diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 175 |
1 files changed, 142 insertions, 33 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index f5bbb92c7c..73570277f6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26,7 +26,8 @@ Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016 Chris Marusich@* Copyright @copyright{} 2016 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* -Copyright @copyright{} 2016 ng0 +Copyright @copyright{} 2016 ng0@* +Copyright @copyright{} 2016 Jan Nieuwenhuizen Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -213,6 +214,7 @@ Services * Base Services:: Essential system services. * Scheduled Job Execution:: The mcron service. +* Log Rotation:: The rottlog service. * Networking Services:: Network setup, SSH daemon, etc. * X Window:: Graphical display. * Desktop Services:: D-Bus and desktop services. @@ -7581,6 +7583,7 @@ declaration. @menu * Base Services:: Essential system services. * Scheduled Job Execution:: The mcron service. +* Log Rotation:: The rottlog service. * Networking Services:: Network setup, SSH daemon, etc. * X Window:: Graphical display. * Desktop Services:: D-Bus and desktop services. @@ -8055,6 +8058,85 @@ specifications,, mcron, GNU@tie{}mcron}). @end deftp +@node Log Rotation +@subsubsection Log Rotation + +@cindex rottlog +@cindex log rotation +Log files such as those found in @file{/var/log} tend to grow endlessly, +so it's a good idea to @dfn{rotate} them once in a while---i.e., archive +their contents in separate files, possibly compressed. The @code{(gnu +services admin)} module provides an interface to GNU@tie{}Rot[t]log, a +log rotation tool (@pxref{Top,,, rottlog, GNU Rot[t]log Manual}). + +The example below defines an operating system that provides log rotation +with the default settings. + +@lisp +(use-modules (guix) (gnu)) +(use-service-modules admin mcron) +(use-package-modules base idutils) + +(operating-system + ;; @dots{} + (services (cons* (mcron-service) + (service rottlog-service-type (rottlog-configuration)) + %base-services))) +@end lisp + +@defvr {Scheme Variable} rottlog-service-type +This is the type of the Rottlog service, whose value is a +@code{rottlog-configuration} object. + +This service type can define mcron jobs (@pxref{Scheduled Job +Execution}) to run the rottlog service. +@end defvr + +@deftp {Data Type} rottlog-configuration +Data type representing the configuration of rottlog. + +@table @asis +@item @code{rottlog} (default: @code{rottlog}) +The Rottlog package to use. + +@item @code{rc-file} (default: @code{(file-append rottlog "/etc/rc")}) +The Rottlog configuration file to use (@pxref{Mandatory RC Variables,,, +rottlog, GNU Rot[t]log Manual}). + +@item @code{periodic-rotations} (default: @code{`(("weekly" %default-rotatations))}) +A list of Rottlog period-name/period-config tuples. + +For example, taking an example from the Rottlog manual (@pxref{Period +Related File Examples,,, rottlog, GNU Rot[t]log Manual}), a valid tuple +might be: + +@example +("daily" ,(plain-file "daily" + "\ + /var/log/apache/* @{ + storedir apache-archives + rotate 6 + notifempty + nocompress + @}")) +@end example + +@item @code{jobs} +This is a list of gexps where each gexp corresponds to an mcron job +specification (@pxref{Scheduled Job Execution}). +@end table +@end deftp + +@defvr {Scheme Variable} %default-rotations +Specifies weekly rotation of @var{%rotated-files} and +@code{"/var/log/shepherd.log"}. +@end defvr + +@defvr {Scheme Variable} %rotated-files +The list of syslog-controlled files to be rotated. By default it is: +@code{'("/var/log/messages" "/var/log/secure")}. +@end defvr + @node Networking Services @subsubsection Networking Services @@ -8199,40 +8281,67 @@ root. The other options should be self-descriptive. @end deffn -@deffn {Scheme Procedure} openssh-service [#:pid-file "/var/run/sshd.pid"] @ - [#:port-number 22] [#:permit-root-login 'without-password] @ - [#:allow-empty-passwords #f] [#:password-authentication? #t] @ - [#:pubkey-authentication? #t] [#:rsa-authentication? #t] @ - [#:x11-forwarding? #f] [#:protocol-number "2"] -Run the @command{sshd} program from @var{openssh} on port -@var{port-number}. @command{sshd} runs an SSH daemon and writes its PID -to @var{pid-file}. It understands SSH protocol -@var{protocol-number}. The @var{protocol-number} can be either 1 or 2. - -@var{permit-root-login} takes one of @code{#t}, @code{'without-password} -and @code{#f}. It is used to allow root login through SSH. -@code{'without-password} means that root login is allowed, but not with -password-based authentication. - -When @var{allow-empty-passwords?} is true, users with empty passwords -may log in. When false, they may not. - -When @var{password-authentication?} is true, users may log in with their -password. When false, they have to use other means of authentication. - -When @var{pubkey-authentication?} is true, users may log in using public -key authentication. When false, users have to use other means of -authentication. Authorized public keys are stored in -@file{~/.ssh/authorized_keys}. This is used only by protocol version 2. - -When @var{rsa-authentication?} is true, users may log in using pure RSA -authentication. When false, users have to use other means of -authentication. This is used only by protocol 1. - -When @var{x11-forwarding?} is true, @command{ssh} options @option{-X} -and @option{-Y} will work. +@deffn {Scheme Variable} openssh-service-type +This is the type for the @uref{http://www.openssh.org, OpenSSH} secure +shell daemon, @command{sshd}. Its value must be an +@code{openssh-configuration} record as in this example: + +@example +(service openssh-service-type + (openssh-configuration + (x11-forwarding? #t) + (permit-root-login 'without-password))) +@end example + +See below for details about @code{openssh-configuration}. @end deffn +@deftp {Data Type} openssh-configuration +This is the configuration record for OpenSSH's @command{sshd}. + +@table @asis +@item @code{pid-file} (default: @code{"/var/run/sshd.pid"}) +Name of the file where @command{sshd} writes its PID. + +@item @code{port-number} (default: @code{22}) +TCP port on which @command{sshd} listens for incoming connections. + +@item @code{permit-root-login} (default: @code{#f}) +This field determines whether and when to allow logins as root. If +@code{#f}, root logins are disallowed; if @code{#t}, they are allowed. +If it's the symbol @code{'without-password}, then root logins are +permitted but not with password-based authentication. + +@item @code{allow-empty-passwords?} (default: @code{#f}) +When true, users with empty passwords may log in. When false, they may +not. + +@item @code{password-authentication?} (default: @code{#t}) +When true, users may log in with their password. When false, they have +other authentication methods. + +@item @code{public-key-authentication?} (default: @code{#t}) +When true, users may log in using public key authentication. When +false, users have to use other authentication method. + +Authorized public keys are stored in @file{~/.ssh/authorized_keys}. +This is used only by protocol version 2. + +@item @code{rsa-authentication?} (default: @code{#t}) +When true, users may log in using pure RSA authentication. When false, +users have to use other means of authentication. This is used only by +protocol 1. + +@item @code{x11-forwarding?} (default: @code{#f}) +When true, forwarding of X11 graphical client connections is +enabled---in other words, @command{ssh} options @option{-X} and +@option{-Y} will work. + +@item @code{protocol-number} (default: @code{2}) +The SSH protocol number to use. +@end table +@end deftp + @deffn {Scheme Procedure} dropbear-service [@var{config}] Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH daemon} with the given @var{config}, a @code{<dropbear-configuration>} |