aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
Commit message (Collapse)AuthorAge
* services: Prevent following symlinks during activation.Maxime Devos2021-03-10
| | | | | | | | | | | | | | | | | | | | This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: cuirass: Remove simple cuirass configuration.Mathieu Othacehe2021-03-10
| | | | | | | | The Cuirass configuration has been simplified so that this is no longer needed. * gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>, simple-cuirass-configuration->specs): Remove them.
* services: cuirass: Do not create the database directory.Mathieu Othacehe2021-03-10
| | | | | | | Fixes: <https://issues.guix.gnu.org/46683>. * gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch, it is no longer needed to create the database directory.
* services: guix-build-coordinator: Add dynamic auth with file record.Christopher Baines2021-03-05
| | | | | | | | | | | * gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file, guix-build-coordinator-agent-dynamic-auth-with-filen?, guix-build-coordinator-agent-dynamic-auth-with-file-agent-name, guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with file record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with file record.
* services: shepherd: Make 'assert-valid-graph' public.Andrew Tropin2021-03-03
| | | | | | * gnu/services/shepherd.scm (assert-valid-graph): Make public. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: guix-build-coordinator: Add dynamic auth record.Christopher Baines2021-02-28
| | | | | | | | | | | * gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth, guix-build-coordinator-agent-dynamic-auth?, guix-build-coordinator-agent-dynamic-auth-agent-name, guix-build-coordinator-agent-dynamic-auth-token): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth record.
* services: guix-build-coordinator: Rework authentication config.Christopher Baines2021-02-28
| | | | | | | | | | | | | | | | | | | | | | | A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation.
* services: shepherd: Make /run/booted-system a symlink to the store item.Ludovic Courtès2021-02-25
| | | | | | | | | | | Fixes <https://bugs.gnu.org/46767>. Previously /run/booted-system would end up referring to /var/guix/profiles/system-NNN-link; consequently, the booted system would not be GC-protected. * gnu/services/shepherd.scm (shepherd-boot-gexp): Call 'canonicalize-path' instead of 'readlink'.
* services: cuirass: Fix services requirements.Mathieu Othacehe2021-02-23
| | | | | | | * gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to cuirass requirements. Set cuirass-web requirements to cuirass only. Remove "guix-daemon" and "networking" from cuirass-remote-server requirements as are already required by cuirass.
* services: postgresql-roles: Fix race condition.Mathieu Othacehe2021-02-23
| | | | | | | | | | Make sure that the postgresql-roles script is completed before declaring the postgresql-roles service as started. * gnu/services/databases.scm (postgresql-create-roles): Return the command line instead of a program-file. (postgresql-role-shepherd-service): Use fork+exec-command to start the role creation script and wait for its completion before returning.
* services: cuirass: Improve simple-cuirass-services.Mathieu Othacehe2021-02-23
| | | | | | | | | | | | | | | | | | | | | | Instead of returning multiple services in simple-cuirass-services, rely on the instantiate-missing-services procedure to instantiate postgresql and postgresql-role-service-type when missing. Turn simple-cuirass-services procedure into simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration record and returns a Cuirass specification. Suggested-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/cuirass.scm (%default-cuirass-config): Remove it. (simple-cuirass-services): Rename it to ... (simple-cuirass-configuration->specs): ... this procedure. * gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and postgresql-role services that are automatically instantiated. (simple-cuirass-service): New variable. (%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs instead of simple-cuirass-services. * doc/guix.texi (Simple Cuirass): Update it.
* services: postgresql: Define a default value.Mathieu Othacehe2021-02-22
| | | | * gnu/services/databases.scm (postgresql-service-type): Define a default value.
* services: cuirass: Instantiate postgresql service.Mathieu Othacehe2021-02-22
| | | | | * gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql service when missing.
* services: tor: Add control-socket? option.Christopher Lemmer Webber2021-02-22
| | | | | | | * doc/guix.texi (Networking Services): Document new `control-socket?' option for `tor-configuration`. * gnu/services/networking.scm (<tor-configuration>): (tor-configuration->torrc):
* services: cuirass: Add parameters support.Mathieu Othacehe2021-02-22
| | | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field. [zabbix-uri]: Remove it. (cuirass-shepherd-service): Honor it.
* services: cuirass: Add "simple-cuirass-services".Mathieu Othacehe2021-02-19
| | | | | | | | | | * gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>): New records. (build-manifest, build-manifest?, simple-cuirass-configuration, simple-cuirass-configuration?, simple-cuirass-services): New procedures. (%default-cuirass-config): New variable. * gnu/tests/cuirass.scm (%cuirass-simple-test): New variable. * doc/guix.texi (Continuous Integration): Document it.
* services: wireguard: New service.Mathieu Othacehe2021-02-17
| | | | | | * gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records. (wireguard-service-type): New variable. * doc/guix.texi (VPN Services): Document it.
* services: Add Agate Gemini service.Alexandru-Sergiu Marton2021-02-15
| | | | | | | | | * gnu/services/web.scm (<agate-configuration>): New record type. (agate-accounts, agate-shepherd-service): New procedures. (agate-service-type): New variable. * doc/guix.texi (Web Services): Document it. Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* services: cuirass: Add server argument for the remote-worker.Mathieu Othacehe2021-02-12
| | | | | | * gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]: New field. (cuirass-remote-worker-shepherd-service): Honor it.
* services: Add transmission-daemon service.Simon South2021-02-12
| | | | | | | | | | | * gnu/services/file-sharing.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/packages/POTFILES.in: Add it. * tests/services/file-sharing.scm: New file. * Makefile.am (SCM_TESTS): Add it. * doc/guix.texi (File-Sharing Services): New section. Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* services: Add 'xorg-server-service-type'.宋文武2021-02-11
| | | | | * gnu/services/xorg.scm (xorg-server-service-type): New service type. (xorg-server-profile-service): New procedure.
* services: knot: Fix configuration verification.Alexey Abramov2021-02-11
| | | | | | | | | * gnu/services/dns.scm (verify-knot-key-configuration): Fix the order of memq arguments. (verify-knot-keystore-configuration): Likewise. (verify-knot-acl-configuration): Replace fold with every procedure. Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* services: cuirass: Move zabbix argument to the web process.Mathieu Othacehe2021-02-09
| | | | | | | This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349. * gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri" argument to the web process.
* services: cuirass: Add Zabbix support.Mathieu Othacehe2021-02-08
| | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field. (cuirass-shepherd-service): Honor it.
* gnu: Remove 'file-systems requirement from kernel-module-loader.raid5atemyhomework2021-02-08
| | | | | | | * gnu/services/linux.scm (kernel-module-loader-shepherd-service): Remove 'file-systems requirement. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* services: PostgreSQL: Quote database names.Marius Bakke2021-02-06
| | | | | * gnu/services/databases.scm (postgresql-create-roles): Quote the name in the SQL query so that roles/usernames containing hyphens will work.
* gnu: services: Fix the NFS service.Maxim Cournoyer2021-02-05
| | | | | * gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change of the rpcbind command.
* services: shepherd: Allow custom 'shepherd' package.Maxime Devos2021-01-30
| | | | | | | | | | | | | * gnu/services/shepherd.scm (<shepherd-configuration>): New record. (shepherd-boot-gexp, shepherd-root-service-type): Use it. (scm->go, shepherd-configuration-file): Allow passing custom shepherd package. * gnu/system.scm (operating-system-shepherd-service-names): Use the new record. * guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly. * doc/guix.texi (Shepherd Services). Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: cuirass: Create remote-server cache directory.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache directory if needed. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Fix syntax error.Mathieu Othacehe2021-01-28
| | | | | | | | | This is a follow-up of 189e62fa69049538884077155cc70cac43260118. * gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix syntax. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add log-file support.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add log-file support. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Fix workers argument.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix workers arguments. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add systems argument.Mathieu Othacehe2021-01-28
| | | | | | | | * gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]: New field. (cuirass-remote-worker-shepherd-service): Honor it. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add remote build support.Mathieu Othacehe2021-01-28
|
* service: cuirass: Update it.Mathieu Othacehe2021-01-28
|
* services: postgresql: Add postgresql-role-service-type.Mathieu Othacehe2021-01-28
| | | | | | | | | | | * gnu/services/databases.scm (postgresql-role, postgresql-role?, postgresql-role-name, postgresql-role-permissions, postgresql-role-create-database?, postgresql-role-configuration, postgresql-role-configuration?, postgresql-role-configuration-host, postgresql-role-configuration-roles, postgresql-role-service-type): New procedures. * gnu/tests/databases.scm: Test it. * doc/guix.texi: Document it.
* services: postgresql: Wrap long lines.Mathieu Othacehe2021-01-28
| | | | * gnu/services/databases.scm: Wrap long lines, no functional change.
* services: postgresql: Add log directory support.Mathieu Othacehe2021-01-28
| | | | | | | | | | | * gnu/services/databases.scm (postgresql-configuration-log-directory): New procedure. (<postgresql-configuration>)[log-directory]: New field. (postgresql-activation): Create the log directory. (postgresql-shepherd-service): Honor it. * gnu/tests/databases.scm (%postgresql-log-directory): New variable. (log-file): New test case. * doc/guix.texi (Database Services): Document it.
* services: postgresql: Add socket directory support.Mathieu Othacehe2021-01-28
| | | | | | | | | | | | | | * gnu/services/databases.scm (postgresql-config-file-socket-directory): New procedure. (<postgresql-config-file>)[socket-directory]: New field. (postgresql-config-file-compiler): Honor it. (postgresql-activation): Create the socket directory if needed. * doc/guix.texi (Database Services): Document it. * gnu/tests/guix.scm (%guix-data-service-os): Adapt it. * gnu/tests/monitoring.scm (%zabbix-os): Ditto. * gnu/tests/web.scm (patchwork-os): Ditto. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: postgresql: Use Guile datatypes.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile datatypes in the "extra-config" field. * gnu/tests/databases.scm (%postgresql-os): Test it. * doc/guix.texi (Database Services): Document it.
* gnu: php-fpm: Ensure no duplicate group.Julien Lepiller2021-01-17
| | | | | | | * gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not duplicated. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
* services: cups: reuse lp from %base-groups.Leo Prikler2021-01-17
| | | | * gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
* services: openntpd: Remove support for deprecated "-s" option.Simon South2021-01-16
| | | | | | | | | | | | | | | * gnu/services/networking.scm (openntpd-configuration): Remove "allow-large-adjustment?" field. (openntpd-shepherd-service): Remove use of "allow-large-adjustment?" configuration field and "-s" daemon option. * tests/networking.scm (%openntpd-conf-sample): Remove "allow-large-adjustment?" field. * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove "allow-large-adjustment?" field from sample configuration. [openntpd-configuration]: Remove description of "allow-large-adjustment?" field. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: qemu-binfmt: 'guix-support?' defaults to #t.Stefan2021-01-16
| | | | | | | | | * gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]: Change the default from #f to #t. * doc/guix.texi (Transparent Emulation with QEMU): Change the default of ‘guix-support?’ from #f to #t. Describe the implication of setting it to #f. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: hurd-vm: Respect hurd-vm-configuration's disk-size.Jan (janneke) Nieuwenhuizen2021-01-14
| | | | | | | This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7. * gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from config to set image's size.
* services: shepherd: 'shepherd-service-type' requires documentation.Ludovic Courtès2021-01-13
| | | | | | | | | | | | | | | | | * gnu/services/shepherd.scm (shepherd-service-type): Require a 'description' form. * gnu/services/base.scm (root-file-system-service-type) (rngd-service-type, host-name-service-type): (virtual-terminal-service-type, console-keymap-service-type) (syslog-service-type, swap-service-type) (kmscon-service-type): Add description. * gnu/services/networking.scm (dhcp-client-service-type): Likewise. * gnu/system/install.scm (cow-store-service-type): Likewise. * gnu/system/linux-container.scm (dummy-networking-service-type): Likewise. * gnu/system/mapped-devices.scm (device-mapping-service-type): Likewise. * tests/guix-system.sh: Likewise.
* services: Add keepalived service.Oleg Pykhalov2021-01-12
| | | | | | | * gnu/services/networking.scm (<keepalived-configuration>): New record. (keepalived-shepherd-service): New procedure. (keepalived-service-type): New variable. * doc/guix.texi (Networking Services): Document this.
* services: Add syncthing service.Oleg Pykhalov2021-01-12
| | | | | | * gnu/services/syncthing.scm: New file. * gnu/local.mk: Add this. * doc/guix.texi: Document this.
* services: cups: Add brlaser extension by default.Tobias Geerinckx-Rice2021-01-10
| | | | | | * gnu/services/cups.scm (cups-configuration): Add brlaser to the default extensions. * doc/guix.texi (Printing Services): Document it.
* services: kernel-module-loader: Return a single 'shepherd-service'.Brice Waegeneire2021-01-06
| | | | | | | | * gnu/services/linux.scm (kernel-module-loader-shepherd-service): Return a 'shepherd-service' instead of a list of it. (kernel-module-loader-service-type): Adjust it. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>