summaryrefslogtreecommitdiff
path: root/px/services
diff options
context:
space:
mode:
Diffstat (limited to 'px/services')
-rw-r--r--px/services/base.scm133
-rw-r--r--px/services/bluetooth.scm132
-rw-r--r--px/services/databases.scm105
-rw-r--r--px/services/desktop.scm345
-rw-r--r--px/services/device.scm382
-rw-r--r--px/services/disk.scm111
-rw-r--r--px/services/enterprise.scm98
-rw-r--r--px/services/log.scm156
-rw-r--r--px/services/monitoring.scm143
-rw-r--r--px/services/networking.scm154
-rw-r--r--px/services/ntp.scm65
-rw-r--r--px/services/package-management.scm71
-rw-r--r--px/services/security-token.scm88
-rw-r--r--px/services/server.scm112
14 files changed, 1101 insertions, 994 deletions
diff --git a/px/services/base.scm b/px/services/base.scm
index f007e43..4715cf2 100644
--- a/px/services/base.scm
+++ b/px/services/base.scm
@@ -32,21 +32,20 @@
#:use-module (ice-9 match)
#:use-module (srfi srfi-1)
#:export (%px-core-services
-
;; for custom desktops (for ex. xfce)
;; without lxqt
- ; %px-desktop-services-base
+ ;; %px-desktop-services-base
%px-desktop-services
%px-desktop-ee-services
-
+
%px-server-services
%px-server-ee-services
%px-core-arm-services
- %px-gui-arm-services
+ %px-gui-arm-services
%px-desktop-arm-services)
-
+
#:re-export (px-desktop-service-type))
;;;
@@ -56,10 +55,8 @@
;;;
(define %px-core-services
- (append
- (list (service dhcp-client-service-type)
- (service ntp-service-type))
- %base-services))
+ (append (list (service dhcp-client-service-type)
+ (service ntp-service-type)) %base-services))
;;;
;;;
@@ -69,8 +66,7 @@
;;;
(define %px-desktop-services
- (append
- %px-desktop-services-base))
+ (append %px-desktop-services-base))
;;;
;;;
@@ -82,8 +78,7 @@
(append (list (service px-device-identity-service-type)
(service px-user-identity-service-type)
;; Desktop
- (service px-desktop-service-type))
- %px-desktop-services-base))
+ (service px-desktop-service-type)) %px-desktop-services-base))
;;;
;;; SERVER
@@ -93,22 +88,19 @@
(define %px-server-services
(append (list
- ;; OpenSSH is enabled by default but only with SSH key
- (service openssh-service-type
- (openssh-configuration
- (permit-root-login 'prohibit-password)))
-
- ;; Time service
- (service ntp-service-type)
- ;; Firewall
- (service nftables-service-type)
- ;; DHCP
- (service dhcp-client-service-type))
- %base-services))
+ ;; OpenSSH is enabled by default but only with SSH key
+ (service openssh-service-type
+ (openssh-configuration (permit-root-login 'prohibit-password)))
+
+ ;; Time service
+ (service ntp-service-type)
+ ;; Firewall
+ (service nftables-service-type)
+ ;; DHCP
+ (service dhcp-client-service-type)) %base-services))
(define %px-server-ee-services
- (append (list (service px-device-identity-service-type))
- %px-server-services))
+ (append (list (service px-device-identity-service-type)) %px-server-services))
;;;
;;; ARM-SPECIFIC
@@ -116,54 +108,49 @@
(define %px-core-arm-services
(cons*
- ;; networking
- (service wpa-supplicant-service-type)
- (service network-manager-service-type)
- (service modem-manager-service-type)
- (service usb-modeswitch-service-type)
- (service ntp-service-type)
-
- ;; remote access
- (service openssh-service-type
- (openssh-configuration
- (x11-forwarding? #t)
- (permit-root-login #t)))
+ ;; networking
+ (service wpa-supplicant-service-type)
+ (service network-manager-service-type)
+ (service modem-manager-service-type)
+ (service usb-modeswitch-service-type)
+ (service ntp-service-type)
+
+ ;; remote access
+ (service openssh-service-type
+ (openssh-configuration (x11-forwarding? #t)
+ (permit-root-login #t)))
- %base-services))
+ %base-services))
(define %px-gui-arm-services
- (cons*
- (service slim-service-type
- (slim-configuration
- (vt "vt7")
- (auto-login? #t)
- (auto-login-session (file-append openbox "/bin/openbox-session"))
- (default-user "default")))
- (service avahi-service-type)
- (service udisks-service-type)
- (service upower-service-type)
- (service accountsservice-service-type)
- (service polkit-service-type)
- (service elogind-service-type)
- (service dbus-root-service-type)
- polkit-wheel-service
- polkit-network-manager-service ;; control network without sudo
- polkit-elogind-service ;; reboot without sudo
-
- (service pulseaudio-service-type)
- (service alsa-service-type)
- %px-core-arm-services))
+ (cons* (service slim-service-type
+ (slim-configuration (vt "vt7")
+ (auto-login? #t)
+ (auto-login-session (file-append openbox
+ "/bin/openbox-session"))
+ (default-user "default")))
+ (service avahi-service-type)
+ (service udisks-service-type)
+ (service upower-service-type)
+ (service accountsservice-service-type)
+ (service polkit-service-type)
+ (service elogind-service-type)
+ (service dbus-root-service-type)
+ polkit-wheel-service
+ polkit-network-manager-service ;control network without sudo
+ polkit-elogind-service ;reboot without sudo
+
+ (service pulseaudio-service-type)
+ (service alsa-service-type)
+ %px-core-arm-services))
(define %px-desktop-arm-services
- (append
- (list (service dhcp-client-service-type)
- (service sddm-service-type
- (sddm-configuration
- (minimum-uid 1000)
- (theme "px-sddm-theme")))
- (service px-desktop-service-type
- (px-desktop-configuration
- (lxqt lxqt-modified)
- (default-packages '()))))
- (modify-services %desktop-services
- (delete network-manager-service-type)))) \ No newline at end of file
+ (append (list (service dhcp-client-service-type)
+ (service sddm-service-type
+ (sddm-configuration (minimum-uid 1000)
+ (theme "px-sddm-theme")))
+ (service px-desktop-service-type
+ (px-desktop-configuration (lxqt lxqt-modified)
+ (default-packages '()))))
+ (modify-services %desktop-services
+ (delete network-manager-service-type))))
diff --git a/px/services/bluetooth.scm b/px/services/bluetooth.scm
index d8953df..ce72f31 100644
--- a/px/services/bluetooth.scm
+++ b/px/services/bluetooth.scm
@@ -19,9 +19,8 @@
#:use-module (ice-9 match)
#:use-module (ice-9 pretty-print)
- #:export (btuart-configuration
+ #:export (btuart-configuration
btuart-service-type
-
bluetooth-client-manager-configuration
bluetooth-client-manager-service-type))
@@ -29,13 +28,14 @@
;; btuart-service-type
;;
-(define-record-type* <btuart-configuration>
- btuart-configuration make-btuart-configuration
+(define-record-type* <btuart-configuration> btuart-configuration
+ make-btuart-configuration
btuart-configuration?
- (package btuart-configuration-package
- (default bluez))
- (device btuart-configuration-device
- (default "/dev/ttyAMA0"))
+ (package
+ btuart-configuration-package
+ (default bluez))
+ (device btuart-configuration-device
+ (default "/dev/ttyAMA0"))
(protocol btuart-configuration-protocol
(default "bcm"))
(baudrate btuart-configuration-baudrate
@@ -43,72 +43,88 @@
(flow-control? btuart-configuration-flow-control?
(default #t)))
-
(define btuart-shepherd-service
(match-lambda
- (($ <btuart-configuration> package device protocol baudrate flow-control?)
- (list
- (shepherd-service
- (documentation "attach serial lines as Bluetooth HCI interfaces")
- (provision '(btuart))
- (requirement '(udev))
- (start #~(make-forkexec-constructor
- (list #$(file-append package "/bin/btattach")
- "-B" #$device "-P" #$protocol
- "-S" #$baudrate
- (when #$flow-control? "-N"))))
- (one-shot? #t))))))
-
+ (($ <btuart-configuration>
+ package
+ device
+ protocol
+ baudrate
+ flow-control?)
+ (list (shepherd-service (documentation
+ "attach serial lines as Bluetooth HCI interfaces")
+ (provision '(btuart))
+ (requirement '(udev))
+ (start #~(make-forkexec-constructor (list #$(file-append
+ package
+ "/bin/btattach")
+ "-B"
+ #$device
+ "-P"
+ #$protocol
+ "-S"
+ #$baudrate
+ (when #$flow-control?
+ "-N"))))
+ (one-shot? #t))))))
(define btuart-service-type
- (service-type
- (name 'btuart)
- (extensions (list (service-extension shepherd-root-service-type
- btuart-shepherd-service)))
- (default-value (btuart-configuration))
- (description "Attach serial lines as Bluetooth HCI interfaces")))
+ (service-type (name 'btuart)
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ btuart-shepherd-service)))
+ (default-value (btuart-configuration))
+ (description "Attach serial lines as Bluetooth HCI interfaces")))
;;
;; bluetooth-client-manager-service
;;
(define-record-type* <bluetooth-client-manager-configuration>
- bluetooth-client-manager-configuration make-bluetooth-client-manager-configuration
+ bluetooth-client-manager-configuration
+ make-bluetooth-client-manager-configuration
bluetooth-client-manager-configuration?
- (package bluetooth-client-manager-configuration-package
- (default bluetooth-client-manager-service))
- (debug? bluetooth-client-manager-configuration-debug?
- (default #f))
+ (package
+ bluetooth-client-manager-configuration-package
+ (default bluetooth-client-manager-service))
+ (debug? bluetooth-client-manager-configuration-debug?
+ (default #f))
(skip-approval? bluetooth-client-manager-configuration-skip-approval?
(default #f)))
-
(define bluetooth-client-manager-shepherd-service
(match-lambda
(($ <bluetooth-client-manager-configuration> package debug? skip-approval?)
- (list (shepherd-service
- (provision '(bluetooth-client-manager-service))
- (documentation "Run px-device-identity-service as a daemon")
- (requirement '(networking user-processes px-device-identity))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/bluetooth-client-manager-service")
- #$@(if debug? '("--verbose") '())
- #$@(if skip-approval? '("--skip-approval") '()))
- #:log-file "/var/log/bluetooth-client-manager-service.log"
- #:environment-variables
- (cons* "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))))
- (stop #~(make-kill-destructor)))))))
-
+ (list (shepherd-service (provision '(bluetooth-client-manager-service))
+ (documentation
+ "Run px-device-identity-service as a daemon")
+ (requirement '(networking user-processes
+ px-device-identity))
+ (start #~(make-forkexec-constructor (list (string-append #$package
+ "/bin/bluetooth-client-manager-service")
+ #$@(if
+ debug?
+ '("--verbose")
+ '())
+ #$@(if
+ skip-approval?
+ '("--skip-approval")
+ '()))
+ #:log-file
+ "/var/log/bluetooth-client-manager-service.log"
+ #:environment-variables (cons*
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))))
+ (stop #~(make-kill-destructor)))))))
(define bluetooth-client-manager-service-type
- (service-type
- (name 'bluetooth-client-manager-service)
- (description "PantherX Bluetooth Client Manager service")
- (extensions (list (service-extension shepherd-root-service-type
- bluetooth-client-manager-shepherd-service)))
- (default-value (bluetooth-client-manager-configuration))))
+ (service-type (name 'bluetooth-client-manager-service)
+ (description "PantherX Bluetooth Client Manager service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ bluetooth-client-manager-shepherd-service)))
+ (default-value (bluetooth-client-manager-configuration))))
diff --git a/px/services/databases.scm b/px/services/databases.scm
index aa90f20..6cf459e 100644
--- a/px/services/databases.scm
+++ b/px/services/databases.scm
@@ -1,6 +1,5 @@
;;; Databases service definitions for PantherX
-;;; Author: Reza Alizadeh Majd (r.majd@pantherx.org)
-
+;;; Reza Alizadeh Majd (r.majd@pantherx.org)
(define-module (px services databases)
#:use-module (gnu services)
@@ -13,14 +12,13 @@
#:use-module (px packages databases)
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
- #:export (mongodb-configuration
+ #:export (mongodb-configuration
mongodb-configuration?
mongodb-configuration-mongodb
mongodb-configuration-config-file
mongodb-configuration-data-directory
mongodb-service-type))
-
;;;
;;; MongoDB
;;;
@@ -46,37 +44,35 @@
;;; @end table
;;; @end deftp
-
(define %default-mongodb-configuration-file
- (plain-file
- "mongodb.yaml"
- "# GNU Guix: MongoDB default configuration file
+ (plain-file "mongodb.yaml" "# GNU Guix: MongoDB default configuration file
processManagement:
pidFilePath: /var/run/mongodb/pid
storage:
dbPath: /var/lib/mongodb
"))
-
-(define-record-type* <mongodb-configuration>
- mongodb-configuration make-mongodb-configuration
+(define-record-type* <mongodb-configuration> mongodb-configuration
+ make-mongodb-configuration
mongodb-configuration?
- (mongodb mongodb-configuration-mongodb
- (default mongodb))
- (config-file mongodb-configuration-config-file
- (default %default-mongodb-configuration-file))
- (data-directory mongodb-configuration-data-directory
- (default "/var/lib/mongodb")))
+ (mongodb mongodb-configuration-mongodb
+ (default mongodb))
+ (config-file mongodb-configuration-config-file
+ (default %default-mongodb-configuration-file))
+ (data-directory mongodb-configuration-data-directory
+ (default "/var/lib/mongodb")))
(define %mongodb-accounts
- (list (user-group (name "mongodb") (system? #t))
+ (list (user-group
+ (name "mongodb")
+ (system? #t))
(user-account
- (name "mongodb")
- (group "mongodb")
- (system? #t)
- (comment "Mongodb server user")
- (home-directory "/var/lib/mongodb")
- (shell (file-append shadow "/sbin/nologin")))))
+ (name "mongodb")
+ (group "mongodb")
+ (system? #t)
+ (comment "Mongodb server user")
+ (home-directory "/var/lib/mongodb")
+ (shell (file-append shadow "/sbin/nologin")))))
(define mongodb-activation
(match-lambda
@@ -84,45 +80,40 @@ storage:
#~(begin
(use-modules (guix build utils))
(let ((user (getpwnam "mongodb")))
- (for-each
- (lambda (directory)
- (mkdir-p directory)
- (chown directory
- (passwd:uid user) (passwd:gid user)))
- '("/var/run/mongodb" #$data-directory)))))))
+ (for-each (lambda (directory)
+ (mkdir-p directory)
+ (chown directory
+ (passwd:uid user)
+ (passwd:gid user)))
+ '("/var/run/mongodb" #$data-directory)))))))
(define mongodb-shepherd-service
(match-lambda
(($ <mongodb-configuration> mongodb config-file data-directory)
- (shepherd-service
- (provision '(mongodb))
- (documentation "Run the Mongodb daemon.")
- (requirement '(user-processes loopback))
- (start #~(make-forkexec-constructor
- `(,(string-append #$mongodb "/bin/mongod")
- "--config"
- ,#$config-file)
- #:user "mongodb"
- #:group "mongodb"
- #:pid-file "/var/run/mongodb/pid"
- #:log-file "/var/log/mongodb.log"))
- (stop #~(make-kill-destructor))))))
+ (shepherd-service (provision '(mongodb))
+ (documentation "Run the Mongodb daemon.")
+ (requirement '(user-processes loopback))
+ (start #~(make-forkexec-constructor `(,(string-append #$mongodb
+ "/bin/mongod")
+ "--config"
+ ,#$config-file)
+ #:user "mongodb"
+ #:group "mongodb"
+ #:pid-file "/var/run/mongodb/pid"
+ #:log-file "/var/log/mongodb.log"))
+ (stop #~(make-kill-destructor))))))
(define mongodb-service-type
- (service-type
- (name 'mongodb)
- (description "Run the MongoDB document database server.")
- (extensions
- (list (service-extension shepherd-root-service-type
- (compose list
- mongodb-shepherd-service))
- (service-extension activation-service-type
- mongodb-activation)
- (service-extension account-service-type
- (const %mongodb-accounts))))
- (default-value
- (mongodb-configuration))))
-
+ (service-type (name 'mongodb)
+ (description "Run the MongoDB document database server.")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ (compose list mongodb-shepherd-service))
+ (service-extension activation-service-type
+ mongodb-activation)
+ (service-extension account-service-type
+ (const %mongodb-accounts))))
+ (default-value (mongodb-configuration))))
(use-modules (gnu system)
(gnu bootloader)
diff --git a/px/services/desktop.scm b/px/services/desktop.scm
index 1274126..3b80aa5 100644
--- a/px/services/desktop.scm
+++ b/px/services/desktop.scm
@@ -1,8 +1,6 @@
;;; Desktop service definitions for PantherX
-;;;
;;; Reza Alizadeh Majd <r.majd@pantherx.org>
;;; Franz Geffke <franz@pantherx.org>
-;;;
(define-module (px services desktop)
#:use-module (gnu packages admin)
@@ -38,7 +36,7 @@
#:use-module (srfi srfi-1)
#:use-module (guix utils)
#:use-module (ice-9 match)
- #:export (px-desktop-configuration
+ #:export (px-desktop-configuration
px-desktop-configuration?
px-desktop-service-type
@@ -46,7 +44,7 @@
polkit-elogind-service
create-swap-space-service
-
+
%px-desktop-services-base))
;;
@@ -54,7 +52,7 @@
;;
(define-record-type* <px-desktop-configuration> px-desktop-configuration
- make-px-desktop-configuration
+ make-px-desktop-configuration
px-desktop-configuration?
(lxqt px-config-package
(default lxqt-modified))
@@ -68,44 +66,38 @@ rules."
(define px-desktop-profile-packages
(lambda (config)
- (append
- (list (px-config-package config))
- (px-config-default-packages config))))
-
+ (append (list (px-config-package config))
+ (px-config-default-packages config))))
(define px-desktop-service-type
- (service-type
- (name 'px-desktop)
- (extensions
- (list (service-extension polkit-service-type
- px-desktop-polkit-settings)
- (service-extension profile-service-type
- px-desktop-profile-packages)))
- (default-value (px-desktop-configuration))
- (description "Run LXQt desktop environment on PantherX.")))
+ (service-type (name 'px-desktop)
+ (extensions (list (service-extension polkit-service-type
+ px-desktop-polkit-settings)
+ (service-extension profile-service-type
+ px-desktop-profile-packages)))
+ (default-value (px-desktop-configuration))
+ (description "Run LXQt desktop environment on PantherX.")))
;;
;; allow netdev group to control network manger
;;
(define polkit-network-manager
- (file-union
- "polkit-nm"
- `(("share/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules"
- ,(plain-file
- "nm.rules"
- "polkit.addRule(function(action, subject) {
+ (file-union "polkit-nm"
+ `(("share/polkit-1/rules.d/50-org.freedesktop.NetworkManager.rules" ,
+ (plain-file "nm.rules"
+ "polkit.addRule(function(action, subject) {
if (action.id.indexOf(\"org.freedesktop.NetworkManager.\") == 0 && subject.isInGroup(\"netdev\")) {
return polkit.Result.YES;
}
});
")))))
-
;; primarily for ARM
(define polkit-network-manager-service
- (simple-service 'polkit-nm polkit-service-type (list polkit-network-manager)))
+ (simple-service 'polkit-nm polkit-service-type
+ (list polkit-network-manager)))
;;
;; Allow users group to perform reboot/poweroff
@@ -113,12 +105,10 @@ rules."
;;
(define polkit-loginctl
- (file-union
- "polkit-loginctl"
- `(("share/polkit-1/rules.d/10-enable-session-power.rules"
- ,(plain-file
- "login.rules"
- "polkit.addRule(function(action, subject) {
+ (file-union "polkit-loginctl"
+ `(("share/polkit-1/rules.d/10-enable-session-power.rules" ,(plain-file
+ "login.rules"
+ "polkit.addRule(function(action, subject) {
if ( (action.id == \"org.freedesktop.login1.reboot\" ||
action.id == \"org.freedesktop.login1.reboot-multiple-sessions\" ||
action.id == \"org.freedesktop.login1.power-off\" ||
@@ -130,167 +120,170 @@ rules."
")))))
(define polkit-elogind-service
- (simple-service 'polkit-login polkit-service-type (list polkit-loginctl)))
+ (simple-service 'polkit-login polkit-service-type
+ (list polkit-loginctl)))
(define (make-firewall-rules open-ports)
-
+
(define (make-port-rules open-ports status)
"Generate list of strings each is a port/service rule for nftables"
- (reduce-right append '()
+ (reduce-right append
+ '()
(map (match-lambda
((protocol ports ...)
(map (lambda (port)
- (string-append " " protocol " dport " port " " status))
- ports)))
- open-ports)))
+ (string-append " "
+ protocol
+ " dport "
+ port
+ " "
+ status)) ports))) open-ports)))
(let ((port-rules (make-port-rules open-ports "accept")))
(plain-file "nftables"
(string-append "#PantherX firewall rules\n"
- "table inet filter {\n"
- " chain input {\n"
- " type filter hook input priority 0; policy drop;\n"
- " # early drop of invalid connections\n"
- " ct state invalid drop\n"
- " # allow established/related connections\n"
- " ct state { established, related } accept\n"
- " # allow from loopback\n"
- " iifname lo accept\n"
- " # allow icmp\n"
- " ip protocol icmp accept\n"
- " ip6 nexthdr icmpv6 accept\n"
- (string-join port-rules "\n" 'suffix)
- " # reject everything else\n"
- " reject with icmpx type port-unreachable\n"
- " }\n"
- " chain forward {\n"
- " type filter hook forward priority 0; policy drop;\n"
- " }\n"
- " chain output {\n"
- " type filter hook output priority 0; policy accept;\n"
- " }\n"
- "}\n"))))
-
-
-(define* (desktop-services-for-system #:optional
- (system (or (%current-target-system)
- (%current-system))))
+ "table inet filter {\n"
+ " chain input {\n"
+ " type filter hook input priority 0; policy drop;
+"
+ " # early drop of invalid connections\n"
+ " ct state invalid drop\n"
+ " # allow established/related connections
+"
+ " ct state { established, related } accept
+"
+ " # allow from loopback\n"
+ " iifname lo accept\n"
+ " # allow icmp\n"
+ " ip protocol icmp accept\n"
+ " ip6 nexthdr icmpv6 accept\n"
+ (string-join port-rules "\n"
+ 'suffix)
+ " # reject everything else\n"
+ " reject with icmpx type port-unreachable
+"
+ " }\n"
+ " chain forward {\n"
+ " type filter hook forward priority 0; policy drop;
+"
+ " }\n"
+ " chain output {\n"
+ " type filter hook output priority 0; policy accept;
+"
+ " }\n"
+ "}\n"))))
+
+(define* (desktop-services-for-system #:optional (system (or (%current-target-system)
+ (%current-system))))
;; List of services typically useful for a "desktop" use case.
-
+
;; Since GDM depends on Rust (gdm -> gnome-shell -> gjs -> mozjs -> rust)
;; and Rust is currently unavailable on non-x86_64 platforms, default to
;; SDDM there (FIXME).
- (cons* (service screen-locker-service-type
- (screen-locker-configuration
- (name "xlock")
- (program (file-append xlockmore "/bin/xlock"))))
-
- ;; Add udev rules for MTP devices so that non-root users can access
- ;; them.
- (simple-service 'mtp udev-service-type (list libmtp))
- ;; Add udev rules for scanners.
- (service sane-service-type)
- ;; Add polkit rules, so that non-root users in the wheel group can
- ;; perform administrative tasks (similar to "sudo").
- polkit-wheel-service
-
- ;; Allow desktop users to also mount NTFS and NFS file systems
- ;; without root.
- (simple-service 'mount-setuid-helpers setuid-program-service-type
- (map (lambda (program)
- (setuid-program
+ (cons* (service screen-locker-service-type
+ (screen-locker-configuration (name "xlock")
+ (program (file-append xlockmore
+ "/bin/xlock"))))
+
+ ;; Add udev rules for MTP devices so that non-root users can access
+ ;; them.
+ (simple-service 'mtp udev-service-type
+ (list libmtp))
+ ;; Add udev rules for scanners.
+ (service sane-service-type)
+ ;; Add polkit rules, so that non-root users in the wheel group can
+ ;; perform administrative tasks (similar to "sudo").
+ polkit-wheel-service
+
+ ;; Allow desktop users to also mount NTFS and NFS file systems
+ ;; without root.
+ (simple-service 'mount-setuid-helpers setuid-program-service-type
+ (map (lambda (program)
+ (setuid-program
(program program)))
- (list (file-append nfs-utils "/sbin/mount.nfs")
- (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
-
- ;; This is a volatile read-write file system mounted at /var/lib/gdm,
- ;; to avoid GDM stale cache and permission issues.
- gdm-file-system-service
-
- ;; The global fontconfig cache directory can sometimes contain
- ;; stale entries, possibly referencing fonts that have been GC'd,
- ;; so mount it read-only.
- fontconfig-file-system-service
-
- ;; NetworkManager and its applet.
- (service network-manager-service-type)
- (service wpa-supplicant-service-type) ;needed by NetworkManager
- (simple-service 'network-manager-applet
- profile-service-type
- (list network-manager-applet))
- (service modem-manager-service-type)
- (service usb-modeswitch-service-type)
-
- ;; The D-Bus clique.
- (service avahi-service-type)
- (service udisks-service-type)
- (service upower-service-type)
- (service accountsservice-service-type)
- (service cups-pk-helper-service-type)
- (service colord-service-type)
- (service geoclue-service-type)
- (service polkit-service-type)
- (service elogind-service-type)
- (service dbus-root-service-type)
-
- (service ntp-service-type)
-
- (service x11-socket-directory-service-type)
-
- (service pulseaudio-service-type)
- (service alsa-service-type)
-
- ;; PantherX Specific
- (simple-service 'custom-udev-rules
- udev-service-type
- (list libu2f-host))
-
- (ledger-wallet-service)
- (nitro-key-service)
-
- ;; Power savings
- (service tlp-service-type)
-
- ;; Bluetooth service
- ;; (bluetooth-service #:auto-enable? #t)
- (service bluetooth-service-type
- (bluetooth-configuration
- (auto-enable? #t)))
-
- ;; Prevent overheating
- ;; TLP does not conflict with thermald.
- (service thermald-service-type)
-
- ; Display manager
- (service sddm-service-type
- (sddm-configuration
- (minimum-uid 1000)
- (theme "px-sddm-theme")))
-
- ;; Printing
- (service cups-service-type
- (cups-configuration
- (web-interface? #t)
- (browsing? #t)
- (default-paper-size "a4")))
-
- ;; Keychain
- (service gnome-keyring-service-type
- (gnome-keyring-configuration
- (pam-services '(("passwd" . passwd)
- ("sddm" . login)))))
-
- ;; SSH is enabled by default but only with SSH key
- (service openssh-service-type
- (openssh-configuration
- (permit-root-login 'prohibit-password)))
-
- ;; Firewall
- (service nftables-service-type
- (nftables-configuration
- (ruleset (make-firewall-rules '()))))
+ (list (file-append nfs-utils "/sbin/mount.nfs")
+ (file-append ntfs-3g "/sbin/mount.ntfs-3g"))))
+
+ ;; This is a volatile read-write file system mounted at /var/lib/gdm,
+ ;; to avoid GDM stale cache and permission issues.
+ gdm-file-system-service
+
+ ;; The global fontconfig cache directory can sometimes contain
+ ;; stale entries, possibly referencing fonts that have been GC'd,
+ ;; so mount it read-only.
+ fontconfig-file-system-service
+
+ ;; NetworkManager and its applet.
+ (service network-manager-service-type)
+ (service wpa-supplicant-service-type) ;needed by NetworkManager
+ (simple-service 'network-manager-applet profile-service-type
+ (list network-manager-applet))
+ (service modem-manager-service-type)
+ (service usb-modeswitch-service-type)
+
+ ;; The D-Bus clique.
+ (service avahi-service-type)
+ (service udisks-service-type)
+ (service upower-service-type)
+ (service accountsservice-service-type)
+ (service cups-pk-helper-service-type)
+ (service colord-service-type)
+ (service geoclue-service-type)
+ (service polkit-service-type)
+ (service elogind-service-type)
+ (service dbus-root-service-type)
+
+ (service ntp-service-type)
+
+ (service x11-socket-directory-service-type)
+
+ (service pulseaudio-service-type)
+ (service alsa-service-type)
+
+ ;; PantherX Specific
+ (simple-service 'custom-udev-rules udev-service-type
+ (list libu2f-host))
+
+ (ledger-wallet-service)
+ (nitro-key-service)
+
+ ;; Power savings
+ (service tlp-service-type)
+
+ ;; Bluetooth service
+ ;; (bluetooth-service #:auto-enable? #t)
+ (service bluetooth-service-type
+ (bluetooth-configuration (auto-enable? #t)))
+
+ ;; Prevent overheating
+ ;; TLP does not conflict with thermald.
+ (service thermald-service-type)
+
+ ;; Display manager
+ (service sddm-service-type
+ (sddm-configuration (minimum-uid 1000)
+ (theme "px-sddm-theme")))
+
+ ;; Printing
+ (service cups-service-type
+ (cups-configuration (web-interface? #t)
+ (browsing? #t)
+ (default-paper-size "a4")))
+
+ ;; Keychain
+ (service gnome-keyring-service-type
+ (gnome-keyring-configuration (pam-services '(("passwd" . passwd)
+ ("sddm" . login)))))
+
+ ;; SSH is enabled by default but only with SSH key
+ (service openssh-service-type
+ (openssh-configuration (permit-root-login 'prohibit-password)))
+
+ ;; Firewall
+ (service nftables-service-type
+ (nftables-configuration (ruleset (make-firewall-rules '()))))
%base-services))
(define-syntax %px-desktop-services-base
- (identifier-syntax (desktop-services-for-system))) \ No newline at end of file
+ (identifier-syntax (desktop-services-for-system)))
diff --git a/px/services/device.scm b/px/services/device.scm
index 4fbbc64..d783334 100644
--- a/px/services/device.scm
+++ b/px/services/device.scm
@@ -43,141 +43,159 @@
bluetooth-client-manager-configuration
bluetooth-client-manager-service-type))
-
;;
;; Device Identity API SERVICE
;;
(define-record-type* <px-device-identity-configuration>
- px-device-identity-configuration make-px-device-identity-configuration
+ px-device-identity-configuration
+ make-px-device-identity-configuration
px-device-identity-configuration?
- (package px-device-identity-configuration-package
- (default px-device-identity-service)))
-
+ (package
+ px-device-identity-configuration-package
+ (default px-device-identity-service)))
(define px-device-identity-shepherd-service
(match-lambda
(($ <px-device-identity-configuration> package)
- (list (shepherd-service
- (provision '(px-device-identity))
- (documentation "Run px-device-identity-service as a daemon")
- (requirement '(networking user-processes))
- (start #~(make-forkexec-constructor
- (list (string-append #$screen "/bin/screen")
- "-D" "-m" "-S" "identity-api"
- (string-append #$package "/bin/px-device-identity-service"))))
- (stop #~(make-kill-destructor)))))))
-
+ (list (shepherd-service (provision '(px-device-identity))
+ (documentation
+ "Run px-device-identity-service as a daemon")
+ (requirement '(networking user-processes))
+ (start #~(make-forkexec-constructor (list (string-append #$screen
+ "/bin/screen")
+ "-D"
+ "-m"
+ "-S"
+ "identity-api"
+ (string-append #$package
+ "/bin/px-device-identity-service"))))
+ (stop #~(make-kill-destructor)))))))
(define px-device-identity-service-type
- (service-type
- (name 'px-device-identity)
- (description "PantherX device identity service")
- (extensions (list (service-extension shepherd-root-service-type
- px-device-identity-shepherd-service)))
- (default-value (px-device-identity-configuration))))
-
+ (service-type (name 'px-device-identity)
+ (description "PantherX device identity service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ px-device-identity-shepherd-service)))
+ (default-value (px-device-identity-configuration))))
;;
;; User Identity Service
;;
(define-record-type* <px-user-identity-configuration>
- px-user-identity-configuration make-px-user-identity-configuration
+ px-user-identity-configuration
+ make-px-user-identity-configuration
px-user-identity-configuration?
- (package px-user-identity-configuration-package
- (default px-user-identity-service)))
+ (package
+ px-user-identity-configuration-package
+ (default px-user-identity-service)))
(define (px-user-identity-shepherd-service config)
(match config
(($ <px-user-identity-configuration> package)
- (list (shepherd-service
- (provision '(px-user-identity))
- (documentation "Run px-user-identity-service as a shepherd daemon")
- (requirement `(networking user-processes))
- (start #~(make-forkexec-constructor
- (list (string-append #$screen "/bin/screen")
- "-D" "-m" "-S" "user-identity"
- (string-append #$package "/bin/px-user-identity-service"))
- #:environment-variables
- (cons* "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))))
- (stop #~(make-kill-destructor)))))))
+ (list (shepherd-service (provision '(px-user-identity))
+ (documentation
+ "Run px-user-identity-service as a shepherd daemon")
+ (requirement `(networking user-processes))
+ (start #~(make-forkexec-constructor (list (string-append #$screen
+ "/bin/screen")
+ "-D"
+ "-m"
+ "-S"
+ "user-identity"
+ (string-append #$package
+ "/bin/px-user-identity-service"))
+ #:environment-variables
+ (cons*
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))))
+ (stop #~(make-kill-destructor)))))))
(define px-user-identity-service-type
- (service-type
- (name 'px-user-identity)
- (description "PantherX user identity service")
- (extensions (list (service-extension shepherd-root-service-type
- px-user-identity-shepherd-service)))
- (default-value (px-user-identity-configuration))))
+ (service-type (name 'px-user-identity)
+ (description "PantherX user identity service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ px-user-identity-shepherd-service)))
+ (default-value (px-user-identity-configuration))))
;;
;; Pantherx Enterprise Channels Service
;;
(define (px-enterprise-channels-service channels)
- (let ((channel-conf
- (call-with-output-string
- (lambda (port) (pretty-print channels port)))))
- (simple-service
- 'enterprise-channels
- special-files-service-type
- `(("/etc/guix/channels.scm"
- ,(computed-file
- "channels.scm"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (let ((base-dir (dirname #$output)))
- (mkdir-p base-dir)
- (call-with-output-file #$output
- (lambda (port)
- (format port #$channel-conf))))))))))))
-
+ (let ((channel-conf (call-with-output-string (lambda (port)
+ (pretty-print channels port)))))
+ (simple-service 'enterprise-channels special-files-service-type
+ `(("/etc/guix/channels.scm" ,(computed-file "channels.scm"
+ (with-imported-modules '((guix
+ build
+ utils))
+ #~(begin
+ (use-modules
+ (guix
+ build
+ utils))
+ (let
+ (
+ (base-dir
+ (dirname #$output)))
+
+
+ (mkdir-p
+ base-dir)
+ (call-with-output-file #$output
+ (lambda
+ (port)
+
+
+ (format
+ port
+ #$channel-conf))))))))))))
;;
;; Device Runner Service
;;
(define-record-type* <px-device-runner-configuration>
- px-device-runner-configuration make-px-device-runner-configuration
+ px-device-runner-configuration
+ make-px-device-runner-configuration
px-device-runner-configuration?
(schedule px-device-runner-configuration-schedule
(default "*/5 * * * *")))
(define (px-device-runner-job config)
#~(job #$(px-device-runner-configuration-schedule config)
- (string-append #$px-device-runner
- "/bin/px-device-runner")))
+ (string-append #$px-device-runner "/bin/px-device-runner")))
(define (px-device-runner-mcron-jobs config)
(list (px-device-runner-job config)))
(define px-device-runner-service-type
- (service-type
- (name "px-device-runner")
- (extensions
- (list (service-extension mcron-service-type
- px-device-runner-mcron-jobs)))
- (description "Service definition to run device runnner as a cronjob")
- (default-value (px-device-runner-configuration))))
-
+ (service-type (name "px-device-runner")
+ (extensions (list (service-extension mcron-service-type
+ px-device-runner-mcron-jobs)))
+ (description
+ "Service definition to run device runnner as a cronjob")
+ (default-value (px-device-runner-configuration))))
;;
;; File Upload Service
;;
(define-record-type* <px-file-upload-configuration>
- px-file-upload-configuration make-px-file-upload-configuration
+ px-file-upload-configuration
+ make-px-file-upload-configuration
px-file-upload-configuration?
- (package px-file-upload-configuration-package
- (default px-file-upload-cli))
+ (package
+ px-file-upload-configuration-package
+ (default px-file-upload-cli))
(schedule px-file-upload-configuration-schedule
(default "0 * * * *"))
(types px-file-upload-configuration-types
@@ -191,69 +209,75 @@
(delete-on-success? px-file-upload-configuration-delete-on-success?
(default #f)))
-
(define (px-file-upload-configuration->config config)
"Return configuration file for px-file-upload-cli"
(match config
(($ <px-file-upload-configuration>
- package schedule types source endpoint keys parse? delete-on-success?)
+ package
+ schedule
+ types
+ source
+ endpoint
+ keys
+ parse?
+ delete-on-success?)
(computed-file "file-upload.conf"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (call-with-output-file #$output
- (lambda (port)
- (format port
- "types = ~a
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port
+ "types = ~a
source = ~a
endpoint = ~a
keys = ~a
parse_file_name = ~a
delete_on_success = ~a"
- #$(string-join types ",")
- #$source
- #$endpoint
- #$(string-join keys "")
- #$(if parse? "true" "false")
- #$(if delete-on-success? "true" "false"))))))))))
-
+ #$(string-join types ",")
+ #$source
+ #$endpoint
+ #$(string-join keys "")
+ #$(if parse? "true"
+ "false")
+ #$(if delete-on-success?
+ "true" "false"))))))))))
(define (px-file-upload-mcron-jobs config)
(let ((configpath (px-file-upload-configuration->config config))
(schedule (px-file-upload-configuration-schedule config))
- (package (px-file-upload-configuration-package config)))
- (list
- #~(job #$schedule
- (string-append
- #$package "/bin/px-file-upload-cli"
- " --config " #$configpath)))))
-
+ (package
+ (px-file-upload-configuration-package config)))
+ (list #~(job #$schedule
+ (string-append #$package "/bin/px-file-upload-cli"
+ " --config "
+ #$configpath)))))
(define px-file-upload-service-type
- (service-type
- (name 'px-file-upload)
- (extensions
- (list (service-extension mcron-service-type
- px-file-upload-mcron-jobs)
- (service-extension profile-service-type
- (lambda (config)
- (list (px-file-upload-configuration-package config)
- px-device-identity
- tpm2-tss-engine)))))
- (description "Service definition to run file upload on intervals")))
+ (service-type (name 'px-file-upload)
+ (extensions (list (service-extension mcron-service-type
+ px-file-upload-mcron-jobs)
+ (service-extension profile-service-type
+ (lambda (config)
+ (list (px-file-upload-configuration-package
+ config)
+ px-device-identity
+ tpm2-tss-engine)))))
+ (description
+ "Service definition to run file upload on intervals")))
;;
;; btuart-service-type
;;
-(define-record-type* <btuart-configuration>
- btuart-configuration make-btuart-configuration
+(define-record-type* <btuart-configuration> btuart-configuration
+ make-btuart-configuration
btuart-configuration?
- (package btuart-configuration-package
- (default bluez))
- (device btuart-configuration-device
- (default "/dev/ttyAMA0"))
+ (package
+ btuart-configuration-package
+ (default bluez))
+ (device btuart-configuration-device
+ (default "/dev/ttyAMA0"))
(protocol btuart-configuration-protocol
(default "bcm"))
(baudrate btuart-configuration-baudrate
@@ -261,72 +285,88 @@ delete_on_success = ~a"
(flow-control? btuart-configuration-flow-control?
(default #t)))
-
(define btuart-shepherd-service
(match-lambda
- (($ <btuart-configuration> package device protocol baudrate flow-control?)
- (list
- (shepherd-service
- (documentation "attach serial lines as Bluetooth HCI interfaces")
- (provision '(btuart))
- (requirement '(udev))
- (start #~(make-forkexec-constructor
- (list #$(file-append package "/bin/btattach")
- "-B" #$device "-P" #$protocol
- "-S" #$baudrate
- (when #$flow-control? "-N"))))
- (one-shot? #t))))))
-
+ (($ <btuart-configuration>
+ package
+ device
+ protocol
+ baudrate
+ flow-control?)
+ (list (shepherd-service (documentation
+ "attach serial lines as Bluetooth HCI interfaces")
+ (provision '(btuart))
+ (requirement '(udev))
+ (start #~(make-forkexec-constructor (list #$(file-append
+ package
+ "/bin/btattach")
+ "-B"
+ #$device
+ "-P"
+ #$protocol
+ "-S"
+ #$baudrate
+ (when #$flow-control?
+ "-N"))))
+ (one-shot? #t))))))
(define btuart-service-type
- (service-type
- (name 'btuart)
- (extensions (list (service-extension shepherd-root-service-type
- btuart-shepherd-service)))
- (default-value (btuart-configuration))
- (description "Attach serial lines as Bluetooth HCI interfaces")))
+ (service-type (name 'btuart)
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ btuart-shepherd-service)))
+ (default-value (btuart-configuration))
+ (description "Attach serial lines as Bluetooth HCI interfaces")))
;;
;; bluetooth-client-manager-service
;;
(define-record-type* <bluetooth-client-manager-configuration>
- bluetooth-client-manager-configuration make-bluetooth-client-manager-configuration
+ bluetooth-client-manager-configuration
+ make-bluetooth-client-manager-configuration
bluetooth-client-manager-configuration?
- (package bluetooth-client-manager-configuration-package
- (default bluetooth-client-manager-service))
- (debug? bluetooth-client-manager-configuration-debug?
- (default #f))
+ (package
+ bluetooth-client-manager-configuration-package
+ (default bluetooth-client-manager-service))
+ (debug? bluetooth-client-manager-configuration-debug?
+ (default #f))
(skip-approval? bluetooth-client-manager-configuration-skip-approval?
(default #f)))
-
(define bluetooth-client-manager-shepherd-service
(match-lambda
(($ <bluetooth-client-manager-configuration> package debug? skip-approval?)
- (list (shepherd-service
- (provision '(bluetooth-client-manager-service))
- (documentation "Run px-device-identity-service as a daemon")
- (requirement '(networking user-processes px-device-identity))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/bluetooth-client-manager-service")
- #$@(if debug? '("--verbose") '())
- #$@(if skip-approval? '("--skip-approval") '()))
- #:log-file "/var/log/bluetooth-client-manager-service.log"
- #:environment-variables
- (cons* "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))))
- (stop #~(make-kill-destructor)))))))
-
+ (list (shepherd-service (provision '(bluetooth-client-manager-service))
+ (documentation
+ "Run px-device-identity-service as a daemon")
+ (requirement '(networking user-processes
+ px-device-identity))
+ (start #~(make-forkexec-constructor (list (string-append #$package
+ "/bin/bluetooth-client-manager-service")
+ #$@(if
+ debug?
+ '("--verbose")
+ '())
+ #$@(if
+ skip-approval?
+ '("--skip-approval")
+ '()))
+ #:log-file
+ "/var/log/bluetooth-client-manager-service.log"
+ #:environment-variables (cons*
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))))
+ (stop #~(make-kill-destructor)))))))
(define bluetooth-client-manager-service-type
- (service-type
- (name 'bluetooth-client-manager-service)
- (description "PantherX Bluetooth Client Manager service")
- (extensions (list (service-extension shepherd-root-service-type
- bluetooth-client-manager-shepherd-service)))
- (default-value (bluetooth-client-manager-configuration))))
+ (service-type (name 'bluetooth-client-manager-service)
+ (description "PantherX Bluetooth Client Manager service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ bluetooth-client-manager-shepherd-service)))
+ (default-value (bluetooth-client-manager-configuration))))
diff --git a/px/services/disk.scm b/px/services/disk.scm
index ca10546..abbd7cb 100644
--- a/px/services/disk.scm
+++ b/px/services/disk.scm
@@ -25,7 +25,6 @@
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
#:export (create-swap-space-service
-
disk-init-configuration
disk-init-service-type))
@@ -35,29 +34,35 @@
;;
(define (create-swap-space-service size)
- (simple-service 'create-swap-space
- activation-service-type
+ (simple-service 'create-swap-space activation-service-type
(with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (let ((swapfile "/swapfile"))
- (when (not (file-exists? swapfile))
- (invoke #+(file-append util-linux "/bin/fallocate") "-l" #$size swapfile)
- (chmod swapfile #o600)
- (invoke #+(file-append util-linux "/sbin/mkswap") swapfile)
- ))))))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((swapfile "/swapfile"))
+ (when (not (file-exists?
+ swapfile))
+ (invoke #+(file-append
+ util-linux
+ "/bin/fallocate")
+ "-l"
+ #$size swapfile)
+ (chmod swapfile #o600)
+ (invoke #+(file-append
+ util-linux
+ "/sbin/mkswap")
+ swapfile)))))))
;;
;; Disk initiation service
;; primarily for ARM
;;
-(define-record-type* <disk-init-configuration>
- disk-init-configuration make-disk-init-configuration
+(define-record-type* <disk-init-configuration> disk-init-configuration
+ make-disk-init-configuration
disk-init-configuration?
- (device disk-init-configuration-device)
- (index disk-init-configuration-index)
- (target disk-init-configuration-target)
+ (device disk-init-configuration-device)
+ (index disk-init-configuration-index)
+ (target disk-init-configuration-target)
(swap-size disk-init-configuration-swap-size
(default #f))
(swap-path disk-init-configuration-swap-path
@@ -65,35 +70,53 @@
(define disk-init-activation
(match-lambda
- (($ <disk-init-configuration> device index target swap-size swap-path)
+ (($ <disk-init-configuration>
+ device
+ index
+ target
+ swap-size
+ swap-path)
(with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (let ((lock-file "/etc/disk-init.lock"))
- (when (not (file-exists? lock-file))
- ;; resize root partition
- ;; workaround to fix growpart execution
- (setenv "PATH" (string-append "/run/current-system/profile/bin:" (getenv "PATH")))
- (invoke #+(file-append cloud-utils "/bin/growpart") #$device #$index)
- (invoke #+(file-append e2fsprogs "/sbin/resize2fs") #$target)
- (invoke #+(file-append coreutils "/bin/sync"))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((lock-file "/etc/disk-init.lock"))
+ (when (not (file-exists? lock-file))
+ ;; resize root partition
+ ;; workaround to fix growpart execution
+ (setenv "PATH"
+ (string-append
+ "/run/current-system/profile/bin:"
+ (getenv "PATH")))
+ (invoke #+(file-append cloud-utils
+ "/bin/growpart")
+ #$device
+ #$index)
+ (invoke #+(file-append e2fsprogs
+ "/sbin/resize2fs")
+ #$target)
+ (invoke #+(file-append coreutils
+ "/bin/sync"))
+
+ ;; create swap-file
+ (when (and #$swap-size
+ (not (file-exists? #$swap-path)))
+ (invoke #+(file-append util-linux
+ "/bin/fallocate")
+ "-l"
+ #$swap-size
+ #$swap-path)
+ (chmod #$swap-path #o600)
+ (invoke #+(file-append util-linux
+ "/sbin/mkswap")
+ #$swap-path))
- ;; create swap-file
- (when (and #$swap-size
- (not (file-exists? #$swap-path)))
- (invoke #+(file-append util-linux "/bin/fallocate")
- "-l" #$swap-size #$swap-path)
- (chmod #$swap-path #o600)
- (invoke #+(file-append util-linux "/sbin/mkswap") #$swap-path))
-
- (call-with-output-file lock-file
- (lambda (port)
- (display "disk image initiated\n" port))))))))))
+ (call-with-output-file lock-file
+ (lambda (port)
+ (display "disk image initiated\n" port))))))))))
(define disk-init-service-type
- (service-type
- (name 'disk-init)
- (extensions (list
- (service-extension activation-service-type
- disk-init-activation)))
- (description "Resize root partition on first boot and create swapfile")))
+ (service-type (name 'disk-init)
+ (extensions (list (service-extension activation-service-type
+ disk-init-activation)))
+ (description
+ "Resize root partition on first boot and create swapfile")))
diff --git a/px/services/enterprise.scm b/px/services/enterprise.scm
index 998092b..b01994a 100644
--- a/px/services/enterprise.scm
+++ b/px/services/enterprise.scm
@@ -14,28 +14,33 @@
;;;
(define-record-type* <px-channel-migration-configuration>
- px-channel-migration-configuration make-px-channel-migration-configuration
+ px-channel-migration-configuration
+ make-px-channel-migration-configuration
px-channel-migration-configuration?
- (profile px-channel-migration-configuration-profile ;; path to profile we want to migrate (root)
- (default "/root/.config/guix/current"))
- (config px-channel-migration-configuration-config ;; path to system configuration file
- (default "/etc/system.scm"))
- (channels px-channel-migration-configuration-channels ;; path to channels file
+ (profile px-channel-migration-configuration-profile ;path to profile we want to migrate (root)
+ (default "/root/.config/guix/current"))
+ (config px-channel-migration-configuration-config ;path to system configuration file
+ (default "/etc/system.scm"))
+ (channels px-channel-migration-configuration-channels ;path to channels file
(default "/etc/guix/channels.scm"))
- (branch px-channel-migration-configuration-branch) ;; target branch that we want to migrate to
- (timeout px-channel-migration-configuration-timeout ;; timeout before start the migration
- (default 60)))
-
+ (branch px-channel-migration-configuration-branch) ;target branch that we want to migrate to
+ (timeout px-channel-migration-configuration-timeout ;timeout before start the migration
+ (default 60)))
(define (px-channel-migration->script config)
(match config
- (($ <px-channel-migration-configuration> profile config channels branch timeout)
- (computed-file
- "px-channel-migration.sh"
- #~(begin
- (call-with-output-file #$output
- (lambda (port)
- (format port "# AUTO GENERATED BY: px-channel-migration-service
+ (($ <px-channel-migration-configuration>
+ profile
+ config
+ channels
+ branch
+ timeout)
+ (computed-file "px-channel-migration.sh"
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port
+ "# AUTO GENERATED BY: px-channel-migration-service
GUIX_PROFILE=~a
SYSTEM_CONFIG=~a
SYSTEM_CHANNELS=~a
@@ -78,8 +83,7 @@ fi
echo \">>> Start system reconfigure\"
function perform_reconfigure {
- guix time-machine --disable-authentication --channels=$SYSTEM_CHANNELS \
- -- system reconfigure --allow-downgrades $SYSTEM_CONFIG
+ guix time-machine --disable-authentication --channels=$SYSTEM_CHANNELS -- system reconfigure --allow-downgrades $SYSTEM_CONFIG
}
perform_reconfigure
while [ $? -ne 0 ]; do
@@ -91,36 +95,40 @@ done
guix describe
echo $(date +'%s') > $UPGRADE_FILE
echo \">>> Device channels migrated successfully.\"
-" #$profile #$config #$channels #$branch #$timeout #$(file-append recutils "/bin/recsel")))))))))
-
+"
+ #$profile
+ #$config
+ #$channels
+ #$branch
+ #$timeout
+ #$(file-append recutils "/bin/recsel")))))))))
(define (px-channel-migration-shepherd-service config)
(match config
(($ <px-channel-migration-configuration> ...)
(let ((script (px-channel-migration->script config)))
- (list (shepherd-service
- (provision '(px-channel-migration))
- (documentation "Migrate device channels to new references")
- (requirement '(networking user-processes))
- (one-shot? #t)
- (start #~(make-forkexec-constructor
- (list (string-append #$bash "/bin/bash")
- #$script)
- #:environment-variables
- (cons*
- "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))
- #:log-file "/var/log/px-channel-migration.log"))
- (stop #~(make-kill-destructor))))))))
-
+ (list (shepherd-service (provision '(px-channel-migration))
+ (documentation
+ "Migrate device channels to new references")
+ (requirement '(networking user-processes))
+ (one-shot? #t)
+ (start #~(make-forkexec-constructor (list (string-append #$bash
+ "/bin/bash")
+ #$script)
+ #:environment-variables (cons*
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))
+ #:log-file
+ "/var/log/px-channel-migration.log"))
+ (stop #~(make-kill-destructor))))))))
(define px-channel-migration-service-type
- (service-type
- (name 'px-channel-migration)
- (description "Migrate device channels to new references")
- (extensions (list (service-extension shepherd-root-service-type
- px-channel-migration-shepherd-service)))))
+ (service-type (name 'px-channel-migration)
+ (description "Migrate device channels to new references")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ px-channel-migration-shepherd-service)))))
diff --git a/px/services/log.scm b/px/services/log.scm
index f8f2bc2..cf0475a 100644
--- a/px/services/log.scm
+++ b/px/services/log.scm
@@ -7,7 +7,7 @@
#:use-module (gnu packages logging)
#:use-module (gnu packages screen)
#:use-module (gnu services shepherd)
- #:use-module (px packages log)
+ #:use-module (px packages log)
#:use-module (gnu system)
#:use-module (gnu system shadow)
#:use-module (guix gexp)
@@ -15,9 +15,8 @@
#:use-module (ice-9 match)
#:use-module (ice-9 pretty-print)
- #:export (remote-syslog-service-configuration
+ #:export (remote-syslog-service-configuration
remote-syslog-service-type
-
%rsyslog-default-config
%rsyslog-default-config-file
rsyslog-configuration
@@ -27,59 +26,74 @@
;; remote-syslog SERVICE
;;
-(define (script-builder destionation-host destionation-port hostname log-files package)
+(define (script-builder destionation-host destionation-port hostname log-files
+ package)
"Return the chorny configuration file corresponding to CONFIG."
(computed-file "remote-syslog-script.sh"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (call-with-output-file #$output
- (lambda (port)
- (format port "#!~a~% exec ~a \"$@\"~%"
- #+(file-append bash "/bin/sh")
- (string-append #$package "/bin/remote_syslog2"
- " --no-detach"
- " -d " #$destionation-host
- " -p " #$destionation-port
- " --pid-file=/var/run/remote_syslog.pid"
- " --hostname " #$hostname
- " " #$log-files))
- (chmod port #o555)))))))
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port
+ "#!~a~% exec ~a \"$@\"~%"
+ #+(file-append bash "/bin/sh")
+ (string-append #$package
+ "/bin/remote_syslog2"
+ " --no-detach"
+ " -d "
+ #$destionation-host
+ " -p "
+ #$destionation-port
+ " --pid-file=/var/run/remote_syslog.pid"
+ " --hostname "
+ #$hostname
+ " "
+ #$log-files))
+ (chmod port #o555)))))))
(define-record-type* <remote-syslog-service-configuration>
- remote-syslog-service-configuration make-remote-syslog-service-configuration
+ remote-syslog-service-configuration
+ make-remote-syslog-service-configuration
remote-syslog-service-configuration?
- (destionation-host remote-syslog-service-configuration-destionation-host
- (default "logs.papertrailapp.com"))
- (destionation-port remote-syslog-service-configuration-destionation-port
- (default "46169"))
- (hostname remote-syslog-service-configuration-host
- (default "$(hostname)"))
- (log-files remote-syslog-service-configuration-log-files
- (default "/var/log/messages"))
- (package remote-syslog-service-configuration-package
- (default remote_syslog2)))
+ (destionation-host remote-syslog-service-configuration-destionation-host
+ (default "logs.papertrailapp.com"))
+ (destionation-port remote-syslog-service-configuration-destionation-port
+ (default "46169"))
+ (hostname remote-syslog-service-configuration-host
+ (default "$(hostname)"))
+ (log-files remote-syslog-service-configuration-log-files
+ (default "/var/log/messages"))
+ (package
+ remote-syslog-service-configuration-package
+ (default remote_syslog2)))
(define remote-syslog-shepherd-service
(match-lambda
- (($ <remote-syslog-service-configuration> destionation-host destionation-port hostname log-files package)
- (list (shepherd-service
- (provision '(remote-syslog))
- (documentation "Run remote-syslog as a daemon")
- (requirement '(networking syslogd))
- (start #~(make-forkexec-constructor
- (list #$(script-builder destionation-host destionation-port hostname log-files package))))
- (stop #~(make-kill-destructor)))))))
+ (($ <remote-syslog-service-configuration>
+ destionation-host
+ destionation-port
+ hostname
+ log-files
+ package)
+ (list (shepherd-service (provision '(remote-syslog))
+ (documentation "Run remote-syslog as a daemon")
+ (requirement '(networking syslogd))
+ (start #~(make-forkexec-constructor (list #$(script-builder
+ destionation-host
+ destionation-port
+ hostname
+ log-files
+ package))))
+ (stop #~(make-kill-destructor)))))))
(define remote-syslog-service-type
- (service-type
- (name "remote-syslog")
- (description "Remote syslog service")
- (extensions (list (service-extension shepherd-root-service-type
- remote-syslog-shepherd-service)))
- (default-value (remote-syslog-service-configuration))))
-
+ (service-type (name "remote-syslog")
+ (description "Remote syslog service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ remote-syslog-shepherd-service)))
+ (default-value (remote-syslog-service-configuration))))
;;
;; rsyslog-service-type
@@ -104,20 +118,18 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.* /var/log/rsyslog
")
-
(define %rsyslog-default-config-file
(plain-file "rsyslog.conf" %rsyslog-default-config))
-
-(define-record-type* <rsyslog-configuration>
- rsyslog-configuration make-rsyslog-cofiguration
+(define-record-type* <rsyslog-configuration> rsyslog-configuration
+ make-rsyslog-cofiguration
rsyslog-configuration?
- (package rsyslog-configuration-package
- (default rsyslog))
+ (package
+ rsyslog-configuration-package
+ (default rsyslog))
(config-file rsyslog-configuration-config-file
(default %rsyslog-default-config-file)))
-
(define (rsyslog-activation config)
(with-imported-modules '((guix build utils))
#~(begin
@@ -125,28 +137,26 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
(let ((lib-dir "/var/lib/rsyslog"))
(mkdir-p lib-dir)))))
-
(define rsyslog-shepherd-service
(match-lambda
(($ <rsyslog-configuration> package config-file)
- (list
- (shepherd-service
- (provision '(rsyslogd))
- (documentation "Rsyslog daemon service")
- (requirement '(syslogd))
- (start #~(make-forkexec-constructor
- (list #$(file-append package "/sbin/rsyslogd")
- "-n" "-f" #$config-file)))
- (stop #~(make-kill-destructor)))))))
-
+ (list (shepherd-service (provision '(rsyslogd))
+ (documentation "Rsyslog daemon service")
+ (requirement '(syslogd))
+ (start #~(make-forkexec-constructor (list #$(file-append
+ package
+ "/sbin/rsyslogd")
+ "-n"
+ "-f"
+ #$config-file)))
+ (stop #~(make-kill-destructor)))))))
(define rsyslog-service-type
- (service-type
- (name 'rsyslog)
- (description "Run rsyslog daemon on machine")
- (extensions
- (list (service-extension shepherd-root-service-type
- rsyslog-shepherd-service)
- (service-extension activation-service-type
- rsyslog-activation)))
- (default-value (rsyslog-configuration))))
+ (service-type (name 'rsyslog)
+ (description "Run rsyslog daemon on machine")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ rsyslog-shepherd-service)
+ (service-extension activation-service-type
+ rsyslog-activation)))
+ (default-value (rsyslog-configuration))))
diff --git a/px/services/monitoring.scm b/px/services/monitoring.scm
index a5c64e5..7beeb07 100644
--- a/px/services/monitoring.scm
+++ b/px/services/monitoring.scm
@@ -21,10 +21,12 @@
;;
(define-record-type* <px-remote-status-service-configuration>
- px-remote-status-service-configuration make-px-remote-status-configuration
+ px-remote-status-service-configuration
+ make-px-remote-status-configuration
px-remote-status-service-configuration?
- (package px-remote-status-service-configuration-package
- (default px-org-remote-status-service))
+ (package
+ px-remote-status-service-configuration-package
+ (default px-org-remote-status-service))
(interval px-remote-status-service-configuration-interval
(default 300))
(jobs px-remote-status-service-configuration-jobs
@@ -34,17 +36,15 @@
"Return monitrc file for config"
(match config
(($ <px-remote-status-service-configuration> jobs)
- (computed-file
- "monitrc"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils)
- (ice-9 match))
- (call-with-output-file #$output
- (lambda (port)
- (display "\
-### Monit default configurations
+ (computed-file "monitrc"
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 match))
+ (call-with-output-file #$output
+ (lambda (port)
+ (display
+ "### Monit default configurations
## Check interval
set daemon 30 # check services at 30 seconds intervals
# with start delay 240 # optional: delay the first check by 4-minutes (by
@@ -59,58 +59,81 @@ set httpd port 2812 and
allow localhost # allow localhost to connect to the server and
allow admin:monit # require user 'admin' with password 'monit'
-### Monit job definitions\n" port)
- (for-each (lambda (job)
- (display (string-append job "\n") port))
- '#$(px-remote-status-service-configuration-jobs config))
- ))))))))
+### Monit job definitions
+"
+ port)
+ (for-each (lambda (job)
+ (display (string-append
+ job
+ "\n")
+ port))
+ '#$(px-remote-status-service-configuration-jobs
+ config))))))))))
(define (px-remote-status-shepherd-service config)
"Return <shepherd-service> running px-org-remote-status-service"
(match config
(($ <px-remote-status-service-configuration> package interval)
(let ((monitrc (px-remote-service-configuration->monitrc config)))
- (list (shepherd-service
- (provision '(px-remote-status))
- (documentation "Run px-org-remote-status-service as a shepherd daemon")
- (requirement '(networking user-processes px-device-identity))
- (modules `((srfi srfi-1)
- (srfi srfi-26)
- ,@%default-modules))
- (start #~(make-forkexec-constructor
- (list (string-append #$screen "/bin/screen")
- "-D" "-m" "-S" "remote-status"
- (string-append #$package "/bin/px-org-remote-status-service")
- "-i" (number->string #$interval)
- "-m" #$monitrc)
- #:environment-variables
- (cons* (string-append "PATH="
- #$monit "/bin:"
- #$network-manager "/bin:"
- #$lshw "/sbin:"
- #$coreutils "/bin:"
- #$sysstat "/bin:"
- #$curl "/bin:"
- #$util-linux+udev "/bin:"
- #$px-device-identity "/bin:"
- "/run/current-system/profile/bin:"
- (getenv "PATH"))
- "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (remove (cut string-prefix? "PATH=" <>)
- (environ)))))
- (stop #~(make-kill-destructor))))))))
-
-
+ (list (shepherd-service (provision '(px-remote-status))
+ (documentation
+ "Run px-org-remote-status-service as a shepherd daemon")
+ (requirement '(networking user-processes
+ px-device-identity))
+ (modules `((srfi srfi-1)
+ (srfi srfi-26)
+ ,@%default-modules))
+ (start #~(make-forkexec-constructor (list (string-append #$screen
+ "/bin/screen")
+ "-D"
+ "-m"
+ "-S"
+ "remote-status"
+ (string-append #$package
+ "/bin/px-org-remote-status-service")
+ "-i"
+ (number->string #$interval)
+ "-m"
+ #$monitrc)
+ #:environment-variables
+ (cons* (string-append
+ "PATH="
+ #$monit
+ "/bin:"
+ #$network-manager
+ "/bin:"
+ #$lshw
+ "/sbin:"
+ #$coreutils
+ "/bin:"
+ #$sysstat
+ "/bin:"
+ #$curl
+ "/bin:"
+ #$util-linux+udev
+ "/bin:"
+ #$px-device-identity
+ "/bin:"
+ "/run/current-system/profile/bin:"
+ (getenv
+ "PATH"))
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (remove (cut
+ string-prefix?
+ "PATH="
+ <>)
+ (environ)))))
+ (stop #~(make-kill-destructor))))))))
(define px-remote-status-service-type
- (service-type
- (name 'px-remote-status)
- (description "PantherX remote status service")
- (extensions (list (service-extension shepherd-root-service-type
- px-remote-status-shepherd-service)))
- (default-value (px-remote-status-service-configuration))))
+ (service-type (name 'px-remote-status)
+ (description "PantherX remote status service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ px-remote-status-shepherd-service)))
+ (default-value (px-remote-status-service-configuration))))
diff --git a/px/services/networking.scm b/px/services/networking.scm
index eac9b81..05de25d 100644
--- a/px/services/networking.scm
+++ b/px/services/networking.scm
@@ -16,9 +16,8 @@
#:use-module (px packages networking)
#:use-module (srfi srfi-1)
- #:export (chrony-service-configuration
+ #:export (chrony-service-configuration
chrony-service-type
-
nebula-configuration
nebula-configuration-package
nebula-configuration-provision
@@ -31,13 +30,15 @@
;;
(define-record-type* <chrony-service-configuration>
- chrony-service-configuration make-chrony-service-configuration
+ chrony-service-configuration
+ make-chrony-service-configuration
chrony-service-configuration?
- (package chrony-service-configuration-package
- (default chrony))
- (user chrony-service-configuration-user
- (default "root"))
- (config chrony-service-configuration-config
+ (package
+ chrony-service-configuration-package
+ (default chrony))
+ (user chrony-service-configuration-user
+ (default "root"))
+ (config chrony-service-configuration-config
(default "server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
@@ -50,108 +51,103 @@ logdir /var/log/chrony")))
(define (chrony-service-config-file config)
"Return the chorny configuration file corresponding to CONFIG."
(computed-file "chrony.conf"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (call-with-output-file #$output
- (lambda (port)
- (format port
- #$config)))))))
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port
+ #$config)))))))
(define chrony-shepherd-service
(match-lambda
(($ <chrony-service-configuration> package user config)
- (list (shepherd-service
- (provision '(chrony))
- (documentation "Run chrony as a daemon")
- (requirement '(networking))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/sbin/chronyd")
- "-n" "-u" #$user
- "-f" #$(chrony-service-config-file config))))
- (stop #~(make-kill-destructor)))))))
+ (list (shepherd-service (provision '(chrony))
+ (documentation "Run chrony as a daemon")
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor (list (string-append #$package
+ "/sbin/chronyd")
+ "-n"
+ "-u"
+ #$user
+ "-f"
+ #$(chrony-service-config-file
+ config))))
+ (stop #~(make-kill-destructor)))))))
(define chrony-service-type
- (service-type
- (name "chrony")
- (description "Chrony service")
- (extensions (list (service-extension shepherd-root-service-type
- chrony-shepherd-service)))
- (default-value (chrony-service-configuration))))
-
+ (service-type (name "chrony")
+ (description "Chrony service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ chrony-shepherd-service)))
+ (default-value (chrony-service-configuration))))
;;
;; Nebula SERVICE
;;
-(define-record-type* <nebula-configuration>
- nebula-configuration
- make-nebula-configuration
+(define-record-type* <nebula-configuration> nebula-configuration
+ make-nebula-configuration
nebula-configuration?
- (package nebula-configuration-package
- (default nebula))
+ (package
+ nebula-configuration-package
+ (default nebula))
(provision nebula-configuration-provision)
(config-path nebula-configuration-config-path))
-
(define nebula-profile-packages
(lambda (configurations)
(fold (lambda (config prv)
(let ((pkg (nebula-configuration-package config)))
- (if (memq pkg prv)
- prv
+ (if (memq pkg prv) prv
(cons pkg prv))))
'() configurations)))
-
(define (nebula-shepherd-service config)
(match config
(($ <nebula-configuration> package provision config-path)
- (let ((log-path (string-append
- "/var/log/"
- (symbol->string (car provision))
- ".log")))
- (shepherd-service
- (provision provision)
- (documentation "Run configured instance of nebula on system start")
- (requirement '(networking user-processes))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/bin/nebula")
- "-config" #$config-path)
- #:log-file #$log-path
- #:environment-variables
- (cons* "HOME=/root"
- "XDG_DATA_HOME=/root/.local/share"
- "XDG_CONFIG_HOME=/root/.config"
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))))
- (stop #~(make-kill-destructor)))))))
-
+ (let ((log-path (string-append "/var/log/"
+ (symbol->string (car provision)) ".log")))
+ (shepherd-service (provision provision)
+ (documentation
+ "Run configured instance of nebula on system start")
+ (requirement '(networking user-processes))
+ (start #~(make-forkexec-constructor (list (string-append #$package
+ "/bin/nebula")
+ "-config"
+ #$config-path)
+ #:log-file #$log-path
+ #:environment-variables
+ (cons*
+ "HOME=/root"
+ "XDG_DATA_HOME=/root/.local/share"
+ "XDG_CONFIG_HOME=/root/.config"
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))))
+ (stop #~(make-kill-destructor)))))))
(define (nebula-shepherd-services configurations)
(map nebula-shepherd-service configurations))
-
(define %default-nebula-configuration
- (nebula-configuration
- (provision '(nebula))
- (config-path "/etc/nebula/config.yml")))
+ (nebula-configuration (provision '(nebula))
+ (config-path "/etc/nebula/config.yml")))
(define %nebula-log-rotations
- (list (log-rotation
- (files (list "/var/log/nebula.log")))))
+ (list (log-rotation (files (list "/var/log/nebula.log")))))
(define nebula-service-type
- (service-type
- (name 'nebula)
- (extensions
- (list (service-extension shepherd-root-service-type
- nebula-shepherd-services)
- (service-extension profile-service-type
- nebula-profile-packages)
- (service-extension rottlog-service-type
- (const %nebula-log-rotations))))
- (default-value (list %default-nebula-configuration))
- (description "Run configured instance of nebula on system start")))
+ (service-type (name 'nebula)
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ nebula-shepherd-services)
+ (service-extension profile-service-type
+ nebula-profile-packages)
+ (service-extension rottlog-service-type
+ (const
+ %nebula-log-rotations))))
+ (default-value (list %default-nebula-configuration))
+ (description
+ "Run configured instance of nebula on system start")))
diff --git a/px/services/ntp.scm b/px/services/ntp.scm
index bbba3c6..fd5bc24 100644
--- a/px/services/ntp.scm
+++ b/px/services/ntp.scm
@@ -15,21 +15,22 @@
#:use-module (ice-9 pretty-print)
#:use-module (srfi srfi-1)
- #:export (chrony-service-configuration
- chrony-service-type))
+ #:export (chrony-service-configuration chrony-service-type))
;;
;; Chrony SERVICE
;;
(define-record-type* <chrony-service-configuration>
- chrony-service-configuration make-chrony-service-configuration
+ chrony-service-configuration
+ make-chrony-service-configuration
chrony-service-configuration?
- (package chrony-service-configuration-package
- (default chrony))
- (user chrony-service-configuration-user
- (default "root"))
- (config chrony-service-configuration-config
+ (package
+ chrony-service-configuration-package
+ (default chrony))
+ (user chrony-service-configuration-user
+ (default "root"))
+ (config chrony-service-configuration-config
(default "server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
@@ -42,32 +43,34 @@ logdir /var/log/chrony")))
(define (chrony-service-config-file config)
"Return the chorny configuration file corresponding to CONFIG."
(computed-file "chrony.conf"
- (with-imported-modules
- '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (call-with-output-file #$output
- (lambda (port)
- (format port
- #$config)))))))
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port
+ #$config)))))))
(define chrony-shepherd-service
(match-lambda
(($ <chrony-service-configuration> package user config)
- (list (shepherd-service
- (provision '(chrony))
- (documentation "Run chrony as a daemon")
- (requirement '(networking))
- (start #~(make-forkexec-constructor
- (list (string-append #$package "/sbin/chronyd")
- "-n" "-u" #$user
- "-f" #$(chrony-service-config-file config))))
- (stop #~(make-kill-destructor)))))))
+ (list (shepherd-service (provision '(chrony))
+ (documentation "Run chrony as a daemon")
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor (list (string-append #$package
+ "/sbin/chronyd")
+ "-n"
+ "-u"
+ #$user
+ "-f"
+ #$(chrony-service-config-file
+ config))))
+ (stop #~(make-kill-destructor)))))))
(define chrony-service-type
- (service-type
- (name "chrony")
- (description "Chrony service")
- (extensions (list (service-extension shepherd-root-service-type
- chrony-shepherd-service)))
- (default-value (chrony-service-configuration)))) \ No newline at end of file
+ (service-type (name "chrony")
+ (description "Chrony service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ chrony-shepherd-service)))
+ (default-value (chrony-service-configuration))))
diff --git a/px/services/package-management.scm b/px/services/package-management.scm
index d393d2d..1550826 100644
--- a/px/services/package-management.scm
+++ b/px/services/package-management.scm
@@ -15,50 +15,57 @@
;;
(define-record-type* <px-unattended-upgrades-configuration>
- px-unattended-upgrades-configuration make-px-unattended-upgrades-configuration
+ px-unattended-upgrades-configuration
+ make-px-unattended-upgrades-configuration
px-unattended-upgrades-configuration?
- (package px-unattended-upgrades-configuration-package
- (default px-unattended-upgrades))
+ (package
+ px-unattended-upgrades-configuration-package
+ (default px-unattended-upgrades))
(timeout px-unattended-upgrades-timeout
(default 300)))
-
(define (px-unattended-upgrades-configuration->script config)
(match config
(($ <px-unattended-upgrades-configuration> package timeout)
- (computed-file
- "px-unattended-upgrades.sh"
- #~(begin
- (call-with-output-file #$output
- (lambda (port)
- (display "# AUTO GENERATED BY: px-unattended-upgrades-shepherd-service\n\n" port)
- (display "echo \"$(date) > service started: \"\n" port)
- (format port "echo \"$(date) > sleep for: ~a\"\n" #$timeout)
- (format port "sleep ~a\n" #$timeout)
- (display "echo \"$(date) > start upgrade\"\n" port)
- (format port "~a/bin/px-unattended-upgrades\n" #$package))))))))
+ (computed-file "px-unattended-upgrades.sh"
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (display
+ "# AUTO GENERATED BY: px-unattended-upgrades-shepherd-service
+"
+ port)
+ (display "echo \"$(date) > service started: \"\n"
+ port)
+ (format port "echo \"$(date) > sleep for: ~a\"\n"
+ #$timeout)
+ (format port "sleep ~a\n"
+ #$timeout)
+ (display "echo \"$(date) > start upgrade\"\n" port)
+ (format port "~a/bin/px-unattended-upgrades\n"
+ #$package))))))))
(define (px-unattended-upgrades-shepherd-service config)
(match config
(($ <px-unattended-upgrades-configuration> package timeout)
(let ((script (px-unattended-upgrades-configuration->script config)))
- (list (shepherd-service
- (provision '(px-unattended-upgrades))
- (documentation "Run px-unattended-upgrades once after reboot")
- (requirement '(networking user-processes))
- (one-shot? #t)
- (start #~(make-forkexec-constructor
- (list (string-append #$bash "/bin/bash")
- #$script)
- #:log-file "/var/log/px-unattended-upgrades.log"))
- (stop #~(make-kill-destructor))))))))
-
+ (list (shepherd-service (provision '(px-unattended-upgrades))
+ (documentation
+ "Run px-unattended-upgrades once after reboot")
+ (requirement '(networking user-processes))
+ (one-shot? #t)
+ (start #~(make-forkexec-constructor (list (string-append #$bash
+ "/bin/bash")
+ #$script)
+ #:log-file
+ "/var/log/px-unattended-upgrades.log"))
+ (stop #~(make-kill-destructor))))))))
(define px-unattended-upgrades-service-type
- (service-type
- (name 'px-unattended-upgrades)
- (description "PantherX unattended upgrades service")
- (extensions (list (service-extension shepherd-root-service-type
- px-unattended-upgrades-shepherd-service)))
- (default-value (px-unattended-upgrades-configuration))))
+ (service-type (name 'px-unattended-upgrades)
+ (description "PantherX unattended upgrades service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
+ px-unattended-upgrades-shepherd-service)))
+ (default-value (px-unattended-upgrades-configuration))))
diff --git a/px/services/security-token.scm b/px/services/security-token.scm
index 87c5d32..678961d 100644
--- a/px/services/security-token.scm
+++ b/px/services/security-token.scm
@@ -1,11 +1,9 @@
;;; module for security tokens and hardware wallet related services
-;;; Author: Reza Alizadeh Majd (r.majd@pantherx.org)
+;;; Reza Alizadeh Majd (r.majd@pantherx.org)
(define-module (px services security-token)
#:use-module (gnu services base)
- #:export (ledger-wallet-service
- nitro-key-service))
-
+ #:export (ledger-wallet-service nitro-key-service))
;;;
;;; Ledger hardware wallet definitions
@@ -13,54 +11,49 @@
;;;
(define (ledger-udev-rule-record title vendor-id product-id tags)
- (string-append "# " title "\n"
- "SUBSYSTEMS==\"usb\", "
- "ATTRS{idVendor}==\"" vendor-id "\", "
- "ATTRS{idProduct}==\"" product-id "\", "
- (string-join (map (lambda (tag)
- (string-append "TAG+=\"" tag "\""))
- tags) ", ")
- "\n"))
-
+ (string-append "# "
+ title
+ "\n"
+ "SUBSYSTEMS==\"usb\", "
+ "ATTRS{idVendor}==\""
+ vendor-id
+ "\", "
+ "ATTRS{idProduct}==\""
+ product-id
+ "\", "
+ (string-join (map (lambda (tag)
+ (string-append "TAG+=\"" tag "\"")) tags)
+ ", ")
+ "\n"))
(define %ledger-udev-rule
(udev-rule "20-ledger.rules"
- (string-append
- (ledger-udev-rule-record "HW.1 / Nano"
- "2581"
- "1b7c|2b7c|3b7c|4b7c"
- '("uaccess" "udev-acl"))
- (ledger-udev-rule-record "Blue"
- "2c97"
- "0000|0000|0001|0002|0003|0004|0005|0006|0007|0008|0009|000a|000b|000c|000d|000e|000f|0010|0011|0012|0013|0014|0015|0016|0017|0018|0019|001a|001b|001c|001d|001e|001f"
- '("uaccess" "udev-acl"))
- (ledger-udev-rule-record "Nano S"
- "2c97"
- "0001|1000|1001|1002|1003|1004|1005|1006|1007|1008|1009|100a|100b|100c|100d|100e|100f|1010|1011|1012|1013|1014|1015|1016|1017|1018|1019|101a|101b|101c|101d|101e|101f"
- '("uaccess" "udev-acl"))
-
- (ledger-udev-rule-record "Aramis"
- "2c97"
- "0002|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|200a|200b|200c|200d|200e|200f|2010|2011|2012|2013|2014|2015|2016|2017|2018|2019|201a|201b|201c|201d|201e|201f"
- '("uaccess" "udev-acl"))
- (ledger-udev-rule-record "HW2"
- "2c97"
- "0003|3000|3001|3002|3003|3004|3005|3006|3007|3008|3009|300a|300b|300c|300d|300e|300f|3010|3011|3012|3013|3014|3015|3016|3017|3018|3019|301a|301b|301c|301d|301e|301f"
- '("uaccess" "udev-acl"))
- (ledger-udev-rule-record "Nano X"
- "2c97"
- "0004|4000|4001|4002|4003|4004|4005|4006|4007|4008|4009|400a|400b|400c|400d|400e|400f|4010|4011|4012|4013|4014|4015|4016|4017|4018|4019|401a|401b|401c|401d|401e|401f"
- '("uaccess" "udev-acl"))
- (ledger-udev-rule-record "Ledger Test"
- "2c97"
- "0005|5000|5001|5002|5003|5004|5005|5006|5007|5008|5009|500a|500b|500c|500d|500e|500f|5010|5011|5012|5013|5014|5015|5016|5017|5018|5019|501a|501b|501c|501d|501e|501f"
- '("uaccess" "udev-acl")))))
-
+ (string-append (ledger-udev-rule-record "HW.1 / Nano" "2581"
+ "1b7c|2b7c|3b7c|4b7c"
+ '("uaccess" "udev-acl"))
+ (ledger-udev-rule-record "Blue" "2c97"
+ "0000|0000|0001|0002|0003|0004|0005|0006|0007|0008|0009|000a|000b|000c|000d|000e|000f|0010|0011|0012|0013|0014|0015|0016|0017|0018|0019|001a|001b|001c|001d|001e|001f"
+ '("uaccess" "udev-acl"))
+ (ledger-udev-rule-record "Nano S" "2c97"
+ "0001|1000|1001|1002|1003|1004|1005|1006|1007|1008|1009|100a|100b|100c|100d|100e|100f|1010|1011|1012|1013|1014|1015|1016|1017|1018|1019|101a|101b|101c|101d|101e|101f"
+ '("uaccess" "udev-acl"))
+
+ (ledger-udev-rule-record "Aramis" "2c97"
+ "0002|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|200a|200b|200c|200d|200e|200f|2010|2011|2012|2013|2014|2015|2016|2017|2018|2019|201a|201b|201c|201d|201e|201f"
+ '("uaccess" "udev-acl"))
+ (ledger-udev-rule-record "HW2" "2c97"
+ "0003|3000|3001|3002|3003|3004|3005|3006|3007|3008|3009|300a|300b|300c|300d|300e|300f|3010|3011|3012|3013|3014|3015|3016|3017|3018|3019|301a|301b|301c|301d|301e|301f"
+ '("uaccess" "udev-acl"))
+ (ledger-udev-rule-record "Nano X" "2c97"
+ "0004|4000|4001|4002|4003|4004|4005|4006|4007|4008|4009|400a|400b|400c|400d|400e|400f|4010|4011|4012|4013|4014|4015|4016|4017|4018|4019|401a|401b|401c|401d|401e|401f"
+ '("uaccess" "udev-acl"))
+ (ledger-udev-rule-record "Ledger Test" "2c97"
+ "0005|5000|5001|5002|5003|5004|5005|5006|5007|5008|5009|500a|500b|500c|500d|500e|500f|5010|5011|5012|5013|5014|5015|5016|5017|5018|5019|501a|501b|501c|501d|501e|501f"
+ '("uaccess" "udev-acl")))))
(define (ledger-wallet-service)
(udev-rules-service 'ledger %ledger-udev-rule))
-
;;;
;;; Nitrokey definitions
;;; udev-rules from: https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
@@ -68,7 +61,7 @@
(define %nitro-key-udev-rule
(udev-rule "41-nitrokey.rules"
- "ACTION!=\"add|change\", GOTO=\"u2f_end\"
+ "ACTION!=\"add|change\", GOTO=\"u2f_end\"
# Nitrokey U2F
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\", TAG+=\"uaccess\"
# Nitrokey FIDO U2F
@@ -107,7 +100,6 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
(define (nitro-key-service)
(udev-rules-service 'nitro %nitro-key-udev-rule))
-
;;;
;;; YubiKey definitions
;;; https://wiki.archlinux.org/title/YubiKey#YubiKey_not_acting_as_HID_device
@@ -116,7 +108,7 @@ KERNEL==\"sd?1\", ATTRS{idVendor}==\"20a0\", ATTRS{idProduct}==\"4109\", SYMLINK
(define %yubikey-udev-rule
(udev-rule "10-security-key.rules"
- "
+ "
KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", MODE=\"0664\", GROUP=\"users\", ATTRS{idVendor}==\"2581\", ATTRS{idProduct}==\"f1d0\""))
(define (yubikey-service)
diff --git a/px/services/server.scm b/px/services/server.scm
index acb721b..7f4d5c7 100644
--- a/px/services/server.scm
+++ b/px/services/server.scm
@@ -6,71 +6,89 @@
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (ice-9 match)
- #:export (px-server-launcher-configuration
- px-server-launcher-service-type))
-
+ #:export (px-server-launcher-configuration px-server-launcher-service-type))
;;;
;;; PantherX Server Launcher Service
;;;
(define-record-type* <px-server-launcher-configuration>
- px-server-launcher-configuration make-px-server-launcher-configuration
+ px-server-launcher-configuration
+ make-px-server-launcher-configuration
px-server-launcher-configuration?
- (user px-server-launcher-configuration-user
- (default "panther"))
- (group px-server-launcher-configuration-group
- (default "users"))
+ (user px-server-launcher-configuration-user
+ (default "panther"))
+ (group px-server-launcher-configuration-group
+ (default "users"))
(executable px-server-launcher-configuration-executable)
- (args px-server-launcher-configuration-args
- (default '()))
- (cwd px-server-launcher-configuration-cwd
- (default #f)))
-
+ (args px-server-launcher-configuration-args
+ (default '()))
+ (cwd px-server-launcher-configuration-cwd
+ (default #f)))
(define (px-server-launcher->script config)
(match config
- (($ <px-server-launcher-configuration> user group executable args cwd)
+ (($ <px-server-launcher-configuration>
+ user
+ group
+ executable
+ args
+ cwd)
(plain-file "px-server-launcher"
(string-append "#!/bin/sh\n\n"
- "export PATH=$HOME/.local/bin:$PATH\n" ;; add user installed binaries to PATH
- (if cwd (string-append "cd " cwd "\n") "")
- "exec " executable " " (string-join args " ") "\n")))))
-
+ "export PATH=$HOME/.local/bin:$PATH\n" ;add user installed binaries to PATH
+ (if cwd
+ (string-append "cd " cwd "\n") "")
+ "exec "
+ executable
+ " "
+ (string-join args " ")
+ "\n")))))
(define (px-server-launcher-shepherd-service config)
(match config
- (($ <px-server-launcher-configuration> user group executable args cwd)
- (let* ((home-dir (if (eq? user "root")
- "/root"
+ (($ <px-server-launcher-configuration>
+ user
+ group
+ executable
+ args
+ cwd)
+ (let* ((home-dir (if (eq? user "root") "/root"
(string-append "/home/" user)))
(script (px-server-launcher->script config)))
- (list (shepherd-service
- (provision '(px-server-launcher))
- (documentation "PantherX Server Application Launcher Service")
- (requirement '(networking user-processes))
- (one-shot? #t)
- (start #~(make-forkexec-constructor
- (list (string-append #$bash "/bin/bash")
- #$script)
- #:user #$user
- #:group #$group
- #:environment-variables
- (cons* (string-append "HOME=" #$home-dir)
- (string-append "PATH=/run/current-system/profile/bin")
- (string-append "XDG_DATA_HOME=" #$home-dir "/.local/share")
- (string-append "XDG_CONFIG_HOME=" #$home-dir "/.config")
- "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
- "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
- (default-environment-variables))
- #:log-file "/var/log/px-server-launcher.log"))
- (stop #~(make-kill-destructor))))))))
-
+ (list (shepherd-service (provision '(px-server-launcher))
+ (documentation
+ "PantherX Server Application Launcher Service")
+ (requirement '(networking user-processes))
+ (one-shot? #t)
+ (start #~(make-forkexec-constructor (list (string-append #$bash
+ "/bin/bash")
+ #$script)
+ #:user #$user
+ #:group #$group
+ #:environment-variables (cons* (string-append
+ "HOME="
+ #$home-dir)
+ (string-append
+ "PATH=/run/current-system/profile/bin")
+ (string-append
+ "XDG_DATA_HOME="
+ #$home-dir
+ "/.local/share")
+ (string-append
+ "XDG_CONFIG_HOME="
+ #$home-dir
+ "/.config")
+ "SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt"
+ (default-environment-variables))
+ #:log-file
+ "/var/log/px-server-launcher.log"))
+ (stop #~(make-kill-destructor))))))))
(define px-server-launcher-service-type
- (service-type
- (name 'px-server-launcher)
- (description "PantherX Server Application Launcher Service")
- (extensions (list
- (service-extension shepherd-root-service-type
+ (service-type (name 'px-server-launcher)
+ (description "PantherX Server Application Launcher Service")
+ (extensions (list (service-extension
+ shepherd-root-service-type
px-server-launcher-shepherd-service)))))
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-05 12:30:06 +0000