[PATCH 0/4] Add service declarations for Samba

+++ b/gnu/services/samba.scm

+;;; GNU Guix --- Functional package management for GNU

+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>

+;;;

+;;; This file is part of GNU Guix.

+;;;

+;;; GNU Guix is free software; you can redistribute it and/or modify it

+;;; under the terms of the GNU General Public License as published by

+;;; the Free Software Foundation; either version 3 of the License, or (at

+;;; your option) any later version.

+;;;

+;;; GNU Guix is distributed in the hope that it will be useful, but

+;;; WITHOUT ANY WARRANTY; without even the implied warranty of

+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+;;; GNU General Public License for more details.

+;;;

+;;; You should have received a copy of the GNU General Public License

+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

+

+(define-module (gnu services samba)

+

+  #:use-module (gnu packages)

+  #:use-module (gnu packages base)

+  #:use-module (gnu packages admin)

+  #:use-module (gnu packages samba)

+

+  #:use-module (gnu services)

+  #:use-module (gnu services configuration)

+  #:use-module (gnu services shepherd)

+  #:use-module (gnu services base)

+  #:use-module (gnu system shadow)

+

+  #:use-module (guix gexp)

+  #:use-module (guix packages)

+  #:use-module (guix modules)

+  #:use-module (guix records)

+

+  #:use-module (ice-9 format)

+  #:use-module (ice-9 match)

+  #:use-module (ice-9 textual-ports)

+  #:use-module (srfi srfi-1)

+

+  #:export (samba-service-type

+            samba-configuration

+            samba-smb-conf

+

+            wsdd-service-type

+            wsdd-configuration))

+

+(define %smb-conf

+  (plain-file "smb.conf" "[global]

+    workgroup = WORKGROUP

+    server string = Samba Server

+    server role = standalone server

+    log file = /var/log/samba/log.%m

+    logging = file

+"))

+

+(define-record-type* <samba-configuration>

+  samba-configuration

+  make-samba-configuration

+  samba-configuration?

+  (package              samba-configuration-package

+                        (default samba))

+  (config-file          samba-configuration-config-file

+                        (default #f))

+  (enable-samba?        samba-configuration-enable-samba?

+                        (default #f))

+  (enable-smbd?         samba-configuration-enable-smbd?

+                        (default #t))

+  (enable-nmbd?         samba-configuration-enable-nmbd?

+                        (default #t))

+  (enable-winbindd?     samba-configuration-enable-winbindd?

+                        (default #t)))

+

+(define (samba-activation config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+    (with-imported-modules '((guix build utils))

+      (let ((lib-directory "/var/lib/samba")

+            (log-directory "/var/log/samba")

+            (run-directory "/var/run/samba")

+            (smb.conf "/etc/samba/smb.conf"))

+        #~(begin

+            (use-modules (guix build utils))

+

+            (mkdir-p #$log-directory)

+            (mkdir-p #$run-directory)

+            (mkdir-p (string-append #$lib-directory "/private"))

+            (mkdir-p "/etc/samba")

+            (copy-file #$config-file #$smb.conf)

+            (system* (string-append #$package "/bin/testparm")

+                     "--suppress-prompt" #$smb.conf))))))

+

+(define (samba-samba-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Samba")

+              (provision '(samba-samba))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/samba")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-nmbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run NMBD")

+              (provision '(samba-nmbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/nmbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-smbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run SMBD")

+              (provision '(samba-smbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/smbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-winbindd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Winnbindd for Name Service Switch")

+              (provision '(samba-winbindd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/winbindd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-shepherd-services config)

+  (append (if (samba-configuration-enable-samba? config)

+              (samba-samba-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-nmbd? config)

+              (samba-nmbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-smbd? config)

+              (samba-smbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-winbindd? config)

+              (samba-winbindd-shepherd-service config)

+              '())))

+

+(define samba-service-type

+  (service-type

+   (name 'samba)

+   (description "Samba")

+   (extensions

+    (list (service-extension shepherd-root-service-type

+                             samba-shepherd-services)

+          (service-extension activation-service-type

+                             samba-activation)))

+   (default-value (samba-configuration))))

+++ b/doc/guix.texi

+Copyright @copyright{} 2022 Simon Streit@*

+* Samba Services::              Samba services.

+@node Samba Services, Continuous Integration, Network File System, Services

+@subsection Samba Services

+

+@cindex samba

+@cindex smb

+The @code{(gnu services samba)} module provides Guix service definitions

+for Samba as well as additional helper services.  Currently it provides

+the following services:

+

+@subsubheading Samba

+

+Samba provides network shares for folder and printers, it can also be an

+AD DC for other samba hosts in an heterougenious network with different

+types of Computer systems.

+

+@defvar{samba-service-type}

+

+The service type to enable the samba services @code{samba}, @code{nmbd},

+@code{smbd} and @code{winbindd}.  By default this service type does not

+run as an AD DC, hence @code{samba} remains disabled.  It is recommended

+that Samba's package is added to the system profile to have the tool-set

+available for modifications in Samba's runtime directories.

+

+@end defvar

+

+@deftp{Data Type} samba-service-configuration

+Configuration record for the Samba suite.

+

+@table @asis

+@item @code{package} (default: @code{samba})

+The samba package to use.

+

+@item @code{config-file} (default: @code{#f})

+The config file to use.  Please note: Setting this variable will disable

+all config options that come after @code{enable-winbindd?}.

+

+@item @code{enable-samba?} (default: @code{#f})

+Manually enable the @code{samba} daemon.

+

+@item @code{enable-smbd?} (default: @code{#f})

+Manually enable the @code{smbd} daemon.

+

+@item @code{enable-nmbd?} (default: @code{#f})

+Manually enable the @code{nmbd} daemon.

+

+@item @code{enable-winbindd?} (default: @code{#f})

+Manually enable the @code{winbindd} daemon.

+

+@end table

+@end deftp

+

+++ b/doc/guix.texi

+@cindex wsdd

+@subsubheading Web Service Discovery Daemon

+

+Web Service Discovery Daemon implements the WSD protocoll.  It is a

+drop-in replacement for host discovery that lack support for the SMBv1

+protocol.

+

+@defvr{Scheme Variable} wsdd-service-type

+

+Service type for the Web Service Discoery host daemon.  The value for

+this service type is a @code{wsdd-configuration} record.  The details

+for the @code{wsdd-configuration} record type are given below.

+@end defvr

+

+@deftp{Data Type} wsdd-configuration This data type represents the

+configuration for the wsdd service.

+

+@table @asis

+

+@item @code{package} (default: @code{wsdd})

+The wsdd package to use.

+

+@item @code{ipv4only?} (default: @code{#f})

+Only listen to ipv4 addresses.

+

+@item @code{ipv6only} (default: @code{#f})

+Only listen to ipv6 addresses.  Please note: Activating both options is

+not possible, since there would be no ip versions to listen to.

+

+@item @code{chroot} (default: @code{#f})

+Chroot into a sperate directory to prevent access to other directories.

+This is to increase security in case there is a vulnerability in

+@command{wsdd}.

+

+@item @code{hoplimit} (default: @code{1})

+Limit to the level of hops for multicast packets.  The default is

+@var{1} which should prevent packets from leaving the local network.

+

+@item @code{interface} (default: @code{'()})

+Limit to the given list of interfaces to listen to.  By default wsdd

+will listen to all interfaces.  Except the loopback interface is never

+used.

+

+@item @code{uuid-device} (default: @code{#f})

+The WSD protocol requires a device to have a UUID.  Set this to manually

+assign the service a UUID.

+

+@item @code{domain} (default: @code{#f})

+Notify this host is a member of an Active Directory.

+

+@item @code{hostname} (default: @code{#f})

+Manually set the hostname rather than letting @command{wsdd} inherit

+this host's hostname.

+

+@item @code{preserve-case?} (default: @code{#f})

+By default @command{wsdd} will convert the hostname in workgroup to all

+uppercase.  The opposite is true for hostnames in domains.  Setting this

+parameter will preserve case.

+

+@item @code{workgroup} (default: @var{"WORKGROUP"})

+Change the name of the workgroup.  By default @command{wsdd} reports

+this host being member of a workgroup.

+

+@end table

+@end deftp

+

+++ b/gnu/services/samba.scm

+

+

+;;;

+;;; WSDD

+;;;

+

+(define-record-type* <wsdd-configuration>

+  wsdd-configuration

+  make-wsdd-configuration

+  wsdd-configuration?

+  (package        wsdd-configuration-package

+                  (default wsdd))

+  (ipv4only?      wsdd-configuration-ipv4only?

+                  (default #f))

+  (ipv6only?      wsdd-configuration-ipv6only?

+                  (default #f))

+  (chroot         wsdd-configuration-chroot

+                  (default #f))

+  (hoplimit       wsdd-configuration-hoplimit

+                  (default 1))

+  (interfaces     wsdd-configuration-interfaces

+                  (default '()))

+  (uuid-device    wsdd-configuration-uuid-device

+                  (default #f))

+  (domain         wsdd-configuration-domain

+                  (default #f))

+  (hostname       wsdd-configuration-hostname

+                  (default #f))

+  (preserve-case? wsdd-configuration-preserve-case?

+                  (default #f))

+  (workgroup      wsdd-configuration-workgroup

+                  (default "WORKGROUP")))

+

+(define wsdd-accounts

+  (list

+   (user-group (name "wsdd"))

+   (user-account (name "wsdd")

+                 (group "wsdd")

+                 (comment "Web Service Discovery user")

+                 (home-directory "/var/empty")

+                 (shell (file-append shadow "/sbin/nologin")))))

+

+(define wsdd-shepherd-service

+  (match-lambda

+    (($ <wsdd-configuration> package

+                             ipv4only?

+                             ipv6only?

+                             chroot

+                             hoplimit

+                             interfaces

+                             uuid-device

+                             domain

+                             hostname

+                             preserve-case?

+                             workgroup

+                             )

+     (list (shepherd-service

+            (documentation "Run a Web Service Discovery service")

+            (provision '(wsdd))

+            (requirement '(networking))

+            (start #~(make-forkexec-constructor

+                      (list #$(file-append package "/bin/wsdd")

+                            #$@(if ipv4only?

+                                   #~("--ipv4only")

+                                   '())

+                            #$@(if ipv6only?

+                                   #~("--ipv6only")

+                                   '())

+                            #$@(if chroot

+                                   #~("--chroot" #$chroot)

+                                   '())

+                            #$@(if hoplimit

+                                   #~("--hoplimit" #$(number->string hoplimit))

+                                   '())

+                            #$@(map (lambda (interfaces)

+                                      (string-append "--interface=" interfaces))

+                                    interfaces)

+                            #$@(if uuid-device

+                                   #~("--uuid" #$uuid-device)

+                                   '())

+                            #$@(if domain

+                                   #~("--domain" #$domain)

+                                   '())

+                            #$@(if hostname

+                                   #~("--hostname" #$hostname)

+                                   '())

+                            #$@(if preserve-case?

+                                   #~("--preserve-case")

+                                   '())

+                            #$@(if workgroup

+                                   #~("--workgroup" #$workgroup)

+                                   '()))

+                      #:user "wsdd"

+                      #:group "wsdd"

+                      #:log-file "/var/log/wsdd.log"))

+            (stop #~(make-kill-destructor)))))))

+

+(define wsdd-service-type

+  (service-type

+   (name 'wsdd)

+   (description "Web Service Discovery Daemon")

+   (extensions

+    (list (service-extension shepherd-root-service-type

+                             wsdd-shepherd-service)

+          (service-extension account-service-type

+                             (const wsdd-accounts))))

+   (default-value (wsdd-configuration))))

+++ b/gnu/packages/samba.scm

+           tdb

+           avahi))

+++ b/gnu/packages/libdaemon.scm

+     (if (or (target-aarch64?)

+             (target-riscv64?))

+       ,@(if (or (target-aarch64?)

+                 (target-riscv64?))

+++ b/gnu/services/samba.scm

+;;; GNU Guix --- Functional package management for GNU

+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>

+;;;

+;;; This file is part of GNU Guix.

+;;;

+;;; GNU Guix is free software; you can redistribute it and/or modify it

+;;; under the terms of the GNU General Public License as published by

+;;; the Free Software Foundation; either version 3 of the License, or (at

+;;; your option) any later version.

+;;;

+;;; GNU Guix is distributed in the hope that it will be useful, but

+;;; WITHOUT ANY WARRANTY; without even the implied warranty of

+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+;;; GNU General Public License for more details.

+;;;

+;;; You should have received a copy of the GNU General Public License

+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

+

+(define-module (gnu services samba)

+

+  #:use-module (gnu packages)

+  #:use-module (gnu packages base)

+  #:use-module (gnu packages admin)

+  #:use-module (gnu packages samba)

+

+  #:use-module (gnu services)

+  #:use-module (gnu services configuration)

+  #:use-module (gnu services shepherd)

+  #:use-module (gnu services base)

+  #:use-module (gnu system shadow)

+

+  #:use-module (guix gexp)

+  #:use-module (guix packages)

+  #:use-module (guix modules)

+  #:use-module (guix records)

+

+  #:use-module (ice-9 format)

+  #:use-module (ice-9 match)

+  #:use-module (ice-9 textual-ports)

+  #:use-module (srfi srfi-1)

+

+  #:export (samba-service-type

+            samba-configuration

+            samba-smb-conf

+

+            wsdd-service-type

+            wsdd-configuration))

+

+(define %smb-conf

+  (plain-file "smb.conf" "[global]

+    workgroup = WORKGROUP

+    server string = Samba Server

+    server role = standalone server

+    log file = /var/log/samba/log.%m

+    logging = file

+"))

+

+(define-record-type* <samba-configuration>

+  samba-configuration

+  make-samba-configuration

+  samba-configuration?

+  (package              samba-configuration-package

+                        (default samba))

+  (config-file          samba-configuration-config-file

+                        (default #f))

+  (enable-samba?        samba-configuration-enable-samba?

+                        (default #f))

+  (enable-smbd?         samba-configuration-enable-smbd?

+                        (default #t))

+  (enable-nmbd?         samba-configuration-enable-nmbd?

+                        (default #t))

+  (enable-winbindd?     samba-configuration-enable-winbindd?

+                        (default #t)))

+

+(define (samba-activation config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+    (with-imported-modules '((guix build utils))

+      (let ((lib-dir "/var/lib/samba")

+            (log-dir "/var/log/samba")

+            (run-dir "/var/run/samba")

+            (etc-dir "/etc/samba")

+            (smb.conf "/etc/samba/smb.conf"))

+        #~(begin

+            (use-modules (guix build utils))

+            (mkdir-p #$etc-dir)

+            (mkdir-p #$lib-dir)

+            (mkdir-p/perms (string-append #$lib-dir "/private")

+                           (getpwnam "root") #o700)

+            (mkdir-p #$log-dir)

+            (mkdir-p #$run-dir)

+            (copy-file #$config-file #$smb.conf)

+            (invoke #$(file-append package "/bin/testparm")

+                    "--suppress-prompt" #$smb.conf))))))

+

+(define (samba-samba-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Samba")

+              (provision '(samba-samba))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/samba")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-nmbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run NMBD")

+              (provision '(samba-nmbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/nmbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-smbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run SMBD")

+              (provision '(samba-smbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/smbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-winbindd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Winnbindd for Name Service Switch")

+              (provision '(samba-winbindd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/winbindd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-shepherd-services config)

+  (append (if (samba-configuration-enable-samba? config)

+              (samba-samba-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-nmbd? config)

+              (samba-nmbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-smbd? config)

+              (samba-smbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-winbindd? config)

+              (samba-winbindd-shepherd-service config)

+              '())))

+

+(define samba-service-type

+  (service-type

+   (name 'samba)

+   (description "Samba")

+   (extensions

+    (list (service-extension shepherd-root-service-type

+                             samba-shepherd-services)

+          (service-extension activation-service-type

+                             samba-activation)

+          (service-extension profile-service-type

+                             (compose list samba-configuration-package))))

+   (default-value (samba-configuration))))

+++ b/doc/guix.texi

+Copyright @copyright{} 2022 Simon Streit@*

+* Samba Services::              Samba services.

+@node Samba Services, Continuous Integration, Network File System, Services

+@subsection Samba Services

+

+@cindex samba

+@cindex smb

+The @code{(gnu services samba)} module provides Guix service definitions

+for Samba as well as additional helper services.  Currently it provides

+the following services:

+

+@subsubheading Samba

+

+Samba provides network shares for folder and printers, it can also be an

+AD DC for other samba hosts in an heterougenious network with different

+types of Computer systems.

+

+@defvar{samba-service-type}

+

+The service type to enable the samba services @code{samba}, @code{nmbd},

+@code{smbd} and @code{winbindd}.  By default this service type does not

+run as an AD DC, hence @code{samba} remains disabled.  It is recommended

+that Samba's package is added to the system profile to have the tool-set

+available for modifications in Samba's runtime directories.

+

+@end defvar

+

+@deftp{Data Type} samba-service-configuration

+Configuration record for the Samba suite.

+

+@table @asis

+@item @code{package} (default: @code{samba})

+The samba package to use.

+

+@item @code{config-file} (default: @code{#f})

+The config file to use.

+

+@item @code{enable-samba?} (default: @code{#f})

+Manually enable the @code{samba} daemon.

+

+@item @code{enable-smbd?} (default: @code{#f})

+Manually enable the @code{smbd} daemon.

+

+@item @code{enable-nmbd?} (default: @code{#f})

+Manually enable the @code{nmbd} daemon.

+

+@item @code{enable-winbindd?} (default: @code{#f})

+Manually enable the @code{winbindd} daemon.

+

+@end table

+@end deftp

+

+++ b/doc/guix.texi

+@cindex wsdd

+@subsubheading Web Service Discovery Daemon

+

+Web Service Discovery Daemon implements the WSD protocoll.  It is a

+drop-in replacement for host discovery that lack support for the SMBv1

+protocol.

+

+@defvr{Scheme Variable} wsdd-service-type

+

+Service type for the Web Service Discoery host daemon.  The value for

+this service type is a @code{wsdd-configuration} record.  The details

+for the @code{wsdd-configuration} record type are given below.

+@end defvr

+

+@deftp{Data Type} wsdd-configuration This data type represents the

+configuration for the wsdd service.

+

+@table @asis

+

+@item @code{package} (default: @code{wsdd})

+The wsdd package to use.

+

+@item @code{ipv4only?} (default: @code{#f})

+Only listen to ipv4 addresses.

+

+@item @code{ipv6only} (default: @code{#f})

+Only listen to ipv6 addresses.  Please note: Activating both options is

+not possible, since there would be no ip versions to listen to.

+

+@item @code{chroot} (default: @code{#f})

+Chroot into a sperate directory to prevent access to other directories.

+This is to increase security in case there is a vulnerability in

+@command{wsdd}.

+

+@item @code{hoplimit} (default: @code{1})

+Limit to the level of hops for multicast packets.  The default is

+@var{1} which should prevent packets from leaving the local network.

+

+@item @code{interface} (default: @code{'()})

+Limit to the given list of interfaces to listen to.  By default wsdd

+will listen to all interfaces.  Except the loopback interface is never

+used.

+

+@item @code{uuid-device} (default: @code{#f})

+The WSD protocol requires a device to have a UUID.  Set this to manually

+assign the service a UUID.

+

+@item @code{domain} (default: @code{#f})

+Notify this host is a member of an Active Directory.

+

+@item @code{hostname} (default: @code{#f})

+Manually set the hostname rather than letting @command{wsdd} inherit

+this host's hostname.

+

+@item @code{preserve-case?} (default: @code{#f})

+By default @command{wsdd} will convert the hostname in workgroup to all

+uppercase.  The opposite is true for hostnames in domains.  Setting this

+parameter will preserve case.

+

+@item @code{workgroup} (default: @var{"WORKGROUP"})

+Change the name of the workgroup.  By default @command{wsdd} reports

+this host being member of a workgroup.

+

+@end table

+@end deftp

+

+++ b/gnu/services/samba.scm

+

+

+;;;

+;;; WSDD

+;;;

+

+(define-record-type* <wsdd-configuration>

+  wsdd-configuration

+  make-wsdd-configuration

+  wsdd-configuration?

+  (package        wsdd-configuration-package

+                  (default wsdd))

+  (ipv4only?      wsdd-configuration-ipv4only?

+                  (default #f))

+  (ipv6only?      wsdd-configuration-ipv6only?

+                  (default #f))

+  (chroot         wsdd-configuration-chroot

+                  (default #f))

+  (hoplimit       wsdd-configuration-hoplimit

+                  (default 1))

+  (interfaces     wsdd-configuration-interfaces

+                  (default '()))

+  (uuid-device    wsdd-configuration-uuid-device

+                  (default #f))

+  (domain         wsdd-configuration-domain

+                  (default #f))

+  (hostname       wsdd-configuration-hostname

+                  (default #f))

+  (preserve-case? wsdd-configuration-preserve-case?

+                  (default #f))

+  (workgroup      wsdd-configuration-workgroup

+                  (default "WORKGROUP")))

+

+(define wsdd-accounts

+  (list

+   (user-group (name "wsdd"))

+   (user-account (name "wsdd")

+                 (group "wsdd")

+                 (comment "Web Service Discovery user")

+                 (home-directory "/var/empty")

+                 (shell (file-append shadow "/sbin/nologin")))))

+

+(define wsdd-shepherd-service

+  (match-lambda

+    (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit

+                             interfaces uuid-device domain hostname

+                             preserve-case? workgroup)

+     (list (shepherd-service

+            (documentation "Run a Web Service Discovery service")

+            (provision '(wsdd))

+            (requirement '(networking))

+            (start #~(make-forkexec-constructor

+                      (list #$(file-append package "/bin/wsdd")

+                            #$@(if ipv4only?

+                                   #~("--ipv4only")

+                                   '())

+                            #$@(if ipv6only?

+                                   #~("--ipv6only")

+                                   '())

+                            #$@(if chroot

+                                   #~("--chroot" #$chroot)

+                                   '())

+                            #$@(if hoplimit

+                                   #~("--hoplimit" #$(number->string hoplimit))

+                                   '())

+                            #$@(map (lambda (interfaces)

+                                      (string-append "--interface=" interfaces))

+                                    interfaces)

+                            #$@(if uuid-device

+                                   #~("--uuid" #$uuid-device)

+                                   '())

+                            #$@(if domain

+                                   #~("--domain" #$domain)

+                                   '())

+                            #$@(if hostname

+                                   #~("--hostname" #$hostname)

+                                   '())

+                            #$@(if preserve-case?

+                                   #~("--preserve-case")

+                                   '())

+                            #$@(if workgroup

+                                   #~("--workgroup" #$workgroup)

+                                   '()))

+                      #:user "wsdd"

+                      #:group "wsdd"

+                      #:log-file "/var/log/wsdd.log"))

+            (stop #~(make-kill-destructor)))))))

+

+(define wsdd-service-type

+  (service-type

+   (name 'wsdd)

+   (description "Web Service Discovery Daemon")

+   (extensions

+    (list (service-extension shepherd-root-service-type

+                             wsdd-shepherd-service)

+          (service-extension account-service-type

+                             (const wsdd-accounts))

+          (service-extension profile-service-type

+                             (compose list wsdd-configuration-package))))

+   (default-value (wsdd-configuration))))

+++ b/gnu/packages/samba.scm

+(define-public wsdd

+  (package

+    (name "wsdd")

+    (version "0.7.0")

+    (source

+     (origin

+       (method git-fetch)

+       (uri (git-reference (url "https://github.com/christgau/wsdd")

+                           (commit (string-append "v" version))))

+       (file-name (git-file-name name version))

+       (sha256

+        (base32 "04an2w6hamnai668ag4vq8x0i09fsg2jrayb4a7ar0x6bn837k7m"))))

+    (build-system copy-build-system)

+    (inputs

+     `(("python" ,python)))

+    (arguments

+     '(#:install-plan

+       '(("src/wsdd.py" "bin/wsdd")

+         ("man/wsdd.1" "share/man/man1/"))))

+    (home-page "https://github.com/christgau/wsdd")

+    (synopsis "A Web Service Discovery host daemon")

+    (description "This daemon allows (Samba) hosts to be found by Web

+Service Dicovery Clients.  It also implements the client side of the

+discovery protocol which allows to search for devices implementing

+WSD.")

+    (license expat)))

+++ b/gnu/packages/samba.scm

+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>

+  #:use-module (gnu packages avahi)

+           avahi

+++ b/gnu/packages/samba.scm

+  #:use-module (guix build-system copy)

+

+(define-public wsdd

+  (package

+    (name "wsdd")

+    (version "0.7.0")

+    (source

+     (origin

+       (method git-fetch)

+       (uri (git-reference (url "https://github.com/christgau/wsdd")

+                           (commit (string-append "v" version))))

+       (file-name (git-file-name name version))

+       (sha256

+        (base32 "04an2w6hamnai668ag4vq8x0i09fsg2jrayb4a7ar0x6bn837k7m"))))

+    (build-system copy-build-system)

+    (inputs

+     `(("python" ,python)))

+    (arguments

+     '(#:install-plan

+       '(("src/wsdd.py" "bin/wsdd")

+         ("man/wsdd.1" "share/man/man1/"))))

+    (home-page "https://github.com/christgau/wsdd")

+    (synopsis "A Web Service Discovery host daemon")

+    (description "This daemon allows (Samba) hosts to be found by Web

+Service Dicovery Clients.  It also implements the client side of the

+discovery protocol which allows to search for devices implementing

+WSD.")

+    (license license:expat)))

+++ b/doc/guix.texi

+Copyright @copyright{} 2022 Simon Streit@*

+* Samba Services::              Samba services.

+* Samba Services::              Samba services.

+@node Samba Services, Continuous Integration, Network File System, Services

+@subsection Samba Services

+

+@cindex Samba

+@cindex SMB

+The @code{(gnu services samba)} module provides service definitions for

+Samba as well as additional helper services.  Currently it provides the

+following services.

+

+@subsubheading Samba

+

+@uref{https://www.samba.org, Samba} provides network shares for folders

+and printers using the SMB/CIFS protocol commonly used on Windows.  It

+can also act as an Active Directory Domain Controller (AD DC) for other

+hosts in an heterougenious network with different types of Computer

+systems.

+

+@defvar {Scheme variable} samba-service-type

+

+The service type to enable the samba services @code{samba}, @code{nmbd},

+@code{smbd} and @code{winbindd}.  By default this service type does not

+run as an AD DC, hence @code{samba} remains disabled.

+

+@end defvar

+

+@deftp{Data Type} samba-service-configuration

+Configuration record for the Samba suite.

+

+@table @asis

+@item @code{package} (default: @code{samba})

+The samba package to use.

+

+@item @code{config-file} (default: @code{#f})

+The config file to use.

+

+@item @code{enable-samba?} (default: @code{#f})

+Manually enable the @code{samba} daemon.

+

+@item @code{enable-smbd?} (default: @code{#f})

+Manually enable the @code{smbd} daemon.

+

+@item @code{enable-nmbd?} (default: @code{#f})

+Manually enable the @code{nmbd} daemon.

+

+@item @code{enable-winbindd?} (default: @code{#f})

+Manually enable the @code{winbindd} daemon.

+

+@end table

+@end deftp

+

+++ b/gnu/local.mk

+  %D%/services/samba.scm			\

+  %D%/tests/samba.scm				\

+++ b/gnu/services/samba.scm

+;;; GNU Guix --- Functional package management for GNU

+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>

+;;;

+;;; This file is part of GNU Guix.

+;;;

+;;; GNU Guix is free software; you can redistribute it and/or modify it

+;;; under the terms of the GNU General Public License as published by

+;;; the Free Software Foundation; either version 3 of the License, or (at

+;;; your option) any later version.

+;;;

+;;; GNU Guix is distributed in the hope that it will be useful, but

+;;; WITHOUT ANY WARRANTY; without even the implied warranty of

+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+;;; GNU General Public License for more details.

+;;;

+;;; You should have received a copy of the GNU General Public License

+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

+

+(define-module (gnu services samba)

+

+  #:use-module (gnu packages)

+  #:use-module (gnu packages base)

+  #:use-module (gnu packages admin)

+  #:use-module (gnu packages samba)

+

+  #:use-module (gnu services)

+  #:use-module (gnu services configuration)

+  #:use-module (gnu services shepherd)

+  #:use-module (gnu services base)

+  #:use-module (gnu system shadow)

+

+  #:use-module (guix gexp)

+  #:use-module (guix packages)

+  #:use-module (guix modules)

+  #:use-module (guix records)

+

+  #:use-module (ice-9 format)

+  #:use-module (ice-9 match)

+  #:use-module (ice-9 textual-ports)

+  #:use-module (srfi srfi-1)

+

+  #:export (samba-service-type

+            samba-configuration

+            samba-smb-conf))

+

+(define %smb-conf

+  (plain-file "smb.conf" "[global]

+    workgroup = WORKGROUP

+    server string = Samba Server

+    server role = standalone server

+    log file = /var/log/samba/log.%m

+    logging = file

+"))

+

+(define-record-type* <samba-configuration>

+  samba-configuration

+  make-samba-configuration

+  samba-configuration?

+  (package              samba-configuration-package

+                        (default samba))

+  (config-file          samba-configuration-config-file

+                        (default #f))

+  (enable-samba?        samba-configuration-enable-samba?

+                        (default #f))

+  (enable-smbd?         samba-configuration-enable-smbd?

+                        (default #t))

+  (enable-nmbd?         samba-configuration-enable-nmbd?

+                        (default #t))

+  (enable-winbindd?     samba-configuration-enable-winbindd?

+                        (default #t)))

+

+(define (samba-activation config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+    (with-imported-modules '((guix build utils))

+      (let ((lib-dir "/var/lib/samba")

+            (log-dir "/var/log/samba")

+            (run-dir "/var/run/samba")

+            (lock-dir "/var/lock/samba")

+            (cache-dir "/var/cache/samba")

+            (etc-dir "/etc/samba")

+            (smb.conf "/etc/samba/smb.conf"))

+        #~(begin

+            (use-modules (guix build utils))

+            (mkdir-p #$etc-dir)

+            (mkdir-p #$lib-dir)

+            (mkdir-p/perms (string-append #$lib-dir "/private")

+                           (getpwnam "root") #o700)

+            (mkdir-p #$log-dir)

+            (mkdir-p #$run-dir)

+            (mkdir-p #$lock-dir)

+            (mkdir-p #$cache-dir)

+            (copy-file #$config-file #$smb.conf)

+            (invoke #$(file-append package "/bin/testparm")

+                    "--suppress-prompt" #$smb.conf))))))

+

+(define (samba-samba-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Samba")

+              (provision '(samba-samba))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/samba")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-nmbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run NMBD")

+              (provision '(samba-nmbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/nmbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-smbd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run SMBD")

+              (provision '(samba-smbd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/smbd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-winbindd-shepherd-service config)

+  (let ((package (samba-configuration-package config))

+        (config-file (samba-configuration-config-file config)))

+       (list (shepherd-service

+              (documentation "Run Winnbindd for Name Service Switch")

+              (provision '(samba-winbindd))

+              (requirement '(networking))

+              (start #~(make-forkexec-constructor

+                        (list #$(file-append package "/sbin/winbindd")

+                              (string-append "--configfile=" #$config-file)

+                              "--foreground"

+                              "--no-process-group")))

+              (stop #~(make-kill-destructor))))))

+

+(define (samba-shepherd-services config)

+  (append (if (samba-configuration-enable-samba? config)

+              (samba-samba-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-nmbd? config)

+              (samba-nmbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-smbd? config)

+              (samba-smbd-shepherd-service config)

+              '())

+          (if (samba-configuration-enable-winbindd? config)

+              (samba-winbindd-shepherd-service config)

+              '())))

+

+(define samba-service-type

+  (service-type

+   (name 'samba)

+   (description "Run @uref{https://www.samba.org/, Samba}, a network file and

+print service for all clients using the SMB/CIFS protocol.  Samba is an

+important component to seamlessly integrate Linux/Unix Servers and Desktops

+into Active Directory environments.  It can function both as a domain

+controller or as a regular domain member.")

+   (extensions

+    (list (service-extension shepherd-root-service-type

+                             samba-shepherd-services)

+          (service-extension activation-service-type

+                             samba-activation)

+          (service-extension profile-service-type

+                             (compose list samba-configuration-package))))

+   (default-value (samba-configuration))))

+++ b/gnu/tests/samba.scm

+;;; GNU Guix --- Functional package management for GNU

+;;; Copyright © 2022 Simon Streit <simon@netpanic.org>

+;;;

+;;; This file is part of GNU Guix.

+;;;

+;;; GNU Guix is free software; you can redistribute it and/or modify it

+;;; under the terms of the GNU General Public License as published by

+;;; the Free Software Foundation; either version 3 of the License, or (at

+;;; your option) any later version.

+;;;

+;;; GNU Guix is distributed in the hope that it will be useful, but

+;;; WITHOUT ANY WARRANTY; without even the implied warranty of

+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+;;; GNU General Public License for more details.

+;;;

+;;; You should have received a copy of the GNU General Public License

+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

+

+(define-module (gnu tests samba)

+  #:use-module (gnu tests)

+  #:use-module (gnu system)

+  #:use-module (gnu system vm)

+  #:use-module (gnu services)

+  #:use-module (gnu services networking)

+  #:use-module (gnu services samba)

+  #:use-module (gnu packages samba)

+  #:use-module (guix gexp)

+  #:use-module (guix store)

+  #:export (%test-samba))

+

+

+;;;

+;;; The Samba service.

+;;;

+

+(define %samba-os

+  (let ((base-os (simple-operating-system

+                  (simple-service 'create-target-directory activation-service-type

+                                  #~(begin

+                                      (mkdir-p "/srv/samba/guest")

+                                      (chown "/srv/samba/guest"

+                                             (passwd:uid (getpw "nobody"))

+                                             (passwd:gid (getpw "nobody")))))

+                  (service dhcp-client-service-type)

+                  (service samba-service-type

+                           (samba-configuration

+                            (config-file (plain-file "smb.conf" "

+[global]

+    workgroup = WORKGROUP

+    server string = Samba Server

+    server role = standalone server

+    log file = /var/log/samba/log.%m

+    logging = file

+

+[guest]

+    path = /srv/samba/guest

+    read only = no

+    guest ok = yes

+    guest only = yes

+")))))))

+    (operating-system

+      (inherit base-os)

+      (packages (cons samba (operating-system-packages base-os))))))

+

+(define* (run-samba-test)

+  "Return a test of an OS running Samba service."

+

+  (define vm

+    (virtual-machine

+     (operating-system (marionette-operating-system

+                        %samba-os

+                        #:imported-modules '((gnu services herd))))

+     (port-forwardings '((8135 . 135)

+                         (8137 . 137)

+                         (8138 . 138)

+                         (8445 . 445)))))

+

+  (define test

+    (with-imported-modules '((gnu build marionette))

+      #~(begin

+          (use-modules (gnu build marionette)

+                       (srfi srfi-26)

+                       (srfi srfi-64))

+

+          (define marionette

+            (make-marionette '(#$vm)))

+

+          (test-runner-current (system-test-runner #$output))

+          (test-begin "samba")

+

+          (test-assert "samba-smbd running"

+            (marionette-eval

+             '(begin

+                (use-modules (gnu services herd))

+                (start-service 'samba-smbd))

+             marionette))

+

+          (test-assert "samba-nmbd running"

+            (marionette-eval

+             '(begin

+                (use-modules (gnu services herd))

+                (start-service 'samba-nmbd))

+             marionette))

+

+          (test-assert "samba-winbindd running"

+            (marionette-eval

+             '(begin

+                (use-modules (gnu services herd))

+                (start-service 'samba-winbindd))

+             marionette))

+

+          (test-assert "smbd service process id"

+            (let ((pid

+                   (number->string (wait-for-file "/var/run/samba/smbd.pid"

+                                                  marionette))))

+              (marionette-eval `(file-exists? (string-append "/proc/" ,pid))

+                               marionette)))

+

+          (test-assert "nmbd service process id"

+            (let ((pid

+                   (number->string (wait-for-file "/var/run/samba/nmbd.pid"

+                                                  marionette))))

+              (marionette-eval `(file-exists? (string-append "/proc/" ,pid))

+                               marionette)))

+

+          (test-assert "winbindd service process id"

+            (let ((pid

+                   (number->string (wait-for-file "/var/run/samba/winbindd.pid"

+                                                  marionette))))

+              (marionette-eval `(file-exists? (string-append "/proc/" ,pid))

+                               marionette)))

+

+          (test-assert "samba-smbd is listening for peers"

+            (wait-for-tcp-port 445 marionette))

+

+          (test-equal "smbclient connect"

+            0

+            (marionette-eval

+             '(system* #$(file-append samba "/bin/smbclient")

+                       "--list=localhost" "--no-pass")

+             marionette))

+

+          (test-equal "smbclient connect"

+            0

+            (marionette-eval

+             '(system* #$(file-append samba "/bin/smbclient")

+                       "--list=localhost" "--no-pass")

+             marionette))

+

+          (test-end))))

+

+  (gexp->derivation "samba-test" test))

+

+(define %test-samba

+  (system-test

+   (name "samba")

+   (description "Connect to a running Samba daemon.")

+   (value (run-samba-test))))

+++ b/po/guix/POTFILES.in

+gnu/services/samba.scm

+++ b/doc/guix.texi

+@cindex wsdd

+@subsubheading Web Service Discovery Daemon

+

+Web Service Discovery Daemon implements

+@uref{http://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html,

+Web Services Dynamic Discovery} protocol that enables host discovery --

+similar to Avahi -- over Multicast DNS.  It is a drop-in replacement for

+SMB hosts that have had SMBv1 disabled for security reasons.

+

+@defvr {Scheme Variable} wsdd-service-type

+

+Service type for the WSD host daemon.  The value for

+this service type is a @code{wsdd-configuration} record.  The details

+for the @code{wsdd-configuration} record type are given below.

+@end defvr

+

+@deftp{Data Type} wsdd-configuration This data type represents the

+configuration for the wsdd service.

+

+@table @asis

+

+@item @code{package} (default: @code{wsdd})

+The wsdd package to use.

+

+@item @code{ipv4only?} (default: @code{#f})

+Only listen to IPv4 addresses.

+

+@item @code{ipv6only} (default: @code{#f})

+Only listen to IPv6 addresses.  Please note: Activating both options is

+not possible, since there would be no IP versions to listen to.

+

+@item @code{chroot} (default: @code{#f})

+Chroot into a separate directory to prevent access to other directories.

+This is to increase security in case there is a vulnerability in

+@command{wsdd}.

+

+@item @code{hop-limit} (default: @code{1})

+Limit to the level of hops for multicast packets.  The default is

+@var{1} which should prevent packets from leaving the local network.

+

+@item @code{interface} (default: @code{'()})

+Limit to the given list of interfaces to listen to.  By default wsdd

+will listen to all interfaces.  Except the loopback interface is never

+used.

+

+@item @code{uuid-device} (default: @code{#f})

+The WSD protocol requires a device to have a UUID.  Set this to manually

+assign the service a UUID.

+

+@item @code{domain} (default: @code{#f})

+Notify this host is a member of an Active Directory.

+

+@item @code{host-name} (default: @code{#f})

+Manually set the hostname rather than letting @command{wsdd} inherit

+this host's hostname.  Only the host name part of a possible FQDN will

+be used in the default case.

+

+@item @code{preserve-case?} (default: @code{#f})

+By default @command{wsdd} will convert the hostname in workgroup to all

+uppercase.  The opposite is true for hostnames in domains.  Setting this

+parameter will preserve case.

+

+@item @code{workgroup} (default: @var{"WORKGROUP"})

+Change the name of the workgroup.  By default @command{wsdd} reports

+this host being member of a workgroup.

+

+@end table

+@end deftp

+

+++ b/gnu/services/samba.scm

+            samba-smb-conf

+

+            wsdd-service-type

+            wsdd-configuration))

+

+

+;;;

+;;; WSDD

+;;;

+

+(define-record-type* <wsdd-configuration>

+  wsdd-configuration

+  make-wsdd-configuration

+  wsdd-configuration?

+  (package        wsdd-configuration-package

+                  (default wsdd))

+  (ipv4only?      wsdd-configuration-ipv4only?

+                  (default #f))

+  (ipv6only?      wsdd-configuration-ipv6only?

+                  (default #f))

+  (chroot         wsdd-configuration-chroot

+                  (default #f))

+  (hoplimit       wsdd-configuration-hoplimit

+                  (default 1))

+  (interfaces     wsdd-configuration-interfaces

+                  (default '()))

+  (uuid-device    wsdd-configuration-uuid-device

+                  (default #f))

+  (domain         wsdd-configuration-domain

+                  (default #f))

+  (hostname       wsdd-configuration-hostname

+                  (default #f))

+  (preserve-case? wsdd-configuration-preserve-case?

+                  (default #f))

+  (workgroup      wsdd-configuration-workgroup

+                  (default "WORKGROUP")))

+

+(define wsdd-accounts

+  (list

+   (user-group (name "wsdd"))

+   (user-account (name "wsdd")

+                 (group "wsdd")

+                 (comment "Web Service Discovery user")

+                 (home-directory "/var/empty")

+                 (shell (file-append shadow "/sbin/nologin")))))

+

+(define wsdd-shepherd-service

+  (match-lambda

+    (($ <wsdd-configuration> package ipv4only? ipv6only? chroot hoplimit

+                             interfaces uuid-device domain hostname

+                             preserve-case? workgroup)

+     (list (shepherd-service

+            (documentation "Run a Web Service Discovery service")

+            (provision '(wsdd))

+            (requirement '(networking))

+            (start #~(make-forkexec-constructor

+                      (list #$(file-append package "/bin/wsdd")

+                            #$@(if ipv4only?

+                                   #~("--ipv4only")

+                                   '())

+                            #$@(if ipv6only?

+                                   #~("--ipv6only")

+                                   '())