Introduces 'base-transducer', a SRFI-171 based transducer that can be used as a
starting point for writing custom configuration record serializing procedures.
This also fixes the symbol maybe-value serialization test case.
* gnu/services/configuration.scm (empty-serializer?): New predicate.
(base-transducer, tfilter-maybe-value): New procedure.
(serialize-configuration): Adapt to use base-transducer.
* gnu/services/telephony.scm (jami-account->alist): Use transducers to skip
fields that are unserializable or whose field maybe-value is unset.
* tests/services/configuration.scm: Remove test-expect-fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b23.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
* gnu/services/base.scm (guix-machines-files-installation): New
procedure.
(<guix-configuration>)[build-machines]: New field.
(guix-activation): Call ‘ guix-machines-files-installation’.
(<guix-extension>)[build-machines]: New field.
(guix-extension-merge): Handle it.
(guix-service-type)[extend]: Likewise.
* doc/guix.texi (Daemon Offload Setup): Add note linking to
‘guix-configuration’.
(Base Services): Document ‘build-machines’ field of <guix-configuration>
and of <guix-extension>.
(Virtualization Services): Add ‘hurd-vm’ anchor.
Fixes a bug introduced in 0dd293b4d9
whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the
“wrong” locale data (2.35 instead of 2.37).
Consequently, it would fail to setlocale(3) and calls to
‘std::stoi’ (when reading the output of ‘guix authenticate’) would
throw, leading to this error message of guix-daemon:
unexpected build daemon error: stoi
This would manifest when sending store items to a childhurd:
$ guix copy --to=localhost:10022 sed
guix copy: sending 1 store item (1 MiB) to 'localhost'...
guix copy: error: unknown error while sending files over SSH
The “unknown error” is the ‘stoi’ exception.
This commit fixes that, but for the ‘guix-daemon’ service only.
* gnu/services/base.scm (guix-shepherd-service)[locales]: New variable.
Use it instead of ‘glibc-utf8-locales’.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
Sometimes `syncthing-service-type' fails during startup because it tries
to read configuration files from the user's home directory:
Failure on home directory: mkdir /home/xyz/.config: permission denied
This patch adds `user-processes' to the shepherd service requirements to
ensure that `user-homes' is fired before `syncthing' tries to read data
from the home directory.
* gnu/services/syncthing.scm (syncthing-shepherd-service): add
`user-processes' to requirements
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Rather than hardcoding a particular guile in the service definition.
* gnu/services/guix.scm (bffe-shepherd-services): Use guile from the package.
* gnu/packages/package-management.scm (bffe)[inputs]: Remove unnecessary
guile-next input.
This is intended to replace the functionality of the Guix Build Coordinator
queue builds script, and also provide a web interface for build farms.
* gnu/services/guix.scm (<bffe-configuration>): New record type.
(bffe-configuration, bffe-configuration?,
bffe-configuration-package,
bffe-configuration-user,
bffe-configuration-group,
bffe-configuration-arguments
bffe-configuration-extra-environment-variables): New procedures.
(bffe-service-type): New variable.
* gnu/tests/guix.scm (%test-bffe): New variable.
* doc/guix.texi (Guix Services): Document the new service.
This fixes a issue introduced in the previous commit 552d070377 (services:
mcron: Add module for %user-log-dir.) which made the expression invalid when
using a '() module for the system service.
* gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Use
(shepherd support) unconditionally.
Fixes a regression introduced in
9c34b793c1.
* gnu/services/linux.scm (earlyoom-shepherd-service): Move
'user-processes' to 'requirements'.
Reported-by: Attila Lendvai <attila@lendvai.name>
* gnu/home/services/syncthing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/syncthing.scm (<syncthing-configuration>)[home-service?]:
New field.
Adjust 'provision' and 'requirement' depending on 'home-service?', and
likewise for #:user and #:group.
Use 'filter' + 'negate' instead of 'remove'.
* doc/guix.texi (Networking Services): Add note and cross-reference to
"Networking Home Services".
(Networking Home Services): New node.
* gnu/home/services/dict.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/dict.scm (<dicod-configuration>)[home-service?]: New
field.
(dicod-shepherd-service): Do not map /dev/log when 'home-service?' is
true. Remove 'user-processes' requirement when 'home-service?' is
true.
(dicod-shepherd-service): Set #:user and #:group to #f when
'home-service?' is true.
* doc/guix.texi (Miscellaneous Home Services): New node.
(Miscellaneous Services): Add cross-reference.
* gnu/services/mcron.scm (list-of-gexps?): Remove.
(<mcron-configuration>): Rewrite using 'define-record-type*'.
[home-service?]: New field.
[log-file]: Make thunked and changed default value.
(mcron-shepherd-services): Honor 'home-service?' and remove use of
'maybe-value-set?'.
(mcron-service-type): Inherit 'home-service?' from CONFIG.
(generate-doc): Remove.
* gnu/home/services/mcron.scm (list-of-gexp?)
(<home-mcron-configuration>, job-files, shepherd-schedule-action)
(home-mcron-shepherd-services, home-mcron-profile)
(home-mcron-extend, generate-doc): Remove.
(home-mcron-configuration): Turn into a macro.
(home-mcron-service-type): Define in terms of
'system->home-service-type'.
<top level>: Add service type mapping.
* gnu/services/dict.scm (%dicod-gcide-index): New variable.
(%dicod-database:gcide): Use it.
(%dicod-activation): Remove.
(dicod-shepherd-service): Remove reference to /var/run/dicod.
(dicod-service-type): Remove ACTIVATION-SERVICE-TYPE extension.
ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken
for a while [2]. Remove it rather than shipping a broken service for an
unmaintained program that's unlikely to be fixed.
[1]: <https://github.com/ddclient/ddclient>
[2]: <https://issues.guix.gnu.org/52770>
This reverts commit 8490a8346b.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.
Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.
Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share. And it
needs to be possible to mount the share without configuring PostgreSQL.
With NFSv3, the UID and GID typically needs to match those on the
server.
The added options allow for both of these scenarios:
You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.
* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Thanks to Bruno Victal "mirai" for cooperating on this patch and for
generously sharing a wealth of insights about Guix services.
Thanks to Jean-Baptiste Note for an early version of this service!
* doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading.
* gnu/services/linux.scm (serialize-string, non-negative-integer?)
(serialize-non-negative-integer, string, non-negative-integer)
(make-option-serializer, make-percentage-threshold-serializer): New
procedures.
(cachefilesd-configuration): New record type.
(cachefilesd-service-type): New variable.
* gnu/tests/cachefilesd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Co-authored-by: Bruno Victal <mirai@makinata.eu>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry>
'arguments' field. Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/databases.scm (postgresql-role): Add more role fields.
(postgresql-create-roles): Honor it.
* doc/guix.texi (Database Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/desktop.scm (kde-desktop-service-type): New variable.
(<kde-desktop-configuration>): New record type.
(kde-desktop-configuration): New procedure.
* doc/guix.texi (Desktop Services): Document it.
Co-authored-by: Zheng Junjie <873216071@qq.com>
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
The `pam-mount-volumes-service-type' adds additional volumes to the
pam-mount-service-type in addition to any that are already specified in
`pam-mount-rules'.
* doc/guix.texi (PAM Mount Volume Service): add documentation for
`pam-mount-service-type'.
* gnu/services/pam-mount.scm: new file.
* Makefile.am: add pam-mount tests
* tests/services/pam-mount.scm: new tests
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/admin.scm (%default-package-database-update-schedule):
New variable.
(<package-database-configuration>): New record type.
(package-database-mcron-jobs): New procedure.
(package-database-service-type): New variable.
* doc/guix.texi (File Search Services): Document it.
* gnu/services/admin.scm (%default-file-database-update-schedule)
(%default-file-database-excluded-directories): New variables.
(<file-database-configuration>): New record type.
(file-database-mcron-jobs): New procedure.
(file-database-service-type): New variable.
* doc/guix.texi (File Search Services): New node.
This reverts commit e1070ee160. Rationale: this
only works with the default 'endpoints'. The 'auto-update?' option should be
sufficient to trigger a database update automatically anyway.
Relates to <https://issues.guix.gnu.org/63082>.
* gnu/services/audio.scm (mpd-shepherd-service): Create a default .cache
directory. Use mkdir-p/perms and refactor loop. Set the HOME environment
variables.
Relates to <https://issues.guix.gnu.org/63082>.
* gnu/services/audio.scm (mpd-output) [mixer-type]: Change default value from
"none" to unspecified.
* doc/guix.texi (Audio Services): Regenerate doc.
Rationale: the tristate value was awkward to deal with, the default log file
name was odd (/var/log/mpd/log) and it required special attention to create
the 'mpd' parent directory as root and chowning it to the MPD user. It also
didn't match the default behavior of MPD, which is to log to systemd or syslog
unless a log file is specified.
* gnu/services/audio.scm (mpd-log-file-sanitizer): New procedure.
(mpd-configuration) [log-file]: Remove default maybe value. Add sanitizer.
(mpd-shepherd-service): Validate the log file parent directory exists and has
the right permissions. Conditionally add syslogd to requirements.
(mympd-log-to-sanitizer): New procedure.
(mympd-configuration) [log-to]: Change type to maybe-string. Update doc and
add sanitizer.
(mympd-shepherd-service) [requirement]: Fix to use syslogd. Adjust
accordingly.
[start] Adjust accordingly.
(mympd-log-rotation): Check log-to via maybe-value-set?.
* doc/guix.texi (Audio Services): Update doc.
* gnu/services/audio.scm (mpd-shepherd-service): Standardize the way the log
file parent and other directories are initialized in the start slot.
(mympd-shepherd-service): Likewise.
* gnu/services/audio.scm (mpd-configuration) [log-level]: List log-level in
decreasing verbosity order in doc.
* doc/guix.texi (Audio Services): Update doc.
So that they can be restarted in dependently.
* gnu/services/guix.scm (guix-data-service-shepherd-services): Don't require
the main service from the jobs service.
The convention to use % as a prefix is for "special" variables rather than
procedures.
* gnu/services/audio.scm (%set-user-group): Rename to...
(set-user-group): ... this.
Previously, the generated config file would contain arbitrary whitespace that
made it look ugly.
* gnu/services/vpn.scm (<wireguard-configuration>) [dns]: Change default value
from #f to '().
(wireguard-configuration-file): Use match-record. Format each line
individually, assembling the lines at the end to avoid extraneous white space.
* doc/guix.texi (VPN Services): Update doc.
* gnu/services/herd.scm (current-service): New procedure, mostly reusing the
existing current-services.
(current-services): Implement in terms of the above procedure.
As suggested by Sergey Bugaev on bug-hurd
https://lists.gnu.org/archive/html/bug-hurd/2023-05//msg00455.html
* gnu/services/base.scm (static-networking->hurd-pfinet-options): Use
/DEV/ethX. Use long options for settrans.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
When booting with pci-arbiter and rumpdisk and using 1024MB of memory for
qemu, booting hangs, or seems to hang, at the end of the rumpdisk boot
messages. At least 1200MB is required, currently.
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[memory-size]: Bump
to 2048.
* gnu/system/examples/bare-hurd.tmpl: Suggest using 2048 here too. Update
example `guix system image' and "qemu" command lines too.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
Without this a user's pam-limits-service-type configuration does not have an
effect when using lightdm.
* gnu/services/base.scm (pam-limits-service-type): Add "lightdm" to the list.
Fixes <https://issues.guix.gnu.org/63979>.
* gnu/services/shepherd.scm (validate-provision): New procedure.
(<shepherd-service>)[provision]: Use it.
Co-authored-by: Bruno Victal <mirai@makinata.eu>
* gnu/services/certbot.scm (certbot-nginx-server-configurations):
Don't return a broken nginx-server-configuration with empty server_name
when no certificate domains are configured. Instead add a separate
server for every certificate, so 0 certificates adds 0 servers.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reviewed-by: Bruno Victal <mirai@makinata.eu>
screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
This allows us to get rid of the "eval root" actions, which in turn
would lead to confusing "Evaluating user expression" messages.
Fixes <https://issues.guix.gnu.org/55857>.
* gnu/services/herd.scm (resolve-transients): In 'values', avoid
'eval-there' call when UNRESOLVED is empty.
Previously, with shepherd 0.10.0, guix-daemon would start quickly,
possibly before avahi-daemon is running. Consequently, its "guix
discover" child process would exit immediately with a warning saying
"Avahi daemon is not running".
* gnu/services/base.scm (guix-shepherd-service): When DISCOVER? is true,
add 'avahi-daemon' to 'requirement'.
Fixes <https://issues.guix.gnu.org/63198>.
Have the CUPS service extend pam-root-service-type providing minimal
configuration to authenticate users. Since PAM authentication is provided,
the regular cups package can be used as default instead of the minimal,
PAM-lacking variant.
* gnu/services/cups.scm (cups-configuration)
[cups]: Replace cups-minimal with cups.
[allow-empty-password?]: PAM service configuration permitting empty passwords.
(opaque-cups-configuration): Likewise.
(cups-pam-service): New procedure.
(cups-service-type): Extend pam-root-service-type with cups-pam-service.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
That way, per-connection transient services such as 'sshd-123' inherit
dependencies of their "parent" ('sshd' in this example), which is more
consistent than not depending on anything.
* gnu/services/dict.scm (dicod-shepherd-service): Pass #:requirements to
'make-inetd-constructor'.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
* gnu/services/ssh.scm (openssh-shepherd-service): Likewise.
* gnu/services/vnc.scm (xvnc-shepherd-service): Likewise.
* gnu/services/base.scm (%root-file-system-shepherd-service): In 'stop'
method, remove reference to 'stop-logging'. That procedure is gone in
Shepherd 0.10.0, leading to an unbound-variable exception.
Additionally, calling is unnecessary since 0.4.0, where shepherd logs to
syslog (thus the open file descriptor is not backed by an on-disk file).
This is a followup to 57e731c358.
* gnu/services/base.scm (agetty-shepherd-service): Change 'stop' method
to return #f immediately when the running value is 'idle.
Fixes up 9c161c1f0d, which renamed the accessor of <openssh-configuration> but
failed to adjust the single usage.
* gnu/services/ssh.scm (openssh-config-file): Rename
openssh-challenge-response-authentication? call to
openssh-configuration-challenge-response-authentication?.
This is a follow-up commit to the preceding commit, which exported all
<openssh-configuration> accessors.
* gnu/services/ssh.scm (<openssh-configuration>): Rename
openssh-challenge-response-authentication? to
openssh-configuration-challenge-response-authentication?. It's a mouthful,
but is at least consistent with the rest.
* gnu/services/guix.scm (nar-herder-configuration-extra-environment-variables):
New procedure.
(nar-herder-shepherd-services): Pass the environment variables to the
shepherd.
* doc/guix.texi (Guix Services): Document it.
Bruno Victal
Ludovic Courtès
Marius Bakke
Alexey Abramov
Adam Maleszka
Christopher Baines
Thomas Albers
Reily Siegel
Hilton Chain
宋文武
Martin Baulig
Maxim Cournoyer
Felix Lechner
terramorpha
Miguel Moreno
Hartmut Goebel
Zheng Junjie
Brian Cully
Sam Lockart
Janneke Nieuwenhuizen
Tobias Geerinckx-Rice
Josselin Poiret
John Kehayias
Saku Laesvuori
muradm