[PATCH] services: Add doas service.

  • Open
  • quality assurance status badge
Details
One participant
  • lgcoelho
Owner
unassigned
Submitted by
lgcoelho
Severity
normal
L
L
lgcoelho wrote on 24 Dec 2023 18:01
(address . guix-patches@gnu.org)
34bf485ff6eb60d88c21629fd7ef768a@disroot.org
This service enables declarative description of doas.conf. A simple
example would be

--8<---------------cut
here-------------------------------------------------end--------------->8---
(simple-service 'miscellaneous-permissions doas-service-type
(list (permit (identity ":wheel")
(setenv `(("GUILE_LOAD_PATH"
. #t))))
(permit (identity ":wheel")
(nopass? #t)
(command "guix")
(args `("pull")))))

(simple-service 'text-editors-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(keepenv? #t)
(command cmd)))
`("kak" "emacsclient")))

(simple-service 'power-management-permissions doas-service-type
(map (lambda (cmd)
(permit (identity ":wheel")
(nopass? #t)
(command cmd)
(args '())))
`("zzz" "halt" "reboot")))

(simple-service 'shepherd-status-permissions doas-service-type
(map (lambda (action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (list action))))
`("status" "detailed-status")))

(simple-service 'service-management-permissions
doas-service-type
(flat-map (lambda (service action)
(permit (identity ":wheel")
(nopass? #t)
(command "herd")
(args (map
symbol->string
(list action service)))))
'(tor networking wpa-supplicant)
'(doc stop start enable status restart
disable)))

--8<---------------cut
here-------------------------------------------------end--------------->8---

This generates the following configuration file:

--8<---------------cut
here-------------------------------------------------end--------------->8---

permit setenv { GUILE_LOAD_PATH }
permit nopass :wheel cmd guix args pull
permit keepenv :wheel cmd kak
permit keepenv :wheel cmd emacsclient
permit nopass :wheel cmd zzz args
permit nopass :wheel cmd halt args
permit nopass :wheel cmd reboot args
permit nopass :wheel cmd herd args status
permit nopass :wheel cmd herd args detailed-status
permit nopass :wheel cmd herd args doc tor
permit nopass :wheel cmd herd args stop tor
permit nopass :wheel cmd herd args start tor
permit nopass :wheel cmd herd args enable tor
permit nopass :wheel cmd herd args status tor
permit nopass :wheel cmd herd args restart tor
permit nopass :wheel cmd herd args disable tor
permit nopass :wheel cmd herd args doc networking
permit nopass :wheel cmd herd args stop networking
permit nopass :wheel cmd herd args start networking
permit nopass :wheel cmd herd args enable networking
permit nopass :wheel cmd herd args status networking
permit nopass :wheel cmd herd args restart networking
permit nopass :wheel cmd herd args disable networking
permit nopass :wheel cmd herd args doc wpa-supplicant
permit nopass :wheel cmd herd args stop wpa-supplicant
permit nopass :wheel cmd herd args start wpa-supplicant
permit nopass :wheel cmd herd args enable wpa-supplicant
permit nopass :wheel cmd herd args status wpa-supplicant
permit nopass :wheel cmd herd args restart wpa-supplicant
permit nopass :wheel cmd herd args disable wpa-supplicant

--8<---------------cut
here-------------------------------------------------end--------------->8---
Attachment: file
Attachment: 0001-services-Add-doas-service.patch (.01 MiB)
L
L
lgcoelho wrote on 24 Dec 2023 18:22
(no subject)
(address . 68007@debbugs.gnu.org)
633bbb065596ac7e0abb6704b4a35545@disroot.org
I tried to fix the indentation for the email, but seems I've actually
messed it up
Attachment: file
?