aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
Commit message (Collapse)AuthorAge
* services: Enable "protected hardlinks" and "protected symlinks" by default.Leo Famulari2021-03-18
| | | | | | | | | | | | | | References: https://sysctl-explorer.net/fs/protected_hardlinks/ https://sysctl-explorer.net/fs/protected_symlinks/ * gnu/services/sysctl.scm (%default-sysctl-settings): New public variable. (<sysctl-configuration>): Use %default-sysctl-settings as the default value. * gnu/services/base.scm (%base-services): Add sysctl-service-type. * doc/guix.texi (Miscellaneous Services): Document the new defaults. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu: Remove MongoDB.Léo Le Bouter2021-03-16
| | | | | | | | | | | | | | | | | | | | | | mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the release tarball under the SSPL, therefore we cannot provide mongodb while upholding to good security standards. It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while the main license file wasnt altered to SSPL, some files in the tree contain SSPL headers. * gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove. * gnu/packages/databases.scm (mongo-tools): Remove. * doc/guix.texi (mongodb-service-type): Remove. * gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test): Remove. * gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?, mongodb-configuration-mongodb, mongodb-configuration-config-file, mongodb-configuration-data-directory, mongodb-service-type, %default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation, mongodb-shepherd-service): Remove. * gnu/packages/databases.scm (mongodb): Remove.
* services/qemu-binfmt: Use the F flag and the static output of QEMU.Maxim Cournoyer2021-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/36117>. Before this change, the 'binfmt_misc' entries registered for QEMU would not be usable in container contexts outside of guix-daemon (without manually bind mounting file names). For example: $ docker run --rm arm32v7/debian true standard_init_linux.go:207: exec user process caused "no such file or directory" After this change, any container can make use of the QEMU binfmt_misc registrations, as their corresponding QEMU static binaries are fully pre-loaded by the kernel. * gnu/services/virtualization.scm (<qemu-platform>): Define using 'define-record-type*'. [flags]: New field, which defaults to "F" (fix binary). (%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64) (%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el) (%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust. (qemu-binfmt-guix-chroot): Remove variable. (qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension. * gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of QEMU. * doc/contributing.texi (Submitting Patches): Update doc. * doc/guix.texi (Virtualization Services): Update doc.
* services: Prevent following symlinks during activation.Maxime Devos2021-03-10
| | | | | | | | | | | | | | | | | | | | This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: cuirass: Remove simple cuirass configuration.Mathieu Othacehe2021-03-10
| | | | | | | | The Cuirass configuration has been simplified so that this is no longer needed. * gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>, simple-cuirass-configuration->specs): Remove them.
* services: cuirass: Do not create the database directory.Mathieu Othacehe2021-03-10
| | | | | | | Fixes: <https://issues.guix.gnu.org/46683>. * gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch, it is no longer needed to create the database directory.
* services: guix-build-coordinator: Add dynamic auth with file record.Christopher Baines2021-03-05
| | | | | | | | | | | * gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file, guix-build-coordinator-agent-dynamic-auth-with-filen?, guix-build-coordinator-agent-dynamic-auth-with-file-agent-name, guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with file record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with file record.
* services: shepherd: Make 'assert-valid-graph' public.Andrew Tropin2021-03-03
| | | | | | * gnu/services/shepherd.scm (assert-valid-graph): Make public. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: guix-build-coordinator: Add dynamic auth record.Christopher Baines2021-02-28
| | | | | | | | | | | * gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth, guix-build-coordinator-agent-dynamic-auth?, guix-build-coordinator-agent-dynamic-auth-agent-name, guix-build-coordinator-agent-dynamic-auth-token): New procedures. (guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth record. * doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth record.
* services: guix-build-coordinator: Rework authentication config.Christopher Baines2021-02-28
| | | | | | | | | | | | | | | | | | | | | | | A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation.
* services: shepherd: Make /run/booted-system a symlink to the store item.Ludovic Courtès2021-02-25
| | | | | | | | | | | Fixes <https://bugs.gnu.org/46767>. Previously /run/booted-system would end up referring to /var/guix/profiles/system-NNN-link; consequently, the booted system would not be GC-protected. * gnu/services/shepherd.scm (shepherd-boot-gexp): Call 'canonicalize-path' instead of 'readlink'.
* services: cuirass: Fix services requirements.Mathieu Othacehe2021-02-23
| | | | | | | * gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to cuirass requirements. Set cuirass-web requirements to cuirass only. Remove "guix-daemon" and "networking" from cuirass-remote-server requirements as are already required by cuirass.
* services: postgresql-roles: Fix race condition.Mathieu Othacehe2021-02-23
| | | | | | | | | | Make sure that the postgresql-roles script is completed before declaring the postgresql-roles service as started. * gnu/services/databases.scm (postgresql-create-roles): Return the command line instead of a program-file. (postgresql-role-shepherd-service): Use fork+exec-command to start the role creation script and wait for its completion before returning.
* services: cuirass: Improve simple-cuirass-services.Mathieu Othacehe2021-02-23
| | | | | | | | | | | | | | | | | | | | | | Instead of returning multiple services in simple-cuirass-services, rely on the instantiate-missing-services procedure to instantiate postgresql and postgresql-role-service-type when missing. Turn simple-cuirass-services procedure into simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration record and returns a Cuirass specification. Suggested-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/cuirass.scm (%default-cuirass-config): Remove it. (simple-cuirass-services): Rename it to ... (simple-cuirass-configuration->specs): ... this procedure. * gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and postgresql-role services that are automatically instantiated. (simple-cuirass-service): New variable. (%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs instead of simple-cuirass-services. * doc/guix.texi (Simple Cuirass): Update it.
* services: postgresql: Define a default value.Mathieu Othacehe2021-02-22
| | | | * gnu/services/databases.scm (postgresql-service-type): Define a default value.
* services: cuirass: Instantiate postgresql service.Mathieu Othacehe2021-02-22
| | | | | * gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql service when missing.
* services: tor: Add control-socket? option.Christopher Lemmer Webber2021-02-22
| | | | | | | * doc/guix.texi (Networking Services): Document new `control-socket?' option for `tor-configuration`. * gnu/services/networking.scm (<tor-configuration>): (tor-configuration->torrc):
* services: cuirass: Add parameters support.Mathieu Othacehe2021-02-22
| | | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field. [zabbix-uri]: Remove it. (cuirass-shepherd-service): Honor it.
* services: cuirass: Add "simple-cuirass-services".Mathieu Othacehe2021-02-19
| | | | | | | | | | * gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>): New records. (build-manifest, build-manifest?, simple-cuirass-configuration, simple-cuirass-configuration?, simple-cuirass-services): New procedures. (%default-cuirass-config): New variable. * gnu/tests/cuirass.scm (%cuirass-simple-test): New variable. * doc/guix.texi (Continuous Integration): Document it.
* services: wireguard: New service.Mathieu Othacehe2021-02-17
| | | | | | * gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records. (wireguard-service-type): New variable. * doc/guix.texi (VPN Services): Document it.
* services: Add Agate Gemini service.Alexandru-Sergiu Marton2021-02-15
| | | | | | | | | * gnu/services/web.scm (<agate-configuration>): New record type. (agate-accounts, agate-shepherd-service): New procedures. (agate-service-type): New variable. * doc/guix.texi (Web Services): Document it. Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* services: cuirass: Add server argument for the remote-worker.Mathieu Othacehe2021-02-12
| | | | | | * gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]: New field. (cuirass-remote-worker-shepherd-service): Honor it.
* services: Add transmission-daemon service.Simon South2021-02-12
| | | | | | | | | | | * gnu/services/file-sharing.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/packages/POTFILES.in: Add it. * tests/services/file-sharing.scm: New file. * Makefile.am (SCM_TESTS): Add it. * doc/guix.texi (File-Sharing Services): New section. Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* services: Add 'xorg-server-service-type'.宋文武2021-02-11
| | | | | * gnu/services/xorg.scm (xorg-server-service-type): New service type. (xorg-server-profile-service): New procedure.
* services: knot: Fix configuration verification.Alexey Abramov2021-02-11
| | | | | | | | | * gnu/services/dns.scm (verify-knot-key-configuration): Fix the order of memq arguments. (verify-knot-keystore-configuration): Likewise. (verify-knot-acl-configuration): Replace fold with every procedure. Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* services: cuirass: Move zabbix argument to the web process.Mathieu Othacehe2021-02-09
| | | | | | | This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349. * gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri" argument to the web process.
* services: cuirass: Add Zabbix support.Mathieu Othacehe2021-02-08
| | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field. (cuirass-shepherd-service): Honor it.
* gnu: Remove 'file-systems requirement from kernel-module-loader.raid5atemyhomework2021-02-08
| | | | | | | * gnu/services/linux.scm (kernel-module-loader-shepherd-service): Remove 'file-systems requirement. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* services: PostgreSQL: Quote database names.Marius Bakke2021-02-06
| | | | | * gnu/services/databases.scm (postgresql-create-roles): Quote the name in the SQL query so that roles/usernames containing hyphens will work.
* gnu: services: Fix the NFS service.Maxim Cournoyer2021-02-05
| | | | | * gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change of the rpcbind command.
* services: shepherd: Allow custom 'shepherd' package.Maxime Devos2021-01-30
| | | | | | | | | | | | | * gnu/services/shepherd.scm (<shepherd-configuration>): New record. (shepherd-boot-gexp, shepherd-root-service-type): Use it. (scm->go, shepherd-configuration-file): Allow passing custom shepherd package. * gnu/system.scm (operating-system-shepherd-service-names): Use the new record. * guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly. * doc/guix.texi (Shepherd Services). Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: cuirass: Create remote-server cache directory.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache directory if needed. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Fix syntax error.Mathieu Othacehe2021-01-28
| | | | | | | | | This is a follow-up of 189e62fa69049538884077155cc70cac43260118. * gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix syntax. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add log-file support.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add log-file support. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Fix workers argument.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix workers arguments. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add systems argument.Mathieu Othacehe2021-01-28
| | | | | | | | * gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]: New field. (cuirass-remote-worker-shepherd-service): Honor it. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: cuirass: Add remote build support.Mathieu Othacehe2021-01-28
|
* service: cuirass: Update it.Mathieu Othacehe2021-01-28
|
* services: postgresql: Add postgresql-role-service-type.Mathieu Othacehe2021-01-28
| | | | | | | | | | | * gnu/services/databases.scm (postgresql-role, postgresql-role?, postgresql-role-name, postgresql-role-permissions, postgresql-role-create-database?, postgresql-role-configuration, postgresql-role-configuration?, postgresql-role-configuration-host, postgresql-role-configuration-roles, postgresql-role-service-type): New procedures. * gnu/tests/databases.scm: Test it. * doc/guix.texi: Document it.
* services: postgresql: Wrap long lines.Mathieu Othacehe2021-01-28
| | | | * gnu/services/databases.scm: Wrap long lines, no functional change.
* services: postgresql: Add log directory support.Mathieu Othacehe2021-01-28
| | | | | | | | | | | * gnu/services/databases.scm (postgresql-configuration-log-directory): New procedure. (<postgresql-configuration>)[log-directory]: New field. (postgresql-activation): Create the log directory. (postgresql-shepherd-service): Honor it. * gnu/tests/databases.scm (%postgresql-log-directory): New variable. (log-file): New test case. * doc/guix.texi (Database Services): Document it.
* services: postgresql: Add socket directory support.Mathieu Othacehe2021-01-28
| | | | | | | | | | | | | | * gnu/services/databases.scm (postgresql-config-file-socket-directory): New procedure. (<postgresql-config-file>)[socket-directory]: New field. (postgresql-config-file-compiler): Honor it. (postgresql-activation): Create the socket directory if needed. * doc/guix.texi (Database Services): Document it. * gnu/tests/guix.scm (%guix-data-service-os): Adapt it. * gnu/tests/monitoring.scm (%zabbix-os): Ditto. * gnu/tests/web.scm (patchwork-os): Ditto. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* services: postgresql: Use Guile datatypes.Mathieu Othacehe2021-01-28
| | | | | | | * gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile datatypes in the "extra-config" field. * gnu/tests/databases.scm (%postgresql-os): Test it. * doc/guix.texi (Database Services): Document it.
* gnu: php-fpm: Ensure no duplicate group.Julien Lepiller2021-01-17
| | | | | | | * gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not duplicated. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
* services: cups: reuse lp from %base-groups.Leo Prikler2021-01-17
| | | | * gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
* services: openntpd: Remove support for deprecated "-s" option.Simon South2021-01-16
| | | | | | | | | | | | | | | * gnu/services/networking.scm (openntpd-configuration): Remove "allow-large-adjustment?" field. (openntpd-shepherd-service): Remove use of "allow-large-adjustment?" configuration field and "-s" daemon option. * tests/networking.scm (%openntpd-conf-sample): Remove "allow-large-adjustment?" field. * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove "allow-large-adjustment?" field from sample configuration. [openntpd-configuration]: Remove description of "allow-large-adjustment?" field. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: qemu-binfmt: 'guix-support?' defaults to #t.Stefan2021-01-16
| | | | | | | | | * gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]: Change the default from #f to #t. * doc/guix.texi (Transparent Emulation with QEMU): Change the default of ‘guix-support?’ from #f to #t. Describe the implication of setting it to #f. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: hurd-vm: Respect hurd-vm-configuration's disk-size.Jan (janneke) Nieuwenhuizen2021-01-14
| | | | | | | This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7. * gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from config to set image's size.
* services: shepherd: 'shepherd-service-type' requires documentation.Ludovic Courtès2021-01-13
| | | | | | | | | | | | | | | | | * gnu/services/shepherd.scm (shepherd-service-type): Require a 'description' form. * gnu/services/base.scm (root-file-system-service-type) (rngd-service-type, host-name-service-type): (virtual-terminal-service-type, console-keymap-service-type) (syslog-service-type, swap-service-type) (kmscon-service-type): Add description. * gnu/services/networking.scm (dhcp-client-service-type): Likewise. * gnu/system/install.scm (cow-store-service-type): Likewise. * gnu/system/linux-container.scm (dummy-networking-service-type): Likewise. * gnu/system/mapped-devices.scm (device-mapping-service-type): Likewise. * tests/guix-system.sh: Likewise.
* services: Add keepalived service.Oleg Pykhalov2021-01-12
| | | | | | | * gnu/services/networking.scm (<keepalived-configuration>): New record. (keepalived-shepherd-service): New procedure. (keepalived-service-type): New variable. * doc/guix.texi (Networking Services): Document this.