Serialization is not always useful, for example when deriving command line
arguments from a configuration. This change provides a way to turn it off,
which removes the need to define a bunch of dummy serialization procedures.
Credit goes to Andrew Gierth (RhodiumToad) from #guile for providing the
solution. Thank you!
* gnu/services/configuration.scm (define-configuration-helper): New procedure.
(define-configuration) <no-serialization>: New syntactic keyword. Use it in a
new pattern. Refactor the macro so that it makes use of the above helper
procedure.
This resolves a compilation warning introduced with commit bb716e8d9d.
* gnu/services/configuration.scm (configuration->documentation): Use display
to print the string instead of format.
The original (undocumented) procedure to generate the doc has a difficult to
grasp interface; add a simpler one on top of it.
* gnu/services/configuration.scm (configuration->documentation): New procedure.
Not all fields in a configuration have a sensible default value. This changes
makes it possible to omit a default value for a configuration field, requiring
the user to provide a value.
* gnu/services/configuration.scm (configuration-missing-field): New procedure.
(define-configuration): Make default value optional.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This fixes the following issue where spice-vdagent would fail to start if the
spice-vdagent-sock socket file already existed:
spice-vdagentd: Fatal could not create the server socket
/run/spice-vdagentd/spice-vdagent-sock: Error binding to address: Address
already in use
The requirement is also modified to depend on dbus-system, a cue taken from
upstream's own systemd service file (see 'data/spice-vdagentd.service' in the
sources).
* gnu/services/spice.scm (spice-vdagent-activation): Delete procedure.
(spice-vdagent-shepherd-service): Fix indentation.
[requirement]: Replace udev by dbus-system.
[start]: Ensure the spice-vdagentd run-time directory exists and that the
spice-vdagent-sock socket file does *not* exist before forking the daemon.
* gnu/services/mail.scm (protocol-configuration): Add an ‘imap-metadata?’
setting to enable IMAP METADATA support in the ‘imap’ protocol.
* doc/guix.texi (Mail Services): Document it.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/spice.scm (spice-vdagent-activation): Update runtime directory
from /var/run/spice-vdagentd to /run/spice-vdagentd.
(spice-vdagent-service-type): Specify a default value and fix indentation.
This service doesn't create a PID file, but it does write a file with the
processed commits in it, so create a directory to contain that.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-activation):
Ensure /var/cache/guix-build-coordinator-queue-builds exists.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Use the default client port rather than the default agent communication port
for the queue builds script.
* gnu/services/guix.scm (<guix-build-coordinator-queue-builds-configuration>):
Change coordinator default.
The queue builds script doesn't create a pid file, so don't have the shepherd
expect to find one.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-shepherd-services):
Remove #:pid-file.
Don't hardcode usernames, as these are in the config. Also fix the %user being
missing from the queue-builds service activation.
* gnu/services/guix.scm (guix-build-coordinator-activation,
guix-build-coordinator-agent-activation): Use config for the user name.
(guix-build-coordinator-queue-builds-activation): Define %user.
To the agent configuration.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): New
field, max-1min-load-average.
(guix-build-coordinator-agent-configuration-max-1min-load-average): New
procedure.
(guix-build-coordinator-agent-shepherd-services): If set, include the
max-1min-load-average in the agent arguments.
* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field.
(wireguard-configuration-file): Use it.
* doc/guix.texi (VPN Services): Document it.
This is a follow-up of c311147bd1.
* gnu/services/databases.scm (<postgresql-role-configuration>)[host]: Set to
"/tmp" which the default Postgresql socket directory.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Fixes <https://bugs.gnu.org/46737>.
PostgreSQL running with a different socket directory to the default one in the
package itself breaks some services, this commit restores the previous
behaviour where PostgreSQL by default will run with a socket directory that
matches the default used by PostgreSQL packaged for Guix.
Switching to a different default value can happen, but only alongside changing
the PostgreSQL package.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]:
Change default to #false.
* doc/guix.texi (Database Services): Update documentation, and specify a
different value for disabling connections via sockets.
* gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL
behaviour.
* gnu/tests/monitoring.scm (%zabbix-os): Likewise.
* gnu/tests/web.scm (patchwork-os): Likewise.
Signed-off-by: Leo Famulari <leo@famulari.name>
That way, the default config with (advertises? #t) and without a cache
will offer zstd-compressed substitutes, which should lead to much higher
throughput than gzip.
* gnu/services/base.scm (default-compression): When
'guix-publish-configuration-cache' returns true, use higher level
compression ratios. Add "zstd".
* doc/guix.texi (Base Services): Mention zstd.
References:
https://sysctl-explorer.net/fs/protected_hardlinks/https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to
cuirass requirements. Set cuirass-web requirements to cuirass only. Remove
"guix-daemon" and "networking" from cuirass-remote-server requirements as are
already required by cuirass.
Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
This is a follow-up of 189e62fa69.
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix
syntax.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/linux.scm (kernel-module-loader-shepherd-service): Return
a 'shepherd-service' instead of a list of it.
(kernel-module-loader-service-type): Adjust it.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/mail.scm (radicale-configuration)
(radicale-configuration?): New procedures.
(%default-radicale-config-file)
(radicale-service-type): New variables.
* doc/guix.texi: Document it.
Fixes <http://issues.guix.gnu.org/45202>.
* gnu/services/security-token.scm (pcscd-shepherd-service): Look for
pcscd.pid in /run instead of /var/run.
Reported by Raffael Stocker <r.stocker@mnet-mail.de>.
This reverts commit aecd2a13cb for two
reasons:
1. The warning would fire every time (gnu services ssh) is loaded;
2. There's still no clear consensus on the approach to follow as
discussed in <https://issues.guix.gnu.org/44808>.
Fixes <https://bugs.gnu.org/44808>.
Reported by Christopher Lemmer Webber <cwebber@dustycloud.org>.
* gnu/services/ssh.scm (true-but-soon-false): New procedure.
(<openssh-configuration>)[password-authentication?]: Change default to
'true-but-soon-false'.
* gnu/installer/services.scm (%system-services): Explicitly set
'password-authentication?' to #f.
* gnu/services/virtualization.scm (hurd-vm-disk-image): Use
'lookup-image-type-by-name' instead of referring to 'hurd-disk-image'
from (gnu system images hurd).
There are plenty of options supported that the Guix configuration record
doesn't help you with, so add this field to allow users to do their own thing.
* gnu/services/monitoring.scm (<prometheus-node-exporter-configuration>): Add
extra-options field.
(prometheus-node-exporter-shepherd-service): Handle the extra options.
* doc/guix.texi (Prometheus Node Exporter Service): Document this.
This makes the logs easier to find and read.
* gnu/services/monitoring.scm (prometheus-node-exporter-shepherd-service):
Pass #:log-file to make-forkexec-constructor.
So it doesn't run as root, and because this will help with the textfile
exporter.
* gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New
variable.
(prometheus-node-exporter-shepherd-service): Use the relevant user and group.
(prometheus-node-exporter-service-type): Extend the account service type.
Add relevant exports, as well as a comment to better indicate where the
relevant code starts.
* gnu/services/monitoring.scm (prometheus-node-exporter-service-type):
Capitalise Prometheus.
Fixes <https://bugs.gnu.org/44820>.
Reported by Simon <lists@netpanic.org>.
This is a followup to bb124f6e9c.
* gnu/services/audio.scm (mpd-service-activation): Chown the parent of
DIRECTORY as well.
/etc/nix/nix.conf is a static file doesn't need rebuild on every boot.
* gnu/services/nix.scm (nix-activation): Don't create /etc/nix/nix.conf.
(nix-service-etc): New function.
(nix-service-type): New service-extension "nix-service-etc" to etc-service-type.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* guix/scripts/publish.scm (%options): Add "--advertise" option.
(show-help): Document it.
(service-name): New procedure,
(publish-service-type): new variable.
(run-publish-server): Add "advertise?" and "port" parameters. Use them to publish
the server using Avahi.
(guix-publish): Pass the "advertise?" option to "run-publish-server".
* gnu/services/base.scm (<guix-publish-configuration>): Add "advertise?"
field.
(guix-publish-shepherd-service): Honor it.
* gnu/services/databases.scm (<mysql-configuration>): Add AUTO-UPGRADE? field.
(mysql-upgrade-wrapper, mysql-upgrade-shepherd-service,
mysql-shepherd-services): New variables.
(mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of
MYSQL-SHEPHERD-SERVICE.
* doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of
MYSQL-SERVICE-TYPE.
* gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run.
* gnu/services/databases.scm (mysql-service): Define in terms of DEFINE-DEPRECATED.
* gnu/tests/databases.scm (%mysql-os): Adjust accordingly.
* doc/guix.texi (Database Services): Adjust the MariaDB/MySQL section to
document MYSQL-SERVICE-TYPE instead of MYSQL-SERVICE. While at it, document
the EXTRA-CONTENT field.
‘escpr’ is nice and short, but everyone else calls this package
‘epson-inkjet-printer-escpr’. More importantly, so does upstream.
* gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename
escpr to epson-inkjet-printer-escpr, redefining escpr as
deprecated-package. Adjust all users.
* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Make ca, key an cert fields optional.
* doc/guix.texi (VPN Services): Document the change.
Fixes a regression introduced in
977eb5d023 whereby file system services
would now have a different name.
* gnu/services/base.scm (file-system->shepherd-service-name): Revert
changes introduced in 977eb5d023.
* gnu/services/shepherd.scm (%store-characters): New variable
(shepherd-service-file-name): Map all the characters outside
%STORE-CHARACTERS to #\-.
Fixes <https://bugs.gnu.org/44626>.
Reported by Vagrant Cascadian <vagrant@debian.org>.
* tests/build-utils.scm ("wrap-script, simple case"): Pass
SCRIPT-CONTENTS to 'display' rather than 'format'.
* gnu/services/base.scm (file-system->shepherd-service-name)
[valid-characters, mount-point]: New variables.
Filter out invalid store file name characters from the mount point of
FILE-SYSTEM.
Also change the default configuration to clear on logout, which is the
upstream default.
* gnu/services/base.scm (<mingetty-configuration>): Add 'clear-on-logout?'
field.
(mingetty-shepherd-service): Pass the "--noclear" option to mingetty only if
'clear-on-logout?' is #false.
* doc/guix.texi (Base Services): Document the 'clear-on-logout?' field.
This was unintentionally removed in
00014f7692.
* gnu/services/web.scm (default-nginx-config): Re-introduce processing
of server-names-hash-bucket-size option.
This was unintentionally removed in
00014f7692.
* gnu/services/web.scm (default-nginx-config): Re-introduce processing
of server-names-hash-bucket-size option.
As it doesn't use one.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services):
Remove #:pid-file.
(guix-build-coordinator-agent-activation): Don't create the /var/run
directory.
As this is needed when substituting derivations.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Set
XDG_CACHE_HOME.
(guix-build-coordinator-agent-activation): Create
/var/cache/guix-build-coordinator-agent.
Until now it would wait for a PID file that'd never come.
* gnu/services/audio.scm (mpd-shepherd-service): Add 'requirement'.
Remove #:pid-file from 'start'.
(mpd-service-activation): Create the ".mpd" directory since that's what
the daemon expects.
Running 'guix system search mpd' would throw a backtrace because the
mpd-shepherd-service service start Gexp contained an unquoted call to
'getpwnam', which would look for a missing 'mpd' user and fail.
* gnu/services/audio.scm (mpd-shepherd-service): gexp-unquote only the
relevant variable rather than the whole expression.
Fixes a bug whereby different users would get different derivations for
the same service.
* gnu/services/base.scm (guix-shepherd-service): In 'start' method, do
not embed (guix config).
This is a followup to ecaa102a58.
* gnu/services/base.scm (<guix-publish-configuration>)[cache-bypass-threshold]:
New field.
(guix-publish-shepherd-service): Honor it.
* gnu/services/base.scm (swap-service-type)[device-lookup, device-name]:
New variables.
Add 'modules' field to 'shepherd-service'. In 'start' and 'stop', use
'device-lookup' to resolve UUIDs and labels.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
This silences a warning from the service at startup.
* gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n"
command-line option to kresd in place of the deprecated "-f 1".
Signed-off-by: Leo Famulari <leo@famulari.name>
Maxim Cournoyer
Xinglu Chen
Alexey Abramov
Christopher Baines
methuselah-0
Oleg Pykhalov
B. Wilson
Guillaume Le Vaillant
Mathieu Othacehe
Leo Prikler
Ludovic Courtès
Maxime Devos
Tobias Geerinckx-Rice
qblade
muradm
Valentin Herrmann
Leo Famulari
Léo Le Bouter
Andrew Tropin
Christopher Lemmer Webber
Alexandru-Sergiu Marton
Simon South
宋文武
raid5atemyhomework
Marius Bakke
Julien Lepiller
Stefan
Jan (janneke) Nieuwenhuizen
Brice Waegeneire
Jonathan Brielmaier
Efraim Flashner
Zhu Zihao
Mikhail Tsykalov
Danny Milosavljevic
Mark H Weaver
raingloom
Vagrant Cascadian