From d25620be4c545aec1653ecc40ebb7ea2dd1a12ae Mon Sep 17 00:00:00 2001 From: Carlo Zancanaro Date: Mon, 11 Mar 2024 22:59:52 +1100 Subject: gnu: services: Add insecure-sasl-mechanisms to prosody configuration. * gnu/services/messaging.scm (prosody-configuration): Add insecure-sasl-mechanisms configuration option. * doc/guix.texi (Messaging Services): Document it. Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586 Signed-off-by: Liliana Marie Prikler --- gnu/services/messaging.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 9702170b3e..a914d0f89e 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -427,6 +427,12 @@ See @url{https://prosody.im/doc/modules/mod_tls}." @url{https://prosody.im/doc/modules/mod_saslauth}." common) + (insecure-sasl-mechanisms + (string-list '("PLAIN" "LOGIN")) + "Set of mechanisms that will not be offered on unencrypted connections. +See @url{https://prosody.im/doc/modules/mod_saslauth}." + common) + (s2s-require-encryption? (boolean #f) "Whether to force all server-to-server connections to be encrypted or not. -- cgit v1.2.3 From 3ea55fada0593cd05c686cef2f6a59ba65933ef5 Mon Sep 17 00:00:00 2001 From: Zheng Junjie Date: Sun, 17 Mar 2024 16:47:07 +0800 Subject: services: sddm: Add extension for localed-service-type. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/sddm.scm (sddm-service-type): Add extension for localed-service-type. * gnu/services/xorg.scm (xorg-configuration-keyboard-layout): Export it. Change-Id: I26e6475b733d69f1baf00786e302a3ec6d3c4a74 Signed-off-by: 宋文武 --- gnu/services/sddm.scm | 7 ++++++- gnu/services/xorg.scm | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/sddm.scm b/gnu/services/sddm.scm index 69c737829b..48695e2806 100644 --- a/gnu/services/sddm.scm +++ b/gnu/services/sddm.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2019 Ludovic Courtès ;;; Copyright © 2019 Jesse Gildersleve ;;; Copyright © 2020 Jakub Kądziołka +;;; Copyright © 2023, 2024 Zheng Junjie <873216071@qq.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -328,7 +329,11 @@ Relogin=" (if (sddm-configuration-relogin? config) (service-extension account-service-type (const %sddm-accounts)) (service-extension profile-service-type - sddm-profile-service))) + sddm-profile-service) + (service-extension localed-service-type + (compose + xorg-configuration-keyboard-layout + sddm-configuration-xorg)))) (default-value (sddm-configuration)) (description "Run SDDM, a display and log-in manager for X11 and diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index 1ee15ea90c..b86e2d3c5b 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2022 Chris Marusich ;;; Copyright © 2022 Maxim Cournoyer ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Zheng Junjie <873216071@qq.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -77,6 +78,7 @@ xorg-configuration-extra-config xorg-configuration-server xorg-configuration-server-arguments + xorg-configuration-keyboard-layout %default-xorg-modules %default-xorg-fonts -- cgit v1.2.3 From 6f9d844d2ece7b369d17bbe678978462425f869c Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 20 Mar 2024 18:48:38 +0100 Subject: services: shepherd: Load each service file in a fresh module. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes . * gnu/home/services/shepherd.scm (home-shepherd-configuration-file)[config]: Define ‘make-user-module’. Call ‘load’ in ‘save-module-excursion’. * gnu/services/shepherd.scm (shepherd-configuration-file): Likewise. Reported-by: Attila Lendvai Change-Id: I7df11c81b5bbbf2b24a8daa02502a000e0826fe0 --- gnu/home/services/shepherd.scm | 14 +++++++++++++- gnu/services/shepherd.scm | 13 ++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/home/services/shepherd.scm b/gnu/home/services/shepherd.scm index 176f4575cb..962e633618 100644 --- a/gnu/home/services/shepherd.scm +++ b/gnu/home/services/shepherd.scm @@ -77,7 +77,19 @@ as shepherd package." (use-modules (srfi srfi-34) (system repl error-handling)) - (register-services (map load '#$files)) + (define (make-user-module) + ;; Copied from (shepherd support), where it's private. + (let ((m (make-fresh-user-module))) + (module-use! m (resolve-interface '(shepherd service))) + m)) + + (register-services + (map (lambda (file) + (save-module-excursion + (lambda () + (set-current-module (make-user-module)) + (load file)))) + '#$files)) #$@(if daemonize? `((action 'root 'daemonize)) diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm index f5bcde721f..455e972535 100644 --- a/gnu/services/shepherd.scm +++ b/gnu/services/shepherd.scm @@ -383,6 +383,12 @@ as shepherd package." (use-modules (srfi srfi-34) (system repl error-handling)) + (define (make-user-module) + ;; Copied from (shepherd support), where it's private. + (let ((m (make-fresh-user-module))) + (module-use! m (resolve-interface '(shepherd service))) + m)) + ;; There's code run from shepherd that uses 'call-with-input-file' & ;; co.--e.g., the 'urandom-seed' service. Starting from Shepherd ;; 0.9.2, users need to make sure not to leak non-close-on-exec file @@ -416,7 +422,12 @@ as shepherd package." (register-services (parameterize ((current-warning-port (%make-void-port "w"))) - (map load-compiled '#$(map scm->go files)))))) + (map (lambda (file) + (save-module-excursion + (lambda () + (set-current-module (make-user-module)) + (load-compiled file)))) + '#$(map scm->go files)))))) (format #t "starting services...~%") (let ((services-to-start -- cgit v1.2.3 From a2077e5beed8956406bd16c1dd42796e75ed48ae Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 21 Mar 2024 16:24:29 +0100 Subject: services: guix-publish: Use ‘make-systemd-constructor’ unconditionally. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The #:lazy-start? parameter was added in the Shepherd 0.10.0, which is required since commit 477d4f7d241165b5a5fd315c27efd7803fad4a04. * gnu/services/base.scm (guix-publish-shepherd-service): Use ‘make-systemd-constructor’ unconditionally and pass #:lazy-start?. Change-Id: I95aa079732cd21e32091c7deea2ed2f1bc50f2f2 --- gnu/services/base.scm | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 60388a22dd..4c3821d4e3 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013-2023 Ludovic Courtès +;;; Copyright © 2013-2024 Ludovic Courtès ;;; Copyright © 2015, 2016 Alex Kost ;;; Copyright © 2015, 2016, 2020 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu @@ -2174,15 +2174,10 @@ raise a deprecation warning if the 'compression-level' field was used." ;; Use lazy socket activation unless ADVERTISE? is true: in that ;; case the process should start right away to advertise itself. - (start #~(if (and (defined? 'make-systemd-constructor) ;> 0.9.0? - #$(not advertise?)) - (make-systemd-constructor - #$command #$endpoints #$@options) - (make-forkexec-constructor #$command #$@options))) - (stop #~(if (and (defined? 'make-systemd-destructor) - #$(not advertise?)) - (make-systemd-destructor) - (make-kill-destructor)))))))) + (start #~(make-systemd-constructor + #$command #$endpoints #$@options + #:lazy-start? #$(not advertise?))) + (stop #~(make-systemd-destructor))))))) (define %guix-publish-accounts (list (user-group (name "guix-publish") (system? #t)) -- cgit v1.2.3 From 883e69cdfd226c8f40b6e3b76ce0740b59857de6 Mon Sep 17 00:00:00 2001 From: Antero Mejr Date: Fri, 26 May 2023 16:26:05 +0000 Subject: services: guix: Add ‘channels’ field. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Base Services): Document 'guix-configuration-channels' field. (Invoking guix pull): Add cross-reference. * gnu/services/base.scm (install-channels-file): New procedure. (guix-configuration): Add channels field. (guix-activation): Use 'install-channels-file' procedure. Co-authored-by: Ludovic Courtès Change-Id: I4d89235bf0bc6dde69984138ccb894b48ace9d76 --- doc/guix.texi | 18 +++++++++++++++++- gnu/services/base.scm | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 50 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/doc/guix.texi b/doc/guix.texi index b353d91bd5..e419b8d1a4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4727,7 +4727,9 @@ the user's @file{~/.config/guix/channels.scm} file, unless @option{-q} is passed; @item the system-wide @file{/etc/guix/channels.scm} file, unless @option{-q} -is passed; +is passed (on Guix System, this file can be declared in the operating +system configuration, @pxref{guix-configuration-channels, +@code{channels} field of @code{guix-configuration}}); @item the built-in default channels specified in the @code{%default-channels} variable. @@ -19806,6 +19808,20 @@ few seconds when enough entropy is available and is only done once; you might want to turn it off for instance in a virtual machine that does not need it and where the extra boot time is a problem. +@anchor{guix-configuration-channels} +@item @code{channels} (default: @code{%default-channels}) +List of channels to be specified in @file{/etc/guix/channels.scm}, which +is what @command{guix pull} uses by default (@pxref{Invoking guix +pull}). + +@quotation Note +When reconfiguring a system, the existing @file{/etc/guix/channels.scm} +file is backed up as @file{/etc/guix/channels.scm.bak} if it was +determined to be a manually modified file. This is to facilitate +migration from earlier versions, which allowed for in-place +modifications to @file{/etc/guix/channels.scm}. +@end quotation + @item @code{max-silent-time} (default: @code{3600}) @itemx @code{timeout} (default: @code{(* 3600 24)}) The number of seconds of silence and the number of seconds of activity, diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 4c3821d4e3..cd61df718e 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -83,6 +83,7 @@ #:use-module ((gnu build file-systems) #:select (mount-flags->bit-mask swap-space->flags-bit-mask)) + #:autoload (guix channels) (%default-channels channel->code) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) @@ -211,6 +212,7 @@ guix-configuration-use-substitutes? guix-configuration-substitute-urls guix-configuration-generate-substitute-key? + guix-configuration-channels guix-configuration-extra-options guix-configuration-log-file guix-configuration-environment @@ -1740,6 +1742,31 @@ archive' public keys, with GUIX." ;; Installed the declared ACL. (symlink #+default-acl acl-file)))) +(define (install-channels-file channels) + "Return a gexp with code to install CHANNELS, a list of channels, in +/etc/guix/channels.scm." + (define channels-file + (scheme-file "channels.scm" + `(list ,@(map channel->code channels)))) + + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + ;; If channels.scm already exists, move it out of the way. Create a + ;; backup if it's a regular file: it's likely that the user + ;; manually defined it. + (if (file-exists? "/etc/guix/channels.scm") + (if (and (symbolic-link? "/etc/guix/channels.scm") + (store-file-name? (readlink "/etc/guix/channels.scm"))) + (delete-file "/etc/guix/channels.scm") + (rename-file "/etc/guix/channels.scm" + "/etc/guix/channels.scm.bak")) + (mkdir-p "/etc/guix")) + + ;; Installed the declared channels. + (symlink #+channels-file "/etc/guix/channels.scm")))) + (define %default-authorized-guix-keys ;; List of authorized substitute keys. (list (file-append guix "/share/guix/berlin.guix.gnu.org.pub") @@ -1795,6 +1822,8 @@ archive' public keys, with GUIX." (default %default-substitute-urls)) (generate-substitute-key? guix-configuration-generate-substitute-key? (default #t)) ;Boolean + (channels guix-configuration-channels ;file-like + (default %default-channels)) (chroot-directories guix-configuration-chroot-directories ;list of file-like/strings (default '())) (max-silent-time guix-configuration-max-silent-time ;integer @@ -1988,7 +2017,7 @@ proxy of 'guix-daemon'...~%") (define (guix-activation config) "Return the activation gexp for CONFIG." (match-record config - (guix generate-substitute-key? authorize-key? authorized-keys) + (guix generate-substitute-key? authorize-key? authorized-keys channels) #~(begin ;; Assume that the store has BUILD-GROUP as its group. We could ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs, @@ -2005,6 +2034,9 @@ proxy of 'guix-daemon'...~%") (substitute-key-authorization authorized-keys guix) #~#f) + ;; ... and /etc/guix/channels.scm... + #$(and channels (install-channels-file channels)) + ;; ... and /etc/guix/machines.scm. #$(if (guix-build-machines config) (guix-machines-files-installation -- cgit v1.2.3