From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oleg Pykhalov Subject: Re: isc-bind service draft Date: Fri, 24 Nov 2017 11:31:10 +0300 Message-ID: <87h8tkm629.fsf@gmail.com> References: <87vaijkyam.fsf@gmail.com> <87po8kno54.fsf@gmail.com> <87tvxuewmq.fsf@gmail.com> <87fu9eci4n.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41535) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eI9ON-0004lg-V7 for guix-devel@gnu.org; Fri, 24 Nov 2017 03:31:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eI9OF-0006J7-3n for guix-devel@gnu.org; Fri, 24 Nov 2017 03:31:23 -0500 In-Reply-To: <87fu9eci4n.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 16 Nov 2017 17:18:00 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello, Thank you for suggestions! Here is a new working in vm version. There is still a lot work to do: - More apropriate for everyone default config. - Writing tests. More suggestions are welcome :-) --=-=-= Content-Type: text/plain Content-Disposition: inline; filename=system-bind.scm Content-Description: vm isc-bind system definition (use-modules (gnu)) (use-service-modules networking dns) (operating-system (host-name "gnu") (timezone "Etc/UTC") (locale "en_US.utf8") (bootloader (grub-configuration (target "/dev/sda") (terminal-outputs '(console)))) (file-systems (cons (file-system (device "my-root") (title 'label) (mount-point "/") (type "ext4")) %base-file-systems)) (users %base-user-accounts) (packages %base-packages) (services (cons* (dhcp-client-service) (service bind-service-type) %base-services))) --=-=-= Content-Type: text/plain --8<---------------cut here---------------start------------->8--- ./pre-inst-env guix system vm VM_FILE_SCM --8<---------------cut here---------------end--------------->8--- --=-=-= Content-Type: text/plain Content-Disposition: inline Content-Description: isc-bind service (define-record-type* bind-options-configuration make-bind-options-configuration bind-options-configuration? (user bind-options-configuration-user ; string (default "named")) (group bind-options-configuration-group ; string (default "named")) (run-directory bind-options-configuration-run-directory ; string (default "/var/run/named")) (pid-file bind-options-configuration-pid-file ; string (default "/var/run/named/named.pid")) (log-file bind-options-configuration-log-file ; string (default "/var/log/named.log")) (listen-v4 bind-options-configuration-listen-v4 ; string (default "0.0.0.0")) (listen-v6 bind-options-configuration-listen-v6 ; string (default "::")) (listen-port bind-options-configuration-listen-port ; integer (default 53)) (allow-recursion? bind-options-configuration-allow-recursion? ; list (default (list "127.0.0.1"))) (allow-transfer? bind-options-configuration-allow-transfer? ; list (default (list "none"))) (allow-update? bind-options-configuration-allow-update? ; list (default (list "none"))) (version bind-options-configuration-version ; string (default "none")) (hostname bind-options-configuration-hostname ; string (default (gethostname))) (server-id bind-options-configuration-server-id ; string (default "none"))) (define-record-type* bind-zone-configuration make-bind-zone-configuration bind-zone-configuration? (network bind-zone-configuration-network ; string (default "localhost")) (class bind-zone-configuration-class ; string (default "IN")) (type bind-zone-configuration-type ; string (default "master")) (file bind-zone-configuration-file ; (default (zone-file (origin "@") (ns "localhost.") (mail "root.localhost.") (entries (list (zone-entry (name "") (ttl "1D") (type "NS") (data "localhost.")) (zone-entry (name "localhost.") (ttl "1D") (data "127.0.0.1")))))))) (define-record-type* bind-configuration-file make-bind-configuration-file bind-configuration-file? ;; (config-options bind-configuration-file-config-options (default (bind-options-configuration))) ;; list of (config-zones bind-configuration-file-config-zones (default (list (bind-zone-configuration))))) (define-record-type* bind-configuration make-bind-configuration bind-configuration? (config-file bind-configuration-config-file ; (default (bind-configuration-file))) (package bind-configuration-package ; (default isc-bind))) (define-gexp-compiler (zone-file-compiler (file ) system target) (match-record file (entries origin ns mail serial refresh retry expiry nx) (apply text-file* (string-append ns "zone") (format #f "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n" ns mail serial refresh retry expiry nx) (map (lambda (zone-entry) (match-record zone-entry (name ttl class type data) (format #f "~a ~a ~a ~a ~a\n" name class type ttl data))) entries)))) (define-gexp-compiler (bind-configuration-file-compiler (file ) system target) (match-record file (config-options config-zones) (define options-config (match-record config-options (user group run-directory pid-file log-file listen-v4 listen-v6 listen-port allow-recursion? allow-transfer? allow-update? version hostname server-id) (letrec ((block (lambda (statements) (format #f "{ ~a ;}" (string-join statements "; "))))) (list "options {\n" " directory \"" run-directory "\";\n" " pid-file \"" pid-file "\";\n" " allow-recursion " (block allow-recursion?) ";\n" " allow-transfer " (block allow-transfer?) ";\n" " allow-update " (block allow-update?) ";\n" " version " version ";\n" " hostname \"" hostname "\";\n" " server-id " server-id ";\n" "};\n")))) (define zones-config (map (lambda (config) (match-record config (network class type file) (list "zone \"" network "\" " class " {\n" " type " type ";\n" " file \"" file "\";\n" "};\n"))) config-zones)) (apply text-file* "named.conf" (apply string-append options-config) (fold append '() zones-config)))) (define (match-bind-options-configuration bind-configuration-file) "Return `' from `'." (match-record bind-configuration-file (config-options) config-options)) (define (match-bind-configuration-config-file bind-configuration) "Return a `bind-configuration-config-file' from `'." (match-record bind-configuration (config-file) config-file)) (define (bind-account config) "Return a `' from `'." (match-record ((compose match-bind-options-configuration match-bind-configuration-config-file) config) (user group run-directory) (let ((bind-group group)) (list (user-group (name bind-group) (system? #t)) (user-account (name user) (group bind-group) (system? #t) (comment "Bind dns server user") (home-directory run-directory) (shell (file-append shadow "/sbin/nologin"))))))) (define (bind-activation config) "Return the activation GEXP for CONFIG." (match-record ((compose match-bind-options-configuration match-bind-configuration-config-file) config) (user group run-directory) (with-imported-modules '((guix build utils)) #~(begin (mkdir-p #$run-directory) (chown #$run-directory (passwd:uid (getpw #$user)) (group:gid (getpw #$group))))))) (define (bind-shepherd-service config) (match-record config (config-file package) (match-record (match-bind-options-configuration config-file) (user group pid-file) (list (shepherd-service (documentation "Run the Bind DNS daemon.") (provision '(bind dns)) (requirement '(networking)) (start #~(make-forkexec-constructor (list (string-append #$package "/sbin/named") "-c" #$config-file) #:user #$user #:group #$group #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))))) (define bind-service-type (service-type (name 'bind) (description "Run the Bind DNS server.") (extensions (list (service-extension shepherd-root-service-type bind-shepherd-service) (service-extension account-service-type bind-account) (service-extension activation-service-type bind-activation))) (default-value (bind-configuration)))) --=-=-= Content-Type: text/plain Oleg. --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc+OyAXw1EaDPCmAPckbhHGm3lWkFAloX2M4ACgkQckbhHGm3 lWmLlw/+N/AxKxvoYtWRoiHageQeWHt7Si+d0v+tFt7eTOFch87INzKKnFiCS0S8 W1BXj8huLvmWbyH+2c7pA1yMhZn0YXIj1JhsuF+OCPh0prbIZ+68+iIWCLA0/nHP HMScx12YqL1+nezAKGG/YmyPyGngByf1BjGk7lervTkolEx3ps+lKxQOyL0QMiOO 7Lm4je84y2uTCklqs4RBInC9ue83B7MB/BLbBkH9CM7o6r9WyrBdfg6YOKJHY27s BxThdbrgOnIOe95qnwqiVU0VU43ycuW9O/rFlNZIBG3NIhVmnD5h/l8uQgoehsgk 7mGvPRs/6+2h9ElnrfWUpXzbJown1z2xG8/dXes2zLeVA16t7IQaCRA6Yut/Wpkv 8PTXC5a5ojc7+gLyvgXc8oQ5U3v936er93JcUEa+4smWB6z/SvIpnNs3Cplmq/K3 1PqwizAhY4oWwoCEW29eqJ2bKk0ic7IkNDmmo1k9/yG4Iekat84I2rN4eIoNwCQO KiqXnRe63tz993i1C5pvc53RewrSiNl95jgLJEkxWHP8Jt95V20Lzj05gwvSDcuq SeIVh/Mj/Yt9gT3XGm5Gk6pOPUcWK8pyJho5zKJlYkdHGAwQs9DzBwYCY6H5hm3H i5VYjjWZHytanBGbOT10gbI0Z5A7L77XfFBIgg8DTWL2jvtyB6E= =DuKI -----END PGP SIGNATURE----- --==-=-=--