When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* gnu/services/virtualization.scm (secret-service-operating-system): New
procedure.
(hurd-vm-disk-image): Use it to ensure a Childhurd always includes the
secret-service.
(%hurd-vm-operating-system): Remove secret-service.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add
secret-service.
(hurd-vm-shepherd-service): Use it to install secrets.
* doc/guix.texi (The Hurd in a Virtual Machine): Document it.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Fixes a bug in 949672c923 whereby jobs
specifying a #:user not available in the build environment would fail
validation.
Reported by Maxim Cournoyer.
* gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue"
file and pass it to 'mcron --schedule'.
That way, run-time errors in the job specs are caught at build time.
* gnu/services/mcron.scm (job-file): Remove.
(job-files): New procedure.
(mcron-shepherd-services): Adjust accordingly.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Fixes <https://bugs.gnu.org/43011>.
Reported by Jesse Gibbons <jgibbons2357@gmail.com>.
Until now the stdout/stderr file descriptors were not redirected.
* gnu/services/admin.scm (unattended-upgrade-mcron-jobs)[code]: Remove
'with-logging' and use 'redirect-port' instead.
* gnu/services/admin.scm (<unattended-upgrade-configuration>)[operating-system-file]:
New field.
(unattended-upgrade-mcron-jobs): Honor it.
* doc/guix.texi (Unattended Upgrades): Document it.
* gnu/services/linux.scm (<zram-device-configuration>): New record.
(zram-device-service-type): New variable.
* doc/guix.texi (Linux Services): Document it.
* tests/services/linux.scm (zram-swap-device-test): New tests.
* gnu/services/admin.scm (<unattended-upgrade-configuration>): New
record type.
(%unattended-upgrade-log-file): New variable.
(unattended-upgrade-mcron-jobs, unattended-upgrade-log-rotations): New
procedures.
(unattended-upgrade-service-type): New variable.
* doc/guix.texi (Service Reference): Add 'provenance-service-type' anchor.
(Unattended Upgrades): New section.
* gnu/services/nix.scm (<nix-configuration>)[extra-options]: New field.
(nix-shepherd-service): Add this.
(nix-activation): Add new line to the end of /etc/nix/nix.conf file.
* doc/guix.texi (Miscellaneous Services)[Nix service]: Document this.
* gnu/services/ganeti.scm (<ganeti-rapi-configuration>): Set SSL? to #t.
* gnu/tests/ganeti.scm (%ganeti-os): Set SSL? to #f.
* doc/guix.texi (Virtualization Services): Adjust accordingly.
* gnu/services/web.scm (mumi-shepherd-services)[environment]: New
variable.
Pass it as #:environment-variables to each 'make-forkexec-constructor'
call.
Commit 6680880f9b pushes out a new guix
package with a new key location, so we need to update to the new key
in order for systems to build correctly.
* gnu/services/base.scm (%default-authorized-guix-keys): Refer to berlin.guix.gnu.org.pub.
* gnu/services/networking.scm (<wpa-supplicant-configuration>)[requirement]:
New parameter.
(wpa-supplicant-shepherd-service): Use it instead of hard-coded list.
* doc/guix.texi (Networking Services): Document accordingly.
* gnu/services/science.scm: New file.
(<rshiny-configuration>): New record.
(rshiny-shepherd-service-type): New variable.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
These issues were reported by -Wformat, though they were harmless in
practice because importing (ice-9 format) changes the global 'format'
binding currently.
* gnu/services/nix.scm: Import (ice-9 format).
* gnu/services/web.scm: Likewise.
* gnu/system/mapped-devices.scm: Likewise.
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[options]: Remove
"--hda" option.
[id,net-options]: New fields.
(hurd-vm-net-options): New procedure. Parameterize port forwarding with ID.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use them.
Parameterize provision with ID, if set. Hardcode "--hda" option for image.
* doc/guix.texi (Virtualization Services): Document new fields. Update for
hardcoding of "--hda".
* gnu/services/virtualization.scm (hurd-vm-shepherd-service,
hurd-vm-disk-image): New procedures.
(%hurd-vm-operating-system, hurd-vm-service-type): New variables.
(<hurd-vm-configuration>): New record type.
* doc/guix.texi (Virtualization Services): Document it.
* gnu/services/shepherd.scm (scm->go): Use let-system, remove FIXME. Fixes
fixes cross-building of shepherd modules for the Hurd image.
* gnu/services/hurd.scm (<hurd-gettty-configuration>): New record.
(hurd-ttys-shepherd-service): New procedure.
(hurd-getty-service-type): New variable.
* doc/guix.texi (Hurd Services): Document it.
Fixes <https://bugs.gnu.org/40806>.
Previously the xorg-server package specified in the configuration was ignored
entirely in xorg-configuration->file. This had the effect that while the X
program of the configured package would be executed, the modules of the
configured package would be ignored in favor of the default xorg-server
package's modules. This fixes that.
* gnu/services/xorg.scm (xorg-configuration->file): honor
xorg-configuration-server.
* gnu/services/docker.scm (docker-configuration): Add a debug? field.
(containerd-shepherd-service): Pass the "--log-level=debug" argument when
DEBUG? is true.
(docker-shepherd-service): Pass the "--debug" and "--log-level=debug"
arguments when DEBUG? is true.
* doc/guix.texi (Miscellaneous Services): Update doc.
* gnu/services/nfs.scm (<nfs-configuration>)[nfsd-tcp?, nfsd-udp?]: New
fields.
(nfs-shepherd-services)[rpc.nfsd]: Populate the --{no-,}tcp and --{no-,}udp
command line options based on the values of the nfsd-tcp? and nfsd-upd?
fields.
* doc/guix.texi (Network File System): Add doc.
* gnu/services/dbus.scm (polkit-service-type)[description]: New field.
* gnu/services/dict.scm (dicod-service-type)[description]: New field.
* gnu/services/dns.scm (knot-service-type)[description]: New field.
* gnu/services/networking.scm (dhcpd-service-type)[description]: New field.
* gnu/services/shepherd.scm (shepherd-root-service-type)[description]:
New field.
* gnu/services/xorg.scm (slim-service-type)[description]: New field.
(screen-locker-service-type)[description]: New field.
* gnu/system/pam.scm (pam-root-service-type)[description]: New field.
* gnu/system/shadow.scm (account-service-type)[description]: New field.
This reverts commit 4c0cc7bed3.
Fixes <https://bugs.gnu.org/41116>.
Reported by Alex Sassmannshausen <alex@komputilo.eu>.
The problem is that reconfiguring on a system running Shepherd < 0.8.0
would lead to an error, due to #:file-creation-mask not being supported.
The error is rather harmless: it prevents service upgrade but the system
itself is upgraded.
We can reinstate that commit eventually, once #:file-creation-mask has
become widespread.
This addresses <https://bugs.gnu.org/40837> by making these configuration
files more easily accessible within the WebKitGTK sandbox.
* gnu/services/sound.scm (pulseaudio-environment): Move below
PULSEAUDIO-CONF-ENTRY. Instantiate PULSE_CONFIG and PULSE_CLIENTCONFIG
entries directly instead of referring to /etc/pulse.
(pulseaudio-etc): Do not create /etc/pulse/client.conf and /etc/pulse/daemon.conf.
This is a followup to d7113bb655 and
e3358a831e.
* gnu/services/base.scm (syslog-service-type): Change 'start' method to set
umask using the #:file-creation-mask parameter of
'make-forkexec-constructor' introduced in version 0.8.0 of the Shepherd.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Introduce a new `addresses' field that translates to passing `--address='
multiple times to dnsmasq.
* gnu/services/dns.scm (<dnsmasq-configuration>): Add an addresses field.
(dnsmasq-shepherd-service): Match the addresses field and translate it to
multiple '--address=' flags.
* doc/guix.texi (DNS Services): Document it.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* gnu/system/file-systems.scm (%control-groups): Add "pids".
* gnu/services/docker.scm (docker-shepherd-service): Resolve a TODO.
This has allowed me to make a specific configuration of nsjail work.
Fixes <https://bugs.gnu.org/40839>.
Reported by Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
Fix suggested by Mathieu Othacehe <m.othacehe@gmail.com>
However, <https://bugs.gnu.org/29296> still applies; %current-target-system
may not be bound.
* gnu/services/shepherd.scm (scm->go): Use `with-target' when cross-compiling.
* gnu/packages/admin.scm (shepherd): Update to 0.8.0.
* gnu/services/shepherd.scm (shepherd-configuration-file): Use
'default-pid-file-timeout' instead of fiddling with '%pid-file-timeout'.
* gnu/services/mail.scm (dovecot-shepherd-service)[stop]: Use 'invoke'
instead of 'make-forkexec-constructor'. Previously, the 'stop' method
would return the PID of the "dovecot stop" process, which would be
interpreted as a failure to stop the service.
Passing 'make-forkexec-constructor' a string or several string arguments
has been deprecated since dmd 0.1.
* gnu/services/base.scm (rngd-service-type): In 'start' method, pass a
list as the first argument to 'make-forkexec-constructor'.
* gnu/services/desktop.scm (bluetooth-shepherd-service): Likewise.
* gnu/services/spice.scm (spice-vdagent-shepherd-service): Likewise.
* gnu/services/networking.scm (simulated-wifi-shepherd-services): New
procedure.
(simulated-wifi-service-type): New variable.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/networking.scm (<hostapd-configuration>): New record
type.
(hostapd-configuration-file, hostapd-shepherd-services): New
procedures.
(hostapd-service-type): New variable.
* doc/guix.texi (Networking Services): Document it.
When running the installation image off a DVD, early I/O operations are
extremely slow, to the point that something like dbus-daemon would need
~20s to start. This change works around the issue.
Fixes <https://bugs.gnu.org/40572>.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* gnu/services/shepherd.scm (shepherd-configuration-file): Set
%pid-file-timeout to 30.
To match its own documentation & other similar services.
* gnu/services/desktop.scm (gnome-desktop-configuration)[gnome-package]:
Rename to…
[gnome]: …this.
To match its own documentation & other similar services.
* gnu/services/desktop.scm (gnome-desktop-configuration)[gnome-package]:
Rename to…
[gnome]: …this.
Fixes an error message '"load_module" directive is specified too late'.
* gnu/services/web.scm (default-nginx-config): Emit load_module before
global directives.
Fixes <https://bugs.gnu.org/25569>.
Reported by Divan Santana <divan@santanas.co.za>.
* gnu/services/base.scm (shepherd-set-http-proxy-action): New procedure.
(guix-shepherd-service): Add 'actions' field. Change 'start' to a
lambda; check the value of the "http_proxy" environment variable and
add "http_proxy" and "https_proxy" to #:environment-variables as a
function of that.
* gnu/tests/base.scm (run-basic-test)["guix-daemon set-http-proxy
action", "guix-daemon set-http-proxy action, clear"]: New tests.
* doc/guix.texi (Base Services): Document it.
Partly fixes <https://bugs.gnu.org/40405>.
Reported by Diego Nicola Barbato <dnbarbato@posteo.de>.
* gnu/services/base.scm (syslog-service-type): Change 'start' method to
set umask to #o137 before spawning syslogd.
* gnu/tests/base.scm (run-basic-test)["/var/log/messages is not
world-readable"]: New test.
* gnu/services/base.scm (%base-services): Add an instance of
ROTTLOG-SERVICE-TYPE.
* doc/guix.texi (Log Rotation): Mention that it's part of
%BASE-SERVICES and change example.
* doc/guix.texi (Linux Services): Add a new subsection and document the
new service and its configuration.
* gnu/services/linux.scm (kernel-module-loader-service-type): New type.
(kernel-module-loader-shepherd-service): New procedure.
* gnu/tests/linux-modules.scm (module-loader-program): Procedure
removed.
(modules-loaded?-program): New procedure.
(run-loadable-kernel-modules-test): 'module-loader-program' procedure
replaced by the new one.
[os]: Use 'kernel-module-loader-service'.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
Instead of accepting a string for just one protocol version accept a list of
supported versions.
* gnu/services/nfs.scm (<nfs-configuration>)[nfs-version]: Remove field and
replace...
[nfs-versions]: ...with this new field.
(nfs-shepherd-services): Pass as many "--nfs-version" options as there are
supported versions.
* doc/guix.texi (Network File System): Document nfs-versions.
The test had been failing since the upgrade to 6.6.3p1 in commit
2dbfd8eec4.
* gnu/services/mail.scm (opensmtpd-activation): Create /var/spool/mail.
* gnu/tests/mail.scm (run-opensmtpd-test): Check /var/spool/mail instead
of /var/mail.
* gnu/services/web.scm (<nginx-configuration>)[global-directives]: Add field.
(emit-global-directive): New procedure.
(default-nginx-config): Use it.
* doc/guix.texi (Web Services): Document it.
This is so that the options supported by the service configuration don't have
to always be changed. Generally though all options should be explicitly
supported and documented, so this is mostly to facilitate experimentation.
* gnu/services/cuirass.scm (<cuirass-configuration>): Add an extra-options
field.
(cuirass-shepherd-service): Pass the extra options to the shepherd servvices.
* doc/guix.texi (Continuous Integration): Document it.
This is so that the options supported by the service configuration don't have
to always be changed. Generally though all options should be explicitly
supported and documented, so this is mostly to facilitate experimentation.
* gnu/services/guix.scm (<guix-data-service-configuration>): Add extra-options
and extra-process-jobs-options to the record type.
(guix-data-service-shepherd-services): Handle these new configuration record
fields.
* doc/guix.texi (Guix Data Service): Document these new options.
* gnu/services/certbot.scm (certbot-configuration): Add server option.
(certbot-command): Use server option.
(certbot-actication): Use server option.
(certbot-nginx-server-configurations): Use server option.
* doc/guix.texi (Certificate Services): Document server option.
Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/39708>.
Shepherd doesn't keep track of processes that fork themselves and would
disable the process after restarting it a couple times.
* gnu/services/nfs.scm (nfs-shepherd-services): Invoke rpc.mountd with the
'--foreground' option.
Discussed at <https://bugs.gnu.org/39926>.
* gnu/packages/linux.scm (eudev/btrfs-fix): New variable.
* gnu/services/base.scm (<udev-configuration>)[udev]: Default to it.
(udev-service): Likewise for #:udev.
Fixes <https://bugs.gnu.org/39671>.
* gnu/services/base.scm (udev-shepherd-service)[start] Move or copy
environment variables to 'fork+exec-command' instead of 'setenv'.
Previously, services spawned with 'make-forkexec-constructor' &
co. would all inherit the environment variables of PID 1, which includes
things like 'BOOT_IMAGE'. This change resets it to the bare minimum.
* gnu/services/shepherd.scm (shepherd-configuration-file): Add call to
'default-environment-variables'. Remove 'setenv' call.
Fixes <https://bugs.gnu.org/39402>.
Reported by shtwzrd <shtwzrd@protonmail.com>.
* gnu/services/xorg.scm (xorg-configuration):
Apply a filter over %default-xorg-modules packages, excluding
those for which the %current-system is not among the package's
supported-systems.
This patch makes it possible to use xorg-configuration on systems
other than x86_64 and i686, as without it, xf86-video-intel would
be pulled in on the unsupported architecture and fail.
Signed-off-by: Jakub Kądziołka <kuba@kadziolka.net>
* gnu/services/linux.scm: New file.
* tests/services/linux.scm: Add test.
* Makefile.am (SCM_TESTS): Register test.
* doc/guix.texi (Linux Services): Add a new section and document the new
service and its configuration.
This follows up on commit 0d48690908.
* gnu/services/mail.scm (%default-opensmtpd-config-file): Adapt to ‘new’
≥6.4 grammar.
* gnu/tests/mail.scm (%opensmtpd-os): Likewise.
Change the message-log-syslog and message-log-verbose configuration values to
match the Getmail defaults.
* gnu/services/getmail.scm (getmail-options-configuration): Change defaults
for message-log-syslog and message-log-verbose
* doc/guix.texi (Mail Services): Update the Getmail documentation accordingly.
* gnu/services/getmail.scm (getmail-retriever-configuration): Specify proper
documentation strings for some of the fields.
* doc/guix.texi (Mail Services): Update the documentation accordingly.
* gnu/services/sound.scm (ladspa-configuration): New record.
(ladspa-environment): New procedure.
(ladspa-service-type): New service type.
(pulseaudio-environment): Remove LADSPA_PATH.
* doc/guix.texi: Adjust documentation.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/services/sound (pulseaudio-configuration) [daemon-conf]: Disable
flat-volumes, which causes unpleasant experiences to users when applications
inadvertently max out the system volume (e.g. as in #38172).
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/services/sound (<pulseaudio-configuration>): New record.
(pulseaudio-etc): New procedure.
(pulseaudio-environment): Add PULSE_CONFIG and PULSE_CLIENTCONFIG.
(pulseaudio-service-type): Update accordingly.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
* gnu/services/nfs.scm (<idmap-configuration>)[verbosity]: New field.
(idmap-configuration-verbosity): New procedure.
(idmap-service-type): Use it.
* doc/guix.texi (Network File System): Document it.
* gnu/services/nfs.scm (<gss-configuration>, <idmap-configuration>): Fix
indentation.
(<idmap-configuration>): Rename accessor for NFS-UTILS field to
IDMAP-CONFIGURATION-NFS-UTILS.
(idmap-service-type): Use IDMAP-CONFIGURATION-NFS-UTILS.
* gnu/services/sound.scm (pulseaudio-environment): New procedure.
(pulseaudio-service-type): New variable.
* doc/guix.texi (Sound Services): Document it.
In Guile < 2.9.7, autoloading a module would give you access to all its
bindings. In future versions, autoloading a module gives access only to
the listed bindings, as per #:select (see <https://bugs.gnu.org/38895>).
This commit adjusts autoloads to the new semantics, allowing Guix to be
built with Guile 2.9.7/2.9.8.
* guix/build/download.scm <top level>: Remove call to 'module-autoload!'.
(load-gnutls): New procedure.
(tls-wrap): Call it.
* guix/git.scm <top level>: Remove call to 'module-autoload!'.
(load-git-submodules): New procedure.
(update-submodules): Call it instead of 'resolve-interface'.
* gnu/bootloader/grub.scm: Replace #:autoload with #:use-module.
* gnu/packages.scm: Likewise.
* gnu/packages/ssh.scm: Likewise.
* gnu/packages/tex.scm: Likewise.
* gnu/services/cuirass.scm: Likewise.
* gnu/services/mcron.scm: Likewise.
* guix/lint.scm: Augment list of bindings in #:autoload.
* guix/scripts/build.scm: Likewise.
* guix/scripts/gc.scm: Likewise.
* guix/scripts/pack.scm: Likewise.
* guix/scripts/publish.scm: Likewise.
* guix/scripts/pull.scm: Likewise.
* guix/utils.scm: Remove unnecessary #:autoload clauses; replace one
of them with #:use-module.
This solution was kindly provided by Bernard M. Wiedemann.
* gnu/services/base.scm (console-font-service-type): Add ter132n (terminus 132
nomal) font example, for HDPI displays.
* doc/guix.texi (Invoking guix system): Update to `guix system search console'
example output.
* gnu/services/web.scm (%mumi-activation, %mumi-accounts): New variables.
(mumi-shepherd-services): New procedure.
(mumi-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
* gnu/services/desktop.scm: (<gnome-keyring-configuration>): New record type.
(pam-gnome-keyring): New procedure.
(gnome-keyring-service-type): New variable.
* doc/guix.texi (Desktop Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/pam-mount.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (PAM Mount Service): New subsection.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/sysctl.scm (sysctl-shepherd-service): Adjust shepherd
service to use the 'one-shot?' keyword. Remove 'stop' command. Remove
'respawn' option.
* gnu/services/networking.scm (pagekite-service-type): New service type.
(<pagekite-configuration>): New record type.
(pagekite-shepherd-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/dns.scm (<knot-resolver-configuration>): New record type.
(knot-resolver-activation, knot-resolver-shpherd-services): New procedures.
(%knot-resolver-accounts, %kresd.conf, knot-resolver-service-type): New
variables.
* doc/guix.texi (DNS Services): Document it.
* gnu/services/web.scm (<nginx-configuration>): Add modules field.
(nginx-configuration-modules): New field accessor.
(emit-load-module): New procedure.
(default-nginx-config): Add support for the modules field.
* doc/guix.texi (NGINX): Document it.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Add sbin to
the PATH variable, as ip binary is installed there.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This typically halves the number of entries in
/etc/dbus-1/system-local.conf.
* gnu/services/dbus.scm (dbus-configuration-directory)[build](directives):
New macro.
(services->sxml): Use it.
Fixes <https://bugs.gnu.org/37911>.
Reported by Jack Hill <jackhill@jackhill.us>.
Sometime between 1.1.8 and 1.4.3, 'colord' moved had its
'org.freedesktop.ColorManager.conf' file moved from
"etc/dbus-1/system.d" to "share/dbus-1/system.d". Adjust to this
change.
* gnu/services/dbus.scm (dbus-configuration-directory): Add an
'includedir' directive for DIR/share/dbus-1/system.d.
Fixes issue #37504 (see: https://bugs.gnu.org/37504).
The bug was caused by the fact that destructuring an <ntp-configuration>
record using match would bind the 'servers' field without using the
compatibility accessor.
* gnu/services/networking.scm (ntp-shepherd-service): Replace `match-lambda'
by distinct `lambda' and `match' calls, so that the 'servers' field can be
generated by applying the `ntp-configuration-servers' procedure to the
configuration object.
* gnu/services/networking.scm (ntp-server->string): Use the textual
representation of the values as printed by 'display' rather than 'write', to
avoid inserting double quotes in the generated config.
* tests/networking.scm (%ntp-server-sample): Add a comment and make one of the
options a string, to exercise the fix.
("ntp-server->string"): Move the expected value to the first argument.
("ntp configuration servers deprecated form"): Likewise.
("openntpd generated config string ends with a newline"): Likewise.
* gnu/services/audio.scm (<mpd-output>): New record type.
(<mpd-configuration>)[outputs]: New field.
(mpd-output, mpd-output?, mpd-output->string): New procedures.
(mpd-config->file): Use mpd-output->string.
* doc/guix.texi (Audio Services): Document mpd-output fields.
This is a followup to commit 62c2217570.
* gnu/services/base.scm (agetty-shepherd-service)[start]: Wrap un
'with-imported-modules'. This fixes a build error when TTY is true
("no code for module (gnu build linux-boot)").
Unlike gdm-service-type, sddm-service-type cannot be configured in an
operating-system configuration by simply adding (service
sddm-service-type). This adds the default SDDM configuration just like
GDM does..
* gnu/services/sddm.scm (sddm-service-type)[default-value]: New field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/desktop.scm (xfce-desktop-service-type): Add
xfce4-power-manager to polkit-service-type service extension via
new procedure 'xfce-polkit-settings'.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
Previously, on startup, we'd see:
dbus: Unknown username nm-openconnect in message bus configuration file
This fixes it.
* gnu/services/networking.scm (network-manager-accounts): New procedure.
(network-manager-service-type): Extend 'account-service-type'.
* gnu/packages/gnome.scm (network-manager-openconnect)[properties]: Add
'user-accounts'.
This reduces resident memory for PID 1 from 29.8MiB to 28.7MiB right
after boot on a bare-bones system (x86_64-linux).
* gnu/services/shepherd.scm (scm->go): New procedure.
(shepherd-configuration-file)[config]: Call it and use 'load-compiled'
instead of 'primitive-load'.
Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
* gnu/services/base.scm (pam-limits-service-type): For "gdm-password" pam
service, include "limits.conf".
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/guix.scm: New file.
* gnu/tests/guix.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add both new files.
* doc/guix.texi (Guix Services): New section documenting the Guix Data
Service.
As defaulting by stderr, along with the shepherd service not directing the
output to a log file makes seeing the output difficult, compared to logging to
syslog.
* gnu/services/virtualization.scm (libvirt-configuration)[log-outputs]: Change
default from "3:stderr" to "3:syslog:libvirtd".
Fixes <https://bugs.gnu.org/37423>.
Reported by Jan <tona_kosmicznego_smiecia@interia.pl>.
* gnu/services/xorg.scm (%gdm-activation): New variable.
(gdm-service-type)[extensions]: Add 'activation-service-type'.
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/certbot.scm (certbot-command): Add
--manual-public-ip-logging-ok flag to the certbot command when doing a
manual challenge.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to ef640db2f5.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Set
'#:environment-variables' for 'make-forkexec-constructor'.
This reverts commit 903e051a71 to fix
<https://bugs.gnu.org/31365>. The full path of the 'ip' command is already
embedded, and we want to search 'qemu' in PATH.
* gnu/packages/virtualization.scm (libvirt): Remove 'wrap-libvirtd phase. Add
configure flags to run qemu as 'nobody:kvm'.
* gnu/services/virtualization.scm (libvirt-service-type): Add 'qemu' to the
system profile.
This fixes issue #37318 (see: http://bugs.gnu.org/37318).
* gnu/services/networking.scm (openntpd-configuration->string): Rewrite in
order to make the "openntpd configuration generation sanity check" test pass.
See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318.
* gnu/services/networking.scm (openntpd-configuration->string): New procedure,
extracted from top of the `openntpd-shepherd-service' to make it testable.
(openntpd-shepherd-service): Adapt following the move of the code to the above
procedure.
* tests/networking.scm: Add a test for the `openntpd-configuration->string'
procedure.
* gnu/services/networking.scm (ntp-server-types): New enum.
(<ntp-server>): New record type.
(ntp-server->string): New procedure.
(%ntp-servers): Define in terms of <htp-server> records. Use the first
entrypoint server as a pool instead of a list of static servers. This is more
resilient since a new server of the pool can be interrogated on every
request. Add the 'iburst' options.
(ntp-configuration-servers): Define a custom accessor that warns but honors
the now deprecated server format.
(<ntp-configuration>): Use it.
(%openntpd-servers): New variable,
(<openntpd-configuration>): Use it, as a pool ('servers' field) instead of a
regular server.
* tests/networking.scm: New file.
* Makefile.am (SCM_TESTS): Register it.
* doc/guix.texi: Update documentation.
Otherwise the following messages would be printed by ntpd:
Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.
Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).
* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
This is documented as best practice in `man ntpd', and is required to allow
the date to be set correctly when traveling (without having to manually update
the hardware clock in the BIOS/UEFI).
* gnu/services/networking.scm (<ntp-server>)[allow-large-adjustment?]: Set the
default value to #t.
* doc/guix.texi (Networking Services): Update documentation.
This reverts commit 3b38bf141a.
The Guix project discussed this years ago and decided against including
/usr/bin/env. That decision should not be reversed without a wider
discussion.
* gnu/services/cups.scm (error-policy, cups-configuration): Substitute
RETRY-CURRENT-JOB for the obsolete RETRY-THIS-JOB name of this policy.
* doc/guix.texi (Printing Services): Likewise.
* gnu/services/cups.scm (comma-separated-string-list?)
(serialize-comma-separated-string-list): New variables.
(cups-configuration)[browse-dns-sd-sub-types]: New field.
* doc/guix.texi (Printing Services): Document it.
* gnu/services/cuirass.scm (<cuirass-configuration>): Add web-log-file field.
(cuirass-shepherd-service): Read it and use it.
* doc/guix.texi (Continuous Integration): Document it.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems.
* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
