diff options
| author | Hanketsu <hanketsu@egregore.fun> | 2025-02-01 00:35:27 +0100 |
|---|---|---|
| committer | Hanketsu <hanketsu@egregore.fun> | 2025-02-01 17:47:17 +0100 |
| commit | bc56e99ad90a7638e0795e7a10b3f2cb661bdd27 (patch) | |
| tree | 04c04f8f179e69e53ee6e018df1259476f68811e | |
| parent | 35aabcd513415ab7a65fc6d70725f33e2dd0ff5d (diff) | |
services: opensnitch: New service.
* battering/services/opensnitch.scm (opensnitchd-configuration): New records.
(opensnitchd-service-type): New variable.
| -rw-r--r-- | battering/services/opensnitch.scm | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/battering/services/opensnitch.scm b/battering/services/opensnitch.scm new file mode 100644 index 0000000..5e04bcd --- /dev/null +++ b/battering/services/opensnitch.scm @@ -0,0 +1,72 @@ +(define-module (battering services opensnitch) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu services configuration) + #:use-module (battering packages opensnitch) + + #:export (opensnitchd-configuration + opensnitchd-service-type)) + +(define list-of-file-likes? + (list-of file-like?)) + +(define-configuration/no-serialization opensnitchd-configuration + (opensnitchd + (file-like opensnitchd) + "Opensnitchd package to use.") + (config-file + (string "/etc/opensnitchd/default-config.json") + "Daemon configuration file.") + (process-monitor-method + (symbol 'proc) + "Process monitor method to use.")) + +(define (opensnitchd-activation config) + "Create the opensnitchd rules and configuration according to CONFIG." + (match-record config <opensnitchd-configuration> + (opensnitchd config-file) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (when (not (file-exists? "/etc/opensnitchd")) + (mkdir-p "/etc/opensnitchd/rules/") + (copy-file #$(file-append opensnitchd "/etc/default-config.json") + #$config-file) + (copy-file #$(file-append opensnitchd "/etc/system-fw.json") + "/etc/opensnitchd/system-fw.json")))))) + +(define (opensnitchd-shepherd-service config) + "Return a <shepherd-service> for opensnitchd with CONFIG." + (let ((config-file (opensnitchd-configuration-config-file config)) + (process-monitor-method + (symbol->string + (opensnitchd-configuration-process-monitor-method config)))) + (list (shepherd-service + (documentation "Opensnitchd daemon.") + (requirement '(syslogd loopback)) + (provision '(opensnitchd)) + + (start + #~(make-forkexec-constructor + (list #$(file-append opensnitchd "/bin/opensnitchd") + "-process-monitor-method" #$process-monitor-method + "-config-file" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define opensnitchd-service-type + (service-type + (name 'opensnitchd) + (description "Run the Opensnitch application firewall daemon.") + (extensions + (list + (service-extension shepherd-root-service-type + opensnitchd-shepherd-service) + (service-extension activation-service-type + opensnitchd-activation) + (service-extension profile-service-type + (lambda (config) + `(,(opensnitchd-configuration-opensnitchd config)))))) + (compose identity) + (default-value (opensnitchd-configuration)))) |