Commit graph

22 commits

Author SHA1 Message Date
Brice Waegeneire
ea55e1355b
services: dnsmasq: Extend 'activation-service'.
* gnu/services/dns.scm (dnsmasq-activation): New procedure …
(dnsmasq-service-type): … use it.
2021-05-31 22:06:54 +02:00
Maxime Devos
520bac7ed0
services: Prevent following symlinks during activation.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files.  However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.

Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>

* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
  (%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-10 18:01:47 +01:00
Alexey Abramov
408f0b4c4d
services: knot: Fix configuration verification.
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.

Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
2021-02-11 11:11:39 +08:00
Simon South
5ede259526
services: knot-resolver: Replace deprecated command-line option.
This silences a warning from the service at startup.

* gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n"
command-line option to kresd in place of the deprecated "-f 1".

Signed-off-by: Leo Famulari <leo@famulari.name>
2020-10-27 18:42:39 -04:00
Danny Milosavljevic
34d1c0a03b
services: dnsmasq: Add TFTP configuration fields.
* gnu/services/dns.scm (<dnsmasq-configuration>): Add TFTP configuration
fields.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi (DNS Services): Document them.
2020-10-06 08:13:39 +02:00
Ludovic Courtès
dd0804c67e
services: Add descriptions.
* gnu/services/dbus.scm (polkit-service-type)[description]: New field.
* gnu/services/dict.scm (dicod-service-type)[description]: New field.
* gnu/services/dns.scm (knot-service-type)[description]: New field.
* gnu/services/networking.scm (dhcpd-service-type)[description]: New field.
* gnu/services/shepherd.scm (shepherd-root-service-type)[description]:
New field.
* gnu/services/xorg.scm (slim-service-type)[description]: New field.
(screen-locker-service-type)[description]: New field.
* gnu/system/pam.scm (pam-root-service-type)[description]: New field.
* gnu/system/shadow.scm (account-service-type)[description]: New field.
2020-05-08 16:30:50 +02:00
Pierre Langlois
5a0b78e62b
services: dnsmasq: Support the --address flag.
Introduce a new `addresses' field that translates to passing `--address='
multiple times to dnsmasq.

* gnu/services/dns.scm (<dnsmasq-configuration>): Add an addresses field.
(dnsmasq-shepherd-service): Match the addresses field and translate it to
multiple '--address=' flags.
* doc/guix.texi (DNS Services): Document it.

Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
2020-05-02 13:00:24 +08:00
宋文武
244db6bbc8
services: knot-resolver: Manage a root TA at /var/cache/knot-resolver.
* gnu/services/dns.scm (%kresd.conf): Add /var/cache/knot-resolver/root.keys
as the root TA.
2020-01-22 20:18:56 +08:00
宋文武
6ec68c69b0
services: Add knot-resolver-service-type.
* gnu/services/dns.scm (<knot-resolver-configuration>): New record type.
(knot-resolver-activation, knot-resolver-shpherd-services): New procedures.
(%knot-resolver-accounts, %kresd.conf, knot-resolver-service-type): New
variables.
* doc/guix.texi (DNS Services): Document it.
2019-11-11 20:30:53 +08:00
Julien Lepiller
b8e2bd4fc8
gnu: knot: Fix typos.
* gnu/services/dns.scm: Fix typos.
2019-04-27 15:56:35 +02:00
Julien Lepiller
6cd7b1be7e
gnu: knot: Add configuration fields.
* gnu/services/dns.scm (knot-zone-configuration)[zonefile-load]
[journal-content, max-journal-usage, max-journal-depth, max-zone-size]:
New fields.
(knot-zone-config): Serialize them.
* doc/guix.texi (DNS Services): Document them.
2019-04-27 13:02:31 +02:00
Ludovic Courtès
435551f0fa
services: knot: Fix configuration file generation.
Fixes a regression introduced in
92eb600f8a.

* gnu/services/dns.scm (knot-config-file): Add ungexp around call to
'knot-configuration-includes'.
2019-04-27 00:19:41 +02:00
Julien Lepiller
e379d1b5ef
gnu: dns: Fix configuration formating.
* gnu/services/dns.scm (format-string-list): Fix formating of lists with
only one symbol.
2019-04-26 18:37:48 +02:00
Julien Lepiller
92eb600f8a
gnu: knot-service: Add includes field in configuration.
* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
2019-04-25 21:44:55 +02:00
Oleg Pykhalov
9325533bd0
services: ddclient: Fix unrecognized keywords.
This patch fixes warnings about unrecognized keywords in logs.

* gnu/services/dns.scm (serialize-field): Skip some field names.
2018-12-04 07:16:00 +03:00
Oleg Pykhalov
7f860a8be1
gnu: services: dns: Fix 'ddclient-activation'.
* gnu/services/dns.scm (ddclient-activation): Fix procedure.
2018-11-06 07:16:44 +03:00
Oleg Pykhalov
8490a8346b
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-08-30 01:19:47 +03:00
宋文武
0d4c2d35af
services: dnsmasq-service-type: Add default configuration and description.
* gnu/services/dns.scm (dnsmasq-service-type)
[default-value, description]: New fields.
2018-06-08 23:32:49 +08:00
宋文武
c061eb587c
services: dnsmasq: Use 'negative-cache?' instead of 'no-negcache?'.
The 'no-negcache?' option is mapped to the '--no-negcache' command-line
argument directly, but we're in the scheme world, where the general guideline
is to avoid double-negations in identifiers.

* gnu/services/dns.scm <dnsmasq-configuration>: Replace the 'no-negcache?'
field with 'negative-cache?'.
* doc/guix.texi (DNS Services)[Dnsmasq Service]: Adjust accordingly.
2018-06-08 23:32:49 +08:00
宋文武
97f6e9133a
services: Add dnsmasq-service-type.
* gnu/services/dns.scm (dnsmasq-service-type): New variable.
(<dnsmasq-configuration>): New record type.
(dnsmasq-shepherd-service): New procedure.
* doc/guix.texi (DNS Services): Document it.
2018-06-05 20:05:31 +08:00
Julien Lepiller
f3853a259b
gnu: services: use seconds instead of duration strings.
* gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers
instead of duration strings.
(verify-knot-policy-configuration): Fix typo.
* doc/guix.texi (DNS Services): Update documentation.
2017-06-21 19:29:57 +02:00
Julien Lepiller
ba69e8f7ce
gnu: Add knot-service-type.
* gnu/services/dns.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (DNS Services): New subsubsection.
2017-05-27 10:40:24 +02:00