summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/system/dmd.scm50
-rw-r--r--gnu/system/shadow.scm23
-rw-r--r--gnu/system/vm.scm34
3 files changed, 62 insertions, 45 deletions
diff --git a/gnu/system/dmd.scm b/gnu/system/dmd.scm
index 8a79f0a50f..8e3f7e976a 100644
--- a/gnu/system/dmd.scm
+++ b/gnu/system/dmd.scm
@@ -24,13 +24,16 @@
   #:use-module ((gnu packages base)
                 #:select (glibc-final))
   #:use-module ((gnu packages system)
-                #:select (mingetty inetutils))
+                #:select (mingetty inetutils shadow))
   #:use-module ((gnu packages package-management)
                 #:select (guix))
   #:use-module ((gnu packages linux)
                 #:select (net-tools))
+  #:use-module (gnu system shadow)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:use-module (guix monads)
   #:export (service?
             service
@@ -40,6 +43,8 @@
             service-start
             service-stop
             service-inputs
+            service-user-accounts
+            service-user-groups
 
             host-name-service
             syslog-service
@@ -70,6 +75,10 @@
   (stop          service-stop                     ; expression
                  (default #f))
   (inputs        service-inputs                   ; list of inputs
+                 (default '()))
+  (user-accounts service-user-accounts            ; list of <user-account>
+                 (default '()))
+  (user-groups   service-user-groups              ; list of <user-groups>
                  (default '())))
 
 (define (host-name-service name)
@@ -149,16 +158,47 @@
       (inputs `(("inetutils" ,inetutils)
                 ("syslog.conf" ,syslog.conf)))))))
 
-(define* (guix-service #:key (guix guix) (builder-group "guixbuild"))
-  "Return a service that runs the build daemon from GUIX."
-  (mlet %store-monad ((daemon (package-file guix "bin/guix-daemon")))
+(define* (guix-build-accounts count #:key
+                              (first-uid 30001)
+                              (gid 30000)
+                              (shadow shadow))
+  "Return a list of COUNT user accounts for Guix build users, with UIDs
+starting at FIRST-UID, and under GID."
+  (mlet* %store-monad ((gid* -> gid)
+                       (no-login (package-file shadow "sbin/nologin")))
+    (return (unfold (cut > <> count)
+                    (lambda (n)
+                      (user-account
+                       (name (format #f "guixbuilder~2,'0d" n))
+                       (password "!")
+                       (uid (+ first-uid n -1))
+                       (gid gid*)
+                       (comment (format #f "Guix Build User ~2d" n))
+                       (home-directory "/var/empty")
+                       (shell no-login)))
+                    1+
+                    1))))
+
+(define* (guix-service #:key (guix guix) (builder-group "guixbuild")
+                       (build-user-gid 30000) (build-accounts 10))
+  "Return a service that runs the build daemon from GUIX, and has
+BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
+  (mlet %store-monad ((daemon   (package-file guix "bin/guix-daemon"))
+                      (accounts (guix-build-accounts build-accounts
+                                                     #:gid build-user-gid)))
     (return (service
              (provision '(guix-daemon))
              (start `(make-forkexec-constructor ,daemon
                                                 "--build-users-group"
                                                 ,builder-group))
              (stop  `(make-kill-destructor))
-             (inputs `(("guix" ,guix)))))))
+             (inputs `(("guix" ,guix)))
+             (user-accounts accounts)
+             (user-groups (list (user-group
+                                 (name builder-group)
+                                 (id build-user-gid)
+                                 (members (map user-account-name
+                                               user-accounts)))))))))
 
 (define* (static-networking-service interface ip
                                     #:key
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index 654fd4d55b..2cc0b89162 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -24,9 +24,7 @@
   #:use-module ((gnu packages system)
                 #:select (shadow))
   #:use-module (srfi srfi-1)
-  #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
-  #:use-module (ice-9 format)
   #:export (user-account
             user-account?
             user-account-name
@@ -117,25 +115,4 @@ file."
 
   (text-file (if shadow? "shadow" "passwd") contents))
 
-(define* (guix-build-accounts count #:key
-                              (first-uid 30001)
-                              (gid 30000)
-                              (shadow shadow))
-  "Return a list of COUNT user accounts for Guix build users, with UIDs
-starting at FIRST-UID, and under GID."
-  (mlet* %store-monad ((gid* -> gid)
-                       (no-login (package-file shadow "sbin/nologin")))
-    (return (unfold (cut > <> count)
-                    (lambda (n)
-                      (user-account
-                       (name (format #f "guixbuilder~2,'0d" n))
-                       (password "!")
-                       (uid (+ first-uid n -1))
-                       (gid gid*)
-                       (comment (format #f "Guix Build User ~2d" n))
-                       (home-directory "/var/empty")
-                       (shell no-login)))
-                    1+
-                    1))))
-
 ;;; shadow.scm ends here
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 502c13b973..16be5ac59a 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -535,8 +535,6 @@ alias ll='ls -l'
 
 (define (system-qemu-image)
   "Return the derivation of a QEMU image of the GNU system."
-  (define build-user-gid 30000)
-
   (mlet* %store-monad
       ((services (listm %store-monad
                         (host-name-service "gnu")
@@ -565,8 +563,6 @@ Happy birthday, GNU!                                http://www.gnu.org/gnu30
                                              #:allow-empty-passwords? #t
                                              #:motd motd)))
 
-       (build-accounts (guix-build-accounts 10 #:gid build-user-gid))
-
        (bash-file (package-file bash "bin/bash"))
        (dmd-file  (package-file dmd "bin/dmd"))
        (dmd-conf  (dmd-configuration-file services))
@@ -584,19 +580,23 @@ Happy birthday, GNU!                                http://www.gnu.org/gnu30
                             (comment "Guest of GNU")
                             (home-directory "/home/guest")
                             (shell bash-file))
-                           build-accounts))
-       (groups   -> (list (user-group
-                           (name "root")
-                           (id 0))
-                          (user-group
-                           (name "users")
-                           (id 100)
-                           (members '("guest")))
-                          (user-group
-                           (name "guixbuild")
-                           (id build-user-gid)
-                           (members (map user-account-name
-                                         build-accounts)))))
+                           (append-map service-user-accounts
+                                       services)))
+       (groups   -> (cons* (user-group
+                            (name "root")
+                            (id 0))
+                           (user-group
+                            (name "users")
+                            (id 100)
+                            (members '("guest")))
+                           (append-map service-user-groups services)))
+       (build-user-gid -> (any (lambda (service)
+                                 (and (equal? '(guix-daemon)
+                                              (service-provision service))
+                                      (match (service-user-groups service)
+                                        ((group)
+                                         (user-group-id group)))))
+                               services))
        (packages -> `(("coreutils" ,coreutils)
                       ("bash" ,bash)
                       ("guile" ,guile-2.0)