From: ludo@gnu.org (Ludovic Courtès)
To: Oleg Pykhalov <go.wigust@gmail.com>
Cc: 32141@debbugs.gnu.org
Subject: [bug#32141] [PATCH] services: Add ddclient service.
Date: Mon, 27 Aug 2018 13:22:45 +0200 [thread overview]
Message-ID: <87zhx8awai.fsf@gnu.org> (raw)
In-Reply-To: <874lgengj9.fsf@gmail.com> (Oleg Pykhalov's message of "Wed, 01 Aug 2018 20:27:38 +0300")
Hi Oleg,
Sorry for the delay, I had forgotten about this patch. (Feel free to
ping when that happens!)
Oleg Pykhalov <go.wigust@gmail.com> skribis:
> I applied all your suggestions and updated the documentation. The patch
> is attached below. I run a ddclient service from this patch currently.
Neat.
> ludo@gnu.org (Ludovic Courtès) writes:
[...]
>> In short we must not manipulate secrets in anything that goes through
>> the store. The only thing I can suggest is to leave it up to the
>> user to create a file containing the secret in an out-of-band fashion;
>> /etc is a good place for such things.
>>
>> For example, they could create /etc/ddclient-secrets and then we would
>> somehow arrange to get that file read.
>>
>> To do that there are two possibilities that come to mind:
>>
>> 1. If the config file syntax has an “include” directive, just include
>> /etc/ddclient-secrets unconditionally in the generated config file.
>>
>> 2. Write an activation snippet that concatenates the generated config
>> file with /etc/ddclient-secrets and stores that as
>> /etc/ddclient.conf (or something like that.)
>>
>> Thoughts?
>
> Could we use ‘/etc/ddclient’ directory for secrets file, because
> ddclient program use this directory by default?
Sure.
> From 3f47ae60ecb2e8780c451e93976b5c83135d8420 Mon Sep 17 00:00:00 2001
> From: Oleg Pykhalov <go.wigust@gmail.com>
> Date: Fri, 13 Jul 2018 11:49:13 +0300
> Subject: [PATCH] services: Add ddclient service.
>
> * gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
> variables.
> (uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
> serialize-string, serialize-list, serialize-extra-options,
> ddclient-activation, ddclient-shepherd-service,
> generate-ddclient-documentation): New procedures.
> * doc/guix.texi (DNS Services): Document it.
[...]
> +By default, the @code{secret-file} in @code{ddclient-configuration} is
> +pointing to @file{/etc/ddclient/secrets.conf} file, which will be appended to
> +@file{/etc/ddclient/ddclient.conf} and should be created in advance. See
> +samples inside @file{/share/ddclient} directory of @code{ddclient} package.
I propose slightly different wording, to make it clear that users are
expected to provide the secret file:
The following example show instantiates the service with its default
configuration:
@example
(service ddclient-service-type)
@end example
Note that ddclient needs to access credentials that are stored in a
@dfn{secret file}, by default @file{/etc/ddclient/secrets} (see
@code{secret-file} below.) You are expected to create this file
manually, in an ``out-of-band'' fashion (you @emph{could} make this
file part of the service configuration, for instance by using
@code{plain-file}, but it will be world-readable @i{via}
@file{/gnu/store}.) See the examples in the @file{share/ddclient}
directory of the @code{ddclient} package.
WDYT?
> +@deftypevr {@code{ddclient-configuration} parameter} string secret-file
> +Secret file which will be appended to ddclient.conf file.
^
@file{ddclient.conf}
Maybe add:
This file contains credentials for use by ddclient. You are expected
to create it manually.
> +Defaults to @samp{"/etc/ddclient/secrets.conf"}.
OK with changes along these lines.
Thank you!
Ludo’.
next prev parent reply other threads:[~2018-08-27 11:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-13 14:58 [bug#32141] [PATCH] services: Add ddclient service Oleg Pykhalov
2018-07-19 9:40 ` Ludovic Courtès
2018-07-25 7:22 ` Oleg Pykhalov
2018-07-26 8:51 ` Ludovic Courtès
2018-08-01 17:27 ` Oleg Pykhalov
2018-08-27 11:22 ` Ludovic Courtès [this message]
2018-08-29 22:45 ` bug#32141: " Oleg Pykhalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zhx8awai.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=32141@debbugs.gnu.org \
--cc=go.wigust@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.