| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with 953c65ffdd43c02c934518fb7a1c68542584b223, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
|
|
|
|
|
|
|
|
| |
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b2396c69d078caad9bd8e1a0fddf33a4a.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
|
|
|
|
|
|
| |
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
|
|
|
|
|
| |
* gnu/packages/ci.scm (cuirass): Update to 797b26a.
* gnu/services/cuirass.scm (cuirass-activation): Create /var/run/cuirass.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[image]:
Document as being an <image> record.
(hurd-vm-disk-image): Remove call to ‘system-image’.
(hurd-vm-shepherd-service): Add call to ‘system-image’.
* gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove call to
‘system-image’.
* doc/guix.texi (Virtualization Services): Adjust accordingly.
|
|
|
|
|
|
|
|
| |
This partly automates setting up a childhurd for offloading purposes.
* gnu/services/virtualization.scm (authorize-guest-substitutes-on-host):
New procedure.
(hurd-vm-activation): Use it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/base.scm (guix-machines-files-installation): New
procedure.
(<guix-configuration>)[build-machines]: New field.
(guix-activation): Call ‘ guix-machines-files-installation’.
(<guix-extension>)[build-machines]: New field.
(guix-extension-merge): Handle it.
(guix-service-type)[extend]: Likewise.
* doc/guix.texi (Daemon Offload Setup): Add note linking to
‘guix-configuration’.
(Base Services): Document ‘build-machines’ field of <guix-configuration>
and of <guix-extension>.
(Virtualization Services): Add ‘hurd-vm’ anchor.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bug introduced in 0dd293b4d9095137c9952e16ca951f887b7e7018
whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the
“wrong” locale data (2.35 instead of 2.37).
Consequently, it would fail to setlocale(3) and calls to
‘std::stoi’ (when reading the output of ‘guix authenticate’) would
throw, leading to this error message of guix-daemon:
unexpected build daemon error: stoi
This would manifest when sending store items to a childhurd:
$ guix copy --to=localhost:10022 sed
guix copy: sending 1 store item (1 MiB) to 'localhost'...
guix copy: error: unknown error while sending files over SSH
The “unknown error” is the ‘stoi’ exception.
This commit fixes that, but for the ‘guix-daemon’ service only.
* gnu/services/base.scm (guix-shepherd-service)[locales]: New variable.
Use it instead of ‘glibc-utf8-locales’.
|
|
|
|
|
|
| |
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove
‘port-number’ from ‘openssh-configuration’.
(hurd-vm-net-options): Change 2222 to 22 in port forwarding.
|
|
|
|
| |
* gnu/services/networking.scm (nftables-shepherd-service)[actions]: New field.
|
|
|
|
|
|
|
| |
Fixes <https://issues.guix.gnu.org/66053>.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
Use ‘qemu-system-x86_64’.
|
|
|
|
|
|
|
| |
This is a followup to 04f71edb73205d0bb82404de28a70ae17b897429.
* gnu/services/networking.scm (<dhcp-client-configuration>)[shepherd-provision]:
Fix accessor name.
|
|
|
|
|
|
|
|
|
| |
* gnu/services/networking.scm (<dhcp-client-configuration>)[shepherd-provision]:
New field.
(dhcp-client-shepherd-service): Honor it.
* doc/guix.texi (Networking Setup): Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes `syncthing-service-type' fails during startup because it tries
to read configuration files from the user's home directory:
Failure on home directory: mkdir /home/xyz/.config: permission denied
This patch adds `user-processes' to the shepherd service requirements to
ensure that `user-homes' is fired before `syncthing' tries to read data
from the home directory.
* gnu/services/syncthing.scm (syncthing-shepherd-service): add
`user-processes' to requirements
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
| |
Rather than hardcoding a particular guile in the service definition.
* gnu/services/guix.scm (bffe-shepherd-services): Use guile from the package.
* gnu/packages/package-management.scm (bffe)[inputs]: Remove unnecessary
guile-next input.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is intended to replace the functionality of the Guix Build Coordinator
queue builds script, and also provide a web interface for build farms.
* gnu/services/guix.scm (<bffe-configuration>): New record type.
(bffe-configuration, bffe-configuration?,
bffe-configuration-package,
bffe-configuration-user,
bffe-configuration-group,
bffe-configuration-arguments
bffe-configuration-extra-environment-variables): New procedures.
(bffe-service-type): New variable.
* gnu/tests/guix.scm (%test-bffe): New variable.
* doc/guix.texi (Guix Services): Document the new service.
|
|
|
|
|
|
|
| |
* gnu/services/cgit.scm (cgit-configuration)[root-readme]: Accept
'file-object' instead of only 'string'
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
| |
* gnu/services/vpn.scm (wireguard-configuration-file): Fix broken format
string.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
|
|
|
|
|
| |
* gnu/services/networking.scm (openvswitch-shepherd-service)[ovsdb](requirement):
Add user-processes.
|
|
|
|
|
|
|
| |
Mostly so that core dumps end up here.
* gnu/services/guix.scm (nar-herder-shepherd-services): Specify a working
directory.
|
|
|
|
|
|
|
| |
Mostly so that core dumps end up here.
* gnu/services/guix.scm (guix-data-service-shepherd-services): Specify a
working directory.
|
|
|
|
|
|
|
| |
Mostly so that core dumps end up here.
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services): Specify a
working directory.
|
|
|
|
|
|
|
|
|
| |
This fixes a issue introduced in the previous commit 552d0703776c (services:
mcron: Add module for %user-log-dir.) which made the expression invalid when
using a '() module for the system service.
* gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Use
(shepherd support) unconditionally.
|
|
|
|
|
| |
* gnu/services/mcron.scm (mcron-shepherd-services)[modules]: Add
(shepherd support) for home service.
|
|
|
|
|
|
|
| |
* gnu/services/admin.scm (file-database-configuration)[excluded-directories]:
Mention that these are regexps.
(%default-file-database-excluded-directories): Likewise.
* doc/guix.texi (File Search Services): Adjust accordingly.
|
|
|
|
|
|
|
| |
Previously 'updatedb' would fail to find 'sed', 'rm', etc.
* gnu/services/admin.scm (file-database-mcron-jobs): Set PATH before
invoking 'updatedb'.
|
|
|
|
| |
* gnu/services/linux.scm (earlyoom-service-type)[description]: Tweak.
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression introduced in
9c34b793c10cdb50235b876dea5be700ab5600dc.
* gnu/services/linux.scm (earlyoom-shepherd-service): Move
'user-processes' to 'requirements'.
Reported-by: Attila Lendvai <attila@lendvai.name>
|
|
|
|
|
|
| |
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services):
Add 'user-processes' requirement.
* gnu/services/linux.scm (earlyoom-shepherd-service): Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/home/services/syncthing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/syncthing.scm (<syncthing-configuration>)[home-service?]:
New field.
Adjust 'provision' and 'requirement' depending on 'home-service?', and
likewise for #:user and #:group.
Use 'filter' + 'negate' instead of 'remove'.
* doc/guix.texi (Networking Services): Add note and cross-reference to
"Networking Home Services".
(Networking Home Services): New node.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/home/services/dict.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/services/dict.scm (<dicod-configuration>)[home-service?]: New
field.
(dicod-shepherd-service): Do not map /dev/log when 'home-service?' is
true. Remove 'user-processes' requirement when 'home-service?' is
true.
(dicod-shepherd-service): Set #:user and #:group to #f when
'home-service?' is true.
* doc/guix.texi (Miscellaneous Home Services): New node.
(Miscellaneous Services): Add cross-reference.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/mcron.scm (list-of-gexps?): Remove.
(<mcron-configuration>): Rewrite using 'define-record-type*'.
[home-service?]: New field.
[log-file]: Make thunked and changed default value.
(mcron-shepherd-services): Honor 'home-service?' and remove use of
'maybe-value-set?'.
(mcron-service-type): Inherit 'home-service?' from CONFIG.
(generate-doc): Remove.
* gnu/home/services/mcron.scm (list-of-gexp?)
(<home-mcron-configuration>, job-files, shepherd-schedule-action)
(home-mcron-shepherd-services, home-mcron-profile)
(home-mcron-extend, generate-doc): Remove.
(home-mcron-configuration): Turn into a macro.
(home-mcron-service-type): Define in terms of
'system->home-service-type'.
<top level>: Add service type mapping.
|
|
|
|
|
| |
* gnu/services/syncthing.scm (syncthing-shepherd-service): Use
'match-record-lambda' instead of 'match-lambda'.
|
|
|
|
|
|
|
|
| |
* gnu/services/dict.scm (%dicod-gcide-index): New variable.
(%dicod-database:gcide): Use it.
(%dicod-activation): Remove.
(dicod-shepherd-service): Remove reference to /var/run/dicod.
(dicod-service-type): Remove ACTIVATION-SERVICE-TYPE extension.
|
|
|
|
|
| |
* gnu/services/dict.scm (dicod-shepherd-service): Use
'make-inetd-constructor' and 'make-inetd-destructor' unconditionally.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken
for a while [2]. Remove it rather than shipping a broken service for an
unmaintained program that's unlikely to be fixed.
[1]: <https://github.com/ddclient/ddclient>
[2]: <https://issues.guix.gnu.org/52770>
This reverts commit 8490a8346b5c8207f5798be55bea1de865b0bd42.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.
Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.
Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share. And it
needs to be possible to mount the share without configuring PostgreSQL.
With NFSv3, the UID and GID typically needs to match those on the
server.
The added options allow for both of these scenarios:
You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.
* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/packages/freedesktop.scm (elogind): Update to 252.9.
[source]: Replace elogind-revert-polkit-detection.patch with
elogind-fix-rpath.patch in patches.
[configure-flags]: Add the dbussystemservicedir, dbussessionservicedir,
dbussystemservicedir and dbus-interfaces-dir flags.
[phases] <use-global-hook-directory> Update list of patched files.
<adjust-tests> Update substitutions, and skip the copy_holes test.
[native-inputs]: Add python-jinja2.
[inputs]: Add util-linux:lib.
* gnu/services/desktop.scm (elogind-dbus-service)
<elogind-dbus-service-wrapper>: Add a symlink to elogind's
share/dbus-1/system.d to expose D-Bus policy configurations.
* gnu/tests/desktop.scm (run-elogind-test): Adjust expected result for the new
"linger" value.
* gnu/packages/patches/elogind-revert-polkit-detection.patch: Delete file.
* gnu/packages/patches/elogind-fix-rpath.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update.
Series-to: 64938@debbugs.gnu.org
Series-prefix: elogind-updates
Series-version: 2
Series-changes: 2
- Fix elogind system test
- Install D-Bus policy files in elogind-dbus-service-wrapper
- Remove duplicate 'dbussystemservicedir' configure flag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Thanks to Bruno Victal "mirai" for cooperating on this patch and for
generously sharing a wealth of insights about Guix services.
Thanks to Jean-Baptiste Note for an early version of this service!
* doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading.
* gnu/services/linux.scm (serialize-string, non-negative-integer?)
(serialize-non-negative-integer, string, non-negative-integer)
(make-option-serializer, make-percentage-threshold-serializer): New
procedures.
(cachefilesd-configuration): New record type.
(cachefilesd-service-type): New variable.
* gnu/tests/cachefilesd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Co-authored-by: Bruno Victal <mirai@makinata.eu>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/services/authentication.scm (pam-ldap-pam-service): Use
'file-append' instead of #~(string-append ...).
* gnu/services/base.scm (greetd-pam-service): Likewise.
* gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/services/base.scm (pam-limits-service-type)[pam-extension]: Wrap
into a 'lambda' that takes 'limits-file'. Pass that in the <pam-entry>
'arguments' field. Define 'make-limits-file' and use it.
Remove ETC-SERVICE-TYPE extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\| |
|
| |
| |
| |
| |
| |
| | |
* gnu/services/syncthing.scm (syncthing-shepherd-service): Use the new command line syntax.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/services/databases.scm (postgresql-role): Add more role fields.
(postgresql-create-roles): Honor it.
* doc/guix.texi (Database Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `pam-mount-volumes-service-type' adds additional volumes to the
pam-mount-service-type in addition to any that are already specified in
`pam-mount-rules'.
* doc/guix.texi (PAM Mount Volume Service): add documentation for
`pam-mount-service-type'.
* gnu/services/pam-mount.scm: new file.
* Makefile.am: add pam-mount tests
* tests/services/pam-mount.scm: new tests
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/services/admin.scm (%default-package-database-update-schedule):
New variable.
(<package-database-configuration>): New record type.
(package-database-mcron-jobs): New procedure.
(package-database-service-type): New variable.
* doc/guix.texi (File Search Services): Document it.
|