aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
Commit message (Collapse)AuthorAge
* services: cuirass: Fix activation.Mathieu Othacehe2020-10-02
| | | | | | | | Fixes: <https://issues.guix.gnu.org/43760>. * gnu/services/cuirass.scm (cuirass-activation): Do not create queries-log-file and web-queries-log-file if the corresponding config file are unset.
* services: %desktop-services: Setuid root NTFS and NFS mount helpers.Maxim Cournoyer2020-10-01
| | | | | | | | | | | | | | Fixes <https://issues.guix.info/39670>. Combined with commit def6e2ae46, this allows unprivileged users to mount file systems marked with the "user" option. It adds less than 4 MiB to the closure of the lightweight-desktop.tmpl operating system template. * gnu/services/desktop.scm (%desktop-services): Extend the setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g' programs. Reported-by: Nathan Dehnel <ncdehnel@gmail.com>
* gnu: Add webssh service.Oleg Pykhalov2020-10-01
| | | | | | | | * gnu/services/ssh.scm: (<webssh-configuration>): New record type. (%webssh-configuration-nginx, webssh-service-type): New variables. (webssh-account, webssh-activation, webssh-shepherd-service): New procedures. * doc/guix.texi: Document this.
* services: hurd-vm: Add childhurd user to kvm group.Jan (janneke) Nieuwenhuizen2020-09-30
| | | | | | | | | This is a follow-up to commit d692ebf98077d6b651d426aba92bf2a38599c4dc. * gnu/services/virtualization.scm (%hurd-vm-accounts)[supplementary-groups]: Add ’kvm’. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use #:group "kvm"
* services: virtualization: Use a compressed qcow2 hurd disk-image.Mathieu Othacehe2020-09-30
| | | | | * gnu/services/virtualization.scm (hurd-vm-disk-image): Use 'compressed-qcow2 format.
* services: secret-service: Add initial client/server handshake.Ludovic Courtès2020-09-29
| | | | | | | | | | | | | | | This allows the client running on the host to know when it's actually connect to the server running in the guest. Failing that, the client would connect right away to QEMU and send secrets even though the server is not running yet in the guest, which is unreliable. * gnu/build/secret-service.scm (secret-service-send-secrets): Add #:handshake-timeout. Read from SOCK an initial message from the server. Return #f on error. (secret-service-receive-secrets): Send 'secret-service-server' message to the client. Close SOCK upon timeout. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start' method returns #f when 'secret-service-send-secrets' returns #f.
* services: secret-service: Move instance last in the list of services.Ludovic Courtès2020-09-29
| | | | | * gnu/services/virtualization.scm (secret-service-operating-system): Add the SECRET-SERVICE-TYPE instance to the end of the list.
* services: hurd-vm: Pass "-no-reboot" when spawning the Hurd VM.Ludovic Courtès2020-09-29
| | | | | * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Add "--no-reboot".
* services: hurd-vm: Initialize the guest's SSH/Guix keys at activation time.Ludovic Courtès2020-09-29
| | | | | | | | | | * gnu/services/virtualization.scm (initialize-hurd-vm-substitutes) (hurd-vm-activation): New procedures. (hurd-vm-service-type)[extensions]: Add ACTIVATION-SERVICE-TYPE extension. * doc/guix.texi (Transparent Emulation with QEMU): Mention GNU/Hurd. (The Hurd in a Virtual Machine): Explain which files are automatically installed and mention offloading.
* services: guix: Generate key pair if needed during activation.Ludovic Courtès2020-09-29
| | | | | | | | * gnu/services/base.scm (guix-activation): Invoke "guix archive --generate-key". * doc/guix.texi (Invoking guix archive) (Invoking guix deploy): Mention that 'guix-service-type' takes care of generating the key pair.
* services: hurd-vm: Check whether /dev/kvm exists at run time.Ludovic Courtès2020-09-29
| | | | | | | This change allows a childhurd to run within Guix System in a VM. * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Stage the 'file-exists?' call.
* services: childhurd: Tweak description.Ludovic Courtès2020-09-29
| | | | | * gnu/services/virtualization.scm (hurd-vm-service-type)[description]: Mention "childhurd".
* services: hurd-vm: Run QEMU as an unprivileged user.Ludovic Courtès2020-09-29
| | | | | | | Until qemu was running as "root", which is unnecessary. * gnu/services/virtualization.scm (%hurd-vm-accounts): New variable. (hurd-vm-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension.
* services: Add elogind ‘handle-lid-switch-external-power’.Tobias Geerinckx-Rice2020-09-28
| | | | | | | * gnu/services/desktop.scm <elogind-configuration>: Add an handle-lid-switch-external-power field, mapping to the HandleLidSwitchExternalPower logind.conf setting. * doc/guix.texi (Desktop Services): ‘Document’ it.
* services: WPA Supplicant: Conditionally depend on D-Bus.Marius Bakke2020-09-24
| | | | | | | | | | | Fixes <https://bugs.gnu.org/43567>. Reported by calcium <calcium@disroot.org>. * gnu/services/networking.scm (<wpa-supplicant-configuration>)[requirement]: Remove 'dbus-system. (wpa-supplicant-shepherd-service)[requirement]: Add 'dbus-system when DBUS? is true. * doc/guix.texi (Networking Services)[wpa-supplicant-service-type]: Adjust accordingly.
* services: cuirass: Create queries log files at activation.Mathieu Othacehe2020-09-24
| | | | | * gnu/services/cuirass.scm (cuirass-activation)[queries-log-file]: Create and set user permissions on "queries-log-file" and "web-queries-log-file".
* services: cuirass: Add web SQL queries logging support.Mathieu Othacehe2020-09-24
| | | | | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[web-queries-log-file]: New field. (cuirass-shepherd-service): Honor it. (cuirass-log-rotations): If defined, add the web queries log file to the log rotation.
* services: cuirass: Add SQL queries logging support.Mathieu Othacehe2020-09-24
| | | | | | | | * gnu/services/cuirass.scm (<cuirass-configuration>)[queries-log-file]: New field. (cuirass-shepherd-service): Honor it. (cuirass-log-rotations): If defined, add the queries log file to the log rotation.
* services: docker: Fix configuration.Oleg Pykhalov2020-09-23
| | | | | | | This is a follow-up to e04b90607ac903359c90c9bad1b67fb7ce2f0eb6. * gnu/services/docker.scm (docker-shepherd-service): Fix "enable-proxy?" configuration.
* services: Allow (service bluetooth-service-type).Tobias Geerinckx-Rice2020-09-23
| | | | | * gnu/services/desktop.scm (bluetooth-service-type) [default-value]: Set to (bluetooth-configuration).
* services: Docker: Fix typo in configuration.Efraim Flashner2020-09-21
| | | | | | | This is a follow-up to f0a09310e6ff2ed63770cb585c551ba94ce4a9d0. * gnu/services/docker.scm (docker-shepherd-service): Properly reference variables in service definition.
* services: docker: Fix enable-proxy? option.Jesse Dowell2020-09-21
| | | | | | | | | | | The userland proxy option does not properly disable the userland proxy when set to false. Docker defaults to enabling the userland proxy if the option is unset on the command line. * gnu/services/docker.scm (docker-shepherd-service): Properly handle the 'enable-proxy?' option. Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* services: base: Improve container related comments.Mathieu Othacehe2020-09-21
| | | | | * gnu/services/base.scm (guix-shepherd-service): Clarify the usage of a container for guix-daemon.
* services: dicod: Reduce irony.Tobias Geerinckx-Rice2020-09-21
| | | | * gnu/services/dict.scm (dicod-service): Fix docstring typo.
* services: bitlbee: Support libpurple plugins.Ludovic Courtès2020-09-15
| | | | | * gnu/services/messaging.scm (bitlbee-shepherd-service): Pass PURPLE_PLUGIN_PATH as #:environment-variables.
* services: docker: Fix service definition.Oleg Pykhalov2020-09-15
| | | | | | | | | This commit follows a404716d411cf7cd49ff02e3100f0bbf6622d6d5. * gnu/services/docker.scm (docker-configuration)[docker-cli]: New record field. (docker-service-type): Use this. * doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
* services: docker: Fix service definition.Efraim Flashner2020-09-14
| | | | | | | This is a follow-up to 8422a67dc16af4dd5eb82180463aa7a0b362d5b9. * gnu/services/docker.scm (docker-service-type): Use a composed list for packages in profile-service-type.
* services: docker: Make docker command available.Efraim Flashner2020-09-14
| | | | | * gnu/services/docker.scm (docker-service-type): Extend the profile-service-type and add the docker-cli package.
* services: certbot: Support registration without email.Timotej Lazar2020-09-13
| | | | | | | | | * gnu/services/certbot.scm (certbot-configuration): Add default for the email option. (certbot-command): Pass email for registration only when specified. * doc/guix.texi (Certificate Services): "mandatory"→"optional" email. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: Fix zram-device-service.Tobias Geerinckx-Rice2020-09-13
| | | | * gnu/services/linux.scm (<zram-device-configuration>): Fix typo.
* Revert "services: dovecot: Use modules via symlink to system profile."Tobias Geerinckx-Rice2020-09-11
| | | | | | | | | This reverts commit bcfe0f0c1e9a2b91049d7c6c591c7f0c6a002c14 for now. It breaks most current use(r)s of the Dovecot service and needs to be combined with an extra modules configuration field of some kind. See <https://issues.guix.gnu.org/43347>.
* services: dovecot: Only serialize settings with non-empty values.Alexey Abramov2020-09-11
| | | | | | | | | * gnu/services/mail.scm (serialize-space-separated-string-list): Protocols might have custom settings, which are not supported by other protocols. To prevent dovecot/services from crashing, serialize settings that hold non-empty values only. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* services: php-fpm: Add 'php-ini-file' configuration.Jelle Licht2020-09-10
| | | | | | * gnu/services/web.scm: (<php-fpm-configuration>)[php-ini-file]: New record field. (php-fpm-shepherd-service): Use it. * doc/guix.texi (Web Services): Document it.
* services: dovecot: Serialize global settings first.Alexey Abramov2020-09-09
| | | | | | | * gnu/services/mail.scm (dovecot-configuration): To avoid dovecot warning messages, move serialization of protocol settings below the global one. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* services: dovecot: Use modules via symlink to system profile.Alexey Abramov2020-09-09
| | | | | | | | * gnu/services/mail.scm (%dovecot-activation): Link the location with multiple plugins (dovecot-pigeonhole, etc), to a place where dovecot can find them. * gnu/services/mail.scm (dovecot-configuration): Use the symlink. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* installer: Run the installation inside a container.Mathieu Othacehe2020-09-02
| | | | | | | | | | | | | | | | | | | When the store overlay is mounted, other processes such as kmscon, udev and guix-daemon may open files from the store, preventing the underlying install support from being umounted. See: https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html. To avoid this situation, mount the store overlay inside a container, and run the installation from within that container. * gnu/build/shepherd.scm (fork+exec-command/container): New procedure. * gnu/services/base.scm (guix-shepherd-service): Support an optional PID argument passed to the "start" method. If that argument is passed, ensure that guix-daemon enters the given PID MNT namespace by using fork+exec-command/container procedure. * gnu/installer/final.scm (umount-cow-store): Remove it, (install-system): run the installation from within a container. * gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* services: childhurd: Always include the secret-service.Jan (janneke) Nieuwenhuizen2020-09-02
| | | | | | | | | | * gnu/services/virtualization.scm (secret-service-operating-system): New procedure. (hurd-vm-disk-image): Use it to ensure a Childhurd always includes the secret-service. (%hurd-vm-operating-system): Remove secret-service. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: childhurd: Support installing secrets from the host.Jan (janneke) Nieuwenhuizen2020-09-01
| | | | | | | * gnu/services/virtualization.scm (%hurd-vm-operating-system): Add secret-service. (hurd-vm-shepherd-service): Use it to install secrets. * doc/guix.texi (The Hurd in a Virtual Machine): Document it.
* services: Add secret-service-type.Jan (janneke) Nieuwenhuizen2020-09-01
| | | | | | | | | | | | This adds a "secret-service" that can be added to a Childhurd VM to receive out-of-band secrets (keys) sent from the host. Co-authored-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/virtualization.scm (secret-service-activation): New procedure. (secret-service-type): New variable. * gnu/build/secret-service.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* services: fcgiwrap: Create parent directory for unix socket.Arun Isaac2020-08-26
| | | | | | * gnu/services/web.scm (fcgiwrap-activation): New function. (fcgiwrap-service-type): Extend activation-service-type with fcgiwrap-activation.
* services: mcron: Validate jobs even in the presence of #:user.Ludovic Courtès2020-08-26
| | | | | | | | | | | Fixes a bug in 949672c923b6a3953471c446e0b19f30be335572 whereby jobs specifying a #:user not available in the build environment would fail validation. Reported by Maxim Cournoyer. * gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue" file and pass it to 'mcron --schedule'.
* services: mcron: Validate jobs at build time.Ludovic Courtès2020-08-26
| | | | | | | | That way, run-time errors in the job specs are caught at build time. * gnu/services/mcron.scm (job-file): Remove. (job-files): New procedure. (mcron-shepherd-services): Adjust accordingly.
* services: ganeti-kvmd-service-type: Fix typo in description.Tobias Geerinckx-Rice2020-08-25
| | | | | * gnu/services/ganeti.scm (ganeti-kvmd-service-type)[description]: Fix typo.
* Remove "guile-zlib" extension when unused.Mathieu Othacehe2020-08-25
| | | | | | | | | | | | | | | | This is a follow-up of 755f365b02b42a5d1e8ef3000dadef069553a478. As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed as an extension only when it is effectively used. * gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions. * gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto. * gnu/services.scm (activation-script): Ditto. * gnu/services/base.scm (default-serial-port): Ditto, (agetty-shepherd-service): ditto, (udev-service-type): ditto. * gnu/system/image.scm (gcrypt-sqlite3&co): Ditto. * gnu/system/shadow.scm (account-shepherd-service): Ditto.
* linux-libre: Support module compression.Mathieu Othacehe2020-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for GZIP compression for linux-libre kernel modules. The initrd modules are kept uncompressed as the initrd is already compressed as a whole. The linux-libre kernel also supports XZ compression, but as Guix does not have any available bindings for now, and the compression time is far more significant, GZIP seems to be a better option. * gnu/build/linux-modules.scm (modinfo-section-contents): Use 'call-with-gzip-input-port' to read from a module file using '.gz' extension, (strip-extension): new procedure, (dot-ko): adapt to support compression, (ensure-dot-ko): ditto, (file-name->module-name): ditto, (find-module-file): ditto, (load-linux-module*): ditto, (module-name->file-name/guess): ditto, (module-name-lookup): ditto, (write-module-name-database): ditto, (write-module-alias-database): ditto, (write-module-device-database): ditto. * gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions. * gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto. * gnu/services.scm (activation-script): Ditto. * gnu/services/base.scm (default-serial-port): Ditto, (agetty-shepherd-service): ditto, (udev-service-type): ditto. * gnu/system/image.scm (gcrypt-sqlite3&co): Ditto. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib" to the extensions and make sure that the initrd only contains uncompressed module files. * gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the extensions. * guix/profiles.scm (linux-module-database): Ditto.
* services: unattended-upgrade: Log output of the 'guix' commands.Ludovic Courtès2020-08-24
| | | | | | | | | | Fixes <https://bugs.gnu.org/43011>. Reported by Jesse Gibbons <jgibbons2357@gmail.com>. Until now the stdout/stderr file descriptors were not redirected. * gnu/services/admin.scm (unattended-upgrade-mcron-jobs)[code]: Remove 'with-logging' and use 'redirect-port' instead.
* services: unattended-upgrade: Add 'operating-system-file' field.Ludovic Courtès2020-08-24
| | | | | | | * gnu/services/admin.scm (<unattended-upgrade-configuration>)[operating-system-file]: New field. (unattended-upgrade-mcron-jobs): Honor it. * doc/guix.texi (Unattended Upgrades): Document it.
* services: Allow (service accountsservice-service-type).Tobias Geerinckx-Rice2020-08-19
| | | | | * gnu/services/desktop.scm (accountsservice-service-type) [default-value]: Set to accountsservice.
* services: connman-shepherd-service: Don't use short flags.Efraim Flashner2020-08-16
| | | | | * gnu/services/networking.scm (connman-shepherd-service): Use the long flag options for the start command.
* services: docker: Add 'enable-iptables?' argument.Alexey Abramov2020-08-16
| | | | | | | | * gnu/services/docker.scm (docker-configuration): Define the argument. * gnu/services/docker.scm (docker-shepherd-service): Use it. * doc/guix.texi (Docker Service): Document it. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>