* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/linux.scm (kernel-module-loader-shepherd-service): Return
a 'shepherd-service' instead of a list of it.
(kernel-module-loader-service-type): Adjust it.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/mail.scm (radicale-configuration)
(radicale-configuration?): New procedures.
(%default-radicale-config-file)
(radicale-service-type): New variables.
* doc/guix.texi: Document it.
Fixes <http://issues.guix.gnu.org/45202>.
* gnu/services/security-token.scm (pcscd-shepherd-service): Look for
pcscd.pid in /run instead of /var/run.
Reported by Raffael Stocker <r.stocker@mnet-mail.de>.
This reverts commit aecd2a13cb for two
reasons:
1. The warning would fire every time (gnu services ssh) is loaded;
2. There's still no clear consensus on the approach to follow as
discussed in <https://issues.guix.gnu.org/44808>.
Fixes <https://bugs.gnu.org/44808>.
Reported by Christopher Lemmer Webber <cwebber@dustycloud.org>.
* gnu/services/ssh.scm (true-but-soon-false): New procedure.
(<openssh-configuration>)[password-authentication?]: Change default to
'true-but-soon-false'.
* gnu/installer/services.scm (%system-services): Explicitly set
'password-authentication?' to #f.
* gnu/services/virtualization.scm (hurd-vm-disk-image): Use
'lookup-image-type-by-name' instead of referring to 'hurd-disk-image'
from (gnu system images hurd).
There are plenty of options supported that the Guix configuration record
doesn't help you with, so add this field to allow users to do their own thing.
* gnu/services/monitoring.scm (<prometheus-node-exporter-configuration>): Add
extra-options field.
(prometheus-node-exporter-shepherd-service): Handle the extra options.
* doc/guix.texi (Prometheus Node Exporter Service): Document this.
This makes the logs easier to find and read.
* gnu/services/monitoring.scm (prometheus-node-exporter-shepherd-service):
Pass #:log-file to make-forkexec-constructor.
So it doesn't run as root, and because this will help with the textfile
exporter.
* gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New
variable.
(prometheus-node-exporter-shepherd-service): Use the relevant user and group.
(prometheus-node-exporter-service-type): Extend the account service type.
Add relevant exports, as well as a comment to better indicate where the
relevant code starts.
* gnu/services/monitoring.scm (prometheus-node-exporter-service-type):
Capitalise Prometheus.
Fixes <https://bugs.gnu.org/44820>.
Reported by Simon <lists@netpanic.org>.
This is a followup to bb124f6e9c.
* gnu/services/audio.scm (mpd-service-activation): Chown the parent of
DIRECTORY as well.
/etc/nix/nix.conf is a static file doesn't need rebuild on every boot.
* gnu/services/nix.scm (nix-activation): Don't create /etc/nix/nix.conf.
(nix-service-etc): New function.
(nix-service-type): New service-extension "nix-service-etc" to etc-service-type.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
* guix/scripts/publish.scm (%options): Add "--advertise" option.
(show-help): Document it.
(service-name): New procedure,
(publish-service-type): new variable.
(run-publish-server): Add "advertise?" and "port" parameters. Use them to publish
the server using Avahi.
(guix-publish): Pass the "advertise?" option to "run-publish-server".
* gnu/services/base.scm (<guix-publish-configuration>): Add "advertise?"
field.
(guix-publish-shepherd-service): Honor it.
* gnu/services/databases.scm (<mysql-configuration>): Add AUTO-UPGRADE? field.
(mysql-upgrade-wrapper, mysql-upgrade-shepherd-service,
mysql-shepherd-services): New variables.
(mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of
MYSQL-SHEPHERD-SERVICE.
* doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of
MYSQL-SERVICE-TYPE.
* gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run.
* gnu/services/databases.scm (mysql-service): Define in terms of DEFINE-DEPRECATED.
* gnu/tests/databases.scm (%mysql-os): Adjust accordingly.
* doc/guix.texi (Database Services): Adjust the MariaDB/MySQL section to
document MYSQL-SERVICE-TYPE instead of MYSQL-SERVICE. While at it, document
the EXTRA-CONTENT field.
‘escpr’ is nice and short, but everyone else calls this package
‘epson-inkjet-printer-escpr’. More importantly, so does upstream.
* gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename
escpr to epson-inkjet-printer-escpr, redefining escpr as
deprecated-package. Adjust all users.
* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Make ca, key an cert fields optional.
* doc/guix.texi (VPN Services): Document the change.
Fixes a regression introduced in
977eb5d023 whereby file system services
would now have a different name.
* gnu/services/base.scm (file-system->shepherd-service-name): Revert
changes introduced in 977eb5d023.
* gnu/services/shepherd.scm (%store-characters): New variable
(shepherd-service-file-name): Map all the characters outside
%STORE-CHARACTERS to #\-.
Fixes <https://bugs.gnu.org/44626>.
Reported by Vagrant Cascadian <vagrant@debian.org>.
* tests/build-utils.scm ("wrap-script, simple case"): Pass
SCRIPT-CONTENTS to 'display' rather than 'format'.
* gnu/services/base.scm (file-system->shepherd-service-name)
[valid-characters, mount-point]: New variables.
Filter out invalid store file name characters from the mount point of
FILE-SYSTEM.
Also change the default configuration to clear on logout, which is the
upstream default.
* gnu/services/base.scm (<mingetty-configuration>): Add 'clear-on-logout?'
field.
(mingetty-shepherd-service): Pass the "--noclear" option to mingetty only if
'clear-on-logout?' is #false.
* doc/guix.texi (Base Services): Document the 'clear-on-logout?' field.
This was unintentionally removed in
00014f7692.
* gnu/services/web.scm (default-nginx-config): Re-introduce processing
of server-names-hash-bucket-size option.
This was unintentionally removed in
00014f7692.
* gnu/services/web.scm (default-nginx-config): Re-introduce processing
of server-names-hash-bucket-size option.
As it doesn't use one.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services):
Remove #:pid-file.
(guix-build-coordinator-agent-activation): Don't create the /var/run
directory.
As this is needed when substituting derivations.
* gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Set
XDG_CACHE_HOME.
(guix-build-coordinator-agent-activation): Create
/var/cache/guix-build-coordinator-agent.
Until now it would wait for a PID file that'd never come.
* gnu/services/audio.scm (mpd-shepherd-service): Add 'requirement'.
Remove #:pid-file from 'start'.
(mpd-service-activation): Create the ".mpd" directory since that's what
the daemon expects.
Running 'guix system search mpd' would throw a backtrace because the
mpd-shepherd-service service start Gexp contained an unquoted call to
'getpwnam', which would look for a missing 'mpd' user and fail.
* gnu/services/audio.scm (mpd-shepherd-service): gexp-unquote only the
relevant variable rather than the whole expression.
Fixes a bug whereby different users would get different derivations for
the same service.
* gnu/services/base.scm (guix-shepherd-service): In 'start' method, do
not embed (guix config).
This is a followup to ecaa102a58.
* gnu/services/base.scm (<guix-publish-configuration>)[cache-bypass-threshold]:
New field.
(guix-publish-shepherd-service): Honor it.
* gnu/services/base.scm (swap-service-type)[device-lookup, device-name]:
New variables.
Add 'modules' field to 'shepherd-service'. In 'start' and 'stop', use
'device-lookup' to resolve UUIDs and labels.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
This silences a warning from the service at startup.
* gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n"
command-line option to kresd in place of the deprecated "-f 1".
Signed-off-by: Leo Famulari <leo@famulari.name>
* gnu/services/web.scm (<gmnisrv-configuration>): New record type.
(%default-gmnisrv-config-file): New variable.
(%gmnisrv-accounts, %gmnisrv-activation): New variables.
(gmnisrv-shepherd-service): New procedure.
(gmnisrv-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/web.scm (hpcguix-web-shepherd-service): Change
XDG_CACHE_HOME to /var/cache/guix/web. Previously, the authentication
code would try to write to /var/cache/guix/authentication, which would
fail.
Fixes <https://bugs.gnu.org/39819>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* gnu/services/base.scm (substitute-key-authorization): Symlink
DEFAULT-ACL to /etc/guix/acl unconditionally. Add code to optionally
back up /etc/guix/acl if it was possibly modified by hand.
* doc/guix.texi (Base Services): Clarify the effect of setting
'authorize-keys?' to true. Mention the backup. Give an example showing
how to authorize substitutes from another server.
This means the package is usable as a library, which is useful when using the
procedures to send requests to the Guix Build Coordinator.
* gnu/packages/package-management.scm (guix-build-coordinator)[inputs]: Move
guile inputs to propagated inputs.
[propagated-inputs]: Receive some inputs.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Adjust the
start script to include propagated inputs.
The underscore is now handled in the guile prometheus library.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Remove the
underscore from the end of the metrics namespace.
Otherwise the logging is garbled.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Configure
line output buffering for stdout and stderr.
As this allows hooks to use the system profile, if that's desired.
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services): Set PATH
to include the system profile.
Currently, if the postgresql package major version changes, this is going to
break the service upon upgrade, because PostgreSQL will reject the data files
from the differing major version of the service.
Because it's important to either keep running a particular major version, or
intentionally upgrade, I think the configuration would be better with no
default. I think this is also going to be helpful when trying to assist users
upgrading PostgreSQL.
* gnu/services/databases.scm (<postgresql-configuration>): Remove default for
postgresql.
(postgresql-service-type): Remove the default value.
* gnu/tests/databases.scm (%postgresql-os): Update accordingly.
* gnu/tests/guix.scm (%guix-data-service-os): Update accordingly.
* gnu/tests/monitoring.scm (%zabbix-os): Update accordingly.
* gnu/tests/web.scm (patchwork-os): Update accordingly.
* doc/guix.texi (PostgreSQL): Update accordingly.
Using the service type directly is a better approach, making it easier to
configure the service.
* gnu/services/databases.scm (postgresql-service): Deprecate this procedure.
* doc/guix.texi (PostgreSQL): Update the documentation for the use of (service
postgresql-service-type).
This commit fixes error 'time="2020-10-16T…" level=error msg="Handler for POST
/v1.40/containers/…/start returned error: failed to start shim: exec:
\"containerd-shim\": executable file not found in $PATH: unknown"'.
* gnu/services/docker.scm
(containerd-shepherd-service): Add "containerd-shim" to PATH.
This matches up with changes in the Guix Data Service to not use the
normalized codeset.
* gnu/services/guix.scm (guix-data-service-shepherd-services): Change the
LC_ALL codeset to UTF-8.
Fixes: <https://issues.guix.gnu.org/43760>.
* gnu/services/cuirass.scm (cuirass-activation): Do not create
queries-log-file and web-queries-log-file if the corresponding config file are
unset.
Fixes <https://issues.guix.info/39670>.
Combined with commit def6e2ae46, this allows unprivileged users to mount file
systems marked with the "user" option. It adds less than 4 MiB to the closure
of the lightweight-desktop.tmpl operating system template.
* gnu/services/desktop.scm (%desktop-services): Extend the
setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
programs.
Reported-by: Nathan Dehnel <ncdehnel@gmail.com>
* gnu/services/ssh.scm:
(<webssh-configuration>): New record type.
(%webssh-configuration-nginx, webssh-service-type): New variables.
(webssh-account, webssh-activation, webssh-shepherd-service): New procedures.
* doc/guix.texi: Document this.
This is a follow-up to commit d692ebf980.
* gnu/services/virtualization.scm (%hurd-vm-accounts)[supplementary-groups]:
Add ’kvm’.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use #:group
"kvm"
This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
* gnu/services/virtualization.scm (initialize-hurd-vm-substitutes)
(hurd-vm-activation): New procedures.
(hurd-vm-service-type)[extensions]: Add ACTIVATION-SERVICE-TYPE
extension.
* doc/guix.texi (Transparent Emulation with QEMU): Mention GNU/Hurd.
(The Hurd in a Virtual Machine): Explain which files are automatically
installed and mention offloading.
This change allows a childhurd to run within Guix System in a VM.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
Stage the 'file-exists?' call.
Until qemu was running as "root", which is unnecessary.
* gnu/services/virtualization.scm (%hurd-vm-accounts): New variable.
(hurd-vm-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension.
* gnu/services/desktop.scm <elogind-configuration>: Add an
handle-lid-switch-external-power field, mapping to the
HandleLidSwitchExternalPower logind.conf setting.
* doc/guix.texi (Desktop Services): ‘Document’ it.
* gnu/services/cuirass.scm (<cuirass-configuration>)[web-queries-log-file]:
New field.
(cuirass-shepherd-service): Honor it.
(cuirass-log-rotations): If defined, add the web queries log file to the log
rotation.
* gnu/services/cuirass.scm (<cuirass-configuration>)[queries-log-file]: New
field.
(cuirass-shepherd-service): Honor it.
(cuirass-log-rotations): If defined, add the queries log file to the log
rotation.
The userland proxy option does not properly disable the userland proxy when
set to false. Docker defaults to enabling the userland proxy if the option is
unset on the command line.
* gnu/services/docker.scm (docker-shepherd-service): Properly handle the
'enable-proxy?' option.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit follows a404716d41.
* gnu/services/docker.scm
(docker-configuration)[docker-cli]: New record field.
(docker-service-type): Use this.
* doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
This reverts commit bcfe0f0c1e for now.
It breaks most current use(r)s of the Dovecot service and needs to be
combined with an extra modules configuration field of some kind.
See <https://issues.guix.gnu.org/43347>.
* gnu/services/mail.scm (serialize-space-separated-string-list): Protocols
might have custom settings, which are not supported by other protocols. To
prevent dovecot/services from crashing, serialize settings that hold non-empty
values only.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
* gnu/services/web.scm: (<php-fpm-configuration>)[php-ini-file]: New record field.
(php-fpm-shepherd-service): Use it.
* doc/guix.texi (Web Services): Document it.
* gnu/services/mail.scm (%dovecot-activation): Link the location with multiple
plugins (dovecot-pigeonhole, etc), to a place where dovecot can find them.
* gnu/services/mail.scm (dovecot-configuration): Use the symlink.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* gnu/services/virtualization.scm (secret-service-operating-system): New
procedure.
(hurd-vm-disk-image): Use it to ensure a Childhurd always includes the
secret-service.
(%hurd-vm-operating-system): Remove secret-service.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add
secret-service.
(hurd-vm-shepherd-service): Use it to install secrets.
* doc/guix.texi (The Hurd in a Virtual Machine): Document it.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Fixes a bug in 949672c923 whereby jobs
specifying a #:user not available in the build environment would fail
validation.
Reported by Maxim Cournoyer.
* gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue"
file and pass it to 'mcron --schedule'.
That way, run-time errors in the job specs are caught at build time.
* gnu/services/mcron.scm (job-file): Remove.
(job-files): New procedure.
(mcron-shepherd-services): Adjust accordingly.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Fixes <https://bugs.gnu.org/43011>.
Reported by Jesse Gibbons <jgibbons2357@gmail.com>.
Until now the stdout/stderr file descriptors were not redirected.
* gnu/services/admin.scm (unattended-upgrade-mcron-jobs)[code]: Remove
'with-logging' and use 'redirect-port' instead.
* gnu/services/admin.scm (<unattended-upgrade-configuration>)[operating-system-file]:
New field.
(unattended-upgrade-mcron-jobs): Honor it.
* doc/guix.texi (Unattended Upgrades): Document it.
* gnu/services/linux.scm (<zram-device-configuration>): New record.
(zram-device-service-type): New variable.
* doc/guix.texi (Linux Services): Document it.
* tests/services/linux.scm (zram-swap-device-test): New tests.
