From 4b41febf9c73d9d933b4873edadf9693ae4d5bb3 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sun, 11 Dec 2016 21:17:40 +0000 Subject: services: mysql: Add port to configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/databases.scm (): Add port field. (mysql-configuration-file): Use the port field when creating the configuration file. * doc/guix.texi (Database Services): Document it. Co-authored-by: Ludovic Courtès --- gnu/services/databases.scm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 1eed85542b..f7e08e6967 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -160,7 +160,8 @@ and stores the database cluster in @var{data-directory}." (define-record-type* mysql-configuration make-mysql-configuration mysql-configuration? - (mysql mysql-configuration-mysql (default mariadb))) + (mysql mysql-configuration-mysql (default mariadb)) + (port mysql-configuration-port (default 3306))) (define %mysql-accounts (list (user-group @@ -175,10 +176,11 @@ and stores the database cluster in @var{data-directory}." (define mysql-configuration-file (match-lambda - (($ mysql) - (plain-file "my.cnf" "[mysqld] + (($ mysql port) + (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql socket=/run/mysqld/mysqld.sock +port=" (number->string port) " ")))) (define (%mysql-activation config) -- cgit v1.2.3 From 2d3d5cc5ea9d4b991f2f640543ad70c902bc0191 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Wed, 14 Dec 2016 08:35:48 +0000 Subject: services: postgresql: Add port to configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/databases.scm (): Add port field. (postgresql-shepherd-service): Pass port to postgres. (postgresql-service): Add port default. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 7 ++++--- gnu/services/databases.scm | 9 +++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 0a92bd6b5c..cc90ca5775 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10166,13 +10166,14 @@ Users need to be in the @code{lp} group to access the D-Bus service. The @code{(gnu services databases)} module provides the following services. @deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @ - [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] + [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ + [#:port 5432] Return a service that runs @var{postgresql}, the PostgreSQL database server. The PostgreSQL daemon loads its runtime configuration from -@var{config-file} and stores the database cluster in -@var{data-directory}. +@var{config-file}, stores the database cluster in @var{data-directory} and +listens on @var{port}. @end deffn @deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index f7e08e6967..7cdcfc4d79 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -48,6 +48,8 @@ postgresql-configuration? (postgresql postgresql-configuration-postgresql ; (default postgresql)) + (port postgresql-configuration-port + (default 5432)) (config-file postgresql-configuration-file) (data-directory postgresql-configuration-data-directory)) @@ -80,7 +82,7 @@ host all all ::1/128 trust")) (define postgresql-activation (match-lambda - (($ postgresql config-file data-directory) + (($ postgresql port config-file data-directory) #~(begin (use-modules (guix build utils) (ice-9 match)) @@ -108,7 +110,7 @@ host all all ::1/128 trust")) (define postgresql-shepherd-service (match-lambda - (($ postgresql config-file data-directory) + (($ postgresql port config-file data-directory) (let ((start-script ;; Wrapper script that switches to the 'postgres' user before ;; launching daemon. @@ -121,6 +123,7 @@ host all all ::1/128 trust")) (system* postgres (string-append "--config-file=" #$config-file) + "-p" (number->string #$port) "-D" #$data-directory))))) (list (shepherd-service (provision '(postgres)) @@ -140,6 +143,7 @@ host all all ::1/128 trust")) (const %postgresql-accounts)))))) (define* (postgresql-service #:key (postgresql postgresql) + (port 5432) (config-file %default-postgres-config) (data-directory "/var/lib/postgresql/data")) "Return a service that runs @var{postgresql}, the PostgreSQL database server. @@ -149,6 +153,7 @@ and stores the database cluster in @var{data-directory}." (service postgresql-service-type (postgresql-configuration (postgresql postgresql) + (port port) (config-file config-file) (data-directory data-directory)))) -- cgit v1.2.3 From e05b780a58d561080f71a81e9a388a5a4b26767a Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Wed, 14 Dec 2016 08:35:49 +0000 Subject: services: postgresql: Add locale to configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/databases.scm (): Add locale field. (postgresql-shepherd-service): Pass locale to initdb. (postgresql-service): Add locale default. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 8 ++++---- gnu/services/databases.scm | 22 ++++++++++++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index cc90ca5775..46ed451d6b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10167,13 +10167,13 @@ The @code{(gnu services databases)} module provides the following services. @deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @ [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ - [#:port 5432] + [#:port 5432] [#:locale ``en_US.utf8''] Return a service that runs @var{postgresql}, the PostgreSQL database server. -The PostgreSQL daemon loads its runtime configuration from -@var{config-file}, stores the database cluster in @var{data-directory} and -listens on @var{port}. +The PostgreSQL daemon loads its runtime configuration from @var{config-file}, +creates a database cluster with @var{locale} as the default +locale, stored in @var{data-directory}. It then listens on @var{port}. @end deffn @deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 7cdcfc4d79..d88c839f7d 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -50,6 +50,8 @@ (default postgresql)) (port postgresql-configuration-port (default 5432)) + (locale postgresql-configuration-locale + (default "en_US.utf8")) (config-file postgresql-configuration-file) (data-directory postgresql-configuration-data-directory)) @@ -82,13 +84,18 @@ host all all ::1/128 trust")) (define postgresql-activation (match-lambda - (($ postgresql port config-file data-directory) + (($ postgresql port locale config-file data-directory) #~(begin (use-modules (guix build utils) (ice-9 match)) (let ((user (getpwnam "postgres")) - (initdb (string-append #$postgresql "/bin/initdb"))) + (initdb (string-append #$postgresql "/bin/initdb")) + (initdb-args + (append + (if #$locale + (list (string-append "--locale=" #$locale)) + '())))) ;; Create db state directory. (mkdir-p #$data-directory) (chown #$data-directory (passwd:uid user) (passwd:gid user)) @@ -103,14 +110,19 @@ host all all ::1/128 trust")) (lambda () (setgid (passwd:gid user)) (setuid (passwd:uid user)) - (primitive-exit (system* initdb "-D" #$data-directory))) + (primitive-exit + (apply system* + initdb + "-D" + #$data-directory + initdb-args))) (lambda () (primitive-exit 1)))) (pid (waitpid pid)))))))) (define postgresql-shepherd-service (match-lambda - (($ postgresql port config-file data-directory) + (($ postgresql port locale config-file data-directory) (let ((start-script ;; Wrapper script that switches to the 'postgres' user before ;; launching daemon. @@ -144,6 +156,7 @@ host all all ::1/128 trust")) (define* (postgresql-service #:key (postgresql postgresql) (port 5432) + (locale "en_US.utf8") (config-file %default-postgres-config) (data-directory "/var/lib/postgresql/data")) "Return a service that runs @var{postgresql}, the PostgreSQL database server. @@ -154,6 +167,7 @@ and stores the database cluster in @var{data-directory}." (postgresql-configuration (postgresql postgresql) (port port) + (locale locale) (config-file config-file) (data-directory data-directory)))) -- cgit v1.2.3 From 57aa94bd7e7d530e52356723c8f1dbf727144b25 Mon Sep 17 00:00:00 2001 From: Mathieu Lirzin Date: Thu, 1 Dec 2016 20:41:08 +0100 Subject: services: cuirass: Put specifications in the store. * gnu/services/cuirass.scm (): Change type of 'specifications' field to an alist to match the documentation example. (cuirass-shepherd-service): Store the provided specifications in a file. Use that file as the "--specification" argument. --- gnu/services/cuirass.scm | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index d843c07335..4975a7e16e 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -52,8 +52,8 @@ (default 60)) (database cuirass-configuration-database ;string (file-name) (default "/var/run/cuirass/cuirass.db")) - (specifications cuirass-configuration-specifications ;string (file-name) - (default "")) + (specifications cuirass-configuration-specifications ;specification-alist + (default '())) (use-substitutes? cuirass-configuration-use-substitutes? ;boolean (default #f)) (one-shot? cuirass-configuration-one-shot? ;boolean @@ -66,7 +66,7 @@ (let ((cache-directory (cuirass-configuration-cache-directory config)) (interval (cuirass-configuration-interval config)) (database (cuirass-configuration-database config)) - (specifications (cuirass-configuration-specifications config)) + (specs (cuirass-configuration-specifications config)) (use-substitutes? (cuirass-configuration-use-substitutes? config)) (one-shot? (cuirass-configuration-one-shot? config))) (list (shepherd-service @@ -78,9 +78,11 @@ #$@(if (string=? "" cache-directory) '() (list "--cache-directory" cache-directory)) - #$@(if (string=? "" specifications) + #$@(if (null? specs) '() - (list "--specifications" specifications)) + (let ((str (format #f "'~S" specs))) + (list "--specifications" + (plain-file "specs.scm" str)))) "--database" #$database "--interval" #$(number->string interval) #$@(if use-substitutes? '("--use-substitutes") '()) -- cgit v1.2.3 From 9fc037fe1099f499acc01c5f40cae7f72796c49a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 15:41:19 +0100 Subject: services: Use 'file-append' in more places. * gnu/services/avahi.scm (avahi-shepherd-service): Use #$(file-append x y) instead of (string-append #$x y). * gnu/services/base.scm (unicode-start) (console-keymap-service-type, console-font-shepherd-services) (mingetty-shepherd-service, nscd-shepherd-service) (hydra-key-authorization, guix-shepherd-service) (guix-publish-shepherd-service, udev-shepherd-service) (gpm-shepherd-service, ) (kmscon-service-type): Likewise. * gnu/services/shepherd.scm (shepherd-boot-gexp): Likewise. --- gnu/services/avahi.scm | 2 +- gnu/services/base.scm | 30 +++++++++++++++--------------- gnu/services/shepherd.scm | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/avahi.scm b/gnu/services/avahi.scm index 60e9e61f94..29720415fc 100644 --- a/gnu/services/avahi.scm +++ b/gnu/services/avahi.scm @@ -107,7 +107,7 @@ (requirement '(dbus-system networking)) (start #~(make-forkexec-constructor - (list (string-append #$avahi "/sbin/avahi-daemon") + (list #$(file-append avahi "/sbin/avahi-daemon") "--daemonize" #$@(if debug? #~("--debug") #~()) "-f" #$config) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index ea1ab63d1b..8e686898c5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -610,7 +610,7 @@ strings or string-valued gexps." (dup2 (open-fdes #$tty O_RDONLY) 0) (close-fdes 1) (dup2 (open-fdes #$tty O_WRONLY) 1) - (execl (string-append #$kbd "/bin/unicode_start") + (execl #$(file-append kbd "/bin/unicode_start") "unicode_start")) (else (zero? (cdr (waitpid pid)))))))) @@ -623,7 +623,7 @@ strings or string-valued gexps." (documentation (string-append "Load console keymap (loadkeys).")) (provision '(console-keymap)) (start #~(lambda _ - (zero? (system* (string-append #$kbd "/bin/loadkeys") + (zero? (system* #$(file-append kbd "/bin/loadkeys") #$@files)))) (respawn? #f))))) @@ -655,7 +655,7 @@ strings or string-valued gexps." (start #~(lambda _ (and #$(unicode-start device) (zero? - (system* (string-append #$kbd "/bin/setfont") + (system* #$(file-append kbd "/bin/setfont") "-C" #$device #$font))))) (stop #~(const #t)) (respawn? #f))))) @@ -737,7 +737,7 @@ the message of the day, among other things." (requirement '(user-processes host-name udev)) (start #~(make-forkexec-constructor - (list (string-append #$mingetty "/sbin/mingetty") + (list #$(file-append mingetty "/sbin/mingetty") "--noclear" #$tty #$@(if auto-login #~("--autologin" #$auto-login) @@ -872,7 +872,7 @@ the tty to run, among other things." (provision '(nscd)) (requirement '(user-processes)) (start #~(make-forkexec-constructor - (list (string-append #$(nscd-configuration-glibc config) + (list #$(file-append (nscd-configuration-glibc config) "/sbin/nscd") "-f" #$nscd.conf "--foreground") @@ -1058,7 +1058,7 @@ public key, with GUIX." (format #t "registering public key '~a'...~%" key) (close-port (current-input-port)) (dup port 0) - (execl (string-append #$guix "/bin/guix") + (execl #$(file-append guix "/bin/guix") "guix" "archive" "--authorize") (exit 1))) (else @@ -1111,7 +1111,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (requirement '(user-processes)) (start #~(make-forkexec-constructor - (list (string-append #$guix "/bin/guix-daemon") + (list #$(file-append guix "/bin/guix-daemon") "--build-users-group" #$build-group #$@(if use-substitutes? '() @@ -1186,7 +1186,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (provision '(guix-publish)) (requirement '(guix-daemon)) (start #~(make-forkexec-constructor - (list (string-append #$guix "/bin/guix") + (list #$(file-append guix "/bin/guix") "publish" "-u" "guix-publish" "-p" #$(number->string port) (string-append "--listen=" #$host)))) @@ -1340,7 +1340,7 @@ item of @var{packages}." ;; The first one is for udev, the second one for eudev. (setenv "UDEV_CONFIG_FILE" #$udev.conf) (setenv "EUDEV_RULES_DIRECTORY" - (string-append #$rules "/lib/udev/rules.d")) + #$(file-append rules "/lib/udev/rules.d")) (let ((pid (primitive-fork))) (case pid @@ -1353,11 +1353,11 @@ item of @var{packages}." (wait-for-udevd) ;; Trigger device node creation. - (system* (string-append #$udev "/bin/udevadm") + (system* #$(file-append udev "/bin/udevadm") "trigger" "--action=add") ;; Wait for things to settle down. - (system* (string-append #$udev "/bin/udevadm") + (system* #$(file-append udev "/bin/udevadm") "settle") pid))))) (stop #~(make-kill-destructor)) @@ -1428,7 +1428,7 @@ extra rules from the packages listed in @var{rules}." ;; 'gpm' runs in the background and sets a PID file. ;; Note that it requires running as "root". (false-if-exception (delete-file "/var/run/gpm.pid")) - (fork+exec-command (list (string-append #$gpm "/sbin/gpm") + (fork+exec-command (list #$(file-append gpm "/sbin/gpm") #$@options)) ;; Wait for the PID file to appear; declare failure if @@ -1443,7 +1443,7 @@ extra rules from the packages listed in @var{rules}." (stop #~(lambda (_) ;; Return #f if successfully stopped. - (not (zero? (system* (string-append #$gpm "/sbin/gpm") + (not (zero? (system* #$(file-append gpm "/sbin/gpm") "-k")))))))))) (define gpm-service-type @@ -1472,7 +1472,7 @@ This service is not part of @var{%base-services}." (default kmscon)) (virtual-terminal kmscon-configuration-virtual-terminal) (login-program kmscon-configuration-login-program - (default #~(string-append #$shadow "/bin/login"))) + (default (file-append shadow "/bin/login"))) (login-arguments kmscon-configuration-login-arguments (default '("-p"))) (hardware-acceleration? kmscon-configuration-hardware-acceleration? @@ -1490,7 +1490,7 @@ This service is not part of @var{%base-services}." (define kmscon-command #~(list - (string-append #$kmscon "/bin/kmscon") "--login" + #$(file-append kmscon "/bin/kmscon") "--login" "--vt" #$virtual-terminal #$@(if hardware-acceleration? '("--hwaccel") '()) "--" #$login-program #$@login-arguments)) diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index 3273184b9a..d8d5006abf 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -82,7 +82,7 @@ (loop (+ 1 fd)))) ;; Start shepherd. - (execl (string-append #$shepherd "/bin/shepherd") + (execl #$(file-append shepherd "/bin/shepherd") "shepherd" "--config" #$shepherd-conf))))) (define shepherd-root-service-type -- cgit v1.2.3 From b17e326f1731d7170a48cfad4d9d4c91bad7b8a4 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 23:01:04 +0100 Subject: services: cuirass: Add 'log-file' option. * gnu/services/cuirass.scm ()[log-file]: New field. (cuirass-shepherd-service): Pass it to 'make-forkexec-constructor'. --- doc/guix.texi | 3 +++ gnu/services/cuirass.scm | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index a9f9851394..46d006df8c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11990,6 +11990,9 @@ accessible in other @code{cuirass-configuration} fields. Data type representing the configuration of Cuirass. @table @asis +@item @code{log-file} (default: @code{"/var/log/cuirass.log"}) +Location of the log file. + @item @code{cache-directory} (default: @code{""}) Location of the repository cache. diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 4975a7e16e..8e9316ffc7 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -42,6 +42,8 @@ (define-record-type* cuirass-configuration make-cuirass-configuration cuirass-configuration? + (log-file cuirass-configuration-log-file ;string + (default "/var/log/cuirass.log")) (cache-directory cuirass-configuration-cache-directory ;string (dir-name) (default "")) (user cuirass-configuration-user ;string @@ -64,6 +66,7 @@ (and (cuirass-configuration? config) (let ((cache-directory (cuirass-configuration-cache-directory config)) + (log-file (cuirass-configuration-log-file config)) (interval (cuirass-configuration-interval config)) (database (cuirass-configuration-database config)) (specs (cuirass-configuration-specifications config)) @@ -86,7 +89,8 @@ "--database" #$database "--interval" #$(number->string interval) #$@(if use-substitutes? '("--use-substitutes") '()) - #$@(if one-shot? '("--one-shot") '())))) + #$@(if one-shot? '("--one-shot") '())) + #:log-file #$log-file)) (stop #~(make-kill-destructor))))))) (define (cuirass-account config) -- cgit v1.2.3 From 831071b84fe168999a49e5987a479c847b27b3d6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 23:07:28 +0100 Subject: services: cuirass: Honor 'user' and 'group'. * gnu/services/cuirass.scm (cuirass-shepherd-service): Pass the user and group of CONFIG to 'make-forkexec-constructor'. --- gnu/services/cuirass.scm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 8e9316ffc7..c2fe9d9bf7 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -67,6 +67,8 @@ (cuirass-configuration? config) (let ((cache-directory (cuirass-configuration-cache-directory config)) (log-file (cuirass-configuration-log-file config)) + (user (cuirass-configuration-user config)) + (group (cuirass-configuration-group config)) (interval (cuirass-configuration-interval config)) (database (cuirass-configuration-database config)) (specs (cuirass-configuration-specifications config)) @@ -90,6 +92,8 @@ "--interval" #$(number->string interval) #$@(if use-substitutes? '("--use-substitutes") '()) #$@(if one-shot? '("--one-shot") '())) + #:user #$user + #:group #$group #:log-file #$log-file)) (stop #~(make-kill-destructor))))))) -- cgit v1.2.3 From 463995da0c8ae95654a6184c0a7ff0d1e0914c83 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 23:29:09 +0100 Subject: services: cuirass: Cache defaults to /var/cache/cuirass. The previous default value depended on the 'HOME' environment variable, which happened to be unset. Thus, /.cache was being used. * gnu/services/cuirass.scm ()[cache-directory]: Change default value to "/var/cache/cuirass". (cuirass-shepherd-service): Always pass "--cache-directory". (cuirass-activation): New procedure. (cuirass-service-type): Use it as an extension to ACTIVATION-SERVICE-TYPE. * doc/guix.texi (Continuous Integration): Adjust accordingly. --- doc/guix.texi | 2 +- gnu/services/cuirass.scm | 23 +++++++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 46d006df8c..c2182093dd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11993,7 +11993,7 @@ Data type representing the configuration of Cuirass. @item @code{log-file} (default: @code{"/var/log/cuirass.log"}) Location of the log file. -@item @code{cache-directory} (default: @code{""}) +@item @code{cache-directory} (default: @code{"/var/cache/cuirass"}) Location of the repository cache. @item @code{user} (default: @code{"cuirass"}) diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index c2fe9d9bf7..d585e26538 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Mathieu Lirzin +;;; Copyright © 2016 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,7 @@ (log-file cuirass-configuration-log-file ;string (default "/var/log/cuirass.log")) (cache-directory cuirass-configuration-cache-directory ;string (dir-name) - (default "")) + (default "/var/cache/cuirass")) (user cuirass-configuration-user ;string (default "cuirass")) (group cuirass-configuration-group ;string @@ -80,9 +81,7 @@ (requirement '(guix-daemon)) (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") - #$@(if (string=? "" cache-directory) - '() - (list "--cache-directory" cache-directory)) + "--cache-directory" #$cache-directory #$@(if (null? specs) '() (let ((str (format #f "'~S" specs))) @@ -112,11 +111,27 @@ (home-directory (string-append "/var/run/" cuirass-user)) (shell #~(string-append #$shadow "/sbin/nologin")))))) +(define (cuirass-activation config) + "Return the activation code for CONFIG." + (let ((cache (cuirass-configuration-cache-directory config)) + (user (cuirass-configuration-user config)) + (group (cuirass-configuration-group config))) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p #$cache) + + (let ((uid (passwd:uid (getpw #$user))) + (gid (group:gid (getgr #$group)))) + (chown #$cache uid gid)))))) + (define cuirass-service-type (service-type (name 'cuirass) (extensions (list + (service-extension activation-service-type cuirass-activation) (service-extension shepherd-root-service-type cuirass-shepherd-service) (service-extension account-service-type cuirass-account))))) -- cgit v1.2.3 From f78903f36308081eeea52223fb3f5dca5096baef Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 23:39:43 +0100 Subject: services: guix: Remove dependency on lsh. * gnu/services/base.scm ()[lsh]: Remove. (guix-shepherd-service): Remove lsh from 'PATH'. * doc/guix.texi (Base Services): Adjust accordingly. --- doc/guix.texi | 3 +-- gnu/services/base.scm | 12 ++++-------- 2 files changed, 5 insertions(+), 10 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index c2182093dd..7c37468cdf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -8300,8 +8300,7 @@ The list of URLs where to look for substitutes by default. List of extra command-line options for @command{guix-daemon}. @item @code{lsof} (default: @var{lsof}) -@itemx @code{lsh} (default: @var{lsh}) -The lsof and lsh packages to use. +The lsof package to use. @end table @end deftp diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 8e686898c5..f2bac297aa 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -37,7 +37,6 @@ #:use-module ((gnu packages base) #:select (canonical-package glibc)) #:use-module (gnu packages package-management) - #:use-module (gnu packages ssh) #:use-module (gnu packages lsof) #:use-module (gnu packages terminals) #:use-module ((gnu build file-systems) @@ -1091,9 +1090,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (extra-options guix-configuration-extra-options ;list of strings (default '())) (lsof guix-configuration-lsof ; - (default lsof)) - (lsh guix-configuration-lsh ; - (default lsh))) + (default lsof))) (define %default-guix-configuration (guix-configuration)) @@ -1104,7 +1101,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (($ guix build-group build-accounts authorize-key? keys use-substitutes? substitute-urls extra-options - lsof lsh) + lsof) (list (shepherd-service (documentation "Run the Guix daemon.") (provision '(guix-daemon)) @@ -1119,10 +1116,9 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) "--substitute-urls" #$(string-join substitute-urls) #$@extra-options) - ;; Add 'lsof' (for the GC) and 'lsh' (for offloading) to the - ;; daemon's $PATH. + ;; Add 'lsof' (for the GC) to the daemon's $PATH. #:environment-variables - (list (string-append "PATH=" #$lsof "/bin:" #$lsh "/bin")))) + (list (string-append "PATH=" #$lsof "/bin")))) (stop #~(make-kill-destructor))))))) (define (guix-accounts config) -- cgit v1.2.3 From dc0ef095b32f57a935764d40530af0b32a01d715 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Dec 2016 23:54:39 +0100 Subject: services: guix: Add 'log-file' configuration option. * gnu/services/base.scm ()[log-file]: New field. (guix-shepherd-service): Pass #:log-file to 'make-forkexec-constructor'. * gnu/services/admin.scm (simple-rotation-config): Take a list of files and join them with commas. (%default-rotations): Add /var/log/guix-daemon.log. * doc/guix.texi (Base Services): Document it. --- doc/guix.texi | 4 ++++ gnu/services/admin.scm | 7 ++++--- gnu/services/base.scm | 8 ++++++-- 3 files changed, 14 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 7c37468cdf..bb96385f84 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -8299,6 +8299,10 @@ The list of URLs where to look for substitutes by default. @item @code{extra-options} (default: @code{'()}) List of extra command-line options for @command{guix-daemon}. +@item @code{log-file} (default: @code{"/var/log/guix-daemon.log"}) +File where @command{guix-daemon}'s standard output and standard error +are written. + @item @code{lsof} (default: @var{lsof}) The lsof package to use. diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm index d8086b78d4..deaf677bd9 100644 --- a/gnu/services/admin.scm +++ b/gnu/services/admin.scm @@ -58,8 +58,8 @@ } ")) -(define (simple-rotation-config file) - (string-append file " { +(define (simple-rotation-config files) + #~(string-append #$(string-join files ",") " { sharedscripts } ")) @@ -72,7 +72,8 @@ (display #$(syslog-rotation-config %rotated-files) port) (display #$(simple-rotation-config - "/var/log/shepherd.log") + '("/var/log/shepherd.log" + "/var/log/guix-daemon.log")) port))))))) (define (default-jobs rottlog) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index f2bac297aa..1b1ce0d5e8 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1089,6 +1089,8 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (default %default-substitute-urls)) (extra-options guix-configuration-extra-options ;list of strings (default '())) + (log-file guix-configuration-log-file ;string + (default "/var/log/guix-daemon.log")) (lsof guix-configuration-lsof ; (default lsof))) @@ -1101,7 +1103,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) (($ guix build-group build-accounts authorize-key? keys use-substitutes? substitute-urls extra-options - lsof) + log-file lsof) (list (shepherd-service (documentation "Run the Guix daemon.") (provision '(guix-daemon)) @@ -1118,7 +1120,9 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) ;; Add 'lsof' (for the GC) to the daemon's $PATH. #:environment-variables - (list (string-append "PATH=" #$lsof "/bin")))) + (list (string-append "PATH=" #$lsof "/bin")) + + #:log-file #$log-file)) (stop #~(make-kill-destructor))))))) (define (guix-accounts config) -- cgit v1.2.3 From 137f8df66cf7220f6ef9ac736b8f99e2fc726e15 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Dec 2016 09:56:55 +0100 Subject: services: cuirass: Create the database directory. * gnu/services/cuirass.scm (cuirass-activation): Create the database directory for CONFIG. --- gnu/services/cuirass.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index d585e26538..91d78d15ac 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -114,6 +114,7 @@ (define (cuirass-activation config) "Return the activation code for CONFIG." (let ((cache (cuirass-configuration-cache-directory config)) + (db (dirname (cuirass-configuration-database config))) (user (cuirass-configuration-user config)) (group (cuirass-configuration-group config))) (with-imported-modules '((guix build utils)) @@ -121,10 +122,12 @@ (use-modules (guix build utils)) (mkdir-p #$cache) + (mkdir-p #$db) (let ((uid (passwd:uid (getpw #$user))) (gid (group:gid (getgr #$group)))) - (chown #$cache uid gid)))))) + (chown #$cache uid gid) + (chown #$db uid gid)))))) (define cuirass-service-type (service-type -- cgit v1.2.3 From 379b6ba5a906b62252dd5bcb142ec050ae34bc74 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Dec 2016 10:23:37 +0100 Subject: services: cuirass: Add 'cuirass' field. * gnu/services/cuirass.scm ()[cuirass]: New field. (cuirass-shepherd-service): Honor it. * doc/guix.texi (Continuous Integration): Document it. --- doc/guix.texi | 3 +++ gnu/services/cuirass.scm | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index bb96385f84..389afe0f29 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12025,6 +12025,9 @@ from source. @item @code{one-shot?} (default: @code{#f}) Only evaluate specifications and build derivations once. + +@item @code{cuirass} (default: @code{cuirass}) +The Cuirass package to use. @end table @end deftp diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 91d78d15ac..0ecdccfec7 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -43,6 +43,8 @@ (define-record-type* cuirass-configuration make-cuirass-configuration cuirass-configuration? + (cuirass cuirass-configuration-cuirass ;package + (default cuirass)) (log-file cuirass-configuration-log-file ;string (default "/var/log/cuirass.log")) (cache-directory cuirass-configuration-cache-directory ;string (dir-name) @@ -66,7 +68,8 @@ "Return a for the Cuirass service with CONFIG." (and (cuirass-configuration? config) - (let ((cache-directory (cuirass-configuration-cache-directory config)) + (let ((cuirass (cuirass-configuration-cuirass config)) + (cache-directory (cuirass-configuration-cache-directory config)) (log-file (cuirass-configuration-log-file config)) (user (cuirass-configuration-user config)) (group (cuirass-configuration-group config)) -- cgit v1.2.3 From 38d6aa05e2da4cff670be64848fea5536432b2c6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Dec 2016 10:26:05 +0100 Subject: services: cuirass: Add Cuirass to the system profile. * gnu/services/cuirass.scm (cuirass-service-type): Extend PROFILE-SERVICE-TYPE. --- gnu/services/cuirass.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 0ecdccfec7..67265e506e 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -137,6 +137,8 @@ (name 'cuirass) (extensions (list + (service-extension profile-service-type ;for 'info cuirass' + (compose list cuirass-configuration-cuirass)) (service-extension activation-service-type cuirass-activation) (service-extension shepherd-root-service-type cuirass-shepherd-service) (service-extension account-service-type cuirass-account))))) -- cgit v1.2.3 From d1f30631967826be56abf8b5f3f868a8c7ef7027 Mon Sep 17 00:00:00 2001 From: John Darrington Date: Wed, 21 Dec 2016 20:42:04 +0100 Subject: gnu: Fix typo in comment. * gnu/services/sddm.scm: Fix typo. --- gnu/services/sddm.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm index 5bb58bd6f0..2ebfe22016 100644 --- a/gnu/services/sddm.scm +++ b/gnu/services/sddm.scm @@ -220,7 +220,7 @@ Relogin=" (if (sddm-configuration-relogin? config) (name "sddm-greeter") (auth (list - ;; Load environment form /etc/environment and ~/.pam_environment + ;; Load environment from /etc/environment and ~/.pam_environment (pam-entry (control "required") (module "pam_env.so")) -- cgit v1.2.3 From 3547a5effecfa19f73af29f0d503f5a231025672 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 29 Dec 2016 23:20:57 +0100 Subject: services: Add libmtp's udev rules to '%desktop-services'. Suggested by Chris Marusich . * gnu/services/desktop.scm (%desktop-services): Add 'mtp' service via call to 'simple-service'. --- gnu/services/desktop.scm | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 7555780ade..36049587d3 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -40,6 +40,7 @@ #:use-module (gnu packages xdisorg) #:use-module (gnu packages suckless) #:use-module (gnu packages linux) + #:use-module (gnu packages libusb) #:use-module (guix records) #:use-module (guix packages) #:use-module (guix store) @@ -753,6 +754,10 @@ with the administrator's password." (screen-locker-service slock) (screen-locker-service xlockmore "xlock") + ;; Add udev rules for MTP devices so that non-root users can access + ;; them. + (simple-service 'mtp udev-service-type (list libmtp)) + ;; The D-Bus clique. (avahi-service) (wicd-service) -- cgit v1.2.3 From 8de938d59aa48a43b71d9fa687d762c807f59136 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 1 Jan 2017 22:52:35 +0100 Subject: services: cuirass: Allow for gexps in specifications. * gnu/services/cuirass.scm ()[specifications]: Change default value to #~'(). (cuirass-shepherd-service): Remove conditional for "--specifications". Use 'scheme-file' instead of 'plain-file'. Change file name to "cuirass-specs.scm". * doc/guix.texi (Continuous Integration): Change the example to use a gexp where #:file refers to a file within Cuirass. Adjust documentation. --- doc/guix.texi | 31 +++++++++++++++++++------------ gnu/services/cuirass.scm | 13 +++++-------- 2 files changed, 24 insertions(+), 20 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 42fb439668..45657ed2cf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13,7 +13,7 @@ @set OPENPGP-SIGNING-KEY-ID BCA689B636553801C3C62150197A5888235FACAC @copying -Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@* +Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* Copyright @copyright{} 2013 Nikita Karetnikov@* Copyright @copyright{} 2014, 2015, 2016 Alex Kost@* @@ -12028,16 +12028,22 @@ defining a build job based on a specification that can be found in Cuirass source tree. @example -(let ((spec `((#:name . "guix") - (#:url . "git://git.savannah.gnu.org/guix.git") - (#:load-path . ".") - ;; Adapt to a valid absolute file name. - (#:file . "/.../cuirass/tests/gnu-system.scm") - (#:proc . hydra-jobs) - (#:arguments (subset . "hello")) - (#:branch . "master")))) +(let ((spec #~((#:name . "guix") + (#:url . "git://git.savannah.gnu.org/guix.git") + (#:load-path . ".") + + ;; Here we must provide an absolute file name. + ;; We take jobs from one of the examples provided + ;; by Cuirass. + (#:file . #$(file-append + cuirass + "/tests/gnu-system.scm")) + + (#:proc . hydra-jobs) + (#:arguments (subset . "hello")) + (#:branch . "master")))) (cuirass-service #:config (cuirass-configuration - (specifications (list spec))))) + (specifications #~(list #$spec))))) @end example While information related to build jobs are located directly in the @@ -12068,8 +12074,9 @@ Cuirass jobs. Location of sqlite database which contains the build results and previously added specifications. -@item @code{specifications} (default: @code{'()}) -A list of specifications, where a specification is an association list +@item @code{specifications} (default: @code{#~'()}) +A gexp (@pxref{G-Expressions}) that evaluates to a list of specifications, +where a specification is an association list (@pxref{Associations Lists,,, guile, GNU Guile Reference Manual}) whose keys are keywords (@code{#:keyword-example}) as shown in the example above. diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 67265e506e..4dc802fc8c 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Mathieu Lirzin -;;; Copyright © 2016 Ludovic Courtès +;;; Copyright © 2016, 2017 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -57,8 +57,8 @@ (default 60)) (database cuirass-configuration-database ;string (file-name) (default "/var/run/cuirass/cuirass.db")) - (specifications cuirass-configuration-specifications ;specification-alist - (default '())) + (specifications cuirass-configuration-specifications + (default #~'())) ;gexp that evaluates to specification-alist (use-substitutes? cuirass-configuration-use-substitutes? ;boolean (default #f)) (one-shot? cuirass-configuration-one-shot? ;boolean @@ -85,11 +85,8 @@ (start #~(make-forkexec-constructor (list (string-append #$cuirass "/bin/cuirass") "--cache-directory" #$cache-directory - #$@(if (null? specs) - '() - (let ((str (format #f "'~S" specs))) - (list "--specifications" - (plain-file "specs.scm" str)))) + "--specifications" + #$(scheme-file "cuirass-specs.scm" specs) "--database" #$database "--interval" #$(number->string interval) #$@(if use-substitutes? '("--use-substitutes") '()) -- cgit v1.2.3 From 231eddc88ae1f459024f410c5fee48c0a2003bec Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 1 Jan 2017 23:11:25 +0100 Subject: services: cuirass: Remove 'cuirass-service' procedure. * gnu/services/cuirass.scm ()[specifications]: Remove default value. (cuirass-service): Remove. * doc/guix.texi (Continuous Integration): Adjust accordingly. --- doc/guix.texi | 30 +++++++++++++----------------- gnu/services/cuirass.scm | 10 +++------- 2 files changed, 16 insertions(+), 24 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 45657ed2cf..8c65f44dac 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12011,21 +12011,16 @@ providing substitutes to others (@pxref{Substitutes}). The @code{(gnu services cuirass)} module provides the following service. -@deffn {Scheme Procedure} cuirass-service @ - [#:config @code{(cuirass-configuration)}] -Return a service that runs @command{cuirass}. - -The @var{#:config} keyword argument specifies the configuration for -@command{cuirass}, which must be a @code{} -object, by default it doesn't provide any build job. If you want to -provide your own configuration you will most likely use the -@code{cuirass-configuration} special form which returns such objects. -@end deffn +@defvr {Scheme Procedure} cuirass-service-type +The type of the Cuirass service. Its value must be a +@code{cuirass-configuration} object, as described below. +@end defvr -In order to add build jobs you will have to set the -@code{specifications} field. Here is an example of a cuirass service -defining a build job based on a specification that can be found in -Cuirass source tree. +To add build jobs, you have to set the @code{specifications} field of +the configuration. Here is an example of a service defining a build job +based on a specification that can be found in Cuirass source tree. This +service polls the Guix repository and builds a subset of the Guix +packages, as prescribed in the @file{gnu-system.scm} example spec: @example (let ((spec #~((#:name . "guix") @@ -12042,11 +12037,12 @@ Cuirass source tree. (#:proc . hydra-jobs) (#:arguments (subset . "hello")) (#:branch . "master")))) - (cuirass-service #:config (cuirass-configuration - (specifications #~(list #$spec))))) + (service cuirass-service-type + (cuirass-configuration + (specifications #~(list #$spec))))) @end example -While information related to build jobs are located directly in the +While information related to build jobs is located directly in the specifications, global settings for the @command{cuirass} process are accessible in other @code{cuirass-configuration} fields. diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm index 4dc802fc8c..c15a846bad 100644 --- a/gnu/services/cuirass.scm +++ b/gnu/services/cuirass.scm @@ -30,8 +30,7 @@ cuirass-configuration cuirass-configuration? - cuirass-service-type - cuirass-service)) + cuirass-service-type)) ;;;; Commentary: ;;; @@ -57,8 +56,8 @@ (default 60)) (database cuirass-configuration-database ;string (file-name) (default "/var/run/cuirass/cuirass.db")) - (specifications cuirass-configuration-specifications - (default #~'())) ;gexp that evaluates to specification-alist + (specifications cuirass-configuration-specifications) + ;gexp that evaluates to specification-alist (use-substitutes? cuirass-configuration-use-substitutes? ;boolean (default #f)) (one-shot? cuirass-configuration-one-shot? ;boolean @@ -140,6 +139,3 @@ (service-extension shepherd-root-service-type cuirass-shepherd-service) (service-extension account-service-type cuirass-account))))) -(define* (cuirass-service #:key (config (cuirass-configuration))) - "Return a service that runs cuirass according to CONFIG." - (service cuirass-service-type config)) -- cgit v1.2.3 From 3b9b12ef49d0b6d7a8887513acb9e9a1a8325148 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Tue, 13 Dec 2016 20:44:31 +0100 Subject: services: nginx: Rename "vhost" to "server". MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/web.scm (): Rename to... (): ... this. * doc/guix.texi (Web Services): Adjust accordingly. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 20 +++++++++--------- gnu/services/web.scm | 60 ++++++++++++++++++++++++++-------------------------- 2 files changed, 40 insertions(+), 40 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 8c65f44dac..fde9601e82 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11827,7 +11827,7 @@ The @code{(gnu services web)} module provides the following service: @deffn {Scheme Procedure} nginx-service [#:nginx nginx] @ [#:log-directory ``/var/log/nginx''] @ [#:run-directory ``/var/run/nginx''] @ - [#:vhost-list (list (nginx-vhost-configuration))] @ + [#:server-list (list (nginx-server-configuration))] @ [#:config-file] Return a service that runs @var{nginx}, the nginx web server. @@ -11838,32 +11838,32 @@ files are written to @var{run-directory}. For proper operation, these arguments should match what is in @var{config-file} to ensure that the directories are created when the service is activated. -As an alternative to using a @var{config-file}, @var{vhost-list} can be -used to specify the list of @dfn{virtual hosts} required on the host. For +As an alternative to using a @var{config-file}, @var{server-list} can be +used to specify the list of @dfn{server blocks} required on the host. For this to work, use the default value for @var{config-file}. @end deffn -@deftp {Data Type} nginx-vhost-configuration -Data type representing the configuration of an nginx virtual host. +@deftp {Data Type} nginx-server-configuration +Data type representing the configuration of an nginx server block. This type has the following parameters: @table @asis @item @code{http-port} (default: @code{80}) Nginx will listen for HTTP connection on this port. Set it at @code{#f} if nginx should not listen for HTTP (non secure) connection for this -@dfn{virtual host}. +@dfn{server block}. @item @code{https-port} (default: @code{443}) Nginx will listen for HTTPS connection on this port. Set it at @code{#f} if -nginx should not listen for HTTPS (secure) connection for this @dfn{virtual host}. +nginx should not listen for HTTPS (secure) connection for this @dfn{server block}. Note that nginx can listen for HTTP and HTTPS connections in the same -@dfn{virtual host}. +@dfn{server block}. @item @code{server-name} (default: @code{(list 'default)}) -A list of server names this vhost represents. @code{'default} represents the -default vhost for connections matching no other vhost. +A list of server names this server represents. @code{'default} represents the +default server for connections matching no other server. @item @code{root} (default: @code{"/srv/http"}) Root of the website nginx will serve. diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 8f6e5bf6b7..12a146d8b0 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -30,8 +30,8 @@ #:use-module (ice-9 match) #:export (nginx-configuration nginx-configuration? - nginx-vhost-configuration - nginx-vhost-configuration? + nginx-server-configuration + nginx-server-configuration? nginx-service nginx-service-type)) @@ -41,24 +41,24 @@ ;;; ;;; Code: -(define-record-type* - nginx-vhost-configuration make-nginx-vhost-configuration - nginx-vhost-configuration? - (http-port nginx-vhost-configuration-http-port +(define-record-type* + nginx-server-configuration make-nginx-server-configuration + nginx-server-configuration? + (http-port nginx-server-configuration-http-port (default 80)) - (https-port nginx-vhost-configuration-https-port + (https-port nginx-server-configuration-https-port (default 443)) - (server-name nginx-vhost-configuration-server-name + (server-name nginx-server-configuration-server-name (default (list 'default))) - (root nginx-vhost-configuration-root + (root nginx-server-configuration-root (default "/srv/http")) - (index nginx-vhost-configuration-index + (index nginx-server-configuration-index (default (list "index.html"))) - (ssl-certificate nginx-vhost-configuration-ssl-certificate + (ssl-certificate nginx-server-configuration-ssl-certificate (default "/etc/nginx/cert.pem")) - (ssl-certificate-key nginx-vhost-configuration-ssl-certificate-key + (ssl-certificate-key nginx-server-configuration-ssl-certificate-key (default "/etc/nginx/key.pem")) - (server-tokens? nginx-vhost-configuration-server-tokens? + (server-tokens? nginx-server-configuration-server-tokens? (default #f))) (define-record-type* @@ -86,37 +86,37 @@ of index files." ((? string? str) str)) names))) -(define (default-nginx-vhost-config vhost) +(define (default-nginx-server-config server) (string-append " server {\n" - (if (nginx-vhost-configuration-http-port vhost) + (if (nginx-server-configuration-http-port server) (string-append " listen " - (number->string (nginx-vhost-configuration-http-port vhost)) + (number->string (nginx-server-configuration-http-port server)) ";\n") "") - (if (nginx-vhost-configuration-https-port vhost) + (if (nginx-server-configuration-https-port server) (string-append " listen " - (number->string (nginx-vhost-configuration-https-port vhost)) + (number->string (nginx-server-configuration-https-port server)) " ssl;\n") "") " server_name " (config-domain-strings - (nginx-vhost-configuration-server-name vhost)) + (nginx-server-configuration-server-name server)) ";\n" - (if (nginx-vhost-configuration-ssl-certificate vhost) + (if (nginx-server-configuration-ssl-certificate server) (string-append " ssl_certificate " - (nginx-vhost-configuration-ssl-certificate vhost) ";\n") + (nginx-server-configuration-ssl-certificate server) ";\n") "") - (if (nginx-vhost-configuration-ssl-certificate-key vhost) + (if (nginx-server-configuration-ssl-certificate-key server) (string-append " ssl_certificate_key " - (nginx-vhost-configuration-ssl-certificate-key vhost) ";\n") + (nginx-server-configuration-ssl-certificate-key server) ";\n") "") - " root " (nginx-vhost-configuration-root vhost) ";\n" - " index " (config-index-strings (nginx-vhost-configuration-index vhost)) ";\n" - " server_tokens " (if (nginx-vhost-configuration-server-tokens? vhost) + " root " (nginx-server-configuration-root server) ";\n" + " index " (config-index-strings (nginx-server-configuration-index server)) ";\n" + " server_tokens " (if (nginx-server-configuration-server-tokens? server) "on" "off") ";\n" " }\n")) -(define (default-nginx-config log-directory run-directory vhost-list) +(define (default-nginx-config log-directory run-directory server-list) (plain-file "nginx.conf" (string-append "user nginx nginx;\n" @@ -129,7 +129,7 @@ of index files." " uwsgi_temp_path " run-directory "/uwsgi_temp;\n" " scgi_temp_path " run-directory "/scgi_temp;\n" " access_log " log-directory "/access.log;\n" - (let ((http (map default-nginx-vhost-config vhost-list))) + (let ((http (map default-nginx-server-config server-list))) (do ((http http (cdr http)) (block "" (string-append (car http) "\n" block ))) ((null? http) block))) @@ -197,9 +197,9 @@ of index files." (define* (nginx-service #:key (nginx nginx) (log-directory "/var/log/nginx") (run-directory "/var/run/nginx") - (vhost-list (list (nginx-vhost-configuration))) + (server-list (list (nginx-server-configuration))) (config-file - (default-nginx-config log-directory run-directory vhost-list))) + (default-nginx-config log-directory run-directory server-list))) "Return a service that runs NGINX, the nginx web server. The nginx daemon loads its runtime configuration from CONFIG-FILE, stores log -- cgit v1.2.3 From 4e9ae301ce759f9cf9a09f47dc521d0bc8409f6c Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Tue, 13 Dec 2016 20:48:16 +0100 Subject: services: nginx: Fix multiple index and server name. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/web.scm (config-domain-strings, config-index-string): separate names with a space. Signed-off-by: Ludovic Courtès --- gnu/services/web.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 12a146d8b0..a36352225e 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -74,8 +74,8 @@ of domain names." (string-join (map (match-lambda - ('default "_") - ((? string? str) str)) + ('default "_ ") + ((? string? str) (string-append str " "))) names))) (define (config-index-strings names) @@ -83,7 +83,7 @@ of domain names." of index files." (string-join (map (match-lambda - ((? string? str) str)) + ((? string? str) (string-append str " "))) names))) (define (default-nginx-server-config server) -- cgit v1.2.3 From d338237d8c2408e0cd13ecfeb303e327ff7e3d9b Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Tue, 13 Dec 2016 21:00:53 +0100 Subject: services: nginx: Make service extensible. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/web.scm ()[server-blocks]: New field. (nginx-activation): When CONFIG-FILE is #f, use 'default-nginx-config'. (nginx-shepherd-service): Likewise. (nginx-service-type): Add 'compose' and 'extend' fields. (nginx-service): Change default value of #:server-list to '(), and default value of #:config-file to #f. * doc/guix.texi (Web Services): Document it. Co-authored-by: Ludovic Courtès --- doc/guix.texi | 18 ++++++++++++++++-- gnu/services/web.scm | 34 ++++++++++++++++++++++++++-------- 2 files changed, 42 insertions(+), 10 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index fde9601e82..74f1e77e28 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11827,8 +11827,8 @@ The @code{(gnu services web)} module provides the following service: @deffn {Scheme Procedure} nginx-service [#:nginx nginx] @ [#:log-directory ``/var/log/nginx''] @ [#:run-directory ``/var/run/nginx''] @ - [#:server-list (list (nginx-server-configuration))] @ - [#:config-file] + [#:server-list '()] @ + [#:config-file @code{#f}] Return a service that runs @var{nginx}, the nginx web server. @@ -11844,6 +11844,20 @@ this to work, use the default value for @var{config-file}. @end deffn +@deffn {Scheme Variable} nginx-service-type +This is type for the nginx web server. + +This service can be extended to add server blocks in addition to the +default one, as in this example: + +@example +(simple-service 'my-extra-server nginx-service-type + (list (nginx-server-configuration + (https-port #f) + (root "/srv/http/extra-website")))) +@end example +@end deffn + @deftp {Data Type} nginx-server-configuration Data type representing the configuration of an nginx server block. This type has the following parameters: diff --git a/gnu/services/web.scm b/gnu/services/web.scm index a36352225e..db895405a2 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -27,6 +27,7 @@ #:use-module (gnu packages web) #:use-module (guix records) #:use-module (guix gexp) + #:use-module (srfi srfi-1) #:use-module (ice-9 match) #:export (nginx-configuration nginx-configuration? @@ -67,6 +68,7 @@ (nginx nginx-configuration-nginx) ; (log-directory nginx-configuration-log-directory) ;string (run-directory nginx-configuration-run-directory) ;string + (server-blocks nginx-configuration-server-blocks) ;list (file nginx-configuration-file)) ;string | file-like (define (config-domain-strings names) @@ -148,7 +150,8 @@ of index files." (define nginx-activation (match-lambda - (($ nginx log-directory run-directory config-file) + (($ nginx log-directory run-directory server-blocks + config-file) #~(begin (use-modules (guix build utils)) @@ -164,17 +167,25 @@ of index files." (mkdir-p (string-append #$run-directory "/scgi_temp")) ;; Check configuration file syntax. (system* (string-append #$nginx "/sbin/nginx") - "-c" #$config-file "-t"))))) + "-c" #$(or config-file + (default-nginx-config log-directory + run-directory server-blocks)) + "-t"))))) (define nginx-shepherd-service (match-lambda - (($ nginx log-directory run-directory config-file) + (($ nginx log-directory run-directory server-blocks + config-file) (let* ((nginx-binary (file-append nginx "/sbin/nginx")) (nginx-action (lambda args #~(lambda _ (zero? - (system* #$nginx-binary "-c" #$config-file #$@args)))))) + (system* #$nginx-binary "-c" + #$(or config-file + (default-nginx-config log-directory + run-directory server-blocks)) + #$@args)))))) ;; TODO: Add 'reload' action. (list (shepherd-service @@ -192,14 +203,20 @@ of index files." (service-extension activation-service-type nginx-activation) (service-extension account-service-type - (const %nginx-accounts)))))) + (const %nginx-accounts)))) + (compose concatenate) + (extend (lambda (config servers) + (nginx-configuration + (inherit config) + (server-blocks + (append (nginx-configuration-server-blocks config) + servers))))))) (define* (nginx-service #:key (nginx nginx) (log-directory "/var/log/nginx") (run-directory "/var/run/nginx") - (server-list (list (nginx-server-configuration))) - (config-file - (default-nginx-config log-directory run-directory server-list))) + (server-list '()) + (config-file #f)) "Return a service that runs NGINX, the nginx web server. The nginx daemon loads its runtime configuration from CONFIG-FILE, stores log @@ -209,4 +226,5 @@ files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY." (nginx nginx) (log-directory log-directory) (run-directory run-directory) + (server-blocks server-list) (file config-file)))) -- cgit v1.2.3 From 78cef99b9812f1bb43708f84d316d286a1599bdf Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Sun, 8 Jan 2017 20:08:14 +0100 Subject: gnu: Add Prosody service. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/messaging.scm: New file. * gnu/services/configuration.scm: New exported procedures. * gnu/local.mk (GNU_SYSTEM_MODULES): Add gnu/services/messaging.scm. * doc/guix.texi (Messaging Services): New section. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 393 +++++++++++++++++++++- gnu/local.mk | 1 + gnu/services/configuration.scm | 3 + gnu/services/messaging.scm | 726 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 1122 insertions(+), 1 deletion(-) create mode 100644 gnu/services/messaging.scm (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index e52382e976..d46a7743d0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29,7 +29,8 @@ Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016 ng0@* Copyright @copyright{} 2016 Jan Nieuwenhuizen@* Copyright @copyright{} 2016 Julien Lepiller@* -Copyright @copyright{} 2016 Alex ter Weele +Copyright @copyright{} 2016 Alex ter Weele@* +Copyright @copyright{} 2017 Clément Lassieur Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -204,6 +205,7 @@ Services * Desktop Services:: D-Bus and desktop services. * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. +* Messaging Services:: Messaging services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. * Network File System:: NFS related services. @@ -8110,6 +8112,7 @@ declaration. * Desktop Services:: D-Bus and desktop services. * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. +* Messaging Services:: Messaging services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. * Network File System:: NFS related services. @@ -11724,6 +11727,394 @@ remote servers. Run @command{man smtpd.conf} for more information. @end table @end deftp +@node Messaging Services +@subsubsection Messaging Services + +@cindex messaging +@cindex jabber +@cindex XMPP +The @code{(gnu services messaging)} module provides Guix service +definitions for messaging services: currently only Prosody is supported. + +@subsubheading Prosody Service + +@deffn {Scheme Variable} prosody-service-type +This is the type for the @uref{http://prosody.im, Prosody XMPP +communication server}. Its value must be a @code{prosody-configuration} +record as in this example: + +@example +(service prosody-service-type + (prosody-configuration + (modules-enabled (cons "groups" %default-modules-enabled)) + (int-components + (list + (int-component-configuration + (hostname "conference.example.net") + (plugin "muc") + (mod-muc (mod-muc-configuration))))) + (virtualhosts + (list + (virtualhost-configuration + (domain "example.net")))))) +@end example + +See below for details about @code{prosody-configuration}. + +@end deffn + +By default, Prosody does not need much configuration. Only one +@code{virtualhosts} field is needed: it specifies the domain you wish +Prosody to serve. + +Prosodyctl will help you generate X.509 certificates and keys: + +@example +prosodyctl cert request example.net +@end example + +The available configuration parameters follow. Each parameter +definition is preceded by its type; for example, @samp{string-list foo} +indicates that the @code{foo} parameter should be specified as a list of +strings. Types starting with @code{maybe-} denote parameters that won't +show up in @code{prosody.cfg.lua} when their value is @code{'disabled}. + +There is also a way to specify the configuration as a string, if you +have an old @code{prosody.cfg.lua} file that you want to port over from +some other system; see the end for more details. + +@c The following documentation was initially generated by +@c (generate-documentation) in (gnu services messaging). Manually maintained +@c documentation is better, so we shouldn't hesitate to edit below as +@c needed. However if the change you want to make to this documentation +@c can be done in an automated way, it's probably easier to change +@c (generate-documentation) than to make it below and have to deal with +@c the churn as Prosody updates. + +Available @code{prosody-configuration} fields are: + +@deftypevr {@code{prosody-configuration} parameter} package prosody +The Prosody package. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} file-name data-path +Location of the Prosody data storage directory. See +@url{http://prosody.im/doc/configure}. +Defaults to @samp{"/var/lib/prosody"}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} file-name-list plugin-paths +Additional plugin directories. They are searched in all the specified +paths in order. See @url{http://prosody.im/doc/plugins_directory}. +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string-list admins +This is a list of accounts that are admins for the server. Note that you +must create the accounts separately. See @url{http://prosody.im/doc/admins} and +@url{http://prosody.im/doc/creating_accounts}. +Example: @code{(admins '("user1@@example.com" "user2@@example.net"))} +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} boolean use-libevent? +Enable use of libevent for better performance under high load. See +@url{http://prosody.im/doc/libevent}. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} module-list modules-enabled +This is the list of modules Prosody will load on startup. It looks for +@code{mod_modulename.lua} in the plugins folder, so make sure that exists too. +Documentation on modules can be found at: @url{http://prosody.im/doc/modules}. +Defaults to @samp{%default-modules-enabled}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string-list modules-disabled +@samp{"offline"}, @samp{"c2s"} and @samp{"s2s"} are auto-loaded, but +should you want to disable them then add them to this list. +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} file-name groups-file +Path to a text file where the shared groups are defined. If this path is +empty then @samp{mod_groups} does nothing. See +@url{http://prosody.im/doc/modules/mod_groups}. +Defaults to @samp{"/var/lib/prosody/sharedgroups.txt"}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} boolean allow-registration? +Disable account creation by default, for security. See +@url{http://prosody.im/doc/creating_accounts}. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} maybe-ssl-configuration ssl +These are the SSL/TLS-related settings. Most of them are disabled so to +use Prosody's defaults. If you do not completely understand these options, do +not add them to your config, it is easy to lower the security of your server +using them. See @url{http://prosody.im/doc/advanced_ssl_config}. + +Available @code{ssl-configuration} fields are: + +@deftypevr {@code{ssl-configuration} parameter} maybe-string protocol +This determines what handshake to use. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} file-name key +Path to your private key file, relative to @code{/etc/prosody}. +Defaults to @samp{"/etc/prosody/certs/key.pem"}. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} file-name certificate +Path to your certificate file, relative to @code{/etc/prosody}. +Defaults to @samp{"/etc/prosody/certs/cert.pem"}. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} file-name capath +Path to directory containing root certificates that you wish Prosody to +trust when verifying the certificates of remote servers. +Defaults to @samp{"/etc/ssl/certs"}. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-file-name cafile +Path to a file containing root certificates that you wish Prosody to trust. +Similar to @code{capath} but with all certificates concatenated together. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string-list verify +A list of verification options (these mostly map to OpenSSL's +@code{set_verify()} flags). +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string-list options +A list of general options relating to SSL/TLS. These map to OpenSSL's +@code{set_options()}. For a full list of options available in LuaSec, see the +LuaSec source. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-non-negative-integer depth +How long a chain of certificate authorities to check when looking for a +trusted root certificate. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string ciphers +An OpenSSL cipher string. This selects what ciphers Prosody will offer to +clients, and in what order. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-file-name dhparam +A path to a file containing parameters for Diffie-Hellman key exchange. You +can create such a file with: +@code{openssl dhparam -out /etc/prosody/certs/dh-2048.pem 2048} +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string curve +Curve for Elliptic curve Diffie-Hellman. Prosody's default is +@samp{"secp384r1"}. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string-list verifyext +A list of "extra" verification options. +@end deftypevr + +@deftypevr {@code{ssl-configuration} parameter} maybe-string password +Password for encrypted private keys. +@end deftypevr + +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} boolean c2s-require-encryption? +Whether to force all client-to-server connections to be encrypted or not. +See @url{http://prosody.im/doc/modules/mod_tls}. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption? +Whether to force all server-to-server connections to be encrypted or not. +See @url{http://prosody.im/doc/modules/mod_tls}. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} boolean s2s-secure-auth? +Whether to require encryption and certificate authentication. This +provides ideal security, but requires servers you communicate with to support +encryption AND present valid, trusted certificates. See +@url{http://prosody.im/doc/s2s#security}. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string-list s2s-insecure-domains +Many servers don't support encryption or have invalid or self-signed +certificates. You can list domains here that will not be required to +authenticate using certificates. They will be authenticated using DNS. See +@url{http://prosody.im/doc/s2s#security}. +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string-list s2s-secure-domains +Even if you leave @code{s2s-secure-auth?} disabled, you can still require +valid certificates for some domains by specifying a list here. See +@url{http://prosody.im/doc/s2s#security}. +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string authentication +Select the authentication backend to use. The default provider stores +passwords in plaintext and uses Prosody's configured data storage to store the +authentication data. If you do not trust your server please see +@url{http://prosody.im/doc/modules/mod_auth_internal_hashed} for information +about using the hashed backend. See also +@url{http://prosody.im/doc/authentication} +Defaults to @samp{"internal_plain"}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} maybe-string log +Set logging options. Advanced logging configuration is not yet supported +by the GuixSD Prosody Service. See @url{http://prosody.im/doc/logging}. +Defaults to @samp{"*syslog"}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} file-name pidfile +File to write pid in. See @url{http://prosody.im/doc/modules/mod_posix}. +Defaults to @samp{"/var/run/prosody/prosody.pid"}. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} virtualhost-configuration-list virtualhosts +A host in Prosody is a domain on which user accounts can be created. For +example if you want your users to have addresses like +@samp{"john.smith@@example.com"} then you need to add a host +@samp{"example.com"}. All options in this list will apply only to this host. + +Note: the name "virtual" host is used in configuration to avoid confusion with +the actual physical host that Prosody is installed on. A single Prosody +instance can serve many domains, each one defined as a VirtualHost entry in +Prosody's configuration. Conversely a server that hosts a single domain would +have just one VirtualHost entry. + +See @url{http://prosody.im/doc/configure#virtual_host_settings}. + +Available @code{virtualhost-configuration} fields are: + +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus: +@deftypevr {@code{virtualhost-configuration} parameter} string domain +Domain you wish Prosody to serve. +@end deftypevr + +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} int-component-configuration-list int-components +Components are extra services on a server which are available to clients, +usually on a subdomain of the main server (such as +@samp{"mycomponent.example.com"}). Example components might be chatroom +servers, user directories, or gateways to other protocols. + +Internal components are implemented with Prosody-specific plugins. To add an +internal component, you simply fill the hostname field, and the plugin you wish +to use for the component. + +See @url{http://prosody.im/doc/components}. +Defaults to @samp{()}. + +Available @code{int-component-configuration} fields are: + +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus: +@deftypevr {@code{int-component-configuration} parameter} string hostname +Hostname of the component. +@end deftypevr + +@deftypevr {@code{int-component-configuration} parameter} string plugin +Plugin you wish to use for the component. +@end deftypevr + +@deftypevr {@code{int-component-configuration} parameter} maybe-mod-muc-configuration mod-muc +Multi-user chat (MUC) is Prosody's module for allowing you to create +hosted chatrooms/conferences for XMPP users. + +General information on setting up and using multi-user chatrooms can be found +in the "Chatrooms" documentation (@url{http://prosody.im/doc/chatrooms}), +which you should read if you are new to XMPP chatrooms. + +See also @url{http://prosody.im/doc/modules/mod_muc}. + +Available @code{mod-muc-configuration} fields are: + +@deftypevr {@code{mod-muc-configuration} parameter} string name +The name to return in service discovery responses. +Defaults to @samp{"Prosody Chatrooms"}. +@end deftypevr + +@deftypevr {@code{mod-muc-configuration} parameter} string-or-boolean restrict-room-creation +If @samp{#t}, this will only allow admins to create new chatrooms. +Otherwise anyone can create a room. The value @samp{"local"} restricts room +creation to users on the service's parent domain. E.g. @samp{user@@example.com} +can create rooms on @samp{rooms.example.com}. The value @samp{"admin"} +restricts to service administrators only. +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{mod-muc-configuration} parameter} non-negative-integer max-history-messages +Maximum number of history messages that will be sent to the member that has +just joined the room. +Defaults to @samp{20}. +@end deftypevr + +@end deftypevr + +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} ext-component-configuration-list ext-components +External components use XEP-0114, which most standalone components +support. To add an external component, you simply fill the hostname field. See +@url{http://prosody.im/doc/components}. +Defaults to @samp{()}. + +Available @code{ext-component-configuration} fields are: + +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus: +@deftypevr {@code{ext-component-configuration} parameter} string component-secret +Password which the component will use to log in. +@end deftypevr + +@deftypevr {@code{ext-component-configuration} parameter} string hostname +Hostname of the component. +@end deftypevr + +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} non-negative-integer-list component-ports +Port(s) Prosody listens on for component connections. +@end deftypevr + +@deftypevr {@code{prosody-configuration} parameter} string component-interface +Interface Prosody listens on for component connections. +Defaults to @samp{"127.0.0.1"}. +@end deftypevr + +It could be that you just want to get a @code{prosody.cfg.lua} +up and running. In that case, you can pass an +@code{opaque-prosody-configuration} record as the value of +@code{prosody-service-type}. As its name indicates, an opaque configuration +does not have easy reflective capabilities. +Available @code{opaque-prosody-configuration} fields are: + +@deftypevr {@code{opaque-prosody-configuration} parameter} package prosody +The prosody package. +@end deftypevr + +@deftypevr {@code{opaque-prosody-configuration} parameter} string prosody.cfg.lua +The contents of the @code{prosody.cfg.lua} to use. +@end deftypevr + +For example, if your @code{prosody.cfg.lua} is just the empty +string, you could instantiate a prosody service like this: + +@example +(service prosody-service-type + (opaque-prosody-configuration + (prosody.cfg.lua ""))) +@end example + @node Kerberos Services @subsubsection Kerberos Services @cindex Kerberos diff --git a/gnu/local.mk b/gnu/local.mk index 49d9554910..cc42a122de 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -414,6 +414,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/lirc.scm \ %D%/services/mail.scm \ %D%/services/mcron.scm \ + %D%/services/messaging.scm \ %D%/services/networking.scm \ %D%/services/nfs.scm \ %D%/services/shepherd.scm \ diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm index 94c5f21557..a98db64fa5 100644 --- a/gnu/services/configuration.scm +++ b/gnu/services/configuration.scm @@ -28,10 +28,13 @@ #:use-module (srfi srfi-35) #:export (configuration-field configuration-field-name + configuration-field-type configuration-missing-field configuration-field-error configuration-field-serializer configuration-field-getter + configuration-field-default-value-thunk + configuration-field-documentation serialize-configuration define-configuration validate-configuration diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm new file mode 100644 index 0000000000..0b5aa1fae8 --- /dev/null +++ b/gnu/services/messaging.scm @@ -0,0 +1,726 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Clément Lassieur +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services messaging) + #:use-module (gnu packages messaging) + #:use-module (gnu packages admin) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu services configuration) + #:use-module (gnu system shadow) + #:use-module (guix gexp) + #:use-module (guix records) + #:use-module (guix packages) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-35) + #:use-module (ice-9 match) + #:export (prosody-service-type + prosody-configuration + opaque-prosody-configuration + + virtualhost-configuration + int-component-configuration + ext-component-configuration + + mod-muc-configuration + ssl-configuration + + %default-modules-enabled)) + +;;; Commentary: +;;; +;;; Messaging services. +;;; +;;; Code: + +(define (id ctx . parts) + (datum->syntax ctx (apply symbol-append (map syntax->datum parts)))) + +(define-syntax define-maybe + (lambda (x) + (syntax-case x () + ((_ stem) + (with-syntax + ((stem? (id #'stem #'stem #'?)) + (maybe-stem? (id #'stem #'maybe- #'stem #'?)) + (serialize-stem (id #'stem #'serialize- #'stem)) + (serialize-maybe-stem (id #'stem #'serialize-maybe- #'stem))) + #'(begin + (define (maybe-stem? val) + (or (eq? val 'disabled) (stem? val))) + (define (serialize-maybe-stem field-name val) + (when (stem? val) (serialize-stem field-name val))))))))) + +(define-syntax define-all-configurations + (lambda (stx) + (define (make-pred arg) + (lambda (field target) + (and (memq (syntax->datum target) `(common ,arg)) field))) + (syntax-case stx () + ((_ stem (field (field-type def) doc target) ...) + (with-syntax (((new-field-type ...) + (map (lambda (field-type target) + (if (and (eq? 'common (syntax->datum target)) + (not (string-prefix? + "maybe-" + (symbol->string + (syntax->datum field-type))))) + (id #'stem #'maybe- field-type) field-type)) + #'(field-type ...) #'(target ...))) + ((new-def ...) + (map (lambda (def target) + (if (eq? 'common (syntax->datum target)) + #''disabled def)) + #'(def ...) #'(target ...))) + ((new-doc ...) + (map (lambda (doc target) + (if (eq? 'common (syntax->datum target)) + "" doc)) + #'(doc ...) #'(target ...)))) + #`(begin + (define common-fields + '(#,@(filter-map (make-pred #f) #'(field ...) #'(target ...)))) + (define-configuration prosody-configuration + #,@(filter-map (make-pred 'global) + #'((field (field-type def) doc) ...) + #'(target ...))) + (define-configuration virtualhost-configuration + #,@(filter-map (make-pred 'virtualhost) + #'((field (new-field-type new-def) new-doc) ...) + #'(target ...))) + (define-configuration int-component-configuration + #,@(filter-map (make-pred 'int-component) + #'((field (new-field-type new-def) new-doc) ...) + #'(target ...))) + (define-configuration ext-component-configuration + #,@(filter-map (make-pred 'ext-component) + #'((field (new-field-type new-def) new-doc) ...) + #'(target ...))))))))) + +(define (uglify-field-name field-name) + (let ((str (symbol->string field-name))) + (string-join (string-split (if (string-suffix? "?" str) + (substring str 0 (1- (string-length str))) + str) + #\-) + "_"))) + +(define (serialize-field field-name val) + (format #t "~a = ~a;\n" (uglify-field-name field-name) val)) +(define (serialize-field-list field-name val) + (serialize-field field-name + (with-output-to-string + (lambda () + (format #t "{\n") + (for-each (lambda (x) + (format #t "~a;\n" x)) + val) + (format #t "}"))))) + +(define (serialize-boolean field-name val) + (serialize-field field-name (if val "true" "false"))) +(define-maybe boolean) + +(define (string-or-boolean? val) + (or (string? val) (boolean? val))) +(define (serialize-string-or-boolean field-name val) + (if (string? val) + (serialize-string field-name val) + (serialize-boolean field-name val))) + +(define (non-negative-integer? val) + (and (exact-integer? val) (not (negative? val)))) +(define (serialize-non-negative-integer field-name val) + (serialize-field field-name val)) +(define-maybe non-negative-integer) + +(define (non-negative-integer-list? val) + (and (list? val) (and-map non-negative-integer? val))) +(define (serialize-non-negative-integer-list field-name val) + (serialize-field-list field-name val)) +(define-maybe non-negative-integer-list) + +(define (enclose-quotes s) + (format #f "\"~a\"" s)) +(define (serialize-string field-name val) + (serialize-field field-name (enclose-quotes val))) +(define-maybe string) + +(define (string-list? val) + (and (list? val) + (and-map (lambda (x) + (and (string? x) (not (string-index x #\,)))) + val))) +(define (serialize-string-list field-name val) + (serialize-field-list field-name (map enclose-quotes val))) +(define-maybe string-list) + +(define (module-list? val) + (string-list? val)) +(define (serialize-module-list field-name val) + (serialize-string-list field-name (cons "posix" val))) +(define-maybe module-list) + +(define (file-name? val) + (and (string? val) + (string-prefix? "/" val))) +(define (serialize-file-name field-name val) + (serialize-string field-name val)) +(define-maybe file-name) + +(define (file-name-list? val) + (and (list? val) (and-map file-name? val))) +(define (serialize-file-name-list field-name val) + (serialize-string-list field-name val)) +(define-maybe file-name) + +(define-configuration mod-muc-configuration + (name + (string "Prosody Chatrooms") + "The name to return in service discovery responses.") + + (restrict-room-creation + (string-or-boolean #f) + "If @samp{#t}, this will only allow admins to create new chatrooms. +Otherwise anyone can create a room. The value @samp{\"local\"} restricts room +creation to users on the service's parent domain. E.g. @samp{user@@example.com} +can create rooms on @samp{rooms.example.com}. The value @samp{\"admin\"} +restricts to service administrators only.") + + (max-history-messages + (non-negative-integer 20) + "Maximum number of history messages that will be sent to the member that has +just joined the room.")) +(define (serialize-mod-muc-configuration field-name val) + (serialize-configuration val mod-muc-configuration-fields)) +(define-maybe mod-muc-configuration) + +(define-configuration ssl-configuration + (protocol + (maybe-string 'disabled) + "This determines what handshake to use.") + + (key + (file-name "/etc/prosody/certs/key.pem") + "Path to your private key file, relative to @code{/etc/prosody}.") + + (certificate + (file-name "/etc/prosody/certs/cert.pem") + "Path to your certificate file, relative to @code{/etc/prosody}.") + + (capath + (file-name "/etc/ssl/certs") + "Path to directory containing root certificates that you wish Prosody to +trust when verifying the certificates of remote servers.") + + (cafile + (maybe-file-name 'disabled) + "Path to a file containing root certificates that you wish Prosody to trust. +Similar to @code{capath} but with all certificates concatenated together.") + + (verify + (maybe-string-list 'disabled) + "A list of verification options (these mostly map to OpenSSL's +@code{set_verify()} flags).") + + (options + (maybe-string-list 'disabled) + "A list of general options relating to SSL/TLS. These map to OpenSSL's +@code{set_options()}. For a full list of options available in LuaSec, see the +LuaSec source.") + + (depth + (maybe-non-negative-integer 'disabled) + "How long a chain of certificate authorities to check when looking for a +trusted root certificate.") + + (ciphers + (maybe-string 'disabled) + "An OpenSSL cipher string. This selects what ciphers Prosody will offer to +clients, and in what order.") + + (dhparam + (maybe-file-name 'disabled) + "A path to a file containing parameters for Diffie-Hellman key exchange. You +can create such a file with: +@code{openssl dhparam -out /etc/prosody/certs/dh-2048.pem 2048}") + + (curve + (maybe-string 'disabled) + "Curve for Elliptic curve Diffie-Hellman. Prosody's default is +@samp{\"secp384r1\"}.") + + (verifyext + (maybe-string-list 'disabled) + "A list of \"extra\" verification options.") + + (password + (maybe-string 'disabled) + "Password for encrypted private keys.")) +(define (serialize-ssl-configuration field-name val) + (format #t "ssl = {\n") + (serialize-configuration val ssl-configuration-fields) + (format #t "};\n")) +(define-maybe ssl-configuration) + +(define %default-modules-enabled + '("roster" + "saslauth" + "tls" + "dialback" + "disco" + "private" + "vcard" + "version" + "uptime" + "time" + "ping" + "pep" + "register" + "admin_adhoc")) + +;; Guile bug. Use begin wrapper, because otherwise virtualhost-configuration +;; is assumed to be a function. See +;; https://www.gnu.org/software/guile/manual/html_node/R6RS-Incompatibilities.html +(begin + (define (virtualhost-configuration-list? val) + (and (list? val) (and-map virtualhost-configuration? val))) + (define (serialize-virtualhost-configuration-list l) + (for-each + (lambda (val) (serialize-virtualhost-configuration val)) l)) + + (define (int-component-configuration-list? val) + (and (list? val) (and-map int-component-configuration? val))) + (define (serialize-int-component-configuration-list l) + (for-each + (lambda (val) (serialize-int-component-configuration val)) l)) + + (define (ext-component-configuration-list? val) + (and (list? val) (and-map ext-component-configuration? val))) + (define (serialize-ext-component-configuration-list l) + (for-each + (lambda (val) (serialize-ext-component-configuration val)) l)) + + (define-all-configurations prosody-configuration + (prosody + (package prosody) + "The Prosody package." + global) + + (data-path + (file-name "/var/lib/prosody") + "Location of the Prosody data storage directory. See +@url{http://prosody.im/doc/configure}." + global) + + (plugin-paths + (file-name-list '()) + "Additional plugin directories. They are searched in all the specified +paths in order. See @url{http://prosody.im/doc/plugins_directory}." + global) + + (admins + (string-list '()) + "This is a list of accounts that are admins for the server. Note that you +must create the accounts separately. See @url{http://prosody.im/doc/admins} and +@url{http://prosody.im/doc/creating_accounts}. +Example: @code{(admins '(\"user1@@example.com\" \"user2@@example.net\"))}" + common) + + (use-libevent? + (boolean #f) + "Enable use of libevent for better performance under high load. See +@url{http://prosody.im/doc/libevent}." + common) + + (modules-enabled + (module-list %default-modules-enabled) + "This is the list of modules Prosody will load on startup. It looks for +@code{mod_modulename.lua} in the plugins folder, so make sure that exists too. +Documentation on modules can be found at: @url{http://prosody.im/doc/modules}. +Defaults to @samp{%default-modules-enabled}." + common) + + (modules-disabled + (string-list '()) + "@samp{\"offline\"}, @samp{\"c2s\"} and @samp{\"s2s\"} are auto-loaded, but +should you want to disable them then add them to this list." + common) + + (groups-file + (file-name "/var/lib/prosody/sharedgroups.txt") + "Path to a text file where the shared groups are defined. If this path is +empty then @samp{mod_groups} does nothing. See +@url{http://prosody.im/doc/modules/mod_groups}." + common) + + (allow-registration? + (boolean #f) + "Disable account creation by default, for security. See +@url{http://prosody.im/doc/creating_accounts}." + common) + + (ssl + (maybe-ssl-configuration (ssl-configuration)) + "These are the SSL/TLS-related settings. Most of them are disabled so to +use Prosody's defaults. If you do not completely understand these options, do +not add them to your config, it is easy to lower the security of your server +using them. See @url{http://prosody.im/doc/advanced_ssl_config}." + common) + + (c2s-require-encryption? + (boolean #f) + "Whether to force all client-to-server connections to be encrypted or not. +See @url{http://prosody.im/doc/modules/mod_tls}." + common) + + (s2s-require-encryption? + (boolean #f) + "Whether to force all server-to-server connections to be encrypted or not. +See @url{http://prosody.im/doc/modules/mod_tls}." + common) + + (s2s-secure-auth? + (boolean #f) + "Whether to require encryption and certificate authentication. This +provides ideal security, but requires servers you communicate with to support +encryption AND present valid, trusted certificates. See +@url{http://prosody.im/doc/s2s#security}." + common) + + (s2s-insecure-domains + (string-list '()) + "Many servers don't support encryption or have invalid or self-signed +certificates. You can list domains here that will not be required to +authenticate using certificates. They will be authenticated using DNS. See +@url{http://prosody.im/doc/s2s#security}." + common) + + (s2s-secure-domains + (string-list '()) + "Even if you leave @code{s2s-secure-auth?} disabled, you can still require +valid certificates for some domains by specifying a list here. See +@url{http://prosody.im/doc/s2s#security}." + common) + + (authentication + (string "internal_plain") + "Select the authentication backend to use. The default provider stores +passwords in plaintext and uses Prosody's configured data storage to store the +authentication data. If you do not trust your server please see +@url{http://prosody.im/doc/modules/mod_auth_internal_hashed} for information +about using the hashed backend. See also +@url{http://prosody.im/doc/authentication}" + common) + + ;; TODO: Handle more complicated log structures. + (log + (maybe-string "*syslog") + "Set logging options. Advanced logging configuration is not yet supported +by the GuixSD Prosody Service. See @url{http://prosody.im/doc/logging}." + common) + + (pidfile + (file-name "/var/run/prosody/prosody.pid") + "File to write pid in. See @url{http://prosody.im/doc/modules/mod_posix}." + global) + + (virtualhosts + (virtualhost-configuration-list + (list (virtualhost-configuration + (domain "localhost")))) + "A host in Prosody is a domain on which user accounts can be created. For +example if you want your users to have addresses like +@samp{\"john.smith@@example.com\"} then you need to add a host +@samp{\"example.com\"}. All options in this list will apply only to this host. + +Note: the name \"virtual\" host is used in configuration to avoid confusion with +the actual physical host that Prosody is installed on. A single Prosody +instance can serve many domains, each one defined as a VirtualHost entry in +Prosody's configuration. Conversely a server that hosts a single domain would +have just one VirtualHost entry. + +See @url{http://prosody.im/doc/configure#virtual_host_settings}." + global) + + (int-components + (int-component-configuration-list '()) + "Components are extra services on a server which are available to clients, +usually on a subdomain of the main server (such as +@samp{\"mycomponent.example.com\"}). Example components might be chatroom +servers, user directories, or gateways to other protocols. + +Internal components are implemented with Prosody-specific plugins. To add an +internal component, you simply fill the hostname field, and the plugin you wish +to use for the component. + +See @url{http://prosody.im/doc/components}." + global) + + (ext-components + (ext-component-configuration-list '()) + "External components use XEP-0114, which most standalone components +support. To add an external component, you simply fill the hostname field. See +@url{http://prosody.im/doc/components}." + global) + + (component-secret + (string (configuration-missing-field 'ext-component 'component-secret)) + "Password which the component will use to log in." + ext-component) + + (component-ports + (non-negative-integer-list '(5347)) + "Port(s) Prosody listens on for component connections." + global) + + (component-interface + (string "127.0.0.1") + "Interface Prosody listens on for component connections." + global) + + (domain + (string (configuration-missing-field 'virtualhost 'domain)) + "Domain you wish Prosody to serve." + virtualhost) + + (hostname + (string (configuration-missing-field 'int-component 'hostname)) + "Hostname of the component." + int-component) + + (plugin + (string (configuration-missing-field 'int-component 'plugin)) + "Plugin you wish to use for the component." + int-component) + + (mod-muc + (maybe-mod-muc-configuration 'disabled) + "Multi-user chat (MUC) is Prosody's module for allowing you to create +hosted chatrooms/conferences for XMPP users. + +General information on setting up and using multi-user chatrooms can be found +in the \"Chatrooms\" documentation (@url{http://prosody.im/doc/chatrooms}), +which you should read if you are new to XMPP chatrooms. + +See also @url{http://prosody.im/doc/modules/mod_muc}." + int-component) + + (hostname + (string (configuration-missing-field 'ext-component 'hostname)) + "Hostname of the component." + ext-component))) + +;; Serialize Virtualhost line first. +(define (serialize-virtualhost-configuration config) + (define (rest? field) + (not (memq (configuration-field-name field) + '(domain)))) + (let ((domain (virtualhost-configuration-domain config)) + (rest (filter rest? virtualhost-configuration-fields))) + (format #t "VirtualHost \"~a\"\n" domain) + (serialize-configuration config rest))) + +;; Serialize Component line first. +(define (serialize-int-component-configuration config) + (define (rest? field) + (not (memq (configuration-field-name field) + '(hostname plugin)))) + (let ((hostname (int-component-configuration-hostname config)) + (plugin (int-component-configuration-plugin config)) + (rest (filter rest? int-component-configuration-fields))) + (format #t "Component \"~a\" \"~a\"\n" hostname plugin) + (serialize-configuration config rest))) + +;; Serialize Component line first. +(define (serialize-ext-component-configuration config) + (define (rest? field) + (not (memq (configuration-field-name field) + '(hostname)))) + (let ((hostname (ext-component-configuration-hostname config)) + (rest (filter rest? ext-component-configuration-fields))) + (format #t "Component \"~a\"\n" hostname) + (serialize-configuration config rest))) + +;; Serialize virtualhosts and components last. +(define (serialize-prosody-configuration config) + (define (rest? field) + (not (memq (configuration-field-name field) + '(virtualhosts int-components ext-components)))) + (let ((rest (filter rest? prosody-configuration-fields))) + (serialize-configuration config rest)) + (serialize-virtualhost-configuration-list + (prosody-configuration-virtualhosts config)) + (serialize-int-component-configuration-list + (prosody-configuration-int-components config)) + (serialize-ext-component-configuration-list + (prosody-configuration-ext-components config))) + +(define-configuration opaque-prosody-configuration + (prosody + (package prosody) + "The prosody package.") + + (prosody.cfg.lua + (string (configuration-missing-field 'opaque-prosody-configuration + 'prosody.cfg.lua)) + "The contents of the @code{prosody.cfg.lua} to use.")) + +(define (prosody-shepherd-service config) + "Return a for Prosody with CONFIG." + (let* ((prosody (if (opaque-prosody-configuration? config) + (opaque-prosody-configuration-prosody config) + (prosody-configuration-prosody config))) + (prosodyctl-bin (file-append prosody "/bin/prosodyctl")) + (prosodyctl-action (lambda args + #~(lambda _ + (zero? (system* #$prosodyctl-bin #$@args)))))) + (list (shepherd-service + (documentation "Run the Prosody XMPP server") + (provision '(prosody)) + (requirement '(networking syslogd user-processes)) + (start (prosodyctl-action "start")) + (stop (prosodyctl-action "stop")))))) + +(define %prosody-accounts + (list (user-group (name "prosody") (system? #t)) + (user-account + (name "prosody") + (group "prosody") + (system? #t) + (comment "Prosody daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define (prosody-activation config) + "Return the activation gexp for CONFIG." + (let* ((config-dir "/etc/prosody") + (default-certs-dir "/etc/prosody/certs") + (data-path (prosody-configuration-data-path config)) + (pidfile-dir (dirname (prosody-configuration-pidfile config))) + (config-str + (if (opaque-prosody-configuration? config) + (opaque-prosody-configuration-prosody.cfg.lua config) + (with-output-to-string + (lambda () + (serialize-prosody-configuration config))))) + (config-file (plain-file "prosody.cfg.lua" config-str))) + #~(begin + (define %user (getpw "prosody")) + + (mkdir-p #$config-dir) + (chown #$config-dir (passwd:uid %user) (passwd:gid %user)) + (copy-file #$config-file (string-append #$config-dir + "/prosody.cfg.lua")) + + (mkdir-p #$default-certs-dir) + (chown #$default-certs-dir (passwd:uid %user) (passwd:gid %user)) + (chmod #$default-certs-dir #o750) + + (mkdir-p #$data-path) + (chown #$data-path (passwd:uid %user) (passwd:gid %user)) + (chmod #$data-path #o750) + + (mkdir-p #$pidfile-dir) + (chown #$pidfile-dir (passwd:uid %user) (passwd:gid %user))))) + +(define prosody-service-type + (service-type (name 'prosody) + (extensions + (list (service-extension shepherd-root-service-type + prosody-shepherd-service) + (service-extension account-service-type + (const %prosody-accounts)) + (service-extension activation-service-type + prosody-activation))))) + +;; A little helper to make it easier to document all those fields. +(define (generate-documentation) + (define documentation + `((prosody-configuration + ,prosody-configuration-fields + (ssl ssl-configuration) + (virtualhosts virtualhost-configuration) + (int-components int-component-configuration) + (ext-components ext-component-configuration)) + (ssl-configuration ,ssl-configuration-fields) + (int-component-configuration ,int-component-configuration-fields + (mod-muc mod-muc-configuration)) + (ext-component-configuration ,ext-component-configuration-fields) + (mod-muc-configuration ,mod-muc-configuration-fields) + (virtualhost-configuration ,virtualhost-configuration-fields) + (opaque-prosody-configuration ,opaque-prosody-configuration-fields))) + (define (generate configuration-name) + (match (assq-ref documentation configuration-name) + ((fields . sub-documentation) + (format #t "\nAvailable @code{~a} fields are:\n\n" configuration-name) + (when (memq configuration-name + '(virtualhost-configuration + int-component-configuration + ext-component-configuration)) + (format #t "all these @code{prosody-configuration} fields: ~a, plus:\n" + (string-join (map (lambda (s) + (format #f "@code{~a}" s)) common-fields) + ", "))) + (for-each + (lambda (f) + (let ((field-name (configuration-field-name f)) + (field-type (configuration-field-type f)) + (field-docs (string-trim-both + (configuration-field-documentation f))) + (default (catch #t + (configuration-field-default-value-thunk f) + (lambda _ 'nope)))) + (define (escape-chars str chars escape) + (with-output-to-string + (lambda () + (string-for-each (lambda (c) + (when (char-set-contains? chars c) + (display escape)) + (display c)) + str)))) + (define (show-default? val) + (or (string? default) (number? default) (boolean? default) + (and (list? val) (and-map show-default? val)))) + (format #t "@deftypevr {@code{~a} parameter} ~a ~a\n~a\n" + configuration-name field-type field-name field-docs) + (when (show-default? default) + (format #t "Defaults to @samp{~a}.\n" + (escape-chars (format #f "~s" default) + (char-set #\@ #\{ #\}) + #\@))) + (for-each generate (or (assq-ref sub-documentation field-name) '())) + (format #t "@end deftypevr\n\n"))) + (filter (lambda (f) + (not (string=? "" (configuration-field-documentation f)))) + fields))))) + (generate 'prosody-configuration) + (format #t "It could be that you just want to get a @code{prosody.cfg.lua} +up and running. In that case, you can pass an +@code{opaque-prosody-configuration} record as the value of +@code{prosody-service-type}. As its name indicates, an opaque configuration +does not have easy reflective capabilities.") + (generate 'opaque-prosody-configuration) + (format #t "For example, if your @code{prosody.cfg.lua} is just the empty +string, you could instantiate a prosody service like this: + +@example +(service prosody-service-type + (opaque-prosody-configuration + (prosody.cfg.lua \"\"))) +@end example")) -- cgit v1.2.3 From 69323016d31547356c7322682943b22af4df74ed Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 11 Jan 2017 11:16:14 +0100 Subject: services: wicd: Create /var/run/wpa_supplicant. * gnu/services/networking.scm (%wicd-activation): Create /var/run/wpa_supplicant. --- gnu/services/networking.scm | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d672ecf687..ac011f1286 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 John Darrington @@ -633,7 +633,12 @@ configuration file." (let ((file-name "/etc/wicd/dhclient.conf.template.default")) (unless (file-exists? file-name) (copy-file (string-append #$wicd file-name) - file-name))))) + file-name))) + + ;; Wicd invokes 'wpa_supplicant', which needs this directory for its + ;; named socket files. + (mkdir-p "/var/run/wpa_supplicant") + (chmod "/var/run/wpa_supplicant" #o750))) (define (wicd-shepherd-service wicd) "Return a shepherd service for WICD." -- cgit v1.2.3 From 67cadaca4746f847fbbea5ef69f6cc65d1eb3acc Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Tue, 10 Jan 2017 07:24:01 +0000 Subject: services: Add 'redis-service-type'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/database.scm (): New record type. (%redis-accounts, redis-service-type): New variables. (default-redis.conf, redis-activation, redis-shepherd-service): New procedures. * doc/guix.texi (Database Services): Document the new redis service. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 24 ++++++++++++++ gnu/services/databases.scm | 81 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 104 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 086895996f..c495e39f42 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10331,6 +10331,30 @@ TCP port on which the database server listens for incoming connections. @end table @end deftp +@defvr {Scheme Variable} redis-service-type +This is the service type for the @uref{https://redis.io/, Redis} +key/value store, whose value is a @code{redis-configuration} object. +@end defvr + +@deftp {Data Type} redis-configuration +Data type representing the configuration of redis. + +@table @asis +@item @code{redis} (default: @code{redis}) +The Redis package to use. + +@item @code{bind} (default: @code{"127.0.0.1"}) +Network interface on which to listen. + +@item @code{port} (default: @code{6379}) +Port on which to accept connections on, a value of 0 will disable +listining on a TCP socket. + +@item @code{working-directory} (default: @code{"/var/lib/redis"}) +Directory in which to store the database and related files. +@end table +@end deftp + @node Mail Services @subsubsection Mail Services diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index d88c839f7d..3ecc8aff78 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2015 David Thompson ;;; Copyright © 2015, 2016 Ludovic Courtès ;;; Copyright © 2016 Leo Famulari +;;; Copyright © 2017 Christopher Baines ;;; ;;; This file is part of GNU Guix. ;;; @@ -35,7 +36,11 @@ mysql-service mysql-service-type mysql-configuration - mysql-configuration?)) + mysql-configuration? + + redis-configuration + redis-configuration? + redis-service-type)) ;;; Commentary: ;;; @@ -287,3 +292,77 @@ database server. The optional @var{config} argument specifies the configuration for @command{mysqld}, which should be a @code{} object." (service mysql-service-type config)) + + +;;; +;;; Redis +;;; + +(define-record-type* + redis-configuration make-redis-configuration + redis-configuration? + (redis redis-configuration-redis ; + (default redis)) + (bind redis-configuration-bind + (default "127.0.0.1")) + (port redis-configuration-port + (default 6379)) + (working-directory redis-configuration-working-directory + (default "/var/lib/redis")) + (config-file redis-configuration-config-file + (default #f))) + +(define (default-redis.conf bind port working-directory) + (mixed-text-file "redis.conf" + "bind " bind "\n" + "port " (number->string port) "\n" + "dir " working-directory "\n" + "daemonize no\n")) + +(define %redis-accounts + (list (user-group (name "redis") (system? #t)) + (user-account + (name "redis") + (group "redis") + (system? #t) + (comment "Redis server user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define redis-activation + (match-lambda + (($ redis bind port working-directory config-file) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) + + (let ((user (getpwnam "redis"))) + (mkdir-p #$working-directory) + (chown #$working-directory (passwd:uid user) (passwd:gid user))))))) + +(define redis-shepherd-service + (match-lambda + (($ redis bind port working-directory config-file) + (let ((config-file + (or config-file + (default-redis.conf bind port working-directory)))) + (list (shepherd-service + (provision '(redis)) + (documentation "Run the Redis daemon.") + (requirement '(user-processes syslogd)) + (start #~(make-forkexec-constructor + '(#$(file-append redis "/bin/redis-server") + #$config-file) + #:user "redis" + #:group "redis")) + (stop #~(make-kill-destructor)))))))) + +(define redis-service-type + (service-type (name 'redis) + (extensions + (list (service-extension shepherd-root-service-type + redis-shepherd-service) + (service-extension activation-service-type + redis-activation) + (service-extension account-service-type + (const %redis-accounts)))))) -- cgit v1.2.3