[bug#32141] [PATCH] services: Add ddclient service.

[ludo@gnu.org (Ludovic Courtès)]

Hi Oleg,

Sorry for the delay, I had forgotten about this patch.  (Feel free to
ping when that happens!)

Oleg Pykhalov <go.wigust@gmail.com> skribis:

> I applied all your suggestions and updated the documentation.  The patch
> is attached below.  I run a ddclient service from this patch currently.

Neat.

> ludo@gnu.org (Ludovic Courtès) writes:

[...]

>> In short we must not manipulate secrets in anything that goes through
>> the store.  The only thing I can suggest is to leave it up to the
>> user to create a file containing the secret in an out-of-band fashion;
>> /etc is a good place for such things.
>>
>> For example, they could create /etc/ddclient-secrets and then we would
>> somehow arrange to get that file read.
>>
>> To do that there are two possibilities that come to mind:
>>
>>   1. If the config file syntax has an “include” directive, just include
>>      /etc/ddclient-secrets unconditionally in the generated config file.
>>
>>   2. Write an activation snippet that concatenates the generated config
>>      file with /etc/ddclient-secrets and stores that as
>>      /etc/ddclient.conf (or something like that.)
>>
>> Thoughts?
>
> Could we use ‘/etc/ddclient’ directory for secrets file, because
> ddclient program use this directory by default?

Sure.

> From 3f47ae60ecb2e8780c451e93976b5c83135d8420 Mon Sep 17 00:00:00 2001
> From: Oleg Pykhalov <go.wigust@gmail.com>
> Date: Fri, 13 Jul 2018 11:49:13 +0300
> Subject: [PATCH] services: Add ddclient service.
>
> * gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
> variables.
> (uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
> serialize-string, serialize-list, serialize-extra-options,
> ddclient-activation, ddclient-shepherd-service,
> generate-ddclient-documentation): New procedures.
> * doc/guix.texi (DNS Services): Document it.

[...]

> +By default, the @code{secret-file} in @code{ddclient-configuration} is
> +pointing to @file{/etc/ddclient/secrets.conf} file, which will be appended to
> +@file{/etc/ddclient/ddclient.conf} and should be created in advance.  See
> +samples inside @file{/share/ddclient} directory of @code{ddclient} package.

I propose slightly different wording, to make it clear that users are
expected to provide the secret file:

  The following example show instantiates the service with its default
  configuration:

  @example
  (service ddclient-service-type)
  @end example

  Note that ddclient needs to access credentials that are stored in a
  @dfn{secret file}, by default @file{/etc/ddclient/secrets} (see
  @code{secret-file} below.)  You are expected to create this file
  manually, in an ``out-of-band'' fashion (you @emph{could} make this
  file part of the service configuration, for instance by using
  @code{plain-file}, but it will be world-readable @i{via}
  @file{/gnu/store}.)  See the examples in the @file{share/ddclient}
  directory of the @code{ddclient} package.

WDYT?

> +@deftypevr {@code{ddclient-configuration} parameter} string secret-file
> +Secret file which will be appended to ddclient.conf file.
                                         ^
@file{ddclient.conf}

Maybe add:

  This file contains credentials for use by ddclient.  You are expected
  to create it manually.

> +Defaults to @samp{"/etc/ddclient/secrets.conf"}.

OK with changes along these lines.

Thank you!

Ludo’.