From 1ae279d7c8a4962fedcb3479e551d21991d0ac4a Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 12 Apr 2023 19:55:44 -0400 Subject: services: syslog: Move configuration to /etc/syslog.conf. Having the configuration live at a static location makes it possible to hot-reload it. * gnu/services/base.scm (syslog.conf): New variable. (syslog-etc, syslog-shepherd-service): New procedures. (syslog-service-type): Rewrite using the above new variable and procedures, extending etc-service-type with its configuration file. --- gnu/services/base.scm | 61 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 24 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index dfc7571e55..3b0784ef07 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -15,7 +15,7 @@ ;;; Copyright © 2020, 2021 Brice Waegeneire ;;; Copyright © 2021 qblade ;;; Copyright © 2021 Hui Lu -;;; Copyright © 2021, 2022 Maxim Cournoyer +;;; Copyright © 2021, 2022, 2023 Maxim Cournoyer ;;; Copyright © 2021 muradm ;;; Copyright © 2022 Guillaume Le Vaillant ;;; Copyright © 2022 Justin Veilleux @@ -1532,30 +1532,43 @@ Service Switch}, for an example." (config-file syslog-configuration-config-file (default %default-syslog.conf))) -(define syslog-service-type - (shepherd-service-type - 'syslog - (lambda (config) - (define config-file - (syslog-configuration-config-file config)) +;;; Note: a static file name is used for syslog.conf so that the reload action +;;; work as intended. +(define syslog.conf "/etc/syslog.conf") - (shepherd-service - (documentation "Run the syslog daemon (syslogd).") - (provision '(syslogd)) - (requirement '(user-processes)) - (actions (list (shepherd-configuration-action config-file))) - (start #~(let ((spawn (make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$config-file) - #:pid-file "/var/run/syslog.pid"))) - (lambda () - ;; Set the umask such that file permissions are #o640. - (let ((mask (umask #o137)) - (pid (spawn))) - (umask mask) - pid)))) - (stop #~(make-kill-destructor)))) - (syslog-configuration) +(define (syslog-etc configuration) + (match-record configuration + (config-file) + (list `(,(basename syslog.conf) ,config-file)))) + +(define (syslog-shepherd-service config) + (define config-file + (syslog-configuration-config-file config)) + + (shepherd-service + (documentation "Run the syslog daemon (syslogd).") + (provision '(syslogd)) + (requirement '(user-processes)) + (actions (list (shepherd-configuration-action syslog.conf))) + (start #~(let ((spawn (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + #$(string-append "--rcfile=" syslog.conf)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (spawn))) + (umask mask) + pid)))) + (stop #~(make-kill-destructor)))) + +(define syslog-service-type + (service-type + (name 'syslog) + (default-value (syslog-configuration)) + (extensions (list (service-extension shepherd-root-service-type + (compose list syslog-shepherd-service)) + (service-extension etc-service-type syslog-etc))) (description "Run the syslog daemon, @command{syslogd}, which is responsible for logging system messages."))) -- cgit 1.4.1 From 2c67e98b37e5b73c6abbadce59698bc4df3ce783 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 12 Apr 2023 15:44:02 -0400 Subject: services: syslog: Add a reload action. * gnu/services/base.scm (syslog-service-type) [actions]: Add a reload action. * doc/guix.texi (Base Services): Document it. --- doc/guix.texi | 12 ++++++++++++ gnu/services/base.scm | 16 +++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index adb1975935..53035fd5e9 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18573,6 +18573,18 @@ Type of the service that runs the syslog daemon, whose value is a @code{} object. @end defvar +To have a modified @code{syslog-configuration} come into effect after +reconfiguring your system, the @samp{reload} action should be preferred +to restarting the service, as many services such as the login manager +depend on it and would be restarted as well: + +@example +# herd reload syslog +@end example + +which will cause the running @command{syslogd} process to reload its +configuration. + @deftp {Data Type} syslog-configuration Data type representing the configuration of the syslog daemon. diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 3b0784ef07..7ef6db8ad4 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1549,7 +1549,21 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (actions (list (shepherd-configuration-action syslog.conf))) + (actions + (list (shepherd-configuration-action syslog.conf) + (shepherd-action + (name 'reload) + (documentation "Reload the configuration file from disk.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display #$(G_ "Service syslog has been asked to \ +reload its settings file."))) + (display #$(G_ "Service syslog is not running.")))))))) + ;; Note: a static file name is used for syslog.conf so that the reload + ;; action work as intended. (start #~(let ((spawn (make-forkexec-constructor (list #$(syslog-configuration-syslogd config) #$(string-append "--rcfile=" syslog.conf)) -- cgit 1.4.1 From 9f890e39e4fb8798e15b8cd2ce77261740b6d875 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 12 Apr 2023 20:44:59 -0400 Subject: services/syslog: Strip leading white space indent in syslog.conf. This is a cosmetic change. * gnu/services/base.scm (%default-syslog.conf): Add a comment referencing the documentation. Strip the extraneous leading trailing white space indent. --- gnu/services/base.scm | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 7ef6db8ad4..669027f6d1 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1497,31 +1497,34 @@ given @var{config}---an @code{} object. @xref{Name Service Switch}, for an example." (service nscd-service-type config)) -;; Snippet adapted from the GNU inetutils manual. +;;; Snippet adapted from the GNU inetutils manual. (define %default-syslog.conf - (plain-file "syslog.conf" " - # Log all error messages, authentication messages of - # level notice or higher and anything of level err or - # higher to the console. - # Don't log private authentication messages! - *.alert;auth.notice;authpriv.none -/dev/console + (plain-file "syslog.conf" "\ +# See info '(inetutils) syslogd invocation' for the documentation +# of the syslogd configuration syntax. - # Log anything (except mail) of level info or higher. - # Don't log private authentication messages! - *.info;mail.none;authpriv.none -/var/log/messages +# Log all error messages, authentication messages of +# level notice or higher and anything of level err or +# higher to the console. +# Don't log private authentication messages! +*.alert;auth.notice;authpriv.none -/dev/console - # Log \"debug\"-level entries and nothing else. - *.=debug -/var/log/debug +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none -/var/log/messages - # Same, in a different place. - *.info;mail.none;authpriv.none -/dev/tty12 +# Log \"debug\"-level entries and nothing else. +*.=debug -/var/log/debug - # The authpriv file has restricted access. - # 'fsync' the file after each line (hence the lack of a leading dash). - authpriv.* /var/log/secure +# Same, in a different place. +*.info;mail.none;authpriv.none -/dev/tty12 - # Log all the mail messages in one place. - mail.* -/var/log/maillog +# The authpriv file has restricted access. +# 'fsync' the file after each line (hence the lack of a leading dash). +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog ")) (define-record-type* -- cgit 1.4.1 From 2c1e17071d8cb16d5eb44962a5b6565451b8cc34 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 12 Apr 2023 20:52:39 -0400 Subject: services: syslog: Log auth.info to /var/log/secure in default configuration. This causes authentication failures such as those generated by SSH brute force attacks to appear in /var/log/secure, which is picked up by tools such as fail2ban. * gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for the /var/log/secure log. Series-to: 62802@debbugs.gnu.org --- gnu/services/base.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 669027f6d1..75d4e7b741 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1521,7 +1521,9 @@ Service Switch}, for an example." # The authpriv file has restricted access. # 'fsync' the file after each line (hence the lack of a leading dash). -authpriv.* /var/log/secure +# Also include unprivileged auth logs of info or higher level +# to conveniently gather the authentication data at the same place. +authpriv.*;auth.info /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog -- cgit 1.4.1 From 7aaf2782869a5dec11812825e06b3a92b4a74a3e Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:22:13 +0200 Subject: services: postgresql: Add the 'postgresql' Shepherd service name. * gnu/services/databases.scm (postgresql-shepherd-service): Add 'postgresql' to 'provision'. --- gnu/services/databases.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index b7bd1e587e..e9f9070ba3 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -308,7 +308,7 @@ host all all ::1/128 md5")) (call-with-input-file #$pid-file read)) (_ #t)))))) (list (shepherd-service - (provision '(postgres)) + (provision '(postgres postgresql)) (documentation "Run the PostgreSQL daemon.") (requirement '(user-processes loopback syslogd)) (modules `((ice-9 match) -- cgit 1.4.1 From a5fc3fc921354a6f0e5585d85659a6a9d0848a85 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:24:47 +0200 Subject: services: postgresql: Add 'configuration' action. * gnu/services/databases.scm (postgresql-shepherd-service): Add 'actions' field. --- gnu/services/databases.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index e9f9070ba3..8415b08eb2 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2015, 2016, 2022 Ludovic Courtès +;;; Copyright © 2015-2016, 2022-2023 Ludovic Courtès ;;; Copyright © 2016 Leo Famulari ;;; Copyright © 2017 Christopher Baines ;;; Copyright © 2018 Clément Lassieur @@ -313,6 +313,7 @@ host all all ::1/128 md5")) (requirement '(user-processes loopback syslogd)) (modules `((ice-9 match) ,@%default-modules)) + (actions (list (shepherd-configuration-action config-file))) (start (action "start")) (stop (action "stop")))))))) -- cgit 1.4.1 From 97f91aa4ac5405e616d3499253269877c447157a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:27:25 +0200 Subject: services: mysql: Add 'configuration' action. * gnu/services/databases.scm (mysql-shepherd-service): Add 'actions' field. --- gnu/services/databases.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 8415b08eb2..4146d0c8b7 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -596,6 +596,8 @@ port=" (number->string port) " (provision '(mysql)) (requirement '(user-processes)) (documentation "Run the MySQL server.") + (actions (list (shepherd-configuration-action + (mysql-configuration-file config)))) (start (let ((mysql (mysql-configuration-mysql config)) (extra-env (mysql-configuration-extra-environment config)) (my.cnf (mysql-configuration-file config))) -- cgit 1.4.1 From 0ac2ada05abdc15e6b9d78782df843fdc0a6fbd6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:29:32 +0200 Subject: services: redis: Add 'configuration' action. * gnu/services/databases.scm (redis-shepherd-service): Add 'actions' field. --- gnu/services/databases.scm | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 4146d0c8b7..0cbd83254b 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -755,6 +755,7 @@ port=" (number->string port) " (provision '(redis)) (documentation "Run the Redis daemon.") (requirement '(user-processes syslogd)) + (actions (list (shepherd-configuration-action config-file))) (start #~(make-forkexec-constructor '(#$(file-append redis "/bin/redis-server") #$config-file) -- cgit 1.4.1 From 70677d882276ff44bc31d39e378749b976a9ca7d Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:32:11 +0200 Subject: services: rsync: Add 'configuration' action. * gnu/services/rsync.scm (rsync-shepherd-service): Add 'actions' field. --- gnu/services/rsync.scm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/rsync.scm b/gnu/services/rsync.scm index d456911563..aeb4275031 100644 --- a/gnu/services/rsync.scm +++ b/gnu/services/rsync.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Oleg Pykhalov -;;; Copyright © 2021 Ludovic Courtès +;;; Copyright © 2021, 2023 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -225,13 +225,15 @@ please use 'modules' instead~%"))) (pid-file (rsync-configuration-pid-file config)) (port-number (rsync-configuration-port-number config)) (user (rsync-configuration-user config)) - (group (rsync-configuration-group config))) + (group (rsync-configuration-group config)) + (config-file (rsync-config-file config))) (list (shepherd-service (provision '(rsync)) (documentation "Run rsync daemon.") + (actions (list (shepherd-configuration-action config-file))) (start #~(make-forkexec-constructor (list (string-append #$rsync "/bin/rsync") - "--config" #$(rsync-config-file config) + "--config" #$config-file "--daemon") #:pid-file #$pid-file #:user #$user -- cgit 1.4.1 From 1fa038324db0c7f848b5640f81465366c2a587ba Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Apr 2023 21:35:16 +0200 Subject: services: knot: Add 'configuration' action. * gnu/services/dns.scm (knot-shepherd-service): Add 'actions' field. --- gnu/services/dns.scm | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/services') diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 2ff9f90cd0..f45fc99c69 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -622,6 +622,7 @@ (documentation "Run the Knot DNS daemon.") (provision '(knot dns)) (requirement '(networking)) + (actions (list (shepherd-configuration-action config-file))) (start #~(make-forkexec-constructor (list (string-append #$knot "/sbin/knotd") "-c" #$config-file))) -- cgit 1.4.1 From e45306c1982aee194243cf661295c7ca776d879f Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 20 Apr 2023 10:38:37 +0200 Subject: services: postgresql: Add default package. * gnu/services/databases.scm ()[postgresql]: Add default value, moved from... (postgresql-service-type)[default-value]: ... here. --- gnu/services/databases.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 0cbd83254b..e8e42d3b7b 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -167,7 +167,8 @@ host all all ::1/128 md5")) (define-record-type* postgresql-configuration make-postgresql-configuration postgresql-configuration? - (postgresql postgresql-configuration-postgresql) ;file-like + (postgresql postgresql-configuration-postgresql ;file-like + (default postgresql-10)) (port postgresql-configuration-port (default 5432)) (locale postgresql-configuration-locale @@ -330,8 +331,7 @@ host all all ::1/128 md5")) (service-extension profile-service-type (compose list postgresql-configuration-postgresql)))) - (default-value (postgresql-configuration - (postgresql postgresql-10))) + (default-value (postgresql-configuration)) (description "Run the PostgreSQL database server."))) (define-deprecated (postgresql-service #:key (postgresql postgresql) -- cgit 1.4.1 From 9385c82c5471754635b4d2e90a3a77a7e91d7275 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 20 Apr 2023 21:10:51 +0200 Subject: services: nscd: Depend on syslogd. This gets rid of nscd debug messages on the console at boot time. * gnu/services/base.scm (nscd-shepherd-service): Add dependency on 'syslogd'. --- gnu/services/base.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 75d4e7b741..e8eae72aa2 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1428,7 +1428,11 @@ the tty to run, among other things." (list (shepherd-service (documentation "Run libc's name service cache daemon (nscd).") (provision '(nscd)) - (requirement '(user-processes)) + + ;; Logs are written with syslog(3), which writes to /dev/console + ;; when nobody's listening--ugly. Thus, wait for syslogd. + (requirement '(user-processes syslogd)) + (start #~(make-forkexec-constructor (list #$nscd "-f" #$nscd.conf "--foreground") -- cgit 1.4.1 From 95731b4ef1991f5b85aa9ec9d4fb97c006bec65d Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 21 Apr 2023 00:11:52 +0200 Subject: services: herd: 'load-services/safe' is synonymous with 'load-services'. This is a followup to 547965aa27b6a09cadf42130b7ec7db3f1aee61f. * gnu/services/herd.scm (load-services/safe): Make an alias for 'load-services'. --- gnu/services/herd.scm | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/herd.scm b/gnu/services/herd.scm index e489ce2b9a..48594015fc 100644 --- a/gnu/services/herd.scm +++ b/gnu/services/herd.scm @@ -282,14 +282,10 @@ returns a shepherd object." `(primitive-load ,file)) files)))) -(define (load-services/safe files) - "This is like 'load-services', but make sure only the subset of FILES that -can be safely reloaded is actually reloaded." - (eval-there `(let ((services (map primitive-load ',files))) - ;; Since version 0.5.0 of the Shepherd, registering a service - ;; that has the same name as an already-registered service - ;; makes it a "replacement" of that previous service. - (apply register-services services)))) +(define load-services/safe + ;; Deprecated. It used to behave differently before service replacements + ;; were a thing. + load-services) (define* (start-service name #:optional (arguments '())) (invoke-action name 'start arguments -- cgit 1.4.1