From 764d896668aa0f69514ef22de005fbf851949969 Mon Sep 17 00:00:00 2001 From: Reza Alizadeh Majd Date: Mon, 19 Oct 2020 23:58:49 +0300 Subject: services: Add LXQt desktop service. * gnu/services/desktop.scm (lxqt-desktop-service-type): New variable. (): New record type. (lxqt-desktop-configuration?): New procedure. * doc/guix.texi (Desktop Services): Document this. Co-authored-by: Oleg Pykhalov --- gnu/services/desktop.scm | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 3a3fd8fd1b..c4d6c93543 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2019 Tim Gesthuizen ;;; Copyright © 2019 David Wilson ;;; Copyright © 2020 Tobias Geerinckx-Rice +;;; Copyright © 2020 Reza Alizadeh Majd ;;; ;;; This file is part of GNU Guix. ;;; @@ -53,6 +54,7 @@ #:use-module (gnu packages suckless) #:use-module (gnu packages linux) #:use-module (gnu packages libusb) + #:use-module (gnu packages lxqt) #:use-module (gnu packages mate) #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) @@ -127,6 +129,11 @@ mate-desktop-service mate-desktop-service-type + lxqt-desktop-configuration + lxqt-desktop-configuration? + lxqt-desktop-service + lxqt-desktop-service-type + xfce-desktop-configuration xfce-desktop-configuration? xfce-desktop-service @@ -1009,6 +1016,36 @@ system as root from within a user session, after the user has authenticated with the administrator's password." (service xfce-desktop-service-type config)) ++ +;;; +;;; Lxqt desktop service. +;;; + +(define-record-type* lxqt-desktop-configuration + make-lxqt-desktop-configuration + lxqt-desktop-configuration? + (lxqt lxqt-package + (default lxqt))) + +(define (lxqt-polkit-settings config) + "Return the list of LXQt dependencies that provide polkit actions and +rules." + (let ((lxqt (lxqt-package config))) + (map (lambda (name) + ((package-direct-input-selector name) lxqt)) + '("lxqt-admin")))) + +(define lxqt-desktop-service-type + (service-type + (name 'lxqt-desktop) + (extensions + (list (service-extension polkit-service-type + lxqt-polkit-settings) + (service-extension profile-service-type + (compose list lxqt-package)))) + (default-value (lxqt-desktop-configuration)) + (description "Run LXQt desktop environment."))) + ;;; ;;; X11 socket directory service -- cgit v1.2.3 From 61e6d3ca1188c8360f724f77664010b69d1df48a Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Tue, 20 Oct 2020 00:26:34 +0300 Subject: services: lxqt-desktop: Delete unbound lxqt-desktop-service. This commit follows 764d896668aa0f69514ef22de005fbf851949969. * gnu/services/desktop.scm: Delete unbound "lxqt-desktop-service" exported variable. --- gnu/services/desktop.scm | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index c4d6c93543..265cf9f35f 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -131,7 +131,6 @@ lxqt-desktop-configuration lxqt-desktop-configuration? - lxqt-desktop-service lxqt-desktop-service-type xfce-desktop-configuration -- cgit v1.2.3 From 922a50993e4a33ad3758e2eae6176c3d528f26d3 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Tue, 20 Oct 2020 09:16:52 +0200 Subject: services: guix: Fix coordinator agent. * gnu/services/guix.scm (guix-build-coordinator-agent-activation): Define %user variable. --- gnu/services/guix.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index a47c4bd941..bd7ebcd2aa 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -363,6 +363,8 @@ #~(begin (use-modules (guix build utils)) + (define %user (getpw "guix-build-coordinator-agent")) + (mkdir-p "/var/log/guix-build-coordinator") ;; Allow writing the PID file -- cgit v1.2.3 From a698df72d37aa5173c357b7d1e3873d2c2c64c32 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 2 Oct 2020 19:06:50 +0100 Subject: services: databases: Deprecate the postgresql-service procedure. Using the service type directly is a better approach, making it easier to configure the service. * gnu/services/databases.scm (postgresql-service): Deprecate this procedure. * doc/guix.texi (PostgreSQL): Update the documentation for the use of (service postgresql-service-type). --- doc/guix.texi | 40 +++++++++++++++++++++++++++++++--------- gnu/services/databases.scm | 14 ++++++++------ 2 files changed, 39 insertions(+), 15 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 9a80555827..582ab0fd2b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18453,15 +18453,12 @@ The @code{(gnu services databases)} module provides the following services. @subsubheading PostgreSQL -@deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @ - [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ - [#:port 5432] [#:locale ``en_US.utf8''] [#:extension-packages '()] -Return a service that runs @var{postgresql}, the PostgreSQL database -server. +The following example describes a PostgreSQL service with the default +configuration. -The PostgreSQL daemon loads its runtime configuration from @var{config-file}, -creates a database cluster with @var{locale} as the default -locale, stored in @var{data-directory}. It then listens on @var{port}. +@lisp +(service postgresql-service-type) +@end lisp If the services fails to start, it may be due to an incompatible cluster already present in @var{data-directory}. Adjust it (or, if you @@ -18481,6 +18478,29 @@ createuser --interactive createdb $MY_USER_LOGIN # Replace appropriately. @end example +@deftp {Data Type} postgresql-configuration +Data type representing the configuration for the +@code{postgresql-service-type}. + +@table @asis +@item @var{postgresql} (default: @code{postgresql}) +PostgreSQL package to use for the service. + +@item @var{port} (default: @code{5432}) +Port on which PostgreSQL should listen. + +@item @var{locale} (default: @code{"en_US.utf8"}) +Locale to use as the default when creating the database cluster. + +@item @var{config-file} (default: @code{(postgresql-config-file)}) +The configuration file to use when running PostgreSQL. The default +behaviour uses the postgresql-config-file record with the default values +for the fields. + +@item @var{data-directory} (default: @code{"/var/lib/postgresql/data"}) +Directory in which to store the data. + +@item @var{extension-packages} (default: @code{'()}) @cindex postgresql extension-packages Additional extensions are loaded from packages listed in @var{extension-packages}. Extensions are available at runtime. For instance, @@ -18516,7 +18536,9 @@ psql -U postgres There is no need to add this field for contrib extensions such as hstore or dblink as they are already loadable by postgresql. This field is only required to add extensions provided by other packages. -@end deffn + +@end table +@end deftp @subsubheading MariaDB/MySQL diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 2bddf70f71..7908a3e0f6 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages databases) #:use-module (guix build-system trivial) #:use-module (guix build union) + #:use-module (guix deprecation) #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix records) @@ -281,12 +282,13 @@ host all all ::1/128 md5")) (compose list postgresql-configuration-postgresql)))) (default-value (postgresql-configuration)))) -(define* (postgresql-service #:key (postgresql postgresql) - (port 5432) - (locale "en_US.utf8") - (config-file (postgresql-config-file)) - (data-directory "/var/lib/postgresql/data") - (extension-packages '())) +(define-deprecated (postgresql-service #:key (postgresql postgresql) + (port 5432) + (locale "en_US.utf8") + (config-file (postgresql-config-file)) + (data-directory "/var/lib/postgresql/data") + (extension-packages '())) + postgresql-service-type "Return a service that runs @var{postgresql}, the PostgreSQL database server. The PostgreSQL daemon loads its runtime configuration from @var{config-file} -- cgit v1.2.3 From bdcf4d88d58798eca7811c8b1fbd4638168d05c3 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 2 Oct 2020 19:15:44 +0100 Subject: services: databases: Don't specify a default postgresql version. Currently, if the postgresql package major version changes, this is going to break the service upon upgrade, because PostgreSQL will reject the data files from the differing major version of the service. Because it's important to either keep running a particular major version, or intentionally upgrade, I think the configuration would be better with no default. I think this is also going to be helpful when trying to assist users upgrading PostgreSQL. * gnu/services/databases.scm (): Remove default for postgresql. (postgresql-service-type): Remove the default value. * gnu/tests/databases.scm (%postgresql-os): Update accordingly. * gnu/tests/guix.scm (%guix-data-service-os): Update accordingly. * gnu/tests/monitoring.scm (%zabbix-os): Update accordingly. * gnu/tests/web.scm (patchwork-os): Update accordingly. * doc/guix.texi (PostgreSQL): Update accordingly. --- doc/guix.texi | 6 ++++-- gnu/services/databases.scm | 6 ++---- gnu/tests/databases.scm | 4 +++- gnu/tests/guix.scm | 1 + gnu/tests/monitoring.scm | 4 +++- gnu/tests/web.scm | 4 +++- 6 files changed, 16 insertions(+), 9 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 582ab0fd2b..05111d4327 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18457,7 +18457,9 @@ The following example describes a PostgreSQL service with the default configuration. @lisp -(service postgresql-service-type) +(service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) @end lisp If the services fails to start, it may be due to an incompatible @@ -18483,7 +18485,7 @@ Data type representing the configuration for the @code{postgresql-service-type}. @table @asis -@item @var{postgresql} (default: @code{postgresql}) +@item @var{postgresql} PostgreSQL package to use for the service. @item @var{port} (default: @code{5432}) diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 7908a3e0f6..d7b4594b9e 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -147,8 +147,7 @@ host all all ::1/128 md5")) (define-record-type* postgresql-configuration make-postgresql-configuration postgresql-configuration? - (postgresql postgresql-configuration-postgresql ; - (default postgresql)) + (postgresql postgresql-configuration-postgresql) ; (port postgresql-configuration-port (default 5432)) (locale postgresql-configuration-locale @@ -279,8 +278,7 @@ host all all ::1/128 md5")) (service-extension account-service-type (const %postgresql-accounts)) (service-extension profile-service-type - (compose list postgresql-configuration-postgresql)))) - (default-value (postgresql-configuration)))) + (compose list postgresql-configuration-postgresql)))))) (define-deprecated (postgresql-service #:key (postgresql postgresql) (port 5432) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index e0544bbcd2..d3045cc3f7 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -215,7 +215,9 @@ (define %postgresql-os (simple-operating-system - (service postgresql-service-type))) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))))) (define (run-postgresql-test) "Run tests in %POSTGRESQL-OS." diff --git a/gnu/tests/guix.scm b/gnu/tests/guix.scm index 20b67d55d3..af7d8f0b21 100644 --- a/gnu/tests/guix.scm +++ b/gnu/tests/guix.scm @@ -156,6 +156,7 @@ (service dhcp-client-service-type) (service postgresql-service-type (postgresql-configuration + (postgresql postgresql-10) (config-file (postgresql-config-file (hba-file diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm index 17b9edc3ac..7371b02fe1 100644 --- a/gnu/tests/monitoring.scm +++ b/gnu/tests/monitoring.scm @@ -307,7 +307,9 @@ zabbix||{} (let ((base-os (simple-operating-system (service dhcp-client-service-type) - (service postgresql-service-type) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) (service zabbix-front-end-service-type (zabbix-front-end-configuration (db-password "zabbix"))) diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm index 7513eab2e4..7f4518acd2 100644 --- a/gnu/tests/web.scm +++ b/gnu/tests/web.scm @@ -567,7 +567,9 @@ HTTP-PORT." (config (httpd-config-file (listen '("8080")))))) - (service postgresql-service-type) + (service postgresql-service-type + (postgresql-configuration + (postgresql postgresql-10))) (service patchwork-service-type (patchwork-configuration (patchwork patchwork) -- cgit v1.2.3 From b34ac307e3dfd8914bd433fd3dd10c903d46787c Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Thu, 22 Oct 2020 12:31:49 +0100 Subject: services: guix: Fix hooks gexp issue for the Guix Build Coordinator. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix handling the name within the hook gexp. --- gnu/services/guix.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index bd7ebcd2aa..665267f5e3 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -209,7 +209,7 @@ (hooks (list #$@(map (match-lambda ((name . hook-gexp) - #~(cons name #$hook-gexp))) + #~(cons '#$name #$hook-gexp))) hooks))) (hooks-with-defaults `(,@hooks -- cgit v1.2.3 From b9f8ce17e4dbfb3f89bddcab0bc0396b4d790cb5 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Thu, 22 Oct 2020 14:21:19 +0100 Subject: services: guix-build-coordinator: Output the start script name. As this can be useful for debugging purposes. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Output the current filename. --- gnu/services/guix.scm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 665267f5e3..1666733e9c 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -200,6 +200,8 @@ (guix-build-coordinator build-allocator) (guix-build-coordinator coordinator)) + (simple-format #t "starting the guix-build-coordinator:\n ~A\n" + (current-filename)) (let* ((metrics-registry (make-metrics-registry #:namespace "guixbuildcoordinator_")) -- cgit v1.2.3 From ced9da901f7e58fced9a822e8cdf44e394bc4d2f Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Thu, 22 Oct 2020 14:37:14 +0100 Subject: services: guix-build-coordinator: Include the system profile in PATH. As this allows hooks to use the system profile, if that's desired. * gnu/services/guix.scm (guix-build-coordinator-shepherd-services): Set PATH to include the system profile. --- gnu/services/guix.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 1666733e9c..ac2a03147c 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -267,7 +267,8 @@ #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") - "LC_ALL=en_US.utf8") + "LC_ALL=en_US.utf8" + "PATH=/run/current-system/profile/bin") ; for hooks #:log-file "/var/log/guix-build-coordinator/coordinator.log")) (stop #~(make-kill-destructor)))))) -- cgit v1.2.3 From bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Thu, 22 Oct 2020 14:21:19 +0100 Subject: services: guix-build-coordinator: Configure output buffering. Otherwise the logging is garbled. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Configure line output buffering for stdout and stderr. --- gnu/services/guix.scm | 3 +++ 1 file changed, 3 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index ac2a03147c..4afe02792f 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -200,6 +200,9 @@ (guix-build-coordinator build-allocator) (guix-build-coordinator coordinator)) + (setvbuf (current-output-port) 'line) + (setvbuf (current-error-port) 'line) + (simple-format #t "starting the guix-build-coordinator:\n ~A\n" (current-filename)) (let* ((metrics-registry (make-metrics-registry -- cgit v1.2.3 From 4b8acf715dd806f9034e7c7a073e6b49301985d3 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 23 Oct 2020 14:58:19 +0100 Subject: services: guix: Fix the guix-build-coordinator metrics namespace. The underscore is now handled in the guile prometheus library. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Remove the underscore from the end of the metrics namespace. --- gnu/services/guix.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 4afe02792f..87f00338da 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -207,7 +207,7 @@ (current-filename)) (let* ((metrics-registry (make-metrics-registry #:namespace - "guixbuildcoordinator_")) + "guixbuildcoordinator")) (datastore (database-uri->datastore #$database-uri-string #:metrics-registry metrics-registry)) -- cgit v1.2.3 From b0d6098f03ed297fda2bdb2dfdf36a2ae0f8bd8d Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 23 Oct 2020 14:59:17 +0100 Subject: gnu: guix-build-coordinator: Propagate the guile inputs. This means the package is usable as a library, which is useful when using the procedures to send requests to the Guix Build Coordinator. * gnu/packages/package-management.scm (guix-build-coordinator)[inputs]: Move guile inputs to propagated inputs. [propagated-inputs]: Receive some inputs. * gnu/services/guix.scm (make-guix-build-coordinator-start-script): Adjust the start script to include propagated inputs. --- gnu/packages/package-management.scm | 9 +++++---- gnu/services/guix.scm | 7 +++++-- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'gnu/services') diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 349897fd16..7afbd92b0d 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -1059,7 +1059,10 @@ environments.") ("guile" ,@(assoc-ref (package-native-inputs guix) "guile")))) (inputs `(("guile" ,@(assoc-ref (package-native-inputs guix) "guile")) - ("guile-fibers" ,guile-fibers) + ("sqlite" ,sqlite) + ("sqitch" ,sqitch))) + (propagated-inputs + `(("guile-fibers" ,guile-fibers) ("guile-prometheus" ,guile-prometheus) ("guile-gcrypt" ,guile-gcrypt) ("guile-json" ,guile-json-3) @@ -1067,9 +1070,7 @@ environments.") ("guile-zlib" ,guile-zlib) ("guile-sqlite3" ,guile-sqlite3) ("guix" ,guix) - ("gnutls" ,gnutls) - ("sqlite" ,sqlite) - ("sqitch" ,sqitch))) + ("gnutls" ,gnutls))) (home-page "https://git.cbaines.net/guix/build-coordinator/") (synopsis "Tool to help build derivations") (description diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 87f00338da..b909c651cc 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -188,8 +188,11 @@ ;; libraries, but it means that the Guile libraries ;; needed for the Guix Build Coordinator don't need ;; to be individually specified here. - (map second (package-inputs - guix-build-coordinator-package))) + (append + (map second (package-inputs + guix-build-coordinator-package)) + (map second (package-propagated-inputs + guix-build-coordinator-package)))) #~(begin (use-modules (srfi srfi-1) (ice-9 match) -- cgit v1.2.3 From 3b6e4e5fd05e72b8a32ff1a2d5e21464260e21e6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 21 Oct 2020 16:17:26 +0200 Subject: services: guix: Make /etc/guix/acl really declarative by default. Fixes . Reported by Maxim Cournoyer . * gnu/services/base.scm (substitute-key-authorization): Symlink DEFAULT-ACL to /etc/guix/acl unconditionally. Add code to optionally back up /etc/guix/acl if it was possibly modified by hand. * doc/guix.texi (Base Services): Clarify the effect of setting 'authorize-keys?' to true. Mention the backup. Give an example showing how to authorize substitutes from another server. --- doc/guix.texi | 36 ++++++++++++++++++++++++++++++++++++ gnu/services/base.scm | 16 ++++++++++++---- gnu/services/virtualization.scm | 11 ++++++++++- 3 files changed, 58 insertions(+), 5 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index b5061877e2..f2fc567865 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14582,11 +14582,26 @@ Whether to authorize the substitute keys listed in @code{authorized-keys}---by default that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). +When @code{authorize-key?} is true, @file{/etc/guix/acl} cannot be +changed by invoking @command{guix archive --authorize}. You must +instead adjust @code{guix-configuration} as you wish and reconfigure the +system. This ensures that your operating system configuration file is +self-contained. + +@quotation Note +When booting or reconfiguring to a system where @code{authorize-key?} +is true, the existing @file{/etc/guix/acl} file is backed up as +@file{/etc/guix/acl.bak} if it was determined to be a manually modified +file. This is to facilitate migration from earlier versions, which +allowed for in-place modifications to @file{/etc/guix/acl}. +@end quotation + @vindex %default-authorized-guix-keys @item @code{authorized-keys} (default: @code{%default-authorized-guix-keys}) The list of authorized key files for archive imports, as a list of string-valued gexps (@pxref{Invoking guix archive}). By default, it contains that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). +See @code{substitute-urls} below for an example on how to change it. @item @code{use-substitutes?} (default: @code{#t}) Whether to use substitutes. @@ -14594,6 +14609,27 @@ Whether to use substitutes. @item @code{substitute-urls} (default: @code{%default-substitute-urls}) The list of URLs where to look for substitutes by default. +Suppose you would like to fetch substitutes from @code{guix.example.org} +in addition to @code{@value{SUBSTITUTE-SERVER}}. You will need to do +two things: (1) add @code{guix.example.org} to @code{substitute-urls}, +and (2) authorize its signing key, having done appropriate checks +(@pxref{Substitute Server Authorization}). The configuration below does +exactly that: + +@lisp +(guix-configuration + (substitute-urls + (append (list "https://guix.example.org") + %default-substitute-urls)) + (authorized-keys + (append (list (local-file "./guix.example.org-key.pub")) + %default-authorized-guix-keys))) +@end lisp + +This example assumes that the file @file{./guix.example.org-key.pub} +contains the public key that @code{guix.example.org} uses to sign +substitutes. + @item @code{max-silent-time} (default: @code{0}) @itemx @code{timeout} (default: @code{0}) The number of seconds of silence and the number of seconds of activity, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 04bc991356..37b0a13ea7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1476,10 +1476,18 @@ archive' public keys, with GUIX." #~(begin (use-modules (guix build utils)) - (unless (file-exists? "/etc/guix/acl") - (mkdir-p "/etc/guix") - (copy-file #+default-acl "/etc/guix/acl") - (chmod "/etc/guix/acl" #o600))))) + ;; If the ACL already exists, move it out of the way. Create a backup + ;; if it's a regular file: it's likely that the user manually updated + ;; it with 'guix archive --authorize'. + (if (file-exists? "/etc/guix/acl") + (if (and (symbolic-link? "/etc/guix/acl") + (store-file-name? (readlink "/etc/guix/acl"))) + (delete-file "/etc/guix/acl") + (rename-file "/etc/guix/acl" "/etc/guix/acl.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared ACL. + (symlink #+default-acl "/etc/guix/acl")))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index edd0b644f5..eaf0bbde43 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP." (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + + ;; By default, the secret service introduces a pre-initialized + ;; /etc/guix/acl file in the childhurd. Thus, clear + ;; 'authorize-key?' so that it's not overridden at activation + ;; time. + (modify-services %base-services/hurd + (guix-service-type config => + (guix-configuration + (inherit config) + (authorize-key? #f)))))))) (define-record-type* hurd-vm-configuration make-hurd-vm-configuration -- cgit v1.2.3 From e86c2f058aac730b407bd128782d3627f71c0fa7 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 27 Oct 2020 11:13:46 +0100 Subject: services: hpcguix-web: Set 'XDG_CACHE_HOME' to a writable directory. * gnu/services/web.scm (hpcguix-web-shepherd-service): Change XDG_CACHE_HOME to /var/cache/guix/web. Previously, the authentication code would try to write to /var/cache/guix/authentication, which would fail. --- gnu/services/web.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index a74c6c54b4..2384ec691c 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -1134,7 +1134,7 @@ a webserver.") #:user "hpcguix-web" #:group "hpcguix-web" #:environment-variables - (list "XDG_CACHE_HOME=/var/cache" + (list "XDG_CACHE_HOME=/var/cache/guix/web" "SSL_CERT_DIR=/etc/ssl/certs") #:log-file #$%hpcguix-web-log-file)) (stop #~(make-kill-destructor)))))) -- cgit v1.2.3 From 2ade5bdeb8978d252f298df7150b8d1a359e618d Mon Sep 17 00:00:00 2001 From: Alexandru-Sergiu Marton Date: Sun, 25 Oct 2020 02:19:39 +0300 Subject: services: Add gmnisrv web service. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/web.scm (): New record type. (%default-gmnisrv-config-file): New variable. (%gmnisrv-accounts, %gmnisrv-activation): New variables. (gmnisrv-shepherd-service): New procedure. (gmnisrv-service-type): New variable. * doc/guix.texi (Web Services): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 35 +++++++++++++++++++++++++ gnu/services/web.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index a8aa2de0a6..0a7857f0ea 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -81,6 +81,7 @@ Copyright @copyright{} 2020 R Veera Kumar@* Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* +Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -23549,6 +23550,40 @@ Thus, make sure to add @code{nss-certs} or another certificate package to the more information on X.509 certificates. @end quotation +@subsubheading gmnisrv + +@cindex gmnisrv +The @uref{https://git.sr.ht/~sircmpwn/gmnisrv, gmnisrv} program is a +simple @uref{https://gemini.circumlunar.space/, Gemini} protocol server. + +@deffn {Scheme Variable} gmnisrv-service-type +This is the type of the gmnisrv service, whose value should be a +@code{gmnisrv-configuration} object, as in this example: + +@lisp +(service gmnisrv-service-type + (gmnisrv-configuration + (config-file (local-file "./my-gmnisrv.ini")))) +@end lisp +@end deffn + +@deftp {Data Type} gmnisrv-configuration +Data type representing the configuration of gmnisrv. + +@table @asis +@item @code{package} (default: @var{gmnisrv}) +Package object of the gmnisrv server. + +@item @code{config-file} (default: @code{%default-gmnisrv-config-file}) +File-like object of the gmnisrv configuration file to use. The default +configuration listens on port 1965 and serves files from +@file{/srv/gemini}. Certificates are stored in +@file{/var/lib/gemini/certs}. For more information, run @command{man +gmnisrv} and @command{man gmnisrv.ini}. + +@end table +@end deftp + @node Certificate Services @subsection Certificate Services diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 2384ec691c..7e17dac6e2 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Tobias Geerinckx-Rice ;;; Copyright © 2020 Arun Isaac ;;; Copyright © 2020 Oleg Pykhalov +;;; Copyright © 2020 Alexandru-Sergiu Marton ;;; ;;; This file is part of GNU Guix. ;;; @@ -1798,3 +1799,75 @@ WSGIPassAuthorization On "Run Mumi, a Web interface to the Debbugs bug-tracking server.") (default-value (mumi-configuration)))) + +(define %default-gmnisrv-config-file + (plain-file "gmnisrv.ini" " +listen=0.0.0.0:1965 [::]:1965 + +[:tls] +store=/var/lib/gemini/certs + +organization=gmnisrv on Guix user + +[localhost] +root=/srv/gemini +")) + +(define-record-type* + gmnisrv-configuration make-gmnisrv-configuration + gmnisrv-configuration? + (package gmnisrv-configuration-package + (default gmnisrv)) + (config-file gmnisrv-configuration-config-file + (default %default-gmnisrv-config-file))) + +(define gmnisrv-shepherd-service + (match-lambda + (($ package config-file) + (list (shepherd-service + (provision '(gmnisrv)) + (requirement '(networking)) + (documentation "Run the gmnisrv Gemini server.") + (start (let ((gmnisrv (file-append package "/bin/gmnisrv"))) + #~(make-forkexec-constructor + (list #$gmnisrv "-C" #$config-file) + #:user "gmnisrv" #:group "gmnisrv" + #:log-file "/var/log/gmnisrv.log"))) + (stop #~(make-kill-destructor))))))) + +(define %gmnisrv-accounts + (list (user-group (name "gmnisrv") (system? #t)) + (user-account + (name "gmnisrv") + (group "gmnisrv") + (system? #t) + (comment "gmnisrv Gemini server") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define %gmnisrv-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (mkdir-p "/var/lib/gemini/certs") + (let* ((pw (getpwnam "gmnisrv")) + (uid (passwd:uid pw)) + (gid (passwd:gid pw))) + (chown "/var/lib/gemini" uid gid) + (chown "/var/lib/gemini/certs" uid gid))))) + +(define gmnisrv-service-type + (service-type + (name 'guix) + (extensions + (list (service-extension activation-service-type + (const %gmnisrv-activation)) + (service-extension account-service-type + (const %gmnisrv-accounts)) + (service-extension shepherd-root-service-type + gmnisrv-shepherd-service))) + (description + "Run the gmnisrv Gemini server.") + (default-value + (gmnisrv-configuration)))) -- cgit v1.2.3 From 5ede2595260d74e2990a8f004298ecf23ea66206 Mon Sep 17 00:00:00 2001 From: Simon South Date: Tue, 27 Oct 2020 14:23:19 -0400 Subject: services: knot-resolver: Replace deprecated command-line option. This silences a warning from the service at startup. * gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n" command-line option to kresd in place of the deprecated "-f 1". Signed-off-by: Leo Famulari --- gnu/services/dns.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 572880561c..b339eb0619 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -700,7 +700,7 @@ cache.size = 100 * MB (documentation "Run the Knot Resolver daemon.") (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/kresd") - "-c" #$kresd-config-file "-f" "1" + "-c" #$kresd-config-file "-n" "/var/cache/knot-resolver"))) (stop #~(make-kill-destructor))) (shepherd-service -- cgit v1.2.3 From 7db4dc60045082b79ea288573d8492a6e5d5903c Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Wed, 28 Oct 2020 20:08:08 -0700 Subject: gnu: ganeti-luxid-service-type: Fix typo. * gnu/services/ganeti (ganeti-luxid-service-type)[description]: Fix spelling of "authoritative". --- gnu/services/ganeti.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm index d87db5b9ac..0a34ea6a5e 100644 --- a/gnu/services/ganeti.scm +++ b/gnu/services/ganeti.scm @@ -430,7 +430,7 @@ appropriate requests to this daemon."))) (description "@command{ganeti-luxid} is a daemon used to answer queries related to the configuration and the current live state of a Ganeti cluster. -Additionally, it is the authorative daemon for the Ganeti job queue. Jobs can +Additionally, it is the authoritative daemon for the Ganeti job queue. Jobs can be submitted via this daemon and it schedules and starts them."))) (define-record-type* -- cgit v1.2.3 From 81c3dd9cad29f2b0999aa1f22b3a7d4c04f1a842 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 23 Oct 2020 11:46:21 +0200 Subject: services: swap: Allow for UUIDs and file system labels. * gnu/services/base.scm (swap-service-type)[device-lookup, device-name]: New variables. Add 'modules' field to 'shepherd-service'. In 'start' and 'stop', use 'device-lookup' to resolve UUIDs and labels. * doc/guix.texi (operating-system Reference): Adjust accordingly. --- doc/guix.texi | 34 +++++++++++++++++++++++++++----- gnu/services/base.scm | 54 +++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 71 insertions(+), 17 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index eddf77c7ab..2319bba2ba 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13075,14 +13075,38 @@ A list of mapped devices. @xref{Mapped Devices}. @item @code{file-systems} A list of file systems. @xref{File Systems}. -@item @code{swap-devices} (default: @code{'()}) @cindex swap devices -A list of strings identifying devices or files to be used for ``swap +@cindex swap space +@item @code{swap-devices} (default: @code{'()}) +A list of UUIDs, file system labels, or strings identifying devices or +files to be used for ``swap space'' (@pxref{Memory Concepts,,, libc, The GNU C Library Reference -Manual}). For example, @code{'("/dev/sda3")} or @code{'("/swapfile")}. +Manual}). Here are some examples: + +@table @code +@item (list (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")) +Use the swap partition with the given UUID. You can learn the UUID of a +Linux swap partition by running @command{swaplabel @var{device}}, where +@var{device} is the @file{/dev} file name of that partition. + +@item (list (file-system-label "swap")) +Use the partition with label @code{swap}. Again, the +@command{swaplabel} command allows you to view and change the label of a +Linux swap partition. + +@item (list "/swapfile") +Use the file @file{/swapfile} as swap space. + +@item (list "/dev/sda3" "/dev/sdb2") +Use the @file{/dev/sda3} and @file{/dev/sdb2} partitions as swap space. +We recommend referring to swap devices by UUIDs or labels as shown above +instead. +@end table + It is possible to specify a swap file in a file system on a mapped -device, provided that the necessary device mapping and file system are -also specified. @xref{Mapped Devices} and @ref{File Systems}. +device (under @file{/dev/mapper}), provided that the necessary device +mapping and file system are also specified. @xref{Mapped Devices} and +@ref{File Systems}. @item @code{users} (default: @code{%base-user-accounts}) @itemx @code{groups} (default: @code{%base-groups}) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 37b0a13ea7..07d9089b0a 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -2104,22 +2104,52 @@ instance." 'swap (lambda (device) (define requirement - (if (string-prefix? "/dev/mapper/" device) + (if (and (string? device) + (string-prefix? "/dev/mapper/" device)) (list (symbol-append 'device-mapping- (string->symbol (basename device)))) '())) - (shepherd-service - (provision (list (symbol-append 'swap- (string->symbol device)))) - (requirement `(udev ,@requirement)) - (documentation "Enable the given swap device.") - (start #~(lambda () - (restart-on-EINTR (swapon #$device)) - #t)) - (stop #~(lambda _ - (restart-on-EINTR (swapoff #$device)) - #f)) - (respawn? #f))))) + (define (device-lookup device) + ;; The generic 'find-partition' procedures could return a partition + ;; that's not swap space, but that's unlikely. + (cond ((uuid? device) + #~(find-partition-by-uuid #$(uuid-bytevector device))) + ((file-system-label? device) + #~(find-partition-by-label + #$(file-system-label->string device))) + (else + device))) + + (define service-name + (symbol-append 'swap- + (string->symbol + (cond ((uuid? device) + (string-take (uuid->string device) 6)) + ((file-system-label? device) + (file-system-label->string device)) + (else + device))))) + + (with-imported-modules (source-module-closure '((gnu build file-systems))) + (shepherd-service + (provision (list service-name)) + (requirement `(udev ,@requirement)) + (documentation "Enable the given swap device.") + (modules `((gnu build file-systems) + ,@%default-modules)) + (start #~(lambda () + (let ((device #$(device-lookup device))) + (and device + (begin + (restart-on-EINTR (swapon device)) + #t))))) + (stop #~(lambda _ + (let ((device #$(device-lookup device))) + (when device + (restart-on-EINTR (swapoff device))) + #f))) + (respawn? #f)))))) (define (swap-service device) "Return a service that uses @var{device} as a swap device." -- cgit v1.2.3 From 2b2ab7796ac186d88060793b8873fc0e21462758 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 30 Oct 2020 12:31:18 +0100 Subject: services: guix-publish: Add 'cache-bypass-threshold' field. This is a followup to ecaa102a58ad3ab0b42e04a3d10d7c761c05ec98. * gnu/services/base.scm ()[cache-bypass-threshold]: New field. (guix-publish-shepherd-service): Honor it. --- doc/guix.texi | 6 ++++++ gnu/services/base.scm | 10 ++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 2319bba2ba..5e3e0435b4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15041,6 +15041,12 @@ When it is an integer, this is the number of worker threads used for caching; when @code{#f}, the number of processors is used. @xref{Invoking guix publish, @option{--workers}}, for more information. +@item @code{cache-bypass-threshold} (default: 10 MiB) +When @code{cache} is true, this is the maximum size in bytes of a store +item for which @command{guix publish} may bypass its cache in case of a +cache miss. @xref{Invoking guix publish, +@option{--cache-bypass-threshold}}, for more information. + @item @code{ttl} (default: @code{#f}) When it is an integer, this denotes the @dfn{time-to-live} in seconds of the published archives. @xref{Invoking guix publish, @option{--ttl}}, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 07d9089b0a..f1298c3776 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1740,6 +1740,8 @@ proxy of 'guix-daemon'...~%") (default "nar")) (cache guix-publish-configuration-cache ;#f | string (default #f)) + (cache-bypass-threshold guix-publish-configuration-cache-bypass-threshold + (default (* 10 (expt 2 20)))) ;integer (workers guix-publish-configuration-workers ;#f | integer (default #f)) (ttl guix-publish-configuration-ttl ;#f | integer @@ -1774,7 +1776,7 @@ raise a deprecation warning if the 'compression-level' field was used." lst)))) (match-record config - (guix port host nar-path cache workers ttl) + (guix port host nar-path cache workers ttl cache-bypass-threshold) (list (shepherd-service (provision '(guix-publish)) (requirement '(guix-daemon)) @@ -1796,7 +1798,11 @@ raise a deprecation warning if the 'compression-level' field was used." "s")) #~()) #$@(if cache - #~((string-append "--cache=" #$cache)) + #~((string-append "--cache=" #$cache) + #$(string-append + "--cache-bypass-threshold=" + (number->string + cache-bypass-threshold))) #~())) ;; Make sure we run in a UTF-8 locale so we can produce -- cgit v1.2.3 From f7d0a63ddabe864e26bbff8e633371e6ae856845 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 4 Nov 2020 23:58:55 +0100 Subject: services: guix: Do not embed the host (guix config). Fixes a bug whereby different users would get different derivations for the same service. * gnu/services/base.scm (guix-shepherd-service): In 'start' method, do not embed (guix config). --- gnu/services/base.scm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index f1298c3776..499e50bfd7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1570,8 +1570,10 @@ proxy of 'guix-daemon'...~%") (ice-9 match) (gnu build shepherd))) (start - (with-imported-modules (source-module-closure - '((gnu build shepherd))) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((gnu build shepherd)) + #:select? not-config?)) #~(lambda args (define proxy ;; HTTP/HTTPS proxy. The 'http_proxy' variable is set by -- cgit v1.2.3 From a4e7749e91c5ed9b96117e3bcda8802e8744841e Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 5 Nov 2020 16:09:17 +0100 Subject: services: Remove imports of (ice-9 …) modules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/monitoring.scm (zabbix-server-activation): Remove (ice-9 rdelim) from the imported modules. (zabbix-agent-activation): Likewise. * gnu/tests/mail.scm (run-exim-test)[test]: Remove (ice-9 ftw) from the imported modules. --- gnu/services/monitoring.scm | 7 +++---- gnu/tests/mail.scm | 3 +-- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 511f4fb2fe..da3d736ba6 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -279,11 +279,11 @@ configuration file.")) (define (zabbix-server-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) + (let ((user (getpw #$(zabbix-server-configuration-user config)))) (for-each (lambda (file) (let ((directory (dirname file))) @@ -393,8 +393,7 @@ configuration file.")) (define (zabbix-agent-activation config) "Return the activation gexp for CONFIG." - (with-imported-modules '((guix build utils) - (ice-9 rdelim)) + (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index a50fb1dbca..eb8952b33a 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -205,8 +205,7 @@ acl_check_data: (port-forwardings '((1025 . 25))))) (define test - (with-imported-modules '((gnu build marionette) - (ice-9 ftw)) + (with-imported-modules '((gnu build marionette)) #~(begin (use-modules (rnrs base) (srfi srfi-64) -- cgit v1.2.3 From fe1cd098d2b83737e96f19438612291f5a9316e4 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: services: Add yggdrasil-service-type. * gnu/services/networking.scm (yggdrasil-configuration) (yggdrasil-configuration?, yggdrasil-configuration-package) (yggdrasil-configuration-auto-conf, yggdrasil-configuration-log-level) (yggdrasil-configuration-log-to): New procedures. (yggdrasil-service-type): New variable. * doc/guix.texi: Document it. * gnu/system/examples/yggdrasil.tmpl: Provide example. Signed-off-by: Julien Lepiller --- doc/guix.texi | 96 ++++++++++++++++++++++++++++++ gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++++++++++- gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++++++ 3 files changed, 272 insertions(+), 1 deletion(-) create mode 100644 gnu/system/examples/yggdrasil.tmpl (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index b7f1bc1f00..217ed7a8a8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -82,6 +82,7 @@ Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* +Copyright @copyright{} 2020 raingloom@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -16848,6 +16849,101 @@ Use this to add additional options and manage shared secrets out-of-band. @end table @end deftp +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.github.io/, +Yggdrasil network}, an early-stage implementation of a fully end-to-end +encrypted IPv6 network. + +@quotation +Yggdrasil provides name-independent routing with cryptographically generated +addresses. Static addressing means you can keep the same address as long as +you want, even if you move to a new location, or generate a new address (by +generating new keys) whenever you want. +@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html} +@end quotation + +Pass it a value of @code{yggdrasil-configuration} to connect it to public +peers and/or local peers. + +Here is an example using public peers and a static address. The static +signing and encryption keys are defined in @file{/etc/yggdrasil-private.conf} +(the default value for @code{config-file}). + +@lisp +;; part of the operating-system declaration +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) ;; use only the public peers + (json-config + ;; choose one from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + ;; /etc/yggdrasil-private.conf is the default value for config-file + )) +@end lisp +@example +# sample content for /etc/yggdrasil-private.conf +@{ + # Your public encryption key. Your peers may ask you for this to put + # into their AllowedEncryptionPublicKeys configuration. + EncryptionPublicKey: 378dc5... + + # Your private encryption key. DO NOT share this with anyone! + EncryptionPrivateKey: 0777... + + # Your public signing key. You should not ordinarily need to share + # this with anyone. + SigningPublicKey: e1664... + + # Your private signing key. DO NOT share this with anyone! + SigningPrivateKey: 0589d... +@} +@end example +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with +@file{/etc/yggdrasil-private.conf}. Note that these settings are stored in +the Guix store, which is readable to all users. @strong{Do not store your +private keys in it}. See the output of @code{yggdrasil -genconf} for a +quick overview of valid keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP +and peer with IPv6 neighbors. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to +@file{/var/log/yggdrasil.log}. The alternative is @code{'syslog}, which +sends output to the running syslog service. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys +should be stored, which are necessary to specify if you don't want a +randomized address after each restart. Use @code{#f} to disable. Options +defined in this file take precedence over @code{json-config}. Use the output +of @code{yggdrasil -genconf} as a starting point. To configure a static +address, delete everything except these options: + +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..be80bf4de9 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,60 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin curl networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + ;; adding her to the yggdrasil group means she can use + ;; yggdrasilctl to modify the configuration + (supplementary-groups '("wheel" "yggdrasil"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen curl %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh + ;; using your Yggdrasil IPv6 address from another machine running Yggdrasil. + ;; Alternatively, the client can sit behind a router that has Yggdrasil. + ;; That file is specifically _not_ handled by Guix, because we don't want its + ;; contents to sit in the world-readable /gnu/store. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose a few from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + (config-file #f))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- cgit v1.2.3 From 0c5d0c57d370b34f3ba677838deaa8baf7bca58a Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 6 Nov 2020 08:54:27 -0500 Subject: services: mpd: Do not eagerly look for a user. Running 'guix system search mpd' would throw a backtrace because the mpd-shepherd-service service start Gexp contained an unquoted call to 'getpwnam', which would look for a missing 'mpd' user and fail. * gnu/services/audio.scm (mpd-shepherd-service): gexp-unquote only the relevant variable rather than the whole expression. --- gnu/services/audio.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index 37f2efa479..5d33032501 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -143,11 +143,11 @@ audio_output { #:pid-file #$(mpd-file-name config "pid") #:environment-variables ;; Required to detect PulseAudio when run under a user account. - '(#$(string-append - "XDG_RUNTIME_DIR=/run/user/" - (number->string + (list (string-append + "XDG_RUNTIME_DIR=/run/user/" + (number->string (passwd:uid - (getpwnam (mpd-configuration-user config)))))) + (getpwnam #$(mpd-configuration-user config)))))) #:log-file #$(mpd-file-name config "log"))) (stop #~(make-kill-destructor)))) -- cgit v1.2.3 From 7209d7cbc37c108ca1148561a681258bb2222ab1 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 6 Nov 2020 22:58:28 +0100 Subject: services: mpd: Always create the "mpd" user account. * gnu/services/audio.scm (%mpd-accounts): New variable. (mpd-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension. --- gnu/services/audio.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index 5d33032501..5729b6bb0e 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Peter Mikkelsen ;;; Copyright © 2019 Ricardo Wurmus +;;; Copyright © 2020 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +22,8 @@ #:use-module (guix gexp) #:use-module (gnu services) #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) #:use-module (gnu packages mpd) #:use-module (guix records) #:use-module (ice-9 match) @@ -162,6 +165,22 @@ audio_output { (mkdir-p directory) (chown directory (passwd:uid %user) (passwd:gid %user)))))) + +(define %mpd-accounts + ;; Default account and group for MPD. + (list (user-group (name "mpd") (system? #t)) + (user-account + (name "mpd") + (group "mpd") + (system? #t) + (comment "Music Player Daemon (MPD) user") + + ;; Note: /var/run/mpd hosts one sub-directory per user, of which + ;; /var/run/mpd/mpd corresponds to the "mpd" user. + (home-directory "/var/run/mpd/mpd") + + (shell (file-append shadow "/sbin/nologin"))))) + (define mpd-service-type (service-type (name 'mpd) @@ -169,6 +188,8 @@ audio_output { (extensions (list (service-extension shepherd-root-service-type (compose list mpd-shepherd-service)) + (service-extension account-service-type + (const %mpd-accounts)) (service-extension activation-service-type mpd-service-activation))) (default-value (mpd-configuration)))) -- cgit v1.2.3 From bb124f6e9c0af0a23736f233c2ea2c9c9b4a40a6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 6 Nov 2020 23:10:18 +0100 Subject: services: mpd: Fix daemon startup. Until now it would wait for a PID file that'd never come. * gnu/services/audio.scm (mpd-shepherd-service): Add 'requirement'. Remove #:pid-file from 'start'. (mpd-service-activation): Create the ".mpd" directory since that's what the daemon expects. --- gnu/services/audio.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index 5729b6bb0e..627b941871 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -138,12 +138,12 @@ audio_output { (define (mpd-shepherd-service config) (shepherd-service (documentation "Run the MPD (Music Player Daemon)") + (requirement '(user-processes)) (provision '(mpd)) (start #~(make-forkexec-constructor (list #$(file-append mpd "/bin/mpd") "--no-daemon" #$(mpd-config->file config)) - #:pid-file #$(mpd-file-name config "pid") #:environment-variables ;; Required to detect PulseAudio when run under a user account. (list (string-append @@ -161,7 +161,7 @@ audio_output { (define %user (getpw #$(mpd-configuration-user config))) - (let ((directory #$(mpd-file-name config ""))) + (let ((directory #$(mpd-file-name config ".mpd"))) (mkdir-p directory) (chown directory (passwd:uid %user) (passwd:gid %user)))))) -- cgit v1.2.3 From b6ece1c2069ee70c786e4163689cf17b7a0c7278 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 7 Nov 2020 20:09:44 +0000 Subject: services: guix: Add guix-build-coordinator-agent cache directory. As this is needed when substituting derivations. * gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Set XDG_CACHE_HOME. (guix-build-coordinator-agent-activation): Create /var/cache/guix-build-coordinator-agent. --- gnu/services/guix.scm | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index b909c651cc..448f8c350d 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -364,6 +364,8 @@ #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + ;; XDG_CACHE_HOME is used by Guix when caching narinfo files + "XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent" "LC_ALL=en_US.utf8") #:log-file "/var/log/guix-build-coordinator/agent.log")) (stop #~(make-kill-destructor)))))) @@ -376,6 +378,12 @@ (mkdir-p "/var/log/guix-build-coordinator") + ;; Create a cache directory for storing narinfo files if downloaded + (mkdir-p "/var/cache/guix-build-coordinator-agent") + (chown "/var/cache/guix-build-coordinator-agent" + (passwd:uid %user) + (passwd:gid %user)) + ;; Allow writing the PID file (mkdir-p "/var/run/guix-build-coordinator-agent") (chown "/var/run/guix-build-coordinator-agent" -- cgit v1.2.3 From 18bb73c69539f5e03425005a02c2144242800664 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 7 Nov 2020 20:25:59 +0000 Subject: services: guix: Remove the Guix Build Coordinator agent pid file. As it doesn't use one. * gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Remove #:pid-file. (guix-build-coordinator-agent-activation): Don't create the /var/run directory. --- gnu/services/guix.scm | 7 ------- 1 file changed, 7 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 448f8c350d..47a5e0a256 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -360,7 +360,6 @@ (string-append "--system=" system)) (or systems '()))) #:user #$user - #:pid-file "/var/run/guix-build-coordinator-agent/pid" #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") @@ -381,12 +380,6 @@ ;; Create a cache directory for storing narinfo files if downloaded (mkdir-p "/var/cache/guix-build-coordinator-agent") (chown "/var/cache/guix-build-coordinator-agent" - (passwd:uid %user) - (passwd:gid %user)) - - ;; Allow writing the PID file - (mkdir-p "/var/run/guix-build-coordinator-agent") - (chown "/var/run/guix-build-coordinator-agent" (passwd:uid %user) (passwd:gid %user)))) -- cgit v1.2.3 From f9000450b5c881b97a3d507372c19ff366e788ca Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 7 Nov 2020 20:34:48 +0000 Subject: services: guix: Fix Guix Build Coordinator substitute urls bug. * gnu/services/guix.scm (guix-build-coordinator-agent-shepherd-services): Pass the correct value as the --non-derivation-substitute-urls. --- gnu/services/guix.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 47a5e0a256..88d23f746a 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -354,7 +354,7 @@ #$@(if non-derivation-substitute-urls #~(#$(string-append "--non-derivation-substitute-urls=" - (string-join derivation-substitute-urls " "))) + (string-join non-derivation-substitute-urls " "))) #~()) #$@(map (lambda (system) (string-append "--system=" system)) -- cgit v1.2.3 From acb9f7849f7f9c2fb22585f45efaaa8ea397dd70 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Mon, 9 Nov 2020 22:44:18 +0100 Subject: services: nginx: Re-introduce server-names-hash-bucket-size. This was unintentionally removed in 00014f769233facebd84f13a00b10032a22cb440. * gnu/services/web.scm (default-nginx-config): Re-introduce processing of server-names-hash-bucket-size option. --- gnu/services/web.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 7e17dac6e2..53858436fa 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -668,6 +668,12 @@ of index files." '#$lua-package-cpath) ";")) "") + (if server-names-hash-bucket-size + (string-append + " server_names_hash_bucket_size " + (number->string server-names-hash-bucket-size) + ";\n") + "") (if server-names-hash-bucket-max-size (string-append " server_names_hash_bucket_max_size " -- cgit v1.2.3 From 86e9e5cb230c3c10272a223ea04e7564f3c1463b Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Mon, 9 Nov 2020 22:44:18 +0100 Subject: services: nginx: Re-introduce server-names-hash-bucket-size. This was unintentionally removed in 00014f769233facebd84f13a00b10032a22cb440. * gnu/services/web.scm (default-nginx-config): Re-introduce processing of server-names-hash-bucket-size option. --- gnu/services/web.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 7e17dac6e2..53858436fa 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -668,6 +668,12 @@ of index files." '#$lua-package-cpath) ";")) "") + (if server-names-hash-bucket-size + (string-append + " server_names_hash_bucket_size " + (number->string server-names-hash-bucket-size) + ";\n") + "") (if server-names-hash-bucket-max-size (string-append " server_names_hash_bucket_max_size " -- cgit v1.2.3 From e3ae31347882b25e1513e4475616fb6e4497e280 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 1 Nov 2020 11:16:08 -0500 Subject: gnu: mingetty-shepherd-service: Make 'clear-on-logout' configurable. Also change the default configuration to clear on logout, which is the upstream default. * gnu/services/base.scm (): Add 'clear-on-logout?' field. (mingetty-shepherd-service): Pass the "--noclear" option to mingetty only if 'clear-on-logout?' is #false. * doc/guix.texi (Base Services): Document the 'clear-on-logout?' field. --- doc/guix.texi | 3 +++ gnu/services/base.scm | 28 ++++++++++++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 35bf5177e6..eb0f47a6af 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14528,6 +14528,9 @@ the name of the log-in program. When set to @code{#t} in conjunction with @var{auto-login}, the user will have to press a key before the log-in shell is launched. +@item @code{clear-on-logout?} (default: @code{#t}) +When set to @code{#t}, the screen will be cleared after logout. + @item @code{mingetty} (default: @var{mingetty}) The Mingetty package to use. diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 499e50bfd7..416bc02a96 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2015, 2016 Alex Kost -;;; Copyright © 2015, 2016 Mark H Weaver +;;; Copyright © 2015, 2016, 2020 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2016 David Craven @@ -1024,20 +1024,22 @@ the tty to run, among other things." (define-record-type* mingetty-configuration make-mingetty-configuration mingetty-configuration? - (mingetty mingetty-configuration-mingetty ; - (default mingetty)) - (tty mingetty-configuration-tty) ;string - (auto-login mingetty-auto-login ;string | #f - (default #f)) - (login-program mingetty-login-program ;gexp - (default #f)) - (login-pause? mingetty-login-pause? ;Boolean - (default #f))) + (mingetty mingetty-configuration-mingetty ; + (default mingetty)) + (tty mingetty-configuration-tty) ;string + (auto-login mingetty-auto-login ;string | #f + (default #f)) + (login-program mingetty-login-program ;gexp + (default #f)) + (login-pause? mingetty-login-pause? ;Boolean + (default #f)) + (clear-on-logout? mingetty-clear-on-logout? ;Boolean + (default #t))) (define mingetty-shepherd-service (match-lambda (($ mingetty tty auto-login login-program - login-pause?) + login-pause? clear-on-logout?) (list (shepherd-service (documentation "Run mingetty on an tty.") @@ -1050,7 +1052,6 @@ the tty to run, among other things." (start #~(make-forkexec-constructor (list #$(file-append mingetty "/sbin/mingetty") - "--noclear" ;; Avoiding 'vhangup' allows us to avoid 'setfont' ;; errors down the path where various ioctls get @@ -1058,6 +1059,9 @@ the tty to run, among other things." ;; in Linux. "--nohangup" #$tty + #$@(if clear-on-logout? + #~() + #~("--noclear")) #$@(if auto-login #~("--autologin" #$auto-login) #~()) -- cgit v1.2.3 From 149dd51d2ffe0b8fe0137b60f94e5fc657c3a880 Mon Sep 17 00:00:00 2001 From: Alexandru-Sergiu Marton Date: Tue, 3 Nov 2020 21:19:17 +0200 Subject: services: gmnisrv: Export procedures and service type. * gnu/services/web.scm: Export gmnisrv-configuration, gmnisrv-configuration?, gmnisrv-configuration-package, gmnisrv-configuration-config-file, gmnisrv-service-type. Signed-off-by: Christopher Baines --- gnu/services/web.scm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 53858436fa..855f4e649b 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -256,7 +256,14 @@ mumi-configuration-sender mumi-configuration-smtp - mumi-service-type)) + mumi-service-type + + gmnisrv-configuration + gmnisrv-configuration? + gmnisrv-configuration-package + gmnisrv-configuration-config-file + + gmnisrv-service-type)) ;;; Commentary: ;;; -- cgit v1.2.3 From 977eb5d023cfdf8e336f1896480eea9cef5c04e9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 16 Nov 2020 11:03:19 +0100 Subject: Properly deal with build directories containing '~'. Fixes . Reported by Vagrant Cascadian . * tests/build-utils.scm ("wrap-script, simple case"): Pass SCRIPT-CONTENTS to 'display' rather than 'format'. * gnu/services/base.scm (file-system->shepherd-service-name) [valid-characters, mount-point]: New variables. Filter out invalid store file name characters from the mount point of FILE-SYSTEM. --- gnu/services/base.scm | 15 +++++++++++++-- tests/build-utils.scm | 4 ++-- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 499e50bfd7..712b3a018f 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -285,8 +285,19 @@ This service must be the root of the service dependency graph so that its (define (file-system->shepherd-service-name file-system) "Return the symbol that denotes the service mounting and unmounting FILE-SYSTEM." - (symbol-append 'file-system- - (string->symbol (file-system-mount-point file-system)))) + (define valid-characters + ;; Valid store characters; see 'checkStoreName' in the daemon. + (string->char-set + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) + + (define mount-point + (string-map (lambda (chr) + (if (char-set-contains? valid-characters chr) + chr + #\-)) + (file-system-mount-point file-system))) + + (symbol-append 'file-system- (string->symbol mount-point))) (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." diff --git a/tests/build-utils.scm b/tests/build-utils.scm index 47a57a984b..654b480ed9 100644 --- a/tests/build-utils.scm +++ b/tests/build-utils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès +;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès ;;; Copyright © 2019 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. @@ -174,7 +174,7 @@ echo hello world")) (let ((script-file-name (string-append directory "/foo"))) (call-with-output-file script-file-name (lambda (port) - (format port script-contents))) + (display script-contents port))) (chmod script-file-name #o777) (wrap-script script-file-name `("GUIX_FOO" prefix ("/some/path" -- cgit v1.2.3 From 6cad3f6966e056c4d8a32cb85446040f56929c50 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Nov 2020 18:26:55 +0100 Subject: services: mingetty: Export configuration accessors. * gnu/services/base: Export configuration accessors for mingetty. --- gnu/services/base.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 712b3a018f..55d8c91cb5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -106,6 +106,12 @@ agetty-service-type mingetty-configuration + mingetty-configuration-tty + mingetty-configuration-auto-login + mingetty-configuration-login-program + mingetty-configuration-login-pause? + mingetty-configuration-clear-on-logout? + mingetty-configuration-mingetty mingetty-configuration? mingetty-service mingetty-service-type -- cgit v1.2.3 From 8490fa0253fa8ee5613a89851273e007494ea79b Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Wed, 18 Nov 2020 09:53:23 +0100 Subject: services: cups: Add some extensions by default. * gnu/services/cups.scm (cups-configuration): Add some extensions by default. doc/guix.texi (Printing Services): Document the default value. --- doc/guix.texi | 2 +- gnu/services/cups.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index a609d64ee0..99068fccfa 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17541,7 +17541,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list escpr hplip-minimal foomatic-filters)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 16d6f76c1a..7d2defacaa 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -482,7 +482,7 @@ programs.") (package cups) "The CUPS package.") (extensions - (package-list (list cups-filters)) + (package-list (list cups-filters escpr hplip-minimal foomatic-filters)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit v1.2.3 From 37b98e8cca3244067071bc6e382b06861457a459 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 18 Nov 2020 10:58:58 +0100 Subject: services: shepherd: Map all the invalid store characters to dash. Fixes a regression introduced in 977eb5d023cfdf8e336f1896480eea9cef5c04e9 whereby file system services would now have a different name. * gnu/services/base.scm (file-system->shepherd-service-name): Revert changes introduced in 977eb5d023cfdf8e336f1896480eea9cef5c04e9. * gnu/services/shepherd.scm (%store-characters): New variable (shepherd-service-file-name): Map all the characters outside %STORE-CHARACTERS to #\-. --- gnu/services/base.scm | 15 ++------------- gnu/services/shepherd.scm | 13 +++++++++---- 2 files changed, 11 insertions(+), 17 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 55d8c91cb5..e1892f3e48 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -291,19 +291,8 @@ This service must be the root of the service dependency graph so that its (define (file-system->shepherd-service-name file-system) "Return the symbol that denotes the service mounting and unmounting FILE-SYSTEM." - (define valid-characters - ;; Valid store characters; see 'checkStoreName' in the daemon. - (string->char-set - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) - - (define mount-point - (string-map (lambda (chr) - (if (char-set-contains? valid-characters chr) - chr - #\-)) - (file-system-mount-point file-system))) - - (symbol-append 'file-system- (string->symbol mount-point))) + (symbol-append 'file-system- + (string->symbol (file-system-mount-point file-system)))) (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index e14ceca231..1faeb350df 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -224,16 +224,21 @@ which is not provided by any service") (for-each assert-satisfied-requirements services)) +(define %store-characters + ;; Valid store characters; see 'checkStoreName' in the daemon. + (string->char-set + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) + (define (shepherd-service-file-name service) "Return the file name where the initialization code for SERVICE is to be stored." (let ((provisions (string-join (map symbol->string (shepherd-service-provision service))))) (string-append "shepherd-" - (string-map (match-lambda - (#\/ #\-) - (#\ #\-) - (chr chr)) + (string-map (lambda (chr) + (if (char-set-contains? %store-characters chr) + chr + #\-)) provisions) ".scm"))) -- cgit v1.2.3 From 5221df34149465c5bbc1a76f83cb09f8911279f5 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Wed, 18 Nov 2020 14:57:29 +0100 Subject: gnu: vpn: Make ca, key and cert optional. * gnu/services/vpn.scm (openvpn-client-configuration) (openvpn-server-configuration): Make ca, key an cert fields optional. * doc/guix.texi (VPN Services): Document the change. --- doc/guix.texi | 20 ++++++++++++++------ gnu/services/vpn.scm | 6 +++--- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 99068fccfa..d021384b73 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24909,14 +24909,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string cert +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string key +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. @@ -25060,14 +25064,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string cert +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string key +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 658d5c3e88..70f2617c7e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -273,16 +273,16 @@ servers.") "The device type used to represent the VPN connection.") (ca - (string "/etc/openvpn/ca.crt") + (maybe-string "/etc/openvpn/ca.crt") "The certificate authority to check connections against.") (cert - (string "/etc/openvpn/client.crt") + (maybe-string "/etc/openvpn/client.crt") "The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}.") (key - (string "/etc/openvpn/client.key") + (maybe-string "/etc/openvpn/client.key") "The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}.") -- cgit v1.2.3 From 0ae9bbe4f5f89e6f597bdb1f6df646fc5f504876 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 18 Nov 2020 22:31:32 +0100 Subject: services: SDDM: Wait for elogind before starting. Fixes . * gnu/services/sddm.scm (sddm-shepherd-service)[requirement]: Add elogind. --- gnu/services/sddm.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm index 59f8b16985..694ad736dc 100644 --- a/gnu/services/sddm.scm +++ b/gnu/services/sddm.scm @@ -169,7 +169,7 @@ Relogin=" (if (sddm-configuration-relogin? config) (list (shepherd-service (documentation "SDDM display manager.") - (requirement '(user-processes)) + (requirement '(user-processes elogind)) (provision '(xorg-server display-manager)) (start #~(make-forkexec-constructor #$sddm-command)) (stop #~(make-kill-destructor))))) -- cgit v1.2.3 From 0a47ff9f9fe976033001bc1d881917d91f3b90a3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Nov 2020 18:56:16 +0100 Subject: services: base: Re-export %default-substitute-urls from (guix store). * gnu/services/base.scm: Export %DEFAULT-SUBSTITUTE-URLS. --- gnu/services/base.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index e1892f3e48..05c7bec01b 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -62,7 +62,8 @@ #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:use-module (ice-9 format) - #:re-export (user-processes-service-type) ;backwards compatibility + #:re-export (user-processes-service-type ;backwards compatibility + %default-substitute-urls) #:export (fstab-service-type root-file-system-service file-system-service-type -- cgit v1.2.3 From 0b57c1b09efb74f0b30fd74c7c1eb2da1f5957bc Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 19 Nov 2020 00:01:51 +0100 Subject: gnu: Rename escpr to epson-inkjet-printer-escpr. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ‘escpr’ is nice and short, but everyone else calls this package ‘epson-inkjet-printer-escpr’. More importantly, so does upstream. * gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename escpr to epson-inkjet-printer-escpr, redefining escpr as deprecated-package. Adjust all users. --- doc/guix.texi | 11 ++++++----- gnu/packages/cups.scm | 7 +++++-- gnu/services/cups.scm | 3 ++- 3 files changed, 13 insertions(+), 8 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index d021384b73..1f1510f5f5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17503,16 +17503,17 @@ CUPS service will generate a self-signed certificate if needed, for secure connections to the print server. Suppose you want to enable the Web interface of CUPS and also add -support for Epson printers @i{via} the @code{escpr} package and for HP -printers @i{via} the @code{hplip-minimal} package. You can do that directly, -like this (you need to use the @code{(gnu packages cups)} module): +support for Epson printers @i{via} the @code{epson-inkjet-printer-escpr} +package and for HP printers @i{via} the @code{hplip-minimal} package. +You can do that directly, like this (you need to use the +@code{(gnu packages cups)} module): @lisp (service cups-service-type (cups-configuration (web-interface? #t) (extensions - (list cups-filters escpr hplip-minimal)))) + (list cups-filters epson-inkjet-printer-escpr hplip-minimal)))) @end lisp Note: If you wish to use the Qt5 based GUI which comes with the hplip @@ -17541,7 +17542,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list escpr hplip-minimal foomatic-filters)}) +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index b2d7b952b9..bfe24027fb 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -744,9 +744,9 @@ HP@tie{}LaserJet, and possibly other printers. See @file{README} for details.") (license (list license:expat ; icc2ps/*.[ch] license:gpl2+)))) ; everything else -(define-public escpr +(define-public epson-inkjet-printer-escpr (package - (name "escpr") + (name "epson-inkjet-printer-escpr") (version "1.7.8") ;; XXX: This currently works. But it will break as soon as a newer ;; version is available since the URLs for older versions are not @@ -806,6 +806,9 @@ language.") (home-page "http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX") (license license:gpl2+))) +(define-public escpr + (deprecated-package "escpr" epson-inkjet-printer-escpr)) + (define-public splix ;; Last released in 2009 . ;; Last SVN commit was 2013 . diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 7d2defacaa..6194fc37ad 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -482,7 +482,8 @@ programs.") (package cups) "The CUPS package.") (extensions - (package-list (list cups-filters escpr hplip-minimal foomatic-filters)) + (package-list (list cups-filters epson-inkjet-printer-escpr + foomatic-filters hplip-minimal)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit v1.2.3 From 13180f6accf815253107420d264e0c82ad064608 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sat, 21 Nov 2020 15:39:27 +0100 Subject: services: cups: Add Splix by default. * gnu/services/cups.scm (cups-configuration): Add splix to the default extensions. * doc/guix.texi (Printing Services): Document it. --- doc/guix.texi | 2 +- gnu/services/cups.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index 1f1510f5f5..ea220fbd63 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17542,7 +17542,7 @@ Available @code{cups-configuration} fields are: The CUPS package. @end deftypevr -@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters)}) +@deftypevr {@code{cups-configuration} parameter} package-list extensions (default: @code{(list epson-inkjet-printer-escpr hplip-minimal foomatic-filters splix)}) Drivers and other extensions to the CUPS package. @end deftypevr diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index 6194fc37ad..e8957c6859 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -483,7 +483,7 @@ programs.") "The CUPS package.") (extensions (package-list (list cups-filters epson-inkjet-printer-escpr - foomatic-filters hplip-minimal)) + foomatic-filters hplip-minimal splix)) "Drivers and other extensions to the CUPS package.") (files-configuration (files-configuration (files-configuration)) -- cgit v1.2.3 From 788df2ecd62d5c2fc0d94928f45c947e6393e20b Mon Sep 17 00:00:00 2001 From: Mikhail Tsykalov Date: Fri, 6 Nov 2020 12:47:37 +0300 Subject: mapped-devices: Allow target to be list of strings. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/mapped-devices.scm (): Rename constructor to %mapped-device. [target]: Remove field. [targets]: New field. Adjust users. (mapped-device-compatibility-helper, mapped-device): New macros. (mapped-device-target): New deprecated procedure. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 3 + gnu/services/base.scm | 3 +- gnu/system.scm | 11 +-- gnu/system/linux-initrd.scm | 10 +-- gnu/system/mapped-devices.scm | 174 +++++++++++++++++++++++++----------------- 5 files changed, 119 insertions(+), 82 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index c5a88b15fa..13fb4b1531 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13780,6 +13780,9 @@ specifying @code{"my-partition"} leads to the creation of the @code{"/dev/mapper/my-partition"} device. For RAID devices of type @code{raid-device-mapping}, the full device name such as @code{"/dev/md0"} needs to be given. +@item targets +This list of strings specifies names of the resulting mapped devices in case +there are several. The format is identical to @var{target}. @item type This must be a @code{mapped-device-kind} object, which specifies how diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 029df5ac16..3fc4d5f885 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -298,7 +298,8 @@ FILE-SYSTEM." (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." (symbol-append 'device-mapping- - (string->symbol (mapped-device-target md)))) + (string->symbol (string-join + (mapped-device-targets md) "-")))) (define dependency->shepherd-service-name (match-lambda diff --git a/gnu/system.scm b/gnu/system.scm index b257ea0385..fcf3310fa3 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -475,9 +475,9 @@ marked as 'needed-for-boot'." (let ((device (file-system-device fs))) (if (string? device) ;title is 'device (filter (lambda (md) - (string=? (string-append "/dev/mapper/" - (mapped-device-target md)) - device)) + (any (cut string=? device <>) + (map (cut string-append "/dev/mapper" <>) + (mapped-device-targets md)))) (operating-system-mapped-devices os)) '()))) @@ -497,11 +497,12 @@ marked as 'needed-for-boot'." (define (mapped-device-users device file-systems) "Return the subset of FILE-SYSTEMS that use DEVICE." - (let ((target (string-append "/dev/mapper/" (mapped-device-target device)))) + (let ((targets (map (cut string-append "/dev/mapper/" <>) + (mapped-device-targets device)))) (filter (lambda (fs) (or (member device (file-system-dependencies fs)) (and (string? (file-system-device fs)) - (string=? (file-system-device fs) target)))) + (any (cut string=? (file-system-device fs) <>) targets)))) file-systems))) (define (operating-system-user-mapped-devices os) diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm index b8a30c0abc..3e2f1282cc 100644 --- a/gnu/system/linux-initrd.scm +++ b/gnu/system/linux-initrd.scm @@ -195,11 +195,11 @@ upon error." (define device-mapping-commands ;; List of gexps to open the mapped devices. (map (lambda (md) - (let* ((source (mapped-device-source md)) - (target (mapped-device-target md)) - (type (mapped-device-type md)) - (open (mapped-device-kind-open type))) - (open source target))) + (let* ((source (mapped-device-source md)) + (targets (mapped-device-targets md)) + (type (mapped-device-type md)) + (open (mapped-device-kind-open type))) + (open source targets))) mapped-devices)) (define kodir diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 31c50c4e40..8b5aec983d 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -28,6 +28,7 @@ formatted-message &fix-hint &error-location)) + #:use-module (guix deprecation) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system uuid) @@ -42,10 +43,12 @@ #:use-module (srfi srfi-35) #:use-module (ice-9 match) #:use-module (ice-9 format) - #:export (mapped-device + #:export (%mapped-device + mapped-device mapped-device? mapped-device-source mapped-device-target + mapped-device-targets mapped-device-type mapped-device-location @@ -70,15 +73,36 @@ ;;; ;;; Code: -(define-record-type* mapped-device +(define-record-type* %mapped-device make-mapped-device mapped-device? (source mapped-device-source) ;string | list of strings - (target mapped-device-target) ;string + (targets mapped-device-targets) ;list of strings (type mapped-device-type) ; (location mapped-device-location (default (current-source-location)) (innate))) +(define-syntax mapped-device-compatibility-helper + (syntax-rules (target) + ((_ () (fields ...)) + (%mapped-device fields ...)) + ((_ ((target exp) rest ...) (others ...)) + (%mapped-device others ... + (targets (list exp)) + rest ...)) + ((_ (field rest ...) (others ...)) + (mapped-device-compatibility-helper (rest ...) + (others ... field))))) + +(define-syntax-rule (mapped-device fields ...) + "Build an record, automatically converting 'target' field +specifications to 'targets'." + (mapped-device-compatibility-helper (fields ...) ())) + +(define-deprecated (mapped-device-target md) + mapped-device-targets + (car (mapped-device-targets md))) + (define-record-type* mapped-device-kind make-mapped-device-kind mapped-device-kind? @@ -97,14 +121,14 @@ (shepherd-service-type 'device-mapping (match-lambda - (($ source target + (($ source targets ($ open close)) (shepherd-service - (provision (list (symbol-append 'device-mapping- (string->symbol target)))) + (provision (list (symbol-append 'device-mapping- (string->symbol (string-join targets "-"))))) (requirement '(udev)) (documentation "Map a device node using Linux's device mapper.") - (start #~(lambda () #$(open source target))) - (stop #~(lambda _ (not #$(close source target)))) + (start #~(lambda () #$(open source targets))) + (stop #~(lambda _ (not #$(close source targets)))) (respawn? #f)))))) (define (device-mapping-service mapped-device) @@ -162,48 +186,52 @@ option of @command{guix system}.\n") ;;; Common device mappings. ;;; -(define (open-luks-device source target) +(define (open-luks-device source targets) "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure '((gnu build file-systems))) - #~(let ((source #$(if (uuid? source) - (uuid-bytevector source) - source))) - ;; XXX: 'use-modules' should be at the top level. - (use-modules (rnrs bytevectors) ;bytevector? - ((gnu build file-systems) - #:select (find-partition-by-luks-uuid))) - - ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the - ;; whole world inside the initrd (for when we're in an initrd). - (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") - "open" "--type" "luks" - - ;; Note: We cannot use the "UUID=source" syntax here - ;; because 'cryptsetup' implements it by searching the - ;; udev-populated /dev/disk/by-id directory but udev may - ;; be unavailable at the time we run this. - (if (bytevector? source) - (or (let loop ((tries-left 10)) - (and (positive? tries-left) - (or (find-partition-by-luks-uuid source) - ;; If the underlying partition is - ;; not found, try again after - ;; waiting a second, up to ten - ;; times. FIXME: This should be - ;; dealt with in a more robust way. - (begin (sleep 1) - (loop (- tries-left 1)))))) - (error "LUKS partition not found" source)) - source) - - #$target))))) - -(define (close-luks-device source target) + (match targets + ((target) + #~(let ((source #$(if (uuid? source) + (uuid-bytevector source) + source))) + ;; XXX: 'use-modules' should be at the top level. + (use-modules (rnrs bytevectors) ;bytevector? + ((gnu build file-systems) + #:select (find-partition-by-luks-uuid))) + + ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the + ;; whole world inside the initrd (for when we're in an initrd). + (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") + "open" "--type" "luks" + + ;; Note: We cannot use the "UUID=source" syntax here + ;; because 'cryptsetup' implements it by searching the + ;; udev-populated /dev/disk/by-id directory but udev may + ;; be unavailable at the time we run this. + (if (bytevector? source) + (or (let loop ((tries-left 10)) + (and (positive? tries-left) + (or (find-partition-by-luks-uuid source) + ;; If the underlying partition is + ;; not found, try again after + ;; waiting a second, up to ten + ;; times. FIXME: This should be + ;; dealt with in a more robust way. + (begin (sleep 1) + (loop (- tries-left 1)))))) + (error "LUKS partition not found" source)) + source) + + #$target))))))) + +(define (close-luks-device source targets) "Return a gexp that closes TARGET, a LUKS device." - #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") - "close" #$target))) + (match targets + ((target) + #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") + "close" #$target))))) (define* (check-luks-device md #:key needed-for-boot? @@ -235,36 +263,40 @@ option of @command{guix system}.\n") (close close-luks-device) (check check-luks-device))) -(define (open-raid-device sources target) +(define (open-raid-device sources targets) "Return a gexp that assembles SOURCES (a list of devices) to the RAID device TARGET (e.g., \"/dev/md0\"), using 'mdadm'." - #~(let ((sources '#$sources) - - ;; XXX: We're not at the top level here. We could use a - ;; non-top-level 'use-modules' form but that doesn't work when the - ;; code is eval'd, like the Shepherd does. - (every (@ (srfi srfi-1) every)) - (format (@ (ice-9 format) format))) - (let loop ((attempts 0)) - (unless (every file-exists? sources) - (when (> attempts 20) - (error "RAID devices did not show up; bailing out" - sources)) - - (format #t "waiting for RAID source devices~{ ~a~}...~%" - sources) - (sleep 1) - (loop (+ 1 attempts)))) - - ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole - ;; closure (80 MiB) in the initrd when a RAID device is needed for boot. - (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm") - "--assemble" #$target sources)))) - -(define (close-raid-device sources target) + (match targets + ((target) + #~(let ((sources '#$sources) + + ;; XXX: We're not at the top level here. We could use a + ;; non-top-level 'use-modules' form but that doesn't work when the + ;; code is eval'd, like the Shepherd does. + (every (@ (srfi srfi-1) every)) + (format (@ (ice-9 format) format))) + (let loop ((attempts 0)) + (unless (every file-exists? sources) + (when (> attempts 20) + (error "RAID devices did not show up; bailing out" + sources)) + + (format #t "waiting for RAID source devices~{ ~a~}...~%" + sources) + (sleep 1) + (loop (+ 1 attempts)))) + + ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole + ;; closure (80 MiB) in the initrd when a RAID device is needed for boot. + (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm") + "--assemble" #$target sources)))))) + +(define (close-raid-device sources targets) "Return a gexp that stops the RAID device TARGET." - #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm") - "--stop" #$target))) + (match targets + ((target) + #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm") + "--stop" #$target))))) (define raid-device-mapping ;; The type of RAID mapped devices. -- cgit v1.2.3 From 89b704a456ef1cdef855a6c483832a05e1117f24 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 27 Nov 2020 13:56:38 +0100 Subject: services: MySQL: Deprecate 'mysql-service'. * gnu/services/databases.scm (mysql-service): Define in terms of DEFINE-DEPRECATED. * gnu/tests/databases.scm (%mysql-os): Adjust accordingly. * doc/guix.texi (Database Services): Adjust the MariaDB/MySQL section to document MYSQL-SERVICE-TYPE instead of MYSQL-SERVICE. While at it, document the EXTRA-CONTENT field. --- doc/guix.texi | 18 ++++++++++-------- gnu/services/databases.scm | 8 ++------ gnu/tests/databases.scm | 2 +- 3 files changed, 13 insertions(+), 15 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index b0126b961d..f0c95f586c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19121,16 +19121,14 @@ is the key, and the remaining elements are the values. @subsubheading MariaDB/MySQL -@deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)] -Return a service that runs @command{mysqld}, the MySQL or MariaDB -database server. - -The optional @var{config} argument specifies the configuration for -@command{mysqld}, which should be a @code{} object. -@end deffn +@defvr {Scheme Variable} mysql-service-type +This is the service type for a MySQL or MariaDB database server. Its value +is a @code{mysql-configuration} object that specifies which package to use, +as well as various settings for the @command{mysqld} daemon. +@end defvr @deftp {Data Type} mysql-configuration -Data type representing the configuration of @var{mysql-service}. +Data type representing the configuration of @var{mysql-service-type}. @table @asis @item @code{mysql} (default: @var{mariadb}) @@ -19142,6 +19140,10 @@ For MariaDB, the root password is empty. @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. + +@item @code{extra-content} (default: @code{""}) +Additional settings for the @file{my.cnf} configuration file. + @end table @end deftp diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index d7b4594b9e..bb0a0c28f2 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -568,12 +568,8 @@ FLUSH PRIVILEGES; mysql-shepherd-service))) (default-value (mysql-configuration)))) -(define* (mysql-service #:key (config (mysql-configuration))) - "Return a service that runs @command{mysqld}, the MySQL or MariaDB -database server. - -The optional @var{config} argument specifies the configuration for -@command{mysqld}, which should be a @code{} object." +(define-deprecated (mysql-service #:key (config (mysql-configuration))) + mysql-service-type (service mysql-service-type config)) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index d3045cc3f7..1d7f53ec3e 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -271,7 +271,7 @@ (define %mysql-os (simple-operating-system - (mysql-service))) + (service mysql-service-type))) (define* (run-mysql-test) "Run tests in %MYSQL-OS." -- cgit v1.2.3 From 27d7cdbf87e7a4520f93ee3914139215abf94e68 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 01:46:22 +0100 Subject: services: MySQL: Bind to localhost only by default. * gnu/services/databases.scm (): Add BIND-ADDRESS field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Document it. --- doc/guix.texi | 4 ++++ gnu/services/databases.scm | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index f0c95f586c..ae43fb6965 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19138,6 +19138,10 @@ or @var{mysql}. For MySQL, a temporary root password will be displayed at activation time. For MariaDB, the root password is empty. +@item @code{bind-address} (default: @code{"127.0.0.1"}) +The IP on which to listen for network connections. Use @code{"0.0.0.0"} +to bind to all available network interfaces. + @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index bb0a0c28f2..8fd87a563d 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -465,6 +465,7 @@ storage: mysql-configuration make-mysql-configuration mysql-configuration? (mysql mysql-configuration-mysql (default mariadb)) + (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) (extra-content mysql-configuration-extra-content (default ""))) @@ -481,10 +482,11 @@ storage: (define mysql-configuration-file (match-lambda - (($ mysql port extra-content) + (($ mysql bind-address port extra-content) (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql socket=/run/mysqld/mysqld.sock +bind-address=" bind-address " port=" (number->string port) " " extra-content " ")))) -- cgit v1.2.3 From 927bf98e0e35cbd6d3c8416742f695def8faf90b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 16:31:41 +0100 Subject: services: MySQL: Make the socket configurable. * gnu/services/databases.scm (): Add SOCKET field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Likewise. --- doc/guix.texi | 3 +++ gnu/services/databases.scm | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index ae43fb6965..bef42e160a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19145,6 +19145,9 @@ to bind to all available network interfaces. @item @code{port} (default: @code{3306}) TCP port on which the database server listens for incoming connections. +@item @code{socket} (default: @code{"/run/mysqld/mysqld.sock"}) +Socket file to use for local (non-network) connections. + @item @code{extra-content} (default: @code{""}) Additional settings for the @file{my.cnf} configuration file. diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 8fd87a563d..5a88b70d74 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -467,6 +467,7 @@ storage: (mysql mysql-configuration-mysql (default mariadb)) (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) + (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock")) (extra-content mysql-configuration-extra-content (default ""))) (define %mysql-accounts @@ -482,10 +483,10 @@ storage: (define mysql-configuration-file (match-lambda - (($ mysql bind-address port extra-content) + (($ mysql bind-address port socket extra-content) (mixed-text-file "my.cnf" "[mysqld] datadir=/var/lib/mysql -socket=/run/mysqld/mysqld.sock +socket=" socket " bind-address=" bind-address " port=" (number->string port) " " extra-content " -- cgit v1.2.3 From e20388ad7f94e72a7a71272a742031fb5c1fbb4b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 28 Nov 2020 17:42:22 +0100 Subject: services: MySQL: Upgrade database schemas automatically. * gnu/services/databases.scm (): Add AUTO-UPGRADE? field. (mysql-upgrade-wrapper, mysql-upgrade-shepherd-service, mysql-shepherd-services): New variables. (mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of MYSQL-SHEPHERD-SERVICE. * doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of MYSQL-SERVICE-TYPE. * gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run. --- doc/guix.texi | 6 ++++++ gnu/services/databases.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++-- gnu/tests/databases.scm | 4 ++++ 3 files changed, 60 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index bef42e160a..2a98dda324 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19151,6 +19151,12 @@ Socket file to use for local (non-network) connections. @item @code{extra-content} (default: @code{""}) Additional settings for the @file{my.cnf} configuration file. +@item @code{auto-upgrade?} (default: @code{#t}) +Whether to automatically run @command{mysql_upgrade} after starting the +service. This is necessary to upgrade the @dfn{system schema} after +``major'' updates (such as switching from MariaDB 10.4 to 10.5), but can +be disabled if you would rather do that manually. + @end table @end deftp diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 5a88b70d74..60b31e0373 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2018 Julien Lepiller ;;; Copyright © 2019 Robert Vollmert +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -468,7 +469,8 @@ storage: (bind-address mysql-configuration-bind-address (default "127.0.0.1")) (port mysql-configuration-port (default 3306)) (socket mysql-configuration-socket (default "/run/mysqld/mysqld.sock")) - (extra-content mysql-configuration-extra-content (default ""))) + (extra-content mysql-configuration-extra-content (default "")) + (auto-upgrade? mysql-configuration-auto-upgrade? (default #t))) (define %mysql-accounts (list (user-group @@ -559,6 +561,52 @@ FLUSH PRIVILEGES; #:user "mysql" #:group "mysql"))) (stop #~(make-kill-destructor))))) +(define (mysql-upgrade-wrapper mysql socket-file) + ;; The MySQL socket and PID file may appear before the server is ready to + ;; accept connections. Ensure the socket is responsive before attempting + ;; to run the upgrade script. + (program-file + "mysql-upgrade-wrapper" + #~(begin + (let ((mysql-upgrade #$(file-append mysql "/bin/mysql_upgrade")) + (timeout 10)) + (begin + (let loop ((i 0)) + (catch 'system-error + (lambda () + (let ((sock (socket PF_UNIX SOCK_STREAM 0))) + (connect sock AF_UNIX #$socket-file) + (close-port sock) + ;; The socket is ready! + (execl mysql-upgrade mysql-upgrade + (string-append "--socket=" #$socket-file)))) + (lambda args + (if (< i timeout) + (begin + (sleep 1) + (loop (+ 1 i))) + ;; No luck, give up. + (throw 'timeout-error + "MySQL server did not appear in time!")))))))))) + +(define (mysql-upgrade-shepherd-service config) + (list (shepherd-service + (provision '(mysql-upgrade)) + (requirement '(mysql)) + (one-shot? #t) + (documentation "Upgrade MySQL database schemas.") + (start (let ((mysql (mysql-configuration-mysql config)) + (socket (mysql-configuration-socket config))) + #~(make-forkexec-constructor + (list #$(mysql-upgrade-wrapper mysql socket)) + #:user "mysql" #:group "mysql")))))) + +(define (mysql-shepherd-services config) + (if (mysql-configuration-auto-upgrade? config) + (append (mysql-shepherd-service config) + (mysql-upgrade-shepherd-service config)) + (mysql-shepherd-service config))) + (define mysql-service-type (service-type (name 'mysql) @@ -568,7 +616,7 @@ FLUSH PRIVILEGES; (service-extension activation-service-type %mysql-activation) (service-extension shepherd-root-service-type - mysql-shepherd-service))) + mysql-shepherd-services))) (default-value (mysql-configuration)))) (define-deprecated (mysql-service #:key (config (mysql-configuration))) diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm index 1d7f53ec3e..dd1af1dbcc 100644 --- a/gnu/tests/databases.scm +++ b/gnu/tests/databases.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Christopher Baines +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -311,6 +312,9 @@ ((pid) (number? pid)))))) marionette)) + (test-assert "mysql_upgrade completed" + (wait-for-file "/var/lib/mysql/mysql_upgrade_info" marionette)) + (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) -- cgit v1.2.3