Run genenetwork services as genenetwork user and group.

* genenetwork-development.scm (%genenetwork-accounts): New variable. (genenetwork2-shepherd-service, genenetwork3-shepherd-service): Run as genenetwork user and group. (genenetwork2-service-type, genenetwork3-service-type): Create genenetwork user and group.
author: Arun Isaac 2022-08-25 17:34:52 +0530
committer: Arun Isaac 2022-08-25 17:34:52 +0530
commit: fefb6bbfa109bfd901842983d9f3b0f93cbb51ef (patch)
tree: dab16056c1f738004f80eb1b5a75ae42283946c9
parent: 8a079cf10002be03f718bacde84f9be23720ab55 (diff)
download: gn-machines-fefb6bbfa109bfd901842983d9f3b0f93cbb51ef.tar.gz
1 files changed, 22 insertions, 2 deletions
diff --git a/genenetwork-development.scm b/genenetwork-development.scm
index e4ddc2c..cf27171 100644
--- a/genenetwork-development.scm
+++ b/genenetwork-development.scm
@@ -271,6 +271,8 @@ describing genenetwork2."
       #~(make-forkexec-constructor/container
          (list #$(development-server-configuration-executable-path config)
                "127.0.0.1" (number->string #$(development-server-configuration-port config)))
+         #:user "genenetwork"
+         #:group "genenetwork"
          #:mappings (list (file-system-mapping
                            (source #$(development-server-configuration-executable-path config))
                            (target source))
@@ -301,12 +303,26 @@ describing genenetwork2."
                   #$%genenetwork3-port
                   #$%genotype-files))))))
 
+(define %genenetwork-accounts
+  (list (user-group
+         (name "genenetwork")
+         (system? #t))
+        (user-account
+         (name "genenetwork")
+         (group "genenetwork")
+         (system? #t)
+         (comment "GeneNetwork user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
 (define genenetwork2-service-type
   (service-type
    (name 'genenetwork2)
    (description "Run GeneNetwork 2 development server and CI.")
    (extensions
-    (list (service-extension activation-service-type
+    (list (service-extension account-service-type
+                             (const %genenetwork-accounts))
+          (service-extension activation-service-type
                              development-server-activation)
           (service-extension shepherd-root-service-type
                              (compose list genenetwork2-shepherd-service))
@@ -410,6 +426,8 @@ command to be executed."
       #~(make-forkexec-constructor/container
          (list #$(development-server-configuration-executable-path config)
                "127.0.0.1" #$(number->string (development-server-configuration-port config)))
+         #:user "genenetwork"
+         #:group "genenetwork"
          #:mappings (list (file-system-mapping
                            (source #$(development-server-configuration-executable-path config))
                            (target source))
@@ -441,7 +459,9 @@ command to be executed."
    (name 'genenetwork3)
    (description "Run GeneNetwork 3.")
    (extensions
-    (list (service-extension activation-service-type
+    (list (service-extension account-service-type
+                             (const %genenetwork-accounts))
+          (service-extension activation-service-type
                              development-server-activation)
           (service-extension shepherd-root-service-type
                              (compose list genenetwork3-shepherd-service))
author	Arun Isaac	2022-08-25 17:34:52 +0530
committer	Arun Isaac	2022-08-25 17:34:52 +0530
commit	fefb6bbfa109bfd901842983d9f3b0f93cbb51ef (patch)
tree	dab16056c1f738004f80eb1b5a75ae42283946c9
parent	8a079cf10002be03f718bacde84f9be23720ab55 (diff)
download	gn-machines-fefb6bbfa109bfd901842983d9f3b0f93cbb51ef.tar.gz