services: laminar: Add configuration option for supplementary groups.
* gnu/services/ci (<laminar-configuration>)[supplemental-groups]: New field. (laminar-shepherd-service): Exec laminard with supplementary groups. (laminar-account): Add supplementary groups to laminar user. * doc/guix.texi (Laminar): Document new configuration field. Change-Id: Iebfdbb58ea8c6dfa22bb8f64f6463e3ad133d2f9master
parent
9c0a06c98c
commit
7722da6fa5
|
@ -34163,6 +34163,9 @@ The Laminar package to use.
|
|||
@item @code{home-directory} (default: @code{"/var/lib/laminar"})
|
||||
The directory for job configurations and run directories.
|
||||
|
||||
@item @code{supplementary-groups} (default: @code{()})
|
||||
Supplementary groups for the Laminar user account.
|
||||
|
||||
@item @code{bind-http} (default: @code{"*:8080"})
|
||||
The interface/port or unix socket on which laminard should listen for
|
||||
incoming connections to the web frontend.
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
#:export (laminar-configuration
|
||||
laminar-configuration?
|
||||
laminar-configuration-home-directory
|
||||
laminar-configuration-supplementary-groups
|
||||
laminar-configuration-bind-http
|
||||
laminar-configuration-bind-rpc
|
||||
laminar-configuration-title
|
||||
|
@ -54,6 +55,8 @@
|
|||
(default laminar))
|
||||
(home-directory laminar-configuration-home-directory
|
||||
(default "/var/lib/laminar"))
|
||||
(supplementary-groups laminar-configuration-supplementary-groups
|
||||
(default '()))
|
||||
(bind-http laminar-configuration-bind-http
|
||||
(default "*:8080"))
|
||||
(bind-rpc laminar-configuration-bind-rpc
|
||||
|
@ -69,7 +72,7 @@
|
|||
|
||||
(define laminar-shepherd-service
|
||||
(match-lambda
|
||||
(($ <laminar-configuration> laminar home-directory
|
||||
(($ <laminar-configuration> laminar home-directory supplementary-groups
|
||||
bind-http bind-rpc
|
||||
title keep-rundirs archive-url
|
||||
base-url)
|
||||
|
@ -102,7 +105,8 @@
|
|||
#$base-url))
|
||||
'()))
|
||||
#:user "laminar"
|
||||
#:group "laminar"))
|
||||
#:group "laminar"
|
||||
#:supplementary-groups '#$supplementary-groups))
|
||||
(stop #~(make-kill-destructor)))))))
|
||||
|
||||
(define (laminar-account config)
|
||||
|
@ -113,6 +117,8 @@
|
|||
(user-account
|
||||
(name "laminar")
|
||||
(group "laminar")
|
||||
(supplementary-groups
|
||||
(laminar-configuration-supplementary-groups config))
|
||||
(system? #t)
|
||||
(comment "Laminar privilege separation user")
|
||||
(home-directory (laminar-configuration-home-directory config))
|
||||
|
|
Reference in New Issue