aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm54
-rw-r--r--gnu/services/mail.scm51
-rw-r--r--gnu/services/mcron.scm2
3 files changed, 86 insertions, 21 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 3409bd352c..228d3c5926 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1252,18 +1252,57 @@ the tty to run, among other things."
(string-concatenate
(map cache->config caches)))))))
+(define (nscd-action-procedure nscd config option)
+ ;; XXX: This is duplicated from mcron; factorize.
+ #~(lambda (_ . args)
+ ;; Run 'nscd' in a pipe so we can explicitly redirect its output to
+ ;; 'current-output-port', which at this stage is bound to the client
+ ;; connection.
+ (let ((pipe (apply open-pipe* OPEN_READ #$nscd
+ "-f" #$config #$option args)))
+ (let loop ()
+ (match (read-line pipe 'concat)
+ ((? eof-object?)
+ (catch 'system-error
+ (lambda ()
+ (zero? (close-pipe pipe)))
+ (lambda args
+ ;; There's a race with the SIGCHLD handler, which could
+ ;; call 'waitpid' before 'close-pipe' above does. If we
+ ;; get ECHILD, that means we lost the race, but that's
+ ;; fine.
+ (or (= ECHILD (system-error-errno args))
+ (apply throw args)))))
+ (line
+ (display line)
+ (loop)))))))
+
+(define (nscd-actions nscd config)
+ "Return Shepherd actions for NSCD."
+ ;; Make this functionality available as actions because that's a simple way
+ ;; to run the right 'nscd' binary with the right config file.
+ (list (shepherd-action
+ (name 'statistics)
+ (documentation "Display statistics about nscd usage.")
+ (procedure (nscd-action-procedure nscd config "--statistics")))
+ (shepherd-action
+ (name 'invalidate)
+ (documentation
+ "Invalidate the given cache--e.g., 'hosts' for host name lookups.")
+ (procedure (nscd-action-procedure nscd config "--invalidate")))))
+
(define (nscd-shepherd-service config)
"Return a shepherd service for CONFIG, an <nscd-configuration> object."
- (let ((nscd.conf (nscd.conf-file config))
+ (let ((nscd (file-append (nscd-configuration-glibc config)
+ "/sbin/nscd"))
+ (nscd.conf (nscd.conf-file config))
(name-services (nscd-configuration-name-services config)))
(list (shepherd-service
(documentation "Run libc's name service cache daemon (nscd).")
(provision '(nscd))
(requirement '(user-processes))
(start #~(make-forkexec-constructor
- (list #$(file-append (nscd-configuration-glibc config)
- "/sbin/nscd")
- "-f" #$nscd.conf "--foreground")
+ (list #$nscd "-f" #$nscd.conf "--foreground")
;; Wait for the PID file. However, the PID file is
;; written before nscd is actually listening on its
@@ -1277,7 +1316,12 @@ the tty to run, among other things."
(string-append dir "/lib"))
(list #$@name-services))
":")))))
- (stop #~(make-kill-destructor))))))
+ (stop #~(make-kill-destructor))
+ (modules `((ice-9 popen) ;for the actions
+ (ice-9 rdelim)
+ (ice-9 match)
+ ,@%default-modules))
+ (actions (nscd-actions nscd nscd.conf))))))
(define nscd-activation
;; Actions to take before starting nscd.
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 573efa0433..fcaedd038b 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
-;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
@@ -290,11 +290,21 @@ the section name.")
"Listeners for the service. A listener is either an
@code{unix-listener-configuration}, a @code{fifo-listener-configuration}, or
an @code{inet-listener-configuration}.")
+ (client-limit
+ (non-negative-integer 0)
+ "Maximum number of simultaneous client connections per process. Once this
+number of connections is received, the next incoming connection will prompt
+Dovecot to spawn another process. If set to 0, @code{default-client-limit} is
+used instead.")
(service-count
(non-negative-integer 1)
"Number of connections to handle before starting a new process.
Typically the only useful values are 0 (unlimited) or 1. 1 is more
secure, but 0 is faster. <doc/wiki/LoginProcess.txt>.")
+ (process-limit
+ (non-negative-integer 0)
+ "Maximum number of processes that can exist for this service. If set to 0,
+@code{default-process-limit} is used instead.")
(process-min-avail
(non-negative-integer 0)
"Number of processes to always keep waiting for more connections.")
@@ -475,6 +485,8 @@ complex, customize the address and port fields of the
(list
(service-configuration
(kind "imap-login")
+ (client-limit 0)
+ (process-limit 0)
(listeners
(list
(inet-listener-configuration (protocol "imap") (port 143) (ssl? #f))
@@ -487,24 +499,33 @@ complex, customize the address and port fields of the
(inet-listener-configuration (protocol "pop3s") (port 995) (ssl? #t)))))
(service-configuration
(kind "lmtp")
+ (client-limit 1)
+ (process-limit 0)
(listeners
(list (unix-listener-configuration (path "lmtp") (mode "0666")))))
- (service-configuration (kind "imap"))
- (service-configuration (kind "pop3"))
- (service-configuration (kind "auth")
- ;; In what could be taken to be a bug, the default value of 1 for
- ;; service-count makes it so that a PAM auth worker can't fork off
- ;; subprocesses for making blocking queries. The result is that nobody
- ;; can log in -- very secure, but not very useful! If we simply omit
- ;; the service-count, it will default to the value of
- ;; auth-worker-max-count, which is 30, instead of defaulting to 1, which
- ;; is the default for all other services. As a hack, bump this value to
- ;; 30.
- (service-count 30)
+ (service-configuration
+ (kind "imap")
+ (client-limit 1)
+ (process-limit 1024))
+ (service-configuration
+ (kind "pop3")
+ (client-limit 1)
+ (process-limit 1024))
+ (service-configuration
+ (kind "auth")
+ (service-count 0)
+ (client-limit 0)
+ (process-limit 1)
(listeners
(list (unix-listener-configuration (path "auth-userdb")))))
- (service-configuration (kind "auth-worker"))
- (service-configuration (kind "dict")
+ (service-configuration
+ (kind "auth-worker")
+ (client-limit 1)
+ (process-limit 0))
+ (service-configuration
+ (kind "dict")
+ (client-limit 1)
+ (process-limit 0)
(listeners (list (unix-listener-configuration (path "dict")))))))
"List of services to enable. Available services include @samp{imap},
@samp{imap-login}, @samp{pop3}, @samp{pop3-login}, @samp{auth}, and
diff --git a/gnu/services/mcron.scm b/gnu/services/mcron.scm
index 5757bf8cf6..120b663e3e 100644
--- a/gnu/services/mcron.scm
+++ b/gnu/services/mcron.scm
@@ -86,7 +86,7 @@ files."
(lambda ()
(zero? (close-pipe pipe)))
(lambda args
- ;; There's with race between the SIGCHLD handler, which
+ ;; There's a race with the SIGCHLD handler, which
;; could call 'waitpid' before 'close-pipe' above does. If
;; we get ECHILD, that means we lost the race, but that's
;; fine.