| Age | Commit message (Collapse) | Author |
|---|
|
Kresd used to start as root and create cache files with root ownership before
dropping privileges. This made unprivileged kres-cache-gc (in a separate
service) fail when trying to read them. The new default is to start both as
`knot-resolver', with configuration fields that allow overriding this default.
* gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field.
(<knot-resolver-configuration>)[group]: New field.
(knot-resolver-shepherd-services): Pass the user&group from config to forkexec
constructors.
Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
|
|
Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mcron.scm (cron-daemon-setuid-programs): Use
`privileged-program'.
(cron-daemon-service-type): Extend `privileged-program-service-type'.
Change-Id: I819bf75a0bb23c9b2e97ebcb144ca8adb81a9dde
|
|
TODO: write good changelog entry
Change-Id: Ib1e8f1afcbaae302eac51883e3b02a1d2c32a89e
|
|
* gnu/services/web.scm (define-module): Use `util-linux' from `(gnu packages
linux)'.
[#:export]: Export new service type as well as configuration constructor,
predicate and getters.
(<epicyon-configuration>): New variable.
(epicyon-activation): New procedure.
(%epicyon-passwd): New variable.
(%ensure-epicyon-overlay-unmounted): New variable.
(epicyon-shepherd-services): New procedure.
(epicyon-service-type): New variable.
Change-Id: I9e786594b75b588099d3b9f6b0ab5663903c9db4
|
|
* gnu/services/ldap.scm (directory-server-shepherd-service): Add
`#:pid-file-timeout 30`.
Change-Id: Ie7b3a7c7347b53d4e3629ef2de53c3a76f6751c0
|
|
* gnu/services/ldap.scm (use-modules): Export `backend-userroot-configuration'
instead of non-existent `backend-configuration'.
Change-Id: I07c6d1c777bc42fa4afc3f23dc9d36080beb5bbc
|
|
The `overlayfs-service-type` allows overlay filesystems to be automatically
mounted upon boot and reconfiguration.
* gnu/services/overlayfs.scm: New file.
* gnu/local.ml (GNU_SYSTEM_MODULES): Add it.
Change-Id: I94bb3e3a29648faa354931f3c1cebc5947ab1d5c
|
|
* gnu/services/certbot.scm (certificate-configuration)[key-read-group]: New
field.
(certbot-deploy-hook): Ensure requested group has the right access.
(certbot-command): Pass the requested group to `certbot-deploy-hook'.
(set-key-access-gexp): New procedure.
(generate-certificate-gexp) Ensure the requested group has the right access.
Change-Id: Ia46454a7d2b042cfb682d1d8a7e04aebbc9c19da
|
|
* gnu/services/certbot.scm (define-module)[#:export]: Add
`certbot-sans-nginx-service-type'.
(certbot-configuration)[service-reload]: Add field.
(certbot-configuration)[service-requirement]: Add field.
(certbot-deploy-hook): Reload requested services rather than hardcoded Nginx.
(certbot-command): Pass services to reload to `certbot-deploy-hook'.
(certbot-renewal-one-shot): Pass depended services to Shepherd as configured
instead of passing hardcoded Nginx.
(certbot-sans-nginx-service-type): New variable.
(certbot-service-type): Avoid code duplication by inheriting from the above
service type.
Change-Id: Ic833f24989bbcdcbbc273f9c8eae4c56992aafa0
|
|
The `snakeoil-service-type' generates self-issued certificates for use by
various system daemons.
* gnu/services/ca.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Change-Id: I57bbe51f43958c0f2f437d81645ce44f9a68470b
|
|
Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mail.scm (exim-setuids): Call `privileged-program' record
constructor macro.
(exim-service-type): Extend `privileged-program-service-type'
Change-Id: Idb00e45ddcc50a37303dc50fe1feef73a109f219
|
|
In a typical configuration, Exim binary is setuid root and the Exim daemon
process listens for connections under a non-root system account (usually
`exim`). Upon receiving a message, it forks into a child process which
re-executes the binary to regain privileges and deliver the mail to its
destination (e.g. a Maildir inside user's home directory).
Besides the setuid binary itself, such setup also requires the Exim
configuration file to live at the path Exim considers safe. It defaults to
/etc/exim.conf and changing it requires rebuilding the Exim daemon. If a
configuration at unsafe path is used instead, Exim drops its privileges before
reading it and becomes unable to perform certain kinds of email delivery.
* gnu/services/mail.scm (<exim-configuration>)[setuid-user]: New field.
(<exim-configuration>)[setgid-group]: New field.
(exim-computed-config-file): Delete variable.
(exim-shepherd-service)[start]: Use Exim's default config at /etc/exim.conf.
(exim-activation): Atomically put Exim's current config at /etc/exim.conf and
verify its syntactic correctness.
(exim-setuids): New variable.
(exim-service-type)[extensions]: Extend `setuid-program-service-type`.
Change-Id: Ie6153baac80180d3d48f6b5a6959895df06aef0b
|
|
* gnu/services/cgit.scm (cgit-configuration)[footer]: Specify type as
`file-object`.
Change-Id: Id5790bbdb5e09204b653bc54e1b9b60afe5a2ee0
|
|
This procedure alone is useful when deploying cgit under HTTP server other
than Nginx or when deploying multiple cgit instances on a single host.
* gnu/services/cgit.scm (define-module): Export
`serialize-cgit-configuration`.
Change-Id: Ia21c5debbd54a156df703d84694c945e851cd55c
|
|
As the manual suggests running a certbot command to view the issued
certificates, add it to the profile.
* gnu/services/certbot.scm (certbot-service-type): Extend profile-service-type
with certbot-configuration-package.
Change-Id: I92618597bbdc8d838420b2e0f82de601b0bc609b
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* doc/guix.texi (Web Services): Update documentation for agate-service-type.
* gnu/services/web.scm (agate-configuration): Rename certs, addr, lang and
central-conf variables.
* gnu/tests/web.scm (%test-agate): Add system test for agate-service-type.
Change-Id: Ie14814fca1d5158acd67899da0c3fc2c5b586c72
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Without this fix, deploying `home-mcron-service-type' will strip user's PATH
variable from it's environment. This means that, programs such as `notmuch',
which use hooks which usually invoke `notmuch' from path, would need to be
updated with full paths; which makes it very inconvenient to use.
* gnu/services/mcron.scm (mcron-shepherd-services): respect user PATH variable.
Change-Id: I104aa0a818ad6c3266b2b8f73a9609bfb36e314d
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/mail.scm (opensmtpd-set-gids):
Rewrite using MAP technology.
Change-Id: I30b7eddaf64d242196b1c56f98dec42a86436c18
|
|
* gnu/services/mail.scm (opensmtpd-set-gids): Migrate to
PRIVILEGED-PROGRAM from SETUID-PROGRAM…
(opensmtpd-service-type): … and to PRIVILEGED-PROGRAM-SERVICE-TYPE
from SETUID-PROGRAM-SERVICE-TYPE.
Change-Id: Ide434aa480ea3316c971c58898088d72b5b6671f
|
|
* gnu/services/desktop.scm
(enlightenment-setuid-programs): Rename from this…
(enlightenment-privileged-programs): …to this, replacing
‘setuid’ variables with their ‘privileged’ counterparts.
(enlightenment-desktop-service-type): Adjust accordingly.
Change-Id: Ied2a93eb948c4df35e2b384eeee8181937b474de
|
|
Fixed the issue described here:
https://lists.gnu.org/archive/html/help-guix/2024-01/msg00034.html
Fix `syncthing-shepherd-service` failing to guess the correct `HOME`
environment variable when it's `<syncthing-configuration>` does not have a
value for the `home` or `user` fields.
* gnu/services/syncthing.scm (syncthing-shepherd-service): Change ‘HOME’
value in #:environment-variables argument.
Change-Id: I102bfe5feba1ebb349a0cde1c987c0c10ebbab7a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/desktop.scm (<elogind-configuration>): Allow actions to be set
to 'suspend-then-hibernate'. Add configuration for 'hibernate-delay-seconds'
and 'suspend-estimation-seconds'.
* doc/guix.texi (Desktop Services): Add documentation for
'hibernate-delay-seconds' and 'suspend-estimation-seconds'.
Change-Id: Icf788fcc88451aa6174a608fbed309961b847430
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
…those good for master, anyway.
* gnu/packages/admin.scm (ktsuss, opendoas, hosts)
[arguments]: Replace /run/setuid-programs with /run/privileged/bin.
* gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise.
* gnu/packages/debian.scm (pbuilder)[arguments]: Likewise.
* gnu/packages/disk.scm (udevil)[arguments]: Likewise.
* gnu/packages/enlightenment.scm (efl, enlightenment)
[arguments]: Likewise.
* gnu/packages/gnome.scm (gdm, gnome-control-center)
[arguments]: Likewise.
* gnu/packages/linux.scm (singularity)[arguments]: Likewise.
* gnu/packages/lxde.scm (spacefm)[arguments]: Likewise.
* gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise.
* gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise.
* gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise.
* gnu/services/dbus.scm (dbus-configuration-directory): Likewise.
* gnu/services/ganeti.scm (%default-ganeti-environment-variables):
Likewise.
* gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise.
* gnu/tests/ldap.scm (marionette): Likewise.
* gnu/tests/monitoring.scm (os): Likewise.
|
|
containerd can operate independently without relying on Docker for its
configuration.
* gnu/services/docker.scm (docker-configuration): Deprecate containerd field.
(containerd-configuration, containerd-service-type): New variables.
(docker-shepherd-service): Use containerd-configuration. Delete duplicated
variable binding. Allow to configure environment variables.
(docker-service-type): Delete extension with containerd-service-type.
* gnu/tests/docker.scm (%docker-os, %oci-os): Add containerd service.
(run-docker-test, run-docker-system-test, run-oci-container-test): Run
containerd service.
* doc/guix.texi (Miscellaneous Services): Document containerd-service-type.
Change-Id: Ife0924e50a3e0aa2302d6592dae51ed894600004
|
|
version.
* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
[cert]: Remove.
[key]: Remove.
[hostname]: Change from string to list.
[silent?]: Remove.
[only-tls13?]: Add.
[central-conf?]: Add.
[ed25519?]: Add.
[skip-port-check?]: Add.
(agate-shepherd-service): Change handling of addr and hostname, add new
options handling.
* doc/guix.texi (Web Services): Update.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/desktop.scm (plasma-dbus-service): Add kwallet.
Change-Id: I09b8fc5e98602992fb4854dfaae2f60afa339620
|
|
* gnu/services/desktop.scm (plasma-dbus-service): New procedure.
(plasma-desktop-service-type)[extensions]: Add It.
* gnu/packages/kde-plasma.scm (plasma-workspace)[arguments]: Add
remove-dbus-service phase.
Change-Id: Iadadbff7183bc4655e4cb9bc28cd85df19511949
|
|
* gnu/services/sddm.scm (sddm-shepherd-service): Adjust pass env when sddm
build with qt6.
Change-Id: Iabaa22824db8048c7c86921010b970226f85b7a5
|
|
Previous value of #f lead to `head reload nginx' returning exit code 1,
complicating usage from scripts (and other actions). Returning #t fixes that.
Any actual failures are still covered by the invoke call above.
* gnu/services/web.scm (nginx-shepherd-service)[nginx-action]<-s>: Return #t.
Change-Id: I4ce1645798a85baddeb0f5bd702a2567db3c7aaa
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Reloading nginx lead to (harmless, yet annoying) alert being logged:
nginx: [alert] could not open error log file: open() "/gnu/store/9l2lznlqpjcm79znq1xas378maqgysc8-nginx-1.27.0/logs/error.log" failed (2: No such file or directory)
Since there already is prepared runtime directory for nginx, all that was
missing was to also pass it to the reload and reopen invocations.
* gnu/services/web.scm (nginx-shepherd-service)[reload, reopen]: Pass -p flag
with run-directory as value.
Change-Id: Id5c558d65def8c1fe5cf581a4a370508ac05e550
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
oci-container-configuration.
* gnu/services/docker.scm (oci-container-configuration)
[shepherd-actions]: New field.
(sanitize-shepherd-actions): sanitize it.
(oci-container-shepherd-service): use it.
* doc/guix.texi: Document it.
Change-Id: I0ca9826542be7cb8ca280a07a9bff1a262c2a8a7
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
oci-container-configuration.
* gnu/services/docker.scm (oci-container-configuration)
[respawn?]: New field.
(oci-container-shepherd-service): use it.
* doc/guix.texi: Document it.
Change-Id: I0d6367607fd0fd41f90a54b33d80bf4d4f43dd8b
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
oci-container-configuration.
* gnu/services/docker.scm (oci-container-configuration)
[auto-start?]: New field.
(oci-container-shepherd-service): use it.
* doc/guix.texi: Document it.
Change-Id: Id093d93effbbec3e1be757f8be83cf5f62eaeda7
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
|
|
oci-container-configuration.
* gnu/services/docker.scm (oci-container-configuration)
[log-file]: New field.
(oci-container-shepherd-service): use it.
* doc/guix.texi: Document it.
Change-Id: Icad29ac6342b6f5bafc0d9be13a93cee99674185
|
|
In the absence of the /etc/guix/channels.scm file, %default-channels is used
anyway. If user manually (or by extra-special-file) created the file, we
should respect it. This commit therefore changes the default to #f, hopefully
having zero impact on people not actively using the `channels' field.
* gnu/services/base.scm (<guix-configuration>)[channels]: Set default to #f.
Change-Id: I516c1735a037a153fabbebfc337051aaf0be2155
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This is a followup to 7c27bd115b14afd142da7684cc349369965f9eab.
* gnu/services/base.scm (file-system-shepherd-service): Catch
'system-error from ‘umount’ call when FILE-SYSTEM is marked as
mount-may-fail.
Change-Id: I2234f8da320b43089f4ee058cad8608ce9c078f8
|
|
* gnu/services/shepherd.scm (<shepherd-service>)[free-form]: New field.
[start]: Add default value.
(shepherd-service-file): Rename to…
(shepherd-service-file/regular): … this.
(shepherd-service-file/free-form): New procedure.
(shepherd-service-file): Dispatch to one of the two procedures above.
* doc/guix.texi (Shepherd Services): Document the ‘free-form’ field.
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I206374e950ef6d1e4a996c0f507fb5fcd9cadde3
|
|
When extra-content is a list, add 4 space indentation and a newline to every
line. If it's a string, continue inserting it directly. This makes the list
serialization behavior more consistent with other services.
* gnu/services/web (default-nginx-config): Support lists.
* doc/guix.texi (Web Services)[nginx-configuration]: Document it.
Change-Id: Iec8614ba3cfc37292a566197e8d39b352b04846a
Signed-off-by: Christopher Baines <mail@cbaines.net>
|
|
* gnu/services/networking.scm (dhcp-client-configuration) [config-file]: New
field.
(dhcp-client-configuration-config-file): New accessor.
(dhcp-client-shepherd-service): Use the config file when invoking
dhclient if supplied.
* doc/guix.texi: Document it.
Change-Id: I286de4ddf59c5e606bf1fe0a7510570869e62b1a
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
(match value (%unset-value ...)) is equivalent here to
(match value (_ ...)). Even if you set 'log-file to some path, it's always
"syslog" in the configuration file.
* gnu/services/audio.scm (mpd): Fix buggy 'match'.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: If397919c2844d856c69fe00b8907b7b3fd86e564
|
|
* doc/guix.texi (radicale-configuration): Update documentation to reflect new
configuration, add new symbols.
* gnu/services/mail.scm (%default-radicale-config-file): Delete.
(radicale-auth-configuration, radicale-auth-configuration?)
(radicale-encoding-configuration, radicale-encoding-configuration?)
(radicale-logging-configuration, radicale-logging-configuration?)
(radicale-rights-configuration, radicale-rights-configuration?)
(radicale-server-configuration, radicale-server-configuration?)
(radicale-storage-configuration, radicale-storage-configuration?):
New configuration types and corresponding predicates.
(radicale-configuration, radicale-configuration?): Use define-configuration.
(radicale-activation, radicale-shepherd-service): Update to new
configuration format.
(radicale-activation): Use user-defined values for service files.
(radicale-service-type): Capitalize "Radicale" in description.
Change-Id: Ic88b8ff2750e3d658f6c7cee02d33417aa8ee6d2
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[extra-options]: Add.
* doc/guix.texi: Document (<dnsmasq-configuration>)[extra-options].
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I7d2df7aa5d3b041b69b2f8b3e311a7328c28a3be
|
|
As the shepherd adds these to the logs.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Pass
#:timestamp-log-output? #f to make-build-coordinator.
(guix-build-coordinator-agent-shepherd-services): Add
--timestamp-log-output=false to the arguments.
Change-Id: I9073ee7b1cefa894d38fdf3831c59de693e087f6
|
|
gnu/services/docker.scm (oci-container-shepherd-service): When image is
oci-image, call %oci-image-loader.
Change-Id: I26105e82643affe9e7037975e42ec9690089545b
|
|
Add a mechanism to only require mounting a subset of file-system entries
during early Shepherd initialization. Any file-system with additional Shepherd
service requirements (e.g. networking) is not required to provision
'file-systems.
* gnu/services/base.scm (file-system-shepherd-service): Splice
file-system-requirements into the Shepherd service requirement list.
(file-system-shepherd-services): Provision 'file-system only when file system
services without additional Shepherd requirements are started.
* gnu/system/file-systems.scm (file-system): Add shepherd-requirements field
to the file-system record. This field is used for adding additional Shepherd
requirements to a file-system Shepherd service.
* doc/guix.texi: Add documentation for file-system shepherd-requirements.
Change-Id: If0392db03d48e8820aa53df1df482c12ec72e1a5
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This allows users to specify NSS plugins such as LDAP via the
‘name-services’ field of <nscd-configuration>. Failing that, user code
will dlopen whatever passwd/group plugins are listed in
/etc/nsswitch.conf, which is likely to fail, typically because those are
not in $LD_LIBRARY_PATH.
* gnu/services/base.scm (%nscd-default-caches): Add ‘passwd’ and ‘group’
caches.
Change-Id: I9c03346a1de2710685f7801eccd2e08007427f5d
|
|
* gnu/services/monitoring.scm (darkstat-shepherd-service): Add
‘user-processes’ to ‘requirement’.
Change-Id: I6abaefd88c6075a0379e5867838653765dfaa08e
|
|
* gnu/services/avahi.scm (avahi-shepherd-service): Change to systemd
style. Remove ‘--daemonize’ option and #:pid-file. Add #:lazy-start?
and #:log-file.
Change-Id: I1915243f057ff3bbe281f46f17826f24b124f659
|
|
* gnu/services/dbus.scm (dbus-shepherd-service): Remove ‘--syslog-only’
option and pass #:log-file unconditionally.
Change-Id: I9e42f241e08b95ff01e9ad69551bc2c7ce869d6d
|
|
* gnu/services/networking.scm (tor-configuration->torrc): Change ‘Log’
directive to ‘stderr’.
(tor-shepherd-service): Remove /dev/log file system mapping.
Change-Id: I2e33ad8033f884ce59d929a4181172325331efe0
|
