6 files changed, 140 insertions, 9 deletions
diff --git a/gnu/services/cgit.scm b/gnu/services/cgit.scm
index e33cb9e7db..684ab73f76 100644
--- a/gnu/services/cgit.scm
+++ b/gnu/services/cgit.scm
@@ -581,7 +581,7 @@ removed for the URL and name.")
    (string "a fast webinterface for the git dscm")
    "Text printed below the heading on the repository index page.")
   (root-readme
-   (string "")
+   (file-object "")
    "The content of the file specified with this option will be included
 verbatim below the \"about\" link on the repository index page.")
   (root-title
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index 99b21f52d8..fe602efb99 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -140,7 +140,17 @@
             nar-herder-cached-compression-configuration-type
             nar-herder-cached-compression-configuration-level
             nar-herder-cached-compression-configuration-directory
-            nar-herder-cached-compression-configuration-directory-max-size))
+            nar-herder-cached-compression-configuration-directory-max-size
+
+            bffe-configuration
+            bffe-configuration?
+            bffe-configuration-package
+            bffe-configuration-user
+            bffe-configuration-group
+            bffe-configuration-arguments
+            bffe-configuration-extra-environment-variables
+
+            bffe-service-type))
 
 ;;;; Commentary:
 ;;;
@@ -1030,3 +1040,118 @@ ca-certificates.crt file in the system profile."
                         nar-herder-account)))
    (description
     "Run a Nar Herder server.")))
+
+
+;;;
+;;; Build Farm Front-end (BFFE)
+;;;
+
+(define-record-type* <bffe-configuration>
+  bffe-configuration make-bffe-configuration
+  bffe-configuration?
+  (package       bffe-configuration-package
+                 (default bffe))
+  (user          bffe-configuration-user
+                 (default "bffe"))
+  (group         bffe-configuration-group
+                 (default "bffe"))
+  (arguments     bffe-configuration-arguments)
+  (extra-environment-variables
+   bffe-configuration-extra-environment-variables
+   (default '())))
+
+(define (bffe-shepherd-services config)
+  (define bffe-package
+    (bffe-configuration-package config))
+
+  (define start-script
+    (program-file
+     "run-bffe"
+     (with-extensions (cons
+                       bffe-package
+                       ;; This is a poorly constructed Guile load path,
+                       ;; since it contains things that aren't Guile
+                       ;; libraries, but it means that the Guile
+                       ;; libraries needed for BFFE don't need to be
+                       ;; individually specified here.
+                       (map second (package-transitive-propagated-inputs
+                                    bffe-package)))
+       #~(begin
+           (use-modules (bffe)
+                        (bffe manage-builds))
+
+           (setvbuf (current-output-port) 'line)
+           (setvbuf (current-error-port) 'line)
+
+           (simple-format #t "starting the bffe:\n  ~A\n"
+                          (current-filename))
+
+           (apply run-bffe-service
+                  (append
+                   (list #:pid-file "/var/run/bffe/pid")
+                   #$(bffe-configuration-arguments config)))))
+     #:guile (lookup-package-native-input bffe-package "guile-next")))
+
+  (match-record config <bffe-configuration>
+    (package user group arguments extra-environment-variables)
+
+    (list
+     (shepherd-service
+      (documentation "Build Farm Front-end")
+      (provision '(bffe))
+      (requirement '(networking))
+      (start #~(make-forkexec-constructor
+                (list #$start-script)
+                #:user #$user
+                #:group #$group
+                #:pid-file "/var/run/bffe/pid"
+                #:directory "/var/lib/bffe"
+                #:environment-variables
+                `(,(string-append
+                    "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+                  "LC_ALL=en_US.utf8"
+                  #$@extra-environment-variables)
+                #:log-file "/var/log/bffe/server.log"))
+      (stop #~(make-kill-destructor))))))
+
+(define (bffe-activation config)
+  #~(begin
+      (use-modules (guix build utils))
+
+      (define %user
+        (getpw #$(bffe-configuration-user config)))
+
+      (chmod "/var/lib/bffe" #o755)
+
+      (mkdir-p "/var/log/bffe")
+
+      ;; Allow writing the PID file
+      (mkdir-p "/var/run/bffe")
+      (chown "/var/run/bffe" (passwd:uid %user) (passwd:gid %user))))
+
+(define (bffe-account config)
+  (match-record config <bffe-configuration>
+    (user group)
+    (list (user-group
+           (name group)
+           (system? #t))
+          (user-account
+           (name user)
+           (group group)
+           (system? #t)
+           (comment "BFFE user")
+           (home-directory "/var/lib/bffe")
+           (shell (file-append shadow "/sbin/nologin"))))))
+
+(define bffe-service-type
+  (service-type
+   (name 'bffe)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             bffe-shepherd-services)
+          (service-extension activation-service-type
+                             bffe-activation)
+          (service-extension account-service-type
+                             bffe-account)))
+   (description
+    "Run the Build Farm Front-end.")))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e2f6e6c0ca..f4aff2d979 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -89,6 +89,7 @@
             dhcp-client-configuration?
             dhcp-client-configuration-package
             dhcp-client-configuration-interfaces
+            dhcp-client-configuration-shepherd-provision
             dhcp-client-configuration-shepherd-requirement
 
             dhcpd-service-type
@@ -303,6 +304,8 @@
                 (default isc-dhcp))
   (shepherd-requirement dhcp-client-configuration-shepherd-requirement
                         (default '()))
+  (shepherd-provision   dhcp-client-configuration-shepherd-provision
+                        (default '(networking)))
   (interfaces   dhcp-client-configuration-interfaces
                 (default 'all)))                  ;'all | list of strings
 
@@ -310,19 +313,19 @@
   (match-lambda
     ((? dhcp-client-configuration? config)
      (let ((package (dhcp-client-configuration-package config))
-           (shepherd-requirement (dhcp-client-configuration-shepherd-requirement config))
+           (requirement (dhcp-client-configuration-shepherd-requirement config))
+           (provision (dhcp-client-configuration-shepherd-provision config))
            (interfaces (dhcp-client-configuration-interfaces config))
            (pid-file "/var/run/dhclient.pid"))
        (list (shepherd-service
               (documentation "Set up networking via DHCP.")
-              (requirement `(user-processes udev ,@shepherd-requirement))
+              (requirement `(user-processes udev ,@requirement))
+              (provision provision)
 
               ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
               ;; networking is unavailable, but also means that the interface is not up
               ;; yet when 'start' completes.  To wait for the interface to be ready, one
               ;; should instead monitor udev events.
-              (provision '(networking))
-
               (start #~(lambda _
                          (define dhclient
                            (string-append #$package "/sbin/dhclient"))
@@ -1841,6 +1844,7 @@ table inet filter {
     (let ((nft (file-append package "/sbin/nft")))
       (shepherd-service
        (documentation "Packet filtering and classification")
+       (actions (list (shepherd-configuration-action ruleset)))
        (provision '(nftables))
        (start #~(lambda _
                   (invoke #$nft "--file" #$ruleset)))
diff --git a/gnu/services/syncthing.scm b/gnu/services/syncthing.scm
index 2f7c822827..9bb623186b 100644
--- a/gnu/services/syncthing.scm
+++ b/gnu/services/syncthing.scm
@@ -63,7 +63,7 @@
                      (list (string->symbol
                             (string-append "syncthing-" user)))))
       (documentation "Run syncthing.")
-      (requirement (if home-service? '() '(loopback)))
+      (requirement (if home-service? '() '(loopback user-processes)))
       (start #~(make-forkexec-constructor
                 (append (list (string-append #$syncthing "/bin/syncthing")
                               "--no-browser"
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index eef7ffd1c7..e1a206e0eb 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -1163,7 +1163,9 @@ is added to the OS specified in CONFIG."
         (provisions  '(hurd-vm childhurd)))
 
     (define vm-command
-      #~(append (list #$(file-append qemu "/bin/qemu-system-i386")
+      ;; XXX: Use the x86_64 emulator instead of the i386 one to work around
+      ;; "Bad ram pointer" issues: <https://issues.guix.gnu.org/66053>.
+      #~(append (list #$(file-append qemu "/bin/qemu-system-x86_64")
                       "-m" (number->string #$memory-size)
                       #$@net-options
                       #$@options
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 9c8243d131..7fb4775757 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -820,7 +820,7 @@ strongSwan.")))
                     (format #f "~@[ListenPort = ~a~]" #$port)
                     #$@(if (null? dns)
                            '()
-                           (list (format #f "~{DNS = ~{~a~^, ~}" dns)))))
+                           (list (format #f "DNS = ~{~a~^, ~}" dns)))))
 
                  (mkdir #$output)
                  (chdir #$output)