diff options
Diffstat (limited to 'doc/guix.texi')
| -rw-r--r-- | doc/guix.texi | 506 |
1 files changed, 444 insertions, 62 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 6245d54e8d..7ed39ff132 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -21,7 +21,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@* Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@* Copyright @copyright{} 2015, 2016, 2017 Leo Famulari@* -Copyright @copyright{} 2015, 2016, 2017 Ricardo Wurmus@* +Copyright @copyright{} 2015, 2016, 2017, 2018 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017 Chris Marusich@* Copyright @copyright{} 2016, 2017 Efraim Flashner@* @@ -40,10 +40,10 @@ Copyright @copyright{} 2017 Christopher Allan Webber@* Copyright @copyright{} 2017 Marius Bakke@* Copyright @copyright{} 2017 Hartmut Goebel@* Copyright @copyright{} 2017 Maxim Cournoyer@* -Copyright @copyright{} 2017 Tobias Geerinckx-Rice@* +Copyright @copyright{} 2017, 2018 Tobias Geerinckx-Rice@* Copyright @copyright{} 2017 George Clemmer@* Copyright @copyright{} 2017 Andy Wingo@* -Copyright @copyright{} 2017 Arun Isaac@* +Copyright @copyright{} 2017, 2018 Arun Isaac@* Copyright @copyright{} 2017 nee@* Copyright @copyright{} 2018 Rutger Helling @@ -123,6 +123,7 @@ Setting Up the Daemon * Build Environment Setup:: Preparing the isolated build environment. * Daemon Offload Setup:: Offloading builds to remote machines. +* SELinux Support:: Using an SELinux policy for the daemon. Package Management @@ -248,6 +249,7 @@ Services * Audio Services:: The MPD. * Virtualization Services:: Virtualization services. * Version Control Services:: Providing remote access to Git repositories. +* Game Services:: Game servers. * Miscellaneous Services:: Other services. Defining Services @@ -403,6 +405,11 @@ dependencies. This is often quicker than installing from source, which is described in the next sections. The only requirement is to have GNU@tie{}tar and Xz. +We provide a +@uref{https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh, +shell installer script}, which automates the download, installation, and +initial configuration of Guix. It should be run as the root user. + Installing goes along these lines: @enumerate @@ -749,6 +756,7 @@ the daemon to download pre-built binaries. @menu * Build Environment Setup:: Preparing the isolated build environment. * Daemon Offload Setup:: Offloading builds to remote machines. +* SELinux Support:: Using an SELinux policy for the daemon. @end menu @node Build Environment Setup @@ -1076,6 +1084,92 @@ main node: @end example +@node SELinux Support +@subsection SELinux Support + +@cindex SELinux, daemon policy +@cindex mandatory access control, SELinux +@cindex security, guix-daemon +Guix includes an SELinux policy file at @file{etc/guix-daemon.cil} that +can be installed on a system where SELinux is enabled, in order to label +Guix files and to specify the expected behavior of the daemon. Since +GuixSD does not provide an SELinux base policy, the daemon policy cannot +be used on GuixSD. + +@subsubsection Installing the SELinux policy +@cindex SELinux, policy installation +To install the policy run this command as root: + +@example +semodule -i etc/guix-daemon.cil +@end example + +Then relabel the file system with @code{restorecon} or by a different +mechanism provided by your system. + +Once the policy is installed, the file system has been relabeled, and +the daemon has been restarted, it should be running in the +@code{guix_daemon_t} context. You can confirm this with the following +command: + +@example +ps -Zax | grep guix-daemon +@end example + +Monitor the SELinux log files as you run a command like @code{guix build +hello} to convince yourself that SELinux permits all necessary +operations. + +@subsubsection Limitations +@cindex SELinux, limitations + +This policy is not perfect. Here is a list of limitations or quirks +that should be considered when deploying the provided SELinux policy for +the Guix daemon. + +@enumerate +@item +@code{guix_daemon_socket_t} isn’t actually used. None of the socket +operations involve contexts that have anything to do with +@code{guix_daemon_socket_t}. It doesn’t hurt to have this unused label, +but it would be preferrable to define socket rules for only this label. + +@item +@code{guix gc} cannot access arbitrary links to profiles. By design, +the file label of the destination of a symlink is independent of the +file label of the link itself. Although all profiles under +$localstatedir are labelled, the links to these profiles inherit the +label of the directory they are in. For links in the user’s home +directory this will be @code{user_home_t}. But for links from the root +user’s home directory, or @file{/tmp}, or the HTTP server’s working +directory, etc, this won’t work. @code{guix gc} would be prevented from +reading and following these links. + +@item +The daemon’s feature to listen for TCP connections might no longer work. +This might require extra rules, because SELinux treats network sockets +differently from files. + +@item +Currently all files with a name matching the regular expression +@code{/gnu/store/.+-(guix-.+|profile)/bin/guix-daemon} are assigned the +label @code{guix_daemon_exec_t}; this means that @emph{any} file with +that name in any profile would be permitted to run in the +@code{guix_daemon_t} domain. This is not ideal. An attacker could +build a package that provides this executable and convince a user to +install and run it, which lifts it into the @code{guix_daemon_t} domain. +At that point SELinux could not prevent it from accessing files that are +allowed for processes in that domain. + +We could generate a much more restrictive policy at installation time, +so that only the @emph{exact} file name of the currently installed +@code{guix-daemon} executable would be labelled with +@code{guix_daemon_exec_t}, instead of using a broad regular expression. +The downside is that root would have to install or upgrade the policy at +installation time whenever the Guix package that provides the +effectively running @code{guix-daemon} executable is upgraded. +@end enumerate + @node Invoking guix-daemon @section Invoking @command{guix-daemon} @@ -2659,6 +2753,12 @@ lucky enough to be using Guix. You'd tell them to run @command{guix package -i @var{something}}, but that's not possible in this case. This is where @command{guix pack} comes in. +@quotation Note +If you are looking for ways to exchange binaries among machines that +already run Guix, @pxref{Invoking guix copy}, @ref{Invoking guix +publish}, and @ref{Invoking guix archive}. +@end quotation + @cindex pack @cindex bundle @cindex application bundle @@ -2741,6 +2841,19 @@ This has the same purpose as the same-named option in @command{guix build} (@pxref{Additional Build Options, @code{--expression} in @command{guix build}}). +@item --manifest=@var{file} +@itemx -m @var{file} +Use the packages contained in the manifest object returned by the Scheme +code in @var{file}. + +This has a similar purpose as the same-named option in @command{guix +package} (@pxref{profile-manifest, @option{--manifest}}) and uses the +same manifest files. It allows you to define a collection of packages +once and use it both for creating profiles and for creating archives +for use on machines that do not have Guix installed. Note that you can +specify @emph{either} a manifest file @emph{or} a list of packages, +but not both. + @item --system=@var{system} @itemx -s @var{system} Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of @@ -2794,10 +2907,16 @@ options (@pxref{Package Transformation Options}). @cindex @command{guix archive} @cindex archive The @command{guix archive} command allows users to @dfn{export} files -from the store into a single archive, and to later @dfn{import} them. +from the store into a single archive, and to later @dfn{import} them on +a machine that runs Guix. In particular, it allows store files to be transferred from one machine to the store on another machine. +@quotation Note +If you're looking for a way to produce archives in a format suitable for +tools other than Guix, @pxref{Invoking guix pack}. +@end quotation + @cindex exporting store items To export store files as an archive to standard output, run: @@ -3683,10 +3802,10 @@ Go build mechanisms}. The user is expected to provide a value for the key @code{#:import-path} and, in some cases, @code{#:unpack-path}. The @url{https://golang.org/doc/code.html#ImportPaths, import path} -corresponds to the filesystem path expected by the package's build +corresponds to the file system path expected by the package's build scripts and any referring packages, and provides a unique way to refer to a Go package. It is typically based on a combination of the -package source code's remote URI and filesystem hierarchy structure. In +package source code's remote URI and file system hierarchy structure. In some cases, you will need to unpack the package's source code to a different directory structure than the one indicated by the import path, and @code{#:unpack-path} should be used in such cases. @@ -3993,12 +4112,12 @@ Apart from that, the build system also adds the following phases: @table @code @item fix-runpath -This phase tries to locate the local directories in the package being build, -which has libraries that some of the binaries need. If any are found, they will -be added to the programs @code{RUNPATH}. It is needed because -@code{meson-for-build} keeps the @code{RUNPATH} of binaries and libraries from -when they are build, but often that is not the @code{RUNPATH} we want. -Therefor it is also shrinked to the minimum needed by the program. +This phase ensures that all binaries can find the libraries they need. +It searches for required libraries in subdirectories of the package being +built, and adds those to @code{RUNPATH} where needed. It also removes +references to libraries left over from the build phase by +@code{meson-for-build}, such as test dependencies, that aren't actually +required for the program to run. @item glib-or-gtk-wrap This phase is the phase provided by @code{glib-or-gtk-build-system}, and it @@ -6341,6 +6460,19 @@ are many packages, though, for which it lacks a method to determine whether a new upstream release is available. However, the mechanism is extensible, so feel free to get in touch with us to add a new method! +Sometimes the upstream name differs from the package name used in Guix, +and @command{guix refresh} needs a little help. Most updaters honor the +@code{upstream-name} property in package definitions, which can be used +to that effect: + +@example +(define-public network-manager + (package + (name "network-manager") + ;; @dots{} + (properties '((upstream-name . "NetworkManager"))))) +@end example + When passed @code{--update}, it modifies distribution source files to update the version numbers and source tarball hashes of those package recipes (@pxref{Defining Packages}). This is achieved by downloading @@ -8180,7 +8312,7 @@ parted /dev/sda set 1 esp on Once you are done partitioning the target hard disk drive, you have to create a file system on the relevant partition(s)@footnote{Currently GuixSD only supports ext4 and btrfs file systems. In particular, code -that reads partition UUIDs and labels only works for these file system +that reads file system UUIDs and labels only works for these file system types.}. For the ESP, if you have one and assuming it is @file{/dev/sda2}, run: @@ -8221,7 +8353,7 @@ root file system): mount LABEL=my-root /mnt @end example -Also mount any other partitions you would like to use on the target +Also mount any other file systems you would like to use on the target system relative to this path. If you have @file{/boot} on a separate partition for example, mount it at @file{/mnt/boot} now so it is found by @code{guix system init} afterwards. @@ -8308,7 +8440,7 @@ to a mounted EFI partition, like @code{/boot/efi}, and do make sure the path is actually mounted. @item -Be sure that your partition labels match the value of their respective +Be sure that your file system labels match the value of their respective @code{device} fields in your @code{file-system} configuration, assuming your @code{file-system} configuration sets the value of @code{title} to @code{'label}. @@ -8514,7 +8646,7 @@ of a package: @end lisp @findex specification->package -Referring to packages by variable name, like @var{tcpdump} above, has +Referring to packages by variable name, like @code{bind} above, has the advantage of being unambiguous; it also allows typos and such to be diagnosed right away as ``unbound variables''. The downside is that one needs to know which module defines which package, and to augment the @@ -8605,7 +8737,7 @@ instead of full-blown desktop environments would look like this: @include os-config-lightweight-desktop.texi @end lisp -This example refers to the @file{/boot/efi} partition by its UUID, +This example refers to the @file{/boot/efi} file system by its UUID, @code{1234-ABCD}. Replace this UUID with the right UUID on your system, as returned by the @command{blkid} command. @@ -8869,8 +9001,8 @@ interpreted. When it is the symbol @code{device}, then the @code{device} field is interpreted as a file name; when it is @code{label}, then @code{device} -is interpreted as a partition label name; when it is @code{uuid}, -@code{device} is interpreted as a partition unique identifier (UUID). +is interpreted as a file system label name; when it is @code{uuid}, +@code{device} is interpreted as a file system unique identifier (UUID). UUIDs may be converted from their string representation (as shown by the @command{tune2fs -l} command) using the @code{uuid} form@footnote{The @@ -8888,8 +9020,8 @@ like this: (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb"))) @end example -The @code{label} and @code{uuid} options offer a way to refer to disk -partitions without having to hard-code their actual device +The @code{label} and @code{uuid} options offer a way to refer to file +systems without having to hard-code their actual device name@footnote{Note that, while it is tempting to use @file{/dev/disk/by-uuid} and similar device names to achieve the same result, this is not recommended: These special device nodes are created @@ -9457,6 +9589,7 @@ declaration. * Audio Services:: The MPD. * Virtualization Services:: Virtualization services. * Version Control Services:: Providing remote access to Git repositories. +* Game Services:: Game servers. * Miscellaneous Services:: Other services. @end menu @@ -9604,7 +9737,20 @@ man page for more information. @item @code{tty} The name of the console this agetty runs on, as a string---e.g., -@code{"ttyS0"}. This argument is mandatory. +@code{"ttyS0"}. This argument is optional, it will default to +a reasonable default serial port used by the kernel Linux. + +For this, if there is a value for an option @code{agetty.tty} in the kernel +command line, agetty will extract the device name of the serial port +from it and use that. + +If not and if there is a value for an option @code{console} with a tty in +the Linux command line, agetty will extract the device name of the +serial port from it and use that. + +In both cases, agetty will leave the other serial device settings +(baud rate etc.) alone---in the hope that Linux pinned them to the +correct values. @item @code{baud-rate} (default: @code{#f}) A string containing a comma-separated list of one or more baud rates, in @@ -10171,9 +10317,9 @@ caching; when @code{#f}, the number of processors is used. @xref{Invoking guix publish, @option{--workers}}, for more information. @item @code{ttl} (default: @code{#f}) -When it is an integer, this denotes the @dfn{time-to-live} of the -published archives. @xref{Invoking guix publish, @option{--ttl}}, for -more information. +When it is an integer, this denotes the @dfn{time-to-live} in seconds +of the published archives. @xref{Invoking guix publish, @option{--ttl}}, +for more information. @end table @end deftp @@ -10330,9 +10476,8 @@ with the default settings, for commonly encountered log files. (operating-system ;; @dots{} - (services (cons* (service mcron-service-type) - (service rottlog-service-type) - %base-services))) + (services (cons (service rottlog-service-type) + %base-services))) @end lisp @defvr {Scheme Variable} rottlog-service-type @@ -10689,21 +10834,6 @@ See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor project's documentation} for more information. @end deffn -@deffn {Scheme Procedure} bitlbee-service [#:bitlbee bitlbee] @ - [#:interface "127.0.0.1"] [#:port 6667] @ - [#:extra-settings ""] -Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that -acts as a gateway between IRC and chat networks. - -The daemon will listen to the interface corresponding to the IP address -specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only -local clients can connect, whereas @code{0.0.0.0} means that connections can -come from any networking interface. - -In addition, @var{extra-settings} specifies a string to append to the -configuration file. -@end deffn - The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available @@ -11287,8 +11417,8 @@ configuration file. It is used to pass extra text to be added verbatim to the configuration file. @end deffn -@deffn {Scheme Procedure} screen-locker-service @var{package} [@var{name}] -Add @var{package}, a package for a screen-locker or screen-saver whose +@deffn {Scheme Procedure} screen-locker-service @var{package} [@var{program}] +Add @var{package}, a package for a screen locker or screen saver whose command is @var{program}, to the set of setuid programs and add a PAM entry for it. For example: @@ -11326,16 +11456,16 @@ CUPS service will generate a self-signed certificate if needed, for secure connections to the print server. Suppose you want to enable the Web interface of CUPS and also add -support for HP printers @i{via} the @code{hplip} package. You can do -that directly, like this (you need to use the @code{(gnu packages cups)} -module): +support for Epson printers @i{via} the @code{escpr} package and for HP +printers @i{via} the @code{hplip} package. You can do that directly, +like this (you need to use the @code{(gnu packages cups)} module): @example (service cups-service-type (cups-configuration (web-interface? #t) (extensions - (list cups-filters hplip)))) + (list cups-filters escpr hplip)))) @end example The available configuration parameters follow. Each parameter @@ -12193,8 +12323,10 @@ The desktop environments in Guix use the Xorg display server by default. If you'd like to use the newer display server protocol called Wayland, you need to use the @code{sddm-service} instead of the @code{slim-service} for the graphical login manager. You should then -select the ``GNOME (Wayland)'' session in SDDM. Currently only GNOME -has support for Wayland. +select the ``GNOME (Wayland)'' session in SDDM. Alternatively you can +also try starting GNOME on Wayland manually from a TTY with the +command ``XDG_SESSION_TYPE=wayland exec dbus-run-session +gnome-session``. Currently only GNOME has support for Wayland. @deffn {Scheme Procedure} gnome-desktop-service Return a service that adds the @code{gnome} package to the system @@ -14425,6 +14557,47 @@ string, you could instantiate a prosody service like this: (prosody.cfg.lua ""))) @end example +@subsubheading BitlBee Service + +@cindex IRC (Internet Relay Chat) +@cindex IRC gateway +@url{http://bitlbee.org,BitlBee} is a gateway that provides an IRC +interface to a variety of messaging protocols such as XMPP. + +@defvr {Scheme Variable} bitlbee-service-type +This is the service type for the @url{http://bitlbee.org,BitlBee} IRC +gateway daemon. Its value is a @code{bitlbee-configuration} (see +below). + +To have BitlBee listen on port 6667 on localhost, add this line to your +services: + +@example +(service bitlbee-service-type) +@end example +@end defvr + +@deftp {Data Type} bitlbee-configuration +This is the configuration for BitlBee, with the following fields: + +@table @asis +@item @code{interface} (default: @code{"127.0.0.1"}) +@itemx @code{port} (default: @code{6667}) +Listen on the network interface corresponding to the IP address +specified in @var{interface}, on @var{port}. + +When @var{interface} is @code{127.0.0.1}, only local clients can +connect; when it is @code{0.0.0.0}, connections can come from any +networking interface. + +@item @code{package} (default: @code{bitlbee}) +The BitlBee package to use. + +@item @code{extra-settings} (default: @code{""}) +Configuration snippet added as-is to the BitlBee configuration file. +@end table +@end deftp + @node Telephony Services @subsubsection Telephony Services @@ -14916,8 +15089,162 @@ Local accounts with lower values will silently fail to authenticate. @cindex web @cindex www @cindex HTTP -The @code{(gnu services web)} module provides the nginx web server and -also a fastcgi wrapper daemon. +The @code{(gnu services web)} module provides the Apache HTTP Server, +the nginx web server, and also a fastcgi wrapper daemon. + +@subsubheading Apache HTTP Server + +@deffn {Scheme Variable} httpd-service-type +Service type for the @uref{https://httpd.apache.org/,Apache HTTP} server +(@dfn{httpd}). The value for this service type is a +@code{https-configuration} record. + +A simple example configuration is given below. + +@example +(service httpd-service-type + (httpd-configuration + (config + (httpd-config-file + (server-name "www.example.com") + (document-root "/srv/http/www.example.com"))))) +@end example + +Other services can also extend the @code{httpd-service-type} to add to +the configuration. + +@example +(simple-service 'my-extra-server httpd-service-type + (list + (httpd-virtualhost + "*:80" + (list (string-append + "ServerName "www.example.com + DocumentRoot \"/srv/http/www.example.com\""))))) +@end example +@end deffn + +The details for the @code{httpd-configuration}, @code{httpd-module}, +@code{httpd-config-file} and @code{httpd-virtualhost} record types are +given below. + +@deffn {Data Type} httpd-configuration +This data type represents the configuration for the httpd service. + +@table @asis +@item @code{package} (default: @code{httpd}) +The httpd package to use. + +@item @code{pid-file} (default: @code{"/var/run/httpd"}) +The pid file used by the shepherd-service. + +@item @code{config} (default: @code{(httpd-config-file)}) +The configuration file to use with the httpd service. The default value +is a @code{httpd-config-file} record, but this can also be a different +G-expression that generates a file, for example a @code{plain-file}. A +file outside of the store can also be specified through a string. + +@end table +@end deffn + +@deffn {Data Type} httpd-module +This data type represents a module for the httpd service. + +@table @asis +@item @code{name} +The name of the module. + +@item @code{file} +The file for the module. This can be relative to the httpd package being +used, the absolute location of a file, or a G-expression for a file +within the store, for example @code{(file-append mod-wsgi +"/modules/mod_wsgi.so")}. + +@end table +@end deffn + +@deffn {Data Type} httpd-config-file +This data type represents a configuration file for the httpd service. + +@table @asis +@item @code{modules} (default: @code{%default-httpd-modules}) +The modules to load. Additional modules can be added here, or loaded by +additional configuration. + +@item @code{server-root} (default: @code{httpd}) +The @code{ServerRoot} in the configuration file, defaults to the httpd +package. Directives including @code{Include} and @code{LoadModule} are +taken as relative to the server root. + +@item @code{server-name} (default: @code{#f}) +The @code{ServerName} in the configuration file, used to specify the +request scheme, hostname and port that the server uses to identify +itself. + +This doesn't need to be set in the server config, and can be specifyed +in virtual hosts. The default is @code{#f} to not specify a +@code{ServerName}. + +@item @code{document-root} (default: @code{"/srv/http"}) +The @code{DocumentRoot} from which files will be served. + +@item @code{listen} (default: @code{'("80")}) +The list of values for the @code{Listen} directives in the config +file. The value should be a list of strings, when each string can +specify the port number to listen on, and optionally the IP address and +protocol to use. + +@item @code{pid-file} (default: @code{"/var/run/httpd"}) +The @code{PidFile} to use. This should match the @code{pid-file} set in +the @code{httpd-configuration} so that the Shepherd service is +configured correctly. + +@item @code{error-log} (default: @code{"/var/log/httpd/error_log"}) +The @code{ErrorLog} to which the server will log errors. + +@item @code{user} (default: @code{"httpd"}) +The @code{User} which the server will answer requests as. + +@item @code{group} (default: @code{"httpd"}) +The @code{Group} which the server will answer requests as. + +@item @code{extra-config} (default: @code{(list "TypesConfig etc/httpd/mime.types")}) +A flat list of strings and G-expressions which will be added to the end +of the configuration file. + +Any values which the service is extended with will be appended to this +list. + +@end table +@end deffn + +@deffn {Data Type} httpd-virtualhost +This data type represents a virtualhost configuration block for the httpd service. + +These should be added to the extra-config for the httpd-service. + +@example +(simple-service 'my-extra-server httpd-service-type + (list + (httpd-virtualhost + "*:80" + (list (string-append + "ServerName "www.example.com + DocumentRoot \"/srv/http/www.example.com\""))))) +@end example + +@table @asis +@item @code{addresses-and-ports} +The addresses and ports for the @code{VirtualHost} directive. + +@item @code{contents} +The contents of the @code{VirtualHost} directive, this should be a list +of strings and G-expressions. + +@end table +@end deffn + +@subsubheading NGINX @deffn {Scheme Variable} nginx-service-type Service type for the @uref{https://nginx.org/,NGinx} web server. The @@ -15122,11 +15449,12 @@ URI which this location block matches. @anchor{nginx-location-configuration body} @item @code{body} -Body of the location block, specified as a string. This can contain many +Body of the location block, specified as a list of strings. This can contain +many configuration directives. For example, to pass requests to a upstream server group defined using an @code{nginx-upstream-configuration} block, -the following directive would be specified in the body @samp{proxy_pass -http://upstream-name;}. +the following directive would be specified in the body @samp{(list "proxy_pass +http://upstream-name;")}. @end table @end deftp @@ -15339,6 +15667,31 @@ A simple services setup for nginx with php can look like this: %base-services)) @end example +@cindex cat-avatar-generator +The cat avatar generator is a simple service to demonstrate the use of php-fpm +in @code{Nginx}. It is used to generate cat avatar from a seed, for instance +the hash of a user's email address. + +@deffn {Scheme Procedure} cat-avatar-generator-serice @ + [#:cache-dir "/var/cache/cat-avatar-generator"] @ + [#:package cat-avatar-generator] @ + [#:configuration (nginx-server-configuration)] +Returns an nginx-server-configuration that inherits @code{configuration}. It +extends the nginx configuration to add a server block that serves @code{package}, +a version of cat-avatar-generator. During execution, cat-avatar-generator will +be able to use @code{cache-dir} as its cache directory. +@end deffn + +A simple setup for cat-avatar-generator can look like this: +@example +(services (cons* (cat-avatar-generator-service + #:configuration + (nginx-server-configuration + (server-name '("example.com")))) + ... + %base-services)) +@end example + @node Certificate Services @subsubsection Certificate Services @@ -15655,7 +16008,7 @@ The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}. @item @code{config} (default: @code{"/var/lib/knot/keys/keys"}) The configuration string of the backend. An example for the PKCS#11 is: @code{"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/pkcs11/libsofthsm2.so"}. -For the pem backend, the string reprensents a path in the filesystem. +For the pem backend, the string reprensents a path in the file system. @end table @end deftp @@ -17727,7 +18080,7 @@ service: (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm")) - (qemu-support? #t))) + (guix-support? #t))) @end example You can run: @@ -17903,6 +18256,37 @@ HTTPS. You will also need to add an @code{fcgiwrap} proxy to your system services. @xref{Web Services}. @end deffn +@node Game Services +@subsubsection Game Services + +@subsubheading The Battle for Wesnoth Service +@cindex wesnothd +@uref{https://wesnoth.org, The Battle for Wesnoth} is a fantasy, turn +based tactical strategy game, with several single player campaigns, and +multiplayer games (both networked and local). + +@defvar {Scheme Variable} wesnothd-service-type +Service type for the wesnothd service. Its value must be a +@code{wesnothd-configuration} object. To run wesnothd in the default +configuration, instantiate it as: + +@example +(service wesnothd-service-type) +@end example +@end defvar + +@deftp {Data Type} wesnothd-configuration +Data type representing the configuration of @command{wesnothd}. + +@table @asis +@item @code{package} (default: @code{wesnoth-server}) +The wesnoth server package to use. + +@item @code{port} (default: @code{15000}) +The port to bind the server to. +@end table +@end deftp + @node Miscellaneous Services @subsubsection Miscellaneous Services @@ -18076,8 +18460,6 @@ The following example will configure the service with default values. By default, Cgit can be accessed on port 80 (@code{http://localhost:80}). @example -(service nginx-service-type) -(service fcgiwrap-service-type) (service cgit-service-type) @end example @@ -18436,7 +18818,7 @@ initialization system. @item --root=@var{root} Mount @var{root} as the root file system. @var{root} can be a -device name like @code{/dev/sda1}, a partition label, or a partition +device name like @code{/dev/sda1}, a file system label, or a file system UUID. @item --system=@var{system} @@ -18477,7 +18859,7 @@ the root file system specified on the kernel command line via @code{--root}. @var{file-systems} are mounted (@pxref{Mapped Devices}). @var{helper-packages} is a list of packages to be copied in the initrd. It may include @code{e2fsck/static} or other packages needed by the initrd to check -root partition. +the root file system. When @var{qemu-networking?} is true, set up networking with the standard QEMU parameters. When @var{virtio?} is true, load additional modules so that the |