diff options
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/admin.scm | 4 | ||||
-rw-r--r-- | gnu/services/base.scm | 19 | ||||
-rw-r--r-- | gnu/services/ci.scm | 127 | ||||
-rw-r--r-- | gnu/services/cuirass.scm | 2 | ||||
-rw-r--r-- | gnu/services/databases.scm | 4 | ||||
-rw-r--r-- | gnu/services/mail.scm | 2 | ||||
-rw-r--r-- | gnu/services/networking.scm | 141 | ||||
-rw-r--r-- | gnu/services/sysctl.scm | 2 | ||||
-rw-r--r-- | gnu/services/version-control.scm | 2 | ||||
-rw-r--r-- | gnu/services/web.scm | 35 | ||||
-rw-r--r-- | gnu/services/xorg.scm | 2 |
11 files changed, 313 insertions, 27 deletions
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm index b34b990f32..763a4434e4 100644 --- a/gnu/services/admin.scm +++ b/gnu/services/admin.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> -;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> ;;; ;;; This file is part of GNU Guix. @@ -80,7 +80,7 @@ (define %rotated-files ;; Syslog files subject to rotation. '("/var/log/messages" "/var/log/secure" "/var/log/debug" - "/var/log/maillog")) + "/var/log/maillog" "/var/log/mcron.log")) (define %default-rotations (list (log-rotation ;syslog files diff --git a/gnu/services/base.scm b/gnu/services/base.scm index f50bcfdcb4..24b3ea785b 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -13,6 +13,7 @@ ;;; Copyright © 2019 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de> ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> +;;; Copyright © 2021 qblade <qblade@protonmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1815,7 +1816,11 @@ proxy of 'guix-daemon'...~%") raise a deprecation warning if the 'compression-level' field was used." (match (%guix-publish-configuration-compression-level config) (#f - '(("gzip" 3))) + ;; Default to low compression levels when there's no cache so that users + ;; get good bandwidth by default. + (if (guix-publish-configuration-cache config) + '(("gzip" 5) ("zstd" 19)) + '(("gzip" 3) ("zstd" 3)))) ;zstd compresses faster (level (warn-about-deprecation 'compression-level properties #:replacement 'compression) @@ -2304,7 +2309,11 @@ This service is not part of @var{%base-services}." (auto-login kmscon-configuration-auto-login (default #f)) (hardware-acceleration? kmscon-configuration-hardware-acceleration? - (default #f))) ; #t causes failure + (default #f)) ; #t causes failure + (font-engine kmscon-configuration-font-engine + (default "pango")) + (font-size kmscon-configuration-font-size + (default 12))) (define kmscon-service-type (shepherd-service-type @@ -2315,13 +2324,17 @@ This service is not part of @var{%base-services}." (login-program (kmscon-configuration-login-program config)) (login-arguments (kmscon-configuration-login-arguments config)) (auto-login (kmscon-configuration-auto-login config)) - (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config))) + (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)) + (font-engine (kmscon-configuration-font-engine config)) + (font-size (kmscon-configuration-font-size config))) (define kmscon-command #~(list #$(file-append kmscon "/bin/kmscon") "--login" "--vt" #$virtual-terminal "--no-switchvt" ;Prevent a switch to the virtual terminal. + "--font-engine" #$font-engine + "--font-size" #$(number->string font-size) #$@(if hardware-acceleration? '("--hwaccel") '()) "--login" "--" #$login-program #$@login-arguments diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm new file mode 100644 index 0000000000..0b18521e76 --- /dev/null +++ b/gnu/services/ci.scm @@ -0,0 +1,127 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2018, 2019, 2020, 2021 Christopher Baines <mail@cbaines.net> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation, either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu services ci) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (gnu packages admin) + #:use-module (gnu packages ci) + #:use-module (gnu services) + #:use-module (gnu services base) + #:use-module (gnu services shepherd) + #:use-module (gnu services admin) + #:use-module (gnu system shadow) + #:use-module (ice-9 match) + #:export (laminar-configuration + laminar-configuration? + laminar-configuration-home-directory + laminar-configuration-bind-http + laminar-configuration-bind-rpc + laminar-configuration-title + laminar-configuration-keep-rundirs + laminar-configuration-archive-url + laminar-configuration-base-url + + laminar-service-type)) + +;;;; Commentary: +;;; +;;; This module implements a service that to run instances of Laminar, a +;;; continuous integration tool. +;;; +;;;; Code: + +(define-record-type* <laminar-configuration> + laminar-configuration make-laminar-configuration + laminar-configuration? + (laminar laminars-configuration-laminar + (default laminar)) + (home-directory laminar-configuration-home-directory + (default "/var/lib/laminar")) + (bind-http laminar-configuration-bind-http + (default "*:8080")) + (bind-rpc laminar-configuration-bind-rpc + (default "unix-abstract:laminar")) + (title laminar-configuration-title + (default "Laminar")) + (keep-rundirs laminar-keep-rundirs + (default 0)) + (archive-url laminar-archive-url + (default #f)) + (base-url laminar-base-url + (default #f))) + +(define laminar-shepherd-service + (match-lambda + (($ <laminar-configuration> laminar home-directory + bind-http bind-rpc + title keep-rundirs archive-url + base-url) + (list (shepherd-service + (documentation "Run Laminar.") + (provision '(laminar)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append laminar "/sbin/laminard")) + #:environment-variables + `(,(string-append "LAMINAR_HOME=" + #$home-directory) + ,(string-append "LAMINAR_BIND_HTTP=" + #$bind-http) + ,(string-append "LAMINAR_TITLE=" + #$title) + ,(string-append "LAMINAR_KEEP_RUNDIRS=" + #$(number->string + keep-rundirs)) + ,@(if #$archive-url + (list + (string-append "LAMINAR_ARCHIVE_URL=" + #$archive-url)) + '()) + ,@(if #$base-url + (list + (string-append "LAMINAR_BASE_URL=" + #$base-url)) + '())) + #:user "laminar" + #:group "laminar")) + (stop #~(make-kill-destructor))))))) + +(define (laminar-account config) + "Return the user accounts and user groups for CONFIG." + (list (user-group + (name "laminar") + (system? #t)) + (user-account + (name "laminar") + (group "laminar") + (system? #t) + (comment "Laminar privilege separation user") + (home-directory (laminar-configuration-home-directory config)) + (shell #~(string-append #$shadow "/sbin/nologin"))))) + +(define laminar-service-type + (service-type + (name 'laminar) + (extensions + (list + (service-extension shepherd-root-service-type laminar-shepherd-service) + (service-extension account-service-type laminar-account))) + (default-value (laminar-configuration)) + (description + "Run the Laminar continuous integration service."))) diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 9de36eb1c9..5b4e24d794 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -60,7 +60,7 @@ ;;;; Code: (define %cuirass-default-database - "dbname=cuirass host=/var/run/postgresql") + "dbname=cuirass host=/tmp") (define-record-type* <cuirass-remote-server-configuration> cuirass-remote-server-configuration make-cuirass-remote-server-configuration diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index a841e7a50e..4a6d36b50b 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -115,7 +115,7 @@ host all all ::1/128 md5")) (ident-file postgresql-config-file-ident-file (default %default-postgres-ident)) (socket-directory postgresql-config-file-socket-directory - (default "/var/run/postgresql")) + (default #false)) (extra-config postgresql-config-file-extra-config (default '()))) @@ -363,7 +363,7 @@ and stores the database cluster in @var{data-directory}." postgresql-role-configuration make-postgresql-role-configuration postgresql-role-configuration? (host postgresql-role-configuration-host ;string - (default "/var/run/postgresql")) + (default "/tmp")) (log postgresql-role-configuration-log ;string (default "/var/log/postgresql_roles.log")) (roles postgresql-role-configuration-roles diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index c0f6371104..81f692e437 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -159,7 +159,7 @@ (define (serialize-free-form-args field-name val) (serialize-field field-name (string-join - (map (match-lambda ((k . v) (format #t "~a=~a" k v))) val) + (map (match-lambda ((k . v) (format #f "~a=~a" k v))) val) " "))) (define-configuration dict-configuration diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 231a9f66c7..761820ad2e 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> ;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com> ;;; Copyright © 2021 Christopher Lemmer Webber <cwebber@dustycloud.org> +;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be> ;;; ;;; This file is part of GNU Guix. ;;; @@ -55,6 +56,8 @@ #:use-module (gnu packages ntp) #:use-module (gnu packages wicd) #:use-module (gnu packages gnome) + #:use-module (gnu packages ipfs) + #:use-module (gnu build linux-container) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) @@ -197,6 +200,13 @@ yggdrasil-configuration-json-config yggdrasil-configuration-package + ipfs-service-type + ipfs-configuration + ipfs-configuration? + ipfs-configuration-package + ipfs-configuration-gateway + ipfs-configuration-api + keepalived-configuration keepalived-configuration? keepalived-service-type)) @@ -1878,6 +1888,137 @@ See yggdrasil -genconf for config options.") ;;; +;;; IPFS +;;; + +(define-record-type* <ipfs-configuration> + ipfs-configuration + make-ipfs-configuration + ipfs-configuration? + (package ipfs-configuration-package + (default go-ipfs)) + (gateway ipfs-configuration-gateway + (default "/ip4/127.0.0.1/tcp/8082")) + (api ipfs-configuration-api + (default "/ip4/127.0.0.1/tcp/5001"))) + +(define %ipfs-home "/var/lib/ipfs") + +(define %ipfs-accounts + (list (user-account + (name "ipfs") + (group "ipfs") + (system? #t) + (comment "IPFS daemon user") + (home-directory "/var/lib/ipfs") + (shell (file-append shadow "/sbin/nologin"))) + (user-group + (name "ipfs") + (system? #t)))) + +(define (ipfs-binary config) + (file-append (ipfs-configuration-package config) "/bin/ipfs")) + +(define %ipfs-home-mapping + #~(file-system-mapping + (source #$%ipfs-home) + (target #$%ipfs-home) + (writable? #t))) + +(define %ipfs-environment + #~(list #$(string-append "HOME=" %ipfs-home))) + +(define (ipfs-shepherd-service config) + "Return a <shepherd-service> for IPFS with CONFIG." + (define ipfs-daemon-command + #~(list #$(ipfs-binary config) "daemon")) + (list + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (shepherd-service + (provision '(ipfs)) + ;; While IPFS is most useful when the machine is connected + ;; to the network, only loopback is required for starting + ;; the service. + (requirement '(loopback)) + (documentation "Connect to the IPFS network") + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start #~(make-forkexec-constructor/container + #$ipfs-daemon-command + #:namespaces '#$(fold delq %namespaces '(user net)) + #:mappings (list #$%ipfs-home-mapping) + #:log-file "/var/log/ipfs.log" + #:user "ipfs" + #:group "ipfs" + #:environment-variables #$%ipfs-environment)) + (stop #~(make-kill-destructor)))))) + +(define (%ipfs-activation config) + "Return an activation gexp for IPFS with CONFIG" + (define (ipfs-config-command setting value) + #~(#$(ipfs-binary config) "config" #$setting #$value)) + (define (set-config!-gexp setting value) + #~(system* #$@(ipfs-config-command setting value))) + (define settings + `(("Addresses.API" ,(ipfs-configuration-api config)) + ("Addresses.Gateway" ,(ipfs-configuration-gateway config)))) + (define inner-gexp + #~(begin + (umask #o077) + ;; Create $HOME/.ipfs structure + (system* #$(ipfs-binary config) "init") + ;; Apply settings + #$@(map (cute apply set-config!-gexp <>) settings))) + (define inner-script + (program-file "ipfs-activation-inner" inner-gexp)) + ;; Run ipfs init and ipfs config from a container, + ;; in case the IPFS daemon was compromised at some point + ;; and ~/.ipfs is now a symlink to somewhere outside + ;; %ipfs-home. + (define container-gexp + (with-extensions (list shepherd) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (use-modules (gnu build shepherd) + (gnu system file-systems)) + (let* ((constructor + (make-forkexec-constructor/container + (list #$inner-script) + #:namespaces '#$(fold delq %namespaces '(user)) + #:mappings (list #$%ipfs-home-mapping) + #:user "ipfs" + #:group "ipfs" + #:environment-variables #$%ipfs-environment)) + (pid (constructor))) + (waitpid pid)))))) + ;; The activation may happen from the initrd, which uses + ;; a statically-linked guile, while the guix container + ;; procedures require a working dynamic-link. + (define container-script + (program-file "ipfs-activation-container" container-gexp)) + #~(system* #$container-script)) + +(define ipfs-service-type + (service-type + (name 'ipfs) + (extensions + (list (service-extension account-service-type + (const %ipfs-accounts)) + (service-extension activation-service-type + %ipfs-activation) + (service-extension shepherd-root-service-type + ipfs-shepherd-service))) + (default-value (ipfs-configuration)) + (description + "Run @command{ipfs daemon}, the reference implementation +of the IPFS peer-to-peer storage network."))) + + +;;; ;;; Keepalived ;;; diff --git a/gnu/services/sysctl.scm b/gnu/services/sysctl.scm index aaea7cc30d..80ed2ff46f 100644 --- a/gnu/services/sysctl.scm +++ b/gnu/services/sysctl.scm @@ -25,6 +25,8 @@ #:use-module (srfi srfi-1) #:use-module (ice-9 match) #:export (sysctl-configuration + sysctl-configuration-sysctl + sysctl-configuration-settings sysctl-service-type %default-sysctl-settings)) diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index f3df0b979f..8cb5633165 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -163,7 +163,7 @@ protocol.") (define* (git-daemon-service #:key (config (git-daemon-configuration))) "Return a service that runs @command{git daemon}, a simple TCP server to -expose repositories over the Git protocol for annoymous access. +expose repositories over the Git protocol for anonymous access. The optional @var{config} argument should be a @code{<git-daemon-configuration>} object, by default it allows read-only diff --git a/gnu/services/web.scm b/gnu/services/web.scm index aa688a4328..bfcdfe7421 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -840,8 +840,9 @@ of index files." (requirement '(networking)) (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/fcgiwrap") - "-s" #$socket) - #:user #$user #:group #$group)) + "-s" #$socket) + #:user #$user #:group #$group + #:log-file "/var/log/fcgiwrap.log")) (stop #~(make-kill-destructor))))))) (define fcgiwrap-activation @@ -863,7 +864,7 @@ of index files." (extensions (list (service-extension shepherd-root-service-type fcgiwrap-shepherd-service) - (service-extension account-service-type + (service-extension account-service-type fcgiwrap-accounts) (service-extension activation-service-type fcgiwrap-activation))) @@ -1946,24 +1947,24 @@ root=/srv/gemini (documentation "Run the agate Gemini server.") (start (let ((agate (file-append package "/bin/agate"))) #~(make-forkexec-constructor - (list #$agate - "--content" #$content - "--cert" #$cert - "--key" #$key - "--addr" #$@addr + (list #$agate + "--content" #$content + "--cert" #$cert + "--key" #$key + "--addr" #$@addr #$@(if lang (list "--lang" lang) '()) - #$@(if hostname - (list "--hostname" hostname) - '()) - #$@(if silent? '("--silent") '()) - #$@(if serve-secret? '("--serve-secret") '()) - #$@(if log-ip? '("--log-ip") '())) - #:user #$user #:group #$group - #:log-file #$log-file))) + #$@(if hostname + (list "--hostname" hostname) + '()) + #$@(if silent? '("--silent") '()) + #$@(if serve-secret? '("--serve-secret") '()) + #$@(if log-ip? '("--log-ip") '())) + #:user #$user #:group #$group + #:log-file #$log-file))) (stop #~(make-kill-destructor))))))) - + (define agate-accounts (match-lambda (($ <agate-configuration> _ _ _ _ _ diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index 60611dc77d..17d983ff8d 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -68,6 +68,8 @@ %default-xorg-modules %default-xorg-fonts + %default-xorg-server-arguments + xorg-wrapper xorg-start-command xinitrc |