gnu: Add NFS related services.

* gnu/services/nfs.scm (pipefs-service-type): New variable, (gss-service-type): New variable, (idmap-service-type) New variable. * doc/guix.texi (Network File System): New node.
2016-09-10 21:07:07 +02:00 · 2016-09-10 21:07:07 +02:00 · eb419bc9fe
parent ff9c2d819a
commit eb419bc9fe
2 changed files with 225 additions and 4 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -221,6 +221,7 @@ Services
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.

 Defining Services
@ -7647,6 +7648,7 @@ declaration.
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.
@end menu

@ -10366,14 +10368,21 @@ directories are created when the service is activated.

@end deffn

-@node Miscellaneous Services
-@subsubsection Miscellaneous Services
+@node Network File System
+@subsubsection Network File System
+@cindex NFS

+The @code{(gnu services nfs)} module provides the following services,
+which are most commonly used in relation to mounting or exporting
+directory trees as @dfn{network file systems} (NFS).

@subsubheading RPC Bind Service
@cindex rpcbind

-The @code{(gnu services nfs)} module provides the following:
+The RPC Bind service provides a facility to map program numbers into
+universal addresses.
+Many NFS related services use this facility.  Hence it is automatically
+started when a dependent service starts.

@defvr {Scheme Variable} rpcbind-service-type
 A service type  for the RPC portmapper daemon.
@ -10394,6 +10403,91 @@ instance.
@end table
@end deftp

+
+@subsubheading Pipefs Pseudo File System
+@cindex pipefs
+@cindex rpc_pipefs
+
+The pipefs file system is used to transfer NFS related data
+between the kernel and user space programs.
+
+@defvr {Scheme Variable} pipefs-service-type
+A service type for the pipefs pseudo file system.
+@end defvr
+
+@deftp {Data Type} pipefs-configuration
+Data type representing the configuration of the pipefs pseudo file system service.
+This type has the following parameters:
+@table @asis
+@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory to which the file system is to be attached.
+@end table
+@end deftp
+
+
+@subsubheading GSS Daemon Service
+@cindex GSSD
+@cindex GSS
+@cindex global security system
+
+The @dfn{global security system} (GSS) daemon provides strong security for RPC
+based protocols.
+Before exchanging RPC requests an RPC client must establish a security
+context.  Typically this is done using the Kerberos command @command{kinit}
+or automatically at login time using PAM services.
+
+@defvr {Scheme Variable} gss-service-type
+A service type for the Global Security System (GSS) daemon.
+@end defvr
+
+@deftp {Data Type} gss-configuration
+Data type representing the configuration of the GSS daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.gssd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@end table
+@end deftp
+
+
+@subsubheading IDMAP Daemon Service
+@cindex idmapd
+@cindex name mapper
+
+The idmap daemon service provides mapping between user IDs and user names.
+Typically it is required in order to access file systems mounted via NFSv4.
+
+@defvr {Scheme Variable} idmap-service-type
+A service type for the Identity Mapper (IDMAP) daemon.
+@end defvr
+
+@deftp {Data Type} idmap-configuration
+Data type representing the configuration of the IDMAP daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.idmapd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@item @code{domain} (default: @code{#f})
+The local NFSv4 domain name.
+This must be a string or @code{#f}.
+If it is @code{#f} then the daemon will use the host's fully qualified domain name.
+
+@end table
+@end deftp
+
+
+@node Miscellaneous Services
+@subsubsection Miscellaneous Services
+
+
@cindex lirc
@subsubheading Lirc Service

--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@ -20,11 +20,31 @@
  #:use-module (gnu)
  #:use-module (gnu services shepherd)
  #:use-module (gnu packages onc-rpc)
+  #:use-module (gnu packages linux)
  #:use-module (guix)
  #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:use-module (gnu build file-systems)
  #:export (rpcbind-service-type
            rpcbind-configuration
-            rpcbind-configuration?))
+            rpcbind-configuration?
+
+            pipefs-service-type
+            pipefs-configuration
+            pipefs-configuration?
+
+            idmap-service-type
+            idmap-configuration
+            idmap-configuration?
+
+            gss-service-type
+            gss-configuration
+            gss-configuration?))
+
+
+(define default-pipefs-directory "/var/lib/nfs/rpc_pipefs")
+
+

 (define-record-type* <rpcbind-configuration>
  rpcbind-configuration make-rpcbind-configuration
@ -52,3 +72,110 @@

      (start #~(make-forkexec-constructor #$rpcbind-command))
      (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <pipefs-configuration>
+  pipefs-configuration make-pipefs-configuration
+  pipefs-configuration?
+  (mount-point           pipefs-configuration-mount-point
+                         (default default-pipefs-directory)))
+
+(define pipefs-service-type
+  (shepherd-service-type
+   'pipefs
+   (lambda (config)
+     (define pipefs-directory (pipefs-configuration-mount-point config))
+
+     (shepherd-service
+      (documentation "Mount the pipefs pseudo filesystem.")
+      (provision '(rpc-pipefs))
+
+      (start #~(lambda ()
+                 (mkdir-p #$pipefs-directory)
+                 (mount "rpc_pipefs" #$pipefs-directory "rpc_pipefs")
+                 (member #$pipefs-directory (mount-points))))
+
+      (stop #~(lambda (pid . args)
+                (umount #$pipefs-directory MNT_DETACH)
+                (not (member #$pipefs-directory (mount-points)))))))))
+
+
+
+(define-record-type* <gss-configuration>
+  gss-configuration make-gss-configuration
+  gss-configuration?
+  (pipefs-directory            gss-configuration-pipefs-directory
+                         (default default-pipefs-directory))
+  (nfs-utils             gss-configuration-gss
+                         (default nfs-utils)))
+
+(define gss-service-type
+  (shepherd-service-type
+   'gss
+   (lambda (config)
+     (define nfs-utils
+       (gss-configuration-gss config))
+
+     (define pipefs-directory
+       (gss-configuration-pipefs-directory config))
+
+     (define gss-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.gssd") "-f"
+               "-p" #$pipefs-directory))
+
+     (shepherd-service
+      (documentation "Start the RPC GSS daemon.")
+      (requirement '(rpcbind-daemon rpc-pipefs))
+      (provision '(gss-daemon))
+
+      (start #~(make-forkexec-constructor #$gss-command))
+      (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <idmap-configuration>
+  idmap-configuration make-idmap-configuration
+  idmap-configuration?
+  (pipefs-directory            idmap-configuration-pipefs-directory
+                         (default default-pipefs-directory))
+  (domain                idmap-configuration-domain
+                           (default #f))
+  (nfs-utils             idmap-configuration-idmap
+                         (default nfs-utils)))
+
+(define idmap-service-type
+  (shepherd-service-type
+   'idmap
+   (lambda (config)
+
+     (define nfs-utils
+       (idmap-configuration-idmap config))
+
+     (define pipefs-directory
+       (idmap-configuration-pipefs-directory config))
+
+     (define domain (idmap-configuration-domain config))
+
+     (define (idmap-config-file config)
+       (plain-file "idmapd.conf"
+                   (string-append
+                    "\n[General]\n"
+                    (if domain
+                        (format #f "Domain = ~a\n" domain))
+                    "\n[Mapping]\n"
+                    "Nobody-User = nobody\n"
+                    "Nobody-Group = nogroup\n")))
+
+     (define idmap-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
+               "-p" #$pipefs-directory
+               "-c" #$(idmap-config-file config)))
+
+     (shepherd-service
+       (documentation "Start the RPC IDMAP daemon.")
+       (requirement '(rpcbind-daemon rpc-pipefs))
+       (provision '(idmap-daemon))
+       (start #~(make-forkexec-constructor #$idmap-command))
+       (stop #~(make-kill-destructor))))))
+