Next: , Previous: , Up: Services   [Contents][Index]


10.9.9 Desktop Services

The (gnu services desktop) module provides services that are usually useful in the context of a “desktop” setup—that is, on a machine running a graphical display server, possibly with graphical user interfaces, etc. It also defines services that provide specific desktop environments like GNOME, Xfce or MATE.

To simplify things, the module defines a variable containing the set of services that users typically expect on a machine with a graphical environment and networking:

Scheme Variable: %desktop-services

This is a list of services that builds upon %base-services and adds or adjusts services for a typical “desktop” setup.

In particular, it adds a graphical login manager (see gdm-service-type), screen lockers, a network management tool (see network-manager-service-type) with modem support (see modem-manager-service-type), energy and color management services, the elogind login and seat manager, the Polkit privilege service, the GeoClue location service, the AccountsService daemon that allows authorized users change system passwords, an NTP client (see Networking Services), the Avahi daemon, and has the name service switch service configured to be able to use nss-mdns (see mDNS).

The %desktop-services variable can be used as the services field of an operating-system declaration (see services).

Additionally, the gnome-desktop-service-type, xfce-desktop-service, mate-desktop-service-type, lxqt-desktop-service-type and enlightenment-desktop-service-type procedures can add GNOME, Xfce, MATE and/or Enlightenment to a system. To “add GNOME” means that system-level services like the backlight adjustment helpers and the power management utilities are added to the system, extending polkit and dbus appropriately, allowing GNOME to operate with elevated privileges on a limited number of special-purpose system interfaces. Additionally, adding a service made by gnome-desktop-service-type adds the GNOME metapackage to the system profile. Likewise, adding the Xfce service not only adds the xfce metapackage to the system profile, but it also gives the Thunar file manager the ability to open a “root-mode” file management window, if the user authenticates using the administrator’s password via the standard polkit graphical interface. To “add MATE” means that polkit and dbus are extended appropriately, allowing MATE to operate with elevated privileges on a limited number of special-purpose system interfaces. Additionally, adding a service of type mate-desktop-service-type adds the MATE metapackage to the system profile. “Adding Enlightenment” means that dbus is extended appropriately, and several of Enlightenment’s binaries are set as setuid, allowing Enlightenment’s screen locker and other functionality to work as expected.

The desktop environments in Guix use the Xorg display server by default. If you’d like to use the newer display server protocol called Wayland, you need to enable Wayland support in GDM (see wayland-gdm). Another solution is to use the sddm-service instead of GDM as the graphical login manager. You should then select the “GNOME (Wayland)” session in SDDM. Alternatively you can also try starting GNOME on Wayland manually from a TTY with the command “XDG_SESSION_TYPE=wayland exec dbus-run-session gnome-session“. Currently only GNOME has support for Wayland.

Scheme Variable: gnome-desktop-service-type

This is the type of the service that adds the GNOME desktop environment. Its value is a gnome-desktop-configuration object (see below).

This service adds the gnome package to the system profile, and extends polkit with the actions from gnome-settings-daemon.

Data Type: gnome-desktop-configuration

Configuration record for the GNOME desktop environment.

gnome (default: gnome)

The GNOME package to use.

Scheme Variable: xfce-desktop-service-type

This is the type of a service to run the https://xfce.org/ desktop environment. Its value is an xfce-desktop-configuration object (see below).

This service adds the xfce package to the system profile, and extends polkit with the ability for thunar to manipulate the file system as root from within a user session, after the user has authenticated with the administrator’s password.

Note that xfce4-panel and its plugin packages should be installed in the same profile to ensure compatibility. When using this service, you should add extra plugins (xfce4-whiskermenu-plugin, xfce4-weather-plugin, etc.) to the packages field of your operating-system.

Data Type: xfce-desktop-configuration

Configuration record for the Xfce desktop environment.

xfce (default: xfce)

The Xfce package to use.

Scheme Variable: mate-desktop-service-type

This is the type of the service that runs the MATE desktop environment. Its value is a mate-desktop-configuration object (see below).

This service adds the mate package to the system profile, and extends polkit with the actions from mate-settings-daemon.

Data Type: mate-desktop-configuration

Configuration record for the MATE desktop environment.

mate (default: mate)

The MATE package to use.

Scheme Variable: lxqt-desktop-service-type

This is the type of the service that runs the LXQt desktop environment. Its value is a lxqt-desktop-configuration object (see below).

This service adds the lxqt package to the system profile.

Data Type: lxqt-desktop-configuration

Configuration record for the LXQt desktop environment.

lxqt (default: lxqt)

The LXQT package to use.

Scheme Variable: enlightenment-desktop-service-type

Return a service that adds the enlightenment package to the system profile, and extends dbus with actions from efl.

Data Type: enlightenment-desktop-service-configuration
enlightenment (default: enlightenment)

The enlightenment package to use.

Because the GNOME, Xfce and MATE desktop services pull in so many packages, the default %desktop-services variable doesn’t include any of them by default. To add GNOME, Xfce or MATE, just cons them onto %desktop-services in the services field of your operating-system:

(use-modules (gnu))
(use-service-modules desktop)
(operating-system
  ...
  ;; cons* adds items to the list given as its last argument.
  (services (cons* (service gnome-desktop-service-type)
                   (service xfce-desktop-service)
                   %desktop-services))
  ...)

These desktop environments will then be available as options in the graphical login window.

The actual service definitions included in %desktop-services and provided by (gnu services dbus) and (gnu services desktop) are described below.

Scheme Procedure: dbus-service [#:dbus dbus] [#:services '()]

Return a service that runs the “system bus”, using dbus, with support for services.

D-Bus is an inter-process communication facility. Its system bus is used to allow system services to communicate and to be notified of system-wide events.

services must be a list of packages that provide an etc/dbus-1/system.d directory containing additional D-Bus configuration and policy files. For example, to allow avahi-daemon to use the system bus, services must be equal to (list avahi).

Scheme Procedure: elogind-service [#:config config]

Return a service that runs the elogind login and seat management daemon. Elogind exposes a D-Bus interface that can be used to know which users are logged in, know what kind of sessions they have open, suspend the system, inhibit system suspend, reboot the system, and other tasks.

Elogind handles most system-level power events for a computer, for example suspending the system when a lid is closed, or shutting it down when the power button is pressed.

The config keyword argument specifies the configuration for elogind, and should be the result of an (elogind-configuration (parameter value)...) invocation. Available parameters and their default values are:

kill-user-processes?

#f

kill-only-users

()

kill-exclude-users

("root")

inhibit-delay-max-seconds

5

handle-power-key

poweroff

handle-suspend-key

suspend

handle-hibernate-key

hibernate

handle-lid-switch

suspend

handle-lid-switch-docked

ignore

handle-lid-switch-external-power

ignore

power-key-ignore-inhibited?

#f

suspend-key-ignore-inhibited?

#f

hibernate-key-ignore-inhibited?

#f

lid-switch-ignore-inhibited?

#t

holdoff-timeout-seconds

30

idle-action

ignore

idle-action-seconds

(* 30 60)

runtime-directory-size-percent

10

runtime-directory-size

#f

remove-ipc?

#t

suspend-state

("mem" "standby" "freeze")

suspend-mode

()

hibernate-state

("disk")

hibernate-mode

("platform" "shutdown")

hybrid-sleep-state

("disk")

hybrid-sleep-mode

("suspend" "platform" "shutdown")

Scheme Procedure: accountsservice-service [#:accountsservice accountsservice]

Return a service that runs AccountsService, a system service that can list available accounts, change their passwords, and so on. AccountsService integrates with PolicyKit to enable unprivileged users to acquire the capability to modify their system configuration. the accountsservice web site for more information.

The accountsservice keyword argument is the accountsservice package to expose as a service.

Scheme Procedure: polkit-service [#:polkit polkit]

Return a service that runs the Polkit privilege management service, which allows system administrators to grant access to privileged operations in a structured way. By querying the Polkit service, a privileged system component can know when it should grant additional capabilities to ordinary users. For example, an ordinary user can be granted the capability to suspend the system if the user is logged in locally.

Scheme Variable: polkit-wheel-service

Service that adds the wheel group as admins to the Polkit service. This makes it so that users in the wheel group are queried for their own passwords when performing administrative actions instead of root’s, similar to the behaviour used by sudo.

Scheme Variable: upower-service-type

Service that runs upowerd, a system-wide monitor for power consumption and battery levels, with the given configuration settings.

It implements the org.freedesktop.UPower D-Bus interface, and is notably used by GNOME.

Data Type: upower-configuration

Data type representation the configuration for UPower.

upower (default: upower)

Package to use for upower.

watts-up-pro? (default: #f)

Enable the Watts Up Pro device.

poll-batteries? (default: #t)

Enable polling the kernel for battery level changes.

ignore-lid? (default: #f)

Ignore the lid state, this can be useful if it’s incorrect on a device.

use-percentage-for-policy? (default: #f)

Whether battery percentage based policy should be used. The default is to use the time left, change to #t to use the percentage.

percentage-low (default: 10)

When use-percentage-for-policy? is #t, this sets the percentage at which the battery is considered low.

percentage-critical (default: 3)

When use-percentage-for-policy? is #t, this sets the percentage at which the battery is considered critical.

percentage-action (default: 2)

When use-percentage-for-policy? is #t, this sets the percentage at which action will be taken.

time-low (default: 1200)

When use-time-for-policy? is #f, this sets the time remaining in seconds at which the battery is considered low.

time-critical (default: 300)

When use-time-for-policy? is #f, this sets the time remaining in seconds at which the battery is considered critical.

time-action (default: 120)

When use-time-for-policy? is #f, this sets the time remaining in seconds at which action will be taken.

critical-power-action (default: 'hybrid-sleep)

The action taken when percentage-action or time-action is reached (depending on the configuration of use-percentage-for-policy?).

Possible values are:

  • 'power-off
  • 'hibernate
  • 'hybrid-sleep.
Scheme Procedure: udisks-service [#:udisks udisks]

Return a service for UDisks, a disk management daemon that provides user interfaces with notifications and ways to mount/unmount disks. Programs that talk to UDisks include the udisksctl command, part of UDisks, and GNOME Disks. Note that Udisks relies on the mount command, so it will only be able to use the file-system utilities installed in the system profile. For example if you want to be able to mount NTFS file-systems in read and write fashion, you’ll need to have ntfs-3g installed system-wide.

Scheme Variable: colord-service-type

This is the type of the service that runs colord, a system service with a D-Bus interface to manage the color profiles of input and output devices such as screens and scanners. It is notably used by the GNOME Color Manager graphical tool. See the colord web site for more information.

Scheme Variable: sane-service-type

This service provides access to scanners via SANE by installing the necessary udev rules. It is included in %desktop-services (see Desktop Services) and relies by default on sane-backends-minimal package (see below) for hardware support.

Scheme Variable: sane-backends-minimal

The default package which the sane-service-type installs. It supports many recent scanners.

Scheme Variable: sane-backends

This package includes support for all scanners that sane-backends-minimal supports, plus older Hewlett-Packard scanners supported by hplip package. In order to use this on a system which relies on %desktop-services, you may use modify-services (see modify-services) as illustrated below:

(use-modules (gnu))
(use-service-modules
  …
  desktop)
(use-package-modules
  …
  scanner)

(define %my-desktop-services
  ;; List of desktop services that supports a broader range of scanners.
  (modify-services %desktop-services
    (sane-service-type _ => sane-backends)))

(operating-system
  …
  (services %my-desktop-services))
Scheme Procedure: geoclue-application name [#:allowed? #t] [#:system? #f] [#:users '()]

Return a configuration allowing an application to access GeoClue location data. name is the Desktop ID of the application, without the .desktop part. If allowed? is true, the application will have access to location information by default. The boolean system? value indicates whether an application is a system component or not. Finally users is a list of UIDs of all users for which this application is allowed location info access. An empty users list means that all users are allowed.

Scheme Variable: %standard-geoclue-applications

The standard list of well-known GeoClue application configurations, granting authority to the GNOME date-and-time utility to ask for the current location in order to set the time zone, and allowing the IceCat and Epiphany web browsers to request location information. IceCat and Epiphany both query the user before allowing a web page to know the user’s location.

Scheme Procedure: geoclue-service [#:colord colord] [#:whitelist '()] [#:wifi-geolocation-url "https://location.services.mozilla.com/v1/geolocate?key=geoclue"] [#:submit-data? #f]

[#:wifi-submission-url "https://location.services.mozilla.com/v1/submit?key=geoclue"]   [#:submission-nick "geoclue"]   [#:applications %standard-geoclue-applications] Return a service that runs the GeoClue location service. This service provides a D-Bus interface to allow applications to request access to a user’s physical location, and optionally to add information to online location databases. See the GeoClue web site for more information.

Scheme Procedure: bluetooth-service [#:bluez bluez] [#:auto-enable? #f]

Return a service that runs the bluetoothd daemon, which manages all the Bluetooth devices and provides a number of D-Bus interfaces. When AUTO-ENABLE? is true, the bluetooth controller is powered automatically at boot, which can be useful when using a bluetooth keyboard or mouse.

Users need to be in the lp group to access the D-Bus service.

Scheme Variable: bluetooth-service-type

This is the type for the Linux Bluetooth Protocol Stack (BlueZ) system, which generates the /etc/bluetooth/main.conf configuration file. The value for this type is a bluetooth-configuration record as in this example:

(service bluetooth-service-type)

See below for details about bluetooth-configuration.

Data Type: bluetooth-configuration

Data type representing the configuration for bluetooth-service.

bluez (default: bluez)

bluez package to use.

name (default: "BlueZ")

Default adapter name.

class (default: #x000000)

Default device class. Only the major and minor device class bits are considered.

discoverable-timeout (default: 180)

How long to stay in discoverable mode before going back to non-discoverable. The value is in seconds.

always-pairable? (default: #f)

Always allow pairing even if there are no agents registered.

pairable-timeout (default: 0)

How long to stay in pairable mode before going back to non-discoverable. The value is in seconds.

device-id (default: #f)

Use vendor id source (assigner), vendor, product and version information for DID profile support. The values are separated by ":" and assigner, VID, PID and version.

Possible values are:

  • #f to disable it,
  • "assigner:1234:5678:abcd", where assigner is either usb (default) or bluetooth.
reverse-service-discovery? (default: #t)

Do reverse service discovery for previously unknown devices that connect to us. For BR/EDR this option is really only needed for qualification since the BITE tester doesn’t like us doing reverse SDP for some test cases, for LE this disables the GATT client functionally so it can be used in system which can only operate as peripheral.

name-resolving? (default: #t)

Enable name resolving after inquiry. Set it to #f if you don’t need remote devices name and want shorter discovery cycle.

debug-keys? (default: #f)

Enable runtime persistency of debug link keys. Default is false which makes debug link keys valid only for the duration of the connection that they were created for.

controller-mode (default: 'dual)

Restricts all controllers to the specified transport. 'dual means both BR/EDR and LE are enabled (if supported by the hardware).

Possible values are:

  • 'dual
  • 'bredr
  • 'le
multi-profile (default: 'off)

Enables Multi Profile Specification support. This allows to specify if system supports only Multiple Profiles Single Device (MPSD) configuration or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple Devices (MPMD) configurations.

Possible values are:

  • 'off
  • 'single
  • 'multiple
fast-connectable? (default: #f)

Permanently enables the Fast Connectable setting for adapters that support it. When enabled other devices can connect faster to us, however the tradeoff is increased power consumptions. This feature will fully work only on kernel version 4.1 and newer.

privacy (default: 'off)

Default privacy settings.

  • 'off: Disable local privacy
  • 'network/on: A device will only accept advertising packets from peer devices that contain private addresses. It may not be compatible with some legacy devices since it requires the use of RPA(s) all the time
  • 'device: A device in device privacy mode is only concerned about the privacy of the device and will accept advertising packets from peer devices that contain their Identity Address as well as ones that contain a private address, even if the peer device has distributed its IRK in the past

and additionally, if controller-mode is set to 'dual:

  • 'limited-network: Apply Limited Discoverable Mode to advertising, which follows the same policy as to BR/EDR that publishes the identity address when discoverable, and Network Privacy Mode for scanning
  • 'limited-device: Apply Limited Discoverable Mode to advertising, which follows the same policy as to BR/EDR that publishes the identity address when discoverable, and Device Privacy Mode for scanning.
just-works-repairing (default: 'never)

Specify the policy to the JUST-WORKS repairing initiated by peer.

Possible values:

  • 'never
  • 'confirm
  • 'always
temporary-timeout (default: 30)

How long to keep temporary devices around. The value is in seconds. 0 disables the timer completely.

refresh-discovery? (default: #t)

Enables the device to issue an SDP request to update known services when profile is connected.

experimental (default: #f)

Enables experimental features and interfaces, alternatively a list of UUIDs can be given.

Possible values:

  • #t
  • #f
  • (list (uuid <uuid-1>) (uuid <uuid-2>) ...).

List of possible UUIDs:

  • d4992530-b9ec-469f-ab01-6c481c47da1c: BlueZ Experimental Debug,
  • 671b10b5-42c0-4696-9227-eb28d1b049d6: BlueZ Experimental Simultaneous Central and Peripheral,
  • "15c0a148-c273-11ea-b3de-0242ac130004: BlueZ Experimental LL privacy,
  • 330859bc-7506-492d-9370-9a6f0614037f: BlueZ Experimental Bluetooth Quality Report,
  • a6695ace-ee7f-4fb9-881a-5fac66c629af: BlueZ Experimental Offload Codecs.
remote-name-request-retry-delay (default: 300)

The duration to avoid retrying to resolve a peer’s name, if the previous try failed.

page-scan-type (default: #f)

BR/EDR Page scan activity type.

page-scan-interval (default: #f)

BR/EDR Page scan activity interval.

page-scan-window (default: #f)

BR/EDR Page scan activity window.

inquiry-scan-type (default: #f)

BR/EDR Inquiry scan activity type.

inquiry-scan-interval (default: #f)

BR/EDR Inquiry scan activity interval.

inquiry-scan-window (default: #f)

BR/EDR Inquiry scan activity window.

link-supervision-timeout (default: #f)

BR/EDR Link supervision timeout.

page-timeout (default: #f)

BR/EDR Page timeout.

min-sniff-interval (default: #f)

BR/EDR minimum sniff interval.

max-sniff-interval (default: #f)

BR/EDR maximum sniff interval.

min-advertisement-interval (default: #f)

LE minimum advertisement interval (used for legacy advertisement only).

max-advertisement-interval (default: #f)

LE maximum advertisement interval (used for legacy advertisement only).

multi-advertisement-rotation-interval (default: #f)

LE multiple advertisement rotation interval.

scan-interval-auto-connect (default: #f)

LE scanning interval used for passive scanning supporting auto connect.

scan-window-auto-connect (default: #f)

LE scanning window used for passive scanning supporting auto connect.

scan-interval-suspend (default: #f)

LE scanning interval used for active scanning supporting wake from suspend.

scan-window-suspend (default: #f)

LE scanning window used for active scanning supporting wake from suspend.

scan-interval-discovery (default: #f)

LE scanning interval used for active scanning supporting discovery.

scan-window-discovery (default: #f)

LE scanning window used for active scanning supporting discovery.

scan-interval-adv-monitor (default: #f)

LE scanning interval used for passive scanning supporting the advertisement monitor APIs.

scan-window-adv-monitor (default: #f)

LE scanning window used for passive scanning supporting the advertisement monitor APIs.

scan-interval-connect (default: #f)

LE scanning interval used for connection establishment.

scan-window-connect (default: #f)

LE scanning window used for connection establishment.

min-connection-interval (default: #f)

LE default minimum connection interval. This value is superceeded by any specific value provided via the Load Connection Parameters interface.

max-connection-interval (default: #f)

LE default maximum connection interval. This value is superceeded by any specific value provided via the Load Connection Parameters interface.

connection-latency (default: #f)

LE default connection latency. This value is superceeded by any specific value provided via the Load Connection Parameters interface.

connection-supervision-timeout (default: #f)

LE default connection supervision timeout. This value is superceeded by any specific value provided via the Load Connection Parameters interface.

autoconnect-timeout (default: #f)

LE default autoconnect timeout. This value is superceeded by any specific value provided via the Load Connection Parameters interface.

adv-mon-allowlist-scan-duration (default: 300)

Allowlist scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.

adv-mon-no-filter-scan-duration (default: 500)

No filter scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.

enable-adv-mon-interleave-scan? (default: #t)

Enable/Disable Advertisement Monitor interleave scan for power saving.

cache (default: 'always)

GATT attribute cache.

Possible values are:

  • 'always: Always cache attributes even for devices not paired, this is recommended as it is best for interoperability, with more consistent reconnection times and enables proper tracking of notifications for all devices
  • 'yes: Only cache attributes of paired devices
  • 'no: Never cache attributes.
key-size (default: 0)

Minimum required Encryption Key Size for accessing secured characteristics.

Possible values are:

  • 0: Don’t care
  • 7 <= N <= 16
exchange-mtu (default: 517)

Exchange MTU size. Possible values are:

  • 23 <= N <= 517
att-channels (default: 3)

Number of ATT channels. Possible values are:

  • 1: Disables EATT
  • 2 <= N <= 5
session-mode (default: 'basic)

AVDTP L2CAP signalling channel mode.

Possible values are:

  • 'basic: Use L2CAP basic mode
  • 'ertm: Use L2CAP enhanced retransmission mode.
stream-mode (default: 'basic)

AVDTP L2CAP transport channel mode.

Possible values are:

  • 'basic: Use L2CAP basic mode
  • 'streaming: Use L2CAP streaming mode.
reconnect-uuids (default: '())

The ReconnectUUIDs defines the set of remote services that should try to be reconnected to in case of a link loss (link supervision timeout). The policy plugin should contain a sane set of values by default, but this list can be overridden here. By setting the list to empty the reconnection feature gets disabled.

Possible values:

  • '()
  • (list (uuid <uuid-1>) (uuid <uuid-2>) ...).
reconnect-attempts (default: 7)

Defines the number of attempts to reconnect after a link lost. Setting the value to 0 disables reconnecting feature.

reconnect-intervals (default: '(1 2 4 8 16 32 64))

Defines a list of intervals in seconds to use in between attempts. If the number of attempts defined in reconnect-attempts is bigger than the list of intervals the last interval is repeated until the last attempt.

auto-enable? (default: #f)

Defines option to enable all controllers when they are found. This includes adapters present on start as well as adapters that are plugged in later on.

resume-delay (default: 2)

Audio devices that were disconnected due to suspend will be reconnected on resume. resume-delay determines the delay between when the controller resumes from suspend and a connection attempt is made. A longer delay is better for better co-existence with Wi-Fi. The value is in seconds.

rssi-sampling-period (default: #xFF)

Default RSSI Sampling Period. This is used when a client registers an advertisement monitor and leaves the RSSISamplingPeriod unset.

Possible values are:

  • #x0: Report all advertisements
  • N = #xXX: Report advertisements every N x 100 msec (range: #x01 to #xFE)
  • #xFF: Report only one advertisement per device during monitoring period.
Scheme Variable: gnome-keyring-service-type

This is the type of the service that adds the GNOME Keyring. Its value is a gnome-keyring-configuration object (see below).

This service adds the gnome-keyring package to the system profile and extends PAM with entries using pam_gnome_keyring.so, unlocking a user’s login keyring when they log in or setting its password with passwd.

Data Type: gnome-keyring-configuration

Configuration record for the GNOME Keyring service.

keyring (default: gnome-keyring)

The GNOME keyring package to use.

pam-services

A list of (service . kind) pairs denoting PAM services to extend, where service is the name of an existing service to extend and kind is one of login or passwd.

If login is given, it adds an optional pam_gnome_keyring.so to the auth block without arguments and to the session block with auto_start. If passwd is given, it adds an optional pam_gnome_keyring.so to the password block without arguments.

By default, this field contains “gdm-password” with the value login and “passwd” is with the value passwd.


Next: , Previous: , Up: Services   [Contents][Index]