summary refs log blame commit diff
path: root/gnu/system/dmd.scm
blob: c1ddec88d65221ddbcfd70ced4d63bfeb735c8b5 (plain) (tree)
1
2
                                                      
                                                           



















                                                                         
                                   
                                                   
                                    
                                                         
                                                 
                                     

                                  
                                       
 
                                                                            
                            
                             
                            
                             
                            






                               
                                 
                                
 
                             
                            
                        
                        
                                     
                              
 









                                      
                                                          







                                                                   


                                                                          
                                                                         
                                
                                
                                                     
                          
                                                                  



                                            


                                                                 
                                            
                                                                            
             
                                                                
                                                                    
 

                                                                             
 










                                                                              
 
                                                 
                                                                       
                                                              
                                                                           
                                

                                                                      



                                             
                                                                          
                                                   
















                                                              





                                                                
                                                        
                            
                                                               
                                                                  
                                     

                                                  




                                                                       
                          




                                                               
                                
                                                                    
                                                                   








                                                                            



                                                                     
                                            





                                                                     
                                                
                                           
                                                      


                                                                         


                                                                            


                                                                        

                                                                
                               
                                                     
                                                                    
                                                                        









                                                                               
                                

                                                                     



                                                 
 




                                                                            
                        
                                
                 
                                                       




                                                               




























                                      
             
 
                                                                      


                                                                  
                                                   


































































                                                                              
             
                                           
                                





                                                                           
                                     







                                                                    
 
 

                                                                             
                
                                
                            
                                                                 
                                 
                                              




                                            


















                                                                             
                                                

                                                         
                                                                   
                                                 
                     
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system dmd)
  #:use-module (guix store)
  #:use-module (guix packages)
  #:use-module (guix derivations)
  #:use-module (guix records)
  #:use-module ((gnu packages base)
                #:select (glibc-final guile-final))
  #:use-module ((gnu packages admin)
                #:select (dmd mingetty inetutils shadow))
  #:use-module ((gnu packages package-management)
                #:select (guix))
  #:use-module ((gnu packages linux)
                #:select (net-tools))
  #:use-module (gnu packages xorg)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages gl)
  #:use-module (gnu packages slim)
  #:use-module (gnu packages ratpoison)

  #:use-module (gnu system shadow)                ; for user accounts/groups
  #:use-module (gnu system linux)                 ; for PAM services
  #:use-module (ice-9 match)
  #:use-module (ice-9 format)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (guix monads)
  #:export (service?
            service
            service-provision
            service-requirement
            service-respawn?
            service-start
            service-stop
            service-inputs
            service-user-accounts
            service-user-groups
            service-pam-services

            host-name-service
            syslog-service
            mingetty-service
            nscd-service
            guix-service
            static-networking-service
            xorg-start-command
            slim-service

            dmd-configuration-file))

;;; Commentary:
;;;
;;; System services as cajoled by dmd.
;;;
;;; Code:

(define-record-type* <service>
  service make-service
  service?
  (documentation service-documentation            ; string
                 (default "[No documentation.]"))
  (provision     service-provision)               ; list of symbols
  (requirement   service-requirement              ; list of symbols
                 (default '()))
  (respawn?      service-respawn?                 ; Boolean
                 (default #t))
  (start         service-start)                   ; expression
  (stop          service-stop                     ; expression
                 (default #f))
  (inputs        service-inputs                   ; list of inputs
                 (default '()))
  (user-accounts service-user-accounts            ; list of <user-account>
                 (default '()))
  (user-groups   service-user-groups              ; list of <user-groups>
                 (default '()))
  (pam-services  service-pam-services             ; list of <pam-service>
                 (default '())))

(define (host-name-service name)
  "Return a service that sets the host name to NAME."
  (with-monad %store-monad
    (return (service
             (documentation "Initialize the machine's host name.")
             (provision '(host-name))
             (start `(lambda _
                       (sethostname ,name)))
             (respawn? #f)))))

(define* (mingetty-service tty
                           #:key
                           (motd (text-file "motd" "Welcome.\n"))
                           (allow-empty-passwords? #t))
  "Return a service to run mingetty on TTY."
  (mlet %store-monad ((mingetty-bin (package-file mingetty "sbin/mingetty"))
                      (motd         motd))
    (return
     (service
      (documentation (string-append "Run mingetty on " tty "."))
      (provision (list (symbol-append 'term- (string->symbol tty))))

      ;; Since the login prompt shows the host name, wait for the 'host-name'
      ;; service to be done.
      (requirement '(host-name))

      (start  `(make-forkexec-constructor ,mingetty-bin "--noclear" ,tty))
      (stop   `(make-kill-destructor))
      (inputs `(("mingetty" ,mingetty)
                ("motd" ,motd)))

      (pam-services
       ;; Let 'login' be known to PAM.  All the mingetty services will have
       ;; that PAM service, but that's fine because they're all identical and
       ;; duplicates are removed.
       (list (unix-pam-service "login"
                               #:allow-empty-passwords? allow-empty-passwords?
                               #:motd motd)))))))

(define* (nscd-service #:key (glibc glibc-final))
  "Return a service that runs libc's name service cache daemon (nscd)."
  (mlet %store-monad ((nscd (package-file glibc "sbin/nscd")))
    (return (service
             (documentation "Run libc's name service cache daemon (nscd).")
             (provision '(nscd))
             (start `(make-forkexec-constructor ,nscd "-f" "/dev/null"
                                                "--foreground"))
             (stop  `(make-kill-destructor))

             (respawn? #f)
             (inputs `(("glibc" ,glibc)))))))

(define (syslog-service)
  "Return a service that runs 'syslogd' with reasonable default settings."

  ;; Snippet adapted from the GNU inetutils manual.
  (define contents "
     # Log all kernel messages, authentication messages of
     # level notice or higher and anything of level err or
     # higher to the console.
     # Don't log private authentication messages!
     *.err;kern.*;auth.notice;authpriv.none  /dev/console

     # Log anything (except mail) of level info or higher.
     # Don't log private authentication messages!
     *.info;mail.none;authpriv.none          /var/log/messages

     # Same, in a different place.
     *.info;mail.none;authpriv.none          /dev/tty12

     # The authpriv file has restricted access.
     authpriv.*                              /var/log/secure

     # Log all the mail messages in one place.
     mail.*                                  /var/log/maillog
")

  (mlet %store-monad
      ((syslog.conf (text-file "syslog.conf" contents))
       (syslogd     (package-file inetutils "libexec/syslogd")))
    (return
     (service
      (documentation "Run the syslog daemon (syslogd).")
      (provision '(syslogd))
      (start `(make-forkexec-constructor ,syslogd "--no-detach"
                                         "--rcfile" ,syslog.conf))
      (stop  `(make-kill-destructor))
      (inputs `(("inetutils" ,inetutils)
                ("syslog.conf" ,syslog.conf)))))))

(define* (guix-build-accounts count #:key
                              (first-uid 30001)
                              (gid 30000)
                              (shadow shadow))
  "Return a list of COUNT user accounts for Guix build users, with UIDs
starting at FIRST-UID, and under GID."
  (with-monad %store-monad
    (return (unfold (cut > <> count)
                    (lambda (n)
                      (user-account
                       (name (format #f "guixbuilder~2,'0d" n))
                       (password "!")
                       (uid (+ first-uid n -1))
                       (gid gid)
                       (comment (format #f "Guix Build User ~2d" n))
                       (home-directory "/var/empty")
                       (shell (package-file shadow "sbin/nologin"))
                       (inputs `(("shadow" ,shadow)))))
                    1+
                    1))))

(define* (guix-service #:key (guix guix) (builder-group "guixbuild")
                       (build-user-gid 30000) (build-accounts 10))
  "Return a service that runs the build daemon from GUIX, and has
BUILD-ACCOUNTS user accounts available under BUILD-USER-GID."
  (mlet %store-monad ((daemon   (package-file guix "bin/guix-daemon"))
                      (accounts (guix-build-accounts build-accounts
                                                     #:gid build-user-gid)))
    (return (service
             (provision '(guix-daemon))
             (start `(make-forkexec-constructor ,daemon
                                                "--build-users-group"
                                                ,builder-group))
             (stop  `(make-kill-destructor))
             (inputs `(("guix" ,guix)))
             (user-accounts accounts)
             (user-groups (list (user-group
                                 (name builder-group)
                                 (id build-user-gid)
                                 (members (map user-account-name
                                               user-accounts)))))))))

(define* (static-networking-service interface ip
                                    #:key
                                    gateway
                                    (name-servers '())
                                    (inetutils inetutils)
                                    (net-tools net-tools))
  "Return a service that starts INTERFACE with address IP.  If GATEWAY is
true, it must be a string specifying the default network gateway."

  ;; TODO: Eventually we should do this using Guile's networking procedures,
  ;; like 'configure-qemu-networking' does, but the patch that does this is
  ;; not yet in stock Guile.
  (mlet %store-monad ((ifconfig (package-file inetutils "bin/ifconfig"))
                      (route    (package-file net-tools "sbin/route")))
    (return
     (service
      (documentation
       (string-append "Set up networking on the '" interface
                      "' interface using a static IP address."))
      (provision '(networking))
      (start `(lambda _
                ;; Return #t if successfully started.
                (and (zero? (system* ,ifconfig ,interface ,ip "up"))
                     ,(if gateway
                          `(zero? (system* ,route "add" "-net" "default"
                                           "gw" ,gateway))
                          #t)
                     ,(if (pair? name-servers)
                          `(call-with-output-file "/etc/resolv.conf"
                             (lambda (port)
                               (display
                                "# Generated by 'static-networking-service'.\n"
                                port)
                               (for-each (lambda (server)
                                           (format port "nameserver ~a~%"
                                                   server))
                                         ',name-servers)))
                          #t))))
      (stop  `(lambda _
                ;; Return #f is successfully stopped.
                (not (and (system* ,ifconfig ,interface "down")
                          (system* ,route "del" "-net" "default")))))
      (respawn? #f)
      (inputs `(("inetutils" ,inetutils)
                ,@(if gateway
                      `(("net-tools" ,net-tools))
                      '())))))))

(define* (xorg-start-command #:key
                             (guile guile-final)
                             (xorg-server xorg-server))
  "Return a derivation that builds a GUILE script to start the X server from
XORG-SERVER.  Usually the X server is started by a login manager."

  (define (xserver.conf)
    (text-file* "xserver.conf" "
Section \"Files\"
  FontPath \"" font-adobe75dpi "/share/font/X11/75dpi\"
  ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
  ModulePath \"" xf86-input-mouse "/lib/xorg/modules/input\"
  ModulePath \"" xf86-input-keyboard "/lib/xorg/modules/input\"
  ModulePath \"" xorg-server "/lib/xorg/modules\"
  ModulePath \"" xorg-server "/lib/xorg/modules/extensions\"
  ModulePath \"" xorg-server "/lib/xorg/modules/multimedia\"
EndSection

Section \"ServerFlags\"
  Option \"AllowMouseOpenFail\" \"on""
EndSection

Section \"Monitor\"
  Identifier \"Monitor[0]\"
EndSection

Section \"InputClass\"
  Identifier \"Generic keyboard\"
  MatchIsKeyboard \"on\"
  Option \"XkbRules\" \"base\"
  Option \"XkbModel\" \"pc104\"
EndSection

Section \"ServerLayout\"
  Identifier \"Layout\"
  Screen \"Screen-vesa\"
EndSection

Section \"Device\"
  Identifier \"Device-vesa\"
  Driver \"vesa\"
EndSection

Section \"Screen\"
  Identifier \"Screen-vesa\"
  Device \"Device-vesa\"
EndSection"))

  (mlet %store-monad ((guile-bin   (package-file guile "bin/guile"))
                      (xorg-bin    (package-file xorg-server "bin/X"))
                      (dri         (package-file mesa "lib/dri"))
                      (xkbcomp-bin (package-file xkbcomp "bin"))
                      (xkb-dir     (package-file xkeyboard-config
                                                 "share/X11/xkb"))
                      (config      (xserver.conf)))
    (define builder
      ;; Write a small wrapper around the X server.
      `(let ((out (assoc-ref %outputs "out")))
         (call-with-output-file out
           (lambda (port)
             (format port "#!~a --no-auto-compile~%!#~%" ,guile-bin)
             (write '(begin
                       (setenv "XORG_DRI_DRIVER_PATH" ,dri)
                       (setenv "XKB_BINDIR" ,xkbcomp-bin)

                       (apply execl

                              ,xorg-bin "-ac" "-logverbose" "-verbose"
                              "-xkbdir" ,xkb-dir
                              "-config" ,(derivation->output-path config)
                              "-nolisten" "tcp" "-terminate"

                              ;; Note: SLiM and other display managers add the
                              ;; '-auth' flag by themselves.
                              (cdr (command-line))))
                    port)))
         (chmod out #o555)
         #t))

    (mlet %store-monad ((inputs (lower-inputs
                                 `(("xorg" ,xorg-server)
                                   ("xkbcomp" ,xkbcomp)
                                   ("xkeyboard-config" ,xkeyboard-config)
                                   ("mesa" ,mesa)
                                   ("guile" ,guile)
                                   ("xorg.conf" ,config)))))
      (derivation-expression "start-xorg" builder
                             #:inputs inputs))))

(define* (slim-service #:key (slim slim)
                       (allow-empty-passwords? #t) auto-login?
                       (default-user "")
                       (xauth xauth) (dmd dmd) (bash bash)
                       startx)
  "Return a service that spawns the SLiM graphical login manager, which in
turn start the X display server with STARTX, a command as returned by
'xorg-start-command'.

When ALLOW-EMPTY-PASSWORDS? is true, allow logins with an empty password.
When AUTO-LOGIN? is true, log in automatically as DEFAULT-USER."
  (define (slim.cfg)
    ;; TODO: Run "bash -login ~/.xinitrc %session".
    (mlet %store-monad ((startx (or startx (xorg-start-command))))
      (text-file* "slim.cfg"  "
default_path /run/current-system/bin
default_xserver " startx "
xserver_arguments :0 vt7
xauth_path " xauth "/bin/xauth
authfile /var/run/slim.auth

# The login command.  '%session' is replaced by the chosen session name, one
# of the names specified in the 'sessions' setting: 'wmaker', 'xfce', etc.
login_cmd  exec " ratpoison "/bin/ratpoison

halt_cmd " dmd "/sbin/halt
reboot_cmd " dmd "/sbin/reboot
" (if auto-login?
      (string-append "auto_login yes\ndefault_user " default-user)
      ""))))

  (mlet %store-monad ((slim-bin (package-file slim "bin/slim"))
                      (bash-bin (package-file bash "bin/bash"))
                      (slim.cfg (slim.cfg)))
    (return
     (service
      (documentation "Xorg display server")
      (provision '(xorg-server))
      (requirement '(host-name))
      (start
       ;; XXX: Work around the inability to specify env. vars. directly.
       `(make-forkexec-constructor
         ,bash-bin "-c"
         ,(string-append "SLIM_CFGFILE=" (derivation->output-path slim.cfg)
                         " " slim-bin
                         " -nodaemon")))
      (stop  `(make-kill-destructor))
      (inputs `(("slim" ,slim)
                ("slim.cfg" ,slim.cfg)
                ("bash" ,bash)))
      (respawn? #t)
      (pam-services
       ;; Tell PAM about 'slim'.
       (list (unix-pam-service
              "slim"
              #:allow-empty-passwords? allow-empty-passwords?)))))))


(define (dmd-configuration-file services etc)
  "Return the dmd configuration file for SERVICES, that initializes /etc from
ETC on startup."
  (define config
    `(begin
       (use-modules (ice-9 ftw))

       (register-services
        ,@(map (match-lambda
                (($ <service> documentation provision requirement
                    respawn? start stop)
                 `(make <service>
                    #:docstring ,documentation
                    #:provides ',provision
                    #:requires ',requirement
                    #:respawn? ,respawn?
                    #:start ,start
                    #:stop ,stop)))
               services))

       ;; /etc is a mixture of static and dynamic settings.  Here is where we
       ;; initialize it from the static part.
       (format #t "populating /etc from ~a...~%" ,etc)
       (let ((rm-f (lambda (f)
                     (false-if-exception (delete-file f)))))
         (rm-f "/etc/static")
         (symlink ,etc "/etc/static")
         (for-each (lambda (file)
                     ;; TODO: Handle 'shadow' specially so that changed
                     ;; password aren't lost.
                     (let ((target (string-append "/etc/" file))
                           (source (string-append "/etc/static/" file)))
                       (rm-f target)
                       (symlink source target)))
                   (scandir ,etc
                            (lambda (file)
                              (not (member file '("." ".."))))))

         ;; Prevent ETC from being GC'd.
         (rm-f "/var/nix/gcroots/etc-directory")
         (symlink ,etc "/var/nix/gcroots/etc-directory"))

       (format #t "starting services...~%")
       (for-each start ',(append-map service-provision services))))

  (text-file "dmd.conf" (object->string config)))

;;; dmd.scm ends here