1 files changed, 72 insertions, 0 deletions

diff --git a/battering/services/opensnitch.scm b/battering/services/opensnitch.scm
new file mode 100644
index 0000000..5e04bcd
--- /dev/null
+++ b/battering/services/opensnitch.scm
@@ -0,0 +1,72 @@
+(define-module (battering services opensnitch)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services configuration)
+  #:use-module (battering packages opensnitch)
+
+  #:export (opensnitchd-configuration
+            opensnitchd-service-type))
+
+(define list-of-file-likes?
+  (list-of file-like?))
+
+(define-configuration/no-serialization opensnitchd-configuration
+  (opensnitchd
+   (file-like opensnitchd)
+   "Opensnitchd package to use.")
+  (config-file
+   (string "/etc/opensnitchd/default-config.json")
+   "Daemon configuration file.")
+  (process-monitor-method
+   (symbol 'proc)
+   "Process monitor method to use."))
+
+(define (opensnitchd-activation config)
+  "Create the opensnitchd rules and configuration according to CONFIG."
+  (match-record config <opensnitchd-configuration>
+                (opensnitchd config-file)
+    (with-imported-modules '((guix build utils))
+      #~(begin
+          (use-modules (guix build utils))
+          (when (not (file-exists? "/etc/opensnitchd"))
+            (mkdir-p "/etc/opensnitchd/rules/")
+            (copy-file #$(file-append opensnitchd "/etc/default-config.json")
+                       #$config-file)
+            (copy-file #$(file-append opensnitchd "/etc/system-fw.json")
+                       "/etc/opensnitchd/system-fw.json"))))))
+
+(define (opensnitchd-shepherd-service config)
+  "Return a <shepherd-service> for opensnitchd with CONFIG."
+  (let ((config-file (opensnitchd-configuration-config-file config))
+        (process-monitor-method
+         (symbol->string
+          (opensnitchd-configuration-process-monitor-method config))))
+    (list (shepherd-service
+           (documentation "Opensnitchd daemon.")
+           (requirement '(syslogd loopback))
+           (provision '(opensnitchd))
+
+           (start
+            #~(make-forkexec-constructor
+               (list #$(file-append opensnitchd "/bin/opensnitchd")
+                     "-process-monitor-method" #$process-monitor-method
+                     "-config-file" #$config-file)))
+           (stop #~(make-kill-destructor))))))
+
+(define opensnitchd-service-type
+  (service-type
+   (name 'opensnitchd)
+   (description "Run the Opensnitch application firewall daemon.")
+   (extensions
+    (list
+     (service-extension shepherd-root-service-type
+                        opensnitchd-shepherd-service)
+     (service-extension activation-service-type
+                        opensnitchd-activation)
+     (service-extension profile-service-type
+                        (lambda (config)
+                          `(,(opensnitchd-configuration-opensnitchd config))))))
+   (compose identity)
+   (default-value (opensnitchd-configuration))))