The udev-configuration record now has a hardware field.
The contents of the /etc/udev directory now includes hwdb.bin, which is
computed when the system is instanciated (prior to system activation). The
hardware description files used to generate hwdb.bin are not installed in
/etc, because they are not required at run-time.
The documentation has been reworked so as to explain why creating udev rules
or hardware needs helper functions for configuration or extension.
* gnu/services/base.scm (udev-hardware): New function.
(file->udev-hardware): New function.
(udev-hardware-service): New function.
(udev-etc): Add hwdb.d and hwdb.bin.
(module): Export udev-hardware, file->udev-hardware, and udev-hardware-service.
(<udev-configuration>): Add the native-udev field.
(udev-service-type) [extend]: Populate the hardware field.
* doc/guix.texi (Base Services)[udev-service-type]: Explain configuration and
extension values.
* doc/guix.texi (Base Services)[udev-hardware]: Document it.
[udev-hardware-service]: Same.
* doc/guix.texi (Base Services)[udev-configuration]: Document the native-udev
field.
* gnu/services/base.scm (udev-configurations-union): New function.
(udev-configuration-file): New function, use file->udev-configuration-file.
(file->udev-configuration-file): New function.
(udev-rules-union): Use udev-configurations-union.
(udev-rule): Use udev-configuration-file.
(file->udev-rule): Use file->udev-configuration-file.
According to https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3101, glib
now searches for the session bus socket in runstatedir. The dbus service must
thus have its socket in /run/dbus.
For interoperability with the dbus standard, /run/dbus is also symlinked to
/var/run/dbus.
* gnu/services/dbus.scm (dbus-activation): Symlink /run/dbus to /var/run/dbus.
(%dbus-accounts): Run dbus in /run/dbus.
(dbus-root-service-type): Save the pid file in /run/dbus.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Introduces 'base-transducer', a SRFI-171 based transducer that can be used as a
starting point for writing custom configuration record serializing procedures.
This also fixes the symbol maybe-value serialization test case.
* gnu/services/configuration.scm (empty-serializer?): New predicate.
(base-transducer, tfilter-maybe-value): New procedure.
(serialize-configuration): Adapt to use base-transducer.
* gnu/services/telephony.scm (jami-account->alist): Use transducers to skip
fields that are unserializable or whose field maybe-value is unset.
* tests/services/configuration.scm: Remove test-expect-fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b23.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* gnu/services/vnc.scm (xvnc-configuration->command-line-arguments): Omit X
display number when inetd? is #t.
Change-Id: I0fc8e3068f3ae22421e60e96bd40e3b6e477ca99
Previously, a default name would be used for transient inetd services,
leading to names such as #{5rjnskb6011jgmfmpgp63jp9mh9nkl20-rsync-3274}#.
* gnu/services/rsync.scm (rsync-shepherd-service): Pass #:service-name-stem.
Change-Id: I4d0a4a01e122c6eeaa85f104b083cf7e8709eac3
Packets for local host IP ranges should be coming only over lo. If that is
not the case, we should drop them. Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.
* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
* gnu/services/base.scm (guix-machines-files-installation): New
procedure.
(<guix-configuration>)[build-machines]: New field.
(guix-activation): Call ‘ guix-machines-files-installation’.
(<guix-extension>)[build-machines]: New field.
(guix-extension-merge): Handle it.
(guix-service-type)[extend]: Likewise.
* doc/guix.texi (Daemon Offload Setup): Add note linking to
‘guix-configuration’.
(Base Services): Document ‘build-machines’ field of <guix-configuration>
and of <guix-extension>.
(Virtualization Services): Add ‘hurd-vm’ anchor.
Fixes a bug introduced in 0dd293b4d9
whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the
“wrong” locale data (2.35 instead of 2.37).
Consequently, it would fail to setlocale(3) and calls to
‘std::stoi’ (when reading the output of ‘guix authenticate’) would
throw, leading to this error message of guix-daemon:
unexpected build daemon error: stoi
This would manifest when sending store items to a childhurd:
$ guix copy --to=localhost:10022 sed
guix copy: sending 1 store item (1 MiB) to 'localhost'...
guix copy: error: unknown error while sending files over SSH
The “unknown error” is the ‘stoi’ exception.
This commit fixes that, but for the ‘guix-daemon’ service only.
* gnu/services/base.scm (guix-shepherd-service)[locales]: New variable.
Use it instead of ‘glibc-utf8-locales’.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
Sometimes `syncthing-service-type' fails during startup because it tries
to read configuration files from the user's home directory:
Failure on home directory: mkdir /home/xyz/.config: permission denied
This patch adds `user-processes' to the shepherd service requirements to
ensure that `user-homes' is fired before `syncthing' tries to read data
from the home directory.
* gnu/services/syncthing.scm (syncthing-shepherd-service): add
`user-processes' to requirements
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>)[log-expiry]:
New field.
(cuirass-shepherd-service): Honor it.
* doc/guix.texi (Continuous Integration): Document it.
Rather than hardcoding a particular guile in the service definition.
* gnu/services/guix.scm (bffe-shepherd-services): Use guile from the package.
* gnu/packages/package-management.scm (bffe)[inputs]: Remove unnecessary
guile-next input.
This is intended to replace the functionality of the Guix Build Coordinator
queue builds script, and also provide a web interface for build farms.
* gnu/services/guix.scm (<bffe-configuration>): New record type.
(bffe-configuration, bffe-configuration?,
bffe-configuration-package,
bffe-configuration-user,
bffe-configuration-group,
bffe-configuration-arguments
bffe-configuration-extra-environment-variables): New procedures.
(bffe-service-type): New variable.
* gnu/tests/guix.scm (%test-bffe): New variable.
* doc/guix.texi (Guix Services): Document the new service.
* gnu/services/base.scm (<network-link>): Add mac-address field. Set
type field to #f by default, so it won't be mandatory. network-link
without a type will be used for existing interfaces.
(assert-network-link-mac-address, mac-address?): Add sanitizer. Allow
valid mac-address or #f.
(assert-network-link-type): Add sanitizer. Allow symbol or #f.
* gnu/services/base.scm (network-set-up/linux,
network-tear-down/linux): Adapt to new structure.
* doc/guix.texi (Networking Setup): Document it.
* gnu/tests/networking.scm (run-static-networking-advanced-test): New
variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This fixes a issue introduced in the previous commit 552d070377 (services:
mcron: Add module for %user-log-dir.) which made the expression invalid when
using a '() module for the system service.
* gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Use
(shepherd support) unconditionally.
Fixes a regression introduced in
9c34b793c1.
* gnu/services/linux.scm (earlyoom-shepherd-service): Move
'user-processes' to 'requirements'.
Reported-by: Attila Lendvai <attila@lendvai.name>
