aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
Commit message (Collapse)AuthorAge
* gnu: fail2ban-service-type: Improve extra-content fields.muradm2022-09-14
| | | | | | | | | | * gnu/services/security.scm (fail2ban-jail-configuration)[extra-content]: Change to text-config. (fail2ban-configuration)[extra-content]: Change to text-config. * gnu/doc/guix.texi: Update type of extra-content fields. Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: shepherd: Install O_CLOEXEC variant of 'call-with-input-file' & co.Ludovic Courtès2022-09-13
| | | | | | | | | | Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit 1ba0e38267c9ff8bb476285091be6e297bbf136e whereby files opened by, say, the 'start' method of 'urandom-seed', could leak into the execution environment of some other service--e.g., 'term-tty4'. * gnu/services/shepherd.scm (shepherd-configuration-file)[config]: Override 'call-with-input-file' and 'call-with-output-file'.
* services: secret-service: Inherit from the original 'guix-configuration'.Ludovic Courtès2022-09-13
| | | | | | | | | Reported by zamfofex. Regression introduced in 2bac6ea177d5b3353ea1a4d032d17a6ac3763e96. * gnu/services/virtualization.scm (secret-service-operating-system): Add 'inherit' keyword for 'guix-configuration'.
* services: web: Fix long lines.Mathieu Othacehe2022-09-11
| | | | | * gnu/services/web.scm: Remove a trailing space and wrap long line. No functional change.
* services: shepherd: Open /dev/null as O_CLOEXEC.Ludovic Courtès2022-09-11
| | | | | | | | Failing to do that, that file descriptor could be inherited by child processes as of Shepherd 0.9.2. * gnu/services/shepherd.scm (shepherd-configuration-file): Open /dev/null as O_CLOEXEC.
* services: libvirt: Fix listen TCP.Oleg Pykhalov2022-09-09
| | | | | * gnu/services/virtualization.scm (libvirt-shepherd-service): Add '--listen' argument if 'listen-tcp?' is true.
* services: agetty-service-type: Add missing dash.Hilton Chain2022-09-08
| | | | | | | * gnu/services/base.scm (<agetty-configuration>): Add missing dash for no-hostname? configuration. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: nginx: Add 'shepherd-requirement' configuration field.Ludovic Courtès2022-09-06
| | | | | | | * gnu/services/web.scm (<nginx-configuration>)[shepherd-requirement]: New field. (nginx-shepherd-service): Honor it. * doc/guix.texi (Web Services): Document it.
* services: upower: Default to a percentage-based policy.Ludovic Courtès2022-09-04
| | | | | | | | | | This is the documented default of UPower 0.99.15 (the actual default appears to be #f though). * gnu/services/desktop.scm (<upower-configuration>) [use-percentage-for-policy?]: Default to #t. * doc/guix.texi (Desktop Services): Adjust accordingly. Explain the tradeoff.
* services: upower: Update default percentage values.Ludovic Courtès2022-09-04
| | | | | | | | These values are those used by default by UPower 0.99.15. * gnu/services/desktop.scm (<upower-configuration>)[percentage-low] [percentage-critical]: Increase. * doc/guix.texi (Desktop Services): Update accordingly.
* gnu: fail2ban-service-type: Fix documentation typos.muradm2022-09-01
| | | | Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu: fail2ban-service-type: Improve jail configuration serialization.muradm2022-09-01
| | | | | | | * gnu/services/security.scm (fail2ban-jail-configuration) [name]: Should use empty-serializer. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu: fail2ban-service-type: Fix field name serialization.muradm2022-09-01
| | | | | | | * gnu/services/security.scm: Wrong condition in string-filter function in fail2ban-jail-configuration-serialize-field-name. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: gitolite: Relax permissions on service user home directory.David Thompson2022-08-30
| | | | | | | | | | | | Fixes https://issues.guix.gnu.org/56444 * gnu/services/version-control.scm (gitolite-activation): Modify permissions on home directory so that git group has read access. Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com> Experienced by David Thompson for years, wondering what was wrong. Thanks for finding the root cause, Evgeny! :)
* services: Add lightdm-service-type.Maxim Cournoyer2022-08-28
| | | | | | | | | | * gnu/services/lightdm.scm: New service. * tests/services/lightdm.scm: Test it. * doc/guix.texi (X Window): Document it. * gnu/local.mk (GNU_SYSTEM_MODULES): Register it. Co-authored-by: L p R n d n <guix@lprndn.info> Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
* gnu: security: Add fail2ban-service-type.muradm2022-08-28
| | | | | | | | | * gnu/services/security.scm: New module. * gnu/tests/security.scm: New module. * gnu/local.mk: Add new security module and tests. * doc/guix.text: Add fail2ban-service-type documentation. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu: greetd-service-type: Add supplementary groups to greeter.muradm2022-08-26
| | | | | | | | | | | | | * gnu/services/base.scm (<greetd-configuration>) [greeter-supplementary-groups]: New field. (%greetd-accounts): Rename to... (greetd-accounts): ... this. Convert to a function that takes a config argument. Use greeter-supplementary-groups. (greetd-service-type): Adjust accordingly. * gnu/tests/desktop.scm (%minimal-services): Add test for greeter-supplementary-groups. * doc/guix.texi ("Base Services")[greetd-service-type]: Document greeter-supplementary-groups.
* gnu: seatd-service-type: Use seat group.muradm2022-08-26
| | | | | | | | | | | | | | | | * gnu/services/desktop.scm (seatd-group-sanitizer): New variable. (<seatd-configuration>)[user]: Removed field. [group]: Changed to "seat". Sanitize via seatd-group-sanitizer. (seatd-accounts): New variable. (seatd-environment): Adjust to <seatd-configuration> ABI. (seatd-service-type)[extensions]: Add account-service-type with seatd-accounts. * gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct ownership of $SEATD_SOCK. * doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users may need to become members of the "seat" group. Update default value for group field. Add explanation on seatd.sock file. Remove dropped user field.
* services: configuration: Change the value of the unset marker.Attila Lendvai2022-08-25
| | | | | | | The new value of %unset-value sticks out more when something goes wrong, and is also more unique; i.e. easier to search for. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: Use the new maybe/unset API.Attila Lendvai2022-08-25
| | | | | | | | | | | | | | | | | | | * gnu/home/services/ssh.scm (serialize-address-family): Use the public API of the maybe infrastructure. * gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value. (serialize-maybe-file-object): Use maybe-value-set?. * gnu/services/getmail.scm (getmail-retriever-configuration): Don't use internals in unset field declarations. (getmail-destination-configuration): Ditto. * gnu/services/messaging.scm (raw-content?): Use maybe-value-set?. (prosody-configuration): Use %unset-value. * gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?. (archive-name->username): Use maybe-value-set?. * tests/services/configuration.scm ("maybe type, no default"): Use %unset-value. Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: configuration: Add maybe-value exported procedure.Attila Lendvai2022-08-24
| | | | | | * gnu/services/configuration.scm (maybe-value): New procedure. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: configuration: Add %unset-value exported variable.Attila Lendvai2022-08-24
| | | | | | | | * gnu/services/configuration.scm (%unset-value): New variable. (normalize-field-type+def): Use it. (maybe-value-unset?): Use it. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: configuration: Add a 'maybe-value-set?' procedure.Maxim Cournoyer2022-08-24
| | | | | | | | * gnu/services/configuration.scm (maybe-value-set?): New procedure. * doc/guix.texi (Complex Configurations): Document it. Remove comment showing usage of 'maybe-string' with a default value, which doesn't make sense. Co-authored-by: Attila Lendvai <attila@lendvai.name>
* services: elogind: Fix default behavior for lid close.Maxim Cournoyer2022-08-10
| | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/57052>, which was a behavior change introduced inadvertently in 4c698cd51209a0102477478b026ea04bd7e45908. * gnu/services/desktop.scm (<elogind-configuration>) [handle-lid-switch-external-power]: Default to *unspecified*, which serializes to nothing. This matches upstream behavior, meaning that even when plugged to a power cord, a laptop will suspend when the lid is closed. * doc/guix.texi (Desktop Services): Update doc. Reported-by: Cairn <cairn@pm.me>
* services: qemu-guest-agent: Fix arguments to qemu-ga.Timotej Lazar2022-08-09
| | | | | | | | | | | Fix the check for empty device path. Do not use --daemonize, since that is handled by make-forkexec-constructor. Drop the --pidfile option which is unused without --daemonize. * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify command arguments. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: configuration: Step back from *unspecified*.Maxim Cournoyer2022-08-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/56799>. This partially reverts 8cb1a49a3998c39f315a4199b7d4a121a6d66449. Rationale: *unspecified* cannot be serialized thus used as a G-Expression input, which is problematic/inconvenient when using deeply nested records. As an example, jami-service-type was broken when using partially defined <jami-account> records. * gnu/services/configuration.scm (define-maybe-helper): Check against the 'unset symbol. (normalize-field-type+def): Adjust value to 'unset. (define-configuration-helper): Use 'unset as the default value thunk. * gnu/services/file-sharing.scm (serialize-maybe-string): Check against the 'unset symbol. (serialize-maybe-file-object): Likewise. * gnu/services/messaging.scm (define-all-configurations): Use 'unset as value. (raw-content?): Check against 'unset symbol. (prosody-configuration)[http-max-content-size]: Default to 'unset. [http-external-url]: Likewise. [mod-muc]: Likewise. [raw-content]: Likewise. * gnu/services/networking.scm (opendht-configuration): Adjust documentation. * gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined* with the 'unset symbol. * tests/services/configuration.scm ("maybe type, no default"): Check against the 'unset symbol. * doc/guix.texi: Regenerate the opendht-configuration, openvpn-client-configuration and openvpn-server-configuration documentation.
* services: opensmtpd: Make commands setgid to "smtpq" by default.Maya2022-08-01
| | | | | | | | | | | This is a patch that fixes "<executable name>: this program must be setgid smtpq". * gnu/services/mail.scm (<opensmtpd-configuration>)[setgid-commands?]: New field. (opensmtpd-set-gids): New procedure. (opensmtpd-service-type)[extensions]: Add SETUID-PROGRAM-SERVICE-TYPE extension. * doc/guix.texi (Mail Services): Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: rottlog: More convenient default options for <log-rotation>.Ludovic Courtès2022-08-01
| | | | | | | * gnu/services/admin.scm (%default-log-rotation-options): New variable. (%default-rotations): Use it. * gnu/services/cuirass.scm (cuirass-log-rotations): Likewise. * doc/guix.texi (Log Rotation): Adjust accordingly.
* services: rottlog: Keep important /var/log files for 16 weeks.Ludovic Courtès2022-08-01
| | | | | | | | The default "rotate" value is 1 as of rottlog 0.72.2, meaning that only one rotated file would be kept in addition to the active file. * gnu/services/admin.scm (%default-rotations): Add "rotate" option for %ROTATED-FILES.
* services: tor: Do not write to /var/log/tor.log.Ludovic Courtès2022-08-01
| | | | | | | | | | The service uses syslog and additionally shepherd 0.9 captures its stdout/stderr, so there's no point in passing #:log-file. * gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file argument to 'make-forkexec-constructor'. (%tor-log-rotation): Remove. (tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
* services: tor: Switch to 'least-authority-wrapper'.Ludovic Courtès2022-07-19
| | | | | | | | * gnu/services/networking.scm (tor-configuration->torrc): Remove "User" and "PidFile". (tor-shepherd-service): Use 'least-authority-wrapper' and 'make-forkexec-constructor' instead of 'make-forkexec-constructor/container'.
* gnu: tests: Fix guix-data-service test.Timotej Lazar2022-07-15
| | | | | | | | | | | | Since revision 32, guix-data-service starts immediately but returns an HTTP error code until initialization is complete. Adjust the test accordingly, and remove the increased startup time limit. * gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout. * gnu/tests/guix.scm (guix-data-service): Retry the http-get test several times to give the service time to initialize. Signed-off-by: Christopher Baines <mail@cbaines.net>
* services: docker: Fix race condition.Oleg Pykhalov2022-07-13
| | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/38432>. * gnu/packages/patches/containerd-create-pid-file.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/docker.scm (containerd)[source]: Add this patch. * gnu/services/docker.scm (containerd-shepherd-service): Add #:pid-file and #:pid-file-timeout. * gnu/services/docker.scm (docker-shepherd-service): Add --containerd flag. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* services: guix-build-coordinator: Fix passing parallel-hooks.Christopher Baines2022-07-03
| | | | | | | The previous approach didn't support a simple alist. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix passing parallel-hooks in to the start gexp.
* services: Add anonip-service-type.Ricardo Wurmus2022-07-03
| | | | | | | | | | | | * gnu/services/web.scm (anonip-configuration): New record type. (anonip-configuration?, anonip-configuration-anonip, anonip-configuration-input, anonip-configuration-output, anonip-configuration-skip-private?, anonip-configuration-column, anonip-configuration-replacement, anonip-configuration-ipv4mask, anonip-configuration-ipv6mask, anonip-configuration-increment, anonip-configuration-delimiter, anonip-configuration-regex): New procedures. (anonip-service-type): New service type. * doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
* services: openssh: Listen on IPv6 only when IPv6 is supported.Ludovic Courtès2022-07-01
| | | | | | | | | Fixes <https://issues.guix.gnu.org/56327>. Reported by André Batista <nandre@riseup.net>. * gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New variable. Use it in 'start' method.
* services: root-file-system: Cleanly unmount upon shutdown.Ludovic Courtès2022-07-01
| | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/56209>. Reported by angry rectangle <angryrectangle@cock.li>. * gnu/packages/admin.scm (shepherd-0.9)[modules, snippet]: New fields. * gnu/services/base.scm (%root-file-system-shepherd-service): In 'stop' method, remove 'call-with-blocked-asyncs'. When 'mount' throws to 'system-error, call (@ (fibers) sleep) and try again. * gnu/tests/base.scm (run-root-unmount-test): New procedure. (%test-root-unmount): New variable.
* services: nginx: Add support for extra content in upstream blocks.Christopher Baines2022-07-01
| | | | | | | | | I'm looking at this as I'd like to use the keepalive functionality. * gnu/services/web.scm (nginx-upstream-configuration-extra-content): New procedure. (emit-nginx-upstream-config): Include the extra-content if applicable. * doc/guix.texi (NGINX): Document this.
* services: guix: Support guix-build-coordinator parallel hooks.Christopher Baines2022-07-01
| | | | | | | | | * gnu/services/guix.scm (guix-build-coordinator-configuration-parallel-hooks): New procedure. (make-guix-build-coordinator-start-script): Accept and use #:parallel-hooks. (guix-build-coordinator-shepherd-services): Pass parallel-hooks to make-guix-build-coordinator-start-script. * doc/guix.texi (Guix Build Coordinator): Document this new field.
* services: greetd: Remove unnecessary user groups.Lars-Dominik Braun2022-06-30
| | | | | * gnu/services/base.scm (%greetd-accounts): Remove supplementary groups users, tty, input, audio. Create special user group “greeter”.
* services: configuration: Remove 'validate-configuration'.Ludovic Courtès2022-06-24
| | | | | | | | | | | | Now that configuration records use the 'sanitize' property for each field, 'validate-configuration' has become useless because it's impossible to construct an invalid configuration record. * gnu/services/configuration.scm (validate-configuration): Remove. * gnu/services/mail.scm (dovecot-service): Remove call. * gnu/services/vpn.scm (openvpn-client-service) (openvpn-server-service): Likewise. * doc/guix.texi (Complex Configurations): Remove documentation.
* services: configuration: Report the location of field type errors.Ludovic Courtès2022-06-24
| | | | | | | | | | | | | | | | | Previously field type errors would be reported in a non-standard way, and without any source location information. This fixes it. * gnu/services/configuration.scm (configuration-field-error): Add a 'loc' parameter and honor it. Use 'formatted-message' instead of plain 'format'. (define-configuration-helper)[field-sanitizer]: New procedure. Use it. Use STEM as the identifier of the syntactic constructor of the record type. Add a 'sanitize' property to each field. Remove now useless STEM macro that would call 'validate-configuration'. * gnu/services/mail.scm (serialize-listener-configuration): Adjust to new 'configuration-field-error' prototype. * tests/services/configuration.scm ("wrong type for a field"): New test. * po/guix/POTFILES.in: Add gnu/services/configuration.scm.
* services: wireguard: Shepherd 'stop' method really stops.Ludovic Courtès2022-06-22
| | | | | | | Until now the 'stop' method would return #t, which shepherd would interpret as "services could not be stopped". * gnu/services/vpn.scm (wireguard-shepherd-service): Have 'stop' return #f.
* gnu: desktop: Add seatd-service-type.muradm2022-06-17
| | | | | | | * gnu/services/desktop.scm (seatd-service-type): New variable * gnu/services/desktop.scm (seatd-configuration): New data type Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
* gnu: base: Add greetd-service-type.muradm2022-06-17
| | | | | | | | | | | | | * gnu/services/base.scm (greetd-service-type): New variable * gnu/services/base.scm (greetd-configuration): New data type * gnu/services/base.scm (greetd-terminal-configuration): New data type * gnu/services/base.scm (greetd-agreety-session): New data type * gnu/services/base.scm (pam-limits-service-type): Should be aware of greetd PAM service * gnu/services/pam-mount.scm (pam-mount-pam-service): Should be aware of greetd PAM service Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
* services: configuration: Use *unspecified* instead of 'disabled.Attila Lendvai2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use *unspecified* as a marker for field values that have not been set. Rationale: 'disabled may easily clash with user values for boolean fields, is confusing (i.e. its meaning is *not* boolean false, but unspecified) and it also passes silently through the symbol? predicate of a field of type symbol. * gnu/services/configuration.scm (configuration-missing-default-value): Renamed from configuration-no-default-value. (define-maybe-helper): Use *unspecified* instead of 'disabled, and make the default value optional. * gnu/home/services/desktop.scm (home-redshift-configuration): Change (maybe-xyz 'disabled) to maybe-xyz. * gnu/services/authentication.scm (nslcd-configuration): Likewise. * gnu/services/cgit.scm (repository-cgit-configuration): Likewise. * gnu/services/file-sharing.scm (serialize-maybe-string) (serialize-maybe-file-object): Use 'unspecified?' instead of (eq? val 'disabled). * gnu/services/messaging.scm (raw-content?): Likewise. (ssl-configuration): Change (maybe-xyz 'disabled) to maybe-xyz. (prosody-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/messaging.scm (define-all-configurations): Use *unspecified* instead of 'disabled'. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-account): Likewise. (jami-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise. * tests/services/configuration.scm ("maybe type, no default") ("maybe type, with default"): New tests. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: configuration: Support (field1 maybe-number "") format.Attila Lendvai2022-06-15
| | | | | | | | | | | | | | | | | | As opposed to explicitly using 'disabled as value, or using the (field1 (maybe-number) "") format. It's mostly the work of Maxime Devos shared under #54674, with some modifications by Attila Lendvai. * gnu/services/configuration.scm (normalize-field-type+def): New function. (define-configuration-helper) (define-configuration): Support new field format. * tests/services/configuration.scm (config-with-maybe-number->string): New function. ("maybe value serialization of the instance"): New test. ("maybe value serialization of the instance, unspecified"): New test. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: dbus: Add a VERBOSE? configuration option.Maxim Cournoyer2022-06-14
| | | | | | | * gnu/services/dbus.scm (<dbus-configuration>)[verbose?]: New field. (dbus-shepherd-service): Use it. (dbus-service)[verbose?]: Add argument and update doc. * doc/guix.texi (Desktop Services): Document it.
* services: guix: Generalize extensions.terramorpha2022-06-13
| | | | | | | | | * gnu/services/base.scm (<guix-extension>): New record type. (guix-extension-merge): New procedure. (guix-service-type): Honor extensions. * doc/guix.texi (Base Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* system: Align zram priority with swap-space spec to clarify.Josselin Poiret2022-06-11
| | | | | | | | | | | | | | | | Fixes <https://issues.guix.gnu.org/54783>. * gnu/services/linux.scm (zram-device-configuration) [priority]: Adapt to use #f or an integer from 0 to 32767. Add sanitizer to warn for the change and delay the field. (zram-device-configuration->udev-string): Adapt as above. * doc/guix.texi (Zram Device Service): Remove double copyright line. Change priority description to refer to the Swap Space one, and suggest not leaving the default #f on to properly use zram. Reported-by: Stefan Baums <baums@stefanbaums.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>