From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp11.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id UH3CLs5LBmKEDAEAgWs5BA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 11 Feb 2022 12:43:10 +0100
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp11.migadu.com with LMTPS
	id QBYyLM5LBmJdugAA9RJhRA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 11 Feb 2022 12:43:10 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 2385E1FB8D
	for <larch@yhetil.org>; Fri, 11 Feb 2022 12:43:10 +0100 (CET)
Received: from localhost ([::1]:45804 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1nIUKT-0004rl-AF
	for larch@yhetil.org; Fri, 11 Feb 2022 06:43:09 -0500
Received: from eggs.gnu.org ([209.51.188.92]:33000)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <josuast@hotmail.com>)
 id 1nIUKF-0004qh-Vf
 for guix-devel@gnu.org; Fri, 11 Feb 2022 06:42:57 -0500
Received: from mail-db8eur05olkn2038.outbound.protection.outlook.com
 ([40.92.89.38]:39520 helo=EUR05-DB8-obe.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <josuast@hotmail.com>)
 id 1nIUKC-0005g4-Rg
 for guix-devel@gnu.org; Fri, 11 Feb 2022 06:42:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=mfzuSkFALby3+gNkUr2siAItCqQdlKHEodb6xUpxElLaaidGQr7ux0ikR5ZjBQzn/g3XGg5Rx+KNYKH6unI6sggXp9UcSW8u//y+pvV5uz+hHZH04nOdFn+X6t+xmdFFsUROTyVW/eg50bjeS655KvIfYDi4g5J+RxAH/mFjXdtiYZeY0xJwp994El8nQWwHH5lgisRtUxsfkZLCZyA/H0xDo1RA5oGKNBVSXfi3sLsDqFxFx5fZ2xSnCDnWSYwA8fNBXbOSKgJl/O2iJgZy/8blTTa6qD2ilPeBP2EdUrXlCMPllzdkbzTBKRmZ+ZN/Y3x5sSqTzlmFyFcVFX5bJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=0YP7Akf2NxkApPSyyvvHVB0O0bb848SVtbR61wRO1Hw=;
 b=cETly46Y2SuRqs7gtULOJ3F9ilsKNVsIq3a5FPwatT76L1LG2qorZwZLaX76wjPVxXwlCOyEujQR/DBRAJ3ZMejQiXfvhVrhHEfyPqcAxIOkKDFh3K2jLAMbr9T3xiTGFfzr7drq3Qu50+AEvQQLV8n5TN20XvQkMkokRNXeaxWxXbTQdtmnnEza4wyrFO52AURGcZDcwpTBVno46KaCGbPuwRow2p8jUGrAGWeacWCAjZuUSkfpcUEIH/UxUKWFenxRgKQ7E4vSfd18E33B61VXgk6k3ELpqIe42EZD7ZXV6SPu84HC7gxdrRGQa3uPDytTCPVN2VxlOggrSlJz6w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=0YP7Akf2NxkApPSyyvvHVB0O0bb848SVtbR61wRO1Hw=;
 b=J2ipB2E7iakXUfLP0dUQBYm/6EfbQ5l/7Vlf3K/pRqS4aSfWPkVAdgEVBStFTsvdHqvHKg4qDKeV9P6c9kd6EKBVPZnq4BPjch5Fq7C9BtzNk4EpI/jrj297xiLakv0Z9p7rLrjqWLNDl3b/cFZ4B4+C3jWqtxtj/DccXQ7/Q+l40y3ZOoF6T7vo77uTVyFsae0fQw3aDXsbAPS/4d/G6/os790/3E2ZeN8wkqAP77RdT5CyegBG+fvlG1FDlvLcIREz+CATgrSffl3GcOCRmD/BHwnHyonm/e07hJM41nHFJ0Nr1CX4imZX/dnLo3gApuJ9DADOi3N0oLwKln+ptg==
Received: from DB9PR06MB7657.eurprd06.prod.outlook.com (2603:10a6:10:23e::12)
 by AM0PR06MB6131.eurprd06.prod.outlook.com (2603:10a6:208:16b::17)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Fri, 11 Feb
 2022 11:42:50 +0000
Received: from DB9PR06MB7657.eurprd06.prod.outlook.com
 ([fe80::2502:2717:6d5c:d6be]) by DB9PR06MB7657.eurprd06.prod.outlook.com
 ([fe80::2502:2717:6d5c:d6be%6]) with mapi id 15.20.4951.021; Fri, 11 Feb 2022
 11:42:50 +0000
Date: Fri, 11 Feb 2022 12:42:48 +0100
From: Josua Stingelin <josuast@hotmail.com>
To: guix-devel@gnu.org
Subject: unbound-service-type
Message-ID: <DB9PR06MB7657C505B6B580A05DED5487AA309@DB9PR06MB7657.eurprd06.prod.outlook.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="e3wH9a0o/Ie9kRbk"
Content-Disposition: inline
X-TMN: [bjDiB7Cki/8XTpAqpGK8HqMduFdbOL+R]
X-ClientProxiedBy: ZR0P278CA0126.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:20::23) To DB9PR06MB7657.eurprd06.prod.outlook.com
 (2603:10a6:10:23e::12)
X-Microsoft-Original-Message-ID: <YgZLoDN2Wzc3D5kn@grump.9>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 213a3066-f325-4a19-1310-08d9ed53a1ec
X-MS-TrafficTypeDiagnostic: AM0PR06MB6131:EE_
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +5OBavdkcUdJE4lLYSP8I3+/X4Smhgp8FRueDPD7RjnbwheCJSf6KnhcbzmiWVL9GtHNXaTx1GrS/LF8FLlqdFPEW4O1w5uOu2lF125Mn5blXhK4h3clMMz9F9nRqCuYJDZ8Uwl8RF9USw165B/QQ1rnBq1a7ZhkmHe7kr3owI6YnD0kyDh0RGPEZqyxVp4iIJxj/jmR83TU1l71m7+65FcNXv5K/MV/vlAjZ9dn3yg0BeuMObMFRpFnRyVyKxYh1sqxa/S+RAi1fKVSX/ttinYEELLKcnXsJTJ1AINRY0+I/F/N6FeWd6O1zJgjFqMmRP3KdhGwuj0D6TWBRLo9XexOhJGlVwi59ehKvTMRQT4R9yT72XnpJJgpDBqLskLnvB+jq3DykDsnxd9Ex5kZ5R7V2nXrwJl3DrvBBB1SCn2wQKd4nIJkfotFKOha1if5GL+OQCSBB06RdG8t5R+Ah6fibgdE2fWhLc9ef14VbjO+KnNJRVQWkTtaC7TX3UZZ8aG7W3rk0WIcToQe53KzjQYohcQ8MeJvfiN+nU8ygVbVBpqzduIFOcyaLm8HVtRWpEa7DBRqFb5eb42ct9iyXg==
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lsR2ouZHW55UP2RyoV6eXfsAcY09FNvMy6BgiIt/bFJBgBEHrJr/wHfqP4hM?=
 =?us-ascii?Q?Sg3Fua85e1Uq4ViaTVHa/iu2KQy6zK4Y3G9kB41/m+Sz2B8aWIx7QDXScEx/?=
 =?us-ascii?Q?5zYl0+zuHpPzoUrb/zSYdoIgRyvbIkbCnANDlhmR6pVAAUgxJICATRUX24ca?=
 =?us-ascii?Q?kLIXm5M5OpY+FytIGGlBZHu627XY9cgI7phetDYFURrr1sYzuotzru7ubjjy?=
 =?us-ascii?Q?J3BgetBGQOZ/3gh2jV6JgoajCz7zPmdaLqT+yqQrSmTfnR0iucfMLwj9nyoi?=
 =?us-ascii?Q?d9eJN+0tcVIXn31fZP7RzQT43N1BdPX/DDOpAKuBw9CFIwcNT6hvl+ts6/KZ?=
 =?us-ascii?Q?5LvcHS4jzab8846qcRl7sHtEb73g6yk37t9pMCuE2fSWefA0l26NJDnsIDwy?=
 =?us-ascii?Q?Q+oofYmJ9bQx9j9Ady3UAZZTOdHSkhJ33DIAC/k3fml2+uBVbSuVIurII1Ab?=
 =?us-ascii?Q?ixV9rto7K7I8ZlfE0OhnZL1JcQ9Db+5RiodDEsc0Iq0qK8HaVyiRhQWQGfTG?=
 =?us-ascii?Q?VXMdRmn6osCwbct6rQiAg+DuHs0GUq95nuSD8lpIwHtliNx8eAo+/80cyXAK?=
 =?us-ascii?Q?qnF13kMQRkWdIxcvX4scT+evuKvUv0XtMMyAbFjGHbfzil31nwewxYAAb8YW?=
 =?us-ascii?Q?Fq+GjOxmL511bDRA3yHTX4Qlnr+6ujY+nFsuBykiwubm6GNv0S4LIt/Z52rz?=
 =?us-ascii?Q?NE/R0KQrAFXiAefQLA92AbRdBw7Ws5l4gHAE76gasbpw35UydfzX2dv2aV5/?=
 =?us-ascii?Q?piAdncl7kcoQdEkzWdBeu9roTQXF8ZiODAWOFGQU1l/RLOVTNk8bnAoenp9R?=
 =?us-ascii?Q?dP/Mj8OlVGpNq2Hj4SqjZD0Bs2jZbkRnCGk+sqIvEv2V4xZJoHbUJiOfYgx5?=
 =?us-ascii?Q?mjKL2bC0Z991U/WZCQ7/rs2kxnTQ0jJjnIPkwAQZ0I43Zb2eNAn1tYNBqKVQ?=
 =?us-ascii?Q?wttwLGLZtcUdQ1VuV/5GyQ=3D=3D?=
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-6e454.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 213a3066-f325-4a19-1310-08d9ed53a1ec
X-MS-Exchange-CrossTenant-AuthSource: DB9PR06MB7657.eurprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2022 11:42:50.7275 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR06MB6131
Received-SPF: pass client-ip=40.92.89.38; envelope-from=josuast@hotmail.com;
 helo=EUR05-DB8-obe.outbound.protection.outlook.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1644579790;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=0YP7Akf2NxkApPSyyvvHVB0O0bb848SVtbR61wRO1Hw=;
	b=JZVKxwPiZswfLFCoGURS8JjjTlaFodPw23m2OkH1MDLUQQpDBUjroZoVQJb0Ydx9A2tAOO
	5yg5qq1fLmhtnp9pR1QETsqUNInuLvwbzUpdZmSnEbJXTlpjcbaoUoM5p3ngS4tvYUptCb
	EzRMnPvNnNaoF+co4z1urTcX58To7oPh63BvbmwD6yJ/8lrJCr6q5kVEagijjylJ5OtEdK
	Me2bA2ppmtZo4Wiozh6pddGVurHuri/AUgzZa1TkB7FrcmrKzMQ6pPJ+Dttvy7drYCgvJR
	eCO8t1/7/8lzXfnYnX115QpMy3Xsed5RZyJsRmti+KJFfSDpwwl5NQfdvwz8Dw==
ARC-Seal: i=2; s=key1; d=yhetil.org; t=1644579790; a=rsa-sha256; cv=pass;
	b=glh/VaxJ+DWqBWqgU1EyFSW4lI8zt8A6h7faSsK6oxFZ+BhHSeBUhQamIHE97826MrfUb1
	+6WBYnopWrIX9/ZBvziFjXBfyVDpNboBXUDA0LX8YLvemf2QImyZNOBZauLOxWegS3iXZ1
	pqQ6mWkIUptQB/YH/PzZOoyo5jtsnotmLy8IlLT0UHJo/A1X2jgM0oGcVjA3Rx4bTKPuv1
	y4CCzMGjrXC4/qucAFraEB+sj7ZXf+LY215I0zsWYXi9C49imKQdnxRg50kZWxfY0AC7JL
	7upkqAswN2JbM0b3eQMVhjM3ojTv44EIdQis28Ef+Y7UBubUMFhCdJKfClRtJw==
ARC-Authentication-Results: i=2;
	aspmx1.migadu.com;
	dkim=pass header.d=hotmail.com header.s=selector1 header.b=J2ipB2E7;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=none) header.from=hotmail.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -13.03
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=hotmail.com header.s=selector1 header.b=J2ipB2E7;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=none) header.from=hotmail.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 2385E1FB8D
X-Spam-Score: -13.03
X-Migadu-Scanner: scn0.migadu.com
X-TUID: rfk2j3Q1H1nN

--e3wH9a0o/Ie9kRbk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hei Guix!

As far as I can see there's no service type to run unbound. A local, recursive,
caching DNS server.

I've tried to create it - but it doesn't quite work.

In order to be pushed upstream I'd like to add the configuration of the options
easily using the unbound-configuration-type.

For now I'd just like to get it up and running to start playing around with
more configuration options.

I'd like unbound to run in a chroot and with the user unbound.

So I started with the user account.

  (define %unbound-accounts
    (list (user-account
           (name "unbound")
           (group "nogroup")
           (system? #t)
           (comment "unbound daemon user")
           (home-directory "/etc/unbound")
           (shell (file-append shadow "/sbin/nologin")))))

Then I defined the unbound-configuration record type. Later on I want to expand
that. (Allow configuring of the user, group and directly set properties instead
of copying the configuration file)

  (define-record-type* <unbound-configuration>
    unbound-configuration make-unbound-configuration
    unbound-configuration?
    (package           unbound-configuration-package
                       (default unbound))
    (pid-file          unbound-configuration-pid-file
                       (default "/etc/unbound/unbound.pid")))

Next there is the shepherd-service configuration.

  (define unbound-shepherd-service
    (match-lambda
      (($ <unbound-configuration> package pid-file)
       (list (shepherd-service
               (provision '(unbound))
               (documentation "Run the unbound DNS server.")
               (requirement '(networking))
               (start #~(make-forkexec-constructor
                          '(#$(file-append package "/sbin/unbound")
                            "-d"
                            "-c" "/etc/unbound/unbound.conf")
                      #:pid-file #$pid-file))
               (stop #~(make-kill-destructor)))))))

Based on these definitions I can now create the unbound-service-type.

  (define unbound-service-type
    (service-type
      (name 'unbound)
      (extensions
        (list (service-extension shepherd-root-service-type unbound-shepherd-service)
              (service-extension account-service-type (const %unbound-accounts))))
      (default-value (unbound-configuration))
      (description "Run the unbound DNS server")))


However when I add these to my operating-system configuration, and copy the
configuration file using the etc-service-type it doesn't run on start.

  (operating-system
    ...
    (services (append (list
      (simple-service 'unbound-service
                      etc-service-type
                      `(("unbound/unbound.conf", (local-file "unbound/unbound.conf"))
                        ("unbound/root.hints", (local-file "unbound/root.hints"))
                        ("unbound/root.key", (local-file "unbound/root.key"))))
      (service unbound-service-type))
    %base-services)))


As /etc/unbound is owned by root and a symlink to /etc/static/unbound that
isn't surprising.

How would I configure such a service under Guix (point me to an example maybe?)
and which directory should be used for the chroot? /etc/unbound doesn't feel
quite right.

Kind Regards
Josua a.k.a Joshua/Josh


--e3wH9a0o/Ie9kRbk
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEP2QDk+RqWsz+fYAQjxm3e/e+sJ4FAmIGS7gACgkQjxm3e/e+
sJ4GyQf/Qk9h/sB48+aDl4fJ6Kl80G748N/g1XRFzrB9Rbi8e6Kys7/5pLHgKbJO
92ELUdRz4G+fDDViqLx/806Sm/5kG5TTF5duI9Tei7DZKctCTgpFy/ckmrb3xanJ
jRSIlTe80FZbvWIUGu6iUwZ0hiRDES1gYDijEAS9R4ffrQJBtbahl33rljjBzcb/
CfTi2s2FEAohIepjvkmgkGpSoOaT2pj1Al1S18LH68IQPJkgqRdZ898fa7g71aR5
Pb7w0/7UwABcFm7ckQVQNoghmUh0uY6JTZMgmBWMzXa7kXVeTD4dWV04SnJSyDqB
lja55QaT527y+FWeYpIrWHqn6/09pw==
=MKws
-----END PGP SIGNATURE-----

--e3wH9a0o/Ie9kRbk--