services: ngircd: Revert to use make-forkexec-constructor.

The use of make-systemd-constructor appears to cause problems when connecting via TLS (see: https://github.com/ngircd/ngircd/issues/330). * gnu/services/messaging.scm (ngircd-global): [pid-file]: Set default value and remove maybeness. Adjust doc. * gnu/services/messaging.scm (ngircd-configuration): Adjust comment. (ngircd-wrapper): Expose writable PID file and preserve pid namespace. (ngircd-shepherd-service): Replace make-systemd-constructor with make-forkexec-constructor and adjust surrounding accordingly. (ngircd-activation): New procedure. (ngircd-service-type): Extend activation-service-type with it. Change-Id: Ic7c135ab45122e180107cde8bb9976426e3afbc4
2025-07-13 18:40:57 +02:00 · 2025-04-12 14:23:31 +09:00 · 2025-04-12 14:23:31 +09:00 · e78f8a85bb
commit e78f8a85bb
parent 5533ebf57b
2 changed files with 36 additions and 35 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -30492,9 +30492,8 @@ Global password or all users needed to connect to the server.  By
 default, no password is required.  PAM must be disabled for this option
 to have an effect.

-@item @code{pid-file} (type: maybe-string)
+@item @code{pid-file} (default: @code{"/run/ngircd/ngircd.pid"}) (type: string)
 The file name where the PID of ngIRCd should be written after it starts.
-By default, no PID file is created.

@item @code{ports} (default: @code{(6667)}) (type: list-of-ports)
 Port number(s) on which the server should listen for @emph{unencrypted}
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@ -1124,9 +1124,8 @@ is only used to inform clients.")
 no password is required.  PAM must be disabled for this option to have an
 effect.")
  (pid-file
-   maybe-string
-   "The file name where the PID of ngIRCd should be written after it starts.
-By default, no PID file is created.")
+   (string "/run/ngircd/ngircd.pid")
+   "The file name where the PID of ngIRCd should be written after it starts.")
  (ports
   (list-of-ports (list 6667))
   "Port number(s) on which the server should listen for @emph{unencrypted}
@ -1429,8 +1428,7 @@ for different users.  Refer to @samp{man 5 ngircd.conf} for more details.")
   "Shepherd requirements the service should depend on."
   (serializer empty-serializer))
  (global
-   ;; Always use a ngircd-global default to ensure the default addresses
-   ;; listened to are known (used to compute the socket endpoints).
+   ;; Always use a ngircd-global default to ensure 'pid-file' is defined.
   (ngircd-global (ngircd-global))
   "A ngircd-global record object used to specify global options.")
  (limits
@ -1526,6 +1524,7 @@ wrapper for the 'ngircd' command."
  (let* ((ngircd.conf (serialize-ngircd-configuration config))
         (user group (ngircd-user+group config))
         (global (ngircd-configuration-global config))
+         (pid-file (ngircd-global-pid-file global))
         (help-file (ngircd-global-help-file global))
         (motd-file (ngircd-global-motd-file global))
         (ssl (ngircd-configuration-ssl config))
@ -1543,7 +1542,11 @@ wrapper for the 'ngircd' command."
             (writable? #t))
            (file-system-mapping
             (source ngircd.conf)
-             (target source)))
+             (target source))
+            (file-system-mapping
+             (source (string-append (dirname pid-file)))
+             (target source)
+             (writable? #t)))
      (if (maybe-value-set? help-file)
          (list (file-system-mapping
                 (source help-file)
@ -1592,48 +1595,45 @@ wrapper for the 'ngircd' command."
     #:user user
     #:group group
     ;; ngircd wants to look up users in /etc/passwd so run in the global user
-     ;; namespace.
-     #:namespaces (fold delq %namespaces '(net user)))))
+     ;; namespace.  Also preserve the PID namespaces otherwise the PID file
+     ;; would contain an unrelated PID number and confuse Shepherd.
+     #:namespaces (fold delq %namespaces '(net pid user)))))

 (define (ngircd-shepherd-service config)
  (match-record config <ngircd-configuration>
-                (ngircd debug? global shepherd-requirement ssl)
+                (debug? global shepherd-requirement ssl)
    (let* ((ngircd.conf (serialize-ngircd-configuration config))
-           (ngircd (file-append ngircd "/sbin/ngircd"))
-           (addresses (ngircd-global-listen global))
-           (ports* (ngircd-global-ports global))
-           (ports (if (and (maybe-value-set? ssl)
-                           (maybe-value-set? (ngircd-ssl-ports ssl)))
-                      (append ports* (ngircd-ssl-ports ssl))
-                      ports*)))
+           (pid-file (ngircd-global-pid-file global)))
      (list (shepherd-service
             (provision '(ngircd))
             (requirement shepherd-requirement)
             (modules (cons '(srfi srfi-1) %default-modules))
             (actions (list (shepherd-configuration-action ngircd.conf)))
-             (start #~(make-systemd-constructor
+             ;; Sadly, 'make-systemd-constructor' doesn't work with TLS
+             ;; connections, which hang up (see:
+             ;; https://github.com/ngircd/ngircd/issues/330).
+             (start #~(make-forkexec-constructor
                       (append (list #$(ngircd-wrapper config)
                                     "--nodaemon"
                                     "--config" #$ngircd.conf)
                               (if #$debug?
                                   '("--debug")
                                   '()))
-                       ;; Compute endpoints for each listen addresses/ports
-                       ;; combinations.
-                       (append-map
-                        (lambda (port)
-                          (map (lambda (addr)
-                                 (endpoint
-                                  (addrinfo:addr
-                                   (car (getaddrinfo
-                                         addr
-                                         (number->string port)
-                                         (logior AI_NUMERICHOST
-                                                 AI_NUMERICSERV))))))
-                               (list #$@addresses)))
-                        (list #$@ports))
+                       #:pid-file #$pid-file
                       #:log-file "/var/log/ngircd.log"))
-             (stop  #~(make-systemd-destructor)))))))
+             (stop  #~(make-kill-destructor)))))))
+
+(define (ngircd-activation config)
+  (let* ((pid-file (ngircd-global-pid-file
+                    (ngircd-configuration-global config)))
+         (user _ (ngircd-user+group config)))
+    #~(begin
+        (use-modules (guix build utils)
+                     (ice-9 match))
+        (define pw (match #$user
+                     ((? number?) (getpwuid #$user))
+                     ((? string?) (getpwnam #$user))))
+        (mkdir-p/perms #$(dirname pid-file) pw #o755))))

 (define ngircd-service-type
  (service-type
@ -1644,7 +1644,9 @@ wrapper for the 'ngircd' command."
          (service-extension profile-service-type
                             (compose list ngircd-configuration-ngircd))
          (service-extension account-service-type
-                             ngircd-account)))
+                             ngircd-account)
+          (service-extension activation-service-type
+                             ngircd-activation)))
   (default-value (ngircd-configuration))
   (description
    "Run @url{https://ngircd.barton.de/, ngIRCd}, a lightweight @acronym{IRC,