Re: unbound-service-type
Hi Ludo, Thank you for your reply! > I’d recommend passing the config file directly, as in: > > "-c" #$(local-file "unbound.conf") Doing that now. > > However when I add these to my operating-system configuration, and copy the > > configuration file using the etc-service-type it doesn't run on start. > > Do you have additional info as to why it doesn’t start? Perhaps error > messages in /var/log/messages or something? Turns out unbound segfaults when chrooting to a read-only directory. And if one doesn't explicitly turn off the chroot it tries to chroot to "/../etc" (or something similar). unbound[1407]: segfault at ffb8 ip 7fd6498ecd67 sp 7fffa4366550 error 5 in libc-2.33.so[7fd64984f000+141000] Should I report this upstream - or is this considered a configuration issue? I've gotten the service up and running. Going to try and generate the configuration file based on the scheme configuration next. Thank you for your help and sorry for posting pre-maturely. I suppose searching a bit longer would have gotten me on track anyway. Kind Regards,
Re: unbound-service-type
Hi, Josua Stingelin skribis: > (define unbound-shepherd-service > (match-lambda > (($ package pid-file) >(list (shepherd-service >(provision '(unbound)) >(documentation "Run the unbound DNS server.") >(requirement '(networking)) >(start #~(make-forkexec-constructor > '(#$(file-append package "/sbin/unbound") > "-d" > "-c" "/etc/unbound/unbound.conf") I’d recommend passing the config file directly, as in: "-c" #$(local-file "unbound.conf") instead of storing it in /etc. It’s “cleaner” in that you can tell precisely which config file unbound loaded. > However when I add these to my operating-system configuration, and copy the > configuration file using the etc-service-type it doesn't run on start. Do you have additional info as to why it doesn’t start? Perhaps error messages in /var/log/messages or something? Thanks, Ludo’.
Re: unbound-service-type
February 11, 2022 6:43 AM, "Josua Stingelin" wrote:
> Hei Guix!
>
> As far as I can see there's no service type to run unbound. A local,
> recursive,
> caching DNS server.
>
> I've tried to create it - but it doesn't quite work.
>
> In order to be pushed upstream I'd like to add the configuration of the
> options
> easily using the unbound-configuration-type.
>
> For now I'd just like to get it up and running to start playing around with
> more configuration options.
>
> I'd like unbound to run in a chroot and with the user unbound.
>
> So I started with the user account.
>
> (define %unbound-accounts
> (list (user-account
> (name "unbound")
> (group "nogroup")
> (system? #t)
> (comment "unbound daemon user")
> (home-directory "/etc/unbound")
> (shell (file-append shadow "/sbin/nologin")
>
> Then I defined the unbound-configuration record type. Later on I want to
> expand
> that. (Allow configuring of the user, group and directly set properties
> instead
> of copying the configuration file)
>
> (define-record-type*
> unbound-configuration make-unbound-configuration
> unbound-configuration?
> (package unbound-configuration-package
> (default unbound))
> (pid-file unbound-configuration-pid-file
> (default "/etc/unbound/unbound.pid")))
>
> Next there is the shepherd-service configuration.
>
> (define unbound-shepherd-service
> (match-lambda
> (($ package pid-file)
> (list (shepherd-service
> (provision '(unbound))
> (documentation "Run the unbound DNS server.")
> (requirement '(networking))
> (start #~(make-forkexec-constructor
> '(#$(file-append package "/sbin/unbound")
> "-d"
> "-c" "/etc/unbound/unbound.conf")
> #:pid-file #$pid-file))
> (stop #~(make-kill-destructor)))
>
> Based on these definitions I can now create the unbound-service-type.
>
> (define unbound-service-type
> (service-type
> (name 'unbound)
> (extensions
> (list (service-extension shepherd-root-service-type unbound-shepherd-service)
> (service-extension account-service-type (const %unbound-accounts
> (default-value (unbound-configuration))
> (description "Run the unbound DNS server")))
>
> However when I add these to my operating-system configuration, and copy the
> configuration file using the etc-service-type it doesn't run on start.
>
> (operating-system
> ...
> (services (append (list
> (simple-service 'unbound-service
> etc-service-type
> `(("unbound/unbound.conf", (local-file "unbound/unbound.conf"))
> ("unbound/root.hints", (local-file "unbound/root.hints"))
> ("unbound/root.key", (local-file "unbound/root.key"
> (service unbound-service-type))
> %base-services)))
>
> As /etc/unbound is owned by root and a symlink to /etc/static/unbound that
> isn't surprising.
>
> How would I configure such a service under Guix (point me to an example
> maybe?)
> and which directory should be used for the chroot? /etc/unbound doesn't feel
> quite right.
I made some online videos of me a while ago trying to compliment the existing
opensmtpd-service
that guix has. It might not be a specific answer to your problem but perhaps
you could get some
ideas workflow suggestions:
the videos are here: https://video.hardlimit.com/w/p/bmbYAkQ84BBfF4aAZNAPcR
>
> Kind Regards
> Josua a.k.a Joshua/Josh
unbound-service-type
Hei Guix!
As far as I can see there's no service type to run unbound. A local, recursive,
caching DNS server.
I've tried to create it - but it doesn't quite work.
In order to be pushed upstream I'd like to add the configuration of the options
easily using the unbound-configuration-type.
For now I'd just like to get it up and running to start playing around with
more configuration options.
I'd like unbound to run in a chroot and with the user unbound.
So I started with the user account.
(define %unbound-accounts
(list (user-account
(name "unbound")
(group "nogroup")
(system? #t)
(comment "unbound daemon user")
(home-directory "/etc/unbound")
(shell (file-append shadow "/sbin/nologin")
Then I defined the unbound-configuration record type. Later on I want to expand
that. (Allow configuring of the user, group and directly set properties instead
of copying the configuration file)
(define-record-type*
unbound-configuration make-unbound-configuration
unbound-configuration?
(package unbound-configuration-package
(default unbound))
(pid-file unbound-configuration-pid-file
(default "/etc/unbound/unbound.pid")))
Next there is the shepherd-service configuration.
(define unbound-shepherd-service
(match-lambda
(($ package pid-file)
(list (shepherd-service
(provision '(unbound))
(documentation "Run the unbound DNS server.")
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/unbound")
"-d"
"-c" "/etc/unbound/unbound.conf")
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))
Based on these definitions I can now create the unbound-service-type.
(define unbound-service-type
(service-type
(name 'unbound)
(extensions
(list (service-extension shepherd-root-service-type
unbound-shepherd-service)
(service-extension account-service-type (const
%unbound-accounts
(default-value (unbound-configuration))
(description "Run the unbound DNS server")))
However when I add these to my operating-system configuration, and copy the
configuration file using the etc-service-type it doesn't run on start.
(operating-system
...
(services (append (list
(simple-service 'unbound-service
etc-service-type
`(("unbound/unbound.conf", (local-file
"unbound/unbound.conf"))
("unbound/root.hints", (local-file
"unbound/root.hints"))
("unbound/root.key", (local-file "unbound/root.key"
(service unbound-service-type))
%base-services)))
As /etc/unbound is owned by root and a symlink to /etc/static/unbound that
isn't surprising.
How would I configure such a service under Guix (point me to an example maybe?)
and which directory should be used for the chroot? /etc/unbound doesn't feel
quite right.
Kind Regards
Josua a.k.a Joshua/Josh
signature.asc
Description: PGP signature
