Age | Commit message (Expand) | Author |
2021-03-23 | services: cuirass: Set default port values....* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>,
<cuirass-configuration>): Set default port values.
| Mathieu Othacehe |
2021-03-23 | services: cuirass: Adapt to Cuirass 1.0....* gnu/services/cuirass.scm (cuirass-shepherd-service,
cuirass-remote-worker-shepherd-service): Adapt to Cuirass 1.0.
| Mathieu Othacehe |
2021-03-18 | services: Enable "protected hardlinks" and "protected symlinks" by default....References:
https://sysctl-explorer.net/fs/protected_hardlinks/
https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Leo Famulari |
2021-03-16 | gnu: Remove MongoDB....mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
| Léo Le Bouter |
2021-03-15 | services/qemu-binfmt: Use the F flag and the static output of QEMU....Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
| Maxim Cournoyer |
2021-03-10 | services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Maxime Devos |
2021-03-10 | services: cuirass: Remove simple cuirass configuration....The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
| Mathieu Othacehe |
2021-03-10 | services: cuirass: Do not create the database directory....Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
| Mathieu Othacehe |
2021-03-05 | services: guix-build-coordinator: Add dynamic auth with file record....* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
| Christopher Baines |
2021-03-03 | services: shepherd: Make 'assert-valid-graph' public....* gnu/services/shepherd.scm (assert-valid-graph): Make public.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Andrew Tropin |
2021-02-28 | services: guix-build-coordinator: Add dynamic auth record....* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth,
guix-build-coordinator-agent-dynamic-auth?,
guix-build-coordinator-agent-dynamic-auth-agent-name,
guix-build-coordinator-agent-dynamic-auth-token): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth
record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth
record.
| Christopher Baines |
2021-02-28 | services: guix-build-coordinator: Rework authentication config....A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
| Christopher Baines |
2021-02-25 | services: shepherd: Make /run/booted-system a symlink to the store item....Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
| Ludovic Courtès |
2021-02-23 | services: cuirass: Fix services requirements....* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to
cuirass requirements. Set cuirass-web requirements to cuirass only. Remove
"guix-daemon" and "networking" from cuirass-remote-server requirements as are
already required by cuirass.
| Mathieu Othacehe |
2021-02-23 | services: postgresql-roles: Fix race condition....Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
| Mathieu Othacehe |
2021-02-23 | services: cuirass: Improve simple-cuirass-services....Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
| Mathieu Othacehe |
2021-02-22 | services: postgresql: Define a default value....* gnu/services/databases.scm (postgresql-service-type): Define a default value.
| Mathieu Othacehe |
2021-02-22 | services: cuirass: Instantiate postgresql service....* gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql
service when missing.
| Mathieu Othacehe |
2021-02-22 | services: tor: Add control-socket? option....* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
| Christopher Lemmer Webber |
2021-02-22 | services: cuirass: Add parameters support....* gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field.
[zabbix-uri]: Remove it.
(cuirass-shepherd-service): Honor it.
| Mathieu Othacehe |
2021-02-19 | services: cuirass: Add "simple-cuirass-services"....* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
| Mathieu Othacehe |
2021-02-17 | services: wireguard: New service....* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
| Mathieu Othacehe |
2021-02-15 | services: Add Agate Gemini service....* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
| Alexandru-Sergiu Marton |
2021-02-12 | services: cuirass: Add server argument for the remote-worker....* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
| Mathieu Othacehe |
2021-02-12 | services: Add transmission-daemon service....* gnu/services/file-sharing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* po/packages/POTFILES.in: Add it.
* tests/services/file-sharing.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
* doc/guix.texi (File-Sharing Services): New section.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
| Simon South |
2021-02-11 | services: Add 'xorg-server-service-type'....* gnu/services/xorg.scm (xorg-server-service-type): New service type.
(xorg-server-profile-service): New procedure.
| 宋文武 |
2021-02-11 | services: knot: Fix configuration verification....* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
| Alexey Abramov |
2021-02-09 | services: cuirass: Move zabbix argument to the web process....This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349.
* gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri"
argument to the web process.
| Mathieu Othacehe |
2021-02-08 | services: cuirass: Add Zabbix support....* gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field.
(cuirass-shepherd-service): Honor it.
| Mathieu Othacehe |
2021-02-08 | gnu: Remove 'file-systems requirement from kernel-module-loader....* gnu/services/linux.scm (kernel-module-loader-shepherd-service):
Remove 'file-systems requirement.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
| raid5atemyhomework |
2021-02-06 | services: PostgreSQL: Quote database names....* gnu/services/databases.scm (postgresql-create-roles): Quote the name in
the SQL query so that roles/usernames containing hyphens will work.
| Marius Bakke |
2021-02-05 | gnu: services: Fix the NFS service....* gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change
of the rpcbind command.
| Maxim Cournoyer |
2021-01-30 | services: shepherd: Allow custom 'shepherd' package....* gnu/services/shepherd.scm (<shepherd-configuration>): New record.
(shepherd-boot-gexp, shepherd-root-service-type): Use it.
(scm->go, shepherd-configuration-file): Allow passing custom
shepherd package.
* gnu/system.scm (operating-system-shepherd-service-names): Use the new
record.
* guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly.
* doc/guix.texi (Shepherd Services). Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
| Maxime Devos |
2021-01-28 | services: cuirass: Create remote-server cache directory....* gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache
directory if needed.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: cuirass: Fix syntax error....This is a follow-up of 189e62fa69049538884077155cc70cac43260118.
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix
syntax.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: cuirass: Add log-file support....* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add
log-file support.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: cuirass: Fix workers argument....* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix
workers arguments.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: cuirass: Add systems argument....* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: cuirass: Add remote build support. | Mathieu Othacehe |
2021-01-28 | service: cuirass: Update it. | Mathieu Othacehe |
2021-01-28 | services: postgresql: Add postgresql-role-service-type....* gnu/services/databases.scm (postgresql-role,
postgresql-role?, postgresql-role-name,
postgresql-role-permissions, postgresql-role-create-database?,
postgresql-role-configuration, postgresql-role-configuration?,
postgresql-role-configuration-host, postgresql-role-configuration-roles,
postgresql-role-service-type): New procedures.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document it.
| Mathieu Othacehe |
2021-01-28 | services: postgresql: Wrap long lines....* gnu/services/databases.scm: Wrap long lines, no functional change.
| Mathieu Othacehe |
2021-01-28 | services: postgresql: Add log directory support....* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
| Mathieu Othacehe |
2021-01-28 | services: postgresql: Add socket directory support....* gnu/services/databases.scm (postgresql-config-file-socket-directory): New
procedure.
(<postgresql-config-file>)[socket-directory]: New field.
(postgresql-config-file-compiler): Honor it.
(postgresql-activation): Create the socket directory if needed.
* doc/guix.texi (Database Services): Document it.
* gnu/tests/guix.scm (%guix-data-service-os): Adapt it.
* gnu/tests/monitoring.scm (%zabbix-os): Ditto.
* gnu/tests/web.scm (patchwork-os): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Mathieu Othacehe |
2021-01-28 | services: postgresql: Use Guile datatypes....* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
| Mathieu Othacehe |
2021-01-17 | gnu: php-fpm: Ensure no duplicate group....* gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not
duplicated.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
| Julien Lepiller |
2021-01-17 | services: cups: reuse lp from %base-groups....* gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
| Leo Prikler |
2021-01-16 | services: openntpd: Remove support for deprecated "-s" option....* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Simon South |
2021-01-16 | services: qemu-binfmt: 'guix-support?' defaults to #t....* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
| Stefan |
2021-01-14 | services: hurd-vm: Respect hurd-vm-configuration's disk-size....This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7.
* gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from
config to set image's size.
| Jan (janneke) Nieuwenhuizen |