This reduces resident memory for PID 1 from 29.8MiB to 28.7MiB right
after boot on a bare-bones system (x86_64-linux).
* gnu/services/shepherd.scm (scm->go): New procedure.
(shepherd-configuration-file)[config]: Call it and use 'load-compiled'
instead of 'primitive-load'.
Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
* gnu/services/base.scm (pam-limits-service-type): For "gdm-password" pam
service, include "limits.conf".
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/guix.scm: New file.
* gnu/tests/guix.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add both new files.
* doc/guix.texi (Guix Services): New section documenting the Guix Data
Service.
As defaulting by stderr, along with the shepherd service not directing the
output to a log file makes seeing the output difficult, compared to logging to
syslog.
* gnu/services/virtualization.scm (libvirt-configuration)[log-outputs]: Change
default from "3:stderr" to "3:syslog:libvirtd".
Fixes <https://bugs.gnu.org/37423>.
Reported by Jan <tona_kosmicznego_smiecia@interia.pl>.
* gnu/services/xorg.scm (%gdm-activation): New variable.
(gdm-service-type)[extensions]: Add 'activation-service-type'.
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/certbot.scm (certbot-command): Add
--manual-public-ip-logging-ok flag to the certbot command when doing a
manual challenge.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to ef640db2f5.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Set
'#:environment-variables' for 'make-forkexec-constructor'.
This reverts commit 903e051a71 to fix
<https://bugs.gnu.org/31365>. The full path of the 'ip' command is already
embedded, and we want to search 'qemu' in PATH.
* gnu/packages/virtualization.scm (libvirt): Remove 'wrap-libvirtd phase. Add
configure flags to run qemu as 'nobody:kvm'.
* gnu/services/virtualization.scm (libvirt-service-type): Add 'qemu' to the
system profile.
This fixes issue #37318 (see: http://bugs.gnu.org/37318).
* gnu/services/networking.scm (openntpd-configuration->string): Rewrite in
order to make the "openntpd configuration generation sanity check" test pass.
See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318.
* gnu/services/networking.scm (openntpd-configuration->string): New procedure,
extracted from top of the `openntpd-shepherd-service' to make it testable.
(openntpd-shepherd-service): Adapt following the move of the code to the above
procedure.
* tests/networking.scm: Add a test for the `openntpd-configuration->string'
procedure.
* gnu/services/networking.scm (ntp-server-types): New enum.
(<ntp-server>): New record type.
(ntp-server->string): New procedure.
(%ntp-servers): Define in terms of <htp-server> records. Use the first
entrypoint server as a pool instead of a list of static servers. This is more
resilient since a new server of the pool can be interrogated on every
request. Add the 'iburst' options.
(ntp-configuration-servers): Define a custom accessor that warns but honors
the now deprecated server format.
(<ntp-configuration>): Use it.
(%openntpd-servers): New variable,
(<openntpd-configuration>): Use it, as a pool ('servers' field) instead of a
regular server.
* tests/networking.scm: New file.
* Makefile.am (SCM_TESTS): Register it.
* doc/guix.texi: Update documentation.
Otherwise the following messages would be printed by ntpd:
Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing without LIMITE.
Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing without LIMITED.
Debian uses the same set of "restrict" keywords (see:
https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf).
* gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited'
keyword to both the IPv4 and IPv6 'restrict' directives.
This is documented as best practice in `man ntpd', and is required to allow
the date to be set correctly when traveling (without having to manually update
the hardware clock in the BIOS/UEFI).
* gnu/services/networking.scm (<ntp-server>)[allow-large-adjustment?]: Set the
default value to #t.
* doc/guix.texi (Networking Services): Update documentation.
This reverts commit 3b38bf141a.
The Guix project discussed this years ago and decided against including
/usr/bin/env. That decision should not be reversed without a wider
discussion.
* gnu/services/cups.scm (error-policy, cups-configuration): Substitute
RETRY-CURRENT-JOB for the obsolete RETRY-THIS-JOB name of this policy.
* doc/guix.texi (Printing Services): Likewise.
* gnu/services/cups.scm (comma-separated-string-list?)
(serialize-comma-separated-string-list): New variables.
(cups-configuration)[browse-dns-sd-sub-types]: New field.
* doc/guix.texi (Printing Services): Document it.
* gnu/services/cuirass.scm (<cuirass-configuration>): Add web-log-file field.
(cuirass-shepherd-service): Read it and use it.
* doc/guix.texi (Continuous Integration): Document it.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems.
* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
Extends the dbus service when vpn plugins are enabled.
* gnu/services/networking.scm (network-manager-service-type): Load vpn plugins
when extending dbus service.
This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.
* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (%network-manager-activation): Rename to...
(network-manager-activation): ... this and make it a procedure. Make it
create '/var/lib/misc' when using dnsmasq.
(network-manager-service-type): Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (usb-modeswitch-service-type): New variable.
(usb-modeswitch-configuration): New variable.
(usb-modeswitch-sh): New procedure.
(usb-modeswitch-configuration->udev-rules): New procedure.
* doc/guix.texi (Networking Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/36207>.
Reported by Jack Hill <jackhill@jackhill.us>.
* gnu/services/admin.scm: Remove unneeded import of (gnu services
base).
* gnu/services/mcron.scm: Likewise.
Ricardo Wurmus