Fixes a race condition when starting services in parallel with shepherd
0.10.x whereby a service might create files and directories with umask #o137.
An example is the bitlbee service with its least-authority wrapper: the
wrapper would create a tree with directories set to #o640, thereby
making the whole directory tree inaccessible.
* gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask
to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
'make-inetd-constructor' accepts a list of endpoints since version 0.9.1
of the Shepherd (released in May 2022).
* gnu/services/dict.scm (dicod-shepherd-service): Pass
'make-inetd-constructor' a list of endpoints.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
This should be usable with the new guile-gnutls.
* gnu/services/guix.scm
(guix-build-coordinator-agent-configuration-max-parallel-uploads): New
procedure.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Use
the new argument.
* doc/guix.texi (Guix Services): Document it.
I'm looking at this because I need to do some debugging of Guile's GC, and
there are some useful environment variables for that, but it should be
generally useful.
* gnu/services/guix.scm (guix-build-coordinator-configuration-extra-environment-variables):
New procedure.
(guix-build-coordinator-shepherd-services): Pass the environment variables to
the shepherd.
* doc/guix.texi (Guix Services): Document it.
Take advantage of changes in the build coordinator to reduce the complexity of
the service startup script.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Remove the
metrics registry and datastore.
Fixes <https://issues.guix.gnu.org/63198>.
Our CUPS service doesn't currently extend the PAM configuration, and prevents
users from authenticating. Use cups-minimal, which has no PAM support.
* gnu/services/cups.scm (cups-configuration) [cups]: Use cups-minimal.
(opaque-cups-configuration): Likewise.
Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.
This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.
* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.
* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.
Series-to: 62802@debbugs.gnu.org
This is a cosmetic change.
* gnu/services/base.scm (%default-syslog.conf): Add a comment referencing the
documentation. Strip the extraneous leading trailing white space indent.
Having the configuration live at a static location makes it possible to
hot-reload it.
* gnu/services/base.scm (syslog.conf): New variable.
(syslog-etc, syslog-shepherd-service): New procedures.
(syslog-service-type): Rewrite using the above new variable and procedures,
extending etc-service-type with its configuration file.
Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start. This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.
This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.
* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start. This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.
This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.
* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
Deprecate using strings for these fields and prefer user-account
(resp. user-group) instead to avoid duplication within account-service-type.
Fixes#61570 <https://issues.guix.gnu.org/61570>.
* gnu/services/audio.scm (%mpd-user, %mpd-group)
(mpd-serialize-user-account, mpd-serialize-user-group)
(mpd-user-sanitizer, mpd-group-sanitizer): New variables.
(mpd-configuration)[user]: Use user-account as value type.
Sanitize via mpd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mpd-group-sanitizer.
(mpd-shepherd-service): Adjust accordingly.
(mpd-accounts): Likewise.
* doc/guix.texi (Audio Services)[Music Player Daemon]: Likewise.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
* gnu/services/audio.scm (mpd-output)[mixer-type]: Use sanitizer to
accept both strings and symbols as values.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
This is required to allow log file rotations using rottlog, etc.
* gnu/services/web.scm (nginx-shepherd-service): Add reopen shepherd action.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/audio.scm (%mympd-user, %mympd-group)
(mympd-user-sanitizer, mympd-group-sanitizer): New variables.
(mympd-configuration)[user]: Use user-account as value type.
Sanitize via mympd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mympd-group-sanitizer.
(mympd-serialize-configuration): Adjust accordingly.
(mympd-accounts): Likewise.
* doc/guix.texi (Audio Services)[myMPD]: Likewise.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Deprecate using strings for these fields and prefer user-account
(resp. user-group) instead to avoid duplication within account-service-type.
Fixes#61570 <https://issues.guix.gnu.org/61570>.
* gnu/services/audio.scm (%mpd-user, %mpd-group)
(mpd-serialize-user-account, mpd-serialize-user-group)
(mpd-user-sanitizer, mpd-group-sanitizer): New variables.
(mpd-configuration)[user]: Use user-account as value type.
Sanitize via mpd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mpd-group-sanitizer.
(mpd-shepherd-service): Adjust accordingly.
(mpd-accounts): Likewise.
* doc/guix.texi (Audio Services)[Music Player Daemon]: Likewise.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
* gnu/services/audio.scm (mpd-output)[mixer-type]: Use sanitizer to
accept both strings and symbols as values.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
This changes the 'custom-serializer' field into a generic
'extra-args' field that can be extended to support new literals.
Within extra-args, the literals 'sanitizer' and 'serializer' allow
for user-defined sanitization and serialization procedures respectively.
The 'empty-serializer' was also added as a literal to be used as before.
To prevent confusion between the new “explicit” style of specifying
a sanitizer, and the old “implicit” style, the latter has been
deprecated, and a warning is issued if it is encountered.
* gnu/services/configuration.scm (define-configuration-helper):
Rename 'custom-serializer' to 'extra-args'. Add support for literals
'sanitizer', 'serializer' and 'empty-serializer'. Rename procedure
'field-sanitizer' to 'default-field-sanitizer' to avoid syntax clash.
Only define default field sanitizers if user-defined ones are absent.
(normalize-extra-args): New variable.
(<configuration-field>)[sanitizer]: New field.
* doc/guix.texi (Complex Configurations): Document the newly added
literals.
* tests/services/configuration.scm: Add tests for the new literals.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>