diff options
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/audio.scm | 33 | ||||
| -rw-r--r-- | gnu/services/base.scm | 126 | ||||
| -rw-r--r-- | gnu/services/cups.scm | 3 | ||||
| -rw-r--r-- | gnu/services/databases.scm | 89 | ||||
| -rw-r--r-- | gnu/services/desktop.scm | 36 | ||||
| -rw-r--r-- | gnu/services/dns.scm | 2 | ||||
| -rw-r--r-- | gnu/services/ganeti.scm | 2 | ||||
| -rw-r--r-- | gnu/services/guix.scm | 32 | ||||
| -rw-r--r-- | gnu/services/monitoring.scm | 7 | ||||
| -rw-r--r-- | gnu/services/networking.scm | 117 | ||||
| -rw-r--r-- | gnu/services/sddm.scm | 2 | ||||
| -rw-r--r-- | gnu/services/shepherd.scm | 13 | ||||
| -rw-r--r-- | gnu/services/virtualization.scm | 11 | ||||
| -rw-r--r-- | gnu/services/vpn.scm | 6 | ||||
| -rw-r--r-- | gnu/services/web.scm | 90 |
15 files changed, 479 insertions, 90 deletions
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index 37f2efa479..627b941871 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com> ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +22,8 @@ #:use-module (guix gexp) #:use-module (gnu services) #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) #:use-module (gnu packages mpd) #:use-module (guix records) #:use-module (ice-9 match) @@ -135,19 +138,19 @@ audio_output { (define (mpd-shepherd-service config) (shepherd-service (documentation "Run the MPD (Music Player Daemon)") + (requirement '(user-processes)) (provision '(mpd)) (start #~(make-forkexec-constructor (list #$(file-append mpd "/bin/mpd") "--no-daemon" #$(mpd-config->file config)) - #:pid-file #$(mpd-file-name config "pid") #:environment-variables ;; Required to detect PulseAudio when run under a user account. - '(#$(string-append - "XDG_RUNTIME_DIR=/run/user/" - (number->string + (list (string-append + "XDG_RUNTIME_DIR=/run/user/" + (number->string (passwd:uid - (getpwnam (mpd-configuration-user config)))))) + (getpwnam #$(mpd-configuration-user config)))))) #:log-file #$(mpd-file-name config "log"))) (stop #~(make-kill-destructor)))) @@ -158,10 +161,26 @@ audio_output { (define %user (getpw #$(mpd-configuration-user config))) - (let ((directory #$(mpd-file-name config ""))) + (let ((directory #$(mpd-file-name config ".mpd"))) (mkdir-p directory) (chown directory (passwd:uid %user) (passwd:gid %user)))))) + +(define %mpd-accounts + ;; Default account and group for MPD. + (list (user-group (name "mpd") (system? #t)) + (user-account + (name "mpd") + (group "mpd") + (system? #t) + (comment "Music Player Daemon (MPD) user") + + ;; Note: /var/run/mpd hosts one sub-directory per user, of which + ;; /var/run/mpd/mpd corresponds to the "mpd" user. + (home-directory "/var/run/mpd/mpd") + + (shell (file-append shadow "/sbin/nologin"))))) + (define mpd-service-type (service-type (name 'mpd) @@ -169,6 +188,8 @@ audio_output { (extensions (list (service-extension shepherd-root-service-type (compose list mpd-shepherd-service)) + (service-extension account-service-type + (const %mpd-accounts)) (service-extension activation-service-type mpd-service-activation))) (default-value (mpd-configuration)))) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 04bc991356..3fc4d5f885 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com> -;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2015, 2016, 2020 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016 David Craven <david@craven.ch> @@ -62,7 +62,8 @@ #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:use-module (ice-9 format) - #:re-export (user-processes-service-type) ;backwards compatibility + #:re-export (user-processes-service-type ;backwards compatibility + %default-substitute-urls) #:export (fstab-service-type root-file-system-service file-system-service-type @@ -106,6 +107,12 @@ agetty-service-type mingetty-configuration + mingetty-configuration-tty + mingetty-configuration-auto-login + mingetty-configuration-login-program + mingetty-configuration-login-pause? + mingetty-configuration-clear-on-logout? + mingetty-configuration-mingetty mingetty-configuration? mingetty-service mingetty-service-type @@ -291,7 +298,8 @@ FILE-SYSTEM." (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a <mapped-device>." (symbol-append 'device-mapping- - (string->symbol (mapped-device-target md)))) + (string->symbol (string-join + (mapped-device-targets md) "-")))) (define dependency->shepherd-service-name (match-lambda @@ -1024,20 +1032,22 @@ the tty to run, among other things." (define-record-type* <mingetty-configuration> mingetty-configuration make-mingetty-configuration mingetty-configuration? - (mingetty mingetty-configuration-mingetty ;<package> - (default mingetty)) - (tty mingetty-configuration-tty) ;string - (auto-login mingetty-auto-login ;string | #f - (default #f)) - (login-program mingetty-login-program ;gexp - (default #f)) - (login-pause? mingetty-login-pause? ;Boolean - (default #f))) + (mingetty mingetty-configuration-mingetty ;<package> + (default mingetty)) + (tty mingetty-configuration-tty) ;string + (auto-login mingetty-auto-login ;string | #f + (default #f)) + (login-program mingetty-login-program ;gexp + (default #f)) + (login-pause? mingetty-login-pause? ;Boolean + (default #f)) + (clear-on-logout? mingetty-clear-on-logout? ;Boolean + (default #t))) (define mingetty-shepherd-service (match-lambda (($ <mingetty-configuration> mingetty tty auto-login login-program - login-pause?) + login-pause? clear-on-logout?) (list (shepherd-service (documentation "Run mingetty on an tty.") @@ -1050,7 +1060,6 @@ the tty to run, among other things." (start #~(make-forkexec-constructor (list #$(file-append mingetty "/sbin/mingetty") - "--noclear" ;; Avoiding 'vhangup' allows us to avoid 'setfont' ;; errors down the path where various ioctls get @@ -1058,6 +1067,9 @@ the tty to run, among other things." ;; in Linux. "--nohangup" #$tty + #$@(if clear-on-logout? + #~() + #~("--noclear")) #$@(if auto-login #~("--autologin" #$auto-login) #~()) @@ -1476,10 +1488,18 @@ archive' public keys, with GUIX." #~(begin (use-modules (guix build utils)) - (unless (file-exists? "/etc/guix/acl") - (mkdir-p "/etc/guix") - (copy-file #+default-acl "/etc/guix/acl") - (chmod "/etc/guix/acl" #o600))))) + ;; If the ACL already exists, move it out of the way. Create a backup + ;; if it's a regular file: it's likely that the user manually updated + ;; it with 'guix archive --authorize'. + (if (file-exists? "/etc/guix/acl") + (if (and (symbolic-link? "/etc/guix/acl") + (store-file-name? (readlink "/etc/guix/acl"))) + (delete-file "/etc/guix/acl") + (rename-file "/etc/guix/acl" "/etc/guix/acl.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared ACL. + (symlink #+default-acl "/etc/guix/acl")))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1562,8 +1582,10 @@ proxy of 'guix-daemon'...~%") (ice-9 match) (gnu build shepherd))) (start - (with-imported-modules (source-module-closure - '((gnu build shepherd))) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((gnu build shepherd)) + #:select? not-config?)) #~(lambda args (define proxy ;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by @@ -1732,6 +1754,8 @@ proxy of 'guix-daemon'...~%") (default "nar")) (cache guix-publish-configuration-cache ;#f | string (default #f)) + (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold + (default (* 10 (expt 2 20)))) ;integer (workers guix-publish-configuration-workers ;#f | integer (default #f)) (ttl guix-publish-configuration-ttl ;#f | integer @@ -1766,7 +1790,7 @@ raise a deprecation warning if the 'compression-level' field was used." lst)))) (match-record config <guix-publish-configuration> - (guix port host nar-path cache workers ttl) + (guix port host nar-path cache workers ttl cache-bypass-threshold) (list (shepherd-service (provision '(guix-publish)) (requirement '(guix-daemon)) @@ -1788,7 +1812,11 @@ raise a deprecation warning if the 'compression-level' field was used." "s")) #~()) #$@(if cache - #~((string-append "--cache=" #$cache)) + #~((string-append "--cache=" #$cache) + #$(string-append + "--cache-bypass-threshold=" + (number->string + cache-bypass-threshold))) #~())) ;; Make sure we run in a UTF-8 locale so we can produce @@ -2096,22 +2124,52 @@ instance." 'swap (lambda (device) (define requirement - (if (string-prefix? "/dev/mapper/" device) + (if (and (string? device) + (string-prefix? "/dev/mapper/" device)) (list (symbol-append 'device-mapping- (string->symbol (basename device)))) '())) - (shepherd-service - (provision (list (symbol-append 'swap- (string->symbol device)))) - (requirement `(udev ,@requirement)) - (documentation "Enable the given swap device.") - (start #~(lambda () - (restart-on-EINTR (swapon #$device)) - #t)) - (stop #~(lambda _ - (restart-on-EINTR (swapoff #$device)) - #f)) - (respawn? #f))))) + (define (device-lookup device) + ;; The generic 'find-partition' procedures could return a partition + ;; that's not swap space, but that's unlikely. + (cond ((uuid? device) + #~(find-partition-by-uuid #$(uuid-bytevector device))) + ((file-system-label? device) + #~(find-partition-by-label + #$(file-system-label->string device))) + (else + device))) + + (define service-name + (symbol-append 'swap- + (string->symbol + (cond ((uuid? device) + (string-take (uuid->string device) 6)) + ((file-system-label? device) + (file-system-label->string device)) + (else + device))))) + + (with-imported-modules (source-module-closure '((gnu build file-systems))) + (shepherd-service + (provision (list service-name)) + (requirement `(udev ,@requirement)) + (documentation "Enable the given swap device.") + (modules `((gnu build file-systems) + ,@%default-modules)) + (start #~(lambda () + (let ((device #$(device-lookup device))) + (and device + (begin + (restart-on-EINTR (swapon device)) + #t))))) + (stop #~(lambda _ + (let ((device #$(device-lookup device))) + (when device + (restart-on-EINTR (swapoff device))) + #f))) + (respawn? #f)))))) (define (swap-service device) "Return a service that uses @var{device} as a swap device." diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 16d6f76c1a..e8957c6859 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -482,7 +482,8 @@ programs.") (package cups) "The CUPS package.") (extensions - (package-list (list cups-filters)) + (package-list (list cups-filters epson-inkjet-printer-escpr + foomatic-filters hplip-minimal splix)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 2bddf70f71..60b31e0373 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net> +;;; Copyright © 2020 Marius Bakke <marius@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,6 +31,7 @@ #:use-module (gnu packages databases) #:use-module (guix build-system trivial) #:use-module (guix build union) + #:use-module (guix deprecation) #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) @@ -146,8 +148,7 @@ host all all ::1/128 md5")) (define-record-type* <postgresql-configuration> postgresql-configuration make-postgresql-configuration postgresql-configuration? - (postgresql postgresql-configuration-postgresql ;<package> - (default postgresql)) + (postgresql postgresql-configuration-postgresql) ;<package> (port postgresql-configuration-port (default 5432)) (locale postgresql-configuration-locale @@ -278,15 +279,15 @@ host all all ::1/128 md5")) (service-extension account-service-type (const %postgresql-accounts)) (service-extension profile-service-type - (compose list postgresql-configuration-postgresql)))) - (default-value (postgresql-configuration)))) - -(define* (postgresql-service #:key (postgresql postgresql) - (port 5432) - (locale "en_US.utf8") - (config-file (postgresql-config-file)) - (data-directory "/var/lib/postgresql/data") - (extension-packages '())) + (compose list postgresql-configuration-postgresql)))))) + +(define-deprecated (postgresql-service #:key (postgresql postgresql) + (port 5432) + (locale "en_US.utf8") + (config-file (postgresql-config-file)) + (data-directory "/var/lib/postgresql/data") + (extension-packages '())) + postgresql-service-type "Return a service that runs @var{postgresql}, the PostgreSQL database server. The PostgreSQL daemon loads its runtime configuration from @var{config-file} @@ -465,8 +466,11 @@ storage: mysql-configuration make-mysql-configuration mysql-configuration? (mysql mysql-configuration-mysql (default mariadb)) + (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) - (extra-content mysql-configuration-extra-content (default ""))) + (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock")) + (extra-content mysql-configuration-extra-content (default "")) + (auto-upgrade? mysql-configuration-auto-upgrade? (default #t))) (define %mysql-accounts (list (user-group @@ -481,10 +485,11 @@ storage: (define mysql-configuration-file (match-lambda - (($ <mysql-configuration> mysql port extra-content) + (($ <mysql-configuration> mysql bind-address port socket extra-content) (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql -socket=/run/mysqld/mysqld.sock +socket=" socket " +bind-address=" bind-address " port=" (number->string port) " " extra-content " ")))) @@ -556,6 +561,52 @@ FLUSH PRIVILEGES; #:user "mysql" #:group "mysql"))) (stop #~(make-kill-destructor))))) +(define (mysql-upgrade-wrapper mysql socket-file) + ;; The MySQL socket and PID file may appear before the server is ready to + ;; accept connections. Ensure the socket is responsive before attempting + ;; to run the upgrade script. + (program-file + "mysql-upgrade-wrapper" + #~(begin + (let ((mysql-upgrade #$(file-append mysql "/bin/mysql_upgrade")) + (timeout 10)) + (begin + (let loop ((i 0)) + (catch 'system-error + (lambda () + (let ((sock (socket PF_UNIX SOCK_STREAM 0))) + (connect sock AF_UNIX #$socket-file) + (close-port sock) + ;; The socket is ready! + (execl mysql-upgrade mysql-upgrade + (string-append "--socket=" #$socket-file)))) + (lambda args + (if (< i timeout) + (begin + (sleep 1) + (loop (+ 1 i))) + ;; No luck, give up. + (throw 'timeout-error + "MySQL server did not appear in time!")))))))))) + +(define (mysql-upgrade-shepherd-service config) + (list (shepherd-service + (provision '(mysql-upgrade)) + (requirement '(mysql)) + (one-shot? #t) + (documentation "Upgrade MySQL database schemas.") + (start (let ((mysql (mysql-configuration-mysql config)) + (socket (mysql-configuration-socket config))) + #~(make-forkexec-constructor + (list #$(mysql-upgrade-wrapper mysql socket)) + #:user "mysql" #:group "mysql")))))) + +(define (mysql-shepherd-services config) + (if (mysql-configuration-auto-upgrade? config) + (append (mysql-shepherd-service config) + (mysql-upgrade-shepherd-service config)) + (mysql-shepherd-service config))) + (define mysql-service-type (service-type (name 'mysql) @@ -565,15 +616,11 @@ FLUSH PRIVILEGES; (service-extension activation-service-type %mysql-activation) (service-extension shepherd-root-service-type - mysql-shepherd-service))) + mysql-shepherd-services))) (default-value (mysql-configuration)))) -(define* (mysql-service #:key (config (mysql-configuration))) - "Return a service that runs @command{mysqld}, the MySQL or MariaDB -database server. - -The optional @var{config} argument specifies the configuration for -@command{mysqld}, which should be a @code{<mysql-configuration>} object." +(define-deprecated (mysql-service #:key (config (mysql-configuration))) + mysql-service-type (service mysql-service-type config)) diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 3a3fd8fd1b..265cf9f35f 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2019 Tim Gesthuizen <tim.gesthuizen@yahoo.de> ;;; Copyright © 2019 David Wilson <david@daviwil.com> ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -53,6 +54,7 @@ #:use-module (gnu packages suckless) #:use-module (gnu packages linux) #:use-module (gnu packages libusb) + #:use-module (gnu packages lxqt) #:use-module (gnu packages mate) #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) @@ -127,6 +129,10 @@ mate-desktop-service mate-desktop-service-type + lxqt-desktop-configuration + lxqt-desktop-configuration? + lxqt-desktop-service-type + xfce-desktop-configuration xfce-desktop-configuration? xfce-desktop-service @@ -1009,6 +1015,36 @@ system as root from within a user session, after the user has authenticated with the administrator's password." (service xfce-desktop-service-type config)) ++ +;;; +;;; Lxqt desktop service. +;;; + +(define-record-type* <lxqt-desktop-configuration> lxqt-desktop-configuration + make-lxqt-desktop-configuration + lxqt-desktop-configuration? + (lxqt lxqt-package + (default lxqt))) + +(define (lxqt-polkit-settings config) + "Return the list of LXQt dependencies that provide polkit actions and +rules." + (let ((lxqt (lxqt-package config))) + (map (lambda (name) + ((package-direct-input-selector name) lxqt)) + '("lxqt-admin")))) + +(define lxqt-desktop-service-type + (service-type + (name 'lxqt-desktop) + (extensions + (list (service-extension polkit-service-type + lxqt-polkit-settings) + (service-extension profile-service-type + (compose list lxqt-package)))) + (default-value (lxqt-desktop-configuration)) + (description "Run LXQt desktop environment."))) + ;;; ;;; X11 socket directory service diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 572880561c..b339eb0619 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -700,7 +700,7 @@ cache.size = 100 * MB (documentation "Run the Knot Resolver daemon.") (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/kresd") - "-c" #$kresd-config-file "-f" "1" + "-c" #$kresd-config-file "-n" "/var/cache/knot-resolver"))) (stop #~(make-kill-destructor))) (shepherd-service diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm index d87db5b9ac..0a34ea6a5e 100644 --- a/gnu/services/ganeti.scm +++ b/gnu/services/ganeti.scm @@ -430,7 +430,7 @@ appropriate requests to this daemon."))) (description "@command{ganeti-luxid} is a daemon used to answer queries related to the configuration and the current live state of a Ganeti cluster. -Additionally, it is the authorative daemon for the Ganeti job queue. Jobs can +Additionally, it is the authoritative daemon for the Ganeti job queue. Jobs can be submitted via this daemon and it schedules and starts them."))) (define-record-type* <ganeti-rapi-configuration> diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index a47c4bd941..88d23f746a 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -188,8 +188,11 @@ ;; libraries, but it means that the Guile libraries ;; needed for the Guix Build Coordinator don't need ;; to be individually specified here. - (map second (package-inputs - guix-build-coordinator-package))) + (append + (map second (package-inputs + guix-build-coordinator-package)) + (map second (package-propagated-inputs + guix-build-coordinator-package)))) #~(begin (use-modules (srfi srfi-1) (ice-9 match) @@ -200,16 +203,21 @@ (guix-build-coordinator build-allocator) (guix-build-coordinator coordinator)) + (setvbuf (current-output-port) 'line) + (setvbuf (current-error-port) 'line) + + (simple-format #t "starting the guix-build-coordinator:\n ~A\n" + (current-filename)) (let* ((metrics-registry (make-metrics-registry #:namespace - "guixbuildcoordinator_")) + "guixbuildcoordinator")) (datastore (database-uri->datastore #$database-uri-string #:metrics-registry metrics-registry)) (hooks (list #$@(map (match-lambda ((name . hook-gexp) - #~(cons name #$hook-gexp))) + #~(cons '#$name #$hook-gexp))) hooks))) (hooks-with-defaults `(,@hooks @@ -265,7 +273,8 @@ #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") - "LC_ALL=en_US.utf8") + "LC_ALL=en_US.utf8" + "PATH=/run/current-system/profile/bin") ; for hooks #:log-file "/var/log/guix-build-coordinator/coordinator.log")) (stop #~(make-kill-destructor)))))) @@ -345,16 +354,17 @@ #$@(if non-derivation-substitute-urls #~(#$(string-append "--non-derivation-substitute-urls=" - (string-join derivation-substitute-urls " "))) + (string-join non-derivation-substitute-urls " "))) #~()) #$@(map (lambda (system) (string-append "--system=" system)) (or systems '()))) #:user #$user - #:pid-file "/var/run/guix-build-coordinator-agent/pid" #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + ;; XDG_CACHE_HOME is used by Guix when caching narinfo files + "XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent" "LC_ALL=en_US.utf8") #:log-file "/var/log/guix-build-coordinator/agent.log")) (stop #~(make-kill-destructor)))))) @@ -363,11 +373,13 @@ #~(begin (use-modules (guix build utils)) + (define %user (getpw "guix-build-coordinator-agent")) + (mkdir-p "/var/log/guix-build-coordinator") - ;; Allow writing the PID file - (mkdir-p "/var/run/guix-build-coordinator-agent") - (chown "/var/run/guix-build-coordinator-agent" + ;; Create a cache directory for storing narinfo files if downloaded + (mkdir-p "/var/cache/guix-build-coordinator-agent") + (chown "/var/cache/guix-build-coordinator-agent" (passwd:uid %user) (passwd:gid %user)))) diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 511f4fb2fe..da3d736ba6 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -279,11 +279,11 @@ configuration file.")) (define (zabbix-server-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) + (let ((user (getpw #$(zabbix-server-configuration-user config)))) (for-each (lambda (file) (let ((directory (dirname file))) @@ -393,8 +393,7 @@ configuration file.")) (define (zabbix-agent-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* <yggdrasil-configuration> + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a <shepherd-service> for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm index 59f8b16985..694ad736dc 100644 --- a/gnu/services/sddm.scm +++ b/gnu/services/sddm.scm @@ -169,7 +169,7 @@ Relogin=" (if (sddm-configuration-relogin? config) (list (shepherd-service (documentation "SDDM display manager.") - (requirement '(user-processes)) + (requirement '(user-processes elogind)) (provision '(xorg-server display-manager)) (start #~(make-forkexec-constructor #$sddm-command)) (stop #~(make-kill-destructor))))) diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index e14ceca231..1faeb350df 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -224,16 +224,21 @@ which is not provided by any service") (for-each assert-satisfied-requirements services)) +(define %store-characters + ;; Valid store characters; see 'checkStoreName' in the daemon. + (string->char-set + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) + (define (shepherd-service-file-name service) "Return the file name where the initialization code for SERVICE is to be stored." (let ((provisions (string-join (map symbol->string (shepherd-service-provision service))))) (string-append "shepherd-" - (string-map (match-lambda - (#\/ #\-) - (#\ #\-) - (chr chr)) + (string-map (lambda (chr) + (if (char-set-contains? %store-characters chr) + chr + #\-)) provisions) ".scm"))) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index edd0b644f5..eaf0bbde43 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP." (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + + ;; By default, the secret service introduces a pre-initialized + ;; /etc/guix/acl file in the childhurd. Thus, clear + ;; 'authorize-key?' so that it's not overridden at activation + ;; time. + (modify-services %base-services/hurd + (guix-service-type config => + (guix-configuration + (inherit config) + (authorize-key? #f)))))))) (define-record-type* <hurd-vm-configuration> hurd-vm-configuration make-hurd-vm-configuration diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 658d5c3e88..70f2617c7e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -273,16 +273,16 @@ servers.") "The device type used to represent the VPN connection.") (ca - (string "/etc/openvpn/ca.crt") + (maybe-string "/etc/openvpn/ca.crt") "The certificate authority to check connections against.") (cert - (string "/etc/openvpn/client.crt") + (maybe-string "/etc/openvpn/client.crt") "The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}.") (key - (string "/etc/openvpn/client.key") + (maybe-string "/etc/openvpn/client.key") "The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}.") diff --git a/gnu/services/web.scm b/gnu/services/web.scm index a74c6c54b4..855f4e649b 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com> +;;; Copyright © 2020 Alexandru-Sergiu Marton <brown121407@posteo.ro> ;;; ;;; This file is part of GNU Guix. ;;; @@ -255,7 +256,14 @@ mumi-configuration-sender mumi-configuration-smtp - mumi-service-type)) + mumi-service-type + + gmnisrv-configuration + gmnisrv-configuration? + gmnisrv-configuration-package + gmnisrv-configuration-config-file + + gmnisrv-service-type)) ;;; Commentary: ;;; @@ -667,6 +675,12 @@ of index files." '#$lua-package-cpath) ";")) "") + (if server-names-hash-bucket-size + (string-append + " server_names_hash_bucket_size " + (number->string server-names-hash-bucket-size) + ";\n") + "") (if server-names-hash-bucket-max-size (string-append " server_names_hash_bucket_max_size " @@ -1134,7 +1148,7 @@ a webserver.") #:user "hpcguix-web" #:group "hpcguix-web" #:environment-variables - (list "XDG_CACHE_HOME=/var/cache" + (list "XDG_CACHE_HOME=/var/cache/guix/web" "SSL_CERT_DIR=/etc/ssl/certs") #:log-file #$%hpcguix-web-log-file)) (stop #~(make-kill-destructor)))))) @@ -1798,3 +1812,75 @@ WSGIPassAuthorization On "Run Mumi, a Web interface to the Debbugs bug-tracking server.") (default-value (mumi-configuration)))) + +(define %default-gmnisrv-config-file + (plain-file "gmnisrv.ini" " +listen=0.0.0.0:1965 [::]:1965 + +[:tls] +store=/var/lib/gemini/certs + +organization=gmnisrv on Guix user + +[localhost] +root=/srv/gemini +")) + +(define-record-type* <gmnisrv-configuration> + gmnisrv-configuration make-gmnisrv-configuration + gmnisrv-configuration? + (package gmnisrv-configuration-package + (default gmnisrv)) + (config-file gmnisrv-configuration-config-file + (default %default-gmnisrv-config-file))) + +(define gmnisrv-shepherd-service + (match-lambda + (($ <gmnisrv-configuration> package config-file) + (list (shepherd-service + (provision '(gmnisrv)) + (requirement '(networking)) + (documentation "Run the gmnisrv Gemini server.") + (start (let ((gmnisrv (file-append package "/bin/gmnisrv"))) + #~(make-forkexec-constructor + (list #$gmnisrv "-C" #$config-file) + #:user "gmnisrv" #:group "gmnisrv" + #:log-file "/var/log/gmnisrv.log"))) + (stop #~(make-kill-destructor))))))) + +(define %gmnisrv-accounts + (list (user-group (name "gmnisrv") (system? #t)) + (user-account + (name "gmnisrv") + (group "gmnisrv") + (system? #t) + (comment "gmnisrv Gemini server") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define %gmnisrv-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p "/var/lib/gemini/certs") + (let* ((pw (getpwnam "gmnisrv")) + (uid (passwd:uid pw)) + (gid (passwd:gid pw))) + (chown "/var/lib/gemini" uid gid) + (chown "/var/lib/gemini/certs" uid gid))))) + +(define gmnisrv-service-type + (service-type + (name 'guix) + (extensions + (list (service-extension activation-service-type + (const %gmnisrv-activation)) + (service-extension account-service-type + (const %gmnisrv-accounts)) + (service-extension shepherd-root-service-type + gmnisrv-shepherd-service))) + (description + "Run the gmnisrv Gemini server.") + (default-value + (gmnisrv-configuration)))) |