[PATCH 0/4] Add service declarations for Samba

  • Done
  • quality assurance status badge
Details
5 participants
  • fesoj000
  • Lars-Dominik Braun
  • Ludovic Courtès
  • Maxime Devos
  • Simon Streit
Owner
unassigned
Submitted by
Simon Streit
Severity
normal
S
S
Simon Streit wrote on 25 Mar 2022 09:48
(address . guix-patches@gnu.org)
yguwngi8ljt.fsf@netpanic.org
Hello!

Please find attached several patches to add Samba and wsdd as service
declaration for Guix. My Samba service declaration has been cut down in length
since I am preparing a serialiser, which has not been finalised yet.

But I'd rather still have these patch posted here to see it pushed eventually.
Or others can test it to see if there are any other improvements that should
be done and in case I've missed something. Though the service definition is
rather simple for now.


Kind regards
Simon Streit (4):
services: Add samba service.
doc: Add "Samba" chapter.
doc: Add documentation for WSDD service.
services: Add wsdd service.

doc/guix.texi | 119 ++++++++++++++++++
gnu/services/samba.scm | 280 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 399 insertions(+)
create mode 100644 gnu/services/samba.scm

--
2.34.0
S
S
Simon Streit wrote on 25 Mar 2022 10:00
[PATCH 1/4] services: Add samba service.
(address . 54561@debbugs.gnu.org)
yguils28l05.fsf@netpanic.org
* gnu/services/samba.scm (<samba-configuration>): New record.
(samba-service-type): New variable.
(samba-shepherd-services): New Procedure.
---
gnu/services/samba.scm | 173 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 173 insertions(+)
create mode 100644 gnu/services/samba.scm

Toggle diff (179 lines)
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
new file mode 100644
index 0000000000..ffbf20fdbc
--- /dev/null
+++ b/gnu/services/samba.scm
@@ -0,0 +1,173 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services samba)
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages samba)
+
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services base)
+ #:use-module (gnu system shadow)
+
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix modules)
+ #:use-module (guix records)
+
+ #:use-module (ice-9 format)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 textual-ports)
+ #:use-module (srfi srfi-1)
+
+ #:export (samba-service-type
+ samba-configuration
+ samba-smb-conf
+
+ wsdd-service-type
+ wsdd-configuration))
+
+(define %smb-conf
+ (plain-file "smb.conf" "[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+"))
+
+(define-record-type* <samba-configuration>
+ samba-configuration
+ make-samba-configuration
+ samba-configuration?
+ (package samba-configuration-package
+ (default samba))
+ (config-file samba-configuration-config-file
+ (default #f))
+ (enable-samba? samba-configuration-enable-samba?
+ (default #f))
+ (enable-smbd? samba-configuration-enable-smbd?
+ (default #t))
+ (enable-nmbd? samba-configuration-enable-nmbd?
+ (default #t))
+ (enable-winbindd? samba-configuration-enable-winbindd?
+ (default #t)))
+
+(define (samba-activation config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (with-imported-modules '((guix build utils))
+ (let ((lib-directory "/var/lib/samba")
+ (log-directory "/var/log/samba")
+ (run-directory "/var/run/samba")
+ (smb.conf "/etc/samba/smb.conf"))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p #$log-directory)
+ (mkdir-p #$run-directory)
+ (mkdir-p (string-append #$lib-directory "/private"))
+ (mkdir-p "/etc/samba")
+ (copy-file #$config-file #$smb.conf)
+ (system* (string-append #$package "/bin/testparm")
+ "--suppress-prompt" #$smb.conf))))))
+
+(define (samba-samba-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Samba")
+ (provision '(samba-samba))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/samba")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-nmbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run NMBD")
+ (provision '(samba-nmbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/nmbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-smbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run SMBD")
+ (provision '(samba-smbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/smbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-winbindd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Winnbindd for Name Service Switch")
+ (provision '(samba-winbindd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/winbindd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-shepherd-services config)
+ (append (if (samba-configuration-enable-samba? config)
+ (samba-samba-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-nmbd? config)
+ (samba-nmbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-smbd? config)
+ (samba-smbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-winbindd? config)
+ (samba-winbindd-shepherd-service config)
+ '())))
+
+(define samba-service-type
+ (service-type
+ (name 'samba)
+ (description "Samba")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ samba-shepherd-services)
+ (service-extension activation-service-type
+ samba-activation)))
+ (default-value (samba-configuration))))
--
2.34.0
S
S
Simon Streit wrote on 25 Mar 2022 10:01
[PATCH 2/4] doc: Add "Samba" chapter.
(address . 54561@debbugs.gnu.org)
yguee2q8kxt.fsf@netpanic.org
---
doc/guix.texi | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)

Toggle diff (80 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index e8ef4286be..270f07d068 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -101,6 +101,7 @@ Copyright @copyright{} 2021 Andrew Tropin@*
Copyright @copyright{} 2021 Sarah Morgensen@*
Copyright @copyright{} 2021 Josselin Poiret@*
Copyright @copyright{} 2022 Remco van 't Veer@*
+Copyright @copyright{} 2022 Simon Streit@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -368,6 +369,7 @@ Services
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -29861,6 +29863,57 @@ The verbosity level of the daemon.
@end table
@end deftp
+@node Samba Services, Continuous Integration, Network File System, Services
+@subsection Samba Services
+
+@cindex samba
+@cindex smb
+The @code{(gnu services samba)} module provides Guix service definitions
+for Samba as well as additional helper services. Currently it provides
+the following services:
+
+@subsubheading Samba
+
+Samba provides network shares for folder and printers, it can also be an
+AD DC for other samba hosts in an heterougenious network with different
+types of Computer systems.
+
+@defvar{samba-service-type}
+
+The service type to enable the samba services @code{samba}, @code{nmbd},
+@code{smbd} and @code{winbindd}. By default this service type does not
+run as an AD DC, hence @code{samba} remains disabled. It is recommended
+that Samba's package is added to the system profile to have the tool-set
+available for modifications in Samba's runtime directories.
+
+@end defvar
+
+@deftp{Data Type} samba-service-configuration
+Configuration record for the Samba suite.
+
+@table @asis
+@item @code{package} (default: @code{samba})
+The samba package to use.
+
+@item @code{config-file} (default: @code{#f})
+The config file to use. Please note: Setting this variable will disable
+all config options that come after @code{enable-winbindd?}.
+
+@item @code{enable-samba?} (default: @code{#f})
+Manually enable the @code{samba} daemon.
+
+@item @code{enable-smbd?} (default: @code{#f})
+Manually enable the @code{smbd} daemon.
+
+@item @code{enable-nmbd?} (default: @code{#f})
+Manually enable the @code{nmbd} daemon.
+
+@item @code{enable-winbindd?} (default: @code{#f})
+Manually enable the @code{winbindd} daemon.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
--
2.34.0
S
S
Simon Streit wrote on 24 Mar 2022 22:10
[PATCH 3/4] doc: Add documentation for WSDD service.
(address . 54561@debbugs.gnu.org)
ygua6de8kw3.fsf@netpanic.org
---
doc/guix.texi | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)

Toggle diff (79 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 270f07d068..9770856050 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -29914,6 +29914,72 @@ Manually enable the @code{winbindd} daemon.
@end table
@end deftp
+@cindex wsdd
+@subsubheading Web Service Discovery Daemon
+
+Web Service Discovery Daemon implements the WSD protocoll. It is a
+drop-in replacement for host discovery that lack support for the SMBv1
+protocol.
+
+@defvr{Scheme Variable} wsdd-service-type
+
+Service type for the Web Service Discoery host daemon. The value for
+this service type is a @code{wsdd-configuration} record. The details
+for the @code{wsdd-configuration} record type are given below.
+@end defvr
+
+@deftp{Data Type} wsdd-configuration This data type represents the
+configuration for the wsdd service.
+
+@table @asis
+
+@item @code{package} (default: @code{wsdd})
+The wsdd package to use.
+
+@item @code{ipv4only?} (default: @code{#f})
+Only listen to ipv4 addresses.
+
+@item @code{ipv6only} (default: @code{#f})
+Only listen to ipv6 addresses. Please note: Activating both options is
+not possible, since there would be no ip versions to listen to.
+
+@item @code{chroot} (default: @code{#f})
+Chroot into a sperate directory to prevent access to other directories.
+This is to increase security in case there is a vulnerability in
+@command{wsdd}.
+
+@item @code{hoplimit} (default: @code{1})
+Limit to the level of hops for multicast packets. The default is
+@var{1} which should prevent packets from leaving the local network.
+
+@item @code{interface} (default: @code{'()})
+Limit to the given list of interfaces to listen to. By default wsdd
+will listen to all interfaces. Except the loopback interface is never
+used.
+
+@item @code{uuid-device} (default: @code{#f})
+The WSD protocol requires a device to have a UUID. Set this to manually
+assign the service a UUID.
+
+@item @code{domain} (default: @code{#f})
+Notify this host is a member of an Active Directory.
+
+@item @code{hostname} (default: @code{#f})
+Manually set the hostname rather than letting @command{wsdd} inherit
+this host's hostname.
+
+@item @code{preserve-case?} (default: @code{#f})
+By default @command{wsdd} will convert the hostname in workgroup to all
+uppercase. The opposite is true for hostnames in domains. Setting this
+parameter will preserve case.
+
+@item @code{workgroup} (default: @var{"WORKGROUP"})
+Change the name of the workgroup. By default @command{wsdd} reports
+this host being member of a workgroup.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
--
2.34.0
S
S
Simon Streit wrote on 24 Mar 2022 22:14
[PATCH 4/4] services: Add wsdd service.
(address . 54561@debbugs.gnu.org)
ygu5yo28kuu.fsf@netpanic.org
* gnu/services/samba.scm (<wsdd-configuration>): New record.
(wsdd-service-type): New variable.
(wsdd-shepherd-services): New procedure.
---
gnu/services/samba.scm | 107 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 107 insertions(+)

Toggle diff (117 lines)
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
index ffbf20fdbc..3058ed9d47 100644
--- a/gnu/services/samba.scm
+++ b/gnu/services/samba.scm
@@ -171,3 +171,110 @@ (define samba-service-type
(service-extension activation-service-type
samba-activation)))
(default-value (samba-configuration))))
+
+
+;;;
+;;; WSDD
+;;;
+
+(define-record-type* <wsdd-configuration>
+ wsdd-configuration
+ make-wsdd-configuration
+ wsdd-configuration?
+ (package wsdd-configuration-package
+ (default wsdd))
+ (ipv4only? wsdd-configuration-ipv4only?
+ (default #f))
+ (ipv6only? wsdd-configuration-ipv6only?
+ (default #f))
+ (chroot wsdd-configuration-chroot
+ (default #f))
+ (hoplimit wsdd-configuration-hoplimit
+ (default 1))
+ (interfaces wsdd-configuration-interfaces
+ (default '()))
+ (uuid-device wsdd-configuration-uuid-device
+ (default #f))
+ (domain wsdd-configuration-domain
+ (default #f))
+ (hostname wsdd-configuration-hostname
+ (default #f))
+ (preserve-case? wsdd-configuration-preserve-case?
+ (default #f))
+ (workgroup wsdd-configuration-workgroup
+ (default "WORKGROUP")))
+
+(define wsdd-accounts
+ (list
+ (user-group (name "wsdd"))
+ (user-account (name "wsdd")
+ (group "wsdd")
+ (comment "Web Service Discovery user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define wsdd-shepherd-service
+ (match-lambda
+ (($ <wsdd-configuration> package
+ ipv4only?
+ ipv6only?
+ chroot
+ hoplimit
+ interfaces
+ uuid-device
+ domain
+ hostname
+ preserve-case?
+ workgroup
+ )
+ (list (shepherd-service
+ (documentation "Run a Web Service Discovery service")
+ (provision '(wsdd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/bin/wsdd")
+ #$@(if ipv4only?
+ #~("--ipv4only")
+ '())
+ #$@(if ipv6only?
+ #~("--ipv6only")
+ '())
+ #$@(if chroot
+ #~("--chroot" #$chroot)
+ '())
+ #$@(if hoplimit
+ #~("--hoplimit" #$(number->string hoplimit))
+ '())
+ #$@(map (lambda (interfaces)
+ (string-append "--interface=" interfaces))
+ interfaces)
+ #$@(if uuid-device
+ #~("--uuid" #$uuid-device)
+ '())
+ #$@(if domain
+ #~("--domain" #$domain)
+ '())
+ #$@(if hostname
+ #~("--hostname" #$hostname)
+ '())
+ #$@(if preserve-case?
+ #~("--preserve-case")
+ '())
+ #$@(if workgroup
+ #~("--workgroup" #$workgroup)
+ '()))
+ #:user "wsdd"
+ #:group "wsdd"
+ #:log-file "/var/log/wsdd.log"))
+ (stop #~(make-kill-destructor)))))))
+
+(define wsdd-service-type
+ (service-type
+ (name 'wsdd)
+ (description "Web Service Discovery Daemon")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ wsdd-shepherd-service)
+ (service-extension account-service-type
+ (const wsdd-accounts))))
+ (default-value (wsdd-configuration))))
--
2.34.0
S
S
Simon Streit wrote on 25 Mar 2022 10:16
(address . 54561@debbugs.gnu.org)
ygur16q75oi.fsf@netpanic.org
Oh, I just realised I forgot to add a patch for wsdd's package.
S
S
S
Simon Streit wrote on 25 Mar 2022 16:14
[PATCH] gnu: samba: Modify input list.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
7eba2a7e1a8edbfe6aa40b24039370cb8013e460.1648212678.git.simon@netpanic.org
I'd like to propose to have avahi added to the input list in samba. With it
Unix based clients will find Samba hosts in local networks. SMBv1 host
discovery in Samba has been disabled. Hence this modification.

* gnu/packages/samba.scm (samba) <inputs>: Add avahi.
---
gnu/packages/samba.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (14 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 21a5fe8617..63d7245efe 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -254,7 +254,8 @@ (define-public samba
python
popt
readline
- tdb))
+ tdb
+ avahi))
(propagated-inputs
;; In Requires or Requires.private of pkg-config files.
(list ldb talloc tevent))
--
2.34.0
F
F
fesoj000 wrote on 27 Mar 2022 03:07
Re: [bug#54561] [PATCH 1/4] services: Add samba service.
(address . guix-patches@gnu.org)
2f1eb553-2d1d-2e83-1412-948011d502cc@gmail.com
I have a local service definition for samba i wanted to upstream
at some point. Your service looks better then mine though.

Toggle quote (18 lines)
> +(define (samba-activation config)
> + (let ((package (samba-configuration-package config))
> + (config-file (samba-configuration-config-file config)))
> + (with-imported-modules '((guix build utils))
> + (let ((lib-directory "/var/lib/samba")
> + (log-directory "/var/log/samba")
> + (run-directory "/var/run/samba")
> + (smb.conf "/etc/samba/smb.conf"))
> + #~(begin
> + (use-modules (guix build utils))
> +
> + (mkdir-p #$log-directory)
> + (mkdir-p #$run-directory)
> + (mkdir-p (string-append #$lib-directory "/private"))
> + (mkdir-p "/etc/samba")
> + (copy-file #$config-file #$smb.conf)
> + (system* (string-append #$package "/bin/testparm")
> + "--suppress-prompt" #$smb.conf))))))
Is it a good idea to create all those directories with the default
umask? I always wanted to investigate which of those directories
contains sensitive data. I never got around to.

Another thing i wanted to investigate: can samba and friends be run
as non-root users? I think it would be a good idea to do that if
possible.

fyi: I currently use samba as an AD DC.
F
F
fesoj000 wrote on 27 Mar 2022 03:07
Re: [bug#54561] [PATCH 2/4] doc: Add "Samba" chapter.
(address . guix-patches@gnu.org)
761c10eb-01cd-e541-f238-919624897402@gmail.com
Toggle quote (7 lines)
> +@defvar{samba-service-type}
> +
> +The service type to enable the samba services @code{samba}, @code{nmbd},
> +@code{smbd} and @code{winbindd}. By default this service type does not
> +run as an AD DC, hence @code{samba} remains disabled. It is recommended
> +that Samba's package is added to the system profile to have the tool-set
> +available for modifications in Samba's runtime directories.
Maybe it is a good idea to provide the samba tool-set by default. You could
add the following to your samba-service-type:

(service-extension profile-service-type
(compose list samba-configuration-samba))

Some of the samba tools are broken though. I send a patch some time ago
which tries to address this issue. Maybe you want to take a look?
M
M
Maxime Devos wrote on 27 Mar 2022 16:13
Re: [bug#54561] [PATCH 1/4] services: Add samba service.
02c2e04f0ef7404aab26e2c590cf3cd44634c74d.camel@telenet.be
fesoj000 schreef op zo 27-03-2022 om 03:07 [+0200]:
Toggle quote (9 lines)
> > +(define (samba-activation config)
> > +  (let ((package (samba-configuration-package config))
> > +        (config-file (samba-configuration-config-file config)))
> > +    (with-imported-modules '((guix build utils))
> > +      (let ((lib-directory "/var/lib/samba")
> > +            (log-directory "/var/log/samba")
> > +            (run-directory "/var/run/samba")
> > +            (smb.conf "/etc/samba/smb.conf"))

Is it necessary to put the configuration file there?
Can be we do something like (system* "/.../testparm" #$smb.conf), where
smb.conf is the generated configuration file?

Toggle quote (14 lines)
> > +        #~(begin
> > +            (use-modules (guix build utils))
> > +
> > +            (mkdir-p #$log-directory)
> > +            (mkdir-p #$run-directory)
> > +            (mkdir-p (string-append #$lib-directory "/private"))
> > +            (mkdir-p "/etc/samba")
> > +            (copy-file #$config-file #$smb.conf)
> > +            (system* (string-append #$package "/bin/testparm")
> > +                     "--suppress-prompt" #$smb.conf))))))
> Is it a good idea to create all those directories with the default
> umask? I always wanted to investigate which of those directories
> contains sensitive data. I never got around to.

FWIW, you can use 'mkdir-p/perms' to set the permission bits.
The (string-append ...) can be simplified to:

(system* #$(file-append package "/bin/testparm" "--suppres-prompt
#$smb.conf).

Also, would it be a good idea to use (invoke ...) instead of system, to
make sure errors are detected? What is the 'suppress-prompt' for?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYkBxGhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7uwbAP45pl4YScbSU0FxSQG4JT0+IYyX
Gn/ftPsBfLiaBojlRQEA5mB/9rcgK+W9yW7iPUucNr/LTDW6qeL0E0rXv8FnMgM=
=SoYU
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 27 Mar 2022 16:15
Re: [bug#54561] [PATCH 2/4] doc: Add "Samba" chapter.
37faa41273793a6fb276ef73399e1e3493be3656.camel@telenet.be
Simon Streit schreef op vr 25-03-2022 om 10:01 [+0100]:
Toggle quote (4 lines)
> +@item @code{config-file} (default: @code{#f})
> +The config file to use.  Please note: Setting this variable will disable
> +all config options that come after @code{enable-winbindd?}.

[...]

Toggle quote (6 lines)
> +@item @code{enable-winbindd?} (default: @code{#f})
> +Manually enable the @code{winbindd} daemon.
> +
> +@end table
> +@end deftp

I don't see any configuration option after enable-winbindd?. Also,
what does ‘manually enable’ mean here? How can I determine if this
needs to be done? Can it be done automatically instead of manually?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYkBxfRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7n9nAQC3OdBY2jaDVl3z36cCFmNHF96t
zWyNwWMV8qYUmMom4AD/SJgn/SKsIzjTPmuvDge0oIC0A1ifDSU/HtqyuC0teAM=
=rViN
-----END PGP SIGNATURE-----


S
S
Simon Streit wrote on 27 Mar 2022 20:32
Re: [bug#54561] [PATCH 1/4] services: Add samba service.
(name . Maxime Devos)(address . maximedevos@telenet.be)
yguk0cfl00f.fsf@netpanic.org
Maxime Devos <maximedevos@telenet.be> writes:

Toggle quote (14 lines)
> fesoj000 schreef op zo 27-03-2022 om 03:07 [+0200]:
>> > +(define (samba-activation config)
>> > +  (let ((package (samba-configuration-package config))
>> > +        (config-file (samba-configuration-config-file config)))
>> > +    (with-imported-modules '((guix build utils))
>> > +      (let ((lib-directory "/var/lib/samba")
>> > +            (log-directory "/var/log/samba")
>> > +            (run-directory "/var/run/samba")
>> > +            (smb.conf "/etc/samba/smb.conf"))
>
> Is it necessary to put the configuration file there?
> Can be we do something like (system* "/.../testparm" #$smb.conf), where
> smb.conf is the generated configuration file?

No, not really. The Samba suit has a lot of tools that may want to look
into the default config directory. It seems that any relevant
configuration belonging to Samba lands in smb.conf, that is looked into
anytime when needed. That is my impression, and thus
placed it there.

Toggle quote (4 lines)
>> Is it a good idea to create all those directories with the default
>> umask? I always wanted to investigate which of those directories
>> contains sensitive data. I never got around to.

I'm not so sure myself. That was the end result of what had to be
created to have the service successfully initiate itself. True that I
have not investigated this myself yet. While writing this service I was
comparing the directory structure with Debian and Arch Linux, to be sure
that it would work.
Toggle quote (10 lines)
>
> FWIW, you can use 'mkdir-p/perms' to set the permission bits.
> The (string-append ...) can be simplified to:
>
> (system* #$(file-append package "/bin/testparm" "--suppres-prompt
> #$smb.conf).
>
> Also, would it be a good idea to use (invoke ...) instead of system, to
> make sure errors are detected? What is the 'suppress-prompt' for?

My understanding now would be better to write invoke. Thanks for
pointing this out.
S
S
Simon Streit wrote on 27 Mar 2022 20:48
(name . fesoj000)(address . fesoj000@gmail.com)(address . 54561@debbugs.gnu.org)
yguczi7kz92.fsf@netpanic.org
fesoj000 <fesoj000@gmail.com> writes:

Toggle quote (3 lines)
> I have a local service definition for samba i wanted to upstream
> at some point. Your service looks better then mine though.

Thanks. It still counts as my first try writing a service.

Toggle quote (2 lines)
> fyi: I currently use samba as an AD DC.

Impressive! It might be quite interesting to see how you managed to set
up an AD DC. I stopped after certain tools began to crash. I tried to
solve them here [1]. I just noticed that you had pushed some patches
some time ago too [2]. They're both addressing the same issues. In
this case your patches are looking better than mine.

That means these tools are working for you now?

S
S
Simon Streit wrote on 27 Mar 2022 20:51
Re: [bug#54561] [PATCH 2/4] doc: Add "Samba" chapter.
(name . Maxime Devos)(address . maximedevos@telenet.be)(address . 54561@debbugs.gnu.org)
ygu7d8fkz3z.fsf@netpanic.org
Maxime Devos <maximedevos@telenet.be> writes:

Toggle quote (17 lines)
> Simon Streit schreef op vr 25-03-2022 om 10:01 [+0100]:
>> +@item @code{config-file} (default: @code{#f})
>> +The config file to use.  Please note: Setting this variable will disable
>> +all config options that come after @code{enable-winbindd?}.
>
> [...]
>
>> +@item @code{enable-winbindd?} (default: @code{#f})
>> +Manually enable the @code{winbindd} daemon.
>> +
>> +@end table
>> +@end deftp
>
> I don't see any configuration option after enable-winbindd?. Also,
> what does ‘manually enable’ mean here? How can I determine if this
> needs to be done? Can it be done automatically instead of manually?

Oh, it looks like I was to quick at trimming my service definition
here. There where config options that where removed, and had simply
removed the entries in the documentation too without rephrasing the
manual properly. I should modify that patch then.
F
F
fesoj000 wrote on 27 Mar 2022 20:58
Re: [bug#54561] [PATCH 1/4] services: Add samba service.
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
c4789002-8b98-427b-cec4-0a4cab76bd46@gmail.com
On 3/27/22 8:48 PM, Simon Streit wrote:
Toggle quote (19 lines)
> fesoj000 <fesoj000@gmail.com> writes:
>
>> I have a local service definition for samba i wanted to upstream
>> at some point. Your service looks better then mine though.
>
> Thanks. It still counts as my first try writing a service.
>
>> fyi: I currently use samba as an AD DC.
>
> Impressive! It might be quite interesting to see how you managed to set
> up an AD DC. I stopped after certain tools began to crash. I tried to
> solve them here [1]. I just noticed that you had pushed some patches
> some time ago too [2]. They're both addressing the same issues. In
> this case your patches are looking better than mine.
>
> That means these tools are working for you now?
>
> [1] https://issues.guix.gnu.org/52976
> [2] https://issues.guix.gnu.org/54266
I mostly followed the step by step guide in the samba wiki [0]. I use this
AD DC mostly for testing and developing (kerberos, ldap). While following
the step by step guide i found that samba-tool and friends are not working,
so i tried to fix them, and yes, they do work for me currently using my patch.

My main motivation for running samba as AD DC is that i want to port sssd to
guix. Currently i have a hack for glibc which solves the libnss module lookup
issue. But all this needs more polish and time....

F
F
fesoj000 wrote on 27 Mar 2022 21:22
[PATCH] gnu: libdaemon: fix build for riscv64
(address . 54561@debbugs.gnu.org)
65a0bbc3-47de-1bf2-b791-5be0d614dcdf@gmail.com
* gnu/packages/libdaemon.scm: (native-inputs): Add check for riscv64 to
include config
* gnu/packages/libdaemon.scm: (arguments): Add check for riscv64 to add
update-config.sub build step
---
gnu/packages/libdaemon.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Toggle diff (26 lines)
diff --git a/gnu/packages/libdaemon.scm b/gnu/packages/libdaemon.scm
index 9dc851e823..e91b651e5a 100644
--- a/gnu/packages/libdaemon.scm
+++ b/gnu/packages/libdaemon.scm
@@ -49,7 +49,8 @@ (define-public libdaemon
(file-name (string-append name "-" version ".tar.gz"))))
(build-system gnu-build-system)
(native-inputs
- (if (and=> (%current-target-system) target-aarch64?)
+ (if (or (target-aarch64?)
+ (target-riscv64?))
`(("config" ,config)) ; for config.sub
'()))
(arguments
@@ -66,7 +67,8 @@ (define-public libdaemon
;; Hurd's console client.
"--localstatedir=/var"))
'())
- ,@(if (and=> (%current-target-system) target-aarch64?)
+ ,@(if (or (target-aarch64?)
+ (target-riscv64?))
`(#:phases
(modify-phases %standard-phases
(add-before 'configure 'update-config.sub
--
2.34.0
F
F
fesoj000 wrote on 27 Mar 2022 21:23
(address . 54561@debbugs.gnu.org)
a58ae81b-afbe-dd60-d926-acf560d941d5@gmail.com
please ignore this email, send to the wrong issue number.

On 3/27/22 9:22 PM, fesoj000 wrote:
Toggle quote (32 lines)
> * gnu/packages/libdaemon.scm: (native-inputs): Add check for riscv64 to
> include config
> * gnu/packages/libdaemon.scm: (arguments): Add check for riscv64 to add
> update-config.sub build step
> ---
>  gnu/packages/libdaemon.scm | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/libdaemon.scm b/gnu/packages/libdaemon.scm
> index 9dc851e823..e91b651e5a 100644
> --- a/gnu/packages/libdaemon.scm
> +++ b/gnu/packages/libdaemon.scm
> @@ -49,7 +49,8 @@ (define-public libdaemon
>               (file-name (string-append name "-" version ".tar.gz"))))
>      (build-system gnu-build-system)
>      (native-inputs
> -     (if (and=> (%current-target-system) target-aarch64?)
> +     (if (or (target-aarch64?)
> +             (target-riscv64?))
>           `(("config" ,config)) ; for config.sub
>           '()))
>      (arguments
> @@ -66,7 +67,8 @@ (define-public libdaemon
>                                         ;; Hurd's console client.
>                                         "--localstatedir=/var"))
>               '())
> -       ,@(if (and=> (%current-target-system) target-aarch64?)
> +       ,@(if (or (target-aarch64?)
> +                 (target-riscv64?))
>               `(#:phases
>                 (modify-phases %standard-phases
>                   (add-before 'configure 'update-config.sub
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 0/5] Add service declarations for Samba
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-1-simon@netpanic.org
Please find attached an updated patch series.

I've made slight changes as follows:

* The reference to further config options in the manual have been removed.
* Samba's (samba-activation config) procedure has been slightly modified,
* better cleaned up, regarding the mkdirs. I've done more testing and it
* appears that samba will only run when /var/{lib,log,run}/samba exist,
including /var/lib/samba/private. In this case it is chmod now to o700 to
be on the save side. Debian's directory structure is world readable though.
In Arch it is o700. If anyone objects, please make it world readable. It
appears that Samba lives and breathes in these directories, so they better
be put there.
* Regarding smb.conf -- while this service technically doesn't need it placed
at /etc/samba -- is convenient to have it placed there for other tools part
of the Samba family to read it, and so that others can quickly look into its
configuration. I'll leave this for further debate whether it can stay there
or not.
* The packages samba and wsdd are included in profile-service-type so that they
are generally available in the system profile.

I hope I didn't miss anything out.

Simon Streit (5):
services: Add samba service.
doc: Add "Samba" chapter.
doc: Add documentation for WSDD service.
services: Add wsdd service.
gnu: Add wsdd.

doc/guix.texi | 118 ++++++++++++++++++
gnu/packages/samba.scm | 26 ++++
gnu/services/samba.scm | 277 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 421 insertions(+)
create mode 100644 gnu/services/samba.scm

--
2.34.0
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 1/5] services: Add samba service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-2-simon@netpanic.org
* gnu/services/samba.scm (<samba-configuration>): New record.
(samba-service-type): New variable.
(samba-shepherd-services): New Procedure.
---
gnu/services/samba.scm | 177 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 177 insertions(+)
create mode 100644 gnu/services/samba.scm

Toggle diff (185 lines)
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
new file mode 100644
index 0000000000..70b07f93fb
--- /dev/null
+++ b/gnu/services/samba.scm
@@ -0,0 +1,177 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services samba)
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages samba)
+
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services base)
+ #:use-module (gnu system shadow)
+
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix modules)
+ #:use-module (guix records)
+
+ #:use-module (ice-9 format)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 textual-ports)
+ #:use-module (srfi srfi-1)
+
+ #:export (samba-service-type
+ samba-configuration
+ samba-smb-conf
+
+ wsdd-service-type
+ wsdd-configuration))
+
+(define %smb-conf
+ (plain-file "smb.conf" "[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+"))
+
+(define-record-type* <samba-configuration>
+ samba-configuration
+ make-samba-configuration
+ samba-configuration?
+ (package samba-configuration-package
+ (default samba))
+ (config-file samba-configuration-config-file
+ (default #f))
+ (enable-samba? samba-configuration-enable-samba?
+ (default #f))
+ (enable-smbd? samba-configuration-enable-smbd?
+ (default #t))
+ (enable-nmbd? samba-configuration-enable-nmbd?
+ (default #t))
+ (enable-winbindd? samba-configuration-enable-winbindd?
+ (default #t)))
+
+(define (samba-activation config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (with-imported-modules '((guix build utils))
+ (let ((lib-dir "/var/lib/samba")
+ (log-dir "/var/log/samba")
+ (run-dir "/var/run/samba")
+ (etc-dir "/etc/samba")
+ (smb.conf "/etc/samba/smb.conf"))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p #$etc-dir)
+ (mkdir-p #$lib-dir)
+ (mkdir-p/perms (string-append #$lib-dir "/private")
+ (getpwnam "root") #o700)
+ (mkdir-p #$log-dir)
+ (mkdir-p #$run-dir)
+ (copy-file #$config-file #$smb.conf)
+ (invoke #$(file-append package "/bin/testparm")
+ "--suppress-prompt" #$smb.conf))))))
+
+(define (samba-samba-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Samba")
+ (provision '(samba-samba))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/samba")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-nmbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run NMBD")
+ (provision '(samba-nmbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/nmbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-smbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run SMBD")
+ (provision '(samba-smbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/smbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-winbindd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Winnbindd for Name Service Switch")
+ (provision '(samba-winbindd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/winbindd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-shepherd-services config)
+ (append (if (samba-configuration-enable-samba? config)
+ (samba-samba-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-nmbd? config)
+ (samba-nmbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-smbd? config)
+ (samba-smbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-winbindd? config)
+ (samba-winbindd-shepherd-service config)
+ '())))
+
+(define samba-service-type
+ (service-type
+ (name 'samba)
+ (description "Samba")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ samba-shepherd-services)
+ (service-extension activation-service-type
+ samba-activation)
+ (service-extension profile-service-type
+ (compose list samba-configuration-package))))
+ (default-value (samba-configuration))))
--
2.34.0
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 2/5] doc: Add "Samba" chapter.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-3-simon@netpanic.org
---
doc/guix.texi | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)

Toggle diff (79 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index e8ef4286be..70f78c601a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -101,6 +101,7 @@ Copyright @copyright{} 2021 Andrew Tropin@*
Copyright @copyright{} 2021 Sarah Morgensen@*
Copyright @copyright{} 2021 Josselin Poiret@*
Copyright @copyright{} 2022 Remco van 't Veer@*
+Copyright @copyright{} 2022 Simon Streit@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -368,6 +369,7 @@ Services
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -29861,6 +29863,56 @@ The verbosity level of the daemon.
@end table
@end deftp
+@node Samba Services, Continuous Integration, Network File System, Services
+@subsection Samba Services
+
+@cindex samba
+@cindex smb
+The @code{(gnu services samba)} module provides Guix service definitions
+for Samba as well as additional helper services. Currently it provides
+the following services:
+
+@subsubheading Samba
+
+Samba provides network shares for folder and printers, it can also be an
+AD DC for other samba hosts in an heterougenious network with different
+types of Computer systems.
+
+@defvar{samba-service-type}
+
+The service type to enable the samba services @code{samba}, @code{nmbd},
+@code{smbd} and @code{winbindd}. By default this service type does not
+run as an AD DC, hence @code{samba} remains disabled. It is recommended
+that Samba's package is added to the system profile to have the tool-set
+available for modifications in Samba's runtime directories.
+
+@end defvar
+
+@deftp{Data Type} samba-service-configuration
+Configuration record for the Samba suite.
+
+@table @asis
+@item @code{package} (default: @code{samba})
+The samba package to use.
+
+@item @code{config-file} (default: @code{#f})
+The config file to use.
+
+@item @code{enable-samba?} (default: @code{#f})
+Manually enable the @code{samba} daemon.
+
+@item @code{enable-smbd?} (default: @code{#f})
+Manually enable the @code{smbd} daemon.
+
+@item @code{enable-nmbd?} (default: @code{#f})
+Manually enable the @code{nmbd} daemon.
+
+@item @code{enable-winbindd?} (default: @code{#f})
+Manually enable the @code{winbindd} daemon.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
--
2.34.0
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 3/5] doc: Add documentation for WSDD service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-4-simon@netpanic.org
---
doc/guix.texi | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)

Toggle diff (79 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 70f78c601a..fa3c7d8b51 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -29913,6 +29913,72 @@ Manually enable the @code{winbindd} daemon.
@end table
@end deftp
+@cindex wsdd
+@subsubheading Web Service Discovery Daemon
+
+Web Service Discovery Daemon implements the WSD protocoll. It is a
+drop-in replacement for host discovery that lack support for the SMBv1
+protocol.
+
+@defvr{Scheme Variable} wsdd-service-type
+
+Service type for the Web Service Discoery host daemon. The value for
+this service type is a @code{wsdd-configuration} record. The details
+for the @code{wsdd-configuration} record type are given below.
+@end defvr
+
+@deftp{Data Type} wsdd-configuration This data type represents the
+configuration for the wsdd service.
+
+@table @asis
+
+@item @code{package} (default: @code{wsdd})
+The wsdd package to use.
+
+@item @code{ipv4only?} (default: @code{#f})
+Only listen to ipv4 addresses.
+
+@item @code{ipv6only} (default: @code{#f})
+Only listen to ipv6 addresses. Please note: Activating both options is
+not possible, since there would be no ip versions to listen to.
+
+@item @code{chroot} (default: @code{#f})
+Chroot into a sperate directory to prevent access to other directories.
+This is to increase security in case there is a vulnerability in
+@command{wsdd}.
+
+@item @code{hoplimit} (default: @code{1})
+Limit to the level of hops for multicast packets. The default is
+@var{1} which should prevent packets from leaving the local network.
+
+@item @code{interface} (default: @code{'()})
+Limit to the given list of interfaces to listen to. By default wsdd
+will listen to all interfaces. Except the loopback interface is never
+used.
+
+@item @code{uuid-device} (default: @code{#f})
+The WSD protocol requires a device to have a UUID. Set this to manually
+assign the service a UUID.
+
+@item @code{domain} (default: @code{#f})
+Notify this host is a member of an Active Directory.
+
+@item @code{hostname} (default: @code{#f})
+Manually set the hostname rather than letting @command{wsdd} inherit
+this host's hostname.
+
+@item @code{preserve-case?} (default: @code{#f})
+By default @command{wsdd} will convert the hostname in workgroup to all
+uppercase. The opposite is true for hostnames in domains. Setting this
+parameter will preserve case.
+
+@item @code{workgroup} (default: @var{"WORKGROUP"})
+Change the name of the workgroup. By default @command{wsdd} reports
+this host being member of a workgroup.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
--
2.34.0
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 4/5] services: Add wsdd service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-5-simon@netpanic.org
* gnu/services/samba.scm (<wsdd-configuration>): New record.
(wsdd-service-type): New variable.
(wsdd-shepherd-services): New procedure.
---
gnu/services/samba.scm | 100 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 100 insertions(+)

Toggle diff (110 lines)
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
index 70b07f93fb..d15d916363 100644
--- a/gnu/services/samba.scm
+++ b/gnu/services/samba.scm
@@ -175,3 +175,103 @@ (define samba-service-type
(service-extension profile-service-type
(compose list samba-configuration-package))))
(default-value (samba-configuration))))
+
+
+;;;
+;;; WSDD
+;;;
+
+(define-record-type* <wsdd-configuration>
+ wsdd-configuration
+ make-wsdd-configuration
+ wsdd-configuration?
+ (package wsdd-configuration-package
+ (default wsdd))
+ (ipv4only? wsdd-configuration-ipv4only?
+ (default #f))
+ (ipv6only? wsdd-configuration-ipv6only?
+ (default #f))
+ (chroot wsdd-configuration-chroot
+ (default #f))
+ (hoplimit wsdd-configuration-hoplimit
+ (default 1))
+ (interfaces wsdd-configuration-interfaces
+ (default '()))
+ (uuid-device wsdd-configuration-uuid-device
+ (default #f))
+ (domain wsdd-configuration-domain
+ (default #f))
+ (hostname wsdd-configuration-hostname
+ (default #f))
+ (preserve-case? wsdd-configuration-preserve-case?
+ (default #f))
+ (workgroup wsdd-configuration-workgroup
+ (default "WORKGROUP")))
+
+(define wsdd-accounts
+ (list
+ (user-group (name "wsdd"))
+ (user-account (name "wsdd")
+ (group "wsdd")
+ (comment "Web Service Discovery user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define wsdd-shepherd-service
+ (match-lambda
+ (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit
+ interfaces uuid-device domain hostname
+ preserve-case? workgroup)
+ (list (shepherd-service
+ (documentation "Run a Web Service Discovery service")
+ (provision '(wsdd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/bin/wsdd")
+ #$@(if ipv4only?
+ #~("--ipv4only")
+ '())
+ #$@(if ipv6only?
+ #~("--ipv6only")
+ '())
+ #$@(if chroot
+ #~("--chroot" #$chroot)
+ '())
+ #$@(if hoplimit
+ #~("--hoplimit" #$(number->string hoplimit))
+ '())
+ #$@(map (lambda (interfaces)
+ (string-append "--interface=" interfaces))
+ interfaces)
+ #$@(if uuid-device
+ #~("--uuid" #$uuid-device)
+ '())
+ #$@(if domain
+ #~("--domain" #$domain)
+ '())
+ #$@(if hostname
+ #~("--hostname" #$hostname)
+ '())
+ #$@(if preserve-case?
+ #~("--preserve-case")
+ '())
+ #$@(if workgroup
+ #~("--workgroup" #$workgroup)
+ '()))
+ #:user "wsdd"
+ #:group "wsdd"
+ #:log-file "/var/log/wsdd.log"))
+ (stop #~(make-kill-destructor)))))))
+
+(define wsdd-service-type
+ (service-type
+ (name 'wsdd)
+ (description "Web Service Discovery Daemon")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ wsdd-shepherd-service)
+ (service-extension account-service-type
+ (const wsdd-accounts))
+ (service-extension profile-service-type
+ (compose list wsdd-configuration-package))))
+ (default-value (wsdd-configuration))))
--
2.34.0
S
S
Simon Streit wrote on 8 Apr 2022 20:21
v2 [PATCH 5/5] gnu: Add wsdd.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220408182131.10271-6-simon@netpanic.org
* gnu/packages/samba.scm (wsdd): New variable.
---
gnu/packages/samba.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (36 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index b775ad905c..21a5fe8617 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -500,3 +500,29 @@ (define-public ppp
;; chat is public domain.
(license (list bsd-3 bsd-4 gpl2+ public-domain))))
+(define-public wsdd
+ (package
+ (name "wsdd")
+ (version "0.7.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/christgau/wsdd")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "04an2w6hamnai668ag4vq8x0i09fsg2jrayb4a7ar0x6bn837k7m"))))
+ (build-system copy-build-system)
+ (inputs
+ `(("python" ,python)))
+ (arguments
+ '(#:install-plan
+ '(("src/wsdd.py" "bin/wsdd")
+ ("man/wsdd.1" "share/man/man1/"))))
+ (home-page "https://github.com/christgau/wsdd")
+ (synopsis "A Web Service Discovery host daemon")
+ (description "This daemon allows (Samba) hosts to be found by Web
+Service Dicovery Clients. It also implements the client side of the
+discovery protocol which allows to search for devices implementing
+WSD.")
+ (license expat)))
--
2.34.0
L
L
Ludovic Courtès wrote on 8 Apr 2022 23:23
Re: bug#54561: [PATCH 0/4] Add service declarations for Samba
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
87o81b9smx.fsf_-_@gnu.org
Hi Simon,

Simon Streit <simon@netpanic.org> skribis:

Toggle quote (2 lines)
> Please find attached an updated patch series.

It’s a huge amount of work that you did, and that’ll certainly be useful
to many!

Toggle quote (19 lines)
> I've made slight changes as follows:
>
> * The reference to further config options in the manual have been removed.
> * Samba's (samba-activation config) procedure has been slightly modified,
> * better cleaned up, regarding the mkdirs. I've done more testing and it
> * appears that samba will only run when /var/{lib,log,run}/samba exist,
> including /var/lib/samba/private. In this case it is chmod now to o700 to
> be on the save side. Debian's directory structure is world readable though.
> In Arch it is o700. If anyone objects, please make it world readable. It
> appears that Samba lives and breathes in these directories, so they better
> be put there.
> * Regarding smb.conf -- while this service technically doesn't need it placed
> at /etc/samba -- is convenient to have it placed there for other tools part
> of the Samba family to read it, and so that others can quickly look into its
> configuration. I'll leave this for further debate whether it can stay there
> or not.
> * The packages samba and wsdd are included in profile-service-type so that they
> are generally available in the system profile.

I didn’t look at everything in detail, but overall that LGTM.

There’s a couple of things that I think would be worth adjusting though:

Toggle quote (6 lines)
> services: Add samba service.
> doc: Add "Samba" chapter.
> doc: Add documentation for WSDD service.
> services: Add wsdd service.
> gnu: Add wsdd.

It seems patches are in the wrong order: I’d expect the wsdd package to
come before the wsdd service.

Regarding documentation: by convention, documentation for a service is
added in the same commit that adds the service, so that it’s
self-contained. Could you squash them?

Last, it would be great if you could add a system test under
gnu/tests/samba.scm. Essentially, that test would do what you probably
did manually already: spawning a VM running an OS with
‘samba-service-type’ and/or ‘wsdd-service-type’ and running an SMB
and/or WSD client to make sure the basics work. You can get inspiration
from other system tests there, and see:


I have minor cosmetic comments that I’ll send separately.

Could you send a v3 addressing these issues?

Thanks!

Ludo’.
L
L
Ludovic Courtès wrote on 8 Apr 2022 23:26
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
87k0bz9shv.fsf_-_@gnu.org
Simon Streit <simon@netpanic.org> skribis:

Toggle quote (4 lines)
> * gnu/services/samba.scm (<samba-configuration>): New record.
> (samba-service-type): New variable.
> (samba-shepherd-services): New Procedure.

Just write “New file.”, that’s enough.

Please also add it to gnu/local.mk and to po/guix/POTFILES.in.

[...]

Toggle quote (7 lines)
> + #:export (samba-service-type
> + samba-configuration
> + samba-smb-conf
> +
> + wsdd-service-type
> + wsdd-configuration))

These two lines shouldn’t be here for now. :-)

Toggle quote (13 lines)
> +(define samba-service-type
> + (service-type
> + (name 'samba)
> + (description "Samba")
> + (extensions
> + (list (service-extension shepherd-root-service-type
> + samba-shepherd-services)
> + (service-extension activation-service-type
> + samba-activation)
> + (service-extension profile-service-type
> + (compose list samba-configuration-package))))
> + (default-value (samba-configuration))))

Please add a ‘description’ field with Texinfo markup (it’s the
description you see when running ‘guix system search’.)
L
L
Ludovic Courtès wrote on 8 Apr 2022 23:35
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
87czhr9s23.fsf_-_@gnu.org
Simon Streit <simon@netpanic.org> skribis:

Toggle quote (3 lines)
> +@cindex samba
> +@cindex smb

“Samba” and “SMB”.

Toggle quote (2 lines)
> +The @code{(gnu services samba)} module provides Guix service definitions

s/Guix//

Toggle quote (5 lines)
> +for Samba as well as additional helper services. Currently it provides
> +the following services:
> +
> +@subsubheading Samba

Remove colon after “services” (what follows is not a bullet list).

Toggle quote (2 lines)
> +Samba provides network shares for folder and printers,

How about:

@uref{https://www.samba.org, Samba} provides networks shares for
folders and printers using the SMB/CIFS protocol commonly used on
Windows.

Toggle quote (3 lines)
> it can also be an
> +AD DC for other samba hosts in an heterougenious network with different

What’s an “AD DC”? In general please expand acronyms on their first
occurrence.

Toggle quote (2 lines)
> +types of Computer systems.

Lowercase.

Toggle quote (2 lines)
> +@defvar{samba-service-type}

Please use @defvr as is done elsewhere in the manual.

Toggle quote (5 lines)
> +The service type to enable the samba services @code{samba}, @code{nmbd},
> +@code{smbd} and @code{winbindd}. By default this service type does not
> +run as an AD DC, hence @code{samba} remains disabled. It is recommended
> +that Samba's package is added to the system profile to have the tool-set

Samba is now added to the system profile, right? Should this sentence
be removed?

Ludo’.
L
L
Ludovic Courtès wrote on 8 Apr 2022 23:41
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
878rsf9rsz.fsf_-_@gnu.org
Simon Streit <simon@netpanic.org> skribis:

Toggle quote (5 lines)
> +@cindex wsdd
> +@subsubheading Web Service Discovery Daemon
> +
> +Web Service Discovery Daemon implements the WSD protocoll.

Please provide a bit of context, for example:

The Web Service Discovery daemon (wsdd) implements, not surprisingly,
Web Service Discovery (WSD), a protocol for …

Toggle quote (4 lines)
> It is a
> +drop-in replacement for host discovery that lack support for the SMBv1
> +protocol.

That too would need a bit more context IMO.

Toggle quote (1 lines)
> +@defvr{Scheme Variable} wsdd-service-type
^
Missing space (in other similar places too).

Toggle quote (2 lines)
> +Service type for the Web Service Discoery host daemon. The value for

Typo; but you can write “WSD” here, since that has been introduced
above.

Toggle quote (4 lines)
> +@item @code{ipv6only} (default: @code{#f})
> +Only listen to ipv6 addresses. Please note: Activating both options is
> +not possible, since there would be no ip versions to listen to.

“IPv6”, “IP”.

Toggle quote (3 lines)
> +@item @code{chroot} (default: @code{#f})
> +Chroot into a sperate directory to prevent access to other directories.

“separate”

Toggle quote (5 lines)
> +This is to increase security in case there is a vulnerability in
> +@command{wsdd}.
> +
> +@item @code{hoplimit} (default: @code{1})

s/hoplimit/hop-limit/ (two words), and in the code too.

Toggle quote (2 lines)
> +@item @code{hostname} (default: @code{#f})

Likewise, preferably ‘host-name’.

Ludo’.
L
L
Ludovic Courtès wrote on 8 Apr 2022 23:43
(name . Simon Streit)(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
874k339rp6.fsf_-_@gnu.org
Simon Streit <simon@netpanic.org> skribis:

Toggle quote (4 lines)
> * gnu/services/samba.scm (<wsdd-configuration>): New record.
> (wsdd-service-type): New variable.
> (wsdd-shepherd-services): New procedure.

Just “New file.” and add it to gnu/local.mk.

Toggle quote (6 lines)
> +(define wsdd-shepherd-service
> + (match-lambda
> + (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit
> + interfaces uuid-device domain hostname
> + preserve-case? workgroup)

Please use ‘match-record’ instead; it is less error-prone.

Toggle quote (5 lines)
> +(define wsdd-service-type
> + (service-type
> + (name 'wsdd)
> + (description "Web Service Discovery Daemon")

Please write full sentences in ‘description’, possibly with Texinfo
markup.

Ludo’.
M
M
Maxime Devos wrote on 9 Apr 2022 10:29
Re: [bug#54561] v2 [PATCH 3/5] doc: Add documentation for WSDD service.
2b604a916fc1623d82f5e496d310975c8351fe51.camel@telenet.be
Simon Streit schreef op vr 08-04-2022 om 20:21 [+0200]:
Toggle quote (4 lines)
> +@item @code{hostname} (default: @code{#f})
> +Manually set the hostname rather than letting @command{wsdd} inherit
> +this host's hostname.

In what format does the DNS name need to be:

* with trailing dot: foo.net.
* without trailing dot: foo.net
* non-punycoded: é.net
* punycoded: <something with xn-...>
* doesn't matter

?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYlFD0xccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ltxAQD6+2UAu3LufoSvBJ3imZ/xGuw4
NMlgTbRgt08uwkb97wD+L3Dgofs2xipH79B7fdQhlGYFMQgSHfvn2hTfroyEfA8=
=RCdr
-----END PGP SIGNATURE-----


S
[PATCH v3 1/4] gnu: samba: Add avahi to inputs.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220728222215.21126-2-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* gnu/packages/samba.scm (samba) <inputs>: Add avahi.
---
gnu/packages/samba.scm | 3 +++
1 file changed, 3 insertions(+)

Toggle diff (30 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index f6ead57cc1..da7d9ef2d3 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -12,6 +12,7 @@
;;; Copyright © 2020, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2022 Jean-Pierre De Jesus DIAZ <me@jeandudey.tech>
;;; Copyright © 2022 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,6 +41,7 @@ (define-module (gnu packages samba)
#:use-module (gnu packages acl)
#:use-module (gnu packages admin)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages avahi)
#:use-module (gnu packages backup)
#:use-module (gnu packages base)
#:use-module (gnu packages check)
@@ -239,6 +241,7 @@ (define-public samba
#:tests? #f))
(inputs
(list acl
+ avahi
cmocka
cups
gamin
--
2.37.1
S
[PATCH v3 3/4] gnu: Add wsdd.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220728222215.21126-4-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* gnu/packages/samba.scm (wsdd): New variable.
---
gnu/packages/samba.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index da7d9ef2d3..4edcf9c148 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -35,6 +35,7 @@ (define-module (gnu packages samba)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system copy)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (gnu packages)
@@ -505,3 +506,30 @@ (define-public ppp
license:bsd-4
license:gpl2+
license:public-domain))))
+
+(define-public wsdd
+ (package
+ (name "wsdd")
+ (version "0.7.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/christgau/wsdd")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "04an2w6hamnai668ag4vq8x0i09fsg2jrayb4a7ar0x6bn837k7m"))))
+ (build-system copy-build-system)
+ (inputs
+ `(("python" ,python)))
+ (arguments
+ '(#:install-plan
+ '(("src/wsdd.py" "bin/wsdd")
+ ("man/wsdd.1" "share/man/man1/"))))
+ (home-page "https://github.com/christgau/wsdd")
+ (synopsis "A Web Service Discovery host daemon")
+ (description "This daemon allows (Samba) hosts to be found by Web
+Service Dicovery Clients. It also implements the client side of the
+discovery protocol which allows to search for devices implementing
+WSD.")
+ (license license:expat)))
--
2.37.1
S
[PATCH v3 2/4] services: Add samba service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220728222215.21126-3-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* doc/guix.texi: Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/local.mk (samba.scm): Add it.
* gnu/services/samba.scm: New file.
* gnu/tests/samba.scm: New file.
* po/guix/POTFILES.in Add it.
---
doc/guix.texi | 53 ++++++++++++
gnu/local.mk | 2 +
gnu/services/samba.scm | 182 +++++++++++++++++++++++++++++++++++++++++
gnu/tests/samba.scm | 158 +++++++++++++++++++++++++++++++++++
po/guix/POTFILES.in | 1 +
5 files changed, 396 insertions(+)
create mode 100644 gnu/services/samba.scm
create mode 100644 gnu/tests/samba.scm

Toggle diff (471 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 12ecc1b952..614d0a0e03 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -106,6 +106,7 @@ Copyright @copyright{} 2022 Philip M@sup{c}Grath@*
Copyright @copyright{} 2022 Karl Hallsby@*
Copyright @copyright{} 2022 Justin Veilleux@*
Copyright @copyright{} 2022 Reily Siegel@*
+Copyright @copyright{} 2022 Simon Streit@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -385,6 +386,7 @@ Services
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -17451,6 +17453,7 @@ declaration.
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -31194,6 +31197,56 @@ The verbosity level of the daemon.
@end table
@end deftp
+@node Samba Services, Continuous Integration, Network File System, Services
+@subsection Samba Services
+
+@cindex Samba
+@cindex SMB
+The @code{(gnu services samba)} module provides service definitions for
+Samba as well as additional helper services. Currently it provides the
+following services.
+
+@subsubheading Samba
+
+@uref{https://www.samba.org, Samba} provides network shares for folders
+and printers using the SMB/CIFS protocol commonly used on Windows. It
+can also act as an Active Directory Domain Controller (AD DC) for other
+hosts in an heterougenious network with different types of Computer
+systems.
+
+@defvar {Scheme variable} samba-service-type
+
+The service type to enable the samba services @code{samba}, @code{nmbd},
+@code{smbd} and @code{winbindd}. By default this service type does not
+run as an AD DC, hence @code{samba} remains disabled.
+
+@end defvar
+
+@deftp{Data Type} samba-service-configuration
+Configuration record for the Samba suite.
+
+@table @asis
+@item @code{package} (default: @code{samba})
+The samba package to use.
+
+@item @code{config-file} (default: @code{#f})
+The config file to use.
+
+@item @code{enable-samba?} (default: @code{#f})
+Manually enable the @code{samba} daemon.
+
+@item @code{enable-smbd?} (default: @code{#f})
+Manually enable the @code{smbd} daemon.
+
+@item @code{enable-nmbd?} (default: @code{#f})
+Manually enable the @code{nmbd} daemon.
+
+@item @code{enable-winbindd?} (default: @code{#f})
+Manually enable the @code{winbindd} daemon.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
diff --git a/gnu/local.mk b/gnu/local.mk
index 72637761d5..9c1f5ff5b8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -676,6 +676,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/herd.scm \
%D%/services/pm.scm \
%D%/services/rsync.scm \
+ %D%/services/samba.scm \
%D%/services/sddm.scm \
%D%/services/spice.scm \
%D%/services/ssh.scm \
@@ -754,6 +755,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/package-management.scm \
%D%/tests/reconfigure.scm \
%D%/tests/rsync.scm \
+ %D%/tests/samba.scm \
%D%/tests/security-token.scm \
%D%/tests/singularity.scm \
%D%/tests/ssh.scm \
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
new file mode 100644
index 0000000000..2c9e52a0b0
--- /dev/null
+++ b/gnu/services/samba.scm
@@ -0,0 +1,182 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services samba)
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages samba)
+
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services base)
+ #:use-module (gnu system shadow)
+
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix modules)
+ #:use-module (guix records)
+
+ #:use-module (ice-9 format)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 textual-ports)
+ #:use-module (srfi srfi-1)
+
+ #:export (samba-service-type
+ samba-configuration
+ samba-smb-conf))
+
+(define %smb-conf
+ (plain-file "smb.conf" "[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+"))
+
+(define-record-type* <samba-configuration>
+ samba-configuration
+ make-samba-configuration
+ samba-configuration?
+ (package samba-configuration-package
+ (default samba))
+ (config-file samba-configuration-config-file
+ (default #f))
+ (enable-samba? samba-configuration-enable-samba?
+ (default #f))
+ (enable-smbd? samba-configuration-enable-smbd?
+ (default #t))
+ (enable-nmbd? samba-configuration-enable-nmbd?
+ (default #t))
+ (enable-winbindd? samba-configuration-enable-winbindd?
+ (default #t)))
+
+(define (samba-activation config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (with-imported-modules '((guix build utils))
+ (let ((lib-dir "/var/lib/samba")
+ (log-dir "/var/log/samba")
+ (run-dir "/var/run/samba")
+ (lock-dir "/var/lock/samba")
+ (cache-dir "/var/cache/samba")
+ (etc-dir "/etc/samba")
+ (smb.conf "/etc/samba/smb.conf"))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p #$etc-dir)
+ (mkdir-p #$lib-dir)
+ (mkdir-p/perms (string-append #$lib-dir "/private")
+ (getpwnam "root") #o700)
+ (mkdir-p #$log-dir)
+ (mkdir-p #$run-dir)
+ (mkdir-p #$lock-dir)
+ (mkdir-p #$cache-dir)
+ (copy-file #$config-file #$smb.conf)
+ (invoke #$(file-append package "/bin/testparm")
+ "--suppress-prompt" #$smb.conf))))))
+
+(define (samba-samba-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Samba")
+ (provision '(samba-samba))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/samba")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-nmbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run NMBD")
+ (provision '(samba-nmbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/nmbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-smbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run SMBD")
+ (provision '(samba-smbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/smbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-winbindd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Winnbindd for Name Service Switch")
+ (provision '(samba-winbindd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/winbindd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-shepherd-services config)
+ (append (if (samba-configuration-enable-samba? config)
+ (samba-samba-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-nmbd? config)
+ (samba-nmbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-smbd? config)
+ (samba-smbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-winbindd? config)
+ (samba-winbindd-shepherd-service config)
+ '())))
+
+(define samba-service-type
+ (service-type
+ (name 'samba)
+ (description "Run @uref{https://www.samba.org/, Samba}, a network file and
+print service for all clients using the SMB/CIFS protocol. Samba is an
+important component to seamlessly integrate Linux/Unix Servers and Desktops
+into Active Directory environments. It can function both as a domain
+controller or as a regular domain member.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ samba-shepherd-services)
+ (service-extension activation-service-type
+ samba-activation)
+ (service-extension profile-service-type
+ (compose list samba-configuration-package))))
+ (default-value (samba-configuration))))
diff --git a/gnu/tests/samba.scm b/gnu/tests/samba.scm
new file mode 100644
index 0000000000..27d7ea49c3
--- /dev/null
+++ b/gnu/tests/samba.scm
@@ -0,0 +1,158 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests samba)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services samba)
+ #:use-module (gnu packages samba)
+ #:use-module (guix gexp)
+ #:use-module (guix store)
+ #:export (%test-samba))
+
+
+;;;
+;;; The Samba service.
+;;;
+
+(define %samba-os
+ (let ((base-os (simple-operating-system
+ (simple-service 'create-target-directory activation-service-type
+ #~(begin
+ (mkdir-p "/srv/samba/guest")
+ (chown "/srv/samba/guest"
+ (passwd:uid (getpw "nobody"))
+ (passwd:gid (getpw "nobody")))))
+ (service dhcp-client-service-type)
+ (service samba-service-type
+ (samba-configuration
+ (config-file (plain-file "smb.conf" "
+[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+
+[guest]
+ path = /srv/samba/guest
+ read only = no
+ guest ok = yes
+ guest only = yes
+")))))))
+ (operating-system
+ (inherit base-os)
+ (packages (cons samba (operating-system-packages base-os))))))
+
+(define* (run-samba-test)
+ "Return a test of an OS running Samba service."
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %samba-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings '((8135 . 135)
+ (8137 . 137)
+ (8138 . 138)
+ (8445 . 445)))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "samba")
+
+ (test-assert "samba-smbd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-smbd))
+ marionette))
+
+ (test-assert "samba-nmbd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-nmbd))
+ marionette))
+
+ (test-assert "samba-winbindd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-winbindd))
+ marionette))
+
+ (test-assert "smbd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/smbd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "nmbd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/nmbd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "winbindd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/winbindd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "samba-smbd is listening for peers"
+ (wait-for-tcp-port 445 marionette))
+
+ (test-equal "smbclient connect"
+ 0
+ (marionette-eval
+ '(system* #$(file-append samba "/bin/smbclient")
+ "--list=localhost" "--no-pass")
+ marionette))
+
+ (test-equal "smbclient connect"
+ 0
+ (marionette-eval
+ '(system* #$(file-append samba "/bin/smbclient")
+ "--list=localhost" "--no-pass")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "samba-test" test))
+
+(define %test-samba
+ (system-test
+ (name "samba")
+ (description "Connect to a running Samba daemon.")
+ (value (run-samba-test))))
diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in
index f50dd00422..9088a627ff 100644
--- a/po/guix/POTFILES.in
+++ b/po/guix/POTFILES.in
@@ -6,6 +6,7 @@ gnu/services.scm
gnu/system.scm
gnu/services/configuration.scm
gnu/services/shepherd.scm
+gnu/services/samba.scm
gnu/home/services.scm
gnu/home/services/ssh.scm
gnu/home/services/symlink-manager.scm
--
2.37.1
S
[PATCH v3 0/4] Add samba and wsdd to services list.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220728222215.21126-1-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

Hello, here my third iteration preparing this patch series.

Now there are tests included too. There is a slight modification in samba's
package declaration to include avahi as a dependency. Samba uses avahi to
advertise instances to other hosts that understand mDNS through avahi.

Simon Streit (4):
gnu: samba: Add avahi to inputs.
services: Add samba service.
gnu: Add wsdd.
services: Add wsdd service.

doc/guix.texi | 122 ++++++++++++++++++
gnu/local.mk | 2 +
gnu/packages/samba.scm | 31 +++++
gnu/services/samba.scm | 285 +++++++++++++++++++++++++++++++++++++++++
gnu/tests/samba.scm | 217 +++++++++++++++++++++++++++++++
po/guix/POTFILES.in | 1 +
6 files changed, 658 insertions(+)
create mode 100644 gnu/services/samba.scm
create mode 100644 gnu/tests/samba.scm

--
2.37.1
S
[PATCH v3 4/4] services: Add wsdd service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220728222215.21126-5-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* doc/guix.texi: Add documentation for wsdd service.
* gnu/services/samba.scm (<wsdd-configuration>): New record.
(wsdd-service-type): New variable.
(wsdd-shepherd-services): New procedure.
* gnu/tests/samba.scm: wsdd test.
---
doc/guix.texi | 69 +++++++++++++++++++++++++++
gnu/services/samba.scm | 105 ++++++++++++++++++++++++++++++++++++++++-
gnu/tests/samba.scm | 61 +++++++++++++++++++++++-
3 files changed, 233 insertions(+), 2 deletions(-)

Toggle diff (278 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 614d0a0e03..c168f063c3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31247,6 +31247,75 @@ Manually enable the @code{winbindd} daemon.
@end table
@end deftp
+@cindex wsdd
+@subsubheading Web Service Discovery Daemon
+
+Web Service Discovery Daemon implements
+@uref{http://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html,
+Web Services Dynamic Discovery} protocol that enables host discovery --
+similar to Avahi -- over Multicast DNS. It is a drop-in replacement for
+SMB hosts that have had SMBv1 disabled for security reasons.
+
+@defvr {Scheme Variable} wsdd-service-type
+
+Service type for the WSD host daemon. The value for
+this service type is a @code{wsdd-configuration} record. The details
+for the @code{wsdd-configuration} record type are given below.
+@end defvr
+
+@deftp{Data Type} wsdd-configuration This data type represents the
+configuration for the wsdd service.
+
+@table @asis
+
+@item @code{package} (default: @code{wsdd})
+The wsdd package to use.
+
+@item @code{ipv4only?} (default: @code{#f})
+Only listen to IPv4 addresses.
+
+@item @code{ipv6only} (default: @code{#f})
+Only listen to IPv6 addresses. Please note: Activating both options is
+not possible, since there would be no IP versions to listen to.
+
+@item @code{chroot} (default: @code{#f})
+Chroot into a separate directory to prevent access to other directories.
+This is to increase security in case there is a vulnerability in
+@command{wsdd}.
+
+@item @code{hop-limit} (default: @code{1})
+Limit to the level of hops for multicast packets. The default is
+@var{1} which should prevent packets from leaving the local network.
+
+@item @code{interface} (default: @code{'()})
+Limit to the given list of interfaces to listen to. By default wsdd
+will listen to all interfaces. Except the loopback interface is never
+used.
+
+@item @code{uuid-device} (default: @code{#f})
+The WSD protocol requires a device to have a UUID. Set this to manually
+assign the service a UUID.
+
+@item @code{domain} (default: @code{#f})
+Notify this host is a member of an Active Directory.
+
+@item @code{host-name} (default: @code{#f})
+Manually set the hostname rather than letting @command{wsdd} inherit
+this host's hostname. Only the host name part of a possible FQDN will
+be used in the default case.
+
+@item @code{preserve-case?} (default: @code{#f})
+By default @command{wsdd} will convert the hostname in workgroup to all
+uppercase. The opposite is true for hostnames in domains. Setting this
+parameter will preserve case.
+
+@item @code{workgroup} (default: @var{"WORKGROUP"})
+Change the name of the workgroup. By default @command{wsdd} reports
+this host being member of a workgroup.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
index 2c9e52a0b0..c1f9033d63 100644
--- a/gnu/services/samba.scm
+++ b/gnu/services/samba.scm
@@ -41,7 +41,10 @@ (define-module (gnu services samba)
#:export (samba-service-type
samba-configuration
- samba-smb-conf))
+ samba-smb-conf
+
+ wsdd-service-type
+ wsdd-configuration))
(define %smb-conf
(plain-file "smb.conf" "[global]
@@ -180,3 +183,103 @@ (define samba-service-type
(service-extension profile-service-type
(compose list samba-configuration-package))))
(default-value (samba-configuration))))
+
+
+;;;
+;;; WSDD
+;;;
+
+(define-record-type* <wsdd-configuration>
+ wsdd-configuration
+ make-wsdd-configuration
+ wsdd-configuration?
+ (package wsdd-configuration-package
+ (default wsdd))
+ (ipv4only? wsdd-configuration-ipv4only?
+ (default #f))
+ (ipv6only? wsdd-configuration-ipv6only?
+ (default #f))
+ (chroot wsdd-configuration-chroot
+ (default #f))
+ (hoplimit wsdd-configuration-hoplimit
+ (default 1))
+ (interfaces wsdd-configuration-interfaces
+ (default '()))
+ (uuid-device wsdd-configuration-uuid-device
+ (default #f))
+ (domain wsdd-configuration-domain
+ (default #f))
+ (hostname wsdd-configuration-hostname
+ (default #f))
+ (preserve-case? wsdd-configuration-preserve-case?
+ (default #f))
+ (workgroup wsdd-configuration-workgroup
+ (default "WORKGROUP")))
+
+(define wsdd-accounts
+ (list
+ (user-group (name "wsdd"))
+ (user-account (name "wsdd")
+ (group "wsdd")
+ (comment "Web Service Discovery user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define wsdd-shepherd-service
+ (match-lambda
+ (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit
+ interfaces uuid-device domain hostname
+ preserve-case? workgroup)
+ (list (shepherd-service
+ (documentation "Run a Web Service Discovery service")
+ (provision '(wsdd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/bin/wsdd")
+ #$@(if ipv4only?
+ #~("--ipv4only")
+ '())
+ #$@(if ipv6only?
+ #~("--ipv6only")
+ '())
+ #$@(if chroot
+ #~("--chroot" #$chroot)
+ '())
+ #$@(if hoplimit
+ #~("--hoplimit" #$(number->string hoplimit))
+ '())
+ #$@(map (lambda (interfaces)
+ (string-append "--interface=" interfaces))
+ interfaces)
+ #$@(if uuid-device
+ #~("--uuid" #$uuid-device)
+ '())
+ #$@(if domain
+ #~("--domain" #$domain)
+ '())
+ #$@(if hostname
+ #~("--hostname" #$hostname)
+ '())
+ #$@(if preserve-case?
+ #~("--preserve-case")
+ '())
+ #$@(if workgroup
+ #~("--workgroup" #$workgroup)
+ '()))
+ #:user "wsdd"
+ #:group "wsdd"
+ #:log-file "/var/log/wsdd.log"))
+ (stop #~(make-kill-destructor)))))))
+
+(define wsdd-service-type
+ (service-type
+ (name 'wsdd)
+ (description "Web Service Discovery Daemon")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ wsdd-shepherd-service)
+ (service-extension account-service-type
+ (const wsdd-accounts))
+ (service-extension profile-service-type
+ (compose list wsdd-configuration-package))))
+ (default-value (wsdd-configuration))))
diff --git a/gnu/tests/samba.scm b/gnu/tests/samba.scm
index 27d7ea49c3..6b065cd5de 100644
--- a/gnu/tests/samba.scm
+++ b/gnu/tests/samba.scm
@@ -26,7 +26,8 @@ (define-module (gnu tests samba)
#:use-module (gnu packages samba)
#:use-module (guix gexp)
#:use-module (guix store)
- #:export (%test-samba))
+ #:export (%test-samba
+ %test-wsdd))
;;;
@@ -156,3 +157,61 @@ (define %test-samba
(name "samba")
(description "Connect to a running Samba daemon.")
(value (run-samba-test))))
+
+
+;;;
+;;; The wsdd service.
+;;;
+
+(define %wsdd-os
+ (let ((base-os (simple-operating-system
+ (service dhcp-client-service-type)
+ (service wsdd-service-type))))
+ (operating-system
+ (inherit base-os)
+ (packages (cons wsdd (operating-system-packages base-os))))))
+
+(define* (run-wsdd-test)
+ "Return a test of an OS running wsdd service."
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %wsdd-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings '((8135 . 135)
+ (8137 . 137)
+ (8138 . 138)
+ (8445 . 445)))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "wsdd")
+
+ ;; Here shall be more tests to begin with.
+
+ (test-assert "wsdd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'wsdd))
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "samba-test" test))
+
+(define %test-wsdd
+ (system-test
+ (name "wsdd")
+ (description "Connect to a running wsdd daemon.")
+ (value (run-wsdd-test))))
--
2.37.1
S
S
simon wrote on 8 Aug 2022 16:56
[PATCH v3 0/4] Add samba and wsdd to services list.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220808145643.3445-1-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

Hello, here my third iteration preparing this patch series.

Now there are tests included too. There is a slight modification in samba's
package declaration to include avahi as a dependency. Samba uses avahi to
advertise instances to other hosts that understand mDNS through avahi.

Simon Streit (4):
gnu: samba: Add avahi to inputs.
services: Add samba service.
gnu: Add wsdd.
services: Add wsdd service.

doc/guix.texi | 122 ++++++++++++++++++
gnu/local.mk | 2 +
gnu/packages/samba.scm | 31 +++++
gnu/services/samba.scm | 285 +++++++++++++++++++++++++++++++++++++++++
gnu/tests/samba.scm | 217 +++++++++++++++++++++++++++++++
po/guix/POTFILES.in | 1 +
6 files changed, 658 insertions(+)
create mode 100644 gnu/services/samba.scm
create mode 100644 gnu/tests/samba.scm

--
2.37.1
S
S
simon wrote on 8 Aug 2022 16:56
[PATCH v3 2/4] services: Add samba service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220808145643.3445-3-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* doc/guix.texi: Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/local.mk (samba.scm): Add it.
* gnu/services/samba.scm: New file.
* gnu/tests/samba.scm: New file.
* po/guix/POTFILES.in Add it.
---
doc/guix.texi | 53 ++++++++++++
gnu/local.mk | 2 +
gnu/services/samba.scm | 182 +++++++++++++++++++++++++++++++++++++++++
gnu/tests/samba.scm | 158 +++++++++++++++++++++++++++++++++++
po/guix/POTFILES.in | 1 +
5 files changed, 396 insertions(+)
create mode 100644 gnu/services/samba.scm
create mode 100644 gnu/tests/samba.scm

Toggle diff (471 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 12ecc1b952..614d0a0e03 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -106,6 +106,7 @@ Copyright @copyright{} 2022 Philip M@sup{c}Grath@*
Copyright @copyright{} 2022 Karl Hallsby@*
Copyright @copyright{} 2022 Justin Veilleux@*
Copyright @copyright{} 2022 Reily Siegel@*
+Copyright @copyright{} 2022 Simon Streit@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -385,6 +386,7 @@ Services
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -17451,6 +17453,7 @@ declaration.
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
+* Samba Services:: Samba services.
* Continuous Integration:: Cuirass and Laminar services.
* Power Management Services:: Extending battery life.
* Audio Services:: The MPD.
@@ -31194,6 +31197,56 @@ The verbosity level of the daemon.
@end table
@end deftp
+@node Samba Services, Continuous Integration, Network File System, Services
+@subsection Samba Services
+
+@cindex Samba
+@cindex SMB
+The @code{(gnu services samba)} module provides service definitions for
+Samba as well as additional helper services. Currently it provides the
+following services.
+
+@subsubheading Samba
+
+@uref{https://www.samba.org, Samba} provides network shares for folders
+and printers using the SMB/CIFS protocol commonly used on Windows. It
+can also act as an Active Directory Domain Controller (AD DC) for other
+hosts in an heterougenious network with different types of Computer
+systems.
+
+@defvar {Scheme variable} samba-service-type
+
+The service type to enable the samba services @code{samba}, @code{nmbd},
+@code{smbd} and @code{winbindd}. By default this service type does not
+run as an AD DC, hence @code{samba} remains disabled.
+
+@end defvar
+
+@deftp{Data Type} samba-service-configuration
+Configuration record for the Samba suite.
+
+@table @asis
+@item @code{package} (default: @code{samba})
+The samba package to use.
+
+@item @code{config-file} (default: @code{#f})
+The config file to use.
+
+@item @code{enable-samba?} (default: @code{#f})
+Manually enable the @code{samba} daemon.
+
+@item @code{enable-smbd?} (default: @code{#f})
+Manually enable the @code{smbd} daemon.
+
+@item @code{enable-nmbd?} (default: @code{#f})
+Manually enable the @code{nmbd} daemon.
+
+@item @code{enable-winbindd?} (default: @code{#f})
+Manually enable the @code{winbindd} daemon.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
diff --git a/gnu/local.mk b/gnu/local.mk
index 72637761d5..9c1f5ff5b8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -676,6 +676,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/herd.scm \
%D%/services/pm.scm \
%D%/services/rsync.scm \
+ %D%/services/samba.scm \
%D%/services/sddm.scm \
%D%/services/spice.scm \
%D%/services/ssh.scm \
@@ -754,6 +755,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/package-management.scm \
%D%/tests/reconfigure.scm \
%D%/tests/rsync.scm \
+ %D%/tests/samba.scm \
%D%/tests/security-token.scm \
%D%/tests/singularity.scm \
%D%/tests/ssh.scm \
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
new file mode 100644
index 0000000000..2c9e52a0b0
--- /dev/null
+++ b/gnu/services/samba.scm
@@ -0,0 +1,182 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services samba)
+
+ #:use-module (gnu packages)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages samba)
+
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services base)
+ #:use-module (gnu system shadow)
+
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (guix modules)
+ #:use-module (guix records)
+
+ #:use-module (ice-9 format)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 textual-ports)
+ #:use-module (srfi srfi-1)
+
+ #:export (samba-service-type
+ samba-configuration
+ samba-smb-conf))
+
+(define %smb-conf
+ (plain-file "smb.conf" "[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+"))
+
+(define-record-type* <samba-configuration>
+ samba-configuration
+ make-samba-configuration
+ samba-configuration?
+ (package samba-configuration-package
+ (default samba))
+ (config-file samba-configuration-config-file
+ (default #f))
+ (enable-samba? samba-configuration-enable-samba?
+ (default #f))
+ (enable-smbd? samba-configuration-enable-smbd?
+ (default #t))
+ (enable-nmbd? samba-configuration-enable-nmbd?
+ (default #t))
+ (enable-winbindd? samba-configuration-enable-winbindd?
+ (default #t)))
+
+(define (samba-activation config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (with-imported-modules '((guix build utils))
+ (let ((lib-dir "/var/lib/samba")
+ (log-dir "/var/log/samba")
+ (run-dir "/var/run/samba")
+ (lock-dir "/var/lock/samba")
+ (cache-dir "/var/cache/samba")
+ (etc-dir "/etc/samba")
+ (smb.conf "/etc/samba/smb.conf"))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p #$etc-dir)
+ (mkdir-p #$lib-dir)
+ (mkdir-p/perms (string-append #$lib-dir "/private")
+ (getpwnam "root") #o700)
+ (mkdir-p #$log-dir)
+ (mkdir-p #$run-dir)
+ (mkdir-p #$lock-dir)
+ (mkdir-p #$cache-dir)
+ (copy-file #$config-file #$smb.conf)
+ (invoke #$(file-append package "/bin/testparm")
+ "--suppress-prompt" #$smb.conf))))))
+
+(define (samba-samba-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Samba")
+ (provision '(samba-samba))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/samba")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-nmbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run NMBD")
+ (provision '(samba-nmbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/nmbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-smbd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run SMBD")
+ (provision '(samba-smbd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/smbd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-winbindd-shepherd-service config)
+ (let ((package (samba-configuration-package config))
+ (config-file (samba-configuration-config-file config)))
+ (list (shepherd-service
+ (documentation "Run Winnbindd for Name Service Switch")
+ (provision '(samba-winbindd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/winbindd")
+ (string-append "--configfile=" #$config-file)
+ "--foreground"
+ "--no-process-group")))
+ (stop #~(make-kill-destructor))))))
+
+(define (samba-shepherd-services config)
+ (append (if (samba-configuration-enable-samba? config)
+ (samba-samba-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-nmbd? config)
+ (samba-nmbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-smbd? config)
+ (samba-smbd-shepherd-service config)
+ '())
+ (if (samba-configuration-enable-winbindd? config)
+ (samba-winbindd-shepherd-service config)
+ '())))
+
+(define samba-service-type
+ (service-type
+ (name 'samba)
+ (description "Run @uref{https://www.samba.org/, Samba}, a network file and
+print service for all clients using the SMB/CIFS protocol. Samba is an
+important component to seamlessly integrate Linux/Unix Servers and Desktops
+into Active Directory environments. It can function both as a domain
+controller or as a regular domain member.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ samba-shepherd-services)
+ (service-extension activation-service-type
+ samba-activation)
+ (service-extension profile-service-type
+ (compose list samba-configuration-package))))
+ (default-value (samba-configuration))))
diff --git a/gnu/tests/samba.scm b/gnu/tests/samba.scm
new file mode 100644
index 0000000000..27d7ea49c3
--- /dev/null
+++ b/gnu/tests/samba.scm
@@ -0,0 +1,158 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests samba)
+ #:use-module (gnu tests)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services samba)
+ #:use-module (gnu packages samba)
+ #:use-module (guix gexp)
+ #:use-module (guix store)
+ #:export (%test-samba))
+
+
+;;;
+;;; The Samba service.
+;;;
+
+(define %samba-os
+ (let ((base-os (simple-operating-system
+ (simple-service 'create-target-directory activation-service-type
+ #~(begin
+ (mkdir-p "/srv/samba/guest")
+ (chown "/srv/samba/guest"
+ (passwd:uid (getpw "nobody"))
+ (passwd:gid (getpw "nobody")))))
+ (service dhcp-client-service-type)
+ (service samba-service-type
+ (samba-configuration
+ (config-file (plain-file "smb.conf" "
+[global]
+ workgroup = WORKGROUP
+ server string = Samba Server
+ server role = standalone server
+ log file = /var/log/samba/log.%m
+ logging = file
+
+[guest]
+ path = /srv/samba/guest
+ read only = no
+ guest ok = yes
+ guest only = yes
+")))))))
+ (operating-system
+ (inherit base-os)
+ (packages (cons samba (operating-system-packages base-os))))))
+
+(define* (run-samba-test)
+ "Return a test of an OS running Samba service."
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %samba-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings '((8135 . 135)
+ (8137 . 137)
+ (8138 . 138)
+ (8445 . 445)))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "samba")
+
+ (test-assert "samba-smbd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-smbd))
+ marionette))
+
+ (test-assert "samba-nmbd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-nmbd))
+ marionette))
+
+ (test-assert "samba-winbindd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'samba-winbindd))
+ marionette))
+
+ (test-assert "smbd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/smbd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "nmbd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/nmbd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "winbindd service process id"
+ (let ((pid
+ (number->string (wait-for-file "/var/run/samba/winbindd.pid"
+ marionette))))
+ (marionette-eval `(file-exists? (string-append "/proc/" ,pid))
+ marionette)))
+
+ (test-assert "samba-smbd is listening for peers"
+ (wait-for-tcp-port 445 marionette))
+
+ (test-equal "smbclient connect"
+ 0
+ (marionette-eval
+ '(system* #$(file-append samba "/bin/smbclient")
+ "--list=localhost" "--no-pass")
+ marionette))
+
+ (test-equal "smbclient connect"
+ 0
+ (marionette-eval
+ '(system* #$(file-append samba "/bin/smbclient")
+ "--list=localhost" "--no-pass")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "samba-test" test))
+
+(define %test-samba
+ (system-test
+ (name "samba")
+ (description "Connect to a running Samba daemon.")
+ (value (run-samba-test))))
diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in
index f50dd00422..9088a627ff 100644
--- a/po/guix/POTFILES.in
+++ b/po/guix/POTFILES.in
@@ -6,6 +6,7 @@ gnu/services.scm
gnu/system.scm
gnu/services/configuration.scm
gnu/services/shepherd.scm
+gnu/services/samba.scm
gnu/home/services.scm
gnu/home/services/ssh.scm
gnu/home/services/symlink-manager.scm
--
2.37.1
S
S
simon wrote on 8 Aug 2022 16:56
[PATCH v3 1/4] gnu: samba: Add avahi to inputs.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220808145643.3445-2-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* gnu/packages/samba.scm (samba) <inputs>: Add avahi.
---
gnu/packages/samba.scm | 3 +++
1 file changed, 3 insertions(+)

Toggle diff (30 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index f6ead57cc1..da7d9ef2d3 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -12,6 +12,7 @@
;;; Copyright © 2020, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2022 Jean-Pierre De Jesus DIAZ <me@jeandudey.tech>
;;; Copyright © 2022 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,6 +41,7 @@ (define-module (gnu packages samba)
#:use-module (gnu packages acl)
#:use-module (gnu packages admin)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages avahi)
#:use-module (gnu packages backup)
#:use-module (gnu packages base)
#:use-module (gnu packages check)
@@ -239,6 +241,7 @@ (define-public samba
#:tests? #f))
(inputs
(list acl
+ avahi
cmocka
cups
gamin
--
2.37.1
S
S
simon wrote on 8 Aug 2022 16:56
[PATCH v3 3/4] gnu: Add wsdd.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220808145643.3445-4-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* gnu/packages/samba.scm (wsdd): New variable.
---
gnu/packages/samba.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index da7d9ef2d3..4edcf9c148 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -35,6 +35,7 @@ (define-module (gnu packages samba)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system copy)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (gnu packages)
@@ -505,3 +506,30 @@ (define-public ppp
license:bsd-4
license:gpl2+
license:public-domain))))
+
+(define-public wsdd
+ (package
+ (name "wsdd")
+ (version "0.7.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference (url "https://github.com/christgau/wsdd")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "04an2w6hamnai668ag4vq8x0i09fsg2jrayb4a7ar0x6bn837k7m"))))
+ (build-system copy-build-system)
+ (inputs
+ `(("python" ,python)))
+ (arguments
+ '(#:install-plan
+ '(("src/wsdd.py" "bin/wsdd")
+ ("man/wsdd.1" "share/man/man1/"))))
+ (home-page "https://github.com/christgau/wsdd")
+ (synopsis "A Web Service Discovery host daemon")
+ (description "This daemon allows (Samba) hosts to be found by Web
+Service Dicovery Clients. It also implements the client side of the
+discovery protocol which allows to search for devices implementing
+WSD.")
+ (license license:expat)))
--
2.37.1
S
S
simon wrote on 8 Aug 2022 16:56
[PATCH v3 4/4] services: Add wsdd service.
(address . 54561@debbugs.gnu.org)(name . Simon Streit)(address . simon@netpanic.org)
20220808145643.3445-5-simon@netpanic.org
From: Simon Streit <simon@netpanic.org>

* doc/guix.texi: Add documentation for wsdd service.
* gnu/services/samba.scm (<wsdd-configuration>): New record.
(wsdd-service-type): New variable.
(wsdd-shepherd-services): New procedure.
* gnu/tests/samba.scm: wsdd test.
---
doc/guix.texi | 69 +++++++++++++++++++++++++++
gnu/services/samba.scm | 105 ++++++++++++++++++++++++++++++++++++++++-
gnu/tests/samba.scm | 61 +++++++++++++++++++++++-
3 files changed, 233 insertions(+), 2 deletions(-)

Toggle diff (278 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 614d0a0e03..c168f063c3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31247,6 +31247,75 @@ Manually enable the @code{winbindd} daemon.
@end table
@end deftp
+@cindex wsdd
+@subsubheading Web Service Discovery Daemon
+
+Web Service Discovery Daemon implements
+@uref{http://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html,
+Web Services Dynamic Discovery} protocol that enables host discovery --
+similar to Avahi -- over Multicast DNS. It is a drop-in replacement for
+SMB hosts that have had SMBv1 disabled for security reasons.
+
+@defvr {Scheme Variable} wsdd-service-type
+
+Service type for the WSD host daemon. The value for
+this service type is a @code{wsdd-configuration} record. The details
+for the @code{wsdd-configuration} record type are given below.
+@end defvr
+
+@deftp{Data Type} wsdd-configuration This data type represents the
+configuration for the wsdd service.
+
+@table @asis
+
+@item @code{package} (default: @code{wsdd})
+The wsdd package to use.
+
+@item @code{ipv4only?} (default: @code{#f})
+Only listen to IPv4 addresses.
+
+@item @code{ipv6only} (default: @code{#f})
+Only listen to IPv6 addresses. Please note: Activating both options is
+not possible, since there would be no IP versions to listen to.
+
+@item @code{chroot} (default: @code{#f})
+Chroot into a separate directory to prevent access to other directories.
+This is to increase security in case there is a vulnerability in
+@command{wsdd}.
+
+@item @code{hop-limit} (default: @code{1})
+Limit to the level of hops for multicast packets. The default is
+@var{1} which should prevent packets from leaving the local network.
+
+@item @code{interface} (default: @code{'()})
+Limit to the given list of interfaces to listen to. By default wsdd
+will listen to all interfaces. Except the loopback interface is never
+used.
+
+@item @code{uuid-device} (default: @code{#f})
+The WSD protocol requires a device to have a UUID. Set this to manually
+assign the service a UUID.
+
+@item @code{domain} (default: @code{#f})
+Notify this host is a member of an Active Directory.
+
+@item @code{host-name} (default: @code{#f})
+Manually set the hostname rather than letting @command{wsdd} inherit
+this host's hostname. Only the host name part of a possible FQDN will
+be used in the default case.
+
+@item @code{preserve-case?} (default: @code{#f})
+By default @command{wsdd} will convert the hostname in workgroup to all
+uppercase. The opposite is true for hostnames in domains. Setting this
+parameter will preserve case.
+
+@item @code{workgroup} (default: @var{"WORKGROUP"})
+Change the name of the workgroup. By default @command{wsdd} reports
+this host being member of a workgroup.
+
+@end table
+@end deftp
+
@node Continuous Integration
@subsection Continuous Integration
diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm
index 2c9e52a0b0..c1f9033d63 100644
--- a/gnu/services/samba.scm
+++ b/gnu/services/samba.scm
@@ -41,7 +41,10 @@ (define-module (gnu services samba)
#:export (samba-service-type
samba-configuration
- samba-smb-conf))
+ samba-smb-conf
+
+ wsdd-service-type
+ wsdd-configuration))
(define %smb-conf
(plain-file "smb.conf" "[global]
@@ -180,3 +183,103 @@ (define samba-service-type
(service-extension profile-service-type
(compose list samba-configuration-package))))
(default-value (samba-configuration))))
+
+
+;;;
+;;; WSDD
+;;;
+
+(define-record-type* <wsdd-configuration>
+ wsdd-configuration
+ make-wsdd-configuration
+ wsdd-configuration?
+ (package wsdd-configuration-package
+ (default wsdd))
+ (ipv4only? wsdd-configuration-ipv4only?
+ (default #f))
+ (ipv6only? wsdd-configuration-ipv6only?
+ (default #f))
+ (chroot wsdd-configuration-chroot
+ (default #f))
+ (hoplimit wsdd-configuration-hoplimit
+ (default 1))
+ (interfaces wsdd-configuration-interfaces
+ (default '()))
+ (uuid-device wsdd-configuration-uuid-device
+ (default #f))
+ (domain wsdd-configuration-domain
+ (default #f))
+ (hostname wsdd-configuration-hostname
+ (default #f))
+ (preserve-case? wsdd-configuration-preserve-case?
+ (default #f))
+ (workgroup wsdd-configuration-workgroup
+ (default "WORKGROUP")))
+
+(define wsdd-accounts
+ (list
+ (user-group (name "wsdd"))
+ (user-account (name "wsdd")
+ (group "wsdd")
+ (comment "Web Service Discovery user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define wsdd-shepherd-service
+ (match-lambda
+ (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit
+ interfaces uuid-device domain hostname
+ preserve-case? workgroup)
+ (list (shepherd-service
+ (documentation "Run a Web Service Discovery service")
+ (provision '(wsdd))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/bin/wsdd")
+ #$@(if ipv4only?
+ #~("--ipv4only")
+ '())
+ #$@(if ipv6only?
+ #~("--ipv6only")
+ '())
+ #$@(if chroot
+ #~("--chroot" #$chroot)
+ '())
+ #$@(if hoplimit
+ #~("--hoplimit" #$(number->string hoplimit))
+ '())
+ #$@(map (lambda (interfaces)
+ (string-append "--interface=" interfaces))
+ interfaces)
+ #$@(if uuid-device
+ #~("--uuid" #$uuid-device)
+ '())
+ #$@(if domain
+ #~("--domain" #$domain)
+ '())
+ #$@(if hostname
+ #~("--hostname" #$hostname)
+ '())
+ #$@(if preserve-case?
+ #~("--preserve-case")
+ '())
+ #$@(if workgroup
+ #~("--workgroup" #$workgroup)
+ '()))
+ #:user "wsdd"
+ #:group "wsdd"
+ #:log-file "/var/log/wsdd.log"))
+ (stop #~(make-kill-destructor)))))))
+
+(define wsdd-service-type
+ (service-type
+ (name 'wsdd)
+ (description "Web Service Discovery Daemon")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ wsdd-shepherd-service)
+ (service-extension account-service-type
+ (const wsdd-accounts))
+ (service-extension profile-service-type
+ (compose list wsdd-configuration-package))))
+ (default-value (wsdd-configuration))))
diff --git a/gnu/tests/samba.scm b/gnu/tests/samba.scm
index 27d7ea49c3..6b065cd5de 100644
--- a/gnu/tests/samba.scm
+++ b/gnu/tests/samba.scm
@@ -26,7 +26,8 @@ (define-module (gnu tests samba)
#:use-module (gnu packages samba)
#:use-module (guix gexp)
#:use-module (guix store)
- #:export (%test-samba))
+ #:export (%test-samba
+ %test-wsdd))
;;;
@@ -156,3 +157,61 @@ (define %test-samba
(name "samba")
(description "Connect to a running Samba daemon.")
(value (run-samba-test))))
+
+
+;;;
+;;; The wsdd service.
+;;;
+
+(define %wsdd-os
+ (let ((base-os (simple-operating-system
+ (service dhcp-client-service-type)
+ (service wsdd-service-type))))
+ (operating-system
+ (inherit base-os)
+ (packages (cons wsdd (operating-system-packages base-os))))))
+
+(define* (run-wsdd-test)
+ "Return a test of an OS running wsdd service."
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %wsdd-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings '((8135 . 135)
+ (8137 . 137)
+ (8138 . 138)
+ (8445 . 445)))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "wsdd")
+
+ ;; Here shall be more tests to begin with.
+
+ (test-assert "wsdd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'wsdd))
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "samba-test" test))
+
+(define %test-wsdd
+ (system-test
+ (name "wsdd")
+ (description "Connect to a running wsdd daemon.")
+ (value (run-wsdd-test))))
--
2.37.1
L
L
Lars-Dominik Braun wrote on 24 Sep 2022 09:48
Re: [PATCH v3 0/4] Add samba and wsdd to services list.
(address . simon@netpanic.org)(address . 54561-done@debbugs.gnu.org)
Yy62Oo6G1yoMx9o9@noor.fritz.box
Hi Simon,

Toggle quote (1 lines)
> Hello, here my third iteration preparing this patch series.
thanks for the update. I’ve been running it on my NAS for a few days
and it works quite well. I addressed Ludo’s remaining comments,
adjusted your commit messages and pushed your contribution as commit
4cbc1622961f62f8fc3613de0c8f215e0cde6494 and following.

Thank you very much,
Lars
Closed
L
L
Lars-Dominik Braun wrote on 25 Sep 2022 10:22
(address . simon@netpanic.org)(address . 54561@debbugs.gnu.org)
YzAPzHupNic2doei@noor.fritz.box
Hi,

Toggle quote (5 lines)
> > Hello, here my third iteration preparing this patch series.
> thanks for the update. I’ve been running it on my NAS for a few days
> and it works quite well. I addressed Ludo’s remaining comments,
> adjusted your commit messages and pushed your contribution as commit
> 4cbc1622961f62f8fc3613de0c8f215e0cde6494 and following.
I had to revert the commit adding avahi to samba in commit
dc7191302e6d099a26673e08b78eb5f4b2a2b17b and added it to core-updates
as commit 4d0befe66ae7fa731b566090b471107bc4828018 instead, because it
caused too many rebuilds.

Lars
?