From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christopher Allan Webber <cwebber@dustycloud.org>
Subject: Re: GHM debriefing
Date: Mon, 29 Aug 2016 10:20:59 -0500
Message-ID: <87a8fv8uuc.fsf@dustycloud.org>
References: <87eg5769n9.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35356)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cwebber@dustycloud.org>) id 1beON8-0006Tl-64
	for guix-devel@gnu.org; Mon, 29 Aug 2016 11:21:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cwebber@dustycloud.org>) id 1beON4-0008Gz-Ut
	for guix-devel@gnu.org; Mon, 29 Aug 2016 11:21:14 -0400
In-reply-to: <87eg5769n9.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

All good news!  One comment:

Ludovic Court=C3=A8s writes:

> For the last talk, I rehashed the basics since the audience wasn=E2=80=99=
t too
> familiar I suppose, and then wrote a GuixSD service for OpenSSH=E2=80=99=
s =E2=80=98sshd=E2=80=99
> (attached).  Hopefully a useful starting point and tutorial.

It looks like a good tutorial in its simplicity!  Maybe it could be
added as an "example" section at the end of the Defining Services
chapter?

You might have also seen that, as a non-tutorial, Julien Lepiller has
been working on getting an openssh-service into GuixSD.  It might be
good for someone to look if there are any overlaps or things that should
be joined between both definitions, as in terms of getting it really
into Guix :)

(Unfortunately, I'm still in crunchmode, so I'm not volunteering
myself!)

 - Chris

> That=E2=80=99s it!
>
> Ludo=E2=80=99.
>
> (define-module (gnu services openssh)
>   #:use-module (gnu)
>   #:use-module (gnu services shepherd)
>   #:use-module (gnu packages ssh)
>   #:use-module (guix)
>   #:export (openssh-service-type))
>
> (define (ssh-shepherd-service config-file)
>   (list (shepherd-service
>          (provision '(ssh-daemon))
>          (requirement '(networking))
>          (start #~(make-forkexec-constructor
>                    (list (string-append #$openssh "/sbin/sshd")
>                          "-f" #$config-file)
>                    #:pid-file "/etc/sshd.pid"))
>          (stop #~(make-kill-destructor)))))
>
> (define %sshd-accounts
>   (list (user-account
>          (name "sshd")
>          (comment "OpenSSH privilege separation user")
>          (home-directory "/var/empty")
>          (system? #t)
>          (group "nogroup"))))
>
> (define %sshd-keygen
>   #~(system* (string-append #$openssh "/bin/ssh-keygen")
>              "-t" "ed25519" "-N" "" "-f"
>              "/etc/ssh_host_ed25519_key"))
>
> (define openssh-service-type
>   (service-type
>    (name 'openssh)
>    (extensions (list (service-extension shepherd-root-service-type
>                                         ssh-shepherd-service)
>                      (service-extension account-service-type
>                                         (const %sshd-accounts))
>                      (service-extension activation-service-type
>                                         (const %sshd-keygen))))))