summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi42
-rw-r--r--gnu/services/desktop.scm115
2 files changed, 150 insertions, 7 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 6875f22e86..f05376efcf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5867,9 +5867,10 @@ adds or adjust services for a typical ``desktop'' setup.
 In particular, it adds a graphical login manager (@pxref{X Window,
 @code{slim-service}}), a network management tool (@pxref{Networking
 Services, @code{wicd-service}}), energy and color management services,
-an NTP client (@pxref{Networking Services}), the Avahi
-daemon, and has the name service switch service configured to be able to
-use @code{nss-mdns} (@pxref{Name Service Switch, mDNS}).
+the GeoClue location service, an NTP client (@pxref{Networking
+Services}), the Avahi daemon, and has the name service switch service
+configured to be able to use @code{nss-mdns} (@pxref{Name Service
+Switch, mDNS}).
 @end defvr
 
 The @var{%desktop-services} variable can be used as the @code{services}
@@ -5921,6 +5922,41 @@ tool.  See @uref{http://www.freedesktop.org/software/colord/, the colord web
 site} for more information.
 @end deffn
 
+@deffn {Scheme Procedure} geoclue-application name [#:allowed? #t] [#:system? #f] [#:users '()]
+Return an configuration allowing an application to access GeoClue
+location data.  @var{name} is the Desktop ID of the application, without
+the @code{.desktop} part.  If @var{allowed?} is true, the application
+will have access to location information by default.  The boolean
+@var{system?}  value indicates that an application is a system component
+or not.  Finally @var{users} is a list of UIDs of all users for which
+this application is allowed location info access.  An empty users list
+means that all users are allowed.
+@end deffn
+
+@defvr {Scheme Variable} %standard-geoclue-applications
+The standard list of well-known GeoClue application configurations,
+granting authority to GNOME's date-and-time utility to ask for the
+current location in order to set the time zone, and allowing the Firefox
+(IceCat) and Epiphany web browsers to request location information.
+Firefox and Epiphany both query the user before allowing a web page to
+know the user's location.
+@end defvr
+
+@deffn {Monadic Procedure} geoclue-service [#:colord @var{colord}] @
+                         [#:whitelist '()] @
+                         [#:wifi-geolocation-url "https://location.services.mozilla.com/v1/geolocate?key=geoclue"] @
+                         [#:submit-data? #f]
+                         [#:wifi-submission-url "https://location.services.mozilla.com/v1/submit?key=geoclue"] @
+                         [#:submission-nick "geoclue"] @
+                         [#:applications %standard-geoclue-applications]
+Return a service that runs the GeoClue location service.  This service
+provides a D-Bus interface to allow applications to request access to a
+user's physical location, and optionally to add information to online
+location databases.  See
+@uref{https://wiki.freedesktop.org/www/Software/GeoClue/, the GeoClue
+web site} for more information.
+@end deffn
+
 @node Database Services
 @subsubsection Database Services
 
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 7ed62d07b5..4e4b49df3e 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -36,6 +36,9 @@
   #:export (dbus-service
             upower-service
             colord-service
+            geoclue-application
+            %standard-geoclue-applications
+            geoclue-service
             %desktop-services))
 
 ;;; Commentary:
@@ -46,6 +49,14 @@
 
 
 ;;;
+;;; Helpers.
+;;;
+
+(define (bool value)
+  (if value "true\n" "false\n"))
+
+
+;;;
 ;;; D-Bus.
 ;;;
 
@@ -154,9 +165,6 @@ and policy files.  For example, to allow avahi-daemon to use the system bus,
                                     time-critical time-action
                                     critical-power-action)
   "Return an upower-daemon configuration file."
-  (define (bool value)
-    (if value "true\n" "false\n"))
-
   (text-file "UPower.conf"
              (string-append
               "[UPower]\n"
@@ -274,6 +282,100 @@ site} for more information."
                             (shell
                              #~(string-append #$shadow "/sbin/nologin")))))))))
 
+
+;;;
+;;; GeoClue D-Bus service.
+;;;
+
+(define* (geoclue-application name #:key (allowed? #t) system? (users '()))
+  "Configure default GeoClue access permissions for an application.  NAME is
+the Desktop ID of the application, without the .desktop part.  If ALLOWED? is
+true, the application will have access to location information by default.
+The boolean SYSTEM? value indicates that an application is a system component
+or not.  Finally USERS is a list of UIDs of all users for which this
+application is allowed location info access.  An empty users list means all
+users are allowed."
+  (string-append
+   "[" name "]\n"
+   "allowed=" (bool allowed?)
+   "system=" (bool system?)
+   "users=" (string-join users ";") "\n"))
+
+(define %standard-geoclue-applications
+  (list (geoclue-application "gnome-datetime-panel" #:system? #t)
+        (geoclue-application "epiphany" #:system? #f)
+        (geoclue-application "firefox" #:system? #f)))
+
+(define* (geoclue-configuration-file #:key whitelist wifi-geolocation-url
+                                     submit-data?
+                                     wifi-submission-url submission-nick
+                                     applications)
+  "Return a geoclue configuration file."
+  (text-file "geoclue.conf"
+             (string-append
+              "[agent]\n"
+              "whitelist=" (string-join whitelist ";") "\n"
+              "[wifi]\n"
+              "url=" wifi-geolocation-url "\n"
+              "submit-data=" (bool submit-data?)
+              "submission-url=" wifi-submission-url "\n"
+              "submission-nick=" submission-nick "\n"
+              (string-join applications "\n"))))
+
+(define* (geoclue-service #:key (geoclue geoclue)
+                          (whitelist '())
+                          (wifi-geolocation-url
+                           ;; Mozilla geolocation service:
+                           "https://location.services.mozilla.com/v1/geolocate?key=geoclue")
+                          (submit-data? #f)
+                          (wifi-submission-url
+                           "https://location.services.mozilla.com/v1/submit?key=geoclue")
+                          (submission-nick "geoclue")
+                          (applications %standard-geoclue-applications))
+  "Return a service that runs the @command{geoclue} location service.  This
+service provides a D-Bus interface to allow applications to request access to
+a user's physical location, and optionally to add information to online
+location databases.  By default, only the GNOME date-time panel and the Icecat
+and Epiphany web browsers are able to ask for the user's location, and in the
+case of Icecat and Epiphany, both will ask the user for permission first.  See
+@uref{https://wiki.freedesktop.org/www/Software/GeoClue/, the geoclue web
+site} for more information."
+  (mlet %store-monad ((config (geoclue-configuration-file
+                               #:whitelist whitelist
+                               #:wifi-geolocation-url wifi-geolocation-url
+                               #:submit-data? submit-data?
+                               #:wifi-submission-url wifi-submission-url
+                               #:submission-nick submission-nick
+                               #:applications applications)))
+    (return
+     (service
+      (documentation "Run the GeoClue location service.")
+      (provision '(geoclue-daemon))
+      (requirement '(dbus-system))
+
+      (start #~(make-forkexec-constructor
+                (list (string-append #$geoclue "/libexec/geoclue"))
+                #:user "geoclue"
+                #:environment-variables
+                (list (string-append "GEOCLUE_CONFIG_FILE=" #$config))))
+      (stop #~(make-kill-destructor))
+
+      (user-groups (list (user-group
+                          (name "geoclue")
+                          (system? #t))))
+      (user-accounts (list (user-account
+                            (name "geoclue")
+                            (group "geoclue")
+                            (system? #t)
+                            (comment "GeoClue daemon user")
+                            (home-directory "/var/empty")
+                            (shell
+                             "/run/current-system/profile/sbin/nologin"))))))))
+
+
+;;;
+;;; The default set of desktop services.
+;;;
 (define %desktop-services
   ;; List of services typically useful for a "desktop" use case.
   (cons* (slim-service)
@@ -281,8 +383,13 @@ site} for more information."
          (avahi-service)
          (wicd-service)
          (upower-service)
+         ;; FIXME: The colord and geoclue services could all be bus-activated
+         ;; by default, so they don't run at program startup.  However, user
+         ;; creation and /var/lib.colord creation happen at service activation
+         ;; time, so we currently add them to the set of default services.
          (colord-service)
-         (dbus-service (list avahi wicd upower colord))
+         (geoclue-service)
+         (dbus-service (list avahi wicd upower colord geoclue))
 
          (ntp-service)