When trying to run certbot, the mcron command fails, as
/etc/letsencrypt/live is missing. This patch adds it into the certbot
activation service.
* gnu/services/certbot.scm (certbot-activation): Make /etc/letsencrypt/live.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This gets rid of that (in)famous at boot time:
error in finalization thread: Success
This was caused by the file-descriptor closing loop, which would clause
the finalization pipe, leading the finalization thread to (erroneously)
error out.
Thanks to Josselin Poiret for locating the problem!
* gnu/services/shepherd.scm (shepherd-boot-gexp): In 'loop', replace
'close-fdes' with a pair of 'fcntl' calls to add FD_CLOEXEC.
An empty root or index field is an error in nginx.
* gnu/services/web.scm (emit-nginx-server-config): Don't emit root or
index fields when they are empty
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/44944>.
* gnu/services/xorg.scm (%gdm-activation): Delete variable.
(gdm-service-type): De-register it.
* gnu/services/desktop.scm (%gdm-file-system): New variable.
(gdm-file-system-service): Likewise.
(desktop-services-for-system): Use it.
This a followup to 59ee837d8b, which changed the
default value of the HandleLidSwitchExternalPower to the empty string.
Unfortunately this causes elogind to print a warning (although it otherwise
works as intended). This change fixes that.
* gnu/services/desktop.scm (elogind-configuration-file)<handle-action>: Let
the unspecified value go through.
<ini-file-clause>: When an unspecified file is encountered, do not produce any
text to serialize.
Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit
1ba0e38267 whereby files opened by, say,
the 'start' method of 'urandom-seed', could leak into the execution
environment of some other service--e.g., 'term-tty4'.
* gnu/services/shepherd.scm (shepherd-configuration-file)[config]:
Override 'call-with-input-file' and 'call-with-output-file'.
Reported by zamfofex.
Regression introduced in 2bac6ea177.
* gnu/services/virtualization.scm (secret-service-operating-system):
Add 'inherit' keyword for 'guix-configuration'.
Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.
* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
* gnu/services/web.scm (<nginx-configuration>)[shepherd-requirement]:
New field.
(nginx-shepherd-service): Honor it.
* doc/guix.texi (Web Services): Document it.
This is the documented default of UPower 0.99.15 (the actual default
appears to be #f though).
* gnu/services/desktop.scm (<upower-configuration>)
[use-percentage-for-policy?]: Default to #t.
* doc/guix.texi (Desktop Services): Adjust accordingly. Explain the
tradeoff.
These values are those used by default by UPower 0.99.15.
* gnu/services/desktop.scm (<upower-configuration>)[percentage-low]
[percentage-critical]: Increase.
* doc/guix.texi (Desktop Services): Update accordingly.
* gnu/services/security.scm: Wrong condition in string-filter
function in fail2ban-jail-configuration-serialize-field-name.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Fixes https://issues.guix.gnu.org/56444
* gnu/services/version-control.scm (gitolite-activation): Modify permissions
on home directory so that git group has read access.
Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>
Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
* gnu/services/lightdm.scm: New service.
* tests/services/lightdm.scm: Test it.
* doc/guix.texi (X Window): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.
Co-authored-by: L p R n d n <guix@lprndn.info>
Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
* gnu/services/base.scm (<greetd-configuration>)
[greeter-supplementary-groups]: New field.
(%greetd-accounts): Rename to...
(greetd-accounts): ... this. Convert to a function that takes a config
argument. Use greeter-supplementary-groups.
(greetd-service-type): Adjust accordingly.
* gnu/tests/desktop.scm (%minimal-services): Add test for
greeter-supplementary-groups.
* doc/guix.texi ("Base Services")[greetd-service-type]: Document
greeter-supplementary-groups.
* gnu/services/desktop.scm (seatd-group-sanitizer): New variable.
(<seatd-configuration>)[user]: Removed field.
[group]: Changed to "seat". Sanitize via seatd-group-sanitizer.
(seatd-accounts): New variable.
(seatd-environment): Adjust to <seatd-configuration> ABI.
(seatd-service-type)[extensions]: Add account-service-type with seatd-accounts.
* gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct
ownership of $SEATD_SOCK.
* doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users
may need to become members of the "seat" group.
Update default value for group field.
Add explanation on seatd.sock file.
Remove dropped user field.
The new value of %unset-value sticks out more when something goes wrong, and
is also more unique; i.e. easier to search for.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (%unset-value): New variable.
(normalize-field-type+def): Use it.
(maybe-value-unset?): Use it.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (maybe-value-set?): New procedure.
* doc/guix.texi (Complex Configurations): Document it. Remove comment showing
usage of 'maybe-string' with a default value, which doesn't make sense.
Co-authored-by: Attila Lendvai <attila@lendvai.name>
Fixes <https://issues.guix.gnu.org/57052>, which was a behavior change
introduced inadvertently in 4c698cd512.
* gnu/services/desktop.scm (<elogind-configuration>)
[handle-lid-switch-external-power]: Default to *unspecified*, which serializes
to nothing. This matches upstream behavior, meaning that even when plugged to
a power cord, a laptop will suspend when the lid is closed.
* doc/guix.texi (Desktop Services): Update doc.
Reported-by: Cairn <cairn@pm.me>
Fix the check for empty device path. Do not use --daemonize, since that is
handled by make-forkexec-constructor. Drop the --pidfile option which is
unused without --daemonize.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify
command arguments.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/56799>.
This partially reverts 8cb1a49a39.
Rationale: *unspecified* cannot be serialized thus used as a G-Expression
input, which is problematic/inconvenient when using deeply nested records. As
an example, jami-service-type was broken when using partially defined
<jami-account> records.
* gnu/services/configuration.scm (define-maybe-helper): Check against the
'unset symbol.
(normalize-field-type+def): Adjust value to 'unset.
(define-configuration-helper): Use 'unset as the default value thunk.
* gnu/services/file-sharing.scm (serialize-maybe-string): Check against the
'unset symbol.
(serialize-maybe-file-object): Likewise.
* gnu/services/messaging.scm (define-all-configurations): Use 'unset as
value.
(raw-content?): Check against 'unset symbol.
(prosody-configuration)[http-max-content-size]: Default to 'unset.
[http-external-url]: Likewise.
[mod-muc]: Likewise.
[raw-content]: Likewise.
* gnu/services/networking.scm (opendht-configuration): Adjust documentation.
* gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined*
with the 'unset symbol.
* tests/services/configuration.scm ("maybe type, no default"): Check against
the 'unset symbol.
* doc/guix.texi: Regenerate the opendht-configuration,
openvpn-client-configuration and openvpn-server-configuration documentation.
This is a patch that fixes "<executable name>: this program must be setgid smtpq".
* gnu/services/mail.scm (<opensmtpd-configuration>)[setgid-commands?]: New field.
(opensmtpd-set-gids): New procedure.
(opensmtpd-service-type)[extensions]: Add SETUID-PROGRAM-SERVICE-TYPE extension.
* doc/guix.texi (Mail Services): Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The default "rotate" value is 1 as of rottlog 0.72.2, meaning that only
one rotated file would be kept in addition to the active file.
* gnu/services/admin.scm (%default-rotations): Add "rotate" option for
%ROTATED-FILES.
The service uses syslog and additionally shepherd 0.9 captures its
stdout/stderr, so there's no point in passing #:log-file.
* gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file
argument to 'make-forkexec-constructor'.
(%tor-log-rotation): Remove.
(tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
Since revision 32, guix-data-service starts immediately but returns an HTTP
error code until initialization is complete. Adjust the test accordingly, and
remove the increased startup time limit.
* gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout.
* gnu/tests/guix.scm (guix-data-service): Retry the http-get test several
times to give the service time to initialize.
Signed-off-by: Christopher Baines <mail@cbaines.net>
The previous approach didn't support a simple alist.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix
passing parallel-hooks in to the start gexp.
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
I'm looking at this as I'd like to use the keepalive functionality.
* gnu/services/web.scm (nginx-upstream-configuration-extra-content): New
procedure.
(emit-nginx-upstream-config): Include the extra-content if applicable.
* doc/guix.texi (NGINX): Document this.
* gnu/services/guix.scm (guix-build-coordinator-configuration-parallel-hooks):
New procedure.
(make-guix-build-coordinator-start-script): Accept and use #:parallel-hooks.
(guix-build-coordinator-shepherd-services): Pass parallel-hooks to
make-guix-build-coordinator-start-script.
* doc/guix.texi (Guix Build Coordinator): Document this new field.