aboutsummaryrefslogtreecommitdiff
path: root/guix/forge
diff options
context:
space:
mode:
Diffstat (limited to 'guix/forge')
-rw-r--r--guix/forge/webhook.scm29
1 files changed, 26 insertions, 3 deletions
diff --git a/guix/forge/webhook.scm b/guix/forge/webhook.scm
index 39bb7d0..7b73de6 100644
--- a/guix/forge/webhook.scm
+++ b/guix/forge/webhook.scm
@@ -125,9 +125,28 @@ Everything else is the responsibility of the command's author.")
(id webhook-hook-id)
(run webhook-hook-run))
+(define %webhook-accounts
+ (list (user-account
+ (name "webhook")
+ (group "webhook")
+ (system? #t)
+ (comment "webhook user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))
+ (user-group
+ (name "webhook")
+ (system? #t))))
+
(define (webhook-activation config)
- ;; Create log directory.
- #~(mkdir-p #$(webhook-configuration-log-directory config)))
+ (match-record config <webhook-configuration>
+ (log-directory)
+ #~(begin
+ ;; Create log directory and set permissions.
+ (mkdir-p #$log-directory)
+ (let ((user (getpw "webhook")))
+ (for-each (lambda (file)
+ (chown file (passwd:uid user) (passwd:gid user)))
+ (find-files #$log-directory #:directories? #t))))))
(define (hooks-json-gexp config)
(with-extensions (list guile-json-4)
@@ -183,6 +202,8 @@ Everything else is the responsibility of the command's author.")
"-port" #$(number->string (forge-ip-socket-port (webhook-configuration-socket config)))
"-logfile" #$(string-append (webhook-configuration-log-directory config)
"/webhook.log"))
+ #:user "webhook"
+ #:group "webhook"
#:log-file "/var/log/webhook.log")))
(stop #~(make-kill-destructor)))))
@@ -190,7 +211,9 @@ Everything else is the responsibility of the command's author.")
(service-type
(name 'webhook)
(description "Run webhook.")
- (extensions (list (service-extension activation-service-type
+ (extensions (list (service-extension account-service-type
+ (const %webhook-accounts))
+ (service-extension activation-service-type
webhook-activation)
(service-extension shepherd-root-service-type
(compose list webhook-shepherd-service))))