diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
| commit | 77181815ae70cf573b6fa390a4400b718835aa8a (patch) | |
| tree | 731ccaaccc7a69ddc90f04bb71a6a39aa5f3be5a /gnu/services | |
| parent | e3f9406b7c4b3b1afe3dd6affb7f7898434d607a (diff) | |
| parent | 35377cfa908340e51fd22af7369aef15499d4a36 (diff) | |
| download | guix-77181815ae70cf573b6fa390a4400b718835aa8a.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/base.scm | 2 | ||||
| -rw-r--r-- | gnu/services/certbot.scm | 133 | ||||
| -rw-r--r-- | gnu/services/configuration.scm | 3 | ||||
| -rw-r--r-- | gnu/services/desktop.scm | 13 | ||||
| -rw-r--r-- | gnu/services/dict.scm | 26 | ||||
| -rw-r--r-- | gnu/services/messaging.scm | 57 | ||||
| -rw-r--r-- | gnu/services/version-control.scm | 63 | ||||
| -rw-r--r-- | gnu/services/xorg.scm | 298 |
8 files changed, 483 insertions, 112 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 06b2a7d2d8..11f55c588c 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1345,7 +1345,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. (list (file-append guix "/share/guix/hydra.gnu.org.pub") - (file-append guix "/share/guix/bayfront.guixsd.org.pub"))) + (file-append guix "/share/guix/berlin.guixsd.org.pub"))) (define-record-type* <guix-configuration> guix-configuration make-guix-configuration diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm new file mode 100644 index 0000000000..dc072ea8da --- /dev/null +++ b/gnu/services/certbot.scm @@ -0,0 +1,133 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> +;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu services certbot) + #:use-module (gnu services) + #:use-module (gnu services base) + #:use-module (gnu services shepherd) + #:use-module (gnu services mcron) + #:use-module (gnu services web) + #:use-module (gnu system shadow) + #:use-module (gnu packages tls) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (ice-9 match) + #:export (certbot-service-type + certbot-configuration + certbot-configuration?)) + +;;; Commentary: +;;; +;;; Automatically obtaining TLS certificates from Let's Encrypt. +;;; +;;; Code: + + +(define-record-type* <certbot-configuration> + certbot-configuration make-certbot-configuration + certbot-configuration? + (package certbot-configuration-package + (default certbot)) + (webroot certbot-configuration-webroot + (default "/var/www")) + (hosts certbot-configuration-hosts + (default '())) + (default-location certbot-configuration-default-location + (default + (nginx-location-configuration + (uri "/") + (body + (list "return 301 https://$host$request_uri;")))))) + +(define certbot-renewal-jobs + (match-lambda + (($ <certbot-configuration> package webroot hosts default-location) + (match hosts + ;; Avoid pinging certbot if we have no hosts. + (() '()) + (_ + (list + ;; Attempt to renew the certificates twice a week. + #~(job (lambda (now) + (next-day-from (next-hour-from now '(3)) + '(2 5))) + (string-append #$package "/bin/certbot renew" + (string-concatenate + (map (lambda (host) + (string-append " -d " host)) + #$hosts)))))))))) + +(define certbot-activation + (match-lambda + (($ <certbot-configuration> package webroot hosts default-location) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (mkdir-p #$webroot) + (for-each + (lambda (host) + (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host)) + (unless (zero? (system* + (string-append #$certbot "/bin/certbot") + "certonly" "--webroot" "-w" #$webroot + "-d" host)) + (error "failed to acquire cert for host" host)))) + '#$hosts)))))) + +(define certbot-nginx-server-configurations + (match-lambda + (($ <certbot-configuration> package webroot hosts default-location) + (map + (lambda (host) + (nginx-server-configuration + (http-port 80) + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f) + (server-name (list host)) + (locations + (filter identity + (list + (nginx-location-configuration + (uri "/.well-known") + (body (list (list "root " webroot ";")))) + default-location))))) + hosts)))) + +(define certbot-service-type + (service-type (name 'certbot) + (extensions + (list (service-extension nginx-service-type + certbot-nginx-server-configurations) + (service-extension activation-service-type + certbot-activation) + (service-extension mcron-service-type + certbot-renewal-jobs))) + (compose concatenate) + (extend (lambda (config additional-hosts) + (certbot-configuration + (inherit config) + (hosts (append (certbot-configuration-hosts config) + additional-hosts))))) + (default-value (certbot-configuration)) + (description + "Automatically renew @url{https://letsencrypt.org, Let's +Encrypt} HTTPS certificates by adjusting the nginx web server configuration +and periodically invoking @command{certbot}."))) diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm index 0a2219e743..c45340f02f 100644 --- a/gnu/services/configuration.scm +++ b/gnu/services/configuration.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -165,7 +166,7 @@ (configuration-field-default-value-thunk f) (lambda _ '%invalid)))) (define (show-default? val) - (or (string? default) (number? default) (boolean? default) + (or (string? val) (number? val) (boolean? val) (and (symbol? val) (not (eq? val '%invalid))) (and (list? val) (and-map show-default? val)))) `(deftypevr (% (category diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 4b5100c27a..78530b3454 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -507,6 +507,15 @@ site} for more information." (udisks udisks-configuration-udisks (default udisks))) +(define %udisks-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (let ((run-dir "/var/run/udisks2")) + (mkdir-p run-dir) + (chmod run-dir #o700))))) + (define udisks-service-type (let ((udisks-package (lambda (config) (list (udisks-configuration-udisks config))))) @@ -518,6 +527,8 @@ site} for more information." udisks-package) (service-extension udev-service-type udisks-package) + (service-extension activation-service-type + (const %udisks-activation)) ;; Profile 'udisksctl' & co. in the system profile. (service-extension profile-service-type @@ -843,7 +854,7 @@ with the administrator's password." (define %desktop-services ;; List of services typically useful for a "desktop" use case. - (cons* (slim-service) + (cons* (service slim-service-type) ;; Screen lockers are a pretty useful thing and these are small. (screen-locker-service slock) diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm index 69eadafd2e..c8403c0135 100644 --- a/gnu/services/dict.scm +++ b/gnu/services/dict.scm @@ -21,6 +21,7 @@ (define-module (gnu services dict) #:use-module (guix gexp) #:use-module (guix records) + #:use-module (guix modules) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) @@ -144,14 +145,23 @@ database { (let ((dicod (file-append (dicod-configuration-dico config) "/bin/dicod")) (dicod.conf (dicod-configuration-file config))) - (list (shepherd-service - (provision '(dicod)) - (documentation "Run the dicod daemon.") - (start #~(make-forkexec-constructor - (list #$dicod "--foreground" - (string-append "--config=" #$dicod.conf)) - #:user "dicod" #:group "dicod")) - (stop #~(make-kill-destructor)))))) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(dicod)) + (documentation "Run the dicod daemon.") + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start #~(make-forkexec-constructor/container + (list #$dicod "--foreground" + (string-append "--config=" #$dicod.conf)) + #:user "dicod" #:group "dicod" + #:mappings (list (file-system-mapping + (source "/var/run/dicod") + (target source) + (writable? #t))))) + (stop #~(make-kill-destructor))))))) (define dicod-service-type (service-type diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 715d6181f5..d57a7562a2 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -160,7 +160,7 @@ (define (module-list? val) (string-list? val)) (define (serialize-module-list field-name val) - (serialize-string-list field-name (cons "posix" val))) + (serialize-string-list field-name val)) (define-maybe module-list) (define (file-name? val) @@ -176,6 +176,12 @@ (serialize-string-list field-name val)) (define-maybe file-name) +(define (raw-content? val) + (not (eq? val 'disabled))) +(define (serialize-raw-content field-name val) + (format #t "~a" val)) +(define-maybe raw-content) + (define-configuration mod-muc-configuration (name (string "Prosody Chatrooms") @@ -203,12 +209,12 @@ just joined the room.")) "This determines what handshake to use.") (key - (file-name "/etc/prosody/certs/key.pem") - "Path to your private key file, relative to @code{/etc/prosody}.") + (maybe-file-name 'disabled) + "Path to your private key file.") (certificate - (file-name "/etc/prosody/certs/cert.pem") - "Path to your certificate file, relative to @code{/etc/prosody}.") + (maybe-file-name 'disabled) + "Path to your certificate file.") (capath (file-name "/etc/ssl/certs") @@ -271,7 +277,9 @@ can create such a file with: "tls" "dialback" "disco" + "carbons" "private" + "blocklist" "vcard" "version" "uptime" @@ -321,6 +329,13 @@ can create such a file with: paths in order. See @url{http://prosody.im/doc/plugins_directory}." global) + (certificates + (file-name "/etc/prosody/certs") + "Every virtual host and component needs a certificate so that clients and +servers can securely verify its identity. Prosody will automatically load +certificates/keys from the directory specified here." + global) + (admins (string-list '()) "This is a list of accounts that are admins for the server. Note that you @@ -339,8 +354,8 @@ Example: @code{(admins '(\"user1@@example.com\" \"user2@@example.net\"))}" (module-list %default-modules-enabled) "This is the list of modules Prosody will load on startup. It looks for @code{mod_modulename.lua} in the plugins folder, so make sure that exists too. -Documentation on modules can be found at: @url{http://prosody.im/doc/modules}. -Defaults to @samp{%default-modules-enabled}." +Documentation on modules can be found at: +@url{http://prosody.im/doc/modules}." common) (modules-disabled @@ -376,6 +391,12 @@ using them. See @url{http://prosody.im/doc/advanced_ssl_config}." See @url{http://prosody.im/doc/modules/mod_tls}." common) + (disable-sasl-mechanisms + (string-list '("DIGEST-MD5")) + "Set of mechanisms that will never be offered. See +@url{https://prosody.im/doc/modules/mod_saslauth}." + common) + (s2s-require-encryption? (boolean #f) "Whether to force all server-to-server connections to be encrypted or not. @@ -427,6 +448,19 @@ by the GuixSD Prosody Service. See @url{http://prosody.im/doc/logging}." "File to write pid in. See @url{http://prosody.im/doc/modules/mod_posix}." global) + (http-max-content-size + (maybe-non-negative-integer 'disabled) + "Maximum allowed size of the HTTP body (in bytes)." + common) + + (http-external-url + (maybe-string 'disabled) + "Some modules expose their own URL in various ways. This URL is built +from the protocol, host and port used. If Prosody sits behind a proxy, the +public URL will be @code{http-external-url} instead. See +@url{https://prosody.im/doc/http#external_url}." + common) + (virtualhosts (virtualhost-configuration-list (list (virtualhost-configuration @@ -511,7 +545,12 @@ See also @url{http://prosody.im/doc/modules/mod_muc}." (hostname (string (configuration-missing-field 'ext-component 'hostname)) "Hostname of the component." - ext-component))) + ext-component) + + (raw-content + (maybe-raw-content 'disabled) + "Raw content that will be added to the configuration file." + common))) ;; Serialize Virtualhost line first. (define (serialize-virtualhost-configuration config) @@ -683,7 +722,7 @@ See also @url{http://prosody.im/doc/modules/mod_muc}." (display c)) str)))) (define (show-default? val) - (or (string? default) (number? default) (boolean? default) + (or (string? val) (number? val) (boolean? val) (and (list? val) (and-map show-default? val)))) (format #t "@deftypevr {@code{~a} parameter} ~a ~a\n~a\n" configuration-name field-type field-name field-docs) diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index e39f4411fd..fce2ce1c25 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -55,7 +55,11 @@ %cgit-configuration-nginx cgit-configuration-nginx-config - cgit-service-type)) + cgit-service-type + + git-http-configuration + git-http-configuration? + git-http-nginx-location-configuration)) ;;; Commentary: ;;; @@ -152,7 +156,11 @@ (service-extension account-service-type (const %git-daemon-accounts)) (service-extension activation-service-type - git-daemon-activation))))) + git-daemon-activation))) + (description + "Expose Git respositories over the insecure @code{git://} TCP-based +protocol.") + (default-value (git-daemon-configuration)))) (define* (git-daemon-service #:key (config (git-daemon-configuration))) "Return a service that runs @command{git daemon}, a simple TCP server to @@ -255,4 +263,53 @@ access to exported repositories under @file{/srv/git}." cgit-activation) (service-extension nginx-service-type cgit-configuration-nginx-config))) - (default-value (cgit-configuration)))) + (default-value (cgit-configuration)) + (description + "Run the Cgit web interface, which allows users to browse Git +repositories."))) + + +;;; +;;; HTTP access. Add the result of calling +;;; git-http-nginx-location-configuration to an nginx-server-configuration's +;;; "locations" field. +;;; + +(define-record-type* <git-http-configuration> + git-http-configuration + make-git-http-configuration + git-http-configuration? + (package git-http-configuration-package ;package + (default git)) + (git-root git-http-configuration-git-root ;string + (default "/srv/git")) + (export-all? git-http-configuration-export-all? ;boolean + (default #f)) + (uri-path git-http-configuration-uri-path ;string + (default "/git/")) + (fcgiwrap-socket git-http-configuration-fcgiwrap-socket ;string + (default "127.0.0.1:9000"))) + +(define* (git-http-nginx-location-configuration #:optional + (config + (git-http-configuration))) + (match config + (($ <git-http-configuration> package git-root export-all? + uri-path fcgiwrap-socket) + (nginx-location-configuration + (uri (string-append "~ /" (string-trim-both uri-path #\/) "(/.*)")) + (body + (list + (list "fastcgi_pass " fcgiwrap-socket ";") + (list "fastcgi_param SCRIPT_FILENAME " + package "/libexec/git-core/git-http-backend" + ";") + "fastcgi_param QUERY_STRING $query_string;" + "fastcgi_param REQUEST_METHOD $request_method;" + "fastcgi_param CONTENT_TYPE $content_type;" + "fastcgi_param CONTENT_LENGTH $content_length;" + (if export-all? + "fastcgi_param GIT_HTTP_EXPORT_ALL \"\";" + "") + (list "fastcgi_param GIT_PROJECT_ROOT " git-root ";") + "fastcgi_param PATH_INFO $1;")))))) diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index c5a1a0d423..cef0d60b59 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com> -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -45,13 +45,27 @@ #:use-module (ice-9 match) #:export (xorg-configuration-file %default-xorg-modules + %default-xorg-fonts xorg-wrapper xorg-start-command xinitrc %default-slim-theme %default-slim-theme-name + slim-configuration + slim-configuration? + slim-configuration-slim + slim-configuration-allow-empty-passwords? + slim-configuration-auto-login? + slim-configuration-default-user + slim-configuration-theme + slim-configuration-theme-name + slim-configuration-xauth + slim-configuration-shepherd + slim-configuration-auto-login-session + slim-configuration-startx + slim-service-type slim-service @@ -70,11 +84,52 @@ ;;; ;;; Code: -(define* (xorg-configuration-file #:key (drivers '()) (resolutions '()) +(define %default-xorg-modules + ;; Default list of modules loaded by the server. Note that the order + ;; matters since it determines which driver is going to be used when there's + ;; a choice. + (list xf86-video-vesa + xf86-video-fbdev + xf86-video-ati + xf86-video-cirrus + xf86-video-intel + xf86-video-mach64 + xf86-video-nouveau + xf86-video-nv + xf86-video-sis + + ;; Libinput is the new thing and is recommended over evdev/synaptics: + ;; <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>. + xf86-input-libinput + + xf86-input-evdev + xf86-input-keyboard + xf86-input-mouse + xf86-input-synaptics)) + +(define %default-xorg-fonts + ;; Default list of fonts available to the X server. + (list (file-append font-alias "/share/fonts/X11/75dpi") + (file-append font-alias "/share/fonts/X11/100dpi") + (file-append font-alias "/share/fonts/X11/misc") + (file-append font-alias "/share/fonts/X11/cyrillic") + (file-append font-misc-misc ;default fonts for xterm + "/share/fonts/X11/misc") + (file-append font-adobe75dpi "/share/fonts/X11/75dpi"))) + +(define* (xorg-configuration-file #:key + (modules %default-xorg-modules) + (fonts %default-xorg-fonts) + (drivers '()) (resolutions '()) (extra-config '())) "Return a configuration file for the Xorg server containing search paths for all the common drivers. +@var{modules} must be a list of @dfn{module packages} loaded by the Xorg +server---e.g., @code{xf86-video-vesa}, @code{xf86-input-keyboard}, and so on. +@var{fonts} must be a list of font directories to add to the server's +@dfn{font path}. + @var{drivers} must be either the empty list, in which case Xorg chooses a graphics driver automatically, or a list of driver names that will be tried in this order---e.g., @code{(\"modesetting\" \"vesa\")}. @@ -84,17 +139,32 @@ appropriate screen resolution; otherwise, it must be a list of resolutions---e.g., @code{((1024 768) (640 480))}. Last, @var{extra-config} is a list of strings or objects appended to the -@code{mixed-text-file} argument list. It is used to pass extra text to be +configuration file. It is used to pass extra text to be added verbatim to the configuration file." - (define (device-section driver) - (string-append " + (define all-modules + ;; 'xorg-server' provides 'fbdevhw.so' etc. + (append modules (list xorg-server))) + + (define build + #~(begin + (use-modules (ice-9 match) + (srfi srfi-1) + (srfi srfi-26)) + + (call-with-output-file #$output + (lambda (port) + (define drivers + '#$drivers) + + (define (device-section driver) + (string-append " Section \"Device\" Identifier \"device-" driver "\" Driver \"" driver "\" EndSection")) - (define (screen-section driver resolutions) - (string-append " + (define (screen-section driver resolutions) + (string-append " Section \"Screen\" Identifier \"screen-" driver "\" Device \"device-" driver "\" @@ -108,65 +178,56 @@ Section \"Screen\" EndSubSection EndSection")) - (apply mixed-text-file "xserver.conf" " -Section \"Files\" - FontPath \"" font-alias "/share/fonts/X11/75dpi\" - FontPath \"" font-alias "/share/fonts/X11/100dpi\" - FontPath \"" font-alias "/share/fonts/X11/misc\" - FontPath \"" font-alias "/share/fonts/X11/cyrillic\" - FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\" - ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-mach64 "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-nouveau "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-nv "/lib/xorg/modules/drivers\" - ModulePath \"" xf86-video-sis "/lib/xorg/modules/drivers\" - - # Libinput is the new thing and is recommended over evdev/synaptics - # by those who know: - # <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>. - ModulePath \"" xf86-input-libinput "/lib/xorg/modules/input\" - - ModulePath \"" xf86-input-evdev "/lib/xorg/modules/input\" - ModulePath \"" xf86-input-keyboard "/lib/xorg/modules/input\" - ModulePath \"" xf86-input-mouse "/lib/xorg/modules/input\" - ModulePath \"" xf86-input-synaptics "/lib/xorg/modules/input\" - ModulePath \"" xorg-server "/lib/xorg/modules\" - ModulePath \"" xorg-server "/lib/xorg/modules/drivers\" - ModulePath \"" xorg-server "/lib/xorg/modules/extensions\" - ModulePath \"" xorg-server "/lib/xorg/modules/multimedia\" -EndSection - + (define (expand modules) + ;; Append to MODULES the relevant /lib/xorg/modules + ;; sub-directories. + (append-map (lambda (module) + (filter-map (lambda (directory) + (let ((full (string-append module + directory))) + (and (file-exists? full) + full))) + '("/lib/xorg/modules/drivers" + "/lib/xorg/modules/input" + "/lib/xorg/modules/multimedia" + "/lib/xorg/modules/extensions"))) + modules)) + + (display "Section \"Files\"\n" port) + (for-each (lambda (font) + (format port " FontPath \"~a\"~%" font)) + '#$fonts) + (for-each (lambda (module) + (format port + " ModulePath \"~a\"~%" + module)) + (append (expand '#$all-modules) + + ;; For fbdevhw.so and so on. + (list #$(file-append xorg-server + "/lib/xorg/modules")))) + (display "EndSection\n" port) + (display " Section \"ServerFlags\" Option \"AllowMouseOpenFail\" \"on\" -EndSection -" - (string-join (map device-section drivers) "\n") "\n" - (string-join (map (cut screen-section <> resolutions) - drivers) - "\n") +EndSection\n" port) - "\n" - extra-config)) + (display (string-join (map device-section drivers) "\n") + port) + (newline port) + (display (string-join + (map (cut screen-section <> '#$resolutions) + drivers) + "\n") + port) + (newline port) + + (for-each (lambda (config) + (display config port)) + '#$extra-config))))) + + (computed-file "xserver.conf" build)) -(define %default-xorg-modules - (list xf86-video-vesa - xf86-video-fbdev - xf86-video-ati - xf86-video-cirrus - xf86-video-intel - xf86-video-mach64 - xf86-video-nouveau - xf86-video-nv - xf86-video-sis - xf86-input-libinput - xf86-input-evdev - xf86-input-keyboard - xf86-input-mouse - xf86-input-synaptics)) (define (xorg-configuration-directory modules) "Return a directory that contains the @code{.conf} files for X.org that @@ -196,8 +257,9 @@ in @var{modules}." (define* (xorg-wrapper #:key (guile (canonical-package guile-2.0)) - (configuration-file (xorg-configuration-file)) (modules %default-xorg-modules) + (configuration-file (xorg-configuration-file + #:modules modules)) (xorg-server xorg-server)) "Return a derivation that builds a @var{guile} script to start the X server from @var{xorg-server}. @var{configuration-file} is the server configuration @@ -221,12 +283,16 @@ in place of @code{/usr/bin/X}." (define* (xorg-start-command #:key (guile (canonical-package guile-2.0)) - (configuration-file (xorg-configuration-file)) (modules %default-xorg-modules) + (fonts %default-xorg-fonts) + (configuration-file + (xorg-configuration-file #:modules modules + #:fonts fonts)) (xorg-server xorg-server)) - "Return a derivation that builds a @code{startx} script in which a number of -X modules are available. See @code{xorg-wrapper} for more details on the -arguments. The result should be used in place of @code{startx}." + "Return a @code{startx} script in which @var{modules}, a list of X module +packages, and @var{fonts}, a list of X font directories, are available. See +@code{xorg-wrapper} for more details on the arguments. The result should be +used in place of @code{startx}." (define X (xorg-wrapper #:guile guile #:configuration-file configuration-file @@ -245,10 +311,15 @@ arguments. The result should be used in place of @code{startx}." fallback-session) "Return a system-wide xinitrc script that starts the specified X session, which should be passed to this script as the first argument. If not, the -@var{fallback-session} will be used." +@var{fallback-session} will be used or, if @var{fallback-session} is false, a +desktop session from the system or user profile will be used." (define builder #~(begin - (use-modules (ice-9 match)) + (use-modules (ice-9 match) + (ice-9 regex) + (ice-9 ftw) + (srfi srfi-1) + (srfi srfi-26)) (define (close-all-fdes) ;; Close all the open file descriptors except 0 to 2. @@ -272,16 +343,60 @@ which should be passed to this script as the first argument. If not, the (execl shell shell "--login" "-c" (string-join (cons command args))))) + (define system-profile + "/run/current-system/profile") + + (define user-profile + (and=> (getpw (getuid)) + (lambda (pw) + (string-append (passwd:dir pw) "/.guix-profile")))) + + (define (xsession-command desktop-file) + ;; Read from DESKTOP-FILE its X session command and return it as a + ;; list. + (define exec-regexp + (make-regexp "^[[:blank:]]*Exec=(.*)$")) + + (call-with-input-file desktop-file + (lambda (port) + (let loop () + (match (read-line port) + ((? eof-object?) #f) + ((= (cut regexp-exec exec-regexp <>) result) + (if result + (string-tokenize (match:substring result 1)) + (loop)))))))) + + (define (find-session profile) + ;; Return an X session command from PROFILE or #f if none was found. + (let ((directory (string-append profile "/share/xsessions"))) + (match (scandir directory + (cut string-suffix? ".desktop" <>)) + ((or () #f) + #f) + ((sessions ...) + (any xsession-command + (map (cut string-append directory "/" <>) + sessions)))))) + (let* ((home (getenv "HOME")) (xsession-file (string-append home "/.xsession")) (session (match (command-line) - ((_) (list #$fallback-session)) - ((_ x ..1) x)))) + ((_) + #$(if fallback-session + #~(list #$fallback-session) + #f)) + ((_ x ..1) + x)))) (if (file-exists? xsession-file) ;; Run ~/.xsession when it exists. - (apply exec-from-login-shell xsession-file session) - ;; Otherwise, start the specified session. - (apply exec-from-login-shell session))))) + (apply exec-from-login-shell xsession-file + (or session '())) + ;; Otherwise, start the specified session or a fallback. + (apply exec-from-login-shell + (or session + (find-session user-profile) + (find-session system-profile))))))) (program-file "xinitrc" builder)) @@ -304,19 +419,24 @@ which should be passed to this script as the first argument. If not, the slim-configuration? (slim slim-configuration-slim (default slim)) - (allow-empty-passwords? slim-configuration-allow-empty-passwords?) - (auto-login? slim-configuration-auto-login?) - (default-user slim-configuration-default-user) - (theme slim-configuration-theme) - (theme-name slim-configuration-theme-name) + (allow-empty-passwords? slim-configuration-allow-empty-passwords? + (default #t)) + (auto-login? slim-configuration-auto-login? + (default #f)) + (default-user slim-configuration-default-user + (default "")) + (theme slim-configuration-theme + (default %default-slim-theme)) + (theme-name slim-configuration-theme-name + (default %default-slim-theme-name)) (xauth slim-configuration-xauth (default xauth)) (shepherd slim-configuration-shepherd (default shepherd)) - (bash slim-configuration-bash - (default bash)) - (auto-login-session slim-configuration-auto-login-session) - (startx slim-configuration-startx)) + (auto-login-session slim-configuration-auto-login-session + (default #f)) + (startx slim-configuration-startx + (default (xorg-start-command)))) (define (slim-pam-service config) "Return a PAM service for @command{slim}." @@ -391,16 +511,16 @@ reboot_cmd " shepherd "/sbin/reboot\n" ;; Unconditionally add xterm to the system profile, to ;; avoid bad surprises. (service-extension profile-service-type - (const (list xterm))))))) + (const (list xterm))))) + (default-value (slim-configuration)))) -(define* (slim-service #:key (slim slim) +(define* (slim-service #:key (slim slim) ;deprecated (allow-empty-passwords? #t) auto-login? (default-user "") (theme %default-slim-theme) (theme-name %default-slim-theme-name) - (xauth xauth) (shepherd shepherd) (bash bash) - (auto-login-session (file-append windowmaker - "/bin/wmaker")) + (xauth xauth) (shepherd shepherd) + (auto-login-session #f) (startx (xorg-start-command))) "Return a service that spawns the SLiM graphical login manager, which in turn starts the X display server with @var{startx}, a command as returned by @@ -433,7 +553,7 @@ theme." (allow-empty-passwords? allow-empty-passwords?) (auto-login? auto-login?) (default-user default-user) (theme theme) (theme-name theme-name) - (xauth xauth) (shepherd shepherd) (bash bash) + (xauth xauth) (shepherd shepherd) (auto-login-session auto-login-session) (startx startx)))) |