From 0adfe95a3eee335847c3127edde3de550e692440 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 17 Sep 2015 23:44:26 +0200 Subject: services: Introduce extensible services. This patch rewrites GuixSD services to make them extensible. * gnu-system.am (GNU_SYSTEM_MODULES): Add gnu/services/dbus.scm. * gnu/services.scm (): Replace with new record type. (, ): New record types. (write-service-type, compute-boot-script, second-argument): New procedures. (%boot-service, boot-service-type): New variables. (file-union, directory-union, modprobe-wrapper, activation-service->script, activation-script, gexps->activation-gexp): New procedures. (activation-service-type, %activation-service): New variables. (etc-directory, files->etc-directory, etc-service): New procedures. (etc-service-type, setuid-program-service, firmware-service-type): New variables. (firmware->activation-gexp): New procedure. (&service-error, &missing-target-service-error, &ambiguous-target-service-error): New condition types. (service-back-edges, fold-services): New procedures. * gnu/services/avahi.scm (): New record type. (configuration-file): Replace keyword parameters with a single 'config' parameter. (%avahi-accounts, %avahi-activation, avahi-service-type): New variables. (avahi-dmd-service): New procedure. (avahi-service): Rewrite using 'service' and 'avahi-configuration'. * gnu/services/base.scm (%root-file-system-dmd-service, root-file-system-service-type): New variables. (root-file-system-service): Use them. (file-system->dmd-service-name): New procedure. (file-system-service-type): New variable. (file-system-service): Use it. Replace keyword parameters with a single 'file-system' object. (user-unmount-service-type): New variable. (user-unmount-service): Use it. (user-processes-service-type): New variable. (user-processes-service): Use it. (host-name-service-type): New variable. (host-name-service): Use it. (console-keymap-service-type): New variable. (console-keymap-service): Use it. (console-font-service-type): New variable. (console-font-service): Use it. (mingetty-pam-service, mingetty-dmd-service): New procedures. (mingetty-service-type): New variable. (mingetty-service): Use it. (nscd-dmd-service): New procedure. (nscd-activation, nscd-service-type): New variables. (nscd-service): Use the latter. (syslog-service-type): New variable. (syslog-service): Use it. (): New record type. (%default-guix-configuration): New variable. (guix-dmd-service, guix-accounts, guix-activation): New procedures. (guix-service-type): New variable. (guix-service): Replace list of keyword parameters with a single 'config' parameter. Rewrite using 'service'. (): New record type. (udev-dmd-service): New procedure. (udev-service-type): New variable. (udev-service): Use it. (device-mapping-service-type): New variable. (device-mapping-service): Use it. (swap-service-type): New variable. (swap-service): Use it. * gnu/services/databases.scm (): New record type. (%postgresql-accounts, postgresql-activation): New variables. (postgresql-dmd-service): New procedure. (postgresql-service): Rewrite using 'service' and 'postgresql-configuration'. * gnu/services/dbus.scm: New file. * gnu/services/desktop.scm (dbus-configuration-directory, dbus-service): Remove. (wrapped-dbus-service): New procedure. (): New record type. (upower-configuration-file): Replace keyword parameters with single parameter. (%upower-accounts, %upower-activation): New variables. (upower-dbus-service, upower-dmd-service): New procedures. (upower-service-type): New variable. (upower-service): Rewrite using 'service' and 'upower-configuration'. (%colord-activation, %colord-accounts): New variables. (colord-dmd-service): New procedure. (colord-service-type): New variable. (colord-service): Rewrite using 'service'. (): New record type. (geoclue-configuration-file): Replace keyword parameters with a single 'config' parameter. (geoclue-dbus-service, geoclue-dmd-service): New procedures. (%geoclue-accounts, geoclue-service-type): New variables. (geoclue-service): Rewrite using 'service' and 'geoclue-configuration'. (%polkit-accounts, %polkit-pam-services, polkit-service-type): New variables. (polkit-dmd-service): New procedure. (polkit-service): Rewrite using 'service'. ()[elogind]: New field. (elogind-dmd-service): New procedure. (elogind-service-type): New variable. (elogind-service): Rewrite using 'service'. (%desktop-services): Remove argument to 'dbus-service'. Remove 'map' over %BASE-SERVICES. * gnu/services/dmd.scm (dmd-boot-gexp): New procedure. (dmd-root-service-type, %dmd-root-service): New variables. (dmd-service-type): New macro. (): New record type. * gnu/services/lirc.scm (): New record type. (%lirc-activation): New variable. (lirc-dmd-service): New procedure. (lirc-service-type): New variable. (lirc-service): Rewrite using 'service' and 'lirc-configuration'. * gnu/services/networking.scm (): New record type. (static-networking-service-type): New variable. (static-networking-service): Rewrite using 'service' and 'static-networking'. (dhcp-client-service-type): New variable. (dhcp-client-service): Rewrite using 'service'. (): New record type. (ntp-dmd-service): New procedure. (ntp-service-type): New variable. (ntp-service): New procedure. (%tor-accounts, tor-service-type): New variable. (tor-dmd-service): New procedure. (tor-service): Rewrite using 'service'. (): New record type. (bitlbee-dmd-service): New procedure. (%bitlbee-accounts, %bitlbee-activation, bitlbee-service-type): New variables. (bitlbee-service): Rewrite using 'service'. (%wicd-activation): New variable. (wicd-dmd-service): New procedure. (wicd-service-type): New variable. (wicd-service): Rewrite using 'service'. * gnu/services/ssh.scm (): New record type. (activation): Rename to... (lsh-initialization): ... this. (lsh-activation, lsh-dmd-service, lsh-pam-services): New procedures. (lsh-service-type): New variable. (lsh-service): Rewrite using 'service' and 'lsh-configuration'. * gnu/services/web.scm (): New record type. (%nginx-accounts): New variable. (nginx-activation, nginx-dmd-service): New procedures. (nginx-service-type): New variable. (nginx-service): Rewrite using 'service' and 'nginx-configuration'. * gnu/services/xorg.scm (): New record type. (slim-pam-service, slim-dmd-service): New procedures. (slim-service-type): New variable. (slim-service): Rewrite using 'service' and 'slim-configuration'. * gnu/system.scm (file-union): Remove. (other-file-system-services): Adjust to new 'file-system-service' signature. (essential-services): Add #:container? parameter. Add %DMD-ROOT-SERVICE, %ACTIVATION-SERVICE, and calls to 'pam-root-service', 'account-service', 'operating-system-etc-service', and a SETUID-PROGRAM-SERVICE instance. (operating-system-services): Pass #:container? to 'essential-services. (etc-directory): Remove. (operating-system-etc-service): New procedure. Rewrite as a call to 'etc-service'. (operating-system-accounts): Change to not return accounts required by services. (operating-system-etc-directory): Rewrite as a call to 'fold-services' and 'etc-directory'. (user-group->gexp, user-account->gexp, modprobe-wrapper): Remove. (operating-system-activation-script): Rewrite as a call to 'fold-services' and 'activation-service->script'. (operating-system-boot-script): Likewise. (operating-system-derivation): Add call to 'lower-object'. (emacs-site-file, emacs-site-directory, shells-file): Change to use 'computed-file' and 'scheme-file' instead of the monadic procedures. * gnu/system/install.scm (cow-store-service-type): New variable. (cow-store-service): Rewrite using 'service'. (/etc/configuration-files): New procedure. (configuration-template-service-type, %configuration-template-service): New variables. (configuration-template-service): Remove. (installation-services): Adjust accordingly. Adjust argument to 'guix-service'. * gnu/system/linux.scm (/etc-entry, pam-root-service): New procedures. (pam-root-service-type): New variable. * gnu/system/shadow.scm (user-group->gexp, user-account->gexp, account-activation, etc-skel, account-service): New procedures. (account-service-type): New variable. * tests/services.scm: New file. * doc/guix.texi (Base Services, Desktop Services): Adjust accordingly. (Defining Services): Rewrite. * doc/images/service-graph.dot: New file. * doc.am (DOT_FILES): Add it. * po/guix/POTFILES.in: Add gnu/services.scm. --- gnu/system/install.scm | 125 ++++++++++++++++++++++++++----------------------- gnu/system/linux.scm | 30 ++++++++++-- gnu/system/shadow.scm | 96 ++++++++++++++++++++++++++++++++++--- 3 files changed, 182 insertions(+), 69 deletions(-) (limited to 'gnu/system') diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 560d64b5d4..a91c5c3533 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -24,6 +24,7 @@ #:use-module (guix monads) #:use-module ((guix store) #:select (%store-prefix)) #:use-module (guix profiles) + #:use-module (gnu services dmd) #:use-module (gnu packages admin) #:use-module (gnu packages bash) #:use-module (gnu packages linux) @@ -159,68 +160,74 @@ current store is on a RAM disk." (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE) (rmdir "/.rw-store")))))) +(define cow-store-service-type + (dmd-service-type + (lambda _ + (dmd-service + (requirement '(root-file-system user-processes)) + (provision '(cow-store)) + (documentation + "Make the store copy-on-write, with writes going to \ +the given target.") + + ;; This is meant to be explicitly started by the user. + (auto-start? #f) + + (start #~(case-lambda + ((target) + #$(make-cow-store #~target) + target) + (else + ;; Do nothing, and mark the service as stopped. + #f))) + (stop #~(lambda (target) + ;; Delete the temporary directory, but leave everything + ;; mounted as there may still be processes using it since + ;; 'user-processes' doesn't depend on us. The 'user-unmount' + ;; service will unmount TARGET eventually. + (delete-file-recursively + (string-append target #$%backing-directory)))))))) + (define (cow-store-service) "Return a service that makes the store copy-on-write, such that writes go to the user's target storage device rather than on the RAM disk." ;; See for the initial report. - (service - (requirement '(root-file-system user-processes)) - (provision '(cow-store)) - (documentation - "Make the store copy-on-write, with writes going to \ -the given target.") - - ;; This is meant to be explicitly started by the user. - (auto-start? #f) - - (start #~(case-lambda - ((target) - #$(make-cow-store #~target) - target) - (else - ;; Do nothing, and mark the service as stopped. - #f))) - (stop #~(lambda (target) - ;; Delete the temporary directory, but leave everything - ;; mounted as there may still be processes using it - ;; since 'user-processes' doesn't depend on us. The - ;; 'user-unmount' service will unmount TARGET - ;; eventually. - (delete-file-recursively - (string-append target #$%backing-directory)))))) - -(define (configuration-template-service) - "Return a dummy service whose purpose is to install an operating system -configuration template file in the installation system." - - (define search - (cut search-path %load-path <>)) - (define templates - (map (match-lambda - ((file '-> target) - (list (local-file (search file)) - (string-append "/etc/configuration/" target)))) - '(("gnu/system/examples/bare-bones.tmpl" -> "bare-bones.scm") - ("gnu/system/examples/desktop.tmpl" -> "desktop.scm")))) - - (service - (requirement '(root-file-system)) - (provision '(os-config-template)) - (documentation - "This dummy service installs an OS configuration template.") - (start #~(const #t)) - (stop #~(const #f)) - (activate - #~(begin - (use-modules (ice-9 match) - (guix build utils)) + (service cow-store-service-type 'mooooh!)) + + +(define (/etc/configuration-files _) + "Return a list of tuples representing configuration templates to add to +/etc." + (define (file f) + (local-file (search-path %load-path + (string-append "gnu/system/examples/" f)))) + + (define directory + (computed-file "configuration-templates" + #~(begin + (mkdir #$output) + (for-each (lambda (file target) + (copy-file file + (string-append #$output "/" + target))) + '(#$(file "bare-bones.tmpl") + #$(file "desktop.tmpl")) + '("bare-bones.scm" + "desktop.scm")) + #t) + #:modules '((guix build utils)))) + + `(("configuration" ,directory))) + +(define configuration-template-service-type + (service-type (name 'configuration-template) + (extensions + (list (service-extension etc-service-type + /etc/configuration-files))))) + +(define %configuration-template-service + (service configuration-template-service-type #t)) - (mkdir-p "/etc/configuration") - (for-each (match-lambda - ((file target) - (unless (file-exists? target) - (copy-file file target)))) - '#$templates))))) (define %nscd-minimal-caches ;; Minimal in-memory caching policy for nscd. @@ -262,7 +269,7 @@ You have been warned. Thanks for being so brave. (login-program (log-to-info)))) ;; Documentation add-on. - (configuration-template-service) + %configuration-template-service ;; A bunch of 'root' ttys. (normal-tty "tty3") @@ -276,7 +283,7 @@ You have been warned. Thanks for being so brave. ;; The build daemon. Register the hydra.gnu.org key as trusted. ;; This allows the installation process to use substitutes by ;; default. - (guix-service #:authorize-hydra-key? #t) + (guix-service (guix-configuration (authorize-key? #t))) ;; Start udev so that useful device nodes are available. ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm index 10e72e905a..cd14bc97be 100644 --- a/gnu/system/linux.scm +++ b/gnu/system/linux.scm @@ -20,6 +20,7 @@ #:use-module (guix records) #:use-module (guix derivations) #:use-module (guix gexp) + #:use-module (gnu services) #:use-module (ice-9 match) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) @@ -28,7 +29,10 @@ pam-entry pam-services->directory unix-pam-service - base-pam-services)) + base-pam-services + + pam-root-service-type + pam-root-service)) ;;; Commentary: ;;; @@ -98,8 +102,8 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE." (mkdir #$output) (for-each (match-lambda - ((name file) - (symlink file (string-append #$output "/" name)))) + ((name file) + (symlink file (string-append #$output "/" name)))) ;; Since objects cannot be compared with ;; 'equal?' since they contain gexps, which contain @@ -188,4 +192,24 @@ authenticate to run COMMAND." '("useradd" "userdel" "usermod" "groupadd" "groupdel" "groupmod")))) + +;;; +;;; PAM root service. +;;; + +(define (/etc-entry services) + `(("pam.d" ,(pam-services->directory services)))) + +(define pam-root-service-type + (service-type (name 'pam) + (extensions (list (service-extension etc-service-type + /etc-entry))) + (compose concatenate) + (extend append))) + +(define (pam-root-service base) + "The \"root\" PAM service, which collects instance and turns +them into a /etc/pam.d directory, including the listed in BASE." + (service pam-root-service-type base)) + ;;; linux.scm ends here diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index ddd5f66874..3f49c1fc9f 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -22,12 +22,14 @@ #:use-module (guix store) #:use-module (guix sets) #:use-module (guix ui) + #:use-module (gnu services) #:use-module ((gnu system file-systems) #:select (%tty-gid)) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu packages bash) #:use-module (gnu packages guile-wm) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -54,7 +56,9 @@ skeleton-directory %base-groups %base-user-accounts - assert-valid-users/groups)) + + account-service-type + account-service)) ;;; Commentary: ;;; @@ -87,31 +91,32 @@ (system? user-group-system? ; Boolean (default #f))) + (define %base-groups ;; Default set of groups. (let-syntax ((system-group (syntax-rules () ((_ args ...) (user-group (system? #t) args ...))))) (list (system-group (name "root") (id 0)) - (system-group (name "wheel")) ; root-like users - (system-group (name "users")) ; normal users - (system-group (name "nogroup")) ; for daemons etc. + (system-group (name "wheel")) ; root-like users + (system-group (name "users")) ; normal users + (system-group (name "nogroup")) ; for daemons etc. ;; The following groups are conventionally used by things like udev to ;; control access to hardware devices. (system-group (name "tty") (id %tty-gid)) (system-group (name "dialout")) (system-group (name "kmem")) - (system-group (name "input")) ; input devices, from udev + (system-group (name "input")) ; input devices, from udev (system-group (name "video")) (system-group (name "audio")) - (system-group (name "netdev")) ; used in avahi-dbus.conf + (system-group (name "netdev")) ; used in avahi-dbus.conf (system-group (name "lp")) (system-group (name "disk")) (system-group (name "floppy")) (system-group (name "cdrom")) (system-group (name "tape")) - (system-group (name "kvm"))))) ; for /dev/kvm + (system-group (name "kvm"))))) ; for /dev/kvm (define %base-user-accounts ;; List of standard user accounts. Note that "root" is a special case, so @@ -224,4 +229,81 @@ of user '~a' is undeclared") (user-account-supplementary-groups user))) users))) + +;;; +;;; Service. +;;; + +(define (user-group->gexp group) + "Turn GROUP, a object, into a list-valued gexp suitable for +'active-groups'." + #~(list #$(user-group-name group) + #$(user-group-password group) + #$(user-group-id group) + #$(user-group-system? group))) + +(define (user-account->gexp account) + "Turn ACCOUNT, a object, into a list-valued gexp suitable for +'activate-users'." + #~`(#$(user-account-name account) + #$(user-account-uid account) + #$(user-account-group account) + #$(user-account-supplementary-groups account) + #$(user-account-comment account) + #$(user-account-home-directory account) + ,#$(user-account-shell account) ; this one is a gexp + #$(user-account-password account) + #$(user-account-system? account))) + +(define (account-activation accounts+groups) + "Return a gexp that activates ACCOUNTS+GROUPS, a list of and + objects. Raise an error if a user account refers to a undefined +group." + (define accounts + (filter user-account? accounts+groups)) + + (define user-specs + (map user-account->gexp accounts)) + + (define groups + (filter user-group? accounts+groups)) + + (define group-specs + (map user-group->gexp groups)) + + (assert-valid-users/groups accounts groups) + + ;; Add users and user groups. + #~(begin + (setenv "PATH" + (string-append #$(@ (gnu packages admin) shadow) "/sbin")) + (activate-users+groups (list #$@user-specs) + (list #$@group-specs)))) + +(define (etc-skel arguments) + "Filter out among ARGUMENTS things corresponding to skeletons, and return +the /etc/skel directory for those." + (let ((skels (filter pair? arguments))) + `(("skel" ,(skeleton-directory skels))))) + +(define account-service-type + (service-type (name 'account) + + ;; Concatenate , , and skeleton + ;; lists. + (compose concatenate) + (extend append) + + (extensions + (list (service-extension activation-service-type + account-activation) + (service-extension etc-service-type + etc-skel))))) + +(define (account-service accounts+groups skeletons) + "Return a that takes care of user accounts and user groups, with +ACCOUNTS+GROUPS as its initial list of accounts and groups." + (service account-service-type + (append skeletons accounts+groups))) + ;;; shadow.scm ends here -- cgit v1.2.3