| Age | Commit message (Expand) | Author |
|---|
| 5 days | services: openvpn: Allow the client to hardcode DNS servers to use.•••* gnu/services/vpn.scm (%ipv4-regex): New variable.
(dhcp-option-dns-list?): New variable.
(serialize-dhcp-option-dns-list): New variable.
(openvpn-client-configuration)[dns]: New field.
Change-Id: Ic4e8184f47bf3f1d5b683c4dc737f6abba8d2f9e
| W. Kosior |
| 5 days | services: openvpn: Allow putting arbitrary text server's ccd config.•••* gnu/services/vpn.scm (verbatim-text?): New variable.
(serialize-verbatim-text): New variable.
(openvpn-ccd-configuration)[opaque-configuration]: New field.
Change-Id: I1becf66bb2e41237595e45cd23c20800d3ffe239
| W. Kosior |
| 5 days | services: openvpn: Allow OpenVPN client to dictate route(s) it sets.•••* gnu/services/vpn.scm (maybe-ip-mask?): New variable.
(serialize-maybe-ip-mask): New variable.
(pull-route?): New variable.
(serialize-pull-route): New variable.
(openvpn-client-configuration)[pull-route?]: New field.
(openvpn-client-configuration)[route]: New field.
Change-Id: Ief6390e905612420ad249c9ecd80a46caad2e378
| W. Kosior |
| 5 days | services: openvpn: Allow using up/down scripts bundled with OpenVPN.•••This is useful for example to pull DNS settings from the server.
* gnu/services/vpn.scm (use-up-down-scripts?): New variable.
(serialize-use-up-down-scripts): New variable.
(make-up-down-config-options): New variable.
(make-script-security-cli-options): New variable.
(openvpn-client-configuration)[use-up-down-scripts?]: New field.
(openvpn-config-file): Serialize that field.
(openvpn-shepherd-service): Pass `--script-security' option to daemon.
Change-Id: I1141dd0b9bf5956f13cf1552c2718b0a7035fa86
| W. Kosior |
| 5 days | gnu: openvpn: Make resolv.conf up/down scripts available.•••* gnu/packages/vpn.scm (openvpn)[arguments]<#:phases>: Add phase to install
`client.up' and `client.down' files.
Change-Id: Ic6340721ab0ba086d0528fb3e070e3f7ecf2773e
| W. Kosior |
| 5 days | services: shepherd: Allow extensions to alter shepherd root config.•••This, in particular, enables system administrator to use a
different (modified) shepherd package for the init.
* gnu/services/shepherd.scm (shepherd-root-service-type)[extend]: When an
extension is a procedure, do not treat it as an extra shepherd service to
append. Instead, pass the resulting config through it.
Change-Id: I39c394ab0798b7a1f8d373c19becf01c4870d10b
| W. Kosior |
| 5 days | services: Allow specifying user and group for knot resolver.•••Kresd used to start as root and create cache files with root ownership before
dropping privileges. This made unprivileged kres-cache-gc (in a separate
service) fail when trying to read them. The new default is to start both as
`knot-resolver', with configuration fields that allow overriding this default.
* gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field.
(<knot-resolver-configuration>)[group]: New field.
(knot-resolver-shepherd-services): Pass the user&group from config to forkexec
constructors.
Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
| W. Kosior |
| 5 days | gnu: Add tmate-ssh-server.•••* gnu/packages/ssh.scm (tmate-ssh-server): New variable.
Change-Id: Idfc1f1d8835c0681fb957b85a142c0888a15fa04
| W. Kosior |
| 5 days | services: Update cron service to use `privileged-program' API.•••Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mcron.scm (cron-daemon-setuid-programs): Use
`privileged-program'.
(cron-daemon-service-type): Extend `privileged-program-service-type'.
Change-Id: I819bf75a0bb23c9b2e97ebcb144ca8adb81a9dde
| W. Kosior |
| 5 days | gnu: mcron: Add traditional cron service.•••TODO: write good changelog entry
Change-Id: Ib1e8f1afcbaae302eac51883e3b02a1d2c32a89e
| W. Kosior |
| 5 days | gnu: gmnisrv: Fix config loading.•••* gnu/packages/web.scm (gmnisrv)[arguments]<#:phases>: Patch hostname handling
in `src/config.c'.
Change-Id: Ic79591eb45d63732d0d786a2c9994c60c9b84934
| Wojtek Kosior |
| 5 days | gnu: gmnisrv: Use Gexp.•••* gnu/packages/web.scm (gmnisrv)[arguments]: Use G-Expression.
Change-Id: Ib8d9379e8b2a3940b8a5297622247a3c7a0454ca
| Wojtek Kosior |
| 5 days | services: Add epicyon-service-type.•••* gnu/services/web.scm (define-module): Use `util-linux' from `(gnu packages
linux)'.
[#:export]: Export new service type as well as configuration constructor,
predicate and getters.
(<epicyon-configuration>): New variable.
(epicyon-activation): New procedure.
(%epicyon-passwd): New variable.
(%ensure-epicyon-overlay-unmounted): New variable.
(epicyon-shepherd-services): New procedure.
(epicyon-service-type): New variable.
Change-Id: I9e786594b75b588099d3b9f6b0ab5663903c9db4
| W. Kosior |
| 5 days | gnu: Add epicyon.•••* gnu/packages/python-web.scm (define-module): Use `(gnu packages
imagemagick)' and `(gnu packages/photo)' modules.
(epicyon): New variable.
Change-Id: I736cb955038659ee7c88fc2f3e1da198e3c9f70f
| W. Kosior |
| 5 days | gnu: Add python-django-timezone-field.•••* gnu/packages/django.scm (python-django-timezone-field): New variable.
Change-Id: I3f500a7a088f0311df4962391bdc692d710176e4
| W. Kosior |
| 5 days | services: ldap: Increase pid file timeout for 389-ds.•••* gnu/services/ldap.scm (directory-server-shepherd-service): Add
`#:pid-file-timeout 30`.
Change-Id: Ie7b3a7c7347b53d4e3629ef2de53c3a76f6751c0
| Wojtek Kosior |
| 5 days | services: ldap: Fix exported name.•••* gnu/services/ldap.scm (use-modules): Export `backend-userroot-configuration'
instead of non-existent `backend-configuration'.
Change-Id: I07c6d1c777bc42fa4afc3f23dc9d36080beb5bbc
| Wojtek Kosior |
| 5 days | gnu modsecurity: Add ModSecurity Web Application Firewall.•••This commit adds the "httpd-modsecurity" package with ModSecurity2. It comes in
2 variants: one using older pcre with tests enabled and one with pcre2 but
non-working tests. The latter is exported from the module.
There's also a definition for "libmodsecurity" package containing the library
part of ModSecurity3. No http server-specific connectors for it are packaged in
this commit, though.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add `modsecurity.scm'.
* gnu/packages/modsecurity.scm: New file.
Change-Id: Ida54a64c52383ff217be067322f3d1c6ea4da020
| W. Kosior |
| 5 days | home: services: Add localhost-repo-server.•••* gnu/home/services/vcs.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Record 'home/services/vcs.scm'.
Change-Id: I37d3c1dacc26eb31b9b7ec434ed760c7cf84cc32
| Wojtek Kosior |
| 5 days | gnu: Add guile-cantius.•••* gnu/packages/guile-xyz.scm (guile-cantius): New variable.
Change-Id: Iccc7385ae5c3f762f53705c8ebe876f7ad08da00
| Wojtek Kosior |
| 5 days | gnu: Add guile-de-paul-records.•••* gnu/packages/guile-xyz.scm (guile-de-paul-records): New variable.
Change-Id: I869c65666f83aedec7a34809b66396798e62e2cf
| Wojtek Kosior |
| 5 days | gnu: Add guile-myra-test-utils.•••* gnu/packages/guile-xyz.scm (guile-myra-test-utils): New variable.
Change-Id: I20ae86fa5fab953524786bffefa3cac9703128df
| Wojtek Kosior |
| 5 days | gnu: Add lawrence-bolierplate.•••* gnu/packages/autotools.scm (lawrence-boilerplate): New variable.
Change-Id: Ib29e2ef3165ee151226ac4d4bc41ec5b51df8038
| Wojtek Kosior |
| 5 days | system: Allow adding elsewhere-defined system users to extra groups.•••* gnu/system.scm (define-module): Export `operating-system-extra-groups`.
(<operating-system>)[extra-groups]: New field.
(operating-system-default-essential-services): Also pass extra groups to
account-service.
(hurd-default-essential-services): Same here.
* gnu/system/accounts.scm (define-module): Use (ice-9 vlist), (srfi srfi-8)
and (srfi srfi-26). Export `user-extra-groups`* and `merge-extra-groups-data`.
(<user-extra-groups>): New record type.
(user-account-extend): New procedure.
(merge-extra-groups-data): New procedure.
* gnu/system/shadow.scm (define-module): Re-export `user-extra-groups`*.
(account-service-type)[extend]: Handle <user-extra-groups> records, move field
intializer upward to be able to use `compose`.
Change-Id: I3f489ac794d342267b7627db1d28315ea4b69db2
| Wojtek Kosior |
| 5 days | services: Add overlayfs-service-type.•••The `overlayfs-service-type` allows overlay filesystems to be automatically
mounted upon boot and reconfiguration.
* gnu/services/overlayfs.scm: New file.
* gnu/local.ml (GNU_SYSTEM_MODULES): Add it.
Change-Id: I94bb3e3a29648faa354931f3c1cebc5947ab1d5c
| Wojtek Kosior |
| 5 days | services: certbot: Facilitate granting key read access to groups.•••* gnu/services/certbot.scm (certificate-configuration)[key-read-group]: New
field.
(certbot-deploy-hook): Ensure requested group has the right access.
(certbot-command): Pass the requested group to `certbot-deploy-hook'.
(set-key-access-gexp): New procedure.
(generate-certificate-gexp) Ensure the requested group has the right access.
Change-Id: Ia46454a7d2b042cfb682d1d8a7e04aebbc9c19da
| W. Kosior |
| 5 days | services: certbot: Allow it to be used without Nginx.•••* gnu/services/certbot.scm (define-module)[#:export]: Add
`certbot-sans-nginx-service-type'.
(certbot-configuration)[service-reload]: Add field.
(certbot-configuration)[service-requirement]: Add field.
(certbot-deploy-hook): Reload requested services rather than hardcoded Nginx.
(certbot-command): Pass services to reload to `certbot-deploy-hook'.
(certbot-renewal-one-shot): Pass depended services to Shepherd as configured
instead of passing hardcoded Nginx.
(certbot-sans-nginx-service-type): New variable.
(certbot-service-type): Avoid code duplication by inheriting from the above
service type.
Change-Id: Ic833f24989bbcdcbbc273f9c8eae4c56992aafa0
| Wojtek Kosior |
| 5 days | services: Add snakeoil-service-type.•••The `snakeoil-service-type' generates self-issued certificates for use by
various system daemons.
* gnu/services/ca.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Change-Id: I57bbe51f43958c0f2f437d81645ce44f9a68470b
| Wojtek Kosior |
| 5 days | services: exim: Allow configuring a periodic queue runner.•••The runner now by default runs every 5 minutes. Previously it didn't run at
all which pretty much crippled Exim's functionality.
* gnu/services/mail.scm (<exim-configuration>)[queue-period]: New field.
(exim-shepherd-service): Pass period (unless disabled) with Exim's `-q'
option and remove the verbosity flag.
Change-Id: Ia8f25d93543b761e1a058c30f2f6ddf11943aa57
| W. Kosior |
| 5 days | services: Update Exim service to use `privileged-program' API.•••Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mail.scm (exim-setuids): Call `privileged-program' record
constructor macro.
(exim-service-type): Extend `privileged-program-service-type'
Change-Id: Idb00e45ddcc50a37303dc50fe1feef73a109f219
| W. Kosior |
| 5 days | gnu: exim: Use /etc/exim.conf as the default config file.•••* gnu/packages/mail.scm (exim)[arguments]<#:phases>['symlink-config-file]: New
phase.
Change-Id: I1be49e4a042b42e38ebff8aeff0e9cfc8724456b
| Wojtek Kosior |
| 5 days | services: Support running Exim with setuid/setgid.•••In a typical configuration, Exim binary is setuid root and the Exim daemon
process listens for connections under a non-root system account (usually
`exim`). Upon receiving a message, it forks into a child process which
re-executes the binary to regain privileges and deliver the mail to its
destination (e.g. a Maildir inside user's home directory).
Besides the setuid binary itself, such setup also requires the Exim
configuration file to live at the path Exim considers safe. It defaults to
/etc/exim.conf and changing it requires rebuilding the Exim daemon. If a
configuration at unsafe path is used instead, Exim drops its privileges before
reading it and becomes unable to perform certain kinds of email delivery.
* gnu/services/mail.scm (<exim-configuration>)[setuid-user]: New field.
(<exim-configuration>)[setgid-group]: New field.
(exim-computed-config-file): Delete variable.
(exim-shepherd-service)[start]: Use Exim's default config at /etc/exim.conf.
(exim-activation): Atomically put Exim's current config at /etc/exim.conf and
verify its syntactic correctness.
(exim-setuids): New variable.
(exim-service-type)[extensions]: Extend `setuid-program-service-type`.
Change-Id: Ie6153baac80180d3d48f6b5a6959895df06aef0b
| Wojtek Kosior |
| 5 days | gnu: exim: Enable Maildir delivery format.•••* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Set
`SUPPORT_MAILDIR` config option to "yes".
Change-Id: Ibb2b0bcd5b4a790eedfdc12f794a43625cb88250
| Wojtek Kosior |
| 5 days | gnu: exim: Set `exim` as the default user.•••* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Configure
Exim to resolve uid/gid of `exim` in runtime and prevent install script from
failing.
Change-Id: I2571d6e5a4d4aca534ed6bdfaa3832b1ec69c1d5
| Wojtek Kosior |
| 5 days | services: Allow cgit footer text to be passed as a file-like object.•••* gnu/services/cgit.scm (cgit-configuration)[footer]: Specify type as
`file-object`.
Change-Id: Id5790bbdb5e09204b653bc54e1b9b60afe5a2ee0
| Wojtek Kosior |
| 5 days | services: Export cgit config serialization procedure.•••This procedure alone is useful when deploying cgit under HTTP server other
than Nginx or when deploying multiple cgit instances on a single host.
* gnu/services/cgit.scm (define-module): Export
`serialize-cgit-configuration`.
Change-Id: Ia21c5debbd54a156df703d84694c945e851cd55c
| Wojtek Kosior |
| 5 days | gnu: minetest-worldedit: Disable tests.•••* gnu/packages/minetest.scm (minetest-worldedit)[arguments]: Add field.
Change-Id: Ie76c7f137a2fed05b24fd05be83c133f446b0b6b
| W. Kosior |
| 2025-02-03 | gnu: python-clingo: Build from sources.•••* gnu/packages/potassco.scm (clingo)[source]: Also delete
“libpyclingo/_clingo.c”.
(python-clingo)[#:phases]: Add ‘generate-sources’. Remove ‘fix-failing-tests’.
Signed-off-by: jgart <jgart@dismail.de>
| Liliana Marie Prikler |
| 2025-02-03 | gnu: distrobox: Update to 1.8.1.2.•••* gnu/packages/containers.scm (distrobox): Update to 1.8.1.2.
Change-Id: I5f4da5bae3e1307a2c2efcad6b4f8d526d9a6481
| jgart |
| 2025-02-03 | gnu: Add annextimelog.•••* gnu/packages/task-management.scm (annextimelog): New variable.
Change-Id: I7adf4263422fdb1edcb5dfc878cb1decb529c27e
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
| Matthias Riße |
| 2025-02-03 | gnu: MPD: Update to 0.23.17.•••* gnu/packages/mpd.scm (mpd): Update to 0.23.17.
Change-Id: Ie5d884b0d56d4d3661b889e8414417da0340b85e
| Leo Famulari |
| 2025-02-03 | gnu: system: Disable EFI pstore backend by default•••Disabling the EFI pstore backend is expected to reduce the chances of unaware
users running into issues with UEFI and failing to boot their Guix Systems.
This commit disables one of the backends for the persistent storage driver
'pstore' in the Linux kernel. In particular, we disable the backend which stores
the data in EFI variable storage in UEFI NVRAM.
More information about the pstore system:
https://www.kernel.org/doc/Documentation/ABI/testing/pstore
https://docs.kernel.org/admin-guide/pstore-blk.html
https://blogs.oracle.com/linux/post/pstore-linux-kernel-persistent-storage-file-system
This change reduces writes to UEFI to reduce the chances of it wearing out or
malfunctioning for other reasons, with the goal of preventing situations where
the EFI variable storage is full and cannot take new variables. This is known to
cause "Could not prepare Boot variable: No space left on device" errors on
computers with some UEFI implementations which are susceptible to such problems,
typically on relatively older machines. The user is confronted by the issue at
the later stages of Guix system reconfiguration, when the new boot entry is
created. It may be difficult to recover from because the exact cause depends on
UEFI. Sometimes it is enough to remove dumps from efivars, but sometimes the
storage will remain full permanently with no way to reclaim space.
Users may still enable the backend by changing the option via the kernel
command-line arguments, either in the Guix system configuration or in GRUB.
The above is my summary of what was previously discussed in guix-help mailing
list: <https://lists.gnu.org/archive/html/help-guix/2025-01/msg00173.html>.
* gnu/packages/linux.scm (default-extra-linux-options): Enable the kernel
build-time configuration option CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE.
Change-Id: Id0294fa90ccbf3bacbb55a22aeb4f0a863efe22c
Co-authored-by: Leo Famulari <leo@famulari.name>
| Roman Riabenko |
| 2025-02-03 | gnu: Add linux-libre 6.13.•••* gnu/packages/linux.scm (linux-libre-6.13-version,
linux-libre-6.13-gnu-revision, deblob-scripts-6.13,
linux-libre-6.13-pristine-source, linux-libre-6.13-source,
linux-libre-headers-6.13, linux-libre-6.13): New variables.
(linux-libre-headers-latest): Use linux-libre-headers-6.13.
* gnu/packages/aux-files/linux-libre/6.13-arm.conf,
gnu/packages/aux-files/linux-libre/6.13-arm64.conf,
gnu/packages/aux-files/linux-libre/6.13-i686.conf,
gnu/packages/aux-files/linux-libre/6.13-riscv.conf,
gnu/packages/aux-files/linux-libre/6.13-x86_64.conf: New files.
* Makefile.am (AUX_FILES): Add them.
Change-Id: Ib2acb495eb3bd6c2c2e9e5eebd2e8a1826aeed53
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre 5.4: Update to 5.4.290.•••* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.290.
(linux-libre-5.4-pristine-source): Update hash.
Change-Id: I1a0e7501bab0747ddb973d5dbca1dc83c048d42e
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre 5.10: Update to 5.10.234.•••* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.234.
(linux-libre-5.10-pristine-source): Update hash.
Change-Id: Ic6d02a2cc48e4424d9126f43269542e15c4f139a
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre 5.15: Update to 5.15.178.•••* gnu/packages/linux.scm (linux-libre-5.15-version): Update to 5.15.178.
(linux-libre-5.15-pristine-source): Update hash.
Change-Id: If7c556c8ee4829a7e772989dc9be005019e1941f
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre 6.1: Update to 6.1.128.•••* gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.128.
(linux-libre-6.1-pristine-source): Update hash.
Change-Id: Icd8fa4921ce0db9d89d1b33cecc1306e2df67051
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre 6.6: Update to 6.6.75.•••* gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.75.
(linux-libre-6.6-pristine-source): Update hash.
Change-Id: I60a5d3b4241ef3362b6b9656e25768ef6ab0897c
| Leo Famulari |
| 2025-02-03 | gnu: linux-libre: Update to 6.12.12.•••* gnu/packages/linux.scm (linux-libre-6.12-version): Update to 6.12.12.
(linux-libre-6.12-pristine-source): Update hash.
Change-Id: I88fe45f71455e08e100bfe800ec415f2e6566616
| Leo Famulari |
| 2025-02-03 | gnu: Add ravanan.•••* gnu/packages/bioinformatics.scm (ravanan): New variable.
Change-Id: Ib93ea64a3a0313be167dd1cd2f036c72f1c0f138
Signed-off-by: jgart <jgart@dismail.de>
| Arun Isaac |
