summary refs log tree commit diff
path: root/gnu/services
AgeCommit message (Collapse)Author
2023-08-16Revert "services: Add ddclient service."Bruno Victal
ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken for a while [2]. Remove it rather than shipping a broken service for an unmaintained program that's unlikely to be fixed. [1]: <https://github.com/ddclient/ddclient> [2]: <https://issues.guix.gnu.org/52770> This reverts commit 8490a8346b5c8207f5798be55bea1de865b0bd42. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-16services: posgresql: Add option to specify UID/GID for postgres user.Martin Baulig
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>. Unlike other system daemons, the PostgreSQL data directory is typically meant to persist across 'guix system reconfigure' and once created, you don't want it's UID or GID to change anymore. Furthermore, if you want to place the data directory on a network share and use NFSv4 with idmap, then the 'postgres' user must exist when the 'rpc.idmapd' daemon is launched; prior to mounting the share. And it needs to be possible to mount the share without configuring PostgreSQL. With NFSv3, the UID and GID typically needs to match those on the server. The added options allow for both of these scenarios: You can either create the user in (operating-system (users)) completely independently of the 'postgresql-service-type' (for instance to get your NFS setup working first prior to configuring your databases) - or "pin" it's UID / GID values. * gnu/services/databases.scm (<postgresql-configuration>)[create-account?] [uid, gid]: New fields. (%postgresql-accounts): Remove. (create-postgresql-account): New procedure. (postgresql-service-type)[extensions]: Use it. * doc/guix.texi (Database Services): Update accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-16gnu: elogind: Update to 252.9.Maxim Cournoyer
* gnu/packages/freedesktop.scm (elogind): Update to 252.9. [source]: Replace elogind-revert-polkit-detection.patch with elogind-fix-rpath.patch in patches. [configure-flags]: Add the dbussystemservicedir, dbussessionservicedir, dbussystemservicedir and dbus-interfaces-dir flags. [phases] <use-global-hook-directory> Update list of patched files. <adjust-tests> Update substitutions, and skip the copy_holes test. [native-inputs]: Add python-jinja2. [inputs]: Add util-linux:lib. * gnu/services/desktop.scm (elogind-dbus-service) <elogind-dbus-service-wrapper>: Add a symlink to elogind's share/dbus-1/system.d to expose D-Bus policy configurations. * gnu/tests/desktop.scm (run-elogind-test): Adjust expected result for the new "linger" value. * gnu/packages/patches/elogind-revert-polkit-detection.patch: Delete file. * gnu/packages/patches/elogind-fix-rpath.patch: New file. * gnu/local.mk (dist_patch_DATA): Update. Series-to: 64938@debbugs.gnu.org Series-prefix: elogind-updates Series-version: 2 Series-changes: 2 - Fix elogind system test - Install D-Bus policy files in elogind-dbus-service-wrapper - Remove duplicate 'dbussystemservicedir' configure flag
2023-08-15services: Add cachefilesd service.Felix Lechner
Thanks to Bruno Victal "mirai" for cooperating on this patch and for generously sharing a wealth of insights about Guix services. Thanks to Jean-Baptiste Note for an early version of this service! * doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading. * gnu/services/linux.scm (serialize-string, non-negative-integer?) (serialize-non-negative-integer, string, non-negative-integer) (make-option-serializer, make-percentage-threshold-serializer): New procedures. (cachefilesd-configuration): New record type. (cachefilesd-service-type): New variable. * gnu/tests/cachefilesd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Co-authored-by: Bruno Victal <mirai@makinata.eu> Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-15services: Use more 'file-append'.Felix Lechner
* gnu/services/authentication.scm (pam-ldap-pam-service): Use 'file-append' instead of #~(string-append ...). * gnu/services/base.scm (greetd-pam-service): Likewise. * gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise. * gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-15services: pam-limits: Keep 'limits.conf' in the store.Felix Lechner
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry> 'arguments' field. Define 'make-limits-file' and use it. Remove ETC-SERVICE-TYPE extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-11services: syncthing: Use the new command line syntax.terramorpha
* gnu/services/syncthing.scm (syncthing-shepherd-service): Use the new command line syntax. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-11services: postgresql: Add more role fields.Miguel Moreno
* gnu/services/databases.scm (postgresql-role): Add more role fields. (postgresql-create-roles): Honor it. * doc/guix.texi (Database Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-10services: Add pam-mount-volume-service-type.Brian Cully
The `pam-mount-volumes-service-type' adds additional volumes to the pam-mount-service-type in addition to any that are already specified in `pam-mount-rules'. * doc/guix.texi (PAM Mount Volume Service): add documentation for `pam-mount-service-type'. * gnu/services/pam-mount.scm: new file. * Makefile.am: add pam-mount tests * tests/services/pam-mount.scm: new tests Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-08file-systems: Use cgroups v2.Sam Lockart
cgroup v2 is the next generation of the control groups API. This patch replaces the cgroup v1 file systems with the unified cgroup v2 file system. cgroup v2 allows for things like containerd/podman to run rootless containers and opens guix system up to running things like Kubernetes. Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker service change. * gnu/system/file-systems.scm (%control-groups): Change to a single "cgroup2" mount point. * gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement' field accordingly. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2023-08-07services: Add 'package-database' service.Ludovic Courtès
* gnu/services/admin.scm (%default-package-database-update-schedule): New variable. (<package-database-configuration>): New record type. (package-database-mcron-jobs): New procedure. (package-database-service-type): New variable. * doc/guix.texi (File Search Services): Document it.
2023-08-07services: Add 'file-database' service.Ludovic Courtès
* gnu/services/admin.scm (%default-file-database-update-schedule) (%default-file-database-excluded-directories): New variables. (<file-database-configuration>): New record type. (file-database-mcron-jobs): New procedure. (file-database-service-type): New variable. * doc/guix.texi (File Search Services): New node.
2023-07-26Revert "services: mpd: Add an 'update' action to trigger a database update." HEAD masterMaxim Cournoyer
This reverts commit e1070ee16036f6dfb84c44aea4119e4db770356b. Rationale: this only works with the default 'endpoints'. The 'auto-update?' option should be sufficient to trigger a database update automatically anyway.
2023-07-26services: mpd: Provision a default cache directory and set HOME.Maxim Cournoyer
Relates to <https://issues.guix.gnu.org/63082>. * gnu/services/audio.scm (mpd-shepherd-service): Create a default .cache directory. Use mkdir-p/perms and refactor loop. Set the HOME environment variables.
2023-07-26services: mpd: Auto-detect mpd-output mixer type by default.Maxim Cournoyer
Relates to <https://issues.guix.gnu.org/63082>. * gnu/services/audio.scm (mpd-output) [mixer-type]: Change default value from "none" to unspecified. * doc/guix.texi (Audio Services): Regenerate doc.
2023-07-26services: Avoid 'delete' overrides warning in audio module.Maxim Cournoyer
* gnu/services/audio.scm: Hide 'delete' on (gnu services) import.
2023-07-26services: mpd: Do not rotate logs when using syslog.Maxim Cournoyer
* gnu/services/audio.scm (mpd-log-rotation): Conditionlize based on the value of LOG-FILE.
2023-07-26services: mpd: Log to syslog by default.Maxim Cournoyer
Rationale: the tristate value was awkward to deal with, the default log file name was odd (/var/log/mpd/log) and it required special attention to create the 'mpd' parent directory as root and chowning it to the MPD user. It also didn't match the default behavior of MPD, which is to log to systemd or syslog unless a log file is specified. * gnu/services/audio.scm (mpd-log-file-sanitizer): New procedure. (mpd-configuration) [log-file]: Remove default maybe value. Add sanitizer. (mpd-shepherd-service): Validate the log file parent directory exists and has the right permissions. Conditionally add syslogd to requirements. (mympd-log-to-sanitizer): New procedure. (mympd-configuration) [log-to]: Change type to maybe-string. Update doc and add sanitizer. (mympd-shepherd-service) [requirement]: Fix to use syslogd. Adjust accordingly. [start] Adjust accordingly. (mympd-log-rotation): Check log-to via maybe-value-set?. * doc/guix.texi (Audio Services): Update doc.
2023-07-26services: mpd; Refactor start slot directory initialization.Maxim Cournoyer
* gnu/services/audio.scm (mpd-shepherd-service): Standardize the way the log file parent and other directories are initialized in the start slot. (mympd-shepherd-service): Likewise.
2023-07-26services: mpd: List log-level in decreasing verbosity order in doc.Maxim Cournoyer
* gnu/services/audio.scm (mpd-configuration) [log-level]: List log-level in decreasing verbosity order in doc. * doc/guix.texi (Audio Services): Update doc.
2023-07-26services: guix-data-service: Unlink the two shepherd services.Christopher Baines
So that they can be restarted in dependently. * gnu/services/guix.scm (guix-data-service-shepherd-services): Don't require the main service from the jobs service.
2023-07-25services: mpd: Rename %set-user-group to set-user-group.Maxim Cournoyer
The convention to use % as a prefix is for "special" variables rather than procedures. * gnu/services/audio.scm (%set-user-group): Rename to... (set-user-group): ... this.
2023-07-25services: mpd: Streamline mpd-user-sanitizer and mympd-user-sanitizer.Maxim Cournoyer
* gnu/services/audio.scm (mpd-user-sanitizer, %mympd-user): Remove extraneous group field, already inherited. (%mpd-user, %mympd-user): Clarify %lazy-group explanatory comment. Fix indentation.
2023-07-25services: mpd: Add an 'update' action to trigger a database update.Maxim Cournoyer
* gnu/services/audio.scm (mpd-shepherd-service): Register a new update action. * doc/guix.texi (Audio Services): Document it.
2023-07-25services: mpd: Add auto-update? field to mpd-configuration.Maxim Cournoyer
* gnu/services/audio.scm (mpd-configuration) [auto-update?]: New field. * doc/guix.texi (Audio Services): Update doc.
2023-07-21services: wireguard: Add a 'configuration' action.Maxim Cournoyer
* gnu/services/vpn.scm (wireguard-shepherd-service) [actions]: New field.
2023-07-21services: wireguard: Clean-up configuration file serializer.Maxim Cournoyer
Previously, the generated config file would contain arbitrary whitespace that made it look ugly. * gnu/services/vpn.scm (<wireguard-configuration>) [dns]: Change default value from #f to '(). (wireguard-configuration-file): Use match-record. Format each line individually, assembling the lines at the end to avoid extraneous white space. * doc/guix.texi (VPN Services): Update doc.
2023-07-21services: wireguard: Implement a dynamic IP monitoring feature.Maxim Cournoyer
* gnu/services/vpn.scm (<wireguard-configuration>) [monitor-ips?, monitor-ips-internal]: New fields. * gnu/services/vpn.scm (define-with-source): New syntax. (wireguard-service-name, strip-port/maybe) (ipv4-address?, ipv6-address?, host-name?) (endpoint-host-names): New procedure. (wireguard-monitoring-jobs): Likewise. (wireguard-service-type): Register it. * tests/services/vpn.scm: New file. * Makefile.am (SCM_TESTS): Register it. * doc/guix.texi (VPN Services): Update doc. Reviewed-by: Bruno Victal <mirai@makinata.eu>
2023-07-21services: herd: Add a new 'current-service' procedure.Maxim Cournoyer
* gnu/services/herd.scm (current-service): New procedure, mostly reusing the existing current-services. (current-services): Implement in terms of the above procedure.
2023-07-13services: static-networking: Support netdde for the Hurd.Janneke Nieuwenhuizen
As suggested by Sergey Bugaev on bug-hurd https://lists.gnu.org/archive/html/bug-hurd/2023-05//msg00455.html * gnu/services/base.scm (static-networking->hurd-pfinet-options): Use /DEV/ethX. Use long options for settrans. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-07-13services: childhurd: Bump default qemu memory to 2048MB.Janneke Nieuwenhuizen
When booting with pci-arbiter and rumpdisk and using 1024MB of memory for qemu, booting hangs, or seems to hang, at the end of the rumpdisk boot messages. At least 1200MB is required, currently. * gnu/services/virtualization.scm (<hurd-vm-configuration>)[memory-size]: Bump to 2048. * gnu/system/examples/bare-hurd.tmpl: Suggest using 2048 here too. Update example `guix system image' and "qemu" command lines too. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-07-02services: cgit: Remove ‘cgit-repo’ left-overs.Tobias Geerinckx-Rice
This follows up on commit 16d77b31c5024e9288dfd2f25f8eb6d0114a342c. * gnu/services/cgit.scm (cgit-configuration): Use extant repository-cgit-configuration variable name.
2023-07-07services: libvirt: Add requirement on dbus.Josselin Poiret
* gnu/services/virtualization.scm (libvirt-shepherd-service): Add requirement on dbus.
2023-07-07gnu: gnome: Remove gnome-boxes from default GNOME apps.Josselin Poiret
* gnu/packages/gnome.scm (gnome): Remove gnome-boxes from propagated-inputs, since it is no longer a Core App in 42.
2023-07-02services: nginx: Harden php-location settings.Bruno Victal
* gnu/services/web.scm (nginx-php-location): Only pass existing PHP files to the back end. Mitigate httpoxy vulnerability.
2023-06-27services: pam-limits: Add lightdm.John Kehayias
Without this a user's pam-limits-service-type configuration does not have an effect when using lightdm. * gnu/services/base.scm (pam-limits-service-type): Add "lightdm" to the list.
2023-06-25services: Validate 'provision' field of <shepherd-service>.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/63979>. * gnu/services/shepherd.scm (validate-provision): New procedure. (<shepherd-service>)[provision]: Use it. Co-authored-by: Bruno Victal <mirai@makinata.eu>
2023-06-24services: dicod: Use one inetd endpoint per interface.Ludovic Courtès
* gnu/services/dict.scm (dicod-shepherd-service): Remove the (= 1 (length interfaces)) restriction by adding one endpoint per interface.
2023-06-18services: certbot: Fix nginx crash when certbot is used without domains.Saku Laesvuori
* gnu/services/certbot.scm (certbot-nginx-server-configurations): Don't return a broken nginx-server-configuration with empty server_name when no certificate domains are configured. Instead add a separate server for every certificate, so 0 certificates adds 0 servers. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reviewed-by: Bruno Victal <mirai@makinata.eu>
2023-06-16services: qemu-guest-agent: Add dependency on udev.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/64057>. * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Add 'requirement' field. Reported-by: Yann Dupont <yann.dupont@univ-nantes.fr>
2023-06-14services: static-netwoking: Wait for devices to show up.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/63516>. * gnu/services/base.scm (network-set-up/linux): Add call to 'wait-for-link'.
2023-06-04services: screen-locker-service-type: Configurable PAM and setuid.muradm
screen-locker-service-type by default does both define PAM entry and make program setuid binary. Normally both methods are mutually exclusive, if binary has setuid set it does not really needs PAM, otherway around also similar, if PAM is enabled binary should not relay on setuid. Recent swaylock package now compiled with PAM support. When PAM support is compiled in, swaylock rejects executing if binary is also setuid program. This change turns screen-locker-configuration from strict PAM AND setuid to more flexible PAM AND/OR setuid. Allowing swaylock to be configured properly while supporting other screen locker preferences. * gnu/services/xorg.scm (screen-locker-configuration): Switch from define-record-type to define-configuration. [using-pam?]: New field to control PAM entry existence. [using-setuid?]: New field to control setuid binary existence. (screen-locker-pam-services): Should not make unix-pam-service if using-pam? is set to #f. (screen-locker-setuid-programs): Should not make program setuid program if using-setuid? is set to #f. (screen-locker-generate-doc): Internal function to generate configuration documentation. (screen-locker-service): Adapt to new screen-locker-configuration. * gnu/services/desktop.scm (desktop-services-for-system): Adapt to new screen-locker-configuration. * doc/guix.texi: Reflect new changes to screen-locker-configuration. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-05-30services: herd: "Resolve" transient services only when needed.Ludovic Courtès
This allows us to get rid of the "eval root" actions, which in turn would lead to confusing "Evaluating user expression" messages. Fixes <https://issues.guix.gnu.org/55857>. * gnu/services/herd.scm (resolve-transients): In 'values', avoid 'eval-there' call when UNRESOLVED is empty.
2023-05-24services: guix: Depend on 'avahi-daemon' when 'discover?' is set.Ludovic Courtès
Previously, with shepherd 0.10.0, guix-daemon would start quickly, possibly before avahi-daemon is running. Consequently, its "guix discover" child process would exit immediately with a warning saying "Avahi daemon is not running". * gnu/services/base.scm (guix-shepherd-service): When DISCOVER? is true, add 'avahi-daemon' to 'requirement'.
2023-05-23services: cups: Add cups PAM service.muradm
Fixes <https://issues.guix.gnu.org/63198>. Have the CUPS service extend pam-root-service-type providing minimal configuration to authenticate users. Since PAM authentication is provided, the regular cups package can be used as default instead of the minimal, PAM-lacking variant. * gnu/services/cups.scm (cups-configuration) [cups]: Replace cups-minimal with cups. [allow-empty-password?]: PAM service configuration permitting empty passwords. (opaque-cups-configuration): Likewise. (cups-pam-service): New procedure. (cups-service-type): Extend pam-root-service-type with cups-pam-service. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2023-05-21services: Transient inetd services inherit requirements.Ludovic Courtès
That way, per-connection transient services such as 'sshd-123' inherit dependencies of their "parent" ('sshd' in this example), which is more consistent than not depending on anything. * gnu/services/dict.scm (dicod-shepherd-service): Pass #:requirements to 'make-inetd-constructor'. * gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise. * gnu/services/ssh.scm (openssh-shepherd-service): Likewise. * gnu/services/vnc.scm (xvnc-shepherd-service): Likewise.
2023-05-21services: root-file-system: Remove reference to 'stop-logging'.Ludovic Courtès
* gnu/services/base.scm (%root-file-system-shepherd-service): In 'stop' method, remove reference to 'stop-logging'. That procedure is gone in Shepherd 0.10.0, leading to an unbound-variable exception. Additionally, calling is unnecessary since 0.4.0, where shepherd logs to syslog (thus the open file descriptor is not backed by an on-disk file).
2023-05-21services: agetty: 'stop' method does nothing when running is 'idle.Ludovic Courtès
This is a followup to 57e731c358d000f614fbda23654cae6a5e79df80. * gnu/services/base.scm (agetty-shepherd-service): Change 'stop' method to return #f immediately when the running value is 'idle.
2023-05-18services: rsync: Use least authority wrapper.Maxim Cournoyer
* gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a least-authority-wrapper. Reviewed-by: Ludovic Courtès <ludo@gnu.org>
2023-05-18services: rsync: Use make-inetd-constructor.Maxim Cournoyer
* gnu/services/rsync.scm (rsync-shepherd-service): Use make-inetd-constructor if available in start slot. * gnu/tests/rsync.scm (run-rsync-test): Delete "PID file" test. Reviewed-by: Ludovic Courtès <ludo@gnu.org>