Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
* gnu/services/base.scm (pam-limits-service-type): For "gdm-password" pam
service, include "limits.conf".
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/guix.scm: New file.
* gnu/tests/guix.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add both new files.
* doc/guix.texi (Guix Services): New section documenting the Guix Data
Service.
As defaulting by stderr, along with the shepherd service not directing the
output to a log file makes seeing the output difficult, compared to logging to
syslog.
* gnu/services/virtualization.scm (libvirt-configuration)[log-outputs]: Change
default from "3:stderr" to "3:syslog:libvirtd".
Fixes <https://bugs.gnu.org/37423>.
Reported by Jan <tona_kosmicznego_smiecia@interia.pl>.
* gnu/services/xorg.scm (%gdm-activation): New variable.
(gdm-service-type)[extensions]: Add 'activation-service-type'.
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/certbot.scm (certbot-command): Add
--manual-public-ip-logging-ok flag to the certbot command when doing a
manual challenge.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to ef640db2f5.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Set
'#:environment-variables' for 'make-forkexec-constructor'.
This reverts commit 903e051a71 to fix
<https://bugs.gnu.org/31365>. The full path of the 'ip' command is already
embedded, and we want to search 'qemu' in PATH.
* gnu/packages/virtualization.scm (libvirt): Remove 'wrap-libvirtd phase. Add
configure flags to run qemu as 'nobody:kvm'.
* gnu/services/virtualization.scm (libvirt-service-type): Add 'qemu' to the
system profile.
This fixes issue #37318 (see: http://bugs.gnu.org/37318).
* gnu/services/networking.scm (openntpd-configuration->string): Rewrite in
order to make the "openntpd configuration generation sanity check" test pass.
See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318.
* gnu/services/networking.scm (openntpd-configuration->string): New procedure,
extracted from top of the `openntpd-shepherd-service' to make it testable.
(openntpd-shepherd-service): Adapt following the move of the code to the above
procedure.
* tests/networking.scm: Add a test for the `openntpd-configuration->string'
procedure.
* gnu/services/networking.scm (ntp-server-types): New enum.
(<ntp-server>): New record type.
(ntp-server->string): New procedure.
(%ntp-servers): Define in terms of <htp-server> records. Use the first
entrypoint server as a pool instead of a list of static servers. This is more
resilient since a new server of the pool can be interrogated on every
request. Add the 'iburst' options.
(ntp-configuration-servers): Define a custom accessor that warns but honors
the now deprecated server format.
(<ntp-configuration>): Use it.
(%openntpd-servers): New variable,
(<openntpd-configuration>): Use it, as a pool ('servers' field) instead of a
regular server.
* tests/networking.scm: New file.
* Makefile.am (SCM_TESTS): Register it.
* doc/guix.texi: Update documentation.
Otherwise the following messages would be printed by ntpd:
Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.
Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).
* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
This is documented as best practice in `man ntpd', and is required to allow
the date to be set correctly when traveling (without having to manually update
the hardware clock in the BIOS/UEFI).
* gnu/services/networking.scm (<ntp-server>)[allow-large-adjustment?]: Set the
default value to #t.
* doc/guix.texi (Networking Services): Update documentation.
This reverts commit 3b38bf141a.
The Guix project discussed this years ago and decided against including
/usr/bin/env. That decision should not be reversed without a wider
discussion.
* gnu/services/cups.scm (error-policy, cups-configuration): Substitute
RETRY-CURRENT-JOB for the obsolete RETRY-THIS-JOB name of this policy.
* doc/guix.texi (Printing Services): Likewise.
* gnu/services/cups.scm (comma-separated-string-list?)
(serialize-comma-separated-string-list): New variables.
(cups-configuration)[browse-dns-sd-sub-types]: New field.
* doc/guix.texi (Printing Services): Document it.
* gnu/services/cuirass.scm (<cuirass-configuration>): Add web-log-file field.
(cuirass-shepherd-service): Read it and use it.
* doc/guix.texi (Continuous Integration): Document it.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems.
* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
Extends the dbus service when vpn plugins are enabled.
* gnu/services/networking.scm (network-manager-service-type): Load vpn plugins
when extending dbus service.
This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.
* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (%network-manager-activation): Rename to...
(network-manager-activation): ... this and make it a procedure. Make it
create '/var/lib/misc' when using dnsmasq.
(network-manager-service-type): Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (usb-modeswitch-service-type): New variable.
(usb-modeswitch-configuration): New variable.
(usb-modeswitch-sh): New procedure.
(usb-modeswitch-configuration->udev-rules): New procedure.
* doc/guix.texi (Networking Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/36207>.
Reported by Jack Hill <jackhill@jackhill.us>.
* gnu/services/admin.scm: Remove unneeded import of (gnu services
base).
* gnu/services/mcron.scm: Likewise.
This makes it easier to read the output, as it's recorded in a file.
* gnu/services/base.scm (guix-publish-shepherd-service): Add #:log-file to
make-forkexec-constructor.
* gnu/packages/linux.scm (singularity)[source](snippet): Change file
name of setuid helpers in libexec/cli/*.exec.
[arguments]: Remove "--disable-suid".
* gnu/services/docker.scm (%singularity-activation): New variable.
(singularity-setuid-programs): New procedure.
(singularity-service-type): New variable.
* gnu/tests/singularity.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
This is a followup to b8fa86adfc.
* guix/deprecation.scm (warn-about-deprecation): Make public.
* gnu/services/base.scm (<guix-publish-configuration>)[compression]: New
field.
[compression-level]: Default to #f. Add '%' to getter name.
(guix-publish-configuration-compression-level): Define as deprecated.
(default-compression): New procedure.
(guix-publish-shepherd-service)[config->compression-options]: New
procedure.
Use 'match-record' instead of 'match'.
* doc/guix.texi (Base Services): Remove 'compression-level' and document
'compression'.
* gnu/service/web.scm (<patchwork-database-configuration>
<patchwork-settings-module>, <patchwork-configuration>): New record types.
(patchwork-virtualhost): New procedure.
(patchwork-service-type): New variable.
* gnu/tests/web.scm (%test-patchwork): New variable.
* doc/guix.text (Web Services): Document it.
Getmail is a mail retriever written in Python, this commit adds a service-type
to run getmail. I'm looking at this, as it's a convinient way of getting
mailing list messages in to Patchwork.
I initially tried putting this in the (gnu services mail) module, but due to
also trying to use the define-configuration pattern, it conflicted with the
dovecot service.
* gnu/services/getmail.scm: New file.
* gnu/local.mk: Add it.
* gnu/tests/mail.scm (%getmail-os, %test-getmail): New variables.
(run-getmail-test): New procedure.
* gnu/services/sddm.scm (sdm-pam-service): Set uid from CONFIG.
(sdm-autologin-pam-service): Set uid from CONFIG.
(sdm-pam-services): Pass CONFIG to 'sddm-pam-service' and
'sddm-autologin-pam-service'.
* doc/guix.texi (X Window): Adjust 'minimum-uid' documentation.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This makes it easier to read the output, as it's recorded in a file.
* gnu/services/mcron.scm (mcron-shepherd-services): Add #:log-file to
make-forkexec-constructor.
This partially addresses <https://bugs.gnu.org/35267>.
* gnu/services/xorg.scm (dbus-daemon-wrapper): When available, include
directories from '~/.guix-profile' in the search paths of the D-Bus
daemon.
* gnu/services/mail.scm (dovecot-configuration)[auth-verbose-passwords?]:
Rename to auth-verbose-passwords, and change the type to a string, as this
parameter can take one of three string values.
* doc/guix.texi (Dovecot service): Update the corresponding documentation.
This change makes it possible to add multiple SLiM services to an operating
system configuration by setting the new 'display' and 'vt' fields in their
configurations to different values. Each SLiM service will get its own
authfile, logfile, lockfile, and shepherd service, which will start SLiM on a
different tty.
* gnu/services/xorg.scm: Export slim-configuration-display and
slim-configuration-vt.
(<slim-configuration>)[display, vt]: New fields.
(slim-shepherd-service): Refactor let.
[slim.cfg]: Use new fields for setting display_name, xserver_arguments,
authfile, lockfile, and logfile.
[shepherd-service][provision]: Name the shepherd service according to the
value of 'vt'.
[shepherd-service][start]: Delete the right lockfile.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The Docker proxy enables inter-container and outside-to-container loopback,
and is required by the Docker registry server.
* gnu/services/docker.scm (docker-configuration)[proxy,
enable-proxy?]: Add fields.
(docker-shepherd-service): Use them.
(serialize-boolean): New function.
Until now 'guix system search bluetooth' would turn up nothing.
* gnu/services/desktop.scm (bluetooth-service-type)
(bluetooth-configuration): Make public.
(bluetooth-service-type)[description]: New field.
Previously setting the slim field in slim-configuration would have no effect.
* gnu/services/xorg.scm (slim-shepherd-service): Remove unused let binding for
slim. Use (slim-configuration-slim config) instead of the default slim.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes a longstanding issue whereby, due to our long fstab that included
pseudo file systems like cgroup mounts, graphical file managers would
display all of these. Initially reported at
<https://lists.gnu.org/archive/html/help-guix/2017-11/msg00084.html>.
* gnu/services/base.scm (file-system-fstab-entries): New procedure.
(file-system-service-type): Use it to extend FSTAB-SERVICE-TYPE.
This hack worked around a defect in the Shepherd 0.5.0 and is no longer
needed.
* gnu/services/shepherd.scm (%containerized-shepherd-service): Remove.
* gnu/system/linux-container.scm (container-essential-services): Don't
use it.
* gnu/services/shepherd.scm (<shepherd-service>)[one-shot?]: New field.
(shepherd-service-file): Pass #:one-shot? to the <service> constructor.
* doc/guix.texi (Shepherd Services): Document it.
* gnu/services/mail.scm (<imap4d-configuration>): New record type.
(imap4d-shepherd-service): New procedure.
(%default-imap4d-config-file, imap4d-service-type): New variables.
* gnu/services/mail.scm (Mail Services): Document it.
* gnu/services/xorg.scm (localed-service-type)[package]: Return the
empty list when the 'keyboard-layout' field is #f.
[compose]: Use 'find' instead of 'first'.
Fixes a bug whereby not extending GDM would lead us to do:
(first '())
in the 'compose' method.
Regression introduced in 305a732a0a.
* gnu/services/xorg.scm (gdm-service-type)[compose]: Handle the case
where EXTENSIONS is empty.
[extend]: Handle the case where XORG-CONFIGURATION is #f.
* gnu/services/xorg.scm (gdm-service-type)[compose, extend]: New fields.
(set-xorg-configuration): New procedure.
* doc/guix.texi (Keyboard Layout): Use it.
(X Window): Document it.
* gnu/system/examples/desktop.tmpl: Add 'keyboard-layout' fields.
This fixes a bug whereby GDM would always switch to US English keyboard
layout regardless to the configured Xorg keyboard layout.
* gnu/services/xorg.scm (<localed-configuration>): New record type.
(localed-dbus-service): New procedure.
(localed-service-type): New variable.
(gdm-service-type): Extend LOCALED-SERVICE-TYPE.
Commit 554b860739 introduces changes to the
slim-configuration record without updating the exported methods.
* gnu/services/xorg.scm: Export slim-configuration-xorg and
slim-configuration-sessreg.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (X Window): Document 'gdm-service-type' and
'gdm-configuration'. Take description of '.desktop' files from the
'slim-service-type' description.
* gnu/services/xorg.scm (gdm-service): Remove outdated comment.
* gnu/services/networking.scm (openvswitch-service-type): Provide
OPENVSWITCH-CONFIGURATION as a default value.
* gnu/tests/networking.scm (%openvswitch-os): Don't configure the service.
* gnu/services/desktop.scm (%desktop-services): Replace
SLIM-SERVICE-TYPE instance with an instance of GDM-SERVICE-TYPE.
* doc/guix.texi (Keyboard Layout): Change example to mention
GDM-SERVICE-TYPE.
(X Window): Mention GDM.
(Desktop Services): Adjust references to SLiM.
I'm not sure how this service ever worked, but SDDM started consistently
failing on one machine seemingly because of this setting.
* gnu/services/sddm.scm (sddm-configuration-file): Append /bin/X to the
ServerPath setting.
This is a followup to 598757e038.
* gnu/services/xorg.scm (xorg-configuration->file): Check whether
'xorg-configuration-keyboard-layout' returns #f before calling
'keyboard-layout-options'.
* gnu/services/xorg.scm (<xorg-configuration>)[keyboard-layout]: New
field.
(xorg-configuration->file)[input-class-section]: New procedure.
Use it.
* doc/guix.texi (X Window): Document 'keyboard-layout' field.
Co-authored-by: nee <nee-git@hidamari.blue>
Add a service that runs inputattach as a daemon to translate events from
serial ports.
* gnu/services/desktop.scm (<inputattach-configuration>): New record type.
* gnu/services/desktop.scm (inputattach-service-type): New service type.
* doc/guix.texi (Miscellaneous Services): Add inputattach Service
subsubheading.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This makes the first boot slightly faster.
* gnu/services/base.scm (not-config?): New procedure.
(hydra-key-authorization): Rewrite to pre-compute the default ACL, and
pre-compute it using (guix pki) directly.
Until now we were allocating the UIDs of build users above 30000, which
is in "normal" user UID range. This static allocation was unnecessary,
so this change lets the system allocate UIDs in the system range (below
1000).
* gnu/services/base.scm (guix-build-accounts): Remove #:first-uid, and
remove 'uid' field from 'user-account'.
Fixes <https://bugs.gnu.org/34788>.
Reported by Jack Hill <jackhill@jackhill.us>.
Regression introduced by the combination of
8bb76f3d44 and
0ae735bcc8: /var/empty would be 700 and
owned by one of the system accounts (thus inaccessible to others), and
/var/run/dbus would be 700 as well, thereby preventing D-Bus clients
from connecting to the daemon.
* gnu/build/activation.scm (duplicates): New procedure.
(activate-users+groups)[system-accounts]: New variable.
Use it. Make shared system account home directories #o555 and
root-owned.
* gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755.
* gnu/tests/base.scm (run-basic-test): Test the ownership and
permissions of /var/empty.
* gnu/packages/gnome.scm (gdm)[arguments]: Update pre-configure phase so
that GDM runs an X session script specified by the variable
GDM_X_SESSION; remove the '--enable-gdm-xsession' configuration
option.
* gnu/services/xorg.scm (<gdm-configuration>): Add 'x-session' field.
(gdm-shepherd-service): Set the GDM_X_SESSION variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit removes the remaining implicit dependencies that the GDM
service had on the GNOME Desktop service.
* gnu/services/xorg.scm (gdm-configuration): Add a gnome-shell-assets
field for specifying any icons or fonts that the GNOME Shell theme
needs.
(gdm-shepherd-service): Remove environment variables pointing to
'/run/current-system' and set XDG_DATA_DIRS so that it points to
'gnome-shell' and its assets.
(gdm-service-type): Extend 'profile-service-type' to ensure that
necessary fonts are installed in the system profile.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnome.scm (gdm)[arguments]: Modify the pre-configure
phase so that GDM propagates the GDM_DBUS_DAEMON variable into the
session environment and uses its value to invoke dbus-daemon.
* gnu/services/xorg.scm (dbus-daemon-wrapper): New variable.
(<gdm-configuration>): Add 'dbus-daemon' field.
(gdm-shepherd-service): Set GDM_DBUS_DAEMON before invoking gdm.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnome.scm (gdm)[arguments]: Update pre-configure phase to
make GDM get the configuration file path from an environment variable.
* gnu/services/xorg.scm (gdm-etc-service): Remove function.
(gdm-configuration-file): New function.
(gdm-shepherd-service): Set GDM_CUSTOM_CONF before invoking GDM.
(gdm-service-type)[extensions]: Remove etc-service-type extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This has now been replaced by the upower-service-type and
<upower-configuration> record.
* gnu/services/desktop.scm (upower-service): Deprecate this procedure.
Add a description and default value. Switch the documentation to mention the
service-type and the configuration record, rather than the upower-service
procedure.
* gnu/services/desktop.scm (upower-service-type)[description, default-value]:
Define these fields.
(%desktop-services): Change (upower-service) to (service upower-service-type).
* doc/guix.texi (Desktop Services): Update the upower service documentation.
Copy the defaults from the upower-service procedure to the
<upower-configuration> record type. This will allow making it the default
value for the upower-service-type, and deprecating the procedure. Export the
field accessors so that the <upower-configuration> record type becomes more
usable.
* gnu/services/desktop.scm (<upower-configuration>): Export it.
(upower-configuration-upower, upower-configuration-watts-up-pro?,
upower-configuration-poll-batteries?, upower-configuration-ignore-lid?,
upower-configuration-use-percentage-for-policy?,
upower-configuration-percentage-low, upower-configuration-percentage-critical,
upower-configuration-percentage-action, upower-configuration-time-low,
upower-configuration-time-critical, upower-configuration-time-action,
upower-configuration-critical-power-action): Add default and export.
This service integrates cups and PolicyKit. The gnome-control-center printing
section uses this functionality.
* gnu/sevices/desktop.scm (cups-pk-helper-service-type): New variable.
(%desktop-services): Add the cups-pk-helper service.