This patch adds a Guix Home service, which allows for configuring/deploying an
operating-system declaration with an associated home-environment.
* gnu/services/guix.scm: Add guix-home-service and guix-home-shepherd-service
* gnu/home/services/shepherd.scm: Don't attempt to launch user shepherd when
the system shepherd runs guix-home-<user>
* doc/guix.texi: Add documentation for guix-home-service
* gnu/tests/guix.scm: Add a test to verify guix-home-service-type is able to
activate a home environment
Change-Id: Ifbcc0878d934aa4abe34bb2123b5081fb432aa8e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Previously, if /etc/guix/machines.scm was a dangling symlink, it would
be kept (because ‘file-exists?’ would return #f) and thus the following
‘symlink’ call would throw with EEXIST.
* gnu/services/base.scm (guix-machines-files-installation): Use ‘lstat’
rather than ‘file-exists?’.
Change-Id: I07c7eed842dacabbd19ae2a17ac3e59cf26e46b2
* gnu/services/guix.scm (nar-herder-configuration-new-ttl,
nar-herder-cached-compression-configuration-unused-removal-duration,
nar-herder-cached-compression-configuration-ttl,
nar-herder-cached-compression-configuration-new-ttl): New procedure.
(nar-herder-shepherd-services): Handle the new options.
* doc/guix.texi (Guix Services): Document the new nar-herder options.
Change-Id: I161e490221a3ce394e32ada685dca27df60638bb
The #:lazy-start? parameter was added in the Shepherd 0.10.0, which is
required since commit 477d4f7d24.
* gnu/services/base.scm (guix-publish-shepherd-service): Use
‘make-systemd-constructor’ unconditionally and pass #:lazy-start?.
Change-Id: I95aa079732cd21e32091c7deea2ed2f1bc50f2f2
These are useless when offloading yet were causing problems on systems
where the default substitute servers are unreachable.
* gnu/services/virtualization.scm (%virtual-build-machine-operating-system):
Add ‘use-substitutes?’ field to ‘guix-configuration’.
Change-Id: I7d5e380a6f2e2d537de43fdb3c550958ed4db255
* gnu/services/xorg.scm (<gdm-configuration>): Change the default value for
wayland? from '#f' to '#t'.
Change-Id: Ic966dfc462b1140894aa6c38c23e229d6252d340
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
These imports were needed for a short time to consider two variants of finding
udev/polkit configuration files. They are no longer needed, since the
respective procedures use all packages now.
* gnu/services/desktop.scm: Strip use of (guix diagnostics) and (srfi srfi-35).
As with our udev extension, this makes it so that all inputs are considered
modulo a new ignorelist.
* gnu/services/desktop.scm (gnome-desktop-configuration): Add
polkit-ignorelist.
(gnome-polkit-settings): Adjust accordingly.
Our udev service is capable of handling both rules and hardware databases.
This patch makes it so that gnome can install any such needed rules or
databases, while also allowing users to supply a list of names to ignore
(via regular expressions).
* gnu/services/desktop.scm (gnome-desktop-configuration): Add udev-ignorelist.
(gnome-udev-resources): Rename to…
(gnome-udev-configuration-files): … this. Account for udev-ignorelist.
(gnome-desktop-service-type): Adjust accordingly.
Change-Id: I6df4b896652581c42a35ea3ba1e4849ad72d12ef
This is a followup to e0ade40c2b, which
didn’t have the desired effect.
* gnu/services/virtualization.scm (virtual-build-machine-default-image):
Add ‘volatile-root?’ field.
Change-Id: I1a622f22cdd0f8f83860a6eb4a852518db3b46b7
* gnu/services/virtualization.scm (check-vm-availability): Check the
value of ‘live-service-running’.
Change-Id: Iba858ea0fa417d9276e026b72b4b78791932482e
This is safer and more appropriate than redirecting to localhost.
* gnu/services/networking.scm (%unroutable-ipv4, %unroutable-ipv6): New
variables.
(facebook-host-aliases): Use them.
Change-Id: Idd4b1fec903c52d542d177a52fec1814eded4119
So far the partition had too little free space.
* gnu/services/virtualization.scm (%default-virtual-build-machine-image-size):
New variable.
(virtual-build-machine-default-image): Define ‘partitions’ field.
Change-Id: Iffe0f316eecad8754d29f8c811cdc4836a818a3f
This provides /dev/pts and other things that are important for
builds (for example, Python 2.x has ‘openpty’ unit tests that can only
succeed when /dev/pts is available.)
* gnu/services/virtualization.scm (%virtual-build-machine-operating-system)
[file-systems]: Add %BASE-FILE-SYSTEMS.
Change-Id: I7d12a4cb491e957bf55e6c5f9dd09c013473ca42
Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
Otherwise, modules will be loaded before udev starts, and load events won't be
handled.
* gnu/services/linux.scm (kernel-module-loader-shepherd-service)[requirement]:
Add 'udev.
Change-Id: Ib65028978f96012604b54b27a56501d4388b0f34
* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure.
(certbot-service-type)[extensions]: Add it to shepherd-root extension.
(certbot-command): Make connection errors return a different exit code.
(certbot-activation): Remove message with certificate renewal instructions.
Change-Id: I614ac6214a753dba0396e2385a75926c8355caa1
Signed-off-by: Clément Lassieur <clement@lassieur.org>
* gnu/services/shepherd.scm (<shepherd-service>): Add respawn-limit and
respawn-delay.
(shepherd-service-file): Emit the two values into the shepherd service
constructor form.
Change-Id: I54408e8fb4bcc0956d9610771bf5c566fdc2914c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Currently connman has no main.conf as specified in 'man 5 connman.conf' which
would allow setting NetworkInterfaceBalcklist and other useful options.
This patch adds connman-general-configuration, serializes it and
passes to connmad with --config= flag.
All configuration fields are 'maybe-*' deliberately, to not disturb current
users and not require supporting configuration changes for connmand.
* gnu/services/networking.scm (<connman-general-configuration>): New
configuration record to represent main.conf for connmand.
(<connman-configuration>)[general-configuration]: New field.
(connman-shepherd-service): Honor it.
*doc/guix.texi (Networking Services): Add generated configuration.
Change-Id: I5d78f49e8b2d5e0b3cbd7b8b604e8a254b6397e8
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This also switches to use guile-next, which includes important fixes to
invalid unicode handling with suspendable ports, which is necessary for the
agent.
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-94.c4c4f5a.
* gnu/services/guix.scm: Use guile-next for the coordinator service.
Change-Id: I853539a612fd0b41a6c63069c6291b3f42e5cdee
This construct was introduced in Shepherd 0.9.0.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Use
‘make-inetd-constructor’ unconditionally.
Change-Id: Id1b79077d60609c7f95439ee0d097dfe6e66dd2e
* gnu/services/shepherd.scm (%default-modules): Remove (oop goops).
(shepherd-service-file): Use (service …) instead of (make <service> …).
Use ‘actions’ instead of ‘make-actions’.
(scm->go): Remove use of (oop goops).
(shepherd-configuration-file): Pass ‘register-services’ a list.
Use ‘start-in-the-background’ unconditionally.
Change-Id: I0ad1ba32e339c56ee31e59f160b53d3581277d97
Due to an error in the nesting of S-Expressions, the re-linking of
/var/run/dbus to /run/dbus would occur even if it was already a
correct symlink. It should only happen if the symlink is different.
* gnu/services/dbus.scm (dbus-activation): Adjust accordingly.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Having a timeout seems generally preferable as it makes sure build slots
are not kept busy for no good reason (few package builds, if any, are
expected to exceed these values).
* nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’
and ‘buildTimeout’.
* gnu/services/base.scm (<guix-configuration>)[max-silent-time]
[timeout]: Change default values.
* doc/guix.texi (Invoking guix-daemon, Base Services): Adjust
accordingly.
Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8
Fixes <https://issues.guix.gnu.org/64653>.
The ‘dynamic-wind’ was causing files to be closed prematurely when
leaving the dynamic extent of PROC for instance via a delimited
continuation, using Fibers (that ‘dynamic-wind’ call was also
semantically incorrect in the first place).
* gnu/services/shepherd.scm (shepherd-configuration-file)
[config](call-with-file): Remove.
(call-with-input-file, call-with-output-file): Rewrite in terms of
‘call-with-port’.
Change-Id: Ica8af71a04f525a15be99985552063cb98cd6ee8
I think this might be better than handling it in the service. I'm seeing
locale issues on the hurd which I hope this will address.
* gnu/packages/package-management.scm (guix-build-coordinator,
guix-build-coordinator/agent-only):
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services,
guix-build-coordinator-agent-shepherd-services):
Change-Id: I07ca424f434854176326a19177dc5573d53b59c2
This has been effectively replaced by the bffe.
* gnu/services/guix.scm (<guix-data-service-configuration>): Remove record
type.
(guix-build-coordinator-queue-builds-shepherd-services,
guix-build-coordinator-queue-builds-activation,
guix-build-coordinator-queue-builds-account): Remove procedures
(guix-build-coordinator-queue-builds-service-type): Remove service type.
Change-Id: I2a233fb10b12cc9bfddebaa35928b25c243f82a2
* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).
Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
* gnu/services/telephony.scm (jami-shepherd-services): Use
‘least-authority-wrapper’ for ‘dbus-daemon’. Use ‘fork+exec-command’
instead of ‘make-forkexec-constructor/container’ in the ‘start’ method’.
Remove reference to (gnu build shepherd).
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I9d9f8de6ecea77950000ff64aa8c8d097dc028a0
This will only affect systems running Shepherd < 0.9.0, which was
released in August 2022.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Remove
‘with-imported-modules’ and ‘modules’ field. Use
‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’ when ‘make-inetd-constructor’ is
missing.
Change-Id: I35a0487bccaee4799ad0d81388d540e5c7891f7e
* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’. Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field. Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.
Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
* gnu/services/web.scm (hpcguix-web-shepherd-service): Define
‘config-file’ and use it. Add ‘actions’ field.
Change-Id: I085df403270039ede3c13f21a5d60682c7510e2e
* gnu/services/base.scm (guix-machines-files-installation): Handle
machines being a mixed list of build-machines and lists of
build-machines.
* doc/guix.texi (Base Services): Document it.
Change-Id: Ie404562ca0b564413233c3a624046da831893dc3
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The udev-configuration record now has a hardware field.
The contents of the /etc/udev directory now includes hwdb.bin, which is
computed when the system is instanciated (prior to system activation). The
hardware description files used to generate hwdb.bin are not installed in
/etc, because they are not required at run-time.
The documentation has been reworked so as to explain why creating udev rules
or hardware needs helper functions for configuration or extension.
* gnu/services/base.scm (udev-hardware): New function.
(file->udev-hardware): New function.
(udev-hardware-service): New function.
(udev-etc): Add hwdb.d and hwdb.bin.
(module): Export udev-hardware, file->udev-hardware, and udev-hardware-service.
(<udev-configuration>): Add the native-udev field.
(udev-service-type) [extend]: Populate the hardware field.
* doc/guix.texi (Base Services)[udev-service-type]: Explain configuration and
extension values.
* doc/guix.texi (Base Services)[udev-hardware]: Document it.
[udev-hardware-service]: Same.
* doc/guix.texi (Base Services)[udev-configuration]: Document the native-udev
field.
* gnu/services/base.scm (udev-configurations-union): New function.
(udev-configuration-file): New function, use file->udev-configuration-file.
(file->udev-configuration-file): New function.
(udev-rules-union): Use udev-configurations-union.
(udev-rule): Use udev-configuration-file.
(file->udev-rule): Use file->udev-configuration-file.
According to https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3101, glib
now searches for the session bus socket in runstatedir. The dbus service must
thus have its socket in /run/dbus.
For interoperability with the dbus standard, /run/dbus is also symlinked to
/var/run/dbus.
* gnu/services/dbus.scm (dbus-activation): Symlink /run/dbus to /var/run/dbus.
(%dbus-accounts): Run dbus in /run/dbus.
(dbus-root-service-type): Save the pid file in /run/dbus.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Introduces 'base-transducer', a SRFI-171 based transducer that can be used as a
starting point for writing custom configuration record serializing procedures.
This also fixes the symbol maybe-value serialization test case.
* gnu/services/configuration.scm (empty-serializer?): New predicate.
(base-transducer, tfilter-maybe-value): New procedure.
(serialize-configuration): Adapt to use base-transducer.
* gnu/services/telephony.scm (jami-account->alist): Use transducers to skip
fields that are unserializable or whose field maybe-value is unset.
* tests/services/configuration.scm: Remove test-expect-fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b23.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* gnu/services/vnc.scm (xvnc-configuration->command-line-arguments): Omit X
display number when inetd? is #t.
Change-Id: I0fc8e3068f3ae22421e60e96bd40e3b6e477ca99
Previously, a default name would be used for transient inetd services,
leading to names such as #{5rjnskb6011jgmfmpgp63jp9mh9nkl20-rsync-3274}#.
* gnu/services/rsync.scm (rsync-shepherd-service): Pass #:service-name-stem.
Change-Id: I4d0a4a01e122c6eeaa85f104b083cf7e8709eac3
Packets for local host IP ranges should be coming only over lo. If that is
not the case, we should drop them. Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.
* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
* gnu/services/base.scm (guix-machines-files-installation): New
procedure.
(<guix-configuration>)[build-machines]: New field.
(guix-activation): Call ‘ guix-machines-files-installation’.
(<guix-extension>)[build-machines]: New field.
(guix-extension-merge): Handle it.
(guix-service-type)[extend]: Likewise.
* doc/guix.texi (Daemon Offload Setup): Add note linking to
‘guix-configuration’.
(Base Services): Document ‘build-machines’ field of <guix-configuration>
and of <guix-extension>.
(Virtualization Services): Add ‘hurd-vm’ anchor.
Fixes a bug introduced in 0dd293b4d9
whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the
“wrong” locale data (2.35 instead of 2.37).
Consequently, it would fail to setlocale(3) and calls to
‘std::stoi’ (when reading the output of ‘guix authenticate’) would
throw, leading to this error message of guix-daemon:
unexpected build daemon error: stoi
This would manifest when sending store items to a childhurd:
$ guix copy --to=localhost:10022 sed
guix copy: sending 1 store item (1 MiB) to 'localhost'...
guix copy: error: unknown error while sending files over SSH
The “unknown error” is the ‘stoi’ exception.
This commit fixes that, but for the ‘guix-daemon’ service only.
* gnu/services/base.scm (guix-shepherd-service)[locales]: New variable.
Use it instead of ‘glibc-utf8-locales’.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
Sometimes `syncthing-service-type' fails during startup because it tries
to read configuration files from the user's home directory:
Failure on home directory: mkdir /home/xyz/.config: permission denied
This patch adds `user-processes' to the shepherd service requirements to
ensure that `user-homes' is fired before `syncthing' tries to read data
from the home directory.
* gnu/services/syncthing.scm (syncthing-shepherd-service): add
`user-processes' to requirements
Signed-off-by: Ludovic Courtès <ludo@gnu.org>