From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: nee Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 23 Oct 2017 21:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 28960@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15087944971928 (code B ref -1); Mon, 23 Oct 2017 21:35:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 Oct 2017 21:34:57 +0000 Received: from localhost ([127.0.0.1]:58075 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6kN0-0000Ut-Bw for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6kMw-0000UZ-NZ for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6kMo-0000GE-Fh for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:46662) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6kMo-0000G7-9E for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:38 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35754) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e6kMk-0008UH-V3 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6kMh-0000C7-D0 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:34 -0400 Received: from cock.li ([185.100.85.212]:44678) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6kMg-00009r-K8 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:31 -0400 From: nee DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1508794465; bh=IGK0PRMcfoDTg5nFgwuiWFf1kE+xIyDodma4lmjw1gI=; h=From:To:Subject:Date:From; b=Hx1Oi3fxuvZQgYbG7AnTAf8840GqkwTWghLRVmspkDEWGzBO2HuzDLSSHKag1ZtVc gOC7CIuj0fl1ovyU3zddvoxt5a34KRI6VdwwIFHOpL5/hv3DJJfIlknIdoyuvfaGIm Q+rexX0XmUKHNjQ81Cd8f3cWUJvZle/GC4pEIgMZ3tBiXrg5J0P9fp75Ara2GJWStv dHKczLQAbMjYDDYNu2HVHpYZg4V3DOmmDV+miYCVWzvK6xdb/OsRLZaABYsXrpuUKv 1nyzbDcgN+u2FEKlZVw+2AqytQzhQjOMG2iF4h0nPvzmZZ6oRJLNGl12zGMGbVDWly yUPx/slwHjoag== Message-ID: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> Date: Mon, 23 Oct 2017 23:34:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------5590D08EA497AC61F1B07107" Content-Language: en-GB X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.9 (/) This is a multi-part message in MIME format. --------------5590D08EA497AC61F1B07107 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, this patch adds a murmur service. Murmur is the biggest implementation of a mumble voice chat server. The murmur executable is already packaged in the mumble package. I added most of the available options to the configuration. I consciously did not include the following settings: -settings for changing the .ini at runtime through "ZeroC Ice" or "dbus" -settings for different databases, because the wiki mentions problems with other databases and strongly recommends using the default sqlite=C2=B9= . 1) https://wiki.mumble.info/wiki/Murmur.ini (ctrl-f sqlite) --------------5590D08EA497AC61F1B07107 Content-Type: text/x-patch; name="0001-services-Add-murmur.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-services-Add-murmur.patch" =46rom 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 14 Oct 2017 11:27:50 +0200 Subject: [PATCH] services: Add murmur. * gnu/services/telephony.scm: New file. * gnu/local.mk: Add it. * doc/guix.texi: Document it. --- doc/guix.texi | 161 ++++++++++++++++++++- gnu/local.mk | 1 + gnu/services/telephony.scm | 344 +++++++++++++++++++++++++++++++++++++++= ++++++ 3 files changed, 505 insertions(+), 1 deletion(-) create mode 100644 gnu/services/telephony.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7b5b71179..c06e596aa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -9245,6 +9246,7 @@ declaration. * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -14025,6 +14027,164 @@ string, you could instantiate a prosody service= like this: (prosody.cfg.lua ""))) @end example =20 + +@node Telephony Services +@subsubsection Telephony Services +@cindex Murmur + +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. + +@deftp {Data Type} murmur-configuration +The service type for the murmur server. An example configuration can loo= k like this: +@example +(service murmur-service-type + (murmur-configuration + (welcome-text "Welcome to this mumble server running on GuixSD!") + (cert-required #t) ; disallow text password logins + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) +@end example + +After reconfiguring your system, you have to manually set the +SuperUser password with the command that is printed during the activatio= n phase. +Then you can use the @code{mumble} client to +login as new user, register, and logout. +For the next step login with the name "SuperUser" and the SuperUser pass= word +you set previously, and grant your newly registered user admin/moderator= rights +and create some channels. + +Available @code{murmur-configuration} fields are: +@table @asis +@item @code{package} (default: @code{mumble}) +Package that contains @code{bin/murmurd}. +@item @code{user} (default: @code{"murmur"}) +User who will run the murmur server. +@item @code{group} (default: @code{"murmur"}) +Group of the user who will run the murmur server. +@item @code{port} (default: @code{64738}) +Port on which the server will listen. +@item @code{welcome-text} (default: @code{""}) +Welcome text sent to clients when they connect. +@item @code{server-password} (default: @code{""}) +Password the clients have to enter in order to connect. +@item @code{max-users} (default: @code{100}) +Maximum of users that can be connected to the server at once. +@item @code{max-user-bandwidth} (default: @code{#f}) +Maximum voice traffic a user can send per second. +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})= +Filepath location of the sqlite database. +The service's user will become the owner of the directory. +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) +Filepath of the log file. +The service's user will become the owner of the directory. +@item @code{autoban-attempts} (default: @code{10}) +Maximum number of logins a user can make in @code{autoban-timeframe} +without getting auto banned for @code{autoban-time}. +@item @code{autoban-timeframe} (default: @code{120}) +Timeframe for autoban in seconds. +@item @code{autoban-time} (default: @code{300}) +Amount of time in seconds for which a client gets banned +when violating the autoban limits. +@item @code{opus-threshold} (default: @code{100}) +Percentage of clients that need to support opus +before switching over to opus audio codec. +@item @code{channel-nesting-limit} (default: @code{10}) +How deep channels can be nested at maximum. +@item @code{channelname-regex} (default: @code{#f}) +A string in from of a Qt regular expression that channel names must conf= orm to. +@item @code{username-regex} (default: @code{#f}) +A string in from of a Qt regular expression that user names must conform= to. +@item @code{text-message-length} (default: @code{5000}) +Maximum size in bytes that a user can send in one text chat message. +@item @code{image-message-length} (default: @code{(* 128 1024)}) +Maximum size in bytes that a user can send in one image message. +@item @code{cert-required} (default: @code{#f}) +If it is set to @code{#t} clients that use weak password authentificatio= n +will not be accepted. Users must have completed the certificate wizard t= o join. +@item @code{remember-channel} (defualt @code{#f}) +Should murmur remember the last channel each user was in when they disco= nnected +and put them into the remembered channel when they rejoin. +@item @code{allow-html} (default: @code{#f}) +Should html be allowed in text messages, user comments, and channel desc= riptions. +@item @code{allow-ping} (default: @code{#f}) +Setting to true exposes the current user count, the maximum user count, = and +the server's maximum bandwidth per client to unauthenticated users. In t= he +Mumble client, this information is shown in the Connect dialog. + +Disabling this setting will prevent public listing of the server. +@item @code{bonjour} (default: @code{#f}) +Should the server advertise itself in the local network through the bonj= our protocol. +@item @code{send-version} (default: @code{#f}) +Should the murmur server version be exposed in ping requests. +@item @code{log-days} (default: @code{31}) +Murmur also stores logs in the database, which are accessible via RPC. +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, +or -1 to disable logging to the database. +@item @code{obfuscate-ips} (default @code{#t}) +Should logged ips be obfuscated to protect the privacy of users. +@item @code{ssl-cert} (default: @code{#f}) +Filepath to the ssl-cert used for encrypted connections. +@example +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") +@end example +@item @code{ssl-key} (default: @code{#f}) +Filepath to the ssl private key used for encrypted connections. +@example +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") +@end example +@item @code{ssl-dh-params} (default: @code{#f}) +Filepath to a PEM-encoded file with Diffie-Hellman parameters +for the ssl encryption. Alternatively you set it to +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. +@item @code{ssl-ciphers} (default: @code{#f}) +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use +in SSL/TLS. + +This option is specified using +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. + +It is recommended that you try your cipher string using 'openssl ciphers= ' +before setting it here, to get a feel for which cipher suites you will g= et. +After setting this option, it is recommend that you inspect your Murmur = log +to ensure that Murmur is using the cipher suites that you expected it to= =2E + +Note: Changing this option may impact the backwards compatibility of you= r +Murmur server, and can remove the ability for older Mumble clients to be= able +to connect to it. +@item @code{public-registration} (default: @code{#f}) +Must be a @code{} record or @c= ode{#f}. + +You can optionally register your server in the public server list that t= he +@code{mumble} client shows on startup. +You cannot register your server if you have set a @code{server-password}= , +or set @code{allow-ping} to @code{#f}. + +It might take a few hours until it shows up in the public list. + +@item @code{file} (default: @code{#f}) +Optional alternative override for this configuration. +@end table +@end deftp + +@deftp {Data Type} murmur-public-registration-configuration +Configuration for public registration of a murmur service. +@table @asis +@item @code{name} +This is a display name for your server. Not to be confused with the host= name. +@item @code{password} +A password to identify your registration. +Subsequent updates will need the same password. Don't lose your password= =2E +@item @code{url} +This should be a http(s):// link to your website. +@item @code{hostname} (default: @code{#f}) +By default your server will be listed by it's ip. +If it is set your server will be linked by this hostname instead. +@end table +@end deftp + + + @node Monitoring Services @subsubsection Monitoring Services =20 @@ -14135,7 +14295,6 @@ the 2nd element of the pair is the password. @end table @end deftp =20 - @node Kerberos Services @subsubsection Kerberos Services @cindex Kerberos diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024..daa210a38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/services/spice.scm \ %D%/services/ssh.scm \ %D%/services/sysctl.scm \ + %D%/services/telephony.scm \ %D%/services/version-control.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm new file mode 100644 index 000000000..1fc5cb834 --- /dev/null +++ b/gnu/services/telephony.scm @@ -0,0 +1,344 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 nee +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services telephony) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages telephony) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export ( + murmur-configuration + make-murmur-configuration + murmur-configuration? + murmur-configuration-package + murmur-configuration-user + murmur-configuration-group + murmur-configuration-port + murmur-configuration-welcome-text + murmur-configuration-server-password + murmur-configuration-max-users + murmur-configuration-max-user-bandwidth + murmur-configuration-database-file + murmur-configuration-log-file + murmur-configuration-pid-file + murmur-configuration-autoban-attempts + murmur-configuration-autoban-timeframe + murmur-configuration-autoban-time + murmur-configuration-opus-threshold + murmur-configuration-channel-nesting-limit + murmur-configuration-channelname-regex + murmur-configuration-username-regex + murmur-configuration-text-message-length + murmur-configuration-image-message-length + murmur-configuration-cert-required + murmur-configuration-remember-channel + murmur-configuration-allow-html + murmur-configuration-allow-ping + murmur-configuration-bonjour + murmur-configuration-send-version + murmur-configuration-log-days + murmur-configuration-obfuscate-ips + murmur-configuration-ssl-cert + murmur-configuration-ssl-key + murmur-configuration-ssl-dh-params + murmur-configuration-ssl-ciphers + murmur-configuration-public-registration + murmur-configuration-file + + + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + murmur-public-registration-configuration-name + murmur-public-registration-configuration-url + murmur-public-registration-configuration-password + murmur-public-registration-configuration-hostname + + murmur-service-type)) + +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini + +(define-record-type* murmur-configuration + make-murmur-configuration + murmur-configuration? + (package murmur-configuration-package ; + (default mumble)) + (user murmur-configuration-user + (default "murmur")) + (group murmur-configuration-group + (default "murmur")) + (port murmur-configuration-port + (default 64738)) + (welcome-text murmur-configuration-welcome-text + (default "")) + (server-password murmur-configuration-server-password + (default "")) + (max-users murmur-configuration-max-users + (default 100)) + (max-user-bandwidth murmur-configuration-max-user-bandwidth + (default #f)) + (database-file murmur-configuration-database-file + (default "/var/lib/murmur/db.sqlite")) + (log-file murmur-configuration-log-file + (default "/var/log/murmur/murmur.log")) + (pid-file murmur-configuration-pid-file + (default "/var/run/murmur/murmur.pid")) + (autoban-attempts murmur-configuration-autoban-attempts + (default 10)) + (autoban-timeframe murmur-configuration-autoban-timeframe + (default 120)) + (autoban-time murmur-configuration-autoban-time + (default 300)) + (opus-threshold murmur-configuration-opus-threshold + (default 100)) ; integer percent + (channel-nesting-limit murmur-configuration-channel-nesting-limit + (default 10)) + (channelname-regex murmur-configuration-channelname-regex + (default #f)) + (username-regex murmur-configuration-username-regex + (default #f)) + (text-message-length murmur-configuration-text-message-length + (default 5000)) + (image-message-length murmur-configuration-image-message-length + (default (* 128 1024))) ; 128 Kilobytes + (cert-required murmur-configuration-cert-required + (default #f)) + (remember-channel murmur-configuration-remember-channel + (default #f)) + (allow-html murmur-configuration-allow-html + (default #f)) + (allow-ping murmur-configuration-allow-ping + (default #f)) + (bonjour murmur-configuration-bonjour + (default #f)) + (send-version murmur-configuration-send-version + (default #f)) + (log-days murmur-configuration-log-days + (default 31)) + (obfuscate-ips murmur-obfuscate-ips + (default #t)) + (ssl-cert murmur-configuration-ssl-cert + (default #f)) + (ssl-key murmur-configuration-ssl-key + (default #f)) + (ssl-dh-params murmur-configuration-ssl-dh-params + (default #f)) + (ssl-ciphers murmur-configuration-ssl-ciphers + (default #f)) + (public-registration murmur-configuration-public-registration + (default #f)) ; + (file murmur-configuration-file + (default #f))) + +(define-record-type* + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + (name murmur-public-registration-configuration-name) + (password murmur-public-registration-configuration-password) + (url murmur-public-registration-configuration-url) + (hostname murmur-public-registration-configuration-hostname + (default #f))) + +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + +(define (default-murmur-config + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex usernam= e-regex + text-message-length image-message-length cert-required + remember-channel allow-html allow-ping bonjour send-version lo= g-days + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers + public-registration) + (apply mixed-text-file "murmur.ini" + (flatten + "welcometext=3D" welcome-text "\n" + "port=3D" (number->string port) "\n" + "serverpassword=3D" server-password "\n" + (if max-user-bandwidth (list "bandwidth=3D" (number->string ma= x-user-bandwidth)) '()) + "users=3D" (number->string max-users) "\n" + "uname=3D" user "\n" + "database=3D" database-file "\n" + "logfile=3D" log-file "\n" + "pidfile=3D" pid-file "\n" + (if autoban-attempts (list "autobanAttempts=3D" (number->strin= g autoban-attempts) "\n") '()) + (if autoban-timeframe (list "autobanTimeframe=3D" (number->str= ing autoban-timeframe) "\n") '()) + (if autoban-time (list "autobanTime=3D" (number->string autoba= n-time) "\n") '()) + (if opus-threshold (list "opusthreshold=3D" (number->string op= us-threshold) "\n") '()) + (if channel-nesting-limit (list "channelnestinglimit=3D" (numb= er->string channel-nesting-limit) "\n") '()) + (if channelname-regex (list "channelname=3D" channelname-regex= "\n") '()) + (if username-regex (list "username=3D" username-regex "\n") '(= )) + (if text-message-length (list "textmessagelength=3D" (number->= string text-message-length) "\n") '()) + (if image-message-length (list "imagemessagelength=3D" (number= ->string image-message-length) "\n") '()) + (if log-days (list "logdays=3D" (number->string log-days) "\n"= ) '()) + "obfuscate=3D" (if obfuscate-ips "true" "false") "\n" + "certrequired=3D" (if cert-required "true" "false") "\n" + "rememberchannel" (if remember-channel "true" "false") "\n" + "allowhtml=3D" (if allow-html "true" "false") "\n" + "allowping=3D" (if allow-ping "true" "false") "\n" + "bonjour=3D" (if bonjour "true" "false") "\n" + "sendversion=3D" (if send-version "true" "false") "\n" + (cond ((and ssl-cert ssl-key) + (list + "sslCert=3D" ssl-cert "\n" + "sslKey=3D" ssl-key "\n")) + ((or ssl-cert ssl-key) + (error "ssl-cert and ssl-key must both be set" + ssl-cert ssl-key)) + (else '())) + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()) + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) + + (match public-registration + (#f '()) + (($ + name password url hostname) + (if (and (or (not server-password) (string-null? server-pas= sword)) + allow-ping) + (list + "registerName=3D" name "\n" + "registerPassword=3D" password "\n" + "registerUrl=3D" url "\n" + (if hostname + (string-append "registerHostname=3D" hostname "\n"= ) + "")) + (error "To publicly register your murmur server your se= rver must be publicy visible +and users must be able to join without a password. To fix this set: +(allow-ping #t) +(server-password "") +Or set public-registration to #f"))))))) + +(define murmur-activation + (match-lambda + (($ + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex username-= regex + text-message-length image-message-length cert-required remember-= channel + allow-html allow-ping bonjour send-version log-days obfuscate-ip= s + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) + #~(begin + (use-modules (guix build utils)) + (let ((log-dir (dirname #$log-file)) + (pid-dir (dirname #$pid-file)) + (db-dir (dirname #$database-file)) + (user (getpwnam #$user)) + (init-dir + (lambda (name dir user) + (format #t "creating murmur ~a directory '~a'\n" name = dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700))) + (ini #$(or file + (default-murmur-config + package user group port welcome-text + server-password max-users max-user-bandwidth= + database-file log-file pid-file autoban-atte= mpts + autoban-timeframe autoban-time + opus-threshold channel-nesting-limit + channelname-regex username-regex + text-message-length image-message-length + cert-required remember-channel allow-html al= low-ping + bonjour send-version log-days obfuscate-ips = ssl-cert + ssl-key ssl-dh-params ssl-ciphers + public-registration)))) + (init-dir "log" log-dir user) + (init-dir "pid" pid-dir user) + (init-dir "database" db-dir user) + + (format #t "murmur: use config file: ~a~%\n" ini) + (format #t "murmur: to set the SuperUser password run: + `~a -ini ~a -readsupw`\n" + #$(file-append package "/bin/murmurd") ini) + #t))))) + +(define murmur-accounts + (match-lambda + (($ _ user group) + (filter identity + (list + (and (equal? group "murmur") + (user-group + (name "murmur") + (system? #t))) + (and (equal? user "murmur") + (user-account + (name "murmur") + (group group) + (system? #t) + (comment "Murmur Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))))) + +(define murmur-shepherd-service + (match-lambda + (($ + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex username-= regex + text-message-length image-message-length cert-required remember-= channel + allow-html allow-ping bonjour send-version log-days obfuscate-ip= s + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) + (list (shepherd-service + (provision '(murmur)) + (documentation "Run the murmur mumble-server.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append package "/bin/murmurd") + "-ini" + #$(or file + (default-murmur-config + package user group port welcome-text + server-password max-users max-user-bandw= idth + database-file log-file pid-file autoban-= attempts + autoban-timeframe autoban-time + opus-threshold channel-nesting-limit + channelname-regex username-regex + text-message-length image-message-length= + cert-required remember-channel allow-htm= l + allow-ping bonjour send-version log-days= + obfuscate-ips ssl-cert ssl-key ssl-dh-pa= rams + ssl-ciphers public-registration))) + #:pid-file #$pid-file)) + (stop #~(make-kill-destructor))))))) + +(define murmur-service-type + (service-type (name 'murmur) + (description "The murmur service type.") + (extensions + (list (service-extension shepherd-root-service-type + murmur-shepherd-service) + (service-extension activation-service-type + murmur-activation) + (service-extension account-service-type + murmur-accounts))) + (default-value (murmur-configuration)))) --=20 2.14.1 --------------5590D08EA497AC61F1B07107-- From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: ng0 Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 24 Oct 2017 04:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: nee Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.15088196318733 (code B ref 28960); Tue, 24 Oct 2017 04:34:01 +0000 Received: (at 28960) by debbugs.gnu.org; 24 Oct 2017 04:33:51 +0000 Received: from localhost ([127.0.0.1]:58197 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6quN-0002Ga-N2 for submit@debbugs.gnu.org; Tue, 24 Oct 2017 00:33:51 -0400 Received: from aibo.runbox.com ([91.220.196.211]:53312) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6quJ-0002GN-9Y for 28960@debbugs.gnu.org; Tue, 24 Oct 2017 00:33:42 -0400 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1e6quH-0006IA-HN; Tue, 24 Oct 2017 06:33:37 +0200 Received: from li1778-79.members.linode.com ([172.104.187.79] helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1e6qtv-00076m-NN; Tue, 24 Oct 2017 06:33:17 +0200 Date: Tue, 24 Oct 2017 04:32:58 +0000 From: ng0 Message-ID: <20171024043258.sax6hsorucf4uzno@abyayala> References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ev5z64ibfndx6aa6" Content-Disposition: inline In-Reply-To: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --ev5z64ibfndx6aa6 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable nee transcribed 27K bytes: > Hello, this patch adds a murmur service. > Murmur is the biggest implementation of a mumble voice chat server. The > murmur executable is already packaged in the mumble package. >=20 > I added most of the available options to the configuration. > I consciously did not include the following settings: > -settings for changing the .ini at runtime through "ZeroC Ice" or "dbus" > -settings for different databases, because the wiki mentions problems > with other databases and strongly recommends using the default sqlite=C2= =B9. >=20 > 1) https://wiki.mumble.info/wiki/Murmur.ini (ctrl-f sqlite) Hey, this looks good so far. I need to test it today to give it some more detailed check, but I found nothing obvious wrong about it so far. > From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001 > From: nee > Date: Sat, 14 Oct 2017 11:27:50 +0200 > Subject: [PATCH] services: Add murmur. >=20 > * gnu/services/telephony.scm: New file. > * gnu/local.mk: Add it. > * doc/guix.texi: Document it. > --- > doc/guix.texi | 161 ++++++++++++++++++++- > gnu/local.mk | 1 + > gnu/services/telephony.scm | 344 +++++++++++++++++++++++++++++++++++++++= ++++++ > 3 files changed, 505 insertions(+), 1 deletion(-) > create mode 100644 gnu/services/telephony.scm >=20 > diff --git a/doc/guix.texi b/doc/guix.texi > index 7b5b71179..c06e596aa 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -221,6 +221,7 @@ Services > * Database Services:: SQL databases, key-value stores, etc. > * Mail Services:: IMAP, POP3, SMTP, and all that. > * Messaging Services:: Messaging services. > +* Telephony Services:: Telephony services. > * Monitoring Services:: Monitoring services. > * Kerberos Services:: Kerberos services. > * Web Services:: Web servers. > @@ -9245,6 +9246,7 @@ declaration. > * Database Services:: SQL databases, key-value stores, etc. > * Mail Services:: IMAP, POP3, SMTP, and all that. > * Messaging Services:: Messaging services. > +* Telephony Services:: Telephony services. > * Monitoring Services:: Monitoring services. > * Kerberos Services:: Kerberos services. > * Web Services:: Web servers. > @@ -14025,6 +14027,164 @@ string, you could instantiate a prosody service= like this: > (prosody.cfg.lua ""))) > @end example > =20 > + > +@node Telephony Services > +@subsubsection Telephony Services > +@cindex Murmur > + > +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. > + > +@deftp {Data Type} murmur-configuration > +The service type for the murmur server. An example configuration can loo= k like this: > +@example > +(service murmur-service-type > + (murmur-configuration > + (welcome-text "Welcome to this mumble server running on GuixSD!") > + (cert-required #t) ; disallow text password logins > + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") > + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) > +@end example > + > +After reconfiguring your system, you have to manually set the > +SuperUser password with the command that is printed during the activatio= n phase. > +Then you can use the @code{mumble} client to > +login as new user, register, and logout. > +For the next step login with the name "SuperUser" and the SuperUser pass= word > +you set previously, and grant your newly registered user admin/moderator= rights > +and create some channels. > + > +Available @code{murmur-configuration} fields are: > +@table @asis > +@item @code{package} (default: @code{mumble}) > +Package that contains @code{bin/murmurd}. > +@item @code{user} (default: @code{"murmur"}) > +User who will run the murmur server. > +@item @code{group} (default: @code{"murmur"}) > +Group of the user who will run the murmur server. > +@item @code{port} (default: @code{64738}) > +Port on which the server will listen. > +@item @code{welcome-text} (default: @code{""}) > +Welcome text sent to clients when they connect. > +@item @code{server-password} (default: @code{""}) > +Password the clients have to enter in order to connect. > +@item @code{max-users} (default: @code{100}) > +Maximum of users that can be connected to the server at once. > +@item @code{max-user-bandwidth} (default: @code{#f}) > +Maximum voice traffic a user can send per second. > +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"}) > +Filepath location of the sqlite database. > +The service's user will become the owner of the directory. > +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) > +Filepath of the log file. > +The service's user will become the owner of the directory. > +@item @code{autoban-attempts} (default: @code{10}) > +Maximum number of logins a user can make in @code{autoban-timeframe} > +without getting auto banned for @code{autoban-time}. > +@item @code{autoban-timeframe} (default: @code{120}) > +Timeframe for autoban in seconds. > +@item @code{autoban-time} (default: @code{300}) > +Amount of time in seconds for which a client gets banned > +when violating the autoban limits. > +@item @code{opus-threshold} (default: @code{100}) > +Percentage of clients that need to support opus > +before switching over to opus audio codec. > +@item @code{channel-nesting-limit} (default: @code{10}) > +How deep channels can be nested at maximum. > +@item @code{channelname-regex} (default: @code{#f}) > +A string in from of a Qt regular expression that channel names must conf= orm to. > +@item @code{username-regex} (default: @code{#f}) > +A string in from of a Qt regular expression that user names must conform= to. > +@item @code{text-message-length} (default: @code{5000}) > +Maximum size in bytes that a user can send in one text chat message. > +@item @code{image-message-length} (default: @code{(* 128 1024)}) > +Maximum size in bytes that a user can send in one image message. > +@item @code{cert-required} (default: @code{#f}) > +If it is set to @code{#t} clients that use weak password authentification > +will not be accepted. Users must have completed the certificate wizard t= o join. > +@item @code{remember-channel} (defualt @code{#f}) > +Should murmur remember the last channel each user was in when they disco= nnected > +and put them into the remembered channel when they rejoin. > +@item @code{allow-html} (default: @code{#f}) > +Should html be allowed in text messages, user comments, and channel desc= riptions. > +@item @code{allow-ping} (default: @code{#f}) > +Setting to true exposes the current user count, the maximum user count, = and > +the server's maximum bandwidth per client to unauthenticated users. In t= he > +Mumble client, this information is shown in the Connect dialog. > + > +Disabling this setting will prevent public listing of the server. > +@item @code{bonjour} (default: @code{#f}) > +Should the server advertise itself in the local network through the bonj= our protocol. > +@item @code{send-version} (default: @code{#f}) > +Should the murmur server version be exposed in ping requests. > +@item @code{log-days} (default: @code{31}) > +Murmur also stores logs in the database, which are accessible via RPC. > +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, > +or -1 to disable logging to the database. > +@item @code{obfuscate-ips} (default @code{#t}) > +Should logged ips be obfuscated to protect the privacy of users. > +@item @code{ssl-cert} (default: @code{#f}) > +Filepath to the ssl-cert used for encrypted connections. > +@example > +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") > +@end example > +@item @code{ssl-key} (default: @code{#f}) > +Filepath to the ssl private key used for encrypted connections. > +@example > +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") > +@end example > +@item @code{ssl-dh-params} (default: @code{#f}) > +Filepath to a PEM-encoded file with Diffie-Hellman parameters > +for the ssl encryption. Alternatively you set it to > +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} > +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. > +@item @code{ssl-ciphers} (default: @code{#f}) > +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use > +in SSL/TLS. > + > +This option is specified using > +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. > + > +It is recommended that you try your cipher string using 'openssl ciphers= ' > +before setting it here, to get a feel for which cipher suites you will g= et. > +After setting this option, it is recommend that you inspect your Murmur = log > +to ensure that Murmur is using the cipher suites that you expected it to. > + > +Note: Changing this option may impact the backwards compatibility of your > +Murmur server, and can remove the ability for older Mumble clients to be= able > +to connect to it. > +@item @code{public-registration} (default: @code{#f}) > +Must be a @code{} record or @c= ode{#f}. > + > +You can optionally register your server in the public server list that t= he > +@code{mumble} client shows on startup. > +You cannot register your server if you have set a @code{server-password}, > +or set @code{allow-ping} to @code{#f}. > + > +It might take a few hours until it shows up in the public list. > + > +@item @code{file} (default: @code{#f}) > +Optional alternative override for this configuration. > +@end table > +@end deftp > + > +@deftp {Data Type} murmur-public-registration-configuration > +Configuration for public registration of a murmur service. > +@table @asis > +@item @code{name} > +This is a display name for your server. Not to be confused with the host= name. > +@item @code{password} > +A password to identify your registration. > +Subsequent updates will need the same password. Don't lose your password. > +@item @code{url} > +This should be a http(s):// link to your website. > +@item @code{hostname} (default: @code{#f}) > +By default your server will be listed by it's ip. > +If it is set your server will be linked by this hostname instead. > +@end table > +@end deftp > + > + > + > @node Monitoring Services > @subsubsection Monitoring Services > =20 > @@ -14135,7 +14295,6 @@ the 2nd element of the pair is the password. > @end table > @end deftp > =20 > - > @node Kerberos Services > @subsubsection Kerberos Services > @cindex Kerberos > diff --git a/gnu/local.mk b/gnu/local.mk > index b71b36024..daa210a38 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ > %D%/services/spice.scm \ > %D%/services/ssh.scm \ > %D%/services/sysctl.scm \ > + %D%/services/telephony.scm \ > %D%/services/version-control.scm \ > %D%/services/vpn.scm \ > %D%/services/web.scm \ > diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm > new file mode 100644 > index 000000000..1fc5cb834 > --- /dev/null > +++ b/gnu/services/telephony.scm > @@ -0,0 +1,344 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2017 nee > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify it > +;;; under the terms of the GNU General Public License as published by > +;;; the Free Software Foundation; either version 3 of the License, or (at > +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see . > + > +(define-module (gnu services telephony) > + #:use-module (gnu services) > + #:use-module (gnu services shepherd) > + #:use-module (gnu system shadow) > + #:use-module (gnu packages admin) > + #:use-module (gnu packages telephony) > + #:use-module (guix records) > + #:use-module (guix gexp) > + #:use-module (srfi srfi-1) > + #:use-module (ice-9 match) > + #:export ( > + murmur-configuration > + make-murmur-configuration > + murmur-configuration? > + murmur-configuration-package > + murmur-configuration-user > + murmur-configuration-group > + murmur-configuration-port > + murmur-configuration-welcome-text > + murmur-configuration-server-password > + murmur-configuration-max-users > + murmur-configuration-max-user-bandwidth > + murmur-configuration-database-file > + murmur-configuration-log-file > + murmur-configuration-pid-file > + murmur-configuration-autoban-attempts > + murmur-configuration-autoban-timeframe > + murmur-configuration-autoban-time > + murmur-configuration-opus-threshold > + murmur-configuration-channel-nesting-limit > + murmur-configuration-channelname-regex > + murmur-configuration-username-regex > + murmur-configuration-text-message-length > + murmur-configuration-image-message-length > + murmur-configuration-cert-required > + murmur-configuration-remember-channel > + murmur-configuration-allow-html > + murmur-configuration-allow-ping > + murmur-configuration-bonjour > + murmur-configuration-send-version > + murmur-configuration-log-days > + murmur-configuration-obfuscate-ips > + murmur-configuration-ssl-cert > + murmur-configuration-ssl-key > + murmur-configuration-ssl-dh-params > + murmur-configuration-ssl-ciphers > + murmur-configuration-public-registration > + murmur-configuration-file > + > + > + murmur-public-registration-configuration > + make-murmur-public-registration-configuration > + murmur-public-registration-configuration? > + murmur-public-registration-configuration-name > + murmur-public-registration-configuration-url > + murmur-public-registration-configuration-password > + murmur-public-registration-configuration-hostname > + > + murmur-service-type)) > + > +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini > + > +(define-record-type* murmur-configuration > + make-murmur-configuration > + murmur-configuration? > + (package murmur-configuration-package ; > + (default mumble)) > + (user murmur-configuration-user > + (default "murmur")) > + (group murmur-configuration-group > + (default "murmur")) > + (port murmur-configuration-port > + (default 64738)) > + (welcome-text murmur-configuration-welcome-text > + (default "")) > + (server-password murmur-configuration-server-password > + (default "")) > + (max-users murmur-configuration-max-users > + (default 100)) > + (max-user-bandwidth murmur-configuration-max-user-bandwidth > + (default #f)) > + (database-file murmur-configuration-database-file > + (default "/var/lib/murmur/db.sqlite")) > + (log-file murmur-configuration-log-file > + (default "/var/log/murmur/murmur.log")) > + (pid-file murmur-configuration-pid-file > + (default "/var/run/murmur/murmur.pid")) > + (autoban-attempts murmur-configuration-autoban-attempts > + (default 10)) > + (autoban-timeframe murmur-configuration-autoban-timeframe > + (default 120)) > + (autoban-time murmur-configuration-autoban-time > + (default 300)) > + (opus-threshold murmur-configuration-opus-threshold > + (default 100)) ; integer percent > + (channel-nesting-limit murmur-configuration-channel-nesting-limit > + (default 10)) > + (channelname-regex murmur-configuration-channelname-regex > + (default #f)) > + (username-regex murmur-configuration-username-regex > + (default #f)) > + (text-message-length murmur-configuration-text-message-length > + (default 5000)) > + (image-message-length murmur-configuration-image-message-length > + (default (* 128 1024))) ; 128 Kilobytes > + (cert-required murmur-configuration-cert-required > + (default #f)) > + (remember-channel murmur-configuration-remember-channel > + (default #f)) > + (allow-html murmur-configuration-allow-html > + (default #f)) > + (allow-ping murmur-configuration-allow-ping > + (default #f)) > + (bonjour murmur-configuration-bonjour > + (default #f)) > + (send-version murmur-configuration-send-version > + (default #f)) > + (log-days murmur-configuration-log-days > + (default 31)) > + (obfuscate-ips murmur-obfuscate-ips > + (default #t)) > + (ssl-cert murmur-configuration-ssl-cert > + (default #f)) > + (ssl-key murmur-configuration-ssl-key > + (default #f)) > + (ssl-dh-params murmur-configuration-ssl-dh-params > + (default #f)) > + (ssl-ciphers murmur-configuration-ssl-ciphers > + (default #f)) > + (public-registration murmur-configuration-public-registration > + (default #f)) ; > + (file murmur-configuration-file > + (default #f))) > + > +(define-record-type* > + murmur-public-registration-configuration > + make-murmur-public-registration-configuration > + murmur-public-registration-configuration? > + (name murmur-public-registration-configuration-name) > + (password murmur-public-registration-configuration-password) > + (url murmur-public-registration-configuration-url) > + (hostname murmur-public-registration-configuration-hostname > + (default #f))) > + > +(define (flatten . lst) > + "Return a list that recursively concatenates all sub-lists of LST." > + (define (flatten1 head out) > + (if (list? head) > + (fold-right flatten1 out head) > + (cons head out))) > + (fold-right flatten1 '() lst)) > + > +(define (default-murmur-config > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex usernam= e-regex > + text-message-length image-message-length cert-required > + remember-channel allow-html allow-ping bonjour send-version lo= g-days > + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers > + public-registration) > + (apply mixed-text-file "murmur.ini" > + (flatten > + "welcometext=3D" welcome-text "\n" > + "port=3D" (number->string port) "\n" > + "serverpassword=3D" server-password "\n" > + (if max-user-bandwidth (list "bandwidth=3D" (number->string ma= x-user-bandwidth)) '()) > + "users=3D" (number->string max-users) "\n" > + "uname=3D" user "\n" > + "database=3D" database-file "\n" > + "logfile=3D" log-file "\n" > + "pidfile=3D" pid-file "\n" > + (if autoban-attempts (list "autobanAttempts=3D" (number->strin= g autoban-attempts) "\n") '()) > + (if autoban-timeframe (list "autobanTimeframe=3D" (number->str= ing autoban-timeframe) "\n") '()) > + (if autoban-time (list "autobanTime=3D" (number->string autoba= n-time) "\n") '()) > + (if opus-threshold (list "opusthreshold=3D" (number->string op= us-threshold) "\n") '()) > + (if channel-nesting-limit (list "channelnestinglimit=3D" (numb= er->string channel-nesting-limit) "\n") '()) > + (if channelname-regex (list "channelname=3D" channelname-regex= "\n") '()) > + (if username-regex (list "username=3D" username-regex "\n") '(= )) > + (if text-message-length (list "textmessagelength=3D" (number->= string text-message-length) "\n") '()) > + (if image-message-length (list "imagemessagelength=3D" (number= ->string image-message-length) "\n") '()) > + (if log-days (list "logdays=3D" (number->string log-days) "\n"= ) '()) > + "obfuscate=3D" (if obfuscate-ips "true" "false") "\n" > + "certrequired=3D" (if cert-required "true" "false") "\n" > + "rememberchannel" (if remember-channel "true" "false") "\n" > + "allowhtml=3D" (if allow-html "true" "false") "\n" > + "allowping=3D" (if allow-ping "true" "false") "\n" > + "bonjour=3D" (if bonjour "true" "false") "\n" > + "sendversion=3D" (if send-version "true" "false") "\n" > + (cond ((and ssl-cert ssl-key) > + (list > + "sslCert=3D" ssl-cert "\n" > + "sslKey=3D" ssl-key "\n")) > + ((or ssl-cert ssl-key) > + (error "ssl-cert and ssl-key must both be set" > + ssl-cert ssl-key)) > + (else '())) > + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()) > + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) > + > + (match public-registration > + (#f '()) > + (($ > + name password url hostname) > + (if (and (or (not server-password) (string-null? server-pas= sword)) > + allow-ping) > + (list > + "registerName=3D" name "\n" > + "registerPassword=3D" password "\n" > + "registerUrl=3D" url "\n" > + (if hostname > + (string-append "registerHostname=3D" hostname "\n") > + "")) > + (error "To publicly register your murmur server your se= rver must be publicy visible > +and users must be able to join without a password. To fix this set: > +(allow-ping #t) > +(server-password "") > +Or set public-registration to #f"))))))) > + > +(define murmur-activation > + (match-lambda > + (($ > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex username-= regex > + text-message-length image-message-length cert-required remember-= channel > + allow-html allow-ping bonjour send-version log-days obfuscate-ips > + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) > + #~(begin > + (use-modules (guix build utils)) > + (let ((log-dir (dirname #$log-file)) > + (pid-dir (dirname #$pid-file)) > + (db-dir (dirname #$database-file)) > + (user (getpwnam #$user)) > + (init-dir > + (lambda (name dir user) > + (format #t "creating murmur ~a directory '~a'\n" name = dir) > + (mkdir-p dir) > + (chown dir (passwd:uid user) (passwd:gid user)) > + (chmod dir #o700))) > + (ini #$(or file > + (default-murmur-config > + package user group port welcome-text > + server-password max-users max-user-bandwidth > + database-file log-file pid-file autoban-atte= mpts > + autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit > + channelname-regex username-regex > + text-message-length image-message-length > + cert-required remember-channel allow-html al= low-ping > + bonjour send-version log-days obfuscate-ips = ssl-cert > + ssl-key ssl-dh-params ssl-ciphers > + public-registration)))) > + (init-dir "log" log-dir user) > + (init-dir "pid" pid-dir user) > + (init-dir "database" db-dir user) > + > + (format #t "murmur: use config file: ~a~%\n" ini) > + (format #t "murmur: to set the SuperUser password run: > + `~a -ini ~a -readsupw`\n" > + #$(file-append package "/bin/murmurd") ini) > + #t))))) > + > +(define murmur-accounts > + (match-lambda > + (($ _ user group) > + (filter identity > + (list > + (and (equal? group "murmur") > + (user-group > + (name "murmur") > + (system? #t))) > + (and (equal? user "murmur") > + (user-account > + (name "murmur") > + (group group) > + (system? #t) > + (comment "Murmur Daemon") > + (home-directory "/var/empty") > + (shell (file-append shadow "/sbin/nologin"))))))))) > + > +(define murmur-shepherd-service > + (match-lambda > + (($ > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex username-= regex > + text-message-length image-message-length cert-required remember-= channel > + allow-html allow-ping bonjour send-version log-days obfuscate-ips > + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) > + (list (shepherd-service > + (provision '(murmur)) > + (documentation "Run the murmur mumble-server.") > + (requirement '(networking)) > + (start #~(make-forkexec-constructor > + '(#$(file-append package "/bin/murmurd") > + "-ini" > + #$(or file > + (default-murmur-config > + package user group port welcome-text > + server-password max-users max-user-bandw= idth > + database-file log-file pid-file autoban-= attempts > + autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit > + channelname-regex username-regex > + text-message-length image-message-length > + cert-required remember-channel allow-html > + allow-ping bonjour send-version log-days > + obfuscate-ips ssl-cert ssl-key ssl-dh-pa= rams > + ssl-ciphers public-registration))) > + #:pid-file #$pid-file)) > + (stop #~(make-kill-destructor))))))) > + > +(define murmur-service-type > + (service-type (name 'murmur) > + (description "The murmur service type.") > + (extensions > + (list (service-extension shepherd-root-service-type > + murmur-shepherd-service) > + (service-extension activation-service-type > + murmur-activation) > + (service-extension account-service-type > + murmur-accounts))) > + (default-value (murmur-configuration)))) > --=20 > 2.14.1 >=20 --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --ev5z64ibfndx6aa6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlnuwnoACgkQ4i+bv+40 hYgZ0RAAreaz/k8x9kGwvIp7GlYDN55e9I1Hm0dwliw2wSEy0psC82YnpE8RGZ3R +yHAwRWa+pg7J4NYgWcaeypXrlzPVYmFm1ISSA+WWWy24bMgLKKqYqPRPTlqgN6m 6cvdTJDMD/J+mlkzQ6yAtotxz+OoUPkN8eK3ZDqKFQMwc/D45IWSwYNTS0pdQd1B dXOWNMS3rV26OItAKm4QnAkiNveEqgOGqMwqqjc4rCimokTJ59Pxa6wzMlffhMt/ cYhIGOG8TTnY2xHkUvBbcmw1yikhTFqK1CnaXSK1dzSVdrpVnd3aYsCi0TrVfbkB ffnva/+PIitS5FP+u41wrY0NOiOHRYiKOjpaidHVOkYi4ia3+XfxuF12iBhgfZ3T d1+DRXuaIqES9uPsj6I3vj4D8ZiLHQOssj/LU9eij78je1aTnKDjcRbQrdoJgDam aEhaaBXgeBr0Nf5t71T7cZ5r632+cFzYOwBTvfAa1cULOgsY2D6EDuorOva8BKdR QnniMXfa5L0apJY9FrsZH7eWRDS1toBT7cX6L6JDWExY5IRS9FW21gkb0pBi1/Kj 7uBWzubs006DbNgqlhl3j5/As6VX0cvPCAWWzqvH573FdhYOD8rAKCbd888i67ys SN9ZXR14/8NdMwVzeUCiLB31xQdO1eszlerJOkapjijlN8x45AI= =pmYs -----END PGP SIGNATURE----- --ev5z64ibfndx6aa6-- From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 24 Oct 2017 05:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: nee Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.150882146911789 (code B ref 28960); Tue, 24 Oct 2017 05:05:01 +0000 Received: (at 28960) by debbugs.gnu.org; 24 Oct 2017 05:04:29 +0000 Received: from localhost ([127.0.0.1]:58219 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6rO9-000343-Fm for submit@debbugs.gnu.org; Tue, 24 Oct 2017 01:04:29 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:47845) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6rO7-00033u-Tb for 28960@debbugs.gnu.org; Tue, 24 Oct 2017 01:04:28 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 9974FED89; Tue, 24 Oct 2017 07:04:28 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9h2Alpob_b1; Tue, 24 Oct 2017 07:04:27 +0200 (CEST) Received: from ribbon (node-1w7jr9qot7winqrne9k8b99d1.ipv6.telus.net [IPv6:2001:569:7803:2c00:728:f466:18ad:22a5]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 1F091BAA; Tue, 24 Oct 2017 07:04:25 +0200 (CEST) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 23 Oct 2017 22:04:17 -0700 In-Reply-To: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> (nee@cock.li's message of "Mon, 23 Oct 2017 23:34:22 +0200") Message-ID: <873769qgq6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi nee, nee skribis: > Hello, this patch adds a murmur service. > Murmur is the biggest implementation of a mumble voice chat server. The > murmur executable is already packaged in the mumble package. Neat! > From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001 > From: nee > Date: Sat, 14 Oct 2017 11:27:50 +0200 > Subject: [PATCH] services: Add murmur. > > * gnu/services/telephony.scm: New file. > * gnu/local.mk: Add it. > * doc/guix.texi: Document it. You can write: * doc/guix.texi (Telephony Services): New node. > +@deftp {Data Type} murmur-configuration > +The service type for the murmur server. An example configuration can loo= k like this: > +@example > +(service murmur-service-type > + (murmur-configuration > + (welcome-text "Welcome to this mumble server running on GuixSD!") > + (cert-required #t) ; disallow text password logins > + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") > + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) > +@end example Please don=E2=80=99t use tabs. > +After reconfiguring your system, you have to manually set the > +SuperUser password with the command that is printed during the activatio= n phase. That sounds quite unusual. Perhaps you need @code{SuperUser}, if you literally mean the =E2=80=9CSuperUser=E2=80=9D account in Mumble? > +Then you can use the @code{mumble} client to > +login as new user, register, and logout. > +For the next step login with the name "SuperUser" and the SuperUser pass= word Same here. > +(define-record-type* murmur-configuration > + make-murmur-configuration > + murmur-configuration? > + (package murmur-configuration-package ; > + (default mumble)) > + (user murmur-configuration-user > + (default "murmur")) > + (group murmur-configuration-group > + (default "murmur")) > + (port murmur-configuration-port > + (default 64738)) [...] > + (allow-html murmur-configuration-allow-html > + (default #f)) > + (allow-ping murmur-configuration-allow-ping > + (default #f)) Add a question mark since these are Boolean options. So =E2=80=98allow-htm= l?=E2=80=99 and =E2=80=98allow-ping?=E2=80=99. > +(define (default-murmur-config > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex usernam= e-regex > + text-message-length image-message-length cert-required > + remember-channel allow-html allow-ping bonjour send-version lo= g-days > + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers > + public-registration) This many positional parameters is not reasonable. :-) Just pass a directly, and use the accessor procedures. > +(define murmur-activation > + (match-lambda > + (($ > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex username-= regex > + text-message-length image-message-length cert-required remember-= channel > + allow-html allow-ping bonjour send-version log-days obfuscate-ips > + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) Likewise: use the accessor procedures instead of this. > +(define murmur-accounts > + (match-lambda > + (($ _ user group) > + (filter identity > + (list > + (and (equal? group "murmur") > + (user-group > + (name "murmur") > + (system? #t))) > + (and (equal? user "murmur") > + (user-account > + (name "murmur") > + (group group) > + (system? #t) > + (comment "Murmur Daemon") > + (home-directory "/var/empty") > + (shell (file-append shadow "/sbin/nologin"))))))))) Why not just (match-lambda (($ _ user group) (list (user-group (name group) (system? #t)) (user-account (name user) (group group) (system? #t) =E2=80=A6 )))) ? > +(define murmur-shepherd-service > + (match-lambda > + (($ > + package user group port welcome-text server-password > + max-users max-user-bandwidth database-file log-file pid-file > + autoban-attempts autoban-timeframe autoban-time > + opus-threshold channel-nesting-limit channelname-regex username-= regex > + text-message-length image-message-length cert-required remember-= channel > + allow-html allow-ping bonjour send-version log-days obfuscate-ips > + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) Use the accessors instead. Could you send an updated patch? Thanks, Ludo=E2=80=99.=E2=80=99 From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: nee Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 24 Oct 2017 17:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.150886560922904 (code B ref 28960); Tue, 24 Oct 2017 17:21:01 +0000 Received: (at 28960) by debbugs.gnu.org; 24 Oct 2017 17:20:09 +0000 Received: from localhost ([127.0.0.1]:60135 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e72rz-0005xE-QD for submit@debbugs.gnu.org; Tue, 24 Oct 2017 13:20:08 -0400 Received: from cock.li ([185.100.85.212]:50342) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e72rv-0005wY-Er for 28960@debbugs.gnu.org; Tue, 24 Oct 2017 13:20:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on cock.li X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 shortcircuit=_SCTYPE_ autolearn=disabled version=3.4.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1508865593; bh=5EAYPwcnIQkOIF7qEh75G5VfYmLmBJyznRjJMfIJeV4=; h=Subject:To:References:From:Cc:Date:In-Reply-To:From; b=Mb8T3KQgN80TdU7HvI27TlaRvpnyuaJmewxxHWYkKqkuoVN1iHLDfYQVbn2uQtbnc sfTvEwkQe3Sj6yJBzWheIxEHKMSLEJbZC1H0MFz8PJfO9Nhg7MA5a62IKXjWrqFuZy Oi+Y2sFA5a6A4aF+5Q0199CKSYdF2Q2LVflnS+EI1qvnVNa9LfMcgwRCxyJHBpaehc SWww73rLjZzmSPnDOb0q9aiBpCjPRC0rLEtzT9qnDG99bvB/6xBQZr8+1FsdTTaaOd 1UjxQwwEI0UXYubaD9yu/14hxEKn6l5oliUO90nGncVk2HAENXzDDNXmEBuFR/kqH7 iCbRl5xY7ufMw== References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> From: nee Message-ID: Date: Tue, 24 Oct 2017 19:19:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <873769qgq6.fsf@gnu.org> Content-Type: multipart/mixed; boundary="------------6F728E108A9165CA4B4CE612" Content-Language: en-GB X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------6F728E108A9165CA4B4CE612 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Hello, thanks to both ludo and ng0 looking at my patch. 24.10.2017 07:04 Ludovic Courtès: >> From 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001 >> From: nee >> Date: Sat, 14 Oct 2017 11:27:50 +0200 >> Subject: [PATCH] services: Add murmur. >> >> * gnu/services/telephony.scm: New file. >> * gnu/local.mk: Add it. >> * doc/guix.texi: Document it. > > You can write: > > * doc/guix.texi (Telephony Services): New node. > Okay, I changed this line in the commit message. >> +@deftp {Data Type} murmur-configuration >> +The service type for the murmur server. An example configuration can look like this: >> +@example >> +(service murmur-service-type >> + (murmur-configuration >> + (welcome-text "Welcome to this mumble server running on GuixSD!") >> + (cert-required #t) ; disallow text password logins >> + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem") >> + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem"))) >> +@end example > > Please don’t use tabs. > Whoops, I untabified it. >> +After reconfiguring your system, you have to manually set the >> +SuperUser password with the command that is printed during the activation phase. > > That sounds quite unusual. Perhaps you need @code{SuperUser}, if you > literally mean the “SuperUser” account in Mumble? > >> +Then you can use the @code{mumble} client to >> +login as new user, register, and logout. >> +For the next step login with the name "SuperUser" and the SuperUser password > > Same here. > I reworded that part a little. It's about the mumble "SuperUser" who can create channels and do moderator stuff like muting, banning, and promoting users. >> +(define-record-type* murmur-configuration >> + make-murmur-configuration >> + murmur-configuration? >> + (package murmur-configuration-package ; >> + (default mumble)) >> + (user murmur-configuration-user >> + (default "murmur")) >> + (group murmur-configuration-group >> + (default "murmur")) >> + (port murmur-configuration-port >> + (default 64738)) > > [...] > >> + (allow-html murmur-configuration-allow-html >> + (default #f)) >> + (allow-ping murmur-configuration-allow-ping >> + (default #f)) > > Add a question mark since these are Boolean options. So ‘allow-html?’ > and ‘allow-ping?’. > Okay, I'm just slightly confused whether the question mark is only used for predicate procedures or everything that related to booleans. I think there was discussion on the guile list about this, I'll read up on it later. >> +(define (default-murmur-config >> + package user group port welcome-text server-password >> + max-users max-user-bandwidth database-file log-file pid-file >> + autoban-attempts autoban-timeframe autoban-time >> + opus-threshold channel-nesting-limit channelname-regex username-regex >> + text-message-length image-message-length cert-required >> + remember-channel allow-html allow-ping bonjour send-version log-days >> + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers >> + public-registration) > > This many positional parameters is not reasonable. :-) Just pass a > directly, and use the accessor procedures. > >> +(define murmur-activation >> … > > Likewise: use the accessor procedures instead of this. > >> +(define murmur-shepherd-service >> … > Use the accessors instead. > Right, that grew way too big. I removed most of the match blocks. I like having the short names when it comes to stitching together the actual config though, so I kept that one. If that's still a no-go I'll make another update with accessors. If the main problem here is the positional binding, is there a function to match record fields by name that I could use instead? It doesn't seem like it would be too complicated to write a macro for this with the record-accessor procedure from srfi-9. >> +(define murmur-accounts >> + (match-lambda >> + (($ _ user group) >> + (filter identity >> + (list >> + (and (equal? group "murmur") >> + (user-group >> + (name "murmur") >> + (system? #t))) >> + (and (equal? user "murmur") >> + (user-account >> + (name "murmur") >> + (group group) >> + (system? #t) >> + (comment "Murmur Daemon") >> + (home-directory "/var/empty") >> + (shell (file-append shadow "/sbin/nologin"))))))))) > > > Why not just > > (match-lambda > (($ _ user group) > (list (user-group (name group) (system? #t)) > (user-account > (name user) > (group group) > (system? #t) > … > )))) > > ? > Okay I changed it. I had copied this from the fcgiwrap service. > Could you send an updated patch? Here it is :-) I also noticed a missing equal sign after rememberchannel in the defaultconfig and added that. --------------6F728E108A9165CA4B4CE612 Content-Type: text/x-patch; name="0001-services-Add-murmur.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-services-Add-murmur.patch" =46rom d707744d406adb51d44087dcd329e53db7dfeb50 Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 14 Oct 2017 11:27:50 +0200 Subject: [PATCH] services: Add murmur. * gnu/services/telephony.scm: New file. * gnu/local.mk: Add it. * doc/guix.texi (Telephony Services): New node. --- doc/guix.texi | 163 ++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/telephony.scm | 304 +++++++++++++++++++++++++++++++++++++++= ++++++ 3 files changed, 468 insertions(+) create mode 100644 gnu/services/telephony.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7b5b71179..71c6e8dca 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -9245,6 +9246,7 @@ declaration. * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -14025,6 +14027,167 @@ string, you could instantiate a prosody service= like this: (prosody.cfg.lua ""))) @end example =20 + +@node Telephony Services +@subsubsection Telephony Services +@cindex Murmur + +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. + +@deftp {Data Type} murmur-configuration +The service type for the murmur server. An example configuration can loo= k like this: +@example +(service murmur-service-type + (murmur-configuration + (welcome-text "Welcome to this mumble server running on GuixSD= !") + (cert-required #t) ; disallow text password logins + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) +@end example + +After reconfiguring your system, you can manually set the murmur @code{"= SuperUser"} +password with the command that is printed during the activation phase. +It is recommended to register a normal mumble user account +and grant it admin or moderator rights. +You can use the @code{mumble} client to +login as new normal user, register yourself, and logout. +For the next step login with the name @code{"SuperUser"} use +the @code{SuperUser} password that you set previously, +and grant your newly registered mumble user admin/moderator +rights and create some channels. + +Available @code{murmur-configuration} fields are: +@table @asis +@item @code{package} (default: @code{mumble}) +Package that contains @code{bin/murmurd}. +@item @code{user} (default: @code{"murmur"}) +User who will run the murmur server. +@item @code{group} (default: @code{"murmur"}) +Group of the user who will run the murmur server. +@item @code{port} (default: @code{64738}) +Port on which the server will listen. +@item @code{welcome-text} (default: @code{""}) +Welcome text sent to clients when they connect. +@item @code{server-password} (default: @code{""}) +Password the clients have to enter in order to connect. +@item @code{max-users} (default: @code{100}) +Maximum of users that can be connected to the server at once. +@item @code{max-user-bandwidth} (default: @code{#f}) +Maximum voice traffic a user can send per second. +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})= +Filepath location of the sqlite database. +The service's user will become the owner of the directory. +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) +Filepath of the log file. +The service's user will become the owner of the directory. +@item @code{autoban-attempts} (default: @code{10}) +Maximum number of logins a user can make in @code{autoban-timeframe} +without getting auto banned for @code{autoban-time}. +@item @code{autoban-timeframe} (default: @code{120}) +Timeframe for autoban in seconds. +@item @code{autoban-time} (default: @code{300}) +Amount of time in seconds for which a client gets banned +when violating the autoban limits. +@item @code{opus-threshold} (default: @code{100}) +Percentage of clients that need to support opus +before switching over to opus audio codec. +@item @code{channel-nesting-limit} (default: @code{10}) +How deep channels can be nested at maximum. +@item @code{channelname-regex} (default: @code{#f}) +A string in from of a Qt regular expression that channel names must conf= orm to. +@item @code{username-regex} (default: @code{#f}) +A string in from of a Qt regular expression that user names must conform= to. +@item @code{text-message-length} (default: @code{5000}) +Maximum size in bytes that a user can send in one text chat message. +@item @code{image-message-length} (default: @code{(* 128 1024)}) +Maximum size in bytes that a user can send in one image message. +@item @code{cert-required?} (default: @code{#f}) +If it is set to @code{#t} clients that use weak password authentificatio= n +will not be accepted. Users must have completed the certificate wizard t= o join. +@item @code{remember-channel?} (defualt @code{#f}) +Should murmur remember the last channel each user was in when they disco= nnected +and put them into the remembered channel when they rejoin. +@item @code{allow-html?} (default: @code{#f}) +Should html be allowed in text messages, user comments, and channel desc= riptions. +@item @code{allow-ping?} (default: @code{#f}) +Setting to true exposes the current user count, the maximum user count, = and +the server's maximum bandwidth per client to unauthenticated users. In t= he +Mumble client, this information is shown in the Connect dialog. + +Disabling this setting will prevent public listing of the server. +@item @code{bonjour?} (default: @code{#f}) +Should the server advertise itself in the local network through the bonj= our protocol. +@item @code{send-version?} (default: @code{#f}) +Should the murmur server version be exposed in ping requests. +@item @code{log-days} (default: @code{31}) +Murmur also stores logs in the database, which are accessible via RPC. +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, +or -1 to disable logging to the database. +@item @code{obfuscate-ips?} (default @code{#t}) +Should logged ips be obfuscated to protect the privacy of users. +@item @code{ssl-cert} (default: @code{#f}) +Filepath to the ssl-cert used for encrypted connections. +@example +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") +@end example +@item @code{ssl-key} (default: @code{#f}) +Filepath to the ssl private key used for encrypted connections. +@example +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") +@end example +@item @code{ssl-dh-params} (default: @code{#f}) +Filepath to a PEM-encoded file with Diffie-Hellman parameters +for the ssl encryption. Alternatively you set it to +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. +@item @code{ssl-ciphers} (default: @code{#f}) +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use +in SSL/TLS. + +This option is specified using +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. + +It is recommended that you try your cipher string using 'openssl ciphers= ' +before setting it here, to get a feel for which cipher suites you will g= et. +After setting this option, it is recommend that you inspect your Murmur = log +to ensure that Murmur is using the cipher suites that you expected it to= =2E + +Note: Changing this option may impact the backwards compatibility of you= r +Murmur server, and can remove the ability for older Mumble clients to be= able +to connect to it. +@item @code{public-registration} (default: @code{#f}) +Must be a @code{} record or @c= ode{#f}. + +You can optionally register your server in the public server list that t= he +@code{mumble} client shows on startup. +You cannot register your server if you have set a @code{server-password}= , +or set @code{allow-ping} to @code{#f}. + +It might take a few hours until it shows up in the public list. + +@item @code{file} (default: @code{#f}) +Optional alternative override for this configuration. +@end table +@end deftp + +@deftp {Data Type} murmur-public-registration-configuration +Configuration for public registration of a murmur service. +@table @asis +@item @code{name} +This is a display name for your server. Not to be confused with the host= name. +@item @code{password} +A password to identify your registration. +Subsequent updates will need the same password. Don't lose your password= =2E +@item @code{url} +This should be a http(s):// link to your website. +@item @code{hostname} (default: @code{#f}) +By default your server will be listed by it's ip. +If it is set your server will be linked by this hostname instead. +@end table +@end deftp + + + @node Monitoring Services @subsubsection Monitoring Services =20 diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024..daa210a38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/services/spice.scm \ %D%/services/ssh.scm \ %D%/services/sysctl.scm \ + %D%/services/telephony.scm \ %D%/services/version-control.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm new file mode 100644 index 000000000..0c30b409f --- /dev/null +++ b/gnu/services/telephony.scm @@ -0,0 +1,304 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 nee +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services telephony) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages telephony) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export ( + murmur-configuration + make-murmur-configuration + murmur-configuration? + murmur-configuration-package + murmur-configuration-user + murmur-configuration-group + murmur-configuration-port + murmur-configuration-welcome-text + murmur-configuration-server-password + murmur-configuration-max-users + murmur-configuration-max-user-bandwidth + murmur-configuration-database-file + murmur-configuration-log-file + murmur-configuration-pid-file + murmur-configuration-autoban-attempts + murmur-configuration-autoban-timeframe + murmur-configuration-autoban-time + murmur-configuration-opus-threshold + murmur-configuration-channel-nesting-limit + murmur-configuration-channelname-regex + murmur-configuration-username-regex + murmur-configuration-text-message-length + murmur-configuration-image-message-length + murmur-configuration-cert-required? + murmur-configuration-remember-channel? + murmur-configuration-allow-html? + murmur-configuration-allow-ping? + murmur-configuration-bonjour? + murmur-configuration-send-version? + murmur-configuration-log-days + murmur-configuration-obfuscate-ips? + murmur-configuration-ssl-cert + murmur-configuration-ssl-key + murmur-configuration-ssl-dh-params + murmur-configuration-ssl-ciphers + murmur-configuration-public-registration + murmur-configuration-file + + + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + murmur-public-registration-configuration-name + murmur-public-registration-configuration-url + murmur-public-registration-configuration-password + murmur-public-registration-configuration-hostname + + murmur-service-type)) + +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini + +(define-record-type* murmur-configuration + make-murmur-configuration + murmur-configuration? + (package murmur-configuration-package ; + (default mumble)) + (user murmur-configuration-user + (default "murmur")) + (group murmur-configuration-group + (default "murmur")) + (port murmur-configuration-port + (default 64738)) + (welcome-text murmur-configuration-welcome-text + (default "")) + (server-password murmur-configuration-server-password + (default "")) + (max-users murmur-configuration-max-users + (default 100)) + (max-user-bandwidth murmur-configuration-max-user-bandwidth + (default #f)) + (database-file murmur-configuration-database-file + (default "/var/lib/murmur/db.sqlite")) + (log-file murmur-configuration-log-file + (default "/var/log/murmur/murmur.log")) + (pid-file murmur-configuration-pid-file + (default "/var/run/murmur/murmur.pid")) + (autoban-attempts murmur-configuration-autoban-attempts + (default 10)) + (autoban-timeframe murmur-configuration-autoban-timeframe + (default 120)) + (autoban-time murmur-configuration-autoban-time + (default 300)) + (opus-threshold murmur-configuration-opus-threshold + (default 100)) ; integer percent + (channel-nesting-limit murmur-configuration-channel-nesting-limit + (default 10)) + (channelname-regex murmur-configuration-channelname-regex + (default #f)) + (username-regex murmur-configuration-username-regex + (default #f)) + (text-message-length murmur-configuration-text-message-length + (default 5000)) + (image-message-length murmur-configuration-image-message-length + (default (* 128 1024))) ; 128 Kilobytes + (cert-required? murmur-configuration-cert-required? + (default #f)) + (remember-channel? murmur-configuration-remember-channel? + (default #f)) + (allow-html? murmur-configuration-allow-html? + (default #f)) + (allow-ping? murmur-configuration-allow-ping? + (default #f)) + (bonjour? murmur-configuration-bonjour? + (default #f)) + (send-version? murmur-configuration-send-version? + (default #f)) + (log-days murmur-configuration-log-days + (default 31)) + (obfuscate-ips? murmur-obfuscate-ips? + (default #t)) + (ssl-cert murmur-configuration-ssl-cert + (default #f)) + (ssl-key murmur-configuration-ssl-key + (default #f)) + (ssl-dh-params murmur-configuration-ssl-dh-params + (default #f)) + (ssl-ciphers murmur-configuration-ssl-ciphers + (default #f)) + (public-registration murmur-configuration-public-registration + (default #f)) ; + (file murmur-configuration-file + (default #f))) + +(define-record-type* + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + (name murmur-public-registration-configuration-name) + (password murmur-public-registration-configuration-password) + (url murmur-public-registration-configuration-url) + (hostname murmur-public-registration-configuration-hostname + (default #f))) + +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + +(define default-murmur-config=20 + (match-lambda + (($ + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex username-= regex + text-message-length image-message-length cert-required? + remember-channel? allow-html? allow-ping? bonjour? send-version?= + log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphe= rs + public-registration) + (apply mixed-text-file "murmur.ini" + (flatten + "welcometext=3D" welcome-text "\n" + "port=3D" (number->string port) "\n" + (if server-password (list "serverpassword=3D" server-passwo= rd "\n") '()) + (if max-user-bandwidth (list "bandwidth=3D" (number->string= max-user-bandwidth)) '()) + "users=3D" (number->string max-users) "\n" + "uname=3D" user "\n" + "database=3D" database-file "\n" + "logfile=3D" log-file "\n" + "pidfile=3D" pid-file "\n" + (if autoban-attempts (list "autobanAttempts=3D" (number->st= ring autoban-attempts) "\n") '()) + (if autoban-timeframe (list "autobanTimeframe=3D" (number->= string autoban-timeframe) "\n") '()) + (if autoban-time (list "autobanTime=3D" (number->string aut= oban-time) "\n") '()) + (if opus-threshold (list "opusthreshold=3D" (number->string= opus-threshold) "\n") '()) + (if channel-nesting-limit (list "channelnestinglimit=3D" (n= umber->string channel-nesting-limit) "\n") '()) + (if channelname-regex (list "channelname=3D" channelname-re= gex "\n") '()) + (if username-regex (list "username=3D" username-regex "\n")= '()) + (if text-message-length (list "textmessagelength=3D" (numbe= r->string text-message-length) "\n") '()) + (if image-message-length (list "imagemessagelength=3D" (num= ber->string image-message-length) "\n") '()) + (if log-days (list "logdays=3D" (number->string log-days) "= \n") '()) + "obfuscate=3D" (if obfuscate-ips? "true" "false") "\n" + "certrequired=3D" (if cert-required? "true" "false") "\n" + "rememberchannel=3D" (if remember-channel? "true" "false") = "\n" + "allowhtml=3D" (if allow-html? "true" "false") "\n" + "allowping=3D" (if allow-ping? "true" "false") "\n" + "bonjour=3D" (if bonjour? "true" "false") "\n" + "sendversion=3D" (if send-version? "true" "false") "\n" + (cond ((and ssl-cert ssl-key) + (list + "sslCert=3D" ssl-cert "\n" + "sslKey=3D" ssl-key "\n")) + ((or ssl-cert ssl-key) + (error "ssl-cert and ssl-key must both be set" + ssl-cert ssl-key)) + (else '())) + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()= ) + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) + + (match public-registration + (#f '()) + (($ + name password url hostname) + (if (and (or (not server-password) (string-null? server-= password)) + allow-ping?) + (list + "registerName=3D" name "\n" + "registerPassword=3D" password "\n" + "registerUrl=3D" url "\n" + (if hostname + (string-append "registerHostname=3D" hostname "= \n") + "")) + (error "To publicly register your murmur server your= server must be publicy visible +and users must be able to join without a password. To fix this set: +(allow-ping? #t) +(server-password \"\") +Or set public-registration to #f"))))))))) + +(define (murmur-activation config) + #~(begin + (use-modules (guix build utils)) + (let ((log-dir (dirname #$(murmur-configuration-log-file config)))= + (pid-dir (dirname #$(murmur-configuration-pid-file config)))= + (db-dir (dirname #$(murmur-configuration-database-file confi= g))) + (user (getpwnam #$(murmur-configuration-user config))) + (init-dir + (lambda (name dir user) + (format #t "creating murmur ~a directory '~a'\n" name dir= ) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700))) + (ini #$(or (murmur-configuration-file config) + (default-murmur-config config)))) + (init-dir "log" log-dir user) + (init-dir "pid" pid-dir user) + (init-dir "database" db-dir user) + + (format #t "murmur: use config file: ~a~%\n" ini) + (format #t "murmur: to set the SuperUser password run: + `~a -ini ~a -readsupw`\n" + #$(file-append (murmur-configuration-package config) "/b= in/murmurd") ini) + #t))) + +(define murmur-accounts + (match-lambda + (($ _ user group) + (list + (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Murmur Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))) + +(define (murmur-shepherd-service config) + (list (shepherd-service + (provision '(murmur)) + (documentation "Run the murmur mumble-server.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append (murmur-configuration-package) + "/bin/murmurd") + "-ini" + #$(or (murmur-configuration-file config) + (default-murmur-config config))) + #:pid-file #$(murmur-configuration-pid-file config)))= + (stop #~(make-kill-destructor))))) + +(define murmur-service-type + (service-type (name 'murmur) + (description "The murmur service type.") + (extensions + (list (service-extension shepherd-root-service-type + murmur-shepherd-service) + (service-extension activation-service-type + murmur-activation) + (service-extension account-service-type + murmur-accounts))) + (default-value (murmur-configuration)))) --=20 2.14.1 --------------6F728E108A9165CA4B4CE612-- From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 24 Oct 2017 21:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: nee Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.150888087317295 (code B ref 28960); Tue, 24 Oct 2017 21:35:02 +0000 Received: (at 28960) by debbugs.gnu.org; 24 Oct 2017 21:34:33 +0000 Received: from localhost ([127.0.0.1]:60337 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e76qH-0004Ut-Bx for submit@debbugs.gnu.org; Tue, 24 Oct 2017 17:34:33 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:49265) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e76qE-0004Uj-Np for 28960@debbugs.gnu.org; Tue, 24 Oct 2017 17:34:31 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id E4370F4E8; Tue, 24 Oct 2017 23:34:30 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eidn3VotJuVO; Tue, 24 Oct 2017 23:34:30 +0200 (CEST) Received: from ribbon (unknown [216.123.155.195]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 4F2ECDB1A; Tue, 24 Oct 2017 23:34:29 +0200 (CEST) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 3 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 24 Oct 2017 14:34:23 -0700 In-Reply-To: (nee@cock.li's message of "Tue, 24 Oct 2017 19:19:53 +0200") Message-ID: <87wp3kmdr4.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi nee, nee skribis: >>> +(define murmur-shepherd-service >>> =E2=80=A6 >> Use the accessors instead. >> > Right, that grew way too big. I removed most of the match blocks. > I like having the short names when it comes to stitching together the > actual config though, so I kept that one. > If that's still a no-go I'll make another update with accessors. > > If the main problem here is the positional binding, is there a function > to match record fields by name that I could use instead? Unfortunately no. > It doesn't seem like it would be too complicated to write a macro for > this with the record-accessor procedure from srfi-9. Indeed. I figured something like this works: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> (define-syntax match-record (syntax-rules () ((_ record type (field fields ...) body ...) (if (eq? (struct-vtable record) type) (let ((field ((record-accessor type 'field) record))) (match-record record type (fields ...) body ...)) (throw 'wrong-type-arg record))) ((_ record type () body ...) (begin body ...)))) scheme@(guile-user)> (match-record coreutils (@@ (guix packages) )= (home-page) home-page) $6 =3D "https://www.gnu.org/software/coreutils/" scheme@(guile-user)> (match-record coreutils (@@ (guix packages) )= (home-page synopsis) (list synopsis home-page)) $7 =3D ("Core GNU utilities (file, text, shell)" "https://www.gnu.org/softw= are/coreutils/") --8<---------------cut here---------------end--------------->8--- We could use that for now. Eventually though, we should have something better in (guix records) that (1) computes indices and report wrong-field-name errors at expansion time, and (2) accounts for thunked/delayed fields. WDYT? If the above macro is good enough, we can add it to (guix records) with a TODO comment. That would already be better than the other options. > I also noticed a missing equal sign after rememberchannel in the > defaultconfig and added that. I noticed a couple of obvious mistakes: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm index 0c30b409f..a305a1be8 100644 --- a/gnu/services/telephony.scm +++ b/gnu/services/telephony.scm @@ -240,7 +240,7 @@ Or set public-registration to #f"))))))))) (define (murmur-activation config) #~(begin (use-modules (guix build utils)) - (let ((log-dir (dirname #$(murmur-configuration-log-file config))) + (let* ((log-dir (dirname #$(murmur-configuration-log-file config))) (pid-dir (dirname #$(murmur-configuration-pid-file config))) (db-dir (dirname #$(murmur-configuration-database-file config))) (user (getpwnam #$(murmur-configuration-user config))) @@ -283,7 +283,7 @@ Or set public-registration to #f"))))))))) (documentation "Run the murmur mumble-server.") (requirement '(networking)) (start #~(make-forkexec-constructor - '(#$(file-append (murmur-configuration-package) + '(#$(file-append (murmur-configuration-package config) "/bin/murmurd") "-ini" #$(or (murmur-configuration-file config) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable This makes me think that it would be good to have a unit test. Would you like to try writing one now (see the examples in gnu/tests/*.scm), or do you prefer to leave it for later? In the latter case, please test the system to make sure it actually works (that can be done in a VM.) Thank you! Ludo=E2=80=99. --=-=-=-- From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: nee Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 30 Oct 2017 22:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.15094030998753 (code B ref 28960); Mon, 30 Oct 2017 22:39:01 +0000 Received: (at 28960) by debbugs.gnu.org; 30 Oct 2017 22:38:19 +0000 Received: from localhost ([127.0.0.1]:42836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9IhD-0002H4-DQ for submit@debbugs.gnu.org; Mon, 30 Oct 2017 18:38:19 -0400 Received: from cock.li ([185.100.85.212]:46215) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9Ih9-0002Gl-0q for 28960@debbugs.gnu.org; Mon, 30 Oct 2017 18:38:14 -0400 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on cock.li X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 shortcircuit=_SCTYPE_ autolearn=disabled version=3.4.1 From: nee DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1509403084; bh=bjKPaC0tpiINdt4qXifxivjiPPNOMltbg2nQl0OK7tU=; h=From:Subject:To:Cc:References:Date:In-Reply-To:From; b=YkNms+vZojErO/0QWuTZ4whNpA9CCYBmwvnFd1zJ8Sd7mlMFa9XiZFLhdWSvcBfOL xE+XdxyNn4Aexts+QD+j7973Ho8wQhtUlOGH2/GwmDg37bz4hvnLRRAAUTwPMJL6rZ gfltxY8H0D3zQhwMi1bw5YoVf7MlAjgVVwGq3kRYtpIZYMNggj4pC90W6q+pjxahK2 OZXMul/Iqg2JS+Kxh1N8fwqaPhLC3wJsKFuHY+2TiKeIoQ3uu+bV3fE3QRvSo6zlcK T1cwALdSYm1exuu1f2KF5XebM/3CagO10VyLZDaG4q7uM7N2MP+ACuNDLnmUFj9k6H ai1YIJzDvCedg== References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> <87wp3kmdr4.fsf@gnu.org> Message-ID: <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> Date: Mon, 30 Oct 2017 23:38:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <87wp3kmdr4.fsf@gnu.org> Content-Type: multipart/mixed; boundary="------------D8B9D010772BFDF6EDA09694" Content-Language: en-GB X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) This is a multi-part message in MIME format. --------------D8B9D010772BFDF6EDA09694 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Am 24.10.2017 um 23:34 schrieb Ludovic Courtès: > Indeed. I figured something like this works: > > --8<---------------cut here---------------start------------->8--- > scheme@(guile-user)> (define-syntax match-record > (syntax-rules () > ((_ record type (field fields ...) body ...) > (if (eq? (struct-vtable record) type) > (let ((field ((record-accessor type 'field) record))) > (match-record record type (fields ...) body ...)) > (throw 'wrong-type-arg record))) > ((_ record type () body ...) > (begin body ...)))) > scheme@(guile-user)> (match-record coreutils (@@ (guix packages) ) (home-page) home-page) > $6 = "https://www.gnu.org/software/coreutils/" > scheme@(guile-user)> (match-record coreutils (@@ (guix packages) ) (home-page synopsis) (list synopsis home-page)) > $7 = ("Core GNU utilities (file, text, shell)" "https://www.gnu.org/software/coreutils/") > --8<---------------cut here---------------end--------------->8--- Great! > > We could use that for now. > > Eventually though, we should have something better in (guix records) > that (1) computes indices and report wrong-field-name errors at > expansion time, and (2) accounts for thunked/delayed fields. > > WDYT? I didn't even know guix records had those features :) > > If the above macro is good enough, we can add it to (guix records) with > a TODO comment. That would already be better than the other options. > I added it for now. Personally I don't like having functions with big TODOs like this. What would be the solution for thunked delayed fields? Force them as they are bound in the let? >> I also noticed a missing equal sign after rememberchannel in the >> defaultconfig and added that. > > I noticed a couple of obvious mistakes: > > > > diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm > index 0c30b409f..a305a1be8 100644 > --- a/gnu/services/telephony.scm > +++ b/gnu/services/telephony.scm > @@ -240,7 +240,7 @@ Or set public-registration to #f"))))))))) > (define (murmur-activation config) > #~(begin > (use-modules (guix build utils)) > - (let ((log-dir (dirname #$(murmur-configuration-log-file config))) > + (let* ((log-dir (dirname #$(murmur-configuration-log-file config))) > (pid-dir (dirname #$(murmur-configuration-pid-file config))) > (db-dir (dirname #$(murmur-configuration-database-file config))) > (user (getpwnam #$(murmur-configuration-user config))) I think there was no mistake here the init-dir function took the user as argument, but I changed it into the let* form and removed the argument now. > @@ -283,7 +283,7 @@ Or set public-registration to #f"))))))))) > (documentation "Run the murmur mumble-server.") > (requirement '(networking)) > (start #~(make-forkexec-constructor > - '(#$(file-append (murmur-configuration-package) > + '(#$(file-append (murmur-configuration-package config) > "/bin/murmurd") > "-ini" > #$(or (murmur-configuration-file config) > Ouch, so much about me thinking that I could just make a quick change. > > This makes me think that it would be good to have a unit test. Would > you like to try writing one now (see the examples in gnu/tests/*.scm), > or do you prefer to leave it for later? I would like to write some tests, but right now I need to setup my guix development environment on a different computer first. On my current setup I have 15 gigabytes of free hard drive space and when I run `make check-system` it fails with some 'no space left on device' message. > > In the latter case, please test the system to make sure it actually > works (that can be done in a VM.) For this patch: I ran make and got no warnings. I deployed it on my server and connected with mumble from my computer and it worked. --------------D8B9D010772BFDF6EDA09694 Content-Type: text/x-patch; name="0001-guix-records-Add-match-record.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-guix-records-Add-match-record.patch" =46rom 07c47b5acc22589d466b5008ba42a191bbc33c11 Mon Sep 17 00:00:00 2001 From: nee Date: Wed, 25 Oct 2017 20:44:54 +0200 Subject: [PATCH 1/2] guix: records: Add match-record. * guix/records.scm: New syntax-rule. --- guix/records.scm | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/guix/records.scm b/guix/records.scm index 7de5fccef..1f00e1660 100644 --- a/guix/records.scm +++ b/guix/records.scm @@ -26,7 +26,8 @@ #:export (define-record-type* alist->record object->fields - recutils->alist)) + recutils->alist + match-record)) =20 ;;; Commentary: ;;; @@ -375,4 +376,19 @@ pairs. Stop upon an empty line (after consuming it)= or EOF." (else (error "unmatched line" line)))))))) =20 +(define-syntax match-record + (syntax-rules () + "Bind each FIELD of a RECORD of the given TYPE to it's FIELD name. +The current implementation does not support thunked and delayed fields."= + ((_ record type (field fields ...) body ...) + (if (eq? (struct-vtable record) type) + ;; TODO compute indices and report wrong-field-name errors at + ;; expansion time + ;; TODO support thunked and delayed fields + (let ((field ((record-accessor type 'field) record))) + (match-record record type (fields ...) body ...)) + (throw 'wrong-type-arg record))) + ((_ record type () body ...) + (begin body ...)))) + ;;; records.scm ends here --=20 2.14.1 --------------D8B9D010772BFDF6EDA09694 Content-Type: text/x-patch; name="0002-services-Add-murmur.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0002-services-Add-murmur.patch" =46rom 2836d82378ccd9ac4fd3678230d0daa2c5f1601d Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 14 Oct 2017 11:27:50 +0200 Subject: [PATCH 2/2] services: Add murmur. * gnu/services/telephony.scm: New file. * gnu/local.mk: Add it. * doc/guix.texi (Telephony Services): New node. --- doc/guix.texi | 163 ++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/telephony.scm | 305 +++++++++++++++++++++++++++++++++++++++= ++++++ 3 files changed, 469 insertions(+) create mode 100644 gnu/services/telephony.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7b5b71179..ee4913b29 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -9245,6 +9246,7 @@ declaration. * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -14025,6 +14027,167 @@ string, you could instantiate a prosody service= like this: (prosody.cfg.lua ""))) @end example =20 + +@node Telephony Services +@subsubsection Telephony Services +@cindex Murmur + +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. + +@deftp {Data Type} murmur-configuration +The service type for the murmur server. An example configuration can loo= k like this: +@example +(service murmur-service-type + (murmur-configuration + (welcome-text "Welcome to this mumble server running on GuixSD= !") + (cert-required? #t) ; disallow text password logins + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) +@end example + +After reconfiguring your system, you can manually set the murmur @code{"= SuperUser"} +password with the command that is printed during the activation phase. +It is recommended to register a normal mumble user account +and grant it admin or moderator rights. +You can use the @code{mumble} client to +login as new normal user, register yourself, and logout. +For the next step login with the name @code{"SuperUser"} use +the @code{SuperUser} password that you set previously, +and grant your newly registered mumble user admin/moderator +rights and create some channels. + +Available @code{murmur-configuration} fields are: +@table @asis +@item @code{package} (default: @code{mumble}) +Package that contains @code{bin/murmurd}. +@item @code{user} (default: @code{"murmur"}) +User who will run the murmur server. +@item @code{group} (default: @code{"murmur"}) +Group of the user who will run the murmur server. +@item @code{port} (default: @code{64738}) +Port on which the server will listen. +@item @code{welcome-text} (default: @code{""}) +Welcome text sent to clients when they connect. +@item @code{server-password} (default: @code{""}) +Password the clients have to enter in order to connect. +@item @code{max-users} (default: @code{100}) +Maximum of users that can be connected to the server at once. +@item @code{max-user-bandwidth} (default: @code{#f}) +Maximum voice traffic a user can send per second. +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})= +Filepath location of the sqlite database. +The service's user will become the owner of the directory. +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) +Filepath of the log file. +The service's user will become the owner of the directory. +@item @code{autoban-attempts} (default: @code{10}) +Maximum number of logins a user can make in @code{autoban-timeframe} +without getting auto banned for @code{autoban-time}. +@item @code{autoban-timeframe} (default: @code{120}) +Timeframe for autoban in seconds. +@item @code{autoban-time} (default: @code{300}) +Amount of time in seconds for which a client gets banned +when violating the autoban limits. +@item @code{opus-threshold} (default: @code{100}) +Percentage of clients that need to support opus +before switching over to opus audio codec. +@item @code{channel-nesting-limit} (default: @code{10}) +How deep channels can be nested at maximum. +@item @code{channelname-regex} (default: @code{#f}) +A string in from of a Qt regular expression that channel names must conf= orm to. +@item @code{username-regex} (default: @code{#f}) +A string in from of a Qt regular expression that user names must conform= to. +@item @code{text-message-length} (default: @code{5000}) +Maximum size in bytes that a user can send in one text chat message. +@item @code{image-message-length} (default: @code{(* 128 1024)}) +Maximum size in bytes that a user can send in one image message. +@item @code{cert-required?} (default: @code{#f}) +If it is set to @code{#t} clients that use weak password authentificatio= n +will not be accepted. Users must have completed the certificate wizard t= o join. +@item @code{remember-channel?} (defualt @code{#f}) +Should murmur remember the last channel each user was in when they disco= nnected +and put them into the remembered channel when they rejoin. +@item @code{allow-html?} (default: @code{#f}) +Should html be allowed in text messages, user comments, and channel desc= riptions. +@item @code{allow-ping?} (default: @code{#f}) +Setting to true exposes the current user count, the maximum user count, = and +the server's maximum bandwidth per client to unauthenticated users. In t= he +Mumble client, this information is shown in the Connect dialog. + +Disabling this setting will prevent public listing of the server. +@item @code{bonjour?} (default: @code{#f}) +Should the server advertise itself in the local network through the bonj= our protocol. +@item @code{send-version?} (default: @code{#f}) +Should the murmur server version be exposed in ping requests. +@item @code{log-days} (default: @code{31}) +Murmur also stores logs in the database, which are accessible via RPC. +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, +or -1 to disable logging to the database. +@item @code{obfuscate-ips?} (default @code{#t}) +Should logged ips be obfuscated to protect the privacy of users. +@item @code{ssl-cert} (default: @code{#f}) +Filepath to the ssl-cert used for encrypted connections. +@example +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") +@end example +@item @code{ssl-key} (default: @code{#f}) +Filepath to the ssl private key used for encrypted connections. +@example +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") +@end example +@item @code{ssl-dh-params} (default: @code{#f}) +Filepath to a PEM-encoded file with Diffie-Hellman parameters +for the ssl encryption. Alternatively you set it to +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. +@item @code{ssl-ciphers} (default: @code{#f}) +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use +in SSL/TLS. + +This option is specified using +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. + +It is recommended that you try your cipher string using 'openssl ciphers= ' +before setting it here, to get a feel for which cipher suites you will g= et. +After setting this option, it is recommend that you inspect your Murmur = log +to ensure that Murmur is using the cipher suites that you expected it to= =2E + +Note: Changing this option may impact the backwards compatibility of you= r +Murmur server, and can remove the ability for older Mumble clients to be= able +to connect to it. +@item @code{public-registration} (default: @code{#f}) +Must be a @code{} record or @c= ode{#f}. + +You can optionally register your server in the public server list that t= he +@code{mumble} client shows on startup. +You cannot register your server if you have set a @code{server-password}= , +or set @code{allow-ping} to @code{#f}. + +It might take a few hours until it shows up in the public list. + +@item @code{file} (default: @code{#f}) +Optional alternative override for this configuration. +@end table +@end deftp + +@deftp {Data Type} murmur-public-registration-configuration +Configuration for public registration of a murmur service. +@table @asis +@item @code{name} +This is a display name for your server. Not to be confused with the host= name. +@item @code{password} +A password to identify your registration. +Subsequent updates will need the same password. Don't lose your password= =2E +@item @code{url} +This should be a http(s):// link to your website. +@item @code{hostname} (default: @code{#f}) +By default your server will be listed by it's ip. +If it is set your server will be linked by this hostname instead. +@end table +@end deftp + + + @node Monitoring Services @subsubsection Monitoring Services =20 diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024..daa210a38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/services/spice.scm \ %D%/services/ssh.scm \ %D%/services/sysctl.scm \ + %D%/services/telephony.scm \ %D%/services/version-control.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm new file mode 100644 index 000000000..6c9121ad5 --- /dev/null +++ b/gnu/services/telephony.scm @@ -0,0 +1,305 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 nee +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services telephony) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages telephony) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export ( + murmur-configuration + make-murmur-configuration + murmur-configuration? + murmur-configuration-package + murmur-configuration-user + murmur-configuration-group + murmur-configuration-port + murmur-configuration-welcome-text + murmur-configuration-server-password + murmur-configuration-max-users + murmur-configuration-max-user-bandwidth + murmur-configuration-database-file + murmur-configuration-log-file + murmur-configuration-pid-file + murmur-configuration-autoban-attempts + murmur-configuration-autoban-timeframe + murmur-configuration-autoban-time + murmur-configuration-opus-threshold + murmur-configuration-channel-nesting-limit + murmur-configuration-channelname-regex + murmur-configuration-username-regex + murmur-configuration-text-message-length + murmur-configuration-image-message-length + murmur-configuration-cert-required? + murmur-configuration-remember-channel? + murmur-configuration-allow-html? + murmur-configuration-allow-ping? + murmur-configuration-bonjour? + murmur-configuration-send-version? + murmur-configuration-log-days + murmur-configuration-obfuscate-ips? + murmur-configuration-ssl-cert + murmur-configuration-ssl-key + murmur-configuration-ssl-dh-params + murmur-configuration-ssl-ciphers + murmur-configuration-public-registration + murmur-configuration-file + + + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + murmur-public-registration-configuration-name + murmur-public-registration-configuration-url + murmur-public-registration-configuration-password + murmur-public-registration-configuration-hostname + + murmur-service-type)) + +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini + +(define-record-type* murmur-configuration + make-murmur-configuration + murmur-configuration? + (package murmur-configuration-package ; + (default mumble)) + (user murmur-configuration-user + (default "murmur")) + (group murmur-configuration-group + (default "murmur")) + (port murmur-configuration-port + (default 64738)) + (welcome-text murmur-configuration-welcome-text + (default "")) + (server-password murmur-configuration-server-password + (default "")) + (max-users murmur-configuration-max-users + (default 100)) + (max-user-bandwidth murmur-configuration-max-user-bandwidth + (default #f)) + (database-file murmur-configuration-database-file + (default "/var/lib/murmur/db.sqlite")) + (log-file murmur-configuration-log-file + (default "/var/log/murmur/murmur.log")) + (pid-file murmur-configuration-pid-file + (default "/var/run/murmur/murmur.pid")) + (autoban-attempts murmur-configuration-autoban-attempts + (default 10)) + (autoban-timeframe murmur-configuration-autoban-timeframe + (default 120)) + (autoban-time murmur-configuration-autoban-time + (default 300)) + (opus-threshold murmur-configuration-opus-threshold + (default 100)) ; integer percent + (channel-nesting-limit murmur-configuration-channel-nesting-limit + (default 10)) + (channelname-regex murmur-configuration-channelname-regex + (default #f)) + (username-regex murmur-configuration-username-regex + (default #f)) + (text-message-length murmur-configuration-text-message-length + (default 5000)) + (image-message-length murmur-configuration-image-message-length + (default (* 128 1024))) ; 128 Kilobytes + (cert-required? murmur-configuration-cert-required? + (default #f)) + (remember-channel? murmur-configuration-remember-channel? + (default #f)) + (allow-html? murmur-configuration-allow-html? + (default #f)) + (allow-ping? murmur-configuration-allow-ping? + (default #f)) + (bonjour? murmur-configuration-bonjour? + (default #f)) + (send-version? murmur-configuration-send-version? + (default #f)) + (log-days murmur-configuration-log-days + (default 31)) + (obfuscate-ips? murmur-obfuscate-ips? + (default #t)) + (ssl-cert murmur-configuration-ssl-cert + (default #f)) + (ssl-key murmur-configuration-ssl-key + (default #f)) + (ssl-dh-params murmur-configuration-ssl-dh-params + (default #f)) + (ssl-ciphers murmur-configuration-ssl-ciphers + (default #f)) + (public-registration murmur-configuration-public-registration + (default #f)) ; + (file murmur-configuration-file + (default #f))) + +(define-record-type* + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + (name murmur-public-registration-configuration-name) + (password murmur-public-registration-configuration-password) + (url murmur-public-registration-configuration-url) + (hostname murmur-public-registration-configuration-hostname + (default #f))) + +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + +(define (default-murmur-config config) + (match-record + config + + (user port welcome-text server-password max-users max-user-bandwidth + database-file log-file pid-file autoban-attempts autoban-timeframe + autoban-time opus-threshold channel-nesting-limit channelname-regex + username-regex text-message-length image-message-length cert-require= d? + remember-channel? allow-html? allow-ping? bonjour? send-version? + log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers + public-registration) + (apply mixed-text-file "murmur.ini" + (flatten + "welcometext=3D" welcome-text "\n" + "port=3D" (number->string port) "\n" + (if server-password (list "serverpassword=3D" server-password= "\n") '()) + (if max-user-bandwidth (list "bandwidth=3D" (number->string m= ax-user-bandwidth)) '()) + "users=3D" (number->string max-users) "\n" + "uname=3D" user "\n" + "database=3D" database-file "\n" + "logfile=3D" log-file "\n" + "pidfile=3D" pid-file "\n" + (if autoban-attempts (list "autobanAttempts=3D" (number->stri= ng autoban-attempts) "\n") '()) + (if autoban-timeframe (list "autobanTimeframe=3D" (number->st= ring autoban-timeframe) "\n") '()) + (if autoban-time (list "autobanTime=3D" (number->string autob= an-time) "\n") '()) + (if opus-threshold (list "opusthreshold=3D" (number->string o= pus-threshold) "\n") '()) + (if channel-nesting-limit (list "channelnestinglimit=3D" (num= ber->string channel-nesting-limit) "\n") '()) + (if channelname-regex (list "channelname=3D" channelname-rege= x "\n") '()) + (if username-regex (list "username=3D" username-regex "\n") '= ()) + (if text-message-length (list "textmessagelength=3D" (number-= >string text-message-length) "\n") '()) + (if image-message-length (list "imagemessagelength=3D" (numbe= r->string image-message-length) "\n") '()) + (if log-days (list "logdays=3D" (number->string log-days) "\n= ") '()) + "obfuscate=3D" (if obfuscate-ips? "true" "false") "\n" + "certrequired=3D" (if cert-required? "true" "false") "\n" + "rememberchannel=3D" (if remember-channel? "true" "false") "\= n" + "allowhtml=3D" (if allow-html? "true" "false") "\n" + "allowping=3D" (if allow-ping? "true" "false") "\n" + "bonjour=3D" (if bonjour? "true" "false") "\n" + "sendversion=3D" (if send-version? "true" "false") "\n" + (cond ((and ssl-cert ssl-key) + (list + "sslCert=3D" ssl-cert "\n" + "sslKey=3D" ssl-key "\n")) + ((or ssl-cert ssl-key) + (error "ssl-cert and ssl-key must both be set" + ssl-cert ssl-key)) + (else '())) + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()) + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) + + (match public-registration + (#f '()) + (($ + name password url hostname) + (if (and (or (not server-password) (string-null? server-pa= ssword)) + allow-ping?) + (list + "registerName=3D" name "\n" + "registerPassword=3D" password "\n" + "registerUrl=3D" url "\n" + (if hostname + (string-append "registerHostname=3D" hostname "\n= ") + "")) + (error "To publicly register your murmur server your s= erver must be publicy visible +and users must be able to join without a password. To fix this set: +(allow-ping? #t) +(server-password \"\") +Or set public-registration to #f")))))))) + +(define (murmur-activation config) + #~(begin + (use-modules (guix build utils)) + (let* ((log-dir (dirname #$(murmur-configuration-log-file config))= ) + (pid-dir (dirname #$(murmur-configuration-pid-file config))= ) + (db-dir (dirname #$(murmur-configuration-database-file conf= ig))) + (user (getpwnam #$(murmur-configuration-user config))) + (init-dir + (lambda (name dir) + (format #t "creating murmur ~a directory '~a'\n" name di= r) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700))) + (ini #$(or (murmur-configuration-file config) + (default-murmur-config config)))) + (init-dir "log" log-dir) + (init-dir "pid" pid-dir) + (init-dir "database" db-dir) + + (format #t "murmur: use config file: ~a~%\n" ini) + (format #t "murmur: to set the SuperUser password run: + `~a -ini ~a -readsupw`\n" + #$(file-append (murmur-configuration-package config) + "/bin/murmurd") ini) + #t))) + +(define murmur-accounts + (match-lambda + (($ _ user group) + (list + (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Murmur Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))) + +(define (murmur-shepherd-service config) + (list (shepherd-service + (provision '(murmur)) + (documentation "Run the murmur mumble-server.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append (murmur-configuration-package config= ) + "/bin/murmurd") + "-ini" + #$(or (murmur-configuration-file config) + (default-murmur-config config))) + #:pid-file #$(murmur-configuration-pid-file config)))= + (stop #~(make-kill-destructor))))) + +(define murmur-service-type + (service-type (name 'murmur) + (description "The murmur service type.") + (extensions + (list (service-extension shepherd-root-service-type + murmur-shepherd-service) + (service-extension activation-service-type + murmur-activation) + (service-extension account-service-type + murmur-accounts))) + (default-value (murmur-configuration)))) --=20 2.14.1 --------------D8B9D010772BFDF6EDA09694-- From unknown Wed Aug 20 05:16:06 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28960] [PATCH] services: Add murmur. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 31 Oct 2017 00:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28960 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: nee Cc: 28960@debbugs.gnu.org Received: via spool by 28960-submit@debbugs.gnu.org id=B28960.150940813424091 (code B ref 28960); Tue, 31 Oct 2017 00:03:02 +0000 Received: (at 28960) by debbugs.gnu.org; 31 Oct 2017 00:02:14 +0000 Received: from localhost ([127.0.0.1]:42929 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9K0T-0006GV-S9 for submit@debbugs.gnu.org; Mon, 30 Oct 2017 20:02:14 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:39331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9K0P-0006GJ-Fj for 28960@debbugs.gnu.org; Mon, 30 Oct 2017 20:02:10 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id C74D1FA45; Tue, 31 Oct 2017 01:02:09 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcH_tgDMPd7K; Tue, 31 Oct 2017 01:02:08 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id A54E4F9E6; Tue, 31 Oct 2017 01:02:08 +0100 (CET) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> <87wp3kmdr4.fsf@gnu.org> <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 31 Oct 2017 01:02:06 +0100 In-Reply-To: <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> (nee@cock.li's message of "Mon, 30 Oct 2017 23:38:06 +0100") Message-ID: <87k1zcyykh.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Heya! nee skribis: > Am 24.10.2017 um 23:34 schrieb Ludovic Court=C3=A8s: [...] >> If the above macro is good enough, we can add it to (guix records) with >> a TODO comment. That would already be better than the other options. >>=20 > > I added it for now. Personally I don't like having functions with big > TODOs like this. What would be the solution for thunked delayed fields? > Force them as they are bound in the let? The solution would be to do what the accessors do, which is to transparently force the promise or call the thunk. Well, for later! >> This makes me think that it would be good to have a unit test. Would >> you like to try writing one now (see the examples in gnu/tests/*.scm), >> or do you prefer to leave it for later? > I would like to write some tests, but right now I need to setup my guix > development environment on a different computer first. On my current > setup I have 15 gigabytes of free hard drive space and when I run `make > check-system` it fails with some 'no space left on device' message. You should probably just run the test you want, as in: make check-system TESTS=3Dbasic This is much more reasonable in terms of disk space usage. See . I=E2=80=99ll take another look soonish and apply the patches if everything= =E2=80=99s alright! Thanks, Ludo=E2=80=99. From unknown Wed Aug 20 05:16:06 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: nee Subject: bug#28960: closed (Re: [bug#28960] [PATCH] services: Add murmur.) Message-ID: References: <87zi81ropw.fsf@gnu.org> <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> X-Gnu-PR-Message: they-closed 28960 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 28960@debbugs.gnu.org Date: Sun, 05 Nov 2017 10:43:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1509878582-12608-1" This is a multi-part message in MIME format... ------------=_1509878582-12608-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #28960: [PATCH] services: Add murmur. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 28960@debbugs.gnu.org. --=20 28960: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28960 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1509878582-12608-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 28960-done) by debbugs.gnu.org; 5 Nov 2017 10:42:45 +0000 Received: from localhost ([127.0.0.1]:51220 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBIO4-0003Gs-Le for submit@debbugs.gnu.org; Sun, 05 Nov 2017 05:42:45 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:59546) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBIO0-0003Gi-Rx for 28960-done@debbugs.gnu.org; Sun, 05 Nov 2017 05:42:41 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 11A5FEAF4; Sun, 5 Nov 2017 11:42:41 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g00JuR2fFh_J; Sun, 5 Nov 2017 11:42:39 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id EA186E3A1; Sun, 5 Nov 2017 11:42:38 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: nee Subject: Re: [bug#28960] [PATCH] services: Add murmur. References: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> <873769qgq6.fsf@gnu.org> <87wp3kmdr4.fsf@gnu.org> <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 15 Brumaire an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 05 Nov 2017 11:42:35 +0100 In-Reply-To: <7d7f4e40-c12b-e9a6-b84d-9e6d1fc9fdf1@cock.li> (nee@cock.li's message of "Mon, 30 Oct 2017 23:38:06 +0100") Message-ID: <87zi81ropw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 28960-done Cc: 28960-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi nee, nee skribis: > From 2836d82378ccd9ac4fd3678230d0daa2c5f1601d Mon Sep 17 00:00:00 2001 > From: nee > Date: Sat, 14 Oct 2017 11:27:50 +0200 > Subject: [PATCH 2/2] services: Add murmur. > > * gnu/services/telephony.scm: New file. > * gnu/local.mk: Add it. > * doc/guix.texi (Telephony Services): New node. Sorry for the delay, I=E2=80=99ve been MIA. I=E2=80=99ve applied both patc= hes with the attached cosmetic changes to the second one, mostly so that the manual would be correctly typeset and so that =E2=80=9Cguix system search voip=E2= =80=9D turns up the Murmur service. I hope that=E2=80=99s fine with you. Thank you! Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/doc/guix.texi b/doc/guix.texi index e2c9edd27..11a9de689 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14194,103 +14194,139 @@ string, you could instantiate a prosody service like this: @node Telephony Services @subsubsection Telephony Services -@cindex Murmur -Murmur is the official server of the @code{mumble} voice over IP (VoIP) software. +@cindex Murmur (VoIP server) +@cindex VoIP server +This section describes how to set up and run a Murmur server. Murmur is +the server of the @uref{https://mumble.info, Mumble} voice-over-IP +(VoIP) suite. @deftp {Data Type} murmur-configuration -The service type for the murmur server. An example configuration can look like this: +The service type for the Murmur server. An example configuration can +look like this: + @example (service murmur-service-type (murmur-configuration - (welcome-text "Welcome to this mumble server running on GuixSD!") - (cert-required? #t) ; disallow text password logins + (welcome-text + "Welcome to this Mumble server running on GuixSD!") + (cert-required? #t) ;disallow text password logins (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem") (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem"))) @end example -After reconfiguring your system, you can manually set the murmur @code{"SuperUser"} +After reconfiguring your system, you can manually set the murmur @code{SuperUser} password with the command that is printed during the activation phase. -It is recommended to register a normal mumble user account + +It is recommended to register a normal Mumble user account and grant it admin or moderator rights. You can use the @code{mumble} client to -login as new normal user, register yourself, and logout. -For the next step login with the name @code{"SuperUser"} use +login as new normal user, register yourself, and log out. +For the next step login with the name @code{SuperUser} use the @code{SuperUser} password that you set previously, -and grant your newly registered mumble user admin/moderator +and grant your newly registered mumble user administrator or moderator rights and create some channels. Available @code{murmur-configuration} fields are: + @table @asis @item @code{package} (default: @code{mumble}) Package that contains @code{bin/murmurd}. + @item @code{user} (default: @code{"murmur"}) -User who will run the murmur server. +User who will run the Murmur server. + @item @code{group} (default: @code{"murmur"}) Group of the user who will run the murmur server. + @item @code{port} (default: @code{64738}) Port on which the server will listen. + @item @code{welcome-text} (default: @code{""}) Welcome text sent to clients when they connect. + @item @code{server-password} (default: @code{""}) Password the clients have to enter in order to connect. + @item @code{max-users} (default: @code{100}) Maximum of users that can be connected to the server at once. + @item @code{max-user-bandwidth} (default: @code{#f}) Maximum voice traffic a user can send per second. + @item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"}) -Filepath location of the sqlite database. +File name of the sqlite database. The service's user will become the owner of the directory. + @item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) -Filepath of the log file. +File name of the log file. The service's user will become the owner of the directory. + @item @code{autoban-attempts} (default: @code{10}) Maximum number of logins a user can make in @code{autoban-timeframe} without getting auto banned for @code{autoban-time}. + @item @code{autoban-timeframe} (default: @code{120}) Timeframe for autoban in seconds. + @item @code{autoban-time} (default: @code{300}) Amount of time in seconds for which a client gets banned when violating the autoban limits. + @item @code{opus-threshold} (default: @code{100}) Percentage of clients that need to support opus before switching over to opus audio codec. + @item @code{channel-nesting-limit} (default: @code{10}) How deep channels can be nested at maximum. + @item @code{channelname-regex} (default: @code{#f}) A string in from of a Qt regular expression that channel names must conform to. + @item @code{username-regex} (default: @code{#f}) A string in from of a Qt regular expression that user names must conform to. + @item @code{text-message-length} (default: @code{5000}) Maximum size in bytes that a user can send in one text chat message. + @item @code{image-message-length} (default: @code{(* 128 1024)}) Maximum size in bytes that a user can send in one image message. + @item @code{cert-required?} (default: @code{#f}) If it is set to @code{#t} clients that use weak password authentification will not be accepted. Users must have completed the certificate wizard to join. + @item @code{remember-channel?} (defualt @code{#f}) Should murmur remember the last channel each user was in when they disconnected and put them into the remembered channel when they rejoin. + @item @code{allow-html?} (default: @code{#f}) Should html be allowed in text messages, user comments, and channel descriptions. + @item @code{allow-ping?} (default: @code{#f}) Setting to true exposes the current user count, the maximum user count, and the server's maximum bandwidth per client to unauthenticated users. In the Mumble client, this information is shown in the Connect dialog. Disabling this setting will prevent public listing of the server. + @item @code{bonjour?} (default: @code{#f}) Should the server advertise itself in the local network through the bonjour protocol. + @item @code{send-version?} (default: @code{#f}) Should the murmur server version be exposed in ping requests. + @item @code{log-days} (default: @code{31}) Murmur also stores logs in the database, which are accessible via RPC. The default is 31 days of months, but you can set this setting to 0 to keep logs forever, or -1 to disable logging to the database. + @item @code{obfuscate-ips?} (default @code{#t}) Should logged ips be obfuscated to protect the privacy of users. + @item @code{ssl-cert} (default: @code{#f}) -Filepath to the ssl-cert used for encrypted connections. +File name of the SSL/TLS certificate used for encrypted connections. + @example (ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") @end example @@ -14299,17 +14335,20 @@ Filepath to the ssl private key used for encrypted connections. @example (ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") @end example + @item @code{ssl-dh-params} (default: @code{#f}) -Filepath to a PEM-encoded file with Diffie-Hellman parameters -for the ssl encryption. Alternatively you set it to +File name of a PEM-encoded file with Diffie-Hellman parameters +for the SSL/TLS encryption. Alternatively you set it to @code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"} or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. + @item @code{ssl-ciphers} (default: @code{#f}) The @code{ssl-ciphers} option chooses the cipher suites to make available for use in SSL/TLS. This option is specified using -@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}. +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, +OpenSSL cipher list notation}. It is recommended that you try your cipher string using 'openssl ciphers ' before setting it here, to get a feel for which cipher suites you will get. @@ -14319,6 +14358,7 @@ to ensure that Murmur is using the cipher suites that you expected it to. Note: Changing this option may impact the backwards compatibility of your Murmur server, and can remove the ability for older Mumble clients to be able to connect to it. + @item @code{public-registration} (default: @code{#f}) Must be a @code{} record or @code{#f}. @@ -14336,17 +14376,22 @@ Optional alternative override for this configuration. @deftp {Data Type} murmur-public-registration-configuration Configuration for public registration of a murmur service. + @table @asis @item @code{name} This is a display name for your server. Not to be confused with the hostname. + @item @code{password} A password to identify your registration. Subsequent updates will need the same password. Don't lose your password. + @item @code{url} -This should be a http(s):// link to your website. +This should be a @code{http://} or @code{https://} link to your web +site. + @item @code{hostname} (default: @code{#f}) -By default your server will be listed by it's ip. -If it is set your server will be linked by this hostname instead. +By default your server will be listed by its IP address. +If it is set your server will be linked by this host name instead. @end table @end deftp diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm index 6c9121ad5..0a735315b 100644 --- a/gnu/services/telephony.scm +++ b/gnu/services/telephony.scm @@ -26,8 +26,7 @@ #:use-module (guix gexp) #:use-module (srfi srfi-1) #:use-module (ice-9 match) - #:export ( - murmur-configuration + #:export (murmur-configuration make-murmur-configuration murmur-configuration? murmur-configuration-package @@ -65,7 +64,6 @@ murmur-configuration-public-registration murmur-configuration-file - murmur-public-registration-configuration make-murmur-public-registration-configuration murmur-public-registration-configuration? @@ -281,7 +279,7 @@ Or set public-registration to #f")))))))) (define (murmur-shepherd-service config) (list (shepherd-service (provision '(murmur)) - (documentation "Run the murmur mumble-server.") + (documentation "Run the Murmur Mumble server.") (requirement '(networking)) (start #~(make-forkexec-constructor '(#$(file-append (murmur-configuration-package config) @@ -294,7 +292,9 @@ Or set public-registration to #f")))))))) (define murmur-service-type (service-type (name 'murmur) - (description "The murmur service type.") + (description + "Run the Murmur voice-over-IP (VoIP) server of the Mumble +suite.") (extensions (list (service-extension shepherd-root-service-type murmur-shepherd-service) --=-=-=-- ------------=_1509878582-12608-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 23 Oct 2017 21:34:57 +0000 Received: from localhost ([127.0.0.1]:58075 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6kN0-0000Ut-Bw for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6kMw-0000UZ-NZ for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6kMo-0000GE-Fh for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:46662) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6kMo-0000G7-9E for submit@debbugs.gnu.org; Mon, 23 Oct 2017 17:34:38 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35754) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e6kMk-0008UH-V3 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6kMh-0000C7-D0 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:34 -0400 Received: from cock.li ([185.100.85.212]:44678) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6kMg-00009r-K8 for guix-patches@gnu.org; Mon, 23 Oct 2017 17:34:31 -0400 From: nee DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1508794465; bh=IGK0PRMcfoDTg5nFgwuiWFf1kE+xIyDodma4lmjw1gI=; h=From:To:Subject:Date:From; b=Hx1Oi3fxuvZQgYbG7AnTAf8840GqkwTWghLRVmspkDEWGzBO2HuzDLSSHKag1ZtVc gOC7CIuj0fl1ovyU3zddvoxt5a34KRI6VdwwIFHOpL5/hv3DJJfIlknIdoyuvfaGIm Q+rexX0XmUKHNjQ81Cd8f3cWUJvZle/GC4pEIgMZ3tBiXrg5J0P9fp75Ara2GJWStv dHKczLQAbMjYDDYNu2HVHpYZg4V3DOmmDV+miYCVWzvK6xdb/OsRLZaABYsXrpuUKv 1nyzbDcgN+u2FEKlZVw+2AqytQzhQjOMG2iF4h0nPvzmZZ6oRJLNGl12zGMGbVDWly yUPx/slwHjoag== To: guix-patches@gnu.org Subject: [PATCH] services: Add murmur. Message-ID: <750375c6-8bc2-3e63-05d3-fd94635aa88c@cock.li> Date: Mon, 23 Oct 2017 23:34:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------5590D08EA497AC61F1B07107" Content-Language: en-GB X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.9 (/) This is a multi-part message in MIME format. --------------5590D08EA497AC61F1B07107 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, this patch adds a murmur service. Murmur is the biggest implementation of a mumble voice chat server. The murmur executable is already packaged in the mumble package. I added most of the available options to the configuration. I consciously did not include the following settings: -settings for changing the .ini at runtime through "ZeroC Ice" or "dbus" -settings for different databases, because the wiki mentions problems with other databases and strongly recommends using the default sqlite=C2=B9= . 1) https://wiki.mumble.info/wiki/Murmur.ini (ctrl-f sqlite) --------------5590D08EA497AC61F1B07107 Content-Type: text/x-patch; name="0001-services-Add-murmur.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-services-Add-murmur.patch" =46rom 74618e5a39198077327f14362d8d98538f4d39ab Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 14 Oct 2017 11:27:50 +0200 Subject: [PATCH] services: Add murmur. * gnu/services/telephony.scm: New file. * gnu/local.mk: Add it. * doc/guix.texi: Document it. --- doc/guix.texi | 161 ++++++++++++++++++++- gnu/local.mk | 1 + gnu/services/telephony.scm | 344 +++++++++++++++++++++++++++++++++++++++= ++++++ 3 files changed, 505 insertions(+), 1 deletion(-) create mode 100644 gnu/services/telephony.scm diff --git a/doc/guix.texi b/doc/guix.texi index 7b5b71179..c06e596aa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -9245,6 +9246,7 @@ declaration. * Database Services:: SQL databases, key-value stores, etc. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. @@ -14025,6 +14027,164 @@ string, you could instantiate a prosody service= like this: (prosody.cfg.lua ""))) @end example =20 + +@node Telephony Services +@subsubsection Telephony Services +@cindex Murmur + +Murmur is the official server of the @code{mumble} voice over IP (VoIP) = software. + +@deftp {Data Type} murmur-configuration +The service type for the murmur server. An example configuration can loo= k like this: +@example +(service murmur-service-type + (murmur-configuration + (welcome-text "Welcome to this mumble server running on GuixSD!") + (cert-required #t) ; disallow text password logins + (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.= pem") + (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem= "))) +@end example + +After reconfiguring your system, you have to manually set the +SuperUser password with the command that is printed during the activatio= n phase. +Then you can use the @code{mumble} client to +login as new user, register, and logout. +For the next step login with the name "SuperUser" and the SuperUser pass= word +you set previously, and grant your newly registered user admin/moderator= rights +and create some channels. + +Available @code{murmur-configuration} fields are: +@table @asis +@item @code{package} (default: @code{mumble}) +Package that contains @code{bin/murmurd}. +@item @code{user} (default: @code{"murmur"}) +User who will run the murmur server. +@item @code{group} (default: @code{"murmur"}) +Group of the user who will run the murmur server. +@item @code{port} (default: @code{64738}) +Port on which the server will listen. +@item @code{welcome-text} (default: @code{""}) +Welcome text sent to clients when they connect. +@item @code{server-password} (default: @code{""}) +Password the clients have to enter in order to connect. +@item @code{max-users} (default: @code{100}) +Maximum of users that can be connected to the server at once. +@item @code{max-user-bandwidth} (default: @code{#f}) +Maximum voice traffic a user can send per second. +@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})= +Filepath location of the sqlite database. +The service's user will become the owner of the directory. +@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) +Filepath of the log file. +The service's user will become the owner of the directory. +@item @code{autoban-attempts} (default: @code{10}) +Maximum number of logins a user can make in @code{autoban-timeframe} +without getting auto banned for @code{autoban-time}. +@item @code{autoban-timeframe} (default: @code{120}) +Timeframe for autoban in seconds. +@item @code{autoban-time} (default: @code{300}) +Amount of time in seconds for which a client gets banned +when violating the autoban limits. +@item @code{opus-threshold} (default: @code{100}) +Percentage of clients that need to support opus +before switching over to opus audio codec. +@item @code{channel-nesting-limit} (default: @code{10}) +How deep channels can be nested at maximum. +@item @code{channelname-regex} (default: @code{#f}) +A string in from of a Qt regular expression that channel names must conf= orm to. +@item @code{username-regex} (default: @code{#f}) +A string in from of a Qt regular expression that user names must conform= to. +@item @code{text-message-length} (default: @code{5000}) +Maximum size in bytes that a user can send in one text chat message. +@item @code{image-message-length} (default: @code{(* 128 1024)}) +Maximum size in bytes that a user can send in one image message. +@item @code{cert-required} (default: @code{#f}) +If it is set to @code{#t} clients that use weak password authentificatio= n +will not be accepted. Users must have completed the certificate wizard t= o join. +@item @code{remember-channel} (defualt @code{#f}) +Should murmur remember the last channel each user was in when they disco= nnected +and put them into the remembered channel when they rejoin. +@item @code{allow-html} (default: @code{#f}) +Should html be allowed in text messages, user comments, and channel desc= riptions. +@item @code{allow-ping} (default: @code{#f}) +Setting to true exposes the current user count, the maximum user count, = and +the server's maximum bandwidth per client to unauthenticated users. In t= he +Mumble client, this information is shown in the Connect dialog. + +Disabling this setting will prevent public listing of the server. +@item @code{bonjour} (default: @code{#f}) +Should the server advertise itself in the local network through the bonj= our protocol. +@item @code{send-version} (default: @code{#f}) +Should the murmur server version be exposed in ping requests. +@item @code{log-days} (default: @code{31}) +Murmur also stores logs in the database, which are accessible via RPC. +The default is 31 days of months, but you can set this setting to 0 to k= eep logs forever, +or -1 to disable logging to the database. +@item @code{obfuscate-ips} (default @code{#t}) +Should logged ips be obfuscated to protect the privacy of users. +@item @code{ssl-cert} (default: @code{#f}) +Filepath to the ssl-cert used for encrypted connections. +@example +(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") +@end example +@item @code{ssl-key} (default: @code{#f}) +Filepath to the ssl private key used for encrypted connections. +@example +(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") +@end example +@item @code{ssl-dh-params} (default: @code{#f}) +Filepath to a PEM-encoded file with Diffie-Hellman parameters +for the ssl encryption. Alternatively you set it to +@code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{= "@@ffdhe6144"} +or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. +@item @code{ssl-ciphers} (default: @code{#f}) +The @code{ssl-ciphers} option chooses the cipher suites to make availabl= e for use +in SSL/TLS. + +This option is specified using +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,= OpenSSL cipher list notation}. + +It is recommended that you try your cipher string using 'openssl ciphers= ' +before setting it here, to get a feel for which cipher suites you will g= et. +After setting this option, it is recommend that you inspect your Murmur = log +to ensure that Murmur is using the cipher suites that you expected it to= =2E + +Note: Changing this option may impact the backwards compatibility of you= r +Murmur server, and can remove the ability for older Mumble clients to be= able +to connect to it. +@item @code{public-registration} (default: @code{#f}) +Must be a @code{} record or @c= ode{#f}. + +You can optionally register your server in the public server list that t= he +@code{mumble} client shows on startup. +You cannot register your server if you have set a @code{server-password}= , +or set @code{allow-ping} to @code{#f}. + +It might take a few hours until it shows up in the public list. + +@item @code{file} (default: @code{#f}) +Optional alternative override for this configuration. +@end table +@end deftp + +@deftp {Data Type} murmur-public-registration-configuration +Configuration for public registration of a murmur service. +@table @asis +@item @code{name} +This is a display name for your server. Not to be confused with the host= name. +@item @code{password} +A password to identify your registration. +Subsequent updates will need the same password. Don't lose your password= =2E +@item @code{url} +This should be a http(s):// link to your website. +@item @code{hostname} (default: @code{#f}) +By default your server will be listed by it's ip. +If it is set your server will be linked by this hostname instead. +@end table +@end deftp + + + @node Monitoring Services @subsubsection Monitoring Services =20 @@ -14135,7 +14295,6 @@ the 2nd element of the pair is the password. @end table @end deftp =20 - @node Kerberos Services @subsubsection Kerberos Services @cindex Kerberos diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024..daa210a38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -458,6 +458,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/services/spice.scm \ %D%/services/ssh.scm \ %D%/services/sysctl.scm \ + %D%/services/telephony.scm \ %D%/services/version-control.scm \ %D%/services/vpn.scm \ %D%/services/web.scm \ diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm new file mode 100644 index 000000000..1fc5cb834 --- /dev/null +++ b/gnu/services/telephony.scm @@ -0,0 +1,344 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 nee +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services telephony) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages telephony) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export ( + murmur-configuration + make-murmur-configuration + murmur-configuration? + murmur-configuration-package + murmur-configuration-user + murmur-configuration-group + murmur-configuration-port + murmur-configuration-welcome-text + murmur-configuration-server-password + murmur-configuration-max-users + murmur-configuration-max-user-bandwidth + murmur-configuration-database-file + murmur-configuration-log-file + murmur-configuration-pid-file + murmur-configuration-autoban-attempts + murmur-configuration-autoban-timeframe + murmur-configuration-autoban-time + murmur-configuration-opus-threshold + murmur-configuration-channel-nesting-limit + murmur-configuration-channelname-regex + murmur-configuration-username-regex + murmur-configuration-text-message-length + murmur-configuration-image-message-length + murmur-configuration-cert-required + murmur-configuration-remember-channel + murmur-configuration-allow-html + murmur-configuration-allow-ping + murmur-configuration-bonjour + murmur-configuration-send-version + murmur-configuration-log-days + murmur-configuration-obfuscate-ips + murmur-configuration-ssl-cert + murmur-configuration-ssl-key + murmur-configuration-ssl-dh-params + murmur-configuration-ssl-ciphers + murmur-configuration-public-registration + murmur-configuration-file + + + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + murmur-public-registration-configuration-name + murmur-public-registration-configuration-url + murmur-public-registration-configuration-password + murmur-public-registration-configuration-hostname + + murmur-service-type)) + +;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini + +(define-record-type* murmur-configuration + make-murmur-configuration + murmur-configuration? + (package murmur-configuration-package ; + (default mumble)) + (user murmur-configuration-user + (default "murmur")) + (group murmur-configuration-group + (default "murmur")) + (port murmur-configuration-port + (default 64738)) + (welcome-text murmur-configuration-welcome-text + (default "")) + (server-password murmur-configuration-server-password + (default "")) + (max-users murmur-configuration-max-users + (default 100)) + (max-user-bandwidth murmur-configuration-max-user-bandwidth + (default #f)) + (database-file murmur-configuration-database-file + (default "/var/lib/murmur/db.sqlite")) + (log-file murmur-configuration-log-file + (default "/var/log/murmur/murmur.log")) + (pid-file murmur-configuration-pid-file + (default "/var/run/murmur/murmur.pid")) + (autoban-attempts murmur-configuration-autoban-attempts + (default 10)) + (autoban-timeframe murmur-configuration-autoban-timeframe + (default 120)) + (autoban-time murmur-configuration-autoban-time + (default 300)) + (opus-threshold murmur-configuration-opus-threshold + (default 100)) ; integer percent + (channel-nesting-limit murmur-configuration-channel-nesting-limit + (default 10)) + (channelname-regex murmur-configuration-channelname-regex + (default #f)) + (username-regex murmur-configuration-username-regex + (default #f)) + (text-message-length murmur-configuration-text-message-length + (default 5000)) + (image-message-length murmur-configuration-image-message-length + (default (* 128 1024))) ; 128 Kilobytes + (cert-required murmur-configuration-cert-required + (default #f)) + (remember-channel murmur-configuration-remember-channel + (default #f)) + (allow-html murmur-configuration-allow-html + (default #f)) + (allow-ping murmur-configuration-allow-ping + (default #f)) + (bonjour murmur-configuration-bonjour + (default #f)) + (send-version murmur-configuration-send-version + (default #f)) + (log-days murmur-configuration-log-days + (default 31)) + (obfuscate-ips murmur-obfuscate-ips + (default #t)) + (ssl-cert murmur-configuration-ssl-cert + (default #f)) + (ssl-key murmur-configuration-ssl-key + (default #f)) + (ssl-dh-params murmur-configuration-ssl-dh-params + (default #f)) + (ssl-ciphers murmur-configuration-ssl-ciphers + (default #f)) + (public-registration murmur-configuration-public-registration + (default #f)) ; + (file murmur-configuration-file + (default #f))) + +(define-record-type* + murmur-public-registration-configuration + make-murmur-public-registration-configuration + murmur-public-registration-configuration? + (name murmur-public-registration-configuration-name) + (password murmur-public-registration-configuration-password) + (url murmur-public-registration-configuration-url) + (hostname murmur-public-registration-configuration-hostname + (default #f))) + +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + +(define (default-murmur-config + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex usernam= e-regex + text-message-length image-message-length cert-required + remember-channel allow-html allow-ping bonjour send-version lo= g-days + obfuscate-ips ssl-cert ssl-key ssl-dh-params ssl-ciphers + public-registration) + (apply mixed-text-file "murmur.ini" + (flatten + "welcometext=3D" welcome-text "\n" + "port=3D" (number->string port) "\n" + "serverpassword=3D" server-password "\n" + (if max-user-bandwidth (list "bandwidth=3D" (number->string ma= x-user-bandwidth)) '()) + "users=3D" (number->string max-users) "\n" + "uname=3D" user "\n" + "database=3D" database-file "\n" + "logfile=3D" log-file "\n" + "pidfile=3D" pid-file "\n" + (if autoban-attempts (list "autobanAttempts=3D" (number->strin= g autoban-attempts) "\n") '()) + (if autoban-timeframe (list "autobanTimeframe=3D" (number->str= ing autoban-timeframe) "\n") '()) + (if autoban-time (list "autobanTime=3D" (number->string autoba= n-time) "\n") '()) + (if opus-threshold (list "opusthreshold=3D" (number->string op= us-threshold) "\n") '()) + (if channel-nesting-limit (list "channelnestinglimit=3D" (numb= er->string channel-nesting-limit) "\n") '()) + (if channelname-regex (list "channelname=3D" channelname-regex= "\n") '()) + (if username-regex (list "username=3D" username-regex "\n") '(= )) + (if text-message-length (list "textmessagelength=3D" (number->= string text-message-length) "\n") '()) + (if image-message-length (list "imagemessagelength=3D" (number= ->string image-message-length) "\n") '()) + (if log-days (list "logdays=3D" (number->string log-days) "\n"= ) '()) + "obfuscate=3D" (if obfuscate-ips "true" "false") "\n" + "certrequired=3D" (if cert-required "true" "false") "\n" + "rememberchannel" (if remember-channel "true" "false") "\n" + "allowhtml=3D" (if allow-html "true" "false") "\n" + "allowping=3D" (if allow-ping "true" "false") "\n" + "bonjour=3D" (if bonjour "true" "false") "\n" + "sendversion=3D" (if send-version "true" "false") "\n" + (cond ((and ssl-cert ssl-key) + (list + "sslCert=3D" ssl-cert "\n" + "sslKey=3D" ssl-key "\n")) + ((or ssl-cert ssl-key) + (error "ssl-cert and ssl-key must both be set" + ssl-cert ssl-key)) + (else '())) + (if ssl-dh-params (list "sslDHParams=3D" ssl-dh-params) '()) + (if ssl-ciphers (list "sslCiphers=3D" ssl-ciphers) '()) + + (match public-registration + (#f '()) + (($ + name password url hostname) + (if (and (or (not server-password) (string-null? server-pas= sword)) + allow-ping) + (list + "registerName=3D" name "\n" + "registerPassword=3D" password "\n" + "registerUrl=3D" url "\n" + (if hostname + (string-append "registerHostname=3D" hostname "\n"= ) + "")) + (error "To publicly register your murmur server your se= rver must be publicy visible +and users must be able to join without a password. To fix this set: +(allow-ping #t) +(server-password "") +Or set public-registration to #f"))))))) + +(define murmur-activation + (match-lambda + (($ + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex username-= regex + text-message-length image-message-length cert-required remember-= channel + allow-html allow-ping bonjour send-version log-days obfuscate-ip= s + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) + #~(begin + (use-modules (guix build utils)) + (let ((log-dir (dirname #$log-file)) + (pid-dir (dirname #$pid-file)) + (db-dir (dirname #$database-file)) + (user (getpwnam #$user)) + (init-dir + (lambda (name dir user) + (format #t "creating murmur ~a directory '~a'\n" name = dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700))) + (ini #$(or file + (default-murmur-config + package user group port welcome-text + server-password max-users max-user-bandwidth= + database-file log-file pid-file autoban-atte= mpts + autoban-timeframe autoban-time + opus-threshold channel-nesting-limit + channelname-regex username-regex + text-message-length image-message-length + cert-required remember-channel allow-html al= low-ping + bonjour send-version log-days obfuscate-ips = ssl-cert + ssl-key ssl-dh-params ssl-ciphers + public-registration)))) + (init-dir "log" log-dir user) + (init-dir "pid" pid-dir user) + (init-dir "database" db-dir user) + + (format #t "murmur: use config file: ~a~%\n" ini) + (format #t "murmur: to set the SuperUser password run: + `~a -ini ~a -readsupw`\n" + #$(file-append package "/bin/murmurd") ini) + #t))))) + +(define murmur-accounts + (match-lambda + (($ _ user group) + (filter identity + (list + (and (equal? group "murmur") + (user-group + (name "murmur") + (system? #t))) + (and (equal? user "murmur") + (user-account + (name "murmur") + (group group) + (system? #t) + (comment "Murmur Daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))))) + +(define murmur-shepherd-service + (match-lambda + (($ + package user group port welcome-text server-password + max-users max-user-bandwidth database-file log-file pid-file + autoban-attempts autoban-timeframe autoban-time + opus-threshold channel-nesting-limit channelname-regex username-= regex + text-message-length image-message-length cert-required remember-= channel + allow-html allow-ping bonjour send-version log-days obfuscate-ip= s + ssl-cert ssl-key ssl-dh-params ssl-ciphers public-registration f= ile) + (list (shepherd-service + (provision '(murmur)) + (documentation "Run the murmur mumble-server.") + (requirement '(networking)) + (start #~(make-forkexec-constructor + '(#$(file-append package "/bin/murmurd") + "-ini" + #$(or file + (default-murmur-config + package user group port welcome-text + server-password max-users max-user-bandw= idth + database-file log-file pid-file autoban-= attempts + autoban-timeframe autoban-time + opus-threshold channel-nesting-limit + channelname-regex username-regex + text-message-length image-message-length= + cert-required remember-channel allow-htm= l + allow-ping bonjour send-version log-days= + obfuscate-ips ssl-cert ssl-key ssl-dh-pa= rams + ssl-ciphers public-registration))) + #:pid-file #$pid-file)) + (stop #~(make-kill-destructor))))))) + +(define murmur-service-type + (service-type (name 'murmur) + (description "The murmur service type.") + (extensions + (list (service-extension shepherd-root-service-type + murmur-shepherd-service) + (service-extension activation-service-type + murmur-activation) + (service-extension account-service-type + murmur-accounts))) + (default-value (murmur-configuration)))) --=20 2.14.1 --------------5590D08EA497AC61F1B07107-- ------------=_1509878582-12608-1--