dev.fron.io rc / 425f241
system(delta): use new nix and ipfs Tony Olagbaiye 10 days ago
2 changed file(s) with 240 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
0 (define-module (rc services ipfs)
1 #:use-module (gnu services)
2 #:use-module (gnu services base)
3 #:use-module (gnu services configuration)
4 #:use-module (gnu services linux)
5 #:use-module (gnu services shepherd)
6 #:use-module (gnu services dbus)
7 #:use-module (gnu system shadow)
8 #:use-module (gnu system pam)
9 #:use-module (gnu packages admin)
10 #:use-module (gnu packages base)
11 #:use-module (gnu packages bash)
12 #:use-module (gnu packages cluster)
13 #:use-module (gnu packages connman)
14 #:use-module (gnu packages freedesktop)
15 #:use-module (gnu packages linux)
16 #:use-module (gnu packages tor)
17 #:use-module (gnu packages usb-modeswitch)
18 #:use-module (gnu packages messaging)
19 #:use-module (gnu packages networking)
20 #:use-module (gnu packages ntp)
21 #:use-module (gnu packages wicd)
22 #:use-module (gnu packages gnome)
23 #:use-module (gnu packages ipfs)
24 #:use-module (gnu build linux-container)
25 #:use-module (guix gexp)
26 #:use-module (guix records)
27 #:use-module (guix modules)
28 #:use-module (guix packages)
29 #:use-module (guix deprecation)
30 #:use-module (rnrs enums)
31 #:use-module (srfi srfi-1)
32 #:use-module (srfi srfi-9)
33 #:use-module (srfi srfi-26)
34 #:use-module (srfi srfi-43)
35 #:use-module (ice-9 match)
36 #:use-module (json)
37 #:export (ipfs-service-type
38 ipfs-configuration
39 ipfs-configuration?
40 ipfs-configuration-package
41 ipfs-configuration-gateway
42 ipfs-configuration-api))
43
44 ;;;
45 ;;; IPFS
46 ;;;
47
48 (define-record-type* <ipfs-configuration>
49 ipfs-configuration
50 make-ipfs-configuration
51 ipfs-configuration?
52 (package ipfs-configuration-package
53 (default go-ipfs))
54 (gateway ipfs-configuration-gateway
55 (default "/ip4/127.0.0.1/tcp/8082"))
56 (api ipfs-configuration-api
57 (default "/ip4/127.0.0.1/tcp/5001"))
58 (migrate ipfs-configuration-migrate
59 (default #f))
60 (mount ipfs-configuration-mount
61 (default #f))
62 (args ipfs-configuration-args
63 (default '()))
64 (settings ipfs-configuration-settings
65 (default '())))
66
67 (define %ipfs-home "/var/lib/ipfs")
68 (define %ipfs-mount-ipfs "/ipfs")
69 (define %ipfs-mount-ipns "/ipns")
70
71 (define %ipfs-accounts
72 (list (user-account
73 (name "ipfs")
74 (group "ipfs")
75 (system? #t)
76 (comment "IPFS daemon user")
77 (home-directory %ipfs-home)
78 (shell (file-append shadow "/sbin/nologin")))
79 (user-group
80 (name "ipfs")
81 (system? #t))))
82
83 (define (ipfs-binary config)
84 (file-append (ipfs-configuration-package config) "/bin/ipfs"))
85
86 (define %ipfs-home-mapping
87 #~(file-system-mapping
88 (source #$%ipfs-home)
89 (target #$%ipfs-home)
90 (writable? #t)))
91
92 (define %ipfs-mount-ipfs-mapping
93 #~(file-system-mapping
94 (source #$%ipfs-mount-ipfs)
95 (target #$%ipfs-mount-ipfs)
96 (writable? #t)))
97
98 (define %ipfs-mount-ipns-mapping
99 #~(file-system-mapping
100 (source #$%ipfs-mount-ipns)
101 (target #$%ipfs-mount-ipns)
102 (writable? #t)))
103
104 (define %ipfs-environment
105 #~(list #$(string-append "HOME=" %ipfs-home)
106 #$(string-append "IPFS_PATH=" %ipfs-home)
107 (string-append "PATH=" #$(file-append fuse "/bin") ":" (getenv "PATH"))))
108
109 (define %ipfs-global-environment
110 `(("IPFS_PATH" . ,%ipfs-home)))
111
112 (define (ipfs-shepherd-service config)
113 "Return a <shepherd-service> for IPFS with CONFIG."
114 (define ipfs-daemon-command
115 #~(list #$(ipfs-binary config) "daemon"
116 #$@(if (ipfs-configuration-migrate config)
117 (list "--migrate") (list))
118 #$@(if (ipfs-configuration-mount config)
119 (list "--mount") (list))
120 #$@(ipfs-configuration-args config)))
121 (list
122 (with-imported-modules (source-module-closure
123 '((gnu build shepherd)
124 (gnu system file-systems)))
125 (shepherd-service
126 (provision '(ipfs))
127 ;; While IPFS is most useful when the machine is connected
128 ;; to the network, only loopback is required for starting
129 ;; the service.
130 (requirement '(loopback))
131 (documentation "Connect to the IPFS network")
132 (modules '((gnu build shepherd)
133 (gnu system file-systems)))
134 (start #~(make-forkexec-constructor/container
135 #$ipfs-daemon-command
136 #:namespaces '#$(fold delq %namespaces '(user net))
137 #:mappings (list #$%ipfs-home-mapping
138 #$%ipfs-mount-ipfs-mapping
139 #$%ipfs-mount-ipns-mapping)
140 #:log-file "/var/log/ipfs.log"
141 #:user "ipfs"
142 #:group "ipfs"
143 #:environment-variables #$%ipfs-environment))
144 (stop #~(make-kill-destructor))))))
145
146 (define (%ipfs-activation config)
147 "Return an activation gexp for IPFS with CONFIG"
148 (define (ipfs-config-command setting value)
149 #~(#$(ipfs-binary config) "--offline" "config" #$setting #$value))
150 (define (set-config!-gexp setting value)
151 #~(system* #$@(ipfs-config-command setting value)))
152 (define settings
153 `(("Addresses.API" ,(ipfs-configuration-api config))
154 ("Addresses.Gateway" ,(ipfs-configuration-gateway config))
155 ,@(ipfs-configuration-settings config)))
156 (define inner-gexp
157 #~(begin
158 (umask #o077)
159 ;; Recover old ipfs repo structure
160 (let ((dir #$(string-append %ipfs-home "/.ipfs")))
161 (when (file-exists? dir)
162 (let ((port (opendir dir)))
163 (do ((entry (readdir port) (readdir port)))
164 ((eof-object? entry))
165 (unless (member entry (list "." ".."))
166 (rename-file (string-append dir "/" entry)
167 (string-append #$%ipfs-home "/" entry))))
168 (closedir port))
169 (rmdir dir)))
170 ;; Create ipfs repo structure if not exists
171 (unless (file-exists? #$(string-append %ipfs-home "/config"))
172 (system* #$(ipfs-binary config) "init"))
173 ;; Apply settings
174 #$@(map (cute apply set-config!-gexp <>) settings)
175 ;; Fix permissions
176 (chmod #$(string-append %ipfs-home) #o711)
177 (chmod #$(string-append %ipfs-home "/config") #o644)))
178 (define inner-script
179 (program-file "ipfs-activation-inner" inner-gexp))
180 ;; Run ipfs init and ipfs config from a container,
181 ;; in case the IPFS daemon was compromised at some point
182 ;; and ~/.ipfs is now a symlink to somewhere outside
183 ;; %ipfs-home.
184 (define container-gexp
185 (with-extensions (list shepherd)
186 (with-imported-modules (source-module-closure
187 '((gnu build shepherd)
188 (gnu system file-systems)))
189 #~(begin
190 (use-modules (gnu build shepherd)
191 (gnu system file-systems))
192 (let* ((constructor
193 (make-forkexec-constructor/container
194 (list #$inner-script)
195 #:namespaces '#$(fold delq %namespaces '(user))
196 #:mappings (list #$%ipfs-home-mapping)
197 #:user "ipfs"
198 #:group "ipfs"
199 #:environment-variables #$%ipfs-environment))
200 (pid (constructor)))
201 (waitpid pid))))))
202 ;; The activation may happen from the initrd, which uses
203 ;; a statically-linked guile, while the guix container
204 ;; procedures require a working dynamic-link.
205 (define container-script
206 (program-file "ipfs-activation-container" container-gexp))
207 #~(begin
208 (mkdir-p #$%ipfs-mount-ipfs)
209 (mkdir-p #$%ipfs-mount-ipns)
210 (let ((pwd (getpwnam "ipfs")))
211 (chown #$%ipfs-mount-ipfs (passwd:uid pwd) (passwd:gid pwd))
212 (chown #$%ipfs-mount-ipns (passwd:uid pwd) (passwd:gid pwd)))
213 (system* #$container-script)))
214
215 (define ipfs-service-type
216 (service-type
217 (name 'ipfs)
218 (extensions
219 (list (service-extension account-service-type
220 (const %ipfs-accounts))
221 (service-extension activation-service-type
222 %ipfs-activation)
223 (service-extension session-environment-service-type
224 (const %ipfs-global-environment))
225 (service-extension shepherd-root-service-type
226 ipfs-shepherd-service)))
227 (default-value (ipfs-configuration))
228 (description
229 "Run @command{ipfs daemon}, the reference implementation
230 of the IPFS peer-to-peer storage network.")))
55 #:use-module (gnu system nss)
66 #:use-module (nongnu system linux-initrd)
77 #:use-module (gnu services desktop)
8 #:use-module (gnu services xorg)
98 #:use-module (gnu services sddm)
109 #:use-module (gnu services shepherd)
1110 #:use-module (gnu services sound)
1312 #:use-module (gnu services networking)
1413 #:use-module (gnu services nix)
1514 #:use-module (gnu services vpn)
15 #:use-module (gnu services xorg)
1616 #:use-module (rc services biboumi)
17 #:use-module (rc services ipfs)
1718 #:use-module ((rc keys biboumi) #:prefix keys:biboumi/)
1819 #:use-module (gnu packages linux)
1920 #:use-module (gnu packages certs)
4344 #:use-module (gnu packages irc)
4445 #:use-module (nongnu packages linux)
4546 #:use-module (rc packages biboumi)
47 #:use-module (rc packages nix)
4648 #:use-module (rc packages pipewire-next)
4749 #:use-module (rc packages xmpppy)
4850 #:export (os))
161163 (openssh openssh-sans-x)))
162164 (service nix-service-type
163165 (nix-configuration
166 (package nixUnstable)
164167 (extra-config
165168 (list
166169 "experimental-features = nix-command flakes ca-references recursive-nix"
167170 "show-trace = true"))))
168171 (service ipfs-service-type
169 (ipfs-configuration))
172 (ipfs-configuration
173 (migrate #t)
174 (mount #f)
175 (args '("--enable-pubsub-experiment"
176 "--enable-namesys-pubsub"))))
170177 (service nftables-service-type
171178 (nftables-configuration
172179 (ruleset