This makes the first boot slightly faster.
* gnu/services/base.scm (not-config?): New procedure.
(hydra-key-authorization): Rewrite to pre-compute the default ACL, and
pre-compute it using (guix pki) directly.
Until now we were allocating the UIDs of build users above 30000, which
is in "normal" user UID range. This static allocation was unnecessary,
so this change lets the system allocate UIDs in the system range (below
1000).
* gnu/services/base.scm (guix-build-accounts): Remove #:first-uid, and
remove 'uid' field from 'user-account'.
Fixes <https://bugs.gnu.org/34788>.
Reported by Jack Hill <jackhill@jackhill.us>.
Regression introduced by the combination of
8bb76f3d44 and
0ae735bcc8ff7fdc89d67b492bdee9091ee19e86: /var/empty would be 700 and
owned by one of the system accounts (thus inaccessible to others), and
/var/run/dbus would be 700 as well, thereby preventing D-Bus clients
from connecting to the daemon.
* gnu/build/activation.scm (duplicates): New procedure.
(activate-users+groups)[system-accounts]: New variable.
Use it. Make shared system account home directories #o555 and
root-owned.
* gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755.
* gnu/tests/base.scm (run-basic-test): Test the ownership and
permissions of /var/empty.
* gnu/packages/gnome.scm (gdm)[arguments]: Update pre-configure phase so
that GDM runs an X session script specified by the variable
GDM_X_SESSION; remove the '--enable-gdm-xsession' configuration
option.
* gnu/services/xorg.scm (<gdm-configuration>): Add 'x-session' field.
(gdm-shepherd-service): Set the GDM_X_SESSION variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit removes the remaining implicit dependencies that the GDM
service had on the GNOME Desktop service.
* gnu/services/xorg.scm (gdm-configuration): Add a gnome-shell-assets
field for specifying any icons or fonts that the GNOME Shell theme
needs.
(gdm-shepherd-service): Remove environment variables pointing to
'/run/current-system' and set XDG_DATA_DIRS so that it points to
'gnome-shell' and its assets.
(gdm-service-type): Extend 'profile-service-type' to ensure that
necessary fonts are installed in the system profile.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnome.scm (gdm)[arguments]: Modify the pre-configure
phase so that GDM propagates the GDM_DBUS_DAEMON variable into the
session environment and uses its value to invoke dbus-daemon.
* gnu/services/xorg.scm (dbus-daemon-wrapper): New variable.
(<gdm-configuration>): Add 'dbus-daemon' field.
(gdm-shepherd-service): Set GDM_DBUS_DAEMON before invoking gdm.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/gnome.scm (gdm)[arguments]: Update pre-configure phase to
make GDM get the configuration file path from an environment variable.
* gnu/services/xorg.scm (gdm-etc-service): Remove function.
(gdm-configuration-file): New function.
(gdm-shepherd-service): Set GDM_CUSTOM_CONF before invoking GDM.
(gdm-service-type)[extensions]: Remove etc-service-type extension.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This has now been replaced by the upower-service-type and
<upower-configuration> record.
* gnu/services/desktop.scm (upower-service): Deprecate this procedure.
Add a description and default value. Switch the documentation to mention the
service-type and the configuration record, rather than the upower-service
procedure.
* gnu/services/desktop.scm (upower-service-type)[description, default-value]:
Define these fields.
(%desktop-services): Change (upower-service) to (service upower-service-type).
* doc/guix.texi (Desktop Services): Update the upower service documentation.
Copy the defaults from the upower-service procedure to the
<upower-configuration> record type. This will allow making it the default
value for the upower-service-type, and deprecating the procedure. Export the
field accessors so that the <upower-configuration> record type becomes more
usable.
* gnu/services/desktop.scm (<upower-configuration>): Export it.
(upower-configuration-upower, upower-configuration-watts-up-pro?,
upower-configuration-poll-batteries?, upower-configuration-ignore-lid?,
upower-configuration-use-percentage-for-policy?,
upower-configuration-percentage-low, upower-configuration-percentage-critical,
upower-configuration-percentage-action, upower-configuration-time-low,
upower-configuration-time-critical, upower-configuration-time-action,
upower-configuration-critical-power-action): Add default and export.
This service integrates cups and PolicyKit. The gnome-control-center printing
section uses this functionality.
* gnu/sevices/desktop.scm (cups-pk-helper-service-type): New variable.
(%desktop-services): Add the cups-pk-helper service.
kmscon does not require that virtual terminals run in UTF-8 mode.
* gnu/services/base.scm (kmscon-service-type): Remove virtual-terminal from
requirement list.
These procedures were already either undocumented (and de facto
deprecated) or documented as deprecated or redundant.
* gnu/services/base.scm (guix-service, guix-publish-service): Mark as
deprecated.
* gnu/services/mcron.scm (mcron-service): Likewise.
* gnu/services/networking.scm (tor-service): Likewise.
* doc/guix.texi (Scheduled Job Execution): Remove 'mcron-service' and
adjust example.
(Networking Services): Remove 'tor-service'.
* gnu/tests/base.scm (%mcron-os): Use 'mcron-service-type' instead of
'mcron-service'.
* gnu/tests/networking.scm (%tor-os): Use 'tor-service-type' instead of
'tor-service'.
* tests/guix-system.sh: Likewise.
* gnu/services/xorg.scm (<gdm-configuration>)[x-server]: Add default
value.
(gdm-service-type)[default-value, description]: New fields.
(gdm-service): Mark as deprecated.
GDM is now reliable enough to run automatically.
* gnu/services/xorg.scm (gdm-shepherd-service): Do not set 'auto-start?'
to '#f'.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
This option results in allowing all login attempts without asking for
credentials. The name is confusing, but rather than rename it, we will
remove it, since it seems like a feature that no one would want.
* gnu/services/xorg.scm (<gdm-configuration>): Remove 'allow-root?'.
(gdm-pam-service): Do not use 'gdm-configuration-allow-root?'.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/messaging.scm (<quassel-configuration>): New record type.
(%quassel-account, %quassel-activation): New procedures.
(quassel-service-type): New variable.
* gnu/tests/messaging.scm (%test-quassel): New variable.
(run-quassel-test): New procedure.
* doc/guix.texi (Messaging): Document quassel service.
Fixes <https://bugs.gnu.org/23697>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.
* gnu/build/file-systems.scm (check-file-system): Call 'start-repl' only
if current-input-port passes 'isatty?'.
* gnu/services/shepherd.scm (shepherd-configuration-file): After
'for-each' expression, call 'redirect-port'.
* gnu/tests/base.scm (run-basic-test)["stdin is /dev/null"]: New test.
Previously, the 'unless (file-exists? "/etc/guix/acl")' guard would mean
that only the first key in the list would get registered since were were
generating one registration snippet per key. This fixes that.
* gnu/services/base.scm (hydra-key-authorization): Change to be a
'for-each' loop iterating on #$KEYS.
This ensures one can scp to or from the GuixSD machine that uses the
service.
* gnu/services/ssh.scm (openssh-service-type)[extensions]: Add
PROFILE-SERVICE-TYPE extension.
* gnu/system/examples/bare-bones.tmpl <packages>: Remove OPENSSH.
* doc/guix.texi (Using the Configuration System): Adjust accordingly.
* doc/guix.texi (Mail Services): Update accordingly.
* gnu/services/mail.scm (service-configuration)[process-limit]: New field.
(dovecot-configuration)[services]: Set 'process-limit' to its correct default
value.
* doc/guix.texi (Mail Services): Update accordingly.
* gnu/services/mail.scm (service-configuration)[client-limit]: New field.
(dovecot-configuration)[services]: Set 'client-limit' to its correct default
value.
Add an auto-login option that behaves as the one of mingetty-service.
* gnu/services/base.scm (kmscon-configuration)[auto-login]: New field.
(kmscon-service-type): Pass it to kmscon command.
* doc/guix.texi (Base Services): Document it.
* gnu/services/web.scm (httpd): Make existing httpd-module API public.
* doc/guix.texi (Apache HTTP Server): Document its usage with PHP-FPM.
Signed-off-by: Christopher Baines <mail@cbaines.net>
This is a followup to commit acce0a474c. No
idea how these disappeared.. :-/
* gnu/services/networking.scm (wpa-supplicant-shepherd-service): Add missing
parens.
This allows using WPA Supplicant "standalone" without an additional
network manager. The default configuration is unchanged.
* gnu/services/networking.scm (<wpa-supplicant-configuration>): New record type.
(wpa-supplicant-shepherd-service): Pass configuration records to the daemon.
(wpa-supplicant-service-type): Adjust accordingly.
* doc/guix.texi (Networking Services): Document the new service type.
* gnu/services/admin.scm (default-jobs): Remove the lambda around
"/…/bin/rottlog" to make "herd schedule mcron" more
transparent (otherwise it just says "Lambda function").
* gnu/services/version-control.scm (<gitolite-configuration>,
<gitolite-rc-file>): New record types.
(gitolite-accounts, gitolite-activation): New procedures.
(gitolite-service-type): New variables.
* gnu/tests/version-control.scm (%gitolite-test-admin-keypair, %gitolite-os,
%test-gitolite): New variables.
(run-gitolite-test): New procedure.
* doc/guix.texi (Version Control): Document the gitolite service.
* gnu/services/version-control.scm (<gitolite-configuration>,
<gitolite-rc-file>): New record types.
(gitolite-accounts, gitolite-activation): New procedures.
(gitolite-service-type): New variables.
* gnu/tests/version-control.scm (%gitolite-test-admin-keypair, %gitolite-os,
%test-gitolite): New variables.
(run-gitolite-test): New procedure.
* doc/guix.texi (Version Control): Document the gitolite service.
Fixes a bug in containers whereby 'virtual-terminal' would always fail
to start because writing to /sys/…/default_utf8 would fail with EROFS.
* gnu/services/base.scm (virtual-terminal-service-type): Read from
"default_utf8" before attempting to write to it.
This uses the 'replacement' service slot introduced in the Shepherd
version 0.5.0.
* gnu/services/shepherd.scm (shepherd-service-upgrade): Return a list of
services that need to be restarted to complete their upgrade.
* guix/scripts/system.scm (call-with-service-upgrade-info): Rename an internal
variable to reflect the change to shepherd-service-upgrade.
(upgrade-shepherd-services): Call 'load-services/safe' instead of
'load-services'. Print a message about services that need to be
manually restarted.
* gnu/services/herd.scm (load-services/safe): New procedure.
* doc/guix.texi (Invoking guix system): Document the new behaviour.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/web.scm (<varnish-configuration>): New record type.
(%varnish-accounts, %varnish-service-type): New variables.
(varnish-shepherd-service): New procedure.
* gnu/tests/web.scm (%varnish-vcl, %varnish-os): New variables.
(%test-varnish): New test.
* doc/guix.texi (Web Services): Document it.
* gnu/services/networking.scm (<iptables-configuration>): New record type.
(iptables-service-type): New variable.
* gnu/tests/networking.scm (run-iptables-test): New procedure.
(%test-iptables): New variable.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/base.scm (udev-shepherd-service)[start](find): Remove.
(udev): Hardwire the eudev file name.
Use 'fork+exec-command' instead of 'primitive-fork' and 'exec-command'.
This allows (gnu services admin) to remain deeper in the module graph
and to be used by (gnu services web).
* gnu/services/admin.scm (<tailon-configuration-file>)
(tailon-configuration-files-string)
(tailon-configuration-file-compiler, <tailon-configuration>)
(tailon-shepherd-service, %tailon-accounts)
(tailon-service-type): Move to...
* gnu/services/web.scm: ... here.
* gnu/tests/admin.scm: Remove. Move test to...
* gnu/tests/web.scm (%tailon-os)
(run-tailon-test, %test-tailon): ... here.
Previously we'd return #t, which the Shepherd would consider a failure
to stop the service.
* gnu/services/web.scm (nginx-shepherd-service): In 'nginx-action',
return #f when stopping the service.
Fixes <https://bugs.gnu.org/32665>.
* gnu/services/web.scm (nginx-shepherd-service): Check whether FILE is
true and don't read the PID file if it is; use 'read-pid-file' instead
of a potentially endless loop.
* gnu/services/web.scm (nginx-shepherd-service): Change 'start' (that is, all
actions that don't send a signal to the master process) to return the PID.
Wait until the PID file is created and contains an integer because it might be
created after the parent process exits.
* gnu/services/ssh.scm (<openssh-configuration>)[log-level]: New field.
(openssh-config-file): Honor it.
* doc/guix.texi (Networking Services): Document it.
* doc/guix.texi (Networking Services): Document it, and mention that
tor-service is deprecated.
* gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>:
New field.
(tor-configuration->torrc): When socks-socket-type is 'unix, set
SocksPort to UNIX domain socket /var/run/tor/socks-sock and set
UnixSocksGroupWritable to 1.
* gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using
a custom config file, just set socks-socket-type to 'unix.
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
Fixes: <https://bugs.gnu.org/32478>.
* gnu/services/security-token.scm (pcscd-activation): Idempotently create the
/var/lib/pcsc symlink so that it does not fail when it already exists.
Fixes <https://bugs.gnu.org/32330>.
* gnu/services/cuirass.scm (<cuirass-configuration>)[database]: Change default
from /var/run/cuirass/cuirass.db to /var/lib/cuirass/cuirass.db.
(cuirass-account): Change home directory from /var/run/<user> to
/var/lib/<user>.
Otherwise the global counterpart is never taken into account.
* doc/guix.texi (Version Control Services): Update accordingly.
* gnu/services/cgit.scm (repo-boolean?, serialize-repo-boolean): Use the
DEFINE-MAYBE macro to allow for the 'disabled value.
(repository-cgit-configuration)[enable-commit-graph?, enable-log-filecount?,
enable-log-linecount?, enable-remote-branches?, enable-subject-links?,
enable-html-serving?]: Change default value to 'disabled.
* gnu/services/monitoring.scm (prometheus-node-exporter-service-type):
New variable.
(<prometheus-node-exporter-configuration>): New record type.
(prometheus-node-exporter-shepherd-service): New procedure.
* gnu/doc/guix.texi (Monitoring Services): Document it.
* gnu/tests/monitoring.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add test module.
Fixes <https://bugs.gnu.org/31591>.
* gnu/services/sound.scm (<alsa-configuration>)[alsa-plugins]: New field.
(alsa-config-file): Use 'pcm_type.pulse' and 'ctl_type.pulse' to specify file
paths to the 'pulse' plugin.
* doc/guix.texi (Sound Services): Document this.
Co-authored-by: 宋文武 <iyzsong@member.fsf.org>
* gnu/services/cuirass.scm, gnu/services/pm.scm: Adjust to canonical GPLv3
header used throughout Guix.
Signed-off-by: Leo Famulari <leo@famulari.name>
The previous implementation of 'read-reference-graph' was good enough
for many use cases, but it discarded the graph structure, which is
useful information in some cases.
* guix/build/store-copy.scm (<store-info>): New record type.
(read-reference-graph): Rewrite to return a list of <store-info>.
(closure-size, populate-store): Adjust accordingly.
* gnu/services/base.scm (references-file): Adjust accordingly.
* gnu/system/vm.scm (system-docker-image): Likewise.
* guix/scripts/pack.scm (squashfs-image, docker-image): Likewise.
* tests/gexp.scm ("gexp->derivation #:references-graphs"): Likewise.
This helpful when adding content to the nginx configuration file, which isn't
supported by the record type used for the configuration. For example, like
adding proxy_cache_path configuration.
* gnu/packages/web.scm (<nginx-configuration>): Add new extra-content field.
(nginx-configuration-extra-content): New field accessor.
(default-nginx-config): Add support for the extra-content field.
* doc/guix.texi (NGINX): Document the new extra-content field.
The 'no-negcache?' option is mapped to the '--no-negcache' command-line
argument directly, but we're in the scheme world, where the general guideline
is to avoid double-negations in identifiers.
* gnu/services/dns.scm <dnsmasq-configuration>: Replace the 'no-negcache?'
field with 'negative-cache?'.
* doc/guix.texi (DNS Services)[Dnsmasq Service]: Adjust accordingly.
* gnu/services/dns.scm (dnsmasq-service-type): New variable.
(<dnsmasq-configuration>): New record type.
(dnsmasq-shepherd-service): New procedure.
* doc/guix.texi (DNS Services): Document it.
Fixes a regression introduced in
a5acc17a3c.
Reported by Tobias Geerinckx-Rice <me@tobias.gr>.
* gnu/services/base.scm (file-system->fstab-entry): Pass LABEL, not
FILE-SYSTEM, to 'file-system-label->string'.
The 'title' field was easily overlooked and was an endless source of
confusion. Now, the value of the 'device' field is self-contained.
* gnu/system/file-systems.scm (<file-system>): Change constructor name
to '%file-system'.
[title]: Remove.
(<file-system-label>): New record type with printer.
(report-deprecation, device-expression)
(process-file-system-declaration, file-system): New macros.
(file-system-title): New procedure.
(file-system->spec, spec->file-system): Adjust to handle
<file-system-label>.
* gnu/system.scm (bootable-kernel-arguments): Add case for
'file-system-label?'.
(read-boot-parameters): Likewise.
(mapped-device-user): Avoid 'file-system-title'.
(fs->boot-device): Remove.
(operating-system-boot-parameters): Use 'file-system-device' instead of
'fs->boot-device'.
(device->sexp): Add case for 'file-system-label?'.
* gnu/bootloader/grub.scm (grub-root-search): Add case for
'file-system-label?'.
* gnu/system/examples/bare-bones.tmpl,
gnu/system/examples/beaglebone-black.tmpl,
gnu/system/examples/lightweight-desktop.tmpl,
gnu/system/examples/vm-image.tmpl: Remove uses of 'title'.
* gnu/system/vm.scm (virtualized-operating-system): Remove uses of
'file-system-title'.
* guix/scripts/system.scm (check-file-system-availability): Likewise,
and adjust fix-it hint.
(check-initrd-modules)[file-system-/dev]: Likewise.
* gnu/build/file-systems.scm (canonicalize-device-spec): Remove 'title'
parameter.
[canonical-title]: Remove.
Match on SPEC's type rather than on CANONICAL-TITLE.
(mount-file-system): Adjust caller.
* gnu/build/linux-boot.scm (boot-system): Interpret ROOT here.
* gnu/services/base.scm (file-system->fstab-entry): Remove use of
'file-system-title'.
* doc/guix.texi (File Systems): Remove documentation of the 'title'
field. Rewrite documentation of 'device' and document
'file-system-label'.