summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm86
-rw-r--r--gnu/services/databases.scm22
-rw-r--r--gnu/services/desktop.scm36
-rw-r--r--gnu/services/dns.scm2
-rw-r--r--gnu/services/ganeti.scm2
-rw-r--r--gnu/services/guix.scm21
-rw-r--r--gnu/services/monitoring.scm7
-rw-r--r--gnu/services/networking.scm117
-rw-r--r--gnu/services/virtualization.scm11
-rw-r--r--gnu/services/web.scm75
10 files changed, 334 insertions, 45 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 04bc991356..499e50bfd7 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1476,10 +1476,18 @@ archive' public keys, with GUIX."
#~(begin
(use-modules (guix build utils))
- (unless (file-exists? "/etc/guix/acl")
- (mkdir-p "/etc/guix")
- (copy-file #+default-acl "/etc/guix/acl")
- (chmod "/etc/guix/acl" #o600)))))
+ ;; If the ACL already exists, move it out of the way. Create a backup
+ ;; if it's a regular file: it's likely that the user manually updated
+ ;; it with 'guix archive --authorize'.
+ (if (file-exists? "/etc/guix/acl")
+ (if (and (symbolic-link? "/etc/guix/acl")
+ (store-file-name? (readlink "/etc/guix/acl")))
+ (delete-file "/etc/guix/acl")
+ (rename-file "/etc/guix/acl" "/etc/guix/acl.bak"))
+ (mkdir-p "/etc/guix"))
+
+ ;; Installed the declared ACL.
+ (symlink #+default-acl "/etc/guix/acl"))))
(define %default-authorized-guix-keys
;; List of authorized substitute keys.
@@ -1562,8 +1570,10 @@ proxy of 'guix-daemon'...~%")
(ice-9 match)
(gnu build shepherd)))
(start
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)))
+ (with-imported-modules `(((guix config) => ,(make-config.scm))
+ ,@(source-module-closure
+ '((gnu build shepherd))
+ #:select? not-config?))
#~(lambda args
(define proxy
;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by
@@ -1732,6 +1742,8 @@ proxy of 'guix-daemon'...~%")
(default "nar"))
(cache guix-publish-configuration-cache ;#f | string
(default #f))
+ (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold
+ (default (* 10 (expt 2 20)))) ;integer
(workers guix-publish-configuration-workers ;#f | integer
(default #f))
(ttl guix-publish-configuration-ttl ;#f | integer
@@ -1766,7 +1778,7 @@ raise a deprecation warning if the 'compression-level' field was used."
lst))))
(match-record config <guix-publish-configuration>
- (guix port host nar-path cache workers ttl)
+ (guix port host nar-path cache workers ttl cache-bypass-threshold)
(list (shepherd-service
(provision '(guix-publish))
(requirement '(guix-daemon))
@@ -1788,7 +1800,11 @@ raise a deprecation warning if the 'compression-level' field was used."
"s"))
#~())
#$@(if cache
- #~((string-append "--cache=" #$cache))
+ #~((string-append "--cache=" #$cache)
+ #$(string-append
+ "--cache-bypass-threshold="
+ (number->string
+ cache-bypass-threshold)))
#~()))
;; Make sure we run in a UTF-8 locale so we can produce
@@ -2096,22 +2112,52 @@ instance."
'swap
(lambda (device)
(define requirement
- (if (string-prefix? "/dev/mapper/" device)
+ (if (and (string? device)
+ (string-prefix? "/dev/mapper/" device))
(list (symbol-append 'device-mapping-
(string->symbol (basename device))))
'()))
- (shepherd-service
- (provision (list (symbol-append 'swap- (string->symbol device))))
- (requirement `(udev ,@requirement))
- (documentation "Enable the given swap device.")
- (start #~(lambda ()
- (restart-on-EINTR (swapon #$device))
- #t))
- (stop #~(lambda _
- (restart-on-EINTR (swapoff #$device))
- #f))
- (respawn? #f)))))
+ (define (device-lookup device)
+ ;; The generic 'find-partition' procedures could return a partition
+ ;; that's not swap space, but that's unlikely.
+ (cond ((uuid? device)
+ #~(find-partition-by-uuid #$(uuid-bytevector device)))
+ ((file-system-label? device)
+ #~(find-partition-by-label
+ #$(file-system-label->string device)))
+ (else
+ device)))
+
+ (define service-name
+ (symbol-append 'swap-
+ (string->symbol
+ (cond ((uuid? device)
+ (string-take (uuid->string device) 6))
+ ((file-system-label? device)
+ (file-system-label->string device))
+ (else
+ device)))))
+
+ (with-imported-modules (source-module-closure '((gnu build file-systems)))
+ (shepherd-service
+ (provision (list service-name))
+ (requirement `(udev ,@requirement))
+ (documentation "Enable the given swap device.")
+ (modules `((gnu build file-systems)
+ ,@%default-modules))
+ (start #~(lambda ()
+ (let ((device #$(device-lookup device)))
+ (and device
+ (begin
+ (restart-on-EINTR (swapon device))
+ #t)))))
+ (stop #~(lambda _
+ (let ((device #$(device-lookup device)))
+ (when device
+ (restart-on-EINTR (swapoff device)))
+ #f)))
+ (respawn? #f))))))
(define (swap-service device)
"Return a service that uses @var{device} as a swap device."
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 2bddf70f71..d7b4594b9e 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -30,6 +30,7 @@
#:use-module (gnu packages databases)
#:use-module (guix build-system trivial)
#:use-module (guix build union)
+ #:use-module (guix deprecation)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix records)
@@ -146,8 +147,7 @@ host all all ::1/128 md5"))
(define-record-type* <postgresql-configuration>
postgresql-configuration make-postgresql-configuration
postgresql-configuration?
- (postgresql postgresql-configuration-postgresql ;<package>
- (default postgresql))
+ (postgresql postgresql-configuration-postgresql) ;<package>
(port postgresql-configuration-port
(default 5432))
(locale postgresql-configuration-locale
@@ -278,15 +278,15 @@ host all all ::1/128 md5"))
(service-extension account-service-type
(const %postgresql-accounts))
(service-extension profile-service-type
- (compose list postgresql-configuration-postgresql))))
- (default-value (postgresql-configuration))))
-
-(define* (postgresql-service #:key (postgresql postgresql)
- (port 5432)
- (locale "en_US.utf8")
- (config-file (postgresql-config-file))
- (data-directory "/var/lib/postgresql/data")
- (extension-packages '()))
+ (compose list postgresql-configuration-postgresql))))))
+
+(define-deprecated (postgresql-service #:key (postgresql postgresql)
+ (port 5432)
+ (locale "en_US.utf8")
+ (config-file (postgresql-config-file))
+ (data-directory "/var/lib/postgresql/data")
+ (extension-packages '()))
+ postgresql-service-type
"Return a service that runs @var{postgresql}, the PostgreSQL database server.
The PostgreSQL daemon loads its runtime configuration from @var{config-file}
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 3a3fd8fd1b..265cf9f35f 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2019 Tim Gesthuizen <tim.gesthuizen@yahoo.de>
;;; Copyright © 2019 David Wilson <david@daviwil.com>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -53,6 +54,7 @@
#:use-module (gnu packages suckless)
#:use-module (gnu packages linux)
#:use-module (gnu packages libusb)
+ #:use-module (gnu packages lxqt)
#:use-module (gnu packages mate)
#:use-module (gnu packages nfs)
#:use-module (gnu packages enlightenment)
@@ -127,6 +129,10 @@
mate-desktop-service
mate-desktop-service-type
+ lxqt-desktop-configuration
+ lxqt-desktop-configuration?
+ lxqt-desktop-service-type
+
xfce-desktop-configuration
xfce-desktop-configuration?
xfce-desktop-service
@@ -1009,6 +1015,36 @@ system as root from within a user session, after the user has authenticated
with the administrator's password."
(service xfce-desktop-service-type config))
++
+;;;
+;;; Lxqt desktop service.
+;;;
+
+(define-record-type* <lxqt-desktop-configuration> lxqt-desktop-configuration
+ make-lxqt-desktop-configuration
+ lxqt-desktop-configuration?
+ (lxqt lxqt-package
+ (default lxqt)))
+
+(define (lxqt-polkit-settings config)
+ "Return the list of LXQt dependencies that provide polkit actions and
+rules."
+ (let ((lxqt (lxqt-package config)))
+ (map (lambda (name)
+ ((package-direct-input-selector name) lxqt))
+ '("lxqt-admin"))))
+
+(define lxqt-desktop-service-type
+ (service-type
+ (name 'lxqt-desktop)
+ (extensions
+ (list (service-extension polkit-service-type
+ lxqt-polkit-settings)
+ (service-extension profile-service-type
+ (compose list lxqt-package))))
+ (default-value (lxqt-desktop-configuration))
+ (description "Run LXQt desktop environment.")))
+
;;;
;;; X11 socket directory service
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 572880561c..b339eb0619 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -700,7 +700,7 @@ cache.size = 100 * MB
(documentation "Run the Knot Resolver daemon.")
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/kresd")
- "-c" #$kresd-config-file "-f" "1"
+ "-c" #$kresd-config-file "-n"
"/var/cache/knot-resolver")))
(stop #~(make-kill-destructor)))
(shepherd-service
diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm
index d87db5b9ac..0a34ea6a5e 100644
--- a/gnu/services/ganeti.scm
+++ b/gnu/services/ganeti.scm
@@ -430,7 +430,7 @@ appropriate requests to this daemon.")))
(description
"@command{ganeti-luxid} is a daemon used to answer queries
related to the configuration and the current live state of a Ganeti cluster.
-Additionally, it is the authorative daemon for the Ganeti job queue. Jobs can
+Additionally, it is the authoritative daemon for the Ganeti job queue. Jobs can
be submitted via this daemon and it schedules and starts them.")))
(define-record-type* <ganeti-rapi-configuration>
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index a47c4bd941..b909c651cc 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -188,8 +188,11 @@
;; libraries, but it means that the Guile libraries
;; needed for the Guix Build Coordinator don't need
;; to be individually specified here.
- (map second (package-inputs
- guix-build-coordinator-package)))
+ (append
+ (map second (package-inputs
+ guix-build-coordinator-package))
+ (map second (package-propagated-inputs
+ guix-build-coordinator-package))))
#~(begin
(use-modules (srfi srfi-1)
(ice-9 match)
@@ -200,16 +203,21 @@
(guix-build-coordinator build-allocator)
(guix-build-coordinator coordinator))
+ (setvbuf (current-output-port) 'line)
+ (setvbuf (current-error-port) 'line)
+
+ (simple-format #t "starting the guix-build-coordinator:\n ~A\n"
+ (current-filename))
(let* ((metrics-registry (make-metrics-registry
#:namespace
- "guixbuildcoordinator_"))
+ "guixbuildcoordinator"))
(datastore (database-uri->datastore
#$database-uri-string
#:metrics-registry metrics-registry))
(hooks
(list #$@(map (match-lambda
((name . hook-gexp)
- #~(cons name #$hook-gexp)))
+ #~(cons '#$name #$hook-gexp)))
hooks)))
(hooks-with-defaults
`(,@hooks
@@ -265,7 +273,8 @@
#:environment-variables
`(,(string-append
"GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale")
- "LC_ALL=en_US.utf8")
+ "LC_ALL=en_US.utf8"
+ "PATH=/run/current-system/profile/bin") ; for hooks
#:log-file "/var/log/guix-build-coordinator/coordinator.log"))
(stop #~(make-kill-destructor))))))
@@ -363,6 +372,8 @@
#~(begin
(use-modules (guix build utils))
+ (define %user (getpw "guix-build-coordinator-agent"))
+
(mkdir-p "/var/log/guix-build-coordinator")
;; Allow writing the PID file
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 511f4fb2fe..da3d736ba6 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -279,11 +279,11 @@ configuration file."))
(define (zabbix-server-activation config)
"Return the activation gexp for CONFIG."
- (with-imported-modules '((guix build utils)
- (ice-9 rdelim))
+ (with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim))
+
(let ((user (getpw #$(zabbix-server-configuration-user config))))
(for-each (lambda (file)
(let ((directory (dirname file)))
@@ -393,8 +393,7 @@ configuration file."))
(define (zabbix-agent-activation config)
"Return the activation gexp for CONFIG."
- (with-imported-modules '((guix build utils)
- (ice-9 rdelim))
+ (with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 64f54e787f..9ec0f6a9ca 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -61,7 +61,9 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-43)
#:use-module (ice-9 match)
+ #:use-module (json)
#:re-export (static-networking-service
static-networking-service-type)
#:export (%facebook-host-aliases
@@ -180,7 +182,17 @@
pagekite-configuration-kitesecret
pagekite-configuration-frontend
pagekite-configuration-kites
- pagekite-configuration-extra-file))
+ pagekite-configuration-extra-file
+
+ yggdrasil-service-type
+ yggdrasil-configuration
+ yggdrasil-configuration?
+ yggdrasil-configuration-autoconf?
+ yggdrasil-configuration-config-file
+ yggdrasil-configuration-log-level
+ yggdrasil-configuration-log-to
+ yggdrasil-configuration-json-config
+ yggdrasil-configuration-package))
;;; Commentary:
;;;
@@ -1750,4 +1762,107 @@ table inet filter {
"Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
local servers publicly accessible on the web, even behind NATs and firewalls.")))
+
+;;;
+;;; Yggdrasil
+;;;
+
+(define-record-type* <yggdrasil-configuration>
+ yggdrasil-configuration
+ make-yggdrasil-configuration
+ yggdrasil-configuration?
+ (package yggdrasil-configuration-package
+ (default yggdrasil))
+ (json-config yggdrasil-configuration-json-config
+ (default '()))
+ (config-file yggdrasil-config-file
+ (default "/etc/yggdrasil-private.conf"))
+ (autoconf? yggdrasil-configuration-autoconf?
+ (default #f))
+ (log-level yggdrasil-configuration-log-level
+ (default 'info))
+ (log-to yggdrasil-configuration-log-to
+ (default 'stdout)))
+
+(define (yggdrasil-configuration-file config)
+ (define (scm->yggdrasil-json x)
+ (define key-value?
+ dotted-list?)
+ (define (param->camel str)
+ (string-concatenate
+ (map
+ string-capitalize
+ (string-split str (cut eqv? <> #\-)))))
+ (cond
+ ((key-value? x)
+ (let ((k (car x))
+ (v (cdr x)))
+ (cons
+ (if (symbol? k)
+ (param->camel (symbol->string k))
+ k)
+ v)))
+ ((list? x) (map scm->yggdrasil-json x))
+ ((vector? x) (vector-map scm->yggdrasil-json x))
+ (else x)))
+ (computed-file
+ "yggdrasil.conf"
+ #~(call-with-output-file #$output
+ (lambda (port)
+ ;; it's HJSON, so comments are a-okay
+ (display "# Generated by yggdrasil-service\n" port)
+ (display #$(scm->json-string
+ (scm->yggdrasil-json
+ (yggdrasil-configuration-json-config config)))
+ port)))))
+
+(define (yggdrasil-shepherd-service config)
+ "Return a <shepherd-service> for yggdrasil with CONFIG."
+ (define yggdrasil-command
+ #~(append
+ (list (string-append
+ #$(yggdrasil-configuration-package config)
+ "/bin/yggdrasil")
+ "-useconffile"
+ #$(yggdrasil-configuration-file config))
+ (if #$(yggdrasil-configuration-autoconf? config)
+ '("-autoconf")
+ '())
+ (let ((extraconf #$(yggdrasil-config-file config)))
+ (if extraconf
+ (list "-extraconffile" extraconf)
+ '()))
+ (list "-loglevel"
+ #$(symbol->string
+ (yggdrasil-configuration-log-level config))
+ "-logto"
+ #$(symbol->string
+ (yggdrasil-configuration-log-to config)))))
+ (list (shepherd-service
+ (documentation "Connect to the Yggdrasil mesh network")
+ (provision '(yggdrasil))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ #$yggdrasil-command
+ #:log-file "/var/log/yggdrasil.log"
+ #:group "yggdrasil"))
+ (stop #~(make-kill-destructor)))))
+
+(define %yggdrasil-accounts
+ (list (user-group (name "yggdrasil") (system? #t))))
+
+(define yggdrasil-service-type
+ (service-type
+ (name 'yggdrasil)
+ (description
+ "Connect to the Yggdrasil mesh network.
+See yggdrasil -genconf for config options.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ yggdrasil-shepherd-service)
+ (service-extension account-service-type
+ (const %yggdrasil-accounts))
+ (service-extension profile-service-type
+ (compose list yggdrasil-configuration-package))))))
+
;;; networking.scm ends here
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index edd0b644f5..eaf0bbde43 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP."
(permit-root-login #t)
(allow-empty-passwords? #t)
(password-authentication? #t)))
- %base-services/hurd))))
+
+ ;; By default, the secret service introduces a pre-initialized
+ ;; /etc/guix/acl file in the childhurd. Thus, clear
+ ;; 'authorize-key?' so that it's not overridden at activation
+ ;; time.
+ (modify-services %base-services/hurd
+ (guix-service-type config =>
+ (guix-configuration
+ (inherit config)
+ (authorize-key? #f))))))))
(define-record-type* <hurd-vm-configuration>
hurd-vm-configuration make-hurd-vm-configuration
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index a74c6c54b4..7e17dac6e2 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -14,6 +14,7 @@
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Alexandru-Sergiu Marton <brown121407@posteo.ro>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1134,7 +1135,7 @@ a webserver.")
#:user "hpcguix-web"
#:group "hpcguix-web"
#:environment-variables
- (list "XDG_CACHE_HOME=/var/cache"
+ (list "XDG_CACHE_HOME=/var/cache/guix/web"
"SSL_CERT_DIR=/etc/ssl/certs")
#:log-file #$%hpcguix-web-log-file))
(stop #~(make-kill-destructor))))))
@@ -1798,3 +1799,75 @@ WSGIPassAuthorization On
"Run Mumi, a Web interface to the Debbugs bug-tracking server.")
(default-value
(mumi-configuration))))
+
+(define %default-gmnisrv-config-file
+ (plain-file "gmnisrv.ini" "
+listen=0.0.0.0:1965 [::]:1965
+
+[:tls]
+store=/var/lib/gemini/certs
+
+organization=gmnisrv on Guix user
+
+[localhost]
+root=/srv/gemini
+"))
+
+(define-record-type* <gmnisrv-configuration>
+ gmnisrv-configuration make-gmnisrv-configuration
+ gmnisrv-configuration?
+ (package gmnisrv-configuration-package
+ (default gmnisrv))
+ (config-file gmnisrv-configuration-config-file
+ (default %default-gmnisrv-config-file)))
+
+(define gmnisrv-shepherd-service
+ (match-lambda
+ (($ <gmnisrv-configuration> package config-file)
+ (list (shepherd-service
+ (provision '(gmnisrv))
+ (requirement '(networking))
+ (documentation "Run the gmnisrv Gemini server.")
+ (start (let ((gmnisrv (file-append package "/bin/gmnisrv")))
+ #~(make-forkexec-constructor
+ (list #$gmnisrv "-C" #$config-file)
+ #:user "gmnisrv" #:group "gmnisrv"
+ #:log-file "/var/log/gmnisrv.log")))
+ (stop #~(make-kill-destructor)))))))
+
+(define %gmnisrv-accounts
+ (list (user-group (name "gmnisrv") (system? #t))
+ (user-account
+ (name "gmnisrv")
+ (group "gmnisrv")
+ (system? #t)
+ (comment "gmnisrv Gemini server")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define %gmnisrv-activation
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p "/var/lib/gemini/certs")
+ (let* ((pw (getpwnam "gmnisrv"))
+ (uid (passwd:uid pw))
+ (gid (passwd:gid pw)))
+ (chown "/var/lib/gemini" uid gid)
+ (chown "/var/lib/gemini/certs" uid gid)))))
+
+(define gmnisrv-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension activation-service-type
+ (const %gmnisrv-activation))
+ (service-extension account-service-type
+ (const %gmnisrv-accounts))
+ (service-extension shepherd-root-service-type
+ gmnisrv-shepherd-service)))
+ (description
+ "Run the gmnisrv Gemini server.")
+ (default-value
+ (gmnisrv-configuration))))
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-10 15:27:51 +0000