summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-09-30 12:01:32 +0200
committerLudovic Courtès <ludo@gnu.org>2016-09-30 12:05:27 +0200
commit79355ae3e84359716f5135cc7083e72246bc8bf9 (patch)
tree6b61851e2153581578bb78ef0f177b8841ee5db7 /gnu/services
parent39d6b9c99f297e14fc4f47f002be3d40556726be (diff)
parent86d8f6d3efb8300a3354735cbf06be6c01e23243 (diff)
downloadguix-79355ae3e84359716f5135cc7083e72246bc8bf9.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/avahi.scm2
-rw-r--r--gnu/services/base.scm279
-rw-r--r--gnu/services/databases.scm4
-rw-r--r--gnu/services/dbus.scm4
-rw-r--r--gnu/services/desktop.scm11
-rw-r--r--gnu/services/dict.scm2
-rw-r--r--gnu/services/mail.scm14
-rw-r--r--gnu/services/networking.scm27
-rw-r--r--gnu/services/nfs.scm54
-rw-r--r--gnu/services/sddm.scm318
-rw-r--r--gnu/services/spice.scm2
-rw-r--r--gnu/services/ssh.scm133
-rw-r--r--gnu/services/web.scm6
-rw-r--r--gnu/services/xorg.scm13
14 files changed, 737 insertions, 132 deletions
diff --git a/gnu/services/avahi.scm b/gnu/services/avahi.scm
index 807cc05a22..60e9e61f94 100644
--- a/gnu/services/avahi.scm
+++ b/gnu/services/avahi.scm
@@ -88,7 +88,7 @@
          (system? #t)
          (comment "Avahi daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define %avahi-activation
   ;; Activation gexp.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index f3f6408687..afbecdb47e 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -39,6 +39,7 @@
   #:use-module (gnu packages package-management)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages lsof)
+  #:use-module (gnu packages terminals)
   #:use-module ((gnu build file-systems)
                 #:select (mount-flags->bit-mask))
   #:use-module (guix gexp)
@@ -57,6 +58,8 @@
             session-environment-service-type
             host-name-service
             console-keymap-service
+            %default-console-font
+            console-font-service-type
             console-font-service
 
             udev-configuration
@@ -66,6 +69,11 @@
             udev-service
             udev-rule
 
+            login-configuration
+            login-configuration?
+            login-service-type
+            login-service
+
             mingetty-configuration
             mingetty-configuration?
             mingetty-service
@@ -82,6 +90,9 @@
 
             nscd-service-type
             nscd-service
+
+            syslog-configuration
+            syslog-configuration?
             syslog-service
             syslog-service-type
             %default-syslog.conf
@@ -108,6 +119,11 @@
             rngd-configuration?
             rngd-service-type
             rngd-service
+
+            kmscon-configuration
+            kmscon-configuration?
+            kmscon-service-type
+
             pam-limits-service-type
             pam-limits-service
 
@@ -513,7 +529,7 @@ stopped before 'kill' is called."
       (define device (rngd-configuration-device config))
 
       (define rngd-command
-        (list #~(string-append #$rng-tools "/sbin/rngd")
+        (list (file-append rng-tools "/sbin/rngd")
               "-f" "-r" device))
 
       (shepherd-service
@@ -621,37 +637,83 @@ strings or string-valued gexps."
   "Return a service to load console keymaps from @var{files}."
   (service console-keymap-service-type files))
 
-(define console-font-service-type
-  (shepherd-service-type
-   'console-font
-   (match-lambda
-     ((tty font)
-      (let ((device (string-append "/dev/" tty)))
-        (shepherd-service
-         (documentation "Load a Unicode console font.")
-         (provision (list (symbol-append 'console-font-
-                                         (string->symbol tty))))
-
-         ;; Start after mingetty has been started on TTY, otherwise the settings
-         ;; are ignored.
-         (requirement (list (symbol-append 'term-
-                                           (string->symbol tty))))
+(define %default-console-font
+  ;; Note: 'LatGrkCyr-8x16' has the advantage of providing three common
+  ;; scripts as well as glyphs for em dash, quotation marks, and other Unicode
+  ;; codepoints notably found in the UTF-8 manual.
+  "LatGrkCyr-8x16")
+
+(define (console-font-shepherd-services tty+font)
+  "Return a list of Shepherd services for each pair in TTY+FONT."
+  (map (match-lambda
+         ((tty . font)
+          (let ((device (string-append "/dev/" tty)))
+            (shepherd-service
+             (documentation "Load a Unicode console font.")
+             (provision (list (symbol-append 'console-font-
+                                             (string->symbol tty))))
+
+             ;; Start after mingetty has been started on TTY, otherwise the settings
+             ;; are ignored.
+             (requirement (list (symbol-append 'term-
+                                               (string->symbol tty))))
+
+             (start #~(lambda _
+                        (and #$(unicode-start device)
+                             (zero?
+                              (system* (string-append #$kbd "/bin/setfont")
+                                       "-C" #$device #$font)))))
+             (stop #~(const #t))
+             (respawn? #f)))))
+       tty+font))
 
-         (start #~(lambda _
-                    (and #$(unicode-start device)
-                         (zero?
-                          (system* (string-append #$kbd "/bin/setfont")
-                                   "-C" #$device #$font)))))
-         (stop #~(const #t))
-         (respawn? #f)))))))
+(define console-font-service-type
+  (service-type (name 'console-fonts)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          console-font-shepherd-services)))
+                (compose concatenate)
+                (extend append)))
 
 (define* (console-font-service tty #:optional (font "LatGrkCyr-8x16"))
-  "Return a service that sets up Unicode support in @var{tty} and loads
+  "This procedure is deprecated in favor of @code{console-font-service-type}.
+
+Return a service that sets up Unicode support in @var{tty} and loads
 @var{font} for that tty (fonts are per virtual console in Linux.)"
-  ;; Note: 'LatGrkCyr-8x16' has the advantage of providing three common
-  ;; scripts as well as glyphs for em dash, quotation marks, and other Unicode
-  ;; codepoints notably found in the UTF-8 manual.
-  (service console-font-service-type (list tty font)))
+  (simple-service (symbol-append 'console-font- (string->symbol tty))
+                  console-font-service-type `((,tty . ,font))))
+
+(define %default-motd
+  (plain-file "motd" "This is the GNU operating system, welcome!\n\n"))
+
+(define-record-type* <login-configuration>
+  login-configuration make-login-configuration
+  login-configuration?
+  (motd                   login-configuration-motd     ;file-like
+                          (default %default-motd))
+  ;; Allow empty passwords by default so that first-time users can log in when
+  ;; the 'root' account has just been created.
+  (allow-empty-passwords? login-configuration-allow-empty-passwords?
+                          (default #t)))               ;Boolean
+
+(define (login-pam-service config)
+  "Return the list of PAM service needed for CONF."
+  ;; Let 'login' be known to PAM.
+  (list (unix-pam-service "login"
+                          #:allow-empty-passwords?
+                          (login-configuration-allow-empty-passwords? config)
+                          #:motd
+                          (login-configuration-motd config))))
+
+(define login-service-type
+  (service-type (name 'login)
+                (extensions (list (service-extension pam-root-service-type
+                                                     login-pam-service)))))
+
+(define* (login-service #:optional (config (login-configuration)))
+  "Return a service configure login according to @var{config}, which specifies
+the message of the day, among other things."
+  (service login-service-type config))
 
 (define-record-type* <mingetty-configuration>
   mingetty-configuration make-mingetty-configuration
@@ -659,35 +721,17 @@ strings or string-valued gexps."
   (mingetty       mingetty-configuration-mingetty ;<package>
                   (default mingetty))
   (tty            mingetty-configuration-tty)     ;string
-  (motd           mingetty-configuration-motd     ;file-like
-                  (default (plain-file "motd" "Welcome.\n")))
   (auto-login     mingetty-auto-login             ;string | #f
                   (default #f))
   (login-program  mingetty-login-program          ;gexp
                   (default #f))
   (login-pause?   mingetty-login-pause?           ;Boolean
-                  (default #f))
-
-  ;; Allow empty passwords by default so that first-time users can log in when
-  ;; the 'root' account has just been created.
-  (allow-empty-passwords? mingetty-configuration-allow-empty-passwords?
-                          (default #t)))          ;Boolean
-
-(define (mingetty-pam-service conf)
-  "Return the list of PAM service needed for CONF."
-  ;; Let 'login' be known to PAM.  All the mingetty services will have that
-  ;; PAM service, but that's fine because they're all identical and duplicates
-  ;; are removed.
-  (list (unix-pam-service "login"
-                          #:allow-empty-passwords?
-                          (mingetty-configuration-allow-empty-passwords? conf)
-                          #:motd
-                          (mingetty-configuration-motd conf))))
+                  (default #f)))
 
 (define mingetty-shepherd-service
   (match-lambda
-    (($ <mingetty-configuration> mingetty tty motd auto-login login-program
-                                 login-pause? allow-empty-passwords?)
+    (($ <mingetty-configuration> mingetty tty auto-login login-program
+                                 login-pause?)
      (list
       (shepherd-service
        (documentation "Run mingetty on an tty.")
@@ -715,9 +759,7 @@ strings or string-valued gexps."
 (define mingetty-service-type
   (service-type (name 'mingetty)
                 (extensions (list (service-extension shepherd-root-service-type
-                                                     mingetty-shepherd-service)
-                                  (service-extension pam-root-service-type
-                                                     mingetty-pam-service)))))
+                                                     mingetty-shepherd-service)))))
 
 (define* (mingetty-service config)
   "Return a service to run mingetty according to @var{config}, which specifies
@@ -885,17 +927,27 @@ given @var{config}---an @code{<nscd-configuration>} object.  @xref{Name
 Service Switch}, for an example."
   (service nscd-service-type config))
 
+
+(define-record-type* <syslog-configuration>
+  syslog-configuration  make-syslog-configuration
+  syslog-configuration?
+  (syslogd              syslog-configuration-syslogd
+                        (default (file-append inetutils "/libexec/syslogd")))
+  (config-file          syslog-configuration-config-file
+                        (default %default-syslog.conf)))
+
 (define syslog-service-type
   (shepherd-service-type
    'syslog
-   (lambda (config-file)
+   (lambda (config)
      (shepherd-service
       (documentation "Run the syslog daemon (syslogd).")
       (provision '(syslogd))
       (requirement '(user-processes))
       (start #~(make-forkexec-constructor
-                (list (string-append #$inetutils "/libexec/syslogd")
-                      "--no-detach" "--rcfile" #$config-file)))
+                (list #$(syslog-configuration-syslogd config)
+                      "--rcfile" #$(syslog-configuration-config-file config))
+                #:pid-file "/var/run/syslog.pid"))
       (stop #~(make-kill-destructor))))))
 
 ;; Snippet adapted from the GNU inetutils manual.
@@ -921,14 +973,14 @@ Service Switch}, for an example."
      mail.*                                  /var/log/maillog
 "))
 
-(define* (syslog-service #:key (config-file %default-syslog.conf))
-  "Return a service that runs @command{syslogd}.  If configuration file
-name @var{config-file} is not specified, use some reasonable default
-settings.
+(define* (syslog-service #:optional (config (syslog-configuration)))
+  "Return a service that runs @command{syslogd} and takes
+@var{<syslog-configuration>} as a parameter.
 
 @xref{syslogd invocation,,, inetutils, GNU Inetutils}, for more
 information on the configuration file syntax."
-  (service syslog-service-type config-file))
+  (service syslog-service-type config))
+
 
 (define pam-limits-service-type
   (let ((security-limits
@@ -996,7 +1048,7 @@ starting at FIRST-UID, and under GID."
 
              (comment (format #f "Guix Build User ~2d" n))
              (home-directory "/var/empty")
-             (shell #~(string-append #$shadow "/sbin/nologin"))))
+             (shell (file-append shadow "/sbin/nologin"))))
           1+
           1))
 
@@ -1023,7 +1075,7 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
 
 (define %default-authorized-guix-keys
   ;; List of authorized substitute keys.
-  (list #~(string-append #$guix "/share/guix/hydra.gnu.org.pub")))
+  (list (file-append guix "/share/guix/hydra.gnu.org.pub")))
 
 (define-record-type* <guix-configuration>
   guix-configuration make-guix-configuration
@@ -1154,7 +1206,7 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
          (system? #t)
          (comment "guix publish user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define guix-publish-service-type
   (service-type (name 'guix-publish)
@@ -1419,41 +1471,76 @@ This service is not part of @var{%base-services}."
   (service gpm-service-type
            (gpm-configuration (gpm gpm) (options options))))
 
+(define-record-type* <kmscon-configuration>
+  kmscon-configuration     make-kmscon-configuration
+  kmscon-configuration?
+  (kmscon                  kmscon-configuration-kmscon
+                           (default kmscon))
+  (virtual-terminal        kmscon-configuration-virtual-terminal)
+  (login-program           kmscon-configuration-login-program
+                           (default #~(string-append #$shadow "/bin/login")))
+  (login-arguments         kmscon-configuration-login-arguments
+                           (default '("-p")))
+  (hardware-acceleration?  kmscon-configuration-hardware-acceleration?
+                           (default #f))) ; #t causes failure
+
+(define kmscon-service-type
+  (shepherd-service-type
+   'kmscon
+   (lambda (config)
+     (let ((kmscon (kmscon-configuration-kmscon config))
+           (virtual-terminal (kmscon-configuration-virtual-terminal config))
+           (login-program (kmscon-configuration-login-program config))
+           (login-arguments (kmscon-configuration-login-arguments config))
+           (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
+
+       (define kmscon-command
+         #~(list
+            (string-append #$kmscon "/bin/kmscon") "--login"
+            "--vt" #$virtual-terminal
+            #$@(if hardware-acceleration? '("--hwaccel") '())
+            "--" #$login-program #$@login-arguments))
+
+       (shepherd-service
+        (documentation "kmscon virtual terminal")
+        (requirement '(user-processes udev dbus-system))
+        (provision (list (symbol-append 'term- (string->symbol virtual-terminal))))
+        (start #~(make-forkexec-constructor #$kmscon-command))
+        (stop #~(make-kill-destructor)))))))
+
 
 (define %base-services
   ;; Convenience variable holding the basic services.
-  (let ((motd (plain-file "motd" "
-This is the GNU operating system, welcome!\n\n")))
-    (list (console-font-service "tty1")
-          (console-font-service "tty2")
-          (console-font-service "tty3")
-          (console-font-service "tty4")
-          (console-font-service "tty5")
-          (console-font-service "tty6")
-
-          (mingetty-service (mingetty-configuration
-                             (tty "tty1") (motd motd)))
-          (mingetty-service (mingetty-configuration
-                             (tty "tty2") (motd motd)))
-          (mingetty-service (mingetty-configuration
-                             (tty "tty3") (motd motd)))
-          (mingetty-service (mingetty-configuration
-                             (tty "tty4") (motd motd)))
-          (mingetty-service (mingetty-configuration
-                             (tty "tty5") (motd motd)))
-          (mingetty-service (mingetty-configuration
-                             (tty "tty6") (motd motd)))
-
-          (static-networking-service "lo" "127.0.0.1"
-                                     #:provision '(loopback))
-          (syslog-service)
-          (urandom-seed-service)
-          (guix-service)
-          (nscd-service)
-
-          ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
-          ;; used, so enable them by default.  The FUSE and ALSA rules are
-          ;; less critical, but handy.
-          (udev-service #:rules (list lvm2 fuse alsa-utils crda)))))
+  (list (login-service)
+
+        (service console-font-service-type
+                 (map (lambda (tty)
+                        (cons tty %default-console-font))
+                      '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
+
+        (mingetty-service (mingetty-configuration
+                           (tty "tty1")))
+        (mingetty-service (mingetty-configuration
+                           (tty "tty2")))
+        (mingetty-service (mingetty-configuration
+                           (tty "tty3")))
+        (mingetty-service (mingetty-configuration
+                           (tty "tty4")))
+        (mingetty-service (mingetty-configuration
+                           (tty "tty5")))
+        (mingetty-service (mingetty-configuration
+                           (tty "tty6")))
+
+        (static-networking-service "lo" "127.0.0.1"
+                                   #:provision '(loopback))
+        (syslog-service)
+        (urandom-seed-service)
+        (guix-service)
+        (nscd-service)
+
+        ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
+        ;; used, so enable them by default.  The FUSE and ALSA rules are
+        ;; less critical, but handy.
+        (udev-service #:rules (list lvm2 fuse alsa-utils crda))))
 
 ;;; base.scm ends here
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 86847f8c50..1eed85542b 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -76,7 +76,7 @@ host	all	all	::1/128 	trust"))
          (system? #t)
          (comment "PostgreSQL server user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define postgresql-activation
   (match-lambda
@@ -171,7 +171,7 @@ and stores the database cluster in @var{data-directory}."
          (group "mysql")
          (system? #t)
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define mysql-configuration-file
   (match-lambda
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 690561cccd..876f56d45f 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -128,13 +128,13 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in
          (system? #t)
          (comment "D-Bus system bus user")
          (home-directory "/var/run/dbus")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define dbus-setuid-programs
   ;; Return the file name of the setuid program that we need.
   (match-lambda
     (($ <dbus-configuration> dbus services)
-     (list #~(string-append #$dbus "/libexec/dbus-daemon-launch-helper")))))
+     (list (file-append dbus "/libexec/dbus-daemon-launch-helper")))))
 
 (define (dbus-activation config)
   "Return an activation gexp for D-Bus using @var{config}."
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 8dacf54668..dfd1ea6e92 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -460,9 +460,8 @@ Users need to be in the @code{lp} group to access the D-Bus service.
 (define polkit-setuid-programs
   (match-lambda
     (($ <polkit-configuration> polkit)
-     (list #~(string-append #$polkit
-                            "/lib/polkit-1/polkit-agent-helper-1")
-           #~(string-append #$polkit "/bin/pkexec")))))
+     (list (file-append polkit "/lib/polkit-1/polkit-agent-helper-1")
+           (file-append polkit "/bin/pkexec")))))
 
 (define polkit-service-type
   (service-type (name 'polkit)
@@ -522,7 +521,7 @@ the capability to suspend the system if the user is logged in locally."
          (system? #t)
          (comment "colord daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define colord-service-type
   (service-type (name 'colord)
@@ -738,8 +737,8 @@ seats.)"
   (define pam-elogind
     (pam-entry
      (control "required")
-     (module #~(string-append #$(elogind-package config)
-                              "/lib/security/pam_elogind.so"))))
+     (module (file-append (elogind-package config)
+                          "/lib/security/pam_elogind.so"))))
 
   (list (lambda (pam)
           (pam-service
diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm
index b06922c911..da5d004701 100644
--- a/gnu/services/dict.scm
+++ b/gnu/services/dict.scm
@@ -73,7 +73,7 @@
          (group "dicod")
          (system? #t)
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define (dicod-configuration-file config)
   (define database->text
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index c252d669de..cb0f119f43 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -987,7 +987,7 @@ could allow a user to delete others' mailboxes, or ln -s
 
   (mail-full-filesystem-access?
    (boolean #f)
-   "Allow full filesystem access to clients.  There's no access checks
+   "Allow full file system access to clients.  There's no access checks
 other than what the operating system does for the active UID/GID.  It
 works with both maildir and mboxes, allowing you to prefix mailboxes
 names with e.g. /path/ or ~user/.")
@@ -997,7 +997,7 @@ names with e.g. /path/ or ~user/.")
   (mmap-disable?
    (boolean #f)
    "Don't use mmap() at all.  This is required if you store indexes to
-shared filesystems (NFS or clustered filesystem).")
+shared file systems (NFS or clustered file system).")
 
   (dotlock-use-excl?
    (boolean #t)
@@ -1229,7 +1229,7 @@ disabled.")
    (boolean #f)
    "When creating new mdbox files, immediately preallocate their size to
 @samp{mdbox-rotate-size}.  This setting currently works only in Linux
-with some filesystems (ext4, xfs).")
+with some file systems (ext4, xfs).")
 
   (mail-attachment-dir
    (string "")
@@ -1249,7 +1249,7 @@ externally.")
 
   (mail-attachment-fs
    (string "sis posix")
-   "Filesystem backend to use for saving attachments:
+   "File system backend to use for saving attachments:
 @table @code
 @item posix
 No SiS done by Dovecot (but this might help FS's own deduplication)
@@ -1352,7 +1352,7 @@ regeneration entirely.")
    "SSL crypto device to use, for valid values run \"openssl engine\".")
 
   (postmaster-address
-   (string "")
+   (string "postmaster@%d")
    "Address to use when sending rejection mails.
 Default is postmaster@@<your domain>.  %d expands to recipient domain.")
 
@@ -1505,7 +1505,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
          (system? #t)
          (comment "Dovecot daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))
+         (shell (file-append shadow "/sbin/nologin")))
 
         (user-group (name "dovenull") (system? #t))
         (user-account
@@ -1514,7 +1514,7 @@ greyed out, instead of only later giving \"not selectable\" popup error.
          (system? #t)
          (comment "Dovecot daemon login user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define %dovecot-activation
   ;; Activation gexp.
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 71f49a03a5..7495179f8e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -193,7 +194,7 @@ gateway."
    'dhcp-client
    (lambda (dhcp)
      (define dhclient
-       #~(string-append #$dhcp "/sbin/dhclient"))
+       (file-append dhcp "/sbin/dhclient"))
 
      (define pid-file
        "/var/run/dhclient.pid")
@@ -272,7 +273,7 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
      (let ()
        ;; TODO: Add authentication support.
        (define config
-         (string-append "driftfile /var/run/ntp.drift\n"
+         (string-append "driftfile /var/run/ntpd/ntp.drift\n"
                         (string-join (map (cut string-append "server " <>)
                                           servers)
                                      "\n")
@@ -305,7 +306,19 @@ restrict -6 ::1\n"))
          (system? #t)
          (comment "NTP daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
+
+
+(define (ntp-service-activation config)
+  "Return the activation gexp for CONFIG."
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (define %user
+          (getpw "ntpd"))
+
+        (let ((directory "/var/run/ntpd"))
+          (mkdir-p directory)
+          (chown directory (passwd:uid %user) (passwd:gid %user))))))
 
 (define ntp-service-type
   (service-type (name 'ntp)
@@ -313,7 +326,9 @@ restrict -6 ::1\n"))
                  (list (service-extension shepherd-root-service-type
                                           ntp-shepherd-service)
                        (service-extension account-service-type
-                                          (const %ntp-accounts))))))
+                                          (const %ntp-accounts))
+                       (service-extension activation-service-type
+                                          ntp-service-activation)))))
 
 (define* (ntp-service #:key (ntp ntp)
                       (servers %ntp-servers))
@@ -346,7 +361,7 @@ keep the system clock synchronized with that of @var{servers}."
          (system? #t)
          (comment "Tor daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define-record-type <hidden-service>
   (hidden-service name mapping)
@@ -539,7 +554,7 @@ project's documentation} for more information."
          (system? #t)
          (comment "BitlBee daemon user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define %bitlbee-activation
   ;; Activation gexp for BitlBee.
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
new file mode 100644
index 0000000000..82713d8133
--- /dev/null
+++ b/gnu/services/nfs.scm
@@ -0,0 +1,54 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services nfs)
+  #:use-module (gnu)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu packages onc-rpc)
+  #:use-module (guix)
+  #:use-module (guix records)
+  #:export (rpcbind-service-type
+            rpcbind-configuration
+            rpcbind-configuration?))
+
+(define-record-type* <rpcbind-configuration>
+  rpcbind-configuration make-rpcbind-configuration
+  rpcbind-configuration?
+  (rpcbind             rpcbind-configuration-rpcbind
+                       (default rpcbind))
+  (warm-start?         rpcbind-configuration-warm-start?
+                       (default #t)))
+
+(define rpcbind-service-type
+  (shepherd-service-type
+   'rpcbind
+   (lambda (config)
+     (define pkg
+       (rpcbind-configuration-rpcbind config))
+
+     (define rpcbind-command
+       #~(list (string-append #$pkg "/bin/rpcbind") "-f"
+               #$@(if (rpcbind-configuration-warm-start? config) '("-w") '())))
+
+     (shepherd-service
+      (documentation "Start the RPC bind daemon.")
+      (requirement '(networking))
+      (provision '(rpcbind-daemon))
+
+      (start #~(make-forkexec-constructor #$rpcbind-command))
+      (stop #~(make-kill-destructor))))))
diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm
new file mode 100644
index 0000000000..ef1e78e9bf
--- /dev/null
+++ b/gnu/services/sddm.scm
@@ -0,0 +1,318 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 David Craven <david@craven.ch>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services sddm)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages display-managers)
+  #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages xorg)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services xorg)
+  #:use-module (gnu system pam)
+  #:use-module (gnu system shadow)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:export (sddm-configuration
+            sddm-confiugration?
+            sddm-service-type
+            sddm-service))
+
+(define-record-type* <sddm-configuration>
+  sddm-configuration      make-sddm-configuration
+  sddm-configuration?
+  (sddm                   sddm-configuration-sddm
+                          (default sddm))
+
+  ;; [General]
+  ;; valid values are x11 and wayland
+  ;; currently doesn't do anything is enabled by wayland greeter PR
+  (display-server         sddm-configuration-display-server
+                          (default "x11"))
+  ;; valid values are on, off or none
+  (numlock                sddm-configuration-numlock
+                          (default "on"))
+  (halt-command           sddm-configuration-halt-command
+                          (default (file-append shepherd "/sbin/halt")))
+  (reboot-command         sddm-configuration-reboot-command
+                          (default (file-append shepherd "/sbin/reboot")))
+
+  ;; [Theme]
+  ;; valid values are elarun or maldives
+  (theme                  sddm-configuration-theme
+                          (default "maldives"))
+  (themes-directory       sddm-configuration-themes-directory
+                          (default "/run/current-system/profile/share/sddm/themes"))
+  (faces-directory        sddm-configuration-faces-directory
+                          (default "/run/current-system/profile/share/sddm/faces"))
+
+  ;; [Users]
+  (default-path           sddm-configuration-default-path
+                          (default "/run/current-system/profile/bin"))
+  (minimum-uid            sddm-configuration-minimum-uid
+                          (default 1000))
+  (maximum-uid            sddm-configuration-maximum-uid
+                          (default 2000))
+  (remember-last-user?    sddm-configuration-remember-last-user?
+                          (default #t))
+  (remember-last-session? sddm-configuration-remember-last-session?
+                          (default #t))
+  (hide-users             sddm-configuration-hide-users
+                          (default ""))
+  (hide-shells            sddm-configuration-hide-shells
+                          (default (file-append shadow "/sbin/nologin")))
+
+  ;; [Wayland]
+  (session-command        sddm-configuration-session-command
+                          (default (file-append sddm "/share/sddm/scripts/wayland-session")))
+  (sessions-directory     sddm-configuration-sessions-directory
+                          (default "/run/current-system/profile/share/wayland-sessions"))
+  ;; [X11]
+  (xorg-server-path       sddm-configuration-xorg-server-path
+                          (default (xorg-start-command)))
+  (xauth-path             sddm-configuration-xauth-path
+                          (default (file-append xauth "/bin/xauth")))
+  (xephyr-path            sddm-configuration-xephyr-path
+                          (default (file-append xorg-server "/bin/Xephyr")))
+  (xdisplay-start         sddm-configuration-xdisplay-start
+                          (default (file-append sddm "/share/sddm/scripts/Xsetup")))
+  (xdisplay-stop          sddm-configuration-xdisplay-stop
+                          (default (file-append sddm "/share/sddm/scripts/Xstop")))
+  (xsession-command       sddm-configuration-xsession-command
+                          (default (xinitrc)))
+  (xsessions-directory    sddm-configuration-xsessions-directory
+                          (default "/run/current-system/profile/share/xsessions"))
+  (minimum-vt             sddm-configuration-minimum-vt
+                          (default 7))
+  (xserver-arguments      sddm-configuration-xserver-arguments
+                          (default "-nolisten tcp"))
+
+  ;; [Autologin]
+  (auto-login-user        sddm-configuration-auto-login-user
+                          (default ""))
+  ;; valid values are xfce.desktop gnome.desktop weston.desktop hawaii.desktop
+  (auto-login-session     sddm-configuration-auto-login-session
+                          (default ""))
+  (relogin?               sddm-configuration-relogin?
+                          (default #f)))
+
+(define (sddm-configuration-file config)
+  (mixed-text-file "sddm.conf" "
+[General]
+DisplayServer="        (sddm-configuration-display-server config)              "
+Numlock="              (sddm-configuration-numlock config)                     "
+HaltCommand="          (sddm-configuration-halt-command config)                "
+RebootCommand="        (sddm-configuration-reboot-command config)              "
+
+[Users]
+DefaultPath="          (sddm-configuration-default-path config)                "
+MinimumUid="           (number->string (sddm-configuration-minimum-uid config))"
+MaximumUid="           (number->string (sddm-configuration-maximum-uid config))"
+RememberLastUser="     (if (sddm-configuration-remember-last-user? config)
+                           "true" "false")                                     "
+RememberLastSession="  (if (sddm-configuration-remember-last-session? config)
+                           "true" "false")                                     "
+HideUsers="            (sddm-configuration-hide-users config)                  "
+Hideshells="           (sddm-configuration-hide-shells config)                 "
+
+[Theme]
+Current="              (sddm-configuration-theme config)                       "
+ThemeDir="             (sddm-configuration-themes-directory config)            "
+FacesDir="             (sddm-configuration-faces-directory config)             "
+
+[Wayland]
+SessionCommand="       (sddm-configuration-session-command config)             "
+SessionDir="           (sddm-configuration-sessions-directory config)          "
+
+[X11]
+ServerPath="           (sddm-configuration-xorg-server-path config)            "
+XauthPath="            (sddm-configuration-xauth-path config)                  "
+XephyrPath="           (sddm-configuration-xephyr-path config)                 "
+DisplayCommand="       (sddm-configuration-xdisplay-start config)              "
+DisplayStopCommand="   (sddm-configuration-xdisplay-stop config)               "
+SessionCommand="       (sddm-configuration-xsession-command config)            "
+SessionDir="           (sddm-configuration-xsessions-directory config)         "
+MinimumVT="            (number->string (sddm-configuration-minimum-vt config)) "
+ServerArguments="      (sddm-configuration-xserver-arguments config)           "
+
+[Autologin]
+User="                 (sddm-configuration-auto-login-user config)             "
+Session="              (sddm-configuration-auto-login-session config)          "
+Relogin="              (if (sddm-configuration-relogin? config)
+                           "true" "false")                                     "
+"))
+
+(define (sddm-shepherd-service config)
+  "Return a <shepherd-service> for sddm with CONFIG."
+
+  (define sddm-command
+    #~(list (string-append #$(sddm-configuration-sddm config) "/bin/sddm")))
+
+  (list (shepherd-service
+         (documentation "SDDM display manager.")
+         (requirement '(user-processes))
+         (provision '(display-manager))
+         (start #~(make-forkexec-constructor #$sddm-command))
+         (stop #~(make-kill-destructor)))))
+
+(define (sddm-etc-service config)
+  (list `("sddm.conf" ,(sddm-configuration-file config))))
+
+(define (sddm-pam-service)
+  "Return a PAM service for @command{sddm}."
+  (pam-service
+   (name "sddm")
+   (auth
+    (list
+     (pam-entry
+      (control "requisite")
+      (module "pam_nologin.so"))
+     (pam-entry
+      (control "required")
+      (module "pam_env.so"))
+     (pam-entry
+      (control "required")
+      (module "pam_succeed_if.so")
+      (arguments (list "uid >= 1000" "quiet")))
+     ;; should be factored out into system-auth
+     (pam-entry
+      (control "required")
+      (module "pam_unix.so"))))
+   (account
+    (list
+     ;; should be factored out into system-account
+     (pam-entry
+      (control "required")
+      (module "pam_unix.so"))))
+   (password
+    (list
+     ;; should be factored out into system-password
+     (pam-entry
+      (control "required")
+      (module "pam_unix.so")
+      (arguments (list "sha512" "shadow" "try_first_pass")))))
+   (session
+    (list
+     ;; lfs has a required pam_limits.so
+     ;; should be factored out into system-session
+     (pam-entry
+      (control "required")
+      (module "pam_unix.so"))))))
+
+(define (sddm-greeter-pam-service)
+  "Return a PAM service for @command{sddm-greeter}."
+  (pam-service
+   (name "sddm-greeter")
+   (auth
+    (list
+     ;; Load environment form /etc/environment and ~/.pam_environment
+     (pam-entry
+      (control "required")
+      (module "pam_env.so"))
+     ;; Always let the greeter start without authentication
+     (pam-entry
+      (control "required")
+      (module "pam_permit.so"))))
+   (account
+    (list
+     ;; No action required for account management
+     (pam-entry
+      (control "required")
+      (module "pam_permit.so"))))
+   (password
+    (list
+     ;; Can't change password
+     (pam-entry
+      (control "required")
+      (module "pam_deny.so"))))
+   (session
+    (list
+     ;; Setup session
+     (pam-entry
+      (control "required")
+      (module "pam_unix.so"))))))
+
+(define (sddm-autologin-pam-service)
+  "Return a PAM service for @command{sddm-autologin}"
+  (pam-service
+   (name "sddm-autologin")
+   (auth
+    (list
+     (pam-entry
+      (control "requisite")
+      (module "pam_nologin.so"))
+     (pam-entry
+      (control "required")
+      (module "pam_succeed_if.so")
+      (arguments (list "uid >= 1000" "quiet")))
+     (pam-entry
+      (control "required")
+      (module "pam_permit.so"))))
+   (account
+    (list
+     (pam-entry
+      (control "include")
+      (module "sddm"))))
+   (password
+    (list
+     (pam-entry
+      (control "required")
+      (module "pam_deny.so"))))
+   (session
+    (list
+     (pam-entry
+      (control "include")
+      (module "sddm"))))))
+
+(define (sddm-pam-services config)
+  (list (sddm-pam-service)
+        (sddm-greeter-pam-service)
+        (sddm-autologin-pam-service)))
+
+(define %sddm-accounts
+  (list (user-group (name "sddm") (system? #t))
+        (user-account
+         (name "sddm")
+         (group "sddm")
+         (system? #t)
+         (comment "SDDM user")
+         (home-directory "/var/lib/sddm")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+;; Add default themes to profile
+(define sddm-profile-service
+  (compose list sddm-configuration-sddm))
+
+(define sddm-service-type
+  (service-type (name 'sddm)
+                (extensions
+                  (list (service-extension shepherd-root-service-type
+                                           sddm-shepherd-service)
+                        (service-extension etc-service-type
+                                           sddm-etc-service)
+                        (service-extension pam-root-service-type
+                                           sddm-pam-services)
+                        (service-extension account-service-type
+                                           (const %sddm-accounts))
+                        (service-extension profile-service-type
+                                           sddm-profile-service)))))
+
+(define* (sddm-service #:optional (config (sddm-configuration)))
+  "Run the @uref{https://github.com/sddm/sddm,SSDM display manager}
+with the given @var{config}, a @code{<sddm-configuration>} object."
+  (service sddm-service-type config))
diff --git a/gnu/services/spice.scm b/gnu/services/spice.scm
index 26f072e7a8..bd0a538346 100644
--- a/gnu/services/spice.scm
+++ b/gnu/services/spice.scm
@@ -43,7 +43,7 @@
 
   (define spice-vdagentd-command
     (list
-      #~(string-append #$spice-vdagent "/sbin/spice-vdagentd")
+      (file-append spice-vdagent "/sbin/spice-vdagentd")
       "-x"))
 
   (list
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9a7ea0fb46..084f8fa4ea 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,17 +20,25 @@
 
 (define-module (gnu services ssh)
   #:use-module (gnu packages ssh)
+  #:use-module (gnu packages admin)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
+  #:use-module (gnu system shadow)
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (srfi srfi-26)
+  #:use-module (ice-9 match)
   #:export (lsh-configuration
             lsh-configuration?
             lsh-service
             lsh-service-type
 
+            openssh-configuration
+            openssh-configuration?
+            openssh-service-type
+            openssh-service
+
             dropbear-configuration
             dropbear-configuration?
             dropbear-service-type
@@ -122,7 +131,7 @@
 
   (define lsh-command
     (append
-     (cons #~(string-append #$lsh "/sbin/lshd")
+     (cons (file-append lsh "/sbin/lshd")
            (if daemonic?
                (let ((syslog (if (lsh-configuration-syslog-output? config)
                                  '()
@@ -246,6 +255,128 @@ The other options should be self-descriptive."
 
 
 ;;;
+;;; OpenSSH.
+;;;
+
+(define-record-type* <openssh-configuration>
+  openssh-configuration make-openssh-configuration
+  openssh-configuration?
+  (pid-file              openssh-configuration-pid-file) ;string
+  (port-number           openssh-configuration-port-number) ;integer
+  (permit-root-login     openssh-configuration-permit-root-login) ;Boolean | 'without-password
+  (allow-empty-passwords? openssh-configuration-allow-empty-passwords?) ;Boolean
+  (password-authentication? openssh-configuration-password-authentication?) ;Boolean
+  (pubkey-authentication? openssh-configuration-pubkey-authentication?) ;Boolean
+  (rsa-authentication?   openssh-configuration-rsa-authentication?) ;Boolean
+  (x11-forwarding?       openssh-configuration-x11-forwarding?) ;Boolean
+  (protocol-number       openssh-configuration-protocol-number)) ;integer
+
+(define %openssh-accounts
+  (list (user-group (name "sshd") (system? #t))
+        (user-account
+          (name "sshd")
+          (group "sshd")
+          (system? #t)
+          (comment "sshd privilege separation user")
+          (home-directory "/var/run/sshd")
+          (shell #~(string-append #$shadow "/sbin/nologin")))))
+
+(define (openssh-activation config)
+  "Return the activation GEXP for CONFIG."
+  #~(begin
+      (mkdir-p "/etc/ssh")
+      (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
+
+      ;; Generate missing host keys.
+      (system* (string-append #$openssh "/bin/ssh-keygen") "-A")))
+
+(define (openssh-config-file config)
+  "Return the sshd configuration file corresponding to CONFIG."
+  (computed-file
+   "sshd_config"
+   #~(call-with-output-file #$output
+       (lambda (port)
+         (display "# Generated by 'openssh-service'.\n" port)
+         (format port "Protocol ~a\n"
+                 #$(if (eq? (openssh-configuration-protocol-number config) 1)
+                       "1" "2"))
+         (format port "Port ~a\n"
+                 #$(number->string (openssh-configuration-port-number config)))
+         (format port "PermitRootLogin ~a\n"
+                 #$(match (openssh-configuration-permit-root-login config)
+                     (#t "yes")
+                     (#f "no")
+                     ('without-password "without-password")))
+         (format port "PermitEmptyPasswords ~a\n"
+                 #$(if (openssh-configuration-allow-empty-passwords? config)
+                       "yes" "no"))
+         (format port "PasswordAuthentication ~a\n"
+                 #$(if (openssh-configuration-password-authentication? config)
+                       "yes" "no"))
+         (format port "PubkeyAuthentication ~a\n"
+                 #$(if (openssh-configuration-pubkey-authentication? config)
+                       "yes" "no"))
+         (format port "RSAAuthentication ~a\n"
+                 #$(if (openssh-configuration-rsa-authentication? config)
+                       "yes" "no"))
+         (format port "X11Forwarding ~a\n"
+                 #$(if (openssh-configuration-x11-forwarding? config)
+                       "yes" "no"))
+         (format port "PidFile ~a\n"
+                 #$(openssh-configuration-pid-file config))
+         #t))))
+
+(define (openssh-shepherd-service config)
+  "Return a <shepherd-service> for openssh with CONFIG."
+
+  (define pid-file
+    (openssh-configuration-pid-file config))
+
+  (define openssh-command
+    #~(list (string-append #$openssh "/sbin/sshd")
+            "-D" "-f" #$(openssh-config-file config)))
+
+  (list (shepherd-service
+         (documentation "OpenSSH server.")
+         (requirement '(networking syslogd))
+         (provision '(ssh-daemon))
+         (start #~(make-forkexec-constructor #$openssh-command
+                                             #:pid-file #$pid-file))
+         (stop #~(make-kill-destructor)))))
+
+(define openssh-service-type
+  (service-type (name 'openssh)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          openssh-shepherd-service)
+                       (service-extension activation-service-type
+                                          openssh-activation)
+                       (service-extension account-service-type
+                                          (const %openssh-accounts))))))
+
+(define* (openssh-service #:key
+                          (pid-file "/var/run/sshd.pid")
+                          (port-number 22)
+                          (permit-root-login 'without-password)
+                          (allow-empty-passwords? #f)
+                          (password-authentication? #t)
+                          (pubkey-authentication? #t)
+                          (rsa-authentication? #t)
+                          (x11-forwarding? #f)
+                          (protocol-number 2))
+  (service openssh-service-type (openssh-configuration
+                                 (pid-file pid-file)
+                                 (port-number port-number)
+                                 (permit-root-login permit-root-login)
+                                 (allow-empty-passwords? allow-empty-passwords?)
+                                 (password-authentication? password-authentication?)
+                                 (pubkey-authentication? pubkey-authentication?)
+                                 (rsa-authentication? rsa-authentication?)
+                                 (x11-forwarding? x11-forwarding?)
+                                 (protocol-number protocol-number))))
+
+
+;;;
 ;;; Dropbear.
 ;;;
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index d86aab50b5..0a2a09bbf5 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -67,7 +67,7 @@
          (system? #t)
          (comment "nginx server user")
          (home-directory "/var/empty")
-         (shell #~(string-append #$shadow "/sbin/nologin")))))
+         (shell (file-append shadow "/sbin/nologin")))))
 
 (define nginx-activation
   (match-lambda
@@ -80,13 +80,13 @@
          (format #t "creating nginx run directory '~a'~%" #$run-directory)
          (mkdir-p #$run-directory)
          ;; Check configuration file syntax.
-         (system* (string-append #$nginx "/bin/nginx")
+         (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$config-file "-t")))))
 
 (define nginx-shepherd-service
   (match-lambda
     (($ <nginx-configuration> nginx log-directory run-directory config-file)
-     (let* ((nginx-binary #~(string-append #$nginx "/sbin/nginx"))
+     (let* ((nginx-binary (file-append nginx "/sbin/nginx"))
             (nginx-action
              (lambda args
                #~(lambda _
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 4e311deb84..d098d831e1 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -42,6 +42,8 @@
   #:export (xorg-configuration-file
             %default-xorg-modules
             xorg-start-command
+            xinitrc
+
             %default-slim-theme
             %default-slim-theme-name
             slim-configuration
@@ -265,7 +267,7 @@ which should be passed to this script as the first argument.  If not, the
 
 (define %default-slim-theme
   ;; Theme based on work by Felipe López.
-  #~(string-append #$%artwork-repository "/slim"))
+  (file-append %artwork-repository "/slim"))
 
 (define %default-slim-theme-name
   ;; This must be the name of the sub-directory in %DEFAULT-SLIM-THEME that
@@ -372,8 +374,8 @@ reboot_cmd " shepherd "/sbin/reboot\n"
                        (theme %default-slim-theme)
                        (theme-name %default-slim-theme-name)
                        (xauth xauth) (shepherd shepherd) (bash bash)
-                       (auto-login-session #~(string-append #$windowmaker
-                                                            "/bin/wmaker"))
+                       (auto-login-session (file-append windowmaker
+                                                        "/bin/wmaker"))
                        (startx (xorg-start-command)))
   "Return a service that spawns the SLiM graphical login manager, which in
 turn starts the X display server with @var{startx}, a command as returned by
@@ -448,14 +450,13 @@ command is @var{program}, to the set of setuid programs and add a PAM entry
 for it.  For example:
 
 @lisp
-(screen-locker-service xlockmore \"xlock\")
+ (screen-locker-service xlockmore \"xlock\")
 @end lisp
 
 makes the good ol' XlockMore usable."
   (service screen-locker-service-type
            (screen-locker program
-                          #~(string-append #$package
-                                           #$(string-append "/bin/" program))
+                          (file-append package "/bin/" program)
                           allow-empty-passwords?)))
 
 ;;; xorg.scm ends here