aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
Commit message (Collapse)AuthorAge
* services: hurd-vm: Leave root password uninitialized when offloading.Ludovic Courtès2023-10-05
| | | | | | | | | | | | | Starting with 953c65ffdd43c02c934518fb7a1c68542584b223, offloading to the Hurd VM would be enabled by default. However, ‘root’ had an empty password so any user on the host could connect to the VM over VNC, log in as root, and potentially populate the host’s store from there. This change fixes that. * gnu/services/virtualization.scm (operating-system-with-locked-root-account): New procedure. (hurd-vm-disk-image)[transform]: Add ‘operating-system-with-locked-root-account’ when offloading.
* services: mcron: Hide ‘mkdir-p’ from (shepherd support).Ludovic Courtès2023-10-05
| | | | | | | | This a avoids a Guile warning about the name collision with (guix build utils). The warning was introduced by commit e0e85f2b2396c69d078caad9bd8e1a0fddf33a4a. * gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* services: mcron: Do not #:select ‘%user-log-dir’.Ludovic Courtès2023-10-02
| | | | | | * gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select ‘%user-log-dir’ from (shepherd support) since it’s missing in the Shepherd 0.8, which is still used on GNU/Hurd.
* gnu: cuirass: Update to 797b26a.Ludovic Courtès2023-10-02
| | | | | * gnu/packages/ci.scm (cuirass): Update to 797b26a. * gnu/services/cuirass.scm (cuirass-activation): Create /var/run/cuirass.
* services: hurd-vm: Implement zero-configuration offloading.Ludovic Courtès2023-10-01
| | | | | | | | | | | | | | | | | | | This allows for zero-configuration offloading to a childhurd. * gnu/services/virtualization.scm (operating-system-with-offloading-account): New procedure. (<hurd-vm-configuration>)[offloading?]: New field. (hurd-vm-disk-image): Define ‘transform’ and use it. (hurd-vm-activation): Generate SSH key for user ‘offloading’ and add authorize it via /etc/childhurd/etc/ssh/authorized_keys.d. (hurd-vm-configuration-offloading-ssh-key) (hurd-vm-guix-extension): New procedures. (hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension. * gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New procedure. [os]: Add (gnu build install) and its closure to #:import-modules. [test]: Add “copy-on-write store” and “offloading” tests. * doc/guix.texi (Virtualization Services): Document it.
* services: hurd-vm: Disable password-based authentication for root.Ludovic Courtès2023-10-01
| | | | | | | | | | | | | | With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login.
* services: hurd-vm: ‘image’ field has to be an <image> record.Ludovic Courtès2023-10-01
| | | | | | | | | | * gnu/services/virtualization.scm (<hurd-vm-configuration>)[image]: Document as being an <image> record. (hurd-vm-disk-image): Remove call to ‘system-image’. (hurd-vm-shepherd-service): Add call to ‘system-image’. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove call to ‘system-image’. * doc/guix.texi (Virtualization Services): Adjust accordingly.
* services: childhurd: Authorize the childhurd’s key on the host.Ludovic Courtès2023-10-01
| | | | | | | | This partly automates setting up a childhurd for offloading purposes. * gnu/services/virtualization.scm (authorize-guest-substitutes-on-host): New procedure. (hurd-vm-activation): Use it.
* services: guix: Support declarative offloading setup.Ludovic Courtès2023-10-01
| | | | | | | | | | | | | | | * gnu/services/base.scm (guix-machines-files-installation): New procedure. (<guix-configuration>)[build-machines]: New field. (guix-activation): Call ‘ guix-machines-files-installation’. (<guix-extension>)[build-machines]: New field. (guix-extension-merge): Handle it. (guix-service-type)[extend]: Likewise. * doc/guix.texi (Daemon Offload Setup): Add note linking to ‘guix-configuration’. (Base Services): Document ‘build-machines’ field of <guix-configuration> and of <guix-extension>. (Virtualization Services): Add ‘hurd-vm’ anchor.
* services: guix: Use the right locale package on GNU/Hurd.Ludovic Courtès2023-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes a bug introduced in 0dd293b4d9095137c9952e16ca951f887b7e7018 whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the “wrong” locale data (2.35 instead of 2.37). Consequently, it would fail to setlocale(3) and calls to ‘std::stoi’ (when reading the output of ‘guix authenticate’) would throw, leading to this error message of guix-daemon: unexpected build daemon error: stoi This would manifest when sending store items to a childhurd: $ guix copy --to=localhost:10022 sed guix copy: sending 1 store item (1 MiB) to 'localhost'... guix copy: error: unknown error while sending files over SSH The “unknown error” is the ‘stoi’ exception. This commit fixes that, but for the ‘guix-daemon’ service only. * gnu/services/base.scm (guix-shepherd-service)[locales]: New variable. Use it instead of ‘glibc-utf8-locales’.
* services: hurd-vm: Use the default SSH port number.Ludovic Courtès2023-10-01
| | | | | | * gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove ‘port-number’ from ‘openssh-configuration’. (hurd-vm-net-options): Change 2222 to 22 in port forwarding.
* services: nftables: Add 'configuration' action.Marius Bakke2023-09-22
| | | | * gnu/services/networking.scm (nftables-shepherd-service)[actions]: New field.
* services: hurd-vm: Use ‘qemu-system-x86_64’.Ludovic Courtès2023-09-18
| | | | | | | Fixes <https://issues.guix.gnu.org/66053>. * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Use ‘qemu-system-x86_64’.
* services: dhcp-client: Fix name of the provision accessor.Ludovic Courtès2023-09-17
| | | | | | | This is a followup to 04f71edb73205d0bb82404de28a70ae17b897429. * gnu/services/networking.scm (<dhcp-client-configuration>)[shepherd-provision]: Fix accessor name.
* services: dhcp-client-configuration: Allow provision override.Alexey Abramov2023-09-17
| | | | | | | | | * gnu/services/networking.scm (<dhcp-client-configuration>)[shepherd-provision]: New field. (dhcp-client-shepherd-service): Honor it. * doc/guix.texi (Networking Setup): Document it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* services: syncthing: Ensure that service runs after mounting home directories.Adam Maleszka2023-09-17
| | | | | | | | | | | | | | | | Sometimes `syncthing-service-type' fails during startup because it tries to read configuration files from the user's home directory: Failure on home directory: mkdir /home/xyz/.config: permission denied This patch adds `user-processes' to the shepherd service requirements to ensure that `user-homes' is fired before `syncthing' tries to read data from the home directory. * gnu/services/syncthing.scm (syncthing-shepherd-service): add `user-processes' to requirements Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: bffe: Use guile from the package.Christopher Baines2023-09-15
| | | | | | | | Rather than hardcoding a particular guile in the service definition. * gnu/services/guix.scm (bffe-shepherd-services): Use guile from the package. * gnu/packages/package-management.scm (bffe)[inputs]: Remove unnecessary guile-next input.
* services: guix: Add bffe-service-type.Christopher Baines2023-09-15
| | | | | | | | | | | | | | | | This is intended to replace the functionality of the Guix Build Coordinator queue builds script, and also provide a web interface for build farms. * gnu/services/guix.scm (<bffe-configuration>): New record type. (bffe-configuration, bffe-configuration?, bffe-configuration-package, bffe-configuration-user, bffe-configuration-group, bffe-configuration-arguments bffe-configuration-extra-environment-variables): New procedures. (bffe-service-type): New variable. * gnu/tests/guix.scm (%test-bffe): New variable. * doc/guix.texi (Guix Services): Document the new service.
* services: cgit: Allow file-like objects for ‘root-readme’.Thomas Albers2023-09-09
| | | | | | | * gnu/services/cgit.scm (cgit-configuration)[root-readme]: Accept 'file-object' instead of only 'string' Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: vpn: Fix broken format string for wireguard dns.Reily Siegel2023-09-09
| | | | | | | * gnu/services/vpn.scm (wireguard-configuration-file): Fix broken format string. Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
* services: Open vSwitch: Depend on 'user-processes' target.Marius Bakke2023-09-08
| | | | | * gnu/services/networking.scm (openvswitch-shepherd-service)[ovsdb](requirement): Add user-processes.
* services: nar-herder: Specify a working directory.Christopher Baines2023-08-26
| | | | | | | Mostly so that core dumps end up here. * gnu/services/guix.scm (nar-herder-shepherd-services): Specify a working directory.
* services: guix-data-service: Specify a working directory.Christopher Baines2023-08-26
| | | | | | | Mostly so that core dumps end up here. * gnu/services/guix.scm (guix-data-service-shepherd-services): Specify a working directory.
* services: guix-build-coordinator: Specify a working directory.Christopher Baines2023-08-26
| | | | | | | Mostly so that core dumps end up here. * gnu/services/guix.scm (guix-build-coordinator-shepherd-services): Specify a working directory.
* services: mcron: Use (shepherd support) module unconditionally.Hilton Chain2023-08-22
| | | | | | | | | This fixes a issue introduced in the previous commit 552d0703776c (services: mcron: Add module for %user-log-dir.) which made the expression invalid when using a '() module for the system service. * gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Use (shepherd support) unconditionally.
* services: mcron: Add module for %user-log-dir.Hilton Chain2023-08-22
| | | | | * gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Add (shepherd support) for home service.
* services: file-database: Clarify 'excluded-directories' description.Ludovic Courtès2023-08-22
| | | | | | | * gnu/services/admin.scm (file-database-configuration)[excluded-directories]: Mention that these are regexps. (%default-file-database-excluded-directories): Likewise. * doc/guix.texi (File Search Services): Adjust accordingly.
* services: file-database: Set 'PATH' for 'updatedb'.Ludovic Courtès2023-08-22
| | | | | | | Previously 'updatedb' would fail to find 'sed', 'rm', etc. * gnu/services/admin.scm (file-database-mcron-jobs): Set PATH before invoking 'updatedb'.
* gnu: earlyoom: Improve description.Ludovic Courtès2023-08-21
| | | | * gnu/services/linux.scm (earlyoom-service-type)[description]: Tweak.
* services: earlyoom: Move 'user-processes' to 'requirements'.Ludovic Courtès2023-08-21
| | | | | | | | | | Fixes a regression introduced in 9c34b793c10cdb50235b876dea5be700ab5600dc. * gnu/services/linux.scm (earlyoom-shepherd-service): Move 'user-processes' to 'requirements'. Reported-by: Attila Lendvai <attila@lendvai.name>
* services: Add missing 'user-processes' requirements.Ludovic Courtès2023-08-21
| | | | | | * gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Add 'user-processes' requirement. * gnu/services/linux.scm (earlyoom-shepherd-service): Likewise.
* home: services: Add Syncthing.Ludovic Courtès2023-08-20
| | | | | | | | | | | | | * gnu/home/services/syncthing.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/services/syncthing.scm (<syncthing-configuration>)[home-service?]: New field. Adjust 'provision' and 'requirement' depending on 'home-service?', and likewise for #:user and #:group. Use 'filter' + 'negate' instead of 'remove'. * doc/guix.texi (Networking Services): Add note and cross-reference to "Networking Home Services". (Networking Home Services): New node.
* home: services: Add dicod.Ludovic Courtès2023-08-20
| | | | | | | | | | | | | | * gnu/home/services/dict.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/services/dict.scm (<dicod-configuration>)[home-service?]: New field. (dicod-shepherd-service): Do not map /dev/log when 'home-service?' is true. Remove 'user-processes' requirement when 'home-service?' is true. (dicod-shepherd-service): Set #:user and #:group to #f when 'home-service?' is true. * doc/guix.texi (Miscellaneous Home Services): New node. (Miscellaneous Services): Add cross-reference.
* home: services: mcron: Define as a mapping of the system service.Ludovic Courtès2023-08-20
| | | | | | | | | | | | | | | | | | | * gnu/services/mcron.scm (list-of-gexps?): Remove. (<mcron-configuration>): Rewrite using 'define-record-type*'. [home-service?]: New field. [log-file]: Make thunked and changed default value. (mcron-shepherd-services): Honor 'home-service?' and remove use of 'maybe-value-set?'. (mcron-service-type): Inherit 'home-service?' from CONFIG. (generate-doc): Remove. * gnu/home/services/mcron.scm (list-of-gexp?) (<home-mcron-configuration>, job-files, shepherd-schedule-action) (home-mcron-shepherd-services, home-mcron-profile) (home-mcron-extend, generate-doc): Remove. (home-mcron-configuration): Turn into a macro. (home-mcron-service-type): Define in terms of 'system->home-service-type'. <top level>: Add service type mapping.
* services: syncthing: Use 'match-record'.Ludovic Courtès2023-08-20
| | | | | * gnu/services/syncthing.scm (syncthing-shepherd-service): Use 'match-record-lambda' instead of 'match-lambda'.
* services: dicod: Pre-build the GCIDE index.Ludovic Courtès2023-08-20
| | | | | | | | * gnu/services/dict.scm (%dicod-gcide-index): New variable. (%dicod-database:gcide): Use it. (%dicod-activation): Remove. (dicod-shepherd-service): Remove reference to /var/run/dicod. (dicod-service-type): Remove ACTIVATION-SERVICE-TYPE extension.
* services: dicod: Remove Shepherd < 0.9.0 compatibility layer.Ludovic Courtès2023-08-20
| | | | | * gnu/services/dict.scm (dicod-shepherd-service): Use 'make-inetd-constructor' and 'make-inetd-destructor' unconditionally.
* Merge remote-tracking branch 'origin/master' into kde-updates宋文武2023-08-17
|\
| * Revert "services: Add ddclient service."Bruno Victal2023-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken for a while [2]. Remove it rather than shipping a broken service for an unmaintained program that's unlikely to be fixed. [1]: <https://github.com/ddclient/ddclient> [2]: <https://issues.guix.gnu.org/52770> This reverts commit 8490a8346b5c8207f5798be55bea1de865b0bd42. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * services: posgresql: Add option to specify UID/GID for postgres user.Martin Baulig2023-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>. Unlike other system daemons, the PostgreSQL data directory is typically meant to persist across 'guix system reconfigure' and once created, you don't want it's UID or GID to change anymore. Furthermore, if you want to place the data directory on a network share and use NFSv4 with idmap, then the 'postgres' user must exist when the 'rpc.idmapd' daemon is launched; prior to mounting the share. And it needs to be possible to mount the share without configuring PostgreSQL. With NFSv3, the UID and GID typically needs to match those on the server. The added options allow for both of these scenarios: You can either create the user in (operating-system (users)) completely independently of the 'postgresql-service-type' (for instance to get your NFS setup working first prior to configuring your databases) - or "pin" it's UID / GID values. * gnu/services/databases.scm (<postgresql-configuration>)[create-account?] [uid, gid]: New fields. (%postgresql-accounts): Remove. (create-postgresql-account): New procedure. (postgresql-service-type)[extensions]: Use it. * doc/guix.texi (Database Services): Update accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * gnu: elogind: Update to 252.9.Maxim Cournoyer2023-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * gnu/packages/freedesktop.scm (elogind): Update to 252.9. [source]: Replace elogind-revert-polkit-detection.patch with elogind-fix-rpath.patch in patches. [configure-flags]: Add the dbussystemservicedir, dbussessionservicedir, dbussystemservicedir and dbus-interfaces-dir flags. [phases] <use-global-hook-directory> Update list of patched files. <adjust-tests> Update substitutions, and skip the copy_holes test. [native-inputs]: Add python-jinja2. [inputs]: Add util-linux:lib. * gnu/services/desktop.scm (elogind-dbus-service) <elogind-dbus-service-wrapper>: Add a symlink to elogind's share/dbus-1/system.d to expose D-Bus policy configurations. * gnu/tests/desktop.scm (run-elogind-test): Adjust expected result for the new "linger" value. * gnu/packages/patches/elogind-revert-polkit-detection.patch: Delete file. * gnu/packages/patches/elogind-fix-rpath.patch: New file. * gnu/local.mk (dist_patch_DATA): Update. Series-to: 64938@debbugs.gnu.org Series-prefix: elogind-updates Series-version: 2 Series-changes: 2 - Fix elogind system test - Install D-Bus policy files in elogind-dbus-service-wrapper - Remove duplicate 'dbussystemservicedir' configure flag
| * services: Add cachefilesd service.Felix Lechner2023-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks to Bruno Victal "mirai" for cooperating on this patch and for generously sharing a wealth of insights about Guix services. Thanks to Jean-Baptiste Note for an early version of this service! * doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading. * gnu/services/linux.scm (serialize-string, non-negative-integer?) (serialize-non-negative-integer, string, non-negative-integer) (make-option-serializer, make-percentage-threshold-serializer): New procedures. (cachefilesd-configuration): New record type. (cachefilesd-service-type): New variable. * gnu/tests/cachefilesd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Co-authored-by: Bruno Victal <mirai@makinata.eu> Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * services: Use more 'file-append'.Felix Lechner2023-08-15
| | | | | | | | | | | | | | | | | | | | * gnu/services/authentication.scm (pam-ldap-pam-service): Use 'file-append' instead of #~(string-append ...). * gnu/services/base.scm (greetd-pam-service): Likewise. * gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise. * gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * services: pam-limits: Keep 'limits.conf' in the store.Felix Lechner2023-08-15
| | | | | | | | | | | | | | | | | | * gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry> 'arguments' field. Define 'make-limits-file' and use it. Remove ETC-SERVICE-TYPE extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* | Merge remote-tracking branch 'origin/master' into kde-updates宋文武2023-08-11
|\|
| * services: syncthing: Use the new command line syntax.terramorpha2023-08-11
| | | | | | | | | | | | * gnu/services/syncthing.scm (syncthing-shepherd-service): Use the new command line syntax. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * services: postgresql: Add more role fields.Miguel Moreno2023-08-11
| | | | | | | | | | | | | | | | * gnu/services/databases.scm (postgresql-role): Add more role fields. (postgresql-create-roles): Honor it. * doc/guix.texi (Database Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * services: Add pam-mount-volume-service-type.Brian Cully2023-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The `pam-mount-volumes-service-type' adds additional volumes to the pam-mount-service-type in addition to any that are already specified in `pam-mount-rules'. * doc/guix.texi (PAM Mount Volume Service): add documentation for `pam-mount-service-type'. * gnu/services/pam-mount.scm: new file. * Makefile.am: add pam-mount tests * tests/services/pam-mount.scm: new tests Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * file-systems: Use cgroups v2.Sam Lockart2023-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cgroup v2 is the next generation of the control groups API. This patch replaces the cgroup v1 file systems with the unified cgroup v2 file system. cgroup v2 allows for things like containerd/podman to run rootless containers and opens guix system up to running things like Kubernetes. Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker service change. * gnu/system/file-systems.scm (%control-groups): Change to a single "cgroup2" mount point. * gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement' field accordingly. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
| * services: Add 'package-database' service.Ludovic Courtès2023-08-07
| | | | | | | | | | | | | | | | | | * gnu/services/admin.scm (%default-package-database-update-schedule): New variable. (<package-database-configuration>): New record type. (package-database-mcron-jobs): New procedure. (package-database-service-type): New variable. * doc/guix.texi (File Search Services): Document it.