Fixes a bug introduced with the Shepherd 0.9.2 upgrade in commit
1ba0e38267c9ff8bb476285091be6e297bbf136e whereby files opened by, say,
the 'start' method of 'urandom-seed', could leak into the execution
environment of some other service--e.g., 'term-tty4'.
* gnu/services/shepherd.scm (shepherd-configuration-file)[config]:
Override 'call-with-input-file' and 'call-with-output-file'.
Reported by zamfofex.
Regression introduced in 2bac6ea177d5b3353ea1a4d032d17a6ac3763e96.
* gnu/services/virtualization.scm (secret-service-operating-system):
Add 'inherit' keyword for 'guix-configuration'.
Failing to do that, that file descriptor could be inherited by child
processes as of Shepherd 0.9.2.
* gnu/services/shepherd.scm (shepherd-configuration-file): Open
/dev/null as O_CLOEXEC.
* gnu/services/web.scm (<nginx-configuration>)[shepherd-requirement]:
New field.
(nginx-shepherd-service): Honor it.
* doc/guix.texi (Web Services): Document it.
This is the documented default of UPower 0.99.15 (the actual default
appears to be #f though).
* gnu/services/desktop.scm (<upower-configuration>)
[use-percentage-for-policy?]: Default to #t.
* doc/guix.texi (Desktop Services): Adjust accordingly. Explain the
tradeoff.
These values are those used by default by UPower 0.99.15.
* gnu/services/desktop.scm (<upower-configuration>)[percentage-low]
[percentage-critical]: Increase.
* doc/guix.texi (Desktop Services): Update accordingly.
* gnu/services/security.scm: Wrong condition in string-filter
function in fail2ban-jail-configuration-serialize-field-name.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Fixes https://issues.guix.gnu.org/56444
* gnu/services/version-control.scm (gitolite-activation): Modify permissions
on home directory so that git group has read access.
Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>
Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
* gnu/services/lightdm.scm: New service.
* tests/services/lightdm.scm: Test it.
* doc/guix.texi (X Window): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.
Co-authored-by: L p R n d n <guix@lprndn.info>
Co-authored-by: Ricardo Wurmus <rekado@elephly.net>
* gnu/services/base.scm (<greetd-configuration>)
[greeter-supplementary-groups]: New field.
(%greetd-accounts): Rename to...
(greetd-accounts): ... this. Convert to a function that takes a config
argument. Use greeter-supplementary-groups.
(greetd-service-type): Adjust accordingly.
* gnu/tests/desktop.scm (%minimal-services): Add test for
greeter-supplementary-groups.
* doc/guix.texi ("Base Services")[greetd-service-type]: Document
greeter-supplementary-groups.
* gnu/services/desktop.scm (seatd-group-sanitizer): New variable.
(<seatd-configuration>)[user]: Removed field.
[group]: Changed to "seat". Sanitize via seatd-group-sanitizer.
(seatd-accounts): New variable.
(seatd-environment): Adjust to <seatd-configuration> ABI.
(seatd-service-type)[extensions]: Add account-service-type with seatd-accounts.
* gnu/tests/desktop.scm (run-minimal-desktop-test): Check for correct
ownership of $SEATD_SOCK.
* doc/guix.texi ("Desktop Services")[seatd-service-type]: Mention that users
may need to become members of the "seat" group.
Update default value for group field.
Add explanation on seatd.sock file.
Remove dropped user field.
The new value of %unset-value sticks out more when something goes wrong, and
is also more unique; i.e. easier to search for.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (%unset-value): New variable.
(normalize-field-type+def): Use it.
(maybe-value-unset?): Use it.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/configuration.scm (maybe-value-set?): New procedure.
* doc/guix.texi (Complex Configurations): Document it. Remove comment showing
usage of 'maybe-string' with a default value, which doesn't make sense.
Co-authored-by: Attila Lendvai <attila@lendvai.name>
Fixes <https://issues.guix.gnu.org/57052>, which was a behavior change
introduced inadvertently in 4c698cd51209a0102477478b026ea04bd7e45908.
* gnu/services/desktop.scm (<elogind-configuration>)
[handle-lid-switch-external-power]: Default to *unspecified*, which serializes
to nothing. This matches upstream behavior, meaning that even when plugged to
a power cord, a laptop will suspend when the lid is closed.
* doc/guix.texi (Desktop Services): Update doc.
Reported-by: Cairn <cairn@pm.me>
Fix the check for empty device path. Do not use --daemonize, since that is
handled by make-forkexec-constructor. Drop the --pidfile option which is
unused without --daemonize.
* gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify
command arguments.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/56799>.
This partially reverts 8cb1a49a3998c39f315a4199b7d4a121a6d66449.
Rationale: *unspecified* cannot be serialized thus used as a G-Expression
input, which is problematic/inconvenient when using deeply nested records. As
an example, jami-service-type was broken when using partially defined
<jami-account> records.
* gnu/services/configuration.scm (define-maybe-helper): Check against the
'unset symbol.
(normalize-field-type+def): Adjust value to 'unset.
(define-configuration-helper): Use 'unset as the default value thunk.
* gnu/services/file-sharing.scm (serialize-maybe-string): Check against the
'unset symbol.
(serialize-maybe-file-object): Likewise.
* gnu/services/messaging.scm (define-all-configurations): Use 'unset as
value.
(raw-content?): Check against 'unset symbol.
(prosody-configuration)[http-max-content-size]: Default to 'unset.
[http-external-url]: Likewise.
[mod-muc]: Likewise.
[raw-content]: Likewise.
* gnu/services/networking.scm (opendht-configuration): Adjust documentation.
* gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined*
with the 'unset symbol.
* tests/services/configuration.scm ("maybe type, no default"): Check against
the 'unset symbol.
* doc/guix.texi: Regenerate the opendht-configuration,
openvpn-client-configuration and openvpn-server-configuration documentation.
This is a patch that fixes "<executable name>: this program must be setgid smtpq".
* gnu/services/mail.scm (<opensmtpd-configuration>)[setgid-commands?]: New field.
(opensmtpd-set-gids): New procedure.
(opensmtpd-service-type)[extensions]: Add SETUID-PROGRAM-SERVICE-TYPE extension.
* doc/guix.texi (Mail Services): Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
The default "rotate" value is 1 as of rottlog 0.72.2, meaning that only
one rotated file would be kept in addition to the active file.
* gnu/services/admin.scm (%default-rotations): Add "rotate" option for
%ROTATED-FILES.
The service uses syslog and additionally shepherd 0.9 captures its
stdout/stderr, so there's no point in passing #:log-file.
* gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file
argument to 'make-forkexec-constructor'.
(%tor-log-rotation): Remove.
(tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
Since revision 32, guix-data-service starts immediately but returns an HTTP
error code until initialization is complete. Adjust the test accordingly, and
remove the increased startup time limit.
* gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout.
* gnu/tests/guix.scm (guix-data-service): Retry the http-get test several
times to give the service time to initialize.
Signed-off-by: Christopher Baines <mail@cbaines.net>
The previous approach didn't support a simple alist.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Fix
passing parallel-hooks in to the start gexp.
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
I'm looking at this as I'd like to use the keepalive functionality.
* gnu/services/web.scm (nginx-upstream-configuration-extra-content): New
procedure.
(emit-nginx-upstream-config): Include the extra-content if applicable.
* doc/guix.texi (NGINX): Document this.
* gnu/services/guix.scm (guix-build-coordinator-configuration-parallel-hooks):
New procedure.
(make-guix-build-coordinator-start-script): Accept and use #:parallel-hooks.
(guix-build-coordinator-shepherd-services): Pass parallel-hooks to
make-guix-build-coordinator-start-script.
* doc/guix.texi (Guix Build Coordinator): Document this new field.
Now that configuration records use the 'sanitize' property for each
field, 'validate-configuration' has become useless because it's
impossible to construct an invalid configuration record.
* gnu/services/configuration.scm (validate-configuration): Remove.
* gnu/services/mail.scm (dovecot-service): Remove call.
* gnu/services/vpn.scm (openvpn-client-service)
(openvpn-server-service): Likewise.
* doc/guix.texi (Complex Configurations): Remove documentation.
Previously field type errors would be reported in a non-standard way,
and without any source location information. This fixes it.
* gnu/services/configuration.scm (configuration-field-error): Add a
'loc' parameter and honor it. Use 'formatted-message' instead of plain
'format'.
(define-configuration-helper)[field-sanitizer]: New procedure.
Use it. Use STEM as the identifier of the syntactic constructor of the
record type. Add a 'sanitize' property to each field. Remove now
useless STEM macro that would call 'validate-configuration'.
* gnu/services/mail.scm (serialize-listener-configuration): Adjust to
new 'configuration-field-error' prototype.
* tests/services/configuration.scm ("wrong type for a field"): New test.
* po/guix/POTFILES.in: Add gnu/services/configuration.scm.
Until now the 'stop' method would return #t, which shepherd would
interpret as "services could not be stopped".
* gnu/services/vpn.scm (wireguard-shepherd-service): Have 'stop' return #f.
* gnu/services/desktop.scm (seatd-service-type): New variable
* gnu/services/desktop.scm (seatd-configuration): New data type
Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
* gnu/services/base.scm (greetd-service-type): New variable
* gnu/services/base.scm (greetd-configuration): New data type
* gnu/services/base.scm (greetd-terminal-configuration): New data type
* gnu/services/base.scm (greetd-agreety-session): New data type
* gnu/services/base.scm (pam-limits-service-type): Should be aware of
greetd PAM service
* gnu/services/pam-mount.scm (pam-mount-pam-service): Should be aware
of greetd PAM service
Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>
Use *unspecified* as a marker for field values that have not been set.
Rationale: 'disabled may easily clash with user values for boolean fields, is
confusing (i.e. its meaning is *not* boolean false, but unspecified) and it
also passes silently through the symbol? predicate of a field of type symbol.
* gnu/services/configuration.scm (configuration-missing-default-value):
Renamed from configuration-no-default-value.
(define-maybe-helper): Use *unspecified* instead of 'disabled, and make
the default value optional.
* gnu/home/services/desktop.scm (home-redshift-configuration):
Change (maybe-xyz 'disabled) to maybe-xyz.
* gnu/services/authentication.scm (nslcd-configuration): Likewise.
* gnu/services/cgit.scm (repository-cgit-configuration): Likewise.
* gnu/services/file-sharing.scm (serialize-maybe-string)
(serialize-maybe-file-object): Use 'unspecified?' instead of (eq? val
'disabled).
* gnu/services/messaging.scm (raw-content?): Likewise.
(ssl-configuration): Change (maybe-xyz 'disabled) to maybe-xyz.
(prosody-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration):
Likewise.
* gnu/services/messaging.scm (define-all-configurations):
Use *unspecified* instead of 'disabled'.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-account): Likewise.
(jami-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
* tests/services/configuration.scm ("maybe type, no default")
("maybe type, with default"): New tests.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
As opposed to explicitly using 'disabled as value, or using the
(field1 (maybe-number) "") format.
It's mostly the work of Maxime Devos shared under #54674, with some
modifications by Attila Lendvai.
* gnu/services/configuration.scm (normalize-field-type+def): New function.
(define-configuration-helper) (define-configuration): Support new field
format.
* tests/services/configuration.scm (config-with-maybe-number->string): New
function.
("maybe value serialization of the instance"): New test.
("maybe value serialization of the instance, unspecified"): New test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/dbus.scm (<dbus-configuration>)[verbose?]: New field.
(dbus-shepherd-service): Use it.
(dbus-service)[verbose?]: Add argument and update doc.
* doc/guix.texi (Desktop Services): Document it.
Fixes <https://issues.guix.gnu.org/54783>.
* gnu/services/linux.scm (zram-device-configuration)
[priority]: Adapt to use #f or an integer from 0 to 32767. Add sanitizer to
warn for the change and delay the field.
(zram-device-configuration->udev-string): Adapt as above.
* doc/guix.texi (Zram Device Service): Remove double copyright line.
Change priority description to refer to the Swap Space one, and suggest not
leaving the default #f on to properly use zram.
Reported-by: Stefan Baums <baums@stefanbaums.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>