~ruther/guix-local: services: dicod: Add 'interfaces' configuration field.

a1b484654af07303813a215d4e04c0e4e7b199e5 — Ludovic Courtès 9 years ago 0255973

services: dicod: Add 'interfaces' configuration field.

This makes 'dicod' listen on 'localhost' by default, whereas it was
previously listening on all the interfaces, which is not a good default
security-wise.

* gnu/services/dict.scm (<dicod-configuration>)[interfaces]: New field.
(dicod-configuration-file)[database->text]: New procedure, with code
formerly in 'dicod-configuration->text'.
[dicod-configuration->text]: Rename to...
[configuration->text]: ... this.  Honor 'interfaces'.
* doc/guix.texi (Various Services): Document 'interfaces'.

patch browse .tar.gz

2 files changed, 21 insertions(+), 8 deletions(-)

M doc/guix.texi
M gnu/services/dict.scm

M doc/guix.texi => doc/guix.texi +5 -0

@@ 9465,6 9465,11 @@ Data type representing the configuration of dicod.
 @item @code{dico} (default: @var{dico})
 Package object of the GNU Dico dictionary server.
 
+@item @code{interfaces} (default: @var{'("localhost")})
+This is the list of IP addresses and ports and possibly socket file
+names to listen to (@pxref{Server Settings, @code{listen} directive,,
+dico, GNU Dico Manual}).
+
 @item @code{databases} (default: @var{(list %dicod-database:gcide)})
 List of @code{<dicod-database>} objects denoting dictionaries to be served.
 @end table

M gnu/services/dict.scm => gnu/services/dict.scm +16 -8

@@ 1,5 1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;


@@ 42,6 43,8 @@
   dicod-configuration make-dicod-configuration
   dicod-configuration?
   (dico        dicod-configuration-dico       (default dico))
+  (interfaces  dicod-configuration-interfaces     ;list of strings
+               (default '("localhost")))
   (databases   dicod-configuration-databases
                ;; list of <dicod-database>
                (default (list %dicod-database:gcide))))


@@ 72,20 75,25 @@
          (shell #~(string-append #$shadow "/sbin/nologin")))))
 
 (define (dicod-configuration-file config)
-  (define dicod-configuration->text
+  (define database->text
     (match-lambda
-      (($ <dicod-configuration> dico databases)
-       (append-map (match-lambda
-                     (($ <dicod-database> name module options)
-                      `("
+      (($ <dicod-database> name module options)
+       `("
 load-module " ,module ";
 database {
    name \"" ,name "\";
    handler \"" ,module
    (string-join (list ,@options) " " 'prefix) "\";
-}\n")))
-                   databases))))
-  (apply mixed-text-file "dicod.conf" (dicod-configuration->text config)))
+}\n"))))
+
+  (define configuration->text
+    (match-lambda
+      (($ <dicod-configuration> dico (interfaces ...) databases)
+       (append `("listen ("
+                 ,(string-join interfaces ", ") ");\n")
+               (append-map database->text databases)))))
+
+  (apply mixed-text-file "dicod.conf" (configuration->text config)))
 
 (define %dicod-activation
   #~(begin