From 898489f48e436e45e86e1ba0fcdb6df5cd5a051a Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 16 Mar 2021 21:36:36 -0400
Subject: services: Enable "protected hardlinks" and "protected symlinks" by
 default.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

References:

https://sysctl-explorer.net/fs/protected_hardlinks/
https://sysctl-explorer.net/fs/protected_symlinks/

* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 doc/guix.texi | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/guix.texi b/doc/guix.texi
index 0a70ac7f11..73757be887 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -31378,6 +31378,21 @@ instantiated as:
          (sysctl-configuration
            (settings '(("net.ipv4.ip_forward" . "1")))))
 @end lisp
+
+Since @code{sysctl-service-type} is used in the default lists of
+services, @code{%base-services} and @code{%desktop-services}, you can
+use @code{modify-services} to change its configuration and add the
+kernel parameters that you want (@pxref{Service Reference,
+@code{modify-services}}).
+
+@lisp
+(modify-services %base-services
+  (sysctl-service-type config =>
+                       (sysctl-configuration
+                         (settings (append '(("net.ipv4.ip_forward" . "1"))
+                                           %default-sysctl-settings)))))
+@end lisp
+
 @end defvr
 
 @deftp {Data Type} sysctl-configuration
@@ -31387,11 +31402,16 @@ The data type representing the configuration of @command{sysctl}.
 @item @code{sysctl} (default: @code{(file-append procps "/sbin/sysctl"})
 The @command{sysctl} executable to use.
 
-@item @code{settings} (default: @code{'()})
+@item @code{settings} (default: @code{%default-sysctl-settings})
 An association list specifies kernel parameters and their values.
 @end table
 @end deftp
 
+@defvr {Scheme Variable} %default-sysctl-settings
+An association list specifying the default @command{sysctl} parameters
+on Guix System.
+@end defvr
+
 @cindex pcscd
 @subsubheading PC/SC Smart Card Daemon Service
 
-- 
cgit v1.2.3