1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
4 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
5 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
6 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
7 ;;; Copyright © 2016 David Craven <david@craven.ch>
8 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
10 ;;; This file is part of GNU Guix.
12 ;;; GNU Guix is free software; you can redistribute it and/or modify it
13 ;;; under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 3 of the License, or (at
15 ;;; your option) any later version.
17 ;;; GNU Guix is distributed in the hope that it will be useful, but
18 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
25 (define-module (gnu services base)
26 #:use-module (guix store)
27 #:use-module (gnu services)
28 #:use-module (gnu services shepherd)
29 #:use-module (gnu system pam)
30 #:use-module (gnu system shadow) ; 'user-account', etc.
31 #:use-module (gnu system uuid)
32 #:use-module (gnu system file-systems) ; 'file-system', etc.
33 #:use-module (gnu system mapped-devices)
34 #:use-module ((gnu system linux-initrd)
35 #:select (file-system-packages))
36 #:use-module (gnu packages admin)
37 #:use-module ((gnu packages linux)
38 #:select (alsa-utils crda eudev e2fsprogs fuse gpm kbd lvm2 rng-tools))
39 #:use-module ((gnu packages base)
40 #:select (canonical-package glibc glibc-utf8-locales))
41 #:use-module (gnu packages bash)
42 #:use-module (gnu packages package-management)
43 #:use-module (gnu packages linux)
44 #:use-module (gnu packages terminals)
45 #:use-module ((gnu build file-systems)
46 #:select (mount-flags->bit-mask))
47 #:use-module (guix gexp)
48 #:use-module (guix records)
49 #:use-module (guix modules)
50 #:use-module (srfi srfi-1)
51 #:use-module (srfi srfi-26)
52 #:use-module (ice-9 match)
53 #:use-module (ice-9 format)
54 #:export (fstab-service-type
55 root-file-system-service
56 file-system-service-type
58 user-processes-service-type
60 console-keymap-service
62 console-font-service-type
64 virtual-terminal-service-type
69 static-networking-interface
71 static-networking-netmask
72 static-networking-gateway
73 static-networking-requirement
75 static-networking-service
76 static-networking-service-type
80 udev-configuration-rules
96 mingetty-configuration
97 mingetty-configuration?
102 %nscd-default-configuration
114 syslog-configuration?
119 %default-authorized-guix-keys
123 guix-configuration-guix
124 guix-configuration-build-group
125 guix-configuration-build-accounts
126 guix-configuration-authorize-key?
127 guix-configuration-authorized-keys
128 guix-configuration-use-substitutes?
129 guix-configuration-substitute-urls
130 guix-configuration-extra-options
131 guix-configuration-log-file
135 guix-publish-configuration
136 guix-publish-configuration?
137 guix-publish-configuration-guix
138 guix-publish-configuration-port
139 guix-publish-configuration-host
140 guix-publish-configuration-compression-level
141 guix-publish-configuration-nar-path
142 guix-publish-configuration-cache
143 guix-publish-configuration-ttl
145 guix-publish-service-type
152 urandom-seed-service-type
161 kmscon-configuration?
164 pam-limits-service-type
171 ;;; Base system services---i.e., services that 99% of the users will want to
182 (define %do-not-kill-file
183 ;; Name of the file listing PIDs of processes that must survive when halting
184 ;; the system. Typical example is user-space file systems.
185 "/etc/shepherd/do-not-kill")
187 (define (user-processes-shepherd-service requirements)
188 "Return the 'user-processes' Shepherd service with dependencies on
189 REQUIREMENTS (a list of service names).
191 This is a synchronization point used to make sure user processes and daemons
192 get started only after crucial initial services have been started---file
193 system mounts, etc. This is similar to the 'sysvinit' target in systemd."
195 ;; Delay after sending SIGTERM and before sending SIGKILL.
198 (list (shepherd-service
199 (documentation "When stopped, terminate all user processes.")
200 (provision '(user-processes))
201 (requirement requirements)
204 (define (kill-except omit signal)
205 ;; Kill all the processes with SIGNAL except those listed
206 ;; in OMIT and the current process.
207 (let ((omit (cons (getpid) omit)))
208 (for-each (lambda (pid)
209 (unless (memv pid omit)
215 ;; List of PIDs that must not be killed.
216 (if (file-exists? #$%do-not-kill-file)
218 (call-with-input-file #$%do-not-kill-file
219 (compose string-tokenize
220 (@ (ice-9 rdelim) read-string))))
224 (car (gettimeofday)))
227 ;; Really sleep N seconds.
228 ;; Work around <http://bugs.gnu.org/19581>.
230 (let loop ((elapsed 0))
232 (sleep (- n elapsed))
233 (loop (- (now) start)))))
235 (define lset= (@ (srfi srfi-1) lset=))
237 (display "sending all processes the TERM signal\n")
239 (if (null? omitted-pids)
241 ;; Easy: terminate all of them.
243 (sleep* #$grace-delay)
246 ;; Kill them all except OMITTED-PIDS. XXX: We would
247 ;; like to (kill -1 SIGSTOP) to get a fixed list of
248 ;; processes, like 'killall5' does, but that seems
250 (kill-except omitted-pids SIGTERM)
251 (sleep* #$grace-delay)
252 (kill-except omitted-pids SIGKILL)
253 (delete-file #$%do-not-kill-file)))
256 ;; Reap children, if any, so that we don't end up with
257 ;; zombies and enter an infinite loop.
258 (let reap-children ()
261 (waitpid WAIT_ANY (if (null? omitted-pids)
265 (when (and (pair? result)
266 (not (zero? (car result))))
269 (let ((pids (processes)))
270 (unless (lset= = pids (cons 1 omitted-pids))
271 (format #t "waiting for process termination\
272 (processes left: ~s)~%"
277 (display "all processes have been terminated\n")
281 (define user-processes-service-type
283 (name 'user-processes)
284 (extensions (list (service-extension shepherd-root-service-type
285 user-processes-shepherd-service)))
286 (compose concatenate)
289 ;; The value is the list of Shepherd services 'user-processes' depends on.
290 ;; Extensions can add new services to this list.
293 (description "The @code{user-processes} service is responsible for
294 terminating all the processes so that the root file system can be re-mounted
295 read-only, just before rebooting/halting. Processes still running after a few
296 seconds after @code{SIGTERM} has been sent are terminated with
304 (define (file-system->fstab-entry file-system)
305 "Return a @file{/etc/fstab} entry for @var{file-system}."
306 (string-append (match (file-system-device file-system)
307 ((? file-system-label? label)
308 (string-append "LABEL="
309 (file-system-label->string label)))
311 (string-append "UUID=" (uuid->string uuid)))
315 (file-system-mount-point file-system) "\t"
316 (file-system-type file-system) "\t"
317 (or (file-system-options file-system) "defaults") "\t"
319 ;; XXX: Omit the 'fs_freq' and 'fs_passno' fields because we
320 ;; don't have anything sensible to put in there.
323 (define (file-systems->fstab file-systems)
324 "Return a @file{/etc} entry for an @file{fstab} describing
326 `(("fstab" ,(plain-file "fstab"
329 # This file was generated from your GuixSD configuration. Any changes
330 # will be lost upon reboot or reconfiguration.\n\n"
331 (string-join (map file-system->fstab-entry
336 (define fstab-service-type
337 ;; The /etc/fstab service.
338 (service-type (name 'fstab)
340 (list (service-extension etc-service-type
341 file-systems->fstab)))
342 (compose concatenate)
345 "Populate the @file{/etc/fstab} based on the given file
348 (define %root-file-system-shepherd-service
350 (documentation "Take care of the root file system.")
351 (provision '(root-file-system))
354 ;; Return #f if successfully stopped.
357 (call-with-blocked-asyncs
359 (let ((null (%make-void-port "w")))
360 ;; Close 'shepherd.log'.
361 (display "closing log\n")
362 ((@ (shepherd comm) stop-logging))
364 ;; Redirect the default output ports..
365 (set-current-output-port null)
366 (set-current-error-port null)
368 ;; Close /dev/console.
369 (for-each close-fdes '(0 1 2))
371 ;; At this point, there are no open files left, so the
372 ;; root file system can be re-mounted read-only.
374 (logior MS_REMOUNT MS_RDONLY)
380 (define root-file-system-service-type
381 (shepherd-service-type 'root-file-system
382 (const %root-file-system-shepherd-service)))
384 (define (root-file-system-service)
385 "Return a service whose sole purpose is to re-mount read-only the root file
386 system upon shutdown (aka. cleanly \"umounting\" root.)
388 This service must be the root of the service dependency graph so that its
389 'stop' action is invoked when shepherd is the only process left."
390 (service root-file-system-service-type #f))
392 (define (file-system->shepherd-service-name file-system)
393 "Return the symbol that denotes the service mounting and unmounting
395 (symbol-append 'file-system-
396 (string->symbol (file-system-mount-point file-system))))
398 (define (mapped-device->shepherd-service-name md)
399 "Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
400 (symbol-append 'device-mapping-
401 (string->symbol (mapped-device-target md))))
403 (define dependency->shepherd-service-name
405 ((? mapped-device? md)
406 (mapped-device->shepherd-service-name md))
408 (file-system->shepherd-service-name fs))))
410 (define (file-system-shepherd-service file-system)
411 "Return the shepherd service for @var{file-system}, or @code{#f} if
412 @var{file-system} is not auto-mounted upon boot."
413 (let ((target (file-system-mount-point file-system))
414 (create? (file-system-create-mount-point? file-system))
415 (dependencies (file-system-dependencies file-system))
416 (packages (file-system-packages (list file-system))))
417 (and (file-system-mount? file-system)
418 (with-imported-modules (source-module-closure
419 '((gnu build file-systems)))
421 (provision (list (file-system->shepherd-service-name file-system)))
422 (requirement `(root-file-system
423 ,@(map dependency->shepherd-service-name dependencies)))
424 (documentation "Check, mount, and unmount the given file system.")
425 (start #~(lambda args
430 (let (($PATH (getenv "PATH")))
431 ;; Make sure fsck.ext2 & co. can be found.
434 ;; Don’t display the PATH settings.
435 (with-output-to-port (%make-void-port "w")
437 (set-path-environment-variable "PATH"
443 '#$(file-system->spec file-system))
446 (setenv "PATH" $PATH)))
449 ;; Normally there are no processes left at this point, so
450 ;; TARGET can be safely unmounted.
452 ;; Make sure PID 1 doesn't keep TARGET busy.
458 ;; We need additional modules.
459 (modules `(((gnu build file-systems)
460 #:select (mount-file-system))
461 (gnu system file-systems)
462 ,@%default-modules)))))))
464 (define (file-system-shepherd-services file-systems)
465 "Return the list of Shepherd services for FILE-SYSTEMS."
466 (let* ((file-systems (filter file-system-mount? file-systems)))
469 (provision '(file-systems))
470 (requirement (cons* 'root-file-system 'user-file-systems
471 (map file-system->shepherd-service-name
473 (documentation "Target for all the initially-mounted file systems")
475 (stop #~(const #f))))
477 (define known-mount-points
478 (map file-system-mount-point file-systems))
482 (documentation "Unmount manually-mounted file systems.")
483 (provision '(user-file-systems))
486 (define (known? mount-point)
488 (cons* "/proc" "/sys" '#$known-mount-points)))
490 ;; Make sure we don't keep the user's mount points busy.
493 (for-each (lambda (mount-point)
494 (format #t "unmounting '~a'...~%" mount-point)
497 (umount mount-point))
499 (let ((errno (system-error-errno args)))
500 (format #t "failed to unmount '~a': ~a~%"
501 mount-point (strerror errno))))))
502 (filter (negate known?) (mount-points)))
505 (cons* sink user-unmount
506 (map file-system-shepherd-service file-systems))))
508 (define file-system-service-type
509 (service-type (name 'file-systems)
511 (list (service-extension shepherd-root-service-type
512 file-system-shepherd-services)
513 (service-extension fstab-service-type
516 ;; Have 'user-processes' depend on 'file-systems'.
517 (service-extension user-processes-service-type
518 (const '(file-systems)))))
519 (compose concatenate)
522 "Provide Shepherd services to mount and unmount the given
523 file systems, as well as corresponding @file{/etc/fstab} entries.")))
528 ;;; Preserve entropy to seed /dev/urandom on boot.
531 (define %random-seed-file
532 "/var/lib/random-seed")
534 (define (urandom-seed-shepherd-service _)
535 "Return a shepherd service for the /dev/urandom seed."
536 (list (shepherd-service
537 (documentation "Preserve entropy across reboots for /dev/urandom.")
538 (provision '(urandom-seed))
540 ;; Depend on udev so that /dev/hwrng is available.
541 (requirement '(file-systems udev))
544 ;; On boot, write random seed into /dev/urandom.
545 (when (file-exists? #$%random-seed-file)
546 (call-with-input-file #$%random-seed-file
548 (call-with-output-file "/dev/urandom"
550 (dump-port seed urandom))))))
552 ;; Try writing from /dev/hwrng into /dev/urandom.
553 ;; It seems that the file /dev/hwrng always exists, even
554 ;; when there is no hardware random number generator
555 ;; available. So, we handle a failed read or any other error
556 ;; reported by the operating system.
557 (let ((buf (catch 'system-error
559 (call-with-input-file "/dev/hwrng"
561 (get-bytevector-n hwrng 512))))
562 ;; Silence is golden...
565 (call-with-output-file "/dev/urandom"
567 (put-bytevector urandom buf)))))
569 ;; Immediately refresh the seed in case the system doesn't
570 ;; shut down cleanly.
571 (call-with-input-file "/dev/urandom"
573 (let ((previous-umask (umask #o077))
574 (buf (make-bytevector 512)))
575 (mkdir-p (dirname #$%random-seed-file))
576 (get-bytevector-n! urandom buf 0 512)
577 (call-with-output-file #$%random-seed-file
579 (put-bytevector seed buf)))
580 (umask previous-umask))))
583 ;; During shutdown, write from /dev/urandom into random seed.
584 (let ((buf (make-bytevector 512)))
585 (call-with-input-file "/dev/urandom"
587 (let ((previous-umask (umask #o077)))
588 (get-bytevector-n! urandom buf 0 512)
589 (mkdir-p (dirname #$%random-seed-file))
590 (call-with-output-file #$%random-seed-file
592 (put-bytevector seed buf)))
593 (umask previous-umask))
595 (modules `((rnrs bytevectors)
597 ,@%default-modules)))))
599 (define urandom-seed-service-type
600 (service-type (name 'urandom-seed)
602 (list (service-extension shepherd-root-service-type
603 urandom-seed-shepherd-service)
605 ;; Have 'user-processes' depend on 'urandom-seed'.
606 ;; This ensures that user processes and daemons don't
607 ;; start until we have seeded the PRNG.
608 (service-extension user-processes-service-type
609 (const '(urandom-seed)))))
612 "Seed the @file{/dev/urandom} pseudo-random number
613 generator (RNG) with the value recorded when the system was last shut
616 (define (urandom-seed-service) ;deprecated
617 (service urandom-seed-service-type #f))
621 ;;; Add hardware random number generator to entropy pool.
624 (define-record-type* <rngd-configuration>
625 rngd-configuration make-rngd-configuration
627 (rng-tools rngd-configuration-rng-tools) ;package
628 (device rngd-configuration-device)) ;string
630 (define rngd-service-type
631 (shepherd-service-type
634 (define rng-tools (rngd-configuration-rng-tools config))
635 (define device (rngd-configuration-device config))
638 (list (file-append rng-tools "/sbin/rngd")
642 (documentation "Add TRNG to entropy pool.")
643 (requirement '(udev))
645 (start #~(make-forkexec-constructor #$@rngd-command))
646 (stop #~(make-kill-destructor))))))
648 (define* (rngd-service #:key
649 (rng-tools rng-tools)
650 (device "/dev/hwrng"))
651 "Return a service that runs the @command{rngd} program from @var{rng-tools}
652 to add @var{device} to the kernel's entropy pool. The service will fail if
653 @var{device} does not exist."
654 (service rngd-service-type
656 (rng-tools rng-tools)
664 (define host-name-service-type
665 (shepherd-service-type
669 (documentation "Initialize the machine's host name.")
670 (provision '(host-name))
672 (sethostname #$name)))
675 (define (host-name-service name)
676 "Return a service that sets the host name to @var{name}."
677 (service host-name-service-type name))
679 (define virtual-terminal-service-type
680 ;; Ensure that virtual terminals run in UTF-8 mode. This is the case by
681 ;; default with recent Linux kernels, but this service allows us to ensure
682 ;; this. This service must start before any 'term-' service so that newly
683 ;; created terminals inherit this property. See
684 ;; <https://bugs.gnu.org/30505> for a discussion.
685 (shepherd-service-type
689 (documentation "Set virtual terminals in UTF-8 module.")
690 (provision '(virtual-terminal))
691 (requirement '(root-file-system))
693 (call-with-output-file
694 "/sys/module/vt/parameters/default_utf8"
698 (stop #~(const #f))))
699 #t)) ;default to UTF-8
701 (define console-keymap-service-type
702 (shepherd-service-type
706 (documentation (string-append "Load console keymap (loadkeys)."))
707 (provision '(console-keymap))
709 (zero? (system* #$(file-append kbd "/bin/loadkeys")
713 (define (console-keymap-service . files)
714 "Return a service to load console keymaps from @var{files}."
715 (service console-keymap-service-type files))
717 (define %default-console-font
718 ;; Note: 'LatGrkCyr-8x16' has the advantage of providing three common
719 ;; scripts as well as glyphs for em dash, quotation marks, and other Unicode
720 ;; codepoints notably found in the UTF-8 manual.
723 (define (console-font-shepherd-services tty+font)
724 "Return a list of Shepherd services for each pair in TTY+FONT."
727 (let ((device (string-append "/dev/" tty)))
729 (documentation "Load a Unicode console font.")
730 (provision (list (symbol-append 'console-font-
731 (string->symbol tty))))
733 ;; Start after mingetty has been started on TTY, otherwise the settings
735 (requirement (list (symbol-append 'term-
736 (string->symbol tty))))
739 ;; It could be that mingetty is not fully ready yet,
740 ;; which we check by calling 'ttyname'.
742 (unless (or (zero? i)
743 (call-with-input-file #$device
745 (false-if-exception (ttyname port)))))
749 ;; Assume the VT is already in UTF-8 mode, thanks to
750 ;; the 'virtual-terminal' service.
752 ;; 'setfont' returns EX_OSERR (71) when an
753 ;; KDFONTOP ioctl fails, for example. Like
754 ;; systemd's vconsole support, let's not treat
756 (case (status:exit-val
757 (system* #$(file-append kbd "/bin/setfont")
758 "-C" #$device #$font))
765 (define console-font-service-type
766 (service-type (name 'console-fonts)
768 (list (service-extension shepherd-root-service-type
769 console-font-shepherd-services)))
770 (compose concatenate)
773 "Install the given fonts on the specified ttys (fonts are per
774 virtual console on GNU/Linux). The value of this service is a list of
778 '((\"tty1\" . \"LatGrkCyr-8x16\"))
781 (define* (console-font-service tty #:optional (font "LatGrkCyr-8x16"))
782 "This procedure is deprecated in favor of @code{console-font-service-type}.
784 Return a service that sets up Unicode support in @var{tty} and loads
785 @var{font} for that tty (fonts are per virtual console in Linux.)"
786 (simple-service (symbol-append 'console-font- (string->symbol tty))
787 console-font-service-type `((,tty . ,font))))
789 (define %default-motd
790 (plain-file "motd" "This is the GNU operating system, welcome!\n\n"))
792 (define-record-type* <login-configuration>
793 login-configuration make-login-configuration
795 (motd login-configuration-motd ;file-like
796 (default %default-motd))
797 ;; Allow empty passwords by default so that first-time users can log in when
798 ;; the 'root' account has just been created.
799 (allow-empty-passwords? login-configuration-allow-empty-passwords?
800 (default #t))) ;Boolean
802 (define (login-pam-service config)
803 "Return the list of PAM service needed for CONF."
804 ;; Let 'login' be known to PAM.
805 (list (unix-pam-service "login"
806 #:allow-empty-passwords?
807 (login-configuration-allow-empty-passwords? config)
809 (login-configuration-motd config))))
811 (define login-service-type
812 (service-type (name 'login)
813 (extensions (list (service-extension pam-root-service-type
816 "Provide a console log-in service as specified by its
817 configuration value, a @code{login-configuration} object.")))
819 (define* (login-service #:optional (config (login-configuration)))
820 "Return a service configure login according to @var{config}, which specifies
821 the message of the day, among other things."
822 (service login-service-type config))
824 (define-record-type* <agetty-configuration>
825 agetty-configuration make-agetty-configuration
826 agetty-configuration?
827 (agetty agetty-configuration-agetty ;<package>
828 (default util-linux))
829 (tty agetty-configuration-tty) ;string | #f
830 (term agetty-term ;string | #f
832 (baud-rate agetty-baud-rate ;string | #f
834 (auto-login agetty-auto-login ;list of strings | #f
836 (login-program agetty-login-program ;gexp
837 (default (file-append shadow "/bin/login")))
838 (login-pause? agetty-login-pause? ;Boolean
840 (eight-bits? agetty-eight-bits? ;Boolean
842 (no-reset? agetty-no-reset? ;Boolean
844 (remote? agetty-remote? ;Boolean
846 (flow-control? agetty-flow-control? ;Boolean
848 (host agetty-host ;string | #f
850 (no-issue? agetty-no-issue? ;Boolean
852 (init-string agetty-init-string ;string | #f
854 (no-clear? agetty-no-clear? ;Boolean
856 (local-line agetty-local-line ;always | never | auto
858 (extract-baud? agetty-extract-baud? ;Boolean
860 (skip-login? agetty-skip-login? ;Boolean
862 (no-newline? agetty-no-newline? ;Boolean
864 (login-options agetty-login-options ;string | #f
866 (chroot agetty-chroot ;string | #f
868 (hangup? agetty-hangup? ;Boolean
870 (keep-baud? agetty-keep-baud? ;Boolean
872 (timeout agetty-timeout ;integer | #f
874 (detect-case? agetty-detect-case? ;Boolean
876 (wait-cr? agetty-wait-cr? ;Boolean
878 (no-hints? agetty-no-hints? ;Boolean
880 (no-hostname? agetty-no hostname? ;Boolean
882 (long-hostname? agetty-long-hostname? ;Boolean
884 (erase-characters agetty-erase-characters ;string | #f
886 (kill-characters agetty-kill-characters ;string | #f
888 (chdir agetty-chdir ;string | #f
890 (delay agetty-delay ;integer | #f
892 (nice agetty-nice ;integer | #f
894 ;; "Escape hatch" for passing arbitrary command-line arguments.
895 (extra-options agetty-extra-options ;list of strings
897 ;;; XXX Unimplemented for now!
898 ;;; (issue-file agetty-issue-file ;file-like
902 (define (default-serial-port)
903 "Return a gexp that determines a reasonable default serial port
904 to use as the tty. This is primarily useful for headless systems."
906 ;; console=device,options
907 ;; device: can be tty0, ttyS0, lp0, ttyUSB0 (serial).
908 ;; options: BBBBPNF. P n|o|e, N number of bits,
909 ;; F flow control (r RTS)
910 (let* ((not-comma (char-set-complement (char-set #\,)))
911 (command (linux-command-line))
912 (agetty-specs (find-long-options "agetty.tty" command))
913 (console-specs (filter (lambda (spec)
914 (and (string-prefix? "tty" spec)
916 (string-prefix? "tty0" spec)
917 (string-prefix? "tty1" spec)
918 (string-prefix? "tty2" spec)
919 (string-prefix? "tty3" spec)
920 (string-prefix? "tty4" spec)
921 (string-prefix? "tty5" spec)
922 (string-prefix? "tty6" spec)
923 (string-prefix? "tty7" spec)
924 (string-prefix? "tty8" spec)
925 (string-prefix? "tty9" spec)))))
926 (find-long-options "console" command)))
927 (specs (append agetty-specs console-specs)))
931 ;; Extract device name from first spec.
932 (match (string-tokenize spec not-comma)
936 (define agetty-shepherd-service
938 (($ <agetty-configuration> agetty tty term baud-rate auto-login
939 login-program login-pause? eight-bits? no-reset? remote? flow-control?
940 host no-issue? init-string no-clear? local-line extract-baud?
941 skip-login? no-newline? login-options chroot hangup? keep-baud? timeout
942 detect-case? wait-cr? no-hints? no-hostname? long-hostname?
943 erase-characters kill-characters chdir delay nice extra-options)
946 (modules '((ice-9 match) (gnu build linux-boot)))
947 (documentation "Run agetty on a tty.")
948 (provision (list (symbol-append 'term- (string->symbol (or tty "auto")))))
950 ;; Since the login prompt shows the host name, wait for the 'host-name'
951 ;; service to be done. Also wait for udev essentially so that the tty
952 ;; text is not lost in the middle of kernel messages (see also
953 ;; mingetty-shepherd-service).
954 (requirement '(user-processes host-name udev))
956 (start #~(lambda args
957 (let ((defaulted-tty #$(or tty (default-serial-port))))
960 (make-forkexec-constructor
961 (list #$(file-append util-linux "/sbin/agetty")
982 #~("--init-string" #$init-string)
987 ;;; FIXME This doesn't work as expected. According to agetty(8), if this option
988 ;;; is not passed, then the default is 'auto'. However, in my tests, when that
989 ;;; option is selected, agetty never presents the login prompt, and the
990 ;;; term-ttyS0 service respawns every few seconds.
992 #~(#$(match local-line
993 ('auto "--local-line=auto")
994 ('always "--local-line=always")
995 ('never "-local-line=never")))
1000 #$@(if extract-baud?
1001 #~("--extract-baud")
1009 #$@(if login-options
1010 #~("--login-options" #$login-options)
1013 #~("--chroot" #$chroot)
1022 #~("--timeout" #$(number->string timeout))
1036 #$@(if long-hostname?
1037 #~("--long-hostname")
1039 #$@(if erase-characters
1040 #~("--erase-chars" #$erase-characters)
1042 #$@(if kill-characters
1043 #~("--kill-chars" #$kill-characters)
1046 #~("--chdir" #$chdir)
1049 #~("--delay" #$(number->string delay))
1052 #~("--nice" #$(number->string nice))
1055 (list "--autologin" auto-login)
1057 #$@(if login-program
1058 #~("--login-program" #$login-program)
1070 (const #f)) ; never start.
1072 (stop #~(make-kill-destructor)))))))
1074 (define agetty-service-type
1075 (service-type (name 'agetty)
1076 (extensions (list (service-extension shepherd-root-service-type
1077 agetty-shepherd-service)))
1079 "Provide console login using the @command{agetty}
1082 (define* (agetty-service config)
1083 "Return a service to run agetty according to @var{config}, which specifies
1084 the tty to run, among other things."
1085 (service agetty-service-type config))
1087 (define-record-type* <mingetty-configuration>
1088 mingetty-configuration make-mingetty-configuration
1089 mingetty-configuration?
1090 (mingetty mingetty-configuration-mingetty ;<package>
1092 (tty mingetty-configuration-tty) ;string
1093 (auto-login mingetty-auto-login ;string | #f
1095 (login-program mingetty-login-program ;gexp
1097 (login-pause? mingetty-login-pause? ;Boolean
1100 (define mingetty-shepherd-service
1102 (($ <mingetty-configuration> mingetty tty auto-login login-program
1106 (documentation "Run mingetty on an tty.")
1107 (provision (list (symbol-append 'term- (string->symbol tty))))
1109 ;; Since the login prompt shows the host name, wait for the 'host-name'
1110 ;; service to be done. Also wait for udev essentially so that the tty
1111 ;; text is not lost in the middle of kernel messages (XXX).
1112 (requirement '(user-processes host-name udev virtual-terminal))
1114 (start #~(make-forkexec-constructor
1115 (list #$(file-append mingetty "/sbin/mingetty")
1118 #~("--autologin" #$auto-login)
1120 #$@(if login-program
1121 #~("--loginprog" #$login-program)
1126 (stop #~(make-kill-destructor)))))))
1128 (define mingetty-service-type
1129 (service-type (name 'mingetty)
1130 (extensions (list (service-extension shepherd-root-service-type
1131 mingetty-shepherd-service)))
1133 "Provide console login using the @command{mingetty}
1136 (define* (mingetty-service config)
1137 "Return a service to run mingetty according to @var{config}, which specifies
1138 the tty to run, among other things."
1139 (service mingetty-service-type config))
1141 (define-record-type* <nscd-configuration> nscd-configuration
1142 make-nscd-configuration
1144 (log-file nscd-configuration-log-file ;string
1145 (default "/var/log/nscd.log"))
1146 (debug-level nscd-debug-level ;integer
1148 ;; TODO: See nscd.conf in glibc for other options to add.
1149 (caches nscd-configuration-caches ;list of <nscd-cache>
1150 (default %nscd-default-caches))
1151 (name-services nscd-configuration-name-services ;list of <packages>
1153 (glibc nscd-configuration-glibc ;<package>
1154 (default (canonical-package glibc))))
1156 (define-record-type* <nscd-cache> nscd-cache make-nscd-cache
1158 (database nscd-cache-database) ;symbol
1159 (positive-time-to-live nscd-cache-positive-time-to-live) ;integer
1160 (negative-time-to-live nscd-cache-negative-time-to-live
1161 (default 20)) ;integer
1162 (suggested-size nscd-cache-suggested-size ;integer ("default module
1165 (check-files? nscd-cache-check-files? ;Boolean
1167 (persistent? nscd-cache-persistent? ;Boolean
1169 (shared? nscd-cache-shared? ;Boolean
1171 (max-database-size nscd-cache-max-database-size ;integer
1172 (default (* 32 (expt 2 20))))
1173 (auto-propagate? nscd-cache-auto-propagate? ;Boolean
1176 (define %nscd-default-caches
1177 ;; Caches that we want to enable by default. Note that when providing an
1178 ;; empty nscd.conf, all caches are disabled.
1179 (list (nscd-cache (database 'hosts)
1181 ;; Aggressively cache the host name cache to improve
1182 ;; privacy and resilience.
1183 (positive-time-to-live (* 3600 12))
1184 (negative-time-to-live 20)
1187 (nscd-cache (database 'services)
1189 ;; Services are unlikely to change, so we can be even more
1191 (positive-time-to-live (* 3600 24))
1192 (negative-time-to-live 3600)
1193 (check-files? #t) ;check /etc/services changes
1196 (define %nscd-default-configuration
1197 ;; Default nscd configuration.
1198 (nscd-configuration))
1200 (define (nscd.conf-file config)
1201 "Return the @file{nscd.conf} configuration file for @var{config}, an
1202 @code{<nscd-configuration>} object."
1203 (define cache->config
1205 (($ <nscd-cache> (= symbol->string database)
1206 positive-ttl negative-ttl size check-files?
1207 persistent? shared? max-size propagate?)
1208 (string-append "\nenable-cache\t" database "\tyes\n"
1210 "positive-time-to-live\t" database "\t"
1211 (number->string positive-ttl) "\n"
1212 "negative-time-to-live\t" database "\t"
1213 (number->string negative-ttl) "\n"
1214 "suggested-size\t" database "\t"
1215 (number->string size) "\n"
1216 "check-files\t" database "\t"
1217 (if check-files? "yes\n" "no\n")
1218 "persistent\t" database "\t"
1219 (if persistent? "yes\n" "no\n")
1220 "shared\t" database "\t"
1221 (if shared? "yes\n" "no\n")
1222 "max-db-size\t" database "\t"
1223 (number->string max-size) "\n"
1224 "auto-propagate\t" database "\t"
1225 (if propagate? "yes\n" "no\n")))))
1228 (($ <nscd-configuration> log-file debug-level caches)
1229 (plain-file "nscd.conf"
1231 # Configuration of libc's name service cache daemon (nscd).\n\n"
1233 (string-append "logfile\t" log-file)
1237 (string-append "debug-level\t"
1238 (number->string debug-level))
1242 (map cache->config caches)))))))
1244 (define (nscd-shepherd-service config)
1245 "Return a shepherd service for CONFIG, an <nscd-configuration> object."
1246 (let ((nscd.conf (nscd.conf-file config))
1247 (name-services (nscd-configuration-name-services config)))
1248 (list (shepherd-service
1249 (documentation "Run libc's name service cache daemon (nscd).")
1251 (requirement '(user-processes))
1252 (start #~(make-forkexec-constructor
1253 (list #$(file-append (nscd-configuration-glibc config)
1255 "-f" #$nscd.conf "--foreground")
1257 ;; Wait for the PID file. However, the PID file is
1258 ;; written before nscd is actually listening on its
1260 #:pid-file "/var/run/nscd/nscd.pid"
1262 #:environment-variables
1263 (list (string-append "LD_LIBRARY_PATH="
1266 (string-append dir "/lib"))
1267 (list #$@name-services))
1269 (stop #~(make-kill-destructor))))))
1271 (define nscd-activation
1272 ;; Actions to take before starting nscd.
1274 (use-modules (guix build utils))
1275 (mkdir-p "/var/run/nscd")
1276 (mkdir-p "/var/db/nscd") ;for the persistent cache
1278 ;; In libc 2.25 nscd uses inotify to watch /etc/resolv.conf, but only if
1279 ;; that file exists when it is started. Thus create it here. Note: on
1280 ;; some systems, such as when NetworkManager is used, /etc/resolv.conf
1281 ;; is a symlink, hence 'lstat'.
1282 (unless (false-if-exception (lstat "/etc/resolv.conf"))
1283 (call-with-output-file "/etc/resolv.conf"
1285 (display "# This is a placeholder.\n" port))))))
1287 (define nscd-service-type
1288 (service-type (name 'nscd)
1290 (list (service-extension activation-service-type
1291 (const nscd-activation))
1292 (service-extension shepherd-root-service-type
1293 nscd-shepherd-service)))
1295 ;; This can be extended by providing additional name services
1296 ;; such as nss-mdns.
1297 (compose concatenate)
1298 (extend (lambda (config name-services)
1301 (name-services (append
1302 (nscd-configuration-name-services config)
1305 "Runs libc's @dfn{name service cache daemon} (nscd) with the
1306 given configuration---an @code{<nscd-configuration>} object. @xref{Name
1307 Service Switch}, for an example.")))
1309 (define* (nscd-service #:optional (config %nscd-default-configuration))
1310 "Return a service that runs libc's name service cache daemon (nscd) with the
1311 given @var{config}---an @code{<nscd-configuration>} object. @xref{Name
1312 Service Switch}, for an example."
1313 (service nscd-service-type config))
1316 (define-record-type* <syslog-configuration>
1317 syslog-configuration make-syslog-configuration
1318 syslog-configuration?
1319 (syslogd syslog-configuration-syslogd
1320 (default (file-append inetutils "/libexec/syslogd")))
1321 (config-file syslog-configuration-config-file
1322 (default %default-syslog.conf)))
1324 (define syslog-service-type
1325 (shepherd-service-type
1329 (documentation "Run the syslog daemon (syslogd).")
1330 (provision '(syslogd))
1331 (requirement '(user-processes))
1332 (start #~(make-forkexec-constructor
1333 (list #$(syslog-configuration-syslogd config)
1334 "--rcfile" #$(syslog-configuration-config-file config))
1335 #:pid-file "/var/run/syslog.pid"))
1336 (stop #~(make-kill-destructor))))))
1338 ;; Snippet adapted from the GNU inetutils manual.
1339 (define %default-syslog.conf
1340 (plain-file "syslog.conf" "
1341 # Log all error messages, authentication messages of
1342 # level notice or higher and anything of level err or
1343 # higher to the console.
1344 # Don't log private authentication messages!
1345 *.alert;auth.notice;authpriv.none /dev/console
1347 # Log anything (except mail) of level info or higher.
1348 # Don't log private authentication messages!
1349 *.info;mail.none;authpriv.none /var/log/messages
1351 # Like /var/log/messages, but also including \"debug\"-level logs.
1352 *.debug;mail.none;authpriv.none /var/log/debug
1354 # Same, in a different place.
1355 *.info;mail.none;authpriv.none /dev/tty12
1357 # The authpriv file has restricted access.
1358 authpriv.* /var/log/secure
1360 # Log all the mail messages in one place.
1361 mail.* /var/log/maillog
1364 (define* (syslog-service #:optional (config (syslog-configuration)))
1365 "Return a service that runs @command{syslogd} and takes
1366 @var{<syslog-configuration>} as a parameter.
1368 @xref{syslogd invocation,,, inetutils, GNU Inetutils}, for more
1369 information on the configuration file syntax."
1370 (service syslog-service-type config))
1373 (define pam-limits-service-type
1374 (let ((security-limits
1375 ;; Create /etc/security containing the provided "limits.conf" file.
1376 (lambda (limits-file)
1382 (stat #$limits-file)
1383 (symlink #$limits-file
1384 (string-append #$output "/limits.conf"))))))))
1387 (let ((pam-limits (pam-entry
1388 (control "required")
1389 (module "pam_limits.so")
1390 (arguments '("conf=/etc/security/limits.conf")))))
1391 (if (member (pam-service-name pam)
1392 '("login" "su" "slim"))
1395 (session (cons pam-limits
1396 (pam-service-session pam))))
1401 (list (service-extension etc-service-type security-limits)
1402 (service-extension pam-root-service-type
1403 (lambda _ (list pam-extension)))))
1405 "Install the specified resource usage limits by populating
1406 @file{/etc/security/limits.conf} and using the @code{pam_limits}
1407 authentication module."))))
1409 (define* (pam-limits-service #:optional (limits '()))
1410 "Return a service that makes selected programs respect the list of
1411 pam-limits-entry specified in LIMITS via pam_limits.so."
1412 (service pam-limits-service-type
1413 (plain-file "limits.conf"
1414 (string-join (map pam-limits-entry->string limits)
1422 (define* (guix-build-accounts count #:key
1426 "Return a list of COUNT user accounts for Guix build users, with UIDs
1427 starting at FIRST-UID, and under GID."
1428 (unfold (cut > <> count)
1431 (name (format #f "guixbuilder~2,'0d" n))
1433 (uid (+ first-uid n -1))
1436 ;; guix-daemon expects GROUP to be listed as a
1437 ;; supplementary group too:
1438 ;; <http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00239.html>.
1439 (supplementary-groups (list group "kvm"))
1441 (comment (format #f "Guix Build User ~2d" n))
1442 (home-directory "/var/empty")
1443 (shell (file-append shadow "/sbin/nologin"))))
1447 (define (hydra-key-authorization key guix)
1448 "Return a gexp with code to register KEY, a file containing a 'guix archive'
1449 public key, with GUIX."
1450 #~(unless (file-exists? "/etc/guix/acl")
1451 (let ((pid (primitive-fork)))
1455 (port (open-file key "r0b")))
1456 (format #t "registering public key '~a'...~%" key)
1457 (close-port (current-input-port))
1459 (execl #$(file-append guix "/bin/guix")
1460 "guix" "archive" "--authorize")
1463 (let ((status (cdr (waitpid pid))))
1464 (unless (zero? status)
1465 (format (current-error-port) "warning: \
1466 failed to register hydra.gnu.org public key: ~a~%" status))))))))
1468 (define %default-authorized-guix-keys
1469 ;; List of authorized substitute keys.
1470 (list (file-append guix "/share/guix/hydra.gnu.org.pub")
1471 (file-append guix "/share/guix/berlin.guixsd.org.pub")))
1473 (define-record-type* <guix-configuration>
1474 guix-configuration make-guix-configuration
1476 (guix guix-configuration-guix ;<package>
1478 (build-group guix-configuration-build-group ;string
1479 (default "guixbuild"))
1480 (build-accounts guix-configuration-build-accounts ;integer
1482 (authorize-key? guix-configuration-authorize-key? ;Boolean
1484 (authorized-keys guix-configuration-authorized-keys ;list of gexps
1485 (default %default-authorized-guix-keys))
1486 (use-substitutes? guix-configuration-use-substitutes? ;Boolean
1488 (substitute-urls guix-configuration-substitute-urls ;list of strings
1489 (default %default-substitute-urls))
1490 (chroot-directories guix-configuration-chroot-directories ;list of file-like/strings
1492 (max-silent-time guix-configuration-max-silent-time ;integer
1494 (timeout guix-configuration-timeout ;integer
1496 (log-compression guix-configuration-log-compression
1498 (extra-options guix-configuration-extra-options ;list of strings
1500 (log-file guix-configuration-log-file ;string
1501 (default "/var/log/guix-daemon.log"))
1502 (http-proxy guix-http-proxy ;string | #f
1504 (tmpdir guix-tmpdir ;string | #f
1507 (define %default-guix-configuration
1508 (guix-configuration))
1510 (define (guix-shepherd-service config)
1511 "Return a <shepherd-service> for the Guix daemon service with CONFIG."
1512 (match-record config <guix-configuration>
1513 (guix build-group build-accounts authorize-key? authorized-keys
1514 use-substitutes? substitute-urls max-silent-time timeout
1515 log-compression extra-options log-file http-proxy tmpdir
1517 (list (shepherd-service
1518 (documentation "Run the Guix daemon.")
1519 (provision '(guix-daemon))
1520 (requirement '(user-processes))
1521 (modules '((srfi srfi-1)))
1523 #~(make-forkexec-constructor
1524 (cons* #$(file-append guix "/bin/guix-daemon")
1525 "--build-users-group" #$build-group
1526 "--max-silent-time" #$(number->string max-silent-time)
1527 "--timeout" #$(number->string timeout)
1528 "--log-compression" #$(symbol->string log-compression)
1529 #$@(if use-substitutes?
1531 '("--no-substitutes"))
1532 "--substitute-urls" #$(string-join substitute-urls)
1535 ;; Add CHROOT-DIRECTORIES and all their dependencies (if
1536 ;; these are store items) to the chroot.
1537 (append-map (lambda (file)
1538 (append-map (lambda (directory)
1539 (list "--chroot-directory"
1541 (call-with-input-file file
1543 '#$(map references-file chroot-directories)))
1545 #:environment-variables
1546 (list #$@(if http-proxy
1547 (list (string-append "http_proxy=" http-proxy))
1550 (list (string-append "TMPDIR=" tmpdir))
1553 #:log-file #$log-file))
1554 (stop #~(make-kill-destructor))))))
1556 (define (guix-accounts config)
1557 "Return the user accounts and user groups for CONFIG."
1559 (($ <guix-configuration> _ build-group build-accounts)
1564 ;; Use a fixed GID so that we can create the store with the right
1567 (guix-build-accounts build-accounts
1568 #:group build-group)))))
1570 (define (guix-activation config)
1571 "Return the activation gexp for CONFIG."
1573 (($ <guix-configuration> guix build-group build-accounts authorize-key? keys)
1574 ;; Assume that the store has BUILD-GROUP as its group. We could
1575 ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
1576 ;; chown leads to an entire copy of the tree, which is a bad idea.
1578 ;; Optionally authorize hydra.gnu.org's key.
1581 #$@(map (cut hydra-key-authorization <> guix) keys))
1584 (define* (references-file item #:optional (name "references"))
1585 "Return a file that contains the list of references of ITEM."
1586 (if (struct? item) ;lowerable object
1588 (with-imported-modules (source-module-closure
1589 '((guix build store-copy)))
1591 (use-modules (guix build store-copy))
1593 (call-with-output-file #$output
1595 (write (call-with-input-file "graph"
1596 read-reference-graph)
1598 #:options `(#:local-build? #f
1599 #:references-graphs (("graph" ,item))))
1600 (plain-file name "()")))
1602 (define guix-service-type
1606 (list (service-extension shepherd-root-service-type guix-shepherd-service)
1607 (service-extension account-service-type guix-accounts)
1608 (service-extension activation-service-type guix-activation)
1609 (service-extension profile-service-type
1610 (compose list guix-configuration-guix))))
1612 ;; Extensions can specify extra directories to add to the build chroot.
1613 (compose concatenate)
1614 (extend (lambda (config directories)
1618 (append (guix-configuration-chroot-directories config)
1621 (default-value (guix-configuration))
1623 "Run the build daemon of GNU@tie{}Guix, aka. @command{guix-daemon}.")))
1625 (define* (guix-service #:optional (config %default-guix-configuration))
1626 "Return a service that runs the Guix build daemon according to
1628 (service guix-service-type config))
1631 (define-record-type* <guix-publish-configuration>
1632 guix-publish-configuration make-guix-publish-configuration
1633 guix-publish-configuration?
1634 (guix guix-publish-configuration-guix ;package
1636 (port guix-publish-configuration-port ;number
1638 (host guix-publish-configuration-host ;string
1639 (default "localhost"))
1640 (compression-level guix-publish-configuration-compression-level ;integer
1642 (nar-path guix-publish-configuration-nar-path ;string
1644 (cache guix-publish-configuration-cache ;#f | string
1646 (workers guix-publish-configuration-workers ;#f | integer
1648 (ttl guix-publish-configuration-ttl ;#f | integer
1651 (define guix-publish-shepherd-service
1653 (($ <guix-publish-configuration> guix port host compression
1654 nar-path cache workers ttl)
1655 (list (shepherd-service
1656 (provision '(guix-publish))
1657 (requirement '(guix-daemon))
1658 (start #~(make-forkexec-constructor
1659 (list #$(file-append guix "/bin/guix")
1660 "publish" "-u" "guix-publish"
1661 "-p" #$(number->string port)
1662 "-C" #$(number->string compression)
1663 (string-append "--nar-path=" #$nar-path)
1664 (string-append "--listen=" #$host)
1666 #~((string-append "--workers="
1671 #~((string-append "--ttl="
1672 #$(number->string ttl)
1676 #~((string-append "--cache=" #$cache))
1679 ;; Make sure we run in a UTF-8 locale so we can produce
1680 ;; nars for packages that contain UTF-8 file names such
1681 ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>.
1682 #:environment-variables
1683 (list (string-append "GUIX_LOCPATH="
1684 #$glibc-utf8-locales "/lib/locale")
1685 "LC_ALL=en_US.utf8")))
1686 (stop #~(make-kill-destructor)))))))
1688 (define %guix-publish-accounts
1689 (list (user-group (name "guix-publish") (system? #t))
1691 (name "guix-publish")
1692 (group "guix-publish")
1694 (comment "guix publish user")
1695 (home-directory "/var/empty")
1696 (shell (file-append shadow "/sbin/nologin")))))
1698 (define (guix-publish-activation config)
1699 (let ((cache (guix-publish-configuration-cache config)))
1701 (with-imported-modules '((guix build utils))
1703 (use-modules (guix build utils))
1706 (let* ((pw (getpw "guix-publish"))
1707 (uid (passwd:uid pw))
1708 (gid (passwd:gid pw)))
1709 (chown #$cache uid gid))))
1712 (define guix-publish-service-type
1713 (service-type (name 'guix-publish)
1715 (list (service-extension shepherd-root-service-type
1716 guix-publish-shepherd-service)
1717 (service-extension account-service-type
1718 (const %guix-publish-accounts))
1719 (service-extension activation-service-type
1720 guix-publish-activation)))
1721 (default-value (guix-publish-configuration))
1723 "Add a Shepherd service running @command{guix publish}, a
1724 command that allows you to share pre-built binaries with others over HTTP.")))
1726 (define* (guix-publish-service #:key (guix guix) (port 80) (host "localhost"))
1727 "Return a service that runs @command{guix publish} listening on @var{host}
1728 and @var{port} (@pxref{Invoking guix publish}).
1730 This assumes that @file{/etc/guix} already contains a signing key pair as
1731 created by @command{guix archive --generate-key} (@pxref{Invoking guix
1732 archive}). If that is not the case, the service will fail to start."
1734 (service guix-publish-service-type
1735 (guix-publish-configuration (guix guix) (port port) (host host))))
1742 (define-record-type* <udev-configuration>
1743 udev-configuration make-udev-configuration
1745 (udev udev-configuration-udev ;<package>
1747 (rules udev-configuration-rules ;list of <package>
1750 (define (udev-rules-union packages)
1751 "Return the union of the @code{lib/udev/rules.d} directories found in each
1752 item of @var{packages}."
1754 (with-imported-modules '((guix build union)
1757 (use-modules (guix build union)
1762 (define %standard-locations
1763 '("/lib/udev/rules.d" "/libexec/udev/rules.d"))
1765 (define (rules-sub-directory directory)
1766 ;; Return the sub-directory of DIRECTORY containing udev rules, or
1767 ;; #f if none was found.
1768 (find directory-exists?
1769 (map (cut string-append directory <>) %standard-locations)))
1771 (mkdir-p (string-append #$output "/lib/udev"))
1772 (union-build (string-append #$output "/lib/udev/rules.d")
1773 (filter-map rules-sub-directory '#$packages)))))
1775 (computed-file "udev-rules" build))
1777 (define (udev-rule file-name contents)
1778 "Return a directory with a udev rule file FILE-NAME containing CONTENTS."
1779 (computed-file file-name
1780 (with-imported-modules '((guix build utils))
1782 (use-modules (guix build utils))
1785 (string-append #$output "/lib/udev/rules.d"))
1788 (call-with-output-file
1789 (string-append rules.d "/" #$file-name)
1791 (display #$contents port)))))))
1793 (define (file->udev-rule file-name file)
1794 "Return a directory with a udev rule file FILE-NAME which is a copy of FILE."
1795 (computed-file file-name
1796 (with-imported-modules '((guix build utils))
1798 (use-modules (guix build utils))
1801 (string-append #$output "/lib/udev/rules.d"))
1803 (define file-copy-dest
1804 (string-append rules.d "/" #$file-name))
1807 (copy-file #$file file-copy-dest)))))
1809 (define kvm-udev-rule
1810 ;; Return a directory with a udev rule that changes the group of /dev/kvm to
1811 ;; "kvm" and makes it #o660. Apparently QEMU-KVM used to ship this rule,
1812 ;; but now we have to add it by ourselves.
1814 ;; Build users are part of the "kvm" group, so we can fearlessly make
1815 ;; /dev/kvm 660 (see <http://bugs.gnu.org/18994>, for background.)
1816 (udev-rule "90-kvm.rules"
1817 "KERNEL==\"kvm\", GROUP=\"kvm\", MODE=\"0660\"\n"))
1819 (define udev-shepherd-service
1820 ;; Return a <shepherd-service> for UDEV with RULES.
1822 (($ <udev-configuration> udev rules)
1823 (let* ((rules (udev-rules-union (cons* udev kvm-udev-rule rules)))
1824 (udev.conf (computed-file "udev.conf"
1825 #~(call-with-output-file #$output
1828 "udev_rules=\"~a/lib/udev/rules.d\"\n"
1834 ;; Udev needs /dev to be a 'devtmpfs' mount so that new device nodes can
1836 ;; <http://www.linuxfromscratch.org/lfs/view/development/chapter07/udev.html>.
1837 (requirement '(root-file-system))
1839 (documentation "Populate the /dev directory, dynamically.")
1842 (@ (srfi srfi-1) find))
1845 ;; Choose the right 'udevd'.
1847 (map (lambda (suffix)
1848 (string-append #$udev suffix))
1849 '("/libexec/udev/udevd" ;udev
1850 "/sbin/udevd")))) ;eudev
1852 (define (wait-for-udevd)
1853 ;; Wait until someone's listening on udevd's control
1855 (let ((sock (socket AF_UNIX SOCK_SEQPACKET 0)))
1857 (catch 'system-error
1859 (connect sock PF_UNIX "/run/udev/control")
1862 (format #t "waiting for udevd...~%")
1866 ;; Allow udev to find the modules.
1867 (setenv "LINUX_MODULE_DIRECTORY"
1868 "/run/booted-system/kernel/lib/modules")
1870 ;; The first one is for udev, the second one for eudev.
1871 (setenv "UDEV_CONFIG_FILE" #$udev.conf)
1872 (setenv "EUDEV_RULES_DIRECTORY"
1873 #$(file-append rules "/lib/udev/rules.d"))
1875 (let* ((kernel-release
1876 (utsname:release (uname)))
1877 (linux-module-directory
1878 (getenv "LINUX_MODULE_DIRECTORY"))
1880 (string-append linux-module-directory "/"
1882 (old-umask (umask #o022)))
1883 (make-static-device-nodes directory)
1886 (let ((pid (primitive-fork)))
1889 (exec-command (list udevd)))
1891 ;; Wait until udevd is up and running. This
1892 ;; appears to be needed so that the events
1893 ;; triggered below are actually handled.
1896 ;; Trigger device node creation.
1897 (system* #$(file-append udev "/bin/udevadm")
1898 "trigger" "--action=add")
1900 ;; Wait for things to settle down.
1901 (system* #$(file-append udev "/bin/udevadm")
1904 (stop #~(make-kill-destructor))
1906 ;; When halting the system, 'udev' is actually killed by
1907 ;; 'user-processes', i.e., before its own 'stop' method was called.
1908 ;; Thus, make sure it is not respawned.
1910 ;; We need additional modules.
1911 (modules `((gnu build linux-boot)
1912 ,@%default-modules))))))))
1914 (define udev-service-type
1915 (service-type (name 'udev)
1917 (list (service-extension shepherd-root-service-type
1918 udev-shepherd-service)))
1920 (compose concatenate) ;concatenate the list of rules
1921 (extend (lambda (config rules)
1923 (($ <udev-configuration> udev initial-rules)
1926 (rules (append initial-rules rules)))))))
1928 "Run @command{udev}, which populates the @file{/dev}
1929 directory dynamically. Get extra rules from the packages listed in the
1930 @code{rules} field of its value, @code{udev-configuration} object.")))
1932 (define* (udev-service #:key (udev eudev) (rules '()))
1933 "Run @var{udev}, which populates the @file{/dev} directory dynamically. Get
1934 extra rules from the packages listed in @var{rules}."
1935 (service udev-service-type
1936 (udev-configuration (udev udev) (rules rules))))
1938 (define swap-service-type
1939 (shepherd-service-type
1943 (if (string-prefix? "/dev/mapper/" device)
1944 (list (symbol-append 'device-mapping-
1945 (string->symbol (basename device))))
1949 (provision (list (symbol-append 'swap- (string->symbol device))))
1950 (requirement `(udev ,@requirement))
1951 (documentation "Enable the given swap device.")
1953 (restart-on-EINTR (swapon #$device))
1956 (restart-on-EINTR (swapoff #$device))
1960 (define (swap-service device)
1961 "Return a service that uses @var{device} as a swap device."
1962 (service swap-service-type device))
1964 (define %default-gpm-options
1965 ;; Default options for GPM.
1966 '("-m" "/dev/input/mice" "-t" "ps2"))
1968 (define-record-type* <gpm-configuration>
1969 gpm-configuration make-gpm-configuration gpm-configuration?
1970 (gpm gpm-configuration-gpm ;package
1972 (options gpm-configuration-options ;list of strings
1973 (default %default-gpm-options)))
1975 (define gpm-shepherd-service
1977 (($ <gpm-configuration> gpm options)
1978 (list (shepherd-service
1979 (requirement '(udev))
1982 ;; 'gpm' runs in the background and sets a PID file.
1983 ;; Note that it requires running as "root".
1984 (false-if-exception (delete-file "/var/run/gpm.pid"))
1985 (fork+exec-command (list #$(file-append gpm "/sbin/gpm")
1988 ;; Wait for the PID file to appear; declare failure if
1989 ;; it doesn't show up.
1991 (or (file-exists? "/var/run/gpm.pid")
1999 ;; Return #f if successfully stopped.
2000 (not (zero? (system* #$(file-append gpm "/sbin/gpm")
2003 (define gpm-service-type
2004 (service-type (name 'gpm)
2006 (list (service-extension shepherd-root-service-type
2007 gpm-shepherd-service)))
2008 (default-value (gpm-configuration))
2010 "Run GPM, the general-purpose mouse daemon, with the given
2011 command-line options. GPM allows users to use the mouse in the console,
2012 notably to select, copy, and paste text. The default options use the
2013 @code{ps2} protocol, which works for both USB and PS/2 mice.")))
2015 (define* (gpm-service #:key (gpm gpm) ;deprecated
2016 (options %default-gpm-options))
2017 "Run @var{gpm}, the general-purpose mouse daemon, with the given
2018 command-line @var{options}. GPM allows users to use the mouse in the console,
2019 notably to select, copy, and paste text. The default value of @var{options}
2020 uses the @code{ps2} protocol, which works for both USB and PS/2 mice.
2022 This service is not part of @var{%base-services}."
2023 ;; To test in QEMU, use "-usbdevice mouse" and then, in the monitor, use
2024 ;; "info mice" and "mouse_set X" to use the right mouse.
2025 (service gpm-service-type
2026 (gpm-configuration (gpm gpm) (options options))))
2028 (define-record-type* <kmscon-configuration>
2029 kmscon-configuration make-kmscon-configuration
2030 kmscon-configuration?
2031 (kmscon kmscon-configuration-kmscon
2033 (virtual-terminal kmscon-configuration-virtual-terminal)
2034 (login-program kmscon-configuration-login-program
2035 (default (file-append shadow "/bin/login")))
2036 (login-arguments kmscon-configuration-login-arguments
2038 (hardware-acceleration? kmscon-configuration-hardware-acceleration?
2039 (default #f))) ; #t causes failure
2041 (define kmscon-service-type
2042 (shepherd-service-type
2045 (let ((kmscon (kmscon-configuration-kmscon config))
2046 (virtual-terminal (kmscon-configuration-virtual-terminal config))
2047 (login-program (kmscon-configuration-login-program config))
2048 (login-arguments (kmscon-configuration-login-arguments config))
2049 (hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
2051 (define kmscon-command
2053 #$(file-append kmscon "/bin/kmscon") "--login"
2054 "--vt" #$virtual-terminal
2055 #$@(if hardware-acceleration? '("--hwaccel") '())
2056 "--" #$login-program #$@login-arguments))
2059 (documentation "kmscon virtual terminal")
2060 (requirement '(user-processes udev dbus-system virtual-terminal))
2061 (provision (list (symbol-append 'term- (string->symbol virtual-terminal))))
2062 (start #~(make-forkexec-constructor #$kmscon-command))
2063 (stop #~(make-kill-destructor)))))))
2065 (define-record-type* <static-networking>
2066 static-networking make-static-networking
2068 (interface static-networking-interface)
2069 (ip static-networking-ip)
2070 (netmask static-networking-netmask
2072 (gateway static-networking-gateway ;FIXME: doesn't belong here
2074 (provision static-networking-provision
2076 (requirement static-networking-requirement
2078 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
2081 (define static-networking-shepherd-service
2083 (($ <static-networking> interface ip netmask gateway provision
2084 requirement name-servers)
2085 (let ((loopback? (and provision (memq 'loopback provision))))
2089 "Bring up the networking interface using a static IP address.")
2090 (requirement requirement)
2091 (provision (or provision
2092 (list (symbol-append 'networking-
2093 (string->symbol interface)))))
2096 ;; Return #t if successfully started.
2097 (let* ((addr (inet-pton AF_INET #$ip))
2098 (sockaddr (make-socket-address AF_INET addr 0))
2099 (mask (and #$netmask
2100 (inet-pton AF_INET #$netmask)))
2102 (make-socket-address AF_INET
2104 (gateway (and #$gateway
2105 (inet-pton AF_INET #$gateway)))
2106 (gatewayaddr (and gateway
2107 (make-socket-address AF_INET
2109 (configure-network-interface #$interface sockaddr
2116 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
2117 (add-network-route/gateway sock gatewayaddr)
2118 (close-port sock))))))
2120 ;; Return #f is successfully stopped.
2121 (let ((sock (socket AF_INET SOCK_STREAM 0)))
2123 (delete-network-route sock
2124 (make-socket-address
2125 AF_INET INADDR_ANY 0)))
2126 (set-network-interface-flags sock #$interface 0)
2131 (define (static-networking-etc-files interfaces)
2132 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
2133 (match (delete-duplicates
2134 (append-map static-networking-name-servers
2139 (let ((content (string-join
2140 (map (cut string-append "nameserver " <>)
2144 ,(plain-file "resolv.conf"
2146 # Generated by 'static-networking-service'.\n"
2149 (define (static-networking-shepherd-services interfaces)
2150 "Return the list of Shepherd services to bring up INTERFACES, a list of
2151 <static-networking> objects."
2152 (define (loopback? service)
2153 (memq 'loopback (shepherd-service-provision service)))
2155 (let ((services (map static-networking-shepherd-service interfaces)))
2156 (match (remove loopback? services)
2158 ;; There's no interface other than 'loopback', so we assume that the
2159 ;; 'networking' service will be provided by dhclient or similar.
2162 ;; Assume we're providing all the interfaces, and thus, provide a
2163 ;; 'networking' service.
2164 (cons (shepherd-service
2165 (provision '(networking))
2166 (requirement (append-map shepherd-service-provision
2168 (start #~(const #t))
2170 (documentation "Bring up all the networking interfaces."))
2173 (define static-networking-service-type
2174 ;; The service type for statically-defined network interfaces.
2175 (service-type (name 'static-networking)
2178 (service-extension shepherd-root-service-type
2179 static-networking-shepherd-services)
2180 (service-extension etc-service-type
2181 static-networking-etc-files)))
2182 (compose concatenate)
2185 "Turn up the specified network interfaces upon startup,
2186 with the given IP address, gateway, netmask, and so on. The value for
2187 services of this type is a list of @code{static-networking} objects, one per
2188 network interface.")))
2190 (define* (static-networking-service interface ip
2192 netmask gateway provision
2193 ;; Most interfaces require udev to be usable.
2194 (requirement '(udev))
2196 "Return a service that starts @var{interface} with address @var{ip}. If
2197 @var{netmask} is true, use it as the network mask. If @var{gateway} is true,
2198 it must be a string specifying the default network gateway.
2200 This procedure can be called several times, one for each network
2201 interface of interest. Behind the scenes what it does is extend
2202 @code{static-networking-service-type} with additional network interfaces
2204 (simple-service 'static-network-interface
2205 static-networking-service-type
2206 (list (static-networking (interface interface) (ip ip)
2207 (netmask netmask) (gateway gateway)
2208 (provision provision)
2209 (requirement requirement)
2210 (name-servers name-servers)))))
2213 (define %base-services
2214 ;; Convenience variable holding the basic services.
2215 (list (login-service)
2217 (service virtual-terminal-service-type)
2218 (service console-font-service-type
2220 (cons tty %default-console-font))
2221 '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
2223 (agetty-service (agetty-configuration
2224 (extra-options '("-L")) ; no carrier detect
2226 (tty #f))) ; automatic
2228 (mingetty-service (mingetty-configuration
2230 (mingetty-service (mingetty-configuration
2232 (mingetty-service (mingetty-configuration
2234 (mingetty-service (mingetty-configuration
2236 (mingetty-service (mingetty-configuration
2238 (mingetty-service (mingetty-configuration
2241 (service static-networking-service-type
2242 (list (static-networking (interface "lo")
2245 (provision '(loopback)))))
2247 (service urandom-seed-service-type)
2251 ;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
2252 ;; used, so enable them by default. The FUSE and ALSA rules are
2253 ;; less critical, but handy.
2254 (udev-service #:rules (list lvm2 fuse alsa-utils crda))
2256 (service special-files-service-type
2257 `(("/bin/sh" ,(file-append (canonical-package bash)
2260 ;;; base.scm ends here