diff options
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/base.scm | 15 | ||||
| -rw-r--r-- | gnu/services/docker.scm | 2 | ||||
| -rw-r--r-- | gnu/services/guix.scm | 23 | ||||
| -rw-r--r-- | gnu/services/mail.scm | 200 | ||||
| -rw-r--r-- | gnu/services/rsync.scm | 1 | ||||
| -rw-r--r-- | gnu/services/vnc.scm | 2 | ||||
| -rw-r--r-- | gnu/services/web.scm | 20 |
7 files changed, 240 insertions, 23 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 82c6940780..6539bfd6ce 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -63,7 +63,9 @@ #:use-module (gnu packages bash) #:use-module ((gnu packages base) #:select (coreutils glibc glibc/hurd - glibc-utf8-locales make-glibc-utf8-locales + glibc-utf8-locales + libc-utf8-locales-for-target + make-glibc-utf8-locales tar canonical-package)) #:use-module ((gnu packages compression) #:select (gzip)) #:use-module (gnu packages fonts) @@ -1765,7 +1767,13 @@ archive' public keys, with GUIX." (mkdir-p (dirname machines-file))) ;; Installed the declared machines file. - (symlink #+(scheme-file "machines.scm" machines) + (symlink #+(scheme-file "machines.scm" + #~((@ (srfi srfi-1) append-map) + (lambda (entry) + (if (build-machine? entry) + (list entry) + entry)) + #$machines)) machines-file)))) (define-record-type* <guix-configuration> @@ -2147,7 +2155,8 @@ raise a deprecation warning if the 'compression-level' field was used." ;; nars for packages that contain UTF-8 file names such ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>. (list (string-append "GUIX_LOCPATH=" - #$glibc-utf8-locales "/lib/locale") + #$(libc-utf8-locales-for-target) + "/lib/locale") "LC_ALL=en_US.utf8") #:log-file "/var/log/guix-publish.log")) (endpoints #~(let ((ai (false-if-exception diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index ebea0a473a..72ef7d74db 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -374,7 +374,7 @@ documentation for semantics.")) (network (oci-container-configuration-network config)) (user - (oci-container-configuration-user config)) + (oci-container-configuration-container-user config)) (workdir (oci-container-configuration-workdir config))) (apply append diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index fe602efb99..389903451a 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -23,7 +23,7 @@ #:use-module (guix records) #:use-module (guix packages) #:use-module ((gnu packages base) - #:select (glibc-utf8-locales)) + #:select (libc-utf8-locales-for-target)) #:use-module (gnu packages admin) #:use-module (gnu packages databases) #:use-module (gnu packages web) @@ -381,7 +381,8 @@ #:pid-file-timeout 60 #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.utf8" "PATH=/run/current-system/profile/bin" ; for hooks #$@extra-environment-variables) @@ -508,7 +509,8 @@ #:user #$user #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") ;; XDG_CACHE_HOME is used by Guix when caching narinfo files "XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent" "LC_ALL=en_US.utf8") @@ -600,7 +602,8 @@ #:user #$user #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.utf8") #:log-file "/var/log/guix-build-coordinator/queue-builds.log")))) (stop #~(make-kill-destructor)) @@ -712,7 +715,8 @@ ca-certificates.crt file in the system profile." #:pid-file "/var/run/guix-data-service/pid" #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.UTF-8") #:log-file "/var/log/guix-data-service/web.log")) (stop #~(make-kill-destructor))) @@ -733,7 +737,8 @@ ca-certificates.crt file in the system profile." `("HOME=/var/lib/guix-data-service" "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt" ,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.UTF-8") #:log-file "/var/log/guix-data-service/process-jobs.log")) (stop #~(make-kill-destructor)))))) @@ -989,7 +994,8 @@ ca-certificates.crt file in the system profile." #:pid-file "/var/run/nar-herder/pid" #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.utf8" #$@extra-environment-variables) #:log-file "/var/log/nar-herder/server.log")) @@ -1108,7 +1114,8 @@ ca-certificates.crt file in the system profile." #:directory "/var/lib/bffe" #:environment-variables `(,(string-append - "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") + "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.utf8" #$@extra-environment-variables) #:log-file "/var/log/bffe/server.log")) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..afe1bb6016 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com> ;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de> +;;; Copyright © 2023 Thomas Ieong <th.ieong@free.fr> +;;; Copyright © 2023 Saku Laesvuori <saku@laesvuori.fi> ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,13 @@ radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-account + %default-rspamd-config-file + %default-rspamd-group)) ;;; Commentary: ;;; @@ -1987,3 +1995,193 @@ hosts = localhost:5232")) (service-extension account-service-type (const %radicale-accounts)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + ((((? string?) (? file-like?)) ...) #t) + (_ #f))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element lists where +the first element is the filename and the second one is a file-like object. Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element lists where +the first element is the filename and the second one is a file-like object. Settings +in these files will override the defaults.") + (user + (user-account %default-rspamd-account) + "The user to run rspamd as.") + (group + (user-group %default-rspamd-group) + "The group to run rspamd as.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users.") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.") + (shepherd-requirements + (list-of-symbols '(loopback)) + "This is a list of symbols naming Shepherd services that this service +will depend on.")) + +(define %default-rspamd-account + (user-account + (name "rspamd") + (group "rspamd") + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))) + +(define %default-rspamd-group + (user-group + (name "rspamd") + (system? #t))) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile = \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/options.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/options.inc\" +} + +logging { + type = \"file\"; + filename = \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/logging.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/logging.inc\" +} + +worker \"normal\" { + bind_socket = \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-normal.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-normal.inc\" +} + +worker \"controller\" { + bind_socket = \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-controller.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket = \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-proxy.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket = \"localhost:11335\"; + count = -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-fuzzy.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config <rspamd-configuration> + (user group) + (list group user))) + +(define (rspamd-shepherd-service config) + (match-record config <rspamd-configuration> + (package config-file user group debug? insecure? skip-template? + local.d-files override.d-files shepherd-requirements) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement shepherd-requirements) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d-files)))))) + (with-imported-modules (source-module-closure '((gnu build activation))) + #~(begin + (use-modules (gnu build activation)) ; for mkdir-p/perms + (let ((user (getpwnam #$(user-account-name user)))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + (make-forkexec-constructor + (list #$rspamd "--config" #$config-file + "--var" (string-append "LOCAL_CONFDIR=" #$local-confdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$(user-account-name user) + #:group #$(user-group-name group)))))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopen) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts))) + (default-value (rspamd-configuration)))) diff --git a/gnu/services/rsync.scm b/gnu/services/rsync.scm index 42e4d0247e..e85dd50934 100644 --- a/gnu/services/rsync.scm +++ b/gnu/services/rsync.scm @@ -291,6 +291,7 @@ please use 'modules' instead~%"))) (make-socket-address AF_INET6 IN6ADDR_ANY #$port-number))) '())) + #:service-name-stem "rsync" #:user #$user #:group #$group) (make-forkexec-constructor #$rsync-command diff --git a/gnu/services/vnc.scm b/gnu/services/vnc.scm index f90bd7258f..8b9ad0b179 100644 --- a/gnu/services/vnc.scm +++ b/gnu/services/vnc.scm @@ -149,7 +149,7 @@ CONFIG, a <xvnc-configuration> object." (xvnc display-number geometry depth port ipv4? ipv6? password-file xdmcp? inetd? frame-rate security-types localhost? log-level extra-options) #~(list #$(file-append xvnc "/bin/Xvnc") - #$(format #f ":~a" display-number) + #$@(if inetd? '() (list (format #f ":~a" display-number))) "-geometry" #$geometry "-depth" #$(number->string depth) #$@(if inetd? diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 818226a4f7..55cc095d90 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -1229,8 +1229,9 @@ a webserver.") (frequency 'weekly)))) (define (hpcguix-web-shepherd-service config) - (let ((specs (hpcguix-web-configuration-specs config)) - (hpcguix-web (hpcguix-web-package config))) + (let* ((specs (hpcguix-web-configuration-specs config)) + (config-file (and specs (scheme-file "hpcguix-web.scm" specs))) + (hpcguix-web (hpcguix-web-package config))) (with-imported-modules (source-module-closure '((gnu build shepherd))) (shepherd-service @@ -1246,9 +1247,7 @@ a webserver.") #$(number->string (hpcguix-web-configuration-port config)) #$@(if specs - #~((string-append "--config=" - #$(scheme-file - "hpcguix-web.scm" specs))) + #~((string-append "--config=" #$config-file)) #~())) #:user "hpcguix-web" #:group "hpcguix-web" @@ -1256,7 +1255,8 @@ a webserver.") (list "XDG_CACHE_HOME=/var/cache/guix/web" "SSL_CERT_DIR=/etc/ssl/certs") #:log-file #$%hpcguix-web-log-file)) - (stop #~(make-kill-destructor)))))) + (stop #~(make-kill-destructor)) + (actions (list (shepherd-configuration-action config-file))))))) (define hpcguix-web-service-type (service-type @@ -1498,7 +1498,8 @@ files.") '#$(optional anonip-configuration-regex "--regex")) ;; Run in a UTF-8 locale #:environment-variables - (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales + (list (string-append "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale") "LC_ALL=en_US.utf8"))) @@ -1976,7 +1977,8 @@ WSGIPassAuthorization On (define (mumi-shepherd-services config) (define environment #~(list "LC_ALL=en_US.utf8" - (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales + (string-append "GUIX_LOCPATH=" + #$(libc-utf8-locales-for-target) "/lib/locale"))) (match config @@ -2101,7 +2103,7 @@ root=/srv/gemini (define gmnisrv-service-type (service-type - (name 'guix) + (name 'gmnisrv) (extensions (list (service-extension activation-service-type (const %gmnisrv-activation)) |