This factorizes out the remaining bashrc bits from /etc/skel/.bashrc to a the
template used for both /etc/bashrc on Guix System and ~/.bashrc for
home-bash-service-type.
Rationale: The use of /etc/skel introduce state: the file is only copied
originally when the user account is created, and never (automatically)
refreshed again.
* gnu/system.scm (operating-system-etc-service):
<profile>: Guard against souring /etc/bashrc in non-interactive, SSH case.
<bashrc>: Use %default-bashrc, having migrated the remaining definitions to...
* gnu/system/shadow.scm (%default-bashrc): ... here. Factorize aliases to...
* gnu/services.scm (%default-bash-aliases): ... here.
(%default-bashrc-d-aliases): New variable.
(%default-etc-bashrc-d-files): Include it in the default configuration.
* gnu/services/base.scm (%base-services): Register etc-bashrc-d-service-type.
* gnu/home/services/shells.scm (add-bash-configuration): Do not set PS1, now
part of %default-bashrc.
(home-bash-configuration) [guix-defaults?]: Update doc.
[aliases]: Set %default-bash-aliases as the default value. Update doc.
* doc/guix.texi (Shells Home Services): Update documentation.
(Service Reference): Update example.
Change-Id: I340c614983a78fd20a9c4a9705e7fc542ae9b513
* gnu/services/guix.scm (guix-data-service-shepherd-services): Use begin
rather than lambda, add some logging and use guile from the data service
package.
Change-Id: I915682e513a3cc8e3cbf324e3c650c65d2852a96
* gnu/home/services/upnp.scm: New file.
* gnu/local.mk: Register it.
* gnu/services/upnp.scm: Export readymedia-activation and
readymedia-shepherd-service.
(<readymedia-configuration>)[home-service?]: New field.
[cache-directory]: Adjust value depending on 'for-home?'.
[log-directory]: Ditto.
(readymedia-shepherd-service): Adjust 'requirement' and 'start' according to
'home-service?'.
(readymedia-activation): Adjust creating 'media-directories' with permissions
according to 'home-service?'.
* gnu/tests/upnp.scm (%readymedia-configuration-test): Configure port with
%readymedia-default-port.
* doc/guix.texi (Miscellaneous Home Services): Document Readymedia Service.
(Miscellaneous Services): Add cross-reference.
Change-Id: I5c48595d84a815d98e03c7f68a716f048903720c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/backup.scm: Drop mcron obsolete export.
(restic-backup-job-program): Generalize to restic-program.
(lower-restic-backup-job): New procedure implementing a standard way to
lower restic-backup-job records into lists.
(restic-program): Implement general way to run restic commands, for
example to initialize repositories.
(restic-backup-configuration): Reimplement
with (guix records).
(restic-backup-job-{logfile,command,requirement,modules}): Add new
procedures and add support for Guix Home environments.
(restic-backup-job->shepherd-service): Add support for Guix Home
environments.
(restic-backup-service-activation): Drop procedure as now the Shepherd
takes care of creating timers log file directories.
(restic-backup-service-type): Drop profile and activation services extensions.
* gnu/home/services/backup.scm: New file.
* gnu/local.mk: Add this.
* doc/guix.texi: Document this.
Change-Id: Ied1c0a5756b715fba176a0e42ea154246089e6be
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The service unnecessarily populates /etc/qemu with a symlink, so it's not
possible to write files like /etc/qemu/bridge.conf or /etc/qemu/host.conf
anymore. Since etc-service-type uses file-union, it's possible to put files in
subdirectories. This restores the behavior suggested by manual where user can
extend etc-service-type with qemu/host.conf etc.
* gnu/services/virtualization.scm (/etc/qemu/firmware): Extend with
qemu/firmware instead of qemu
Change-Id: I7c1ea790e5abf7ad05dce56b7901ac6eb90208fd
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (dnsmasq-service-reload-action): New function.
Implements SIGHUP handling for reloading configurations.
(dnsmasq-service-stats-action): New function. Implements SIGUSR1
handling for dumping statistics.
(dnsmasq-shepherd-service): Use new actions.
* doc/guix.texi: Document new actions with examples.
* gnu/tests/networking.scm (%test-dnsmasq): Add tests to verify the
functionality of new actions.
Change-Id: I31f0eb4b26a582e95f7bfdb240110c139f0e16cc
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (<dnsmasq-configuration>) [pid-file]: New field
to specify alternate path for dnsmasq PID.
[conf-file]: New field to specify one or more configuration files.
[conf-dir]: New field to read configuration files from a directory.
[extra-options]: Move to the end of the definition as a last resort option.
(dnsmasq-shepherd-service): Use new fields instead of hardcoded values.
* gnu/services/dns.scm: Export all record accessors.
* doc/guix.texi: Document new configuration options.
Change-Id: Iaec361e7d8bfd60af04f023f57d422b55b0c1eea
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (<dnsmasq-configuration>)[provision]: Mark
filed as deprecated with a warning. Set default to #f.
[shepherd-provision]: Add new field for consistency with other services.
[shepherd-requirement]: Add new field.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi: Document these changes.
* doc/guix-cookbook.texi (Custom NAT-based network for libvirt): Update
example to use 'shepherd-provision' instead of 'provision'.
Change-Id: Icad4d9c4be5bf58368e8c416f1fdde1f9065557d
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This patch moves the oci-container-configuration and related
configuration records to (gnu services containers).
Public symbols are still exported for backwards
compatibility but since the oci-container-service-type will be
deprecated in favor of the more general oci-service-type, everything is
moved outside of the docker related module.
* gnu/services/docker.scm: Move everything related to oci-container-configuration
to...
* gnu/services/containers.scm: ...here.scm.
Change-Id: Iae599dd5cc7442eb632f0c1b3b12f6b928397ae7
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit allows for having PATH set when changing the owner of
/sys/fs/group.
* gnu/services/containers.scm (crgroups-fs-owner): Use login shell.
Change-Id: I9510c637a5332325e05ca5ebc9dfd4de32685c50
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This is a more correct fix to CDROM/DVDROM events/auto-mounting than was made
in the now-reverted commit 670724edcf ("gnu: eudev: Fix optical discs
detection/auto-mounting.")
This changes causes the 60-block.rules udev rules file shipped with eudev to
correctly set the default polling period to 2000 ms on block devices, which is
necessary for kernel events to be fired for CDROM drives for example. To
validate it is set:
# cat /sys/module/block/parameters/events_dfl_poll_msecs
2000
Before, it would return 0.
* gnu/services/base.scm (udev-shepherd-service): <#:start>: Add a 'udevadm
trigger --change=add --type=subsystems' invocation, so that it also creates
subsystem nodes, as done in Void Linux or LinuxFromScratch init scripts for
example.
* gnu/tests/base.scm (run-basic-test): Add test.
Fixes: <https://issues.guix.gnu.org/35584>
Change-Id: Idc0eb5640163b27e41b72cc0c1885412a60805c1
To avoid needing to support all possible configuration options in the Guix
service.
* gnu/services/guix.scm
(guix-build-coordinator-configuration-extra-build-coordinator-arguments): New
procedure.
* gnu/services/guix.scm (make-guix-build-coordinator-start-script): Support
extra-build-coordinator-arguments and include them when calling
make-build-coordinator.
(guix-build-coordinator-shepherd-services): Pass
extra-build-coordinator-arguments through when calling
make-guix-build-coordinator-start-script.
Change-Id: I6531275bf2922f762b3422746c6207b834656b5c
* gnu/services/messaging.scm (<mosquitto-configuration>): New record type.
(mosquitto-accounts): New procedure.
(mosquitto-shepherd-service): New procedure.
(mosquitto-service-type): New variable.
* doc/guix.texi (Messaging Services): Document it.
Change-Id: I3500c5b6b69084c1f4a6da66ea45bfd42c871f3f
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.
I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.
This fixes the issue by looking for type of a file through lstat, instead of
relying on file-exists?. If the symlink is a broken symlink, it is
removed. Other than that the old behavior is kept:
- If regular file, back it up
- If symlink pointing to the store, remove it
- If symlink not pointing to the store, back it up
* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
possibly-dangling symbolic link.
Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
`kded' is a daemon responsible for many features of the Plasma desktop, it
provides media keys handling, a system tray, 'Background Services' control
through 'kcmshell6 kcm_kded'...
* gnu/packages/kde-plasma.scm (plasma): Add `kded' to propagated inputs.
* gnu/services/desktop.scm (plasma-dbus-service): Add `kded' to the list of
services passed to `dbus-configuration'.
Change-Id: Ifffdaecdb28a6369727ab8d118a775d73ee342e9
Signed-off-by: Zheng Junjie <z572@z572.online>
This commit adds a password-file to the postgresql-role field. It
allows users to provision Postgres roles with a set password.
* gnu/services/databases.scm (postgresql-role): Add password-file field.
(postgresql-role-configuration): Add requirement field.
(postgresql-create-roles): Add support for setting passwords from a
file without leaking passwords to the command line.
(postgresql-role-shepherd-service): Add support for customizable
requirements.
(postgresql-role-service-type): Pass on postgresql-role-configuration
fields values by default, this way user configured fields are not lost.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document the new field and fix the extension point example.
Change-Id: I3aabaa10b0c5e826c5aa874e5649e25a3508a585
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/virtualization.scm (libvirt-configuration): Fix typos and
punctuation, and decorate with more Texinfo adornments. Remove extraneous
text. Convert enumerations to sentences re-generating the Texinfo
documentation with configuration->documentation doesn't require fixing these
by hand after (the text is re-flowed, breaking enumerations). Mention the use
of 'log-filters' is preferable to 'log-level', as commented in the defaut
libvirt.conf template.
* doc/guix.texi (Virtualization Services): Re-generate.
Change-Id: Icc2abe21a787b4bb6ac3b35a95f6aaaf3bbda9aa
This re-introduces commit dd64f441d3, which had
been reverted due to previously causing a system hang when debug? was enabled,
a problem that appears to have been resolved within Shepherd.
* gnu/services/base.scm (<udev-configuration>): <debug?>: New field.
* gnu/services/base.scm (udev-shepherd-service): Use it to add '--debug' to
the command line, if applicable.
* doc/guix.texi (Base Services): Document it.
Change-Id: I88243fb4f321ff0876dd227e3c2b22082d37cfcf
It is often useful to be able to use the `postgres' user for management tasks,
so this commit allows setting that. The default behavior is not changed.
I have also added missing exports and sorted them by alphabet.
* gnu/services/databases.scm (%default-home-directory): New variable.
(<postgresql-configuration>): Add home-directory, allow-login? fields.
(create-postgresql-account): Use them.
* doc/guix.texi (Database Services): Document it.
Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
This makes it possible to use it for the privileged (root) user as well as an
unprivileged user.
* gnu/services/herd.scm (%shepherd-socket-file): Use
/run/user/$uid/shepherd/socket when using an unprivileged user.
Change-Id: I62cf358ffc233aba61cc64235c4b67c4fc944d2e
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group in addition to the others.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
(Migrating to the Unprivileged Daemon): Explain that this is automatic
on Guix System.
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
Otherwise the service could fail starting if the networking interface takes
some time to be created during the boot (one such example are WireGuard
interfaces).
* gnu/services/messaging.scm (ngircd-configuration)
[shepherd-requirement]: Add networking.
* doc/guix.texi (Messaging Services): Update.
Change-Id: I387ae5780a35cad5b74d9883ac53f13de1a08c78
* gnu/services/sound.scm (speakersafetyd-configuration) [log-file]: New field.
(speakersafetyd): Use it via #:log-file.
Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2
* gnu/services/sound.scm (speakersafetyd): Run as unprivileged user.
(speakersafetyd-accounts): New procedure.
(speakersafetyd-activation): Likewise.
(speakersafetyd-shepherd-service): Specify the #:group, #:user and
#:supplementary-groups arguments.
(speakersafetyd-service-type): Extend activation-service-type.
Change-Id: I870bc7bfd69249da3a9c981f627e751395386bd2
The use of make-systemd-constructor appears to cause problems when connecting
via TLS (see: https://github.com/ngircd/ngircd/issues/330).
* gnu/services/messaging.scm (ngircd-global): [pid-file]: Set default value
and remove maybeness. Adjust doc.
* gnu/services/messaging.scm (ngircd-configuration): Adjust comment.
(ngircd-wrapper): Expose writable PID file and preserve pid namespace.
(ngircd-shepherd-service): Replace make-systemd-constructor with
make-forkexec-constructor and adjust surrounding accordingly.
(ngircd-activation): New procedure.
(ngircd-service-type): Extend activation-service-type with it.
Change-Id: Ic7c135ab45122e180107cde8bb9976426e3afbc4
This was the original intention, as PAM authentication cannot be easily
satisfied when the service runs as non-root, which is the case.
* gnu/services/messaging.scm (ngircd-configuration) <options>: Remove maybe
and set default value.
* doc/guix.texi (Messaging Services): Update.
Change-Id: I8435cf5be7206f9165d69cbbac11c205bf928c8f
Prior to this change, only the udev rules installed to eudev's prefix were
consulted by tools such as udevadm, leading to problems such as when
configuring network interfaces, or attempting to override its default rules.
While our custom eudev patch adding support for the EUDEV_RULES_DIRECTORY
environment variable could have been refined to take precedence over the
package's configured udevrulesdir, this was not pursued for the following
reasons:
1. Due to eudev's using inotify to detect new rules, the EUDEV_RULES_DIRECTORY
is fixed in Guix System, per commit e9fa17eb98 ("services: udev: Use a fixed
location for the rules directory and config.")
2. Users would have had to set EUDEV_RULES_DIRECTORY to the fixed directory
themselves to have udevadm work as expected, which is inconvenient.
3. This simple solution is already implemented and tested in NixPkgs.
* gnu/packages/linux.scm (eudev) [source]: Remove custom patch.
[arguments] <#:make-flags>: New argument.
<#:phases>: Override install phase to alter installation make flags.
* gnu/services/base.scm (udev-shepherd-service): Do not set
EUDEV_RULES_DIRECTORY environment variable.
* gnu/packages/patches/eudev-rules-directory.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): De-register it.
Fixes: https://issues.guix.gnu.org/63508
Reported-by: Felix Lechner <felix.lechner@lease-up.com>
Change-Id: Ib8698f4b452f6fd0951bcd71831705b1be85e6e0
This environment variable used to be honored by udevd, but that is no longer
the case (as shown by grepping its source).
* gnu/services/base.scm (udev-shepherd-service) <#:environment-variables>:
Remove UDEV_CONFIG_FILE.
Change-Id: I0828de76e8da429432bc0679903aa501c99625af
* gnu/services/mail.scm (opensmtpd-configuration): Add log-file field.
(opensmtpd-shepherd-service)[start]: Add a command line flag to not
daemonize. Drop #:pid-file. Add #:log-file.
* doc/guix.texi (Mail Services): Document the additional parameter.
Change-Id: I485e040d680ccb39fa62e49d2e6ea916f047972c
Signed-off-by: Andreas Enge <andreas@enge.fr>
Reported by nigko on #guix:
https://logs.guix.gnu.org/guix/2025-04-05.log#201718
* gnu/services/base.scm (urandom-seed-shepherd-service): Return #f when
stopped.
Change-Id: I8212508e4a017270e4e9284b43170cd17999e8b4
* gnu/services/web.scm (anonip-log-files): New procedure.
(anonip-service-type): Use it to extend ‘log-rotation-service-type’.
* doc/guix.texi (Log Rotation): Document it.
Change-Id: I903bb79e0992b794bb0a40e504283cd57a8a087b
* gnu/services/pm.scm (tlp-shepherd-service): Make destructor
return #f on success. Destructor "should return #f if it is
now possible again to start the service at a later point"
(shepherd manual).
Change-Id: Ic0d21d32af158da1ae940d9c32c05a3471767764
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (qemu-binfmt-shepherd-services)
[requirement]: Add file-system-/gnu/store.
qemu-binfmt service write references to the store to
/proc/sys/fs/binfmt_misc/qemu-[architecture] files, therefore
/gnu/store needs to be mounted during the lifetime of the service
instance. If /gnu/store does not remain mounted, the issues
discussed by nigko and Rutherther on IRC are arisen:
https://logs.guix.gnu.org/guix/2025-04-05.loghttps://logs.guix.gnu.org/guix/2025-04-08.log
Change-Id: I7e7a42a5ba0e39aa58c997739898f3457dd793a9
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/messaging.scm (ngircd-configuration): Adjust comment.
(ngircd-wrapper): Nest bindings within the (maybe-value-set? ssl) check, to
avoid errors when not providing an explicit value to the ssl field.
(ngircd-service-type) [default-value]: New field.
Change-Id: I1d2d7973cc9314e9bbc5870bf7b5f872d074b49b
* gnu/services/base.scm (guix-shepherd-service): Change ‘start’ to use
‘make-systemd-constructor’ in the default case. Remove now-redundant
code creating /var/guix/daemon-socket/. Adjust ‘stop’ method to use
‘make-systemd-destructor’ when appropriate.
Change-Id: I3572670c90f65509fbad01dcf13a60f772a86839
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method, use
‘fork+exec-command’ in the default case.
Change-Id: Id04d3d2651f89fbcdb2f17f027df91e132ff9ed1
