HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: guix-data-service: Update to 0.0.1-7.156b7ee.
[jackhill/guix/guix.git] / gnu / services / base.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
65a67bf7 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
34044d55 3;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
5f4a446d 4;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
e10964ef 5;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
93d32da9 6;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
b58cbf9a 7;;; Copyright © 2016 David Craven <david@craven.ch>
909147e4 8;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
2d9dace8 9;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
db903549 10;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il>
a9162155 11;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
74a98b5c 12;;; Copyright © 2019 John Soo <jsoo1@asu.edu>
db4fdc04
LC		 13;;;
14;;; This file is part of GNU Guix.
15;;;
16;;; GNU Guix is free software; you can redistribute it and/or modify it
17;;; under the terms of the GNU General Public License as published by
18;;; the Free Software Foundation; either version 3 of the License, or (at
19;;; your option) any later version.
20;;;
21;;; GNU Guix is distributed in the hope that it will be useful, but
22;;; WITHOUT ANY WARRANTY; without even the implied warranty of
23;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24;;; GNU General Public License for more details.
25;;;
26;;; You should have received a copy of the GNU General Public License
27;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
28
29(define-module (gnu services base)
e87f0591 30 #:use-module (guix store)
65a67bf7 31 #:use-module (guix deprecation)
db4fdc04 32 #:use-module (gnu services)
4252dace 33 #:use-module (gnu services admin)
0190c1c0 34 #:use-module (gnu services shepherd)
6e828634 35 #:use-module (gnu system pam)
db4fdc04 36 #:use-module (gnu system shadow) ; 'user-account', etc.
d1ff5f9d 37 #:use-module (gnu system uuid)
0adfe95a 38 #:use-module (gnu system file-systems) ; 'file-system', etc.
060d62a7 39 #:use-module (gnu system mapped-devices)
278d486b
LC		 40 #:use-module ((gnu system linux-initrd)
41 #:select (file-system-packages))
db4fdc04 42 #:use-module (gnu packages admin)
151a2c07 43 #:use-module ((gnu packages linux)
b58cbf9a 44 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
3fe53f49 45 #:use-module (gnu packages bash)
a9162155
TGR		 46 #:use-module ((gnu packages base)
47 #:select (canonical-package coreutils glibc glibc-utf8-locales))
db4fdc04 48 #:use-module (gnu packages package-management)
8b3ad455 49 #:use-module ((gnu packages gnupg) #:select (guile-gcrypt))
9ee4c9ab 50 #:use-module (gnu packages linux)
46ec2707 51 #:use-module (gnu packages terminals)
e2f4b305 52 #:use-module ((gnu build file-systems)
2c071ce9 53 #:select (mount-flags->bit-mask))
b5f4e686 54 #:use-module (guix gexp)
6454b333 55 #:use-module (guix records)
943e1b97 56 #:use-module (guix modules)
8b3ad455 57 #:use-module ((guix self) #:select (make-config.scm))
db4fdc04
LC		 58 #:use-module (srfi srfi-1)
59 #:use-module (srfi srfi-26)
6454b333 60 #:use-module (ice-9 match)
db4fdc04 61 #:use-module (ice-9 format)
e43e84ba
LC		 62 #:export (fstab-service-type
63 root-file-system-service
aa1145df 64 file-system-service-type
2a13d05e 65 swap-service
206a28d8 66 user-processes-service-type
a00dd9fb 67 host-name-service
5eca9459 68 console-keymap-service
4a84a487
LC		 69 %default-console-font
70 console-font-service-type
62ca0fdf 71 console-font-service
bb3062ad 72 virtual-terminal-service-type
c797fabe 73
c9436025
DM		 74 static-networking
75
76 static-networking?
77 static-networking-interface
78 static-networking-ip
79 static-networking-netmask
80 static-networking-gateway
81 static-networking-requirement
82
83 static-networking-service
84 static-networking-service-type
85
c797fabe
RW		 86 udev-configuration
87 udev-configuration?
88 udev-configuration-rules
0adfe95a 89 udev-service-type
151a2c07 90 udev-service
80e6f37e 91 udev-rule
6e644cfd 92 file->udev-rule
66e4f01c 93
317d3b47
DC		 94 login-configuration
95 login-configuration?
96 login-service-type
97 login-service
98
9ee4c9ab
LF		 99 agetty-configuration
100 agetty-configuration?
101 agetty-service
102 agetty-service-type
103
66e4f01c
LC		 104 mingetty-configuration
105 mingetty-configuration?
db4fdc04 106 mingetty-service
cd6f6c22 107 mingetty-service-type
6454b333
LC		 108
109 %nscd-default-caches
110 %nscd-default-configuration
111
112 nscd-configuration
113 nscd-configuration?
114
115 nscd-cache
116 nscd-cache?
117
0adfe95a 118 nscd-service-type
db4fdc04 119 nscd-service
ec2e2f6c
DC		 120
121 syslog-configuration
122 syslog-configuration?
db4fdc04 123 syslog-service
9009538d 124 syslog-service-type
44abcb28 125 %default-syslog.conf
0adfe95a 126
5b58c28b 127 %default-authorized-guix-keys
0adfe95a
LC		 128 guix-configuration
129 guix-configuration?
70dfa4e0
MO		 130
131 guix-configuration-guix
132 guix-configuration-build-group
133 guix-configuration-build-accounts
134 guix-configuration-authorize-key?
135 guix-configuration-authorized-keys
136 guix-configuration-use-substitutes?
137 guix-configuration-substitute-urls
138 guix-configuration-extra-options
139 guix-configuration-log-file
70dfa4e0 140
8b198abe 141 guix-service
cd6f6c22 142 guix-service-type
1c52181f
LC		 143 guix-publish-configuration
144 guix-publish-configuration?
f1e900a3
LC		 145 guix-publish-configuration-guix
146 guix-publish-configuration-port
147 guix-publish-configuration-host
ee2691fa
LC		 148 guix-publish-configuration-compression
149 guix-publish-configuration-compression-level ;deprecated
697ddb88 150 guix-publish-configuration-nar-path
a35136cb
LC		 151 guix-publish-configuration-cache
152 guix-publish-configuration-ttl
1c52181f
LC		 153 guix-publish-service
154 guix-publish-service-type
24e96431
 155
156 gpm-configuration
157 gpm-configuration?
8664cc88
LC		 158 gpm-service-type
159 gpm-service
0adfe95a 160
9009538d 161 urandom-seed-service-type
a535e122 162 urandom-seed-service
24e96431
 163
164 rngd-configuration
165 rngd-configuration?
b58cbf9a
DC		 166 rngd-service-type
167 rngd-service
46ec2707
DC		 168
169 kmscon-configuration
170 kmscon-configuration?
171 kmscon-service-type
172
909147e4
RW		 173 pam-limits-service-type
174 pam-limits-service
a535e122 175
8b198abe 176 %base-services))
db4fdc04
LC		 177
178;;; Commentary:
179;;;
180;;; Base system services---i.e., services that 99% of the users will want to
181;;; use.
182;;;
183;;; Code:
184
206a28d8
LC		 185
186\f
187;;;
188;;; User processes.
189;;;
190
191(define %do-not-kill-file
192 ;; Name of the file listing PIDs of processes that must survive when halting
193 ;; the system. Typical example is user-space file systems.
194 "/etc/shepherd/do-not-kill")
195
196(define (user-processes-shepherd-service requirements)
197 "Return the 'user-processes' Shepherd service with dependencies on
198REQUIREMENTS (a list of service names).
199
200This is a synchronization point used to make sure user processes and daemons
201get started only after crucial initial services have been started---file
202system mounts, etc. This is similar to the 'sysvinit' target in systemd."
203 (define grace-delay
204 ;; Delay after sending SIGTERM and before sending SIGKILL.
205 4)
206
207 (list (shepherd-service
208 (documentation "When stopped, terminate all user processes.")
209 (provision '(user-processes))
210 (requirement requirements)
211 (start #~(const #t))
212 (stop #~(lambda _
213 (define (kill-except omit signal)
214 ;; Kill all the processes with SIGNAL except those listed
215 ;; in OMIT and the current process.
216 (let ((omit (cons (getpid) omit)))
217 (for-each (lambda (pid)
218 (unless (memv pid omit)
219 (false-if-exception
220 (kill pid signal))))
221 (processes))))
222
223 (define omitted-pids
224 ;; List of PIDs that must not be killed.
225 (if (file-exists? #$%do-not-kill-file)
226 (map string->number
227 (call-with-input-file #$%do-not-kill-file
228 (compose string-tokenize
229 (@ (ice-9 rdelim) read-string))))
230 '()))
231
232 (define (now)
233 (car (gettimeofday)))
234
235 (define (sleep* n)
236 ;; Really sleep N seconds.
237 ;; Work around <http://bugs.gnu.org/19581>.
238 (define start (now))
239 (let loop ((elapsed 0))
240 (when (> n elapsed)
241 (sleep (- n elapsed))
242 (loop (- (now) start)))))
243
244 (define lset= (@ (srfi srfi-1) lset=))
245
246 (display "sending all processes the TERM signal\n")
247
248 (if (null? omitted-pids)
249 (begin
250 ;; Easy: terminate all of them.
251 (kill -1 SIGTERM)
252 (sleep* #$grace-delay)
253 (kill -1 SIGKILL))
254 (begin
255 ;; Kill them all except OMITTED-PIDS. XXX: We would
256 ;; like to (kill -1 SIGSTOP) to get a fixed list of
257 ;; processes, like 'killall5' does, but that seems
258 ;; unreliable.
259 (kill-except omitted-pids SIGTERM)
260 (sleep* #$grace-delay)
261 (kill-except omitted-pids SIGKILL)
262 (delete-file #$%do-not-kill-file)))
263
264 (let wait ()
265 ;; Reap children, if any, so that we don't end up with
266 ;; zombies and enter an infinite loop.
267 (let reap-children ()
268 (define result
269 (false-if-exception
270 (waitpid WAIT_ANY (if (null? omitted-pids)
271 0
272 WNOHANG))))
273
274 (when (and (pair? result)
275 (not (zero? (car result))))
276 (reap-children)))
277
278 (let ((pids (processes)))
279 (unless (lset= = pids (cons 1 omitted-pids))
280 (format #t "waiting for process termination\
281 (processes left: ~s)~%"
282 pids)
283 (sleep* 2)
284 (wait))))
285
286 (display "all processes have been terminated\n")
287 #f))
288 (respawn? #f))))
289
290(define user-processes-service-type
291 (service-type
292 (name 'user-processes)
293 (extensions (list (service-extension shepherd-root-service-type
294 user-processes-shepherd-service)))
295 (compose concatenate)
296 (extend append)
297
298 ;; The value is the list of Shepherd services 'user-processes' depends on.
299 ;; Extensions can add new services to this list.
300 (default-value '())
301
302 (description "The @code{user-processes} service is responsible for
303terminating all the processes so that the root file system can be re-mounted
304read-only, just before rebooting/halting. Processes still running after a few
305seconds after @code{SIGTERM} has been sent are terminated with
306@code{SIGKILL}.")))
307
0adfe95a
LC		 308\f
309;;;
310;;; File systems.
311;;;
a00dd9fb 312
e43e84ba
LC		 313(define (file-system->fstab-entry file-system)
314 "Return a @file{/etc/fstab} entry for @var{file-system}."
a5acc17a
LC		 315 (string-append (match (file-system-device file-system)
316 ((? file-system-label? label)
317 (string-append "LABEL="
0d56d9c7 318 (file-system-label->string label)))
a5acc17a
LC		 319 ((? uuid? uuid)
320 (string-append "UUID=" (uuid->string uuid)))
321 ((? string? device)
322 device))
e43e84ba
LC		 323 "\t"
324 (file-system-mount-point file-system) "\t"
325 (file-system-type file-system) "\t"
326 (or (file-system-options file-system) "defaults") "\t"
327
328 ;; XXX: Omit the 'fs_freq' and 'fs_passno' fields because we
329 ;; don't have anything sensible to put in there.
330 ))
331
332(define (file-systems->fstab file-systems)
333 "Return a @file{/etc} entry for an @file{fstab} describing
334@var{file-systems}."
335 `(("fstab" ,(plain-file "fstab"
336 (string-append
337 "\
59e80445 338# This file was generated from your Guix configuration. Any changes
e43e84ba
LC		 339# will be lost upon reboot or reconfiguration.\n\n"
340 (string-join (map file-system->fstab-entry
341 file-systems)
342 "\n")
343 "\n")))))
344
345(define fstab-service-type
346 ;; The /etc/fstab service.
347 (service-type (name 'fstab)
348 (extensions
349 (list (service-extension etc-service-type
350 file-systems->fstab)))
aa1145df 351 (compose concatenate)
6b9e1fef
LC		 352 (extend append)
353 (description
354 "Populate the @file{/etc/fstab} based on the given file
355system objects.")))
e43e84ba 356
d4053c71
AK		 357(define %root-file-system-shepherd-service
358 (shepherd-service
be1c2c54
LC		 359 (documentation "Take care of the root file system.")
360 (provision '(root-file-system))
361 (start #~(const #t))
362 (stop #~(lambda _
363 ;; Return #f if successfully stopped.
364 (sync)
365
366 (call-with-blocked-asyncs
367 (lambda ()
368 (let ((null (%make-void-port "w")))
34044d55 369 ;; Close 'shepherd.log'.
be1c2c54 370 (display "closing log\n")
34044d55 371 ((@ (shepherd comm) stop-logging))
be1c2c54
LC		 372
373 ;; Redirect the default output ports..
374 (set-current-output-port null)
375 (set-current-error-port null)
376
377 ;; Close /dev/console.
378 (for-each close-fdes '(0 1 2))
379
380 ;; At this point, there are no open files left, so the
381 ;; root file system can be re-mounted read-only.
382 (mount #f "/" #f
383 (logior MS_REMOUNT MS_RDONLY)
384 #:update-mtab? #f)
385
386 #f)))))
387 (respawn? #f)))
a00dd9fb 388
0adfe95a 389(define root-file-system-service-type
d4053c71
AK		 390 (shepherd-service-type 'root-file-system
391 (const %root-file-system-shepherd-service)))
0adfe95a
LC		 392
393(define (root-file-system-service)
394 "Return a service whose sole purpose is to re-mount read-only the root file
395system upon shutdown (aka. cleanly \"umounting\" root.)
396
397This service must be the root of the service dependency graph so that its
d4053c71 398'stop' action is invoked when shepherd is the only process left."
0adfe95a
LC		 399 (service root-file-system-service-type #f))
400
d4053c71 401(define (file-system->shepherd-service-name file-system)
0adfe95a
LC		 402 "Return the symbol that denotes the service mounting and unmounting
403FILE-SYSTEM."
404 (symbol-append 'file-system-
405 (string->symbol (file-system-mount-point file-system))))
406
d4053c71
AK		 407(define (mapped-device->shepherd-service-name md)
408 "Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
e502bf89
LC		 409 (symbol-append 'device-mapping-
410 (string->symbol (mapped-device-target md))))
411
d4053c71 412(define dependency->shepherd-service-name
e502bf89
LC		 413 (match-lambda
414 ((? mapped-device? md)
d4053c71 415 (mapped-device->shepherd-service-name md))
e502bf89 416 ((? file-system? fs)
d4053c71 417 (file-system->shepherd-service-name fs))))
e502bf89 418
d4053c71 419(define (file-system-shepherd-service file-system)
aa1145df
LC		 420 "Return the shepherd service for @var{file-system}, or @code{#f} if
421@var{file-system} is not auto-mounted upon boot."
e43e84ba 422 (let ((target (file-system-mount-point file-system))
e43e84ba 423 (create? (file-system-create-mount-point? file-system))
26e34e1e
DM		 424 (dependencies (file-system-dependencies file-system))
425 (packages (file-system-packages (list file-system))))
aa1145df 426 (and (file-system-mount? file-system)
943e1b97
LC		 427 (with-imported-modules (source-module-closure
428 '((gnu build file-systems)))
a91c3fc7
LC		 429 (shepherd-service
430 (provision (list (file-system->shepherd-service-name file-system)))
c106d03b 431 (requirement `(root-file-system udev
a91c3fc7
LC		 432 ,@(map dependency->shepherd-service-name dependencies)))
433 (documentation "Check, mount, and unmount the given file system.")
434 (start #~(lambda args
9970ef61 435 #$(if create?
bf7ef1bb
JD		 436 #~(mkdir-p #$target)
437 #t)
9328eafb
LC		 438
439 (let (($PATH (getenv "PATH")))
440 ;; Make sure fsck.ext2 & co. can be found.
441 (dynamic-wind
442 (lambda ()
26e34e1e
DM		 443 ;; Don’t display the PATH settings.
444 (with-output-to-port (%make-void-port "w")
445 (lambda ()
446 (set-path-environment-variable "PATH"
447 '("bin" "sbin")
448 '#$packages))))
9328eafb
LC		 449 (lambda ()
450 (mount-file-system
1c65cca5
LC		 451 (spec->file-system
452 '#$(file-system->spec file-system))
9328eafb
LC		 453 #:root "/"))
454 (lambda ()
455 (setenv "PATH" $PATH)))
456 #t)))
a91c3fc7
LC		 457 (stop #~(lambda args
458 ;; Normally there are no processes left at this point, so
459 ;; TARGET can be safely unmounted.
460
461 ;; Make sure PID 1 doesn't keep TARGET busy.
462 (chdir "/")
463
464 (umount #$target)
465 #f))
466
1c65cca5 467 ;; We need additional modules.
a91c3fc7 468 (modules `(((gnu build file-systems)
bf7ef1bb 469 #:select (mount-file-system))
1c65cca5 470 (gnu system file-systems)
aa1145df 471 ,@%default-modules)))))))
e43e84ba 472
a43aca97
LC		 473(define (file-system-shepherd-services file-systems)
474 "Return the list of Shepherd services for FILE-SYSTEMS."
475 (let* ((file-systems (filter file-system-mount? file-systems)))
476 (define sink
477 (shepherd-service
478 (provision '(file-systems))
479 (requirement (cons* 'root-file-system 'user-file-systems
480 (map file-system->shepherd-service-name
481 file-systems)))
482 (documentation "Target for all the initially-mounted file systems")
483 (start #~(const #t))
484 (stop #~(const #f))))
485
6c445817
LC		 486 (define known-mount-points
487 (map file-system-mount-point file-systems))
488
489 (define user-unmount
490 (shepherd-service
491 (documentation "Unmount manually-mounted file systems.")
492 (provision '(user-file-systems))
493 (start #~(const #t))
494 (stop #~(lambda args
495 (define (known? mount-point)
496 (member mount-point
497 (cons* "/proc" "/sys" '#$known-mount-points)))
498
499 ;; Make sure we don't keep the user's mount points busy.
500 (chdir "/")
501
502 (for-each (lambda (mount-point)
503 (format #t "unmounting '~a'...~%" mount-point)
504 (catch 'system-error
505 (lambda ()
506 (umount mount-point))
507 (lambda args
508 (let ((errno (system-error-errno args)))
509 (format #t "failed to unmount '~a': ~a~%"
510 mount-point (strerror errno))))))
511 (filter (negate known?) (mount-points)))
512 #f))))
513
514 (cons* sink user-unmount
515 (map file-system-shepherd-service file-systems))))
a43aca97 516
74685a43
LC		 517(define (file-system-fstab-entries file-systems)
518 "Return the subset of @var{file-systems} that should have an entry in
519@file{/etc/fstab}."
520 ;; /etc/fstab is about telling fsck(8), mount(8), and umount(8) about
521 ;; relevant file systems they'll have to deal with. That excludes "pseudo"
522 ;; file systems.
523 ;;
524 ;; In particular, things like GIO (part of GLib) use it to determine the set
525 ;; of mounts, which is then used by graphical file managers and desktop
526 ;; environments to display "volume" icons. Thus, we really need to exclude
527 ;; those pseudo file systems from the list.
528 (remove (lambda (file-system)
529 (or (member (file-system-type file-system)
530 %pseudo-file-system-types)
531 (memq 'bind-mount (file-system-flags file-system))))
532 file-systems))
533
0adfe95a 534(define file-system-service-type
aa1145df 535 (service-type (name 'file-systems)
e43e84ba 536 (extensions
d4053c71 537 (list (service-extension shepherd-root-service-type
a43aca97 538 file-system-shepherd-services)
e43e84ba 539 (service-extension fstab-service-type
74685a43 540 file-system-fstab-entries)
206a28d8
LC		 541
542 ;; Have 'user-processes' depend on 'file-systems'.
543 (service-extension user-processes-service-type
544 (const '(file-systems)))))
aa1145df 545 (compose concatenate)
6b9e1fef
LC		 546 (extend append)
547 (description
548 "Provide Shepherd services to mount and unmount the given
549file systems, as well as corresponding @file{/etc/fstab} entries.")))
0adfe95a 550
d6e2a622 551
0adfe95a 552\f
a535e122
LF		 553;;;
554;;; Preserve entropy to seed /dev/urandom on boot.
555;;;
556
557(define %random-seed-file
558 "/var/lib/random-seed")
559
a535e122
LF		 560(define (urandom-seed-shepherd-service _)
561 "Return a shepherd service for the /dev/urandom seed."
562 (list (shepherd-service
563 (documentation "Preserve entropy across reboots for /dev/urandom.")
564 (provision '(urandom-seed))
4a32f58a
LC		 565
566 ;; Depend on udev so that /dev/hwrng is available.
567 (requirement '(file-systems udev))
568
a535e122
LF		 569 (start #~(lambda _
570 ;; On boot, write random seed into /dev/urandom.
571 (when (file-exists? #$%random-seed-file)
572 (call-with-input-file #$%random-seed-file
573 (lambda (seed)
574 (call-with-output-file "/dev/urandom"
575 (lambda (urandom)
81bc4533
LC		 576 (dump-port seed urandom)
577
578 ;; Writing SEED to URANDOM isn't enough: we must
579 ;; also tell the kernel to account for these
580 ;; extra bits of entropy.
581 (let ((bits (* 8 (stat:size (stat seed)))))
582 (add-to-entropy-count urandom bits)))))))
9a56cf2b
LF		 583
584 ;; Try writing from /dev/hwrng into /dev/urandom.
585 ;; It seems that the file /dev/hwrng always exists, even
586 ;; when there is no hardware random number generator
587 ;; available. So, we handle a failed read or any other error
588 ;; reported by the operating system.
589 (let ((buf (catch 'system-error
590 (lambda ()
591 (call-with-input-file "/dev/hwrng"
592 (lambda (hwrng)
593 (get-bytevector-n hwrng 512))))
594 ;; Silence is golden...
595 (const #f))))
596 (when buf
597 (call-with-output-file "/dev/urandom"
598 (lambda (urandom)
81bc4533
LC		 599 (put-bytevector urandom buf)
600 (let ((bits (* 8 (bytevector-length buf))))
601 (add-to-entropy-count urandom bits))))))
9a56cf2b 602
71cb237a
LF		 603 ;; Immediately refresh the seed in case the system doesn't
604 ;; shut down cleanly.
605 (call-with-input-file "/dev/urandom"
606 (lambda (urandom)
607 (let ((previous-umask (umask #o077))
608 (buf (make-bytevector 512)))
609 (mkdir-p (dirname #$%random-seed-file))
610 (get-bytevector-n! urandom buf 0 512)
611 (call-with-output-file #$%random-seed-file
612 (lambda (seed)
613 (put-bytevector seed buf)))
614 (umask previous-umask))))
a535e122
LF		 615 #t))
616 (stop #~(lambda _
617 ;; During shutdown, write from /dev/urandom into random seed.
618 (let ((buf (make-bytevector 512)))
619 (call-with-input-file "/dev/urandom"
620 (lambda (urandom)
8fe5d95e
LF		 621 (let ((previous-umask (umask #o077)))
622 (get-bytevector-n! urandom buf 0 512)
71cb237a 623 (mkdir-p (dirname #$%random-seed-file))
8fe5d95e
LF		 624 (call-with-output-file #$%random-seed-file
625 (lambda (seed)
626 (put-bytevector seed buf)))
627 (umask previous-umask))
a535e122
LF		 628 #t)))))
629 (modules `((rnrs bytevectors)
630 (rnrs io ports)
631 ,@%default-modules)))))
632
633(define urandom-seed-service-type
634 (service-type (name 'urandom-seed)
635 (extensions
636 (list (service-extension shepherd-root-service-type
4e9fd508
LC		 637 urandom-seed-shepherd-service)
638
639 ;; Have 'user-processes' depend on 'urandom-seed'.
640 ;; This ensures that user processes and daemons don't
641 ;; start until we have seeded the PRNG.
642 (service-extension user-processes-service-type
643 (const '(urandom-seed)))))
8faaf8d7 644 (default-value #f)
6b9e1fef
LC		 645 (description
646 "Seed the @file{/dev/urandom} pseudo-random number
647generator (RNG) with the value recorded when the system was last shut
648down.")))
a535e122 649
65a67bf7
LC		 650(define-deprecated (urandom-seed-service)
651 urandom-seed-service-type
652 (service urandom-seed-service-type))
a535e122 653
b58cbf9a
DC		 654
655;;;
656;;; Add hardware random number generator to entropy pool.
657;;;
658
659(define-record-type* <rngd-configuration>
660 rngd-configuration make-rngd-configuration
661 rngd-configuration?
662 (rng-tools rngd-configuration-rng-tools) ;package
663 (device rngd-configuration-device)) ;string
664
665(define rngd-service-type
666 (shepherd-service-type
667 'rngd
668 (lambda (config)
669 (define rng-tools (rngd-configuration-rng-tools config))
670 (define device (rngd-configuration-device config))
671
672 (define rngd-command
9e41130b 673 (list (file-append rng-tools "/sbin/rngd")
b58cbf9a
DC		 674 "-f" "-r" device))
675
676 (shepherd-service
677 (documentation "Add TRNG to entropy pool.")
678 (requirement '(udev))
679 (provision '(trng))
680 (start #~(make-forkexec-constructor #$@rngd-command))
681 (stop #~(make-kill-destructor))))))
682
683(define* (rngd-service #:key
684 (rng-tools rng-tools)
685 (device "/dev/hwrng"))
686 "Return a service that runs the @command{rngd} program from @var{rng-tools}
687to add @var{device} to the kernel's entropy pool. The service will fail if
688@var{device} does not exist."
689 (service rngd-service-type
690 (rngd-configuration
691 (rng-tools rng-tools)
692 (device device))))
693
e10964ef 694\f
0adfe95a
LC		 695;;;
696;;; Console & co.
697;;;
698
699(define host-name-service-type
d4053c71 700 (shepherd-service-type
00184239 701 'host-name
0adfe95a 702 (lambda (name)
d4053c71 703 (shepherd-service
0adfe95a
LC		 704 (documentation "Initialize the machine's host name.")
705 (provision '(host-name))
706 (start #~(lambda _
707 (sethostname #$name)))
708 (respawn? #f)))))
a00dd9fb 709
db4fdc04 710(define (host-name-service name)
51da7ca0 711 "Return a service that sets the host name to @var{name}."
0adfe95a 712 (service host-name-service-type name))
db4fdc04 713
bb3062ad
LC		 714(define virtual-terminal-service-type
715 ;; Ensure that virtual terminals run in UTF-8 mode. This is the case by
716 ;; default with recent Linux kernels, but this service allows us to ensure
717 ;; this. This service must start before any 'term-' service so that newly
718 ;; created terminals inherit this property. See
719 ;; <https://bugs.gnu.org/30505> for a discussion.
720 (shepherd-service-type
721 'virtual-terminal
722 (lambda (utf8?)
09b7300c
LC		 723 (let ((knob "/sys/module/vt/parameters/default_utf8"))
724 (shepherd-service
725 (documentation "Set virtual terminals in UTF-8 module.")
726 (provision '(virtual-terminal))
727 (requirement '(root-file-system))
728 (start #~(lambda _
729 ;; In containers /sys is read-only so don't insist on
730 ;; writing to this file.
731 (unless (= 1 (call-with-input-file #$knob read))
732 (call-with-output-file #$knob
733 (lambda (port)
734 (display 1 port))))
735 #t))
736 (stop #~(const #f)))))
bb3062ad 737 #t)) ;default to UTF-8
62ca0fdf 738
0adfe95a 739(define console-keymap-service-type
d4053c71 740 (shepherd-service-type
00184239 741 'console-keymap
b3d05f48 742 (lambda (files)
d4053c71 743 (shepherd-service
0adfe95a
LC		 744 (documentation (string-append "Load console keymap (loadkeys)."))
745 (provision '(console-keymap))
746 (start #~(lambda _
9fc037fe 747 (zero? (system* #$(file-append kbd "/bin/loadkeys")
b3d05f48 748 #$@files))))
0adfe95a
LC		 749 (respawn? #f)))))
750
3a665637
LC		 751(define-deprecated (console-keymap-service #:rest files)
752 #f
b3d05f48
AK		 753 "Return a service to load console keymaps from @var{files}."
754 (service console-keymap-service-type files))
0adfe95a 755
4a84a487
LC		 756(define %default-console-font
757 ;; Note: 'LatGrkCyr-8x16' has the advantage of providing three common
758 ;; scripts as well as glyphs for em dash, quotation marks, and other Unicode
759 ;; codepoints notably found in the UTF-8 manual.
760 "LatGrkCyr-8x16")
761
762(define (console-font-shepherd-services tty+font)
763 "Return a list of Shepherd services for each pair in TTY+FONT."
764 (map (match-lambda
765 ((tty . font)
766 (let ((device (string-append "/dev/" tty)))
767 (shepherd-service
768 (documentation "Load a Unicode console font.")
769 (provision (list (symbol-append 'console-font-
770 (string->symbol tty))))
771
772 ;; Start after mingetty has been started on TTY, otherwise the settings
773 ;; are ignored.
774 (requirement (list (symbol-append 'term-
775 (string->symbol tty))))
776
777 (start #~(lambda _
787e8a80
LC		 778 ;; It could be that mingetty is not fully ready yet,
779 ;; which we check by calling 'ttyname'.
780 (let loop ((i 10))
781 (unless (or (zero? i)
782 (call-with-input-file #$device
783 (lambda (port)
784 (false-if-exception (ttyname port)))))
785 (usleep 500)
786 (loop (- i 1))))
787
bb3062ad
LC		 788 ;; Assume the VT is already in UTF-8 mode, thanks to
789 ;; the 'virtual-terminal' service.
790 ;;
791 ;; 'setfont' returns EX_OSERR (71) when an
792 ;; KDFONTOP ioctl fails, for example. Like
793 ;; systemd's vconsole support, let's not treat
794 ;; this as an error.
795 (case (status:exit-val
796 (system* #$(file-append kbd "/bin/setfont")
797 "-C" #$device #$font))
798 ((0 71) #t)
799 (else #f))))
4a84a487
LC		 800 (stop #~(const #t))
801 (respawn? #f)))))
802 tty+font))
0adfe95a 803
4a84a487
LC		 804(define console-font-service-type
805 (service-type (name 'console-fonts)
806 (extensions
807 (list (service-extension shepherd-root-service-type
808 console-font-shepherd-services)))
809 (compose concatenate)
6b9e1fef
LC		 810 (extend append)
811 (description
812 "Install the given fonts on the specified ttys (fonts are per
813virtual console on GNU/Linux). The value of this service is a list of
74a98b5c
JS		 814tty/font pairs. The font can be the name of a font provided by the @code{kbd}
815package or any valid argument to @command{setfont}, as in this example:
6b9e1fef
LC		 816
817@example
74a98b5c
JS		 818'((\"tty1\" . \"LatGrkCyr-8x16\")
819 (\"tty2\" . (file-append
820 font-tamzen
821 \"/share/kbd/consolefonts/TamzenForPowerline10x20.psf\")))
6b9e1fef 822@end example\n")))
5eca9459 823
62ca0fdf 824(define* (console-font-service tty #:optional (font "LatGrkCyr-8x16"))
4a84a487
LC		 825 "This procedure is deprecated in favor of @code{console-font-service-type}.
826
827Return a service that sets up Unicode support in @var{tty} and loads
62ca0fdf 828@var{font} for that tty (fonts are per virtual console in Linux.)"
4a84a487
LC		 829 (simple-service (symbol-append 'console-font- (string->symbol tty))
830 console-font-service-type `((,tty . ,font))))
62ca0fdf 831
317d3b47
DC		 832(define %default-motd
833 (plain-file "motd" "This is the GNU operating system, welcome!\n\n"))
834
835(define-record-type* <login-configuration>
836 login-configuration make-login-configuration
837 login-configuration?
838 (motd login-configuration-motd ;file-like
839 (default %default-motd))
840 ;; Allow empty passwords by default so that first-time users can log in when
841 ;; the 'root' account has just been created.
842 (allow-empty-passwords? login-configuration-allow-empty-passwords?
843 (default #t))) ;Boolean
844
845(define (login-pam-service config)
846 "Return the list of PAM service needed for CONF."
847 ;; Let 'login' be known to PAM.
848 (list (unix-pam-service "login"
e6b1a224 849 #:login-uid? #t
317d3b47
DC		 850 #:allow-empty-passwords?
851 (login-configuration-allow-empty-passwords? config)
852 #:motd
853 (login-configuration-motd config))))
854
855(define login-service-type
856 (service-type (name 'login)
857 (extensions (list (service-extension pam-root-service-type
6b9e1fef 858 login-pam-service)))
178bce41 859 (default-value (login-configuration))
6b9e1fef
LC		 860 (description
861 "Provide a console log-in service as specified by its
862configuration value, a @code{login-configuration} object.")))
317d3b47
DC		 863
864(define* (login-service #:optional (config (login-configuration)))
865 "Return a service configure login according to @var{config}, which specifies
866the message of the day, among other things."
867 (service login-service-type config))
868
9ee4c9ab
LF		 869(define-record-type* <agetty-configuration>
870 agetty-configuration make-agetty-configuration
871 agetty-configuration?
872 (agetty agetty-configuration-agetty ;<package>
873 (default util-linux))
5a9902c8 874 (tty agetty-configuration-tty) ;string | #f
9ee4c9ab
LF		 875 (term agetty-term ;string | #f
876 (default #f))
877 (baud-rate agetty-baud-rate ;string | #f
878 (default #f))
879 (auto-login agetty-auto-login ;list of strings | #f
880 (default #f))
881 (login-program agetty-login-program ;gexp
882 (default (file-append shadow "/bin/login")))
883 (login-pause? agetty-login-pause? ;Boolean
884 (default #f))
885 (eight-bits? agetty-eight-bits? ;Boolean
886 (default #f))
887 (no-reset? agetty-no-reset? ;Boolean
888 (default #f))
889 (remote? agetty-remote? ;Boolean
890 (default #f))
891 (flow-control? agetty-flow-control? ;Boolean
892 (default #f))
893 (host agetty-host ;string | #f
894 (default #f))
895 (no-issue? agetty-no-issue? ;Boolean
896 (default #f))
897 (init-string agetty-init-string ;string | #f
898 (default #f))
899 (no-clear? agetty-no-clear? ;Boolean
900 (default #f))
901 (local-line agetty-local-line ;always | never | auto
902 (default #f))
903 (extract-baud? agetty-extract-baud? ;Boolean
904 (default #f))
905 (skip-login? agetty-skip-login? ;Boolean
906 (default #f))
907 (no-newline? agetty-no-newline? ;Boolean
908 (default #f))
909 (login-options agetty-login-options ;string | #f
910 (default #f))
911 (chroot agetty-chroot ;string | #f
912 (default #f))
913 (hangup? agetty-hangup? ;Boolean
914 (default #f))
915 (keep-baud? agetty-keep-baud? ;Boolean
916 (default #f))
917 (timeout agetty-timeout ;integer | #f
918 (default #f))
919 (detect-case? agetty-detect-case? ;Boolean
920 (default #f))
921 (wait-cr? agetty-wait-cr? ;Boolean
922 (default #f))
923 (no-hints? agetty-no-hints? ;Boolean
924 (default #f))
925 (no-hostname? agetty-no hostname? ;Boolean
926 (default #f))
927 (long-hostname? agetty-long-hostname? ;Boolean
928 (default #f))
929 (erase-characters agetty-erase-characters ;string | #f
930 (default #f))
931 (kill-characters agetty-kill-characters ;string | #f
932 (default #f))
933 (chdir agetty-chdir ;string | #f
934 (default #f))
935 (delay agetty-delay ;integer | #f
936 (default #f))
937 (nice agetty-nice ;integer | #f
938 (default #f))
939 ;; "Escape hatch" for passing arbitrary command-line arguments.
940 (extra-options agetty-extra-options ;list of strings
941 (default '()))
942;;; XXX Unimplemented for now!
943;;; (issue-file agetty-issue-file ;file-like
944;;; (default #f))
945 )
946
5a9902c8
DM		 947(define (default-serial-port)
948 "Return a gexp that determines a reasonable default serial port
949to use as the tty. This is primarily useful for headless systems."
62c22175
LC		 950 (with-imported-modules (source-module-closure
951 '((gnu build linux-boot))) ;for 'find-long-options'
952 #~(begin
953 ;; console=device,options
954 ;; device: can be tty0, ttyS0, lp0, ttyUSB0 (serial).
955 ;; options: BBBBPNF. P n|o|e, N number of bits,
956 ;; F flow control (r RTS)
957 (let* ((not-comma (char-set-complement (char-set #\,)))
958 (command (linux-command-line))
959 (agetty-specs (find-long-options "agetty.tty" command))
960 (console-specs (filter (lambda (spec)
961 (and (string-prefix? "tty" spec)
962 (not (or
963 (string-prefix? "tty0" spec)
964 (string-prefix? "tty1" spec)
965 (string-prefix? "tty2" spec)
966 (string-prefix? "tty3" spec)
967 (string-prefix? "tty4" spec)
968 (string-prefix? "tty5" spec)
969 (string-prefix? "tty6" spec)
970 (string-prefix? "tty7" spec)
971 (string-prefix? "tty8" spec)
972 (string-prefix? "tty9" spec)))))
973 (find-long-options "console" command)))
974 (specs (append agetty-specs console-specs)))
975 (match specs
976 (() #f)
977 ((spec _ ...)
978 ;; Extract device name from first spec.
979 (match (string-tokenize spec not-comma)
980 ((device-name _ ...)
981 device-name))))))))
5a9902c8 982
9ee4c9ab
LF		 983(define agetty-shepherd-service
984 (match-lambda
985 (($ <agetty-configuration> agetty tty term baud-rate auto-login
986 login-program login-pause? eight-bits? no-reset? remote? flow-control?
987 host no-issue? init-string no-clear? local-line extract-baud?
988 skip-login? no-newline? login-options chroot hangup? keep-baud? timeout
989 detect-case? wait-cr? no-hints? no-hostname? long-hostname?
990 erase-characters kill-characters chdir delay nice extra-options)
991 (list
992 (shepherd-service
993 (documentation "Run agetty on a tty.")
5a9902c8 994 (provision (list (symbol-append 'term- (string->symbol (or tty "auto")))))
9ee4c9ab
LF		 995
996 ;; Since the login prompt shows the host name, wait for the 'host-name'
997 ;; service to be done. Also wait for udev essentially so that the tty
998 ;; text is not lost in the middle of kernel messages (see also
999 ;; mingetty-shepherd-service).
1000 (requirement '(user-processes host-name udev))
1001
5f15b422
LC		 1002 (modules '((ice-9 match) (gnu build linux-boot)))
1003 (start
1004 (with-imported-modules (source-module-closure
1005 '((gnu build linux-boot)))
1006 #~(lambda args
1007 (let ((defaulted-tty #$(or tty (default-serial-port))))
1008 (apply
1009 (if defaulted-tty
1010 (make-forkexec-constructor
1011 (list #$(file-append util-linux "/sbin/agetty")
1012 #$@extra-options
1013 #$@(if eight-bits?
1014 #~("--8bits")
1015 #~())
1016 #$@(if no-reset?
1017 #~("--noreset")
1018 #~())
1019 #$@(if remote?
1020 #~("--remote")
1021 #~())
1022 #$@(if flow-control?
1023 #~("--flow-control")
1024 #~())
1025 #$@(if host
1026 #~("--host" #$host)
1027 #~())
1028 #$@(if no-issue?
1029 #~("--noissue")
1030 #~())
1031 #$@(if init-string
1032 #~("--init-string" #$init-string)
1033 #~())
1034 #$@(if no-clear?
1035 #~("--noclear")
1036 #~())
9ee4c9ab
LF		 1037;;; FIXME This doesn't work as expected. According to agetty(8), if this option
1038;;; is not passed, then the default is 'auto'. However, in my tests, when that
1039;;; option is selected, agetty never presents the login prompt, and the
1040;;; term-ttyS0 service respawns every few seconds.
5f15b422
LC		 1041 #$@(if local-line
1042 #~(#$(match local-line
1043 ('auto "--local-line=auto")
1044 ('always "--local-line=always")
1045 ('never "-local-line=never")))
1046 #~())
1047 #$@(if tty
1048 #~()
1049 #~("--keep-baud"))
1050 #$@(if extract-baud?
1051 #~("--extract-baud")
1052 #~())
1053 #$@(if skip-login?
1054 #~("--skip-login")
1055 #~())
1056 #$@(if no-newline?
1057 #~("--nonewline")
1058 #~())
1059 #$@(if login-options
1060 #~("--login-options" #$login-options)
1061 #~())
1062 #$@(if chroot
1063 #~("--chroot" #$chroot)
1064 #~())
1065 #$@(if hangup?
1066 #~("--hangup")
1067 #~())
1068 #$@(if keep-baud?
1069 #~("--keep-baud")
1070 #~())
1071 #$@(if timeout
1072 #~("--timeout" #$(number->string timeout))
1073 #~())
1074 #$@(if detect-case?
1075 #~("--detect-case")
1076 #~())
1077 #$@(if wait-cr?
1078 #~("--wait-cr")
1079 #~())
1080 #$@(if no-hints?
1081 #~("--nohints?")
1082 #~())
1083 #$@(if no-hostname?
1084 #~("--nohostname")
1085 #~())
1086 #$@(if long-hostname?
1087 #~("--long-hostname")
1088 #~())
1089 #$@(if erase-characters
1090 #~("--erase-chars" #$erase-characters)
1091 #~())
1092 #$@(if kill-characters
1093 #~("--kill-chars" #$kill-characters)
1094 #~())
1095 #$@(if chdir
1096 #~("--chdir" #$chdir)
1097 #~())
1098 #$@(if delay
1099 #~("--delay" #$(number->string delay))
1100 #~())
1101 #$@(if nice
1102 #~("--nice" #$(number->string nice))
1103 #~())
1104 #$@(if auto-login
1105 (list "--autologin" auto-login)
1106 '())
1107 #$@(if login-program
1108 #~("--login-program" #$login-program)
1109 #~())
1110 #$@(if login-pause?
1111 #~("--login-pause")
1112 #~())
1113 defaulted-tty
1114 #$@(if baud-rate
1115 #~(#$baud-rate)
1116 #~())
1117 #$@(if term
1118 #~(#$term)
1119 #~())))
1120 (const #f)) ; never start.
1121 args)))))
9ee4c9ab
LF		 1122 (stop #~(make-kill-destructor)))))))
1123
1124(define agetty-service-type
1125 (service-type (name 'agetty)
1126 (extensions (list (service-extension shepherd-root-service-type
6b9e1fef
LC		 1127 agetty-shepherd-service)))
1128 (description
1129 "Provide console login using the @command{agetty}
1130program.")))
9ee4c9ab
LF		 1131
1132(define* (agetty-service config)
1133 "Return a service to run agetty according to @var{config}, which specifies
1134the tty to run, among other things."
1135 (service agetty-service-type config))
1136
66e4f01c
LC		 1137(define-record-type* <mingetty-configuration>
1138 mingetty-configuration make-mingetty-configuration
1139 mingetty-configuration?
1140 (mingetty mingetty-configuration-mingetty ;<package>
1141 (default mingetty))
1142 (tty mingetty-configuration-tty) ;string
66e4f01c
LC		 1143 (auto-login mingetty-auto-login ;string | #f
1144 (default #f))
1145 (login-program mingetty-login-program ;gexp
1146 (default #f))
1147 (login-pause? mingetty-login-pause? ;Boolean
317d3b47 1148 (default #f)))
0adfe95a 1149
d4053c71 1150(define mingetty-shepherd-service
0adfe95a 1151 (match-lambda
317d3b47
DC		 1152 (($ <mingetty-configuration> mingetty tty auto-login login-program
1153 login-pause?)
0adfe95a 1154 (list
d4053c71 1155 (shepherd-service
0adfe95a
LC		 1156 (documentation "Run mingetty on an tty.")
1157 (provision (list (symbol-append 'term- (string->symbol tty))))
1158
1159 ;; Since the login prompt shows the host name, wait for the 'host-name'
1160 ;; service to be done. Also wait for udev essentially so that the tty
1161 ;; text is not lost in the middle of kernel messages (XXX).
bb3062ad 1162 (requirement '(user-processes host-name udev virtual-terminal))
0adfe95a 1163
7e0a6fac
DM		 1164 (start #~(make-forkexec-constructor
1165 (list #$(file-append mingetty "/sbin/mingetty")
a043b5b8
LC		 1166 "--noclear"
1167
1168 ;; Avoiding 'vhangup' allows us to avoid 'setfont'
1169 ;; errors down the path where various ioctls get
1170 ;; EIO--see 'hung_up_tty_ioctl' in driver/tty/tty_io.c
1171 ;; in Linux.
1172 "--nohangup" #$tty
1173
7e0a6fac
DM		 1174 #$@(if auto-login
1175 #~("--autologin" #$auto-login)
1176 #~())
1177 #$@(if login-program
1178 #~("--loginprog" #$login-program)
1179 #~())
1180 #$@(if login-pause?
1181 #~("--loginpause")
1182 #~()))))
0adfe95a
LC		 1183 (stop #~(make-kill-destructor)))))))
1184
1185(define mingetty-service-type
1186 (service-type (name 'mingetty)
d4053c71 1187 (extensions (list (service-extension shepherd-root-service-type
6b9e1fef
LC		 1188 mingetty-shepherd-service)))
1189 (description
1190 "Provide console login using the @command{mingetty}
1191program.")))
0adfe95a
LC		 1192
1193(define* (mingetty-service config)
1194 "Return a service to run mingetty according to @var{config}, which specifies
1195the tty to run, among other things."
1196 (service mingetty-service-type config))
db4fdc04 1197
6454b333
LC		 1198(define-record-type* <nscd-configuration> nscd-configuration
1199 make-nscd-configuration
1200 nscd-configuration?
1201 (log-file nscd-configuration-log-file ;string
1202 (default "/var/log/nscd.log"))
1203 (debug-level nscd-debug-level ;integer
1204 (default 0))
1205 ;; TODO: See nscd.conf in glibc for other options to add.
1206 (caches nscd-configuration-caches ;list of <nscd-cache>
b893f1ae
LC		 1207 (default %nscd-default-caches))
1208 (name-services nscd-configuration-name-services ;list of <packages>
1209 (default '()))
1210 (glibc nscd-configuration-glibc ;<package>
1211 (default (canonical-package glibc))))
6454b333
LC		 1212
1213(define-record-type* <nscd-cache> nscd-cache make-nscd-cache
1214 nscd-cache?
1215 (database nscd-cache-database) ;symbol
1216 (positive-time-to-live nscd-cache-positive-time-to-live) ;integer
1217 (negative-time-to-live nscd-cache-negative-time-to-live
1218 (default 20)) ;integer
1219 (suggested-size nscd-cache-suggested-size ;integer ("default module
1220 ;of hash table")
1221 (default 211))
1222 (check-files? nscd-cache-check-files? ;Boolean
1223 (default #t))
1224 (persistent? nscd-cache-persistent? ;Boolean
1225 (default #t))
1226 (shared? nscd-cache-shared? ;Boolean
1227 (default #t))
1228 (max-database-size nscd-cache-max-database-size ;integer
1229 (default (* 32 (expt 2 20))))
1230 (auto-propagate? nscd-cache-auto-propagate? ;Boolean
1231 (default #t)))
1232
1233(define %nscd-default-caches
1234 ;; Caches that we want to enable by default. Note that when providing an
1235 ;; empty nscd.conf, all caches are disabled.
1236 (list (nscd-cache (database 'hosts)
1237
1238 ;; Aggressively cache the host name cache to improve
1239 ;; privacy and resilience.
1240 (positive-time-to-live (* 3600 12))
1241 (negative-time-to-live 20)
1242 (persistent? #t))
1243
1244 (nscd-cache (database 'services)
1245
1246 ;; Services are unlikely to change, so we can be even more
1247 ;; aggressive.
1248 (positive-time-to-live (* 3600 24))
1249 (negative-time-to-live 3600)
1250 (check-files? #t) ;check /etc/services changes
1251 (persistent? #t))))
1252
1253(define %nscd-default-configuration
1254 ;; Default nscd configuration.
1255 (nscd-configuration))
1256
1257(define (nscd.conf-file config)
1258 "Return the @file{nscd.conf} configuration file for @var{config}, an
1259@code{<nscd-configuration>} object."
1260 (define cache->config
1261 (match-lambda
be1c2c54
LC		 1262 (($ <nscd-cache> (= symbol->string database)
1263 positive-ttl negative-ttl size check-files?
1264 persistent? shared? max-size propagate?)
1265 (string-append "\nenable-cache\t" database "\tyes\n"
1266
1267 "positive-time-to-live\t" database "\t"
1268 (number->string positive-ttl) "\n"
1269 "negative-time-to-live\t" database "\t"
1270 (number->string negative-ttl) "\n"
1271 "suggested-size\t" database "\t"
1272 (number->string size) "\n"
1273 "check-files\t" database "\t"
1274 (if check-files? "yes\n" "no\n")
1275 "persistent\t" database "\t"
1276 (if persistent? "yes\n" "no\n")
1277 "shared\t" database "\t"
1278 (if shared? "yes\n" "no\n")
1279 "max-db-size\t" database "\t"
1280 (number->string max-size) "\n"
1281 "auto-propagate\t" database "\t"
1282 (if propagate? "yes\n" "no\n")))))
6454b333
LC		 1283
1284 (match config
1285 (($ <nscd-configuration> log-file debug-level caches)
be1c2c54
LC		 1286 (plain-file "nscd.conf"
1287 (string-append "\
6454b333 1288# Configuration of libc's name service cache daemon (nscd).\n\n"
be1c2c54
LC		 1289 (if log-file
1290 (string-append "logfile\t" log-file)
1291 "")
1292 "\n"
1293 (if debug-level
1294 (string-append "debug-level\t"
1295 (number->string debug-level))
1296 "")
1297 "\n"
1298 (string-concatenate
1299 (map cache->config caches)))))))
6454b333 1300
d3f75179
LC		 1301(define (nscd-action-procedure nscd config option)
1302 ;; XXX: This is duplicated from mcron; factorize.
1303 #~(lambda (_ . args)
1304 ;; Run 'nscd' in a pipe so we can explicitly redirect its output to
1305 ;; 'current-output-port', which at this stage is bound to the client
1306 ;; connection.
1307 (let ((pipe (apply open-pipe* OPEN_READ #$nscd
1308 "-f" #$config #$option args)))
1309 (let loop ()
1310 (match (read-line pipe 'concat)
1311 ((? eof-object?)
1312 (catch 'system-error
1313 (lambda ()
1314 (zero? (close-pipe pipe)))
1315 (lambda args
1316 ;; There's a race with the SIGCHLD handler, which could
1317 ;; call 'waitpid' before 'close-pipe' above does. If we
33572a36
LC		 1318 ;; get ECHILD, that means we lost the race; in that case, we
1319 ;; cannot tell what the exit code was (FIXME).
d3f75179
LC		 1320 (or (= ECHILD (system-error-errno args))
1321 (apply throw args)))))
1322 (line
1323 (display line)
1324 (loop)))))))
1325
1326(define (nscd-actions nscd config)
1327 "Return Shepherd actions for NSCD."
1328 ;; Make this functionality available as actions because that's a simple way
1329 ;; to run the right 'nscd' binary with the right config file.
1330 (list (shepherd-action
1331 (name 'statistics)
1332 (documentation "Display statistics about nscd usage.")
1333 (procedure (nscd-action-procedure nscd config "--statistics")))
1334 (shepherd-action
1335 (name 'invalidate)
1336 (documentation
1337 "Invalidate the given cache--e.g., 'hosts' for host name lookups.")
1338 (procedure (nscd-action-procedure nscd config "--invalidate")))))
1339
d4053c71
AK		 1340(define (nscd-shepherd-service config)
1341 "Return a shepherd service for CONFIG, an <nscd-configuration> object."
d3f75179
LC		 1342 (let ((nscd (file-append (nscd-configuration-glibc config)
1343 "/sbin/nscd"))
1344 (nscd.conf (nscd.conf-file config))
0adfe95a 1345 (name-services (nscd-configuration-name-services config)))
d4053c71 1346 (list (shepherd-service
0adfe95a
LC		 1347 (documentation "Run libc's name service cache daemon (nscd).")
1348 (provision '(nscd))
1349 (requirement '(user-processes))
1350 (start #~(make-forkexec-constructor
d3f75179 1351 (list #$nscd "-f" #$nscd.conf "--foreground")
0adfe95a 1352
04101d99
LC		 1353 ;; Wait for the PID file. However, the PID file is
1354 ;; written before nscd is actually listening on its
1355 ;; socket (XXX).
1356 #:pid-file "/var/run/nscd/nscd.pid"
1357
0adfe95a
LC		 1358 #:environment-variables
1359 (list (string-append "LD_LIBRARY_PATH="
1360 (string-join
1361 (map (lambda (dir)
1362 (string-append dir "/lib"))
1363 (list #$@name-services))
1364 ":")))))
d3f75179
LC		 1365 (stop #~(make-kill-destructor))
1366 (modules `((ice-9 popen) ;for the actions
1367 (ice-9 rdelim)
1368 (ice-9 match)
1369 ,@%default-modules))
1370 (actions (nscd-actions nscd nscd.conf))))))
0adfe95a
LC		 1371
1372(define nscd-activation
1373 ;; Actions to take before starting nscd.
1374 #~(begin
1375 (use-modules (guix build utils))
1376 (mkdir-p "/var/run/nscd")
49f9d7f6
LC		 1377 (mkdir-p "/var/db/nscd") ;for the persistent cache
1378
1379 ;; In libc 2.25 nscd uses inotify to watch /etc/resolv.conf, but only if
c298fb13
LC		 1380 ;; that file exists when it is started. Thus create it here. Note: on
1381 ;; some systems, such as when NetworkManager is used, /etc/resolv.conf
1382 ;; is a symlink, hence 'lstat'.
1383 (unless (false-if-exception (lstat "/etc/resolv.conf"))
49f9d7f6
LC		 1384 (call-with-output-file "/etc/resolv.conf"
1385 (lambda (port)
1386 (display "# This is a placeholder.\n" port))))))
0adfe95a
LC		 1387
1388(define nscd-service-type
1389 (service-type (name 'nscd)
1390 (extensions
1391 (list (service-extension activation-service-type
1392 (const nscd-activation))
d4053c71
AK		 1393 (service-extension shepherd-root-service-type
1394 nscd-shepherd-service)))
0adfe95a
LC		 1395
1396 ;; This can be extended by providing additional name services
1397 ;; such as nss-mdns.
1398 (compose concatenate)
1399 (extend (lambda (config name-services)
1400 (nscd-configuration
1401 (inherit config)
1402 (name-services (append
1403 (nscd-configuration-name-services config)
6b9e1fef 1404 name-services)))))
db903549 1405 (default-value %nscd-default-configuration)
6b9e1fef
LC		 1406 (description
1407 "Runs libc's @dfn{name service cache daemon} (nscd) with the
1408given configuration---an @code{<nscd-configuration>} object. @xref{Name
1409Service Switch}, for an example.")))
0adfe95a 1410
b893f1ae 1411(define* (nscd-service #:optional (config %nscd-default-configuration))
6454b333 1412 "Return a service that runs libc's name service cache daemon (nscd) with the
b893f1ae
LC		 1413given @var{config}---an @code{<nscd-configuration>} object. @xref{Name
1414Service Switch}, for an example."
0adfe95a
LC		 1415 (service nscd-service-type config))
1416
ec2e2f6c
DC		 1417
1418(define-record-type* <syslog-configuration>
1419 syslog-configuration make-syslog-configuration
1420 syslog-configuration?
1421 (syslogd syslog-configuration-syslogd
9e41130b 1422 (default (file-append inetutils "/libexec/syslogd")))
ec2e2f6c
DC		 1423 (config-file syslog-configuration-config-file
1424 (default %default-syslog.conf)))
1425
0adfe95a 1426(define syslog-service-type
d4053c71 1427 (shepherd-service-type
00184239 1428 'syslog
ec2e2f6c 1429 (lambda (config)
d4053c71 1430 (shepherd-service
0adfe95a
LC		 1431 (documentation "Run the syslog daemon (syslogd).")
1432 (provision '(syslogd))
1433 (requirement '(user-processes))
1434 (start #~(make-forkexec-constructor
ec2e2f6c 1435 (list #$(syslog-configuration-syslogd config)
afa54a38
LC		 1436 "--rcfile" #$(syslog-configuration-config-file config))
1437 #:pid-file "/var/run/syslog.pid"))
0adfe95a 1438 (stop #~(make-kill-destructor))))))
be1c2c54
LC		 1439
1440;; Snippet adapted from the GNU inetutils manual.
1441(define %default-syslog.conf
1442 (plain-file "syslog.conf" "
1f3fc60d 1443 # Log all error messages, authentication messages of
db4fdc04
LC		 1444 # level notice or higher and anything of level err or
1445 # higher to the console.
1446 # Don't log private authentication messages!
6a191274 1447 *.alert;auth.notice;authpriv.none /dev/console
db4fdc04
LC		 1448
1449 # Log anything (except mail) of level info or higher.
1450 # Don't log private authentication messages!
1451 *.info;mail.none;authpriv.none /var/log/messages
1452
b6d8066d
AW		 1453 # Like /var/log/messages, but also including \"debug\"-level logs.
1454 *.debug;mail.none;authpriv.none /var/log/debug
1455
db4fdc04
LC		 1456 # Same, in a different place.
1457 *.info;mail.none;authpriv.none /dev/tty12
1458
1459 # The authpriv file has restricted access.
1460 authpriv.* /var/log/secure
1461
1462 # Log all the mail messages in one place.
1463 mail.* /var/log/maillog
be1c2c54 1464"))
0adfe95a 1465
ec2e2f6c
DC		 1466(define* (syslog-service #:optional (config (syslog-configuration)))
1467 "Return a service that runs @command{syslogd} and takes
1468@var{<syslog-configuration>} as a parameter.
44abcb28
LC		 1469
1470@xref{syslogd invocation,,, inetutils, GNU Inetutils}, for more
1471information on the configuration file syntax."
ec2e2f6c
DC		 1472 (service syslog-service-type config))
1473
db4fdc04 1474
909147e4
RW		 1475(define pam-limits-service-type
1476 (let ((security-limits
1477 ;; Create /etc/security containing the provided "limits.conf" file.
1478 (lambda (limits-file)
1479 `(("security"
1480 ,(computed-file
1481 "security"
1482 #~(begin
1483 (mkdir #$output)
1484 (stat #$limits-file)
1485 (symlink #$limits-file
1486 (string-append #$output "/limits.conf"))))))))
1487 (pam-extension
1488 (lambda (pam)
1489 (let ((pam-limits (pam-entry
1490 (control "required")
1491 (module "pam_limits.so")
1492 (arguments '("conf=/etc/security/limits.conf")))))
1493 (if (member (pam-service-name pam)
0bf7d34d 1494 '("login" "su" "slim" "gdm-password"))
909147e4
RW		 1495 (pam-service
1496 (inherit pam)
1497 (session (cons pam-limits
1498 (pam-service-session pam))))
1499 pam)))))
1500 (service-type
1501 (name 'limits)
1502 (extensions
1503 (list (service-extension etc-service-type security-limits)
1504 (service-extension pam-root-service-type
6b9e1fef
LC		 1505 (lambda _ (list pam-extension)))))
1506 (description
1507 "Install the specified resource usage limits by populating
1508@file{/etc/security/limits.conf} and using the @code{pam_limits}
1509authentication module."))))
909147e4
RW		 1510
1511(define* (pam-limits-service #:optional (limits '()))
1512 "Return a service that makes selected programs respect the list of
1513pam-limits-entry specified in LIMITS via pam_limits.so."
1514 (service pam-limits-service-type
1515 (plain-file "limits.conf"
1516 (string-join (map pam-limits-entry->string limits)
1517 "\n"))))
1518
1c52181f
LC		 1519\f
1520;;;
1521;;; Guix services.
1522;;;
1523
db4fdc04 1524(define* (guix-build-accounts count #:key
ab6a279a 1525 (group "guixbuild")
db4fdc04 1526 (shadow shadow))
309d87c3
LC		 1527 "Return a list of COUNT user accounts for Guix build users with the given
1528GID."
5250a4f2
LC		 1529 (unfold (cut > <> count)
1530 (lambda (n)
1531 (user-account
1532 (name (format #f "guixbuilder~2,'0d" n))
1533 (system? #t)
5250a4f2
LC		 1534 (group group)
1535
1536 ;; guix-daemon expects GROUP to be listed as a
1537 ;; supplementary group too:
1538 ;; <http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00239.html>.
1539 (supplementary-groups (list group "kvm"))
1540
1541 (comment (format #f "Guix Build User ~2d" n))
1542 (home-directory "/var/empty")
9e41130b 1543 (shell (file-append shadow "/sbin/nologin"))))
5250a4f2
LC		 1544 1+
1545 1))
db4fdc04 1546
8b3ad455
LC		 1547(define not-config?
1548 ;; Select (guix …) and (gnu …) modules, except (guix config).
1549 (match-lambda
1550 (('guix 'config) #f)
1551 (('guix rest ...) #t)
1552 (('gnu rest ...) #t)
1553 (rest #f)))
1554
3a8bfebe 1555(define (substitute-key-authorization keys guix)
970ebdae
LC		 1556 "Return a gexp with code to register KEYS, a list of files containing 'guix
1557archive' public keys, with GUIX."
8b3ad455
LC		 1558 (define default-acl
1559 (with-extensions (list guile-gcrypt)
1560 (with-imported-modules `(((guix config) => ,(make-config.scm))
8b3ad455
LC		 1561 ,@(source-module-closure '((guix pki))
1562 #:select? not-config?))
1563 (computed-file "acl"
1564 #~(begin
1565 (use-modules (guix pki)
1566 (gcrypt pk-crypto)
1567 (ice-9 rdelim))
1568
1569 (define keys
1570 (map (lambda (file)
1571 (call-with-input-file file
1572 (compose string->canonical-sexp
1573 read-string)))
1574 '(#$@keys)))
1575
1576 (call-with-output-file #$output
1577 (lambda (port)
1578 (write-acl (public-keys->acl keys)
1579 port))))))))
1580
1581 (with-imported-modules '((guix build utils))
1582 #~(begin
1583 (use-modules (guix build utils))
1584
1585 (unless (file-exists? "/etc/guix/acl")
1586 (mkdir-p "/etc/guix")
1587 (copy-file #+default-acl "/etc/guix/acl")
1588 (chmod "/etc/guix/acl" #o600)))))
2c5c696c 1589
5b58c28b
LC		 1590(define %default-authorized-guix-keys
1591 ;; List of authorized substitute keys.
3a8bfebe 1592 (list (file-append guix "/share/guix/berlin.guixsd.org.pub")))
5b58c28b 1593
0adfe95a
LC		 1594(define-record-type* <guix-configuration>
1595 guix-configuration make-guix-configuration
1596 guix-configuration?
1597 (guix guix-configuration-guix ;<package>
1598 (default guix))
1599 (build-group guix-configuration-build-group ;string
1600 (default "guixbuild"))
1601 (build-accounts guix-configuration-build-accounts ;integer
1602 (default 10))
1603 (authorize-key? guix-configuration-authorize-key? ;Boolean
1604 (default #t))
5b58c28b
LC		 1605 (authorized-keys guix-configuration-authorized-keys ;list of gexps
1606 (default %default-authorized-guix-keys))
0adfe95a
LC		 1607 (use-substitutes? guix-configuration-use-substitutes? ;Boolean
1608 (default #t))
b0b9f6e0
LC		 1609 (substitute-urls guix-configuration-substitute-urls ;list of strings
1610 (default %default-substitute-urls))
88554b5d
LC		 1611 (chroot-directories guix-configuration-chroot-directories ;list of file-like/strings
1612 (default '()))
3bee4b61
LC		 1613 (max-silent-time guix-configuration-max-silent-time ;integer
1614 (default 0))
1615 (timeout guix-configuration-timeout ;integer
1616 (default 0))
f4596f76
LC		 1617 (log-compression guix-configuration-log-compression
1618 (default 'bzip2))
0adfe95a
LC		 1619 (extra-options guix-configuration-extra-options ;list of strings
1620 (default '()))
dc0ef095
LC		 1621 (log-file guix-configuration-log-file ;string
1622 (default "/var/log/guix-daemon.log"))
93d32da9 1623 (http-proxy guix-http-proxy ;string | #f
b191f0a6
LF		 1624 (default #f))
1625 (tmpdir guix-tmpdir ;string | #f
93d32da9 1626 (default #f)))
0adfe95a
LC		 1627
1628(define %default-guix-configuration
1629 (guix-configuration))
1630
d4053c71
AK		 1631(define (guix-shepherd-service config)
1632 "Return a <shepherd-service> for the Guix daemon service with CONFIG."
f4596f76
LC		 1633 (match-record config <guix-configuration>
1634 (guix build-group build-accounts authorize-key? authorized-keys
1635 use-substitutes? substitute-urls max-silent-time timeout
88554b5d
LC		 1636 log-compression extra-options log-file http-proxy tmpdir
1637 chroot-directories)
f4596f76
LC		 1638 (list (shepherd-service
1639 (documentation "Run the Guix daemon.")
1640 (provision '(guix-daemon))
1641 (requirement '(user-processes))
88554b5d 1642 (modules '((srfi srfi-1)))
f4596f76
LC		 1643 (start
1644 #~(make-forkexec-constructor
88554b5d
LC		 1645 (cons* #$(file-append guix "/bin/guix-daemon")
1646 "--build-users-group" #$build-group
1647 "--max-silent-time" #$(number->string max-silent-time)
1648 "--timeout" #$(number->string timeout)
1649 "--log-compression" #$(symbol->string log-compression)
1650 #$@(if use-substitutes?
1651 '()
1652 '("--no-substitutes"))
1653 "--substitute-urls" #$(string-join substitute-urls)
1654 #$@extra-options
1655
1656 ;; Add CHROOT-DIRECTORIES and all their dependencies (if
1657 ;; these are store items) to the chroot.
1658 (append-map (lambda (file)
1659 (append-map (lambda (directory)
1660 (list "--chroot-directory"
1661 directory))
1662 (call-with-input-file file
1663 read)))
1664 '#$(map references-file chroot-directories)))
f4596f76
LC		 1665
1666 #:environment-variables
1667 (list #$@(if http-proxy
1668 (list (string-append "http_proxy=" http-proxy))
1669 '())
1670 #$@(if tmpdir
1671 (list (string-append "TMPDIR=" tmpdir))
7e4bc215
LC		 1672 '())
1673
1674 ;; Make sure we run in a UTF-8 locale so that 'guix
1675 ;; offload' correctly restores nars that contain UTF-8
1676 ;; file names such as 'nss-certs'. See
1677 ;; <https://bugs.gnu.org/32942>.
1678 (string-append "GUIX_LOCPATH="
1679 #$glibc-utf8-locales "/lib/locale")
1680 "LC_ALL=en_US.utf8")
f4596f76
LC		 1681
1682 #:log-file #$log-file))
1683 (stop #~(make-kill-destructor))))))
0adfe95a
LC		 1684
1685(define (guix-accounts config)
1686 "Return the user accounts and user groups for CONFIG."
1687 (match config
1688 (($ <guix-configuration> _ build-group build-accounts)
1689 (cons (user-group
1690 (name build-group)
1691 (system? #t)
1692
1693 ;; Use a fixed GID so that we can create the store with the right
1694 ;; owner.
1695 (id 30000))
1696 (guix-build-accounts build-accounts
1697 #:group build-group)))))
1698
1699(define (guix-activation config)
1700 "Return the activation gexp for CONFIG."
1701 (match config
5b58c28b 1702 (($ <guix-configuration> guix build-group build-accounts authorize-key? keys)
0adfe95a 1703 ;; Assume that the store has BUILD-GROUP as its group. We could
0af94ad5 1704 ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
0adfe95a
LC		 1705 ;; chown leads to an entire copy of the tree, which is a bad idea.
1706
0bc02bec 1707 ;; Optionally authorize substitute server keys.
5f4a446d 1708 (if authorize-key?
3a8bfebe 1709 (substitute-key-authorization keys guix)
5f4a446d 1710 #~#f))))
0adfe95a 1711
88554b5d
LC		 1712(define* (references-file item #:optional (name "references"))
1713 "Return a file that contains the list of references of ITEM."
1714 (if (struct? item) ;lowerable object
1715 (computed-file name
1716 (with-imported-modules (source-module-closure
1717 '((guix build store-copy)))
1718 #~(begin
1719 (use-modules (guix build store-copy))
1720
1721 (call-with-output-file #$output
1722 (lambda (port)
6892f0a2
LC		 1723 (write (map store-info-item
1724 (call-with-input-file "graph"
1725 read-reference-graph))
88554b5d
LC		 1726 port)))))
1727 #:options `(#:local-build? #f
1728 #:references-graphs (("graph" ,item))))
1729 (plain-file name "()")))
1730
0adfe95a
LC		 1731(define guix-service-type
1732 (service-type
1733 (name 'guix)
1734 (extensions
d4053c71 1735 (list (service-extension shepherd-root-service-type guix-shepherd-service)
0adfe95a 1736 (service-extension account-service-type guix-accounts)
9a8b9eb8
LC		 1737 (service-extension activation-service-type guix-activation)
1738 (service-extension profile-service-type
3d3c5650 1739 (compose list guix-configuration-guix))))
88554b5d
LC		 1740
1741 ;; Extensions can specify extra directories to add to the build chroot.
1742 (compose concatenate)
1743 (extend (lambda (config directories)
1744 (guix-configuration
1745 (inherit config)
1746 (chroot-directories
1747 (append (guix-configuration-chroot-directories config)
1748 directories)))))
1749
6b9e1fef
LC		 1750 (default-value (guix-configuration))
1751 (description
1752 "Run the build daemon of GNU@tie{}Guix, aka. @command{guix-daemon}.")))
0adfe95a 1753
84a2de36
LC		 1754(define-deprecated (guix-service #:optional
1755 (config %default-guix-configuration))
1756 guix-service-type
0adfe95a
LC		 1757 "Return a service that runs the Guix build daemon according to
1758@var{config}."
1759 (service guix-service-type config))
1760
1c52181f
LC		 1761
1762(define-record-type* <guix-publish-configuration>
1763 guix-publish-configuration make-guix-publish-configuration
1764 guix-publish-configuration?
1765 (guix guix-publish-configuration-guix ;package
1766 (default guix))
1767 (port guix-publish-configuration-port ;number
1768 (default 80))
1769 (host guix-publish-configuration-host ;string
697ddb88 1770 (default "localhost"))
ee2691fa
LC		 1771 (compression guix-publish-configuration-compression
1772 (thunked)
1773 (default (default-compression this-record
1774 (current-source-location))))
1775 (compression-level %guix-publish-configuration-compression-level ;deprecated
1776 (default #f))
f2767d3e 1777 (nar-path guix-publish-configuration-nar-path ;string
a35136cb
LC		 1778 (default "nar"))
1779 (cache guix-publish-configuration-cache ;#f | string
1780 (default #f))
1781 (workers guix-publish-configuration-workers ;#f | integer
1782 (default #f))
1783 (ttl guix-publish-configuration-ttl ;#f | integer
1784 (default #f)))
1c52181f 1785
ee2691fa
LC		 1786(define-deprecated (guix-publish-configuration-compression-level config)
1787 "Return a compression level, the old way."
1788 (match (guix-publish-configuration-compression config)
1789 (((_ level) _ ...) level)))
1790
1791(define (default-compression config properties)
1792 "Return the default 'guix publish' compression according to CONFIG, and
1793raise a deprecation warning if the 'compression-level' field was used."
1794 (match (%guix-publish-configuration-compression-level config)
1795 (#f
1796 '(("gzip" 3)))
1797 (level
1798 (warn-about-deprecation 'compression-level properties
1799 #:replacement 'compression)
1800 `(("gzip" ,level)))))
1801
1802(define (guix-publish-shepherd-service config)
1803 (define (config->compression-options config)
1804 (match (guix-publish-configuration-compression config)
1805 (() ;empty list means "no compression"
1806 '("-C0"))
1807 (lst
1808 (append-map (match-lambda
1809 ((type level)
1810 `("-C" ,(string-append type ":"
1811 (number->string level)))))
1812 lst))))
1813
1814 (match-record config <guix-publish-configuration>
1815 (guix port host nar-path cache workers ttl)
1816 (list (shepherd-service
1817 (provision '(guix-publish))
1818 (requirement '(guix-daemon))
1819 (start #~(make-forkexec-constructor
1820 (list #$(file-append guix "/bin/guix")
1821 "publish" "-u" "guix-publish"
1822 "-p" #$(number->string port)
1823 #$@(config->compression-options config)
1824 (string-append "--nar-path=" #$nar-path)
1825 (string-append "--listen=" #$host)
1826 #$@(if workers
1827 #~((string-append "--workers="
1828 #$(number->string
1829 workers)))
1830 #~())
1831 #$@(if ttl
1832 #~((string-append "--ttl="
1833 #$(number->string ttl)
1834 "s"))
1835 #~())
1836 #$@(if cache
1837 #~((string-append "--cache=" #$cache))
1838 #~()))
1839
1840 ;; Make sure we run in a UTF-8 locale so we can produce
1841 ;; nars for packages that contain UTF-8 file names such
1842 ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>.
1843 #:environment-variables
1844 (list (string-append "GUIX_LOCPATH="
1845 #$glibc-utf8-locales "/lib/locale")
b0979317
CB		 1846 "LC_ALL=en_US.utf8")
1847 #:log-file "/var/log/guix-publish.log"))
ee2691fa 1848 (stop #~(make-kill-destructor))))))
1c52181f
LC		 1849
1850(define %guix-publish-accounts
1851 (list (user-group (name "guix-publish") (system? #t))
1852 (user-account
1853 (name "guix-publish")
1854 (group "guix-publish")
1855 (system? #t)
1856 (comment "guix publish user")
1857 (home-directory "/var/empty")
9e41130b 1858 (shell (file-append shadow "/sbin/nologin")))))
1c52181f 1859
4252dace
CB		 1860(define %guix-publish-log-rotations
1861 (list (log-rotation
1862 (files (list "/var/log/guix-publish.log")))))
1863
a35136cb
LC		 1864(define (guix-publish-activation config)
1865 (let ((cache (guix-publish-configuration-cache config)))
1866 (if cache
1867 (with-imported-modules '((guix build utils))
1868 #~(begin
1869 (use-modules (guix build utils))
1870
1871 (mkdir-p #$cache)
1872 (let* ((pw (getpw "guix-publish"))
1873 (uid (passwd:uid pw))
1874 (gid (passwd:gid pw)))
1875 (chown #$cache uid gid))))
1876 #t)))
1877
1c52181f
LC		 1878(define guix-publish-service-type
1879 (service-type (name 'guix-publish)
1880 (extensions
d4053c71
AK		 1881 (list (service-extension shepherd-root-service-type
1882 guix-publish-shepherd-service)
1c52181f 1883 (service-extension account-service-type
a35136cb 1884 (const %guix-publish-accounts))
4252dace
CB		 1885 (service-extension rottlog-service-type
1886 (const %guix-publish-log-rotations))
a35136cb
LC		 1887 (service-extension activation-service-type
1888 guix-publish-activation)))
6b9e1fef
LC		 1889 (default-value (guix-publish-configuration))
1890 (description
1891 "Add a Shepherd service running @command{guix publish}, a
1892command that allows you to share pre-built binaries with others over HTTP.")))
1c52181f 1893
84a2de36
LC		 1894(define-deprecated (guix-publish-service #:key (guix guix)
1895 (port 80) (host "localhost"))
1896 guix-publish-service-type
1c52181f
LC		 1897 "Return a service that runs @command{guix publish} listening on @var{host}
1898and @var{port} (@pxref{Invoking guix publish}).
1899
1900This assumes that @file{/etc/guix} already contains a signing key pair as
1901created by @command{guix archive --generate-key} (@pxref{Invoking guix
1902archive}). If that is not the case, the service will fail to start."
f1e900a3 1903 ;; Deprecated.
1c52181f
LC		 1904 (service guix-publish-service-type
1905 (guix-publish-configuration (guix guix) (port port) (host host))))
1906
0adfe95a
LC		 1907\f
1908;;;
1909;;; Udev.
1910;;;
1911
1912(define-record-type* <udev-configuration>
1913 udev-configuration make-udev-configuration
1914 udev-configuration?
1915 (udev udev-configuration-udev ;<package>
fd779db9 1916 (default eudev))
0adfe95a
LC		 1917 (rules udev-configuration-rules ;list of <package>
1918 (default '())))
db4fdc04 1919
ecd06ca9
LC		 1920(define (udev-rules-union packages)
1921 "Return the union of the @code{lib/udev/rules.d} directories found in each
1922item of @var{packages}."
1923 (define build
4ee96a79
LC		 1924 (with-imported-modules '((guix build union)
1925 (guix build utils))
1926 #~(begin
1927 (use-modules (guix build union)
1928 (guix build utils)
1929 (srfi srfi-1)
1930 (srfi srfi-26))
ecd06ca9 1931
4ee96a79
LC		 1932 (define %standard-locations
1933 '("/lib/udev/rules.d" "/libexec/udev/rules.d"))
ecd06ca9 1934
4ee96a79
LC		 1935 (define (rules-sub-directory directory)
1936 ;; Return the sub-directory of DIRECTORY containing udev rules, or
1937 ;; #f if none was found.
1938 (find directory-exists?
1939 (map (cut string-append directory <>) %standard-locations)))
ecd06ca9 1940
4ee96a79
LC		 1941 (mkdir-p (string-append #$output "/lib/udev"))
1942 (union-build (string-append #$output "/lib/udev/rules.d")
1943 (filter-map rules-sub-directory '#$packages)))))
ecd06ca9 1944
4ee96a79 1945 (computed-file "udev-rules" build))
ecd06ca9 1946
80e6f37e
RW		 1947(define (udev-rule file-name contents)
1948 "Return a directory with a udev rule file FILE-NAME containing CONTENTS."
1949 (computed-file file-name
4ee96a79
LC		 1950 (with-imported-modules '((guix build utils))
1951 #~(begin
1952 (use-modules (guix build utils))
1953
1954 (define rules.d
1955 (string-append #$output "/lib/udev/rules.d"))
1956
1957 (mkdir-p rules.d)
1958 (call-with-output-file
1959 (string-append rules.d "/" #$file-name)
1960 (lambda (port)
1961 (display #$contents port)))))))
7f28bf9a 1962
6e644cfd
MC		 1963(define (file->udev-rule file-name file)
1964 "Return a directory with a udev rule file FILE-NAME which is a copy of FILE."
1965 (computed-file file-name
1966 (with-imported-modules '((guix build utils))
1967 #~(begin
1968 (use-modules (guix build utils))
1969
1970 (define rules.d
1971 (string-append #$output "/lib/udev/rules.d"))
1972
1973 (define file-copy-dest
1974 (string-append rules.d "/" #$file-name))
1975
1976 (mkdir-p rules.d)
1977 (copy-file #$file file-copy-dest)))))
1978
80e6f37e
RW		 1979(define kvm-udev-rule
1980 ;; Return a directory with a udev rule that changes the group of /dev/kvm to
1981 ;; "kvm" and makes it #o660. Apparently QEMU-KVM used to ship this rule,
1982 ;; but now we have to add it by ourselves.
1983
1984 ;; Build users are part of the "kvm" group, so we can fearlessly make
1985 ;; /dev/kvm 660 (see <http://bugs.gnu.org/18994>, for background.)
1986 (udev-rule "90-kvm.rules"
1987 "KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0660\"\n"))
1988
d4053c71
AK		 1989(define udev-shepherd-service
1990 ;; Return a <shepherd-service> for UDEV with RULES.
0adfe95a
LC		 1991 (match-lambda
1992 (($ <udev-configuration> udev rules)
80e6f37e 1993 (let* ((rules (udev-rules-union (cons* udev kvm-udev-rule rules)))
0adfe95a
LC		 1994 (udev.conf (computed-file "udev.conf"
1995 #~(call-with-output-file #$output
1996 (lambda (port)
1997 (format port
1998 "udev_rules=\"~a/lib/udev/rules.d\"\n"
1999 #$rules))))))
2000 (list
d4053c71 2001 (shepherd-service
0adfe95a
LC		 2002 (provision '(udev))
2003
2004 ;; Udev needs /dev to be a 'devtmpfs' mount so that new device nodes can
2005 ;; be added: see
2006 ;; <http://www.linuxfromscratch.org/lfs/view/development/chapter07/udev.html>.
2007 (requirement '(root-file-system))
2008
2009 (documentation "Populate the /dev directory, dynamically.")
38b1ea04
LC		 2010 (start
2011 (with-imported-modules (source-module-closure
2012 '((gnu build linux-boot)))
2013 #~(lambda ()
2014 (define udevd
2015 ;; 'udevd' from eudev.
2016 #$(file-append udev "/sbin/udevd"))
2017
2018 (define (wait-for-udevd)
2019 ;; Wait until someone's listening on udevd's control
2020 ;; socket.
2021 (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0)))
2022 (let try ()
2023 (catch 'system-error
2024 (lambda ()
2025 (connect sock PF_UNIX "/run/udev/control")
2026 (close-port sock))
2027 (lambda args
2028 (format #t "waiting for udevd...~%")
2029 (usleep 500000)
2030 (try))))))
2031
2032 ;; Allow udev to find the modules.
2033 (setenv "LINUX_MODULE_DIRECTORY"
2034 "/run/booted-system/kernel/lib/modules")
2035
2036 ;; The first one is for udev, the second one for eudev.
2037 (setenv "UDEV_CONFIG_FILE" #$udev.conf)
2038 (setenv "EUDEV_RULES_DIRECTORY"
2039 #$(file-append rules "/lib/udev/rules.d"))
2040
2041 (let* ((kernel-release
2042 (utsname:release (uname)))
2043 (linux-module-directory
2044 (getenv "LINUX_MODULE_DIRECTORY"))
2045 (directory
2046 (string-append linux-module-directory "/"
2047 kernel-release))
2048 (old-umask (umask #o022)))
2049 ;; If we're in a container, DIRECTORY might not exist,
2050 ;; for instance because the host runs a different
2051 ;; kernel. In that case, skip it; we'll just miss a few
2052 ;; nodes like /dev/fuse.
2053 (when (file-exists? directory)
2054 (make-static-device-nodes directory))
2055 (umask old-umask))
2056
2057 (let ((pid (fork+exec-command (list udevd))))
2058 ;; Wait until udevd is up and running. This appears to
2059 ;; be needed so that the events triggered below are
2060 ;; actually handled.
2061 (wait-for-udevd)
2062
2063 ;; Trigger device node creation.
2064 (system* #$(file-append udev "/bin/udevadm")
2065 "trigger" "--action=add")
2066
2067 ;; Wait for things to settle down.
2068 (system* #$(file-append udev "/bin/udevadm")
2069 "settle")
2070 pid))))
0adfe95a
LC		 2071 (stop #~(make-kill-destructor))
2072
2073 ;; When halting the system, 'udev' is actually killed by
2074 ;; 'user-processes', i.e., before its own 'stop' method was called.
2075 ;; Thus, make sure it is not respawned.
86e6b4c9
DM		 2076 (respawn? #f)
2077 ;; We need additional modules.
38b1ea04 2078 (modules `((gnu build linux-boot) ;'make-static-device-nodes'
bafcf1f3
LC		 2079 ,@%default-modules))
2080
2081 (actions (list (shepherd-action
2082 (name 'rules)
2083 (documentation "Display the directory containing
2084the udev rules in use.")
2085 (procedure #~(lambda (_)
2086 (display #$rules)
2087 (newline))))))))))))
0adfe95a
LC		 2088
2089(define udev-service-type
2090 (service-type (name 'udev)
2091 (extensions
d4053c71
AK		 2092 (list (service-extension shepherd-root-service-type
2093 udev-shepherd-service)))
0adfe95a
LC		 2094
2095 (compose concatenate) ;concatenate the list of rules
2096 (extend (lambda (config rules)
2097 (match config
2098 (($ <udev-configuration> udev initial-rules)
2099 (udev-configuration
2100 (udev udev)
6b9e1fef 2101 (rules (append initial-rules rules)))))))
fd779db9 2102 (default-value (udev-configuration))
6b9e1fef
LC		 2103 (description
2104 "Run @command{udev}, which populates the @file{/dev}
2105directory dynamically. Get extra rules from the packages listed in the
2106@code{rules} field of its value, @code{udev-configuration} object.")))
0adfe95a 2107
255f7308 2108(define* (udev-service #:key (udev eudev) (rules '()))
ecd06ca9
LC		 2109 "Run @var{udev}, which populates the @file{/dev} directory dynamically. Get
2110extra rules from the packages listed in @var{rules}."
0adfe95a
LC		 2111 (service udev-service-type
2112 (udev-configuration (udev udev) (rules rules))))
2113
0adfe95a 2114(define swap-service-type
d4053c71 2115 (shepherd-service-type
00184239 2116 'swap
0adfe95a
LC		 2117 (lambda (device)
2118 (define requirement
2119 (if (string-prefix? "/dev/mapper/" device)
2120 (list (symbol-append 'device-mapping-
2121 (string->symbol (basename device))))
2122 '()))
2123
d4053c71 2124 (shepherd-service
0adfe95a
LC		 2125 (provision (list (symbol-append 'swap- (string->symbol device))))
2126 (requirement `(udev ,@requirement))
2127 (documentation "Enable the given swap device.")
2128 (start #~(lambda ()
2129 (restart-on-EINTR (swapon #$device))
2130 #t))
2131 (stop #~(lambda _
2132 (restart-on-EINTR (swapoff #$device))
2133 #f))
2134 (respawn? #f)))))
5dae0186 2135
2a13d05e
LC		 2136(define (swap-service device)
2137 "Return a service that uses @var{device} as a swap device."
0adfe95a 2138 (service swap-service-type device))
2a13d05e 2139
5986e941
LC		 2140(define %default-gpm-options
2141 ;; Default options for GPM.
2142 '("-m" "/dev/input/mice" "-t" "ps2"))
2143
8664cc88
LC		 2144(define-record-type* <gpm-configuration>
2145 gpm-configuration make-gpm-configuration gpm-configuration?
5986e941
LC		 2146 (gpm gpm-configuration-gpm ;package
2147 (default gpm))
2148 (options gpm-configuration-options ;list of strings
2149 (default %default-gpm-options)))
8664cc88 2150
d4053c71 2151(define gpm-shepherd-service
8664cc88 2152 (match-lambda
a907d997 2153 (($ <gpm-configuration> gpm options)
d4053c71 2154 (list (shepherd-service
8664cc88
LC		 2155 (requirement '(udev))
2156 (provision '(gpm))
2157 (start #~(lambda ()
2158 ;; 'gpm' runs in the background and sets a PID file.
2159 ;; Note that it requires running as "root".
2160 (false-if-exception (delete-file "/var/run/gpm.pid"))
9fc037fe 2161 (fork+exec-command (list #$(file-append gpm "/sbin/gpm")
8664cc88
LC		 2162 #$@options))
2163
2164 ;; Wait for the PID file to appear; declare failure if
2165 ;; it doesn't show up.
2166 (let loop ((i 3))
2167 (or (file-exists? "/var/run/gpm.pid")
2168 (if (zero? i)
2169 #f
2170 (begin
2171 (sleep 1)
2172 (loop (1- i))))))))
2173
2174 (stop #~(lambda (_)
2175 ;; Return #f if successfully stopped.
9fc037fe 2176 (not (zero? (system* #$(file-append gpm "/sbin/gpm")
8664cc88
LC		 2177 "-k"))))))))))
2178
2179(define gpm-service-type
2180 (service-type (name 'gpm)
2181 (extensions
d4053c71 2182 (list (service-extension shepherd-root-service-type
6b9e1fef 2183 gpm-shepherd-service)))
5986e941 2184 (default-value (gpm-configuration))
6b9e1fef
LC		 2185 (description
2186 "Run GPM, the general-purpose mouse daemon, with the given
2187command-line options. GPM allows users to use the mouse in the console,
2188notably to select, copy, and paste text. The default options use the
2189@code{ps2} protocol, which works for both USB and PS/2 mice.")))
8664cc88 2190
65a67bf7
LC		 2191(define-deprecated (gpm-service #:key (gpm gpm)
2192 (options %default-gpm-options))
2193 gpm-service-type
8664cc88
LC		 2194 "Run @var{gpm}, the general-purpose mouse daemon, with the given
2195command-line @var{options}. GPM allows users to use the mouse in the console,
2196notably to select, copy, and paste text. The default value of @var{options}
2197uses the @code{ps2} protocol, which works for both USB and PS/2 mice.
2198
2199This service is not part of @var{%base-services}."
2200 ;; To test in QEMU, use "-usbdevice mouse" and then, in the monitor, use
2201 ;; "info mice" and "mouse_set X" to use the right mouse.
2202 (service gpm-service-type
2203 (gpm-configuration (gpm gpm) (options options))))
2204
46ec2707
DC		 2205(define-record-type* <kmscon-configuration>
2206 kmscon-configuration make-kmscon-configuration
2207 kmscon-configuration?
2208 (kmscon kmscon-configuration-kmscon
2209 (default kmscon))
2210 (virtual-terminal kmscon-configuration-virtual-terminal)
2211 (login-program kmscon-configuration-login-program
9fc037fe 2212 (default (file-append shadow "/bin/login")))
46ec2707
DC		 2213 (login-arguments kmscon-configuration-login-arguments
2214 (default '("-p")))
2d9dace8
MO		 2215 (auto-login kmscon-configuration-auto-login
2216 (default #f))
46ec2707
DC		 2217 (hardware-acceleration? kmscon-configuration-hardware-acceleration?
2218 (default #f))) ; #t causes failure
2219
2220(define kmscon-service-type
2221 (shepherd-service-type
2222 'kmscon
2223 (lambda (config)
2224 (let ((kmscon (kmscon-configuration-kmscon config))
2225 (virtual-terminal (kmscon-configuration-virtual-terminal config))
2226 (login-program (kmscon-configuration-login-program config))
2227 (login-arguments (kmscon-configuration-login-arguments config))
2d9dace8 2228 (auto-login (kmscon-configuration-auto-login config))
46ec2707
DC		 2229 (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
2230
2231 (define kmscon-command
2232 #~(list
9fc037fe 2233 #$(file-append kmscon "/bin/kmscon") "--login"
46ec2707 2234 "--vt" #$virtual-terminal
f4e8bc5f 2235 "--no-switchvt" ;Prevent a switch to the virtual terminal.
46ec2707 2236 #$@(if hardware-acceleration? '("--hwaccel") '())
2d9dace8
MO		 2237 "--login" "--"
2238 #$login-program #$@login-arguments
2239 #$@(if auto-login
2240 #~(#$auto-login)
2241 #~())))
46ec2707
DC		 2242
2243 (shepherd-service
2244 (documentation "kmscon virtual terminal")
76421cf0 2245 (requirement '(user-processes udev dbus-system))
46ec2707
DC		 2246 (provision (list (symbol-append 'term- (string->symbol virtual-terminal))))
2247 (start #~(make-forkexec-constructor #$kmscon-command))
2248 (stop #~(make-kill-destructor)))))))
2249
c9436025
DM		 2250(define-record-type* <static-networking>
2251 static-networking make-static-networking
2252 static-networking?
2253 (interface static-networking-interface)
2254 (ip static-networking-ip)
2255 (netmask static-networking-netmask
2256 (default #f))
2257 (gateway static-networking-gateway ;FIXME: doesn't belong here
2258 (default #f))
2259 (provision static-networking-provision
2260 (default #f))
2261 (requirement static-networking-requirement
2262 (default '()))
2263 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
2264 (default '())))
2265
2266(define static-networking-shepherd-service
2267 (match-lambda
2268 (($ <static-networking> interface ip netmask gateway provision
2269 requirement name-servers)
2270 (let ((loopback? (and provision (memq 'loopback provision))))
2271 (shepherd-service
2272
2273 (documentation
2274 "Bring up the networking interface using a static IP address.")
2275 (requirement requirement)
2276 (provision (or provision
2277 (list (symbol-append 'networking-
2278 (string->symbol interface)))))
2279
2280 (start #~(lambda _
2281 ;; Return #t if successfully started.
2282 (let* ((addr (inet-pton AF_INET #$ip))
2283 (sockaddr (make-socket-address AF_INET addr 0))
2284 (mask (and #$netmask
2285 (inet-pton AF_INET #$netmask)))
2286 (maskaddr (and mask
2287 (make-socket-address AF_INET
2288 mask 0)))
2289 (gateway (and #$gateway
2290 (inet-pton AF_INET #$gateway)))
2291 (gatewayaddr (and gateway
2292 (make-socket-address AF_INET
2293 gateway 0))))
2294 (configure-network-interface #$interface sockaddr
2295 (logior IFF_UP
2296 #$(if loopback?
2297 #~IFF_LOOPBACK
2298 0))
2299 #:netmask maskaddr)
2300 (when gateway
2301 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
2302 (add-network-route/gateway sock gatewayaddr)
2303 (close-port sock))))))
2304 (stop #~(lambda _
2305 ;; Return #f is successfully stopped.
2306 (let ((sock (socket AF_INET SOCK_STREAM 0)))
2307 (when #$gateway
2308 (delete-network-route sock
2309 (make-socket-address
2310 AF_INET INADDR_ANY 0)))
2311 (set-network-interface-flags sock #$interface 0)
2312 (close-port sock)
241358dc 2313 #f)))
c9436025
DM		 2314 (respawn? #f))))))
2315
2316(define (static-networking-etc-files interfaces)
2317 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
2318 (match (delete-duplicates
2319 (append-map static-networking-name-servers
2320 interfaces))
2321 (()
2322 '())
2323 ((name-servers ...)
2324 (let ((content (string-join
2325 (map (cut string-append "nameserver " <>)
2326 name-servers)
2327 "\n" 'suffix)))
2328 `(("resolv.conf"
2329 ,(plain-file "resolv.conf"
2330 (string-append "\
2331# Generated by 'static-networking-service'.\n"
2332 content))))))))
2333
2334(define (static-networking-shepherd-services interfaces)
2335 "Return the list of Shepherd services to bring up INTERFACES, a list of
2336<static-networking> objects."
2337 (define (loopback? service)
2338 (memq 'loopback (shepherd-service-provision service)))
2339
2340 (let ((services (map static-networking-shepherd-service interfaces)))
2341 (match (remove loopback? services)
2342 (()
2343 ;; There's no interface other than 'loopback', so we assume that the
2344 ;; 'networking' service will be provided by dhclient or similar.
2345 services)
2346 ((non-loopback ...)
2347 ;; Assume we're providing all the interfaces, and thus, provide a
2348 ;; 'networking' service.
2349 (cons (shepherd-service
2350 (provision '(networking))
2351 (requirement (append-map shepherd-service-provision
2352 services))
2353 (start #~(const #t))
2354 (stop #~(const #f))
2355 (documentation "Bring up all the networking interfaces."))
2356 services)))))
2357
2358(define static-networking-service-type
2359 ;; The service type for statically-defined network interfaces.
2360 (service-type (name 'static-networking)
2361 (extensions
2362 (list
2363 (service-extension shepherd-root-service-type
2364 static-networking-shepherd-services)
2365 (service-extension etc-service-type
2366 static-networking-etc-files)))
2367 (compose concatenate)
2368 (extend append)
2369 (description
2370 "Turn up the specified network interfaces upon startup,
2371with the given IP address, gateway, netmask, and so on. The value for
2372services of this type is a list of @code{static-networking} objects, one per
2373network interface.")))
2374
2375(define* (static-networking-service interface ip
2376 #:key
2377 netmask gateway provision
2378 ;; Most interfaces require udev to be usable.
2379 (requirement '(udev))
2380 (name-servers '()))
2381 "Return a service that starts @var{interface} with address @var{ip}. If
2382@var{netmask} is true, use it as the network mask. If @var{gateway} is true,
2383it must be a string specifying the default network gateway.
2384
2385This procedure can be called several times, one for each network
2386interface of interest. Behind the scenes what it does is extend
2387@code{static-networking-service-type} with additional network interfaces
2388to handle."
2389 (simple-service 'static-network-interface
2390 static-networking-service-type
2391 (list (static-networking (interface interface) (ip ip)
2392 (netmask netmask) (gateway gateway)
2393 (provision provision)
2394 (requirement requirement)
2395 (name-servers name-servers)))))
2396
8664cc88 2397\f
8b198abe
LC		 2398(define %base-services
2399 ;; Convenience variable holding the basic services.
178bce41 2400 (list (service login-service-type)
317d3b47 2401
bb3062ad 2402 (service virtual-terminal-service-type)
4a84a487
LC		 2403 (service console-font-service-type
2404 (map (lambda (tty)
2405 (cons tty %default-console-font))
2406 '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
317d3b47 2407
76a2b2db
EF		 2408 (service agetty-service-type (agetty-configuration
2409 (extra-options '("-L")) ; no carrier detect
2410 (term "vt100")
2411 (tty #f))) ; automatic
2412
2413 (service mingetty-service-type (mingetty-configuration
2414 (tty "tty1")))
2415 (service mingetty-service-type (mingetty-configuration
2416 (tty "tty2")))
2417 (service mingetty-service-type (mingetty-configuration
2418 (tty "tty3")))
2419 (service mingetty-service-type (mingetty-configuration
2420 (tty "tty4")))
2421 (service mingetty-service-type (mingetty-configuration
2422 (tty "tty5")))
2423 (service mingetty-service-type (mingetty-configuration
2424 (tty "tty6")))
317d3b47 2425
8de3e4b3
LC		 2426 (service static-networking-service-type
2427 (list (static-networking (interface "lo")
2428 (ip "127.0.0.1")
db8ed7ce 2429 (requirement '())
8de3e4b3 2430 (provision '(loopback)))))
317d3b47 2431 (syslog-service)
8faaf8d7 2432 (service urandom-seed-service-type)
7194745a 2433 (service guix-service-type)
db903549 2434 (service nscd-service-type)
317d3b47
DC		 2435
2436 ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
2437 ;; used, so enable them by default. The FUSE and ALSA rules are
2438 ;; less critical, but handy.
fd779db9
EF		 2439 (service udev-service-type
2440 (udev-configuration
2441 (rules (list lvm2 fuse alsa-utils crda))))
387e1754
LC		 2442
2443 (service special-files-service-type
2444 `(("/bin/sh" ,(file-append (canonical-package bash)
a9162155
TGR		 2445 "/bin/sh"))
2446 ("/usr/bin/env" ,(file-append (canonical-package coreutils)
3d8424a5 2447 "/bin/env"))))))
8b198abe 2448
db4fdc04 2449;;; base.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/