summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-06-17 11:09:46 +0200
committerLudovic Courtès <ludo@gnu.org>2016-06-17 11:14:18 +0200
commita1b484654af07303813a215d4e04c0e4e7b199e5 (patch)
tree66c29feaddb46afb1e825affada6c7e71620b45d
parent025597393c0fbdab17d1784e365330b9326c027f (diff)
downloadguix-a1b484654af07303813a215d4e04c0e4e7b199e5.tar.gz
services: dicod: Add 'interfaces' configuration field.
This makes 'dicod' listen on 'localhost' by default, whereas it was
previously listening on all the interfaces, which is not a good default
security-wise.

* gnu/services/dict.scm (<dicod-configuration>)[interfaces]: New field.
(dicod-configuration-file)[database->text]: New procedure, with code
formerly in 'dicod-configuration->text'.
[dicod-configuration->text]: Rename to...
[configuration->text]: ... this.  Honor 'interfaces'.
* doc/guix.texi (Various Services): Document 'interfaces'.
-rw-r--r--doc/guix.texi5
-rw-r--r--gnu/services/dict.scm24
2 files changed, 21 insertions, 8 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 4c8dbd1888..a47d37667e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9465,6 +9465,11 @@ Data type representing the configuration of dicod.
 @item @code{dico} (default: @var{dico})
 Package object of the GNU Dico dictionary server.
 
+@item @code{interfaces} (default: @var{'("localhost")})
+This is the list of IP addresses and ports and possibly socket file
+names to listen to (@pxref{Server Settings, @code{listen} directive,,
+dico, GNU Dico Manual}).
+
 @item @code{databases} (default: @var{(list %dicod-database:gcide)})
 List of @code{<dicod-database>} objects denoting dictionaries to be served.
 @end table
diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm
index abab6a3eba..9c06d5713a 100644
--- a/gnu/services/dict.scm
+++ b/gnu/services/dict.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -42,6 +43,8 @@
   dicod-configuration make-dicod-configuration
   dicod-configuration?
   (dico        dicod-configuration-dico       (default dico))
+  (interfaces  dicod-configuration-interfaces     ;list of strings
+               (default '("localhost")))
   (databases   dicod-configuration-databases
                ;; list of <dicod-database>
                (default (list %dicod-database:gcide))))
@@ -72,20 +75,25 @@
          (shell #~(string-append #$shadow "/sbin/nologin")))))
 
 (define (dicod-configuration-file config)
-  (define dicod-configuration->text
+  (define database->text
     (match-lambda
-      (($ <dicod-configuration> dico databases)
-       (append-map (match-lambda
-                     (($ <dicod-database> name module options)
-                      `("
+      (($ <dicod-database> name module options)
+       `("
 load-module " ,module ";
 database {
    name \"" ,name "\";
    handler \"" ,module
    (string-join (list ,@options) " " 'prefix) "\";
-}\n")))
-                   databases))))
-  (apply mixed-text-file "dicod.conf" (dicod-configuration->text config)))
+}\n"))))
+
+  (define configuration->text
+    (match-lambda
+      (($ <dicod-configuration> dico (interfaces ...) databases)
+       (append `("listen ("
+                 ,(string-join interfaces ", ") ");\n")
+               (append-map database->text databases)))))
+
+  (apply mixed-text-file "dicod.conf" (configuration->text config)))
 
 (define %dicod-activation
   #~(begin