This matches up with changes in the Guix Data Service to not use the
normalized codeset.
* gnu/services/guix.scm (guix-data-service-shepherd-services): Change the
LC_ALL codeset to UTF-8.
Fixes: <https://issues.guix.gnu.org/43760>.
* gnu/services/cuirass.scm (cuirass-activation): Do not create
queries-log-file and web-queries-log-file if the corresponding config file are
unset.
Fixes <https://issues.guix.info/39670>.
Combined with commit def6e2ae46, this allows unprivileged users to mount file
systems marked with the "user" option. It adds less than 4 MiB to the closure
of the lightweight-desktop.tmpl operating system template.
* gnu/services/desktop.scm (%desktop-services): Extend the
setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
programs.
Reported-by: Nathan Dehnel <ncdehnel@gmail.com>
* gnu/services/ssh.scm:
(<webssh-configuration>): New record type.
(%webssh-configuration-nginx, webssh-service-type): New variables.
(webssh-account, webssh-activation, webssh-shepherd-service): New procedures.
* doc/guix.texi: Document this.
This is a follow-up to commit d692ebf980.
* gnu/services/virtualization.scm (%hurd-vm-accounts)[supplementary-groups]:
Add ’kvm’.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use #:group
"kvm"
This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
* gnu/services/virtualization.scm (initialize-hurd-vm-substitutes)
(hurd-vm-activation): New procedures.
(hurd-vm-service-type)[extensions]: Add ACTIVATION-SERVICE-TYPE
extension.
* doc/guix.texi (Transparent Emulation with QEMU): Mention GNU/Hurd.
(The Hurd in a Virtual Machine): Explain which files are automatically
installed and mention offloading.
This change allows a childhurd to run within Guix System in a VM.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
Stage the 'file-exists?' call.
Until qemu was running as "root", which is unnecessary.
* gnu/services/virtualization.scm (%hurd-vm-accounts): New variable.
(hurd-vm-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension.
* gnu/services/desktop.scm <elogind-configuration>: Add an
handle-lid-switch-external-power field, mapping to the
HandleLidSwitchExternalPower logind.conf setting.
* doc/guix.texi (Desktop Services): ‘Document’ it.
* gnu/services/cuirass.scm (<cuirass-configuration>)[web-queries-log-file]:
New field.
(cuirass-shepherd-service): Honor it.
(cuirass-log-rotations): If defined, add the web queries log file to the log
rotation.
* gnu/services/cuirass.scm (<cuirass-configuration>)[queries-log-file]: New
field.
(cuirass-shepherd-service): Honor it.
(cuirass-log-rotations): If defined, add the queries log file to the log
rotation.
The userland proxy option does not properly disable the userland proxy when
set to false. Docker defaults to enabling the userland proxy if the option is
unset on the command line.
* gnu/services/docker.scm (docker-shepherd-service): Properly handle the
'enable-proxy?' option.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit follows a404716d41.
* gnu/services/docker.scm
(docker-configuration)[docker-cli]: New record field.
(docker-service-type): Use this.
* doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
This reverts commit bcfe0f0c1e for now.
It breaks most current use(r)s of the Dovecot service and needs to be
combined with an extra modules configuration field of some kind.
See <https://issues.guix.gnu.org/43347>.
* gnu/services/mail.scm (serialize-space-separated-string-list): Protocols
might have custom settings, which are not supported by other protocols. To
prevent dovecot/services from crashing, serialize settings that hold non-empty
values only.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/web.scm: (<php-fpm-configuration>)[php-ini-file]: New record field.
(php-fpm-shepherd-service): Use it.
* doc/guix.texi (Web Services): Document it.
* gnu/services/mail.scm (%dovecot-activation): Link the location with multiple
plugins (dovecot-pigeonhole, etc), to a place where dovecot can find them.
* gnu/services/mail.scm (dovecot-configuration): Use the symlink.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* gnu/services/virtualization.scm (secret-service-operating-system): New
procedure.
(hurd-vm-disk-image): Use it to ensure a Childhurd always includes the
secret-service.
(%hurd-vm-operating-system): Remove secret-service.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add
secret-service.
(hurd-vm-shepherd-service): Use it to install secrets.
* doc/guix.texi (The Hurd in a Virtual Machine): Document it.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Fixes a bug in 949672c923 whereby jobs
specifying a #:user not available in the build environment would fail
validation.
Reported by Maxim Cournoyer.
* gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue"
file and pass it to 'mcron --schedule'.
