Re: unbound-service-type

[jbranso]

February 11, 2022 6:43 AM, "Josua Stingelin" <josuast@hotmail.com> wrote:

> Hei Guix!
> 
> As far as I can see there's no service type to run unbound. A local, 
> recursive,
> caching DNS server.
> 
> I've tried to create it - but it doesn't quite work.
> 
> In order to be pushed upstream I'd like to add the configuration of the 
> options
> easily using the unbound-configuration-type.
> 
> For now I'd just like to get it up and running to start playing around with
> more configuration options.
> 
> I'd like unbound to run in a chroot and with the user unbound.
> 
> So I started with the user account.
> 
> (define %unbound-accounts
> (list (user-account
> (name "unbound")
> (group "nogroup")
> (system? #t)
> (comment "unbound daemon user")
> (home-directory "/etc/unbound")
> (shell (file-append shadow "/sbin/nologin")))))
> 
> Then I defined the unbound-configuration record type. Later on I want to 
> expand
> that. (Allow configuring of the user, group and directly set properties 
> instead
> of copying the configuration file)
> 
> (define-record-type* <unbound-configuration>
> unbound-configuration make-unbound-configuration
> unbound-configuration?
> (package unbound-configuration-package
> (default unbound))
> (pid-file unbound-configuration-pid-file
> (default "/etc/unbound/unbound.pid")))
> 
> Next there is the shepherd-service configuration.
> 
> (define unbound-shepherd-service
> (match-lambda
> (($ <unbound-configuration> package pid-file)
> (list (shepherd-service
> (provision '(unbound))
> (documentation "Run the unbound DNS server.")
> (requirement '(networking))
> (start #~(make-forkexec-constructor
> '(#$(file-append package "/sbin/unbound")
> "-d"
> "-c" "/etc/unbound/unbound.conf")
> #:pid-file #$pid-file))
> (stop #~(make-kill-destructor)))))))
> 
> Based on these definitions I can now create the unbound-service-type.
> 
> (define unbound-service-type
> (service-type
> (name 'unbound)
> (extensions
> (list (service-extension shepherd-root-service-type unbound-shepherd-service)
> (service-extension account-service-type (const %unbound-accounts))))
> (default-value (unbound-configuration))
> (description "Run the unbound DNS server")))
> 
> However when I add these to my operating-system configuration, and copy the
> configuration file using the etc-service-type it doesn't run on start.
> 
> (operating-system
> ...
> (services (append (list
> (simple-service 'unbound-service
> etc-service-type
> `(("unbound/unbound.conf", (local-file "unbound/unbound.conf"))
> ("unbound/root.hints", (local-file "unbound/root.hints"))
> ("unbound/root.key", (local-file "unbound/root.key"))))
> (service unbound-service-type))
> %base-services)))
> 
> As /etc/unbound is owned by root and a symlink to /etc/static/unbound that
> isn't surprising.
> 
> How would I configure such a service under Guix (point me to an example 
> maybe?)
> and which directory should be used for the chroot? /etc/unbound doesn't feel
> quite right.

I made some online videos of me a while ago trying to compliment the existing 
opensmtpd-service
that guix has.  It might not be a specific answer to your problem but perhaps 
you could get some
ideas workflow suggestions:

the videos are here: https://video.hardlimit.com/w/p/bmbYAkQ84BBfF4aAZNAPcR

> 
> Kind Regards
> Josua a.k.a Joshua/Josh