8aziknA6KhCSfk9R487rnQ/SOSxInpgoydzKc3Z76sBjpkk5lPFavisM5HDdr6Odbfyo jarN8idY87P9prfsXbHKgzCCMfLLaK4y7FGndUX/WpisIZwFMfcZi7N8AiEG4DNotQ3tZq apGU1qxhkR2NNrQMg9WFWEWoEkLS+W0AcLRUvC1eq9eIyiXm0og114ecX3QWlw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FVndWrvt; dkim=fail ("headers rsa verify failed") header.d=fabionatali.com header.s=gm1 header.b=cKIhTAEQ; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1724321794; a=rsa-sha256; cv=none; b=fzUGiSRDQ9L8axtHCn3lMYhJ80+zFEIp/V6JiHAqz4IpAveRQy2PiJhdi+noCHy6GpP89i DXKh6Pf6GMWOQ1784DEN6UtdZeToEI9ohn6pAghFKAHYskDVk7Dx+rAW2YqRNDUqsPVFVi EGikWxHRMSeabj3zmYff2gnrNRPoFGMUYAFL7Uu/5miyWlIBYgduBVo97u3imiOnM6vD7K Mb+LuGpCBsxTCwrdoX4oMZFZzrtP14gkD/GQvH2LdcwWEHubM00pjVOaZYiAPuoxFqOqR2 1K9OVRCyHi0wFHOh7MMDJ45tivSdpEJjth0ObFejYBfqwao9vNphNOMwu9csrQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BB2813A1D6 for ; Thu, 22 Aug 2024 12:16:33 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sh4rd-0007Gj-5J; Thu, 22 Aug 2024 06:16:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sh4rY-0007GF-Tr for guix-patches@gnu.org; Thu, 22 Aug 2024 06:16:18 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sh4rY-0005RR-2e for guix-patches@gnu.org; Thu, 22 Aug 2024 06:16:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=WtIXmLZJSg8HZlIVcUuNaMKMDjfhMlGWOUUdq3/JHY0=; b=FVndWrvtF3ePGNQ8E4eBshHDgYKHjpvQondo9G9cFmfQvVBOE0TLBZ6Uifm3kZND+ivVMlmXdJEog8IrKlkXl3twNSGCeLcV8+caJzHNstG7p5B4jl0glYpZ+Q3dAmm+i1ZXrw9ecLyEAc5E9KYP86L8m0Pp206sNrvsLkXZ03RMPCZJeB1kJlg0qwLcNCqO3vt+PPab6BV11HxJeOqIIidiHXPwLeA5kAhIaCuHxEsLIiSwoHEk8vdDK0Uf5iwyBonHGJUDK1WduiLW5czoXgEz8ShDK00/XZz9kBlxxTZie8es66FA4Xd1x6UZnjDbl5tAQgXyyJkH+crLKfbXKg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sh4sH-00052F-KG for guix-patches@gnu.org; Thu, 22 Aug 2024 06:17:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72398] [PATCH v2] services: Add readymedia-service-type. Resent-From: Fabio Natali Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 22 Aug 2024 10:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72398 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Bruno Victal Cc: Arun Isaac , 72398@debbugs.gnu.org Received: via spool by 72398-submit@debbugs.gnu.org id=B72398.172432180819316 (code B ref 72398); Thu, 22 Aug 2024 10:17:01 +0000 Received: (at 72398) by debbugs.gnu.org; 22 Aug 2024 10:16:48 +0000 Received: from localhost ([127.0.0.1]:36795 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sh4s4-00051U-9F for submit@debbugs.gnu.org; Thu, 22 Aug 2024 06:16:48 -0400 Received: from relay1-d.mail.gandi.net ([217.70.183.193]:34937) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sh4s1-00051D-Db for 72398@debbugs.gnu.org; Thu, 22 Aug 2024 06:16:47 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 9F1DF240005; Thu, 22 Aug 2024 10:15:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fabionatali.com; s=gm1; t=1724321753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WtIXmLZJSg8HZlIVcUuNaMKMDjfhMlGWOUUdq3/JHY0=; b=cKIhTAEQzWQDeLb2wqs2m9vuOtIEShX5TD+Ji0HDTbu1FbkbaFhKgNqRpB20B7oYaHLMMh wegyj8vPDDYk6hfHSB68NAw6rAbYxLV3oUL+vGSHS6s702FWi61/rYfMnirvTQLx4bL3Mc rKcjQ5jfOVsXP6WLMOrLqRL05m1BcFZBKfRuFO4ht4ALameGIto/MHafPJCnJX9LLhKW/Z QuQMoBrrmVByN/HYblEVDNocaY0Kk3ba0FjGjppYf/9u8/BHd8JsNqHR8tydKQ3TfHbQK0 nsymgp/HJTz7XAQdO39lADHCdTGIGcJjU3ydeoHbzmk6onFRbKa9hidQj2ymYw== In-Reply-To: <4fd9b012-4783-4017-b8a3-47485c0cd657@makinata.eu> References: <87jzglwcqh.fsf@systemreboot.net> <87h6bhicgf.fsf@fabionatali.com> <4fd9b012-4783-4017-b8a3-47485c0cd657@makinata.eu> Date: Thu, 22 Aug 2024 11:13:37 +0100 Message-ID: <878qwoj25q.fsf@fabionatali.com> MIME-Version: 1.0 Content-Type: text/plain X-GND-Sasl: me@fabionatali.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Fabio Natali X-ACL-Warn: , Fabio Natali via Guix-patches From: Fabio Natali via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: BB2813A1D6 X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -7.08 X-Spam-Score: -7.08 X-TUID: Z936A716DsFl Hi Bruno, Thanks for providing feedback on this and thanks for the help provided on IRC. I've gone through your comments and did my best to address them. See my replies inline below. On 2024-08-20, 03:14 +0100, Bruno Victal wrote: >> +@item @code{media-dirs} (type: list) >> +The list of media folders to serve content from. Each item is a >> +@code{readymedia-media-dir}. >> + >> +@item @code{cache-dir} (default: @code{"/var/cache/readymedia"}) (type: string) >> +A folder for ReadyMedia's cache files. If not existing already, the >> +folder will be created as part of the service activation and the >> +ReadyMedia user will be assigned ownership. >> + >> +@item @code{log-dir} (default: @code{"/var/log/readymedia"}) (type: string) >> +A folder for ReadyMedia's log files. If not existing already, the >> +folder will be created as part of the service activation and the >> +ReadyMedia user will be assigned ownership. > > Expand these to media-directories, cache-directory, etc. Good point, now fixed. >> +@item @code{extra-config} (default: @code{'()}) (type: list-of-strings) >> +A list of further options, to be passed as key-value strings as >> +accepted by ReadyMedia. > > Do you have an example on this? > Given the description perhaps an alist would work better here. True, great point. That's now an alist. Example added too. >> +@deftp {Data Type} readymedia-media-dir >> +A @code{media-dirs} entry includes a @code{path} and, optionally, a >> +media type string. > > Likewise, expand to readymedia-media-directory. Fixed. >> +@item @code{type} (default: @code{""}) (type: string) >> +Valid media types are @code{"A"} for audio, @code{"P"} for pictures, >> +@code{"V"} for video, and a combination of those individual letters >> +for mixed types. An empty string means no type specified. > > I'd use a list of symbols (or enum) here. Fixed, switched to symbols. >> +(define %readymedia-user-account "readymedia") >> +(define %readymedia-user-group "readymedia") > > I think it would be better to expose this in the > readymedia-configuration record-type and have it be oriented around > user-account and user-group record-types, i.e. [...] > This way you can allow for users to fine-tune the account permissions, > groups & co. used by readymedia. Fixed, although I'm not sure I'm 100% on board with this. I'm not completely sure but I have the feeling that a configurable ReadyMedia user might theoretically weaken the POLA, e.g. if the user chose their own user for this service. Following up on a related conversation we started on IRC, I suppose we should either go all in with flexibility (i.e. allow the user to switch off the least-authority-wrapper and set the service user) or adopt a slightly more rigid approach (mandated POLA and fixed user). I think I might have a slight preference for the latter, prioritising compartmentalisation over flexibility - but I'm keen to know what you, Arun, and all other Guixers may think about this. I'm glad to send a new version in case, where I switch back to a mandated, non-configurable 'readymedia' user. >> +(define (readymedia-activation config) >> + "Set up directories for ReadyMedia/MiniDLNA." [...] > I'd avoid using activation-service-type since it doesn't account for > shepherd dependencies (which implies file-system mounts), consequence > being that this service will be broken if any of these directories > happen to be located outside of the root filesystem. > (My advice is to avoid using activation-service-type unless you're > sure of how the chain of action in guix+shepherd goes) Ha, ok, I'd have never thought of this! With a bit of a don't-know-what-i'm-doing feeling, I might have fixed this too. :) Thanks to you and Arun for all the helpful feedback! I hope v3 is in a better shape now (to follow shortly). Thanks, cheers, Fabio.