diff options
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 86 | ||||
-rw-r--r-- | gnu/services/databases.scm | 22 | ||||
-rw-r--r-- | gnu/services/desktop.scm | 36 | ||||
-rw-r--r-- | gnu/services/dns.scm | 2 | ||||
-rw-r--r-- | gnu/services/ganeti.scm | 2 | ||||
-rw-r--r-- | gnu/services/guix.scm | 21 | ||||
-rw-r--r-- | gnu/services/monitoring.scm | 7 | ||||
-rw-r--r-- | gnu/services/networking.scm | 117 | ||||
-rw-r--r-- | gnu/services/virtualization.scm | 11 | ||||
-rw-r--r-- | gnu/services/web.scm | 75 |
10 files changed, 334 insertions, 45 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 04bc991356..499e50bfd7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1476,10 +1476,18 @@ archive' public keys, with GUIX." #~(begin (use-modules (guix build utils)) - (unless (file-exists? "/etc/guix/acl") - (mkdir-p "/etc/guix") - (copy-file #+default-acl "/etc/guix/acl") - (chmod "/etc/guix/acl" #o600))))) + ;; If the ACL already exists, move it out of the way. Create a backup + ;; if it's a regular file: it's likely that the user manually updated + ;; it with 'guix archive --authorize'. + (if (file-exists? "/etc/guix/acl") + (if (and (symbolic-link? "/etc/guix/acl") + (store-file-name? (readlink "/etc/guix/acl"))) + (delete-file "/etc/guix/acl") + (rename-file "/etc/guix/acl" "/etc/guix/acl.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared ACL. + (symlink #+default-acl "/etc/guix/acl")))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1562,8 +1570,10 @@ proxy of 'guix-daemon'...~%") (ice-9 match) (gnu build shepherd))) (start - (with-imported-modules (source-module-closure - '((gnu build shepherd))) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((gnu build shepherd)) + #:select? not-config?)) #~(lambda args (define proxy ;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by @@ -1732,6 +1742,8 @@ proxy of 'guix-daemon'...~%") (default "nar")) (cache guix-publish-configuration-cache ;#f | string (default #f)) + (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold + (default (* 10 (expt 2 20)))) ;integer (workers guix-publish-configuration-workers ;#f | integer (default #f)) (ttl guix-publish-configuration-ttl ;#f | integer @@ -1766,7 +1778,7 @@ raise a deprecation warning if the 'compression-level' field was used." lst)))) (match-record config <guix-publish-configuration> - (guix port host nar-path cache workers ttl) + (guix port host nar-path cache workers ttl cache-bypass-threshold) (list (shepherd-service (provision '(guix-publish)) (requirement '(guix-daemon)) @@ -1788,7 +1800,11 @@ raise a deprecation warning if the 'compression-level' field was used." "s")) #~()) #$@(if cache - #~((string-append "--cache=" #$cache)) + #~((string-append "--cache=" #$cache) + #$(string-append + "--cache-bypass-threshold=" + (number->string + cache-bypass-threshold))) #~())) ;; Make sure we run in a UTF-8 locale so we can produce @@ -2096,22 +2112,52 @@ instance." 'swap (lambda (device) (define requirement - (if (string-prefix? "/dev/mapper/" device) + (if (and (string? device) + (string-prefix? "/dev/mapper/" device)) (list (symbol-append 'device-mapping- (string->symbol (basename device)))) '())) - (shepherd-service - (provision (list (symbol-append 'swap- (string->symbol device)))) - (requirement `(udev ,@requirement)) - (documentation "Enable the given swap device.") - (start #~(lambda () - (restart-on-EINTR (swapon #$device)) - #t)) - (stop #~(lambda _ - (restart-on-EINTR (swapoff #$device)) - #f)) - (respawn? #f))))) + (define (device-lookup device) + ;; The generic 'find-partition' procedures could return a partition + ;; that's not swap space, but that's unlikely. + (cond ((uuid? device) + #~(find-partition-by-uuid #$(uuid-bytevector device))) + ((file-system-label? device) + #~(find-partition-by-label + #$(file-system-label->string device))) + (else + device))) + + (define service-name + (symbol-append 'swap- + (string->symbol + (cond ((uuid? device) + (string-take (uuid->string device) 6)) + ((file-system-label? device) + (file-system-label->string device)) + (else + device))))) + + (with-imported-modules (source-module-closure '((gnu build file-systems))) + (shepherd-service + (provision (list service-name)) + (requirement `(udev ,@requirement)) + (documentation "Enable the given swap device.") + (modules `((gnu build file-systems) + ,@%default-modules)) + (start #~(lambda () + (let ((device #$(device-lookup device))) + (and device + (begin + (restart-on-EINTR (swapon device)) + #t))))) + (stop #~(lambda _ + (let ((device #$(device-lookup device))) + (when device + (restart-on-EINTR (swapoff device))) + #f))) + (respawn? #f)))))) (define (swap-service device) "Return a service that uses @var{device} as a swap device." diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 2bddf70f71..d7b4594b9e 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages databases) #:use-module (guix build-system trivial) #:use-module (guix build union) + #:use-module (guix deprecation) #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) @@ -146,8 +147,7 @@ host all all ::1/128 md5")) (define-record-type* <postgresql-configuration> postgresql-configuration make-postgresql-configuration postgresql-configuration? - (postgresql postgresql-configuration-postgresql ;<package> - (default postgresql)) + (postgresql postgresql-configuration-postgresql) ;<package> (port postgresql-configuration-port (default 5432)) (locale postgresql-configuration-locale @@ -278,15 +278,15 @@ host all all ::1/128 md5")) (service-extension account-service-type (const %postgresql-accounts)) (service-extension profile-service-type - (compose list postgresql-configuration-postgresql)))) - (default-value (postgresql-configuration)))) - -(define* (postgresql-service #:key (postgresql postgresql) - (port 5432) - (locale "en_US.utf8") - (config-file (postgresql-config-file)) - (data-directory "/var/lib/postgresql/data") - (extension-packages '())) + (compose list postgresql-configuration-postgresql)))))) + +(define-deprecated (postgresql-service #:key (postgresql postgresql) + (port 5432) + (locale "en_US.utf8") + (config-file (postgresql-config-file)) + (data-directory "/var/lib/postgresql/data") + (extension-packages '())) + postgresql-service-type "Return a service that runs @var{postgresql}, the PostgreSQL database server. The PostgreSQL daemon loads its runtime configuration from @var{config-file} diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 3a3fd8fd1b..265cf9f35f 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2019 Tim Gesthuizen <tim.gesthuizen@yahoo.de> ;;; Copyright © 2019 David Wilson <david@daviwil.com> ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -53,6 +54,7 @@ #:use-module (gnu packages suckless) #:use-module (gnu packages linux) #:use-module (gnu packages libusb) + #:use-module (gnu packages lxqt) #:use-module (gnu packages mate) #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) @@ -127,6 +129,10 @@ mate-desktop-service mate-desktop-service-type + lxqt-desktop-configuration + lxqt-desktop-configuration? + lxqt-desktop-service-type + xfce-desktop-configuration xfce-desktop-configuration? xfce-desktop-service @@ -1009,6 +1015,36 @@ system as root from within a user session, after the user has authenticated with the administrator's password." (service xfce-desktop-service-type config)) ++ +;;; +;;; Lxqt desktop service. +;;; + +(define-record-type* <lxqt-desktop-configuration> lxqt-desktop-configuration + make-lxqt-desktop-configuration + lxqt-desktop-configuration? + (lxqt lxqt-package + (default lxqt))) + +(define (lxqt-polkit-settings config) + "Return the list of LXQt dependencies that provide polkit actions and +rules." + (let ((lxqt (lxqt-package config))) + (map (lambda (name) + ((package-direct-input-selector name) lxqt)) + '("lxqt-admin")))) + +(define lxqt-desktop-service-type + (service-type + (name 'lxqt-desktop) + (extensions + (list (service-extension polkit-service-type + lxqt-polkit-settings) + (service-extension profile-service-type + (compose list lxqt-package)))) + (default-value (lxqt-desktop-configuration)) + (description "Run LXQt desktop environment."))) + ;;; ;;; X11 socket directory service diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 572880561c..b339eb0619 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -700,7 +700,7 @@ cache.size = 100 * MB (documentation "Run the Knot Resolver daemon.") (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/kresd") - "-c" #$kresd-config-file "-f" "1" + "-c" #$kresd-config-file "-n" "/var/cache/knot-resolver"))) (stop #~(make-kill-destructor))) (shepherd-service diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm index d87db5b9ac..0a34ea6a5e 100644 --- a/gnu/services/ganeti.scm +++ b/gnu/services/ganeti.scm @@ -430,7 +430,7 @@ appropriate requests to this daemon."))) (description "@command{ganeti-luxid} is a daemon used to answer queries related to the configuration and the current live state of a Ganeti cluster. -Additionally, it is the authorative daemon for the Ganeti job queue. Jobs can +Additionally, it is the authoritative daemon for the Ganeti job queue. Jobs can be submitted via this daemon and it schedules and starts them."))) (define-record-type* <ganeti-rapi-configuration> diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index a47c4bd941..b909c651cc 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -188,8 +188,11 @@ ;; libraries, but it means that the Guile libraries ;; needed for the Guix Build Coordinator don't need ;; to be individually specified here. - (map second (package-inputs - guix-build-coordinator-package))) + (append + (map second (package-inputs + guix-build-coordinator-package)) + (map second (package-propagated-inputs + guix-build-coordinator-package)))) #~(begin (use-modules (srfi srfi-1) (ice-9 match) @@ -200,16 +203,21 @@ (guix-build-coordinator build-allocator) (guix-build-coordinator coordinator)) + (setvbuf (current-output-port) 'line) + (setvbuf (current-error-port) 'line) + + (simple-format #t "starting the guix-build-coordinator:\n ~A\n" + (current-filename)) (let* ((metrics-registry (make-metrics-registry #:namespace - "guixbuildcoordinator_")) + "guixbuildcoordinator")) (datastore (database-uri->datastore #$database-uri-string #:metrics-registry metrics-registry)) (hooks (list #$@(map (match-lambda ((name . hook-gexp) - #~(cons name #$hook-gexp))) + #~(cons '#$name #$hook-gexp))) hooks))) (hooks-with-defaults `(,@hooks @@ -265,7 +273,8 @@ #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") - "LC_ALL=en_US.utf8") + "LC_ALL=en_US.utf8" + "PATH=/run/current-system/profile/bin") ; for hooks #:log-file "/var/log/guix-build-coordinator/coordinator.log")) (stop #~(make-kill-destructor)))))) @@ -363,6 +372,8 @@ #~(begin (use-modules (guix build utils)) + (define %user (getpw "guix-build-coordinator-agent")) + (mkdir-p "/var/log/guix-build-coordinator") ;; Allow writing the PID file diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 511f4fb2fe..da3d736ba6 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -279,11 +279,11 @@ configuration file.")) (define (zabbix-server-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) + (let ((user (getpw #$(zabbix-server-configuration-user config)))) (for-each (lambda (file) (let ((directory (dirname file))) @@ -393,8 +393,7 @@ configuration file.")) (define (zabbix-agent-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* <yggdrasil-configuration> + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a <shepherd-service> for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index edd0b644f5..eaf0bbde43 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP." (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + + ;; By default, the secret service introduces a pre-initialized + ;; /etc/guix/acl file in the childhurd. Thus, clear + ;; 'authorize-key?' so that it's not overridden at activation + ;; time. + (modify-services %base-services/hurd + (guix-service-type config => + (guix-configuration + (inherit config) + (authorize-key? #f)))))))) (define-record-type* <hurd-vm-configuration> hurd-vm-configuration make-hurd-vm-configuration diff --git a/gnu/services/web.scm b/gnu/services/web.scm index a74c6c54b4..7e17dac6e2 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com> +;;; Copyright © 2020 Alexandru-Sergiu Marton <brown121407@posteo.ro> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1134,7 +1135,7 @@ a webserver.") #:user "hpcguix-web" #:group "hpcguix-web" #:environment-variables - (list "XDG_CACHE_HOME=/var/cache" + (list "XDG_CACHE_HOME=/var/cache/guix/web" "SSL_CERT_DIR=/etc/ssl/certs") #:log-file #$%hpcguix-web-log-file)) (stop #~(make-kill-destructor)))))) @@ -1798,3 +1799,75 @@ WSGIPassAuthorization On "Run Mumi, a Web interface to the Debbugs bug-tracking server.") (default-value (mumi-configuration)))) + +(define %default-gmnisrv-config-file + (plain-file "gmnisrv.ini" " +listen=0.0.0.0:1965 [::]:1965 + +[:tls] +store=/var/lib/gemini/certs + +organization=gmnisrv on Guix user + +[localhost] +root=/srv/gemini +")) + +(define-record-type* <gmnisrv-configuration> + gmnisrv-configuration make-gmnisrv-configuration + gmnisrv-configuration? + (package gmnisrv-configuration-package + (default gmnisrv)) + (config-file gmnisrv-configuration-config-file + (default %default-gmnisrv-config-file))) + +(define gmnisrv-shepherd-service + (match-lambda + (($ <gmnisrv-configuration> package config-file) + (list (shepherd-service + (provision '(gmnisrv)) + (requirement '(networking)) + (documentation "Run the gmnisrv Gemini server.") + (start (let ((gmnisrv (file-append package "/bin/gmnisrv"))) + #~(make-forkexec-constructor + (list #$gmnisrv "-C" #$config-file) + #:user "gmnisrv" #:group "gmnisrv" + #:log-file "/var/log/gmnisrv.log"))) + (stop #~(make-kill-destructor))))))) + +(define %gmnisrv-accounts + (list (user-group (name "gmnisrv") (system? #t)) + (user-account + (name "gmnisrv") + (group "gmnisrv") + (system? #t) + (comment "gmnisrv Gemini server") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define %gmnisrv-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p "/var/lib/gemini/certs") + (let* ((pw (getpwnam "gmnisrv")) + (uid (passwd:uid pw)) + (gid (passwd:gid pw))) + (chown "/var/lib/gemini" uid gid) + (chown "/var/lib/gemini/certs" uid gid))))) + +(define gmnisrv-service-type + (service-type + (name 'guix) + (extensions + (list (service-extension activation-service-type + (const %gmnisrv-activation)) + (service-extension account-service-type + (const %gmnisrv-accounts)) + (service-extension shepherd-root-service-type + gmnisrv-shepherd-service))) + (description + "Run the gmnisrv Gemini server.") + (default-value + (gmnisrv-configuration)))) |