| Age | Commit message (Collapse) | Author |
|---|
|
Fixes <https://issues.guix.gnu.org/76301>.
The ‘dns’ provision collides with that of Knot.
* gnu/services/dns.scm (unbound-shepherd-service): Remove dns from provision.
Change-Id: Ice774a9a338416e865dbc4d26a8f37243f084a35
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (knot-shepherd-service): Add `user-processes' to the
`requirement' field.
Change-Id: I59f95aeb25c02944418eb3ea20a42d344703a011
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
While DBUS service is enabled in dnsmasq, it does not work without installing
a config file to the system.
* gnu/packages/dns.scm (dnsmasq): Install dbus config.
* gnu/services/dns.scm (dnsmasq): Extend dbus-root-service-type.
Change-Id: I5187f65e1f2892eb10fb95e6f51955559f64dbef
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (dnsmasq-service-reload-action): New function.
Implements SIGHUP handling for reloading configurations.
(dnsmasq-service-stats-action): New function. Implements SIGUSR1
handling for dumping statistics.
(dnsmasq-shepherd-service): Use new actions.
* doc/guix.texi: Document new actions with examples.
* gnu/tests/networking.scm (%test-dnsmasq): Add tests to verify the
functionality of new actions.
Change-Id: I31f0eb4b26a582e95f7bfdb240110c139f0e16cc
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>) [pid-file]: New field
to specify alternate path for dnsmasq PID.
[conf-file]: New field to specify one or more configuration files.
[conf-dir]: New field to read configuration files from a directory.
[extra-options]: Move to the end of the definition as a last resort option.
(dnsmasq-shepherd-service): Use new fields instead of hardcoded values.
* gnu/services/dns.scm: Export all record accessors.
* doc/guix.texi: Document new configuration options.
Change-Id: Iaec361e7d8bfd60af04f023f57d422b55b0c1eea
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>)[provision]: Mark
filed as deprecated with a warning. Set default to #f.
[shepherd-provision]: Add new field for consistency with other services.
[shepherd-requirement]: Add new field.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi: Document these changes.
* doc/guix-cookbook.texi (Custom NAT-based network for libvirt): Update
example to use 'shepherd-provision' instead of 'provision'.
Change-Id: Icad4d9c4be5bf58368e8c416f1fdde1f9065557d
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
Fixes <https://issues.guix.gnu.org/76368>.
* gnu/services/auditd.scm (auditd-shepherd-service):
* gnu/services/base.scm (rngd-service-type):
(gpm-shepherd-service):
* gnu/services/ci.scm (laminar-shepherd-service):
* gnu/services/containers.scm (rootless-podman-cgroups-fs-owner-service):
(rootless-podman-cgroups-limits-service):
* gnu/services/cups.scm (cups-shepherd-service):
* gnu/services/databases.scm (postgresql-role-shepherd-service):
* gnu/services/desktop.scm (upower-shepherd-service):
(bluetooth-shepherd-service):
(elogind-shepherd-service):
(inputattach-shepherd-service):
(seatd-shepherd-service):
* gnu/services/dns.scm (knot-resolver-shepherd-services):
(dnsmasq-shepherd-service):
* gnu/services/docker.scm (containerd-shepherd-service):
(docker-shepherd-service):
* gnu/services/file-sharing.scm (transmission-daemon-shepherd-service):
* gnu/services/games.scm (joycond-shepherd-service):
(wesnothd-shepherd-service):
* gnu/services/guix.scm (guix-build-coordinator-shepherd-services):
(guix-data-service-shepherd-services):
(nar-herder-shepherd-services):
(bffe-shepherd-services):
* gnu/services/ldap.scm (directory-server-shepherd-service):
* gnu/services/linux.scm (cachefilesd-shepherd-service):
(rasdaemon-shepherd-service):
* gnu/services/mail.scm (dovecot-shepherd-service):
(imap4d-shepherd-service):
(radicale-shepherd-service):
(rspamd-configuration):
* gnu/services/monitoring.scm (prometheus-node-exporter-shepherd-service):
(vnstat-shepherd-service):
* gnu/services/networking.scm (opendht-shepherd-service):
(openvswitch-shepherd-service):
(pagekite-shepherd-service):
(ipfs-shepherd-service):
* gnu/services/nfs.scm (rpcbind-service-type):
(gss-service-type):
(idmap-service-type):
* gnu/services/pm.scm (thermald-shepherd-service):
* gnu/services/rsync.scm (rsync-shepherd-service):
* gnu/services/samba.scm (samba-samba-shepherd-service):
(samba-nmbd-shepherd-service):
(samba-smbd-shepherd-service):
(samba-winbindd-shepherd-service):
(wsdd-shepherd-service):
* gnu/services/security-token.scm (pcscd-shepherd-service):
* gnu/services/sound.scm (speakersafetyd-shepherd-service):
* gnu/services/spice.scm (spice-vdagent-shepherd-service):
* gnu/services/ssh.scm (lsh-shepherd-service):
(openssh-shepherd-service):
(dropbear-shepherd-service):
(autossh-shepherd-service):
* gnu/services/telephony.scm (jami-shepherd-services):
(mumble-server-shepherd-service):
* gnu/services/version-control.scm (git-daemon-shepherd-service):
* gnu/services/virtualization.scm (virtlogd-shepherd-service):
* gnu/services/vnc.scm (xvnc-shepherd-service):
* gnu/services/vpn.scm (openvpn-shepherd-service):
(strongswan-shepherd-service):
* gnu/services/web.scm (httpd-shepherd-services):
(fcgiwrap-shepherd-service):
(php-fpm-shepherd-service):
(hpcguix-web-shepherd-service):
(tailon-shepherd-service):
(varnish-shepherd-service):
(whoogle-shepherd-service):
(mumi-shepherd-services):
(gmnisrv-shepherd-service):
(agate-shepherd-service): Add ‘user-processes’ requirement.
* doc/guix.texi (Mail Services): Update accordingly.
Reported-by: Dariqq <dariqq@posteo.net>
Change-Id: I947bd2afc83b786cb17c555cfe73ab586b806618
|
|
In #68757, v3 instead of v4 of the patchset was committed by accident.
This patch revives the (minor) changes made in the v4.
* gnu/service/dns.scm: Remove exports of no longer existing names.
(unbound-service-type): Fix at typo (unbound -> Unbound).
(unbound-shepherd-service): Run after user processes.
(unbound-account-service): Determine shell based on shadow package.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This allows using Unbound as a local DNSSEC-enabled resolver. This
commit also allows configuration of the Unbound DNS resolver via a
Scheme API. The API currently provides very common options and
includes an escape hatch to enable less common configurations.
* gnu/service/dns.scm (unbound-serialize-field): New procedure.
(unbound-serialize-alist, unbound-serialize-section)
(unbound-serialize-string, unbound-serialize-boolean)
(unbound-serialize-list-of-strings): New procedures.
(unbound-zone): New record type.
(unbound-serialize-unbound-zone)
(unbound-serialize-list-of-unbound-zone): New procedures.
(unbound-remote): New record type.
(unbound-serialize-unbound-remote): New procedure.
(unbound-server): New record type.
(unbound-serialize-unbound-server): New procedure.
(unbound-configuration): New record type.
(unbound-config-file, unbound-shepherd-service): New procedures.
(unbound-account-service): New variable.
(unbound-service-type): New services.
* gnu/tests/dns.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (DNS Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I4c9646c9e17d4882e596d33ff8f738e1877fa1ae
|
|
Allow users to have multiple dnsmasq instances by specifying different
`provision` values for the corresponding Shepherd services, similar to
what is done with `static-networking-service-type`.
* gnu/services/dns.scm (<dnsmasq-configuration>)[provision]: new option.
(dnsmasq-shepherd-service): Use supplied provision value.
* doc/guix.texi (DNS Services)[dnsmasq-configuration]: Document it.
Change-Id: I78c7f015cb1db239a600bc5373b2fd80e8b9b9f4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[extra-options]: Add.
* doc/guix.texi: Document (<dnsmasq-configuration>)[extra-options].
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I7d2df7aa5d3b041b69b2f8b3e311a7328c28a3be
|
|
ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken
for a while [2]. Remove it rather than shipping a broken service for an
unmaintained program that's unlikely to be fixed.
[1]: <https://github.com/ddclient/ddclient>
[2]: <https://issues.guix.gnu.org/52770>
This reverts commit 8490a8346b5c8207f5798be55bea1de865b0bd42.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (knot-shepherd-service): Add 'actions' field.
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[cpe-id]: Change cpe-id
default value to #f instead of #t.
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[servers-file]: Add.
(<dnsmasq-configuration>)[tftp-secure?]: Fix typo in parameter name.
* doc/guix.texi: Document (<dnsmasq-configuration>)[servers-file].
Signed-off-by: Andrew Tropin <andrew@trop.in>
|
|
The Knot DNS service in Guix uses two days, or 48 hours, for the SOA
refresh interval but that is outside the range of RFC 1912, which is
entitled "Common DNS Operational and Configuration Errors." [1]
Section 2.2 of RFC 1912 recommends a maximum of 12 hours for the SOA
refresh rate: "You can keep it short (20 mins to 2 hours) if you
aren't worried about a small increase in bandwidth used, or longer
(2-12 hours) if your Internet connection is slow or is started on
demand."
This commit sets the default refresh interval at the nearest value
recommended by the standard, which is 12 hours.
Due to the widespread adoption of NOTIFY messages between primary and
secondary DNS servers, the SOA refresh interval has arguably lost some
importance, but the Guix default should still be in line with the
standards.
Values outside the recommended range can provoke warning messages from
services commonly used to find bugs in DNS configurations, such as the
MX Toolbox Super Tool. [2]
[1] https://datatracker.ietf.org/doc/rfc1912/
[2] https://mxtoolbox.com/SuperTool.aspx
* gnu/services/dns.scm (<zone-file>)[refresh]: Default to (* 12 3600).
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
* gnu/services/dns.scm (ddclient-activation): Remove (ice-9 rdelim) from the
with-imported-modules form.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>): Add
forward-private-reverse-lookup?, strict-order? and cpe-id options.
(dnsmasq-shepherd-service): Pass added options to dnsmasq and use
match-record instead of match-lambda.
* doc/guix.texi (Guix Services): Document options added to dnsmasq.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/authentication.scm (fprintd-configuration)
(nslcd-configuration): Substitute file-like objects for package ones.
* gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration):
Likewise.
* gnu/services/cups.scm (package-list?, cups-configuration): Likewise.
* gnu/services/dns.scm (verify-knot-configuration)
(ddclient-configuration): Likewise.
* gnu/services/docker.scm (docker-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise.
* gnu/services/getmail.scm (getmail-configuration): Likewise.
* gnu/services/mail.scm (dovecot-configuration)
(opaque-dovecot-configuration): Likewise.
* gnu/services/messaging.scm (prosody-configuration)
(opaque-prosody-configuration): Likewise.
* gnu/services/monitoring.scm (zabbix-server-configuration)
(zabbix-agent-configuration): Likewise.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-configuration): Likewise.
* gnu/services/virtualization.scm (libvirt-configuration)
(qemu-guest-agent-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
|
|
It is now silently ignored by knotd.
* gnu/services/dns.scm (<knot-zone-configuration>):
Remove DISABLE-ANY? field. Adjust all previous users.
* doc/guix.texi (DNS Services): Undocument it.
|
|
* gnu/services/dns.scm (dnsmasq-activation): New procedure …
(dnsmasq-service-type): … use it.
|
|
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
This silences a warning from the service at startup.
* gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n"
command-line option to kresd in place of the deprecated "-f 1".
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>): Add TFTP configuration
fields.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi (DNS Services): Document them.
|
|
* gnu/services/dbus.scm (polkit-service-type)[description]: New field.
* gnu/services/dict.scm (dicod-service-type)[description]: New field.
* gnu/services/dns.scm (knot-service-type)[description]: New field.
* gnu/services/networking.scm (dhcpd-service-type)[description]: New field.
* gnu/services/shepherd.scm (shepherd-root-service-type)[description]:
New field.
* gnu/services/xorg.scm (slim-service-type)[description]: New field.
(screen-locker-service-type)[description]: New field.
* gnu/system/pam.scm (pam-root-service-type)[description]: New field.
* gnu/system/shadow.scm (account-service-type)[description]: New field.
|
|
Introduce a new `addresses' field that translates to passing `--address='
multiple times to dnsmasq.
* gnu/services/dns.scm (<dnsmasq-configuration>): Add an addresses field.
(dnsmasq-shepherd-service): Match the addresses field and translate it to
multiple '--address=' flags.
* doc/guix.texi (DNS Services): Document it.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
* gnu/services/dns.scm (%kresd.conf): Add /var/cache/knot-resolver/root.keys
as the root TA.
|
|
* gnu/services/dns.scm (<knot-resolver-configuration>): New record type.
(knot-resolver-activation, knot-resolver-shpherd-services): New procedures.
(%knot-resolver-accounts, %kresd.conf, knot-resolver-service-type): New
variables.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm: Fix typos.
|
|
* gnu/services/dns.scm (knot-zone-configuration)[zonefile-load]
[journal-content, max-journal-usage, max-journal-depth, max-zone-size]:
New fields.
(knot-zone-config): Serialize them.
* doc/guix.texi (DNS Services): Document them.
|
|
Fixes a regression introduced in
92eb600f8a94afa36142f8f145efaa485b632433.
* gnu/services/dns.scm (knot-config-file): Add ungexp around call to
'knot-configuration-includes'.
|
|
* gnu/services/dns.scm (format-string-list): Fix formating of lists with
only one symbol.
|
|
* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
|
|
This patch fixes warnings about unrecognized keywords in logs.
* gnu/services/dns.scm (serialize-field): Skip some field names.
|
|
* gnu/services/dns.scm (ddclient-activation): Fix procedure.
|
|
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm (dnsmasq-service-type)
[default-value, description]: New fields.
|
|
The 'no-negcache?' option is mapped to the '--no-negcache' command-line
argument directly, but we're in the scheme world, where the general guideline
is to avoid double-negations in identifiers.
* gnu/services/dns.scm <dnsmasq-configuration>: Replace the 'no-negcache?'
field with 'negative-cache?'.
* doc/guix.texi (DNS Services)[Dnsmasq Service]: Adjust accordingly.
|
|
* gnu/services/dns.scm (dnsmasq-service-type): New variable.
(<dnsmasq-configuration>): New record type.
(dnsmasq-shepherd-service): New procedure.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers
instead of duration strings.
(verify-knot-policy-configuration): Fix typo.
* doc/guix.texi (DNS Services): Update documentation.
|
|
* gnu/services/dns.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (DNS Services): New subsubsection.
|
