diff options
author | Liliana Marie Prikler <liliana.prikler@gmail.com> | 2024-01-01 21:56:00 +0100 |
---|---|---|
committer | Liliana Marie Prikler <liliana.prikler@gmail.com> | 2024-01-01 21:56:00 +0100 |
commit | 1cd97066c2dc84c6e538cfa63820e18f6c12a414 (patch) | |
tree | 973b920b3f7c551a4baed8ce87147c2591ce3086 /gnu/services | |
parent | b8175bc85a9709e29b60a0b56bafa56ca790383b (diff) | |
parent | ee0cf3b9ff4cd5a9d3637d09677195ea9ee1a8c0 (diff) |
Merge branch 'master' into gnome-team
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/ci.scm | 42 | ||||
-rw-r--r-- | gnu/services/databases.scm | 41 | ||||
-rw-r--r-- | gnu/services/guix.scm | 143 | ||||
-rw-r--r-- | gnu/services/messaging.scm | 91 | ||||
-rw-r--r-- | gnu/services/networking.scm | 36 | ||||
-rw-r--r-- | gnu/services/security-token.scm | 29 | ||||
-rw-r--r-- | gnu/services/telephony.scm | 132 | ||||
-rw-r--r-- | gnu/services/web.scm | 48 |
8 files changed, 223 insertions, 339 deletions
diff --git a/gnu/services/ci.scm b/gnu/services/ci.scm index 172f85fe8e..01cc7c7d86 100644 --- a/gnu/services/ci.scm +++ b/gnu/services/ci.scm @@ -31,6 +31,7 @@ #:export (laminar-configuration laminar-configuration? laminar-configuration-home-directory + laminar-configuration-supplementary-groups laminar-configuration-bind-http laminar-configuration-bind-rpc laminar-configuration-title @@ -50,26 +51,28 @@ (define-record-type* <laminar-configuration> laminar-configuration make-laminar-configuration laminar-configuration? - (laminar laminars-configuration-laminar - (default laminar)) - (home-directory laminar-configuration-home-directory - (default "/var/lib/laminar")) - (bind-http laminar-configuration-bind-http - (default "*:8080")) - (bind-rpc laminar-configuration-bind-rpc - (default "unix-abstract:laminar")) - (title laminar-configuration-title - (default "Laminar")) - (keep-rundirs laminar-keep-rundirs - (default 0)) - (archive-url laminar-archive-url - (default #f)) - (base-url laminar-base-url - (default #f))) + (laminar laminars-configuration-laminar + (default laminar)) + (home-directory laminar-configuration-home-directory + (default "/var/lib/laminar")) + (supplementary-groups laminar-configuration-supplementary-groups + (default '())) + (bind-http laminar-configuration-bind-http + (default "*:8080")) + (bind-rpc laminar-configuration-bind-rpc + (default "unix-abstract:laminar")) + (title laminar-configuration-title + (default "Laminar")) + (keep-rundirs laminar-keep-rundirs + (default 0)) + (archive-url laminar-archive-url + (default #f)) + (base-url laminar-base-url + (default #f))) (define laminar-shepherd-service (match-lambda - (($ <laminar-configuration> laminar home-directory + (($ <laminar-configuration> laminar home-directory supplementary-groups bind-http bind-rpc title keep-rundirs archive-url base-url) @@ -102,7 +105,8 @@ #$base-url)) '())) #:user "laminar" - #:group "laminar")) + #:group "laminar" + #:supplementary-groups '#$supplementary-groups)) (stop #~(make-kill-destructor))))))) (define (laminar-account config) @@ -113,6 +117,8 @@ (user-account (name "laminar") (group "laminar") + (supplementary-groups + (laminar-configuration-supplementary-groups config)) (system? #t) (comment "Laminar privilege separation user") (home-directory (laminar-configuration-home-directory config)) diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index d3fee2a8ef..580031cb42 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -512,28 +512,25 @@ created after the PostgreSQL database is started."))) (match-lambda (($ <memcached-configuration> memcached interfaces tcp-port udp-port additional-options) - (with-imported-modules (source-module-closure - '((gnu build shepherd))) - (list (shepherd-service - (provision '(memcached)) - (documentation "Run the Memcached daemon.") - (requirement '(user-processes loopback)) - (modules '((gnu build shepherd))) - (start #~(make-forkexec-constructor - `(#$(file-append memcached "/bin/memcached") - "-l" #$(string-join interfaces ",") - "-p" #$(number->string tcp-port) - "-U" #$(number->string udp-port) - "--daemon" - ;; Memcached changes to the memcached user prior to - ;; writing the pid file, so write it to a directory - ;; that memcached owns. - "-P" "/var/run/memcached/pid" - "-u" "memcached" - ,#$@additional-options) - #:log-file "/var/log/memcached" - #:pid-file "/var/run/memcached/pid")) - (stop #~(make-kill-destructor)))))))) + (list (shepherd-service + (provision '(memcached)) + (documentation "Run the Memcached daemon.") + (requirement '(user-processes loopback)) + (start #~(make-forkexec-constructor + `(#$(file-append memcached "/bin/memcached") + "-l" #$(string-join interfaces ",") + "-p" #$(number->string tcp-port) + "-U" #$(number->string udp-port) + "--daemon" + ;; Memcached changes to the memcached user prior to + ;; writing the pid file, so write it to a directory + ;; that memcached owns. + "-P" "/var/run/memcached/pid" + "-u" "memcached" + ,#$@additional-options) + #:log-file "/var/log/memcached" + #:pid-file "/var/run/memcached/pid")) + (stop #~(make-kill-destructor))))))) (define memcached-service-type (service-type (name 'memcached) diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 389903451a..17599193e3 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -88,19 +88,6 @@ guix-build-coordinator-agent-service-type - guix-build-coordinator-queue-builds-configuration - guix-build-coordinator-queue-builds-configuration? - guix-build-coordinator-queue-builds-configuration-package - guix-build-coordinator-queue-builds-configuration-user - guix-build-coordinator-queue-builds-coordinator - guix-build-coordinator-queue-builds-configuration-systems - guix-build-coordinator-queue-builds-configuration-system-and-targets - guix-build-coordinator-queue-builds-configuration-guix-data-service - guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id - guix-build-coordinator-queue-builds-configuration-processed-commits-file - - guix-build-coordinator-queue-builds-service-type - <guix-data-service-configuration> guix-data-service-configuration guix-data-service-configuration? @@ -250,31 +237,6 @@ (agent-name guix-build-coordinator-agent-dynamic-auth-with-file-agent-name) (token-file guix-build-coordinator-agent-dynamic-auth-with-file-token-file)) -(define-record-type* <guix-build-coordinator-queue-builds-configuration> - guix-build-coordinator-queue-builds-configuration - make-guix-build-coordinator-queue-builds-configuration - guix-build-coordinator-queue-builds-configuration? - (package guix-build-coordinator-queue-builds-configuration-package - (default guix-build-coordinator)) - (user guix-build-coordinator-queue-builds-configuration-user - (default "guix-build-coordinator-queue-builds")) - (coordinator guix-build-coordinator-queue-builds-coordinator - (default "http://localhost:8746")) - (systems guix-build-coordinator-queue-builds-configuration-systems - (default #f)) - (systems-and-targets - guix-build-coordinator-queue-builds-configuration-system-and-targets - (default #f)) - (guix-data-service - guix-build-coordinator-queue-builds-configuration-guix-data-service - (default "https://data.guix.gnu.org")) - (guix-data-service-build-server-id - guix-build-coordinator-queue-builds-configuration-guix-data-service-build-server-id - (default #f)) - (processed-commits-file - guix-build-coordinator-queue-builds-configuration-processed-commits-file - (default "/var/cache/guix-build-coordinator-queue-builds/processed-commits"))) - (define* (make-guix-build-coordinator-start-script database-uri-string allocation-strategy pid-file @@ -380,10 +342,7 @@ ;; Allow time for migrations to run #:pid-file-timeout 60 #:environment-variables - `(,(string-append - "GUIX_LOCPATH=" - #$(libc-utf8-locales-for-target) "/lib/locale") - "LC_ALL=en_US.utf8" + `("LC_ALL=en_US.utf8" "PATH=/run/current-system/profile/bin" ; for hooks #$@extra-environment-variables) #:log-file "/var/log/guix-build-coordinator/coordinator.log") @@ -508,10 +467,7 @@ (or systems '()))) #:user #$user #:environment-variables - `(,(string-append - "GUIX_LOCPATH=" - #$(libc-utf8-locales-for-target) "/lib/locale") - ;; XDG_CACHE_HOME is used by Guix when caching narinfo files + `(;; XDG_CACHE_HOME is used by Guix when caching narinfo files "XDG_CACHE_HOME=/var/cache/guix-build-coordinator-agent" "LC_ALL=en_US.utf8") #:log-file "/var/log/guix-build-coordinator/agent.log")))) @@ -559,101 +515,6 @@ (description "Run a Guix Build Coordinator agent."))) -(define (guix-build-coordinator-queue-builds-shepherd-services config) - (match-record config <guix-build-coordinator-queue-builds-configuration> - (package user coordinator systems systems-and-targets - guix-data-service - guix-data-service-build-server-id - processed-commits-file) - (list - (shepherd-service - (documentation "Guix Build Coordinator queue builds from Guix Data Service") - (provision '(guix-build-coordinator-queue-builds)) - (requirement '(networking)) - (start - #~(lambda _ - (parameterize ((%current-logfile-date-format "")) - (fork+exec-command - (list - #$(file-append - package - "/bin/guix-build-coordinator-queue-builds-from-guix-data-service") - #$(string-append "--coordinator=" coordinator) - #$@(map (lambda (system) - (string-append "--system=" system)) - (or systems '())) - #$@(map (match-lambda - ((system . target) - (string-append "--system-and-target=" system "=" target))) - (or systems-and-targets '())) - #$@(if guix-data-service - #~(#$(string-append "--guix-data-service=" guix-data-service)) - #~()) - #$@(if guix-data-service-build-server-id - #~(#$(simple-format - #f - "--guix-data-service-build-server-id=~A" - guix-data-service-build-server-id)) - #~()) - #$@(if processed-commits-file - #~(#$(string-append "--processed-commits-file=" - processed-commits-file)) - #~())) - #:user #$user - #:environment-variables - `(,(string-append - "GUIX_LOCPATH=" - #$(libc-utf8-locales-for-target) "/lib/locale") - "LC_ALL=en_US.utf8") - #:log-file "/var/log/guix-build-coordinator/queue-builds.log")))) - (stop #~(make-kill-destructor)) - (modules - `((shepherd comm) - ,@%default-modules)))))) - -(define (guix-build-coordinator-queue-builds-activation config) - #~(begin - (use-modules (guix build utils)) - - (define %user - (getpw #$(guix-build-coordinator-queue-builds-configuration-user - config))) - - (mkdir-p "/var/log/guix-build-coordinator") - - ;; Allow writing the processed commits file - (mkdir-p "/var/cache/guix-build-coordinator-queue-builds") - (chown "/var/cache/guix-build-coordinator-queue-builds" - (passwd:uid %user) - (passwd:gid %user)))) - -(define (guix-build-coordinator-queue-builds-account config) - (list (user-account - (name (guix-build-coordinator-queue-builds-configuration-user config)) - (group "nogroup") - (system? #t) - (comment "Guix Build Coordinator queue-builds user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) - -(define guix-build-coordinator-queue-builds-service-type - (service-type - (name 'guix-build-coordinator-queue-builds) - (extensions - (list - (service-extension shepherd-root-service-type - guix-build-coordinator-queue-builds-shepherd-services) - (service-extension activation-service-type - guix-build-coordinator-queue-builds-activation) - (service-extension account-service-type - guix-build-coordinator-queue-builds-account))) - (description - "Run the guix-build-coordinator-queue-builds-from-guix-data-service -script. - -This is a script to assist in having the Guix Build Coordinator build -derivations stored in an instance of the Guix Data Service."))) - ;;; ;;; Guix Data Service diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index c4963936a0..7505810e7c 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -849,56 +849,47 @@ string, you could instantiate a prosody service like this: (target conf))) #:namespaces (delq 'net %namespaces)))) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(bitlbee)) - - ;; Note: If networking is not up, then /etc/resolv.conf - ;; doesn't get mapped in the container, hence the dependency - ;; on 'networking'. - (requirement '(user-processes networking)) - - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(if (defined? 'make-inetd-constructor) - - (make-inetd-constructor - (list #$bitlbee* "-I" "-c" #$conf) - (list (endpoint - (addrinfo:addr - (car (getaddrinfo #$interface - #$(number->string port) - (logior AI_NUMERICHOST - AI_NUMERICSERV)))))) - #:requirements '#$requirement - #:service-name-stem "bitlbee" - #:user "bitlbee" #:group "bitlbee" - - ;; Allow 'bitlbee-purple' to use libpurple plugins. - #:environment-variables - (list (string-append "PURPLE_PLUGIN_PATH=" - #$plugins "/lib/purple-2") - "GUIX_LOCPATH=/run/current-system/locale")) - - (make-forkexec-constructor/container - (list #$(file-append bitlbee "/sbin/bitlbee") - "-n" "-F" "-u" "bitlbee" "-c" #$conf) - - ;; Allow 'bitlbee-purple' to use libpurple plugins. - #:environment-variables - (list (string-append "PURPLE_PLUGIN_PATH=" - #$plugins "/lib/purple-2")) - - #:pid-file "/var/run/bitlbee.pid" - #:mappings (list (file-system-mapping - (source "/var/lib/bitlbee") - (target source) - (writable? #t)))))) - (stop #~(if (defined? 'make-inetd-destructor) - (make-inetd-destructor) - (make-kill-destructor)))))))))) + (list (shepherd-service + (provision '(bitlbee)) + + ;; Note: If networking is not up, then /etc/resolv.conf + ;; doesn't get mapped in the container, hence the dependency + ;; on 'networking'. + (requirement '(user-processes networking)) + + (start #~(if (defined? 'make-inetd-constructor) + + (make-inetd-constructor + (list #$bitlbee* "-I" "-c" #$conf) + (list (endpoint + (addrinfo:addr + (car (getaddrinfo #$interface + #$(number->string port) + (logior AI_NUMERICHOST + AI_NUMERICSERV)))))) + #:requirements '#$requirement + #:service-name-stem "bitlbee" + #:user "bitlbee" #:group "bitlbee" + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2") + "GUIX_LOCPATH=/run/current-system/locale")) + + (make-forkexec-constructor + (list #$(file-append bitlbee "/sbin/bitlbee") + "-n" "-F" "-u" "bitlbee" "-c" #$conf) + + ;; Allow 'bitlbee-purple' to use libpurple plugins. + #:environment-variables + (list (string-append "PURPLE_PLUGIN_PATH=" + #$plugins "/lib/purple-2")) + + #:pid-file "/var/run/bitlbee.pid"))) + (stop #~(if (defined? 'make-inetd-destructor) + (make-inetd-destructor) + (make-kill-destructor))))))))) (define %bitlbee-accounts ;; User group and account to run BitlBee. diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 0508a4282c..7c114fa53c 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1918,29 +1918,35 @@ table inet filter { (define (pagekite-shepherd-service config) (match-record config <pagekite-configuration> (package kitename kitesecret frontend kites extra-file) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let* ((config-file (pagekite-configuration-file config)) + (mappings (cons (file-system-mapping + (source config-file) + (target source)) + (if extra-file + (list (file-system-mapping + (source extra-file) + (target source))) + '()))) + (pagekite (least-authority-wrapper + (file-append package "/bin/pagekite") + #:name "pagekite" + #:mappings mappings + ;; 'pagekite' changes user IDs to it needs to run in the + ;; global user namespace. + #:namespaces (fold delq %namespaces '(net user))))) (shepherd-service (documentation "Run the PageKite service.") (provision '(pagekite)) (requirement '(networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append package "/bin/pagekite") + (actions (list (shepherd-configuration-action config-file))) + (start #~(make-forkexec-constructor + (list #$pagekite "--clean" "--nullui" "--nocrashreport" "--runas=pagekite:pagekite" - (string-append "--optfile=" - #$(pagekite-configuration-file config))) - #:log-file "/var/log/pagekite.log" - #:mappings #$(if extra-file - #~(list (file-system-mapping - (source #$extra-file) - (target source))) - #~'()))) + (string-append "--optfile=" #$config-file)) + #:log-file "/var/log/pagekite.log")) ;; SIGTERM doesn't always work for some reason. (stop #~(make-kill-destructor SIGINT)))))) diff --git a/gnu/services/security-token.scm b/gnu/services/security-token.scm index 2356273398..d971091e73 100644 --- a/gnu/services/security-token.scm +++ b/gnu/services/security-token.scm @@ -50,22 +50,19 @@ (define pcscd-shepherd-service (match-lambda (($ <pcscd-configuration> pcsc-lite) - (with-imported-modules (source-module-closure - '((gnu build shepherd))) - (shepherd-service - (documentation "PC/SC Smart Card Daemon") - (provision '(pcscd)) - (requirement '(syslogd)) - (modules '((gnu build shepherd))) - (start #~(lambda _ - (let ((socket "/run/pcscd/pcscd.comm")) - (when (file-exists? socket) - (delete-file socket))) - (fork+exec-command - (list #$(file-append pcsc-lite "/sbin/pcscd") - "--foreground") - #:log-file "/var/log/pcscd.log"))) - (stop #~(make-kill-destructor))))))) + (shepherd-service + (documentation "PC/SC Smart Card Daemon") + (provision '(pcscd)) + (requirement '(syslogd)) + (start #~(lambda _ + (let ((socket "/run/pcscd/pcscd.comm")) + (when (file-exists? socket) + (delete-file socket))) + (fork+exec-command + (list #$(file-append pcsc-lite "/sbin/pcscd") + "--foreground") + #:log-file "/var/log/pcscd.log"))) + (stop #~(make-kill-destructor)))))) (define pcscd-activation (match-lambda diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm index c9b5d6cd99..16d109b8b1 100644 --- a/gnu/services/telephony.scm +++ b/gnu/services/telephony.scm @@ -34,6 +34,9 @@ #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix gexp) + #:autoload (guix least-authority) (least-authority-wrapper) + #:autoload (gnu system file-systems) (file-system-mapping) + #:autoload (gnu build linux-container) (%namespaces) #:use-module (srfi srfi-1) #:use-module (srfi srfi-2) #:use-module (srfi srfi-26) @@ -258,9 +261,37 @@ consistent state.")) (define (jami-configuration->command-line-arguments config) "Derive the command line arguments to used to launch the Jami daemon from CONFIG, a <jami-configuration> object." + (define (wrapper libjami) + (least-authority-wrapper + ;; XXX: 'gexp-input' is needed as the outer layer so that + ;; 'references-file' picks the right output of LIBJAMI. + (gexp-input (file-append (gexp-input libjami "bin") "/libexec/jamid") + "bin") + #:mappings + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/lib/jami") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/run/jami") + (target source) + (writable? #t)) + ;; Expose TLS certificates for GnuTLS. + (file-system-mapping + (source (file-append nss-certs "/etc/ssl/certs")) + (target "/etc/ssl/certs"))) + #:preserved-environment-variables + '("DBUS_SESSION_BUS_ADDRESS" "SSL_CERT_DIR") + #:user "jami" + #:group "jami" + #:namespaces (fold delq %namespaces '(net user)))) + (match-record config <jami-configuration> (libjami dbus enable-logging? debug? auto-answer?) - `(,#~(string-append #$libjami:bin "/libexec/jamid") + `(,(wrapper libjami) "--persistent" ;stay alive after client quits ,@(if enable-logging? '() ;logs go to syslog by default @@ -298,7 +329,28 @@ CONFIG, a <jami-configuration> object." (let* ((libjami (jami-configuration-libjami config)) (nss-certs (jami-configuration-nss-certs config)) (dbus (jami-configuration-dbus config)) - (dbus-daemon (file-append dbus "/bin/dbus-daemon")) + (dbus-daemon (least-authority-wrapper + (file-append dbus "/bin/dbus-daemon") + #:name "dbus-daemon" + #:user "jami" + #:group "jami" + #:preserved-environment-variables + '("XDG_DATA_DIRS") + #:mappings + (list (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/jami") + (target source) + (writable? #t)) + (file-system-mapping + (source (gexp-input libjami "bin")) + (target source))) + ;; 'dbus-daemon' wants to look up users in /etc/passwd + ;; so run it in the global user namespace. + #:namespaces + (fold delq %namespaces '(net user)))) (accounts (jami-configuration-accounts config)) (declarative-mode? (maybe-value-set? accounts))) @@ -310,7 +362,6 @@ CONFIG, a <jami-configuration> object." (with-imported-modules (source-module-closure '((gnu build dbus-service) (gnu build jami-service) - (gnu build shepherd) (gnu system file-systems))) (define list-accounts-action @@ -490,8 +541,7 @@ argument, either a registered username or the fingerprint of the account.") (list (shepherd-service (documentation "Run a D-Bus session for the Jami daemon.") (provision '(jami-dbus-session)) - (modules `((gnu build shepherd) - (gnu build dbus-service) + (modules `((gnu build dbus-service) (gnu build jami-service) (gnu system file-systems) ,@%default-modules)) @@ -499,26 +549,23 @@ argument, either a registered username or the fingerprint of the account.") ;; activation for D-Bus, such as a /etc/machine-id file. (requirement '(dbus-system syslogd)) (start - #~(make-forkexec-constructor/container - (list #$dbus-daemon "--session" - "--address=unix:path=/var/run/jami/bus" - "--syslog-only") - #:pid-file "/var/run/jami/pid" - #:mappings - (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/jami") - (target source) - (writable? #t))) - #:user "jami" - #:group "jami" - #:environment-variables - ;; This is so that the cx.ring.Ring service D-Bus - ;; definition is found by dbus-daemon. - (list (string-append "XDG_DATA_DIRS=" - #$libjami:bin "/share")))) + #~(lambda () + (define pid + (fork+exec-command + (list #$dbus-daemon "--session" + "--address=unix:path=/var/run/jami/bus" + "--syslog-only") + #:environment-variables + ;; This is so that the cx.ring.Ring service D-Bus + ;; definition is found by dbus-daemon. + (list (string-append "XDG_DATA_DIRS=" + #$libjami:bin "/share")))) + + ;; The PID file contains the "wrong" PID (the one in the + ;; separate PID namespace) so ignore it and return the + ;; value returned by 'fork+exec-command'. + (and (read-pid-file "/var/run/jami/pid") + pid))) (stop #~(make-kill-destructor))) (shepherd-service @@ -542,7 +589,6 @@ argument, either a registered username or the fingerprint of the account.") (srfi srfi-26) (gnu build dbus-service) (gnu build jami-service) - (gnu build shepherd) (gnu system file-systems) ,@%default-modules)) (start @@ -588,32 +634,14 @@ argument, either a registered username or the fingerprint of the account.") ;; Start the daemon. (define daemon-pid - ((make-forkexec-constructor/container - (list #$@(jami-configuration->command-line-arguments - config)) - #:mappings - (list (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/lib/jami") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/run/jami") - (target source) - (writable? #t)) - ;; Expose TLS certificates for GnuTLS. - (file-system-mapping - (source #$(file-append nss-certs "/etc/ssl/certs")) - (target "/etc/ssl/certs"))) - #:user "jami" - #:group "jami" - #:environment-variables - (list (string-append "DBUS_SESSION_BUS_ADDRESS=" - "unix:path=/var/run/jami/bus") - ;; Expose TLS certificates for OpenSSL. - "SSL_CERT_DIR=/etc/ssl/certs")))) + (fork+exec-command + (list #$@(jami-configuration->command-line-arguments + config)) + #:environment-variables + (list (string-append "DBUS_SESSION_BUS_ADDRESS=" + "unix:path=/var/run/jami/bus") + ;; Expose TLS certificates for OpenSSL. + "SSL_CERT_DIR=/etc/ssl/certs"))) (setenv "DBUS_SESSION_BUS_ADDRESS" "unix:path=/var/run/jami/bus") diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 55cc095d90..05fd71f994 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -1232,31 +1232,29 @@ a webserver.") (let* ((specs (hpcguix-web-configuration-specs config)) (config-file (and specs (scheme-file "hpcguix-web.scm" specs))) (hpcguix-web (hpcguix-web-package config))) - (with-imported-modules (source-module-closure - '((gnu build shepherd))) - (shepherd-service - (documentation "hpcguix-web daemon") - (provision '(hpcguix-web)) - (requirement '(networking)) - (start #~(make-forkexec-constructor - (list #$(file-append hpcguix-web "/bin/hpcguix-web") - (string-append "--listen=" - #$(hpcguix-web-configuration-address - config)) - "-p" - #$(number->string - (hpcguix-web-configuration-port config)) - #$@(if specs - #~((string-append "--config=" #$config-file)) - #~())) - #:user "hpcguix-web" - #:group "hpcguix-web" - #:environment-variables - (list "XDG_CACHE_HOME=/var/cache/guix/web" - "SSL_CERT_DIR=/etc/ssl/certs") - #:log-file #$%hpcguix-web-log-file)) - (stop #~(make-kill-destructor)) - (actions (list (shepherd-configuration-action config-file))))))) + (shepherd-service + (documentation "hpcguix-web daemon") + (provision '(hpcguix-web)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append hpcguix-web "/bin/hpcguix-web") + (string-append "--listen=" + #$(hpcguix-web-configuration-address + config)) + "-p" + #$(number->string + (hpcguix-web-configuration-port config)) + #$@(if specs + #~((string-append "--config=" #$config-file)) + #~())) + #:user "hpcguix-web" + #:group "hpcguix-web" + #:environment-variables + (list "XDG_CACHE_HOME=/var/cache/guix/web" + "SSL_CERT_DIR=/etc/ssl/certs") + #:log-file #$%hpcguix-web-log-file)) + (stop #~(make-kill-destructor)) + (actions (list (shepherd-configuration-action config-file)))))) (define hpcguix-web-service-type (service-type |