summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/authentication.scm2
-rw-r--r--gnu/services/base.scm65
-rw-r--r--gnu/services/databases.scm37
-rw-r--r--gnu/services/desktop.scm4
-rw-r--r--gnu/services/dns.scm168
-rw-r--r--gnu/services/kerberos.scm4
-rw-r--r--gnu/services/linux.scm199
-rw-r--r--gnu/services/pam-mount.scm2
8 files changed, 263 insertions, 218 deletions
diff --git a/gnu/services/authentication.scm b/gnu/services/authentication.scm
index f1ad1b1afe..fbfef2d3d0 100644
--- a/gnu/services/authentication.scm
+++ b/gnu/services/authentication.scm
@@ -504,7 +504,7 @@ password.")
(define (pam-ldap-pam-service config)
"Return a PAM service for LDAP authentication."
(define pam-ldap-module
- #~(string-append #$(nslcd-configuration-nss-pam-ldapd config)
+ (file-append (nslcd-configuration-nss-pam-ldapd config)
"/lib/security/pam_ldap.so"))
(pam-extension
(transformer
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 492cf8a693..b3f2d2e8b8 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1603,38 +1603,36 @@ information on the configuration file syntax."
(define pam-limits-service-type
(let ((pam-extension
- (pam-extension
- (transformer
- (lambda (pam)
- (let ((pam-limits (pam-entry
- (control "required")
- (module "pam_limits.so")
- (arguments
- '("conf=/etc/security/limits.conf")))))
- (if (member (pam-service-name pam)
- '("login" "greetd" "su" "slim" "gdm-password"
- "sddm" "sudo" "sshd" "lightdm"))
- (pam-service
- (inherit pam)
- (session (cons pam-limits
- (pam-service-session pam))))
- pam))))))
-
- ;; XXX: Using file-like objects is deprecated, use lists instead.
- ;; This is to be reduced into the list? case when the deprecated
- ;; code gets removed.
- ;; Create /etc/security containing the provided "limits.conf" file.
- (security-limits
+ (lambda (limits-file)
+ (pam-extension
+ (transformer
+ (lambda (pam)
+ (let ((pam-limits (pam-entry
+ (control "required")
+ (module "pam_limits.so")
+ (arguments
+ (list #~(string-append "conf=" #$limits-file))))))
+ (if (member (pam-service-name pam)
+ '("login" "greetd" "su" "slim" "gdm-password"
+ "sddm" "lightdm" "sudo" "sshd"))
+ (pam-service
+ (inherit pam)
+ (session (cons pam-limits
+ (pam-service-session pam))))
+ pam)))))))
+ (make-limits-file
(match-lambda
+ ;; XXX: Using file-like objects is deprecated, use lists instead.
+ ;; This is to be reduced into the list? case when the deprecated
+ ;; code gets removed.
((? file-like? obj)
(warning (G_ "Using file-like value for \
'pam-limits-service-type' is deprecated~%"))
- `(("security/limits.conf" ,obj)))
+ obj)
((? list? lst)
- `(("security/limits.conf"
- ,(plain-file "limits.conf"
- (string-join (map pam-limits-entry->string lst)
- "\n" 'suffix)))))
+ (plain-file "limits.conf"
+ (string-join (map pam-limits-entry->string lst)
+ "\n" 'suffix)))
(_ (raise
(formatted-message
(G_ "invalid input for 'pam-limits-service-type'~%")))))))
@@ -1642,13 +1640,12 @@ information on the configuration file syntax."
(service-type
(name 'limits)
(extensions
- (list (service-extension etc-service-type security-limits)
- (service-extension pam-root-service-type
- (lambda _ (list pam-extension)))))
+ (list (service-extension pam-root-service-type
+ (lambda (config)
+ (list (pam-extension (make-limits-file config)))))))
(description
- "Install the specified resource usage limits by populating
-@file{/etc/security/limits.conf} and using the @code{pam_limits}
-authentication module.")
+ "Use the @code{pam_limits} authentication module to set the specified
+resource usage limits.")
(default-value '()))))
(define-deprecated (pam-limits-service #:optional (limits '()))
@@ -3266,7 +3263,7 @@ to handle."
(define optional-pam-mount
(pam-entry
(control "optional")
- (module #~(string-append #$greetd-pam-mount "/lib/security/pam_mount.so"))
+ (module (file-append greetd-pam-mount "/lib/security/pam_mount.so"))
(arguments '("disable_interactive"))))
(list
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7148971c1d..d3fee2a8ef 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -180,17 +180,30 @@ host all all ::1/128 md5"))
(data-directory postgresql-configuration-data-directory
(default "/var/lib/postgresql/data"))
(extension-packages postgresql-configuration-extension-packages
- (default '())))
-
-(define %postgresql-accounts
- (list (user-group (name "postgres") (system? #t))
- (user-account
- (name "postgres")
- (group "postgres")
- (system? #t)
- (comment "PostgreSQL server user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
+ (default '()))
+ (create-account? postgresql-configuration-create-account?
+ (default #t))
+ (uid postgresql-configuration-uid
+ (default #f))
+ (gid postgresql-configuration-gid
+ (default #f)))
+
+(define (create-postgresql-account config)
+ (match-record config <postgresql-configuration>
+ (create-account? uid gid)
+ (if (not create-account?) '()
+ (list (user-group
+ (name "postgres")
+ (id gid)
+ (system? #t))
+ (user-account
+ (name "postgres")
+ (group "postgres")
+ (system? #t)
+ (uid uid)
+ (comment "PostgreSQL server user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))))
(define (final-postgresql postgresql extension-packages)
(if (null? extension-packages)
@@ -327,7 +340,7 @@ host all all ::1/128 md5"))
(service-extension activation-service-type
postgresql-activation)
(service-extension account-service-type
- (const %postgresql-accounts))
+ create-postgresql-account)
(service-extension
profile-service-type
(compose list postgresql-configuration-postgresql))))
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index ae3f90e96d..5b79fbcda1 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -1174,6 +1174,10 @@ started~%")
(string-append #$output service-directory))
(symlink (string-append #$elogind "/etc") ;for etc/dbus-1
(string-append #$output "/etc"))
+ ;; Also expose the D-Bus policy configurations (.conf) files, now
+ ;; installed under '/share' instead of the legacy '/etc' prefix.
+ (symlink (string-append #$elogind "/share/dbus-1/system.d")
+ (string-append #$output "/share/dbus-1/system.d"))
;; Replace the "Exec=" line of the 'org.freedesktop.login1.service'
;; file with one that refers to WRAPPER instead of elogind.
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index f45fc99c69..6608046909 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -1,6 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
-;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
@@ -53,10 +52,7 @@
knot-resolver-configuration
dnsmasq-service-type
- dnsmasq-configuration
-
- ddclient-service-type
- ddclient-configuration))
+ dnsmasq-configuration))
;;;
;;; Knot DNS.
@@ -901,165 +897,3 @@ cache.size = 100 * MB
dnsmasq-activation)))
(default-value (dnsmasq-configuration))
(description "Run the dnsmasq DNS server.")))
-
-
-;;;
-;;; ddclient
-;;;
-
-(define (uglify-field-name field-name)
- (string-delete #\? (symbol->string field-name)))
-
-(define (serialize-field field-name val)
- (when (not (member field-name '(group secret-file user)))
- (format #t "~a=~a\n" (uglify-field-name field-name) val)))
-
-(define (serialize-boolean field-name val)
- (serialize-field field-name (if val "yes" "no")))
-
-(define (serialize-integer field-name val)
- (serialize-field field-name (number->string val)))
-
-(define (serialize-string field-name val)
- (if (and (string? val) (string=? val ""))
- ""
- (serialize-field field-name val)))
-
-(define (serialize-list field-name val)
- (if (null? val) "" (serialize-field field-name (string-join val))))
-
-(define (serialize-extra-options extra-options)
- (string-join extra-options "\n" 'suffix))
-
-(define-configuration ddclient-configuration
- (ddclient
- (file-like ddclient)
- "The ddclient package.")
- (daemon
- (integer 300)
- "The period after which ddclient will retry to check IP and domain name.")
- (syslog
- (boolean #t)
- "Use syslog for the output.")
- (mail
- (string "root")
- "Mail to user.")
- (mail-failure
- (string "root")
- "Mail failed update to user.")
- (pid
- (string "/var/run/ddclient/ddclient.pid")
- "The ddclient PID file.")
- (ssl
- (boolean #t)
- "Enable SSL support.")
- (user
- (string "ddclient")
- "Specifies the user name or ID that is used when running ddclient
-program.")
- (group
- (string "ddclient")
- "Group of the user who will run the ddclient program.")
- (secret-file
- (string "/etc/ddclient/secrets.conf")
- "Secret file which will be appended to @file{ddclient.conf} file. This
-file contains credentials for use by ddclient. You are expected to create it
-manually.")
- (extra-options
- (list '())
- "Extra options will be appended to @file{ddclient.conf} file."))
-
-(define (ddclient-account config)
- "Return the user accounts and user groups for CONFIG."
- (let ((ddclient-user (ddclient-configuration-user config))
- (ddclient-group (ddclient-configuration-group config)))
- (list (user-group
- (name ddclient-group)
- (system? #t))
- (user-account
- (name ddclient-user)
- (system? #t)
- (group ddclient-group)
- (comment "ddclientd privilege separation user")
- (home-directory (string-append "/var/run/" ddclient-user))))))
-
-(define (ddclient-activation config)
- "Return the activation GEXP for CONFIG."
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils)
- (ice-9 rdelim))
- (let ((ddclient-user
- (passwd:uid (getpw #$(ddclient-configuration-user config))))
- (ddclient-group
- (passwd:gid (getpw #$(ddclient-configuration-group config))))
- (ddclient-secret-file
- #$(ddclient-configuration-secret-file config)))
- ;; 'ddclient' complains about ddclient.conf file permissions, which
- ;; rules out /gnu/store. Thus we copy the ddclient.conf to /etc.
- (for-each (lambda (dir)
- (mkdir-p dir)
- (chmod dir #o700)
- (chown dir ddclient-user ddclient-group))
- '("/var/cache/ddclient" "/var/run/ddclient"
- "/etc/ddclient"))
- (with-output-to-file "/etc/ddclient/ddclient.conf"
- (lambda ()
- (display
- (string-append
- "# Generated by 'ddclient-service'.\n\n"
- #$(with-output-to-string
- (lambda ()
- (serialize-configuration config
- ddclient-configuration-fields)))
- (if (string-null? ddclient-secret-file)
- ""
- (format #f "\n\n# Appended from '~a'.\n\n~a"
- ddclient-secret-file
- (with-input-from-file ddclient-secret-file
- read-string)))))))
- (chmod "/etc/ddclient/ddclient.conf" #o600)
- (chown "/etc/ddclient/ddclient.conf"
- ddclient-user ddclient-group)))))
-
-(define (ddclient-shepherd-service config)
- "Return a <shepherd-service> for ddclient with CONFIG."
- (let ((ddclient (ddclient-configuration-ddclient config))
- (ddclient-pid (ddclient-configuration-pid config))
- (ddclient-user (ddclient-configuration-user config))
- (ddclient-group (ddclient-configuration-group config)))
- (list (shepherd-service
- (provision '(ddclient))
- (documentation "Run ddclient daemon.")
- (start #~(make-forkexec-constructor
- (list #$(file-append ddclient "/bin/ddclient")
- "-foreground"
- "-file" "/etc/ddclient/ddclient.conf")
- #:pid-file #$ddclient-pid
- #:environment-variables
- (list "SSL_CERT_DIR=/run/current-system/profile\
-/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile\
-/etc/ssl/certs/ca-certificates.crt")
- #:user #$ddclient-user
- #:group #$ddclient-group))
- (stop #~(make-kill-destructor))))))
-
-(define ddclient-service-type
- (service-type
- (name 'ddclient)
- (extensions
- (list (service-extension account-service-type
- ddclient-account)
- (service-extension shepherd-root-service-type
- ddclient-shepherd-service)
- (service-extension activation-service-type
- ddclient-activation)))
- (default-value (ddclient-configuration))
- (description "Configure address updating utility for dynamic DNS services,
-ddclient.")))
-
-(define (generate-ddclient-documentation)
- (generate-documentation
- `((ddclient-configuration ,ddclient-configuration-fields))
- 'ddclient-configuration))
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
index 1a1b37f890..a6f540a9b6 100644
--- a/gnu/services/kerberos.scm
+++ b/gnu/services/kerberos.scm
@@ -432,8 +432,8 @@ generates such a file. It does not cause any daemon to be started.")))
(transformer
(lambda (pam)
(define pam-krb5-module
- #~(string-append #$(pam-krb5-configuration-pam-krb5 config)
- "/lib/security/pam_krb5.so"))
+ (file-append (pam-krb5-configuration-pam-krb5 config)
+ "/lib/security/pam_krb5.so"))
(let ((pam-krb5-sufficient
(pam-entry
diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm
index d105c42850..d17f492e15 100644
--- a/gnu/services/linux.scm
+++ b/gnu/services/linux.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2023 Felix Lechner <felix.lechner@lease-up.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -67,6 +68,28 @@
kernel-module-loader-service-type
+ cachefilesd-configuration
+ cachefilesd-configuration?
+ cachefilesd-configuration-cachefilesd
+ cachefilesd-configuration-debug-output?
+ cachefilesd-configuration-use-syslog?
+ cachefilesd-configuration-scan?
+ cachefilesd-configuration-cache-directory
+ cachefilesd-configuration-cache-name
+ cachefilesd-configuration-security-context
+ cachefilesd-configuration-pause-culling-for-block-percentage
+ cachefilesd-configuration-pause-culling-for-file-percentage
+ cachefilesd-configuration-resume-culling-for-block-percentage
+ cachefilesd-configuration-resume-culling-for-file-percentage
+ cachefilesd-configuration-pause-caching-for-block-percentage
+ cachefilesd-configuration-pause-caching-for-file-percentage
+ cachefilesd-configuration-log2-table-size
+ cachefilesd-configuration-cull?
+ cachefilesd-configuration-trace-function-entry-in-kernel-module
+ cachefilesd-configuration-trace-function-exit-in-kernel-module
+ cachefilesd-configuration-trace-internal-checkpoints-in-kernel-module
+ cachefilesd-service-type
+
rasdaemon-configuration
rasdaemon-configuration?
rasdaemon-configuration-record?
@@ -308,6 +331,180 @@ more information)."
;;;
+;;; Cachefilesd, an FS-Cache daemon
+;;;
+
+(define (serialize-string variable-symbol value)
+ #~(format #f "~a ~a~%" #$(symbol->string variable-symbol) #$value))
+
+(define-maybe string)
+
+(define (non-negative-integer? val)
+ (and (exact-integer? val) (not (negative? val))))
+
+(define (serialize-non-negative-integer variable-symbol value)
+ #~(format #f "~a ~d~%" #$(symbol->string variable-symbol) #$value))
+
+(define-maybe non-negative-integer)
+
+(define (make-option-serializer option-symbol)
+ (lambda (variable-symbol text)
+ (if (maybe-value-set? text)
+ #~(format #f "~a ~a~%" #$(symbol->string option-symbol) #$text)
+ "")))
+
+(define (make-percentage-threshold-serializer threshold-symbol)
+ (lambda (variable-symbol percentage)
+ (if (maybe-value-set? percentage)
+ #~(format #f "~a ~a%~%" #$(symbol->string threshold-symbol) #$percentage)
+ "")))
+
+(define-configuration cachefilesd-configuration
+ (cachefilesd
+ (file-like cachefilesd)
+ "The cachefilesd package to use."
+ (serializer empty-serializer))
+
+ ;; command-line options
+ (debug-output?
+ (boolean #f)
+ "Print debugging output to stderr."
+ (serializer empty-serializer))
+
+ (use-syslog?
+ (boolean #t)
+ "Log to syslog facility instead of stdout."
+ (serializer empty-serializer))
+
+ ;; culling is part of the configuration file
+ ;; despite the name of the command-line option
+ (scan?
+ (boolean #t)
+ "Scan for cachable objects."
+ (serializer empty-serializer))
+
+ ;; sole required field in the configuration file
+ (cache-directory
+ maybe-string
+ "Location of the cache directory."
+ (serializer (make-option-serializer 'dir)))
+
+ (cache-name
+ (maybe-string "CacheFiles")
+ "Name of cache (keep unique)."
+ (serializer (make-option-serializer 'tag)))
+
+ (security-context
+ maybe-string
+ "SELinux security context."
+ (serializer (make-option-serializer 'secctx)))
+
+ ;; percentage thresholds in the configuration file
+ (pause-culling-for-block-percentage
+ (maybe-non-negative-integer 7)
+ "Pause culling when available blocks exceed this percentage."
+ (serializer (make-percentage-threshold-serializer 'brun)))
+
+ (pause-culling-for-file-percentage
+ (maybe-non-negative-integer 7)
+ "Pause culling when available files exceed this percentage."
+ (serializer (make-percentage-threshold-serializer 'frun)))
+
+ (resume-culling-for-block-percentage
+ (maybe-non-negative-integer 5)
+ "Start culling when available blocks drop below this percentage."
+ (serializer (make-percentage-threshold-serializer 'bcull)))
+
+ (resume-culling-for-file-percentage
+ (maybe-non-negative-integer 5)
+ "Start culling when available files drop below this percentage."
+ (serializer (make-percentage-threshold-serializer 'fcull)))
+
+ (pause-caching-for-block-percentage
+ (maybe-non-negative-integer 1)
+ "Pause further allocations when available blocks drop below this percentage."
+ (serializer (make-percentage-threshold-serializer 'bstop)))
+
+ (pause-caching-for-file-percentage
+ (maybe-non-negative-integer 1)
+ "Pause further allocations when available files drop below this percentage."
+ (serializer (make-percentage-threshold-serializer 'fstop)))
+
+ ;; run time optimizations in the configuration file
+ (log2-table-size
+ (maybe-non-negative-integer 12)
+ "Size of tables holding cullable objects in logarithm of base 2."
+ (serializer (make-option-serializer 'culltable)))
+
+ (cull?
+ (boolean #t)
+ "Create free space by culling (consumes system load)."
+ (serializer
+ (lambda (variable-symbol value)
+ (if value "" "nocull\n"))))
+
+ ;; kernel module debugging in the configuration file
+ (trace-function-entry-in-kernel-module?
+ (boolean #f)
+ "Trace function entry in the kernel module (for debugging)."
+ (serializer empty-serializer))
+
+ (trace-function-exit-in-kernel-module?
+ (boolean #f)
+ "Trace function exit in the kernel module (for debugging)."
+ (serializer empty-serializer))
+
+ (trace-internal-checkpoints-in-kernel-module?
+ (boolean #f)
+ "Trace internal checkpoints in the kernel module (for debugging)."
+ (serializer empty-serializer)))
+
+(define (serialize-cachefilesd-configuration configuration)
+ (mixed-text-file
+ "cachefilesd.conf"
+ (serialize-configuration configuration cachefilesd-configuration-fields)))
+
+(define (cachefilesd-shepherd-service config)
+ "Return a list of <shepherd-service> for cachefilesd for CONFIG."
+ (match-record
+ config <cachefilesd-configuration> (cachefilesd
+ debug-output?
+ use-syslog?
+ scan?
+ cache-directory)
+ (let ((configuration-file (serialize-cachefilesd-configuration config)))
+ (shepherd-service
+ (documentation "Run the cachefilesd daemon for FS-Cache.")
+ (provision '(cachefilesd))
+ (requirement (append '(file-systems)
+ (if use-syslog? '(syslogd) '())))
+ (start #~(begin
+ (and=> #$(maybe-value cache-directory) mkdir-p)
+ (make-forkexec-constructor
+ `(#$(file-append cachefilesd "/sbin/cachefilesd")
+ ;; do not detach
+ "-n"
+ #$@(if debug-output? '("-d") '())
+ #$@(if use-syslog? '() '("-s"))
+ #$@(if scan? '() '("-N"))
+ "-f" #$configuration-file))))
+ (stop #~(make-kill-destructor))))))
+
+(define cachefilesd-service-type
+ (service-type
+ (name 'cachefilesd)
+ (description
+ "Run the file system cache daemon @command{cachefilesd}, which relies on
+the Linux @code{cachefiles} module.")
+ (extensions
+ (list (service-extension kernel-module-loader-service-type
+ (const '("cachefiles")))
+ (service-extension shepherd-root-service-type
+ (compose list cachefilesd-shepherd-service))))
+ (default-value (cachefilesd-configuration))))
+
+
+;;;
;;; Reliability, Availability, and Serviceability (RAS) daemon
;;;
@@ -351,7 +548,7 @@ more information)."
;;;
-;;; Kernel module loader.
+;;; Zram device
;;;
(define-record-type* <zram-device-configuration>
diff --git a/gnu/services/pam-mount.scm b/gnu/services/pam-mount.scm
index dbb9d0285f..b3a02e82e9 100644
--- a/gnu/services/pam-mount.scm
+++ b/gnu/services/pam-mount.scm
@@ -94,7 +94,7 @@
(define optional-pam-mount
(pam-entry
(control "optional")
- (module #~(string-append #$pam-mount "/lib/security/pam_mount.so"))))
+ (module (file-append pam-mount "/lib/security/pam_mount.so"))))
(list
(pam-extension
(transformer
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-17 10:25:53 +0000