summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/admin.scm4
-rw-r--r--gnu/services/base.scm19
-rw-r--r--gnu/services/ci.scm127
-rw-r--r--gnu/services/cuirass.scm2
-rw-r--r--gnu/services/databases.scm4
-rw-r--r--gnu/services/mail.scm2
-rw-r--r--gnu/services/networking.scm141
-rw-r--r--gnu/services/sysctl.scm2
-rw-r--r--gnu/services/version-control.scm2
-rw-r--r--gnu/services/web.scm35
-rw-r--r--gnu/services/xorg.scm2
11 files changed, 313 insertions, 27 deletions
diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm
index b34b990f32..763a4434e4 100644
--- a/gnu/services/admin.scm
+++ b/gnu/services/admin.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;;
;;; This file is part of GNU Guix.
@@ -80,7 +80,7 @@
(define %rotated-files
;; Syslog files subject to rotation.
'("/var/log/messages" "/var/log/secure" "/var/log/debug"
- "/var/log/maillog"))
+ "/var/log/maillog" "/var/log/mcron.log"))
(define %default-rotations
(list (log-rotation ;syslog files
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index f50bcfdcb4..24b3ea785b 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -13,6 +13,7 @@
;;; Copyright © 2019 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2021 qblade <qblade@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1815,7 +1816,11 @@ proxy of 'guix-daemon'...~%")
raise a deprecation warning if the 'compression-level' field was used."
(match (%guix-publish-configuration-compression-level config)
(#f
- '(("gzip" 3)))
+ ;; Default to low compression levels when there's no cache so that users
+ ;; get good bandwidth by default.
+ (if (guix-publish-configuration-cache config)
+ '(("gzip" 5) ("zstd" 19))
+ '(("gzip" 3) ("zstd" 3)))) ;zstd compresses faster
(level
(warn-about-deprecation 'compression-level properties
#:replacement 'compression)
@@ -2304,7 +2309,11 @@ This service is not part of @var{%base-services}."
(auto-login kmscon-configuration-auto-login
(default #f))
(hardware-acceleration? kmscon-configuration-hardware-acceleration?
- (default #f))) ; #t causes failure
+ (default #f)) ; #t causes failure
+ (font-engine kmscon-configuration-font-engine
+ (default "pango"))
+ (font-size kmscon-configuration-font-size
+ (default 12)))
(define kmscon-service-type
(shepherd-service-type
@@ -2315,13 +2324,17 @@ This service is not part of @var{%base-services}."
(login-program (kmscon-configuration-login-program config))
(login-arguments (kmscon-configuration-login-arguments config))
(auto-login (kmscon-configuration-auto-login config))
- (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
+ (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config))
+ (font-engine (kmscon-configuration-font-engine config))
+ (font-size (kmscon-configuration-font-size config)))
(define kmscon-command
#~(list
#$(file-append kmscon "/bin/kmscon") "--login"
"--vt" #$virtual-terminal
"--no-switchvt" ;Prevent a switch to the virtual terminal.
+ "--font-engine" #$font-engine
+ "--font-size" #$(number->string font-size)
#$@(if hardware-acceleration? '("--hwaccel") '())
"--login" "--"
#$login-program #$@login-arguments
diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm
new file mode 100644
index 0000000000..0b18521e76
--- /dev/null
+++ b/gnu/services/ci.scm
@@ -0,0 +1,127 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018, 2019, 2020, 2021 Christopher Baines <mail@cbaines.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services ci)
+ #:use-module (guix gexp)
+ #:use-module (guix records)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages ci)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services admin)
+ #:use-module (gnu system shadow)
+ #:use-module (ice-9 match)
+ #:export (laminar-configuration
+ laminar-configuration?
+ laminar-configuration-home-directory
+ laminar-configuration-bind-http
+ laminar-configuration-bind-rpc
+ laminar-configuration-title
+ laminar-configuration-keep-rundirs
+ laminar-configuration-archive-url
+ laminar-configuration-base-url
+
+ laminar-service-type))
+
+;;;; Commentary:
+;;;
+;;; This module implements a service that to run instances of Laminar, a
+;;; continuous integration tool.
+;;;
+;;;; Code:
+
+(define-record-type* <laminar-configuration>
+ laminar-configuration make-laminar-configuration
+ laminar-configuration?
+ (laminar laminars-configuration-laminar
+ (default laminar))
+ (home-directory laminar-configuration-home-directory
+ (default "/var/lib/laminar"))
+ (bind-http laminar-configuration-bind-http
+ (default "*:8080"))
+ (bind-rpc laminar-configuration-bind-rpc
+ (default "unix-abstract:laminar"))
+ (title laminar-configuration-title
+ (default "Laminar"))
+ (keep-rundirs laminar-keep-rundirs
+ (default 0))
+ (archive-url laminar-archive-url
+ (default #f))
+ (base-url laminar-base-url
+ (default #f)))
+
+(define laminar-shepherd-service
+ (match-lambda
+ (($ <laminar-configuration> laminar home-directory
+ bind-http bind-rpc
+ title keep-rundirs archive-url
+ base-url)
+ (list (shepherd-service
+ (documentation "Run Laminar.")
+ (provision '(laminar))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append laminar "/sbin/laminard"))
+ #:environment-variables
+ `(,(string-append "LAMINAR_HOME="
+ #$home-directory)
+ ,(string-append "LAMINAR_BIND_HTTP="
+ #$bind-http)
+ ,(string-append "LAMINAR_TITLE="
+ #$title)
+ ,(string-append "LAMINAR_KEEP_RUNDIRS="
+ #$(number->string
+ keep-rundirs))
+ ,@(if #$archive-url
+ (list
+ (string-append "LAMINAR_ARCHIVE_URL="
+ #$archive-url))
+ '())
+ ,@(if #$base-url
+ (list
+ (string-append "LAMINAR_BASE_URL="
+ #$base-url))
+ '()))
+ #:user "laminar"
+ #:group "laminar"))
+ (stop #~(make-kill-destructor)))))))
+
+(define (laminar-account config)
+ "Return the user accounts and user groups for CONFIG."
+ (list (user-group
+ (name "laminar")
+ (system? #t))
+ (user-account
+ (name "laminar")
+ (group "laminar")
+ (system? #t)
+ (comment "Laminar privilege separation user")
+ (home-directory (laminar-configuration-home-directory config))
+ (shell #~(string-append #$shadow "/sbin/nologin")))))
+
+(define laminar-service-type
+ (service-type
+ (name 'laminar)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type laminar-shepherd-service)
+ (service-extension account-service-type laminar-account)))
+ (default-value (laminar-configuration))
+ (description
+ "Run the Laminar continuous integration service.")))
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index 9de36eb1c9..5b4e24d794 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -60,7 +60,7 @@
;;;; Code:
(define %cuirass-default-database
- "dbname=cuirass host=/var/run/postgresql")
+ "dbname=cuirass host=/tmp")
(define-record-type* <cuirass-remote-server-configuration>
cuirass-remote-server-configuration make-cuirass-remote-server-configuration
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index a841e7a50e..4a6d36b50b 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -115,7 +115,7 @@ host all all ::1/128 md5"))
(ident-file postgresql-config-file-ident-file
(default %default-postgres-ident))
(socket-directory postgresql-config-file-socket-directory
- (default "/var/run/postgresql"))
+ (default #false))
(extra-config postgresql-config-file-extra-config
(default '())))
@@ -363,7 +363,7 @@ and stores the database cluster in @var{data-directory}."
postgresql-role-configuration make-postgresql-role-configuration
postgresql-role-configuration?
(host postgresql-role-configuration-host ;string
- (default "/var/run/postgresql"))
+ (default "/tmp"))
(log postgresql-role-configuration-log ;string
(default "/var/log/postgresql_roles.log"))
(roles postgresql-role-configuration-roles
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index c0f6371104..81f692e437 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -159,7 +159,7 @@
(define (serialize-free-form-args field-name val)
(serialize-field field-name
(string-join
- (map (match-lambda ((k . v) (format #t "~a=~a" k v))) val)
+ (map (match-lambda ((k . v) (format #f "~a=~a" k v))) val)
" ")))
(define-configuration dict-configuration
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..761820ad2e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -16,6 +16,7 @@
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2021 Christopher Lemmer Webber <cwebber@dustycloud.org>
+;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -55,6 +56,8 @@
#:use-module (gnu packages ntp)
#:use-module (gnu packages wicd)
#:use-module (gnu packages gnome)
+ #:use-module (gnu packages ipfs)
+ #:use-module (gnu build linux-container)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
@@ -197,6 +200,13 @@
yggdrasil-configuration-json-config
yggdrasil-configuration-package
+ ipfs-service-type
+ ipfs-configuration
+ ipfs-configuration?
+ ipfs-configuration-package
+ ipfs-configuration-gateway
+ ipfs-configuration-api
+
keepalived-configuration
keepalived-configuration?
keepalived-service-type))
@@ -1878,6 +1888,137 @@ See yggdrasil -genconf for config options.")
;;;
+;;; IPFS
+;;;
+
+(define-record-type* <ipfs-configuration>
+ ipfs-configuration
+ make-ipfs-configuration
+ ipfs-configuration?
+ (package ipfs-configuration-package
+ (default go-ipfs))
+ (gateway ipfs-configuration-gateway
+ (default "/ip4/127.0.0.1/tcp/8082"))
+ (api ipfs-configuration-api
+ (default "/ip4/127.0.0.1/tcp/5001")))
+
+(define %ipfs-home "/var/lib/ipfs")
+
+(define %ipfs-accounts
+ (list (user-account
+ (name "ipfs")
+ (group "ipfs")
+ (system? #t)
+ (comment "IPFS daemon user")
+ (home-directory "/var/lib/ipfs")
+ (shell (file-append shadow "/sbin/nologin")))
+ (user-group
+ (name "ipfs")
+ (system? #t))))
+
+(define (ipfs-binary config)
+ (file-append (ipfs-configuration-package config) "/bin/ipfs"))
+
+(define %ipfs-home-mapping
+ #~(file-system-mapping
+ (source #$%ipfs-home)
+ (target #$%ipfs-home)
+ (writable? #t)))
+
+(define %ipfs-environment
+ #~(list #$(string-append "HOME=" %ipfs-home)))
+
+(define (ipfs-shepherd-service config)
+ "Return a <shepherd-service> for IPFS with CONFIG."
+ (define ipfs-daemon-command
+ #~(list #$(ipfs-binary config) "daemon"))
+ (list
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (shepherd-service
+ (provision '(ipfs))
+ ;; While IPFS is most useful when the machine is connected
+ ;; to the network, only loopback is required for starting
+ ;; the service.
+ (requirement '(loopback))
+ (documentation "Connect to the IPFS network")
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start #~(make-forkexec-constructor/container
+ #$ipfs-daemon-command
+ #:namespaces '#$(fold delq %namespaces '(user net))
+ #:mappings (list #$%ipfs-home-mapping)
+ #:log-file "/var/log/ipfs.log"
+ #:user "ipfs"
+ #:group "ipfs"
+ #:environment-variables #$%ipfs-environment))
+ (stop #~(make-kill-destructor))))))
+
+(define (%ipfs-activation config)
+ "Return an activation gexp for IPFS with CONFIG"
+ (define (ipfs-config-command setting value)
+ #~(#$(ipfs-binary config) "config" #$setting #$value))
+ (define (set-config!-gexp setting value)
+ #~(system* #$@(ipfs-config-command setting value)))
+ (define settings
+ `(("Addresses.API" ,(ipfs-configuration-api config))
+ ("Addresses.Gateway" ,(ipfs-configuration-gateway config))))
+ (define inner-gexp
+ #~(begin
+ (umask #o077)
+ ;; Create $HOME/.ipfs structure
+ (system* #$(ipfs-binary config) "init")
+ ;; Apply settings
+ #$@(map (cute apply set-config!-gexp <>) settings)))
+ (define inner-script
+ (program-file "ipfs-activation-inner" inner-gexp))
+ ;; Run ipfs init and ipfs config from a container,
+ ;; in case the IPFS daemon was compromised at some point
+ ;; and ~/.ipfs is now a symlink to somewhere outside
+ ;; %ipfs-home.
+ (define container-gexp
+ (with-extensions (list shepherd)
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (use-modules (gnu build shepherd)
+ (gnu system file-systems))
+ (let* ((constructor
+ (make-forkexec-constructor/container
+ (list #$inner-script)
+ #:namespaces '#$(fold delq %namespaces '(user))
+ #:mappings (list #$%ipfs-home-mapping)
+ #:user "ipfs"
+ #:group "ipfs"
+ #:environment-variables #$%ipfs-environment))
+ (pid (constructor)))
+ (waitpid pid))))))
+ ;; The activation may happen from the initrd, which uses
+ ;; a statically-linked guile, while the guix container
+ ;; procedures require a working dynamic-link.
+ (define container-script
+ (program-file "ipfs-activation-container" container-gexp))
+ #~(system* #$container-script))
+
+(define ipfs-service-type
+ (service-type
+ (name 'ipfs)
+ (extensions
+ (list (service-extension account-service-type
+ (const %ipfs-accounts))
+ (service-extension activation-service-type
+ %ipfs-activation)
+ (service-extension shepherd-root-service-type
+ ipfs-shepherd-service)))
+ (default-value (ipfs-configuration))
+ (description
+ "Run @command{ipfs daemon}, the reference implementation
+of the IPFS peer-to-peer storage network.")))
+
+
+;;;
;;; Keepalived
;;;
diff --git a/gnu/services/sysctl.scm b/gnu/services/sysctl.scm
index aaea7cc30d..80ed2ff46f 100644
--- a/gnu/services/sysctl.scm
+++ b/gnu/services/sysctl.scm
@@ -25,6 +25,8 @@
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
#:export (sysctl-configuration
+ sysctl-configuration-sysctl
+ sysctl-configuration-settings
sysctl-service-type
%default-sysctl-settings))
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index f3df0b979f..8cb5633165 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -163,7 +163,7 @@ protocol.")
(define* (git-daemon-service #:key (config (git-daemon-configuration)))
"Return a service that runs @command{git daemon}, a simple TCP server to
-expose repositories over the Git protocol for annoymous access.
+expose repositories over the Git protocol for anonymous access.
The optional @var{config} argument should be a
@code{<git-daemon-configuration>} object, by default it allows read-only
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index aa688a4328..bfcdfe7421 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -840,8 +840,9 @@ of index files."
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/fcgiwrap")
- "-s" #$socket)
- #:user #$user #:group #$group))
+ "-s" #$socket)
+ #:user #$user #:group #$group
+ #:log-file "/var/log/fcgiwrap.log"))
(stop #~(make-kill-destructor)))))))
(define fcgiwrap-activation
@@ -863,7 +864,7 @@ of index files."
(extensions
(list (service-extension shepherd-root-service-type
fcgiwrap-shepherd-service)
- (service-extension account-service-type
+ (service-extension account-service-type
fcgiwrap-accounts)
(service-extension activation-service-type
fcgiwrap-activation)))
@@ -1946,24 +1947,24 @@ root=/srv/gemini
(documentation "Run the agate Gemini server.")
(start (let ((agate (file-append package "/bin/agate")))
#~(make-forkexec-constructor
- (list #$agate
- "--content" #$content
- "--cert" #$cert
- "--key" #$key
- "--addr" #$@addr
+ (list #$agate
+ "--content" #$content
+ "--cert" #$cert
+ "--key" #$key
+ "--addr" #$@addr
#$@(if lang
(list "--lang" lang)
'())
- #$@(if hostname
- (list "--hostname" hostname)
- '())
- #$@(if silent? '("--silent") '())
- #$@(if serve-secret? '("--serve-secret") '())
- #$@(if log-ip? '("--log-ip") '()))
- #:user #$user #:group #$group
- #:log-file #$log-file)))
+ #$@(if hostname
+ (list "--hostname" hostname)
+ '())
+ #$@(if silent? '("--silent") '())
+ #$@(if serve-secret? '("--serve-secret") '())
+ #$@(if log-ip? '("--log-ip") '()))
+ #:user #$user #:group #$group
+ #:log-file #$log-file)))
(stop #~(make-kill-destructor)))))))
-
+
(define agate-accounts
(match-lambda
(($ <agate-configuration> _ _ _ _ _
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 60611dc77d..17d983ff8d 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -68,6 +68,8 @@
%default-xorg-modules
%default-xorg-fonts
+ %default-xorg-server-arguments
+
xorg-wrapper
xorg-start-command
xinitrc
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-09 06:53:27 +0000