* gnu/services/cuirass.scm (<cuirass-configuration>)[queries-log-file]: New
field.
(cuirass-shepherd-service): Honor it.
(cuirass-log-rotations): If defined, add the queries log file to the log
rotation.
The userland proxy option does not properly disable the userland proxy when
set to false. Docker defaults to enabling the userland proxy if the option is
unset on the command line.
* gnu/services/docker.scm (docker-shepherd-service): Properly handle the
'enable-proxy?' option.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit follows a404716d41.
* gnu/services/docker.scm
(docker-configuration)[docker-cli]: New record field.
(docker-service-type): Use this.
* doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
This reverts commit bcfe0f0c1e for now.
It breaks most current use(r)s of the Dovecot service and needs to be
combined with an extra modules configuration field of some kind.
See <https://issues.guix.gnu.org/43347>.
* gnu/services/mail.scm (serialize-space-separated-string-list): Protocols
might have custom settings, which are not supported by other protocols. To
prevent dovecot/services from crashing, serialize settings that hold non-empty
values only.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/web.scm: (<php-fpm-configuration>)[php-ini-file]: New record field.
(php-fpm-shepherd-service): Use it.
* doc/guix.texi (Web Services): Document it.
* gnu/services/mail.scm (%dovecot-activation): Link the location with multiple
plugins (dovecot-pigeonhole, etc), to a place where dovecot can find them.
* gnu/services/mail.scm (dovecot-configuration): Use the symlink.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* gnu/services/virtualization.scm (secret-service-operating-system): New
procedure.
(hurd-vm-disk-image): Use it to ensure a Childhurd always includes the
secret-service.
(%hurd-vm-operating-system): Remove secret-service.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add
secret-service.
(hurd-vm-shepherd-service): Use it to install secrets.
* doc/guix.texi (The Hurd in a Virtual Machine): Document it.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Fixes a bug in 949672c923 whereby jobs
specifying a #:user not available in the build environment would fail
validation.
Reported by Maxim Cournoyer.
* gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue"
file and pass it to 'mcron --schedule'.
That way, run-time errors in the job specs are caught at build time.
* gnu/services/mcron.scm (job-file): Remove.
(job-files): New procedure.
(mcron-shepherd-services): Adjust accordingly.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Fixes <https://bugs.gnu.org/43011>.
Reported by Jesse Gibbons <jgibbons2357@gmail.com>.
Until now the stdout/stderr file descriptors were not redirected.
* gnu/services/admin.scm (unattended-upgrade-mcron-jobs)[code]: Remove
'with-logging' and use 'redirect-port' instead.
* gnu/services/admin.scm (<unattended-upgrade-configuration>)[operating-system-file]:
New field.
(unattended-upgrade-mcron-jobs): Honor it.
* doc/guix.texi (Unattended Upgrades): Document it.
* gnu/services/linux.scm (<zram-device-configuration>): New record.
(zram-device-service-type): New variable.
* doc/guix.texi (Linux Services): Document it.
* tests/services/linux.scm (zram-swap-device-test): New tests.
* gnu/services/admin.scm (<unattended-upgrade-configuration>): New
record type.
(%unattended-upgrade-log-file): New variable.
(unattended-upgrade-mcron-jobs, unattended-upgrade-log-rotations): New
procedures.
(unattended-upgrade-service-type): New variable.
* doc/guix.texi (Service Reference): Add 'provenance-service-type' anchor.
(Unattended Upgrades): New section.
* gnu/services/nix.scm (<nix-configuration>)[extra-options]: New field.
(nix-shepherd-service): Add this.
(nix-activation): Add new line to the end of /etc/nix/nix.conf file.
* doc/guix.texi (Miscellaneous Services)[Nix service]: Document this.
* gnu/services/ganeti.scm (<ganeti-rapi-configuration>): Set SSL? to #t.
* gnu/tests/ganeti.scm (%ganeti-os): Set SSL? to #f.
* doc/guix.texi (Virtualization Services): Adjust accordingly.
* gnu/services/web.scm (mumi-shepherd-services)[environment]: New
variable.
Pass it as #:environment-variables to each 'make-forkexec-constructor'
call.
Commit 6680880f9b pushes out a new guix
package with a new key location, so we need to update to the new key
in order for systems to build correctly.
* gnu/services/base.scm (%default-authorized-guix-keys): Refer to berlin.guix.gnu.org.pub.
