summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorLiliana Marie Prikler <liliana.prikler@gmail.com>2024-01-01 21:56:00 +0100
committerLiliana Marie Prikler <liliana.prikler@gmail.com>2024-01-01 21:56:00 +0100
commit1cd97066c2dc84c6e538cfa63820e18f6c12a414 (patch)
tree973b920b3f7c551a4baed8ce87147c2591ce3086 /gnu/services
parentb8175bc85a9709e29b60a0b56bafa56ca790383b (diff)
parentee0cf3b9ff4cd5a9d3637d09677195ea9ee1a8c0 (diff)
Merge branch 'master' into gnome-team
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/ci.scm42
-rw-r--r--gnu/services/databases.scm41
-rw-r--r--gnu/services/guix.scm143
-rw-r--r--gnu/services/messaging.scm91
-rw-r--r--gnu/services/networking.scm36
-rw-r--r--gnu/services/security-token.scm29
-rw-r--r--gnu/services/telephony.scm132
-rw-r--r--gnu/services/web.scm48
8 files changed, 223 insertions, 339 deletions
diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm
index 172f85fe8e..01cc7c7d86 100644
--- a/gnu/services/ci.scm
+++ b/gnu/services/ci.scm
@@ -31,6 +31,7 @@
#:export (laminar-configuration
laminar-configuration?
laminar-configuration-home-directory
+ laminar-configuration-supplementary-groups
laminar-configuration-bind-http
laminar-configuration-bind-rpc
laminar-configuration-title
@@ -50,26 +51,28 @@
(define-record-type* <laminar-configuration>
laminar-configuration make-laminar-configuration
laminar-configuration?
- (laminar laminars-configuration-laminar
- (default laminar))
- (home-directory laminar-configuration-home-directory
- (default "/var/lib/laminar"))
- (bind-http laminar-configuration-bind-http
- (default "*:8080"))
- (bind-rpc laminar-configuration-bind-rpc
- (default "unix-abstract:laminar"))
- (title laminar-configuration-title
- (default "Laminar"))
- (keep-rundirs laminar-keep-rundirs
- (default 0))
- (archive-url laminar-archive-url
- (default #f))
- (base-url laminar-base-url
- (default #f)))
+ (laminar laminars-configuration-laminar
+ (default laminar))
+ (home-directory laminar-configuration-home-directory
+ (default "/var/lib/laminar"))
+ (supplementary-groups laminar-configuration-supplementary-groups
+ (default '()))
+ (bind-http laminar-configuration-bind-http
+ (default "*:8080"))
+ (bind-rpc laminar-configuration-bind-rpc
+ (default "unix-abstract:laminar"))
+ (title laminar-configuration-title
+ (default "Laminar"))
+ (keep-rundirs laminar-keep-rundirs
+ (default 0))
+ (archive-url laminar-archive-url
+ (default #f))
+ (base-url laminar-base-url
+ (default #f)))
(define laminar-shepherd-service
(match-lambda
- (($ <laminar-configuration> laminar home-directory
+ (($ <laminar-configuration> laminar home-directory supplementary-groups
bind-http bind-rpc
title keep-rundirs archive-url
base-url)
@@ -102,7 +105,8 @@
#$base-url))
'()))
#:user "laminar"
- #:group "laminar"))
+ #:group "laminar"
+ #:supplementary-groups '#$supplementary-groups))
(stop #~(make-kill-destructor)))))))
(define (laminar-account config)
@@ -113,6 +117,8 @@
(user-account
(name "laminar")
(group "laminar")
+ (supplementary-groups
+ (laminar-configuration-supplementary-groups config))
(system? #t)
(comment "Laminar privilege separation user")
(home-directory (laminar-configuration-home-directory config))
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index d3fee2a8ef..580031cb42 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -512,28 +512,25 @@ created after the PostgreSQL database is started.")))
(match-lambda
(($ <memcached-configuration> memcached interfaces tcp-port udp-port
additional-options)
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)))
- (list (shepherd-service
- (provision '(memcached))
- (documentation "Run the Memcached daemon.")
- (requirement '(user-processes loopback))
- (modules '((gnu build shepherd)))
- (start #~(make-forkexec-constructor
- `(#$(file-append memcached "/bin/memcached")
- "-l" #$(string-join interfaces ",")
- "-p" #$(number->string tcp-port)
- "-U" #$(number->string udp-port)
- "--daemon"
- ;; Memcached changes to the memcached user prior to
- ;; writing the pid file, so write it to a directory
- ;; that memcached owns.
- "-P" "/var/run/memcached/pid"
- "-u" "memcached"
- ,#$@additional-options)
- #:log-file "/var/log/memcached"
- #:pid-file "/var/run/memcached/pid"))
- (stop #~(make-kill-destructor))))))))
+ (list (shepherd-service
+ (provision '(memcached))
+ (documentation "Run the Memcached daemon.")
+ (requirement '(user-processes loopback))
+ (start #~(make-forkexec-constructor
+ `(#$(file-append memcached "/bin/memcached")
+ "-l" #$(string-join interfaces ",")
+ "-p" #$(number->string tcp-port)
+ "-U" #$(number->string udp-port)
+ "--daemon"
+ ;; Memcached changes to the memcached user prior to
+ ;; writing the pid file, so write it to a directory
+ ;; that memcached owns.
+ "-P" "/var/run/memcached/pid"
+ "-u" "memcached"
+ ,#$@additional-options)
+ #:log-file "/var/log/memcached"
+ #:pid-file "/var/run/memcached/pid"))
+ (stop #~(make-kill-destructor)))))))
(define memcached-service-type
(service-type (name 'memcached)
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index 389903451a..17599193e3 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -88,19 +88,6 @@
guix-build-coordinator-agent-service-type
- guix-build-coordinator-queue-builds-configuration
- guix-build-coordinator-queue-builds-configuration?
- guix-build-coordinator-queue-builds-configuration-package
- guix-build-coordinator-queue-builds-configuration-user
- guix-build-coordinator-queue-builds-coordinator
- guix-build-coordinator-queue-builds-configuration-systems
- guix-build-coordinator-queue-builds-configuration-system-and-targets
- guix-build-coordinator-queue-builds-configuration-guix-data-service
- guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id
- guix-build-coordinator-queue-builds-configuration-processed-commits-file
-
- guix-build-coordinator-queue-builds-service-type
-
<guix-data-service-configuration>
guix-data-service-configuration
guix-data-service-configuration?
@@ -250,31 +237,6 @@
(agent-name guix-build-coordinator-agent-dynamic-auth-with-file-agent-name)
(token-file guix-build-coordinator-agent-dynamic-auth-with-file-token-file))
-(define-record-type* <guix-build-coordinator-queue-builds-configuration>
- guix-build-coordinator-queue-builds-configuration
- make-guix-build-coordinator-queue-builds-configuration
- guix-build-coordinator-queue-builds-configuration?
- (package guix-build-coordinator-queue-builds-configuration-package
- (default guix-build-coordinator))
- (user guix-build-coordinator-queue-builds-configuration-user
- (default "guix-build-coordinator-queue-builds"))
- (coordinator guix-build-coordinator-queue-builds-coordinator
- (default "http://localhost:8746"))
- (systems guix-build-coordinator-queue-builds-configuration-systems
- (default #f))
- (systems-and-targets
- guix-build-coordinator-queue-builds-configuration-system-and-targets
- (default #f))
- (guix-data-service
- guix-build-coordinator-queue-builds-configuration-guix-data-service
- (default "https://data.guix.gnu.org"))
- (guix-data-service-build-server-id
- guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id
- (default #f))
- (processed-commits-file
- guix-build-coordinator-queue-builds-configuration-processed-commits-file
- (default "/var/cache/guix-build-coordinator-queue-builds/processed-commits")))
-
(define* (make-guix-build-coordinator-start-script database-uri-string
allocation-strategy
pid-file
@@ -380,10 +342,7 @@
;; Allow time for migrations to run
#:pid-file-timeout 60
#:environment-variables
- `(,(string-append
- "GUIX_LOCPATH="
- #$(libc-utf8-locales-for-target) "/lib/locale")
- "LC_ALL=en_US.utf8"
+ `("LC_ALL=en_US.utf8"
"PATH=/run/current-system/profile/bin" ; for hooks
#$@extra-environment-variables)
#:log-file "/var/log/guix-build-coordinator/coordinator.log")
@@ -508,10 +467,7 @@
(or systems '())))
#:user #$user
#:environment-variables
- `(,(string-append
- "GUIX_LOCPATH="
- #$(libc-utf8-locales-for-target) "/lib/locale")
- ;; XDG_CACHE_HOME is used by Guix when caching narinfo files
+ `(;; XDG_CACHE_HOME is used by Guix when caching narinfo files
"XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent"
"LC_ALL=en_US.utf8")
#:log-file "/var/log/guix-build-coordinator/agent.log"))))
@@ -559,101 +515,6 @@
(description
"Run a Guix Build Coordinator agent.")))
-(define (guix-build-coordinator-queue-builds-shepherd-services config)
- (match-record config <guix-build-coordinator-queue-builds-configuration>
- (package user coordinator systems systems-and-targets
- guix-data-service
- guix-data-service-build-server-id
- processed-commits-file)
- (list
- (shepherd-service
- (documentation "Guix Build Coordinator queue builds from Guix Data Service")
- (provision '(guix-build-coordinator-queue-builds))
- (requirement '(networking))
- (start
- #~(lambda _
- (parameterize ((%current-logfile-date-format ""))
- (fork+exec-command
- (list
- #$(file-append
- package
- "/bin/guix-build-coordinator-queue-builds-from-guix-data-service")
- #$(string-append "--coordinator=" coordinator)
- #$@(map (lambda (system)
- (string-append "--system=" system))
- (or systems '()))
- #$@(map (match-lambda
- ((system . target)
- (string-append "--system-and-target=" system "=" target)))
- (or systems-and-targets '()))
- #$@(if guix-data-service
- #~(#$(string-append "--guix-data-service=" guix-data-service))
- #~())
- #$@(if guix-data-service-build-server-id
- #~(#$(simple-format
- #f
- "--guix-data-service-build-server-id=~A"
- guix-data-service-build-server-id))
- #~())
- #$@(if processed-commits-file
- #~(#$(string-append "--processed-commits-file="
- processed-commits-file))
- #~()))
- #:user #$user
- #:environment-variables
- `(,(string-append
- "GUIX_LOCPATH="
- #$(libc-utf8-locales-for-target) "/lib/locale")
- "LC_ALL=en_US.utf8")
- #:log-file "/var/log/guix-build-coordinator/queue-builds.log"))))
- (stop #~(make-kill-destructor))
- (modules
- `((shepherd comm)
- ,@%default-modules))))))
-
-(define (guix-build-coordinator-queue-builds-activation config)
- #~(begin
- (use-modules (guix build utils))
-
- (define %user
- (getpw #$(guix-build-coordinator-queue-builds-configuration-user
- config)))
-
- (mkdir-p "/var/log/guix-build-coordinator")
-
- ;; Allow writing the processed commits file
- (mkdir-p "/var/cache/guix-build-coordinator-queue-builds")
- (chown "/var/cache/guix-build-coordinator-queue-builds"
- (passwd:uid %user)
- (passwd:gid %user))))
-
-(define (guix-build-coordinator-queue-builds-account config)
- (list (user-account
- (name (guix-build-coordinator-queue-builds-configuration-user config))
- (group "nogroup")
- (system? #t)
- (comment "Guix Build Coordinator queue-builds user")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
-
-(define guix-build-coordinator-queue-builds-service-type
- (service-type
- (name 'guix-build-coordinator-queue-builds)
- (extensions
- (list
- (service-extension shepherd-root-service-type
- guix-build-coordinator-queue-builds-shepherd-services)
- (service-extension activation-service-type
- guix-build-coordinator-queue-builds-activation)
- (service-extension account-service-type
- guix-build-coordinator-queue-builds-account)))
- (description
- "Run the guix-build-coordinator-queue-builds-from-guix-data-service
-script.
-
-This is a script to assist in having the Guix Build Coordinator build
-derivations stored in an instance of the Guix Data Service.")))
-
;;;
;;; Guix Data Service
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index c4963936a0..7505810e7c 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -849,56 +849,47 @@ string, you could instantiate a prosody service like this:
(target conf)))
#:namespaces (delq 'net %namespaces))))
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(bitlbee))
-
- ;; Note: If networking is not up, then /etc/resolv.conf
- ;; doesn't get mapped in the container, hence the dependency
- ;; on 'networking'.
- (requirement '(user-processes networking))
-
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start #~(if (defined? 'make-inetd-constructor)
-
- (make-inetd-constructor
- (list #$bitlbee* "-I" "-c" #$conf)
- (list (endpoint
- (addrinfo:addr
- (car (getaddrinfo #$interface
- #$(number->string port)
- (logior AI_NUMERICHOST
- AI_NUMERICSERV))))))
- #:requirements '#$requirement
- #:service-name-stem "bitlbee"
- #:user "bitlbee" #:group "bitlbee"
-
- ;; Allow 'bitlbee-purple' to use libpurple plugins.
- #:environment-variables
- (list (string-append "PURPLE_PLUGIN_PATH="
- #$plugins "/lib/purple-2")
- "GUIX_LOCPATH=/run/current-system/locale"))
-
- (make-forkexec-constructor/container
- (list #$(file-append bitlbee "/sbin/bitlbee")
- "-n" "-F" "-u" "bitlbee" "-c" #$conf)
-
- ;; Allow 'bitlbee-purple' to use libpurple plugins.
- #:environment-variables
- (list (string-append "PURPLE_PLUGIN_PATH="
- #$plugins "/lib/purple-2"))
-
- #:pid-file "/var/run/bitlbee.pid"
- #:mappings (list (file-system-mapping
- (source "/var/lib/bitlbee")
- (target source)
- (writable? #t))))))
- (stop #~(if (defined? 'make-inetd-destructor)
- (make-inetd-destructor)
- (make-kill-destructor))))))))))
+ (list (shepherd-service
+ (provision '(bitlbee))
+
+ ;; Note: If networking is not up, then /etc/resolv.conf
+ ;; doesn't get mapped in the container, hence the dependency
+ ;; on 'networking'.
+ (requirement '(user-processes networking))
+
+ (start #~(if (defined? 'make-inetd-constructor)
+
+ (make-inetd-constructor
+ (list #$bitlbee* "-I" "-c" #$conf)
+ (list (endpoint
+ (addrinfo:addr
+ (car (getaddrinfo #$interface
+ #$(number->string port)
+ (logior AI_NUMERICHOST
+ AI_NUMERICSERV))))))
+ #:requirements '#$requirement
+ #:service-name-stem "bitlbee"
+ #:user "bitlbee" #:group "bitlbee"
+
+ ;; Allow 'bitlbee-purple' to use libpurple plugins.
+ #:environment-variables
+ (list (string-append "PURPLE_PLUGIN_PATH="
+ #$plugins "/lib/purple-2")
+ "GUIX_LOCPATH=/run/current-system/locale"))
+
+ (make-forkexec-constructor
+ (list #$(file-append bitlbee "/sbin/bitlbee")
+ "-n" "-F" "-u" "bitlbee" "-c" #$conf)
+
+ ;; Allow 'bitlbee-purple' to use libpurple plugins.
+ #:environment-variables
+ (list (string-append "PURPLE_PLUGIN_PATH="
+ #$plugins "/lib/purple-2"))
+
+ #:pid-file "/var/run/bitlbee.pid")))
+ (stop #~(if (defined? 'make-inetd-destructor)
+ (make-inetd-destructor)
+ (make-kill-destructor)))))))))
(define %bitlbee-accounts
;; User group and account to run BitlBee.
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 0508a4282c..7c114fa53c 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1918,29 +1918,35 @@ table inet filter {
(define (pagekite-shepherd-service config)
(match-record config <pagekite-configuration>
(package kitename kitesecret frontend kites extra-file)
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
+ (let* ((config-file (pagekite-configuration-file config))
+ (mappings (cons (file-system-mapping
+ (source config-file)
+ (target source))
+ (if extra-file
+ (list (file-system-mapping
+ (source extra-file)
+ (target source)))
+ '())))
+ (pagekite (least-authority-wrapper
+ (file-append package "/bin/pagekite")
+ #:name "pagekite"
+ #:mappings mappings
+ ;; 'pagekite' changes user IDs to it needs to run in the
+ ;; global user namespace.
+ #:namespaces (fold delq %namespaces '(net user)))))
(shepherd-service
(documentation "Run the PageKite service.")
(provision '(pagekite))
(requirement '(networking))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start #~(make-forkexec-constructor/container
- (list #$(file-append package "/bin/pagekite")
+ (actions (list (shepherd-configuration-action config-file)))
+ (start #~(make-forkexec-constructor
+ (list #$pagekite
"--clean"
"--nullui"
"--nocrashreport"
"--runas=pagekite:pagekite"
- (string-append "--optfile="
- #$(pagekite-configuration-file config)))
- #:log-file "/var/log/pagekite.log"
- #:mappings #$(if extra-file
- #~(list (file-system-mapping
- (source #$extra-file)
- (target source)))
- #~'())))
+ (string-append "--optfile=" #$config-file))
+ #:log-file "/var/log/pagekite.log"))
;; SIGTERM doesn't always work for some reason.
(stop #~(make-kill-destructor SIGINT))))))
diff --git a/gnu/services/security-token.scm b/gnu/services/security-token.scm
index 2356273398..d971091e73 100644
--- a/gnu/services/security-token.scm
+++ b/gnu/services/security-token.scm
@@ -50,22 +50,19 @@
(define pcscd-shepherd-service
(match-lambda
(($ <pcscd-configuration> pcsc-lite)
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)))
- (shepherd-service
- (documentation "PC/SC Smart Card Daemon")
- (provision '(pcscd))
- (requirement '(syslogd))
- (modules '((gnu build shepherd)))
- (start #~(lambda _
- (let ((socket "/run/pcscd/pcscd.comm"))
- (when (file-exists? socket)
- (delete-file socket)))
- (fork+exec-command
- (list #$(file-append pcsc-lite "/sbin/pcscd")
- "--foreground")
- #:log-file "/var/log/pcscd.log")))
- (stop #~(make-kill-destructor)))))))
+ (shepherd-service
+ (documentation "PC/SC Smart Card Daemon")
+ (provision '(pcscd))
+ (requirement '(syslogd))
+ (start #~(lambda _
+ (let ((socket "/run/pcscd/pcscd.comm"))
+ (when (file-exists? socket)
+ (delete-file socket)))
+ (fork+exec-command
+ (list #$(file-append pcsc-lite "/sbin/pcscd")
+ "--foreground")
+ #:log-file "/var/log/pcscd.log")))
+ (stop #~(make-kill-destructor))))))
(define pcscd-activation
(match-lambda
diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm
index c9b5d6cd99..16d109b8b1 100644
--- a/gnu/services/telephony.scm
+++ b/gnu/services/telephony.scm
@@ -34,6 +34,9 @@
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix gexp)
+ #:autoload (guix least-authority) (least-authority-wrapper)
+ #:autoload (gnu system file-systems) (file-system-mapping)
+ #:autoload (gnu build linux-container) (%namespaces)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-2)
#:use-module (srfi srfi-26)
@@ -258,9 +261,37 @@ consistent state."))
(define (jami-configuration->command-line-arguments config)
"Derive the command line arguments to used to launch the Jami daemon from
CONFIG, a <jami-configuration> object."
+ (define (wrapper libjami)
+ (least-authority-wrapper
+ ;; XXX: 'gexp-input' is needed as the outer layer so that
+ ;; 'references-file' picks the right output of LIBJAMI.
+ (gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid")
+ "bin")
+ #:mappings
+ (list (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/lib/jami")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/var/run/jami")
+ (target source)
+ (writable? #t))
+ ;; Expose TLS certificates for GnuTLS.
+ (file-system-mapping
+ (source (file-append nss-certs "/etc/ssl/certs"))
+ (target "/etc/ssl/certs")))
+ #:preserved-environment-variables
+ '("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR")
+ #:user "jami"
+ #:group "jami"
+ #:namespaces (fold delq %namespaces '(net user))))
+
(match-record config <jami-configuration>
(libjami dbus enable-logging? debug? auto-answer?)
- `(,#~(string-append #$libjami:bin "/libexec/jamid")
+ `(,(wrapper libjami)
"--persistent" ;stay alive after client quits
,@(if enable-logging?
'() ;logs go to syslog by default
@@ -298,7 +329,28 @@ CONFIG, a <jami-configuration> object."
(let* ((libjami (jami-configuration-libjami config))
(nss-certs (jami-configuration-nss-certs config))
(dbus (jami-configuration-dbus config))
- (dbus-daemon (file-append dbus "/bin/dbus-daemon"))
+ (dbus-daemon (least-authority-wrapper
+ (file-append dbus "/bin/dbus-daemon")
+ #:name "dbus-daemon"
+ #:user "jami"
+ #:group "jami"
+ #:preserved-environment-variables
+ '("XDG_DATA_DIRS")
+ #:mappings
+ (list (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/jami")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source (gexp-input libjami "bin"))
+ (target source)))
+ ;; 'dbus-daemon' wants to look up users in /etc/passwd
+ ;; so run it in the global user namespace.
+ #:namespaces
+ (fold delq %namespaces '(net user))))
(accounts (jami-configuration-accounts config))
(declarative-mode? (maybe-value-set? accounts)))
@@ -310,7 +362,6 @@ CONFIG, a <jami-configuration> object."
(with-imported-modules (source-module-closure
'((gnu build dbus-service)
(gnu build jami-service)
- (gnu build shepherd)
(gnu system file-systems)))
(define list-accounts-action
@@ -490,8 +541,7 @@ argument, either a registered username or the fingerprint of the account.")
(list (shepherd-service
(documentation "Run a D-Bus session for the Jami daemon.")
(provision '(jami-dbus-session))
- (modules `((gnu build shepherd)
- (gnu build dbus-service)
+ (modules `((gnu build dbus-service)
(gnu build jami-service)
(gnu system file-systems)
,@%default-modules))
@@ -499,26 +549,23 @@ argument, either a registered username or the fingerprint of the account.")
;; activation for D-Bus, such as a /etc/machine-id file.
(requirement '(dbus-system syslogd))
(start
- #~(make-forkexec-constructor/container
- (list #$dbus-daemon "--session"
- "--address=unix:path=/var/run/jami/bus"
- "--syslog-only")
- #:pid-file "/var/run/jami/pid"
- #:mappings
- (list (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/jami")
- (target source)
- (writable? #t)))
- #:user "jami"
- #:group "jami"
- #:environment-variables
- ;; This is so that the cx.ring.Ring service D-Bus
- ;; definition is found by dbus-daemon.
- (list (string-append "XDG_DATA_DIRS="
- #$libjami:bin "/share"))))
+ #~(lambda ()
+ (define pid
+ (fork+exec-command
+ (list #$dbus-daemon "--session"
+ "--address=unix:path=/var/run/jami/bus"
+ "--syslog-only")
+ #:environment-variables
+ ;; This is so that the cx.ring.Ring service D-Bus
+ ;; definition is found by dbus-daemon.
+ (list (string-append "XDG_DATA_DIRS="
+ #$libjami:bin "/share"))))
+
+ ;; The PID file contains the "wrong" PID (the one in the
+ ;; separate PID namespace) so ignore it and return the
+ ;; value returned by 'fork+exec-command'.
+ (and (read-pid-file "/var/run/jami/pid")
+ pid)))
(stop #~(make-kill-destructor)))
(shepherd-service
@@ -542,7 +589,6 @@ argument, either a registered username or the fingerprint of the account.")
(srfi srfi-26)
(gnu build dbus-service)
(gnu build jami-service)
- (gnu build shepherd)
(gnu system file-systems)
,@%default-modules))
(start
@@ -588,32 +634,14 @@ argument, either a registered username or the fingerprint of the account.")
;; Start the daemon.
(define daemon-pid
- ((make-forkexec-constructor/container
- (list #$@(jami-configuration->command-line-arguments
- config))
- #:mappings
- (list (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/lib/jami")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/var/run/jami")
- (target source)
- (writable? #t))
- ;; Expose TLS certificates for GnuTLS.
- (file-system-mapping
- (source #$(file-append nss-certs "/etc/ssl/certs"))
- (target "/etc/ssl/certs")))
- #:user "jami"
- #:group "jami"
- #:environment-variables
- (list (string-append "DBUS_SESSION_BUS_ADDRESS="
- "unix:path=/var/run/jami/bus")
- ;; Expose TLS certificates for OpenSSL.
- "SSL_CERT_DIR=/etc/ssl/certs"))))
+ (fork+exec-command
+ (list #$@(jami-configuration->command-line-arguments
+ config))
+ #:environment-variables
+ (list (string-append "DBUS_SESSION_BUS_ADDRESS="
+ "unix:path=/var/run/jami/bus")
+ ;; Expose TLS certificates for OpenSSL.
+ "SSL_CERT_DIR=/etc/ssl/certs")))
(setenv "DBUS_SESSION_BUS_ADDRESS"
"unix:path=/var/run/jami/bus")
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 55cc095d90..05fd71f994 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -1232,31 +1232,29 @@ a webserver.")
(let* ((specs (hpcguix-web-configuration-specs config))
(config-file (and specs (scheme-file "hpcguix-web.scm" specs)))
(hpcguix-web (hpcguix-web-package config)))
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)))
- (shepherd-service
- (documentation "hpcguix-web daemon")
- (provision '(hpcguix-web))
- (requirement '(networking))
- (start #~(make-forkexec-constructor
- (list #$(file-append hpcguix-web "/bin/hpcguix-web")
- (string-append "--listen="
- #$(hpcguix-web-configuration-address
- config))
- "-p"
- #$(number->string
- (hpcguix-web-configuration-port config))
- #$@(if specs
- #~((string-append "--config=" #$config-file))
- #~()))
- #:user "hpcguix-web"
- #:group "hpcguix-web"
- #:environment-variables
- (list "XDG_CACHE_HOME=/var/cache/guix/web"
- "SSL_CERT_DIR=/etc/ssl/certs")
- #:log-file #$%hpcguix-web-log-file))
- (stop #~(make-kill-destructor))
- (actions (list (shepherd-configuration-action config-file)))))))
+ (shepherd-service
+ (documentation "hpcguix-web daemon")
+ (provision '(hpcguix-web))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append hpcguix-web "/bin/hpcguix-web")
+ (string-append "--listen="
+ #$(hpcguix-web-configuration-address
+ config))
+ "-p"
+ #$(number->string
+ (hpcguix-web-configuration-port config))
+ #$@(if specs
+ #~((string-append "--config=" #$config-file))
+ #~()))
+ #:user "hpcguix-web"
+ #:group "hpcguix-web"
+ #:environment-variables
+ (list "XDG_CACHE_HOME=/var/cache/guix/web"
+ "SSL_CERT_DIR=/etc/ssl/certs")
+ #:log-file #$%hpcguix-web-log-file))
+ (stop #~(make-kill-destructor))
+ (actions (list (shepherd-configuration-action config-file))))))
(define hpcguix-web-service-type
(service-type
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-18 22:54:43 +0000