(define-module (nbde services tang) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (guix gexp) #:use-module (guix records) #:use-module (nbde packages crypto) #:export (tang-configuration tang-configuration? tang-configuration-package tang-configuration-port tang-configuration-key-directory tang-service-type)) (define-record-type* tang-configuration make-tang-configuration tang-configuration? (package tang-configuration-package (default tang)) (port tang-configuration-port (default 7654)) (key-directory tang-configuration-key-directory (default "/var/lib/tang"))) (define (tang-activation config) #~(begin (use-modules (guix build utils)) (let ((key-directory #$(tang-configuration-key-directory config)) (keygen (string-append #$(tang-configuration-package config) "/libexec/tangd-keygen"))) (mkdir-p key-directory) (when (<= (length (scandir key-directory)) 2) (invoke keygen key-directory))))) (define (tang-shepherd-service config) (list (shepherd-service (documentation "Run Tang in standalone mode.") (provision '(tang)) (requirement '(networking)) (start #~(make-forkexec-constructor (list (string-append #$(tang-configuration-package config) "/libexec/tangd") "-l" "-p" #$(number->string (tang-configuration-port config)) #$(tang-configuration-key-directory config)))) (stop #~(make-kill-destructor)) (respawn? #f)))) (define tang-service-type (service-type (name 'tang) (extensions (list (service-extension activation-service-type tang-activation) (service-extension shepherd-root-service-type tang-shepherd-service))) (default-value (tang-configuration)) (description "Run a standalone Tang server and initialize its key directory during system activation.")))