summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/admin.scm4
-rw-r--r--gnu/services/base.scm19
-rw-r--r--gnu/services/ci.scm127
-rw-r--r--gnu/services/cuirass.scm2
-rw-r--r--gnu/services/databases.scm4
-rw-r--r--gnu/services/mail.scm2
-rw-r--r--gnu/services/networking.scm141
-rw-r--r--gnu/services/sysctl.scm2
-rw-r--r--gnu/services/version-control.scm2
-rw-r--r--gnu/services/web.scm35
-rw-r--r--gnu/services/xorg.scm2
11 files changed, 313 insertions, 27 deletions
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm
index b34b990f32..763a4434e4 100644
--- a/gnu/services/admin.scm
+++ b/gnu/services/admin.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -80,7 +80,7 @@
 (define %rotated-files
   ;; Syslog files subject to rotation.
   '("/var/log/messages" "/var/log/secure" "/var/log/debug"
-    "/var/log/maillog"))
+    "/var/log/maillog" "/var/log/mcron.log"))
 
 (define %default-rotations
   (list (log-rotation                             ;syslog files
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index f50bcfdcb4..24b3ea785b 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2019 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021 qblade <qblade@protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1815,7 +1816,11 @@ proxy of 'guix-daemon'...~%")
 raise a deprecation warning if the 'compression-level' field was used."
   (match (%guix-publish-configuration-compression-level config)
     (#f
-     '(("gzip" 3)))
+     ;; Default to low compression levels when there's no cache so that users
+     ;; get good bandwidth by default.
+     (if (guix-publish-configuration-cache config)
+         '(("gzip" 5) ("zstd" 19))
+         '(("gzip" 3) ("zstd" 3))))               ;zstd compresses faster
     (level
      (warn-about-deprecation 'compression-level properties
                              #:replacement 'compression)
@@ -2304,7 +2309,11 @@ This service is not part of @var{%base-services}."
   (auto-login              kmscon-configuration-auto-login
                            (default #f))
   (hardware-acceleration?  kmscon-configuration-hardware-acceleration?
-                           (default #f))) ; #t causes failure
+                           (default #f))  ; #t causes failure
+  (font-engine             kmscon-configuration-font-engine
+                           (default "pango"))
+  (font-size               kmscon-configuration-font-size
+                           (default 12)))
 
 (define kmscon-service-type
   (shepherd-service-type
@@ -2315,13 +2324,17 @@ This service is not part of @var{%base-services}."
            (login-program (kmscon-configuration-login-program config))
            (login-arguments (kmscon-configuration-login-arguments config))
            (auto-login (kmscon-configuration-auto-login config))
-           (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
+           (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config))
+           (font-engine (kmscon-configuration-font-engine config))
+           (font-size (kmscon-configuration-font-size config)))
 
        (define kmscon-command
          #~(list
             #$(file-append kmscon "/bin/kmscon") "--login"
             "--vt" #$virtual-terminal
             "--no-switchvt" ;Prevent a switch to the virtual terminal.
+            "--font-engine" #$font-engine
+            "--font-size" #$(number->string font-size)
             #$@(if hardware-acceleration? '("--hwaccel") '())
             "--login" "--"
             #$login-program #$@login-arguments
diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm
new file mode 100644
index 0000000000..0b18521e76
--- /dev/null
+++ b/gnu/services/ci.scm
@@ -0,0 +1,127 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018, 2019, 2020, 2021 Christopher Baines <mail@cbaines.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services ci)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages ci)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services admin)
+  #:use-module (gnu system shadow)
+  #:use-module (ice-9 match)
+  #:export (laminar-configuration
+            laminar-configuration?
+            laminar-configuration-home-directory
+            laminar-configuration-bind-http
+            laminar-configuration-bind-rpc
+            laminar-configuration-title
+            laminar-configuration-keep-rundirs
+            laminar-configuration-archive-url
+            laminar-configuration-base-url
+
+            laminar-service-type))
+
+;;;; Commentary:
+;;;
+;;; This module implements a service that to run instances of Laminar, a
+;;; continuous integration tool.
+;;;
+;;;; Code:
+
+(define-record-type* <laminar-configuration>
+  laminar-configuration make-laminar-configuration
+  laminar-configuration?
+  (laminar          laminars-configuration-laminar
+                    (default laminar))
+  (home-directory   laminar-configuration-home-directory
+                    (default "/var/lib/laminar"))
+  (bind-http        laminar-configuration-bind-http
+                    (default "*:8080"))
+  (bind-rpc         laminar-configuration-bind-rpc
+                    (default "unix-abstract:laminar"))
+  (title            laminar-configuration-title
+                    (default "Laminar"))
+  (keep-rundirs     laminar-keep-rundirs
+                    (default 0))
+  (archive-url      laminar-archive-url
+                    (default #f))
+  (base-url         laminar-base-url
+                    (default #f)))
+
+(define laminar-shepherd-service
+  (match-lambda
+    (($ <laminar-configuration> laminar home-directory
+                                bind-http bind-rpc
+                                title keep-rundirs archive-url
+                                base-url)
+     (list (shepherd-service
+            (documentation "Run Laminar.")
+            (provision '(laminar))
+            (requirement '(networking))
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append laminar "/sbin/laminard"))
+                      #:environment-variables
+                      `(,(string-append "LAMINAR_HOME="
+                                        #$home-directory)
+                        ,(string-append "LAMINAR_BIND_HTTP="
+                                        #$bind-http)
+                        ,(string-append "LAMINAR_TITLE="
+                                        #$title)
+                        ,(string-append "LAMINAR_KEEP_RUNDIRS="
+                                        #$(number->string
+                                           keep-rundirs))
+                        ,@(if #$archive-url
+                              (list
+                               (string-append "LAMINAR_ARCHIVE_URL="
+                                              #$archive-url))
+                              '())
+                        ,@(if #$base-url
+                              (list
+                               (string-append "LAMINAR_BASE_URL="
+                                              #$base-url))
+                              '()))
+                      #:user "laminar"
+                      #:group "laminar"))
+            (stop #~(make-kill-destructor)))))))
+
+(define (laminar-account config)
+  "Return the user accounts and user groups for CONFIG."
+  (list (user-group
+         (name "laminar")
+         (system? #t))
+        (user-account
+         (name "laminar")
+         (group "laminar")
+         (system? #t)
+         (comment "Laminar privilege separation user")
+         (home-directory (laminar-configuration-home-directory config))
+         (shell #~(string-append #$shadow "/sbin/nologin")))))
+
+(define laminar-service-type
+  (service-type
+   (name 'laminar)
+   (extensions
+    (list
+     (service-extension shepherd-root-service-type laminar-shepherd-service)
+     (service-extension account-service-type laminar-account)))
+   (default-value (laminar-configuration))
+   (description
+    "Run the Laminar continuous integration service.")))
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index 9de36eb1c9..5b4e24d794 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -60,7 +60,7 @@
 ;;;; Code:
 
 (define %cuirass-default-database
-  "dbname=cuirass host=/var/run/postgresql")
+  "dbname=cuirass host=/tmp")
 
 (define-record-type* <cuirass-remote-server-configuration>
   cuirass-remote-server-configuration make-cuirass-remote-server-configuration
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index a841e7a50e..4a6d36b50b 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -115,7 +115,7 @@ host	all	all	::1/128 	md5"))
   (ident-file        postgresql-config-file-ident-file
                      (default %default-postgres-ident))
   (socket-directory  postgresql-config-file-socket-directory
-                     (default "/var/run/postgresql"))
+                     (default #false))
   (extra-config      postgresql-config-file-extra-config
                      (default '())))
 
@@ -363,7 +363,7 @@ and stores the database cluster in @var{data-directory}."
   postgresql-role-configuration make-postgresql-role-configuration
   postgresql-role-configuration?
   (host             postgresql-role-configuration-host ;string
-                    (default "/var/run/postgresql"))
+                    (default "/tmp"))
   (log              postgresql-role-configuration-log ;string
                     (default "/var/log/postgresql_roles.log"))
   (roles            postgresql-role-configuration-roles
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index c0f6371104..81f692e437 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -159,7 +159,7 @@
 (define (serialize-free-form-args field-name val)
   (serialize-field field-name
                    (string-join
-                    (map (match-lambda ((k . v) (format #t "~a=~a" k v))) val)
+                    (map (match-lambda ((k . v) (format #f "~a=~a" k v))) val)
                     " ")))
 
 (define-configuration dict-configuration
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..761820ad2e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 ;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2021 Christopher Lemmer Webber <cwebber@dustycloud.org>
+;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -55,6 +56,8 @@
   #:use-module (gnu packages ntp)
   #:use-module (gnu packages wicd)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages ipfs)
+  #:use-module (gnu build linux-container)
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (guix modules)
@@ -197,6 +200,13 @@
             yggdrasil-configuration-json-config
             yggdrasil-configuration-package
 
+            ipfs-service-type
+            ipfs-configuration
+            ipfs-configuration?
+            ipfs-configuration-package
+            ipfs-configuration-gateway
+            ipfs-configuration-api
+
             keepalived-configuration
             keepalived-configuration?
             keepalived-service-type))
@@ -1878,6 +1888,137 @@ See yggdrasil -genconf for config options.")
 
 
 ;;;
+;;; IPFS
+;;;
+
+(define-record-type* <ipfs-configuration>
+  ipfs-configuration
+  make-ipfs-configuration
+  ipfs-configuration?
+  (package ipfs-configuration-package
+           (default go-ipfs))
+  (gateway ipfs-configuration-gateway
+           (default "/ip4/127.0.0.1/tcp/8082"))
+  (api     ipfs-configuration-api
+           (default "/ip4/127.0.0.1/tcp/5001")))
+
+(define %ipfs-home "/var/lib/ipfs")
+
+(define %ipfs-accounts
+  (list (user-account
+         (name "ipfs")
+         (group "ipfs")
+         (system? #t)
+         (comment "IPFS daemon user")
+         (home-directory "/var/lib/ipfs")
+         (shell (file-append shadow "/sbin/nologin")))
+        (user-group
+         (name "ipfs")
+         (system? #t))))
+
+(define (ipfs-binary config)
+  (file-append (ipfs-configuration-package config) "/bin/ipfs"))
+
+(define %ipfs-home-mapping
+  #~(file-system-mapping
+     (source #$%ipfs-home)
+     (target #$%ipfs-home)
+     (writable? #t)))
+
+(define %ipfs-environment
+  #~(list #$(string-append "HOME=" %ipfs-home)))
+
+(define (ipfs-shepherd-service config)
+  "Return a <shepherd-service> for IPFS with CONFIG."
+  (define ipfs-daemon-command
+    #~(list #$(ipfs-binary config) "daemon"))
+  (list
+   (with-imported-modules (source-module-closure
+                           '((gnu build shepherd)
+                             (gnu system file-systems)))
+     (shepherd-service
+      (provision '(ipfs))
+      ;; While IPFS is most useful when the machine is connected
+      ;; to the network, only loopback is required for starting
+      ;; the service.
+      (requirement '(loopback))
+      (documentation "Connect to the IPFS network")
+      (modules '((gnu build shepherd)
+                 (gnu system file-systems)))
+      (start #~(make-forkexec-constructor/container
+                #$ipfs-daemon-command
+                #:namespaces '#$(fold delq %namespaces '(user net))
+                #:mappings (list #$%ipfs-home-mapping)
+                #:log-file "/var/log/ipfs.log"
+                #:user "ipfs"
+                #:group "ipfs"
+                #:environment-variables #$%ipfs-environment))
+      (stop #~(make-kill-destructor))))))
+
+(define (%ipfs-activation config)
+  "Return an activation gexp for IPFS with CONFIG"
+  (define (ipfs-config-command setting value)
+    #~(#$(ipfs-binary config) "config" #$setting #$value))
+  (define (set-config!-gexp setting value)
+    #~(system* #$@(ipfs-config-command setting value)))
+  (define settings
+    `(("Addresses.API" ,(ipfs-configuration-api config))
+      ("Addresses.Gateway" ,(ipfs-configuration-gateway config))))
+  (define inner-gexp
+    #~(begin
+        (umask #o077)
+        ;; Create $HOME/.ipfs structure
+        (system* #$(ipfs-binary config) "init")
+        ;; Apply settings
+        #$@(map (cute apply set-config!-gexp <>) settings)))
+  (define inner-script
+    (program-file "ipfs-activation-inner" inner-gexp))
+  ;; Run ipfs init and ipfs config from a container,
+  ;; in case the IPFS daemon was compromised at some point
+  ;; and ~/.ipfs is now a symlink to somewhere outside
+  ;; %ipfs-home.
+  (define container-gexp
+    (with-extensions (list shepherd)
+      (with-imported-modules (source-module-closure
+                              '((gnu build shepherd)
+                                (gnu system file-systems)))
+        #~(begin
+            (use-modules (gnu build shepherd)
+                         (gnu system file-systems))
+            (let* ((constructor
+                    (make-forkexec-constructor/container
+                     (list #$inner-script)
+                     #:namespaces '#$(fold delq %namespaces '(user))
+                     #:mappings (list #$%ipfs-home-mapping)
+                     #:user "ipfs"
+                     #:group "ipfs"
+                     #:environment-variables #$%ipfs-environment))
+                   (pid (constructor)))
+              (waitpid pid))))))
+  ;; The activation may happen from the initrd, which uses
+  ;; a statically-linked guile, while the guix container
+  ;; procedures require a working dynamic-link.
+  (define container-script
+    (program-file "ipfs-activation-container" container-gexp))
+  #~(system* #$container-script))
+
+(define ipfs-service-type
+  (service-type
+   (name 'ipfs)
+   (extensions
+    (list (service-extension account-service-type
+                             (const %ipfs-accounts))
+          (service-extension activation-service-type
+                             %ipfs-activation)
+          (service-extension shepherd-root-service-type
+                             ipfs-shepherd-service)))
+   (default-value (ipfs-configuration))
+   (description
+    "Run @command{ipfs daemon}, the reference implementation
+of the IPFS peer-to-peer storage network.")))
+
+
+;;;
 ;;; Keepalived
 ;;;
 
diff --git a/gnu/services/sysctl.scm b/gnu/services/sysctl.scm
index aaea7cc30d..80ed2ff46f 100644
--- a/gnu/services/sysctl.scm
+++ b/gnu/services/sysctl.scm
@@ -25,6 +25,8 @@
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match)
   #:export (sysctl-configuration
+            sysctl-configuration-sysctl
+            sysctl-configuration-settings
             sysctl-service-type
             %default-sysctl-settings))
 
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index f3df0b979f..8cb5633165 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -163,7 +163,7 @@ protocol.")
 
 (define* (git-daemon-service #:key (config (git-daemon-configuration)))
   "Return a service that runs @command{git daemon}, a simple TCP server to
-expose repositories over the Git protocol for annoymous access.
+expose repositories over the Git protocol for anonymous access.
 
 The optional @var{config} argument should be a
 @code{<git-daemon-configuration>} object, by default it allows read-only
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index aa688a4328..bfcdfe7421 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -840,8 +840,9 @@ of index files."
             (requirement '(networking))
             (start #~(make-forkexec-constructor
                       '(#$(file-append package "/sbin/fcgiwrap")
-			  "-s" #$socket)
-		      #:user #$user #:group #$group))
+                        "-s" #$socket)
+                      #:user #$user #:group #$group
+                      #:log-file "/var/log/fcgiwrap.log"))
             (stop #~(make-kill-destructor)))))))
 
 (define fcgiwrap-activation
@@ -863,7 +864,7 @@ of index files."
                 (extensions
                  (list (service-extension shepherd-root-service-type
                                           fcgiwrap-shepherd-service)
-		       (service-extension account-service-type
+                       (service-extension account-service-type
                                           fcgiwrap-accounts)
                        (service-extension activation-service-type
                                           fcgiwrap-activation)))
@@ -1946,24 +1947,24 @@ root=/srv/gemini
             (documentation "Run the agate Gemini server.")
             (start (let ((agate (file-append package "/bin/agate")))
                      #~(make-forkexec-constructor
-			(list #$agate
-			      "--content" #$content
-			      "--cert" #$cert
-			      "--key" #$key
-			      "--addr" #$@addr
+                        (list #$agate
+                              "--content" #$content
+                              "--cert" #$cert
+                              "--key" #$key
+                              "--addr" #$@addr
                               #$@(if lang
                                      (list "--lang" lang)
                                      '())
-			      #$@(if hostname
-				     (list "--hostname" hostname)
-				     '())
-			      #$@(if silent? '("--silent") '())
-			      #$@(if serve-secret? '("--serve-secret") '())
-			      #$@(if log-ip? '("--log-ip") '()))
-			#:user #$user #:group #$group
-			#:log-file #$log-file)))
+                              #$@(if hostname
+                                     (list "--hostname" hostname)
+                                     '())
+                              #$@(if silent? '("--silent") '())
+                              #$@(if serve-secret? '("--serve-secret") '())
+                              #$@(if log-ip? '("--log-ip") '()))
+                        #:user #$user #:group #$group
+                        #:log-file #$log-file)))
             (stop #~(make-kill-destructor)))))))
-             
+
 (define agate-accounts
   (match-lambda
     (($ <agate-configuration> _ _ _ _ _
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 60611dc77d..17d983ff8d 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -68,6 +68,8 @@
 
             %default-xorg-modules
             %default-xorg-fonts
+            %default-xorg-server-arguments
+
             xorg-wrapper
             xorg-start-command
             xinitrc