summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/audio.scm33
-rw-r--r--gnu/services/base.scm126
-rw-r--r--gnu/services/cups.scm3
-rw-r--r--gnu/services/databases.scm89
-rw-r--r--gnu/services/desktop.scm36
-rw-r--r--gnu/services/dns.scm2
-rw-r--r--gnu/services/ganeti.scm2
-rw-r--r--gnu/services/guix.scm32
-rw-r--r--gnu/services/monitoring.scm7
-rw-r--r--gnu/services/networking.scm117
-rw-r--r--gnu/services/sddm.scm2
-rw-r--r--gnu/services/shepherd.scm13
-rw-r--r--gnu/services/virtualization.scm11
-rw-r--r--gnu/services/vpn.scm6
-rw-r--r--gnu/services/web.scm90
15 files changed, 479 insertions, 90 deletions
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 37f2efa479..627b941871 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -21,6 +22,8 @@
#:use-module (guix gexp)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
#:use-module (gnu packages mpd)
#:use-module (guix records)
#:use-module (ice-9 match)
@@ -135,19 +138,19 @@ audio_output {
(define (mpd-shepherd-service config)
(shepherd-service
(documentation "Run the MPD (Music Player Daemon)")
+ (requirement '(user-processes))
(provision '(mpd))
(start #~(make-forkexec-constructor
(list #$(file-append mpd "/bin/mpd")
"--no-daemon"
#$(mpd-config->file config))
- #:pid-file #$(mpd-file-name config "pid")
#:environment-variables
;; Required to detect PulseAudio when run under a user account.
- '(#$(string-append
- "XDG_RUNTIME_DIR=/run/user/"
- (number->string
+ (list (string-append
+ "XDG_RUNTIME_DIR=/run/user/"
+ (number->string
(passwd:uid
- (getpwnam (mpd-configuration-user config))))))
+ (getpwnam #$(mpd-configuration-user config))))))
#:log-file #$(mpd-file-name config "log")))
(stop #~(make-kill-destructor))))
@@ -158,10 +161,26 @@ audio_output {
(define %user
(getpw #$(mpd-configuration-user config)))
- (let ((directory #$(mpd-file-name config "")))
+ (let ((directory #$(mpd-file-name config ".mpd")))
(mkdir-p directory)
(chown directory (passwd:uid %user) (passwd:gid %user))))))
+
+(define %mpd-accounts
+ ;; Default account and group for MPD.
+ (list (user-group (name "mpd") (system? #t))
+ (user-account
+ (name "mpd")
+ (group "mpd")
+ (system? #t)
+ (comment "Music Player Daemon (MPD) user")
+
+ ;; Note: /var/run/mpd hosts one sub-directory per user, of which
+ ;; /var/run/mpd/mpd corresponds to the "mpd" user.
+ (home-directory "/var/run/mpd/mpd")
+
+ (shell (file-append shadow "/sbin/nologin")))))
+
(define mpd-service-type
(service-type
(name 'mpd)
@@ -169,6 +188,8 @@ audio_output {
(extensions
(list (service-extension shepherd-root-service-type
(compose list mpd-shepherd-service))
+ (service-extension account-service-type
+ (const %mpd-accounts))
(service-extension activation-service-type
mpd-service-activation)))
(default-value (mpd-configuration))))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 04bc991356..3fc4d5f885 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016, 2020 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 David Craven <david@craven.ch>
@@ -62,7 +62,8 @@
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
- #:re-export (user-processes-service-type) ;backwards compatibility
+ #:re-export (user-processes-service-type ;backwards compatibility
+ %default-substitute-urls)
#:export (fstab-service-type
root-file-system-service
file-system-service-type
@@ -106,6 +107,12 @@
agetty-service-type
mingetty-configuration
+ mingetty-configuration-tty
+ mingetty-configuration-auto-login
+ mingetty-configuration-login-program
+ mingetty-configuration-login-pause?
+ mingetty-configuration-clear-on-logout?
+ mingetty-configuration-mingetty
mingetty-configuration?
mingetty-service
mingetty-service-type
@@ -291,7 +298,8 @@ FILE-SYSTEM."
(define (mapped-device->shepherd-service-name md)
"Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
(symbol-append 'device-mapping-
- (string->symbol (mapped-device-target md))))
+ (string->symbol (string-join
+ (mapped-device-targets md) "-"))))
(define dependency->shepherd-service-name
(match-lambda
@@ -1024,20 +1032,22 @@ the tty to run, among other things."
(define-record-type* <mingetty-configuration>
mingetty-configuration make-mingetty-configuration
mingetty-configuration?
- (mingetty mingetty-configuration-mingetty ;<package>
- (default mingetty))
- (tty mingetty-configuration-tty) ;string
- (auto-login mingetty-auto-login ;string | #f
- (default #f))
- (login-program mingetty-login-program ;gexp
- (default #f))
- (login-pause? mingetty-login-pause? ;Boolean
- (default #f)))
+ (mingetty mingetty-configuration-mingetty ;<package>
+ (default mingetty))
+ (tty mingetty-configuration-tty) ;string
+ (auto-login mingetty-auto-login ;string | #f
+ (default #f))
+ (login-program mingetty-login-program ;gexp
+ (default #f))
+ (login-pause? mingetty-login-pause? ;Boolean
+ (default #f))
+ (clear-on-logout? mingetty-clear-on-logout? ;Boolean
+ (default #t)))
(define mingetty-shepherd-service
(match-lambda
(($ <mingetty-configuration> mingetty tty auto-login login-program
- login-pause?)
+ login-pause? clear-on-logout?)
(list
(shepherd-service
(documentation "Run mingetty on an tty.")
@@ -1050,7 +1060,6 @@ the tty to run, among other things."
(start #~(make-forkexec-constructor
(list #$(file-append mingetty "/sbin/mingetty")
- "--noclear"
;; Avoiding 'vhangup' allows us to avoid 'setfont'
;; errors down the path where various ioctls get
@@ -1058,6 +1067,9 @@ the tty to run, among other things."
;; in Linux.
"--nohangup" #$tty
+ #$@(if clear-on-logout?
+ #~()
+ #~("--noclear"))
#$@(if auto-login
#~("--autologin" #$auto-login)
#~())
@@ -1476,10 +1488,18 @@ archive' public keys, with GUIX."
#~(begin
(use-modules (guix build utils))
- (unless (file-exists? "/etc/guix/acl")
- (mkdir-p "/etc/guix")
- (copy-file #+default-acl "/etc/guix/acl")
- (chmod "/etc/guix/acl" #o600)))))
+ ;; If the ACL already exists, move it out of the way. Create a backup
+ ;; if it's a regular file: it's likely that the user manually updated
+ ;; it with 'guix archive --authorize'.
+ (if (file-exists? "/etc/guix/acl")
+ (if (and (symbolic-link? "/etc/guix/acl")
+ (store-file-name? (readlink "/etc/guix/acl")))
+ (delete-file "/etc/guix/acl")
+ (rename-file "/etc/guix/acl" "/etc/guix/acl.bak"))
+ (mkdir-p "/etc/guix"))
+
+ ;; Installed the declared ACL.
+ (symlink #+default-acl "/etc/guix/acl"))))
(define %default-authorized-guix-keys
;; List of authorized substitute keys.
@@ -1562,8 +1582,10 @@ proxy of 'guix-daemon'...~%")
(ice-9 match)
(gnu build shepherd)))
(start
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)))
+ (with-imported-modules `(((guix config) => ,(make-config.scm))
+ ,@(source-module-closure
+ '((gnu build shepherd))
+ #:select? not-config?))
#~(lambda args
(define proxy
;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by
@@ -1732,6 +1754,8 @@ proxy of 'guix-daemon'...~%")
(default "nar"))
(cache guix-publish-configuration-cache ;#f | string
(default #f))
+ (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold
+ (default (* 10 (expt 2 20)))) ;integer
(workers guix-publish-configuration-workers ;#f | integer
(default #f))
(ttl guix-publish-configuration-ttl ;#f | integer
@@ -1766,7 +1790,7 @@ raise a deprecation warning if the 'compression-level' field was used."
lst))))
(match-record config <guix-publish-configuration>
- (guix port host nar-path cache workers ttl)
+ (guix port host nar-path cache workers ttl cache-bypass-threshold)
(list (shepherd-service
(provision '(guix-publish))
(requirement '(guix-daemon))
@@ -1788,7 +1812,11 @@ raise a deprecation warning if the 'compression-level' field was used."
"s"))
#~())
#$@(if cache
- #~((string-append "--cache=" #$cache))
+ #~((string-append "--cache=" #$cache)
+ #$(string-append
+ "--cache-bypass-threshold="
+ (number->string
+ cache-bypass-threshold)))
#~()))
;; Make sure we run in a UTF-8 locale so we can produce
@@ -2096,22 +2124,52 @@ instance."
'swap
(lambda (device)
(define requirement
- (if (string-prefix? "/dev/mapper/" device)
+ (if (and (string? device)
+ (string-prefix? "/dev/mapper/" device))
(list (symbol-append 'device-mapping-
(string->symbol (basename device))))
'()))
- (shepherd-service
- (provision (list (symbol-append 'swap- (string->symbol device))))
- (requirement `(udev ,@requirement))
- (documentation "Enable the given swap device.")
- (start #~(lambda ()
- (restart-on-EINTR (swapon #$device))
- #t))
- (stop #~(lambda _
- (restart-on-EINTR (swapoff #$device))
- #f))
- (respawn? #f)))))
+ (define (device-lookup device)
+ ;; The generic 'find-partition' procedures could return a partition
+ ;; that's not swap space, but that's unlikely.
+ (cond ((uuid? device)
+ #~(find-partition-by-uuid #$(uuid-bytevector device)))
+ ((file-system-label? device)
+ #~(find-partition-by-label
+ #$(file-system-label->string device)))
+ (else
+ device)))
+
+ (define service-name
+ (symbol-append 'swap-
+ (string->symbol
+ (cond ((uuid? device)
+ (string-take (uuid->string device) 6))
+ ((file-system-label? device)
+ (file-system-label->string device))
+ (else
+ device)))))
+
+ (with-imported-modules (source-module-closure '((gnu build file-systems)))
+ (shepherd-service
+ (provision (list service-name))
+ (requirement `(udev ,@requirement))
+ (documentation "Enable the given swap device.")
+ (modules `((gnu build file-systems)
+ ,@%default-modules))
+ (start #~(lambda ()
+ (let ((device #$(device-lookup device)))
+ (and device
+ (begin
+ (restart-on-EINTR (swapon device))
+ #t)))))
+ (stop #~(lambda _
+ (let ((device #$(device-lookup device)))
+ (when device
+ (restart-on-EINTR (swapoff device)))
+ #f)))
+ (respawn? #f))))))
(define (swap-service device)
"Return a service that uses @var{device} as a swap device."
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 16d6f76c1a..e8957c6859 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -482,7 +482,8 @@ programs.")
(package cups)
"The CUPS package.")
(extensions
- (package-list (list cups-filters))
+ (package-list (list cups-filters epson-inkjet-printer-escpr
+ foomatic-filters hplip-minimal splix))
"Drivers and other extensions to the CUPS package.")
(files-configuration
(files-configuration (files-configuration))
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 2bddf70f71..60b31e0373 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -30,6 +31,7 @@
#:use-module (gnu packages databases)
#:use-module (guix build-system trivial)
#:use-module (guix build union)
+ #:use-module (guix deprecation)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix records)
@@ -146,8 +148,7 @@ host all all ::1/128 md5"))
(define-record-type* <postgresql-configuration>
postgresql-configuration make-postgresql-configuration
postgresql-configuration?
- (postgresql postgresql-configuration-postgresql ;<package>
- (default postgresql))
+ (postgresql postgresql-configuration-postgresql) ;<package>
(port postgresql-configuration-port
(default 5432))
(locale postgresql-configuration-locale
@@ -278,15 +279,15 @@ host all all ::1/128 md5"))
(service-extension account-service-type
(const %postgresql-accounts))
(service-extension profile-service-type
- (compose list postgresql-configuration-postgresql))))
- (default-value (postgresql-configuration))))
-
-(define* (postgresql-service #:key (postgresql postgresql)
- (port 5432)
- (locale "en_US.utf8")
- (config-file (postgresql-config-file))
- (data-directory "/var/lib/postgresql/data")
- (extension-packages '()))
+ (compose list postgresql-configuration-postgresql))))))
+
+(define-deprecated (postgresql-service #:key (postgresql postgresql)
+ (port 5432)
+ (locale "en_US.utf8")
+ (config-file (postgresql-config-file))
+ (data-directory "/var/lib/postgresql/data")
+ (extension-packages '()))
+ postgresql-service-type
"Return a service that runs @var{postgresql}, the PostgreSQL database server.
The PostgreSQL daemon loads its runtime configuration from @var{config-file}
@@ -465,8 +466,11 @@ storage:
mysql-configuration make-mysql-configuration
mysql-configuration?
(mysql mysql-configuration-mysql (default mariadb))
+ (bind-address mysql-configuration-bind-address (default "127.0.0.1"))
(port mysql-configuration-port (default 3306))
- (extra-content mysql-configuration-extra-content (default "")))
+ (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock"))
+ (extra-content mysql-configuration-extra-content (default ""))
+ (auto-upgrade? mysql-configuration-auto-upgrade? (default #t)))
(define %mysql-accounts
(list (user-group
@@ -481,10 +485,11 @@ storage:
(define mysql-configuration-file
(match-lambda
- (($ <mysql-configuration> mysql port extra-content)
+ (($ <mysql-configuration> mysql bind-address port socket extra-content)
(mixed-text-file "my.cnf" "[mysqld]
datadir=/var/lib/mysql
-socket=/run/mysqld/mysqld.sock
+socket=" socket "
+bind-address=" bind-address "
port=" (number->string port) "
" extra-content "
"))))
@@ -556,6 +561,52 @@ FLUSH PRIVILEGES;
#:user "mysql" #:group "mysql")))
(stop #~(make-kill-destructor)))))
+(define (mysql-upgrade-wrapper mysql socket-file)
+ ;; The MySQL socket and PID file may appear before the server is ready to
+ ;; accept connections. Ensure the socket is responsive before attempting
+ ;; to run the upgrade script.
+ (program-file
+ "mysql-upgrade-wrapper"
+ #~(begin
+ (let ((mysql-upgrade #$(file-append mysql "/bin/mysql_upgrade"))
+ (timeout 10))
+ (begin
+ (let loop ((i 0))
+ (catch 'system-error
+ (lambda ()
+ (let ((sock (socket PF_UNIX SOCK_STREAM 0)))
+ (connect sock AF_UNIX #$socket-file)
+ (close-port sock)
+ ;; The socket is ready!
+ (execl mysql-upgrade mysql-upgrade
+ (string-append "--socket=" #$socket-file))))
+ (lambda args
+ (if (< i timeout)
+ (begin
+ (sleep 1)
+ (loop (+ 1 i)))
+ ;; No luck, give up.
+ (throw 'timeout-error
+ "MySQL server did not appear in time!"))))))))))
+
+(define (mysql-upgrade-shepherd-service config)
+ (list (shepherd-service
+ (provision '(mysql-upgrade))
+ (requirement '(mysql))
+ (one-shot? #t)
+ (documentation "Upgrade MySQL database schemas.")
+ (start (let ((mysql (mysql-configuration-mysql config))
+ (socket (mysql-configuration-socket config)))
+ #~(make-forkexec-constructor
+ (list #$(mysql-upgrade-wrapper mysql socket))
+ #:user "mysql" #:group "mysql"))))))
+
+(define (mysql-shepherd-services config)
+ (if (mysql-configuration-auto-upgrade? config)
+ (append (mysql-shepherd-service config)
+ (mysql-upgrade-shepherd-service config))
+ (mysql-shepherd-service config)))
+
(define mysql-service-type
(service-type
(name 'mysql)
@@ -565,15 +616,11 @@ FLUSH PRIVILEGES;
(service-extension activation-service-type
%mysql-activation)
(service-extension shepherd-root-service-type
- mysql-shepherd-service)))
+ mysql-shepherd-services)))
(default-value (mysql-configuration))))
-(define* (mysql-service #:key (config (mysql-configuration)))
- "Return a service that runs @command{mysqld}, the MySQL or MariaDB
-database server.
-
-The optional @var{config} argument specifies the configuration for
-@command{mysqld}, which should be a @code{<mysql-configuration>} object."
+(define-deprecated (mysql-service #:key (config (mysql-configuration)))
+ mysql-service-type
(service mysql-service-type config))
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 3a3fd8fd1b..265cf9f35f 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2019 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
;;; Copyright © 2019 David Wilson <david@daviwil.com>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -53,6 +54,7 @@
#:use-module (gnu packages suckless)
#:use-module (gnu packages linux)
#:use-module (gnu packages libusb)
+ #:use-module (gnu packages lxqt)
#:use-module (gnu packages mate)
#:use-module (gnu packages nfs)
#:use-module (gnu packages enlightenment)
@@ -127,6 +129,10 @@
mate-desktop-service
mate-desktop-service-type
+ lxqt-desktop-configuration
+ lxqt-desktop-configuration?
+ lxqt-desktop-service-type
+
xfce-desktop-configuration
xfce-desktop-configuration?
xfce-desktop-service
@@ -1009,6 +1015,36 @@ system as root from within a user session, after the user has authenticated
with the administrator's password."
(service xfce-desktop-service-type config))
++
+;;;
+;;; Lxqt desktop service.
+;;;
+
+(define-record-type* <lxqt-desktop-configuration> lxqt-desktop-configuration
+ make-lxqt-desktop-configuration
+ lxqt-desktop-configuration?
+ (lxqt lxqt-package
+ (default lxqt)))
+
+(define (lxqt-polkit-settings config)
+ "Return the list of LXQt dependencies that provide polkit actions and
+rules."
+ (let ((lxqt (lxqt-package config)))
+ (map (lambda (name)
+ ((package-direct-input-selector name) lxqt))
+ '("lxqt-admin"))))
+
+(define lxqt-desktop-service-type
+ (service-type
+ (name 'lxqt-desktop)
+ (extensions
+ (list (service-extension polkit-service-type
+ lxqt-polkit-settings)
+ (service-extension profile-service-type
+ (compose list lxqt-package))))
+ (default-value (lxqt-desktop-configuration))
+ (description "Run LXQt desktop environment.")))
+
;;;
;;; X11 socket directory service
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 572880561c..b339eb0619 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -700,7 +700,7 @@ cache.size = 100 * MB
(documentation "Run the Knot Resolver daemon.")
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/kresd")
- "-c" #$kresd-config-file "-f" "1"
+ "-c" #$kresd-config-file "-n"
"/var/cache/knot-resolver")))
(stop #~(make-kill-destructor)))
(shepherd-service
diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm
index d87db5b9ac..0a34ea6a5e 100644
--- a/gnu/services/ganeti.scm
+++ b/gnu/services/ganeti.scm
@@ -430,7 +430,7 @@ appropriate requests to this daemon.")))
(description
"@command{ganeti-luxid} is a daemon used to answer queries
related to the configuration and the current live state of a Ganeti cluster.
-Additionally, it is the authorative daemon for the Ganeti job queue. Jobs can
+Additionally, it is the authoritative daemon for the Ganeti job queue. Jobs can
be submitted via this daemon and it schedules and starts them.")))
(define-record-type* <ganeti-rapi-configuration>
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index a47c4bd941..88d23f746a 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -188,8 +188,11 @@
;; libraries, but it means that the Guile libraries
;; needed for the Guix Build Coordinator don't need
;; to be individually specified here.
- (map second (package-inputs
- guix-build-coordinator-package)))
+ (append
+ (map second (package-inputs
+ guix-build-coordinator-package))
+ (map second (package-propagated-inputs
+ guix-build-coordinator-package))))
#~(begin
(use-modules (srfi srfi-1)
(ice-9 match)
@@ -200,16 +203,21 @@
(guix-build-coordinator build-allocator)
(guix-build-coordinator coordinator))
+ (setvbuf (current-output-port) 'line)
+ (setvbuf (current-error-port) 'line)
+
+ (simple-format #t "starting the guix-build-coordinator:\n ~A\n"
+ (current-filename))
(let* ((metrics-registry (make-metrics-registry
#:namespace
- "guixbuildcoordinator_"))
+ "guixbuildcoordinator"))
(datastore (database-uri->datastore
#$database-uri-string
#:metrics-registry metrics-registry))
(hooks
(list #$@(map (match-lambda
((name . hook-gexp)
- #~(cons name #$hook-gexp)))
+ #~(cons '#$name #$hook-gexp)))
hooks)))
(hooks-with-defaults
`(,@hooks
@@ -265,7 +273,8 @@
#:environment-variables
`(,(string-append
"GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
- "LC_ALL=en_US.utf8")
+ "LC_ALL=en_US.utf8"
+ "PATH=/run/current-system/profile/bin") ; for hooks
#:log-file "/var/log/guix-build-coordinator/coordinator.log"))
(stop #~(make-kill-destructor))))))
@@ -345,16 +354,17 @@
#$@(if non-derivation-substitute-urls
#~(#$(string-append
"--non-derivation-substitute-urls="
- (string-join derivation-substitute-urls " ")))
+ (string-join non-derivation-substitute-urls " ")))
#~())
#$@(map (lambda (system)
(string-append "--system=" system))
(or systems '())))
#:user #$user
- #:pid-file "/var/run/guix-build-coordinator-agent/pid"
#:environment-variables
`(,(string-append
"GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ ;; XDG_CACHE_HOME is used by Guix when caching narinfo files
+ "XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent"
"LC_ALL=en_US.utf8")
#:log-file "/var/log/guix-build-coordinator/agent.log"))
(stop #~(make-kill-destructor))))))
@@ -363,11 +373,13 @@
#~(begin
(use-modules (guix build utils))
+ (define %user (getpw "guix-build-coordinator-agent"))
+
(mkdir-p "/var/log/guix-build-coordinator")
- ;; Allow writing the PID file
- (mkdir-p "/var/run/guix-build-coordinator-agent")
- (chown "/var/run/guix-build-coordinator-agent"
+ ;; Create a cache directory for storing narinfo files if downloaded
+ (mkdir-p "/var/cache/guix-build-coordinator-agent")
+ (chown "/var/cache/guix-build-coordinator-agent"
(passwd:uid %user)
(passwd:gid %user))))
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 511f4fb2fe..da3d736ba6 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -279,11 +279,11 @@ configuration file."))
(define (zabbix-server-activation config)
"Return the activation gexp for CONFIG."
- (with-imported-modules '((guix build utils)
- (ice-9 rdelim))
+ (with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim))
+
(let ((user (getpw #$(zabbix-server-configuration-user config))))
(for-each (lambda (file)
(let ((directory (dirname file)))
@@ -393,8 +393,7 @@ configuration file."))
(define (zabbix-agent-activation config)
"Return the activation gexp for CONFIG."
- (with-imported-modules '((guix build utils)
- (ice-9 rdelim))
+ (with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 64f54e787f..9ec0f6a9ca 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -61,7 +61,9 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-43)
#:use-module (ice-9 match)
+ #:use-module (json)
#:re-export (static-networking-service
static-networking-service-type)
#:export (%facebook-host-aliases
@@ -180,7 +182,17 @@
pagekite-configuration-kitesecret
pagekite-configuration-frontend
pagekite-configuration-kites
- pagekite-configuration-extra-file))
+ pagekite-configuration-extra-file
+
+ yggdrasil-service-type
+ yggdrasil-configuration
+ yggdrasil-configuration?
+ yggdrasil-configuration-autoconf?
+ yggdrasil-configuration-config-file
+ yggdrasil-configuration-log-level
+ yggdrasil-configuration-log-to
+ yggdrasil-configuration-json-config
+ yggdrasil-configuration-package))
;;; Commentary:
;;;
@@ -1750,4 +1762,107 @@ table inet filter {
"Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
local servers publicly accessible on the web, even behind NATs and firewalls.")))
+
+;;;
+;;; Yggdrasil
+;;;
+
+(define-record-type* <yggdrasil-configuration>
+ yggdrasil-configuration
+ make-yggdrasil-configuration
+ yggdrasil-configuration?
+ (package yggdrasil-configuration-package
+ (default yggdrasil))
+ (json-config yggdrasil-configuration-json-config
+ (default '()))
+ (config-file yggdrasil-config-file
+ (default "/etc/yggdrasil-private.conf"))
+ (autoconf? yggdrasil-configuration-autoconf?
+ (default #f))
+ (log-level yggdrasil-configuration-log-level
+ (default 'info))
+ (log-to yggdrasil-configuration-log-to
+ (default 'stdout)))
+
+(define (yggdrasil-configuration-file config)
+ (define (scm->yggdrasil-json x)
+ (define key-value?
+ dotted-list?)
+ (define (param->camel str)
+ (string-concatenate
+ (map
+ string-capitalize
+ (string-split str (cut eqv? <> #\-)))))
+ (cond
+ ((key-value? x)
+ (let ((k (car x))
+ (v (cdr x)))
+ (cons
+ (if (symbol? k)
+ (param->camel (symbol->string k))
+ k)
+ v)))
+ ((list? x) (map scm->yggdrasil-json x))
+ ((vector? x) (vector-map scm->yggdrasil-json x))
+ (else x)))
+ (computed-file
+ "yggdrasil.conf"
+ #~(call-with-output-file #$output
+ (lambda (port)
+ ;; it's HJSON, so comments are a-okay
+ (display "# Generated by yggdrasil-service\n" port)
+ (display #$(scm->json-string
+ (scm->yggdrasil-json
+ (yggdrasil-configuration-json-config config)))
+ port)))))
+
+(define (yggdrasil-shepherd-service config)
+ "Return a <shepherd-service> for yggdrasil with CONFIG."
+ (define yggdrasil-command
+ #~(append
+ (list (string-append
+ #$(yggdrasil-configuration-package config)
+ "/bin/yggdrasil")
+ "-useconffile"
+ #$(yggdrasil-configuration-file config))
+ (if #$(yggdrasil-configuration-autoconf? config)
+ '("-autoconf")
+ '())
+ (let ((extraconf #$(yggdrasil-config-file config)))
+ (if extraconf
+ (list "-extraconffile" extraconf)
+ '()))
+ (list "-loglevel"
+ #$(symbol->string
+ (yggdrasil-configuration-log-level config))
+ "-logto"
+ #$(symbol->string
+ (yggdrasil-configuration-log-to config)))))
+ (list (shepherd-service
+ (documentation "Connect to the Yggdrasil mesh network")
+ (provision '(yggdrasil))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ #$yggdrasil-command
+ #:log-file "/var/log/yggdrasil.log"
+ #:group "yggdrasil"))
+ (stop #~(make-kill-destructor)))))
+
+(define %yggdrasil-accounts
+ (list (user-group (name "yggdrasil") (system? #t))))
+
+(define yggdrasil-service-type
+ (service-type
+ (name 'yggdrasil)
+ (description
+ "Connect to the Yggdrasil mesh network.
+See yggdrasil -genconf for config options.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ yggdrasil-shepherd-service)
+ (service-extension account-service-type
+ (const %yggdrasil-accounts))
+ (service-extension profile-service-type
+ (compose list yggdrasil-configuration-package))))))
+
;;; networking.scm ends here
diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm
index 59f8b16985..694ad736dc 100644
--- a/gnu/services/sddm.scm
+++ b/gnu/services/sddm.scm
@@ -169,7 +169,7 @@ Relogin=" (if (sddm-configuration-relogin? config)
(list (shepherd-service
(documentation "SDDM display manager.")
- (requirement '(user-processes))
+ (requirement '(user-processes elogind))
(provision '(xorg-server display-manager))
(start #~(make-forkexec-constructor #$sddm-command))
(stop #~(make-kill-destructor)))))
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index e14ceca231..1faeb350df 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -224,16 +224,21 @@ which is not provided by any service")
(for-each assert-satisfied-requirements services))
+(define %store-characters
+ ;; Valid store characters; see 'checkStoreName' in the daemon.
+ (string->char-set
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?="))
+
(define (shepherd-service-file-name service)
"Return the file name where the initialization code for SERVICE is to be
stored."
(let ((provisions (string-join (map symbol->string
(shepherd-service-provision service)))))
(string-append "shepherd-"
- (string-map (match-lambda
- (#\/ #\-)
- (#\ #\-)
- (chr chr))
+ (string-map (lambda (chr)
+ (if (char-set-contains? %store-characters chr)
+ chr
+ #\-))
provisions)
".scm")))
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index edd0b644f5..eaf0bbde43 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP."
(permit-root-login #t)
(allow-empty-passwords? #t)
(password-authentication? #t)))
- %base-services/hurd))))
+
+ ;; By default, the secret service introduces a pre-initialized
+ ;; /etc/guix/acl file in the childhurd. Thus, clear
+ ;; 'authorize-key?' so that it's not overridden at activation
+ ;; time.
+ (modify-services %base-services/hurd
+ (guix-service-type config =>
+ (guix-configuration
+ (inherit config)
+ (authorize-key? #f))))))))
(define-record-type* <hurd-vm-configuration>
hurd-vm-configuration make-hurd-vm-configuration
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 658d5c3e88..70f2617c7e 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -273,16 +273,16 @@ servers.")
"The device type used to represent the VPN connection.")
(ca
- (string "/etc/openvpn/ca.crt")
+ (maybe-string "/etc/openvpn/ca.crt")
"The certificate authority to check connections against.")
(cert
- (string "/etc/openvpn/client.crt")
+ (maybe-string "/etc/openvpn/client.crt")
"The certificate of the machine the daemon is running on. It should be signed
by the authority given in @code{ca}.")
(key
- (string "/etc/openvpn/client.key")
+ (maybe-string "/etc/openvpn/client.key")
"The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}.")
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index a74c6c54b4..855f4e649b 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -14,6 +14,7 @@
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Alexandru-Sergiu Marton <brown121407@posteo.ro>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -255,7 +256,14 @@
mumi-configuration-sender
mumi-configuration-smtp
- mumi-service-type))
+ mumi-service-type
+
+ gmnisrv-configuration
+ gmnisrv-configuration?
+ gmnisrv-configuration-package
+ gmnisrv-configuration-config-file
+
+ gmnisrv-service-type))
;;; Commentary:
;;;
@@ -667,6 +675,12 @@ of index files."
'#$lua-package-cpath)
";"))
"")
+ (if server-names-hash-bucket-size
+ (string-append
+ " server_names_hash_bucket_size "
+ (number->string server-names-hash-bucket-size)
+ ";\n")
+ "")
(if server-names-hash-bucket-max-size
(string-append
" server_names_hash_bucket_max_size "
@@ -1134,7 +1148,7 @@ a webserver.")
#:user "hpcguix-web"
#:group "hpcguix-web"
#:environment-variables
- (list "XDG_CACHE_HOME=/var/cache"
+ (list "XDG_CACHE_HOME=/var/cache/guix/web"
"SSL_CERT_DIR=/etc/ssl/certs")
#:log-file #$%hpcguix-web-log-file))
(stop #~(make-kill-destructor))))))
@@ -1798,3 +1812,75 @@ WSGIPassAuthorization On
"Run Mumi, a Web interface to the Debbugs bug-tracking server.")
(default-value
(mumi-configuration))))
+
+(define %default-gmnisrv-config-file
+ (plain-file "gmnisrv.ini" "
+listen=0.0.0.0:1965 [::]:1965
+
+[:tls]
+store=/var/lib/gemini/certs
+
+organization=gmnisrv on Guix user
+
+[localhost]
+root=/srv/gemini
+"))
+
+(define-record-type* <gmnisrv-configuration>
+ gmnisrv-configuration make-gmnisrv-configuration
+ gmnisrv-configuration?
+ (package gmnisrv-configuration-package
+ (default gmnisrv))
+ (config-file gmnisrv-configuration-config-file
+ (default %default-gmnisrv-config-file)))
+
+(define gmnisrv-shepherd-service
+ (match-lambda
+ (($ <gmnisrv-configuration> package config-file)
+ (list (shepherd-service
+ (provision '(gmnisrv))
+ (requirement '(networking))
+ (documentation "Run the gmnisrv Gemini server.")
+ (start (let ((gmnisrv (file-append package "/bin/gmnisrv")))
+ #~(make-forkexec-constructor
+ (list #$gmnisrv "-C" #$config-file)
+ #:user "gmnisrv" #:group "gmnisrv"
+ #:log-file "/var/log/gmnisrv.log")))
+ (stop #~(make-kill-destructor)))))))
+
+(define %gmnisrv-accounts
+ (list (user-group (name "gmnisrv") (system? #t))
+ (user-account
+ (name "gmnisrv")
+ (group "gmnisrv")
+ (system? #t)
+ (comment "gmnisrv Gemini server")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define %gmnisrv-activation
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p "/var/lib/gemini/certs")
+ (let* ((pw (getpwnam "gmnisrv"))
+ (uid (passwd:uid pw))
+ (gid (passwd:gid pw)))
+ (chown "/var/lib/gemini" uid gid)
+ (chown "/var/lib/gemini/certs" uid gid)))))
+
+(define gmnisrv-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension activation-service-type
+ (const %gmnisrv-activation))
+ (service-extension account-service-type
+ (const %gmnisrv-accounts))
+ (service-extension shepherd-root-service-type
+ gmnisrv-shepherd-service)))
+ (description
+ "Run the gmnisrv Gemini server.")
+ (default-value
+ (gmnisrv-configuration))))
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-11 01:23:00 +0000