# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR the authors of Guix (msgids) and the following authors (msgstr) # This file is distributed under the same license as the guix manual package. # Anton Ryzhkin , 2021. msgid "" msgstr "" "Project-Id-Version: guix manual checkout\n" "Report-Msgid-Bugs-To: bug-guix@gnu.org\n" "POT-Creation-Date: 2021-07-15 14:49+0200\n" "PO-Revision-Date: 2021-07-14 13:12+0000\n" "Last-Translator: Anton Ryzhkin \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.7.1\n" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:7 msgid "@documentencoding UTF-8" msgstr "" #. type: top #: guix-git/doc/guix-c
aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 nee  <nee-git@hidamari.blue>
;;; Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services telephony)
  #:use-module ((gnu build jami-service) #:select (account-fingerprint?))
  #:use-module ((gnu services) #:hide (delete))
  #:use-module (gnu services configuration)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system shadow)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages certs)
  #:use-module (gnu packages glib)
  #:use-module (gnu packages guile-xyz)
  #:use-module (gnu packages jami)
  #:use-module (gnu packages telephony)
  #:use-module (guix deprecation)
  #:use-module (guix records)
  #:use-module (guix modules)
  #:use-module (guix packages)
  #:use-module (guix gexp)
  #:autoload   (guix least-authority) (least-authority-wrapper)
  #:autoload   (gnu system file-systems) (file-system-mapping)
  #:autoload   (gnu build linux-container) (%namespaces)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-2)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-171)
  #:use-module (ice-9 format)
  #:use-module (ice-9 match)
  #:export (jami-account
            jami-account-archive
            jami-account-allowed-contacts
            jami-account-moderators
            jami-account-rendezvous-point?
            jami-account-discovery?
            jami-account-bootstrap-uri
            jami-account-name-server-uri

            jami-configuration
            jami-configuration-libjami
            jami-configuration-dbus
            jami-configuration-enable-logging?
            jami-configuration-debug?
            jami-configuration-auto-answer?
            jami-configuration-accounts

            jami-service-type

            mumble-server-configuration
            make-mumble-server-configuration
            mumble-server-configuration?
            mumble-server-configuration-package
            mumble-server-configuration-user
            mumble-server-configuration-group
            mumble-server-configuration-port
            mumble-server-configuration-welcome-text
            mumble-server-configuration-server-password
            mumble-server-configuration-max-users
            mumble-server-configuration-max-user-bandwidth
            mumble-server-configuration-database-file
            mumble-server-configuration-log-file
            mumble-server-configuration-pid-file
            mumble-server-configuration-autoban-attempts
            mumble-server-configuration-autoban-timeframe
            mumble-server-configuration-autoban-time
            mumble-server-configuration-opus-threshold
            mumble-server-configuration-channel-nesting-limit
            mumble-server-configuration-channelname-regex
            mumble-server-configuration-username-regex
            mumble-server-configuration-text-message-length
            mumble-server-configuration-image-message-length
            mumble-server-configuration-cert-required?
            mumble-server-configuration-remember-channel?
            mumble-server-configuration-allow-html?
            mumble-server-configuration-allow-ping?
            mumble-server-configuration-bonjour?
            mumble-server-configuration-send-version?
            mumble-server-configuration-log-days
            mumble-server-configuration-obfuscate-ips?
            mumble-server-configuration-ssl-cert
            mumble-server-configuration-ssl-key
            mumble-server-configuration-ssl-dh-params
            mumble-server-configuration-ssl-ciphers
            mumble-server-configuration-public-registration
            mumble-server-configuration-file

            mumble-server-public-registration-configuration
            make-mumble-server-public-registration-configuration
            mumble-server-public-registration-configuration?
            mumble-server-public-registration-configuration-name
            mumble-server-public-registration-configuration-url
            mumble-server-public-registration-configuration-password
            mumble-server-public-registration-configuration-hostname

            mumble-server-service-type))


;;;
;;; Jami daemon.
;;;

;;; XXX: Passing a computed-file object as the account is used for tests.
(define (string-or-computed-file? val)
  (or (string? val)
      (computed-file? val)))

(define account-fingerprint-list?
  (list-of account-fingerprint?))

(define-maybe list-of-strings)

(define-maybe/no-serialization account-fingerprint-list)

(define-maybe boolean)

(define-maybe string)

;;; The following serializers are used to derive an account details alist from
;;; a <jami-account> record.
(define (serialize-list-of-strings _ val)
  (string-join val ";"))

(define (serialize-boolean _ val)
  (format #f "~:[false~;true~]" val))

(define (serialize-string _ val)
  val)

;;; Note: Serialization is used to produce an account details alist that can
;;; be passed to the SET-ACCOUNT-DETAILS procedure.  Fields that do not map to
;;; a Jami account 'detail' should have their serialization disabled via the
;;; 'empty-serializer' procedure.
(define-configuration jami-account
  (archive
   (string-or-computed-file)
   "The account archive (backup) file name of the account.  This is used to
provision the account when the service starts.  The account archive should
@emph{not} be encrypted.  It is highly recommended to make it readable only to
the @samp{root} user (i.e., not in the store), to guard against leaking the
secret key material of the Jami account it contains."
   empty-serializer)
  (allowed-contacts
   maybe-account-fingerprint-list
   "The list of allowed contacts for the account, entered as their 40
characters long fingerprint.  Messages or calls from accounts not in that list
will be rejected.  When unspecified, the configuration of the account archive
is used as-is with respect to contacts and public inbound calls/messaging
allowance, which typically defaults to allow any contact to communicate with
the account."
   empty-serializer)
  (moderators
   maybe-account-fingerprint-list
   "The list of contacts that should have moderation privileges (to ban, mute,
etc. other users) in rendezvous conferences, entered as their 40 characters
long fingerprint.  When unspecified, the configuration of the account archive
is used as-is with respect to moderation, which typically defaults to allow
anyone to moderate."
   empty-serializer)
  ;; The serializable fields below are to be set with set-account-details.
  (rendezvous-point?
   maybe-boolean
   "Whether the account should operate in the rendezvous mode.  In this mode,
all the incoming audio/video calls are mixed into a conference.  When left
unspecified, the value from the account archive prevails.")
  (peer-discovery?
   maybe-boolean
   "Whether peer discovery should be enabled.  Peer discovery is used to
discover other OpenDHT nodes on the local network, which can be useful to
maintain communication between devices on such network even when the
connection to the the Internet has been lost.  When left unspecified, the
value from the account archive prevails.")
  (bootstrap-hostnames
   maybe-list-of-strings
   "A list of hostnames or IPs pointing to OpenDHT nodes, that should be used
to initially join the OpenDHT network.  When left unspecified, the value from
the account archive prevails.")
  (name-server-uri
   maybe-string
   "The URI of the name server to use, that can be used to retrieve the
account fingerprint for a registered username."))

(define (jami-account->alist jami-account-object)
  "Serialize the JAMI-ACCOUNT object as an alist suitable to be passed to
SET-ACCOUNT-DETAILS."
  (define (field-name->account-detail name)
    (match name
      ('rendezvous-point? "Account.rendezVous")
      ('peer-discovery? "Account.peerDiscovery")
      ('bootstrap-hostnames "Account.hostname")
      ('name-server-uri "RingNS.uri")))

  (define jami-account-transducer
    (compose (tremove empty-serializer?)
             (tfilter-maybe-value jami-account-object)
             (tmap (lambda (field)
                     (let* ((name (field-name->account-detail
                                  (configuration-field-name field)))
                            (value ((configuration-field-serializer field)
                                    name ((configuration-field-getter field)
                                          jami-account-object))))
                       (cons name value))))))

  (list-transduce jami-account-transducer rcons jami-account-fields))

(define jami-account-list?
  (list-of jami-account?))

(define-maybe/no-serialization jami-account-list)

(define-configuration/no-serialization jami-configuration
  (libjami
   (file-like libjami)
   "The Jami daemon package to use.")
  (dbus
   (file-like dbus-for-jami)
   "The D-Bus package to use to start the required D-Bus session.")
  (nss-certs
   (file-like nss-certs)
   "The nss-certs package to use to provide TLS certificates.")
  (enable-logging?
   (boolean #t)
   "Whether to enable logging to syslog.")
  (debug?
   (boolean #f)
   "Whether to enable debug level messages.")
  (auto-answer?
   (boolean #f)
   "Whether to force automatic answer to incoming calls.")
  (accounts
   maybe-jami-account-list
   "A list of Jami accounts to be (re-)provisioned every time the Jami daemon
service starts.  When providing this field, the account directories under
@file{/var/lib/jami/} are recreated every time the service starts, ensuring a
consistent state."))

(define %jami-accounts
  (list (user-group (name "jami") (system? #t))
        (user-account
         (name "jami")
         (group "jami")
         (system? #t)
         (comment "Jami daemon user")
         (home-directory "/var/lib/jami"))))

(define (jami-configuration->command-line-arguments config)
  "Derive the command line arguments to used to launch the Jami daemon from
CONFIG, a <jami-configuration> object."
  (define (wrapper libjami)
    (least-authority-wrapper
     ;; XXX: 'gexp-input' is needed as the outer layer so that
     ;; 'references-file' picks the right output of LIBJAMI.
     (gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid")
                 "bin")
     #:mappings
     (list (file-system-mapping
            (source "/dev/log") ;for syslog
            (target source))
           (file-system-mapping
            (source "/var/lib/jami")
            (target source)
            (writable? #t))
           (file-system-mapping
            (source "/var/run/jami")
            (target source)
            (writable? #t))
           ;; Expose TLS certificates for GnuTLS.
           (file-system-mapping
            (source (file-append nss-certs "/etc/ssl/certs"))
            (target "/etc/ssl/certs")))
     #:preserved-environment-variables
     '("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR")
     #:user "jami"
     #:group "jami"
     #:namespaces (fold delq %namespaces '(net user))))

  (match-record config <jami-configuration>
    (libjami dbus enable-logging? debug? auto-answer?)
    `(,(wrapper libjami)
      "--persistent"                    ;stay alive after client quits
      ,@(if enable-logging?
            '()                         ;logs go to syslog by default
            (list "--console"))         ;else stdout/stderr
      ,@(if debug?
            (list "--debug")
            '())
      ,@(if auto-answer?
            (list "--auto-answer")
            '()))))

(define (jami-dbus-session-activation config)
  "Create a directory to hold the Jami D-Bus session socket."
  (with-imported-modules (source-module-closure '((gnu build activation)))
    #~(begin
        (use-modules (gnu build activation))
        (let ((user (getpwnam "jami")))
          (mkdir-p/perms "/var/run/jami" user #o700)
          ;; Customize the D-Bus policy to allow 'root' to access other users'
          ;; session bus.  Also modify the location of the written PID file,
          ;; from the default '/var/run/dbus/pid' location.  This file is only
          ;; honored by the 'dbus-for-jami' package variant.
          (call-with-output-file "/var/run/jami/session-local.conf"
            (lambda (port)
              (format port "\
<busconfig>
  <pidfile>/var/run/jami/pid</pidfile>
  <policy context=\"mandatory\">
    <allow user=\"root\"/>
  </policy>
</busconfig>~%")))))))

(define (jami-shepherd-services config)
  "Return a <shepherd-service> running the Jami daemon."
  (let* ((libjami (jami-configuration-libjami config))
         (nss-certs (jami-configuration-nss-certs config))
         (dbus (jami-configuration-dbus config))
         (dbus-daemon (least-authority-wrapper
                       (file-append dbus "/bin/dbus-daemon")
                       #:name "dbus-daemon"
                       #:user "jami"
                       #:group "jami"
                       #:preserved-environment-variables
                       '("XDG_DATA_DIRS")
                       #:mappings
                       (list (file-system-mapping
                              (source "/dev/log") ;for syslog
                              (target source))
                             (file-system-mapping
                              (source "/var/run/jami")
                              (target source)
                              (writable? #t))
                             (file-system-mapping
                              (source (gexp-input libjami "bin"))
                              (target source)))
                       ;; 'dbus-daemon' wants to look up users in /etc/passwd
                       ;; so run it in the global user namespace.
                       #:namespaces
                       (fold delq %namespaces '(net user))))
         (accounts (jami-configuration-accounts config))
         (declarative-mode? (maybe-value-set? accounts)))

    (with-extensions (list guile-packrat ;used by guile-ac-d-bus
                           guile-ac-d-bus
                           ;; Fibers is needed to provide the non-blocking
                           ;; variant of the 'sleep' procedure.
                           guile-fibers)
      (with-imported-modules (source-module-closure
                              '((gnu build dbus-service)
                                (gnu build jami-service)
                                (gnu system file-systems)))

        (define list-accounts-action
          (shepherd-action
           (name 'list-accounts)
           (documentation "List the available Jami accounts.  Return the account
details alists keyed by their account username.")
           (procedure
            #~(lambda _
                ;; Print the accounts summary or long listing, according to
                ;; user-provided option.
                (let* ((usernames (get-usernames))
                       (accounts (map-in-order username->account usernames)))
                  (match accounts
                    (()                 ;empty list
                     (format #t "There is no Jami account available.~%"))
                    ((one two ...)
                     (format #t "The following Jami accounts are available:~%")
                     (for-each
                      (lambda (account)
                        (define fingerprint (assoc-ref account
                                                       "Account.username"))
                        (define human-friendly-name
                          (or (assoc-ref account
                                         "Account.registeredName")
                              (assoc-ref account
                                         "Account.displayName")
                              (assoc-ref account
                                         "Account.alias")))
                        (define disabled?
                          (and=> (assoc-ref account "Account.enable")
                                 (cut string=? "false" <>)))

                        (format #t "  - ~a~@[ (~a)~] ~:[~;[disabled]~]~%"
                                fingerprint human-friendly-name disabled?))
                      accounts)
                     (display "\n")))
                  ;; Return the account-details-list alist.
                  (map cons usernames accounts))))))

        (define list-account-details-action
          (shepherd-action
           (name 'list-account-details)
           (documentation "Display the account details of the available Jami
accounts in the @code{recutils} format.  Return the account details alists
keyed by their account username.")
           (procedure
            #~(lambda _
                (let* ((usernames (get-usernames))
                       (accounts (map-in-order username->account usernames)))
                  (for-each (lambda (account)
                              (display (account-details->recutil account))
                              (display "\n\n"))
                            accounts)
                  (map cons usernames accounts))))))

        (define list-contacts-action
          (shepherd-action
           (name 'list-contacts)
           (documentation "Display the contacts for each Jami account.  Return
an alist containing the contacts keyed by the account usernames.")
           (procedure
            #~(lambda _
                (let* ((usernames (get-usernames))
                       (contacts (map-in-order username->contacts usernames)))
                  (for-each (lambda (username contacts)
                              (format #t "Contacts for account ~a:~%"
                                      username)
                              (format #t "~{  - ~a~%~}~%" contacts))
                            usernames contacts)
                  (map cons usernames contacts))))))

        (define list-moderators-action
          (shepherd-action
           (name 'list-moderators)
           (documentation "Display the moderators for each Jami account.  Return
an alist containing the moderators keyed by the account usernames.")
           (procedure
            #~(lambda _
                (let* ((usernames (get-usernames))
                       (moderators (map-in-order username->moderators
                                                 usernames)))
                  (for-each
                   (lambda (username moderators)
                     (if (username->all-moderators? username)
                         (format #t "Anyone can moderate for account ~a~%"
                                 username)
                         (begin
                           (format #t "Moderators for account ~a:~%" username)
                           (format #t "~{  - ~a~%~}~%" moderators))))
                   usernames moderators)
                  (map cons usernames moderators))))))

        (define add-moderator-action
          (shepherd-action
           (name 'add-moderator)
           (documentation "Add a moderator for a given Jami account.  The
MODERATOR contact must be given as its 40 characters fingerprint, while the
Jami account can be provided as its registered USERNAME or fingerprint.

@example
herd add-moderator jami 1dbcb0f5f37324228235564b79f2b9737e9a008f username
@end example

Return the moderators for the account known by USERNAME.")
           (procedure
            #~(lambda (_ moderator username)
                (set-all-moderators #f username)
                (add-contact moderator username)
                (set-moderator moderator #t username)
                (username->moderators username)))))

        (define ban-contact-action
          (shepherd-action
           (name 'ban-contact)
           (documentation "Ban a contact for a given or all Jami accounts, and
clear their moderator flag.  The CONTACT must be given as its 40 characters
fingerprint, while the Jami account can be provided as its registered USERNAME
or fingerprint, or omitted.  When the account is omitted, CONTACT is banned
from all accounts.

@example
herd ban-contact jami 1dbcb0f5f37324228235564b79f2b9737e9a008f [username]
@end example")
           (procedure
            #~(lambda* (_ contact #:optional username)
                (let ((usernames (or (and=> username list)
                                     (get-usernames))))
                  (for-each (lambda (username)
                              (set-moderator contact #f username)
                              (remove-contact contact username #:ban? #t))
                            usernames))))))

        (define list-banned-contacts-action
          (shepherd-action
           (name 'list-banned-contacts)
           (documentation "List the banned contacts for each accounts.  Return
an alist of the banned contacts, keyed by the account usernames.")
           (procedure
            #~(lambda _
                (define banned-contacts
                  (let ((usernames (get-usernames)))
                    (map cons usernames
                         (map-in-order (lambda (x)
                                         (receive (_ banned)
                                             (username->contacts x)
                                           banned))
                                       usernames))))

                (for-each (match-lambda
                            ((username . banned)
                             (unless (null? banned)
                               (format #t "Banned contacts for account ~a:~%"
                                       username)
                               (format #t "~{  - ~a~%~}~%" banned))))
                          banned-contacts)
                banned-contacts))))

        (define enable-account-action
          (shepherd-action
           (name 'enable-account)
           (documentation "Enable an account.  It takes USERNAME as an argument,
either a registered username or the fingerprint of the account.")
           (procedure
            #~(lambda (_ username)
                (enable-account username)))))

        (define disable-account-action
          (shepherd-action
           (name 'disable-account)
           (documentation "Disable an account.  It takes USERNAME as an
argument, either a registered username or the fingerprint of the account.")
           (procedure
            #~(lambda (_ username)
                (disable-account username)))))

        (list (shepherd-service
               (documentation "Run a D-Bus session for the Jami daemon.")
               (provision '(jami-dbus-session))
               (modules `((gnu build dbus-service)
                          (gnu build jami-service)
                          (gnu system file-systems)
                          ,@%default-modules))
               ;; The requirement on dbus-system is to ensure other required
               ;; activation for D-Bus, such as a /etc/machine-id file.
               (requirement '(dbus-system syslogd))
               (start
                #~(lambda ()
                    (define pid
                      (fork+exec-command
                       (list #$dbus-daemon "--session"
                             "--address=unix:path=/var/run/jami/bus"
                             "--syslog-only")
                       #:environment-variables
                       ;; This is so that the cx.ring.Ring service D-Bus
                       ;; definition is found by dbus-daemon.
                       (list (string-append "XDG_DATA_DIRS="
                                            #$libjami:bin "/share"))))

                    ;; The PID file contains the "wrong" PID (the one in the
                    ;; separate PID namespace) so ignore it and return the
                    ;; value returned by 'fork+exec-command'.
                    (and (read-pid-file "/var/run/jami/pid")
                         pid)))
               (stop #~(make-kill-destructor)))

              (shepherd-service
               (documentation "Run the Jami daemon.")
               (provision '(jami))
               (actions (list list-accounts-action
                              list-account-details-action
                              list-contacts-action
                              list-moderators-action
                              add-moderator-action
                              ban-contact-action
                              list-banned-contacts-action
                              enable-account-action
                              disable-account-action))
               (requirement '(jami-dbus-session))
               (modules `((ice-9 format)
                          (ice-9 ftw)
                          (ice-9 match)
                          (ice-9 receive)
                          (srfi srfi-1)
                          (srfi srfi-26)
                          (gnu build dbus-service)
                          (gnu build jami-service)
                          (gnu system file-systems)
                          ,@%default-modules))
               (start
                #~(lambda args
                    (define (delete-file-recursively/safe file)
                      ;; Ensure we're not deleting things outside of
                      ;; /var/lib/jami.  This prevents a possible attack in case
                      ;; the daemon is compromised and an attacker gains write
                      ;; access to /var/lib/jami.
                      (let ((parent-directory (dirname file)))
                        (if (eq? 'symlink (stat:type (stat parent-directory)))
                            (error "abnormality detected; unexpected symlink found at"
                                   parent-directory)
                            (delete-file-recursively file))))

                    (when #$declarative-mode?
                      ;; Clear the Jami configuration and accounts, to enforce the
                      ;; declared state.
                      (catch #t
                        (lambda ()
                          (for-each (cut delete-file-recursively/safe <>)
                                    '("/var/lib/jami/.cache/jami"
                                      "/var/lib/jami/.config/jami"
                                      "/var/lib/jami/.local/share/jami"
                                      "/var/lib/jami/accounts")))
                        (lambda args
                          #t))
                      ;; Copy the Jami account archives from somewhere readable
                      ;; by root to a place only the jami user can read.
                      (let* ((accounts-dir "/var/lib/jami/accounts/")
                             (pwd (getpwnam "jami"))
                             (user (passwd:uid pwd))
                             (group (passwd:gid pwd)))
                        (mkdir-p accounts-dir)
                        (chown accounts-dir user group)
                        (for-each (lambda (f)
                                    (let ((dest (string-append accounts-dir
                                                               (basename f))))
                                      (copy-file f dest)
                                      (chown dest user group)))
                                  '#$(and declarative-mode?
                                          (map jami-account-archive accounts)))))

                    ;; Start the daemon.
                    (define daemon-pid
                      (fork+exec-command
                       (list #$@(jami-configuration->command-line-arguments
                                 config))
                       #:environment-variables
                       (list (string-append "DBUS_SESSION_BUS_ADDRESS="
                                            "unix:path=/var/run/jami/bus")
                             ;; Expose TLS certificates for OpenSSL.
                             "SSL_CERT_DIR=/etc/ssl/certs")))

                    (setenv "DBUS_SESSION_BUS_ADDRESS"
                            "unix:path=/var/run/jami/bus")

                    ;; Wait until the service name has been acquired by D-Bus.
                    (with-retries 20 1 (jami-service-available?))

                    (when #$declarative-mode?
                      ;; Provision the accounts via the D-Bus API of the daemon.
                      (let* ((jami-account-archives
                              (map (cut string-append
                                        "/var/lib/jami/accounts/" <>)
                                   (scandir "/var/lib/jami/accounts/"
                                            (lambda (f)
                                              (not (member f '("." "..")))))))
                             (usernames (map-in-order (cut add-account <>)
                                                      jami-account-archives)))

                        (define (archive-name->username archive)
                          (list-ref
                           usernames
                           (list-index (lambda (f)
                                         (string-suffix? (basename archive) f))
                                       jami-account-archives)))

                        (for-each
                         (lambda (archive allowed-contacts moderators
                                          account-details)
                           (let ((username (archive-name->username
                                            archive)))
                             (when (not (eq? '#$%unset-value allowed-contacts))
                               ;; Reject calls from unknown contacts.
                               (set-account-details
                                '(("DHT.PublicInCalls" . "false")) username)
                               ;; Remove all contacts.
                               (for-each (cut remove-contact <> username)
                                         (username->contacts username))
                               ;; Add allowed ones.
                               (for-each (cut add-contact <> username)
                                         allowed-contacts))
                             (when (not (eq? '#$%unset-value moderators))
                               ;; Disable the 'AllModerators' property.
                               (set-all-moderators #f username)
                               ;; Remove all moderators.
                               (for-each (cut set-moderator <> #f username)
                                         (username->moderators username))
                               ;; Add declared moderators.
                               (for-each (cut set-moderator <> #t username)
                                         moderators))
                             ;; Set the various account parameters.
                             (set-account-details account-details username)))
                         '#$(and declarative-mode?
                                 (map-in-order (cut jami-account-archive <>)
                                               accounts))
                         '#$(and declarative-mode?
                                 (map-in-order
                                  (cut jami-account-allowed-contacts <>)
                                  accounts))
                         '#$(and declarative-mode?
                                 (map-in-order (cut jami-account-moderators <>)
                                               accounts))
                         '#$(and declarative-mode?
                                 (map-in-order jami-account->alist accounts)))))

                    ;; Finally, return the PID of the daemon process.
                    daemon-pid))
               ;; XXX: jamid takes some time to terminate, and GNU Shepherd
               ;; doesn't block when calling waitpid (see:
               ;; https://issues.guix.gnu.org/57922).  Using SIGKILL instead
               ;; of SIGTERM works around that.
               (stop #~(make-kill-destructor SIGKILL))))))))

(define jami-service-type
  (service-type
   (name 'jami)
   (default-value (jami-configuration))
   (extensions
    (list (service-extension shepherd-root-service-type
                             jami-shepherd-services)
          (service-extension account-service-type
                             (const %jami-accounts))
          (service-extension activation-service-type
                             jami-dbus-session-activation)))
   (description "Run the Jami daemon (@command{jamid}).  This service is
geared toward the use case of hosting Jami rendezvous points over a headless
server.  If you use Jami on your local machine, you may prefer to setup a user
Shepherd service for it instead; this way, the daemon will be shared via your
normal user D-Bus session bus.")))


;;;
;;; Mumble server.
;;;

;; https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini

(define-record-type* <mumble-server-configuration> mumble-server-configuration
  make-mumble-server-configuration
  mumble-server-configuration?
  (package               mumble-server-configuration-package ;file-like
                         (default mumble))
  (user                  mumble-server-configuration-user
                         (default "mumble-server"))
  (group                 mumble-server-configuration-group
                         (default "mumble-server"))
  (port                  mumble-server-configuration-port
                         (default 64738))
  (welcome-text          mumble-server-configuration-welcome-text
                         (default ""))
  (server-password       mumble-server-configuration-server-password
                         (default ""))
  (max-users             mumble-server-configuration-max-users
                         (default 100))
  (max-user-bandwidth    mumble-server-configuration-max-user-bandwidth
                         (default #f))
  (database-file         mumble-server-configuration-database-file
                         (default "/var/lib/mumble-server/db.sqlite"))
  (log-file              mumble-server-configuration-log-file
                         (default "/var/log/mumble-server/mumble-server.log"))
  (pid-file              mumble-server-configuration-pid-file
                         (default "/var/run/mumble-server/mumble-server.pid"))
  (autoban-attempts      mumble-server-configuration-autoban-attempts
                         (default 10))
  (autoban-timeframe     mumble-server-configuration-autoban-timeframe
                         (default 120))
  (autoban-time          mumble-server-configuration-autoban-time
                         (default 300))
  (opus-threshold        mumble-server-configuration-opus-threshold
                         (default 100)) ; integer percent
  (channel-nesting-limit mumble-server-configuration-channel-nesting-limit
                         (default 10))
  (channelname-regex     mumble-server-configuration-channelname-regex
                         (default #f))
  (username-regex        mumble-server-configuration-username-regex
                         (default #f))
  (text-message-length   mumble-server-configuration-text-message-length
                         (default 5000))
  (image-message-length  mumble-server-configuration-image-message-length
                         (default (* 128 1024))) ; 128 Kilobytes
  (cert-required?         mumble-server-configuration-cert-required?
                          (default #f))
  (remember-channel?     mumble-server-configuration-remember-channel?
                         (default #f))
  (allow-html?           mumble-server-configuration-allow-html?
                         (default #f))
  (allow-ping?           mumble-server-configuration-allow-ping?
                         (default #f))
  (bonjour?              mumble-server-configuration-bonjour?
                         (default #f))
  (send-version?         mumble-server-configuration-send-version?
                         (default #f))
  (log-days              mumble-server-configuration-log-days
                         (default 31))
  (obfuscate-ips?        mumble-server-obfuscate-ips?
                         (default #t))
  (ssl-cert              mumble-server-configuration-ssl-cert
                         (default #f))
  (ssl-key               mumble-server-configuration-ssl-key
                         (default #f))
  (ssl-dh-params         mumble-server-configuration-ssl-dh-params
                         (default #f))
  (ssl-ciphers           mumble-server-configuration-ssl-ciphers
                         (default #f))
  (public-registration   mumble-server-configuration-public-registration
                         (default #f))  ; <mumble-server-public-registration-configuration>
  (file                  mumble-server-configuration-file
                         (default #f)))

(define-record-type* <mumble-server-public-registration-configuration>
  mumble-server-public-registration-configuration
  make-mumble-server-public-registration-configuration
  mumble-server-public-registration-configuration?
  (name         mumble-server-public-registration-configuration-name)
  (password     mumble-server-public-registration-configuration-password)
  (url          mumble-server-public-registration-configuration-url)
  (hostname     mumble-server-public-registration-configuration-hostname
                (default #f)))

(define (flatten . lst)
  "Return a list that recursively concatenates all sub-lists of LST."
  (define (flatten1 head out)
    (if (list? head)
        (fold-right flatten1 out head)
        (cons head out)))
  (fold-right flatten1 '() lst))

(define (default-mumble-server-config config)
  (match-record
   config
   <mumble-server-configuration>
   (user port welcome-text server-password max-users max-user-bandwidth
    database-file log-file pid-file autoban-attempts autoban-timeframe
    autoban-time opus-threshold channel-nesting-limit channelname-regex
    username-regex text-message-length image-message-length cert-required?
    remember-channel? allow-html? allow-ping? bonjour? send-version?
    log-days obfuscate-ips? ssl-cert ssl-key ssl-dh-params ssl-ciphers
    public-registration)
   (apply mixed-text-file "mumble-server.ini"
          (flatten
           "welcometext=" welcome-text "\n"
           "port=" (number->string port) "\n"
           (if server-password (list "serverpassword=" server-password "\n") '())
           (if max-user-bandwidth (list "bandwidth="
                                        (number->string max-user-bandwidth) "\n")
               '())
           "users=" (number->string max-users) "\n"
           "uname=" user "\n"
           "database=" database-file "\n"
           "logfile=" log-file "\n"
           "pidfile=" pid-file "\n"
           (if autoban-attempts (list "autobanAttempts=" (number->string autoban-attempts) "\n") '())
           (if autoban-timeframe (list "autobanTimeframe=" (number->string autoban-timeframe) "\n") '())
           (if autoban-time (list "autobanTime=" (number->string autoban-time) "\n") '())
           (if opus-threshold (list "opusthreshold=" (number->string opus-threshold) "\n") '())
           (if channel-nesting-limit (list "channelnestinglimit=" (number->string channel-nesting-limit) "\n") '())
           (if channelname-regex (list "channelname=" channelname-regex "\n") '())
           (if username-regex (list "username=" username-regex "\n") '())
           (if text-message-length (list "textmessagelength=" (number->string text-message-length) "\n") '())
           (if image-message-length (list "imagemessagelength=" (number->string image-message-length) "\n") '())
           (if log-days (list "logdays=" (number->string log-days) "\n") '())
           "obfuscate=" (if obfuscate-ips? "true" "false") "\n"
           "certrequired=" (if cert-required? "true" "false") "\n"
           "rememberchannel=" (if remember-channel? "true" "false") "\n"
           "allowhtml=" (if allow-html? "true" "false") "\n"
           "allowping=" (if allow-ping? "true" "false") "\n"
           "bonjour=" (if bonjour? "true" "false") "\n"
           "sendversion=" (if send-version? "true" "false") "\n"
           (cond ((and ssl-cert ssl-key)
                  (list
                   "sslCert=" ssl-cert "\n"
                   "sslKey=" ssl-key "\n"))
                 ((or ssl-cert ssl-key)
                  (error "ssl-cert and ssl-key must both be set"
                         ssl-cert ssl-key))
                 (else '()))
           (if ssl-dh-params (list "sslDHParams=" ssl-dh-params) '())
           (if ssl-ciphers (list "sslCiphers=" ssl-ciphers) '())

           (match public-registration
             (#f '())
             (($ <mumble-server-public-registration-configuration>
                 name password url hostname)
              (if (and (or (not server-password) (string-null? server-password))
                       allow-ping?)
                  (list
                   "registerName=" name "\n"
                   "registerPassword=" password "\n"
                   "registerUrl=" url "\n"
                   (if hostname
                       (string-append "registerHostname=" hostname "\n")
                       ""))
                  (error "To publicly register your mumble-server server your server must be publicy visible
and users must be able to join without a password. To fix this set:
(allow-ping? #t)
(server-password \"\")
Or set public-registration to #f"))))))))

(define (mumble-server-activation config)
  #~(begin
      (use-modules (guix build utils))
      (let* ((log-dir (dirname #$(mumble-server-configuration-log-file config)))
             (pid-dir (dirname #$(mumble-server-configuration-pid-file config)))
             (db-dir (dirname #$(mumble-server-configuration-database-file config)))
             (user (getpwnam #$(mumble-server-configuration-user config)))
             (init-dir
              (lambda (name dir)
                (format #t "creating mumble-server ~a directory '~a'\n" name dir)
                (mkdir-p dir)
                (chown dir (passwd:uid user) (passwd:gid user))
                (chmod dir #o700)))
             (ini #$(or (mumble-server-configuration-file config)
                        (default-mumble-server-config config))))
        (init-dir "log" log-dir)
        (init-dir "pid" pid-dir)
        (init-dir "database" db-dir)

        (format #t "mumble-server: use config file: ~a~%\n" ini)
        (format #t "mumble-server: to set the SuperUser password run:
    `~a -ini ~a -readsupw`\n"
                #$(file-append (mumble-server-configuration-package config)
                               "/bin/mumble-server") ini)
        #t)))

(define mumble-server-accounts
  (match-lambda
    (($ <mumble-server-configuration> _ user group)
     (list
      (user-group
       (name group)
       (system? #t))
      (user-account
       (name user)
       (group group)
       (system? #t)
       (comment "Mumble server daemon")
       (home-directory "/var/empty")
       (shell (file-append shadow "/sbin/nologin")))))))

(define (mumble-server-shepherd-service config)
  (list (shepherd-service
         (provision '(mumble-server))
         (documentation "Run the Mumble server.")
         (requirement '(networking))
         (start #~(make-forkexec-constructor
                   '(#$(file-append (mumble-server-configuration-package config)
                                    "/bin/mumble-server")
                     "-ini"
                     #$(or (mumble-server-configuration-file config)
                           (default-mumble-server-config config)))
                   #:pid-file #$(mumble-server-configuration-pid-file config)))
         (stop #~(make-kill-destructor)))))

(define mumble-server-service-type
  (service-type (name 'mumble-server)
                (description
                 "Run the Mumble voice-over-IP (VoIP) server.")
                (extensions
                 (list (service-extension shepherd-root-service-type
                                          mumble-server-shepherd-service)
                       (service-extension activation-service-type
                                          mumble-server-activation)
                       (service-extension account-service-type
                                          mumble-server-accounts)))
                (default-value (mumble-server-configuration))))

(define-deprecated/public-alias
  murmur-configuration
  mumble-server-configuration)
(define-deprecated/public-alias
  make-murmur-configuration
  make-mumble-server-configuration)
(define-deprecated/public-alias
  murmur-configuration?
  mumble-server-configuration?)
(define-deprecated/public-alias
  murmur-configuration-package
  mumble-server-configuration-package)
(define-deprecated/public-alias
  murmur-configuration-user
  mumble-server-configuration-user)
(define-deprecated/public-alias
  murmur-configuration-group
  mumble-server-configuration-group)
(define-deprecated/public-alias
  murmur-configuration-port
  mumble-server-configuration-port)
(define-deprecated/public-alias
  murmur-configuration-welcome-text
  mumble-server-configuration-welcome-text)
(define-deprecated/public-alias
  murmur-configuration-server-password
  mumble-server-configuration-server-password)
(define-deprecated/public-alias
  murmur-configuration-max-users
  mumble-server-configuration-max-users)
(define-deprecated/public-alias
  murmur-configuration-max-user-bandwidth
  mumble-server-configuration-max-user-bandwidth)
(define-deprecated/public-alias
  murmur-configuration-database-file
  mumble-server-configuration-database-file)
(define-deprecated/public-alias
  murmur-configuration-log-file
  mumble-server-configuration-log-file)
(define-deprecated/public-alias
  murmur-configuration-pid-file
  mumble-server-configuration-pid-file)
(define-deprecated/public-alias
  murmur-configuration-autoban-attempts
  mumble-server-configuration-autoban-attempts)
(define-deprecated/public-alias
  murmur-configuration-autoban-timeframe
  mumble-server-configuration-autoban-timeframe)
(define-deprecated/public-alias
  murmur-configuration-autoban-time
  mumble-server-configuration-autoban-time)
(define-deprecated/public-alias
  murmur-configuration-opus-threshold
  mumble-server-configuration-opus-threshold)
(define-deprecated/public-alias
  murmur-configuration-channel-nesting-limit
  mumble-server-configuration-channel-nesting-limit)
(define-deprecated/public-alias
  murmur-configuration-channelname-regex
  mumble-server-configuration-channelname-regex)
(define-deprecated/public-alias
  murmur-configuration-username-regex
  mumble-server-configuration-username-regex)
(define-deprecated/public-alias
  murmur-configuration-text-message-length
  mumble-server-configuration-text-message-length)
(define-deprecated/public-alias
  murmur-configuration-image-message-length
  mumble-server-configuration-image-message-length)
(define-deprecated/public-alias
  murmur-configuration-cert-required?
  mumble-server-configuration-cert-required?)
(define-deprecated/public-alias
  murmur-configuration-remember-channel?
  mumble-server-configuration-remember-channel?)
(define-deprecated/public-alias
  murmur-configuration-allow-html?
  mumble-server-configuration-allow-html?)
(define-deprecated/public-alias
  murmur-configuration-allow-ping?
  mumble-server-configuration-allow-ping?)
(define-deprecated/public-alias
  murmur-configuration-bonjour?
  mumble-server-configuration-bonjour?)
(define-deprecated/public-alias
  murmur-configuration-send-version?
  mumble-server-configuration-send-version?)
(define-deprecated/public-alias
  murmur-configuration-log-days
  mumble-server-configuration-log-days)
(define-deprecated/public-alias
  murmur-configuration-obfuscate-ips?
  mumble-server-configuration-obfuscate-ips?)
(define-deprecated/public-alias
  murmur-configuration-ssl-cert
  mumble-server-configuration-ssl-cert)
(define-deprecated/public-alias
  murmur-configuration-ssl-key
  mumble-server-configuration-ssl-key)
(define-deprecated/public-alias
  murmur-configuration-ssl-dh-params
  mumble-server-configuration-ssl-dh-params)
(define-deprecated/public-alias
  murmur-configuration-ssl-ciphers
  mumble-server-configuration-ssl-ciphers)
(define-deprecated/public-alias
  murmur-configuration-public-registration
  mumble-server-configuration-public-registration)
(define-deprecated/public-alias
  murmur-configuration-file
  mumble-server-configuration-file)

(define-deprecated/public-alias
  murmur-public-registration-configuration
  mumble-server-public-registration-configuration)
(define-deprecated/public-alias
  make-murmur-public-registration-configuration
  make-mumble-server-public-registration-configuration)
(define-deprecated/public-alias
  murmur-public-registration-configuration?
  mumble-server-public-registration-configuration?)
(define-deprecated/public-alias
  murmur-public-registration-configuration-name
  mumble-server-public-registration-configuration-name)
(define-deprecated/public-alias
  murmur-public-registration-configuration-url
  mumble-server-public-registration-configuration-url)
(define-deprecated/public-alias
  murmur-public-registration-configuration-password
  mumble-server-public-registration-configuration-password)
(define-deprecated/public-alias
  murmur-public-registration-configuration-hostname
  mumble-server-public-registration-configuration-hostname)

(define-deprecated/public-alias
  murmur-service-type
  mumble-server-service-type)

;; Local Variables:
;; eval: (put 'with-retries 'scheme-indent-function 2)
;; End:
generated by cgit
onfigure}, @code{build}, @code{install} and @code{check}. To know more about those phases, you need to work out the appropriate build system definition in @samp{$GUIX_CHECKOUT/guix/build/gnu-build-system.scm}:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1022 #, no-wrap msgid "" "(define %standard-phases\n" " ;; Standard build phases, as a list of symbol/procedure pairs.\n" " (let-syntax ((phases (syntax-rules ()\n" " ((_ p ...) `((p . ,p) ...)))))\n" " (phases set-SOURCE-DATE-EPOCH set-paths install-locale unpack\n" " bootstrap\n" " patch-usr-bin-file\n" " patch-source-shebangs configure patch-generated-file-shebangs\n" " build check install\n" " patch-shebangs strip\n" " validate-runpath\n" " validate-documentation-location\n" " delete-info-dir-file\n" " patch-dot-desktop-files\n" " install-license-files\n" " reset-gzip-timestamps\n" " compress-documentation)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1025 msgid "Or from the REPL:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1031 #, no-wrap msgid "" "(add-to-load-path \"/path/to/guix/checkout\")\n" ",use (guix build gnu-build-system)\n" "(map first %standard-phases)\n" "@result{} (set-SOURCE-DATE-EPOCH set-paths install-locale unpack bootstrap patch-usr-bin-file patch-source-shebangs configure patch-generated-file-shebangs build check install patch-shebangs strip validate-runpath validate-documentation-location delete-info-dir-file patch-dot-desktop-files install-license-files reset-gzip-timestamps compress-documentation)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1035 msgid "If you want to know more about what happens during those phases, consult the associated procedures." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1038 msgid "For instance, as of this writing the definition of @code{unpack} for the GNU build system is:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1048 #, no-wrap msgid "" "(define* (unpack #:key source #:allow-other-keys)\n" " \"Unpack SOURCE in the working directory, and change directory within the\n" "source. When SOURCE is a directory, copy it in a sub-directory of the current\n" "working directory.\"\n" " (if (file-is-directory? source)\n" " (begin\n" " (mkdir \"source\")\n" " (chdir \"source\")\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1059 #, no-wrap msgid "" " ;; Preserve timestamps (set to the Epoch) on the copied tree so that\n" " ;; things work deterministically.\n" " (copy-recursively source \".\"\n" " #:keep-mtime? #true))\n" " (begin\n" " (if (string-suffix? \".zip\" source)\n" " (invoke \"unzip\" source)\n" " (invoke \"tar\" \"xvf\" source))\n" " (chdir (first-subdirectory \".\"))))\n" " #true)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1067 msgid "Note the @code{chdir} call: it changes the working directory to where the source was unpacked. Thus every phase following the @code{unpack} will use the source as a working directory, which is why we can directly work on the source files. That is to say, unless a later phase changes the working directory to something else." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1071 msgid "We modify the list of @code{%standard-phases} of the build system with the @code{modify-phases} macro as per the list of specified modifications, which may have the following forms:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1075 msgid "@code{(add-before @var{phase} @var{new-phase} @var{procedure})}: Run @var{procedure} named @var{new-phase} before @var{phase}." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1077 msgid "@code{(add-after @var{phase} @var{new-phase} @var{procedure})}: Same, but afterwards." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1079 msgid "@code{(replace @var{phase} @var{procedure})}." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1081 msgid "@code{(delete @var{phase})}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1088 msgid "The @var{procedure} supports the keyword arguments @code{inputs} and @code{outputs}. Each input (whether @emph{native}, @emph{propagated} or not) and output directory is referenced by their name in those variables. Thus @code{(assoc-ref outputs \"out\")} is the store directory of the main output of the package. A phase procedure may look like this:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1096 #, no-wrap msgid "" "(lambda* (#:key inputs outputs #:allow-other-keys)\n" " (let ((bash-directory (assoc-ref inputs \"bash\"))\n" " (output-directory (assoc-ref outputs \"out\"))\n" " (doc-directory (assoc-ref outputs \"doc\")))\n" " ;; ...\n" " #true))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1102 msgid "The procedure must return @code{#true} on success. It's brittle to rely on the return value of the last expression used to tweak the phase because there is no guarantee it would be a @code{#true}. Hence the trailing @code{#true} to ensure the right value is returned on success." msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1103 #, no-wrap msgid "Code staging" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1109 msgid "The astute reader may have noticed the quasi-quote and comma syntax in the argument field. Indeed, the build code in the package declaration should not be evaluated on the client side, but only when passed to the Guix daemon. This mechanism of passing code around two running processes is called @uref{https://arxiv.org/abs/1709.00833, code staging}." msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1110 #, no-wrap msgid "Utility functions" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1115 msgid "When customizing @code{phases}, we often need to write code that mimics the equivalent system invocations (@code{make}, @code{mkdir}, @code{cp}, etc.)@: commonly used during regular ``Unix-style'' installations." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1118 msgid "Some like @code{chmod} are native to Guile. @xref{,,, guile, Guile reference manual} for a complete list." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1121 msgid "Guix provides additional helper functions which prove especially handy in the context of package management." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1125 msgid "Some of those functions can be found in @samp{$GUIX_CHECKOUT/guix/guix/build/utils.scm}. Most of them mirror the behaviour of the traditional Unix system commands:" msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1127 #, no-wrap msgid "which" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1129 msgid "Like the @samp{which} system command." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1129 #, no-wrap msgid "find-files" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1131 msgid "Akin to the @samp{find} system command." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1131 #, no-wrap msgid "mkdir-p" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1133 msgid "Like @samp{mkdir -p}, which creates all parents as needed." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1133 #, no-wrap msgid "install-file" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1137 msgid "Similar to @samp{install} when installing a file to a (possibly non-existing) directory. Guile has @code{copy-file} which works like @samp{cp}." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1137 #, no-wrap msgid "copy-recursively" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1139 msgid "Like @samp{cp -r}." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1139 #, no-wrap msgid "delete-file-recursively" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1141 msgid "Like @samp{rm -rf}." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1141 #, no-wrap msgid "invoke" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1143 msgid "Run an executable. This should be used instead of @code{system*}." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1143 #, no-wrap msgid "with-directory-excursion" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1146 msgid "Run the body in a different working directory, then restore the previous working directory." msgstr "" #. type: item #: guix-git/doc/guix-cookbook.texi:1146 #, no-wrap msgid "substitute*" msgstr "" #. type: table #: guix-git/doc/guix-cookbook.texi:1148 msgid "A ``@command{sed}-like'' function." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1152 msgid "@xref{Build Utilities,,, guix, GNU Guix Reference Manual}, for more information on these utilities." msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1153 #, no-wrap msgid "Module prefix" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1163 msgid "The license in our last example needs a prefix: this is because of how the @code{license} module was imported in the package, as @code{#:use-module ((guix licenses) #:prefix license:)}. The Guile module import mechanism (@pxref{Using Guile Modules,,, guile, Guile reference manual}) gives the user full control over namespacing: this is needed to avoid clashes between, say, the @samp{zlib} variable from @samp{licenses.scm} (a @emph{license} value) and the @samp{zlib} variable from @samp{compression.scm} (a @emph{package} value)." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1164 guix-git/doc/guix-cookbook.texi:1165 #, no-wrap msgid "Other build systems" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1172 msgid "What we've seen so far covers the majority of packages using a build system other than the @code{trivial-build-system}. The latter does not automate anything and leaves you to build everything manually. This can be more demanding and we won't cover it here for now, but thankfully it is rarely necessary to fall back on this system." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1176 msgid "For the other build systems, such as ASDF, Emacs, Perl, Ruby and many more, the process is very similar to the GNU build system except for a few specialized arguments." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1181 msgid "@xref{Build Systems,,, guix, GNU Guix Reference Manual}, for more information on build systems, or check the source code in the @samp{$GUIX_CHECKOUT/guix/build} and @samp{$GUIX_CHECKOUT/guix/build-system} directories." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1182 guix-git/doc/guix-cookbook.texi:1183 #, no-wrap msgid "Programmable and automated package definition" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1187 msgid "We can't repeat it enough: having a full-fledged programming language at hand empowers us in ways that reach far beyond traditional package management." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1189 msgid "Let's illustrate this with some awesome features of Guix!" msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1190 guix-git/doc/guix-cookbook.texi:1191 #, no-wrap msgid "Recursive importers" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1198 msgid "You might find some build systems good enough that there is little to do at all to write a package, to the point that it becomes repetitive and tedious after a while. A @emph{raison d'être} of computers is to replace human beings at those boring tasks. So let's tell Guix to do this for us and create the package definition of an R package from CRAN (the output is trimmed for conciseness):" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1201 #, no-wrap msgid "" "$ guix import cran --recursive walrus\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1205 #, no-wrap msgid "" "(define-public r-mc2d\n" " ; ...\n" " (license gpl2+)))\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1209 #, no-wrap msgid "" "(define-public r-jmvcore\n" " ; ...\n" " (license gpl2+)))\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1213 #, no-wrap msgid "" "(define-public r-wrs2\n" " ; ...\n" " (license gpl3)))\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1242 #, no-wrap msgid "" "(define-public r-walrus\n" " (package\n" " (name \"r-walrus\")\n" " (version \"1.0.3\")\n" " (source\n" " (origin\n" " (method url-fetch)\n" " (uri (cran-uri \"walrus\" version))\n" " (sha256\n" " (base32\n" " \"1nk2glcvy4hyksl5ipq2mz8jy4fss90hx6cq98m3w96kzjni6jjj\"))))\n" " (build-system r-build-system)\n" " (propagated-inputs\n" " `((\"r-ggplot2\" ,r-ggplot2)\n" " (\"r-jmvcore\" ,r-jmvcore)\n" " (\"r-r6\" ,r-r6)\n" " (\"r-wrs2\" ,r-wrs2)))\n" " (home-page \"https://github.com/jamovi/walrus\")\n" " (synopsis \"Robust Statistical Methods\")\n" " (description\n" " \"This package provides a toolbox of common robust statistical\n" "tests, including robust descriptives, robust t-tests, and robust ANOVA.\n" "It is also available as a module for 'jamovi' (see\n" " for more information). Walrus is based on the\n" "WRS2 package by Patrick Mair, which is in turn based on the scripts and\n" "work of Rand Wilcox. These analyses are described in depth in the book\n" "'Introduction to Robust Estimation & Hypothesis Testing'.\")\n" " (license gpl3)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1246 msgid "The recursive importer won't import packages for which Guix already has package definitions, except for the very first." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1251 msgid "Not all applications can be packaged this way, only those relying on a select number of supported systems. Read about the full list of importers in the guix import section of the manual (@pxref{Invoking guix import,,, guix, GNU Guix Reference Manual})." msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1252 guix-git/doc/guix-cookbook.texi:1253 #, no-wrap msgid "Automatic update" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1257 msgid "Guix can be smart enough to check for updates on systems it knows. It can report outdated package definitions with" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1260 #, no-wrap msgid "$ guix refresh hello\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1265 msgid "In most cases, updating a package to a newer version requires little more than changing the version number and the checksum. Guix can do that automatically as well:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1268 #, no-wrap msgid "$ guix refresh hello --update\n" msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:1270 guix-git/doc/guix-cookbook.texi:1271 #, no-wrap msgid "Inheritance" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1275 msgid "If you've started browsing the existing package definitions, you might have noticed that a significant number of them have a @code{inherit} field:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1291 #, no-wrap msgid "" "(define-public adwaita-icon-theme\n" " (package (inherit gnome-icon-theme)\n" " (name \"adwaita-icon-theme\")\n" " (version \"3.26.1\")\n" " (source (origin\n" " (method url-fetch)\n" " (uri (string-append \"mirror://gnome/sources/\" name \"/\"\n" " (version-major+minor version) \"/\"\n" " name \"-\" version \".tar.xz\"))\n" " (sha256\n" " (base32\n" " \"17fpahgh5dyckgz7rwqvzgnhx53cx9kr2xw0szprc6bnqy977fi8\"))))\n" " (native-inputs\n" " `((\"gtk-encode-symbolic-svg\" ,gtk+ \"bin\")))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1296 msgid "All unspecified fields are inherited from the parent package. This is very convenient to create alternative packages, for instance with different source, version or compilation options." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1297 guix-git/doc/guix-cookbook.texi:1298 #, no-wrap msgid "Getting help" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1304 msgid "Sadly, some applications can be tough to package. Sometimes they need a patch to work with the non-standard file system hierarchy enforced by the store. Sometimes the tests won't run properly. (They can be skipped but this is not recommended.) Other times the resulting package won't be reproducible." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1307 msgid "Should you be stuck, unable to figure out how to fix any sort of packaging issue, don't hesitate to ask the community for help." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1309 msgid "See the @uref{https://www.gnu.org/software/guix/contact/, Guix homepage} for information on the mailing lists, IRC, etc." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1310 guix-git/doc/guix-cookbook.texi:1311 #, no-wrap msgid "Conclusion" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1317 msgid "This tutorial was a showcase of the sophisticated package management that Guix boasts. At this point we have mostly restricted this introduction to the @code{gnu-build-system} which is a core abstraction layer on which more advanced abstractions are based." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1322 msgid "Where do we go from here? Next we ought to dissect the innards of the build system by removing all abstractions, using the @code{trivial-build-system}: this should give us a thorough understanding of the process before investigating some more advanced packaging techniques and edge cases." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1325 msgid "Other features worth exploring are the interactive editing and debugging capabilities of Guix provided by the Guile REPL@." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1330 msgid "Those fancy features are completely optional and can wait; now is a good time to take a well-deserved break. With what we've introduced here you should be well armed to package lots of programs. You can get started right away and hopefully we will see your contributions soon!" msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1331 guix-git/doc/guix-cookbook.texi:1332 #, no-wrap msgid "References" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1337 msgid "The @uref{https://www.gnu.org/software/guix/manual/en/html_node/Defining-Packages.html, package reference in the manual}" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1340 msgid "@uref{https://gitlab.com/pjotrp/guix-notes/blob/master/HACKING.org, Pjotr’s hacking guide to GNU Guix}" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:1343 msgid "@uref{https://www.gnu.org/software/guix/guix-ghm-andreas-20130823.pdf, ``GNU Guix: Package without a scheme!''}, by Andreas Enge" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1352 msgid "Guix offers a flexible language for declaratively configuring your Guix System. This flexibility can at times be overwhelming. The purpose of this chapter is to demonstrate some advanced configuration concepts." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1355 msgid "@pxref{System Configuration,,, guix, GNU Guix Reference Manual} for a complete reference." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:1653 #: guix-git/doc/guix-cookbook.texi:1654 #, no-wrap msgid "Guix System Image API" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Customizing images to target specific platforms." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:1864 #: guix-git/doc/guix-cookbook.texi:1865 #, no-wrap msgid "Connecting to Wireguard VPN" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Connecting to a Wireguard VPN." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:1941 #: guix-git/doc/guix-cookbook.texi:1942 #, no-wrap msgid "Customizing a Window Manager" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Handle customization of a Window manager on Guix System." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:2032 #: guix-git/doc/guix-cookbook.texi:2033 #, no-wrap msgid "Running Guix on a Linode Server" msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:2272 #: guix-git/doc/guix-cookbook.texi:2273 #, no-wrap msgid "Setting up a bind mount" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Setting up a bind mount in the file-systems definition." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:2321 #: guix-git/doc/guix-cookbook.texi:2322 #, no-wrap msgid "Getting substitutes from Tor" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Configuring Guix daemon to get substitutes through Tor." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:1366 guix-git/doc/guix-cookbook.texi:2383 #: guix-git/doc/guix-cookbook.texi:2384 #, no-wrap msgid "Setting up NGINX with Lua" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:1366 msgid "Configuring NGINX web-server to load Lua modules." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1378 msgid "While the Guix manual explains auto-login one user to @emph{all} TTYs ( @pxref{auto-login to TTY,,, guix, GNU Guix Reference Manual}), some might prefer a situation, in which one user is logged into one TTY with the other TTYs either configured to login different users or no one at all. Note that one can auto-login one user to any TTY, but it is usually advisable to avoid @code{tty1}, which, by default, is used to log warnings and errors." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1380 msgid "Here is how one might set up auto login for one user to one tty:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1388 #, no-wrap msgid "" "(define (auto-login-to-tty config tty user)\n" " (if (string=? tty (mingetty-configuration-tty config))\n" " (mingetty-configuration\n" " (inherit config)\n" " (auto-login user))\n" " config))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1395 #, no-wrap msgid "" "(define %my-services\n" " (modify-services %base-services\n" " ;; @dots{}\n" " (mingetty-service-type config =>\n" " (auto-login-to-tty\n" " config \"tty3\" \"alice\"))))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1399 #, no-wrap msgid "" "(operating-system\n" " ;; @dots{}\n" " (services %my-services))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1404 msgid "One could also @code{compose} (@pxref{Higher-Order Functions,,, guile, The Guile Reference Manual}) @code{auto-login-to-tty} to login multiple users to multiple ttys." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1411 msgid "Finally, here is a note of caution. Setting up auto login to a TTY, means that anyone can turn on your computer and run commands as your regular user. However, if you have an encrypted root partition, and thus already need to enter a passphrase when the system boots, auto-login might be a convenient option." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1423 msgid "Guix is, at its core, a source based distribution with substitutes (@pxref{Substitutes,,, guix, GNU Guix Reference Manual}), and as such building packages from their source code is an expected part of regular package installations and upgrades. Given this starting point, it makes sense that efforts are made to reduce the amount of time spent compiling packages, and recent changes and upgrades to the building and distribution of substitutes continues to be a topic of discussion within Guix." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1429 msgid "The kernel, while not requiring an overabundance of RAM to build, does take a rather long time on an average machine. The official kernel configuration, as is the case with many GNU/Linux distributions, errs on the side of inclusiveness, and this is really what causes the build to take such a long time when the kernel is built from source." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1434 msgid "The Linux kernel, however, can also just be described as a regular old package, and as such can be customized just like any other package. The procedure is a little bit different, although this is primarily due to the nature of how the package definition is written." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1437 msgid "The @code{linux-libre} kernel package definition is actually a procedure which creates a package." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1449 #, no-wrap msgid "" "(define* (make-linux-libre version hash supported-systems\n" " #:key\n" " ;; A function that takes an arch and a variant.\n" " ;; See kernel-config for an example.\n" " (extra-version #false)\n" " (configuration-file #false)\n" " (defconfig \"defconfig\")\n" " (extra-options %default-extra-linux-options)\n" " (patches (list %boot-logo-patch)))\n" " ...)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1453 msgid "The current @code{linux-libre} package is for the 5.1.x series, and is declared like this:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1461 #, no-wrap msgid "" "(define-public linux-libre\n" " (make-linux-libre %linux-libre-version\n" " %linux-libre-hash\n" " '(\"x86_64-linux\" \"i686-linux\" \"armhf-linux\" \"aarch64-linux\")\n" " #:patches %linux-libre-5.1-patches\n" " #:configuration-file kernel-config))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1470 msgid "Any keys which are not assigned values inherit their default value from the @code{make-linux-libre} definition. When comparing the two snippets above, you may notice that the code comment in the first doesn't actually refer to the @code{#:extra-version} keyword; it is actually for @code{#:configuration-file}. Because of this, it is not actually easy to include a custom kernel configuration from the definition, but don't worry, there are other ways to work with what we do have." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1476 msgid "There are two ways to create a kernel with a custom kernel configuration. The first is to provide a standard @file{.config} file during the build process by including an actual @file{.config} file as a native input to our custom kernel. The following is a snippet from the custom @code{'configure} phase of the @code{make-linux-libre} package definition:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1480 #, no-wrap msgid "" "(let ((build (assoc-ref %standard-phases 'build))\n" " (config (assoc-ref (or native-inputs inputs) \"kconfig\")))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1488 #, no-wrap msgid "" " ;; Use a custom kernel configuration file or a default\n" " ;; configuration file.\n" " (if config\n" " (begin\n" " (copy-file config \".config\")\n" " (chmod \".config\" #o666))\n" " (invoke \"make\" ,defconfig)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1493 msgid "Below is a sample kernel package. The @code{linux-libre} package is nothing special and can be inherited from and have its fields overridden like any other package:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1502 #, no-wrap msgid "" "(define-public linux-libre/E2140\n" " (package\n" " (inherit linux-libre)\n" " (native-inputs\n" " `((\"kconfig\" ,(local-file \"E2140.config\"))\n" " ,@@(alist-delete \"kconfig\"\n" " (package-native-inputs linux-libre))))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1509 msgid "In the same directory as the file defining @code{linux-libre-E2140} is a file named @file{E2140.config}, which is an actual kernel configuration file. The @code{defconfig} keyword of @code{make-linux-libre} is left blank here, so the only kernel configuration in the package is the one which was included in the @code{native-inputs} field." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1514 msgid "The second way to create a custom kernel is to pass a new value to the @code{extra-options} keyword of the @code{make-linux-libre} procedure. The @code{extra-options} keyword works with another function defined right below it:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1530 #, no-wrap msgid "" "(define %default-extra-linux-options\n" " `(;; https://lists.gnu.org/archive/html/guix-devel/2014-04/msg00039.html\n" " (\"CONFIG_DEVPTS_MULTIPLE_INSTANCES\" . #true)\n" " ;; Modules required for initrd:\n" " (\"CONFIG_NET_9P\" . m)\n" " (\"CONFIG_NET_9P_VIRTIO\" . m)\n" " (\"CONFIG_VIRTIO_BLK\" . m)\n" " (\"CONFIG_VIRTIO_NET\" . m)\n" " (\"CONFIG_VIRTIO_PCI\" . m)\n" " (\"CONFIG_VIRTIO_BALLOON\" . m)\n" " (\"CONFIG_VIRTIO_MMIO\" . m)\n" " (\"CONFIG_FUSE_FS\" . m)\n" " (\"CONFIG_CIFS\" . m)\n" " (\"CONFIG_9P_FS\" . m)))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1541 #, no-wrap msgid "" "(define (config->string options)\n" " (string-join (map (match-lambda\n" " ((option . 'm)\n" " (string-append option \"=m\"))\n" " ((option . #true)\n" " (string-append option \"=y\"))\n" " ((option . #false)\n" " (string-append option \"=n\")))\n" " options)\n" " \"\\n\"))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1544 msgid "And in the custom configure script from the `make-linux-libre` package:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1552 #, no-wrap msgid "" ";; Appending works even when the option wasn't in the\n" ";; file. The last one prevails if duplicated.\n" "(let ((port (open-file \".config\" \"a\"))\n" " (extra-configuration ,(config->string extra-options)))\n" " (display extra-configuration port)\n" " (close-port port))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1554 #, no-wrap msgid "(invoke \"make\" \"oldconfig\")\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1559 msgid "So by not providing a configuration-file the @file{.config} starts blank, and then we write into it the collection of flags that we want. Here's another custom kernel:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1567 #, no-wrap msgid "" "(define %macbook41-full-config\n" " (append %macbook41-config-options\n" " %file-systems\n" " %efi-support\n" " %emulation\n" " (@@@@ (gnu packages linux) %default-extra-linux-options)))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1577 #, no-wrap msgid "" "(define-public linux-libre-macbook41\n" " ;; XXX: Access the internal 'make-linux-libre' procedure, which is\n" " ;; private and unexported, and is liable to change in the future.\n" " ((@@@@ (gnu packages linux) make-linux-libre) (@@@@ (gnu packages linux) %linux-libre-version)\n" " (@@@@ (gnu packages linux) %linux-libre-hash)\n" " '(\"x86_64-linux\")\n" " #:extra-version \"macbook41\"\n" " #:patches (@@@@ (gnu packages linux) %linux-libre-5.1-patches)\n" " #:extra-options %macbook41-config-options))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1584 msgid "In the above example @code{%file-systems} is a collection of flags enabling different file system support, @code{%efi-support} enables EFI support and @code{%emulation} enables a x86_64-linux machine to act in 32-bit mode also. @code{%default-extra-linux-options} are the ones quoted above, which had to be added in since they were replaced in the @code{extra-options} keyword." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1593 msgid "This all sounds like it should be doable, but how does one even know which modules are required for a particular system? Two places that can be helpful in trying to answer this question is the @uref{https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Kernel, Gentoo Handbook} and the @uref{https://www.kernel.org/doc/html/latest/admin-guide/README.html?highlight=localmodconfig, documentation from the kernel itself}. From the kernel documentation, it seems that @code{make localmodconfig} is the command we want." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1596 msgid "In order to actually run @code{make localmodconfig} we first need to get and unpack the kernel source code:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1599 #, no-wrap msgid "tar xf $(guix build linux-libre --source)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1606 msgid "Once inside the directory containing the source code run @code{touch .config} to create an initial, empty @file{.config} to start with. @code{make localmodconfig} works by seeing what you already have in @file{.config} and letting you know what you're missing. If the file is blank then you're missing everything. The next step is to run:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1609 #, no-wrap msgid "guix environment linux-libre -- make localmodconfig\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1614 msgid "and note the output. Do note that the @file{.config} file is still empty. The output generally contains two types of warnings. The first start with \"WARNING\" and can actually be ignored in our case. The second read:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1617 #, no-wrap msgid "module pcspkr did not have configs CONFIG_INPUT_PCSPKR\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1622 msgid "For each of these lines, copy the @code{CONFIG_XXXX_XXXX} portion into the @file{.config} in the directory, and append @code{=m}, so in the end it looks like this:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1626 #, no-wrap msgid "" "CONFIG_INPUT_PCSPKR=m\n" "CONFIG_VIRTIO=m\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1635 msgid "After copying all the configuration options, run @code{make localmodconfig} again to make sure that you don't have any output starting with ``module''. After all of these machine specific modules there are a couple more left that are also needed. @code{CONFIG_MODULES} is necessary so that you can build and load modules separately and not have everything built into the kernel. @code{CONFIG_BLK_DEV_SD} is required for reading from hard drives. It is possible that there are other modules which you will need." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1639 msgid "This post does not aim to be a guide to configuring your own kernel however, so if you do decide to build a custom kernel you'll have to seek out other guides to create a kernel which is just right for your needs." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1647 msgid "The second way to setup the kernel configuration makes more use of Guix's features and allows you to share configuration segments between different kernels. For example, all machines using EFI to boot have a number of EFI configuration flags that they need. It is likely that all the kernels will share a list of file systems to support. By using variables it is easier to see at a glance what features are enabled and to make sure you don't have features in one kernel but missing in another." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1652 msgid "Left undiscussed however, is Guix's initrd and its customization. It is likely that you'll need to modify the initrd on a machine using a custom kernel, since certain modules which are expected to be built may not be available for inclusion into the initrd." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1659 msgid "Historically, Guix System is centered around an @code{operating-system} structure. This structure contains various fields ranging from the bootloader and kernel declaration to the services to install." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1665 msgid "Depending on the target machine, that can go from a standard @code{x86_64} machine to a small ARM single board computer such as the Pine64, the image constraints can vary a lot. The hardware manufacturers will impose different image formats with various partition sizes and offsets." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1670 msgid "To create images suitable for all those machines, a new abstraction is necessary: that's the goal of the @code{image} record. This record contains all the required information to be transformed into a standalone image, that can be directly booted on any target machine." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1692 #, no-wrap msgid "" "(define-record-type* \n" " image make-image\n" " image?\n" " (name image-name ;symbol\n" " (default #f))\n" " (format image-format) ;symbol\n" " (target image-target\n" " (default #f))\n" " (size image-size ;size in bytes as integer\n" " (default 'guess))\n" " (operating-system image-operating-system ;\n" " (default #f))\n" " (partitions image-partitions ;list of \n" " (default '()))\n" " (compression? image-compression? ;boolean\n" " (default #t))\n" " (volatile-root? image-volatile-root? ;boolean\n" " (default #t))\n" " (substitutable? image-substitutable? ;boolean\n" " (default #t)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1698 msgid "This record contains the operating-system to instantiate. The @code{format} field defines the image type and can be @code{efi-raw}, @code{qcow2} or @code{iso9660} for instance. In the future, it could be extended to @code{docker} or other image types." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1701 msgid "A new directory in the Guix sources is dedicated to images definition. For now there are four files:" msgstr "" #. type: file{#1} #: guix-git/doc/guix-cookbook.texi:1703 #, no-wrap msgid "gnu/system/images/hurd.scm" msgstr "" #. type: file{#1} #: guix-git/doc/guix-cookbook.texi:1704 #, no-wrap msgid "gnu/system/images/pine64.scm" msgstr "" #. type: file{#1} #: guix-git/doc/guix-cookbook.texi:1705 #, no-wrap msgid "gnu/system/images/novena.scm" msgstr "" #. type: file{#1} #: guix-git/doc/guix-cookbook.texi:1706 #, no-wrap msgid "gnu/system/images/pinebook-pro.scm" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1712 msgid "Let's have a look to @file{pine64.scm}. It contains the @code{pine64-barebones-os} variable which is a minimal definition of an operating-system dedicated to the @b{Pine A64 LTS} board." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1736 #, no-wrap msgid "" "(define pine64-barebones-os\n" " (operating-system\n" " (host-name \"vignemale\")\n" " (timezone \"Europe/Paris\")\n" " (locale \"en_US.utf8\")\n" " (bootloader (bootloader-configuration\n" " (bootloader u-boot-pine64-lts-bootloader)\n" " (target \"/dev/vda\")))\n" " (initrd-modules '())\n" " (kernel linux-libre-arm64-generic)\n" " (file-systems (cons (file-system\n" " (device (file-system-label \"my-root\"))\n" " (mount-point \"/\")\n" " (type \"ext4\"))\n" " %base-file-systems))\n" " (services (cons (service agetty-service-type\n" " (agetty-configuration\n" " (extra-options '(\"-L\")) ; no carrier detect\n" " (baud-rate \"115200\")\n" " (term \"vt100\")\n" " (tty \"ttyS0\")))\n" " %base-services))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1740 msgid "The @code{kernel} and @code{bootloader} fields are pointing to packages dedicated to this board." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1742 msgid "Right below, the @code{pine64-image-type} variable is also defined." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1748 #, no-wrap msgid "" "(define pine64-image-type\n" " (image-type\n" " (name 'pine64-raw)\n" " (constructor (cut image-with-os arm64-disk-image <>))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1752 msgid "It's using a record we haven't talked about yet, the @code{image-type} record, defined this way:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1759 #, no-wrap msgid "" "(define-record-type* \n" " image-type make-image-type\n" " image-type?\n" " (name image-type-name) ;symbol\n" " (constructor image-type-constructor)) ; -> \n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1765 msgid "The main purpose of this record is to associate a name to a procedure transforming an @code{operating-system} to an image. To understand why it is necessary, let's have a look to the command producing an image from an @code{operating-system} configuration file:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1768 #, no-wrap msgid "guix system image my-os.scm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1774 msgid "This command expects an @code{operating-system} configuration but how should we indicate that we want an image targeting a Pine64 board? We need to provide an extra information, the @code{image-type}, by passing the @code{--image-type} or @code{-t} flag, this way:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1777 #, no-wrap msgid "guix system image --image-type=pine64-raw my-os.scm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1783 msgid "This @code{image-type} parameter points to the @code{pine64-image-type} defined above. Hence, the @code{operating-system} declared in @code{my-os.scm} will be applied the @code{(cut image-with-os arm64-disk-image <>)} procedure to turn it into an image." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1785 msgid "The resulting image looks like:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1795 #, no-wrap msgid "" "(image\n" " (format 'disk-image)\n" " (target \"aarch64-linux-gnu\")\n" " (operating-system my-os)\n" " (partitions\n" " (list (partition\n" " (inherit root-partition)\n" " (offset root-offset)))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1799 msgid "which is the aggregation of the @code{operating-system} defined in @code{my-os.scm} to the @code{arm64-disk-image} record." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1801 msgid "But enough Scheme madness. What does this image API bring to the Guix user?" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1803 msgid "One can run:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1807 #, no-wrap msgid "" "mathieu@@cervin:~$ guix system --list-image-types\n" "The available image types are:\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1819 #, no-wrap msgid "" " - pinebook-pro-raw\n" " - pine64-raw\n" " - novena-raw\n" " - hurd-raw\n" " - hurd-qcow2\n" " - qcow2\n" " - uncompressed-iso9660\n" " - efi-raw\n" " - arm64-raw\n" " - arm32-raw\n" " - iso9660\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1824 msgid "and by writing an @code{operating-system} file based on @code{pine64-barebones-os}, you can customize your image to your preferences in a file (@file{my-pine-os.scm}) like this:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1828 #, no-wrap msgid "" "(use-modules (gnu services linux)\n" " (gnu system images pine64))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1839 #, no-wrap msgid "" "(let ((base-os pine64-barebones-os))\n" " (operating-system\n" " (inherit base-os)\n" " (timezone \"America/Indiana/Indianapolis\")\n" " (services\n" " (cons\n" " (service earlyoom-service-type\n" " (earlyoom-configuration\n" " (prefer-regexp \"icecat|chromium\")))\n" " (operating-system-user-services base-os)))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1842 msgid "run:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1845 #, no-wrap msgid "guix system image --image-type=pine64-raw my-pine-os.scm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1848 msgid "or," msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1851 #, no-wrap msgid "guix system image --image-type=hurd-raw my-hurd-os.scm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1855 msgid "to get an image that can be written directly to a hard drive and booted from." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1857 msgid "Without changing anything to @code{my-hurd-os.scm}, calling:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1860 #, no-wrap msgid "guix system image --image-type=hurd-qcow2 my-hurd-os.scm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1863 msgid "will instead produce a Hurd QEMU image." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1870 msgid "To connect to a Wireguard VPN server you need the kernel module to be loaded in memory and a package providing networking tools that support it (e.g. @code{wireguard-tools} or @code{network-manager})." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1874 msgid "Here is a configuration example for Linux-Libre < 5.6, where the module is out of tree and need to be loaded manually---following revisions of the kernel have it built-in and so don't need such configuration:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1879 #, no-wrap msgid "" "(use-modules (gnu))\n" "(use-service-modules desktop)\n" "(use-package-modules vpn)\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1888 #, no-wrap msgid "" "(operating-system\n" " ;; …\n" " (services (cons (simple-service 'wireguard-module\n" " kernel-module-loader-service-type\n" " '(\"wireguard\"))\n" " %desktop-services))\n" " (packages (cons wireguard-tools %base-packages))\n" " (kernel-loadable-modules (list wireguard-linux-compat)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1892 msgid "After reconfiguring and restarting your system you can either use Wireguard tools or NetworkManager to connect to a VPN server." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1893 #, no-wrap msgid "Using Wireguard tools" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1899 msgid "To test your Wireguard setup it is convenient to use @command{wg-quick}. Just give it a configuration file @command{wg-quick up ./wg0.conf}; or put that file in @file{/etc/wireguard} and run @command{wg-quick up wg0} instead." msgstr "" #. type: quotation #: guix-git/doc/guix-cookbook.texi:1900 #, no-wrap msgid "Note" msgstr "" #. type: quotation #: guix-git/doc/guix-cookbook.texi:1903 msgid "Be warned that the author described this command as a: “[…] very quick and dirty bash script […]”." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1905 #, no-wrap msgid "Using NetworkManager" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1913 msgid "Thanks to NetworkManager support for Wireguard we can connect to our VPN using @command{nmcli} command. Up to this point this guide assumes that you're using Network Manager service provided by @code{%desktop-services}. Ortherwise you need to adjust your services list to load @code{network-manager-service-type} and reconfigure your Guix system." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1915 msgid "To import your VPN configuration execute nmcli import command:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1919 #, no-wrap msgid "" "# nmcli connection import type wireguard file wg0.conf\n" "Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1924 msgid "This will create a configuration file in @file{/etc/NetworkManager/wg0.nmconnection}. Next connect to the Wireguard server:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1928 #, no-wrap msgid "" "$ nmcli connection up wg0\n" "Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1932 msgid "By default NetworkManager will connect automatically on system boot. To change that behaviour you need to edit your config:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:1935 #, no-wrap msgid "# nmcli connection modify wg0 connection.autoconnect no\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1940 msgid "For more specific information about NetworkManager and wireguard @uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see this post by thaller}." msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:1943 #, no-wrap msgid "wm" msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1945 guix-git/doc/guix-cookbook.texi:1946 #, no-wrap msgid "StumpWM" msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:1947 #, no-wrap msgid "stumpwm" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1952 msgid "You could install StumpWM with a Guix system by adding @code{stumpwm} and optionally @code{`(,stumpwm \"lib\")} packages to a system configuration file, e.g.@: @file{/etc/config.scm}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1954 msgid "An example configuration can look like this:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1958 #, no-wrap msgid "" "(use-modules (gnu))\n" "(use-package-modules wm)\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1963 #, no-wrap msgid "" "(operating-system\n" " ;; …\n" " (packages (append (list sbcl stumpwm `(,stumpwm \"lib\"))\n" " %base-packages)))\n" msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:1965 #, no-wrap msgid "stumpwm fonts" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1969 msgid "By default StumpWM uses X11 fonts, which could be small or pixelated on your system. You could fix this by installing StumpWM contrib Lisp module @code{sbcl-ttf-fonts}, adding it to Guix system packages:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1973 #, no-wrap msgid "" "(use-modules (gnu))\n" "(use-package-modules fonts wm)\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1978 #, no-wrap msgid "" "(operating-system\n" " ;; …\n" " (packages (append (list sbcl stumpwm `(,stumpwm \"lib\"))\n" " sbcl-ttf-fonts font-dejavu %base-packages)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1982 msgid "Then you need to add the following code to a StumpWM configuration file @file{~/.stumpwm.d/init.lisp}:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:1989 #, no-wrap msgid "" "(require :ttf-fonts)\n" "(setf xft:*font-dirs* '(\"/run/current-system/profile/share/fonts/\"))\n" "(setf clx-truetype:+font-cache-filename+ (concat (getenv \"HOME\") \"/.fonts/font-cache.sexp\"))\n" "(xft:cache-fonts)\n" "(set-font (make-instance 'xft:font :family \"DejaVu Sans Mono\" :subfamily \"Book\" :size 11))\n" msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:1991 guix-git/doc/guix-cookbook.texi:1992 #, no-wrap msgid "Session lock" msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:1993 #, no-wrap msgid "sessionlock" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:1999 msgid "Depending on your environment, locking the screen of your session might come built in or it might be something you have to set up yourself. If you use a desktop environment like GNOME or KDE, it's usually built in. If you use a plain window manager like StumpWM or EXWM, you might have to set it up yourself." msgstr "" #. type: subsubsection #: guix-git/doc/guix-cookbook.texi:2000 guix-git/doc/guix-cookbook.texi:2001 #, no-wrap msgid "Xorg" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2007 msgid "If you use Xorg, you can use the utility @uref{https://www.mankier.com/1/xss-lock, xss-lock} to lock the screen of your session. xss-lock is triggered by DPMS which since Xorg 1.8 is auto-detected and enabled if ACPI is also enabled at kernel runtime." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2010 msgid "To use xss-lock, you can simple execute it and put it into the background before you start your window manager from e.g. your @file{~/.xsession}:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2014 #, no-wrap msgid "" "xss-lock -- slock &\n" "exec stumpwm\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2018 msgid "In this example, xss-lock uses @code{slock} to do the actual locking of the screen when it determines it's appropriate, like when you suspend your device." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2022 msgid "For slock to be allowed to be a screen locker for the graphical session, it needs to be made setuid-root so it can authenticate users, and it needs a PAM service. This can be achieved by adding the following service to your @file{config.scm}:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2025 #, no-wrap msgid "(screen-locker-service slock)\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2031 msgid "If you manually lock your screen, e.g. by directly calling slock when you want to lock your screen but not suspend it, it's a good idea to notify xss-lock about this so no confusion occurs. This can be done by executing @code{xset s activate} immediately before you execute slock." msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:2034 #, no-wrap msgid "linode, Linode" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2039 msgid "To run Guix on a server hosted by @uref{https://www.linode.com, Linode}, start with a recommended Debian server. We recommend using the default distro as a way to bootstrap Guix. Create your SSH keys." msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2042 #, no-wrap msgid "ssh-keygen\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2048 msgid "Be sure to add your SSH key for easy login to the remote server. This is trivially done via Linode's graphical interface for adding SSH keys. Go to your profile and click add SSH Key. Copy into it the output of:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2051 #, no-wrap msgid "cat ~/.ssh/_rsa.pub\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2055 msgid "Power the Linode down. In the Linode's Disks/Configurations tab, resize the Debian disk to be smaller. 30 GB is recommended." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2057 msgid "In the Linode settings, \"Add a disk\", with the following:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2060 msgid "Label: \"Guix\"" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2063 msgid "Filesystem: ext4" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2066 msgid "Set it to the remaining size" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2071 msgid "On the \"configuration\" field that comes with the default image, press \"...\" and select \"Edit\", then on that menu add to @file{/dev/sdc} the \"Guix\" label." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2073 msgid "Now \"Add a Configuration\", with the following:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2076 msgid "Label: Guix" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2079 msgid "Kernel:GRUB 2 (it's at the bottom! This step is @b{IMPORTANT!})" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2082 msgid "Block device assignment:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2085 msgid "@file{/dev/sda}: Guix" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2088 msgid "@file{/dev/sdb}: swap" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2091 msgid "Root device: @file{/dev/sda}" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2094 msgid "Turn off all the filesystem/boot helpers" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2101 msgid "Now power it back up, picking the Debian configuration. Once it's booted up, ssh in your server via @code{ssh root@@@var{}}. (You can find your server IP address in your Linode Summary section.) Now you can run the \"install guix from @pxref{Binary Installation,,, guix, GNU Guix}\" steps:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2109 #, no-wrap msgid "" "sudo apt-get install gpg\n" "wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -\n" "wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh\n" "chmod +x guix-install.sh\n" "./guix-install.sh\n" "guix pull\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2113 msgid "Now it's time to write out a config for the server. The key information is below. Save the resulting file as @file{guix-config.scm}." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2124 #, no-wrap msgid "" "(use-modules (gnu)\n" " (guix modules))\n" "(use-service-modules networking\n" " ssh)\n" "(use-package-modules admin\n" " certs\n" " package-management\n" " ssh\n" " tls)\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2141 #, no-wrap msgid "" "(operating-system\n" " (host-name \"my-server\")\n" " (timezone \"America/New_York\")\n" " (locale \"en_US.UTF-8\")\n" " ;; This goofy code will generate the grub.cfg\n" " ;; without installing the grub bootloader on disk.\n" " (bootloader (bootloader-configuration\n" " (bootloader\n" " (bootloader\n" " (inherit grub-bootloader)\n" " (installer #~(const #true))))))\n" " (file-systems (cons (file-system\n" " (device \"/dev/sda\")\n" " (mount-point \"/\")\n" " (type \"ext4\"))\n" " %base-file-systems))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2144 #, no-wrap msgid "" " (swap-devices (list \"/dev/sdb\"))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2148 #, no-wrap msgid "" " (initrd-modules (cons \"virtio_scsi\" ; Needed to find the disk\n" " %base-initrd-modules))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2157 #, no-wrap msgid "" " (users (cons (user-account\n" " (name \"janedoe\")\n" " (group \"users\")\n" " ;; Adding the account to the \"wheel\" group\n" " ;; makes it a sudoer.\n" " (supplementary-groups '(\"wheel\"))\n" " (home-directory \"/home/janedoe\"))\n" " %base-user-accounts))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2161 #, no-wrap msgid "" " (packages (cons* nss-certs ;for HTTPS access\n" " openssh-sans-x\n" " %base-packages))\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2172 #, no-wrap msgid "" " (services (cons*\n" " (service dhcp-client-service-type)\n" " (service openssh-service-type\n" " (openssh-configuration\n" " (openssh openssh-sans-x)\n" " (password-authentication? #false)\n" " (authorized-keys\n" " `((\"janedoe\" ,(local-file \"janedoe_rsa.pub\"))\n" " (\"root\" ,(local-file \"janedoe_rsa.pub\"))))))\n" " %base-services)))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2175 msgid "Replace the following fields in the above configuration:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2183 #, no-wrap msgid "" "(host-name \"my-server\") ; replace with your server name\n" "; if you chose a linode server outside the U.S., then\n" "; use tzselect to find a correct timezone string\n" "(timezone \"America/New_York\") ; if needed replace timezone\n" "(name \"janedoe\") ; replace with your username\n" "(\"janedoe\" ,(local-file \"janedoe_rsa.pub\")) ; replace with your ssh key\n" "(\"root\" ,(local-file \"janedoe_rsa.pub\")) ; replace with your ssh key\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2189 msgid "The last line in the above example lets you log into the server as root and set the initial root password. After you have done this, you may delete that line from your configuration and reconfigure to prevent root login." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2194 msgid "Save your ssh public key (eg: @file{~/.ssh/id_rsa.pub}) as @file{@var{}_rsa.pub} and your @file{guix-config.scm} in the same directory. In a new terminal run these commands." msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2199 #, no-wrap msgid "" "sftp root@@\n" "put /home//ssh/id_rsa.pub .\n" "put /path/to/linode/guix-config.scm .\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2202 msgid "In your first terminal, mount the guix drive:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2206 #, no-wrap msgid "" "mkdir /mnt/guix\n" "mount /dev/sdc /mnt/guix\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2211 msgid "Due to the way we set things up above, we do not install GRUB completely. Instead we install only our grub configuration file. So we need to copy over some of the other GRUB stuff that is already there:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2215 #, no-wrap msgid "" "mkdir -p /mnt/guix/boot/grub\n" "cp -r /boot/grub/* /mnt/guix/boot/grub/\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2218 msgid "Now initialize the Guix installation:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2221 #, no-wrap msgid "guix system init guix-config.scm /mnt/guix\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2225 msgid "Ok, power it down! Now from the Linode console, select boot and select \"Guix\"." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2228 msgid "Once it boots, you should be able to log in via SSH! (The server config will have changed though.) You may encounter an error like:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2244 #, no-wrap msgid "" "$ ssh root@@\n" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\n" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" "It is also possible that a host key has just been changed.\n" "The fingerprint for the ECDSA key sent by the remote host is\n" "SHA256:0B+wp33w57AnKQuHCvQP0+ZdKaqYrI/kyU7CfVbS7R4.\n" "Please contact your system administrator.\n" "Add correct host key in /home/joshua/.ssh/known_hosts to get rid of this message.\n" "Offending ECDSA key in /home/joshua/.ssh/known_hosts:3\n" "ECDSA host key for 198.58.98.76 has changed and you have requested strict checking.\n" "Host key verification failed.\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2248 msgid "Either delete @file{~/.ssh/known_hosts} file, or delete the offending line starting with your server IP address." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2250 msgid "Be sure to set your password and root's password." msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2255 #, no-wrap msgid "" "ssh root@@\n" "passwd ; for the root password\n" "passwd ; for the user password\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2262 msgid "You may not be able to run the above commands at this point. If you have issues remotely logging into your linode box via SSH, then you may still need to set your root and user password initially by clicking on the ``Launch Console'' option in your linode. Choose the ``Glish'' instead of ``Weblish''. Now you should be able to ssh into the machine." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2266 msgid "Horray! At this point you can shut down the server, delete the Debian disk, and resize the Guix to the rest of the size. Congratulations!" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2271 msgid "By the way, if you save it as a disk image right at this point, you'll have an easy time spinning up new Guix images! You may need to down-size the Guix image to 6144MB, to save it as an image. Then you can resize it again to the max size." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2280 msgid "To bind mount a file system, one must first set up some definitions before the @code{operating-system} section of the system definition. In this example we will bind mount a folder from a spinning disk drive to @file{/tmp}, to save wear and tear on the primary SSD, without dedicating an entire partition to be mounted as @file{/tmp}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2283 msgid "First, the source drive that hosts the folder we wish to bind mount should be defined, so that the bind mount can depend on it." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2290 #, no-wrap msgid "" "(define source-drive ;; \"source-drive\" can be named anything you want.\n" " (file-system\n" " (device (uuid \"UUID goes here\"))\n" " (mount-point \"/path-to-spinning-disk-goes-here\")\n" " (type \"ext4\"))) ;; Make sure to set this to the appropriate type for your drive.\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2294 msgid "The source folder must also be defined, so that guix will know it's not a regular block device, but a folder." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2296 #, no-wrap msgid "(define (%source-directory) \"/path-to-spinning-disk-goes-here/tmp\") ;; \"source-directory\" can be named any valid variable name.\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2300 msgid "Finally, inside the @code{file-systems} definition, we must add the mount itself." msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2303 #, no-wrap msgid "" "(file-systems (cons*\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2305 #, no-wrap msgid "" " ......\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2307 #, no-wrap msgid "" " source-drive ;; Must match the name you gave the source drive in the earlier definition.\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2315 #, no-wrap msgid "" " (file-system\n" " (device (%source-directory)) ;; Make sure \"source-directory\" matches your earlier definition.\n" " (mount-point \"/tmp\")\n" " (type \"none\") ;; We are mounting a folder, not a partition, so this type needs to be \"none\"\n" " (flags '(bind-mount))\n" " (dependencies (list source-drive)) ;; Ensure \"source-drive\" matches what you've named the variable for the drive.\n" " )\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2317 #, no-wrap msgid "" " ......\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2319 #, no-wrap msgid " ))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2326 msgid "Guix daemon can use a HTTP proxy to get substitutes, here we are configuring it to get them via Tor." msgstr "" #. type: quotation #: guix-git/doc/guix-cookbook.texi:2327 #, no-wrap msgid "Warning" msgstr "" #. type: quotation #: guix-git/doc/guix-cookbook.texi:2333 msgid "@emph{Not all} Guix daemon's traffic will go through Tor! Only HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections will still go through the clearnet. Again, this configuration isn't foolproof some of your traffic won't get routed by Tor at all. Use it at your own risk." msgstr "" #. type: quotation #: guix-git/doc/guix-cookbook.texi:2339 msgid "Also note that the procedure described here applies only to package substitution. When you update your guix distribution with @command{guix pull}, you still need to use @command{torsocks} if you want to route the connection to guix's git repository servers through Tor." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2344 msgid "Guix's substitute server is available as a Onion service, if you want to use it to get your substitutes through Tor configure your system as follow:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2348 #, no-wrap msgid "" "(use-modules (gnu))\n" "(use-service-module base networking)\n" "\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2364 #, no-wrap msgid "" "(operating-system\n" " …\n" " (services\n" " (cons\n" " (service tor-service-type\n" " (tor-configuration\n" " (config-file (plain-file \"tor-config\"\n" " \"HTTPTunnelPort 127.0.0.1:9250\"))))\n" " (modify-services %base-services\n" " (guix-service-type\n" " config => (guix-configuration\n" " (inherit config)\n" " ;; ci.guix.gnu.org's Onion service\n" " (substitute-urls \"https://bp7o7ckwlewr4slm.onion\")\n" " (http-proxy \"http://localhost:9250\")))))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2373 msgid "This will keep a tor process running that provides a HTTP CONNECT tunnel which will be used by @command{guix-daemon}. The daemon can use other protocols than HTTP(S) to get remote resources, request using those protocols won't go through Tor since we are only setting a HTTP tunnel here. Note that @code{substitutes-urls} is using HTTPS and not HTTP or it won't work, that's a limitation of Tor's tunnel; you may want to use @command{privoxy} instead to avoid such limitations." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2377 msgid "If you don't want to always get substitutes through Tor but using it just some of the times, then skip the @code{guix-configuration}. When you want to get a substitute from the Tor tunnel run:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2381 #, no-wrap msgid "" "sudo herd set-http-proxy guix-daemon http://localhost:9250\n" "guix build --substitute-urls=https://bp7o7ckwlewr4slm.onion …\n" msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:2385 #, no-wrap msgid "nginx, lua, openresty, resty" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2388 msgid "NGINX could be extended with Lua scripts." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2391 msgid "Guix provides NGINX service with ability to load Lua module and specific Lua packages, and reply to requests by evaluating Lua scripts." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2395 msgid "The following example demonstrates system definition with configuration to evaluate @file{index.lua} Lua script on HTTP request to @uref{http://localhost/hello} endpoint:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2398 #, no-wrap msgid "" "local shell = require \"resty.shell\"\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2402 #, no-wrap msgid "" "local stdin = \"\"\n" "local timeout = 1000 -- ms\n" "local max_size = 4096 -- byte\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2405 #, no-wrap msgid "" "local ok, stdout, stderr, reason, status =\n" " shell.run([[/run/current-system/profile/bin/ls /tmp]], stdin, timeout, max_size)\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2407 #, no-wrap msgid "ngx.say(stdout)\n" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2438 #, no-wrap msgid "" "(use-modules (gnu))\n" "(use-service-modules #;… web)\n" "(use-package-modules #;… lua)\n" "(operating-system\n" " ;; …\n" " (services\n" " ;; …\n" " (service nginx-service-type\n" " (nginx-configuration\n" " (modules\n" " (list\n" " (file-append nginx-lua-module \"/etc/nginx/modules/ngx_http_lua_module.so\")))\n" " (lua-package-path (list lua-resty-core\n" " lua-resty-lrucache\n" " lua-resty-signal\n" " lua-tablepool\n" " lua-resty-shell))\n" " (lua-package-cpath (list lua-resty-signal))\n" " (server-blocks\n" " (list (nginx-server-configuration\n" " (server-name '(\"localhost\"))\n" " (listen '(\"80\"))\n" " (root \"/etc\")\n" " (locations (list\n" " (nginx-location-configuration\n" " (uri \"/hello\")\n" " (body (list #~(format #f \"content_by_lua_file ~s;\"\n" " #$(local-file \"index.lua\"))))))))))))))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2449 msgid "Guix is a functional package manager that offers many features beyond what more traditional package managers can do. To the uninitiated, those features might not have obvious use cases at first. The purpose of this chapter is to demonstrate some advanced package management concepts." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2452 msgid "@pxref{Package Management,,, guix, GNU Guix Reference Manual} for a complete reference." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:2455 guix-git/doc/guix-cookbook.texi:2457 #: guix-git/doc/guix-cookbook.texi:2458 #, no-wrap msgid "Guix Profiles in Practice" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:2455 msgid "Strategies for multiple profiles and manifests." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2463 msgid "Guix provides a very useful feature that may be quite foreign to newcomers: @emph{profiles}. They are a way to group package installations together and all users on the same system are free to use as many profiles as they want." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2468 msgid "Whether you're a developer or not, you may find that multiple profiles bring you great power and flexibility. While they shift the paradigm somewhat compared to @emph{traditional package managers}, they are very convenient to use once you've understood how to set them up." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2474 msgid "If you are familiar with Python's @samp{virtualenv}, you can think of a profile as a kind of universal @samp{virtualenv} that can hold any kind of software whatsoever, not just Python software. Furthermore, profiles are self-sufficient: they capture all the runtime dependencies which guarantees that all programs within a profile will always work at any point in time." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2476 msgid "Multiple profiles have many benefits:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2480 msgid "Clean semantic separation of the various packages a user needs for different contexts." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2484 msgid "Multiple profiles can be made available into the environment either on login or within a dedicated shell." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2488 msgid "Profiles can be loaded on demand. For instance, the user can use multiple shells, each of them running different profiles." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2493 msgid "Isolation: Programs from one profile will not use programs from the other, and the user can even install different versions of the same programs to the two profiles without conflict." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2497 msgid "Deduplication: Profiles share dependencies that happens to be the exact same. This makes multiple profiles storage-efficient." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2505 msgid "Reproducible: when used with declarative manifests, a profile can be fully specified by the Guix commit that was active when it was set up. This means that the exact same profile can be @uref{https://guix.gnu.org/blog/2018/multi-dimensional-transactions-and-rollbacks-oh-my/, set up anywhere and anytime}, with just the commit information. See the section on @ref{Reproducible profiles}." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2509 msgid "Easier upgrades and maintenance: Multiple profiles make it easy to keep package listings at hand and make upgrades completely frictionless." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2512 msgid "Concretely, here follows some typical profiles:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2516 msgid "The dependencies of a project you are working on." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2519 msgid "Your favourite programming language libraries." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2522 msgid "Laptop-specific programs (like @samp{powertop}) that you don't need on a desktop." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2526 msgid "@TeX{}live (this one can be really useful when you need to install just one package for this one document you've just received over email)." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2529 msgid "Games." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2532 msgid "Let's dive in the set up!" msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:2533 guix-git/doc/guix-cookbook.texi:2534 #, no-wrap msgid "Basic setup with manifests" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2538 msgid "A Guix profile can be set up @emph{via} a so-called @emph{manifest specification} that looks like this:" msgstr "" #. type: lisp #: guix-git/doc/guix-cookbook.texi:2548 #, no-wrap msgid "" "(specifications->manifest\n" " '(\"package-1\"\n" " ;; Version 1.3 of package-2.\n" " \"package-2@@1.3\"\n" " ;; The \"lib\" output of package-3.\n" " \"package-3:lib\"\n" " ; ...\n" " \"package-N\"))\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2552 msgid "@pxref{Invoking guix package,,, guix, GNU Guix Reference Manual}, for the syntax details." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2554 msgid "We can create a manifest specification per profile and install them this way:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2559 #, no-wrap msgid "" "GUIX_EXTRA_PROFILES=$HOME/.guix-extra-profiles\n" "mkdir -p \"$GUIX_EXTRA_PROFILES\"/my-project # if it does not exist yet\n" "guix package --manifest=/path/to/guix-my-project-manifest.scm --profile=\"$GUIX_EXTRA_PROFILES\"/my-project/my-project\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2563 msgid "Here we set an arbitrary variable @samp{GUIX_EXTRA_PROFILES} to point to the directory where we will store our profiles in the rest of this article." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2569 msgid "Placing all your profiles in a single directory, with each profile getting its own sub-directory, is somewhat cleaner. This way, each sub-directory will contain all the symlinks for precisely one profile. Besides, ``looping over profiles'' becomes obvious from any programming language (e.g.@: a shell script) by simply looping over the sub-directories of @samp{$GUIX_EXTRA_PROFILES}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2571 msgid "Note that it's also possible to loop over the output of" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2574 #, no-wrap msgid "guix package --list-profiles\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2577 msgid "although you'll probably have to filter out @file{~/.config/guix/current}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2579 msgid "To enable all profiles on login, add this to your @file{~/.bash_profile} (or similar):" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2589 #, no-wrap msgid "" "for i in $GUIX_EXTRA_PROFILES/*; do\n" " profile=$i/$(basename \"$i\")\n" " if [ -f \"$profile\"/etc/profile ]; then\n" " GUIX_PROFILE=\"$profile\"\n" " . \"$GUIX_PROFILE\"/etc/profile\n" " fi\n" " unset profile\n" "done\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2594 msgid "Note to Guix System users: the above reflects how your default profile @file{~/.guix-profile} is activated from @file{/etc/profile}, that latter being loaded by @file{~/.bashrc} by default." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2596 msgid "You can obviously choose to only enable a subset of them:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2606 #, no-wrap msgid "" "for i in \"$GUIX_EXTRA_PROFILES\"/my-project-1 \"$GUIX_EXTRA_PROFILES\"/my-project-2; do\n" " profile=$i/$(basename \"$i\")\n" " if [ -f \"$profile\"/etc/profile ]; then\n" " GUIX_PROFILE=\"$profile\"\n" " . \"$GUIX_PROFILE\"/etc/profile\n" " fi\n" " unset profile\n" "done\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2610 msgid "When a profile is off, it's straightforward to enable it for an individual shell without \"polluting\" the rest of the user session:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2613 #, no-wrap msgid "GUIX_PROFILE=\"path/to/my-project\" ; . \"$GUIX_PROFILE\"/etc/profile\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2620 msgid "The key to enabling a profile is to @emph{source} its @samp{etc/profile} file. This file contains shell code that exports the right environment variables necessary to activate the software contained in the profile. It is built automatically by Guix and meant to be sourced. It contains the same variables you would get if you ran:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2623 #, no-wrap msgid "guix package --search-paths=prefix --profile=$my_profile\"\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2627 msgid "Once again, see (@pxref{Invoking guix package,,, guix, GNU Guix Reference Manual}) for the command line options." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2629 msgid "To upgrade a profile, simply install the manifest again:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2632 #, no-wrap msgid "guix package -m /path/to/guix-my-project-manifest.scm -p \"$GUIX_EXTRA_PROFILES\"/my-project/my-project\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2638 msgid "To upgrade all profiles, it's easy enough to loop over them. For instance, assuming your manifest specifications are stored in @file{~/.guix-manifests/guix-$profile-manifest.scm}, with @samp{$profile} being the name of the profile (e.g.@: \"project1\"), you could do the following in Bourne shell:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2643 #, no-wrap msgid "" "for profile in \"$GUIX_EXTRA_PROFILES\"/*; do\n" " guix package --profile=\"$profile\" --manifest=\"$HOME/.guix-manifests/guix-$profile-manifest.scm\"\n" "done\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2646 msgid "Each profile has its own generations:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2649 #, no-wrap msgid "guix package -p \"$GUIX_EXTRA_PROFILES\"/my-project/my-project --list-generations\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2652 msgid "You can roll-back to any generation of a given profile:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2655 #, no-wrap msgid "guix package -p \"$GUIX_EXTRA_PROFILES\"/my-project/my-project --switch-generations=17\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2659 msgid "Finally, if you want to switch to a profile without inheriting from the current environment, you can activate it from an empty shell:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2663 #, no-wrap msgid "" "env -i $(which bash) --login --noprofile --norc\n" ". my-project/etc/profile\n" msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:2665 guix-git/doc/guix-cookbook.texi:2666 #, no-wrap msgid "Required packages" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2671 msgid "Activating a profile essentially boils down to exporting a bunch of environmental variables. This is the role of the @samp{etc/profile} within the profile." msgstr "" #. type: emph{#1} #: guix-git/doc/guix-cookbook.texi:2674 msgid "Note: Only the environmental variables of the packages that consume them will be set." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2678 msgid "For instance, @samp{MANPATH} won't be set if there is no consumer application for man pages within the profile. So if you need to transparently access man pages once the profile is loaded, you've got two options:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2682 msgid "Either export the variable manually, e.g." msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2684 #, no-wrap msgid "export MANPATH=/path/to/profile$@{MANPATH:+:@}$MANPATH\n" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2688 msgid "Or include @samp{man-db} to the profile manifest." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2692 msgid "The same is true for @samp{INFOPATH} (you can install @samp{info-reader}), @samp{PKG_CONFIG_PATH} (install @samp{pkg-config}), etc." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:2693 guix-git/doc/guix-cookbook.texi:2694 #, no-wrap msgid "Default profile" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2697 msgid "What about the default profile that Guix keeps in @file{~/.guix-profile}?" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2700 msgid "You can assign it the role you want. Typically you would install the manifest of the packages you want to use all the time." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2704 msgid "Alternatively, you could keep it ``manifest-less'' for throw-away packages that you would just use for a couple of days. This way makes it convenient to run" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2708 #, no-wrap msgid "" "guix install package-foo\n" "guix upgrade package-bar\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2711 msgid "without having to specify the path to a profile." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:2712 guix-git/doc/guix-cookbook.texi:2713 #, no-wrap msgid "The benefits of manifests" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2717 msgid "Manifests are a convenient way to keep your package lists around and, say, to synchronize them across multiple machines using a version control system." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2721 msgid "A common complaint about manifests is that they can be slow to install when they contain large number of packages. This is especially cumbersome when you just want get an upgrade for one package within a big manifest." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2726 msgid "This is one more reason to use multiple profiles, which happen to be just perfect to break down manifests into multiple sets of semantically connected packages. Using multiple, small profiles provides more flexibility and usability." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2728 msgid "Manifests come with multiple benefits. In particular, they ease maintenance:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2736 msgid "When a profile is set up from a manifest, the manifest itself is self-sufficient to keep a ``package listing'' around and reinstall the profile later or on a different system. For ad-hoc profiles, we would need to generate a manifest specification manually and maintain the package versions for the packages that don't use the default version." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2741 msgid "@code{guix package --upgrade} always tries to update the packages that have propagated inputs, even if there is nothing to do. Guix manifests remove this problem." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2747 msgid "When partially upgrading a profile, conflicts may arise (due to diverging dependencies between the updated and the non-updated packages) and they can be annoying to resolve manually. Manifests remove this problem altogether since all packages are always upgraded at once." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2753 msgid "As mentioned above, manifests allow for reproducible profiles, while the imperative @code{guix install}, @code{guix upgrade}, etc. do not, since they produce different profiles every time even when they hold the same packages. See @uref{https://issues.guix.gnu.org/issue/33285, the related discussion on the matter}." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2761 msgid "Manifest specifications are usable by other @samp{guix} commands. For example, you can run @code{guix weather -m manifest.scm} to see how many substitutes are available, which can help you decide whether you want to try upgrading today or wait a while. Another example: you can run @code{guix pack -m manifest.scm} to create a pack containing all the packages in the manifest (and their transitive references)." msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2765 msgid "Finally, manifests have a Scheme representation, the @samp{} record type. They can be manipulated in Scheme and passed to the various Guix @uref{https://en.wikipedia.org/wiki/Api, APIs}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2773 msgid "It's important to understand that while manifests can be used to declare profiles, they are not strictly equivalent: profiles have the side effect that they ``pin'' packages in the store, which prevents them from being garbage-collected (@pxref{Invoking guix gc,,, guix, GNU Guix Reference Manual}) and ensures that they will still be available at any point in the future." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2775 msgid "Let's take an example:" msgstr "" #. type: enumerate #: guix-git/doc/guix-cookbook.texi:2781 msgid "We have an environment for hacking on a project for which there isn't a Guix package yet. We build the environment using a manifest, and then run @code{guix environment -m manifest.scm}. So far so good." msgstr "" #. type: enumerate #: guix-git/doc/guix-cookbook.texi:2787 msgid "Many weeks pass and we have run a couple of @code{guix pull} in the mean time. Maybe a dependency from our manifest has been updated; or we may have run @code{guix gc} and some packages needed by our manifest have been garbage-collected." msgstr "" #. type: enumerate #: guix-git/doc/guix-cookbook.texi:2792 msgid "Eventually, we set to work on that project again, so we run @code{guix environment -m manifest.scm}. But now we have to wait for Guix to build and install stuff!" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2798 msgid "Ideally, we could spare the rebuild time. And indeed we can, all we need is to install the manifest to a profile and use @code{GUIX_PROFILE=/the/profile; . \"$GUIX_PROFILE\"/etc/profile} as explained above: this guarantees that our hacking environment will be available at all times." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2801 msgid "@emph{Security warning:} While keeping old profiles around can be convenient, keep in mind that outdated packages may not have received the latest security fixes." msgstr "" #. type: subsection #: guix-git/doc/guix-cookbook.texi:2802 guix-git/doc/guix-cookbook.texi:2803 #, no-wrap msgid "Reproducible profiles" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2806 msgid "To reproduce a profile bit-for-bit, we need two pieces of information:" msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2810 msgid "a manifest," msgstr "" #. type: itemize #: guix-git/doc/guix-cookbook.texi:2812 msgid "a Guix channel specification." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2816 msgid "Indeed, manifests alone might not be enough: different Guix versions (or different channels) can produce different outputs for a given manifest." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2820 msgid "You can output the Guix channel specification with @samp{guix describe --format=channels}. Save this to a file, say @samp{channel-specs.scm}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2823 msgid "On another computer, you can use the channel specification file and the manifest to reproduce the exact same profile:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2827 #, no-wrap msgid "" "GUIX_EXTRA_PROFILES=$HOME/.guix-extra-profiles\n" "GUIX_EXTRA=$HOME/.guix-extra\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2830 #, no-wrap msgid "" "mkdir \"$GUIX_EXTRA\"/my-project\n" "guix pull --channels=channel-specs.scm --profile \"$GUIX_EXTRA/my-project/guix\"\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2833 #, no-wrap msgid "" "mkdir -p \"$GUIX_EXTRA_PROFILES/my-project\"\n" "\"$GUIX_EXTRA\"/my-project/guix/bin/guix package --manifest=/path/to/guix-my-project-manifest.scm --profile=\"$GUIX_EXTRA_PROFILES\"/my-project/my-project\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2837 msgid "It's safe to delete the Guix channel profile you've just installed with the channel specification, the project profile does not depend on it." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2844 msgid "Guix provides multiple tools to manage environment. This chapter demonstrate such utilities." msgstr "" #. type: section #: guix-git/doc/guix-cookbook.texi:2847 guix-git/doc/guix-cookbook.texi:2849 #: guix-git/doc/guix-cookbook.texi:2850 #, no-wrap msgid "Guix environment via direnv" msgstr "" #. type: menuentry #: guix-git/doc/guix-cookbook.texi:2847 msgid "Setup Guix environment with direnv" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2855 msgid "Guix provides a @samp{direnv} package, which could extend shell after directory change. This tool could be used to prepare a pure Guix environment." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2861 msgid "The following example provides a shell function for @file{~/.direnvrc} file, which could be used from Guix Git repository in @file{~/src/guix/.envrc} file to setup a build environment similar to described in @pxref{Building from Git,,, guix, GNU Guix Reference Manual}." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2863 msgid "Create a @file{~/.direnvrc} with a Bash code:" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2881 #, no-wrap msgid "" "# Thanks \n" "export_function()\n" "@{\n" " local name=$1\n" " local alias_dir=$PWD/.direnv/aliases\n" " mkdir -p \"$alias_dir\"\n" " PATH_add \"$alias_dir\"\n" " local target=\"$alias_dir/$name\"\n" " if declare -f \"$name\" >/dev/null; then\n" " echo \"#!$SHELL\" > \"$target\"\n" " declare -f \"$name\" >> \"$target\" 2>/dev/null\n" " # Notice that we add shell variables to the function trigger.\n" " echo \"$name \\$*\" >> \"$target\"\n" " chmod +x \"$target\"\n" " fi\n" "@}\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2886 #, no-wrap msgid "" "use_guix()\n" "@{\n" " # Set GitHub token.\n" " export GUIX_GITHUB_TOKEN=\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2889 #, no-wrap msgid "" " # Unset 'GUIX_PACKAGE_PATH'.\n" " export GUIX_PACKAGE_PATH=\"\"\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2898 #, no-wrap msgid "" " # Recreate a garbage collector root.\n" " gcroots=\"$HOME/.config/guix/gcroots\"\n" " mkdir -p \"$gcroots\"\n" " gcroot=\"$gcroots/guix\"\n" " if [ -L \"$gcroot\" ]\n" " then\n" " rm -v \"$gcroot\"\n" " fi\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2913 #, no-wrap msgid "" " # Miscellaneous packages.\n" " PACKAGES_MAINTENANCE=(\n" " direnv\n" " git\n" " git:send-email\n" " git-cal\n" " gnupg\n" " guile-colorized\n" " guile-readline\n" " less\n" " ncurses\n" " openssh\n" " xdot\n" " )\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2916 #, no-wrap msgid "" " # Environment packages.\n" " PACKAGES=(help2man guile-sqlite3 guile-gcrypt)\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2919 #, no-wrap msgid "" " # Thanks \n" " eval \"$(guix environment --search-paths --root=\"$gcroot\" --pure guix --ad-hoc $@{PACKAGES[@@]@} $@{PACKAGES_MAINTENANCE[@@]@} \"$@@\")\"\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2926 #, no-wrap msgid "" " # Predefine configure flags.\n" " configure()\n" " @{\n" " ./configure --localstatedir=/var --prefix=\n" " @}\n" " export_function configure\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2937 #, no-wrap msgid "" " # Run make and optionally build something.\n" " build()\n" " @{\n" " make -j 2\n" " if [ $# -gt 0 ]\n" " then\n" " ./pre-inst-env guix build \"$@@\"\n" " fi\n" " @}\n" " export_function build\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2944 #, no-wrap msgid "" " # Predefine push Git command.\n" " push()\n" " @{\n" " git push --set-upstream origin\n" " @}\n" " export_function push\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2947 #, no-wrap msgid "" " clear # Clean up the screen.\n" " git-cal --author='Your Name' # Show contributions calendar.\n" "\n" msgstr "" #. type: example #: guix-git/doc/guix-cookbook.texi:2955 #, no-wrap msgid "" " # Show commands help.\n" " echo \"\n" "build build a package or just a project if no argument provided\n" "configure run ./configure with predefined parameters\n" "push push to upstream Git repository\n" "\"\n" "@}\n" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2959 msgid "Every project containing @file{.envrc} with a string @code{use guix} will have predefined environment variables and procedures." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2961 msgid "Run @command{direnv allow} to setup the environment for the first time." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2973 msgid "Guix is based on the @uref{https://nixos.org/nix/, Nix package manager}, which was designed and implemented by Eelco Dolstra, with contributions from other people (see the @file{nix/AUTHORS} file in Guix.) Nix pioneered functional package management, and promoted unprecedented features, such as transactional package upgrades and rollbacks, per-user profiles, and referentially transparent build processes. Without this work, Guix would not exist." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2976 msgid "The Nix-based software distributions, Nixpkgs and NixOS, have also been an inspiration for Guix." msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2982 msgid "GNU@tie{}Guix itself is a collective work with contributions from a number of people. See the @file{AUTHORS} file in Guix for more information on these fine people. The @file{THANKS} file lists people who have helped by reporting bugs, taking care of the infrastructure, providing artwork and themes, making suggestions, and more---thank you!" msgstr "" #. type: Plain text #: guix-git/doc/guix-cookbook.texi:2985 msgid "This document includes adapted sections from articles that have previously been published on the Guix blog at @uref{https://guix.gnu.org/blog}." msgstr "" #. type: cindex #: guix-git/doc/guix-cookbook.texi:2990 #, no-wrap msgid "license, GNU Free Documentation License" msgstr "" #. type: include #: guix-git/doc/guix-cookbook.texi:2991 #, no-wrap msgid "fdl-1.3.texi" msgstr ""