summaryrefslogtreecommitdiff
path: root/gnu/services
AgeCommit message (Expand)Author
2021-03-23services: cuirass: Set default port values....* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>, <cuirass-configuration>): Set default port values. Mathieu Othacehe
2021-03-23services: cuirass: Adapt to Cuirass 1.0....* gnu/services/cuirass.scm (cuirass-shepherd-service, cuirass-remote-worker-shepherd-service): Adapt to Cuirass 1.0. Mathieu Othacehe
2021-03-18services: Enable "protected hardlinks" and "protected symlinks" by default....References: https://sysctl-explorer.net/fs/protected_hardlinks/ https://sysctl-explorer.net/fs/protected_symlinks/ * gnu/services/sysctl.scm (%default-sysctl-settings): New public variable. (<sysctl-configuration>): Use %default-sysctl-settings as the default value. * gnu/services/base.scm (%base-services): Add sysctl-service-type. * doc/guix.texi (Miscellaneous Services): Document the new defaults. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Leo Famulari
2021-03-16gnu: Remove MongoDB....mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the release tarball under the SSPL, therefore we cannot provide mongodb while upholding to good security standards. It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while the main license file wasnt altered to SSPL, some files in the tree contain SSPL headers. * gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove. * gnu/packages/databases.scm (mongo-tools): Remove. * doc/guix.texi (mongodb-service-type): Remove. * gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test): Remove. * gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?, mongodb-configuration-mongodb, mongodb-configuration-config-file, mongodb-configuration-data-directory, mongodb-service-type, %default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation, mongodb-shepherd-service): Remove. * gnu/packages/databases.scm (mongodb): Remove. Léo Le Bouter
2021-03-15services/qemu-binfmt: Use the F flag and the static output of QEMU....Fixes <https://issues.guix.gnu.org/36117>. Before this change, the 'binfmt_misc' entries registered for QEMU would not be usable in container contexts outside of guix-daemon (without manually bind mounting file names). For example: $ docker run --rm arm32v7/debian true standard_init_linux.go:207: exec user process caused "no such file or directory" After this change, any container can make use of the QEMU binfmt_misc registrations, as their corresponding QEMU static binaries are fully pre-loaded by the kernel. * gnu/services/virtualization.scm (<qemu-platform>): Define using 'define-record-type*'. [flags]: New field, which defaults to "F" (fix binary). (%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64) (%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el) (%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust. (qemu-binfmt-guix-chroot): Remove variable. (qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension. * gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of QEMU. * doc/contributing.texi (Submitting Patches): Update doc. * doc/guix.texi (Virtualization Services): Update doc. Maxim Cournoyer
2021-03-10services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos
2021-03-10services: cuirass: Remove simple cuirass configuration....The Cuirass configuration has been simplified so that this is no longer needed. * gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>, simple-cuirass-configuration->specs): Remove them. Mathieu Othacehe
2021-03-10services: cuirass: Do not create the database directory....Fixes: <https://issues.guix.gnu.org/46683>. * gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch, it is no longer needed to create the database directory. Mathieu Othacehe
2021-03-05services: guix-build-coordinator: Add dynamic auth with file record....* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file, guix-build-coordinator-agent-dynamic-auth-with-filen?, guix-build-coordinator-agent-dynamic-auth-with-file-agent-name, guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with file record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with file record. Christopher Baines
2021-03-03services: shepherd: Make 'assert-valid-graph' public....* gnu/services/shepherd.scm (assert-valid-graph): Make public. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Andrew Tropin
2021-02-28services: guix-build-coordinator: Add dynamic auth record....* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth, guix-build-coordinator-agent-dynamic-auth?, guix-build-coordinator-agent-dynamic-auth-agent-name, guix-build-coordinator-agent-dynamic-auth-token): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth record. Christopher Baines
2021-02-28services: guix-build-coordinator: Rework authentication config....A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation. Christopher Baines
2021-02-25services: shepherd: Make /run/booted-system a symlink to the store item....Fixes <https://bugs.gnu.org/46767>. Previously /run/booted-system would end up referring to /var/guix/profiles/system-NNN-link; consequently, the booted system would not be GC-protected. * gnu/services/shepherd.scm (shepherd-boot-gexp): Call 'canonicalize-path' instead of 'readlink'. Ludovic Courtès
2021-02-23services: cuirass: Fix services requirements....* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to cuirass requirements. Set cuirass-web requirements to cuirass only. Remove "guix-daemon" and "networking" from cuirass-remote-server requirements as are already required by cuirass. Mathieu Othacehe
2021-02-23services: postgresql-roles: Fix race condition....Make sure that the postgresql-roles script is completed before declaring the postgresql-roles service as started. * gnu/services/databases.scm (postgresql-create-roles): Return the command line instead of a program-file. (postgresql-role-shepherd-service): Use fork+exec-command to start the role creation script and wait for its completion before returning. Mathieu Othacehe
2021-02-23services: cuirass: Improve simple-cuirass-services....Instead of returning multiple services in simple-cuirass-services, rely on the instantiate-missing-services procedure to instantiate postgresql and postgresql-role-service-type when missing. Turn simple-cuirass-services procedure into simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration record and returns a Cuirass specification. Suggested-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/cuirass.scm (%default-cuirass-config): Remove it. (simple-cuirass-services): Rename it to ... (simple-cuirass-configuration->specs): ... this procedure. * gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and postgresql-role services that are automatically instantiated. (simple-cuirass-service): New variable. (%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs instead of simple-cuirass-services. * doc/guix.texi (Simple Cuirass): Update it. Mathieu Othacehe
2021-02-22services: postgresql: Define a default value....* gnu/services/databases.scm (postgresql-service-type): Define a default value. Mathieu Othacehe
2021-02-22services: cuirass: Instantiate postgresql service....* gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql service when missing. Mathieu Othacehe
2021-02-22services: tor: Add control-socket? option....* doc/guix.texi (Networking Services): Document new `control-socket?' option for `tor-configuration`. * gnu/services/networking.scm (<tor-configuration>): (tor-configuration->torrc): Christopher Lemmer Webber
2021-02-22services: cuirass: Add parameters support....* gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field. [zabbix-uri]: Remove it. (cuirass-shepherd-service): Honor it. Mathieu Othacehe
2021-02-19services: cuirass: Add "simple-cuirass-services"....* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>): New records. (build-manifest, build-manifest?, simple-cuirass-configuration, simple-cuirass-configuration?, simple-cuirass-services): New procedures. (%default-cuirass-config): New variable. * gnu/tests/cuirass.scm (%cuirass-simple-test): New variable. * doc/guix.texi (Continuous Integration): Document it. Mathieu Othacehe
2021-02-17services: wireguard: New service....* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records. (wireguard-service-type): New variable. * doc/guix.texi (VPN Services): Document it. Mathieu Othacehe
2021-02-15services: Add Agate Gemini service....* gnu/services/web.scm (<agate-configuration>): New record type. (agate-accounts, agate-shepherd-service): New procedures. (agate-service-type): New variable. * doc/guix.texi (Web Services): Document it. Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr> Alexandru-Sergiu Marton
2021-02-12services: cuirass: Add server argument for the remote-worker....* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]: New field. (cuirass-remote-worker-shepherd-service): Honor it. Mathieu Othacehe
2021-02-12services: Add transmission-daemon service....* gnu/services/file-sharing.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/packages/POTFILES.in: Add it. * tests/services/file-sharing.scm: New file. * Makefile.am (SCM_TESTS): Add it. * doc/guix.texi (File-Sharing Services): New section. Signed-off-by: 宋文武 <iyzsong@member.fsf.org> Simon South
2021-02-11services: Add 'xorg-server-service-type'....* gnu/services/xorg.scm (xorg-server-service-type): New service type. (xorg-server-profile-service): New procedure. 宋文武
2021-02-11services: knot: Fix configuration verification....* gnu/services/dns.scm (verify-knot-key-configuration): Fix the order of memq arguments. (verify-knot-keystore-configuration): Likewise. (verify-knot-acl-configuration): Replace fold with every procedure. Signed-off-by: 宋文武 <iyzsong@member.fsf.org> Alexey Abramov
2021-02-09services: cuirass: Move zabbix argument to the web process....This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349. * gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri" argument to the web process. Mathieu Othacehe
2021-02-08services: cuirass: Add Zabbix support....* gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field. (cuirass-shepherd-service): Honor it. Mathieu Othacehe
2021-02-08gnu: Remove 'file-systems requirement from kernel-module-loader....* gnu/services/linux.scm (kernel-module-loader-shepherd-service): Remove 'file-systems requirement. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> raid5atemyhomework
2021-02-06services: PostgreSQL: Quote database names....* gnu/services/databases.scm (postgresql-create-roles): Quote the name in the SQL query so that roles/usernames containing hyphens will work. Marius Bakke
2021-02-05gnu: services: Fix the NFS service....* gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change of the rpcbind command. Maxim Cournoyer
2021-01-30services: shepherd: Allow custom 'shepherd' package....* gnu/services/shepherd.scm (<shepherd-configuration>): New record. (shepherd-boot-gexp, shepherd-root-service-type): Use it. (scm->go, shepherd-configuration-file): Allow passing custom shepherd package. * gnu/system.scm (operating-system-shepherd-service-names): Use the new record. * guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly. * doc/guix.texi (Shepherd Services). Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos
2021-01-28services: cuirass: Create remote-server cache directory....* gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache directory if needed. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: cuirass: Fix syntax error....This is a follow-up of 189e62fa69049538884077155cc70cac43260118. * gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix syntax. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: cuirass: Add log-file support....* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add log-file support. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: cuirass: Fix workers argument....* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix workers arguments. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: cuirass: Add systems argument....* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]: New field. (cuirass-remote-worker-shepherd-service): Honor it. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: cuirass: Add remote build support.Mathieu Othacehe
2021-01-28service: cuirass: Update it.Mathieu Othacehe
2021-01-28services: postgresql: Add postgresql-role-service-type....* gnu/services/databases.scm (postgresql-role, postgresql-role?, postgresql-role-name, postgresql-role-permissions, postgresql-role-create-database?, postgresql-role-configuration, postgresql-role-configuration?, postgresql-role-configuration-host, postgresql-role-configuration-roles, postgresql-role-service-type): New procedures. * gnu/tests/databases.scm: Test it. * doc/guix.texi: Document it. Mathieu Othacehe
2021-01-28services: postgresql: Wrap long lines....* gnu/services/databases.scm: Wrap long lines, no functional change. Mathieu Othacehe
2021-01-28services: postgresql: Add log directory support....* gnu/services/databases.scm (postgresql-configuration-log-directory): New procedure. (<postgresql-configuration>)[log-directory]: New field. (postgresql-activation): Create the log directory. (postgresql-shepherd-service): Honor it. * gnu/tests/databases.scm (%postgresql-log-directory): New variable. (log-file): New test case. * doc/guix.texi (Database Services): Document it. Mathieu Othacehe
2021-01-28services: postgresql: Add socket directory support....* gnu/services/databases.scm (postgresql-config-file-socket-directory): New procedure. (<postgresql-config-file>)[socket-directory]: New field. (postgresql-config-file-compiler): Honor it. (postgresql-activation): Create the socket directory if needed. * doc/guix.texi (Database Services): Document it. * gnu/tests/guix.scm (%guix-data-service-os): Adapt it. * gnu/tests/monitoring.scm (%zabbix-os): Ditto. * gnu/tests/web.scm (patchwork-os): Ditto. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe
2021-01-28services: postgresql: Use Guile datatypes....* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile datatypes in the "extra-config" field. * gnu/tests/databases.scm (%postgresql-os): Test it. * doc/guix.texi (Database Services): Document it. Mathieu Othacehe
2021-01-17gnu: php-fpm: Ensure no duplicate group....* gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not duplicated. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at> Julien Lepiller
2021-01-17services: cups: reuse lp from %base-groups....* gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups. Leo Prikler
2021-01-16services: openntpd: Remove support for deprecated "-s" option....* gnu/services/networking.scm (openntpd-configuration): Remove "allow-large-adjustment?" field. (openntpd-shepherd-service): Remove use of "allow-large-adjustment?" configuration field and "-s" daemon option. * tests/networking.scm (%openntpd-conf-sample): Remove "allow-large-adjustment?" field. * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove "allow-large-adjustment?" field from sample configuration. [openntpd-configuration]: Remove description of "allow-large-adjustment?" field. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Simon South
2021-01-16services: qemu-binfmt: 'guix-support?' defaults to #t....* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]: Change the default from #f to #t. * doc/guix.texi (Transparent Emulation with QEMU): Change the default of ‘guix-support?’ from #f to #t. Describe the implication of setting it to #f. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Stefan
2021-01-14services: hurd-vm: Respect hurd-vm-configuration's disk-size....This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7. * gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from config to set image's size. Jan (janneke) Nieuwenhuizen