Next: Sound Services, Previous: Printing Services, Up: Services [Contents][Index]
The (gnu services desktop)
module provides services that are
usually useful in the context of a “desktop” setup—that is, on a
machine running a graphical display server, possibly with graphical user
interfaces, etc. It also defines services that provide specific desktop
environments like GNOME, Xfce or MATE.
To simplify things, the module defines a variable containing the set of services that users typically expect on a machine with a graphical environment and networking:
This is a list of services that builds upon %base-services
and
adds or adjusts services for a typical “desktop” setup.
In particular, it adds a graphical login manager (see gdm-service-type
), screen lockers, a network management tool
(see network-manager-service-type
) with modem
support (see modem-manager-service-type
),
energy and color management services, the elogind
login and seat
manager, the Polkit privilege service, the GeoClue location service, the
AccountsService daemon that allows authorized users change system passwords,
an NTP client (see Networking Services), the Avahi daemon, and has the
name service switch service configured to be able to use nss-mdns
(see mDNS).
The %desktop-services
variable can be used as the services
field of an operating-system
declaration (see services
).
Additionally, the gnome-desktop-service-type
,
xfce-desktop-service
, mate-desktop-service-type
,
lxqt-desktop-service-type
and enlightenment-desktop-service-type
procedures can add GNOME, Xfce, MATE and/or Enlightenment to a system. To
“add GNOME” means that system-level services like the backlight adjustment
helpers and the power management utilities are added to the system, extending
polkit
and dbus
appropriately, allowing GNOME to operate with
elevated privileges on a limited number of special-purpose system interfaces.
Additionally, adding a service made by gnome-desktop-service-type
adds
the GNOME metapackage to the system profile. Likewise, adding the Xfce
service not only adds the xfce
metapackage to the system profile, but
it also gives the Thunar file manager the ability to open a “root-mode” file
management window, if the user authenticates using the administrator’s
password via the standard polkit graphical interface. To “add MATE” means
that polkit
and dbus
are extended appropriately, allowing MATE
to operate with elevated privileges on a limited number of special-purpose
system interfaces. Additionally, adding a service of type
mate-desktop-service-type
adds the MATE metapackage to the system
profile. “Adding Enlightenment” means that dbus
is extended
appropriately, and several of Enlightenment’s binaries are set as setuid,
allowing Enlightenment’s screen locker and other functionality to work as
expected.
The desktop environments in Guix use the Xorg display server by
default. If you’d like to use the newer display server protocol
called Wayland, you need to enable Wayland support in GDM
(see wayland-gdm). Another solution is to use the
sddm-service
instead of GDM as the graphical login manager.
You should then select the “GNOME (Wayland)” session in SDDM.
Alternatively you can also try starting GNOME on Wayland manually from a
TTY with the command “XDG_SESSION_TYPE=wayland exec dbus-run-session
gnome-session“. Currently only GNOME has support for Wayland.
This is the type of the service that adds the GNOME desktop environment. Its value is a gnome-desktop-configuration
object (see below).
This service adds the gnome
package to the system profile, and extends
polkit with the actions from gnome-settings-daemon
.
Configuration record for the GNOME desktop environment.
gnome
(default: gnome
)The GNOME package to use.
This is the type of a service to run the https://xfce.org/
desktop environment. Its value is an xfce-desktop-configuration
object
(see below).
This service adds the xfce
package to the system profile, and
extends polkit with the ability for thunar
to manipulate the file
system as root from within a user session, after the user has authenticated
with the administrator’s password.
Note that xfce4-panel
and its plugin packages should be installed in
the same profile to ensure compatibility. When using this service, you should
add extra plugins (xfce4-whiskermenu-plugin
,
xfce4-weather-plugin
, etc.) to the packages
field of your
operating-system
.
Configuration record for the Xfce desktop environment.
xfce
(default: xfce
)The Xfce package to use.
This is the type of the service that runs the MATE desktop environment. Its value is a mate-desktop-configuration
object (see below).
This service adds the mate
package to the system
profile, and extends polkit with the actions from
mate-settings-daemon
.
Configuration record for the MATE desktop environment.
mate
(default: mate
)The MATE package to use.
This is the type of the service that runs the LXQt desktop environment. Its value is a lxqt-desktop-configuration
object (see below).
This service adds the lxqt
package to the system
profile.
Configuration record for the LXQt desktop environment.
lxqt
(default: lxqt
)The LXQT package to use.
Return a service that adds the enlightenment
package to the system
profile, and extends dbus with actions from efl
.
enlightenment
(default: enlightenment
)The enlightenment package to use.
Because the GNOME, Xfce and MATE desktop services pull in so many packages,
the default %desktop-services
variable doesn’t include any of
them by default. To add GNOME, Xfce or MATE, just cons
them onto
%desktop-services
in the services
field of your
operating-system
:
(use-modules (gnu)) (use-service-modules desktop) (operating-system ... ;; cons* adds items to the list given as its last argument. (services (cons* (service gnome-desktop-service-type) (service xfce-desktop-service) %desktop-services)) ...)
These desktop environments will then be available as options in the graphical login window.
The actual service definitions included in %desktop-services
and
provided by (gnu services dbus)
and (gnu services desktop)
are described below.
Return a service that runs the “system bus”, using dbus, with
support for services. When verbose? is true, it causes the
‘DBUS_VERBOSE’ environment variable to be set to ‘1’; a
verbose-enabled D-Bus package such as dbus-verbose
should be
provided as dbus in this scenario. The verbose output is logged
to /var/log/dbus-daemon.log.
D-Bus is an inter-process communication facility. Its system bus is used to allow system services to communicate and to be notified of system-wide events.
services must be a list of packages that provide an
etc/dbus-1/system.d directory containing additional D-Bus configuration
and policy files. For example, to allow avahi-daemon to use the system bus,
services must be equal to (list avahi)
.
Return a service that runs the elogind
login and
seat management daemon. Elogind exposes a D-Bus interface that can be used to know which users
are logged in, know what kind of sessions they have open, suspend the
system, inhibit system suspend, reboot the system, and other tasks.
Elogind handles most system-level power events for a computer, for example suspending the system when a lid is closed, or shutting it down when the power button is pressed.
The config keyword argument specifies the configuration for
elogind, and should be the result of an (elogind-configuration
(parameter value)...)
invocation. Available parameters and
their default values are:
kill-user-processes?
#f
kill-only-users
()
kill-exclude-users
("root")
inhibit-delay-max-seconds
5
handle-power-key
poweroff
handle-suspend-key
suspend
handle-hibernate-key
hibernate
handle-lid-switch
suspend
handle-lid-switch-docked
ignore
handle-lid-switch-external-power
*unspecified*
power-key-ignore-inhibited?
#f
suspend-key-ignore-inhibited?
#f
hibernate-key-ignore-inhibited?
#f
lid-switch-ignore-inhibited?
#t
holdoff-timeout-seconds
30
idle-action
ignore
idle-action-seconds
(* 30 60)
runtime-directory-size-percent
10
runtime-directory-size
#f
remove-ipc?
#t
suspend-state
("mem" "standby" "freeze")
suspend-mode
()
hibernate-state
("disk")
hibernate-mode
("platform" "shutdown")
hybrid-sleep-state
("disk")
hybrid-sleep-mode
("suspend" "platform" "shutdown")
Return a service that runs AccountsService, a system service that can list available accounts, change their passwords, and so on. AccountsService integrates with PolicyKit to enable unprivileged users to acquire the capability to modify their system configuration. the accountsservice web site for more information.
The accountsservice keyword argument is the accountsservice
package to expose as a service.
Return a service that runs the Polkit privilege management service, which allows system administrators to grant access to privileged operations in a structured way. By querying the Polkit service, a privileged system component can know when it should grant additional capabilities to ordinary users. For example, an ordinary user can be granted the capability to suspend the system if the user is logged in locally.
Service that adds the wheel
group as admins to the Polkit
service. This makes it so that users in the wheel
group are queried
for their own passwords when performing administrative actions instead of
root
’s, similar to the behaviour used by sudo
.
Service that runs upowerd
, a
system-wide monitor for power consumption and battery levels, with the given
configuration settings.
It implements the org.freedesktop.UPower
D-Bus interface, and is
notably used by GNOME.
Data type representation the configuration for UPower.
upower
(default: upower)Package to use for upower
.
watts-up-pro?
(default: #f
)Enable the Watts Up Pro device.
poll-batteries?
(default: #t
)Enable polling the kernel for battery level changes.
ignore-lid?
(default: #f
)Ignore the lid state, this can be useful if it’s incorrect on a device.
use-percentage-for-policy?
(default: #t
)Whether to use a policy based on battery percentage rather than on estimated time left. A policy based on battery percentage is usually more reliable.
percentage-low
(default: 20
)When use-percentage-for-policy?
is #t
, this sets the percentage
at which the battery is considered low.
percentage-critical
(default: 5
)When use-percentage-for-policy?
is #t
, this sets the percentage
at which the battery is considered critical.
percentage-action
(default: 2
)When use-percentage-for-policy?
is #t
, this sets the percentage
at which action will be taken.
time-low
(default: 1200
)When use-time-for-policy?
is #f
, this sets the time remaining in
seconds at which the battery is considered low.
time-critical
(default: 300
)When use-time-for-policy?
is #f
, this sets the time remaining in
seconds at which the battery is considered critical.
time-action
(default: 120
)When use-time-for-policy?
is #f
, this sets the time remaining in
seconds at which action will be taken.
critical-power-action
(default: 'hybrid-sleep
)The action taken when percentage-action
or time-action
is
reached (depending on the configuration of use-percentage-for-policy?
).
Possible values are:
'power-off
'hibernate
'hybrid-sleep
.
Return a service for UDisks, a disk management daemon that provides user interfaces
with notifications and ways to mount/unmount disks. Programs that talk
to UDisks include the udisksctl
command, part of UDisks, and
GNOME Disks. Note that Udisks relies on the mount
command, so
it will only be able to use the file-system utilities installed in the
system profile. For example if you want to be able to mount NTFS
file-systems in read and write fashion, you’ll need to have
ntfs-3g
installed system-wide.
This is the type of the service that runs colord
, a system
service with a D-Bus
interface to manage the color profiles of input and output devices such as
screens and scanners. It is notably used by the GNOME Color Manager graphical
tool. See the colord web
site for more information.
This service provides access to scanners via
SANE by installing the necessary
udev rules. It is included in %desktop-services
(see Desktop Services) and relies by default on sane-backends-minimal
package
(see below) for hardware support.
The default package which the sane-service-type
installs. It
supports many recent scanners.
This package includes support for all scanners that
sane-backends-minimal
supports, plus older Hewlett-Packard
scanners supported by hplip
package. In order to use this on
a system which relies on %desktop-services
, you may use
modify-services
(see modify-services
) as illustrated below:
(use-modules (gnu)) (use-service-modules … desktop) (use-package-modules … scanner) (define %my-desktop-services ;; List of desktop services that supports a broader range of scanners. (modify-services %desktop-services (sane-service-type _ => sane-backends))) (operating-system … (services %my-desktop-services))
Return a configuration allowing an application to access GeoClue
location data. name is the Desktop ID of the application, without
the .desktop
part. If allowed? is true, the application
will have access to location information by default. The boolean
system? value indicates whether an application is a system component
or not. Finally users is a list of UIDs of all users for which
this application is allowed location info access. An empty users list
means that all users are allowed.
The standard list of well-known GeoClue application configurations, granting authority to the GNOME date-and-time utility to ask for the current location in order to set the time zone, and allowing the IceCat and Epiphany web browsers to request location information. IceCat and Epiphany both query the user before allowing a web page to know the user’s location.
[#:wifi-submission-url "https://location.services.mozilla.com/v1/submit?key=geoclue"] [#:submission-nick "geoclue"] [#:applications %standard-geoclue-applications] Return a service that runs the GeoClue location service. This service provides a D-Bus interface to allow applications to request access to a user’s physical location, and optionally to add information to online location databases. See the GeoClue web site for more information.
Return a service that runs the bluetoothd
daemon, which
manages all the Bluetooth devices and provides a number of D-Bus
interfaces. When AUTO-ENABLE? is true, the bluetooth controller is
powered automatically at boot, which can be useful when using a
bluetooth keyboard or mouse.
Users need to be in the lp
group to access the D-Bus service.
This is the type for the Linux Bluetooth Protocol
Stack (BlueZ) system, which generates the /etc/bluetooth/main.conf
configuration file. The value for this type is a bluetooth-configuration
record as in this example:
See below for details about bluetooth-configuration
.
Data type representing the configuration for bluetooth-service
.
bluez
(default: bluez
)bluez
package to use.
name
(default: "BlueZ"
)Default adapter name.
class
(default: #x000000
)Default device class. Only the major and minor device class bits are considered.
discoverable-timeout
(default: 180
)How long to stay in discoverable mode before going back to non-discoverable. The value is in seconds.
always-pairable?
(default: #f
)Always allow pairing even if there are no agents registered.
pairable-timeout
(default: 0
)How long to stay in pairable mode before going back to non-discoverable. The value is in seconds.
device-id
(default: #f
)Use vendor id source (assigner), vendor, product and version information for DID profile support. The values are separated by ":" and assigner, VID, PID and version.
Possible values are:
#f
to disable it,
"assigner:1234:5678:abcd"
, where assigner is either usb
(default)
or bluetooth
.
reverse-service-discovery?
(default: #t
)Do reverse service discovery for previously unknown devices that connect to us. For BR/EDR this option is really only needed for qualification since the BITE tester doesn’t like us doing reverse SDP for some test cases, for LE this disables the GATT client functionally so it can be used in system which can only operate as peripheral.
name-resolving?
(default: #t
)Enable name resolving after inquiry. Set it to #f
if you don’t need
remote devices name and want shorter discovery cycle.
debug-keys?
(default: #f
)Enable runtime persistency of debug link keys. Default is false which makes debug link keys valid only for the duration of the connection that they were created for.
controller-mode
(default: 'dual
)Restricts all controllers to the specified transport. 'dual
means both
BR/EDR and LE are enabled (if supported by the hardware).
Possible values are:
'dual
'bredr
'le
multi-profile
(default: 'off
)Enables Multi Profile Specification support. This allows to specify if system supports only Multiple Profiles Single Device (MPSD) configuration or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple Devices (MPMD) configurations.
Possible values are:
'off
'single
'multiple
fast-connectable?
(default: #f
)Permanently enables the Fast Connectable setting for adapters that support it. When enabled other devices can connect faster to us, however the tradeoff is increased power consumptions. This feature will fully work only on kernel version 4.1 and newer.
privacy
(default: 'off
)Default privacy settings.
'off
: Disable local privacy
'network/on
: A device will only accept advertising packets from peer
devices that contain private addresses. It may not be compatible with some
legacy devices since it requires the use of RPA(s) all the time
'device
: A device in device privacy mode is only concerned about the
privacy of the device and will accept advertising packets from peer devices
that contain their Identity Address as well as ones that contain a private
address, even if the peer device has distributed its IRK in the past
and additionally, if controller-mode is set to 'dual
:
'limited-network
: Apply Limited Discoverable Mode to advertising, which
follows the same policy as to BR/EDR that publishes the identity address when
discoverable, and Network Privacy Mode for scanning
'limited-device
: Apply Limited Discoverable Mode to advertising, which
follows the same policy as to BR/EDR that publishes the identity address when
discoverable, and Device Privacy Mode for scanning.
just-works-repairing
(default: 'never
)Specify the policy to the JUST-WORKS repairing initiated by peer.
Possible values:
'never
'confirm
'always
temporary-timeout
(default: 30
)How long to keep temporary devices around. The value is in seconds. 0
disables the timer completely.
refresh-discovery?
(default: #t
)Enables the device to issue an SDP request to update known services when profile is connected.
experimental
(default: #f
)Enables experimental features and interfaces, alternatively a list of UUIDs can be given.
Possible values:
#t
#f
(list (uuid <uuid-1>) (uuid <uuid-2>) ...)
.
List of possible UUIDs:
d4992530-b9ec-469f-ab01-6c481c47da1c
: BlueZ Experimental Debug,
671b10b5-42c0-4696-9227-eb28d1b049d6
: BlueZ Experimental Simultaneous Central and Peripheral,
"15c0a148-c273-11ea-b3de-0242ac130004
: BlueZ Experimental LL privacy,
330859bc-7506-492d-9370-9a6f0614037f
: BlueZ Experimental Bluetooth Quality Report,
a6695ace-ee7f-4fb9-881a-5fac66c629af
: BlueZ Experimental Offload Codecs.
remote-name-request-retry-delay
(default: 300
)The duration to avoid retrying to resolve a peer’s name, if the previous try failed.
page-scan-type
(default: #f
)BR/EDR Page scan activity type.
page-scan-interval
(default: #f
)BR/EDR Page scan activity interval.
page-scan-window
(default: #f
)BR/EDR Page scan activity window.
inquiry-scan-type
(default: #f
)BR/EDR Inquiry scan activity type.
inquiry-scan-interval
(default: #f
)BR/EDR Inquiry scan activity interval.
inquiry-scan-window
(default: #f
)BR/EDR Inquiry scan activity window.
link-supervision-timeout
(default: #f
)BR/EDR Link supervision timeout.
page-timeout
(default: #f
)BR/EDR Page timeout.
min-sniff-interval
(default: #f
)BR/EDR minimum sniff interval.
max-sniff-interval
(default: #f
)BR/EDR maximum sniff interval.
min-advertisement-interval
(default: #f
)LE minimum advertisement interval (used for legacy advertisement only).
max-advertisement-interval
(default: #f
)LE maximum advertisement interval (used for legacy advertisement only).
multi-advertisement-rotation-interval
(default: #f
)LE multiple advertisement rotation interval.
scan-interval-auto-connect
(default: #f
)LE scanning interval used for passive scanning supporting auto connect.
scan-window-auto-connect
(default: #f
)LE scanning window used for passive scanning supporting auto connect.
scan-interval-suspend
(default: #f
)LE scanning interval used for active scanning supporting wake from suspend.
scan-window-suspend
(default: #f
)LE scanning window used for active scanning supporting wake from suspend.
scan-interval-discovery
(default: #f
)LE scanning interval used for active scanning supporting discovery.
scan-window-discovery
(default: #f
)LE scanning window used for active scanning supporting discovery.
scan-interval-adv-monitor
(default: #f
)LE scanning interval used for passive scanning supporting the advertisement monitor APIs.
scan-window-adv-monitor
(default: #f
)LE scanning window used for passive scanning supporting the advertisement monitor APIs.
scan-interval-connect
(default: #f
)LE scanning interval used for connection establishment.
scan-window-connect
(default: #f
)LE scanning window used for connection establishment.
min-connection-interval
(default: #f
)LE default minimum connection interval. This value is superseded by any specific value provided via the Load Connection Parameters interface.
max-connection-interval
(default: #f
)LE default maximum connection interval. This value is superseded by any specific value provided via the Load Connection Parameters interface.
connection-latency
(default: #f
)LE default connection latency. This value is superseded by any specific value provided via the Load Connection Parameters interface.
connection-supervision-timeout
(default: #f
)LE default connection supervision timeout. This value is superseded by any specific value provided via the Load Connection Parameters interface.
autoconnect-timeout
(default: #f
)LE default autoconnect timeout. This value is superseded by any specific value provided via the Load Connection Parameters interface.
adv-mon-allowlist-scan-duration
(default: 300
)Allowlist scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.
adv-mon-no-filter-scan-duration
(default: 500
)No filter scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.
enable-adv-mon-interleave-scan?
(default: #t
)Enable/Disable Advertisement Monitor interleave scan for power saving.
cache
(default: 'always
)GATT attribute cache.
Possible values are:
'always
: Always cache attributes even for devices not paired, this is
recommended as it is best for interoperability, with more consistent
reconnection times and enables proper tracking of notifications for all
devices
'yes
: Only cache attributes of paired devices
'no
: Never cache attributes.
key-size
(default: 0
)Minimum required Encryption Key Size for accessing secured characteristics.
Possible values are:
0
: Don’t care
7 <= N <= 16
exchange-mtu
(default: 517
)Exchange MTU size. Possible values are:
23 <= N <= 517
att-channels
(default: 3
)Number of ATT channels. Possible values are:
1
: Disables EATT
2 <= N <= 5
session-mode
(default: 'basic
)AVDTP L2CAP signalling channel mode.
Possible values are:
'basic
: Use L2CAP basic mode
'ertm
: Use L2CAP enhanced retransmission mode.
stream-mode
(default: 'basic
)AVDTP L2CAP transport channel mode.
Possible values are:
'basic
: Use L2CAP basic mode
'streaming
: Use L2CAP streaming mode.
reconnect-uuids
(default: '()
)The ReconnectUUIDs defines the set of remote services that should try to be reconnected to in case of a link loss (link supervision timeout). The policy plugin should contain a sane set of values by default, but this list can be overridden here. By setting the list to empty the reconnection feature gets disabled.
Possible values:
'()
(list (uuid <uuid-1>) (uuid <uuid-2>) ...)
.
reconnect-attempts
(default: 7
)Defines the number of attempts to reconnect after a link lost. Setting the value to 0 disables reconnecting feature.
reconnect-intervals
(default: '(1 2 4 8 16 32 64)
)Defines a list of intervals in seconds to use in between attempts. If the number of attempts defined in reconnect-attempts is bigger than the list of intervals the last interval is repeated until the last attempt.
auto-enable?
(default: #f
)Defines option to enable all controllers when they are found. This includes adapters present on start as well as adapters that are plugged in later on.
resume-delay
(default: 2
)Audio devices that were disconnected due to suspend will be reconnected on resume. resume-delay determines the delay between when the controller resumes from suspend and a connection attempt is made. A longer delay is better for better co-existence with Wi-Fi. The value is in seconds.
rssi-sampling-period
(default: #xFF
)Default RSSI Sampling Period. This is used when a client registers an advertisement monitor and leaves the RSSISamplingPeriod unset.
Possible values are:
#x0
: Report all advertisements
N = #xXX
: Report advertisements every N x 100 msec (range: #x01 to #xFE)
#xFF
: Report only one advertisement per device during monitoring period.
This is the type of the service that adds the
GNOME Keyring. Its
value is a gnome-keyring-configuration
object (see below).
This service adds the gnome-keyring
package to the system profile
and extends PAM with entries using pam_gnome_keyring.so
, unlocking
a user’s login keyring when they log in or setting its password with passwd.
Configuration record for the GNOME Keyring service.
keyring
(default: gnome-keyring
)The GNOME keyring package to use.
pam-services
A list of (service . kind)
pairs denoting PAM
services to extend, where service is the name of an existing
service to extend and kind is one of login
or
passwd
.
If login
is given, it adds an optional
pam_gnome_keyring.so
to the auth block without arguments and to
the session block with auto_start
. If passwd
is given, it
adds an optional pam_gnome_keyring.so
to the password block
without arguments.
By default, this field contains “gdm-password” with the value login
and “passwd” is with the value passwd
.
seatd is a minimal seat management daemon.
Seat management takes care of mediating access to shared devices (graphics, input), without requiring the applications needing access to be root.
(append
(list
;; make sure seatd is running
(service seatd-service-type))
;; normally one would want %base-services
%base-services)
seatd
operates over a UNIX domain socket, with libseat
providing the client side of the protocol. Applications that acquire
access to the shared resources via seatd
(e.g. sway
)
need to be able to talk to this socket.
This can be achieved by adding the user they run under to the group
owning seatd
’s socket (usually “seat”), like so:
(user-account
(name "alice")
(group "users")
(supplementary-groups '("wheel" ; allow use of sudo, etc.
"seat" ; seat management
"audio" ; sound card
"video" ; video devices such as webcams
"cdrom")) ; the good ol' CD-ROM
(comment "Bob's sister"))
Depending on your setup, you will have to not only add regular users, but also system users to this group. For instance, some greetd greeters require graphics and therefore also need to negotiate with seatd.
Configuration record for the seatd daemon service.
seatd
(default: seatd
)The seatd package to use.
group
(default: ‘"seat"’)Group to own the seatd socket.
socket
(default: ‘"/run/seatd.sock"’)Where to create the seatd socket.
logfile
(default: ‘"/var/log/seatd.log"’)Log file to write to.
loglevel
(default: ‘"error"’)Log level to output logs. Possible values: ‘"silent"’, ‘"error"’, ‘"info"’ and ‘"debug"’.
Next: Sound Services, Previous: Printing Services, Up: Services [Contents][Index]