From 1059c2bb66cca89c7619e595502e3e17f1aa1c81 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 17 Feb 2022 18:08:39 +0100 Subject: services: zabbix: Add requirement on 'user-processes'. This ensures the services does not start before mounts are up. Reported by rekado on #guix. * gnu/services/monitoring.scm (zabbix-server-shepherd-service, zabbix-agent-shepherd-service)[requirement]: New field. --- gnu/services/monitoring.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 92c49c513b..0e6aed2cac 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -392,6 +392,7 @@ configuration file.")) (config-file (zabbix-server-config-file config))) (list (shepherd-service (provision '(zabbix-server)) + (requirement '(user-processes)) (documentation "Run the Zabbix server daemon.") (actions (zabbix-server-actions zabbix-server config-file)) (start #~(make-forkexec-constructor @@ -516,6 +517,7 @@ configuration file.")) "Return a for Zabbix agent with CONFIG." (list (shepherd-service (provision '(zabbix-agent)) + (requirement '(user-processes)) (documentation "Run Zabbix agent daemon.") (start #~(make-forkexec-constructor (list #$(file-append (zabbix-agent-configuration-zabbix-agent config) -- cgit 1.4.1 From 9c15252060ba1f4764375966afd3a62091f2b311 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 17 Feb 2022 10:06:36 -0500 Subject: services: web: Rotate mumi logs. * gnu/services/web.scm (%mumi-log, %mumi-mailer-log, %mumi-worker-log): New variables. (mumi-shepherd-services): Use them. (%mumi-log-rotations): New variable. (mumi-service-type): Extend rottlog. --- gnu/services/web.scm | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 3fe58d98e6..2c7df19222 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -1782,6 +1782,12 @@ WSGIPassAuthorization On (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) +(define %mumi-log "/var/log/mumi.log") + +(define %mumi-mailer-log "/var/log/mumi.mailer.log") + +(define %mumi-worker-log "/var/log/mumi.worker.log") + (define (mumi-shepherd-services config) (define environment #~(list "LC_ALL=en_US.utf8" @@ -1799,7 +1805,7 @@ WSGIPassAuthorization On ,@(if #$mailer? '() '("--disable-mailer"))) #:environment-variables #$environment #:user "mumi" #:group "mumi" - #:log-file "/var/log/mumi.log")) + #:log-file #$%mumi-log)) (stop #~(make-kill-destructor))) (shepherd-service (provision '(mumi-worker)) @@ -1809,7 +1815,7 @@ WSGIPassAuthorization On '(#$(file-append mumi "/bin/mumi") "worker") #:environment-variables #$environment #:user "mumi" #:group "mumi" - #:log-file "/var/log/mumi.worker.log")) + #:log-file #$%mumi-worker-log)) (stop #~(make-kill-destructor))) (shepherd-service (provision '(mumi-mailer)) @@ -1825,9 +1831,15 @@ WSGIPassAuthorization On '())) #:environment-variables #$environment #:user "mumi" #:group "mumi" - #:log-file "/var/log/mumi.mailer.log")) + #:log-file #$%mumi-mailer-log)) (stop #~(make-kill-destructor))))))) +(define %mumi-log-rotations + (list (log-rotation + (files (list %mumi-log + %mumi-mailer-log + %mumi-worker-log))))) + (define mumi-service-type (service-type (name 'mumi) @@ -1837,7 +1849,9 @@ WSGIPassAuthorization On (service-extension account-service-type (const %mumi-accounts)) (service-extension shepherd-root-service-type - mumi-shepherd-services))) + mumi-shepherd-services) + (service-extension rottlog-service-type + (const %mumi-log-rotations)))) (description "Run Mumi, a Web interface to the Debbugs bug-tracking server.") (default-value -- cgit 1.4.1 From 12566aabe739e84e3475e21346499683406f1b03 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 17 Feb 2022 10:11:48 -0500 Subject: services: cuirass: Also rotate the web log. * gnu/services/cuirass.scm (cuirass-log-rotations): Add the web log to the list of rotated files. --- gnu/services/cuirass.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 96f28a9670..d666d6243b 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -302,7 +302,8 @@ (define (cuirass-log-rotations config) "Return the list of log rotations that corresponds to CONFIG." (list (log-rotation - (files (list (cuirass-configuration-log-file config))) + (files (list (cuirass-configuration-log-file config) + (cuirass-configuration-web-log-file config))) (frequency 'weekly) (options '("rotate 40"))))) ;worth keeping -- cgit 1.4.1 From 01821914e272ed682dc83b5163c17a0345dcaf17 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 18 Feb 2022 11:29:10 +0100 Subject: services: qemu-guest-agent: Fix implementation. Previously, by accessing the raw fields, 'qemu' would match the first field, which is the '%location' field, not the 'qemu' field. It would seem this bug has always been present since the addition of the 'location' field in d132d9f96ba34bca58b18e293e03b393054fd962 predates the addition of 'qemu-guest-agent-service-type' in f634a0baab85454a6feac25e29905f564b276c9e. Fixes . Reported by Ricardo Wurmus . * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Use accessors for . --- gnu/services/virtualization.scm | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 66ae1a1565..9b4512cff7 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Ryan Moe -;;; Copyright © 2018, 2020, 2021 Ludovic Courtès +;;; Copyright © 2018, 2020-2022 Ludovic Courtès ;;; Copyright © 2020,2021 Jan (janneke) Nieuwenhuizen ;;; Copyright © 2021 Timotej Lazar ;;; @@ -866,23 +866,23 @@ functionality of the kernel Linux."))) "Path to device or socket used to communicate with the host. If not specified, the QEMU default path is used.")) -(define qemu-guest-agent-shepherd-service - (match-lambda - (($ qemu device) - (list - (shepherd-service - (provision '(qemu-guest-agent)) - (documentation "Run the QEMU guest agent.") - (start #~(make-forkexec-constructor - `(,(string-append #$qemu "/bin/qemu-ga") "--daemon" - "--pidfile=/var/run/qemu-ga.pid" - "--statedir=/var/run" - ,@(if #$device - (list (string-append "--path=" #$device)) - '())) - #:pid-file "/var/run/qemu-ga.pid" - #:log-file "/var/log/qemu-ga.log")) - (stop #~(make-kill-destructor))))))) +(define (qemu-guest-agent-shepherd-service config) + (let ((qemu (qemu-guest-agent-configuration-qemu config)) + (device (qemu-guest-agent-configuration-device config))) + (list + (shepherd-service + (provision '(qemu-guest-agent)) + (documentation "Run the QEMU guest agent.") + (start #~(make-forkexec-constructor + `(,(string-append #$qemu "/bin/qemu-ga") "--daemon" + "--pidfile=/var/run/qemu-ga.pid" + "--statedir=/var/run" + ,@(if #$device + (list (string-append "--path=" #$device)) + '())) + #:pid-file "/var/run/qemu-ga.pid" + #:log-file "/var/log/qemu-ga.log")) + (stop #~(make-kill-destructor)))))) (define qemu-guest-agent-service-type (service-type -- cgit 1.4.1 From 6e5d21942509ff29249f98ff0e0f3eabd7341144 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sat, 19 Feb 2022 01:22:05 -0500 Subject: services: dbus: Increase auth_timeout value to 5 minutes. This is a follow-up to 488f1c589df; the problem had re-appeared on my machine. * gnu/services/dbus.scm (dbus-configuration-directory): Increase 'auth_timeout' value from 60000 to 300000 ms (5 minutes). --- gnu/services/dbus.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index d2daf60497..ef6b82c572 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -106,10 +106,10 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in (define (services->sxml services) ;; Return the SXML 'includedir' clauses for DIRS. `(busconfig - ;; Increase this timeout to 60 seconds to work around race-y + ;; Increase this timeout to 300 seconds to work around race-y ;; failures such as on slow ;; computers with slow I/O. - (limit (@ (name "auth_timeout")) "60000") + (limit (@ (name "auth_timeout")) "300000") (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper") ;; First, the '.service' files of services subject to activation. -- cgit 1.4.1 From e9fa17eb98efbd6211ab44ab49b8c078d4b73e04 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 1 Feb 2022 00:32:50 -0500 Subject: services: udev: Use a fixed location for the rules directory and config. Fixes . This change adjusts the location of the udev configuration file and rules directory to a fixed location. Since udev relies on inotify to discover change to its rules directory (/etc/udev/rules.d), by using a fixed directory layout, new udev rules can be automatically picked up without restarting the service. * gnu/services/base.scm (udev-rules-union): Build rules output directly in #$output. (udev-shepherd-service)[start]: Adjust the UDEV_CONFIG_FILE and EUDEV_RULES_DIRECTORY environment variables. [actions]: Remove field. The 'rules' action is no longer useful. (udev.conf): New variable. (udev-etc): New procedure. (udev-service-type): Extend the etc-service-type with it. --- gnu/services/base.scm | 210 +++++++++++++++++++++++++------------------------- 1 file changed, 104 insertions(+), 106 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index fbd01e84d6..4c8a840156 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -15,7 +15,7 @@ ;;; Copyright © 2020, 2021 Brice Waegeneire ;;; Copyright © 2021 qblade ;;; Copyright © 2021 Hui Lu -;;; Copyright © 2021 Maxim Cournoyer +;;; Copyright © 2021, 2022 Maxim Cournoyer ;;; Copyright © 2022 Guillaume Le Vaillant ;;; ;;; This file is part of GNU Guix. @@ -1995,8 +1995,7 @@ item of @var{packages}." (find directory-exists? (map (cut string-append directory <>) %standard-locations))) - (mkdir-p (string-append #$output "/lib/udev")) - (union-build (string-append #$output "/lib/udev/rules.d") + (union-build #$output (filter-map rules-sub-directory '#$packages))))) (computed-file "udev-rules" build)) @@ -2045,116 +2044,115 @@ item of @var{packages}." (define udev-shepherd-service ;; Return a for UDEV with RULES. + (match-lambda + (($ udev) + (list + (shepherd-service + (provision '(udev)) + + ;; Udev needs /dev to be a 'devtmpfs' mount so that new device nodes can + ;; be added: see + ;; . + (requirement '(root-file-system)) + + (documentation "Populate the /dev directory, dynamically.") + (start + (with-imported-modules (source-module-closure + '((gnu build linux-boot))) + #~(lambda () + (define udevd + ;; 'udevd' from eudev. + #$(file-append udev "/sbin/udevd")) + + (define (wait-for-udevd) + ;; Wait until someone's listening on udevd's control + ;; socket. + (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0))) + (let try () + (catch 'system-error + (lambda () + (connect sock PF_UNIX "/run/udev/control") + (close-port sock)) + (lambda args + (format #t "waiting for udevd...~%") + (usleep 500000) + (try)))))) + + ;; Allow udev to find the modules. + (setenv "LINUX_MODULE_DIRECTORY" + "/run/booted-system/kernel/lib/modules") + + (let* ((kernel-release + (utsname:release (uname))) + (linux-module-directory + (getenv "LINUX_MODULE_DIRECTORY")) + (directory + (string-append linux-module-directory "/" + kernel-release)) + (old-umask (umask #o022))) + ;; If we're in a container, DIRECTORY might not exist, + ;; for instance because the host runs a different + ;; kernel. In that case, skip it; we'll just miss a few + ;; nodes like /dev/fuse. + (when (file-exists? directory) + (make-static-device-nodes directory)) + (umask old-umask)) + + (let ((pid (fork+exec-command + (list udevd) + #:environment-variables + (cons* + ;; The first one is for udev, the second one for + ;; eudev. + "UDEV_CONFIG_FILE=/etc/udev/udev.conf" + "EUDEV_RULES_DIRECTORY=/etc/udev/rules.d" + (string-append "LINUX_MODULE_DIRECTORY=" + (getenv "LINUX_MODULE_DIRECTORY")) + (default-environment-variables))))) + ;; Wait until udevd is up and running. This appears to + ;; be needed so that the events triggered below are + ;; actually handled. + (wait-for-udevd) + + ;; Trigger device node creation. + (system* #$(file-append udev "/bin/udevadm") + "trigger" "--action=add") + + ;; Wait for things to settle down. + (system* #$(file-append udev "/bin/udevadm") + "settle") + pid)))) + (stop #~(make-kill-destructor)) + + ;; When halting the system, 'udev' is actually killed by + ;; 'user-processes', i.e., before its own 'stop' method was called. + ;; Thus, make sure it is not respawned. + (respawn? #f) + ;; We need additional modules. + (modules `((gnu build linux-boot) ;'make-static-device-nodes' + ,@%default-modules))))))) + +(define udev.conf + (computed-file "udev.conf" + #~(call-with-output-file #$output + (lambda (port) + (format port "udev_rules=\"/etc/udev/rules.d\"~%"))))) + +(define udev-etc (match-lambda (($ udev rules) - (let* ((rules (udev-rules-union (cons* udev kvm-udev-rule rules))) - (udev.conf (computed-file "udev.conf" - #~(call-with-output-file #$output - (lambda (port) - (format port - "udev_rules=\"~a/lib/udev/rules.d\"\n" - #$rules)))))) - (list - (shepherd-service - (provision '(udev)) - - ;; Udev needs /dev to be a 'devtmpfs' mount so that new device nodes can - ;; be added: see - ;; . - (requirement '(root-file-system)) - - (documentation "Populate the /dev directory, dynamically.") - (start - (with-imported-modules (source-module-closure - '((gnu build linux-boot))) - #~(lambda () - (define udevd - ;; 'udevd' from eudev. - #$(file-append udev "/sbin/udevd")) - - (define (wait-for-udevd) - ;; Wait until someone's listening on udevd's control - ;; socket. - (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0))) - (let try () - (catch 'system-error - (lambda () - (connect sock PF_UNIX "/run/udev/control") - (close-port sock)) - (lambda args - (format #t "waiting for udevd...~%") - (usleep 500000) - (try)))))) - - ;; Allow udev to find the modules. - (setenv "LINUX_MODULE_DIRECTORY" - "/run/booted-system/kernel/lib/modules") - - (let* ((kernel-release - (utsname:release (uname))) - (linux-module-directory - (getenv "LINUX_MODULE_DIRECTORY")) - (directory - (string-append linux-module-directory "/" - kernel-release)) - (old-umask (umask #o022))) - ;; If we're in a container, DIRECTORY might not exist, - ;; for instance because the host runs a different - ;; kernel. In that case, skip it; we'll just miss a few - ;; nodes like /dev/fuse. - (when (file-exists? directory) - (make-static-device-nodes directory)) - (umask old-umask)) - - (let ((pid (fork+exec-command (list udevd) - #:environment-variables - (cons* - ;; The first one is for udev, the second one for - ;; eudev. - (string-append "UDEV_CONFIG_FILE=" #$udev.conf) - (string-append "EUDEV_RULES_DIRECTORY=" - #$(file-append - rules "/lib/udev/rules.d")) - (string-append "LINUX_MODULE_DIRECTORY=" - (getenv "LINUX_MODULE_DIRECTORY")) - (default-environment-variables))))) - ;; Wait until udevd is up and running. This appears to - ;; be needed so that the events triggered below are - ;; actually handled. - (wait-for-udevd) - - ;; Trigger device node creation. - (system* #$(file-append udev "/bin/udevadm") - "trigger" "--action=add") - - ;; Wait for things to settle down. - (system* #$(file-append udev "/bin/udevadm") - "settle") - pid)))) - (stop #~(make-kill-destructor)) - - ;; When halting the system, 'udev' is actually killed by - ;; 'user-processes', i.e., before its own 'stop' method was called. - ;; Thus, make sure it is not respawned. - (respawn? #f) - ;; We need additional modules. - (modules `((gnu build linux-boot) ;'make-static-device-nodes' - ,@%default-modules)) - - (actions (list (shepherd-action - (name 'rules) - (documentation "Display the directory containing -the udev rules in use.") - (procedure #~(lambda (_) - (display #$rules) - (newline)))))))))))) + `(("udev" + ,(file-union + "udev" `(("udev.conf" ,udev.conf) + ("rules.d" ,(udev-rules-union (cons* udev kvm-udev-rule + rules)))))))))) (define udev-service-type (service-type (name 'udev) (extensions (list (service-extension shepherd-root-service-type - udev-shepherd-service))) - + udev-shepherd-service) + (service-extension etc-service-type udev-etc))) (compose concatenate) ;concatenate the list of rules (extend (lambda (config rules) (match config -- cgit 1.4.1 From ed17082d94bdcdb67713e95d181061d179299aad Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Fri, 25 Feb 2022 17:13:12 +0100 Subject: services: agetty: Add shepherd-requirement. * gnu/services/base.scm (): Add shepherd-requirement. * doc/guix.texi (agetty-configuration): Document it. --- doc/guix.texi | 4 ++++ gnu/services/base.scm | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 2a08fa05a5..05c260d792 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16738,6 +16738,10 @@ This option accepts, as an integer, the nice value with which to run the This option provides an ``escape hatch'' for the user to provide arbitrary command-line arguments to @command{agetty} as a list of strings. +@item @code{shepherd-requirement} (default: @code{'()}) +The option can be used to provides extra shepherd requirements (for example +@code{'syslogd}) to the respective @code{'term-}* shepherd service. + @end table @end deftp diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 4c8a840156..308940ff14 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -876,6 +876,8 @@ the message of the day, among other things." ;; "Escape hatch" for passing arbitrary command-line arguments. (extra-options agetty-extra-options ;list of strings (default '())) + (shepherd-requirement agetty-shepherd-requirement ;list of SHEPHERD requirements + (default '())) ;;; XXX Unimplemented for now! ;;; (issue-file agetty-issue-file ;file-like ;;; (default #f)) @@ -924,7 +926,8 @@ to use as the tty. This is primarily useful for headless systems." host no-issue? init-string no-clear? local-line extract-baud? skip-login? no-newline? login-options chroot hangup? keep-baud? timeout detect-case? wait-cr? no-hints? no-hostname? long-hostname? - erase-characters kill-characters chdir delay nice extra-options) + erase-characters kill-characters chdir delay nice extra-options + shepherd-requirement) (list (shepherd-service (documentation "Run agetty on a tty.") @@ -934,7 +937,8 @@ to use as the tty. This is primarily useful for headless systems." ;; service to be done. Also wait for udev essentially so that the tty ;; text is not lost in the middle of kernel messages (see also ;; mingetty-shepherd-service). - (requirement '(user-processes host-name udev)) + (requirement (cons* 'user-processes 'host-name 'udev + shepherd-requirement)) (modules '((ice-9 match) (gnu build linux-boot))) (start -- cgit 1.4.1 From fcb6cab62149fd46d9fe496b91cc019a43774a43 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Fri, 25 Feb 2022 17:13:35 +0100 Subject: services: %base-services: Adapt agetty-service-type to depend on syslogd Fixes . * gnu/services/base.scm (%base-services): Reorder syslog-service for clarity. [shepherd-requirement]: New field. --- gnu/services/base.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 308940ff14..53db6bdca5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -2785,10 +2785,12 @@ to handle." (cons tty %default-console-font)) '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6"))) + (syslog-service) (service agetty-service-type (agetty-configuration (extra-options '("-L")) ; no carrier detect (term "vt100") - (tty #f))) ; automatic + (tty #f) ; automatic + (shepherd-requirement '(syslogd)))) (service mingetty-service-type (mingetty-configuration (tty "tty1"))) @@ -2805,7 +2807,6 @@ to handle." (service static-networking-service-type (list %loopback-static-networking)) - (syslog-service) (service urandom-seed-service-type) (service guix-service-type) (service nscd-service-type) -- cgit 1.4.1 From 07c3a439555113bdd0bd416265221063d263f44c Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Fri, 25 Feb 2022 17:13:53 +0100 Subject: agetty-shepherd-service: Rename console agetty to "term-console" for clarity. * gnu/services/base.scm (agetty-shepherd-service)[provision]: Rename console agetty to "term-console". --- gnu/services/base.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 53db6bdca5..463f034305 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -931,7 +931,7 @@ to use as the tty. This is primarily useful for headless systems." (list (shepherd-service (documentation "Run agetty on a tty.") - (provision (list (symbol-append 'term- (string->symbol (or tty "auto"))))) + (provision (list (symbol-append 'term- (string->symbol (or tty "console"))))) ;; Since the login prompt shows the host name, wait for the 'host-name' ;; service to be done. Also wait for udev essentially so that the tty -- cgit 1.4.1 From 1cc9060ca3db1fadcf0f2c8118529a721288f693 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 31 Jan 2022 13:16:01 -0500 Subject: services/sound: Normalize pulseaudio-configuration accessor names. * gnu/services/sound.scm (): Adjust getter names to match convention. --- gnu/services/sound.scm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm index 03e62a1e36..9684e06d13 100644 --- a/gnu/services/sound.scm +++ b/gnu/services/sound.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2018, 2020 Oleg Pykhalov ;;; Copyright © 2020 Liliana Marie Prikler ;;; Copyright © 2020 Marius Bakke +;;; Copyright © 2022 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -115,16 +116,16 @@ ctl.!default { (define-record-type* pulseaudio-configuration make-pulseaudio-configuration pulseaudio-configuration? - (client-conf pulseaudio-client-conf + (client-conf pulseaudio-configuration-client-conf (default '())) - (daemon-conf pulseaudio-daemon-conf + (daemon-conf pulseaudio-configuration-daemon-conf ;; Flat volumes may cause unpleasant experiences to users ;; when applications inadvertently max out the system volume ;; (see e.g. ). (default '((flat-volumes . no)))) - (script-file pulseaudio-script-file + (script-file pulseaudio-configuration-script-file (default (file-append pulseaudio "/etc/pulse/default.pa"))) - (system-script-file pulseaudio-system-script-file + (system-script-file pulseaudio-configuration-system-script-file (default (file-append pulseaudio "/etc/pulse/system.pa")))) -- cgit 1.4.1 From 60cb647a2807c4ff1ec3eeae589bb985fe7bde28 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 31 Jan 2022 14:17:51 -0500 Subject: services: pulseaudio: Add an extra-script-files configuration field. * gnu/services/sound.scm () [extra-script-files]: Add field. (extra-script-files->file-union): New procedure. (append-include-directive): Likewise. (pulseaudio-etc): Use them. * doc/guix.texi: Document the new 'extra-script-files- configuration field. --- doc/guix.texi | 35 ++++++++++++++++++++++++++++++- gnu/services/sound.scm | 57 +++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 88 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 05c260d792..a6437729ff 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -21511,11 +21511,44 @@ List of settings to set in @file{daemon.conf}, formatted just like @var{client-conf}. @item @code{script-file} (default: @code{(file-append pulseaudio "/etc/pulse/default.pa")}) -Script file to use as @file{default.pa}. +Script file to use as @file{default.pa}. In case the +@code{extra-script-files} field below is used, an @code{.include} +directive pointing to @file{/etc/pulse/default.pa.d} is appended to the +provided script. + +@item @code{extra-script-files} (default: @code{'())}) +A list of file-like objects defining extra PulseAudio scripts to run at +the initialization of the @command{pulseaudio} daemon, after the main +@code{script-file}. The scripts are deployed to the +@file{/etc/pulse/default.pa.d} directory; they should have the +@samp{.pa} file name extension. For a reference of the available +commands, refer to @command{man pulse-cli-syntax}. @item @code{system-script-file} (default: @code{(file-append pulseaudio "/etc/pulse/system.pa")}) Script file to use as @file{system.pa}. @end table + +The example below sets the default PulseAudio card profile, the default +sink and the default source to use for a old SoundBlaster Audigy sound +card: +@lisp +(pulseaudio-configuration + (extra-script-files + (list (plain-file "audigy.pa" + (string-append "\ +set-card-profile alsa_card.pci-0000_01_01.0 \ + output:analog-surround-40+input:analog-mono +set-default-source alsa_input.pci-0000_01_01.0.analog-mono +set-default-sink alsa_output.pci-0000_01_01.0.analog-surround-40\n"))))) +@end lisp + +Note that @code{pulseaudio-service-type} is part of +@code{%desktop-services}; if your operating system declaration was +derived from one of the desktop templates, you'll want to adjust the +above example to modify the existing @code{pulseaudio-service-type} via +@code{modify-services} (@pxref{Service Reference, +@code{modify-services}}), instead of defining a new one. + @end deftp @deffn {Scheme Variable} ladspa-service-type diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm index 9684e06d13..fca6f13dc5 100644 --- a/gnu/services/sound.scm +++ b/gnu/services/sound.scm @@ -26,14 +26,17 @@ #:use-module (gnu services) #:use-module (gnu system pam) #:use-module (gnu system shadow) + #:use-module (guix diagnostics) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix records) #:use-module (guix store) + #:use-module (guix ui) #:use-module (gnu packages audio) #:use-module (gnu packages linux) #:use-module (gnu packages pulseaudio) #:use-module (ice-9 match) + #:use-module (srfi srfi-1) #:export (alsa-configuration alsa-service-type @@ -125,6 +128,8 @@ ctl.!default { (default '((flat-volumes . no)))) (script-file pulseaudio-configuration-script-file (default (file-append pulseaudio "/etc/pulse/default.pa"))) + (extra-script-files pulseaudio-configuration-extra-script-files + (default '())) (system-script-file pulseaudio-configuration-system-script-file (default (file-append pulseaudio "/etc/pulse/system.pa")))) @@ -145,14 +150,60 @@ ctl.!default { ("PULSE_CLIENTCONFIG" . ,(apply mixed-text-file "client.conf" (map pulseaudio-conf-entry client-conf))))))) +(define (extra-script-files->file-union extra-script-files) + "Return a G-exp obtained by processing EXTRA-SCRIPT-FILES with FILE-UNION." + + (define (file-like->name file) + (match file + ((? local-file?) + (local-file-name file)) + ((? plain-file?) + (plain-file-name file)) + ((? computed-file?) + (computed-file-name file)) + (_ (leave (G_ "~a is not a local-file, plain-file or \ +computed-file object~%") file)))) + + (define (assert-pulseaudio-script-file-name name) + (unless (string-suffix? ".pa" name) + (leave (G_ "`~a' lacks the required `.pa' file name extension~%") name)) + name) + + (let ((labels (map (compose assert-pulseaudio-script-file-name + file-like->name) + extra-script-files))) + (file-union "default.pa.d" (zip labels extra-script-files)))) + +(define (append-include-directive script-file) + "Append an include directive to source scripts under /etc/pulse/default.pa.d." + (computed-file "default.pa" + #~(begin + (use-modules (ice-9 textual-ports)) + (define script-text + (call-with-input-file #$script-file get-string-all)) + (call-with-output-file #$output + (lambda (port) + (format port (string-append script-text " +### Added by Guix to include scripts specified in extra-script-files. +.nofail +.include /etc/pulse/default.pa.d~%"))))))) + (define pulseaudio-etc (match-lambda - (($ _ _ default-script-file system-script-file) + (($ _ _ default-script-file extra-script-files + system-script-file) `(("pulse" ,(file-union "pulse" - `(("default.pa" ,default-script-file) - ("system.pa" ,system-script-file)))))))) + `(("default.pa" + ,(if (null? extra-script-files) + default-script-file + (append-include-directive default-script-file))) + ("system.pa" ,system-script-file) + ,@(if (null? extra-script-files) + '() + `(("default.pa.d" ,(extra-script-files->file-union + extra-script-files))))))))))) (define pulseaudio-service-type (service-type -- cgit 1.4.1 From e680c4086178c03eea58c1e987ea2216653dbd6a Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 31 Jan 2022 15:49:31 -0500 Subject: services: pulseaudio: Deploy the configuration files to /etc/pulse. * gnu/services/sound.scm (pulseaudio-environment) [PULSE_CONFIG, PULSE_CLIENTCONFIG]: Use fixed locations, and move logic to... (pulseaudio-etc): ... this service extension. Guard against producing empty files. --- gnu/services/sound.scm | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/sound.scm b/gnu/services/sound.scm index fca6f13dc5..8410ba2418 100644 --- a/gnu/services/sound.scm +++ b/gnu/services/sound.scm @@ -144,11 +144,11 @@ ctl.!default { (define pulseaudio-environment (match-lambda (($ client-conf daemon-conf default-script-file) - `(("PULSE_CONFIG" . ,(apply mixed-text-file "daemon.conf" - "default-script-file = " default-script-file "\n" - (map pulseaudio-conf-entry daemon-conf))) - ("PULSE_CLIENTCONFIG" . ,(apply mixed-text-file "client.conf" - (map pulseaudio-conf-entry client-conf))))))) + ;; These config files kept at a fixed location, so that the following + ;; environment values are stable and do not require the user to reboot to + ;; effect their PulseAudio configuration changes. + '(("PULSE_CONFIG" . "/etc/pulse/daemon.conf") + ("PULSE_CLIENTCONFIG" . "/etc/pulse/client.conf"))))) (define (extra-script-files->file-union extra-script-files) "Return a G-exp obtained by processing EXTRA-SCRIPT-FILES with FILE-UNION." @@ -190,8 +190,8 @@ computed-file object~%") file)))) (define pulseaudio-etc (match-lambda - (($ _ _ default-script-file extra-script-files - system-script-file) + (($ client-conf daemon-conf default-script-file + extra-script-files system-script-file) `(("pulse" ,(file-union "pulse" @@ -203,7 +203,18 @@ computed-file object~%") file)))) ,@(if (null? extra-script-files) '() `(("default.pa.d" ,(extra-script-files->file-union - extra-script-files))))))))))) + extra-script-files)))) + ,@(if (null? daemon-conf) + '() + `(("daemon.conf" + ,(apply mixed-text-file "daemon.conf" + "default-script-file = " default-script-file "\n" + (map pulseaudio-conf-entry daemon-conf))))) + ,@(if (null? client-conf) + '() + `(("client.conf" + ,(apply mixed-text-file "client.conf" + (map pulseaudio-conf-entry client-conf)))))))))))) (define pulseaudio-service-type (service-type -- cgit 1.4.1 From 48bd8b408e1de93e8dc8bf134942b7b6141fc6ad Mon Sep 17 00:00:00 2001 From: Cameron Chaparro Date: Thu, 24 Feb 2022 15:49:15 -0600 Subject: services: openvpn: Actually save log file. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/vpn.scm (openvpn-shepherd-service): Pass #:log-file to 'make-forkexec-constructor'. Signed-off-by: Ludovic Courtès --- gnu/services/vpn.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 3e370ba4be..b24e9cffb3 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2021 Raghav Gururajan ;;; Copyright © 2021 jgart ;;; Copyright © 2021 Nathan Dehnel +;;; Copyright © 2022 Cameron V Chaparro ;;; ;;; This file is part of GNU Guix. ;;; @@ -494,7 +495,8 @@ is truncated and rewritten every minute.") (list (string-append #$openvpn "/sbin/openvpn") "--writepid" #$pid-file "--config" #$config-file "--daemon") - #:pid-file #$pid-file)) + #:pid-file #$pid-file + #:log-file #$log-file)) (stop #~(make-kill-destructor))))))) (define %openvpn-accounts -- cgit 1.4.1 From 878578c0faaa97edebe506bc96a3db955983c95f Mon Sep 17 00:00:00 2001 From: Demis Balbach Date: Sun, 19 Dec 2021 17:41:46 +0100 Subject: services: bluetooth: Add missing config parameters. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Desktop Services): Document 'bluetooth-service-type' and 'bluetooth-configuration'. * gnu/services/desktop.scm (): Add many fields. (bluetooth-configuration-file): Handle them. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 443 ++++++++++++++++++++++++++++++++++++++++++++++- gnu/services/desktop.scm | 376 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 814 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index b83871bf0e..f479fe05ff 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -21378,6 +21378,448 @@ bluetooth keyboard or mouse. Users need to be in the @code{lp} group to access the D-Bus service. @end deffn +@deffn {Scheme Variable} bluetooth-service-type +This is the type for the @uref{https://bluez.org/, Linux Bluetooth Protocol +Stack} (BlueZ) system, which generates the @file{/etc/bluetooth/main.conf} +configuration file. The value for this type is a @command{bluetooth-configuration} +record as in this example: + +@lisp +(service bluetooth-service-type) +@end lisp + +See below for details about @code{bluetooth-configuration}. +@end deffn + +@deftp {Data Type} bluetooth-configuration +Data type representing the configuration for @code{bluetooth-service}. + +@table @asis +@item @code{bluez} (default: @code{bluez}) +@code{bluez} package to use. + +@item @code{name} (default: @code{"BlueZ"}) +Default adapter name. + +@item @code{class} (default: @code{#x000000}) +Default device class. Only the major and minor device class bits are considered. + +@item @code{discoverable-timeout} (default: @code{180}) +How long to stay in discoverable mode before going back to non-discoverable. The +value is in seconds. + +@item @code{always-pairable?} (default: @code{#f}) +Always allow pairing even if there are no agents registered. + +@item @code{pairable-timeout} (default: @code{0}) +How long to stay in pairable mode before going back to non-discoverable. The +value is in seconds. + +@item @code{device-id} (default: @code{#f}) +Use vendor id source (assigner), vendor, product and version information for +DID profile support. The values are separated by ":" and @var{assigner}, @var{VID}, +@var{PID} and @var{version}. + +Possible values are: + +@itemize @bullet +@item +@code{#f} to disable it, + +@item +@code{"assigner:1234:5678:abcd"}, where @var{assigner} is either @code{usb} (default) +or @code{bluetooth}. + +@end itemize + +@item @code{reverse-service-discovery?} (default: @code{#t}) +Do reverse service discovery for previously unknown devices that connect to +us. For BR/EDR this option is really only needed for qualification since the +BITE tester doesn't like us doing reverse SDP for some test cases, for LE +this disables the GATT client functionally so it can be used in system which +can only operate as peripheral. + +@item @code{name-resolving?} (default: @code{#t}) +Enable name resolving after inquiry. Set it to @code{#f} if you don't need +remote devices name and want shorter discovery cycle. + +@item @code{debug-keys?} (default: @code{#f}) +Enable runtime persistency of debug link keys. Default is false which makes +debug link keys valid only for the duration of the connection that they were +created for. + +@item @code{controller-mode} (default: @code{'dual}) +Restricts all controllers to the specified transport. @code{'dual} means both +BR/EDR and LE are enabled (if supported by the hardware). + +Possible values are: + +@itemize @bullet +@item +@code{'dual} + +@item +@code{'bredr} + +@item +@code{'le} + +@end itemize + +@item @code{multi-profile} (default: @code{'off}) +Enables Multi Profile Specification support. This allows to specify if system +supports only Multiple Profiles Single Device (MPSD) configuration or both +Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple Devices +(MPMD) configurations. + +Possible values are: + +@itemize @bullet +@item +@code{'off} + +@item +@code{'single} + +@item +@code{'multiple} + +@end itemize + +@item @code{fast-connectable?} (default: @code{#f}) +Permanently enables the Fast Connectable setting for adapters that support +it. When enabled other devices can connect faster to us, however the +tradeoff is increased power consumptions. This feature will fully work only +on kernel version 4.1 and newer. + +@item @code{privacy} (default: @code{'off}) +Default privacy settings. + +@itemize @bullet +@item +@code{'off}: Disable local privacy + +@item +@code{'network/on}: A device will only accept advertising packets from peer +devices that contain private addresses. It may not be compatible with some +legacy devices since it requires the use of RPA(s) all the time + +@item +@code{'device}: A device in device privacy mode is only concerned about the +privacy of the device and will accept advertising packets from peer devices +that contain their Identity Address as well as ones that contain a private +address, even if the peer device has distributed its IRK in the past + +@end itemize + +and additionally, if @var{controller-mode} is set to @code{'dual}: + +@itemize @bullet +@item +@code{'limited-network}: Apply Limited Discoverable Mode to advertising, which +follows the same policy as to BR/EDR that publishes the identity address when +discoverable, and Network Privacy Mode for scanning + +@item +@code{'limited-device}: Apply Limited Discoverable Mode to advertising, which +follows the same policy as to BR/EDR that publishes the identity address when +discoverable, and Device Privacy Mode for scanning. + +@end itemize + +@item @code{just-works-repairing} (default: @code{'never}) +Specify the policy to the JUST-WORKS repairing initiated by peer. + +Possible values: +@itemize @bullet +@item +@code{'never} + +@item +@code{'confirm} + +@item +@code{'always} + +@end itemize + +@item @code{temporary-timeout} (default: @code{30}) +How long to keep temporary devices around. The value is in seconds. @code{0} +disables the timer completely. + +@item @code{refresh-discovery?} (default: @code{#t}) +Enables the device to issue an SDP request to update known services when +profile is connected. + +@item @code{experimental} (default: @code{#f}) +Enables experimental features and interfaces, alternatively a list of UUIDs +can be given. + +Possible values: + +@itemize @bullet +@item +@code{#t} + +@item +@code{#f} + +@item +@code{(list (uuid ) (uuid ) ...)}. +@end itemize + +List of possible UUIDs: +@itemize @bullet +@item +@code{d4992530-b9ec-469f-ab01-6c481c47da1c}: BlueZ Experimental Debug, + +@item +@code{671b10b5-42c0-4696-9227-eb28d1b049d6}: BlueZ Experimental Simultaneous Central and Peripheral, + +@item +@code{"15c0a148-c273-11ea-b3de-0242ac130004}: BlueZ Experimental LL privacy, + +@item +@code{330859bc-7506-492d-9370-9a6f0614037f}: BlueZ Experimental Bluetooth Quality Report, + +@item +@code{a6695ace-ee7f-4fb9-881a-5fac66c629af}: BlueZ Experimental Offload Codecs. +@end itemize + +@item @code{remote-name-request-retry-delay} (default: @code{300}) +The duration to avoid retrying to resolve a peer's name, if the previous +try failed. + +@item @code{page-scan-type} (default: @code{#f}) +BR/EDR Page scan activity type. + +@item @code{page-scan-interval} (default: @code{#f}) +BR/EDR Page scan activity interval. + +@item @code{page-scan-window} (default: @code{#f}) +BR/EDR Page scan activity window. + +@item @code{inquiry-scan-type} (default: @code{#f}) +BR/EDR Inquiry scan activity type. + +@item @code{inquiry-scan-interval} (default: @code{#f}) +BR/EDR Inquiry scan activity interval. + +@item @code{inquiry-scan-window} (default: @code{#f}) +BR/EDR Inquiry scan activity window. + +@item @code{link-supervision-timeout} (default: @code{#f}) +BR/EDR Link supervision timeout. + +@item @code{page-timeout} (default: @code{#f}) +BR/EDR Page timeout. + +@item @code{min-sniff-interval} (default: @code{#f}) +BR/EDR minimum sniff interval. + +@item @code{max-sniff-interval} (default: @code{#f}) +BR/EDR maximum sniff interval. + +@item @code{min-advertisement-interval} (default: @code{#f}) +LE minimum advertisement interval (used for legacy advertisement only). + +@item @code{max-advertisement-interval} (default: @code{#f}) +LE maximum advertisement interval (used for legacy advertisement only). + +@item @code{multi-advertisement-rotation-interval} (default: @code{#f}) +LE multiple advertisement rotation interval. + +@item @code{scan-interval-auto-connect} (default: @code{#f}) +LE scanning interval used for passive scanning supporting auto connect. + +@item @code{scan-window-auto-connect} (default: @code{#f}) +LE scanning window used for passive scanning supporting auto connect. + +@item @code{scan-interval-suspend} (default: @code{#f}) +LE scanning interval used for active scanning supporting wake from suspend. + +@item @code{scan-window-suspend} (default: @code{#f}) +LE scanning window used for active scanning supporting wake from suspend. + +@item @code{scan-interval-discovery} (default: @code{#f}) +LE scanning interval used for active scanning supporting discovery. + +@item @code{scan-window-discovery} (default: @code{#f}) +LE scanning window used for active scanning supporting discovery. + +@item @code{scan-interval-adv-monitor} (default: @code{#f}) +LE scanning interval used for passive scanning supporting the advertisement monitor APIs. + +@item @code{scan-window-adv-monitor} (default: @code{#f}) +LE scanning window used for passive scanning supporting the advertisement monitor APIs. + +@item @code{scan-interval-connect} (default: @code{#f}) +LE scanning interval used for connection establishment. + +@item @code{scan-window-connect} (default: @code{#f}) +LE scanning window used for connection establishment. + +@item @code{min-connection-interval} (default: @code{#f}) +LE default minimum connection interval. This value is superceeded by any specific +value provided via the Load Connection Parameters interface. + +@item @code{max-connection-interval} (default: @code{#f}) +LE default maximum connection interval. This value is superceeded by any specific +value provided via the Load Connection Parameters interface. + +@item @code{connection-latency} (default: @code{#f}) +LE default connection latency. This value is superceeded by any specific +value provided via the Load Connection Parameters interface. + +@item @code{connection-supervision-timeout} (default: @code{#f}) +LE default connection supervision timeout. This value is superceeded by any specific +value provided via the Load Connection Parameters interface. + +@item @code{autoconnect-timeout} (default: @code{#f}) +LE default autoconnect timeout. This value is superceeded by any specific +value provided via the Load Connection Parameters interface. + +@item @code{adv-mon-allowlist-scan-duration} (default: @code{300}) +Allowlist scan duration during interleaving scan. Only used when scanning for ADV +monitors. The units are msec. + +@item @code{adv-mon-no-filter-scan-duration} (default: @code{500}) +No filter scan duration during interleaving scan. Only used when scanning for ADV +monitors. The units are msec. + +@item @code{enable-adv-mon-interleave-scan?} (default: @code{#t}) +Enable/Disable Advertisement Monitor interleave scan for power saving. + +@item @code{cache} (default: @code{'always}) +GATT attribute cache. + +Possible values are: +@itemize @bullet +@item +@code{'always}: Always cache attributes even for devices not paired, this is +recommended as it is best for interoperability, with more consistent +reconnection times and enables proper tracking of notifications for all +devices + +@item +@code{'yes}: Only cache attributes of paired devices + +@item +@code{'no}: Never cache attributes. +@end itemize + +@item @code{key-size} (default: @code{0}) +Minimum required Encryption Key Size for accessing secured characteristics. + +Possible values are: +@itemize @bullet +@item +@code{0}: Don't care + +@item +@code{7 <= N <= 16} +@end itemize + +@item @code{exchange-mtu} (default: @code{517}) +Exchange MTU size. Possible values are: + +@itemize @bullet +@item +@code{23 <= N <= 517} +@end itemize + +@item @code{att-channels} (default: @code{3}) +Number of ATT channels. Possible values are: + +@itemize @bullet +@item +@code{1}: Disables EATT + +@item +@code{2 <= N <= 5} +@end itemize + +@item @code{session-mode} (default: @code{'basic}) +AVDTP L2CAP signalling channel mode. + +Possible values are: + +@itemize @bullet +@item +@code{'basic}: Use L2CAP basic mode + +@item +@code{'ertm}: Use L2CAP enhanced retransmission mode. +@end itemize + +@item @code{stream-mode} (default: @code{'basic}) +AVDTP L2CAP transport channel mode. + +Possible values are: + +@itemize @bullet +@item +@code{'basic}: Use L2CAP basic mode + +@item +@code{'streaming}: Use L2CAP streaming mode. +@end itemize + +@item @code{reconnect-uuids} (default: @code{'()}) +The ReconnectUUIDs defines the set of remote services that should try +to be reconnected to in case of a link loss (link supervision +timeout). The policy plugin should contain a sane set of values by +default, but this list can be overridden here. By setting the list to +empty the reconnection feature gets disabled. + +Possible values: + +@itemize @bullet +@item +@code{'()} + +@item +@code{(list (uuid ) (uuid ) ...)}. +@end itemize + +@item @code{reconnect-attempts} (default: @code{7}) +Defines the number of attempts to reconnect after a link lost. Setting +the value to 0 disables reconnecting feature. + +@item @code{reconnect-intervals} (default: @code{'(1 2 4 8 16 32 64)}) +Defines a list of intervals in seconds to use in between attempts. If +the number of attempts defined in @var{reconnect-attempts} is bigger than +the list of intervals the last interval is repeated until the last attempt. + +@item @code{auto-enable?} (default: @code{#f}) +Defines option to enable all controllers when they are found. This includes +adapters present on start as well as adapters that are plugged in later on. + +@item @code{resume-delay} (default: @code{2}) +Audio devices that were disconnected due to suspend will be reconnected on +resume. @var{resume-delay} determines the delay between when the controller +resumes from suspend and a connection attempt is made. A longer delay is +better for better co-existence with Wi-Fi. The value is in seconds. + +@item @code{rssi-sampling-period} (default: @code{#xFF}) +Default RSSI Sampling Period. This is used when a client registers an +advertisement monitor and leaves the RSSISamplingPeriod unset. + +Possible values are: +@itemize @bullet +@item +@code{#x0}: Report all advertisements + +@item +@code{N = #xXX}: Report advertisements every N x 100 msec (range: #x01 to #xFE) + +@item +@code{#xFF}: Report only one advertisement per device during monitoring period. +@end itemize + +@end table +@end deftp + @defvr {Scheme Variable} gnome-keyring-service-type This is the type of the service that adds the @uref{https://wiki.gnome.org/Projects/GnomeKeyring, GNOME Keyring}. Its @@ -21412,7 +21854,6 @@ and ``passwd'' is with the value @code{passwd}. @end table @end deftp - @node Sound Services @subsection Sound Services diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index c2ee3a3d80..ecadb16b2f 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -44,6 +44,7 @@ #:use-module (gnu system) #:use-module (gnu system setuid) #:use-module (gnu system shadow) + #:use-module (gnu system uuid) #:use-module (gnu system pam) #:use-module (gnu packages glib) #:use-module (gnu packages admin) @@ -68,6 +69,7 @@ #:use-module (guix utils) #:use-module (guix gexp) #:use-module (srfi srfi-1) + #:use-module (ice-9 format) #:use-module (ice-9 match) #:export ( upower-configuration @@ -403,14 +405,380 @@ site} for more information." bluetooth-configuration make-bluetooth-configuration bluetooth-configuration? (bluez bluetooth-configuration-bluez (default bluez)) - (auto-enable? bluetooth-configuration-auto-enable? (default #f))) + + ;;; [General] + (name bluetooth-configuration-name (default "BlueZ")) + (class bluetooth-configuration-class (default #x000000)) + (discoverable-timeout + bluetooth-configuration-discoverable-timeout (default 180)) + (always-pairable? bluetooth-configuration-always-pairable? (default #f)) + (pairable-timeout bluetooth-configuration-pairable-timeout (default 0)) + + ;;; MAYBE: Exclude into separate record-type? + (device-id bluetooth-configuration-device-id (default #f)) + (reverse-service-discovery? + bluetooth-configuration-reverse-service-discovery (default #t)) + (name-resolving? bluetooth-configuration-name-resolving? (default #t)) + (debug-keys? bluetooth-configuration-debug-keys? (default #f)) + + ;;; Possible values: + ;;; 'dual, 'bredr, 'le + (controller-mode bluetooth-configuration-controller-mode (default 'dual)) + + ;;; Possible values: + ;;; 'off, 'single, 'multiple + (multi-profile bluetooth-configuration-multi-profile (default 'off)) + (fast-connectable? bluetooth-configuration-fast-connectable? (default #f)) + + ;;; Possible values: + ;;; for LE mode: 'off, 'network/on, 'device + ;;; for Dual mode: 'off, 'network/on', 'device, 'limited-network, 'limited-device + ;;; Source: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/main.conf#n68 + (privacy bluetooth-configuration-privacy (default 'off)) + + ;;; Possible values: + ;;; 'never, 'confirm, 'always + (just-works-repairing + bluetooth-configuration-just-works-repairing (default 'never)) + (temporary-timeout bluetooth-configuration-temporary-timeout (default 30)) + (refresh-discovery? bluetooth-configuration-refresh-discovery (default #t)) + + ;;; Possible values: #t, #f, (uuid ) + ;;; Possible UUIDs: + ;;; d4992530-b9ec-469f-ab01-6c481c47da1c (BlueZ Experimental Debug) + ;;; 671b10b5-42c0-4696-9227-eb28d1b049d6 (BlueZ Experimental Simultaneous Central and Peripheral) + ;;; 15c0a148-c273-11ea-b3de-0242ac130004 (BlueZ Experimental LL privacy) + ;;; 330859bc-7506-492d-9370-9a6f0614037f (BlueZ Experimental Bluetooth Quality Report) + ;;; a6695ace-ee7f-4fb9-881a-5fac66c629af (BlueZ Experimental Offload Codecs) + ;;; Source: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/main.conf#n110 + (experimental bluetooth-configuration-experimental (default #f)) + (remote-name-request-retry-delay + bluetooth-configuration-remote-name-request-retry-delay (default 300)) + + ;;; [BR] + (page-scan-type bluetooth-configuration-page-scan-type (default #f)) + (page-scan-interval bluetooth-configuration-page-scan-interval (default #f)) + (page-scan-window bluetooth-configuration-page-scan-window (default #f)) + (inquiry-scan-type bluetooth-configuration-inquiry-scan-type (default #f)) + (inquiry-scan-interval bluetooth-configuration-inquiry-scan-interval (default #f)) + (inquiry-scan-window bluetooth-configuration-inquiry-scan-window (default #f)) + (link-supervision-timeout bluetooth-configuration-link-supervision-timeout (default #f)) + (page-timeout bluetooth-configuration-page-timeout (default #f)) + (min-sniff-interval bluetooth-configuration-min-sniff-interval (default #f)) + (max-sniff-interval bluetooth-configuration-max-sniff-interval (default #f)) + + ;;; [LE] + (min-advertisement-interval + bluetooth-configuration-min-advertisement-interval (default #f)) + (max-advertisement-interval + bluetooth-configuration-max-advertisement-interval (default #f)) + (multi-advertisement-rotation-interval + bluetooth-configuration-multi-advertisement-rotation-interval (default #f)) + (scan-interval-auto-connect + bluetooth-configuration-scan-interval-auto-connect (default #f)) + (scan-window-auto-connect + bluetooth-configuration-scan-window-auto-connect (default #f)) + (scan-interval-suspend + bluetooth-configuration-scan-interval-suspend (default #f)) + (scan-window-suspend + bluetooth-configuration-scan-window-suspend (default #f)) + (scan-interval-discovery + bluetooth-configuration-scan-interval-discovery (default #f)) + (scan-window-discovery + bluetooth-configuration-scan-window-discovery (default #f)) + (scan-interval-adv-monitor + bluetooth-configuration-scan-interval-adv-monitor (default #f)) + (scan-window-adv-monitor + bluetooth-configuration-scan-window-adv-monitor (default #f)) + (scan-interval-connect + bluetooth-configuration-scan-interval-connect (default #f)) + (scan-window-connect + bluetooth-configuration-scan-window-connect (default #f)) + (min-connection-interval + bluetooth-configuration-min-connection-interval (default #f)) + (max-connection-interval + bluetooth-configuration-max-connection-interval (default #f)) + (connection-latency + bluetooth-configuration-connection-latency (default #f)) + (connection-supervision-timeout + bluetooth-configuration-connection-supervision-timeout (default #f)) + (autoconnect-timeout + bluetooth-configuration-autoconnect-timeout (default #f)) + (adv-mon-allowlist-scan-duration + bluetooth-configuration-adv-mon-allowlist-scan-duration (default 300)) + (adv-mon-no-filter-scan-duration + bluetooth-configuration-adv-mon-no-filter-scan-duration (default 500)) + (enable-adv-mon-interleave-scan? + bluetooth-configuration-enable-adv-mon-interleave-scan (default #t)) + + ;;; [GATT] + ;;; Possible values: 'yes, 'no, 'always + (cache bluetooth-configuration-cache (default 'always)) + + ;;; Possible values: 7 ... 16, 0 (don't care) + (key-size bluetooth-configuration-key-size (default 0)) + + ;;; Possible values: 23 ... 517 + (exchange-mtu bluetooth-configuration-exchange-mtu (default 517)) + + ;;; Possible values: 1 ... 5 + (att-channels bluetooth-configuration-att-channels (default 3)) + + ;;; [AVDTP] + ;;; Possible values: 'basic, 'ertm + (session-mode bluetooth-configuration-session-mode (default 'basic)) + + ;;; Possible values: 'basic, 'streaming + (stream-mode bluetooth-configuration-stream-mode (default 'basic)) + + ;;; [Policy] + (reconnect-uuids bluetooth-configuration-reconnect-uuids (default '())) + (reconnect-attempts bluetooth-configuration-reconnect-attempts (default 7)) + (reconnect-intervals bluetooth-configuration-reconnect-intervals + (default (list 1 2 4 8 16 32 64))) + (auto-enable? bluetooth-configuration-auto-enable? (default #f)) + (resume-delay bluetooth-configuration-resume-delay (default 2)) + + ;;; [AdvMon] + ;;; Possible values: + ;;; "0x00", "0xFF", + ;;; "N = 0x00" ... "N = 0xFF" + ;;; Source: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/main.conf#n286 + (rssi-sampling-period bluetooth-configuration-rssi-sampling-period + (default #xFF))) (define (bluetooth-configuration-file config) "Return a configuration file for the systemd bluetooth service, as a string." (string-append - "[Policy]\n" - "AutoEnable=" (bool (bluetooth-configuration-auto-enable? - config)))) + "[General]" + "\nName = " (bluetooth-configuration-name config) + "\nClass = " (string-append + "0x" + (format #f "~6,'0x" (bluetooth-configuration-class config))) + "\nDiscoverableTimeout = " (number->string + (bluetooth-configuration-discoverable-timeout + config)) + "\nAlwaysPairable = " (bool (bluetooth-configuration-always-pairable? + config)) + "\nPairableTimeout = " (number->string + (bluetooth-configuration-pairable-timeout + config)) + (if (bluetooth-configuration-device-id config) + (string-append "\nDeviceID = " (bluetooth-configuration-device-id config)) + "") + "\nReverseServiceDiscovery = " (bool + (bluetooth-configuration-reverse-service-discovery + config)) + "\nNameResolving = " (bool (bluetooth-configuration-name-resolving? config)) + "\nDebugKeys = " (bool (bluetooth-configuration-debug-keys? config)) + "\nControllerMode = " (symbol->string + (bluetooth-configuration-controller-mode config)) + "\nMultiProfile = " (symbol->string (bluetooth-configuration-multi-profile + config)) + "\nFastConnectable = " (bool (bluetooth-configuration-fast-connectable? config)) + "\nPrivacy = " (symbol->string (bluetooth-configuration-privacy config)) + "\nJustWorksRepairing = " (symbol->string + (bluetooth-configuration-just-works-repairing config)) + "\nTemporaryTimeout = " (number->string + (bluetooth-configuration-temporary-timeout config)) + "\nRefreshDiscovery = " (bool (bluetooth-configuration-refresh-discovery config)) + "\nExperimental = " (let ((experimental (bluetooth-configuration-experimental config))) + (cond ((or (eq? experimental #t) + (eq? experimental #f)) (bool experimental)) + ((list? experimental) + (string-join (map uuid->string experimental) ",")))) + "\nRemoteNameRequestRetryDelay = " (number->string + (bluetooth-configuration-remote-name-request-retry-delay + config)) + "\n[BR]" + (if (bluetooth-configuration-page-scan-type config) + (string-append + "\nPageScanType = " + (number->string (bluetooth-configuration-page-scan-type config))) + "") + (if (bluetooth-configuration-page-scan-interval config) + (string-append + "\nPageScanInterval = " + (number->string (bluetooth-configuration-page-scan-interval config))) + "") + (if (bluetooth-configuration-page-scan-window config) + (string-append + "\nPageScanWindow = " + (number->string (bluetooth-configuration-page-scan-window config))) + "") + (if (bluetooth-configuration-inquiry-scan-type config) + (string-append + "\nInquiryScanType = " + (number->string (bluetooth-configuration-inquiry-scan-type config))) + "") + (if (bluetooth-configuration-inquiry-scan-interval config) + (string-append + "\nInquiryScanInterval = " + (number->string (bluetooth-configuration-inquiry-scan-interval config))) + "") + (if (bluetooth-configuration-inquiry-scan-window config) + (string-append + "\nInquiryScanWindow = " + (number->string (bluetooth-configuration-inquiry-scan-window config))) + "") + (if (bluetooth-configuration-link-supervision-timeout config) + (string-append + "\nLinkSupervisionTimeout = " + (number->string (bluetooth-configuration-link-supervision-timeout config))) + "") + (if (bluetooth-configuration-page-timeout config) + (string-append + "\nPageTimeout = " + (number->string (bluetooth-configuration-page-timeout config))) + "") + (if (bluetooth-configuration-min-sniff-interval config) + (string-append + "\nMinSniffInterval = " + (number->string (bluetooth-configuration-min-sniff-interval config))) + "") + (if (bluetooth-configuration-max-sniff-interval config) + (string-append + "\nMaxSniffInterval = " + (number->string (bluetooth-configuration-max-sniff-interval config))) + "") + + "\n[LE]" + (if (bluetooth-configuration-min-advertisement-interval config) + (string-append + "\nMinAdvertisementInterval = " + (number->string (bluetooth-configuration-min-advertisement-interval config))) + "") + (if (bluetooth-configuration-max-advertisement-interval config) + (string-append + "\nMaxAdvertisementInterval = " + (number->string (bluetooth-configuration-max-advertisement-interval config))) + "") + (if (bluetooth-configuration-multi-advertisement-rotation-interval config) + (string-append + "\nMultiAdvertisementRotationInterval = " + (number->string + (bluetooth-configuration-multi-advertisement-rotation-interval config))) + "") + (if (bluetooth-configuration-scan-interval-auto-connect config) + (string-append + "\nScanIntervalAutoConnect = " + (number->string (bluetooth-configuration-scan-interval-auto-connect config))) + "") + (if (bluetooth-configuration-scan-window-auto-connect config) + (string-append + "\nScanWindowAutoConnect = " + (number->string (bluetooth-configuration-scan-window-auto-connect config))) + "") + (if (bluetooth-configuration-scan-interval-suspend config) + (string-append + "\nScanIntervalSuspend = " + (number->string (bluetooth-configuration-scan-interval-suspend config))) + "") + (if (bluetooth-configuration-scan-window-suspend config) + (string-append + "\nScanWindowSuspend = " + (number->string (bluetooth-configuration-scan-window-suspend config))) + "") + (if (bluetooth-configuration-scan-interval-discovery config) + (string-append + "\nScanIntervalDiscovery = " + (number->string (bluetooth-configuration-scan-interval-discovery config))) + "") + (if (bluetooth-configuration-scan-window-discovery config) + (string-append + "\nScanWindowDiscovery = " + (number->string (bluetooth-configuration-scan-window-discovery config))) + "") + (if (bluetooth-configuration-scan-interval-adv-monitor config) + (string-append + "\nScanIntervalAdvMonitor = " + (number->string (bluetooth-configuration-scan-interval-adv-monitor config))) + "") + (if (bluetooth-configuration-scan-window-adv-monitor config) + (string-append + "\nScanWindowAdvMonitor = " + (number->string (bluetooth-configuration-scan-window-adv-monitor config))) + "") + (if (bluetooth-configuration-scan-interval-connect config) + (string-append + "\nScanIntervalConnect = " + (number->string (bluetooth-configuration-scan-interval-connect config))) + "") + (if (bluetooth-configuration-scan-window-connect config) + (string-append + "\nScanWindowConnect = " + (number->string (bluetooth-configuration-scan-window-connect config))) + "") + (if (bluetooth-configuration-min-connection-interval config) + (string-append + "\nMinConnectionInterval = " + (number->string (bluetooth-configuration-min-connection-interval config))) + "") + (if (bluetooth-configuration-max-connection-interval config) + (string-append + "\nMaxConnectionInterval = " + (number->string (bluetooth-configuration-max-connection-interval config))) + "") + (if (bluetooth-configuration-connection-latency config) + (string-append + "\nConnectionLatency = " + (number->string (bluetooth-configuration-connection-latency config))) + "") + (if (bluetooth-configuration-connection-supervision-timeout config) + (string-append + "\nConnectionSupervisionTimeout = " + (number->string (bluetooth-configuration-connection-supervision-timeout config))) + "") + (if (bluetooth-configuration-autoconnect-timeout config) + (string-append + "\nAutoconnecttimeout = " + (number->string (bluetooth-configuration-autoconnect-timeout config))) + "") + "\nAdvMonAllowlistScanDuration = " (number->string + (bluetooth-configuration-adv-mon-allowlist-scan-duration + config)) + "\nAdvMonNoFilterScanDuration = " (number->string + (bluetooth-configuration-adv-mon-no-filter-scan-duration + config)) + "\nEnableAdvMonInterleaveScan = " (number->string + (if (eq? #t + (bluetooth-configuration-enable-adv-mon-interleave-scan + config)) + 1 0)) + + "\n[GATT]" + "\nCache = " (symbol->string (bluetooth-configuration-cache config)) + "\nKeySize = " (number->string (bluetooth-configuration-key-size config)) + "\nExchangeMTU = " (number->string (bluetooth-configuration-exchange-mtu config)) + "\nChannels = " (number->string (bluetooth-configuration-att-channels config)) + + "\n[AVDTP]" + "\nSessionMode = " (symbol->string (bluetooth-configuration-session-mode config)) + "\nStreamMode = " (symbol->string (bluetooth-configuration-stream-mode config)) + + "\n[Policy]" + (let ((uuids (bluetooth-configuration-reconnect-uuids config))) + (if (not (eq? '() uuids)) + (string-append + "\nReconnectUUIDs = " + (string-join (map uuid->string uuids) ",")) + "")) + "\nReconnectAttempts = " (number->string + (bluetooth-configuration-reconnect-attempts config)) + "\nReconnectIntervals = " (string-join + (map number->string + (bluetooth-configuration-reconnect-intervals + config)) + ",") + "\nAutoEnable = " (bool (bluetooth-configuration-auto-enable? + config)) + "\nResumeDelay = " (number->string (bluetooth-configuration-resume-delay config)) + + "\n[AdvMon]" + "\nRSSISamplingPeriod = " (string-append + "0x" + (format #f "~2,'0x" + (bluetooth-configuration-rssi-sampling-period config))))) (define (bluetooth-directory config) (computed-file "etc-bluetooth" -- cgit 1.4.1 From 5e34e873af088ef9aa417290bcddf5b095501614 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 10 Mar 2022 22:27:04 +0100 Subject: services: guix: Add 'generate-substitute-key?' field. * gnu/services/base.scm ()[generate-substitute-key?]: New field. (guix-activation): Honor it. * doc/guix.texi (Base Services): Document it. --- doc/guix.texi | 12 ++++++++++++ gnu/services/base.scm | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index f479fe05ff..01c16ba85d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17030,6 +17030,18 @@ This example assumes that the file @file{./guix.example.org-key.pub} contains the public key that @code{guix.example.org} uses to sign substitutes. +@item @code{generate-substitute-key?} (default: @code{#t}) +Whether to generate a @dfn{substitute key pair} under +@file{/etc/guix/signing-key.pub} and @file{/etc/guix/signing-key.sec} if +there is not already one. + +This key pair is used when exporting store items, for instance with +@command{guix publish} (@pxref{Invoking guix publish}) or @command{guix +archive} (@pxref{Invoking guix archive}). Generating a key pair takes a +few seconds when enough entropy is available and is only done once; you +might want to turn it off for instance in a virtual machine that does +not need it and where the extra boot time is a problem. + @item @code{max-silent-time} (default: @code{0}) @itemx @code{timeout} (default: @code{0}) The number of seconds of silence and the number of seconds of activity, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 463f034305..f278cb76de 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -183,6 +183,7 @@ guix-configuration-authorized-keys guix-configuration-use-substitutes? guix-configuration-substitute-urls + guix-configuration-generate-substitute-key? guix-configuration-extra-options guix-configuration-log-file @@ -1565,6 +1566,8 @@ archive' public keys, with GUIX." (default #t)) (substitute-urls guix-configuration-substitute-urls ;list of strings (default %default-substitute-urls)) + (generate-substitute-key? guix-configuration-generate-substitute-key? + (default #t)) ;Boolean (chroot-directories guix-configuration-chroot-directories ;list of file-like/strings (default '())) (max-silent-time guix-configuration-max-silent-time ;integer @@ -1749,14 +1752,15 @@ proxy of 'guix-daemon'...~%") (define (guix-activation config) "Return the activation gexp for CONFIG." (match-record config - (guix authorize-key? authorized-keys) + (guix generate-substitute-key? authorize-key? authorized-keys) #~(begin ;; Assume that the store has BUILD-GROUP as its group. We could ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs, ;; chown leads to an entire copy of the tree, which is a bad idea. ;; Generate a key pair and optionally authorize substitute server keys. - (unless (file-exists? "/etc/guix/signing-key.pub") + (unless (or #$(not generate-substitute-key?) + (file-exists? "/etc/guix/signing-key.pub")) (system* #$(file-append guix "/bin/guix") "archive" "--generate-key")) -- cgit 1.4.1 From 0691ab67797ff94daf73bc816a46ae507775d0e2 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 10 Mar 2022 22:33:58 +0100 Subject: services: openssh: Add 'generate-host-keys?' field. * gnu/services/ssh.scm ()[generate-host-keys?]: New field. (openssh-activation): Honor it. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 12 +++++++++++- gnu/services/ssh.scm | 13 +++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 01c16ba85d..4b71fb7010 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18857,7 +18857,7 @@ This is the configuration record for OpenSSH's @command{sshd}. @table @asis @item @code{openssh} (default @var{openssh}) -The Openssh package to use. +The OpenSSH package to use. @item @code{pid-file} (default: @code{"/var/run/sshd.pid"}) Name of the file where @command{sshd} writes its PID. @@ -18978,6 +18978,16 @@ Additional authorized keys can be specified @i{via} Note that this does @emph{not} interfere with the use of @file{~/.ssh/authorized_keys}. +@item @code{generate-host-keys?} (default: @code{#t}) +Whether to generate host key pairs with @command{ssh-keygen -A} under +@file{/etc/ssh} if there are none. + +Generating key pairs takes a few seconds when enough entropy is +available and is only done once. You might want to turn it off for +instance in a virtual machine that does not need it because host keys +are provided in some other way, and where the extra boot time is a +problem. + @item @code{log-level} (default: @code{'info}) This is a symbol specifying the logging level: @code{quiet}, @code{fatal}, @code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 97f74a00f7..433a0e8f91 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès +;;; Copyright © 2014-2019, 2022 Ludovic Courtès ;;; Copyright © 2016 David Craven ;;; Copyright © 2016 Julien Lepiller ;;; Copyright © 2017 Clément Lassieur @@ -351,6 +351,10 @@ The other options should be self-descriptive." (authorized-keys openssh-authorized-keys (default '())) + ;; Boolean + (generate-host-keys? openssh-configuration-generate-host-keys? + (default #t)) + ;; Boolean ;; XXX: This should really be handled in an orthogonal way, for instance as ;; proposed in . Keep it internal/undocumented @@ -402,9 +406,10 @@ The other options should be self-descriptive." (unless (file-exists? lastlog) (touch lastlog)))) - ;; Generate missing host keys. - (system* (string-append #$(openssh-configuration-openssh config) - "/bin/ssh-keygen") "-A")))) + (when #$(openssh-configuration-generate-host-keys? config) + ;; Generate missing host keys. + (system* (string-append #$(openssh-configuration-openssh config) + "/bin/ssh-keygen") "-A"))))) (define (authorized-key-directory keys) "Return a directory containing the authorized keys specified in KEYS, a list -- cgit 1.4.1 From 2bac6ea177d5b3353ea1a4d032d17a6ac3763e96 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 10 Mar 2022 23:10:02 +0100 Subject: services: secret-service: Do not generate SSH and Guix key pairs. The justification about the order of activation snippets given in the comment had been obsolete since 39e3b4b7cee175a3c1f37329744c582528d55f5d. Lately, running the activation snippets for "ssh-keygen -A" and "guix archive --generate-key" would take a little bit too long, thereby preventing the childhurd from starting on time. * gnu/services/virtualization.scm (secret-service-operating-system): Clear 'generate-host-keys?' and 'generate-substitute-key?'. --- gnu/services/virtualization.scm | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 9b4512cff7..70d4d6c34c 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -946,12 +946,20 @@ can only be accessed by their host."))) that will be listening to receive secret keys on port 1004, TCP." (operating-system (inherit os) - ;; Arrange so that the secret service activation snippet shows up before - ;; the OpenSSH and Guix activation snippets. That way, we receive OpenSSH - ;; and Guix keys before the activation snippets try to generate fresh keys - ;; for nothing. - (services (append (operating-system-user-services os) - (list (service secret-service-type 1004)))))) + (services + ;; Turn off SSH and Guix key generation that normally happens during + ;; activation: that requires entropy and thus takes time during boot, and + ;; those keys are going to be overwritten by secrets received from the + ;; host anyway. + (cons (service secret-service-type 1004) + (modify-services (operating-system-user-services os) + (openssh-service-type + config => (openssh-configuration + (inherit config) + (generate-host-keys? #f))) + (guix-service-type + config => (guix-configuration + (generate-substitute-key? #f)))))))) ;;; -- cgit 1.4.1 From 5397c18157f12e9127b5a9a59b0aa5a4eb058839 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 10 Mar 2022 23:45:06 +0100 Subject: services: openssh: Change 'authorized-keys' accessor name. * gnu/services/ssh.scm ()[authorized-keys]: Rename accessor to 'openssh-configuration-authorized-keys'. (openssh-activation, extend-openssh-authorized-keys): Adjust accordingly. --- gnu/services/ssh.scm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 433a0e8f91..5c8fe4eef4 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -348,7 +348,7 @@ The other options should be self-descriptive." (default "")) ;; list of user-name/file-like tuples - (authorized-keys openssh-authorized-keys + (authorized-keys openssh-configuration-authorized-keys (default '())) ;; Boolean @@ -396,7 +396,7 @@ The other options should be self-descriptive." (unless (= ENOENT (system-error-errno args)) (apply throw args)))) (copy-recursively #$(authorized-key-directory - (openssh-authorized-keys config)) + (openssh-configuration-authorized-keys config)) "/etc/ssh/authorized_keys.d") (chmod "/etc/ssh/authorized_keys.d" #o555) @@ -541,10 +541,11 @@ of user-name/file-like tuples." (openssh-configuration (inherit config) (authorized-keys - (match (openssh-authorized-keys config) + (match (openssh-configuration-authorized-keys config) (((users _ ...) ...) ;; Build a user/key-list mapping. - (let ((user-keys (alist->vhash (openssh-authorized-keys config)))) + (let ((user-keys (alist->vhash + (openssh-configuration-authorized-keys config)))) ;; Coalesce the key lists associated with each user. (map (lambda (user) `(,user -- cgit 1.4.1 From 0a9e82b43080275a2755624f3208287056dc9f95 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 17 Mar 2022 14:31:21 -0400 Subject: services: nfs: Define rpcbind-shepherd-service at the top level. Attempting to use the 'nfs-service-type' as part of a computed operating-system definition, the following exception would be thrown: ice-9/boot-9.scm:1685:16: In procedure raise-exception: ERROR: 1. &ambiguous-target-service-error: service: #< type: # value: #< rpcbind: # warm-start?: #t>> target-type: # 2. &message: "more than one target service of type 'shepherd-root'" The problem was that the rpcbind shepherd-service object was dynamically instantiated every time the rpcbind-service-type would be called, causing multiple objects in some situations, resulting in the above condition. * gnu/services/nfs.scm (rpcbind-service-type): Refactor and adjust in a way to extract... (rpcbind-shepherd-service): ... this new procedure. --- gnu/services/nfs.scm | 60 +++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 31 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm index 0d1617354e..78bf45f336 100644 --- a/gnu/services/nfs.scm +++ b/gnu/services/nfs.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 John Darrington ;;; Copyright © 2018, 2019, 2020 Ricardo Wurmus -;;; Copyright © 2020, 2021 Maxim Cournoyer +;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -62,37 +62,35 @@ (warm-start? rpcbind-configuration-warm-start? (default #t))) -(define rpcbind-service-type - (let ((proc - (lambda (config) - (define rpcbind - (rpcbind-configuration-rpcbind config)) - - (define rpcbind-command - #~(list (string-append #$rpcbind "/sbin/rpcbind") "-f" - #$@(if (rpcbind-configuration-warm-start? config) '("-w") '()))) - - (shepherd-service - (documentation "Start the RPC bind daemon.") - (requirement '(networking)) - (provision '(rpcbind-daemon)) +(define (rpcbind-shepherd-service config) + (let ((rpcbind (file-append (rpcbind-configuration-rpcbind config) + "/sbin/rpcbind"))) + (shepherd-service + (documentation "Start the RPC bind daemon.") + (requirement '(networking)) + (provision '(rpcbind-daemon)) + (start #~(make-forkexec-constructor + (list #$rpcbind "-f" + #$@(if (rpcbind-configuration-warm-start? config) + '("-w") + '())))) + (stop #~(make-kill-destructor))))) - (start #~(make-forkexec-constructor #$rpcbind-command)) - (stop #~(make-kill-destructor)))))) - (service-type - (name 'rpcbind) - (extensions - (list (service-extension shepherd-root-service-type - (compose list proc)))) - ;; We use the extensions feature to allow other services to automatically - ;; configure and start this service. Only one value can be provided. We - ;; override it with the value returned by the extending service. - (compose identity) - (extend (lambda (config values) - (match values - ((first . rest) first) - (_ config)))) - (default-value (rpcbind-configuration))))) +(define rpcbind-service-type + (service-type + (name 'rpcbind) + (extensions + (list (service-extension shepherd-root-service-type + (compose list rpcbind-shepherd-service)))) + ;; We use the extensions feature to allow other services to automatically + ;; configure and start this service. Only one value can be provided. We + ;; override it with the value returned by the extending service. + (compose identity) + (extend (lambda (config values) + (match values + ((first . rest) first) + (_ config)))) + (default-value (rpcbind-configuration)))) -- cgit 1.4.1 From 2c4284d9522e20c8a2a801e1c0652f1fefb627cb Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 17 Mar 2022 16:48:21 -0400 Subject: Revert "services: nfs: Define rpcbind-shepherd-service at the top level." This reverts commit 0a9e82b43080275a2755624f3208287056dc9f95, which didn't end up fixing anything. The problem was elsewhere; namely, using 'operating-system-services' instead of 'operating-system-user-services'. --- gnu/services/nfs.scm | 60 +++++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 29 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm index 78bf45f336..0d1617354e 100644 --- a/gnu/services/nfs.scm +++ b/gnu/services/nfs.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 John Darrington ;;; Copyright © 2018, 2019, 2020 Ricardo Wurmus -;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer +;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -62,35 +62,37 @@ (warm-start? rpcbind-configuration-warm-start? (default #t))) -(define (rpcbind-shepherd-service config) - (let ((rpcbind (file-append (rpcbind-configuration-rpcbind config) - "/sbin/rpcbind"))) - (shepherd-service - (documentation "Start the RPC bind daemon.") - (requirement '(networking)) - (provision '(rpcbind-daemon)) - (start #~(make-forkexec-constructor - (list #$rpcbind "-f" - #$@(if (rpcbind-configuration-warm-start? config) - '("-w") - '())))) - (stop #~(make-kill-destructor))))) - (define rpcbind-service-type - (service-type - (name 'rpcbind) - (extensions - (list (service-extension shepherd-root-service-type - (compose list rpcbind-shepherd-service)))) - ;; We use the extensions feature to allow other services to automatically - ;; configure and start this service. Only one value can be provided. We - ;; override it with the value returned by the extending service. - (compose identity) - (extend (lambda (config values) - (match values - ((first . rest) first) - (_ config)))) - (default-value (rpcbind-configuration)))) + (let ((proc + (lambda (config) + (define rpcbind + (rpcbind-configuration-rpcbind config)) + + (define rpcbind-command + #~(list (string-append #$rpcbind "/sbin/rpcbind") "-f" + #$@(if (rpcbind-configuration-warm-start? config) '("-w") '()))) + + (shepherd-service + (documentation "Start the RPC bind daemon.") + (requirement '(networking)) + (provision '(rpcbind-daemon)) + + (start #~(make-forkexec-constructor #$rpcbind-command)) + (stop #~(make-kill-destructor)))))) + (service-type + (name 'rpcbind) + (extensions + (list (service-extension shepherd-root-service-type + (compose list proc)))) + ;; We use the extensions feature to allow other services to automatically + ;; configure and start this service. Only one value can be provided. We + ;; override it with the value returned by the extending service. + (compose identity) + (extend (lambda (config values) + (match values + ((first . rest) first) + (_ config)))) + (default-value (rpcbind-configuration))))) -- cgit 1.4.1 From 10d865aa921f559562fb543d7796c7a08e17f016 Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Sat, 12 Mar 2022 21:34:09 +0100 Subject: services: thermald: Add 'adaptive?' field. * gnu/services/pm.scm (): Add 'adaptive?' field. (thermald-shepherd-service): Use it to pass --adaptive to thermald. * doc/guix.texi (Power Management Services): Document the 'adaptive?' field of 'thermald-configuration'. --- doc/guix.texi | 4 ++++ gnu/services/pm.scm | 5 +++++ 2 files changed, 9 insertions(+) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 15ab97699c..44b0f9f1ea 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30687,6 +30687,10 @@ of processors and preventing overheating. Data type representing the configuration of @code{thermald-service-type}. @table @asis +@item @code{adaptive?} (default: @code{#f}) +Use @acronym{DPTF, Dynamic Power and Thermal Framework} adaptive tables +when present. + @item @code{ignore-cpuid-check?} (default: @code{#f}) Ignore cpuid check for supported CPU models. diff --git a/gnu/services/pm.scm b/gnu/services/pm.scm index 3da3c0b961..e48236dbca 100644 --- a/gnu/services/pm.scm +++ b/gnu/services/pm.scm @@ -435,6 +435,8 @@ shutdown on system startup.")) (define-record-type* thermald-configuration make-thermald-configuration thermald-configuration? + (adaptive? thermald-adaptive? ;boolean + (default #f)) (ignore-cpuid-check? thermald-ignore-cpuid-check? ;boolean (default #f)) (thermald thermald-thermald ;file-like @@ -448,6 +450,9 @@ shutdown on system startup.")) (start #~(make-forkexec-constructor '(#$(file-append (thermald-thermald config) "/sbin/thermald") "--no-daemon" + #$@(if (thermald-adaptive? config) + '("--adaptive") + '()) #$@(if (thermald-ignore-cpuid-check? config) '("--ignore-cpuid-check") '())))) -- cgit 1.4.1