This also switches to use guile-next, which includes important fixes to
invalid unicode handling with suspendable ports, which is necessary for the
agent.
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-94.c4c4f5a.
* gnu/services/guix.scm: Use guile-next for the coordinator service.
Change-Id: I853539a612fd0b41a6c63069c6291b3f42e5cdee
This construct was introduced in Shepherd 0.9.0.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Use
‘make-inetd-constructor’ unconditionally.
Change-Id: Id1b79077d60609c7f95439ee0d097dfe6e66dd2e
* gnu/services/shepherd.scm (%default-modules): Remove (oop goops).
(shepherd-service-file): Use (service …) instead of (make <service> …).
Use ‘actions’ instead of ‘make-actions’.
(scm->go): Remove use of (oop goops).
(shepherd-configuration-file): Pass ‘register-services’ a list.
Use ‘start-in-the-background’ unconditionally.
Change-Id: I0ad1ba32e339c56ee31e59f160b53d3581277d97
Due to an error in the nesting of S-Expressions, the re-linking of
/var/run/dbus to /run/dbus would occur even if it was already a
correct symlink. It should only happen if the symlink is different.
* gnu/services/dbus.scm (dbus-activation): Adjust accordingly.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Having a timeout seems generally preferable as it makes sure build slots
are not kept busy for no good reason (few package builds, if any, are
expected to exceed these values).
* nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’
and ‘buildTimeout’.
* gnu/services/base.scm (<guix-configuration>)[max-silent-time]
[timeout]: Change default values.
* doc/guix.texi (Invoking guix-daemon, Base Services): Adjust
accordingly.
Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8
Fixes <https://issues.guix.gnu.org/64653>.
The ‘dynamic-wind’ was causing files to be closed prematurely when
leaving the dynamic extent of PROC for instance via a delimited
continuation, using Fibers (that ‘dynamic-wind’ call was also
semantically incorrect in the first place).
* gnu/services/shepherd.scm (shepherd-configuration-file)
[config](call-with-file): Remove.
(call-with-input-file, call-with-output-file): Rewrite in terms of
‘call-with-port’.
Change-Id: Ica8af71a04f525a15be99985552063cb98cd6ee8
I think this might be better than handling it in the service. I'm seeing
locale issues on the hurd which I hope this will address.
* gnu/packages/package-management.scm (guix-build-coordinator,
guix-build-coordinator/agent-only):
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services,
guix-build-coordinator-agent-shepherd-services):
Change-Id: I07ca424f434854176326a19177dc5573d53b59c2
This has been effectively replaced by the bffe.
* gnu/services/guix.scm (<guix-data-service-configuration>): Remove record
type.
(guix-build-coordinator-queue-builds-shepherd-services,
guix-build-coordinator-queue-builds-activation,
guix-build-coordinator-queue-builds-account): Remove procedures
(guix-build-coordinator-queue-builds-service-type): Remove service type.
Change-Id: I2a233fb10b12cc9bfddebaa35928b25c243f82a2
* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).
Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
* gnu/services/telephony.scm (jami-shepherd-services): Use
‘least-authority-wrapper’ for ‘dbus-daemon’. Use ‘fork+exec-command’
instead of ‘make-forkexec-constructor/container’ in the ‘start’ method’.
Remove reference to (gnu build shepherd).
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I9d9f8de6ecea77950000ff64aa8c8d097dc028a0
This will only affect systems running Shepherd < 0.9.0, which was
released in August 2022.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Remove
‘with-imported-modules’ and ‘modules’ field. Use
‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’ when ‘make-inetd-constructor’ is
missing.
Change-Id: I35a0487bccaee4799ad0d81388d540e5c7891f7e
* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’. Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field. Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.
Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
* gnu/services/web.scm (hpcguix-web-shepherd-service): Define
‘config-file’ and use it. Add ‘actions’ field.
Change-Id: I085df403270039ede3c13f21a5d60682c7510e2e
* gnu/services/base.scm (guix-machines-files-installation): Handle
machines being a mixed list of build-machines and lists of
build-machines.
* doc/guix.texi (Base Services): Document it.
Change-Id: Ie404562ca0b564413233c3a624046da831893dc3
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The udev-configuration record now has a hardware field.
The contents of the /etc/udev directory now includes hwdb.bin, which is
computed when the system is instanciated (prior to system activation). The
hardware description files used to generate hwdb.bin are not installed in
/etc, because they are not required at run-time.
The documentation has been reworked so as to explain why creating udev rules
or hardware needs helper functions for configuration or extension.
* gnu/services/base.scm (udev-hardware): New function.
(file->udev-hardware): New function.
(udev-hardware-service): New function.
(udev-etc): Add hwdb.d and hwdb.bin.
(module): Export udev-hardware, file->udev-hardware, and udev-hardware-service.
(<udev-configuration>): Add the native-udev field.
(udev-service-type) [extend]: Populate the hardware field.
* doc/guix.texi (Base Services)[udev-service-type]: Explain configuration and
extension values.
* doc/guix.texi (Base Services)[udev-hardware]: Document it.
[udev-hardware-service]: Same.
* doc/guix.texi (Base Services)[udev-configuration]: Document the native-udev
field.
* gnu/services/base.scm (udev-configurations-union): New function.
(udev-configuration-file): New function, use file->udev-configuration-file.
(file->udev-configuration-file): New function.
(udev-rules-union): Use udev-configurations-union.
(udev-rule): Use udev-configuration-file.
(file->udev-rule): Use file->udev-configuration-file.
According to https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3101, glib
now searches for the session bus socket in runstatedir. The dbus service must
thus have its socket in /run/dbus.
For interoperability with the dbus standard, /run/dbus is also symlinked to
/var/run/dbus.
* gnu/services/dbus.scm (dbus-activation): Symlink /run/dbus to /var/run/dbus.
(%dbus-accounts): Run dbus in /run/dbus.
(dbus-root-service-type): Save the pid file in /run/dbus.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Introduces 'base-transducer', a SRFI-171 based transducer that can be used as a
starting point for writing custom configuration record serializing procedures.
This also fixes the symbol maybe-value serialization test case.
* gnu/services/configuration.scm (empty-serializer?): New predicate.
(base-transducer, tfilter-maybe-value): New procedure.
(serialize-configuration): Adapt to use base-transducer.
* gnu/services/telephony.scm (jami-account->alist): Use transducers to skip
fields that are unserializable or whose field maybe-value is unset.
* tests/services/configuration.scm: Remove test-expect-fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b23.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* gnu/services/vnc.scm (xvnc-configuration->command-line-arguments): Omit X
display number when inetd? is #t.
Change-Id: I0fc8e3068f3ae22421e60e96bd40e3b6e477ca99
Previously, a default name would be used for transient inetd services,
leading to names such as #{5rjnskb6011jgmfmpgp63jp9mh9nkl20-rsync-3274}#.
* gnu/services/rsync.scm (rsync-shepherd-service): Pass #:service-name-stem.
Change-Id: I4d0a4a01e122c6eeaa85f104b083cf7e8709eac3
Packets for local host IP ranges should be coming only over lo. If that is
not the case, we should drop them. Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.
* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
* gnu/services/base.scm (guix-machines-files-installation): New
procedure.
(<guix-configuration>)[build-machines]: New field.
(guix-activation): Call ‘ guix-machines-files-installation’.
(<guix-extension>)[build-machines]: New field.
(guix-extension-merge): Handle it.
(guix-service-type)[extend]: Likewise.
* doc/guix.texi (Daemon Offload Setup): Add note linking to
‘guix-configuration’.
(Base Services): Document ‘build-machines’ field of <guix-configuration>
and of <guix-extension>.
(Virtualization Services): Add ‘hurd-vm’ anchor.
Fixes a bug introduced in 0dd293b4d9
whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the
“wrong” locale data (2.35 instead of 2.37).
Consequently, it would fail to setlocale(3) and calls to
‘std::stoi’ (when reading the output of ‘guix authenticate’) would
throw, leading to this error message of guix-daemon:
unexpected build daemon error: stoi
This would manifest when sending store items to a childhurd:
$ guix copy --to=localhost:10022 sed
guix copy: sending 1 store item (1 MiB) to 'localhost'...
guix copy: error: unknown error while sending files over SSH
The “unknown error” is the ‘stoi’ exception.
This commit fixes that, but for the ‘guix-daemon’ service only.
* gnu/services/base.scm (guix-shepherd-service)[locales]: New variable.
Use it instead of ‘glibc-utf8-locales’.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
Sometimes `syncthing-service-type' fails during startup because it tries
to read configuration files from the user's home directory:
Failure on home directory: mkdir /home/xyz/.config: permission denied
This patch adds `user-processes' to the shepherd service requirements to
ensure that `user-homes' is fired before `syncthing' tries to read data
from the home directory.
* gnu/services/syncthing.scm (syncthing-shepherd-service): add
`user-processes' to requirements
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>)[log-expiry]:
New field.
(cuirass-shepherd-service): Honor it.
* doc/guix.texi (Continuous Integration): Document it.
Rather than hardcoding a particular guile in the service definition.
* gnu/services/guix.scm (bffe-shepherd-services): Use guile from the package.
* gnu/packages/package-management.scm (bffe)[inputs]: Remove unnecessary
guile-next input.
This is intended to replace the functionality of the Guix Build Coordinator
queue builds script, and also provide a web interface for build farms.
* gnu/services/guix.scm (<bffe-configuration>): New record type.
(bffe-configuration, bffe-configuration?,
bffe-configuration-package,
bffe-configuration-user,
bffe-configuration-group,
bffe-configuration-arguments
bffe-configuration-extra-environment-variables): New procedures.
(bffe-service-type): New variable.
* gnu/tests/guix.scm (%test-bffe): New variable.
* doc/guix.texi (Guix Services): Document the new service.
* gnu/services/base.scm (<network-link>): Add mac-address field. Set
type field to #f by default, so it won't be mandatory. network-link
without a type will be used for existing interfaces.
(assert-network-link-mac-address, mac-address?): Add sanitizer. Allow
valid mac-address or #f.
(assert-network-link-type): Add sanitizer. Allow symbol or #f.
* gnu/services/base.scm (network-set-up/linux,
network-tear-down/linux): Adapt to new structure.
* doc/guix.texi (Networking Setup): Document it.
* gnu/tests/networking.scm (run-static-networking-advanced-test): New
variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The oci-container-configuration supports two user fields: one is the
user, from the host system, under whose authority the OCI-backed
Shepherd service is run; the other is an optional user/UID that can be
passed to the docker run invokation to override the user defined in the
OCI image.
The user from the host system is incorrectly passed to docker run
command, this patches reverts the incorrect behavior and passes the
correct container-user field value.
* gnu/services/docker.scm (oci-container-configuration): Fix the user
passed to the docker run invokation.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/web.scm (gmnisrv-service-type): Change the service name to gmnisrv
Change-Id: I1ca46c312db851486313c431fe0454786f0a673e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This fixes a issue introduced in the previous commit 552d070377 (services:
mcron: Add module for %user-log-dir.) which made the expression invalid when
using a '() module for the system service.
* gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Use
(shepherd support) unconditionally.
Fixes a regression introduced in
9c34b793c1.
* gnu/services/linux.scm (earlyoom-shepherd-service): Move
'user-processes' to 'requirements'.
Reported-by: Attila Lendvai <attila@lendvai.name>
* gnu/home/services/syncthing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/syncthing.scm (<syncthing-configuration>)[home-service?]:
New field.
Adjust 'provision' and 'requirement' depending on 'home-service?', and
likewise for #:user and #:group.
Use 'filter' + 'negate' instead of 'remove'.
* doc/guix.texi (Networking Services): Add note and cross-reference to
"Networking Home Services".
(Networking Home Services): New node.
* gnu/home/services/dict.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/dict.scm (<dicod-configuration>)[home-service?]: New
field.
(dicod-shepherd-service): Do not map /dev/log when 'home-service?' is
true. Remove 'user-processes' requirement when 'home-service?' is
true.
(dicod-shepherd-service): Set #:user and #:group to #f when
'home-service?' is true.
* doc/guix.texi (Miscellaneous Home Services): New node.
(Miscellaneous Services): Add cross-reference.
* gnu/services/mcron.scm (list-of-gexps?): Remove.
(<mcron-configuration>): Rewrite using 'define-record-type*'.
[home-service?]: New field.
[log-file]: Make thunked and changed default value.
(mcron-shepherd-services): Honor 'home-service?' and remove use of
'maybe-value-set?'.
(mcron-service-type): Inherit 'home-service?' from CONFIG.
(generate-doc): Remove.
* gnu/home/services/mcron.scm (list-of-gexp?)
(<home-mcron-configuration>, job-files, shepherd-schedule-action)
(home-mcron-shepherd-services, home-mcron-profile)
(home-mcron-extend, generate-doc): Remove.
(home-mcron-configuration): Turn into a macro.
(home-mcron-service-type): Define in terms of
'system->home-service-type'.
<top level>: Add service type mapping.
* gnu/services/dict.scm (%dicod-gcide-index): New variable.
(%dicod-database:gcide): Use it.
(%dicod-activation): Remove.
(dicod-shepherd-service): Remove reference to /var/run/dicod.
(dicod-service-type): Remove ACTIVATION-SERVICE-TYPE extension.
ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken
for a while [2]. Remove it rather than shipping a broken service for an
unmaintained program that's unlikely to be fixed.
[1]: <https://github.com/ddclient/ddclient>
[2]: <https://issues.guix.gnu.org/52770>
This reverts commit 8490a8346b.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.
Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.
Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share. And it
needs to be possible to mount the share without configuring PostgreSQL.
With NFSv3, the UID and GID typically needs to match those on the
server.
The added options allow for both of these scenarios:
You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.
* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Thanks to Bruno Victal "mirai" for cooperating on this patch and for
generously sharing a wealth of insights about Guix services.
Thanks to Jean-Baptiste Note for an early version of this service!
* doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading.
* gnu/services/linux.scm (serialize-string, non-negative-integer?)
(serialize-non-negative-integer, string, non-negative-integer)
(make-option-serializer, make-percentage-threshold-serializer): New
procedures.
(cachefilesd-configuration): New record type.
(cachefilesd-service-type): New variable.
* gnu/tests/cachefilesd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Co-authored-by: Bruno Victal <mirai@makinata.eu>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry>
'arguments' field. Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/databases.scm (postgresql-role): Add more role fields.
(postgresql-create-roles): Honor it.
* doc/guix.texi (Database Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/desktop.scm (kde-desktop-service-type): New variable.
(<kde-desktop-configuration>): New record type.
(kde-desktop-configuration): New procedure.
* doc/guix.texi (Desktop Services): Document it.
Co-authored-by: Zheng Junjie <873216071@qq.com>
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
The `pam-mount-volumes-service-type' adds additional volumes to the
pam-mount-service-type in addition to any that are already specified in
`pam-mount-rules'.
* doc/guix.texi (PAM Mount Volume Service): add documentation for
`pam-mount-service-type'.
* gnu/services/pam-mount.scm: new file.
* Makefile.am: add pam-mount tests
* tests/services/pam-mount.scm: new tests
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/admin.scm (%default-package-database-update-schedule):
New variable.
(<package-database-configuration>): New record type.
(package-database-mcron-jobs): New procedure.
(package-database-service-type): New variable.
* doc/guix.texi (File Search Services): Document it.
* gnu/services/admin.scm (%default-file-database-update-schedule)
(%default-file-database-excluded-directories): New variables.
(<file-database-configuration>): New record type.
(file-database-mcron-jobs): New procedure.
(file-database-service-type): New variable.
* doc/guix.texi (File Search Services): New node.
Liliana Marie Prikler
Christopher Baines
Ludovic Courtès
Vivien Kraus
Feng Shu
Connor Clark
David Thompson
Thomas Ieong
Saku Laesvuori
Janneke Nieuwenhuizen
Bruno Victal
Giacomo Leidi
Tomas Volf
Marius Bakke
Alexey Abramov
Adam Maleszka
Lilah Tascheter
Thomas Albers
Reily Siegel
Simon Tournier
Michal Atlas
Hilton Chain
宋文武
Martin Baulig
Maxim Cournoyer
Felix Lechner
terramorpha
Miguel Moreno
Hartmut Goebel
Zheng Junjie
Brian Cully
Sam Lockart