From fefb6bbfa109bfd901842983d9f3b0f93cbb51ef Mon Sep 17 00:00:00 2001
From: Arun Isaac
Date: Thu, 25 Aug 2022 17:34:52 +0530
Subject: Run genenetwork services as genenetwork user and group.

* genenetwork-development.scm (%genenetwork-accounts): New variable.
(genenetwork2-shepherd-service, genenetwork3-shepherd-service): Run as
genenetwork user and group.
(genenetwork2-service-type, genenetwork3-service-type): Create
genenetwork user and group.
---
 genenetwork-development.scm | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'genenetwork-development.scm')

diff --git a/genenetwork-development.scm b/genenetwork-development.scm
index e4ddc2c..cf27171 100644
--- a/genenetwork-development.scm
+++ b/genenetwork-development.scm
@@ -271,6 +271,8 @@ describing genenetwork2."
       #~(make-forkexec-constructor/container
          (list #$(development-server-configuration-executable-path config)
                "127.0.0.1" (number->string #$(development-server-configuration-port config)))
+         #:user "genenetwork"
+         #:group "genenetwork"
          #:mappings (list (file-system-mapping
                            (source #$(development-server-configuration-executable-path config))
                            (target source))
@@ -301,12 +303,26 @@ describing genenetwork2."
                   #$%genenetwork3-port
                   #$%genotype-files))))))
 
+(define %genenetwork-accounts
+  (list (user-group
+         (name "genenetwork")
+         (system? #t))
+        (user-account
+         (name "genenetwork")
+         (group "genenetwork")
+         (system? #t)
+         (comment "GeneNetwork user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
 (define genenetwork2-service-type
   (service-type
    (name 'genenetwork2)
    (description "Run GeneNetwork 2 development server and CI.")
    (extensions
-    (list (service-extension activation-service-type
+    (list (service-extension account-service-type
+                             (const %genenetwork-accounts))
+          (service-extension activation-service-type
                              development-server-activation)
           (service-extension shepherd-root-service-type
                              (compose list genenetwork2-shepherd-service))
@@ -410,6 +426,8 @@ command to be executed."
       #~(make-forkexec-constructor/container
          (list #$(development-server-configuration-executable-path config)
                "127.0.0.1" #$(number->string (development-server-configuration-port config)))
+         #:user "genenetwork"
+         #:group "genenetwork"
          #:mappings (list (file-system-mapping
                            (source #$(development-server-configuration-executable-path config))
                            (target source))
@@ -441,7 +459,9 @@ command to be executed."
    (name 'genenetwork3)
    (description "Run GeneNetwork 3.")
    (extensions
-    (list (service-extension activation-service-type
+    (list (service-extension account-service-type
+                             (const %genenetwork-accounts))
+          (service-extension activation-service-type
                              development-server-activation)
           (service-extension shepherd-root-service-type
                              (compose list genenetwork3-shepherd-service))
-- 
cgit v1.2.3