diff options
Diffstat (limited to 'gnu/services/base.scm')
| -rw-r--r-- | gnu/services/base.scm | 98 |
1 files changed, 50 insertions, 48 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index f278cb76de..6865d03f25 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -219,8 +219,6 @@ pam-limits-service-type pam-limits-service - references-file - %base-services)) ;;; Commentary: @@ -1399,23 +1397,24 @@ responsible for logging system messages."))) # level notice or higher and anything of level err or # higher to the console. # Don't log private authentication messages! - *.alert;auth.notice;authpriv.none /dev/console + *.alert;auth.notice;authpriv.none -/dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! - *.info;mail.none;authpriv.none /var/log/messages + *.info;mail.none;authpriv.none -/var/log/messages - # Like /var/log/messages, but also including \"debug\"-level logs. - *.debug;mail.none;authpriv.none /var/log/debug + # Log \"debug\"-level entries and nothing else. + *.=debug -/var/log/debug # Same, in a different place. - *.info;mail.none;authpriv.none /dev/tty12 + *.info;mail.none;authpriv.none -/dev/tty12 # The authpriv file has restricted access. + # 'fsync' the file after each line (hence the lack of a leading dash). authpriv.* /var/log/secure # Log all the mail messages in one place. - mail.* /var/log/maillog + mail.* -/var/log/maillog ")) (define* (syslog-service #:optional (config (syslog-configuration))) @@ -1440,7 +1439,8 @@ information on the configuration file syntax." (module "pam_limits.so") (arguments '("conf=/etc/security/limits.conf"))))) (if (member (pam-service-name pam) - '("login" "su" "slim" "gdm-password" "sddm")) + '("login" "su" "slim" "gdm-password" "sddm" + "sudo" "sshd")) (pam-service (inherit pam) (session (cons pam-limits @@ -1768,26 +1768,6 @@ proxy of 'guix-daemon'...~%") (substitute-key-authorization authorized-keys guix) #~#f)))) -(define* (references-file item #:optional (name "references")) - "Return a file that contains the list of references of ITEM." - (if (struct? item) ;lowerable object - (computed-file name - (with-extensions (list guile-gcrypt) ;for store-copy - (with-imported-modules (source-module-closure - '((guix build store-copy))) - #~(begin - (use-modules (guix build store-copy)) - - (call-with-output-file #$output - (lambda (port) - (write (map store-info-item - (call-with-input-file "graph" - read-reference-graph)) - port)))))) - #:options `(#:local-build? #f - #:references-graphs (("graph" ,item)))) - (plain-file name "()"))) - (define guix-service-type (service-type (name 'guix) @@ -1877,13 +1857,7 @@ raise a deprecation warning if the 'compression-level' field was used." (match-record config <guix-publish-configuration> (guix port host nar-path cache workers ttl negative-ttl cache-bypass-threshold advertise?) - (list (shepherd-service - (provision '(guix-publish)) - (requirement `(user-processes - guix-daemon - ,@(if advertise? '(avahi-daemon) '()))) - (start #~(make-forkexec-constructor - (list #$(file-append guix "/bin/guix") + (let ((command #~(list #$(file-append guix "/bin/guix") "publish" "-u" "guix-publish" "-p" #$(number->string port) #$@(config->compression-options config) @@ -1913,17 +1887,39 @@ raise a deprecation warning if the 'compression-level' field was used." "--cache-bypass-threshold=" (number->string cache-bypass-threshold))) - #~())) - - ;; Make sure we run in a UTF-8 locale so we can produce - ;; nars for packages that contain UTF-8 file names such - ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>. - #:environment-variables - (list (string-append "GUIX_LOCPATH=" - #$glibc-utf8-locales "/lib/locale") - "LC_ALL=en_US.utf8") - #:log-file "/var/log/guix-publish.log")) - (stop #~(make-kill-destructor)))))) + #~()))) + (options #~(#:environment-variables + ;; Make sure we run in a UTF-8 locale so we can produce + ;; nars for packages that contain UTF-8 file names such + ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>. + (list (string-append "GUIX_LOCPATH=" + #$glibc-utf8-locales "/lib/locale") + "LC_ALL=en_US.utf8") + #:log-file "/var/log/guix-publish.log")) + (endpoints #~(let ((ai (false-if-exception + (getaddrinfo #$host + #$(number->string port) + AI_NUMERICSERV)))) + (if (pair? ai) + (list (endpoint (addrinfo:addr (car ai)))) + '())))) + (list (shepherd-service + (provision '(guix-publish)) + (requirement `(user-processes + guix-daemon + ,@(if advertise? '(avahi-daemon) '()))) + + ;; Use lazy socket activation unless ADVERTISE? is true: in that + ;; case the process should start right away to advertise itself. + (start #~(if (and (defined? 'make-systemd-constructor) ;> 0.9.0? + #$(not advertise?)) + (make-systemd-constructor + #$command #$endpoints #$@options) + (make-forkexec-constructor #$command #$@options))) + (stop #~(if (and (defined? 'make-systemd-destructor) + #$(not advertise?)) + (make-systemd-destructor) + (make-kill-destructor)))))))) (define %guix-publish-accounts (list (user-group (name "guix-publish") (system? #t)) @@ -2197,7 +2193,8 @@ instance." (service-extension account-service-type account-extension) (service-extension - udev-service-type udev-extension)))))) + udev-service-type udev-extension))) + (description "This service adds udev rules.")))) (service type #f))) (define (swap-space->shepherd-service-name space) @@ -2817,6 +2814,11 @@ to handle." (service rottlog-service-type) + ;; Periodically delete old build logs. + (service log-cleanup-service-type + (log-cleanup-configuration + (directory "/var/log/guix/drvs"))) + ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is ;; used, so enable them by default. The FUSE and ALSA rules are ;; less critical, but handy. |