Currently connman has no main.conf as specified in 'man 5 connman.conf' which
would allow setting NetworkInterfaceBalcklist and other useful options.
This patch adds connman-general-configuration, serializes it and
passes to connmad with --config= flag.
All configuration fields are 'maybe-*' deliberately, to not disturb current
users and not require supporting configuration changes for connmand.
* gnu/services/networking.scm (<connman-general-configuration>): New
configuration record to represent main.conf for connmand.
(<connman-configuration>)[general-configuration]: New field.
(connman-shepherd-service): Honor it.
*doc/guix.texi (Networking Services): Add generated configuration.
Change-Id: I5d78f49e8b2d5e0b3cbd7b8b604e8a254b6397e8
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This also switches to use guile-next, which includes important fixes to
invalid unicode handling with suspendable ports, which is necessary for the
agent.
* gnu/packages/package-management.scm (guix-build-coordinator): Update to
0-94.c4c4f5a.
* gnu/services/guix.scm: Use guile-next for the coordinator service.
Change-Id: I853539a612fd0b41a6c63069c6291b3f42e5cdee
This construct was introduced in Shepherd 0.9.0.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Use
‘make-inetd-constructor’ unconditionally.
Change-Id: Id1b79077d60609c7f95439ee0d097dfe6e66dd2e
* gnu/services/shepherd.scm (%default-modules): Remove (oop goops).
(shepherd-service-file): Use (service …) instead of (make <service> …).
Use ‘actions’ instead of ‘make-actions’.
(scm->go): Remove use of (oop goops).
(shepherd-configuration-file): Pass ‘register-services’ a list.
Use ‘start-in-the-background’ unconditionally.
Change-Id: I0ad1ba32e339c56ee31e59f160b53d3581277d97
Due to an error in the nesting of S-Expressions, the re-linking of
/var/run/dbus to /run/dbus would occur even if it was already a
correct symlink. It should only happen if the symlink is different.
* gnu/services/dbus.scm (dbus-activation): Adjust accordingly.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Having a timeout seems generally preferable as it makes sure build slots
are not kept busy for no good reason (few package builds, if any, are
expected to exceed these values).
* nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’
and ‘buildTimeout’.
* gnu/services/base.scm (<guix-configuration>)[max-silent-time]
[timeout]: Change default values.
* doc/guix.texi (Invoking guix-daemon, Base Services): Adjust
accordingly.
Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8
Fixes <https://issues.guix.gnu.org/64653>.
The ‘dynamic-wind’ was causing files to be closed prematurely when
leaving the dynamic extent of PROC for instance via a delimited
continuation, using Fibers (that ‘dynamic-wind’ call was also
semantically incorrect in the first place).
* gnu/services/shepherd.scm (shepherd-configuration-file)
[config](call-with-file): Remove.
(call-with-input-file, call-with-output-file): Rewrite in terms of
‘call-with-port’.
Change-Id: Ica8af71a04f525a15be99985552063cb98cd6ee8
I think this might be better than handling it in the service. I'm seeing
locale issues on the hurd which I hope this will address.
* gnu/packages/package-management.scm (guix-build-coordinator,
guix-build-coordinator/agent-only):
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services,
guix-build-coordinator-agent-shepherd-services):
Change-Id: I07ca424f434854176326a19177dc5573d53b59c2
This has been effectively replaced by the bffe.
* gnu/services/guix.scm (<guix-data-service-configuration>): Remove record
type.
(guix-build-coordinator-queue-builds-shepherd-services,
guix-build-coordinator-queue-builds-activation,
guix-build-coordinator-queue-builds-account): Remove procedures
(guix-build-coordinator-queue-builds-service-type): Remove service type.
Change-Id: I2a233fb10b12cc9bfddebaa35928b25c243f82a2
* gnu/services/telephony.scm (jami-configuration->command-line-arguments)
[wrapper]: New procedure.
Use it.
(jami-shepherd-services): In ‘start’ method of ‘jami’ service, use
‘fork+exec-command’ instead of ‘make-forkexec-constructor/container’.
Remove use of (gnu build shepherd).
Change-Id: Ic71c0c88477d92bf137d9d0a5832bae8721cc210
* gnu/services/telephony.scm (jami-shepherd-services): Use
‘least-authority-wrapper’ for ‘dbus-daemon’. Use ‘fork+exec-command’
instead of ‘make-forkexec-constructor/container’ in the ‘start’ method’.
Remove reference to (gnu build shepherd).
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I9d9f8de6ecea77950000ff64aa8c8d097dc028a0
This will only affect systems running Shepherd < 0.9.0, which was
released in August 2022.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Remove
‘with-imported-modules’ and ‘modules’ field. Use
‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’ when ‘make-inetd-constructor’ is
missing.
Change-Id: I35a0487bccaee4799ad0d81388d540e5c7891f7e
* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’. Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field. Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.
Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
* gnu/services/web.scm (hpcguix-web-shepherd-service): Define
‘config-file’ and use it. Add ‘actions’ field.
Change-Id: I085df403270039ede3c13f21a5d60682c7510e2e
* gnu/services/base.scm (guix-machines-files-installation): Handle
machines being a mixed list of build-machines and lists of
build-machines.
* doc/guix.texi (Base Services): Document it.
Change-Id: Ie404562ca0b564413233c3a624046da831893dc3
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The udev-configuration record now has a hardware field.
The contents of the /etc/udev directory now includes hwdb.bin, which is
computed when the system is instanciated (prior to system activation). The
hardware description files used to generate hwdb.bin are not installed in
/etc, because they are not required at run-time.
The documentation has been reworked so as to explain why creating udev rules
or hardware needs helper functions for configuration or extension.
* gnu/services/base.scm (udev-hardware): New function.
(file->udev-hardware): New function.
(udev-hardware-service): New function.
(udev-etc): Add hwdb.d and hwdb.bin.
(module): Export udev-hardware, file->udev-hardware, and udev-hardware-service.
(<udev-configuration>): Add the native-udev field.
(udev-service-type) [extend]: Populate the hardware field.
* doc/guix.texi (Base Services)[udev-service-type]: Explain configuration and
extension values.
* doc/guix.texi (Base Services)[udev-hardware]: Document it.
[udev-hardware-service]: Same.
* doc/guix.texi (Base Services)[udev-configuration]: Document the native-udev
field.
* gnu/services/base.scm (udev-configurations-union): New function.
(udev-configuration-file): New function, use file->udev-configuration-file.
(file->udev-configuration-file): New function.
(udev-rules-union): Use udev-configurations-union.
(udev-rule): Use udev-configuration-file.
(file->udev-rule): Use file->udev-configuration-file.
According to https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3101, glib
now searches for the session bus socket in runstatedir. The dbus service must
thus have its socket in /run/dbus.
For interoperability with the dbus standard, /run/dbus is also symlinked to
/var/run/dbus.
* gnu/services/dbus.scm (dbus-activation): Symlink /run/dbus to /var/run/dbus.
(%dbus-accounts): Run dbus in /run/dbus.
(dbus-root-service-type): Save the pid file in /run/dbus.
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Introduces 'base-transducer', a SRFI-171 based transducer that can be used as a
starting point for writing custom configuration record serializing procedures.
This also fixes the symbol maybe-value serialization test case.
* gnu/services/configuration.scm (empty-serializer?): New predicate.
(base-transducer, tfilter-maybe-value): New procedure.
(serialize-configuration): Adapt to use base-transducer.
* gnu/services/telephony.scm (jami-account->alist): Use transducers to skip
fields that are unserializable or whose field maybe-value is unset.
* tests/services/configuration.scm: Remove test-expect-fail.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Starting with 953c65ffdd, offloading to
the Hurd VM would be enabled by default. However, ‘root’ had an empty
password so any user on the host could connect to the VM over VNC, log
in as root, and potentially populate the host’s store from there. This
change fixes that.
* gnu/services/virtualization.scm (operating-system-with-locked-root-account):
New procedure.
(hurd-vm-disk-image)[transform]: Add
‘operating-system-with-locked-root-account’ when offloading.
This a avoids a Guile warning about the name collision with (guix build
utils). The warning was introduced by commit
e0e85f2b23.
* gnu/services/mcron.scm (mcron-shepherd-services): Hide ‘mkdir-p’.
* gnu/services/vnc.scm (xvnc-configuration->command-line-arguments): Omit X
display number when inetd? is #t.
Change-Id: I0fc8e3068f3ae22421e60e96bd40e3b6e477ca99
Previously, a default name would be used for transient inetd services,
leading to names such as #{5rjnskb6011jgmfmpgp63jp9mh9nkl20-rsync-3274}#.
* gnu/services/rsync.scm (rsync-shepherd-service): Pass #:service-name-stem.
Change-Id: I4d0a4a01e122c6eeaa85f104b083cf7e8709eac3
Packets for local host IP ranges should be coming only over lo. If that is
not the case, we should drop them. Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.
* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/mcron.scm (mcron-shepherd-services): Do not #:select
‘%user-log-dir’ from (shepherd support) since it’s missing in the
Shepherd 0.8, which is still used on GNU/Hurd.
This allows for zero-configuration offloading to a childhurd.
* gnu/services/virtualization.scm (operating-system-with-offloading-account):
New procedure.
(<hurd-vm-configuration>)[offloading?]: New field.
(hurd-vm-disk-image): Define ‘transform’ and use it.
(hurd-vm-activation): Generate SSH key for user ‘offloading’ and add
authorize it via /etc/childhurd/etc/ssh/authorized_keys.d.
(hurd-vm-configuration-offloading-ssh-key)
(hurd-vm-guix-extension): New procedures.
(hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension.
* gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New
procedure.
[os]: Add (gnu build install) and its closure to #:import-modules.
[test]: Add “copy-on-write store” and “offloading” tests.
* doc/guix.texi (Virtualization Services): Document it.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
