Commit graph

1584 commits

Author SHA1 Message Date
Mája Tomášek
1bf18818c6
services: certbot: Create "live" directory during activation.
When trying to run certbot, the mcron command fails, as
/etc/letsencrypt/live is missing.  This patch adds it into the certbot
activation service.

* gnu/services/certbot.scm (certbot-activation): Make /etc/letsencrypt/live.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-09-29 22:59:48 +02:00
Ludovic Courtès
168a7933c0
services: shepherd: Leave the finalization thread in peace.
This gets rid of that (in)famous at boot time:

  error in finalization thread: Success

This was caused by the file-descriptor closing loop, which would clause
the finalization pipe, leading the finalization thread to (erroneously)
error out.

Thanks to Josselin Poiret for locating the problem!

* gnu/services/shepherd.scm (shepherd-boot-gexp): In 'loop', replace
'close-fdes' with a pair of 'fcntl' calls to add FD_CLOEXEC.
2022-09-29 22:56:56 +02:00
Brice Waegeneire
45eac6cdf5
services: Add file system utilities to profile.
* gnu/services/base.scm (file-system-type->utilities)
(file-system-utilities): New procedures.
(file-system-service-type): Extend 'profile-service-type' with
'file-system-utilities'.
* gnu/system.scm (boot-file-system-service): New procedure.
(operating-system-default-essential-services): Use it.
(%base-packages): Remove 'e2fsprogs'.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-09-28 19:45:38 -04:00
Maxim Cournoyer
2703b16005
services: samba: Remove unused variables and modules.
* gnu/services/samba.scm (%smb-conf): Delete unused variable.
2022-09-28 09:57:30 -04:00
Simen Endsjø
75e7c09461
services: nginx: Don't emit empty fields
An empty root or index field is an error in nginx.

* gnu/services/web.scm (emit-nginx-server-config): Don't emit root or
index fields when they are empty

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-09-26 23:29:38 +02:00
Simon Streit
e1ce100915
services: Add wsdd service.
* doc/guix.texi: Add documentation for wsdd service.
* gnu/services/samba.scm (<wsdd-configuration>): New record.
(wsdd-service-type): New variable.
(wsdd-shepherd-services): New procedure.
* gnu/tests/samba.scm (%wsdd-os): Add variable.
(run-wsdd-test): New procedure.
(%test-wsdd): New variable.

Signed-off-by: Lars-Dominik Braun <lars@6xq.net>
2022-09-24 09:41:24 +02:00
Simon Streit
d68721c55a
services: Add samba service.
* gnu/services/samba.scm: New file.
* gnu/tests/samba.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add them.
* po/guix/POTFILES.in Add 'gnu/services/samba.scm'.
* doc/guix.texi: Document it.

Signed-off-by: Lars-Dominik Braun <lars@6xq.net>
2022-09-24 09:38:57 +02:00
Maxim Cournoyer
effdc6c83e
services: jami-service-type: Streamline stop slot.
* gnu/services/telephony.scm (jami-shepherd-services)
[stop]: Use make-kill-destructor with SIGKILL.  Add comment.
2022-09-23 23:56:16 -04:00
Maxim Cournoyer
46fee48d5c
services: configuration: Fix typo.
* gnu/services/configuration.scm (interpose): Fix typo in doc.
(text-config?): Add a newline following definition.
2022-09-23 00:50:12 -04:00
Maxim Cournoyer
d7e56aebec
services: desktop: Mount /var/lib/gdm on a tmpfs file system.
Fixes <https://issues.guix.gnu.org/44944>.

* gnu/services/xorg.scm (%gdm-activation): Delete variable.
(gdm-service-type): De-register it.
* gnu/services/desktop.scm (%gdm-file-system): New variable.
(gdm-file-system-service): Likewise.
(desktop-services-for-system): Use it.
2022-09-16 16:27:08 -04:00
Maxim Cournoyer
106660e3ff
services: elogind-configuration-file: Do not serialize unspecified items.
This a followup to 59ee837d8b, which changed the
default value of the HandleLidSwitchExternalPower to the empty string.
Unfortunately this causes elogind to print a warning (although it otherwise
works as intended).  This change fixes that.

* gnu/services/desktop.scm (elogind-configuration-file)<handle-action>: Let
the unspecified value go through.
<ini-file-clause>: When an unspecified file is encountered, do not produce any
text to serialize.
2022-09-16 12:02:24 -04:00
muradm
29d52a56f2
gnu: fail2ban-service-type: Improve extra-content fields.
* gnu/services/security.scm
(fail2ban-jail-configuration)[extra-content]: Change to text-config.
(fail2ban-configuration)[extra-content]: Change to text-config.
* gnu/doc/guix.texi: Update type of extra-content fields.

Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-09-14 11:29:11 -04:00
Ludovic Courtès
66fdaf3677
services: shepherd: Install O_CLOEXEC variant of 'call-with-input-file' & co.
Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit
1ba0e38267 whereby files opened by, say,
the 'start' method of 'urandom-seed', could leak into the execution
environment of some other service--e.g., 'term-tty4'.

* gnu/services/shepherd.scm (shepherd-configuration-file)[config]:
Override 'call-with-input-file' and 'call-with-output-file'.
2022-09-13 00:31:04 +02:00
Ludovic Courtès
32583c8c20
services: secret-service: Inherit from the original 'guix-configuration'.
Reported by zamfofex.

Regression introduced in 2bac6ea177.

* gnu/services/virtualization.scm (secret-service-operating-system):
Add 'inherit' keyword for 'guix-configuration'.
2022-09-13 00:31:04 +02:00
Mathieu Othacehe
22bfc42fab
services: web: Fix long lines.
* gnu/services/web.scm: Remove a trailing space and wrap long line. No
functional change.
2022-09-11 15:49:30 +02:00
Ludovic Courtès
081bb6a7bd
services: shepherd: Open /dev/null as O_CLOEXEC.
Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.

* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
2022-09-11 00:16:57 +02:00
Oleg Pykhalov
8eeadc8cb8
services: libvirt: Fix listen TCP.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Add '--listen'
argument if 'listen-tcp?' is true.
2022-09-09 23:50:55 +03:00
Hilton Chain
685dd8fb13
services: agetty-service-type: Add missing dash.
* gnu/services/base.scm (<agetty-configuration>): Add missing dash for
no-hostname? configuration.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-09-08 16:22:23 +02:00
Ludovic Courtès
8c5065c6d1
services: nginx: Add 'shepherd-requirement' configuration field.
* gnu/services/web.scm (<nginx-configuration>)[shepherd-requirement]:
New field.
(nginx-shepherd-service): Honor it.
* doc/guix.texi (Web Services): Document it.
2022-09-06 16:58:12 +02:00
Ludovic Courtès
eedf71f948
services: upower: Default to a percentage-based policy.
This is the documented default of UPower 0.99.15 (the actual default
appears to be #f though).

* gnu/services/desktop.scm (<upower-configuration>)
[use-percentage-for-policy?]: Default to #t.
* doc/guix.texi (Desktop Services): Adjust accordingly.  Explain the
tradeoff.
2022-09-04 23:10:10 +02:00
Ludovic Courtès
4765242540
services: upower: Update default percentage values.
These values are those used by default by UPower 0.99.15.

* gnu/services/desktop.scm (<upower-configuration>)[percentage-low]
[percentage-critical]: Increase.
* doc/guix.texi (Desktop Services): Update accordingly.
2022-09-04 23:10:09 +02:00
muradm
fa2d651475
gnu: fail2ban-service-type: Fix documentation typos.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-09-01 08:58:16 -04:00
muradm
7686dd9676
gnu: fail2ban-service-type: Improve jail configuration serialization.
* gnu/services/security.scm (fail2ban-jail-configuration)
[name]: Should use empty-serializer.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-09-01 08:58:16 -04:00
muradm
80d9edb69d
gnu: fail2ban-service-type: Fix field name serialization.
* gnu/services/security.scm: Wrong condition in string-filter
function in fail2ban-jail-configuration-serialize-field-name.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-09-01 08:58:15 -04:00
David Thompson
9b5b1dde32
services: gitolite: Relax permissions on service user home directory.
Fixes https://issues.guix.gnu.org/56444

* gnu/services/version-control.scm (gitolite-activation): Modify permissions
  on home directory so that git group has read access.

Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>

Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
2022-08-30 12:37:19 -04:00
Maxim Cournoyer
0ea62e84a7
services: Add lightdm-service-type.
* gnu/services/lightdm.scm: New service.
* tests/services/lightdm.scm: Test it.
* doc/guix.texi (X Window): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.

Co-authored-by: L p R n d n <guix@lprndn.info>
Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
2022-08-28 22:28:47 -04:00
muradm
3c2d2b4538
gnu: security: Add fail2ban-service-type.
* gnu/services/security.scm: New module.
* gnu/tests/security.scm: New module.
* gnu/local.mk: Add new security module and tests.
* doc/guix.text: Add fail2ban-service-type documentation.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-08-28 21:46:30 -04:00
muradm
cac3914dfc
gnu: greetd-service-type: Add supplementary groups to greeter.
* gnu/services/base.scm (<greetd-configuration>)
[greeter-supplementary-groups]: New field.
(%greetd-accounts): Rename to...
(greetd-accounts): ... this.  Convert to a function that takes a config
argument.  Use greeter-supplementary-groups.
(greetd-service-type): Adjust accordingly.
* gnu/tests/desktop.scm (%minimal-services): Add test for
greeter-supplementary-groups.
* doc/guix.texi ("Base Services")[greetd-service-type]: Document
greeter-supplementary-groups.
2022-08-26 18:50:33 +02:00
muradm
d1815a68ea
gnu: seatd-service-type: Use seat group.
* gnu/services/desktop.scm (seatd-group-sanitizer): New variable.
(<seatd-configuration>)[user]: Removed field.
[group]: Changed to "seat".  Sanitize via seatd-group-sanitizer.
(seatd-accounts): New variable.
(seatd-environment): Adjust to <seatd-configuration> ABI.
(seatd-service-type)[extensions]: Add account-service-type with seatd-accounts.
* gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct
ownership of $SEATD_SOCK.
* doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users
may need to become members of the "seat" group.
Update default value for group field.
Add explanation on seatd.sock file.
Remove dropped user field.
2022-08-26 18:48:37 +02:00
Attila Lendvai
6fb9759ef3
services: configuration: Change the value of the unset marker.
The new value of %unset-value sticks out more when something goes wrong, and
is also more unique; i.e. easier to search for.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-08-25 00:10:42 -04:00
Attila Lendvai
ee08277a70
services: Use the new maybe/unset API.
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.

Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-08-25 00:10:32 -04:00
Attila Lendvai
cc32cd41f7
services: configuration: Add maybe-value exported procedure.
* gnu/services/configuration.scm (maybe-value): New procedure.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-08-24 23:27:54 -04:00
Attila Lendvai
147f8f19f8
services: configuration: Add %unset-value exported variable.
* gnu/services/configuration.scm (%unset-value): New variable.
(normalize-field-type+def): Use it.
(maybe-value-unset?): Use it.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-08-24 23:27:53 -04:00
Maxim Cournoyer
1c803e63f9
services: configuration: Add a 'maybe-value-set?' procedure.
* gnu/services/configuration.scm (maybe-value-set?): New procedure.
* doc/guix.texi (Complex Configurations): Document it.  Remove comment showing
usage of 'maybe-string' with a default value, which doesn't make sense.

Co-authored-by: Attila Lendvai <attila@lendvai.name>
2022-08-24 22:34:45 -04:00
Maxim Cournoyer
59ee837d8b
services: elogind: Fix default behavior for lid close.
Fixes <https://issues.guix.gnu.org/57052>, which was a behavior change
introduced inadvertently in 4c698cd512.

* gnu/services/desktop.scm (<elogind-configuration>)
[handle-lid-switch-external-power]: Default to *unspecified*, which serializes
to nothing.  This matches upstream behavior, meaning that even when plugged to
a power cord, a laptop will suspend when the lid is closed.
* doc/guix.texi (Desktop Services): Update doc.

Reported-by: Cairn <cairn@pm.me>
2022-08-10 00:33:30 -04:00
Timotej Lazar
ee199cd3ba
services: qemu-guest-agent: Fix arguments to qemu-ga.
Fix the check for empty device path. Do not use --daemonize, since that is
handled by make-forkexec-constructor. Drop the --pidfile option which is
unused without --daemonize.

* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify
command arguments.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-08-09 17:15:40 +02:00
Maxim Cournoyer
a2b89a3319
services: configuration: Step back from *unspecified*.
Fixes <https://issues.guix.gnu.org/56799>.

This partially reverts 8cb1a49a39.

Rationale: *unspecified* cannot be serialized thus used as a G-Expression
input, which is problematic/inconvenient when using deeply nested records.  As
an example, jami-service-type was broken when using partially defined
<jami-account> records.

* gnu/services/configuration.scm (define-maybe-helper): Check against the
'unset symbol.
(normalize-field-type+def): Adjust value to 'unset.
(define-configuration-helper): Use 'unset as the default value thunk.
* gnu/services/file-sharing.scm (serialize-maybe-string): Check against the
'unset symbol.
(serialize-maybe-file-object): Likewise.
* gnu/services/messaging.scm (define-all-configurations): Use 'unset as
value.
(raw-content?): Check against 'unset symbol.
(prosody-configuration)[http-max-content-size]: Default to 'unset.
[http-external-url]: Likewise.
[mod-muc]: Likewise.
[raw-content]: Likewise.
* gnu/services/networking.scm (opendht-configuration): Adjust documentation.
* gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined*
with the 'unset symbol.
* tests/services/configuration.scm ("maybe type, no default"): Check against
the 'unset symbol.
* doc/guix.texi: Regenerate the opendht-configuration,
openvpn-client-configuration and openvpn-server-configuration documentation.
2022-08-01 12:49:35 -04:00
Maya
dd3cf14402
services: opensmtpd: Make commands setgid to "smtpq" by default.
This is a patch that fixes "<executable name>: this program must be setgid smtpq".

* gnu/services/mail.scm (<opensmtpd-configuration>)[setgid-commands?]: New field.
(opensmtpd-set-gids): New procedure.
(opensmtpd-service-type)[extensions]: Add SETUID-PROGRAM-SERVICE-TYPE extension.
* doc/guix.texi (Mail Services): Document it.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2022-08-01 14:08:08 +02:00
Ludovic Courtès
7d0ebc467f
services: rottlog: More convenient default options for <log-rotation>.
* gnu/services/admin.scm (%default-log-rotation-options): New variable.
(%default-rotations): Use it.
* gnu/services/cuirass.scm (cuirass-log-rotations): Likewise.
* doc/guix.texi (Log Rotation): Adjust accordingly.
2022-08-01 00:02:04 +02:00
Ludovic Courtès
e5a6900baf
services: rottlog: Keep important /var/log files for 16 weeks.
The default "rotate" value is 1 as of rottlog 0.72.2, meaning that only
one rotated file would be kept in addition to the active file.

* gnu/services/admin.scm (%default-rotations): Add "rotate" option for
%ROTATED-FILES.
2022-08-01 00:02:04 +02:00
Ludovic Courtès
bfe3fdbc75
services: tor: Do not write to /var/log/tor.log.
The service uses syslog and additionally shepherd 0.9 captures its
stdout/stderr, so there's no point in passing #:log-file.

* gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file
argument to 'make-forkexec-constructor'.
(%tor-log-rotation): Remove.
(tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
2022-08-01 00:02:03 +02:00
Ludovic Courtès
fb868cd779
services: tor: Switch to 'least-authority-wrapper'.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
2022-07-19 18:54:42 +02:00
Timotej Lazar
6a2a8ca1f5
gnu: tests: Fix guix-data-service test.
Since revision 32, guix-data-service starts immediately but returns an HTTP
error code until initialization is complete. Adjust the test accordingly, and
remove the increased startup time limit.

* gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout.
* gnu/tests/guix.scm (guix-data-service): Retry the http-get test several
times to give the service time to initialize.

Signed-off-by: Christopher Baines <mail@cbaines.net>
2022-07-15 09:38:42 +01:00
Oleg Pykhalov
b33e1a183f
services: docker: Fix race condition.
Fixes <https://issues.guix.gnu.org/38432>.

* gnu/packages/patches/containerd-create-pid-file.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add this.
* gnu/packages/docker.scm (containerd)[source]: Add this patch.
* gnu/services/docker.scm
(containerd-shepherd-service): Add #:pid-file and #:pid-file-timeout.
* gnu/services/docker.scm (docker-shepherd-service): Add --containerd flag.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2022-07-13 21:36:41 -04:00
Christopher Baines
e069de452a
services: guix-build-coordinator: Fix passing parallel-hooks.
The previous approach didn't support a simple alist.

* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix
passing parallel-hooks in to the start gexp.
2022-07-03 20:38:09 +01:00
Ricardo Wurmus
cba98b58bf
services: Add anonip-service-type.
* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
2022-07-03 14:12:32 +02:00
Ludovic Courtès
bf7e07d299
services: openssh: Listen on IPv6 only when IPv6 is supported.
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.

* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
2022-07-01 23:29:16 +02:00
Ludovic Courtès
0483c71cc5
services: root-file-system: Cleanly unmount upon shutdown.
Fixes <https://issues.guix.gnu.org/56209>.
Reported by angry rectangle <angryrectangle@cock.li>.

* gnu/packages/admin.scm (shepherd-0.9)[modules, snippet]: New fields.
* gnu/services/base.scm (%root-file-system-shepherd-service): In 'stop'
method, remove 'call-with-blocked-asyncs'.  When 'mount' throws to
'system-error, call (@ (fibers) sleep) and try again.
* gnu/tests/base.scm (run-root-unmount-test): New procedure.
(%test-root-unmount): New variable.
2022-07-01 12:10:28 +02:00
Christopher Baines
b5c6062bce
services: nginx: Add support for extra content in upstream blocks.
I'm looking at this as I'd like to use the keepalive functionality.

* gnu/services/web.scm (nginx-upstream-configuration-extra-content): New
procedure.
(emit-nginx-upstream-config): Include the extra-content if applicable.
* doc/guix.texi (NGINX): Document this.
2022-07-01 09:45:28 +01:00
Christopher Baines
09aeabb9d3
services: guix: Support guix-build-coordinator parallel hooks.
* gnu/services/guix.scm (guix-build-coordinator-configuration-parallel-hooks):
New procedure.
(make-guix-build-coordinator-start-script): Accept and use #:parallel-hooks.
(guix-build-coordinator-shepherd-services): Pass parallel-hooks to
make-guix-build-coordinator-start-script.
* doc/guix.texi (Guix Build Coordinator): Document this new field.
2022-07-01 09:45:28 +01:00