| Age | Commit message (Collapse) | Author |
|---|
|
* gnu/services/databases.scm
(maybe-string): Add prefix.
(serialize-field): Rename to `redis-serialize-field`,
remove gexp.
(redis-serialize-package): Add variable.
(serialize-string): Rename to `redis-serialize-string`.
(serialize-number): Rename to `redis-serialize-number`.
(redis-configuration): Add prefix.
* doc/guix.texi (Database Services) <redis>: Regenerate
documentation.
Merges: https://codeberg.org/guix/guix/pulls/6850
Change-Id: Iccbbb7108f8211b31769638ef885e485bab0ebc3
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
|
|
* gnu/services/databases.scm (postgresql-service): Delete variable.
Change-Id: Iec27908b892eae666ea4c1b28a63a2d3d48b804d
|
|
* gnu/services/databases.scm (mysql-service): Delete variable.
Change-Id: Idbf3c9e2d595722792231f2417f85927bf89330c
|
|
facility.
The implementation of postgresql-role's password up until now relied on
spawining a subshell reading the password file and passing its content
via command line to a psql process which would create users and set
passwords. This allowed a (fast) attacker to eavesdrop, via the kernel
command line facility, the password while they were read,
without having the permissions required for reading the password
file.
This new implementation reads passwords directly from password files
into the Guile process, temporarily stores them in query files living in
a memory backed file system and deletes the query files after executing
them. It also makes sure to turn off logging of commands for the
duration of the password setting transaction, so passwords don't get
leaked to system logs through misconfiguration.
* gnu/services/databases.scm (%postgresql-role-runtime-dir): New
variable.
(postgresql-create-roles): Rework the way passwords are set to avoid
leaking them through subshells and command lines.
(%postgresql-role-file-systems): New variable.
(postgresql-role-service-type): Add file-system-service-type extension
point.
Change-Id: I52406d1d24f5d163081b5c21d3e1760fc0b67a1e
|
|
* gnu/services/databases.scm
(redis-configuration): Rewrite using `define-configuration'.
(redis-shepherd-service): Honor it.
* doc/guix.texi (Database Services) <redis>: Regenerate
documentation.
Change-Id: I5b99822ca3d8d23fb5133497d00eada0336d0c65
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #2158
|
|
Shepherd expects #f to know the service has stopped.
* gnu/services/databases.scm (postgresql-shepherd-service): Return #f
on stop.
Change-Id: Ie5c45efc7eef75c325ddfd0ef197b306c7b60e5b
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
|
|
The change was automated via:
git grep -l goodoldpaul@autistici.org |
xargs sed -i 's/goodoldpaul@autistici.org/therewasa@fishinthecalculator.me/g'
* .mailmap: New entry.
Change-Id: I1629388334695d221647afe6a14faf61af5fe0d6
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
|
|
This commit adds a password-file to the postgresql-role field. It
allows users to provision Postgres roles with a set password.
* gnu/services/databases.scm (postgresql-role): Add password-file field.
(postgresql-role-configuration): Add requirement field.
(postgresql-create-roles): Add support for setting passwords from a
file without leaking passwords to the command line.
(postgresql-role-shepherd-service): Add support for customizable
requirements.
(postgresql-role-service-type): Pass on postgresql-role-configuration
fields values by default, this way user configured fields are not lost.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document the new field and fix the extension point example.
Change-Id: I3aabaa10b0c5e826c5aa874e5649e25a3508a585
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
It is often useful to be able to use the `postgres' user for management tasks,
so this commit allows setting that. The default behavior is not changed.
I have also added missing exports and sorted them by alphabet.
* gnu/services/databases.scm (%default-home-directory): New variable.
(<postgresql-configuration>): Add home-directory, allow-login? fields.
(create-postgresql-account): Use them.
* doc/guix.texi (Database Services): Document it.
Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes <https://issues.guix.gnu.org/76368>.
* gnu/services/auditd.scm (auditd-shepherd-service):
* gnu/services/base.scm (rngd-service-type):
(gpm-shepherd-service):
* gnu/services/ci.scm (laminar-shepherd-service):
* gnu/services/containers.scm (rootless-podman-cgroups-fs-owner-service):
(rootless-podman-cgroups-limits-service):
* gnu/services/cups.scm (cups-shepherd-service):
* gnu/services/databases.scm (postgresql-role-shepherd-service):
* gnu/services/desktop.scm (upower-shepherd-service):
(bluetooth-shepherd-service):
(elogind-shepherd-service):
(inputattach-shepherd-service):
(seatd-shepherd-service):
* gnu/services/dns.scm (knot-resolver-shepherd-services):
(dnsmasq-shepherd-service):
* gnu/services/docker.scm (containerd-shepherd-service):
(docker-shepherd-service):
* gnu/services/file-sharing.scm (transmission-daemon-shepherd-service):
* gnu/services/games.scm (joycond-shepherd-service):
(wesnothd-shepherd-service):
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services):
(guix-data-service-shepherd-services):
(nar-herder-shepherd-services):
(bffe-shepherd-services):
* gnu/services/ldap.scm (directory-server-shepherd-service):
* gnu/services/linux.scm (cachefilesd-shepherd-service):
(rasdaemon-shepherd-service):
* gnu/services/mail.scm (dovecot-shepherd-service):
(imap4d-shepherd-service):
(radicale-shepherd-service):
(rspamd-configuration):
* gnu/services/monitoring.scm (prometheus-node-exporter-shepherd-service):
(vnstat-shepherd-service):
* gnu/services/networking.scm (opendht-shepherd-service):
(openvswitch-shepherd-service):
(pagekite-shepherd-service):
(ipfs-shepherd-service):
* gnu/services/nfs.scm (rpcbind-service-type):
(gss-service-type):
(idmap-service-type):
* gnu/services/pm.scm (thermald-shepherd-service):
* gnu/services/rsync.scm (rsync-shepherd-service):
* gnu/services/samba.scm (samba-samba-shepherd-service):
(samba-nmbd-shepherd-service):
(samba-smbd-shepherd-service):
(samba-winbindd-shepherd-service):
(wsdd-shepherd-service):
* gnu/services/security-token.scm (pcscd-shepherd-service):
* gnu/services/sound.scm (speakersafetyd-shepherd-service):
* gnu/services/spice.scm (spice-vdagent-shepherd-service):
* gnu/services/ssh.scm (lsh-shepherd-service):
(openssh-shepherd-service):
(dropbear-shepherd-service):
(autossh-shepherd-service):
* gnu/services/telephony.scm (jami-shepherd-services):
(mumble-server-shepherd-service):
* gnu/services/version-control.scm (git-daemon-shepherd-service):
* gnu/services/virtualization.scm (virtlogd-shepherd-service):
* gnu/services/vnc.scm (xvnc-shepherd-service):
* gnu/services/vpn.scm (openvpn-shepherd-service):
(strongswan-shepherd-service):
* gnu/services/web.scm (httpd-shepherd-services):
(fcgiwrap-shepherd-service):
(php-fpm-shepherd-service):
(hpcguix-web-shepherd-service):
(tailon-shepherd-service):
(varnish-shepherd-service):
(whoogle-shepherd-service):
(mumi-shepherd-services):
(gmnisrv-shepherd-service):
(agate-shepherd-service): Add ‘user-processes’ requirement.
* doc/guix.texi (Mail Services): Update accordingly.
Reported-by: Dariqq <dariqq@posteo.net>
Change-Id: I947bd2afc83b786cb17c555cfe73ab586b806618
|
|
Fixes <https://issues.guix.gnu.org/76315>.
This is more concise and more robust: these ‘waitpid’ calls would
compete with those made by shepherd’s event loop upon SIGCHLD, and they
could hang forever, as illustrated with ‘dhcp-client-service-type’
in <https://issues.guix.gnu.org/76315>.
* gnu/services/databases.scm (postgresql-role-shepherd-service): Use
‘spawn-command’ instead of ‘fork+exec-command’ followed by ‘waitpid’.
* gnu/services/networking.scm (dhcp-client-shepherd-service): Change
‘start’ to use ‘spawn-command’ instead of ‘fork+exec-command’ and
* gnu/services/web.scm (patchwork-django-admin-gexp): Use
‘spawn-command’ instead of ‘primitive-fork’ + ‘waitpid’.
Change-Id: I449290bfa46f8600e6ccdb5a6da990ad0cb7948c
Reported-by: Tomas Volf <~@wolfsden.cz>
|
|
* gnu/services/databases.scm (postgresql-configuration)[postgresql]:
Unset default.
(postgresql-service-type): Remove default-value.
(postgresql-service): Revert default to postgresql-10 (rationale: We
can remove this service at the same time than postgresql-10, in
something like 6 months to a year).
* doc/guix.texi: Remove postgresql default reference in documentation.
Signed-off-by: Florian Pelz <pelzflorian@pelzflorian.de>
|
|
Versions 10 and 11 are unsupported according to
https://www.postgresql.org/support/versioning/
postgresql-10 also has a CVE.
* doc/guix.texi: Change default value of postgresql-service-type's
postgresql field.
* gnu/packages/databases.scm (postresql-10, postgresql-11): Use
define-deprecated/public to warn users.
* gnu/services/databases.scm (postgresql-configuration): Change the
default value of postgresql-configuration-postgresql.
* gnu/tests/guix.scm (%guix-data-service-os): Change the default value
of postgresql.
Signed-off-by: Andreas Enge <andreas@enge.fr>
Change-Id: Ie8744c8e1f246e9b45ff5e29d4e98214de3ca66a
|
|
* gnu/services/databases.scm (postgresql-activation): Replace
‘primitive-exit’ + ‘system*’ with ‘execl’.
Change-Id: I491fd3093f67af59f240438d7d6123e769e4ec1e
|
|
* gnu/services/databases.scm (postgresql-activation): Check if
directory exists.
Reviewed-by: Dale Mellor <guix-devel-0brg6b@rdmp.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: Id563a3e8df2cb5b805e64cd8319303c65d308c69
|
|
* gnu/services/databases.scm (memcached-shepherd-service): Remove
‘with-imported-modules’ form and ‘modules’ field.
* gnu/services/security-token.scm (pcscd-shepherd-service): Remove
‘with-imported-modules’ form.
* gnu/services/web.scm (hpcguix-web-shepherd-service): Likewise.
Change-Id: Ieb817508f1751e0c1ff551a0e078789a4a813c1c
|
|
Add 'createAccount?', 'uid' and 'gid' to <postgresql-configuation>.
Unlike other system daemons, the PostgreSQL data directory is typically
meant to persist across 'guix system reconfigure' and once created, you
don't want it's UID or GID to change anymore.
Furthermore, if you want to place the data directory on a network share
and use NFSv4 with idmap, then the 'postgres' user must exist when the
'rpc.idmapd' daemon is launched; prior to mounting the share. And it
needs to be possible to mount the share without configuring PostgreSQL.
With NFSv3, the UID and GID typically needs to match those on the
server.
The added options allow for both of these scenarios:
You can either create the user in (operating-system (users)) completely
independently of the 'postgresql-service-type' (for instance to get your
NFS setup working first prior to configuring your databases) - or "pin"
it's UID / GID values.
* gnu/services/databases.scm (<postgresql-configuration>)[create-account?]
[uid, gid]: New fields.
(%postgresql-accounts): Remove.
(create-postgresql-account): New procedure.
(postgresql-service-type)[extensions]: Use it.
* doc/guix.texi (Database Services): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/databases.scm (postgresql-role): Add more role fields.
(postgresql-create-roles): Honor it.
* doc/guix.texi (Database Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/databases.scm (<postgresql-configuration>)[postgresql]:
Add default value, moved from...
(postgresql-service-type)[default-value]: ... here.
|
|
* gnu/services/databases.scm (redis-shepherd-service): Add 'actions'
field.
|
|
* gnu/services/databases.scm (mysql-shepherd-service): Add 'actions'
field.
|
|
* gnu/services/databases.scm (postgresql-shepherd-service): Add
'actions' field.
|
|
* gnu/services/databases.scm (postgresql-shepherd-service): Add
'postgresql' to 'provision'.
|
|
* gnu/services/databases.scm (mysql-install): Run "mariadb-install-db" instead
of a hard coded set of SQL commands.
(mysql-upgrade-wrapper): Explicitly run as mysql user.
|
|
* gnu/services/databases.scm (mysql-with-install-lock): Remove variable.
(mysql-start): Rename to ...
(mysqld-wrapper): ... this. Do the preliminary initialization steps and call
out to MYSQL-INSTALL when necessary.
(mysql-install): Only initialize table schemas.
(mysql-install-shepherd-service): Remove.
(mysql-service)[requirement]: Remove 'mysql-install. Add 'user-processes.
[start]: Don't pass #:user and #:group.
(mysql-shepherd-services): Remove MYSQL-INSTALL-SHEPHERD-SERVICE.
|
|
* gnu/services/databases.scm (mysql-upgrade-shepherd-service)[start]: Pass
#:log-file.
|
|
* gnu/services/databases.scm (mysql-upgrade-wrapper): Take service
configuration as argument, and pass the config file to mysql_upgrade.
(mysql-upgrade-shepherd-service): Pass CONFIG instead of just socket and
executable to MYSQL-UPGRADE-WRAPPER.
|
|
* gnu/services/databases.scm (mysql-configuration): Add datadir property.
* gnu/services/databases.scm (mysql-configuration-file): Replace hard coded
data dir with property from config.
* gnu/services/databases.scm (%mysql-activation): Remove activation, it runs
before PID 1. The data dir may reside on a file system not mounted at this
time.
* gnu/services/databases.scm (mysql-install-shepherd-service): Create service
which replaces the activation. Provide mysql-install.
* gnu/services/databases.scm (mysql-shepherd-service): Move invocation of
mysqld to mysql-start program-file, because the invocation gotten more
complex. Require mysql-install.
* gnu/services/databases.scm (mysql-start): Invoke mysqld only if a lock file
appears.
* gnu/services/databases.scm (mysql-shepherd-services): Prepend the install
service before the normal service.
* gnu/services/databases.scm (mysql-upgrade-wrapper): Increase timeout to
20s to let the mysql install procedure finish.
Signed-off-by: Marius Bakke <marius@gnu.org>
|
|
* gnu/services/databases.scm (postgresql-service-type)[description]: New field.
(memcached-service-type)[description]: New field.
(mysql-service-type)[description]: New field.
(redis-service-type)[description]: New field.
* gnu/services/desktop.scm (geoclue-service-type)[description]: New
field.
(udisks-service-type)[description]: New field.
(elogind-service-type)[description]: New field.
(account-service-type)[description]: New field.
* gnu/services/kerberos.scm (krb5-service-type)[description]: New field.
(pam-krb5-service-type)[description]: New field.
* gnu/services/lirc.scm (lirc-service-type)[description]: New field.
* gnu/services/mail.scm (dovecot-service-type)[description]: New field.
(opensmtpd-service-type)[description]: New field.
(mail-aliases-service-type)[description]: New field.
(exim-service-type)[description]: New field.
* gnu/services/monitoring.scm (zabbix-server-service-type)[description]:
New field.
(zabbix-agent-service-type)[description]: New field.
* gnu/services/nfs.scm (rpcbind-service-type)[description]: New field.
(pipefs-service-type)[description]: New field.
(gss-service-type)[description]: New field.
(idmap-service-type)[description]: New field.
* gnu/services/spice.scm (spice-vdagent-service-type)[description]: New field.
* gnu/services/sysctl.scm (sysctl-service-type)[description]: New field.
* gnu/services/virtualization.scm (libvirt-service-type)[description]:
New field.
(virtlog-service-type)[description]: New field.
* gnu/services/vpn.scm (openvpn-server-service-type)[description]: New field.
(openvpn-client-service-type)[description]: New field.
(wireguard-service-type)[description]: New field.
* gnu/services/web.scm (httpd-service-type)[description]: New field.
(fcgiwrap-service-type)[description]: New field.
(agate-service-type)[description]: New field.
[name]: Fix.
|
|
* gnu/services/databases.scm: Export POSTGRESQL-CONFIGURATION-EXTENSION-PACKAGES.
|
|
|
|
* gnu/services/authentication.scm (fprintd-configuration)
(nslcd-configuration): Substitute file-like objects for package ones.
* gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration):
Likewise.
* gnu/services/cups.scm (package-list?, cups-configuration): Likewise.
* gnu/services/dns.scm (verify-knot-configuration)
(ddclient-configuration): Likewise.
* gnu/services/docker.scm (docker-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise.
* gnu/services/getmail.scm (getmail-configuration): Likewise.
* gnu/services/mail.scm (dovecot-configuration)
(opaque-dovecot-configuration): Likewise.
* gnu/services/messaging.scm (prosody-configuration)
(opaque-prosody-configuration): Likewise.
* gnu/services/monitoring.scm (zabbix-server-configuration)
(zabbix-agent-configuration): Likewise.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-configuration): Likewise.
* gnu/services/virtualization.scm (libvirt-configuration)
(qemu-guest-agent-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
|
|
Adapt to the postgresql default socket directory set to /var/run/postgresql.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]: Set
to /var/run/postgresql.
(<postgresql-role-configuration>): Ditto.
* gnu/tests/databases.scm (run-postgresql-test): Adapt it.
|
|
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
|
|
This reverts commit f3626119d738f30b5ab59e76c105fd7b4c077ddc.
This commit inadvertently broke a string freeze. Let's be nice to our
translators and not do that.
|
|
This is a follow-up of c311147bd16aa0e5746d9cbf31502f5fd61e470c.
* gnu/services/databases.scm (<postgresql-role-configuration>)[host]: Set to
"/tmp" which the default Postgresql socket directory.
|
|
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
|
|
Fixes <https://bugs.gnu.org/46737>.
PostgreSQL running with a different socket directory to the default one in the
package itself breaks some services, this commit restores the previous
behaviour where PostgreSQL by default will run with a socket directory that
matches the default used by PostgreSQL packaged for Guix.
Switching to a different default value can happen, but only alongside changing
the PostgreSQL package.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]:
Change default to #false.
* doc/guix.texi (Database Services): Update documentation, and specify a
different value for disabling connections via sockets.
* gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL
behaviour.
* gnu/tests/monitoring.scm (%zabbix-os): Likewise.
* gnu/tests/web.scm (patchwork-os): Likewise.
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
|
|
Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
|
|
* gnu/services/databases.scm (postgresql-service-type): Define a default value.
|
|
* gnu/services/databases.scm (postgresql-create-roles): Quote the name in
the SQL query so that roles/usernames containing hyphens will work.
|
|
* gnu/services/databases.scm (postgresql-role,
postgresql-role?, postgresql-role-name,
postgresql-role-permissions, postgresql-role-create-database?,
postgresql-role-configuration, postgresql-role-configuration?,
postgresql-role-configuration-host, postgresql-role-configuration-roles,
postgresql-role-service-type): New procedures.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document it.
|
|
* gnu/services/databases.scm: Wrap long lines, no functional change.
|
|
* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
|
|
* gnu/services/databases.scm (postgresql-config-file-socket-directory): New
procedure.
(<postgresql-config-file>)[socket-directory]: New field.
(postgresql-config-file-compiler): Honor it.
(postgresql-activation): Create the socket directory if needed.
* doc/guix.texi (Database Services): Document it.
* gnu/tests/guix.scm (%guix-data-service-os): Adapt it.
* gnu/tests/monitoring.scm (%zabbix-os): Ditto.
* gnu/tests/web.scm (patchwork-os): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
|
|
* gnu/services/databases.scm (mysql-upgrade-wrapper): Adjust indentation.
|
|
* gnu/services/databases.scm (<postgresql-config-file>,
<postgresql-configuration>, <memcached-configuration>,
<mongodb-configuration>): Remove exports.
|
|
* gnu/services/databases.scm (<mysql-configuration>): Add AUTO-UPGRADE? field.
(mysql-upgrade-wrapper, mysql-upgrade-shepherd-service,
mysql-shepherd-services): New variables.
(mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of
MYSQL-SHEPHERD-SERVICE.
* doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of
MYSQL-SERVICE-TYPE.
* gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run.
|
