* gnu/services/virtualization.scm (%libvirt-activation): Activate
default libvirt network configuration file.
* gnu/tests/virtualization.scm (run-libvirt-test): Drop network
definition test and replace it with a test checking that the default
network is inactive by default.
Change-Id: I03b6314a390c6d93ebf886d7033867ff5cacad74
* gnu/services/upnp.scm (readymedia-activation): For home services, if the
media directory paths are relative, create it in the user's home directory.
* doc/guix.texi (Miscellaneous Services)[DLNA/UPnP Services]: Update doc.
Change-Id: I39176320d6c33c56c5b80ad9e67e989ee41565da
* gnu/services/web.scm
(<gunicorn-configuration>, <gunicorn-app>): New records.
(unix-socket?, unix-socket-path, gunicorn-activation,
gunicorn-shepherd-services): New procedures.
(gunicorn-service-type): New variable.
* doc/guix.texi (Web Services): Document the new service.
Co-authored-by: Arun Isaac <arunisaac@systemreboot.net>
Change-Id: I3aa970422e6a5d31158b798b1061e6928ad2160b
Signed-off-by: jgart <jgart@dismail.de>
Dockerfile's ENTRYPOINT statement supports also a list of strings. This
patch implements this behavior for oci-container-configuration.
* oci/services/containers.scm (string-or-list-of-strings?): New
procedure.
(oci-container-configuration)[entrypoint]: Change field type to
maybe-string-or-list-of-strings.
(oci-container-configuration->options): Use it.
* doc/guix.texi: Document it.
Change-Id: I1c94dec79c9f4b2324225810a7926be251bfd795
Reviewed-by: Owen T. Heisler <writer@owenh.net>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
This commit allows oci-image records to be directly compiled to tarballs
file names when ungexeped, by means of a gexp compiler. It is supposed
to make the usage of oci-images in gexp smoother.
* oci/services/containers.scm (lower-manifest): Reformat and derive
tarball name from the image reference.
(lower-oci-image-state): Drop procedure and merge with lower-oci-image.
(oci-image-compiler): Implement in terms of lower-oci-image.
(oci-image-loader): Drop call to lower-oci-image and directly ungexp the
oci-image record.
Change-Id: I1755585a10294ad94c8025e7c35d454319174efc
Reviewed-by: Owen T. Heisler <writer@owenh.net>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/services/upnp.scm (%readymedia-default-pid-directory): New variable.
(%readymedia-pid-file): New procedure.
(readymedia-shepherd-service)[start]: Start with the pid file.
(readymedia-activation): Create the pid directory.
* gnu/tests/upnp.scm (run-readymedia-test): Test the pid directory and file.
Merges: https://codeberg.org/guix/guix/pulls/1007
Change-Id: I454a89d25afe0e9bb0414645b1e4594afdf89058
Signed-off-by: Giacomo Leidi <therewasa@fishinthecalculator.me>
* gnu/services/upnp.scm (%readymedia-default-log-directory): Remove variable.
(%readymedia-default-log-file): New procedure.
(%readymedia-default-cache-directory): Turn it into a procedure.
(<readymedia-configuration>)[log-directory]: Remove field.
[log-file]: New field.
[cache-directory]: Set to %readymedia-default-cache-directory.
(readymedia-configuration->config-file): Remove "user" and "log_dir" fields.
(readymedia-shepherd-service)[modules]: Add (shepherd support).
[start]: Do not map the log-directory. For home services, do not wrap the
program with least-authority-wrapper.
(readymedia-activation): Do not create the log-directory.
* gnu/home/services/upnp.scm (%readymedia-cache-file, %readymedia-cache-path,
%readymedia-log-path): Remove variables.
(run-readymedia-test): Use the procedures properly. Do not test the
log directory. Test the log file.
* doc/guix.texi (Miscellaneous Services)[DLNA/UPnP Services]: Update doc.
Change-Id: I97d84b5287c374ddb26a495f20a36f986b0c142d
Signed-off-by: Giacomo Leidi <therewasa@fishinthecalculator.me>
The implementation of postgresql-role's password up until now relied on
spawining a subshell reading the password file and passing its content
via command line to a psql process which would create users and set
passwords. This allowed a (fast) attacker to eavesdrop, via the kernel
command line facility, the password while they were read,
without having the permissions required for reading the password
file.
This new implementation reads passwords directly from password files
into the Guile process, temporarily stores them in query files living in
a memory backed file system and deletes the query files after executing
them. It also makes sure to turn off logging of commands for the
duration of the password setting transaction, so passwords don't get
leaked to system logs through misconfiguration.
* gnu/services/databases.scm (%postgresql-role-runtime-dir): New
variable.
(postgresql-create-roles): Rework the way passwords are set to avoid
leaking them through subshells and command lines.
(%postgresql-role-file-systems): New variable.
(postgresql-role-service-type): Add file-system-service-type extension
point.
Change-Id: I52406d1d24f5d163081b5c21d3e1760fc0b67a1e
* gnu/services/web.scm (go-webdav-service-type): New service.
(go-webdav-account-service): New variable.
(go-webdav-shepherd-service): New procedures.
* gnu/tests/web.scm (%test-go-webdav): Add tests for the service.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
* gnu/services/base.scm (assert-network-route-scope): New procedure.
(<network-route>)[scope]: New field.
(network-set-up/linux)[route-scope->constant]: New procedure.
Use it to pass #:scope to ‘route-add’.
* doc/guix.texi (Networking Setup): Document it.
Fixes: guix/guix#4175
Reported-by: Christopher Baines <mail@cbaines.net>
Change-Id: I24399eca6e691d63fa3d01be564060a3d693d650
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #5507
* gnu/services/base.scm (assert-network-link-mac-address): Change error
message string to conform to standards.
(assert-network-link-type): Change to ‘define-with-syntax-properties’ since
previously it would reject a non-literal symbol. Adjust message string.
Change-Id: I0a8b9d7512ca7567f9d60eb15ad6fb4e05020e48
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/xorg.scm (gdm-shepherd-service)
[start] <#:environment-variables>: Add system profile to XDG_DATA_DIRS so that
we can use fonts installed in it.
Change-Id: Idd11fe0a5d5d57db5459a5c2a9471d1bf640a6ef
* gnu/services/desktop.scm
(desktop-services-for-system): Use gdm on all 64-bit systems.
* gnu/services/xorg.scm (set-xorg-configuration): Adapt to
desktop-services-for-system change.
* gnu/system/examples/desktop.tmpl: Determine the support of Gnome by checking
for supported package.
Fixes: #5388
Change-Id: I0d512a7c31188cea0335e66f00a6d65ae59d09a4
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
This adds the possibility to parse /proc/consoles to find a primary console.
Then, on AArch64 this is used in the installation image. On AArch64, the boot
usually happens with chosen device tree that contains the serial console.
On x86_64, this does not happen so often, so we keep the installation iso
minimal there.
The primary console is chosen, but there is a fallback to any non-virtual one.
Virtual console (/dev/tty0) is skipped, because that one can point to any
console, like /dev/tty1 and so on. So it's not safe to register agetty on it.
* gnu/build/linux-boot.scm (read-linux-consoles): New variable.
* gnu/services/base.scm (default-serial-console): Use primary console as
fallback.
* gnu/system/install.scm (%installation-services): Add agetty tty for
consoles.
Change-Id: Iae01f7bc85b5ffdef2e52b1d0710889915b0f54a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
* gnu/services/configuration.scm (list-of-packages?): Allow as well
tuples of a package and its output.
* gnu/home/services/sway.scm (list-of-packages): Remove duplicate.
Change-Id: I42622a29ac808c76928e9056dee9330d5e1b3f39
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #5470
* gnu/services/opensnitch.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add reference to it.
* doc/guix.texi (Miscellaneous Services, Security): Document it.
* gnu/tests/security.scm (%test-opensnitch): New variable.
Change-Id: I63d1b6636b3aaecf399664ec97383d82ff1391d1
A bug in #21 causes the default configuration to be omitted from the xorg
merging process. This can cause users not using set-xorg-configuration or
service extensions to end up with a broken configuration.
Fixes#5267.
* tests/services/xorg.scm: Add a regression test.
* gnu/services/xorg.scm (handle-xorg-configuration): Include the
xorg-configuration record from config in merges.
Change-Id: I6bed8c109057cb9b5de36db68b78e3ccc88e6bcb
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
Configuration for xorg is embedded in the various display-manager
configuration records, and extension support is factored out into the
`handle-xorg-configuration' macro. However, the extension mechanism replaces
the existing xorg-configuration with the supplied one, making it impossible to
compose configuration from multiple sources. This patch adds a procedure to
merge two xorg-configuration records, and calls it within
handle-xorg-configuration, allowing the config to be built piecemeal.
* gnu/services/xorg.scm (merge-xorg-configurations): New variable.
(handle-xorg-configuration): Merge xorg configs.
Change-Id: I20e9db911eef5d4efe98fdf382f3084e4defc1ba
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Greetd's initial-session (i.e. auto-login) functionality requires runfiles
to be deleted on shutdown. Use a tmpfs to ensure said runfiles do not linger.
* gnu/services/base.scm (make-greetd-terminal-configuration-file): Add
“runfile” to configuration.
(%greetd-file-systems): Add a tmpfs for “/run/greetd/runfiles”.
Change-Id: I07319d5d8bdb1e18fb0074b67d5c9cb9fb49b04a
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
The xorg modules are used inside of services that's thunked. So we can
make them depend on the %current-system.
* gnu/services/xorg.scm
(default-xorg-modules): New variable.
(%default-xorg-modules): Return result of (default-xorg-modules).
Change-Id: I10f722e52d598ce3e83ef3f200b3bd953bc08e17
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Newly user-file-systems should be required by services
that do operations with mounts.
Change-Id: Ib0438bb2e783e1d7131dcea6a8c166e83850de81
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
* gnu/services/base.scm (file-system-shepherd-services): Reverse order of
mount-points in service 'user-file-systems.
Change-Id: I68df0c22bc6bacdc866b9adf62e7059f20e5842f
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Previously 'user-file-systems depended only on 'file-systems without any requirements.
This inverts the logic to have
file-systems <- user-file-systems <- user-processes
to ensure that all user mounts are already unmounted when shepherd managed
file systems get unmounted.
Fixes: guix/guix#4445Fixes: guix/guix#1703
* gnu/services/base.scm (file-system-shepherd-services): Remove requirement
of 'file-systems on 'user-file-systems.
Add dependency of 'user-file-systems on 'file-systems.
(file-system-service-type): Add 'user-file-systems to user-processes extension.
Change-Id: I9d89f682fb4b4673fa135d17b2b188788b9f8db1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Partly fixes guix/guix#4269.
Fixes a bug whereby shepherd (PID 1) could retain memory mappings for
/var/run/nscd/dbXXX, which are created by glibc’s NSS from database file
descriptors sent by nscd. Those mappings could then prevent
‘root-file-system’ from re-mounting the root file system as read-write.
This change causes PID 1 to drop these mappings.
PID 1 typically calls libc database functions such as ‘getgr’ when dealing
with AF_UNIX endpoints for socket-activated services, to look up the socket’s
owner and group. This is where the bug would manifest.
The regression may have been introduced by
85ac164c41, which caused nscd to handle the
password and group databases.
* gnu/services/base.scm (nscd-shepherd-service): In ‘stop’ procedure, call
‘getpw’, ‘getgr’, and ‘getaddrinfo’.
* gnu/tests/base.scm (run-root-unmount-test) <"open libc NSS database">: New
test.
(%test-root-unmount): Add #:imported-modules.
Change-Id: I197cc8c82165c631f857415898137412ce9bd439
Reported-by: Rutherther <rutherther@ditigal.xyz>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4828
Shepherd expects #f to know the service has stopped.
* gnu/services/databases.scm (postgresql-shepherd-service): Return #f
on stop.
Change-Id: Ie5c45efc7eef75c325ddfd0ef197b306c7b60e5b
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
