From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id +OYzFSU+cmSxKQAASxT56A (envelope-from ) for ; Sat, 27 May 2023 19:30:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id EHdLFCU+cmQrBgEAG6o9tA (envelope-from ) for ; Sat, 27 May 2023 19:30:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B9F2A2DBD for ; Sat, 27 May 2023 19:30:12 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q2xjx-0006JA-Ek; Sat, 27 May 2023 13:30:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q2xjv-0006Iq-65 for guix-patches@gnu.org; Sat, 27 May 2023 13:30:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q2xju-0008HP-TM for guix-patches@gnu.org; Sat, 27 May 2023 13:30:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q2xju-0003f9-PU for guix-patches@gnu.org; Sat, 27 May 2023 13:30:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63758] home-dicod-service-type Resent-From: Mitchell Schmeisser Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 27 May 2023 17:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 63758 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 63758@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.168520858514004 (code B ref -1); Sat, 27 May 2023 17:30:02 +0000 Received: (at submit) by debbugs.gnu.org; 27 May 2023 17:29:45 +0000 Received: from localhost ([127.0.0.1]:52519 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q2xjc-0003dn-Fb for submit@debbugs.gnu.org; Sat, 27 May 2023 13:29:45 -0400 Received: from lists.gnu.org ([209.51.188.17]:53920) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q2xja-0003dc-CK for submit@debbugs.gnu.org; Sat, 27 May 2023 13:29:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q2xja-0006Hh-5g for guix-patches@gnu.org; Sat, 27 May 2023 13:29:42 -0400 Received: from mx1.librem.one ([138.201.176.93]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q2xjX-000880-8z for guix-patches@gnu.org; Sat, 27 May 2023 13:29:41 -0400 Received: from smtp.librem.one (unknown [192.241.214.14]) by mx1.librem.one (Postfix) with ESMTPS id 6E16E81E85 for ; Sat, 27 May 2023 10:29:34 -0700 (PDT) Date: Sat, 27 May 2023 13:29:30 -0400 Message-Id: <87leh9d6o5.fsf@librem.one> Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=138.201.176.93; envelope-from=mitchellschmeisser@librem.one; helo=mx1.librem.one X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, MIME_HEADER_CTYPE_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Mitchell Schmeisser X-ACL-Warn: , Mitchell Schmeisser via Guix-patches From: Mitchell Schmeisser via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1685208612; a=rsa-sha256; cv=none; b=cUg09WD1VqkznR3wAsF9c+Q/Cs3NTwNmKQ2JwOPFHs/a9wPYhdj4BOnmsPebIxs0X2fa9U x6G1GIwo02PWyp5KxlF/POeLERGjwoNfVYtuO2D8+8mDn1YKnrx7OBzHdSxB5TDolMdEoJ nagTjv8m0X+1H70gAXb1aQvo8fGLYNzxEjHbFblmhiFTuRbyQDedinpS5NTpIUvISRjEiC AvmHlPXOhOMJuDU4E1/E35e2Hm7oESGDz2o0ebBo3iOpFlQO2aZMfTK/Bh4HdZaVec5EaM 9RQjrGbTbtcCsIbsSMI9uKh1UorP5KNwSTYIE2dnPnexDFSrAEclpbOxu4/zRQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1685208612; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:content-type:content-type:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=uEvS9QVM9sUzzCg/8wzWQKzkETSZDLo3aUw3xQpHAwQ=; b=Ue7sf1KCnU2Bw9Kwqq5OaQr4qznMreHrujSGw+UmUD9vWUD5mUDR9FP7V/F5FT4lW8yK1C eYGjtVOMK7q4HGitayHF1I2nZAm/lTIU/HWDz5Bn5J17/ds2vPUcCZCBIylRBCbjwUd5ci ydxc4VqtnDGhHzDowEEtb/pTSxTYRMKSZHgv7Nd2uXGXqE9xh0/JPW0+DnTdn6pYnOMvhz as3wfAV6dEYA60iUTMPirC5ZxYn0LBQKkKxs+3e7/MwwtaX479mtpl8jA9UroqvKS2IhuP IRQQcwMC/w+OBxCufJ5t10NQrCs2oevl0NSVYNDzvdvZZZs3hKd03S750CE3Qg== X-Migadu-Spam-Score: -0.31 X-Spam-Score: -0.31 X-Migadu-Queue-Id: B9F2A2DBD X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-TUID: KWLO8KHLECd0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-home-add-gnu-home-services-dict.scm-and-home-dicod-s.patch >From ed111e39aa2d188a146e73251aff63156698bb54 Mon Sep 17 00:00:00 2001 From: Mitchell Schmeisser Date: Sat, 27 May 2023 13:22:32 -0400 Subject: [PATCH] home: add gnu/home/services/dict.scm and home-dicod-service-type * gnu/home/services/dict.scm: Add home-dicod-service-type --- gnu/home/services/dict.scm | 84 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 gnu/home/services/dict.scm diff --git a/gnu/home/services/dict.scm b/gnu/home/services/dict.scm new file mode 100644 index 0000000000..2d745baa5d --- /dev/null +++ b/gnu/home/services/dict.scm @@ -0,0 +1,84 @@ +(define-module (gnu home services dict) + #:use-module (srfi srfi-1) + #:use-module (guix gexp) + #:use-module (guix least-authority) + #:use-module (gnu build linux-container) + #:use-module (gnu home services) + #:use-module (gnu home services shepherd) + #:use-module (gnu packages dictionaries) + #:use-module (gnu services dict) + #:use-module (gnu system file-systems) + + #:export (%home-dicod-database:gcide + %home-dicod-configuration + home-dicod-service-type)) + +(define dico-run-time-dir "/tmp/dico") + +(define %home-dicod-database:gcide + (dicod-database + (name "gcide") + (handler "gcide") + (options (list #~(string-append "dbdir=" #$gcide "/share/gcide") + #~(string-append "idxdir=" #$dico-run-time-dir))))) + +(define %home-dicod-configuration + (dicod-configuration + (databases (list %home-dicod-database:gcide)))) + +(define %home-dicod-activation + #~(begin + (use-modules (guix build utils)) + (mkdir-p #$dico-run-time-dir))) + +(define (home-dicod-shepherd-service config) + (let* ((dicod.conf ((@@ (gnu services dict) dicod-configuration-file) config)) + (interfaces ((@@ (gnu services dict) dicod-configuration-interfaces) config)) + (dicod (least-authority-wrapper + (file-append + ((@@ (gnu services dict) dicod-configuration-dico) config) "/bin/dicod") + #:name "dicod" + #:mappings (list (file-system-mapping + (source dico-run-time-dir) + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") + (target source)) + (file-system-mapping + (source dicod.conf) + (target source))) + #:namespaces (delq 'net %namespaces)))) + (list (shepherd-service + (provision '(dicod)) + (documentation "Run the dicod daemon.") + (start #~(if (and (defined? 'make-inetd-constructor) + #$(= 1 (length interfaces))) ;XXX + (make-inetd-constructor + (list #$dicod "--inetd" "--foreground" + (string-append "--config=" #$dicod.conf)) + (addrinfo:addr + (car (getaddrinfo #$(first interfaces) "dict"))) + #:service-name-stem "dicod") + (make-forkexec-constructor + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf))))) + (stop #~(if (and (defined? 'make-inetd-destructor) + #$(= 1 (length interfaces))) ;XXX + (make-inetd-destructor) + (make-kill-destructor))) + (actions (list (shepherd-configuration-action dicod.conf))))))) + +(define home-dicod-service-type + (service-type + (name 'home-dicod) + (extensions (list (service-extension home-shepherd-service-type + home-dicod-shepherd-service) + (service-extension home-activation-service-type + (const %home-dicod-activation)))) + (default-value %home-dicod-configuration) + (description + "Run @command{dicod}, the dictionary server of +@uref{https://www.gnu.org/software/dico, GNU Dico}. @command{dicod} +implements the standard DICT protocol supported by clients such as +@command{dico} and GNOME Dictionary as a user."))) -- 2.39.1 --=-=-= Content-Type: text/plain Here is a patch to add dicod service type to Guix Home, and here are some things I wrote about the process. --------------------------------- #+title: Extending Guix Home #+author: Mitchell Schmeisser I recently learned of a new [[https://www.masteringemacs.org/article/wordsmithing-in-emacs][Emacs feature]] ~M-x dictionary~ which allows you to connect to a dictionary server using a special protocol. Out of the box Emacs can reach out to places like [[https://dictionary.com][dictionary.com]] to look up the definition of words. This is convenient, but it is a [[https://www.gnu.org/philosophy/who-does-that-server-really-serve.en.html][Service as a Software Substitute]]. There is no reason why I cannot run my own dictionary server and protect my privacy. After all, you never know when the NSA will try to change the definitions of words to make you look foolish. It is very easy to run one of these servers in a freedom respecting way, simply get your hands on a copy of GNU Dico and your dictionary of choice and run ~dicod~. Most people like to run ~dicod~ as a service which is managed by the init system. To my dismay every tutorial and blog post required the user to use ~sudo~ to install programs and modify the init system. This is less than desirable. A wonderful, often under-rated, feature of GNU Guix is /unprivileged/ package management. An even more under-rated feature of GNU Guix is /unprivileged/ service management provided by [[https://guix.gnu.org/en/blog/2022/keeping-ones-home-tidy/][Guix Home]]. * Guix Home Services Guix Home allows you to extend the declarative Guix model to your home environment. You can install packages and dot files transactionally, making migration to a new machine painless and consistent. Unfortunately, at the time of writing there are very few Guix Home services and most of them simply generate dot files for this or that shell. Or are there? * System Services are Home Services GNU Guix has a ~dico-service-type~ which is very easy to use. Unfortunately this service type requires system-wide modifications and requires root. It is also out of reach for people running Guix on a foreign distribution where ~guix system reconfigure~ is not an option. Below is the definition of the ~dicod-service-type~ designed for the Guix System. #+BEGIN_SRC scheme ;; from gnu/services/dict.scm (define dicod-service-type (service-type (name 'dict) (extensions (list (service-extension account-service-type (const %dicod-accounts)) (service-extension activation-service-type (const %dicod-activation)) (service-extension shepherd-root-service-type dicod-shepherd-service))) (default-value (dicod-configuration)) (description "Run @command{dicod}, the dictionary server of @uref{https://www.gnu.org/software/dico, GNU Dico}. @command{dicod} implements the standard DICT protocol supported by clients such as @command{dico} and GNOME Dictionary."))) #+END_SRC Here is the definition of the ~home-dicod-service-type~. The only difference between them is for Guix Home we want to run all processes as the user and cannot create new accounts. #+BEGIN_SRC scheme (define home-dicod-service-type (service-type (name 'home-dict) (extensions (list (service-extension home-shepherd-service-type home-dicod-shepherd-service) (service-extension home-activation-service-type (const %home-dicod-activation)))) (default-value %home-dicod-configuration) (description "Run @command{dicod}, the dictionary server of @uref{https://www.gnu.org/software/dico, GNU Dico}. @command{dicod} implements the standard DICT protocol supported by clients such as @command{dico} and GNOME Dictionary as a user."))) #+END_SRC In general, this is the only difference between a Home Service and a System Service. System services will generally insist on an account specifically for running a process and take some steps to create an environment where that account has just enough permissions to do the job. Home services all run as the user and so the the user needs to have enough permissions to do the job. =/var/run= becomes =$XDG_RUNTIME_DIR= or =/run/user/$(uid)/=. * Unprivileged, Containerized, dictionary server Using the code below I can finally look up the definitions of words in complete, unprivileged, freedom! This service spawns a ~dicod~ server isolated from the system using ~least-authority-wrapper~. It shares the network namespace and can see it's run-time directory and read-only configuration file and that is it. This is nice, but could it be nicer? #+BEGIN_SRC scheme ;; A new database is defined which places the idxdir argument ;; in a place writable by the user. ;; /tmp was chosen over XDG_RUNTIME_DIR or /run/user/ ;; because I do not know when this is evaluated. ;; guix pull time or guix home reconfigure time. ;; I think these are the same in most cases but maybe they're not? (define runtime-dir "/tmp/dico") (define %home-dicod-database:gcide (dicod-database (name "gcide") (handler "gcide") (options (list #~(string-append "dbdir=" #$gcide "/share/gcide") #~(string-append "idxdir=" #$runtime-dir))))) (define %home-dicod-configuration (dicod-configuration (databases (list %home-dicod-database:gcide)))) (define %home-dicod-activation #~(begin (use-modules (guix build utils)) (mkdir-p #$runtime-dir))) (define (home-dicod-shepherd-service config) (let* ((dicod.conf ((@@ (gnu services dict) dicod-configuration-file) config)) (interfaces ((@@ (gnu services dict) dicod-configuration-interfaces) config)) (dicod (least-authority-wrapper (file-append ((@@ (gnu services dict) dicod-configuration-dico) config) "/bin/dicod") #:name "dicod" #:mappings (list (file-system-mapping (source runtime-dir) (target source) (writable? #t)) (file-system-mapping (source "/dev/log") (target source)) (file-system-mapping (source dicod.conf) (target source))) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(dicod)) (documentation "Run the dicod daemon.") (start #~(if (and (defined? 'make-inetd-constructor) #$(= 1 (length interfaces))) ;XXX (make-inetd-constructor (list #$dicod "--inetd" "--foreground" (string-append "--config=" #$dicod.conf)) (addrinfo:addr (car (getaddrinfo #$(first interfaces) "dict"))) #:service-name-stem "dicod") (make-forkexec-constructor (list #$dicod "--foreground" (string-append "--config=" #$dicod.conf))))) (stop #~(if (and (defined? 'make-inetd-destructor) #$(= 1 (length interfaces))) ;XXX (make-inetd-destructor) (make-kill-destructor))) (actions (list (shepherd-configuration-action dicod.conf))))))) #+END_SRC * Is =gnu/home/services= an Anti-Pattern? The code above is almost identical to the code located in =gnu/services/dict.scm=. The only difference, as a mentioned, is the account information. With this in mind, does it make sense to define Home Services along side their system counter parts in =gnu/services=? I believe many services in =gnu/services= can run from Guix Home with only minor modifications. --=-=-=--