aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorLiliana Marie Prikler <liliana.prikler@gmail.com>2023-12-03 07:20:53 +0100
committerLiliana Marie Prikler <liliana.prikler@gmail.com>2023-12-03 07:20:53 +0100
commit4c323c2f8308bba0e3295f3109d159c7b8f72838 (patch)
tree7064e51dfec301c660cc97d83ffa041e011baadd /gnu/services
parent260b054aeaa0739bed1637742b6094c97dab47f2 (diff)
parent06ebc45e15f2a1bd4526a5a716eed657c902a0c1 (diff)
downloadguix-4c323c2f8308bba0e3295f3109d159c7b8f72838.tar
guix-4c323c2f8308bba0e3295f3109d159c7b8f72838.tar.gz
Merge branch 'master' into HEAD
Change-Id: I3f5d121162d98ef2ae61a62c4da3b0fd19d864e8
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm7
-rw-r--r--gnu/services/docker.scm260
-rw-r--r--gnu/services/guix.scm23
-rw-r--r--gnu/services/rsync.scm1
-rw-r--r--gnu/services/vnc.scm2
-rw-r--r--gnu/services/web.scm6
6 files changed, 285 insertions, 14 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 154e3079d3..ab66b12255 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -63,7 +63,9 @@
#:use-module (gnu packages bash)
#:use-module ((gnu packages base)
#:select (coreutils glibc glibc/hurd
- glibc-utf8-locales make-glibc-utf8-locales
+ glibc-utf8-locales
+ libc-utf8-locales-for-target
+ make-glibc-utf8-locales
tar canonical-package))
#:use-module ((gnu packages compression) #:select (gzip))
#:use-module (gnu packages fonts)
@@ -2152,7 +2154,8 @@ raise a deprecation warning if the 'compression-level' field was used."
;; nars for packages that contain UTF-8 file names such
;; as 'nss-certs'. See <https://bugs.gnu.org/26948>.
(list (string-append "GUIX_LOCPATH="
- #$glibc-utf8-locales "/lib/locale")
+ #$(libc-utf8-locales-for-target)
+ "/lib/locale")
"LC_ALL=en_US.utf8")
#:log-file "/var/log/guix-publish.log"))
(endpoints #~(let ((ai (false-if-exception
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index c2023d618c..ebea0a473a 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2020 Jesse Dowell <jessedowell@gmail.com>
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2023 Giacomo Leidi <goodoldpaul@autistici.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,15 +30,36 @@
#:use-module (gnu services shepherd)
#:use-module (gnu system setuid)
#:use-module (gnu system shadow)
+ #:use-module (gnu packages admin) ;shadow
#:use-module (gnu packages docker)
#:use-module (gnu packages linux) ;singularity
#:use-module (guix records)
+ #:use-module (guix diagnostics)
#:use-module (guix gexp)
+ #:use-module (guix i18n)
#:use-module (guix packages)
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 format)
+ #:use-module (ice-9 match)
#:export (docker-configuration
docker-service-type
- singularity-service-type))
+ singularity-service-type
+ oci-container-configuration
+ oci-container-configuration?
+ oci-container-configuration-fields
+ oci-container-configuration-user
+ oci-container-configuration-group
+ oci-container-configuration-command
+ oci-container-configuration-entrypoint
+ oci-container-configuration-environment
+ oci-container-configuration-image
+ oci-container-configuration-provision
+ oci-container-configuration-network
+ oci-container-configuration-ports
+ oci-container-configuration-volumes
+ oci-container-service-type
+ oci-container-shepherd-service))
(define-configuration docker-configuration
(docker
@@ -216,3 +238,239 @@ bundles in Docker containers.")
(service-extension activation-service-type
(const %singularity-activation))))
(default-value singularity)))
+
+
+;;;
+;;; OCI container.
+;;;
+
+(define (oci-sanitize-pair pair delimiter)
+ (define (valid? member)
+ (or (string? member)
+ (gexp? member)
+ (file-like? member)))
+ (match pair
+ (((? valid? key) . (? valid? value))
+ #~(string-append #$key #$delimiter #$value))
+ (_
+ (raise
+ (formatted-message
+ (G_ "pair members must contain only strings, gexps or file-like objects
+but ~a was found")
+ pair)))))
+
+(define (oci-sanitize-mixed-list name value delimiter)
+ (map
+ (lambda (el)
+ (cond ((string? el) el)
+ ((pair? el) (oci-sanitize-pair el delimiter))
+ (else
+ (raise
+ (formatted-message
+ (G_ "~a members must be either a string or a pair but ~a was
+found!")
+ name el)))))
+ value))
+
+(define (oci-sanitize-environment value)
+ ;; Expected spec format:
+ ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java")
+ (oci-sanitize-mixed-list "environment" value "="))
+
+(define (oci-sanitize-ports value)
+ ;; Expected spec format:
+ ;; '(("8088" . "80") "2022:22")
+ (oci-sanitize-mixed-list "ports" value ":"))
+
+(define (oci-sanitize-volumes value)
+ ;; Expected spec format:
+ ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java")
+ (oci-sanitize-mixed-list "volumes" value ":"))
+
+(define-maybe/no-serialization string)
+
+(define-configuration/no-serialization oci-container-configuration
+ (user
+ (string "oci-container")
+ "The user under whose authority docker commands will be run.")
+ (group
+ (string "docker")
+ "The group under whose authority docker commands will be run.")
+ (command
+ (list-of-strings '())
+ "Overwrite the default command (@code{CMD}) of the image.")
+ (entrypoint
+ (maybe-string)
+ "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.")
+ (environment
+ (list '())
+ "Set environment variables. This can be a list of pairs or strings, even
+mixed:
+
+@lisp
+(list '(\"LANGUAGE\" . \"eo:ca:eu\")
+ \"JAVA_HOME=/opt/java\")
+@end lisp
+
+String are passed directly to the Docker CLI. You can refer to the
+@url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
+documentation for semantics."
+ (sanitizer oci-sanitize-environment))
+ (image
+ (string)
+ "The image used to build the container. Images are resolved by the Docker
+Engine, and follow the usual format
+@code{myregistry.local:5000/testing/test-image:tag}.")
+ (provision
+ (maybe-string)
+ "Set the name of the provisioned Shepherd service.")
+ (network
+ (maybe-string)
+ "Set a Docker network for the spawned container.")
+ (ports
+ (list '())
+ "Set the port or port ranges to expose from the spawned container. This can
+be a list of pairs or strings, even mixed:
+
+@lisp
+(list '(\"8080\" . \"80\")
+ \"10443:443\")
+@end lisp
+
+String are passed directly to the Docker CLI. You can refer to the
+@url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream}
+documentation for semantics."
+ (sanitizer oci-sanitize-ports))
+ (volumes
+ (list '())
+ "Set volume mappings for the spawned container. This can be a
+list of pairs or strings, even mixed:
+
+@lisp
+(list '(\"/root/data/grafana\" . \"/var/lib/grafana\")
+ \"/gnu/store:/gnu/store\")
+@end lisp
+
+String are passed directly to the Docker CLI. You can refer to the
+@url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream}
+documentation for semantics."
+ (sanitizer oci-sanitize-volumes))
+ (container-user
+ (maybe-string)
+ "Set the current user inside the spawned container. You can refer to the
+@url{https://docs.docker.com/engine/reference/run/#user,upstream}
+documentation for semantics.")
+ (workdir
+ (maybe-string)
+ "Set the current working for the spawned Shepherd service.
+You can refer to the
+@url{https://docs.docker.com/engine/reference/run/#workdir,upstream}
+documentation for semantics."))
+
+(define oci-container-configuration->options
+ (lambda (config)
+ (let ((entrypoint
+ (oci-container-configuration-entrypoint config))
+ (network
+ (oci-container-configuration-network config))
+ (user
+ (oci-container-configuration-user config))
+ (workdir
+ (oci-container-configuration-workdir config)))
+ (apply append
+ (filter (compose not unspecified?)
+ `(,(if (maybe-value-set? entrypoint)
+ `("--entrypoint" ,entrypoint)
+ '())
+ ,(append-map
+ (lambda (spec)
+ (list "--env" spec))
+ (oci-container-configuration-environment config))
+ ,(if (maybe-value-set? network)
+ `("--network" ,network)
+ '())
+ ,(if (maybe-value-set? user)
+ `("--user" ,user)
+ '())
+ ,(if (maybe-value-set? workdir)
+ `("--workdir" ,workdir)
+ '())
+ ,(append-map
+ (lambda (spec)
+ (list "-p" spec))
+ (oci-container-configuration-ports config))
+ ,(append-map
+ (lambda (spec)
+ (list "-v" spec))
+ (oci-container-configuration-volumes config))))))))
+
+(define (oci-container-shepherd-service config)
+ (define (guess-name name image)
+ (if (maybe-value-set? name)
+ name
+ (string-append "docker-"
+ (basename (car (string-split image #\:))))))
+
+ (let* ((docker-command (file-append docker-cli "/bin/docker"))
+ (user (oci-container-configuration-user config))
+ (group (oci-container-configuration-group config))
+ (command (oci-container-configuration-command config))
+ (provision (oci-container-configuration-provision config))
+ (image (oci-container-configuration-image config))
+ (options (oci-container-configuration->options config))
+ (name (guess-name provision image)))
+
+ (shepherd-service (provision `(,(string->symbol name)))
+ (requirement '(dockerd user-processes))
+ (respawn? #f)
+ (documentation
+ (string-append
+ "Docker backed Shepherd service for image: " image))
+ (start
+ #~(make-forkexec-constructor
+ ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+ (list #$docker-command "run" "--rm"
+ "--name" #$name
+ #$@options #$image #$@command)
+ #:user #$user
+ #:group #$group))
+ (stop
+ #~(lambda _
+ (invoke #$docker-command "rm" "-f" #$name)))
+ (actions
+ (list
+ (shepherd-action
+ (name 'pull)
+ (documentation
+ (format #f "Pull ~a's image (~a)."
+ name image))
+ (procedure
+ #~(lambda _
+ (invoke #$docker-command "pull" #$image)))))))))
+
+(define %oci-container-accounts
+ (list (user-account
+ (name "oci-container")
+ (comment "OCI services account")
+ (group "docker")
+ (system? #t)
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define (configs->shepherd-services configs)
+ (map oci-container-shepherd-service configs))
+
+(define oci-container-service-type
+ (service-type (name 'oci-container)
+ (extensions (list (service-extension profile-service-type
+ (lambda _ (list docker-cli)))
+ (service-extension account-service-type
+ (const %oci-container-accounts))
+ (service-extension shepherd-root-service-type
+ configs->shepherd-services)))
+ (default-value '())
+ (extend append)
+ (compose concatenate)
+ (description
+ "This service allows the management of Docker and OCI
+containers as Shepherd services.")))
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index fe602efb99..389903451a 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -23,7 +23,7 @@
#:use-module (guix records)
#:use-module (guix packages)
#:use-module ((gnu packages base)
- #:select (glibc-utf8-locales))
+ #:select (libc-utf8-locales-for-target))
#:use-module (gnu packages admin)
#:use-module (gnu packages databases)
#:use-module (gnu packages web)
@@ -381,7 +381,8 @@
#:pid-file-timeout 60
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.utf8"
"PATH=/run/current-system/profile/bin" ; for hooks
#$@extra-environment-variables)
@@ -508,7 +509,8 @@
#:user #$user
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
;; XDG_CACHE_HOME is used by Guix when caching narinfo files
"XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent"
"LC_ALL=en_US.utf8")
@@ -600,7 +602,8 @@
#:user #$user
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.utf8")
#:log-file "/var/log/guix-build-coordinator/queue-builds.log"))))
(stop #~(make-kill-destructor))
@@ -712,7 +715,8 @@ ca-certificates.crt file in the system profile."
#:pid-file "/var/run/guix-data-service/pid"
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.UTF-8")
#:log-file "/var/log/guix-data-service/web.log"))
(stop #~(make-kill-destructor)))
@@ -733,7 +737,8 @@ ca-certificates.crt file in the system profile."
`("HOME=/var/lib/guix-data-service"
"GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt"
,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.UTF-8")
#:log-file "/var/log/guix-data-service/process-jobs.log"))
(stop #~(make-kill-destructor))))))
@@ -989,7 +994,8 @@ ca-certificates.crt file in the system profile."
#:pid-file "/var/run/nar-herder/pid"
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.utf8"
#$@extra-environment-variables)
#:log-file "/var/log/nar-herder/server.log"))
@@ -1108,7 +1114,8 @@ ca-certificates.crt file in the system profile."
#:directory "/var/lib/bffe"
#:environment-variables
`(,(string-append
- "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
+ "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target) "/lib/locale")
"LC_ALL=en_US.utf8"
#$@extra-environment-variables)
#:log-file "/var/log/bffe/server.log"))
diff --git a/gnu/services/rsync.scm b/gnu/services/rsync.scm
index 42e4d0247e..e85dd50934 100644
--- a/gnu/services/rsync.scm
+++ b/gnu/services/rsync.scm
@@ -291,6 +291,7 @@ please use 'modules' instead~%")))
(make-socket-address AF_INET6 IN6ADDR_ANY
#$port-number)))
'()))
+ #:service-name-stem "rsync"
#:user #$user
#:group #$group)
(make-forkexec-constructor #$rsync-command
diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm
index f90bd7258f..8b9ad0b179 100644
--- a/gnu/services/vnc.scm
+++ b/gnu/services/vnc.scm
@@ -149,7 +149,7 @@ CONFIG, a <xvnc-configuration> object."
(xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp?
inetd? frame-rate security-types localhost? log-level extra-options)
#~(list #$(file-append xvnc "/bin/Xvnc")
- #$(format #f ":~a" display-number)
+ #$@(if inetd? '() (list (format #f ":~a" display-number)))
"-geometry" #$geometry
"-depth" #$(number->string depth)
#$@(if inetd?
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 818226a4f7..023b187cb0 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -1498,7 +1498,8 @@ files.")
'#$(optional anonip-configuration-regex "--regex"))
;; Run in a UTF-8 locale
#:environment-variables
- (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ (list (string-append "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target)
"/lib/locale")
"LC_ALL=en_US.utf8")))
@@ -1976,7 +1977,8 @@ WSGIPassAuthorization On
(define (mumi-shepherd-services config)
(define environment
#~(list "LC_ALL=en_US.utf8"
- (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ (string-append "GUIX_LOCPATH="
+ #$(libc-utf8-locales-for-target)
"/lib/locale")))
(match config
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-20 22:52:19 +0000