gnu: dmd: Add 'user-accounts' and 'user-groups' fields to <service>.

* gnu/system/shadow.scm (guix-build-accounts): Move to...
* gnu/system/dmd.scm (guix-build-accounts): ... here.
  (<service>)[user-accounts, user-groups]: New fields.
  (guix-service): New #:build-user-id and #:build-accounts parameters.
  Use 'guix-build-accounts' and set the 'user-accounts' and
  'user-groups' fields accordingly.
* gnu/system/vm.scm (system-qemu-image): Remove use of
  'guix-build-accounts'.  Augment ACCOUNTS and GROUPS from what SERVICES
  demand.
This commit is contained in:
Ludovic Courtès 2013-12-07 15:01:40 +01:00
parent 25ed6edb6c
commit 18fb40e414
3 changed files with 62 additions and 45 deletions

View File

@ -24,13 +24,16 @@
#:use-module ((gnu packages base) #:use-module ((gnu packages base)
#:select (glibc-final)) #:select (glibc-final))
#:use-module ((gnu packages system) #:use-module ((gnu packages system)
#:select (mingetty inetutils)) #:select (mingetty inetutils shadow))
#:use-module ((gnu packages package-management) #:use-module ((gnu packages package-management)
#:select (guix)) #:select (guix))
#:use-module ((gnu packages linux) #:use-module ((gnu packages linux)
#:select (net-tools)) #:select (net-tools))
#:use-module (gnu system shadow)
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:use-module (ice-9 format)
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (guix monads) #:use-module (guix monads)
#:export (service? #:export (service?
service service
@ -40,6 +43,8 @@
service-start service-start
service-stop service-stop
service-inputs service-inputs
service-user-accounts
service-user-groups
host-name-service host-name-service
syslog-service syslog-service
@ -70,6 +75,10 @@
(stop service-stop ; expression (stop service-stop ; expression
(default #f)) (default #f))
(inputs service-inputs ; list of inputs (inputs service-inputs ; list of inputs
(default '()))
(user-accounts service-user-accounts ; list of <user-account>
(default '()))
(user-groups service-user-groups ; list of <user-groups>
(default '()))) (default '())))
(define (host-name-service name) (define (host-name-service name)
@ -149,16 +158,47 @@
(inputs `(("inetutils" ,inetutils) (inputs `(("inetutils" ,inetutils)
("syslog.conf" ,syslog.conf))))))) ("syslog.conf" ,syslog.conf)))))))
(define* (guix-service #:key (guix guix) (builder-group "guixbuild")) (define* (guix-build-accounts count #:key
"Return a service that runs the build daemon from GUIX." (first-uid 30001)
(mlet %store-monad ((daemon (package-file guix "bin/guix-daemon"))) (gid 30000)
(shadow shadow))
"Return a list of COUNT user accounts for Guix build users, with UIDs
starting at FIRST-UID, and under GID."
(mlet* %store-monad ((gid* -> gid)
(no-login (package-file shadow "sbin/nologin")))
(return (unfold (cut > <> count)
(lambda (n)
(user-account
(name (format #f "guixbuilder~2,'0d" n))
(password "!")
(uid (+ first-uid n -1))
(gid gid*)
(comment (format #f "Guix Build User ~2d" n))
(home-directory "/var/empty")
(shell no-login)))
1+
1))))
(define* (guix-service #:key (guix guix) (builder-group "guixbuild")
(build-user-gid 30000) (build-accounts 10))
"Return a service that runs the build daemon from GUIX, and has
BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
(mlet %store-monad ((daemon (package-file guix "bin/guix-daemon"))
(accounts (guix-build-accounts build-accounts
#:gid build-user-gid)))
(return (service (return (service
(provision '(guix-daemon)) (provision '(guix-daemon))
(start `(make-forkexec-constructor ,daemon (start `(make-forkexec-constructor ,daemon
"--build-users-group" "--build-users-group"
,builder-group)) ,builder-group))
(stop `(make-kill-destructor)) (stop `(make-kill-destructor))
(inputs `(("guix" ,guix))))))) (inputs `(("guix" ,guix)))
(user-accounts accounts)
(user-groups (list (user-group
(name builder-group)
(id build-user-gid)
(members (map user-account-name
user-accounts)))))))))
(define* (static-networking-service interface ip (define* (static-networking-service interface ip
#:key #:key

View File

@ -24,9 +24,7 @@
#:use-module ((gnu packages system) #:use-module ((gnu packages system)
#:select (shadow)) #:select (shadow))
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:use-module (ice-9 format)
#:export (user-account #:export (user-account
user-account? user-account?
user-account-name user-account-name
@ -117,25 +115,4 @@ file."
(text-file (if shadow? "shadow" "passwd") contents)) (text-file (if shadow? "shadow" "passwd") contents))
(define* (guix-build-accounts count #:key
(first-uid 30001)
(gid 30000)
(shadow shadow))
"Return a list of COUNT user accounts for Guix build users, with UIDs
starting at FIRST-UID, and under GID."
(mlet* %store-monad ((gid* -> gid)
(no-login (package-file shadow "sbin/nologin")))
(return (unfold (cut > <> count)
(lambda (n)
(user-account
(name (format #f "guixbuilder~2,'0d" n))
(password "!")
(uid (+ first-uid n -1))
(gid gid*)
(comment (format #f "Guix Build User ~2d" n))
(home-directory "/var/empty")
(shell no-login)))
1+
1))))
;;; shadow.scm ends here ;;; shadow.scm ends here

View File

@ -535,8 +535,6 @@ alias ll='ls -l'
(define (system-qemu-image) (define (system-qemu-image)
"Return the derivation of a QEMU image of the GNU system." "Return the derivation of a QEMU image of the GNU system."
(define build-user-gid 30000)
(mlet* %store-monad (mlet* %store-monad
((services (listm %store-monad ((services (listm %store-monad
(host-name-service "gnu") (host-name-service "gnu")
@ -565,8 +563,6 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
#:allow-empty-passwords? #t #:allow-empty-passwords? #t
#:motd motd))) #:motd motd)))
(build-accounts (guix-build-accounts 10 #:gid build-user-gid))
(bash-file (package-file bash "bin/bash")) (bash-file (package-file bash "bin/bash"))
(dmd-file (package-file dmd "bin/dmd")) (dmd-file (package-file dmd "bin/dmd"))
(dmd-conf (dmd-configuration-file services)) (dmd-conf (dmd-configuration-file services))
@ -584,19 +580,23 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
(comment "Guest of GNU") (comment "Guest of GNU")
(home-directory "/home/guest") (home-directory "/home/guest")
(shell bash-file)) (shell bash-file))
build-accounts)) (append-map service-user-accounts
(groups -> (list (user-group services)))
(groups -> (cons* (user-group
(name "root") (name "root")
(id 0)) (id 0))
(user-group (user-group
(name "users") (name "users")
(id 100) (id 100)
(members '("guest"))) (members '("guest")))
(user-group (append-map service-user-groups services)))
(name "guixbuild") (build-user-gid -> (any (lambda (service)
(id build-user-gid) (and (equal? '(guix-daemon)
(members (map user-account-name (service-provision service))
build-accounts))))) (match (service-user-groups service)
((group)
(user-group-id group)))))
services))
(packages -> `(("coreutils" ,coreutils) (packages -> `(("coreutils" ,coreutils)
("bash" ,bash) ("bash" ,bash)
("guile" ,guile-2.0) ("guile" ,guile-2.0)