Instead, run it as the created go-webdav user. Since go-webdav doesn't
drop privileges by itself this requires explicitly passing the users and
group via make-forkexec-constructor, which was overlooked here.
Without this patch, the account created by go-webdav-account-service
is just not used at all, which is not what was intended here.
* gnu/services/web.scm (go-webdav-shepherd-service): Pass #:user as well
as #:group to make-forkexec-constructor.
Change-Id: Ib48aa7884aca84c488133a035a76a7edfaaf0aab
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Instead, run it as the created sogogi user. Since sogogi doesn't drop
privileges by itself this requires explicitly passing the users and
group via make-forkexec-constructor, which was overlooked here.
Without this patch, the account created by sogogi-account-service
is just not used at all, which is not what was intended here.
* gnu/services/web.scm (sogogi-shepherd-service): Pass #:user as well
as #:group to make-forkexec-constructor.
Change-Id: Ifcb4291090e1aa6a43502c9ed581b0b0ff68a1b4
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Also export guix-data-service-extra-options and
guix-data-service-extra-process-jobs-options since this was missed previously.
* gnu/services/guix.scm (<guix-data-service-configuration>): Add
extra-environment-variables and extra-process-jobs-environment-variables.
(guix-data-service-shepherd-services): Use them.
* doc/guix.texi (Guix Services): Document them.
Change-Id: I60f1371a86a01c4fb3dbde204dba84b9a8657ace
* gnu/services/databases.scm (%default-postgres-hba):
Change the authentification method from the deprecated md5
to the recommended scram-sha-256.
Change-Id: I4ae06bf2f77daa7a9339964182153c5f02897e4f
Merges: https://codeberg.org/guix/guix/pulls/7780
Reviewed-by: jgart <jgart@dismail.de>
Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
A previous commit (c7cb771cf4) fixed an issue with the nginx service to
ensure it can be stopped when started from a custom config file.
The stop command, which should have been `nginx -s stop`, was mistakenly
written as `nginx stop`, which means that `herd stop nginx` still fails
in the given case. This commit corrects that typo.
* gnu/services/web.scm (nginx-shepherd-service): In ‘stop’, correctly
call “nginx -s stop” when ‘value’ is not a process.
Fixes: guix/guix#7061
Reported-by: Dan Littlewood
Change-Id: I3055fc24084d30da969afd508861d2423a396ced
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #8128
For the output ports, as this can cause problems with fibers.
* gnu/services/guix.scm (bffe-shepherd-services): Don't use line buffered
output.
Change-Id: I93a24ea2bad2d7beac795caf515ffd7a259247a7
For the output ports, as this can cause problems with fibers.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Don't use
line buffered output.
Change-Id: I7b26ef252b6f6999e8a39b5d872a780a99f3852c
Handling of non-NFS/SMB mounts was buggy and did not work at all.
* gnu/services/nfs.scm (autofs-configuration->requirements): Add an `else' to
prevent losing the accumulator in the fold.
(autofs-configuration->requirements): Call `delete-duplicates' on the input,
not the output.
Fixes#7927.
Change-Id: I0cccde431d0bd19dc63be8754fb6dfa35a6f8a49
This patch implements a general API to serialize configuration records
to list of pairs representing environment variables. The car of each
pair represents the variable name and the cdr the variable value.
* gnu/services/configuration/environment-variables.scm: New file.
(serialize-string-environment-variable)
(serialize-maybe-string-environment-variable)
(serialize-boolean-environment-variable)
(serialize-maybe-boolean-environment-variable)
(serialize-number-environment-variable)
(serialize-maybe-number-environment-variable): New variables.
(serialize-environment-variables): New variable.
* gnu/services/configuration/utils.scm: New file.
(uglify-snake-case): New variable.
* tests/services/configuration.scm: Add tests for environment serializer.
(wrong type for a field): Adjust error location.
* doc/guix.texi: Document it.
Change-Id: I81a166576f94d3c8f5bf78c82a02183689a3091c
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Previously, when the ‘file’ field of ‘nginx-configuration’ was true, the PID
file would be unknown; thus, the ‘start’ method would return #t and the ‘stop’
method would eventually fail with a type error because it would receive #t
instead of a process.
This fixes it by changing ‘stop’ to invoke “nginx -s stop” when the service’s
value is not a process.
* gnu/services/web.scm (nginx-shepherd-service): In ‘stop’, change to invoke
“nginx -s stop” when ‘value’ is not a process.
Fixes: guix/guix#7061
Reported-by: Dan Littlewood
Change-Id: I20ff065ecd2c64e5fc98f59c25d91b300bc7b4cd
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #7543
When you want to invoke wg-quick yourself, for example from a script,
this procedure is useful to produce the configuration file for it.
* gnu/services/vpn.scm (define-module)<#:export>:
Add wireguard-configuration-file.
Change-Id: Ifab8a9d731de19d2943517bf18c156a56fea4cca
Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
* gnu/services/web.scm (sogogi-service-type): New services.
(sogogi-serialize-section, sogogi-serialize-field)
(sogogi-serialize-string, sogogi-serialize-list-of-strings)
(sogogi-serialize-sogogi-user, sogogi-serialize-sogogi-location)
(sogogi-serialize-list-of-sogogi-user): New procedures.
(sogogi-user, sogogi-location)
(sogogi-configuration): New record types.
(sogogi-account-service): New variable.
(sogogi-config-file, sogogi-shepherd-service): New procedures.
* gnu/tests/web.scm (%test-sogogi): Add tests for the service.
* doc/guix.texi (Web Services): Document it.
Change-Id: I5cc6dd84d6c7c8d5d13b685853b19c5d433ed7e5
* gnu/services/dbus.scm (rtkit-service-type): New variable.
(rtkit-configuration): New record.
Change-Id: I5078cb5032824c7799e7d26962911bbc67527562
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
There was one level of parentheses too much, leading to errors when the script
was invoked due to trying to apply e.g., 0 or #t. So either use begin, or
strip one level, as appropriate.
* gnu/services/power.scm (apcupsd-event-handlers): Fix all G-expressions.
Signed-off-by: Andreas Enge <andreas@enge.fr>
* gnu/services/desktop.scm (plasma-udev-configurations): New variable.
(plasma-desktop-service-type): Extend udev-service-type with it.
Change-Id: Ifcf08c731b1173c9c811b22744072538e4df7e36
* gnu/services/messaging.scm (%default-soju-shepherd-requirement): New
variable.
(soju-ssl-certificate): New configuration record.
(soju-database): New configuration record.
(soju-configuration): New configuration record.
(serialize-soju-configuration,soju-activation,soju-accounts,
soju-shepherd-services): New procedures.
(soju-service-type): New service.
(serialize-ngircd-configuration): Reformat.
(pounce-configuration): Reformat.
* doc/guix.texi: Document the new soju service.
* gnu/tests/messaging.scm: Test the new soju service.
Change-Id: I6223ecac1aaaab76bd75461851ffe4cec0678118
* gnu/services/linux.scm
(tuned-configuration,tuned-settings,tuned-ppd-settings): New
configuration records.
(tuned-file-systems,tuned-activation,tuned-shepherd-services,
tuned-kernel-modules): New procedures.
(tuned-service-type): New service type.
* doc/guix.texi: Add service documentation.
Change-Id: I6c8d54c23175c2ea133d99965641c548fb1d6452
* gnu/services/virtualization.scm (%libvirt-activation): Activate
default libvirt network configuration file.
* gnu/tests/virtualization.scm (run-libvirt-test): Drop network
definition test and replace it with a test checking that the default
network is inactive by default.
Change-Id: I03b6314a390c6d93ebf886d7033867ff5cacad74
* gnu/services/upnp.scm (readymedia-activation): For home services, if the
media directory paths are relative, create it in the user's home directory.
* doc/guix.texi (Miscellaneous Services)[DLNA/UPnP Services]: Update doc.
Change-Id: I39176320d6c33c56c5b80ad9e67e989ee41565da
* gnu/services/web.scm
(<gunicorn-configuration>, <gunicorn-app>): New records.
(unix-socket?, unix-socket-path, gunicorn-activation,
gunicorn-shepherd-services): New procedures.
(gunicorn-service-type): New variable.
* doc/guix.texi (Web Services): Document the new service.
Co-authored-by: Arun Isaac <arunisaac@systemreboot.net>
Change-Id: I3aa970422e6a5d31158b798b1061e6928ad2160b
Signed-off-by: jgart <jgart@dismail.de>
Dockerfile's ENTRYPOINT statement supports also a list of strings. This
patch implements this behavior for oci-container-configuration.
* oci/services/containers.scm (string-or-list-of-strings?): New
procedure.
(oci-container-configuration)[entrypoint]: Change field type to
maybe-string-or-list-of-strings.
(oci-container-configuration->options): Use it.
* doc/guix.texi: Document it.
Change-Id: I1c94dec79c9f4b2324225810a7926be251bfd795
Reviewed-by: Owen T. Heisler <writer@owenh.net>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
This commit allows oci-image records to be directly compiled to tarballs
file names when ungexeped, by means of a gexp compiler. It is supposed
to make the usage of oci-images in gexp smoother.
* oci/services/containers.scm (lower-manifest): Reformat and derive
tarball name from the image reference.
(lower-oci-image-state): Drop procedure and merge with lower-oci-image.
(oci-image-compiler): Implement in terms of lower-oci-image.
(oci-image-loader): Drop call to lower-oci-image and directly ungexp the
oci-image record.
Change-Id: I1755585a10294ad94c8025e7c35d454319174efc
Reviewed-by: Owen T. Heisler <writer@owenh.net>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/services/upnp.scm (%readymedia-default-pid-directory): New variable.
(%readymedia-pid-file): New procedure.
(readymedia-shepherd-service)[start]: Start with the pid file.
(readymedia-activation): Create the pid directory.
* gnu/tests/upnp.scm (run-readymedia-test): Test the pid directory and file.
Merges: https://codeberg.org/guix/guix/pulls/1007
Change-Id: I454a89d25afe0e9bb0414645b1e4594afdf89058
Signed-off-by: Giacomo Leidi <therewasa@fishinthecalculator.me>
* gnu/services/upnp.scm (%readymedia-default-log-directory): Remove variable.
(%readymedia-default-log-file): New procedure.
(%readymedia-default-cache-directory): Turn it into a procedure.
(<readymedia-configuration>)[log-directory]: Remove field.
[log-file]: New field.
[cache-directory]: Set to %readymedia-default-cache-directory.
(readymedia-configuration->config-file): Remove "user" and "log_dir" fields.
(readymedia-shepherd-service)[modules]: Add (shepherd support).
[start]: Do not map the log-directory. For home services, do not wrap the
program with least-authority-wrapper.
(readymedia-activation): Do not create the log-directory.
* gnu/home/services/upnp.scm (%readymedia-cache-file, %readymedia-cache-path,
%readymedia-log-path): Remove variables.
(run-readymedia-test): Use the procedures properly. Do not test the
log directory. Test the log file.
* doc/guix.texi (Miscellaneous Services)[DLNA/UPnP Services]: Update doc.
Change-Id: I97d84b5287c374ddb26a495f20a36f986b0c142d
Signed-off-by: Giacomo Leidi <therewasa@fishinthecalculator.me>
The implementation of postgresql-role's password up until now relied on
spawining a subshell reading the password file and passing its content
via command line to a psql process which would create users and set
passwords. This allowed a (fast) attacker to eavesdrop, via the kernel
command line facility, the password while they were read,
without having the permissions required for reading the password
file.
This new implementation reads passwords directly from password files
into the Guile process, temporarily stores them in query files living in
a memory backed file system and deletes the query files after executing
them. It also makes sure to turn off logging of commands for the
duration of the password setting transaction, so passwords don't get
leaked to system logs through misconfiguration.
* gnu/services/databases.scm (%postgresql-role-runtime-dir): New
variable.
(postgresql-create-roles): Rework the way passwords are set to avoid
leaking them through subshells and command lines.
(%postgresql-role-file-systems): New variable.
(postgresql-role-service-type): Add file-system-service-type extension
point.
Change-Id: I52406d1d24f5d163081b5c21d3e1760fc0b67a1e
Sören Tempel