The (gnu services desktop)
module provides services that are usually
useful in the context of a “desktop” setup—that is, on a machine running
a graphical display server, possibly with graphical user interfaces, etc.
It also defines services that provide specific desktop environments like
GNOME, Xfce or MATE.
To simplify things, the module defines a variable containing the set of services that users typically expect on a machine with a graphical environment and networking:
This is a list of services that builds upon %base-services
and adds
or adjusts services for a typical “desktop” setup.
In particular, it adds a graphical login manager (see gdm-service-type
), screen lockers, a network management tool
(see network-manager-service-type
) with
modem support (see modem-manager-service-type
), energy and color management services,
the elogind
login and seat manager, the Polkit privilege service, the
GeoClue location service, the AccountsService daemon that allows authorized
users change system passwords, an NTP client (see 网络服务),
the Avahi daemon, and has the name service switch service configured to be
able to use nss-mdns
(see mDNS).
The %desktop-services
variable can be used as the services
field of an operating-system
declaration (see services
).
Additionally, the gnome-desktop-service-type
,
xfce-desktop-service
, mate-desktop-service-type
,
lxqt-desktop-service-type
and
enlightenment-desktop-service-type
procedures can add GNOME, Xfce,
MATE and/or Enlightenment to a system. To “add GNOME” means that
system-level services like the backlight adjustment helpers and the power
management utilities are added to the system, extending polkit
and
dbus
appropriately, allowing GNOME to operate with elevated
privileges on a limited number of special-purpose system interfaces.
Additionally, adding a service made by gnome-desktop-service-type
adds the GNOME metapackage to the system profile. Likewise, adding the Xfce
service not only adds the xfce
metapackage to the system profile, but
it also gives the Thunar file manager the ability to open a “root-mode”
file management window, if the user authenticates using the administrator’s
password via the standard polkit graphical interface. To “add MATE” means
that polkit
and dbus
are extended appropriately, allowing MATE
to operate with elevated privileges on a limited number of special-purpose
system interfaces. Additionally, adding a service of type
mate-desktop-service-type
adds the MATE metapackage to the system
profile. “Adding Enlightenment” means that dbus
is extended
appropriately, and several of Enlightenment’s binaries are set as setuid,
allowing Enlightenment’s screen locker and other functionality to work as
expected.
The desktop environments in Guix use the Xorg display server by default. If
you’d like to use the newer display server protocol called Wayland, you need
to enable Wayland support in GDM (see wayland-gdm). Another solution is
to use the sddm-service
instead of GDM as the graphical login
manager. You should then select the “GNOME (Wayland)” session in SDDM.
Alternatively you can also try starting GNOME on Wayland manually from a TTY
with the command “XDG_SESSION_TYPE=wayland exec dbus-run-session
gnome-session“. Currently only GNOME has support for Wayland.
This is the type of the service that adds the GNOME desktop environment. Its value is a
gnome-desktop-configuration
object (see below).
This service adds the gnome
package to the system profile, and
extends polkit with the actions from gnome-settings-daemon
.
Configuration record for the GNOME desktop environment.
gnome
(默认值:gnome
)The GNOME package to use.
This is the type of a service to run the https://xfce.org/
desktop environment. Its value is an xfce-desktop-configuration
object (see below).
This service adds the xfce
package to the system profile, and extends
polkit with the ability for thunar
to manipulate the file system as
root from within a user session, after the user has authenticated with the
administrator’s password.
Note that xfce4-panel
and its plugin packages should be installed in
the same profile to ensure compatibility. When using this service, you
should add extra plugins (xfce4-whiskermenu-plugin
,
xfce4-weather-plugin
, etc.) to the packages
field of your
operating-system
.
Configuration record for the Xfce desktop environment.
xfce
(默认值:xfce
)The Xfce package to use.
This is the type of the service that runs the
MATE desktop environment. Its value is a
mate-desktop-configuration
object (see below).
This service adds the mate
package to the system profile, and extends
polkit with the actions from mate-settings-daemon
.
Configuration record for the MATE desktop environment.
mate
(默认值:mate
)The MATE package to use.
This is the type of the service that runs the
LXQt desktop environment. Its value is a
lxqt-desktop-configuration
object (see below).
This service adds the lxqt
package to the system profile.
Configuration record for the LXQt desktop environment.
lxqt
(default: lxqt
)The LXQT package to use.
Return a service that adds the enlightenment
package to the system
profile, and extends dbus with actions from efl
.
enlightenment
(默认值:enlightenment
)The enlightenment package to use.
Because the GNOME, Xfce and MATE desktop services pull in so many packages,
the default %desktop-services
variable doesn’t include any of them by
default. To add GNOME, Xfce or MATE, just cons
them onto
%desktop-services
in the services
field of your
operating-system
:
(use-modules (gnu)) (use-service-modules desktop) (operating-system ... ;; cons* adds items to the list given as its last argument. (services (cons* (service gnome-desktop-service-type) (service xfce-desktop-service) %desktop-services)) ...)
These desktop environments will then be available as options in the graphical login window.
The actual service definitions included in %desktop-services
and
provided by (gnu services dbus)
and (gnu services desktop)
are
described below.
dbus, with support for services. When verbose? is true,
it causes the ‘DBUS_VERBOSE’ environment variable to be set to
‘1’; a verbose-enabled D-Bus package such as dbus-verbose
should
be provided as dbus in this scenario. The verbose output is logged to
/var/log/dbus-daemon.log.
D-Bus is an inter-process communication facility. Its system bus is used to allow system services to communicate and to be notified of system-wide events.
services must be a list of packages that provide an
etc/dbus-1/system.d directory containing additional D-Bus
configuration and policy files. For example, to allow avahi-daemon to use
the system bus, services must be equal to (list avahi)
.
Return a service that runs the elogind
login and seat management
daemon. Elogind exposes a D-Bus
interface that can be used to know which users are logged in, know what kind
of sessions they have open, suspend the system, inhibit system suspend,
reboot the system, and other tasks.
Elogind handles most system-level power events for a computer, for example suspending the system when a lid is closed, or shutting it down when the power button is pressed.
The config keyword argument specifies the configuration for elogind,
and should be the result of an (elogind-configuration (parameter
value)...)
invocation. Available parameters and their default values
are:
kill-user-processes?
#f
kill-only-users
()
kill-exclude-users
("root")
inhibit-delay-max-seconds
5
handle-power-key
poweroff
handle-suspend-key
suspend
handle-hibernate-key
hibernate
handle-lid-switch
suspend
handle-lid-switch-docked
ignore
handle-lid-switch-external-power
*unspecified*
power-key-ignore-inhibited?
#f
suspend-key-ignore-inhibited?
#f
hibernate-key-ignore-inhibited?
#f
lid-switch-ignore-inhibited?
#t
holdoff-timeout-seconds
30
idle-action
ignore
idle-action-seconds
(* 30 60)
runtime-directory-size-percent
10
runtime-directory-size
#f
remove-ipc?
#t
suspend-state
("mem" "standby" "freeze")
suspend-mode
()
hibernate-state
("disk")
hibernate-mode
("platform" "shutdown")
hybrid-sleep-state
("disk")
hybrid-sleep-mode
("suspend" "platform" "shutdown")
AccountsService, a system service that can list available accounts, change their passwords, and so on. AccountsService integrates with PolicyKit to enable unprivileged users to acquire the capability to modify their system configuration. the accountsservice web site for more information.
The accountsservice keyword argument is the accountsservice
package to expose as a service.
Polkit privilege management service, which allows system administrators to grant access to privileged operations in a structured way. By querying the Polkit service, a privileged system component can know when it should grant additional capabilities to ordinary users. For example, an ordinary user can be granted the capability to suspend the system if the user is logged in locally.
Service that adds the wheel
group as admins to the Polkit service.
This makes it so that users in the wheel
group are queried for their
own passwords when performing administrative actions instead of
root
’s, similar to the behaviour used by sudo
.
Service that runs upowerd
,
a system-wide monitor for power consumption and battery levels, with the
given configuration settings.
It implements the org.freedesktop.UPower
D-Bus interface, and is
notably used by GNOME.
Data type representation the configuration for UPower.
upower
(default: upower)Package to use for upower
.
watts-up-pro?
(default: #f
)Enable the Watts Up Pro device.
poll-batteries?
(default: #t
)Enable polling the kernel for battery level changes.
ignore-lid?
(default: #f
)Ignore the lid state, this can be useful if it’s incorrect on a device.
use-percentage-for-policy?
(default: #t
)Whether to use a policy based on battery percentage rather than on estimated time left. A policy based on battery percentage is usually more reliable.
percentage-low
(default: 20
)When use-percentage-for-policy?
is #t
, this sets the
percentage at which the battery is considered low.
percentage-critical
(default: 5
)When use-percentage-for-policy?
is #t
, this sets the
percentage at which the battery is considered critical.
percentage-action
(default: 2
)When use-percentage-for-policy?
is #t
, this sets the
percentage at which action will be taken.
time-low
(default: 1200
)When use-time-for-policy?
is #f
, this sets the time remaining
in seconds at which the battery is considered low.
time-critical
(default: 300
)When use-time-for-policy?
is #f
, this sets the time remaining
in seconds at which the battery is considered critical.
time-action
(default: 120
)When use-time-for-policy?
is #f
, this sets the time remaining
in seconds at which action will be taken.
critical-power-action
(default: 'hybrid-sleep
)The action taken when percentage-action
or time-action
is
reached (depending on the configuration of
use-percentage-for-policy?
).
Possible values are:
'power-off
'hibernate
'hybrid-sleep
.
Return a service for UDisks, a disk management daemon that provides user interfaces with
notifications and ways to mount/unmount disks. Programs that talk to UDisks
include the udisksctl
command, part of UDisks, and GNOME Disks.
Note that Udisks relies on the mount
command, so it will only be
able to use the file-system utilities installed in the system profile. For
example if you want to be able to mount NTFS file-systems in read and write
fashion, you’ll need to have ntfs-3g
installed system-wide.
This is the type of the service that runs colord
, a system service
with a D-Bus interface to manage the color profiles of input and output
devices such as screens and scanners. It is notably used by the GNOME Color
Manager graphical tool. See
the colord web site for
more information.
This service provides access to scanners via
SANE by installing the necessary udev
rules. It is included in %desktop-services
(see 桌面服务) and relies by default on sane-backends-minimal
package
(see below) for hardware support.
The default package which the sane-service-type
installs. It
supports many recent scanners.
This package includes support for all scanners that
sane-backends-minimal
supports, plus older Hewlett-Packard scanners
supported by hplip
package. In order to use this on a system which
relies on %desktop-services
, you may use modify-services
(see modify-services
) as illustrated below:
(use-modules (gnu)) (use-service-modules … desktop) (use-package-modules … scanner) (define %my-desktop-services ;; List of desktop services that supports a broader range of scanners. (modify-services %desktop-services (sane-service-type _ => sane-backends))) (operating-system … (services %my-desktop-services))
Return a configuration allowing an application to access GeoClue location
data. name is the Desktop ID of the application, without the
.desktop
part. If allowed? is true, the application will have
access to location information by default. The boolean system? value
indicates whether an application is a system component or not. Finally
users is a list of UIDs of all users for which this application is
allowed location info access. An empty users list means that all users are
allowed.
The standard list of well-known GeoClue application configurations, granting authority to the GNOME date-and-time utility to ask for the current location in order to set the time zone, and allowing the IceCat and Epiphany web browsers to request location information. IceCat and Epiphany both query the user before allowing a web page to know the user’s location.
"https://location.services.mozilla.com/v1/geolocate?key=geoclue"] [#:submit-data? #f] [#:wifi-submission-url "https://location.services.mozilla.com/v1/submit?key=geoclue"] [#:submission-nick "geoclue"] [#:applications %standard-geoclue-applications] Return a service that runs the GeoClue location service. This service provides a D-Bus interface to allow applications to request access to a user’s physical location, and optionally to add information to online location databases. See the GeoClue web site for more information.
bluetoothd
daemon, which manages all the Bluetooth devices and provides a number of D-Bus interfaces. When AUTO-ENABLE? is true, the bluetooth controller is powered automatically at boot, which can be useful when using a bluetooth keyboard or mouse.
Users need to be in the lp
group to access the D-Bus service.
This is the type for the Linux Bluetooth Protocol
Stack (BlueZ) system, which generates the /etc/bluetooth/main.conf
configuration file. The value for this type is a
bluetooth-configuration
record as in this example:
(service bluetooth-service-type)
See below for details about bluetooth-configuration
.
Data type representing the configuration for bluetooth-service
.
bluez
(default: bluez
)bluez
package to use.
name
(default: "BlueZ"
)Default adapter name.
class
(default: #x000000
)Default device class. Only the major and minor device class bits are considered.
discoverable-timeout
(default: 180
)How long to stay in discoverable mode before going back to non-discoverable. The value is in seconds.
always-pairable?
(default: #f
)Always allow pairing even if there are no agents registered.
pairable-timeout
(default: 0
)How long to stay in pairable mode before going back to non-discoverable. The value is in seconds.
device-id
(default: #f
)Use vendor id source (assigner), vendor, product and version information for DID profile support. The values are separated by ":" and assigner, VID, PID and version.
Possible values are:
#f
to disable it,
"assigner:1234:5678:abcd"
, where assigner is either usb
(default) or bluetooth
.
reverse-service-discovery?
(default: #t
)Do reverse service discovery for previously unknown devices that connect to us. For BR/EDR this option is really only needed for qualification since the BITE tester doesn’t like us doing reverse SDP for some test cases, for LE this disables the GATT client functionally so it can be used in system which can only operate as peripheral.
name-resolving?
(default: #t
)Enable name resolving after inquiry. Set it to #f
if you don’t need
remote devices name and want shorter discovery cycle.
debug-keys?
(default: #f
)Enable runtime persistency of debug link keys. Default is false which makes debug link keys valid only for the duration of the connection that they were created for.
controller-mode
(default: 'dual
)Restricts all controllers to the specified transport. 'dual
means
both BR/EDR and LE are enabled (if supported by the hardware).
Possible values are:
'dual
'bredr
'le
multi-profile
(default: 'off
)Enables Multi Profile Specification support. This allows to specify if system supports only Multiple Profiles Single Device (MPSD) configuration or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple Devices (MPMD) configurations.
Possible values are:
'off
'single
'multiple
fast-connectable?
(default: #f
)Permanently enables the Fast Connectable setting for adapters that support it. When enabled other devices can connect faster to us, however the tradeoff is increased power consumptions. This feature will fully work only on kernel version 4.1 and newer.
privacy
(default: 'off
)Default privacy settings.
'off
: Disable local privacy
'network/on
: A device will only accept advertising packets from peer
devices that contain private addresses. It may not be compatible with some
legacy devices since it requires the use of RPA(s) all the time
'device
: A device in device privacy mode is only concerned about the
privacy of the device and will accept advertising packets from peer devices
that contain their Identity Address as well as ones that contain a private
address, even if the peer device has distributed its IRK in the past
and additionally, if controller-mode is set to 'dual
:
'limited-network
: Apply Limited Discoverable Mode to advertising,
which follows the same policy as to BR/EDR that publishes the identity
address when discoverable, and Network Privacy Mode for scanning
'limited-device
: Apply Limited Discoverable Mode to advertising,
which follows the same policy as to BR/EDR that publishes the identity
address when discoverable, and Device Privacy Mode for scanning.
just-works-repairing
(default: 'never
)Specify the policy to the JUST-WORKS repairing initiated by peer.
Possible values:
'never
'confirm
'always
temporary-timeout
(default: 30
)How long to keep temporary devices around. The value is in seconds. 0
disables the timer completely.
refresh-discovery?
(default: #t
)Enables the device to issue an SDP request to update known services when profile is connected.
experimental
(default: #f
)Enables experimental features and interfaces, alternatively a list of UUIDs can be given.
Possible values:
#t
#f
(list (uuid <uuid-1>) (uuid <uuid-2>) ...)
.
List of possible UUIDs:
d4992530-b9ec-469f-ab01-6c481c47da1c
: BlueZ Experimental Debug,
671b10b5-42c0-4696-9227-eb28d1b049d6
: BlueZ Experimental Simultaneous
Central and Peripheral,
"15c0a148-c273-11ea-b3de-0242ac130004
: BlueZ Experimental LL privacy,
330859bc-7506-492d-9370-9a6f0614037f
: BlueZ Experimental Bluetooth
Quality Report,
a6695ace-ee7f-4fb9-881a-5fac66c629af
: BlueZ Experimental Offload
Codecs.
remote-name-request-retry-delay
(default: 300
)The duration to avoid retrying to resolve a peer’s name, if the previous try failed.
page-scan-type
(default: #f
)BR/EDR Page scan activity type.
page-scan-interval
(default: #f
)BR/EDR Page scan activity interval.
page-scan-window
(default: #f
)BR/EDR Page scan activity window.
inquiry-scan-type
(default: #f
)BR/EDR Inquiry scan activity type.
inquiry-scan-interval
(default: #f
)BR/EDR Inquiry scan activity interval.
inquiry-scan-window
(default: #f
)BR/EDR Inquiry scan activity window.
link-supervision-timeout
(default: #f
)BR/EDR Link supervision timeout.
page-timeout
(default: #f
)BR/EDR Page timeout.
min-sniff-interval
(default: #f
)BR/EDR minimum sniff interval.
max-sniff-interval
(default: #f
)BR/EDR maximum sniff interval.
min-advertisement-interval
(default: #f
)LE minimum advertisement interval (used for legacy advertisement only).
max-advertisement-interval
(default: #f
)LE maximum advertisement interval (used for legacy advertisement only).
multi-advertisement-rotation-interval
(default: #f
)LE multiple advertisement rotation interval.
scan-interval-auto-connect
(default: #f
)LE scanning interval used for passive scanning supporting auto connect.
scan-window-auto-connect
(default: #f
)LE scanning window used for passive scanning supporting auto connect.
scan-interval-suspend
(default: #f
)LE scanning interval used for active scanning supporting wake from suspend.
scan-window-suspend
(default: #f
)LE scanning window used for active scanning supporting wake from suspend.
scan-interval-discovery
(default: #f
)LE scanning interval used for active scanning supporting discovery.
scan-window-discovery
(default: #f
)LE scanning window used for active scanning supporting discovery.
scan-interval-adv-monitor
(default: #f
)LE scanning interval used for passive scanning supporting the advertisement monitor APIs.
scan-window-adv-monitor
(default: #f
)LE scanning window used for passive scanning supporting the advertisement monitor APIs.
scan-interval-connect
(default: #f
)LE scanning interval used for connection establishment.
scan-window-connect
(default: #f
)LE scanning window used for connection establishment.
min-connection-interval
(default: #f
)LE default minimum connection interval. This value is superseded by any specific value provided via the Load Connection Parameters interface.
max-connection-interval
(default: #f
)LE default maximum connection interval. This value is superseded by any specific value provided via the Load Connection Parameters interface.
connection-latency
(default: #f
)LE default connection latency. This value is superseded by any specific value provided via the Load Connection Parameters interface.
connection-supervision-timeout
(default: #f
)LE default connection supervision timeout. This value is superseded by any specific value provided via the Load Connection Parameters interface.
autoconnect-timeout
(default: #f
)LE default autoconnect timeout. This value is superseded by any specific value provided via the Load Connection Parameters interface.
adv-mon-allowlist-scan-duration
(default: 300
)Allowlist scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.
adv-mon-no-filter-scan-duration
(default: 500
)No filter scan duration during interleaving scan. Only used when scanning for ADV monitors. The units are msec.
enable-adv-mon-interleave-scan?
(default: #t
)Enable/Disable Advertisement Monitor interleave scan for power saving.
cache
(default: 'always
)GATT attribute cache.
Possible values are:
'always
: Always cache attributes even for devices not paired, this is
recommended as it is best for interoperability, with more consistent
reconnection times and enables proper tracking of notifications for all
devices
'yes
: Only cache attributes of paired devices
'no
: Never cache attributes.
key-size
(default: 0
)Minimum required Encryption Key Size for accessing secured characteristics.
Possible values are:
0
: Don’t care
7 <= N <= 16
exchange-mtu
(default: 517
)Exchange MTU size. Possible values are:
23 <= N <= 517
att-channels
(default: 3
)Number of ATT channels. Possible values are:
1
: Disables EATT
2 <= N <= 5
session-mode
(default: 'basic
)AVDTP L2CAP signalling channel mode.
Possible values are:
'basic
: Use L2CAP basic mode
'ertm
: Use L2CAP enhanced retransmission mode.
stream-mode
(default: 'basic
)AVDTP L2CAP transport channel mode.
Possible values are:
'basic
: Use L2CAP basic mode
'streaming
: Use L2CAP streaming mode.
reconnect-uuids
(default: '()
)The ReconnectUUIDs defines the set of remote services that should try to be reconnected to in case of a link loss (link supervision timeout). The policy plugin should contain a sane set of values by default, but this list can be overridden here. By setting the list to empty the reconnection feature gets disabled.
Possible values:
'()
(list (uuid <uuid-1>) (uuid <uuid-2>) ...)
.
reconnect-attempts
(default: 7
)Defines the number of attempts to reconnect after a link lost. Setting the value to 0 disables reconnecting feature.
reconnect-intervals
(default: '(1 2 4 8 16 32 64)
)Defines a list of intervals in seconds to use in between attempts. If the number of attempts defined in reconnect-attempts is bigger than the list of intervals the last interval is repeated until the last attempt.
auto-enable?
(default: #f
)Defines option to enable all controllers when they are found. This includes adapters present on start as well as adapters that are plugged in later on.
resume-delay
(default: 2
)Audio devices that were disconnected due to suspend will be reconnected on resume. resume-delay determines the delay between when the controller resumes from suspend and a connection attempt is made. A longer delay is better for better co-existence with Wi-Fi. The value is in seconds.
rssi-sampling-period
(default: #xFF
)Default RSSI Sampling Period. This is used when a client registers an advertisement monitor and leaves the RSSISamplingPeriod unset.
Possible values are:
#x0
: Report all advertisements
N = #xXX
: Report advertisements every N x 100 msec (range: #x01 to
#xFE)
#xFF
: Report only one advertisement per device during monitoring
period.
This is the type of the service that adds the
GNOME Keyring. Its
value is a gnome-keyring-configuration
object (see below).
This service adds the gnome-keyring
package to the system profile and
extends PAM with entries using pam_gnome_keyring.so
, unlocking a
user’s login keyring when they log in or setting its password with passwd.
Configuration record for the GNOME Keyring service.
keyring
(default: gnome-keyring
)The GNOME keyring package to use.
pam-services
A list of (service . kind)
pairs denoting PAM services to
extend, where service is the name of an existing service to extend and
kind is one of login
or passwd
.
If login
is given, it adds an optional pam_gnome_keyring.so
to
the auth block without arguments and to the session block with
auto_start
. If passwd
is given, it adds an optional
pam_gnome_keyring.so
to the password block without arguments.
By default, this field contains “gdm-password” with the value login
and “passwd” is with the value passwd
.
seatd is a minimal seat management daemon.
Seat management takes care of mediating access to shared devices (graphics, input), without requiring the applications needing access to be root.
(append
(list
;; make sure seatd is running
(service seatd-service-type))
;; normally one would want %base-services
%base-services)
seatd
operates over a UNIX domain socket, with libseat
providing the client side of the protocol. Applications that acquire access
to the shared resources via seatd
(e.g. sway
) need to be able
to talk to this socket. This can be achieved by adding the user they run
under to the group owning seatd
’s socket (usually “seat”), like so:
(user-account
(name "alice")
(group "users")
(supplementary-groups '("wheel" ; allow use of sudo, etc.
"seat" ; seat management
"audio" ; sound card
"video" ; video devices such as webcams
"cdrom")) ; the good ol' CD-ROM
(comment "Bob's sister"))
Depending on your setup, you will have to not only add regular users, but also system users to this group. For instance, some greetd greeters require graphics and therefore also need to negotiate with seatd.
Configuration record for the seatd daemon service.
seatd
(default: seatd
)The seatd package to use.
group
(default: ‘"seat"’)Group to own the seatd socket.
socket
(default: ‘"/run/seatd.sock"’)Where to create the seatd socket.
logfile
(default: ‘"/var/log/seatd.log"’)Log file to write to.
loglevel
(default: ‘"error"’)Log level to output logs. Possible values: ‘"silent"’, ‘"error"’, ‘"info"’ and ‘"debug"’.