Fixes <https://issues.guix.gnu.org/55444>.
Previously shepherd and dbus-daemon would race to start elogind. In
some cases (for instance if one logs in quickly enough on the tty),
dbus-daemon would "win" and start elogind before shepherd has had a
chance to do it. Consequently, shepherd would fail to start elogind and
mark it as stopped and disabled, in turn preventing services that depend
on it such as 'xorg-server' from starting.
* gnu/services/desktop.scm (elogind-dbus-service): Rewrite to refer to a
wrapper that waits for the 'elogind' Shepherd service.
Fixes a bug introduced in 1f29ed4a81,
whereby 'authorized-key-directory' would end up creating empty files for
authorized keys passed as an extension.
See <https://issues.guix.gnu.org/55359>.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): Call
'alist->vhash' on the alist resulting from the 'append' call.
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-53.3de63f1.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id):
New procedure.
(guix-build-coordinator-queue-builds-shepherd-services): Use the guix-data-service-build-server-id.
* doc/guix.texi (Guix Build Coordinator): Document the new queue builds
configuration field.
This adds a simple log rotation extension to every networking service that
specifies a #:log-file in its Shepherd service, which should prevent some logs
from accumulating indefinitely.
* gnu/services/networking.scm (%ntp-log-rotation): New variable.
(ntp-service-type): Extend 'rottlog-service-type'.
(openntpd-shepherd-service): Change #:log-file argument to "/var/log/ntpd.log".
(openntpd-service-type): Extend 'rottlog-service-type'.
(%tor-log-rotation): New variable.
(tor-service-type): Extend 'rottlog-service-type'.
(%connman-log-rotation): New variable.
(connman-service-type): Extend 'rottlog-service-type'.
(%hostapd-log-rotation): New variable.
(hostapd-service-type): Extend 'rottlog-service-type'.
(%pagekite-log-rotation): New variable.
(pagekite-service-type): Extend 'rottlog-service-type'.
(%yggdrasil-log-rotation): New variable.
(yggdrasil-service-type): Extend 'rottlog-service-type'.
(%ipfs-log-rotation): New variable.
(ipfs-service-type): Extend 'rottlog-service-type'.
(%keepalived-log-rotation): New variable.
(keepalived-service-type): Extend 'rottlog-service-type'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/55335>.
Reported by Christopher Baines <mail@cbaines.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable.
<start>: Use it. When using 'make-inetd-constructor', pass a list of
endpoints as is possible with the Shepherd 0.9.1.
<stop>: Adjust accordingly.
* gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to...
["wait for port 22, IPv4"]: ... this.
["wait for port 22, IPv6"]: New test.
Fixes <https://issues.guix.gnu.org/55450>.
Fixes a bug introduced in 211fe3f66e
whereby the inetd-spawned process would run as root (it would still run
in a separate user namespace, with UID 1000 inside of it, but had the
authority of root).
* gnu/services/messaging.scm (bitlbee-shepherd-service): Pass #:user
and #:group to 'make-inetd-constructor'. Remove "-u bitlbee" argument
to BITLBEE*.
Previously, in the absence of extensions of 'pipefs-service-type', we'd
get a wrong-type-arg exception while folding services:
In gnu/services/nfs.scm:
134:37 1 (_ #<<pipefs-configuration> mount-point: "/var/lib/nfs…> …)
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
In procedure car: Wrong type argument in position 1 (expecting pair): ()
* gnu/services/nfs.scm (pipefs-service-type)[extend]: Gracefully handle
the case where VALUES is the empty list, as done in 'gss-service-type'.
This is a followup to b06ecc5751,
211fe3f66e, and
fd57ce267c.
* gnu/services/base.scm (guix-publish-shepherd-service): Change 'stop'
method to use 'make-systemd-destructor' when 'make-systemd-constructor'
is used.
* gnu/services/dict.scm (dicod-shepherd-service): Change 'stop' method
to use 'make-inetd-destructor' when 'make-inetd-constructor' is used.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
Fixes a regression introduced in
211fe3f66e whereby, in inetd mode, and
when using 'bitlbee-purple', libpurple plugins would not be found.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Pass
#:preserved-environment-variables to 'least-authority-wrapper'.
* gnu/services/networking.scm (opendht-configuration->command-line-arguments):
Use 'least-authority-wrapper'.
(opendht-shepherd-service): Use 'make-forkexec-constructor'.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Add call to
'least-authority-wrapper'. In 'start' method, use
'make-inetd-constructor' when available.
* gnu/tests/messaging.scm (run-bitlbee-test)["valid PID"]: Remove test.
* gnu/services/dict.scm (dicod-shepherd-service): Rewrite using
'least-authority-wrapper' plus 'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
* gnu/services/databases.scm (postgresql-service-type)[description]: New field.
(memcached-service-type)[description]: New field.
(mysql-service-type)[description]: New field.
(redis-service-type)[description]: New field.
* gnu/services/desktop.scm (geoclue-service-type)[description]: New
field.
(udisks-service-type)[description]: New field.
(elogind-service-type)[description]: New field.
(account-service-type)[description]: New field.
* gnu/services/kerberos.scm (krb5-service-type)[description]: New field.
(pam-krb5-service-type)[description]: New field.
* gnu/services/lirc.scm (lirc-service-type)[description]: New field.
* gnu/services/mail.scm (dovecot-service-type)[description]: New field.
(opensmtpd-service-type)[description]: New field.
(mail-aliases-service-type)[description]: New field.
(exim-service-type)[description]: New field.
* gnu/services/monitoring.scm (zabbix-server-service-type)[description]:
New field.
(zabbix-agent-service-type)[description]: New field.
* gnu/services/nfs.scm (rpcbind-service-type)[description]: New field.
(pipefs-service-type)[description]: New field.
(gss-service-type)[description]: New field.
(idmap-service-type)[description]: New field.
* gnu/services/spice.scm (spice-vdagent-service-type)[description]: New field.
* gnu/services/sysctl.scm (sysctl-service-type)[description]: New field.
* gnu/services/virtualization.scm (libvirt-service-type)[description]:
New field.
(virtlog-service-type)[description]: New field.
* gnu/services/vpn.scm (openvpn-server-service-type)[description]: New field.
(openvpn-client-service-type)[description]: New field.
(wireguard-service-type)[description]: New field.
* gnu/services/web.scm (httpd-service-type)[description]: New field.
(fcgiwrap-service-type)[description]: New field.
(agate-service-type)[description]: New field.
[name]: Fix.
* gnu/services/guix.scm (nar-herder-configuration-log-level): New procedure.
(nar-herder-shepherd-services): Pass the log-level to the nar-herder process.
* doc/guix.texi (Nar Herder): Document configuring the log-level.
Fixes <https://issues.guix.gnu.org/54812>.
Starting with Shepherd 0.9.0 and the use of 'make-inetd-constructor' in
commit 808b9e8504, systems might be
running transient Shepherd services such as those corresponding to SSH
connections. Before this change, 'shepherd-service-upgrade' would have
those transient services in the list of services to unload; concretely,
that would lead all SSH connections to be closed upon 'guix system
reconfigure'.
* gnu/services/shepherd.scm (shepherd-service-upgrade): Remove transient
services to TO-UNLOAD.
* gnu/services/herd.scm (<live-service>)[transient?]: New field.
(current-services): Check the value of 'transient?'. Call
'resolve-transients'.
(resolve-transients): New procedure.
* gnu/services/ssh.scm (openssh-shepherd-service): Use
'make-inetd-constructor' when it is defined.
(<openssh-configuration>)[max-connections]: New field.
* gnu/tests/ssh.scm (run-ssh-test)["sshd PID"]: Adjust to cope with
PID-FILE being #f.
* gnu/tests/ssh.scm (%test-openssh): Pass #f as the 'pid-file'
argument.
* doc/guix.texi (Networking Services): Document 'max-connections'.
* gnu/services/shepherd.scm (scm->go): Define 'shepherd&co' and pass it
to 'with-extensions'.
(shepherd-configuration-file): Call 'start-in-the-background' when it is
defined.
(<shepherd-configuration>)[shepherd]: Default to SHEPHERD-0.9.
* gnu/system.scm (hurd-default-essential-services): Use SHEPHERD-0.8.
* gnu/services/admin.scm (<log-cleanup-configuration>): New record
type.
(log-cleanup-program, log-cleanup-mcron-jobs): New procedures.
(log-cleanup-service-type): New variable.
* doc/guix.texi (Log Rotation): Document it.
Fixes <https://issues.guix.gnu.org/35450>.
This driver isn't intended to be installed by default as it takes
precedence over the recommended xf86-input-libinput.
* gnu/services/xorg.scm (%default-xorg-modules): Remove
xf86-input-synaptics.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/services/telephony.scm (murmur-activation):
(murmur-shepherd-service): Change file name of mumble server, which is
now called mumble-server instead of murmurd since version 1.4.x.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/pm.scm (<thermald-configuration>): Add 'adaptive?' field.
(thermald-shepherd-service): Use it to pass --adaptive to thermald.
* doc/guix.texi (Power Management Services): Document the 'adaptive?' field of
'thermald-configuration'.
This reverts commit 0a9e82b430, which didn't end
up fixing anything. The problem was elsewhere; namely, using
'operating-system-services' instead of 'operating-system-user-services'.
Attempting to use the 'nfs-service-type' as part of a computed
operating-system definition, the following exception would be thrown:
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
ERROR:
1. &ambiguous-target-service-error:
service: #<<service> type: #<service-type rpcbind 7f7529853780> value: #<<rpcbind-configuration> rpcbind: #<package rpcbind@1.2.6 gnu/packages/onc-rpc.scm:87 7f75389e78f0> warm-start?: #t>>
target-type: #<service-type shepherd-root 7f7529396080>
2. &message: "more than one target service of type 'shepherd-root'"
The problem was that the rpcbind shepherd-service object was dynamically
instantiated every time the rpcbind-service-type would be called, causing
multiple objects in some situations, resulting in the above condition.
* gnu/services/nfs.scm (rpcbind-service-type): Refactor and adjust in a way to
extract...
(rpcbind-shepherd-service): ... this new procedure.
The justification about the order of activation snippets given in the
comment had been obsolete since
39e3b4b7ce.
Lately, running the activation snippets for "ssh-keygen -A" and "guix
archive --generate-key" would take a little bit too long, thereby
preventing the childhurd from starting on time.
* gnu/services/virtualization.scm (secret-service-operating-system):
Clear 'generate-host-keys?' and 'generate-substitute-key?'.
* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]:
New field.
(openssh-activation): Honor it.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/base.scm (<guix-configuration>)[generate-substitute-key?]:
New field.
(guix-activation): Honor it.
* doc/guix.texi (Base Services): Document it.
* gnu/services/sound.scm (pulseaudio-environment)
[PULSE_CONFIG, PULSE_CLIENTCONFIG]: Use fixed locations, and move logic to...
(pulseaudio-etc): ... this service extension. Guard against producing empty
files.
Fixes <https://issues.guix.gnu.org/47681>.
This change adjusts the location of the udev configuration file and rules
directory to a fixed location. Since udev relies on inotify to discover
change to its rules directory (/etc/udev/rules.d), by using a fixed directory
layout, new udev rules can be automatically picked up without restarting the
service.
* gnu/services/base.scm (udev-rules-union): Build rules output directly
in #$output.
(udev-shepherd-service)[start]: Adjust the UDEV_CONFIG_FILE and
EUDEV_RULES_DIRECTORY environment variables.
[actions]: Remove field. The 'rules' action is no longer useful.
(udev.conf): New variable.
(udev-etc): New procedure.
(udev-service-type): Extend the etc-service-type with it.
This is a follow-up to 488f1c589df; the problem had re-appeared on my machine.
* gnu/services/dbus.scm (dbus-configuration-directory): Increase
'auth_timeout' value from 60000 to 300000 ms (5 minutes).
Previously, by accessing the raw <qemu-guest-agent-configuration>
fields, 'qemu' would match the first field, which is the '%location'
field, not the 'qemu' field.
It would seem this bug has always been present since the addition of the
'location' field in d132d9f96b predates
the addition of 'qemu-guest-agent-service-type' in
f634a0baab.
Fixes <https://issues.guix.gnu.org/54041>.
Reported by Ricardo Wurmus <rekado@elephly.net>.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service):
Use accessors for <qemu-guest-agent-configuration>.
This ensures the services does not start before mounts are up.
Reported by rekado on #guix.
* gnu/services/monitoring.scm (zabbix-server-shepherd-service,
zabbix-agent-shepherd-service)[requirement]: New field.
* doc/guix.texi (Monitoring Services): Document the various 'zabbix-*' service
types, and expand description of all Zabbix services. Use less marketing terms.
(Web Services): Add subsubheading for PHP-FPM, and anchors for
cross-referencing.
* gnu/services/monitoring.scm (zabbix-front-end-configuration): Use @ref
instead of @pxref for cross-referencing.
This is a follow-up to 326e08bf0f, et.al.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Rename
to ...
(%zabbix-front-end-configuration-nginx): ... this.
(zabbix-front-end-nginx-extension): Adjust accordingly.
Commit e301f1a8ed removed the NGINX argument
entirely, but users may rely on and override it. Reported by rekado on #guix.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Restore
exported variable.
(zabbix-front-end-nginx-extension): New procedure.
(zabbix-front-end-configuration): Remove FASTCGI-PARAMS field. Restore NGINX
field, but default to the empty list.
(zabbix-front-end-service-type): Extend NGINX-SERVICE-TYPE by
ZABBIX-FRONT-END-NGINX-EXTENSION.
* doc/guix.texi (Monitoring Services): Regenerate documentation.
* gnu/services/guix.scm (<nar-herder-configuration>): Add ttl and negative-ttl
fields.
(nar-herder-shepherd-services): Pass the ttl and negative-ttl values to the
service.
* doc/guix.texi (Guix Services): Document this.
This resolves some warnings with Django 3.2.
This was added by upstream to the base settings
43e5c4a0ac
* gnu/services/web.scm (patchwork-settings-module-compiler): Specify
DEFAULT_AUTO_FIELD in the settings module.
PulseAudio provides udev rules used to adjust the configuration of certain
hardware (e.g., sound cards); ensure they get used.
* gnu/services/sound.scm (pulseaudio-service-type): Extend the
udev-service-type with the pulseaudio package.
This makes it possible to do e.g. (include-files (list (local-file "foo.conf"))).
* gnu/services/monitoring.scm (serialize-field, serialize-list,
serialize-include-files, serialize-extra-options): Rewrite as gexps.
(zabbix-server-config-file, zabbix-agent-config-file): Simplify builders by
using FORMAT.
* gnu/services/monitoring.scm (zabbix-server-runtime-control-procedure,
zabbix-server-actions): New variables.
(zabbix-server-shepherd-service)[actions]: New field. Let-bind variables
common between actions and the start procedure.
This is a follow-up to commit 078f5bfae7.
* gnu/services/monitoring.scm (zabbix-front-end-config): When DB-PASSWORD is
set, enclose the password with quotes in the configuration file.
I noticed that pam_mount mounts work fine when loging into a textual
session, but not when using sddm. This patch fixes this problem by
ensuring that pam_mount.so is included in /etc/pam.d/sddm config file.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Add sddm to the list of
pam services.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
* gnu/services/telephony.scm (jami-configuration)[jamid]: Rename libring to
libjami.
* gnu/services/telephony.scm
(jami-configuration->command-line-arguments): Adjust daemon file name.
* gnu/services/telephony.scm (jami-service-type): Adjust doc.
* gnu/tests/telephony.scm (run-jami-test): Check for 'jamid' process, not
'dring'.
* doc/guix.texi (Telephony Services): Adjust doc for the jami-qt to jami and
libring to libjami packages renaming.
Earlier, the bind-rpc field of <laminar-configuration> was not used at
all. This was a bug.
* gnu/services/ci.scm (laminar-shepherd-service): Use bind-rpc to set
LAMINAR_BIND_RPC environment variable.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
Use target-x86-64? from (guix utils) to decide if the system is an x86_64
system instead of comparing the strings ourselves.
Previously, we would get a fishy 127.0.0.1/0 interface:
$ ip a show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.0.1/0 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
With this change, we get nothing but the "/8" version:
$ ip a show dev lo
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
Reported by Yann Dupont <Yann.Dupont@univ-nantes.fr>.
* gnu/services/base.scm (assert-valid-address): Remove special cases for
127.0.0.1 and ::1.
(%loopback-static-networking): Add "/8".
This is a follow-up to 49599fab56.
Fixes: <https://issues.guix.gnu.org/52908>.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
When the current system or target system begins with the string "x86_64", use
gdm-service-type as before; otherwise, use sddm-service-type.
* gnu/system/examples/vm-image.tmpl (services): Add sddm-service-type to the
list of service types to remove.
Fixes: <https://issues.guix.gnu.org/32166>.
* gnu/services/desktop.scm (gnome-packages, gnome-udev-rules): New procedures.
(gnome-polkit-settings): Use the gnome-packages procedure.
(gnome-desktop-service-type): Add an udev service extension.
This avoids issues where the coordinator component dependencies (like sqitch
and guile-fibers) make it harder to use the agent.
* gnu/packages/package-management.scm (guix-build-coordinator/agent-only): New
variable.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): Use
the guix-build-coordinator/agent-only package by default.
* doc/guix.texi (Guix Services): Update accordingly.
Fixes <https://issues.guix.gnu.org/issue/52051>.
* gnu/services/dbus.scm (dbus-configuration-directory): Set a 60 second
authentication timeout in the D-Bus configuration.
Until now the rsync service would export a single module, named
"files". This allows users to specify as many modules as they want, in
line with rsyncd.conf(5).
* gnu/services/rsync.scm (warn-share-field-deprecation): New procedure.
(<rsync-configuration>)[modules]: New field.
[share-path, share-comment, read-only?, timeout]: Mark as deprecated.
(<rsync-module>): New record type.
(%default-modules): New variable.
(rsync-configuration-modules): New procedure.
(rsync-activation): Create the directory of each module.
(rsync-config-file): Generate configuration for each module.
(rsync-service-type)[description]: New field.
* doc/guix.texi (Networking Services): Adjust documentation. Augment
example.
This makes sure users do not mistakenly configuring a network with "/0"
as its netmask.
* gnu/services/base.scm (assert-valid-address): New procedure.
(<network-address>)[value]: Add it as 'sanitize'.