This allows the dconf profile directive "system-db:" to look up profiles by
name from under /etc/dconf/db/.
* gnu/services/xorg.scm (dconf-keyfile, dconf-profile): New procedures.
(dconf-profiles?): New predicate.
(dconf-configuration): New procedure.
(dconf-profile->profile-file): Likewise.
(dconf-profile->db-keyfile): Likewise.
(dconf-profile->db-keyfile-dir): Likewise.
(dconf-profile->db): Likewise.
(dconf-profile->files): Likewise.
(dconf-service-type): New service type.
* gnu/services/xorg.scm (<gdm-configuration>)[xdmcp?]: New field.
* gnu/services/xorg.scm (gdm-configuration-file): Use it. Use (ice-9 format)
to serialize boolean.
(gdm-polkit-rules): New variable.
(gdm-service-type): Use it to extend polkit.
* doc/guix.texi (X Window): Document it.
* gnu/services/networking.scm (dhcp-client-configuration): New record
configuration.
(dhcp-client-shepherd-service): Implement a shepher service. Provide a
deprication message for legacy configurations.
(dhcp-client-service-type): Use dhcp-client-shepherd-service.
* doc/guix.texi (Networking Setup): Update.
* po/guix/POTFILES.in: Add 'gnu/services/networking.scm'.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/web.scm (anonip-shepherd-service)[start]: Accept zero
arguments. Define 'spawn'. Print a message and return #f when #$INPUT
does not denote a FIFO.
When trying to run certbot, the mcron command fails, as
/etc/letsencrypt/live is missing. This patch adds it into the certbot
activation service.
* gnu/services/certbot.scm (certbot-activation): Make /etc/letsencrypt/live.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This gets rid of that (in)famous at boot time:
error in finalization thread: Success
This was caused by the file-descriptor closing loop, which would clause
the finalization pipe, leading the finalization thread to (erroneously)
error out.
Thanks to Josselin Poiret for locating the problem!
* gnu/services/shepherd.scm (shepherd-boot-gexp): In 'loop', replace
'close-fdes' with a pair of 'fcntl' calls to add FD_CLOEXEC.
An empty root or index field is an error in nginx.
* gnu/services/web.scm (emit-nginx-server-config): Don't emit root or
index fields when they are empty
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/44944>.
* gnu/services/xorg.scm (%gdm-activation): Delete variable.
(gdm-service-type): De-register it.
* gnu/services/desktop.scm (%gdm-file-system): New variable.
(gdm-file-system-service): Likewise.
(desktop-services-for-system): Use it.
This a followup to 59ee837d8b, which changed the
default value of the HandleLidSwitchExternalPower to the empty string.
Unfortunately this causes elogind to print a warning (although it otherwise
works as intended). This change fixes that.
* gnu/services/desktop.scm (elogind-configuration-file)<handle-action>: Let
the unspecified value go through.
<ini-file-clause>: When an unspecified file is encountered, do not produce any
text to serialize.
Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit
1ba0e38267 whereby files opened by, say,
the 'start' method of 'urandom-seed', could leak into the execution
environment of some other service--e.g., 'term-tty4'.
* gnu/services/shepherd.scm (shepherd-configuration-file)[config]:
Override 'call-with-input-file' and 'call-with-output-file'.
Reported by zamfofex.
Regression introduced in 2bac6ea177.
* gnu/services/virtualization.scm (secret-service-operating-system):
Add 'inherit' keyword for 'guix-configuration'.
Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.
* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
* gnu/services/web.scm (<nginx-configuration>)[shepherd-requirement]:
New field.
(nginx-shepherd-service): Honor it.
* doc/guix.texi (Web Services): Document it.
This is the documented default of UPower 0.99.15 (the actual default
appears to be #f though).
* gnu/services/desktop.scm (<upower-configuration>)
[use-percentage-for-policy?]: Default to #t.
* doc/guix.texi (Desktop Services): Adjust accordingly. Explain the
tradeoff.
These values are those used by default by UPower 0.99.15.
* gnu/services/desktop.scm (<upower-configuration>)[percentage-low]
[percentage-critical]: Increase.
* doc/guix.texi (Desktop Services): Update accordingly.
* gnu/services/security.scm: Wrong condition in string-filter
function in fail2ban-jail-configuration-serialize-field-name.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Fixes https://issues.guix.gnu.org/56444
* gnu/services/version-control.scm (gitolite-activation): Modify permissions
on home directory so that git group has read access.
Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>
Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
* gnu/services/lightdm.scm: New service.
* tests/services/lightdm.scm: Test it.
* doc/guix.texi (X Window): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.
Co-authored-by: L p R n d n <guix@lprndn.info>
Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
* gnu/services/base.scm (<greetd-configuration>)
[greeter-supplementary-groups]: New field.
(%greetd-accounts): Rename to...
(greetd-accounts): ... this. Convert to a function that takes a config
argument. Use greeter-supplementary-groups.
(greetd-service-type): Adjust accordingly.
* gnu/tests/desktop.scm (%minimal-services): Add test for
greeter-supplementary-groups.
* doc/guix.texi ("Base Services")[greetd-service-type]: Document
greeter-supplementary-groups.
* gnu/services/desktop.scm (seatd-group-sanitizer): New variable.
(<seatd-configuration>)[user]: Removed field.
[group]: Changed to "seat". Sanitize via seatd-group-sanitizer.
(seatd-accounts): New variable.
(seatd-environment): Adjust to <seatd-configuration> ABI.
(seatd-service-type)[extensions]: Add account-service-type with seatd-accounts.
* gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct
ownership of $SEATD_SOCK.
* doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users
may need to become members of the "seat" group.
Update default value for group field.
Add explanation on seatd.sock file.
Remove dropped user field.
The new value of %unset-value sticks out more when something goes wrong, and
is also more unique; i.e. easier to search for.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (%unset-value): New variable.
(normalize-field-type+def): Use it.
(maybe-value-unset?): Use it.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (maybe-value-set?): New procedure.
* doc/guix.texi (Complex Configurations): Document it. Remove comment showing
usage of 'maybe-string' with a default value, which doesn't make sense.
Co-authored-by: Attila Lendvai <attila@lendvai.name>
Fixes <https://issues.guix.gnu.org/57052>, which was a behavior change
introduced inadvertently in 4c698cd512.
* gnu/services/desktop.scm (<elogind-configuration>)
[handle-lid-switch-external-power]: Default to *unspecified*, which serializes
to nothing. This matches upstream behavior, meaning that even when plugged to
a power cord, a laptop will suspend when the lid is closed.
* doc/guix.texi (Desktop Services): Update doc.
Reported-by: Cairn <cairn@pm.me>
Fix the check for empty device path. Do not use --daemonize, since that is
handled by make-forkexec-constructor. Drop the --pidfile option which is
unused without --daemonize.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify
command arguments.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/56799>.
This partially reverts 8cb1a49a39.
Rationale: *unspecified* cannot be serialized thus used as a G-Expression
input, which is problematic/inconvenient when using deeply nested records. As
an example, jami-service-type was broken when using partially defined
<jami-account> records.
* gnu/services/configuration.scm (define-maybe-helper): Check against the
'unset symbol.
(normalize-field-type+def): Adjust value to 'unset.
(define-configuration-helper): Use 'unset as the default value thunk.
* gnu/services/file-sharing.scm (serialize-maybe-string): Check against the
'unset symbol.
(serialize-maybe-file-object): Likewise.
* gnu/services/messaging.scm (define-all-configurations): Use 'unset as
value.
(raw-content?): Check against 'unset symbol.
(prosody-configuration)[http-max-content-size]: Default to 'unset.
[http-external-url]: Likewise.
[mod-muc]: Likewise.
[raw-content]: Likewise.
* gnu/services/networking.scm (opendht-configuration): Adjust documentation.
* gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined*
with the 'unset symbol.
* tests/services/configuration.scm ("maybe type, no default"): Check against
the 'unset symbol.
* doc/guix.texi: Regenerate the opendht-configuration,
openvpn-client-configuration and openvpn-server-configuration documentation.
This is a patch that fixes "<executable name>: this program must be setgid smtpq".
* gnu/services/mail.scm (<opensmtpd-configuration>)[setgid-commands?]: New field.
(opensmtpd-set-gids): New procedure.
(opensmtpd-service-type)[extensions]: Add SETUID-PROGRAM-SERVICE-TYPE extension.
* doc/guix.texi (Mail Services): Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The default "rotate" value is 1 as of rottlog 0.72.2, meaning that only
one rotated file would be kept in addition to the active file.
* gnu/services/admin.scm (%default-rotations): Add "rotate" option for
%ROTATED-FILES.
The service uses syslog and additionally shepherd 0.9 captures its
stdout/stderr, so there's no point in passing #:log-file.
* gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file
argument to 'make-forkexec-constructor'.
(%tor-log-rotation): Remove.
(tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
Since revision 32, guix-data-service starts immediately but returns an HTTP
error code until initialization is complete. Adjust the test accordingly, and
remove the increased startup time limit.
* gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout.
* gnu/tests/guix.scm (guix-data-service): Retry the http-get test several
times to give the service time to initialize.
Signed-off-by: Christopher Baines <mail@cbaines.net>
The previous approach didn't support a simple alist.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix
passing parallel-hooks in to the start gexp.
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
I'm looking at this as I'd like to use the keepalive functionality.
* gnu/services/web.scm (nginx-upstream-configuration-extra-content): New
procedure.
(emit-nginx-upstream-config): Include the extra-content if applicable.
* doc/guix.texi (NGINX): Document this.
* gnu/services/guix.scm (guix-build-coordinator-configuration-parallel-hooks):
New procedure.
(make-guix-build-coordinator-start-script): Accept and use #:parallel-hooks.
(guix-build-coordinator-shepherd-services): Pass parallel-hooks to
make-guix-build-coordinator-start-script.
* doc/guix.texi (Guix Build Coordinator): Document this new field.
Now that configuration records use the 'sanitize' property for each
field, 'validate-configuration' has become useless because it's
impossible to construct an invalid configuration record.
* gnu/services/configuration.scm (validate-configuration): Remove.
* gnu/services/mail.scm (dovecot-service): Remove call.
* gnu/services/vpn.scm (openvpn-client-service)
(openvpn-server-service): Likewise.
* doc/guix.texi (Complex Configurations): Remove documentation.
Previously field type errors would be reported in a non-standard way,
and without any source location information. This fixes it.
* gnu/services/configuration.scm (configuration-field-error): Add a
'loc' parameter and honor it. Use 'formatted-message' instead of plain
'format'.
(define-configuration-helper)[field-sanitizer]: New procedure.
Use it. Use STEM as the identifier of the syntactic constructor of the
record type. Add a 'sanitize' property to each field. Remove now
useless STEM macro that would call 'validate-configuration'.
* gnu/services/mail.scm (serialize-listener-configuration): Adjust to
new 'configuration-field-error' prototype.
* tests/services/configuration.scm ("wrong type for a field"): New test.
* po/guix/POTFILES.in: Add gnu/services/configuration.scm.
Until now the 'stop' method would return #t, which shepherd would
interpret as "services could not be stopped".
* gnu/services/vpn.scm (wireguard-shepherd-service): Have 'stop' return #f.
* gnu/services/desktop.scm (seatd-service-type): New variable
* gnu/services/desktop.scm (seatd-configuration): New data type
Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
* gnu/services/base.scm (greetd-service-type): New variable
* gnu/services/base.scm (greetd-configuration): New data type
* gnu/services/base.scm (greetd-terminal-configuration): New data type
* gnu/services/base.scm (greetd-agreety-session): New data type
* gnu/services/base.scm (pam-limits-service-type): Should be aware of
greetd PAM service
* gnu/services/pam-mount.scm (pam-mount-pam-service): Should be aware
of greetd PAM service
Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
Use *unspecified* as a marker for field values that have not been set.
Rationale: 'disabled may easily clash with user values for boolean fields, is
confusing (i.e. its meaning is *not* boolean false, but unspecified) and it
also passes silently through the symbol? predicate of a field of type symbol.
* gnu/services/configuration.scm (configuration-missing-default-value):
Renamed from configuration-no-default-value.
(define-maybe-helper): Use *unspecified* instead of 'disabled, and make
the default value optional.
* gnu/home/services/desktop.scm (home-redshift-configuration):
Change (maybe-xyz 'disabled) to maybe-xyz.
* gnu/services/authentication.scm (nslcd-configuration): Likewise.
* gnu/services/cgit.scm (repository-cgit-configuration): Likewise.
* gnu/services/file-sharing.scm (serialize-maybe-string)
(serialize-maybe-file-object): Use 'unspecified?' instead of (eq? val
'disabled).
* gnu/services/messaging.scm (raw-content?): Likewise.
(ssl-configuration): Change (maybe-xyz 'disabled) to maybe-xyz.
(prosody-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration):
Likewise.
* gnu/services/messaging.scm (define-all-configurations):
Use *unspecified* instead of 'disabled'.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-account): Likewise.
(jami-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
* tests/services/configuration.scm ("maybe type, no default")
("maybe type, with default"): New tests.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
As opposed to explicitly using 'disabled as value, or using the
(field1 (maybe-number) "") format.
It's mostly the work of Maxime Devos shared under #54674, with some
modifications by Attila Lendvai.
* gnu/services/configuration.scm (normalize-field-type+def): New function.
(define-configuration-helper) (define-configuration): Support new field
format.
* tests/services/configuration.scm (config-with-maybe-number->string): New
function.
("maybe value serialization of the instance"): New test.
("maybe value serialization of the instance, unspecified"): New test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/dbus.scm (<dbus-configuration>)[verbose?]: New field.
(dbus-shepherd-service): Use it.
(dbus-service)[verbose?]: Add argument and update doc.
* doc/guix.texi (Desktop Services): Document it.
Fixes <https://issues.guix.gnu.org/54783>.
* gnu/services/linux.scm (zram-device-configuration)
[priority]: Adapt to use #f or an integer from 0 to 32767. Add sanitizer to
warn for the change and delay the field.
(zram-device-configuration->udev-string): Adapt as above.
* doc/guix.texi (Zram Device Service): Remove double copyright line.
Change priority description to refer to the Swap Space one, and suggest not
leaving the default #f on to properly use zram.
Reported-by: Stefan Baums <baums@stefanbaums.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This partially fixes <https://issues.guix.gnu.org/54786>, allowing the 'jami'
and 'jami-provisioning' system tests to pass again.
In version 0.9.0, Shepherd constructors are now run concurrently, via
cooperative scheduling (Guile Fibers). The Jami service previously relied on
blocking sleeps while polling for D-Bus services to become ready after forking
a process; this wouldn't work anymore since while blocking the service process
wouldn't be given the chance to finish starting. The new reliance on Fibers
in Shepherd's fork+exec-command in the helper 'send-dbus' procedure also meant
that it wouldn't work outside of Shepherd anymore. Finally, the
'start-service' Shepherd procedure used in the test suite would cause the Jami
daemon to be spawned multiple times (a bug introduced in Shepherd 0.9.0).
To fix/simplify these problems, this change does the following:
1. Use the Guile AC/D-Bus library for D-Bus communication, which simplify
things, such as avoiding the need to fork 'dbus-send' processes.
2. The non-blocking 'sleep' version of Fiber is used for the 'with-retries'
waiting syntax.
3. A 'dbus' package variant is used to adjust the session bus configuration,
tailoring it for the use case at hand.
4. Avoid start-service in the tests, preferring 'jami-service-available?' for
now.
* gnu/build/jami-service.scm (parse-dbus-reply, strip-quotes)
(deserialize-item, serialize-boolean, dbus-dict->alist)
(dbus-array->list, parse-account-ids, parse-account-details)
(parse-contacts): Delete procedures.
(%send-dbus-binary, %send-dbus-bus, %send-dbus-user, %send-dbus-group)
(%send-dbus-debug): Delete parameters.
(jami-service-running?): New procedure.
(send-dbus/configuration-manager): Rename to...
(call-configuration-manager-method): ... this. Turn METHOD into a positional
argument. Turn ARGUMENTS into an optional argument. Invoke
`call-dbus-method' instead of `send-dbus', adjusting callers accordingly.
(get-account-ids, id->account-details, id->account-details)
(id->volatile-account-details, username->id, add-account remove-account)
(username->contacts, remove-contact, add-contact, set-account-details)
(set-all-moderators, username->all-moderators?, username->moderators)
(set-moderator): Adjust accordingly.
(with-retries, send-dbus, dbus-available-services)
(dbus-service-available?): Move to ...
* gnu/build/dbus-service.scm: ... this new module.
(send-dbus): Rewrite to use the Guile AC/D-Bus library.
(%dbus-query-timeout, sleep*): New variables.
(%current-dbus-connection): New parameter.
(initialize-dbus-connection!, argument->signature-type)
(call-dbus-method): New procedures.
(dbus-available-services): Adjust accordingly.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register new module.
* gnu/packages/glib.scm (dbus-for-jami): New variable.
* gnu/services/telephony.scm: (jami-configuration)[dbus]: Default to
dbus-for-jami.
(jami-dbus-session-activation): Write a D-Bus daemon configuration file at
'/var/run/jami/session-local.conf'.
(jami-shepherd-services): Add the closure of guile-ac-d-bus and guile-fibers
as extensions. Adjust imported modules. Remove no longer used parameters.
<jami-dbus-session>: Use a PID file, avoiding the need for the manual
synchronization.
<jami>: Set DBUS_SESSION_BUS_ADDRESS environment variable. Poll using
'jami-service-available?' instead of 'dbus-service-available?'.
* gnu/tests/telephony.scm (run-jami-test): Add needed Guile extensions. Set
DBUS_SESSION_BUS_ADDRESS environment variable. Adjust all tests to use
'jami-service-available?' to determine if the service is started rather than
the now problematic Shepherd's 'start-service'.
Fixes <https://issues.guix.gnu.org/55707>.
Previously Inetutils' syslogd would call 'fsync' after each line written
to a file. This would significantly increase boot times on machines
with slow-ish spinning HDDs, where each 'fsync' call would take between
0.1s and 0.4s (and we'd do two of them for each line, one for
/var/log/messages and one for /var/log/debug).
* gnu/services/base.scm (%default-syslog.conf): Add a '-' before each
file name, except /var/log/secure. Change what goes to /var/log/debug.
The guix-data-service system test fails on a slower machine with a one-minute
time limit.
* gnu/services/guix.scm (guix-data-service): Double the #:pid-file-timeout.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/messaging.scm (bitlbee-shepherd-service): In the
'make-inetd-constructor' case, set GUIX_LOCPATH and LC_ALL. In the
'least-authority-wrapper' call, preserve GUIX_LOCPATH and LC_ALL, and
map /run/current-system/locale.
Fixes <https://issues.guix.gnu.org/55444>.
Previously shepherd and dbus-daemon would race to start elogind. In
some cases (for instance if one logs in quickly enough on the tty),
dbus-daemon would "win" and start elogind before shepherd has had a
chance to do it. Consequently, shepherd would fail to start elogind and
mark it as stopped and disabled, in turn preventing services that depend
on it such as 'xorg-server' from starting.
* gnu/services/desktop.scm (elogind-dbus-service): Rewrite to refer to a
wrapper that waits for the 'elogind' Shepherd service.
Fixes a bug introduced in 1f29ed4a81,
whereby 'authorized-key-directory' would end up creating empty files for
authorized keys passed as an extension.
See <https://issues.guix.gnu.org/55359>.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): Call
'alist->vhash' on the alist resulting from the 'append' call.
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-53.3de63f1.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id):
New procedure.
(guix-build-coordinator-queue-builds-shepherd-services): Use the guix-data-service-build-server-id.
* doc/guix.texi (Guix Build Coordinator): Document the new queue builds
configuration field.
This adds a simple log rotation extension to every networking service that
specifies a #:log-file in its Shepherd service, which should prevent some logs
from accumulating indefinitely.
* gnu/services/networking.scm (%ntp-log-rotation): New variable.
(ntp-service-type): Extend 'rottlog-service-type'.
(openntpd-shepherd-service): Change #:log-file argument to "/var/log/ntpd.log".
(openntpd-service-type): Extend 'rottlog-service-type'.
(%tor-log-rotation): New variable.
(tor-service-type): Extend 'rottlog-service-type'.
(%connman-log-rotation): New variable.
(connman-service-type): Extend 'rottlog-service-type'.
(%hostapd-log-rotation): New variable.
(hostapd-service-type): Extend 'rottlog-service-type'.
(%pagekite-log-rotation): New variable.
(pagekite-service-type): Extend 'rottlog-service-type'.
(%yggdrasil-log-rotation): New variable.
(yggdrasil-service-type): Extend 'rottlog-service-type'.
(%ipfs-log-rotation): New variable.
(ipfs-service-type): Extend 'rottlog-service-type'.
(%keepalived-log-rotation): New variable.
(keepalived-service-type): Extend 'rottlog-service-type'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/55335>.
Reported by Christopher Baines <mail@cbaines.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable.
<start>: Use it. When using 'make-inetd-constructor', pass a list of
endpoints as is possible with the Shepherd 0.9.1.
<stop>: Adjust accordingly.
* gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to...
["wait for port 22, IPv4"]: ... this.
["wait for port 22, IPv6"]: New test.
Fixes <https://issues.guix.gnu.org/55450>.
Fixes a bug introduced in 211fe3f66e
whereby the inetd-spawned process would run as root (it would still run
in a separate user namespace, with UID 1000 inside of it, but had the
authority of root).
* gnu/services/messaging.scm (bitlbee-shepherd-service): Pass #:user
and #:group to 'make-inetd-constructor'. Remove "-u bitlbee" argument
to BITLBEE*.
Previously, in the absence of extensions of 'pipefs-service-type', we'd
get a wrong-type-arg exception while folding services:
In gnu/services/nfs.scm:
134:37 1 (_ #<<pipefs-configuration> mount-point: "/var/lib/nfs…> …)
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
In procedure car: Wrong type argument in position 1 (expecting pair): ()
* gnu/services/nfs.scm (pipefs-service-type)[extend]: Gracefully handle
the case where VALUES is the empty list, as done in 'gss-service-type'.
This is a followup to b06ecc5751,
211fe3f66e, and
fd57ce267c.
* gnu/services/base.scm (guix-publish-shepherd-service): Change 'stop'
method to use 'make-systemd-destructor' when 'make-systemd-constructor'
is used.
* gnu/services/dict.scm (dicod-shepherd-service): Change 'stop' method
to use 'make-inetd-destructor' when 'make-inetd-constructor' is used.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
Fixes a regression introduced in
211fe3f66e whereby, in inetd mode, and
when using 'bitlbee-purple', libpurple plugins would not be found.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Pass
#:preserved-environment-variables to 'least-authority-wrapper'.
* gnu/services/networking.scm (opendht-configuration->command-line-arguments):
Use 'least-authority-wrapper'.
(opendht-shepherd-service): Use 'make-forkexec-constructor'.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Add call to
'least-authority-wrapper'. In 'start' method, use
'make-inetd-constructor' when available.
* gnu/tests/messaging.scm (run-bitlbee-test)["valid PID"]: Remove test.
* gnu/services/dict.scm (dicod-shepherd-service): Rewrite using
'least-authority-wrapper' plus 'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
* gnu/services/databases.scm (postgresql-service-type)[description]: New field.
(memcached-service-type)[description]: New field.
(mysql-service-type)[description]: New field.
(redis-service-type)[description]: New field.
* gnu/services/desktop.scm (geoclue-service-type)[description]: New
field.
(udisks-service-type)[description]: New field.
(elogind-service-type)[description]: New field.
(account-service-type)[description]: New field.
* gnu/services/kerberos.scm (krb5-service-type)[description]: New field.
(pam-krb5-service-type)[description]: New field.
* gnu/services/lirc.scm (lirc-service-type)[description]: New field.
* gnu/services/mail.scm (dovecot-service-type)[description]: New field.
(opensmtpd-service-type)[description]: New field.
(mail-aliases-service-type)[description]: New field.
(exim-service-type)[description]: New field.
* gnu/services/monitoring.scm (zabbix-server-service-type)[description]:
New field.
(zabbix-agent-service-type)[description]: New field.
* gnu/services/nfs.scm (rpcbind-service-type)[description]: New field.
(pipefs-service-type)[description]: New field.
(gss-service-type)[description]: New field.
(idmap-service-type)[description]: New field.
* gnu/services/spice.scm (spice-vdagent-service-type)[description]: New field.
* gnu/services/sysctl.scm (sysctl-service-type)[description]: New field.
* gnu/services/virtualization.scm (libvirt-service-type)[description]:
New field.
(virtlog-service-type)[description]: New field.
* gnu/services/vpn.scm (openvpn-server-service-type)[description]: New field.
(openvpn-client-service-type)[description]: New field.
(wireguard-service-type)[description]: New field.
* gnu/services/web.scm (httpd-service-type)[description]: New field.
(fcgiwrap-service-type)[description]: New field.
(agate-service-type)[description]: New field.
[name]: Fix.
* gnu/services/guix.scm (nar-herder-configuration-log-level): New procedure.
(nar-herder-shepherd-services): Pass the log-level to the nar-herder process.
* doc/guix.texi (Nar Herder): Document configuring the log-level.
Fixes <https://issues.guix.gnu.org/54812>.
Starting with Shepherd 0.9.0 and the use of 'make-inetd-constructor' in
commit 808b9e8504, systems might be
running transient Shepherd services such as those corresponding to SSH
connections. Before this change, 'shepherd-service-upgrade' would have
those transient services in the list of services to unload; concretely,
that would lead all SSH connections to be closed upon 'guix system
reconfigure'.
* gnu/services/shepherd.scm (shepherd-service-upgrade): Remove transient
services to TO-UNLOAD.
* gnu/services/herd.scm (<live-service>)[transient?]: New field.
(current-services): Check the value of 'transient?'. Call
'resolve-transients'.
(resolve-transients): New procedure.
* gnu/services/ssh.scm (openssh-shepherd-service): Use
'make-inetd-constructor' when it is defined.
(<openssh-configuration>)[max-connections]: New field.
* gnu/tests/ssh.scm (run-ssh-test)["sshd PID"]: Adjust to cope with
PID-FILE being #f.
* gnu/tests/ssh.scm (%test-openssh): Pass #f as the 'pid-file'
argument.
* doc/guix.texi (Networking Services): Document 'max-connections'.
* gnu/services/shepherd.scm (scm->go): Define 'shepherd&co' and pass it
to 'with-extensions'.
(shepherd-configuration-file): Call 'start-in-the-background' when it is
defined.
(<shepherd-configuration>)[shepherd]: Default to SHEPHERD-0.9.
* gnu/system.scm (hurd-default-essential-services): Use SHEPHERD-0.8.
* gnu/services/admin.scm (<log-cleanup-configuration>): New record
type.
(log-cleanup-program, log-cleanup-mcron-jobs): New procedures.
(log-cleanup-service-type): New variable.
* doc/guix.texi (Log Rotation): Document it.
Fixes <https://issues.guix.gnu.org/35450>.
This driver isn't intended to be installed by default as it takes
precedence over the recommended xf86-input-libinput.
* gnu/services/xorg.scm (%default-xorg-modules): Remove
xf86-input-synaptics.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/services/telephony.scm (murmur-activation):
(murmur-shepherd-service): Change file name of mumble server, which is
now called mumble-server instead of murmurd since version 1.4.x.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/pm.scm (<thermald-configuration>): Add 'adaptive?' field.
(thermald-shepherd-service): Use it to pass --adaptive to thermald.
* doc/guix.texi (Power Management Services): Document the 'adaptive?' field of
'thermald-configuration'.
This reverts commit 0a9e82b430, which didn't end
up fixing anything. The problem was elsewhere; namely, using
'operating-system-services' instead of 'operating-system-user-services'.
Attempting to use the 'nfs-service-type' as part of a computed
operating-system definition, the following exception would be thrown:
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
ERROR:
1. &ambiguous-target-service-error:
service: #<<service> type: #<service-type rpcbind 7f7529853780> value: #<<rpcbind-configuration> rpcbind: #<package rpcbind@1.2.6 gnu/packages/onc-rpc.scm:87 7f75389e78f0> warm-start?: #t>>
target-type: #<service-type shepherd-root 7f7529396080>
2. &message: "more than one target service of type 'shepherd-root'"
The problem was that the rpcbind shepherd-service object was dynamically
instantiated every time the rpcbind-service-type would be called, causing
multiple objects in some situations, resulting in the above condition.
* gnu/services/nfs.scm (rpcbind-service-type): Refactor and adjust in a way to
extract...
(rpcbind-shepherd-service): ... this new procedure.
The justification about the order of activation snippets given in the
comment had been obsolete since
39e3b4b7ce.
Lately, running the activation snippets for "ssh-keygen -A" and "guix
archive --generate-key" would take a little bit too long, thereby
preventing the childhurd from starting on time.
* gnu/services/virtualization.scm (secret-service-operating-system):
Clear 'generate-host-keys?' and 'generate-substitute-key?'.
* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]:
New field.
(openssh-activation): Honor it.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/base.scm (<guix-configuration>)[generate-substitute-key?]:
New field.
(guix-activation): Honor it.
* doc/guix.texi (Base Services): Document it.
* gnu/services/sound.scm (pulseaudio-environment)
[PULSE_CONFIG, PULSE_CLIENTCONFIG]: Use fixed locations, and move logic to...
(pulseaudio-etc): ... this service extension. Guard against producing empty
files.
Fixes <https://issues.guix.gnu.org/47681>.
This change adjusts the location of the udev configuration file and rules
directory to a fixed location. Since udev relies on inotify to discover
change to its rules directory (/etc/udev/rules.d), by using a fixed directory
layout, new udev rules can be automatically picked up without restarting the
service.
* gnu/services/base.scm (udev-rules-union): Build rules output directly
in #$output.
(udev-shepherd-service)[start]: Adjust the UDEV_CONFIG_FILE and
EUDEV_RULES_DIRECTORY environment variables.
[actions]: Remove field. The 'rules' action is no longer useful.
(udev.conf): New variable.
(udev-etc): New procedure.
(udev-service-type): Extend the etc-service-type with it.
This is a follow-up to 488f1c589df; the problem had re-appeared on my machine.
* gnu/services/dbus.scm (dbus-configuration-directory): Increase
'auth_timeout' value from 60000 to 300000 ms (5 minutes).
Previously, by accessing the raw <qemu-guest-agent-configuration>
fields, 'qemu' would match the first field, which is the '%location'
field, not the 'qemu' field.
It would seem this bug has always been present since the addition of the
'location' field in d132d9f96b predates
the addition of 'qemu-guest-agent-service-type' in
f634a0baab.
Fixes <https://issues.guix.gnu.org/54041>.
Reported by Ricardo Wurmus <rekado@elephly.net>.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service):
Use accessors for <qemu-guest-agent-configuration>.
This ensures the services does not start before mounts are up.
Reported by rekado on #guix.
* gnu/services/monitoring.scm (zabbix-server-shepherd-service,
zabbix-agent-shepherd-service)[requirement]: New field.
* doc/guix.texi (Monitoring Services): Document the various 'zabbix-*' service
types, and expand description of all Zabbix services. Use less marketing terms.
(Web Services): Add subsubheading for PHP-FPM, and anchors for
cross-referencing.
* gnu/services/monitoring.scm (zabbix-front-end-configuration): Use @ref
instead of @pxref for cross-referencing.
This is a follow-up to 326e08bf0f, et.al.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Rename
to ...
(%zabbix-front-end-configuration-nginx): ... this.
(zabbix-front-end-nginx-extension): Adjust accordingly.
Commit e301f1a8ed removed the NGINX argument
entirely, but users may rely on and override it. Reported by rekado on #guix.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Restore
exported variable.
(zabbix-front-end-nginx-extension): New procedure.
(zabbix-front-end-configuration): Remove FASTCGI-PARAMS field. Restore NGINX
field, but default to the empty list.
(zabbix-front-end-service-type): Extend NGINX-SERVICE-TYPE by
ZABBIX-FRONT-END-NGINX-EXTENSION.
* doc/guix.texi (Monitoring Services): Regenerate documentation.
* gnu/services/guix.scm (<nar-herder-configuration>): Add ttl and negative-ttl
fields.
(nar-herder-shepherd-services): Pass the ttl and negative-ttl values to the
service.
* doc/guix.texi (Guix Services): Document this.
This resolves some warnings with Django 3.2.
This was added by upstream to the base settings
43e5c4a0ac
* gnu/services/web.scm (patchwork-settings-module-compiler): Specify
DEFAULT_AUTO_FIELD in the settings module.
PulseAudio provides udev rules used to adjust the configuration of certain
hardware (e.g., sound cards); ensure they get used.
* gnu/services/sound.scm (pulseaudio-service-type): Extend the
udev-service-type with the pulseaudio package.
This makes it possible to do e.g. (include-files (list (local-file "foo.conf"))).
* gnu/services/monitoring.scm (serialize-field, serialize-list,
serialize-include-files, serialize-extra-options): Rewrite as gexps.
(zabbix-server-config-file, zabbix-agent-config-file): Simplify builders by
using FORMAT.
* gnu/services/monitoring.scm (zabbix-server-runtime-control-procedure,
zabbix-server-actions): New variables.
(zabbix-server-shepherd-service)[actions]: New field. Let-bind variables
common between actions and the start procedure.
This is a follow-up to commit 078f5bfae7.
* gnu/services/monitoring.scm (zabbix-front-end-config): When DB-PASSWORD is
set, enclose the password with quotes in the configuration file.
I noticed that pam_mount mounts work fine when loging into a textual
session, but not when using sddm. This patch fixes this problem by
ensuring that pam_mount.so is included in /etc/pam.d/sddm config file.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Add sddm to the list of
pam services.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
* gnu/services/telephony.scm (jami-configuration)[jamid]: Rename libring to
libjami.
* gnu/services/telephony.scm
(jami-configuration->command-line-arguments): Adjust daemon file name.
* gnu/services/telephony.scm (jami-service-type): Adjust doc.
* gnu/tests/telephony.scm (run-jami-test): Check for 'jamid' process, not
'dring'.
* doc/guix.texi (Telephony Services): Adjust doc for the jami-qt to jami and
libring to libjami packages renaming.
Earlier, the bind-rpc field of <laminar-configuration> was not used at
all. This was a bug.
* gnu/services/ci.scm (laminar-shepherd-service): Use bind-rpc to set
LAMINAR_BIND_RPC environment variable.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
Use target-x86-64? from (guix utils) to decide if the system is an x86_64
system instead of comparing the strings ourselves.
Previously, we would get a fishy 127.0.0.1/0 interface:
$ ip a show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.0.1/0 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
With this change, we get nothing but the "/8" version:
$ ip a show dev lo
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
Reported by Yann Dupont <Yann.Dupont@univ-nantes.fr>.
* gnu/services/base.scm (assert-valid-address): Remove special cases for
127.0.0.1 and ::1.
(%loopback-static-networking): Add "/8".
This is a follow-up to 49599fab56.
Fixes: <https://issues.guix.gnu.org/52908>.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
When the current system or target system begins with the string "x86_64", use
gdm-service-type as before; otherwise, use sddm-service-type.
* gnu/system/examples/vm-image.tmpl (services): Add sddm-service-type to the
list of service types to remove.
Fixes: <https://issues.guix.gnu.org/32166>.
* gnu/services/desktop.scm (gnome-packages, gnome-udev-rules): New procedures.
(gnome-polkit-settings): Use the gnome-packages procedure.
(gnome-desktop-service-type): Add an udev service extension.
This avoids issues where the coordinator component dependencies (like sqitch
and guile-fibers) make it harder to use the agent.
* gnu/packages/package-management.scm (guix-build-coordinator/agent-only): New
variable.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): Use
the guix-build-coordinator/agent-only package by default.
* doc/guix.texi (Guix Services): Update accordingly.
Fixes <https://issues.guix.gnu.org/issue/52051>.
* gnu/services/dbus.scm (dbus-configuration-directory): Set a 60 second
authentication timeout in the D-Bus configuration.
Until now the rsync service would export a single module, named
"files". This allows users to specify as many modules as they want, in
line with rsyncd.conf(5).
* gnu/services/rsync.scm (warn-share-field-deprecation): New procedure.
(<rsync-configuration>)[modules]: New field.
[share-path, share-comment, read-only?, timeout]: Mark as deprecated.
(<rsync-module>): New record type.
(%default-modules): New variable.
(rsync-configuration-modules): New procedure.
(rsync-activation): Create the directory of each module.
(rsync-config-file): Generate configuration for each module.
(rsync-service-type)[description]: New field.
* doc/guix.texi (Networking Services): Adjust documentation. Augment
example.
This makes sure users do not mistakenly configuring a network with "/0"
as its netmask.
* gnu/services/base.scm (assert-valid-address): New procedure.
(<network-address>)[value]: Add it as 'sanitize'.
* gnu/services/base.scm (%loopback-static-networking): New variable.
(%base-services): Use it.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* gnu/system/install.scm (%installation-services): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (%qemu-static-networking): New variable.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate. Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface. Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
* gnu/services/base.scm (static-networking-shepherd-service): Define
'set-up-via-ioctl', 'tear-down-via-ioctl', 'set-up-via-netlink',
'tear-down-via-netlink', and 'helpers' and use them in 'start' and
'stop'. Add (ip *) modules to 'modules'.
This works around the fact that Rust is currently unavailable in Guix on
platforms other than x86_64-linux:
https://lists.gnu.org/archive/html/guix-devel/2021-11/msg00197.html
* gnu/services/desktop.scm (desktop-services-for-system): New
procedure.
(%desktop-services): Turn into a macro.
* gnu/services/base.scm (swap-service-type): Use default flags (0) if
SWAP is not a new-style <swap-space> record.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/docker.scm (docker-configuration): Add the field
(docker-shepherd-service): Pass the list of defined variables to
make-forkexec-constructor.
* doc/guix.texi (Miscellaneous Services): Update doc.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/51487>
* gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Upstream raised these back in 2019 with CUPS 2.3.0.
* gnu/services/cups.scm (<cups-configuration>): Raise default
‘multiple-operation-timeout’ and ‘timeout’ from 300 to 900 seconds.
* doc/guix.texi (Printing Services): Adjust accordingly.