To avoid needing to support all possible configuration options in the Guix
service.
* gnu/services/guix.scm
(guix-build-coordinator-configuration-extra-build-coordinator-arguments): New
procedure.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Support
extra-build-coordinator-arguments and include them when calling
make-build-coordinator.
(guix-build-coordinator-shepherd-services): Pass
extra-build-coordinator-arguments through when calling
make-guix-build-coordinator-start-script.
Change-Id: I6531275bf2922f762b3422746c6207b834656b5c
* gnu/services/messaging.scm (<mosquitto-configuration>): New record type.
(mosquitto-accounts): New procedure.
(mosquitto-shepherd-service): New procedure.
(mosquitto-service-type): New variable.
* doc/guix.texi (Messaging Services): Document it.
Change-Id: I3500c5b6b69084c1f4a6da66ea45bfd42c871f3f
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.
I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.
This fixes the issue by looking for type of a file through lstat, instead of
relying on file-exists?. If the symlink is a broken symlink, it is
removed. Other than that the old behavior is kept:
- If regular file, back it up
- If symlink pointing to the store, remove it
- If symlink not pointing to the store, back it up
* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
possibly-dangling symbolic link.
Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
`kded' is a daemon responsible for many features of the Plasma desktop, it
provides media keys handling, a system tray, 'Background Services' control
through 'kcmshell6 kcm_kded'...
* gnu/packages/kde-plasma.scm (plasma): Add `kded' to propagated inputs.
* gnu/services/desktop.scm (plasma-dbus-service): Add `kded' to the list of
services passed to `dbus-configuration'.
Change-Id: Ifffdaecdb28a6369727ab8d118a775d73ee342e9
Signed-off-by: Zheng Junjie <z572@z572.online>
This commit adds a password-file to the postgresql-role field. It
allows users to provision Postgres roles with a set password.
* gnu/services/databases.scm (postgresql-role): Add password-file field.
(postgresql-role-configuration): Add requirement field.
(postgresql-create-roles): Add support for setting passwords from a
file without leaking passwords to the command line.
(postgresql-role-shepherd-service): Add support for customizable
requirements.
(postgresql-role-service-type): Pass on postgresql-role-configuration
fields values by default, this way user configured fields are not lost.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document the new field and fix the extension point example.
Change-Id: I3aabaa10b0c5e826c5aa874e5649e25a3508a585
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/virtualization.scm (libvirt-configuration): Fix typos and
punctuation, and decorate with more Texinfo adornments. Remove extraneous
text. Convert enumerations to sentences re-generating the Texinfo
documentation with configuration->documentation doesn't require fixing these
by hand after (the text is re-flowed, breaking enumerations). Mention the use
of 'log-filters' is preferable to 'log-level', as commented in the defaut
libvirt.conf template.
* doc/guix.texi (Virtualization Services): Re-generate.
Change-Id: Icc2abe21a787b4bb6ac3b35a95f6aaaf3bbda9aa
This re-introduces commit dd64f441d3, which had
been reverted due to previously causing a system hang when debug? was enabled,
a problem that appears to have been resolved within Shepherd.
* gnu/services/base.scm (<udev-configuration>): <debug?>: New field.
* gnu/services/base.scm (udev-shepherd-service): Use it to add '--debug' to
the command line, if applicable.
* doc/guix.texi (Base Services): Document it.
Change-Id: I88243fb4f321ff0876dd227e3c2b22082d37cfcf
It is often useful to be able to use the `postgres' user for management tasks,
so this commit allows setting that. The default behavior is not changed.
I have also added missing exports and sorted them by alphabet.
* gnu/services/databases.scm (%default-home-directory): New variable.
(<postgresql-configuration>): Add home-directory, allow-login? fields.
(create-postgresql-account): Use them.
* doc/guix.texi (Database Services): Document it.
Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
This makes it possible to use it for the privileged (root) user as well as an
unprivileged user.
* gnu/services/herd.scm (%shepherd-socket-file): Use
/run/user/$uid/shepherd/socket when using an unprivileged user.
Change-Id: I62cf358ffc233aba61cc64235c4b67c4fc944d2e
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group in addition to the others.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
(Migrating to the Unprivileged Daemon): Explain that this is automatic
on Guix System.
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
Otherwise the service could fail starting if the networking interface takes
some time to be created during the boot (one such example are WireGuard
interfaces).
* gnu/services/messaging.scm (ngircd-configuration)
[shepherd-requirement]: Add networking.
* doc/guix.texi (Messaging Services): Update.
Change-Id: I387ae5780a35cad5b74d9883ac53f13de1a08c78
* gnu/services/sound.scm (speakersafetyd-configuration) [log-file]: New field.
(speakersafetyd): Use it via #:log-file.
Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2
* gnu/services/sound.scm (speakersafetyd): Run as unprivileged user.
(speakersafetyd-accounts): New procedure.
(speakersafetyd-activation): Likewise.
(speakersafetyd-shepherd-service): Specify the #:group, #:user and
#:supplementary-groups arguments.
(speakersafetyd-service-type): Extend activation-service-type.
Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2
The use of make-systemd-constructor appears to cause problems when connecting
via TLS (see: https://github.com/ngircd/ngircd/issues/330).
* gnu/services/messaging.scm (ngircd-global): [pid-file]: Set default value
and remove maybeness. Adjust doc.
* gnu/services/messaging.scm (ngircd-configuration): Adjust comment.
(ngircd-wrapper): Expose writable PID file and preserve pid namespace.
(ngircd-shepherd-service): Replace make-systemd-constructor with
make-forkexec-constructor and adjust surrounding accordingly.
(ngircd-activation): New procedure.
(ngircd-service-type): Extend activation-service-type with it.
Change-Id: Ic7c135ab45122e180107cde8bb9976426e3afbc4
This was the original intention, as PAM authentication cannot be easily
satisfied when the service runs as non-root, which is the case.
* gnu/services/messaging.scm (ngircd-configuration) <options>: Remove maybe
and set default value.
* doc/guix.texi (Messaging Services): Update.
Change-Id: I8435cf5be7206f9165d69cbbac11c205bf928c8f
Prior to this change, only the udev rules installed to eudev's prefix were
consulted by tools such as udevadm, leading to problems such as when
configuring network interfaces, or attempting to override its default rules.
While our custom eudev patch adding support for the EUDEV_RULES_DIRECTORY
environment variable could have been refined to take precedence over the
package's configured udevrulesdir, this was not pursued for the following
reasons:
1. Due to eudev's using inotify to detect new rules, the EUDEV_RULES_DIRECTORY
is fixed in Guix System, per commit e9fa17eb98 ("services: udev: Use a fixed
location for the rules directory and config.")
2. Users would have had to set EUDEV_RULES_DIRECTORY to the fixed directory
themselves to have udevadm work as expected, which is inconvenient.
3. This simple solution is already implemented and tested in NixPkgs.
* gnu/packages/linux.scm (eudev) [source]: Remove custom patch.
[arguments] <#:make-flags>: New argument.
<#:phases>: Override install phase to alter installation make flags.
* gnu/services/base.scm (udev-shepherd-service): Do not set
EUDEV_RULES_DIRECTORY environment variable.
* gnu/packages/patches/eudev-rules-directory.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): De-register it.
Fixes: https://issues.guix.gnu.org/63508
Reported-by: Felix Lechner <felix.lechner@lease-up.com>
Change-Id: Ib8698f4b452f6fd0951bcd71831705b1be85e6e0
This environment variable used to be honored by udevd, but that is no longer
the case (as shown by grepping its source).
* gnu/services/base.scm (udev-shepherd-service) <#:environment-variables>:
Remove UDEV_CONFIG_FILE.
Change-Id: I0828de76e8da429432bc0679903aa501c99625af
* gnu/services/mail.scm (opensmtpd-configuration): Add log-file field.
(opensmtpd-shepherd-service)[start]: Add a command line flag to not
daemonize. Drop #:pid-file. Add #:log-file.
* doc/guix.texi (Mail Services): Document the additional parameter.
Change-Id: I485e040d680ccb39fa62e49d2e6ea916f047972c
Signed-off-by: Andreas Enge <andreas@enge.fr>
Reported by nigko on #guix:
https://logs.guix.gnu.org/guix/2025-04-05.log#201718
* gnu/services/base.scm (urandom-seed-shepherd-service): Return #f when
stopped.
Change-Id: I8212508e4a017270e4e9284b43170cd17999e8b4
* gnu/services/web.scm (anonip-log-files): New procedure.
(anonip-service-type): Use it to extend ‘log-rotation-service-type’.
* doc/guix.texi (Log Rotation): Document it.
Change-Id: I903bb79e0992b794bb0a40e504283cd57a8a087b
* gnu/services/pm.scm (tlp-shepherd-service): Make destructor
return #f on success. Destructor "should return #f if it is
now possible again to start the service at a later point"
(shepherd manual).
Change-Id: Ic0d21d32af158da1ae940d9c32c05a3471767764
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (qemu-binfmt-shepherd-services)
[requirement]: Add file-system-/gnu/store.
qemu-binfmt service write references to the store to
/proc/sys/fs/binfmt_misc/qemu-[architecture] files, therefore
/gnu/store needs to be mounted during the lifetime of the service
instance. If /gnu/store does not remain mounted, the issues
discussed by nigko and Rutherther on IRC are arisen:
https://logs.guix.gnu.org/guix/2025-04-05.loghttps://logs.guix.gnu.org/guix/2025-04-08.log
Change-Id: I7e7a42a5ba0e39aa58c997739898f3457dd793a9
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/messaging.scm (ngircd-configuration): Adjust comment.
(ngircd-wrapper): Nest bindings within the (maybe-value-set? ssl) check, to
avoid errors when not providing an explicit value to the ssl field.
(ngircd-service-type) [default-value]: New field.
Change-Id: I1d2d7973cc9314e9bbc5870bf7b5f872d074b49b
* gnu/services/base.scm (guix-shepherd-service): Change ‘start’ to use
‘make-systemd-constructor’ in the default case. Remove now-redundant
code creating /var/guix/daemon-socket/. Adjust ‘stop’ method to use
‘make-systemd-destructor’ when appropriate.
Change-Id: I3572670c90f65509fbad01dcf13a60f772a86839
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method, use
‘fork+exec-command’ in the default case.
Change-Id: Id04d3d2651f89fbcdb2f17f027df91e132ff9ed1
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method,
move ‘fork+exec-command/container’ arguments to the new variables
‘daemon-command’ and ‘environment-variables’.
Change-Id: Ic04a1006849697e4e185ad94185bbdec8a91a05a
* gnu/services/version-control.scm (<gitolite-configuration>): Add admin-name
field.
(gitolite-activation): Use it.
* doc/guix.texi (Version Control Services): Document it. Remove the wrong
default value of admin-pubkey. State the need for .pub extension.
Change-Id: Idadf4b2697cee6d1da10e6ba03bdc2e1d729c417
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
In preparation for further customizability of the git configuration, extract
the current setup into a separate record type.
* gnu/services/version-control.scm (<gitolite-git-configuration>): New record
type.
(gitolite-git-configuration-compiler): And gexp compiler for it.
(<gitolite-configuration>): Add git-config field.
(gitolite-activation): Use it.
* doc/guix.texi (Version Control Services): Document both.
Change-Id: I7658698a93f938f62f41a4fa45b72de1eeb14414
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
It is not ideal to pollute the path with the binaries from the gitolite
package, so adjust the package to support that and the service to no longer
install it.
* gnu/packages/version-control.scm (make-gitolite)[arguments]<#:phases>
{'patch-scripts}: Use store file name of gitolite-shell.
* gnu/services/version-control.scm (gitolite-service-type): Drop the extension
of profile-service-type.
Change-Id: I25459ccd80bda892b6d188b2b6fa99baee339cba
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/version-control.scm (gitolite-rc-file-default-enable): New
exported variable.
(gitolite-rc-file-compiler)[enable]: Use it.
Change-Id: Ie6326ff69f3d454d96db6629dd5387757567d68f
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Copied over from the official configuration file, this sets a correct major
mode when you visit the generated file.
* gnu/services/version-control.scm (gitolite-rc-file-compiler): Add local
variables.
Change-Id: I8a9d794a1e3c7049ae606165cf939d81b5dbdf6e
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
