Commit graph

1827 commits

Author SHA1 Message Date
Josselin Poiret
c970edad23
services: elogind: Add elogind as a shepherd PAM requirement.
* gnu/services/desktop.scm (pam-extension-procedure): Add the elogind shepherd
requirement to the PAM extension.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-05-11 13:21:45 +02:00
Josselin Poiret
2df5d4fd18
system: pam: Let PAM extensions add shepherd requirements.
* gnu/system/pam.scm (<pam-extension>): New record type.
(pam-shepherd-service): Add Shepherd synchronization point.

* gnu/services/mail.scm (dovecot-shepherd-service)
* gnu/services/lightdm.scm (lightdm-shepherd-service)
* gnu/services/mail.scm (opensmtpd-shepherd-service)
* gnu/services/sddm.scm (sddm-shepherd-service)
* gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service)
* gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service)
* gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement.

* gnu/system/pam.scm (/etc-entry, extend-configuration,
pam-root-service-type, pam-root-service)
* gnu/services/authentication.scm (pam-ldap-pam-service)
* gnu/services/base.scm (pam-limits-service-type)
(greetd-pam-service)
* gnu/services/desktop.scm (pam-gnome-keyring)
* gnu/services/kerberos.scm (pam-krb5-pam-service)
* gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use
pam-extension.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-05-11 13:21:45 +02:00
Ludovic Courtès
695042ff10
services: syslog: Do not call 'umask' in PID 1.
Fixes a race condition when starting services in parallel with shepherd
0.10.x whereby a service might create files and directories with umask #o137.

An example is the bitlbee service with its least-authority wrapper: the
wrapper would create a tree with directories set to #o640, thereby
making the whole directory tree inaccessible.

* gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask
to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
2023-05-11 13:21:45 +02:00
Ludovic Courtès
3a00aba9e9
services: dicod, bitlbee: Pass 'make-inetd-constructor' a list of endpoints.
'make-inetd-constructor' accepts a list of endpoints since version 0.9.1
of the Shepherd (released in May 2022).

* gnu/services/dict.scm (dicod-shepherd-service): Pass
'make-inetd-constructor' a list of endpoints.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
2023-05-11 13:21:45 +02:00
Christopher Baines
98c3931641
services: guix-build-coordinator-agent: Support max-parallel-uploads.
This should be usable with the new guile-gnutls.

* gnu/services/guix.scm
(guix-build-coordinator-agent-configuration-max-parallel-uploads): New
procedure.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Use
the new argument.
* doc/guix.texi (Guix Services): Document it.
2023-05-10 11:06:20 +01:00
Christopher Baines
a759cbffaf
services: guix-build-coordinator: Support extra environment vars.
I'm looking at this because I need to do some debugging of Guile's GC, and
there are some useful environment variables for that, but it should be
generally useful.

* gnu/services/guix.scm (guix-build-coordinator-configuration-extra-environment-variables):
New procedure.
(guix-build-coordinator-shepherd-services): Pass the environment variables to
the shepherd.
* doc/guix.texi (Guix Services): Document it.
2023-05-09 16:19:21 +01:00
Efraim Flashner
c1ffe2f21b
service: qemu-binfmt: Remove broken qemu targets.
* gnu/services.virtualization.scm (%qemu-platforms): Remove %i486,
%aarch64be.
2023-05-09 17:27:49 +03:00
Christopher Baines
c229937c6a
services: guix-build-coordinator: Simpify service startup.
Take advantage of changes in the build coordinator to reduce the complexity of
the service startup script.

* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Remove the
metrics registry and datastore.
2023-05-06 12:51:51 +01:00
Efraim Flashner
0584f5b489
services: qemu-binfmt: Add more targets.
* gnu/services/virtualization.scm (%i486, %sparc64, %aarch64be, %xtensa,
%xtensaeb, %microblaze, %microblazeel, %or1k, %hexagon, %loongson64):
New variables.
(%armeb): Correct family field.
(%qemu-platforms): Add them.
2023-05-04 22:28:56 +03:00
Efraim Flashner
f66344ed81
services: earlyoom: Rotate log files.
* gnu/services/linux.scm (%earlyoom-log-rotation): New variable.
(earlyoom-service-type): Add service-extension for log rotation.
2023-05-04 21:32:32 +03:00
Maxim Cournoyer
6bc3e3f9ba
services: cups: Use cups-minimal to avoid PAM authentication.
Fixes <https://issues.guix.gnu.org/63198>.

Our CUPS service doesn't currently extend the PAM configuration, and prevents
users from authenticating.  Use cups-minimal, which has no PAM support.

* gnu/services/cups.scm (cups-configuration) [cups]: Use cups-minimal.
(opaque-cups-configuration): Likewise.
2023-05-03 08:20:31 -04:00
Josselin Poiret
9f09903aff
system: guix: Use config's ACL file location.
* gnu/services/base.scm (substitute-key-authorization): Use %acl-file instead of
hardcoded "/etc/guix/acl".

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-30 23:11:05 +02:00
Bruno Victal
9be1ee6a49
services: tor: Deprecate 'tor-hidden-service' procedure.
Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.

This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.

* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-25 17:19:21 +02:00
Andreas Enge
d1252b597d
Merge remote-tracking branch 'origin/master' into core-updates 2023-04-22 09:21:22 +02:00
Ludovic Courtès
95731b4ef1
services: herd: 'load-services/safe' is synonymous with 'load-services'.
This is a followup to 547965aa27.

* gnu/services/herd.scm (load-services/safe): Make an alias for
'load-services'.
2023-04-21 16:16:37 +02:00
Ludovic Courtès
9385c82c54
services: nscd: Depend on syslogd.
This gets rid of nscd debug messages on the console at boot time.

* gnu/services/base.scm (nscd-shepherd-service): Add dependency on
'syslogd'.
2023-04-21 16:16:37 +02:00
Ludovic Courtès
e45306c198
services: postgresql: Add default package.
* gnu/services/databases.scm (<postgresql-configuration>)[postgresql]:
Add default value, moved from...
(postgresql-service-type)[default-value]: ... here.
2023-04-21 16:16:37 +02:00
Ludovic Courtès
1fa038324d
services: knot: Add 'configuration' action.
* gnu/services/dns.scm (knot-shepherd-service): Add 'actions' field.
2023-04-21 16:16:37 +02:00
Ludovic Courtès
70677d8822
services: rsync: Add 'configuration' action.
* gnu/services/rsync.scm (rsync-shepherd-service): Add 'actions' field.
2023-04-21 16:16:37 +02:00
Ludovic Courtès
0ac2ada05a
services: redis: Add 'configuration' action.
* gnu/services/databases.scm (redis-shepherd-service): Add 'actions'
field.
2023-04-21 16:16:36 +02:00
Ludovic Courtès
97f91aa4ac
services: mysql: Add 'configuration' action.
* gnu/services/databases.scm (mysql-shepherd-service): Add 'actions'
field.
2023-04-21 16:16:36 +02:00
Ludovic Courtès
a5fc3fc921
services: postgresql: Add 'configuration' action.
* gnu/services/databases.scm (postgresql-shepherd-service): Add
'actions' field.
2023-04-21 16:16:36 +02:00
Ludovic Courtès
7aaf278286
services: postgresql: Add the 'postgresql' Shepherd service name.
* gnu/services/databases.scm (postgresql-shepherd-service): Add
'postgresql' to 'provision'.
2023-04-21 16:16:36 +02:00
Maxim Cournoyer
2c1e17071d
services: syslog: Log auth.info to /var/log/secure in default configuration.
This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.

* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.

Series-to: 62802@debbugs.gnu.org
2023-04-21 09:04:40 -04:00
Maxim Cournoyer
9f890e39e4
services/syslog: Strip leading white space indent in syslog.conf.
This is a cosmetic change.

* gnu/services/base.scm (%default-syslog.conf): Add a comment referencing the
documentation.  Strip the extraneous leading trailing white space indent.
2023-04-21 09:04:40 -04:00
Maxim Cournoyer
2c67e98b37
services: syslog: Add a reload action.
* gnu/services/base.scm (syslog-service-type) [actions]: Add a reload action.
* doc/guix.texi (Base Services): Document it.
2023-04-21 09:04:40 -04:00
Maxim Cournoyer
1ae279d7c8
services: syslog: Move configuration to /etc/syslog.conf.
Having the configuration live at a static location makes it possible to
hot-reload it.

* gnu/services/base.scm (syslog.conf): New variable.
(syslog-etc, syslog-shepherd-service): New procedures.
(syslog-service-type): Rewrite using the above new variable and procedures,
extending etc-service-type with its configuration file.
2023-04-21 09:04:39 -04:00
Ludovic Courtès
2886a59d18
services: agetty: 'term-console' succeeds by default.
Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start.  This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.

This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.

* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
2023-04-19 20:12:20 -04:00
Ludovic Courtès
57e731c358
services: agetty: 'term-console' succeeds by default.
Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start.  This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.

This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.

* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
2023-04-17 23:50:41 +02:00
Maxim Cournoyer
3bacd3c76a
Merge branch 'master' into core-updates.
Conflicts:
	gnu/local.mk
	gnu/packages/build-tools.scm
	gnu/packages/certs.scm
	gnu/packages/check.scm
	gnu/packages/compression.scm
	gnu/packages/cups.scm
	gnu/packages/fontutils.scm
	gnu/packages/gnuzilla.scm
	gnu/packages/guile.scm
	gnu/packages/ibus.scm
	gnu/packages/image-processing.scm
	gnu/packages/linux.scm
	gnu/packages/music.scm
	gnu/packages/nss.scm
	gnu/packages/pdf.scm
	gnu/packages/python-xyz.scm
	gnu/packages/qt.scm
	gnu/packages/ruby.scm
	gnu/packages/shells.scm
	gnu/packages/tex.scm
	gnu/packages/video.scm
	gnu/packages/vulkan.scm
	gnu/packages/web.scm
	gnu/packages/webkit.scm
	gnu/packages/wm.scm
2023-04-14 17:15:08 -04:00
Bruno Victal
865df7f080
services: mpd: Use proper records for user and group fields.
Deprecate using strings for these fields and prefer user-account
(resp. user-group) instead to avoid duplication within account-service-type.

Fixes #61570 <https://issues.guix.gnu.org/61570>.

* gnu/services/audio.scm (%mpd-user, %mpd-group)
(mpd-serialize-user-account, mpd-serialize-user-group)
(mpd-user-sanitizer, mpd-group-sanitizer): New variables.
(mpd-configuration)[user]: Use user-account as value type.
Sanitize via mpd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mpd-group-sanitizer.
(mpd-shepherd-service): Adjust accordingly.
(mpd-accounts): Likewise.
* doc/guix.texi (Audio Services)[Music Player Daemon]: Likewise.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-14 15:12:11 -04:00
Bruno Victal
420adff18e
services: mpd: Fix unintentional API breakage for mixer-type field.
* gnu/services/audio.scm (mpd-output)[mixer-type]: Use sanitizer to
accept both strings and symbols as values.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-14 15:12:11 -04:00
Bruno Victal
337e681b7a
services: nginx: Add reopen action.
This is required to allow log file rotations using rottlog, etc.

* gnu/services/web.scm (nginx-shepherd-service): Add reopen shepherd action.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2023-04-11 12:19:01 -04:00
Bruno Victal
dd10ba4184
services: nginx: Make logging level configurable.
* gnu/services/web.scm (<nginx-configuration>)[log-level]: New field.
(assert-valid-log-level): New procedure.
(default-nginx-config): Make log-level configurable.
* doc/guix.texi (Web Services): Document it.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2023-04-11 12:19:01 -04:00
Bruno Victal
6586c114e9
services: desktop: Remove 'xfce-desktop-service' procedure.
* gnu/services/desktop.scm (xfce-desktop-service): Remove procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:58:33 +02:00
Bruno Victal
74c188ecc7
services: desktop: Remove 'mate-desktop-service' procedure.
* gnu/services/desktop.scm (mate-desktop-service): Remove procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:58:27 +02:00
Bruno Victal
21e8a10852
services: desktop: Remove 'gnome-desktop-service' procedure.
* gnu/services/desktop.scm (gnome-desktop-service): Remove procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:57:27 +02:00
Bruno Victal
d442b77596
services: guix-publish: Remove 'compression-level' field.
* gnu/services/base.scm (<guix-publish-configuration>)[compression-level]: Remove field.
(guix-publish-configuration-compression-level): Remove procedure.
(default-compression): Remove compression-level helper code.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:57:18 +02:00
Bruno Victal
189d30d727
services: base: Remove 'console-font-service' procedure.
* gnu/services/base.scm (console-font-service): Remove procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:57:07 +02:00
Bruno Victal
4f27c4e681
services: base: Remove 'console-keymap-service-type' variable.
* gnu/services/base.scm (console-keymap-service-type): Remove variable.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:57:02 +02:00
Bruno Victal
aeb5df82dd
services: sddm: Remove 'sddm-service' procedure.
* gnu/services/sddm.scm (sddm-service): Remove procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:56:55 +02:00
Bruno Victal
b92880d011
services: ntp-service-type: Remove deprecated server as strings support.
* gnu/services/networking.scm (<ntp-configuration>)[servers]: Rename accessor to ntp-configuration-servers.
(ntp-configuration-servers): Remove helper procedure.
(ntp-shepherd-service): Remove helper procedure usage.
* tests/networking.scm: Remove obsolete test.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-04-07 17:56:07 +02:00
Maxim Cournoyer
1d0158ab90
services: xvnc: Do not create a regular HOME directory for xvnc user.
* gnu/services/vnc.scm (%xvnc-accounts)
[home-directory]: Define as /var/empty.
[shell]: Set to nologin, for good measures.
2023-04-02 23:35:15 -04:00
Bruno Victal
380faf265b
services: mympd: Use records for user and group fields.
* gnu/services/audio.scm (%mympd-user, %mympd-group)
(mympd-user-sanitizer, mympd-group-sanitizer): New variables.
(mympd-configuration)[user]: Use user-account as value type.
Sanitize via mympd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mympd-group-sanitizer.
(mympd-serialize-configuration): Adjust accordingly.
(mympd-accounts): Likewise.
* doc/guix.texi (Audio Services)[myMPD]: Likewise.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-02 12:38:45 +02:00
Bruno Victal
7fdadeac11
services: mpd: Use proper records for user and group fields.
Deprecate using strings for these fields and prefer user-account
(resp. user-group) instead to avoid duplication within account-service-type.

Fixes #61570 <https://issues.guix.gnu.org/61570>.

* gnu/services/audio.scm (%mpd-user, %mpd-group)
(mpd-serialize-user-account, mpd-serialize-user-group)
(mpd-user-sanitizer, mpd-group-sanitizer): New variables.
(mpd-configuration)[user]: Use user-account as value type.
Sanitize via mpd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mpd-group-sanitizer.
(mpd-shepherd-service): Adjust accordingly.
(mpd-accounts): Likewise.
* doc/guix.texi (Audio Services)[Music Player Daemon]: Likewise.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-02 12:35:30 +02:00
Bruno Victal
2c4df1a41a
services: mpd: Fix unintentional API breakage for mixer-type field.
* gnu/services/audio.scm (mpd-output)[mixer-type]: Use sanitizer to
accept both strings and symbols as values.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-02 12:35:30 +02:00
Bruno Victal
0fbb356714
services: replace bare serializers with (serializer ...)
* gnu/home/services/shells.scm
(home-zsh-configuration)[environment-variables]: Use (serializer ...).
(home-bash-configuration)[aliases, environment-variables]: Likewise.
(home-fish-configuration)[abbreviations, aliases]
[environment-variables]: Likewise.
* gnu/services/audio.scm (mpd-configuration)[music-dir, playlist-dir]
[endpoints, address, inputs, archive-plugins, input-cache-size]
[decoders, filters, playlist-plugins]: Likewise.
* gnu/services/linux.scm (fstrim-configuration)[extra-arguments]:
Likewise.
* gnu/services/security.scm (fail2ban-jail-configuration)[backend]
[log-encoding, extra-content]: Likewise.
* tests/services/configuration.scm: Update tests.
("serialize-configuration [deprecated]"): New test.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-02 12:35:30 +02:00
Bruno Victal
6f48efa9b8
services: configuration: Add user-defined sanitizer support.
This changes the 'custom-serializer' field into a generic
'extra-args' field that can be extended to support new literals.
Within extra-args, the literals 'sanitizer' and 'serializer' allow
for user-defined sanitization and serialization procedures respectively.
The 'empty-serializer' was also added as a literal to be used as before.

To prevent confusion between the new “explicit” style of specifying
a sanitizer, and the old “implicit” style, the latter has been
deprecated, and a warning is issued if it is encountered.

* gnu/services/configuration.scm (define-configuration-helper):
Rename 'custom-serializer' to 'extra-args'.  Add support for literals
'sanitizer', 'serializer' and 'empty-serializer'.  Rename procedure
'field-sanitizer' to 'default-field-sanitizer' to avoid syntax clash.
Only define default field sanitizers if user-defined ones are absent.
(normalize-extra-args): New variable.
(<configuration-field>)[sanitizer]: New field.
* doc/guix.texi (Complex Configurations): Document the newly added
literals.
* tests/services/configuration.scm: Add tests for the new literals.

Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2023-04-02 12:31:51 +02:00
Bruno Victal
6d0ad93020
services: pam-limits-service-type: Deprecate file-like object support in favour for lists as service value.
* doc/guix.texi (Base Services): Document it.
* gnu/local.mk: Register test.
* gnu/services/base.scm (pam-limits-service-type): Accept both lists and
file-like objects. Deprecate file-like object support.
* gnu/tests/pam.scm: New file.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-03-30 23:18:16 +02:00
Bruno Victal
ed50531885
services: base: Deprecate 'pam-limits-service' procedure.
* doc/guix.texi (Base Services): Replace pam-limits-service with pam-limits-service-type.
* gnu/packages/benchmark.scm (python-locust)[description]: Update index anchor to manual.
* gnu/services/base.scm (pam-limits-service-type): Set default value.
(pam-limits-service): Deprecate procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-03-30 23:18:16 +02:00