diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2022-05-26 17:11:20 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2022-05-26 17:11:20 +0200 |
| commit | 7097e98586df3110b80943a88c27804d65f214fa (patch) | |
| tree | 2e244b9fc19acc569d6abd42306aaf013f02da0d /gnu/services | |
| parent | 15870cc08d20501e3526fa892111a43ae9e3e02f (diff) | |
| parent | 4577f3c6b60ea100e521c246fb169d6c05214b20 (diff) | |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/base.scm | 3 | ||||
| -rw-r--r-- | gnu/services/guix.scm | 14 | ||||
| -rw-r--r-- | gnu/services/messaging.scm | 4 | ||||
| -rw-r--r-- | gnu/services/networking.scm | 72 | ||||
| -rw-r--r-- | gnu/services/ssh.scm | 30 |
5 files changed, 100 insertions, 23 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index bcec888587..3fb92e6da0 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -2191,7 +2191,8 @@ instance." (service-extension account-service-type account-extension) (service-extension - udev-service-type udev-extension)))))) + udev-service-type udev-extension))) + (description "This service adds udev rules.")))) (service type #f))) (define (swap-space->shepherd-service-name space) diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 83c293bbb5..413bf51ad8 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -92,6 +92,7 @@ guix-build-coordinator-queue-builds-configuration-systems guix-build-coordinator-queue-builds-configuration-system-and-targets guix-build-coordinator-queue-builds-configuration-guix-data-service + guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id guix-build-coordinator-queue-builds-configuration-processed-commits-file guix-build-coordinator-queue-builds-service-type @@ -230,6 +231,9 @@ (guix-data-service guix-build-coordinator-queue-builds-configuration-guix-data-service (default "https://data.guix.gnu.org")) + (guix-data-service-build-server-id + guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id + (default #f)) (processed-commits-file guix-build-coordinator-queue-builds-configuration-processed-commits-file (default "/var/cache/guix-build-coordinator-queue-builds/processed-commits"))) @@ -494,7 +498,9 @@ (define (guix-build-coordinator-queue-builds-shepherd-services config) (match-record config <guix-build-coordinator-queue-builds-configuration> (package user coordinator systems systems-and-targets - guix-data-service processed-commits-file) + guix-data-service + guix-data-service-build-server-id + processed-commits-file) (list (shepherd-service (documentation "Guix Build Coordinator queue builds from Guix Data Service") @@ -517,6 +523,12 @@ #$@(if guix-data-service #~(#$(string-append "--guix-data-service=" guix-data-service)) #~()) + #$@(if guix-data-service-build-server-id + #~(#$(simple-format + #f + "--guix-data-service-build-server-id=~A" + guix-data-service-build-server-id)) + #~()) #$@(if processed-commits-file #~(#$(string-append "--processed-commits-file=" processed-commits-file)) diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 26d47f47de..ec1acba416 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -855,14 +855,14 @@ string, you could instantiate a prosody service like this: (start #~(if (defined? 'make-inetd-constructor) (make-inetd-constructor - (list #$bitlbee* "-I" - "-u" "bitlbee" "-c" #$conf) + (list #$bitlbee* "-I" "-c" #$conf) (addrinfo:addr (car (getaddrinfo #$interface #$(number->string port) (logior AI_NUMERICHOST AI_NUMERICSERV)))) #:service-name-stem "bitlbee" + #:user "bitlbee" #:group "bitlbee" ;; Allow 'bitlbee-purple' to use libpurple plugins. #:environment-variables diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 399cd03c1d..d8fe638940 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -41,6 +41,7 @@ #:use-module (gnu services linux) #:use-module (gnu services shepherd) #:use-module (gnu services dbus) + #:use-module (gnu services admin) #:use-module (gnu system shadow) #:use-module (gnu system pam) #:use-module ((gnu system file-systems) #:select (file-system-mapping)) @@ -384,6 +385,11 @@ daemon is responsible for allocating IP addresses to its client."))) ;;; NTP. ;;; + +(define %ntp-log-rotation + (list (log-rotation + (files '("/var/log/ntpd.log"))))) + (define ntp-server-types (make-enumeration '(pool server @@ -532,7 +538,9 @@ restrict source notrap nomodify noquery\n")) (service-extension account-service-type (const %ntp-accounts)) (service-extension activation-service-type - ntp-service-activation))) + ntp-service-activation) + (service-extension rottlog-service-type + (const %ntp-log-rotation)))) (description "Run the @command{ntpd}, the Network Time Protocol (NTP) daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon @@ -614,7 +622,7 @@ will keep the system clock synchronized with that of the given servers.") ;; When ntpd is daemonized it repeatedly tries to respawn ;; while running, leading shepherd to disable it. To ;; prevent spamming stderr, redirect output to logfile. - #:log-file "/var/log/ntpd")) + #:log-file "/var/log/ntpd.log")) (stop #~(make-kill-destructor)))))) (define (openntpd-service-activation config) @@ -640,7 +648,9 @@ will keep the system clock synchronized with that of the given servers.") (service-extension profile-service-type (compose list openntpd-configuration-openntpd)) (service-extension activation-service-type - openntpd-service-activation))) + openntpd-service-activation) + (service-extension rottlog-service-type + (const %ntp-log-rotation)))) (default-value (openntpd-configuration)) (description "Run the @command{ntpd}, the Network Time Protocol (NTP) @@ -987,6 +997,10 @@ HiddenServicePort ~a ~a~%" (stop #~(make-kill-destructor)) (documentation "Run the Tor anonymous network overlay.")))))))) +(define %tor-log-rotation + (list (log-rotation + (files '("/var/log/tor.log"))))) + (define (tor-activation config) "Set up directories for Tor and its hidden services, if any." #~(begin @@ -1032,7 +1046,9 @@ HiddenServicePort ~a ~a~%" (service-extension account-service-type (const %tor-accounts)) (service-extension activation-service-type - tor-activation))) + tor-activation) + (service-extension rottlog-service-type + (const %tor-log-rotation)))) ;; This can be extended with hidden services. (compose concatenate) @@ -1314,6 +1330,10 @@ wireless networking.")))) #:log-file "/var/log/connman.log")) (stop #~(make-kill-destructor))))))) +(define %connman-log-rotation + (list (log-rotation + (files '("/var/log/connman.log"))))) + (define connman-service-type (let ((connman-package (compose list connman-configuration-connman))) (service-type (name 'connman) @@ -1328,7 +1348,9 @@ wireless networking.")))) connman-activation) ;; Add connman to the system profile. (service-extension profile-service-type - connman-package))) + connman-package) + (service-extension rottlog-service-type + (const %connman-log-rotation)))) (default-value (connman-configuration)) (description "Run @url{https://01.org/connman,Connman}, @@ -1570,12 +1592,18 @@ extra-settings "\n")))) #:log-file "/var/log/hostapd.log")) (stop #~(make-kill-destructor))))) +(define %hostapd-log-rotation + (list (log-rotation + (files '("/var/log/hostapd.log"))))) + (define hostapd-service-type (service-type (name 'hostapd) (extensions (list (service-extension shepherd-root-service-type - hostapd-shepherd-services))) + hostapd-shepherd-services) + (service-extension rottlog-service-type + (const %hostapd-log-rotation)))) (description "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access points and authentication servers."))) @@ -1867,6 +1895,10 @@ table inet filter { ;; SIGTERM doesn't always work for some reason. (stop #~(make-kill-destructor SIGINT)))))) +(define %pagekite-log-rotation + (list (log-rotation + (files '("/var/log/pagekite.log"))))) + (define %pagekite-accounts (list (user-group (name "pagekite") (system? #t)) (user-account @@ -1885,7 +1917,9 @@ table inet filter { (list (service-extension shepherd-root-service-type (compose list pagekite-shepherd-service)) (service-extension account-service-type - (const %pagekite-accounts)))) + (const %pagekite-accounts)) + (service-extension rottlog-service-type + (const %pagekite-log-rotation)))) (description "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) @@ -1976,6 +2010,10 @@ local servers publicly accessible on the web, even behind NATs and firewalls.")) #:group "yggdrasil")) (stop #~(make-kill-destructor))))) +(define %yggdrasil-log-rotation + (list (log-rotation + (files '("/var/log/yggdrasil.log"))))) + (define %yggdrasil-accounts (list (user-group (name "yggdrasil") (system? #t)))) @@ -1991,7 +2029,9 @@ See @command{yggdrasil -genconf} for config options.") (service-extension account-service-type (const %yggdrasil-accounts)) (service-extension profile-service-type - (compose list yggdrasil-configuration-package)))))) + (compose list yggdrasil-configuration-package)) + (service-extension rottlog-service-type + (const %yggdrasil-log-rotation)))))) ;;; @@ -2061,6 +2101,10 @@ See @command{yggdrasil -genconf} for config options.") #:environment-variables #$%ipfs-environment)) (stop #~(make-kill-destructor))))) +(define %ipfs-log-rotation + (list (log-rotation + (files '("/var/log/ipfs.log"))))) + (define (%ipfs-activation config) "Return an activation gexp for IPFS with CONFIG" (define (exec-command . args) @@ -2116,7 +2160,9 @@ See @command{yggdrasil -genconf} for config options.") (service-extension activation-service-type %ipfs-activation) (service-extension shepherd-root-service-type - ipfs-shepherd-service))) + ipfs-shepherd-service) + (service-extension rottlog-service-type + (const %ipfs-log-rotation)))) (default-value (ipfs-configuration)) (description "Run @command{ipfs daemon}, the reference implementation @@ -2153,10 +2199,16 @@ of the IPFS peer-to-peer storage network."))) (respawn? #f) (stop #~(make-kill-destructor))))))) +(define %keepalived-log-rotation + (list (log-rotation + (files '("/var/log/keepalived.log"))))) + (define keepalived-service-type (service-type (name 'keepalived) (extensions (list (service-extension shepherd-root-service-type - keepalived-shepherd-service))) + keepalived-shepherd-service) + (service-extension rottlog-service-type + (const %keepalived-log-rotation)))) (description "Run @uref{https://www.keepalived.org/, Keepalived} routing software."))) diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 7fbbe383e5..57d3ad218c 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -394,7 +394,7 @@ The other options should be self-descriptive." ;; authorized-key directory to /etc. (catch 'system-error (lambda () - (delete-file-recursively "/etc/authorized_keys.d")) + (delete-file-recursively "/etc/ssh/authorized_keys.d")) (lambda args (unless (= ENOENT (system-error-errno args)) (apply throw args)))) @@ -528,19 +528,32 @@ of user-name/file-like tuples." #~(list (string-append #$(openssh-configuration-openssh config) "/sbin/sshd") "-D" "-f" #$(openssh-config-file config))) + (define inetd-style? + ;; Whether to use 'make-inetd-constructor'. That procedure appeared in + ;; Shepherd 0.9.0, but in 0.9.0, 'make-inetd-constructor' wouldn't let us + ;; pass a list of endpoints, and it wouldn't let us define a service + ;; listening on both IPv4 and IPv6, hence the conditional below. + #~(and (defined? 'make-inetd-constructor) + (not (string=? (@ (shepherd config) Version) "0.9.0")))) + (list (shepherd-service (documentation "OpenSSH server.") (requirement '(syslogd loopback)) (provision '(ssh-daemon ssh sshd)) - (start #~(if (defined? 'make-inetd-constructor) + + (start #~(if #$inetd-style? (make-inetd-constructor (append #$openssh-command '("-i")) - (make-socket-address AF_INET INADDR_ANY - #$port-number) + (list (endpoint + (make-socket-address AF_INET INADDR_ANY + #$port-number)) + (endpoint + (make-socket-address AF_INET6 IN6ADDR_ANY + #$port-number))) #:max-connections #$max-connections) (make-forkexec-constructor #$openssh-command #:pid-file #$pid-file))) - (stop #~(if (defined? 'make-inetd-destructor) + (stop #~(if #$inetd-style? (make-inetd-destructor) (make-kill-destructor))) (auto-start? (openssh-auto-start? config))))) @@ -558,11 +571,10 @@ of user-name/file-like tuples." (openssh-configuration (inherit config) (authorized-keys - (match (openssh-configuration-authorized-keys config) - (((users _ ...) ...) + (match (append (openssh-configuration-authorized-keys config) keys) + ((and alist ((users _ ...) ...)) ;; Build a user/key-list mapping. - (let ((user-keys (alist->vhash - (openssh-configuration-authorized-keys config)))) + (let ((user-keys (alist->vhash alist))) ;; Coalesce the key lists associated with each user. (map (lambda (user) `(,user |