Commit e301f1a8ed removed the NGINX argument
entirely, but users may rely on and override it. Reported by rekado on #guix.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Restore
exported variable.
(zabbix-front-end-nginx-extension): New procedure.
(zabbix-front-end-configuration): Remove FASTCGI-PARAMS field. Restore NGINX
field, but default to the empty list.
(zabbix-front-end-service-type): Extend NGINX-SERVICE-TYPE by
ZABBIX-FRONT-END-NGINX-EXTENSION.
* doc/guix.texi (Monitoring Services): Regenerate documentation.
* gnu/services/guix.scm (<nar-herder-configuration>): Add ttl and negative-ttl
fields.
(nar-herder-shepherd-services): Pass the ttl and negative-ttl values to the
service.
* doc/guix.texi (Guix Services): Document this.
This resolves some warnings with Django 3.2.
This was added by upstream to the base settings
43e5c4a0ac
* gnu/services/web.scm (patchwork-settings-module-compiler): Specify
DEFAULT_AUTO_FIELD in the settings module.
PulseAudio provides udev rules used to adjust the configuration of certain
hardware (e.g., sound cards); ensure they get used.
* gnu/services/sound.scm (pulseaudio-service-type): Extend the
udev-service-type with the pulseaudio package.
This makes it possible to do e.g. (include-files (list (local-file "foo.conf"))).
* gnu/services/monitoring.scm (serialize-field, serialize-list,
serialize-include-files, serialize-extra-options): Rewrite as gexps.
(zabbix-server-config-file, zabbix-agent-config-file): Simplify builders by
using FORMAT.
* gnu/services/monitoring.scm (zabbix-server-runtime-control-procedure,
zabbix-server-actions): New variables.
(zabbix-server-shepherd-service)[actions]: New field. Let-bind variables
common between actions and the start procedure.
This is a follow-up to commit 078f5bfae7.
* gnu/services/monitoring.scm (zabbix-front-end-config): When DB-PASSWORD is
set, enclose the password with quotes in the configuration file.
I noticed that pam_mount mounts work fine when loging into a textual
session, but not when using sddm. This patch fixes this problem by
ensuring that pam_mount.so is included in /etc/pam.d/sddm config file.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Add sddm to the list of
pam services.
Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>
* gnu/services/telephony.scm (jami-configuration)[jamid]: Rename libring to
libjami.
* gnu/services/telephony.scm
(jami-configuration->command-line-arguments): Adjust daemon file name.
* gnu/services/telephony.scm (jami-service-type): Adjust doc.
* gnu/tests/telephony.scm (run-jami-test): Check for 'jamid' process, not
'dring'.
* doc/guix.texi (Telephony Services): Adjust doc for the jami-qt to jami and
libring to libjami packages renaming.
Earlier, the bind-rpc field of <laminar-configuration> was not used at
all. This was a bug.
* gnu/services/ci.scm (laminar-shepherd-service): Use bind-rpc to set
LAMINAR_BIND_RPC environment variable.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
Use target-x86-64? from (guix utils) to decide if the system is an x86_64
system instead of comparing the strings ourselves.
Previously, we would get a fishy 127.0.0.1/0 interface:
$ ip a show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.0.1/0 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
With this change, we get nothing but the "/8" version:
$ ip a show dev lo
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
Reported by Yann Dupont <Yann.Dupont@univ-nantes.fr>.
* gnu/services/base.scm (assert-valid-address): Remove special cases for
127.0.0.1 and ::1.
(%loopback-static-networking): Add "/8".
This is a follow-up to 49599fab56.
Fixes: <https://issues.guix.gnu.org/52908>.
* gnu/services/xorg.scm (set-xorg-configuration)[login-manager-service-type]:
When the current system or target system begins with the string "x86_64", use
gdm-service-type as before; otherwise, use sddm-service-type.
* gnu/system/examples/vm-image.tmpl (services): Add sddm-service-type to the
list of service types to remove.
Fixes: <https://issues.guix.gnu.org/32166>.
* gnu/services/desktop.scm (gnome-packages, gnome-udev-rules): New procedures.
(gnome-polkit-settings): Use the gnome-packages procedure.
(gnome-desktop-service-type): Add an udev service extension.
This avoids issues where the coordinator component dependencies (like sqitch
and guile-fibers) make it harder to use the agent.
* gnu/packages/package-management.scm (guix-build-coordinator/agent-only): New
variable.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): Use
the guix-build-coordinator/agent-only package by default.
* doc/guix.texi (Guix Services): Update accordingly.
Fixes <https://issues.guix.gnu.org/issue/52051>.
* gnu/services/dbus.scm (dbus-configuration-directory): Set a 60 second
authentication timeout in the D-Bus configuration.
Until now the rsync service would export a single module, named
"files". This allows users to specify as many modules as they want, in
line with rsyncd.conf(5).
* gnu/services/rsync.scm (warn-share-field-deprecation): New procedure.
(<rsync-configuration>)[modules]: New field.
[share-path, share-comment, read-only?, timeout]: Mark as deprecated.
(<rsync-module>): New record type.
(%default-modules): New variable.
(rsync-configuration-modules): New procedure.
(rsync-activation): Create the directory of each module.
(rsync-config-file): Generate configuration for each module.
(rsync-service-type)[description]: New field.
* doc/guix.texi (Networking Services): Adjust documentation. Augment
example.
This makes sure users do not mistakenly configuring a network with "/0"
as its netmask.
* gnu/services/base.scm (assert-valid-address): New procedure.
(<network-address>)[value]: Add it as 'sanitize'.
* gnu/services/base.scm (%loopback-static-networking): New variable.
(%base-services): Use it.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* gnu/system/install.scm (%installation-services): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (%qemu-static-networking): New variable.
* gnu/system/hurd.scm (%base-services/hurd): Use it.
* doc/guix.texi (Networking Setup): Document it.
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate. Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface. Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
* gnu/services/base.scm (static-networking-shepherd-service): Define
'set-up-via-ioctl', 'tear-down-via-ioctl', 'set-up-via-netlink',
'tear-down-via-netlink', and 'helpers' and use them in 'start' and
'stop'. Add (ip *) modules to 'modules'.
This works around the fact that Rust is currently unavailable in Guix on
platforms other than x86_64-linux:
https://lists.gnu.org/archive/html/guix-devel/2021-11/msg00197.html
* gnu/services/desktop.scm (desktop-services-for-system): New
procedure.
(%desktop-services): Turn into a macro.
* gnu/services/base.scm (swap-service-type): Use default flags (0) if
SWAP is not a new-style <swap-space> record.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/docker.scm (docker-configuration): Add the field
(docker-shepherd-service): Pass the list of defined variables to
make-forkexec-constructor.
* doc/guix.texi (Miscellaneous Services): Update doc.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/51487>
* gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Upstream raised these back in 2019 with CUPS 2.3.0.
* gnu/services/cups.scm (<cups-configuration>): Raise default
‘multiple-operation-timeout’ and ‘timeout’ from 300 to 900 seconds.
* doc/guix.texi (Printing Services): Adjust accordingly.
It is now silently ignored by knotd.
* gnu/services/dns.scm (<knot-zone-configuration>):
Remove DISABLE-ANY? field. Adjust all previous users.
* doc/guix.texi (DNS Services): Undocument it.
This prevents mutter from complaining that the /tmp/.X11-unix directory
misses the sticky bit when starting X Wayland.
* gnu/services/desktop.scm (x11-socket-directory-service): Add the sticky bit.
* gnu/packages/patches/gdm-wayland-session-wrapper-from-env.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gdm): Use it.
* gnu/services/xorg.scm (<gdm-configuration>)[wayland-session]: New field.
(gdm-wayland-session-wrapper): New procedure.
(gdm-configuration-file): Point to this new procedure.
* doc/guix.texi (X Window): Update it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Add the optional flag `wayland?` in `gdm-configuration` to launch GDM with
Wayland, enabling the use of Wayland sessions with GDM.
* gnu/packages/patches/gdm-remove-hardcoded-xwayland-path.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (gdm): Use it.
* gnu/services/xorg.scm (<gdm-configuration>)[wayland?]: New field.
(gdm-configuration): Honor it.
(gdm-shepherd-service): Add the XCURSOR_PATH environment variable.
* doc/guix.texi (X Window): Document it
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Adapt to the postgresql default socket directory set to /var/run/postgresql.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]: Set
to /var/run/postgresql.
(<postgresql-role-configuration>): Ditto.
* gnu/tests/databases.scm (run-postgresql-test): Adapt it.
When accessing libvrtd remotely, polkit can't be used unless you are
logged as root. Instead allow libvirt groups member access to the
control socket.
* gnu/services/virtualization.scm (libvirt-configuration)
[unix-sock-group]: Change default from "root" to "libvirt".
* gnu/services/virtualization.scm (libvirt-configuration): Add 'qemu'
field.
(libvirt-service-type): Replace 'qemu' package with the one specified in
the service configuration.
* gnu/services/version-control.scm (gitile-service-type): New variable.
* doc/guix.texi (Version Control Services): Document it.
* gnu/tests/version-control.scm (%test-gitile): New variable.
When building an image with the "system" parameter set to an emulated
architecture, the xorg-configuration-modules field needs to be evaluated once
the %current-system parameter is set, otherwise this parameter is set to the
current host system.
* gnu/services/xorg.scm (<xorg-configuration>)[modules]: Make it a thunked
field.
The i486 target has been removed from qemu since at least 5.2.0.
* gnu/services/virtualization.scm (%i486): Remove variable.
(%qemu-platforms): Remove it.
Fixes <https://issues.guix.gnu.org/40158>.
* gnu/services/base.scm (file-system-shepherd-service): Update doc. Return a
shepherd service for the mount point when either MOUNT? or CREATE? is true.
[start]: Only mount when MOUNT? is true.
(file-system-shepherd-services): Also consider file systems with
create-mount-point? set to #t.
* gnu/system/pam.scm (unix-pam-service): Add account and session PAM entries
for pam-gnupg. Don't pass "#f" to "allow-root?" argument, because "lambda*"
already does this by default.
* doc/guix.texi (X Window): Document this.
* gnu/services/xorg.scm (<slim-configuration>)[gnupg?]: New record field.
(slim-pam-service): Pass "#:gnupg?" argument to "unix-pam-service".
This is a follow-up of d128c6fd33.
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>)
[no-publish?]: Rename it to ...
[publish?]: ... this new field.
(cuirass-shepherd-service): Adapt it.
* doc/guix.texi (Cuirass remote building): Document it.
It's more explicit to specify used fields instead of depending on their
position.
* gnu/services/base.scm (guix-activation): Replace "match" with
"match-record".
This reverts commit 4673f81793, which reverted
commit 69dcc24c9f with the fix detailed below.
Thanks to Christopher Baines for reporting the failure and proposing a fix.
* guix/self.scm (compiled-guix) [*system-test-modules*]: Add the test data
files via the 'extra-files' argument.
* gnu/local.mk (dist_patch_DATA): Move the tests/data/jami-dummy-account.dat
file to...
* gnu/local.mk (MODULES_NOT_COMPILED): ... here.
* gnu/services/telephony.scm (string-or-computed-file?)
(string-list?, account-fingerprint-list?): New procedures.
(maybe-string-list, maybe-account-fingerprint-list)
(maybe-boolean, maybe-string, jami-account-list): New configuration field
types.
(serialize-string-list, serialize-boolean, serialize-string)
(jami-account, jami-account->alist, jami-configuration)
(jami-account-list?, jami-account-list-maybe): New procedures.
(%jami-accounts): New variable.
(jami-configuration->command-line-arguments): New procedure.
(jami-dbus-session-activation, jami-shepherd-services): New procedures.
(jami-service-type): New variable.
* gnu/build/jami-service.scm: New file.
* gnu/tests/data/jami-dummy-account.dat: Likewise.
* gnu/tests/telephony.scm: Likewise.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register them.
* Makefile.am (SCM_TESTS): Register the test file.
(dist_patch_DATA): Register the new data file.
* doc/guix.texi (Telephony Services): Document it.
If the type of a configuration field is a package, show the name of its
package *variable* as the default value.
* gnu/services/configuration.scm (generate-documentation){show-default}
{package->symbol}: New nested procedures. Use them to format the field
entries.
Co-authored-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Make the formatting of the generated docs more consistent with the rest of the
docs in the “Services” section of the manual.
* gnu/services/configuration (generate-documentation): Represent the data type
documentation of a field using a DEFTP table rather than DEFTYPEVR elements.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Previously, argv[0] would be replaced by the absolute file name of the
executable. This could cause discrepancies, for example in the
Coreutils test suite: <https://issues.guix.gnu.org/49485>.
* gnu/services/virtualization.scm (<qemu-platform>)[flags]: Default to "FP".
"pcscd" wouldn't handle SIGTERM as it inherit ignoring this signal (and
others) from its parent shepherd; fork+exec-command restore signal
handling. Fixes <https://issues.guix.gnu.org/45202>.
* gnu/services/security-token.scm (pcscd)[start]: Use
fork+exec-command to start "pcscd".
Sometimes two configurations might have the same types for their field values,
but the values might be serialized in two completely different
ways (e.g. because the two programs have different configuration languages).
An example of this would be the ‘serialize-boolean’ procedure in (gnu services
mail) and (gnu services getmail). They both serialize a boolean value, but
because the Dovecot’s configuration language has a different syntax to the
configuration language for Getmail, two different procedures have to be
defined.
One way to workaround this would be to specify custom serializers for many
fields in order to separate the serialization of the values that have the same
type but serialize in different ways. This could get very tedious, especially
if there are many configurations in the same module.
Another way would be to move one of the configurations to its own module, like
what was done with (gnu services getmail). However, this would mean that
there would be multiple modules containing configurations for related
programs, e.g. we have (gnu services mail) and (gnu services getmail), it
doesn’t make much sense to keep the Getmail configuration in its own module.
This patch will allow one to write something like this:
(define-configuration foo-configuration
(bar
(string "bob")
"Option bar.")
(prefix bar-))
and the value of the ‘bar’ field would be serialized using a procedure named
‘bar-serialize-string’ instead of just ‘serialize-string’.
* gnu/services/configuration.scm (define-maybe-helper): Accept ‘prefix’
argument for using serializer with custom prefix.
(define-maybe): Pattern match on ‘prefix’ literal.
(define-configuration-helper): Accept ‘prefix’ argument for using serializer
with custom prefix.
(define-configuration): Pattern match on ‘prefix’ literal.
* tests/services/configuration.scm ("serialize-configuration with prefix"):
New test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/vpn.scm (<strongswan-configuration>): New record type.
(charon-plugins, strongswan-configuration-file)
(strongswan-shepherd-service, strongswan-service-type): New variables.
* doc/guix.tex (VPN Services): Document them all.
For some time, OpenSSH's option 'PermitRootLogin' has deprecated the
ambiguous argument 'without-password' with 'prohibit-password'.
* doc/guix.texi (Network Services): Replace 'without-password by
'prohibit-password.
* gnu/machine/digital-ocean.scm (guix-infect): Change system
configuration to use 'prohibit-password.
* gnu/services/ssh.scm (openssh-configuration): Change comment to use
'prohibit-password.
(openssh-config-file): Add support for 'prohibit-password to
'permit-root-login'. Warn about deprecated 'without-password usage.
* gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by
'prohibit-password.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
Otherwise when pcscd doesn't terminate properly (ie. receive a SIGKILL),
it won't start again because of it's socket already existing.
* gnu/services/security-token.scm (pcscd-shepherd-service)[start]:
Remove existing socket file.
This follows on from the changes in 4985a42724.
* gnu/services/base.scm (%default-authorized-guix-keys): Add
bordeaux.guix.gnu.org.pub.
Signed-off-by: Christopher Baines <mail@cbaines.net>
Fixes <https://issues.guix.gnu.org/48521>.
The problem was caused by the 'file-system-mapping' record not being in scope.
* gnu/services/networking.scm (opendht-shepherd-service): Import the (gnu
system file-systems) module.
[requirement]: Depend on networking, to avoid spurious output.
[modules]: New field.
[start] <group>: New argument.
* gnu/services/networking.scm (maybe-number?, maybe-string?): New procedures.
(<opendht-configuration>): New configuration record.
(%opendht-accounts): New variable.
(opendht-configuration->command-line-arguments): New procedure.
(opendht-shepherd-service, opendht-service-type): New variables.
* doc/guix.texi (Networking Services): Document the new service.
This is added for convenience and for uniformity with the
define-maybe/no-serialization syntax introduced in the previous commit.
* gnu/services/configuration.scm
(define-configuration/no-serialization): New syntax.
Before this change, using define-maybe along define-configuration with the
no-serialization syntactic keyword would result in the following warning:
warning: possibly unbound variable `VARIABLE-NAME'
This change introduces the define-maybe/no-serialization variant that does
away with defining a serialization helper procedure, which makes it possible
to avoid the above warning.
* gnu/services/configuration.scm (define-maybe/no-serialization): New syntax.
(define-maybe-helper): New procedure.
(define-maybe): Define syntax using the above procedure.
* tests/services/configuration.scm (tests): Fix module name.
(custom-number-serializer): Do not print to standard output.
(maybe-number?, serialize-maybe-number): New procedures defined via the
define-maybe macro.
(config-with-maybe-number): New configuration.
(serialize-number): New procedure.
("maybe value serialization"): New test.
(maybe-string?): New procedure defined via the define-maybe/no-serialization
macro.
(config-with-maybe-string/no-serialization): New configuration.
("maybe value without serialization no procedure bound"): New test.
The non-hygienic binding of the source location accessor was set to
'-location'; in modules where multiple configurations were defined, it would
cause compilation warnings such as:
gnu/services/mail.scm:175:0: warning: shadows previous definition of
`%-location-procedure' at gnu/services/mail.scm:165:0
* gnu/services/configuration.scm (define-configuration-helper) <id>: Add a
missing #'stem argument to use the configuration name as a prefix to the
location accessor identifier.
In some cases, rather than globally disabling serialization, it may be more
appropriate to disable or otherwise alter the serialization procedure of a
specific field. In large module, multiple configurations may also exist that
would need to alter the default serialization procedure, which is named after
the field type. Being able to specify a per-field serialization procedure
provides more flexibility.
* gnu/services/configuration.scm (define-configuration): Add an optional
pattern variable to allow specifying a custom serialization procedure.
(define-configuration-helper) <field-serializer>: Use it to transform the
syntax.
(empty-serializer): New procedure.
(serialize-package): Alias to ‘empty-serializer’.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Serialization is not always useful, for example when deriving command line
arguments from a configuration. This change provides a way to turn it off,
which removes the need to define a bunch of dummy serialization procedures.
Credit goes to Andrew Gierth (RhodiumToad) from #guile for providing the
solution. Thank you!
* gnu/services/configuration.scm (define-configuration-helper): New procedure.
(define-configuration) <no-serialization>: New syntactic keyword. Use it in a
new pattern. Refactor the macro so that it makes use of the above helper
procedure.
This resolves a compilation warning introduced with commit bb716e8d9d.
* gnu/services/configuration.scm (configuration->documentation): Use display
to print the string instead of format.
The original (undocumented) procedure to generate the doc has a difficult to
grasp interface; add a simpler one on top of it.
* gnu/services/configuration.scm (configuration->documentation): New procedure.
Not all fields in a configuration have a sensible default value. This changes
makes it possible to omit a default value for a configuration field, requiring
the user to provide a value.
* gnu/services/configuration.scm (configuration-missing-field): New procedure.
(define-configuration): Make default value optional.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This fixes the following issue where spice-vdagent would fail to start if the
spice-vdagent-sock socket file already existed:
spice-vdagentd: Fatal could not create the server socket
/run/spice-vdagentd/spice-vdagent-sock: Error binding to address: Address
already in use
The requirement is also modified to depend on dbus-system, a cue taken from
upstream's own systemd service file (see 'data/spice-vdagentd.service' in the
sources).
* gnu/services/spice.scm (spice-vdagent-activation): Delete procedure.
(spice-vdagent-shepherd-service): Fix indentation.
[requirement]: Replace udev by dbus-system.
[start]: Ensure the spice-vdagentd run-time directory exists and that the
spice-vdagent-sock socket file does *not* exist before forking the daemon.
* gnu/services/mail.scm (protocol-configuration): Add an ‘imap-metadata?’
setting to enable IMAP METADATA support in the ‘imap’ protocol.
* doc/guix.texi (Mail Services): Document it.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/spice.scm (spice-vdagent-activation): Update runtime directory
from /var/run/spice-vdagentd to /run/spice-vdagentd.
(spice-vdagent-service-type): Specify a default value and fix indentation.
This service doesn't create a PID file, but it does write a file with the
processed commits in it, so create a directory to contain that.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-activation):
Ensure /var/cache/guix-build-coordinator-queue-builds exists.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Use the default client port rather than the default agent communication port
for the queue builds script.
* gnu/services/guix.scm (<guix-build-coordinator-queue-builds-configuration>):
Change coordinator default.
The queue builds script doesn't create a pid file, so don't have the shepherd
expect to find one.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-shepherd-services):
Remove #:pid-file.
Don't hardcode usernames, as these are in the config. Also fix the %user being
missing from the queue-builds service activation.
* gnu/services/guix.scm (guix-build-coordinator-activation,
guix-build-coordinator-agent-activation): Use config for the user name.
(guix-build-coordinator-queue-builds-activation): Define %user.
To the agent configuration.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): New
field, max-1min-load-average.
(guix-build-coordinator-agent-configuration-max-1min-load-average): New
procedure.
(guix-build-coordinator-agent-shepherd-services): If set, include the
max-1min-load-average in the agent arguments.
* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field.
(wireguard-configuration-file): Use it.
* doc/guix.texi (VPN Services): Document it.
This is a follow-up of c311147bd1.
* gnu/services/databases.scm (<postgresql-role-configuration>)[host]: Set to
"/tmp" which the default Postgresql socket directory.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Fixes <https://bugs.gnu.org/46737>.
PostgreSQL running with a different socket directory to the default one in the
package itself breaks some services, this commit restores the previous
behaviour where PostgreSQL by default will run with a socket directory that
matches the default used by PostgreSQL packaged for Guix.
Switching to a different default value can happen, but only alongside changing
the PostgreSQL package.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]:
Change default to #false.
* doc/guix.texi (Database Services): Update documentation, and specify a
different value for disabling connections via sockets.
* gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL
behaviour.
* gnu/tests/monitoring.scm (%zabbix-os): Likewise.
* gnu/tests/web.scm (patchwork-os): Likewise.
Signed-off-by: Leo Famulari <leo@famulari.name>
That way, the default config with (advertises? #t) and without a cache
will offer zstd-compressed substitutes, which should lead to much higher
throughput than gzip.
* gnu/services/base.scm (default-compression): When
'guix-publish-configuration-cache' returns true, use higher level
compression ratios. Add "zstd".
* doc/guix.texi (Base Services): Mention zstd.
References:
https://sysctl-explorer.net/fs/protected_hardlinks/https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to
cuirass requirements. Set cuirass-web requirements to cuirass only. Remove
"guix-daemon" and "networking" from cuirass-remote-server requirements as are
already required by cuirass.
Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
Marius Bakke
Christopher Baines
Attila Lendvai
Maxim Cournoyer
Guillaume Le Vaillant
Ludovic Courtès
Timothy Sample
Nick Zalutskiy
Arun Isaac
Chris Marusich
Ludovic Courtès
Mathieu Othacehe
Leo Famulari
Nathan Dehnel
Ricardo Wurmus
Tobias Geerinckx-Rice
Josselin Poiret
Alexey Abramov
Vivien Kraus
Timotej Lazar
Efraim Flashner
Andrew Tropin
Jacob Adams
Oleg Pykhalov
Josselin Poiret
Liliana Marie Prikler
Greg Hogan
Brice Waegeneire
Julien Lepiller
Christopher Lemmer Webber
muradm
Xinglu Chen
Raghav Gururajan
luhui
Domagoj Stolfa
Jack Hill
Solene Rapenne
methuselah-0
B. Wilson
Leo Prikler
Maxime Devos
qblade
Valentin Herrmann
Léo Le Bouter
Alexandru-Sergiu Marton
Simon South
宋文武