Age | Commit message (Expand) | Author |
2023-06-04 | services: screen-locker-service-type: Configurable PAM and setuid.•••screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
| muradm |
2023-05-30 | services: herd: "Resolve" transient services only when needed.•••This allows us to get rid of the "eval root" actions, which in turn
would lead to confusing "Evaluating user expression" messages.
Fixes <https://issues.guix.gnu.org/55857>.
* gnu/services/herd.scm (resolve-transients): In 'values', avoid
'eval-there' call when UNRESOLVED is empty.
| Ludovic Courtès |
2023-05-24 | services: guix: Depend on 'avahi-daemon' when 'discover?' is set.•••Previously, with shepherd 0.10.0, guix-daemon would start quickly,
possibly before avahi-daemon is running. Consequently, its "guix
discover" child process would exit immediately with a warning saying
"Avahi daemon is not running".
* gnu/services/base.scm (guix-shepherd-service): When DISCOVER? is true,
add 'avahi-daemon' to 'requirement'.
| Ludovic Courtès |
2023-05-23 | services: cups: Add cups PAM service.•••Fixes <https://issues.guix.gnu.org/63198>.
Have the CUPS service extend pam-root-service-type providing minimal
configuration to authenticate users. Since PAM authentication is provided,
the regular cups package can be used as default instead of the minimal,
PAM-lacking variant.
* gnu/services/cups.scm (cups-configuration)
[cups]: Replace cups-minimal with cups.
[allow-empty-password?]: PAM service configuration permitting empty passwords.
(opaque-cups-configuration): Likewise.
(cups-pam-service): New procedure.
(cups-service-type): Extend pam-root-service-type with cups-pam-service.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
| muradm |
2023-05-21 | services: Transient inetd services inherit requirements.•••That way, per-connection transient services such as 'sshd-123' inherit
dependencies of their "parent" ('sshd' in this example), which is more
consistent than not depending on anything.
* gnu/services/dict.scm (dicod-shepherd-service): Pass #:requirements to
'make-inetd-constructor'.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
* gnu/services/ssh.scm (openssh-shepherd-service): Likewise.
* gnu/services/vnc.scm (xvnc-shepherd-service): Likewise.
| Ludovic Courtès |
2023-05-21 | services: root-file-system: Remove reference to 'stop-logging'.•••* gnu/services/base.scm (%root-file-system-shepherd-service): In 'stop'
method, remove reference to 'stop-logging'. That procedure is gone in
Shepherd 0.10.0, leading to an unbound-variable exception.
Additionally, calling is unnecessary since 0.4.0, where shepherd logs to
syslog (thus the open file descriptor is not backed by an on-disk file).
| Ludovic Courtès |
2023-05-21 | services: agetty: 'stop' method does nothing when running is 'idle.•••This is a followup to 57e731c358d000f614fbda23654cae6a5e79df80.
* gnu/services/base.scm (agetty-shepherd-service): Change 'stop' method
to return #f immediately when the running value is 'idle.
| Ludovic Courtès |
2023-05-18 | services: rsync: Use least authority wrapper.•••* gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a
least-authority-wrapper.
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
| Maxim Cournoyer |
2023-05-18 | services: rsync: Use make-inetd-constructor.•••* gnu/services/rsync.scm (rsync-shepherd-service): Use make-inetd-constructor
if available in start slot.
* gnu/tests/rsync.scm (run-rsync-test): Delete "PID file" test.
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
| Maxim Cournoyer |
2023-05-17 | services: ssh: Really rename openssh-challenge-response-authentication?•••Fixes up 9c161c1f0d, which renamed the accessor of <openssh-configuration> but
failed to adjust the single usage.
* gnu/services/ssh.scm (openssh-config-file): Rename
openssh-challenge-response-authentication? call to
openssh-configuration-challenge-response-authentication?.
| Maxim Cournoyer |
2023-05-17 | services: ssh: Rename openssh-challenge-response-authentication?•••This is a follow-up commit to the preceding commit, which exported all
<openssh-configuration> accessors.
* gnu/services/ssh.scm (<openssh-configuration>): Rename
openssh-challenge-response-authentication? to
openssh-configuration-challenge-response-authentication?. It's a mouthful,
but is at least consistent with the rest.
| Maxim Cournoyer |
2023-05-17 | services: openssh: Export openssh-configuration accessors.•••* gnu/services/ssh.scm: Export openssh-configuration accessors.
| Maxim Cournoyer |
2023-05-13 | services: shepherd: Default to 0.10.•••* gnu/services/shepherd.scm (<shepherd-configuration>)[shepherd]:
Default to SHEPHERD-0.10.
* gnu/home/services/shepherd.scm (<home-shepherd-configuration>)[shepherd]:
Likewise.
| Ludovic Courtès |
2023-05-13 | services: nar-herder: Support extra environment vars.•••* gnu/services/guix.scm (nar-herder-configuration-extra-environment-variables):
New procedure.
(nar-herder-shepherd-services): Pass the environment variables to the
shepherd.
* doc/guix.texi (Guix Services): Document it.
| Christopher Baines |
2023-05-11 | services: inetd: Export accessors.•••* gnu/services/networking.scm: Export inetd-configuration?,
inetd-configuration-program, inetd-configuration-entries, inetd-entry?,
inetd-entry-node, inetd-entry-name, inetd-entry-socket-type,
inetd-entry-protocol, inetd-entry-wait?, inetd-entry-user, inetd-entry-program
and inetd-entry-arguments.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Bruno Victal |
2023-05-11 | services: Add vnstat-service-type.•••* gnu/services/monitoring.scm (vnstat-service-type): New variable.
* doc/guix.texi (Monitoring Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Bruno Victal |
2023-05-11 | services: dhcp-client-configuration: Add 'shepherd-requirement' field.•••* gnu/services/networking.scm (<dhcp-client-configuration>)
[shepherd-requirement]: New field.
(dhcp-client-shepherd-service): Honor it.
(dhcp-client-configuration-shepherd-requirement): Export accessor.
* doc/guix.texi (Networking Setup): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Sergey Trofimov |
2023-05-11 | services: elogind: Add elogind as a shepherd PAM requirement.•••* gnu/services/desktop.scm (pam-extension-procedure): Add the elogind shepherd
requirement to the PAM extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Josselin Poiret |
2023-05-11 | system: pam: Let PAM extensions add shepherd requirements.•••* gnu/system/pam.scm (<pam-extension>): New record type.
(pam-shepherd-service): Add Shepherd synchronization point.
* gnu/services/mail.scm (dovecot-shepherd-service)
* gnu/services/lightdm.scm (lightdm-shepherd-service)
* gnu/services/mail.scm (opensmtpd-shepherd-service)
* gnu/services/sddm.scm (sddm-shepherd-service)
* gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service)
* gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service)
* gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement.
* gnu/system/pam.scm (/etc-entry, extend-configuration,
pam-root-service-type, pam-root-service)
* gnu/services/authentication.scm (pam-ldap-pam-service)
* gnu/services/base.scm (pam-limits-service-type)
(greetd-pam-service)
* gnu/services/desktop.scm (pam-gnome-keyring)
* gnu/services/kerberos.scm (pam-krb5-pam-service)
* gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use
pam-extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Josselin Poiret |
2023-05-11 | services: syslog: Do not call 'umask' in PID 1.•••Fixes a race condition when starting services in parallel with shepherd
0.10.x whereby a service might create files and directories with umask #o137.
An example is the bitlbee service with its least-authority wrapper: the
wrapper would create a tree with directories set to #o640, thereby
making the whole directory tree inaccessible.
* gnu/services/base.scm (syslog-shepherd-service): Pass #:file-creation-mask
to 'make-forkexec-constructor' instead of calling 'umask' in PID 1.
| Ludovic Courtès |
2023-05-11 | services: dicod, bitlbee: Pass 'make-inetd-constructor' a list of endpoints.•••'make-inetd-constructor' accepts a list of endpoints since version 0.9.1
of the Shepherd (released in May 2022).
* gnu/services/dict.scm (dicod-shepherd-service): Pass
'make-inetd-constructor' a list of endpoints.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
| Ludovic Courtès |
2023-05-10 | services: guix-build-coordinator-agent: Support max-parallel-uploads.•••This should be usable with the new guile-gnutls.
* gnu/services/guix.scm
(guix-build-coordinator-agent-configuration-max-parallel-uploads): New
procedure.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Use
the new argument.
* doc/guix.texi (Guix Services): Document it.
| Christopher Baines |
2023-05-09 | services: guix-build-coordinator: Support extra environment vars.•••I'm looking at this because I need to do some debugging of Guile's GC, and
there are some useful environment variables for that, but it should be
generally useful.
* gnu/services/guix.scm (guix-build-coordinator-configuration-extra-environment-variables):
New procedure.
(guix-build-coordinator-shepherd-services): Pass the environment variables to
the shepherd.
* doc/guix.texi (Guix Services): Document it.
| Christopher Baines |
2023-05-09 | service: qemu-binfmt: Remove broken qemu targets.•••* gnu/services.virtualization.scm (%qemu-platforms): Remove %i486,
%aarch64be.
| Efraim Flashner |
2023-05-06 | services: guix-build-coordinator: Simpify service startup.•••Take advantage of changes in the build coordinator to reduce the complexity of
the service startup script.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Remove the
metrics registry and datastore.
| Christopher Baines |
2023-05-04 | services: qemu-binfmt: Add more targets.•••* gnu/services/virtualization.scm (%i486, %sparc64, %aarch64be, %xtensa,
%xtensaeb, %microblaze, %microblazeel, %or1k, %hexagon, %loongson64):
New variables.
(%armeb): Correct family field.
(%qemu-platforms): Add them.
| Efraim Flashner |
2023-05-04 | services: earlyoom: Rotate log files.•••* gnu/services/linux.scm (%earlyoom-log-rotation): New variable.
(earlyoom-service-type): Add service-extension for log rotation.
| Efraim Flashner |
2023-05-03 | services: cups: Use cups-minimal to avoid PAM authentication.•••Fixes <https://issues.guix.gnu.org/63198>.
Our CUPS service doesn't currently extend the PAM configuration, and prevents
users from authenticating. Use cups-minimal, which has no PAM support.
* gnu/services/cups.scm (cups-configuration) [cups]: Use cups-minimal.
(opaque-cups-configuration): Likewise.
| Maxim Cournoyer |
2023-04-30 | system: guix: Use config's ACL file location.•••* gnu/services/base.scm (substitute-key-authorization): Use %acl-file instead of
hardcoded "/etc/guix/acl".
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Josselin Poiret |
2023-04-25 | services: tor: Deprecate 'tor-hidden-service' procedure.•••Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.
This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.
* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Bruno Victal |
2023-04-22 | Merge remote-tracking branch 'origin/master' into core-updates | Andreas Enge |
2023-04-21 | services: herd: 'load-services/safe' is synonymous with 'load-services'.•••This is a followup to 547965aa27b6a09cadf42130b7ec7db3f1aee61f.
* gnu/services/herd.scm (load-services/safe): Make an alias for
'load-services'.
| Ludovic Courtès |
2023-04-21 | services: nscd: Depend on syslogd.•••This gets rid of nscd debug messages on the console at boot time.
* gnu/services/base.scm (nscd-shepherd-service): Add dependency on
'syslogd'.
| Ludovic Courtès |
2023-04-21 | services: postgresql: Add default package.•••* gnu/services/databases.scm (<postgresql-configuration>)[postgresql]:
Add default value, moved from...
(postgresql-service-type)[default-value]: ... here.
| Ludovic Courtès |
2023-04-21 | services: knot: Add 'configuration' action.•••* gnu/services/dns.scm (knot-shepherd-service): Add 'actions' field.
| Ludovic Courtès |
2023-04-21 | services: rsync: Add 'configuration' action.•••* gnu/services/rsync.scm (rsync-shepherd-service): Add 'actions' field.
| Ludovic Courtès |
2023-04-21 | services: redis: Add 'configuration' action.•••* gnu/services/databases.scm (redis-shepherd-service): Add 'actions'
field.
| Ludovic Courtès |
2023-04-21 | services: mysql: Add 'configuration' action.•••* gnu/services/databases.scm (mysql-shepherd-service): Add 'actions'
field.
| Ludovic Courtès |
2023-04-21 | services: postgresql: Add 'configuration' action.•••* gnu/services/databases.scm (postgresql-shepherd-service): Add
'actions' field.
| Ludovic Courtès |
2023-04-21 | services: postgresql: Add the 'postgresql' Shepherd service name.•••* gnu/services/databases.scm (postgresql-shepherd-service): Add
'postgresql' to 'provision'.
| Ludovic Courtès |
2023-04-21 | services: syslog: Log auth.info to /var/log/secure in default configuration.•••This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.
* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.
Series-to: 62802@debbugs.gnu.org
| Maxim Cournoyer |
2023-04-21 | services/syslog: Strip leading white space indent in syslog.conf.•••This is a cosmetic change.
* gnu/services/base.scm (%default-syslog.conf): Add a comment referencing the
documentation. Strip the extraneous leading trailing white space indent.
| Maxim Cournoyer |
2023-04-21 | services: syslog: Add a reload action.•••* gnu/services/base.scm (syslog-service-type) [actions]: Add a reload action.
* doc/guix.texi (Base Services): Document it.
| Maxim Cournoyer |
2023-04-21 | services: syslog: Move configuration to /etc/syslog.conf.•••Having the configuration live at a static location makes it possible to
hot-reload it.
* gnu/services/base.scm (syslog.conf): New variable.
(syslog-etc, syslog-shepherd-service): New procedures.
(syslog-service-type): Rewrite using the above new variable and procedures,
extending etc-service-type with its configuration file.
| Maxim Cournoyer |
2023-04-19 | services: agetty: 'term-console' succeeds by default.•••Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start. This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.
This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.
* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
| Ludovic Courtès |
2023-04-17 | services: agetty: 'term-console' succeeds by default.•••Previously, on a typical setup without "console=ttyS0" or similar in
'kernel-arguments', the 'term-console' Shepherd service would always be
marked as failing to start. This is undesirable because it raises a
false alarm: the service is expected to do nothing in this case.
This patch instead marks it as succeeding and logs a message explaining
it's doing nothing.
* gnu/services/base.scm (agetty-shepherd-service): In 'start' method,
succeed when TTY is #f and print a message.
| Ludovic Courtès |
2023-04-14 | Merge branch 'master' into core-updates.•••Conflicts:
gnu/local.mk
gnu/packages/build-tools.scm
gnu/packages/certs.scm
gnu/packages/check.scm
gnu/packages/compression.scm
gnu/packages/cups.scm
gnu/packages/fontutils.scm
gnu/packages/gnuzilla.scm
gnu/packages/guile.scm
gnu/packages/ibus.scm
gnu/packages/image-processing.scm
gnu/packages/linux.scm
gnu/packages/music.scm
gnu/packages/nss.scm
gnu/packages/pdf.scm
gnu/packages/python-xyz.scm
gnu/packages/qt.scm
gnu/packages/ruby.scm
gnu/packages/shells.scm
gnu/packages/tex.scm
gnu/packages/video.scm
gnu/packages/vulkan.scm
gnu/packages/web.scm
gnu/packages/webkit.scm
gnu/packages/wm.scm
| Maxim Cournoyer |
2023-04-14 | services: mpd: Use proper records for user and group fields.•••Deprecate using strings for these fields and prefer user-account
(resp. user-group) instead to avoid duplication within account-service-type.
Fixes #61570 <https://issues.guix.gnu.org/61570>.
* gnu/services/audio.scm (%mpd-user, %mpd-group)
(mpd-serialize-user-account, mpd-serialize-user-group)
(mpd-user-sanitizer, mpd-group-sanitizer): New variables.
(mpd-configuration)[user]: Use user-account as value type.
Sanitize via mpd-user-sanitizer.
[group]: Use user-group as value type.
Sanitize via mpd-group-sanitizer.
(mpd-shepherd-service): Adjust accordingly.
(mpd-accounts): Likewise.
* doc/guix.texi (Audio Services)[Music Player Daemon]: Likewise.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
| Bruno Victal |
2023-04-14 | services: mpd: Fix unintentional API breakage for mixer-type field.•••* gnu/services/audio.scm (mpd-output)[mixer-type]: Use sanitizer to
accept both strings and symbols as values.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
| Bruno Victal |
2023-04-11 | services: nginx: Add reopen action.•••This is required to allow log file rotations using rottlog, etc.
* gnu/services/web.scm (nginx-shepherd-service): Add reopen shepherd action.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
| Bruno Victal |