services: messaging: Use HTTPS for prosody.im URLs.

* gnu/services/messaging.scm (prosody-configuration): Use HTTPS whenever
referring to prosody.im URLs in documentation.
* doc/guix.texi (Messaging Services): Likewise.

gnu: dovecot: Update to 2.3.0.

* gnu/packages/mail.scm (dovecot): Update to 2.3.0.
* gnu/services/mail.scm (dovecot-configuration)[director-doveadm-port]
[ssl-parameters-regenerate]: Delete fields.
[ssl-protocols]: Rename to...
[ssl-min-protocol]: ...this.
[mail-log-prefix, mdbox-rotate-size, ssl-cipher-list, imap-logout-format]:
Update default values.
* doc/guix.texi (Mail Services): Reflect the above changes to the service.

services: urandom-seed: Depend on udev.

Suggested by Leo Famulari <leo@famulari.name>.

* gnu/services/base.scm (urandom-seed-shepherd-service): Add 'udev' to
'requirement'.

services: urandom-seed: Deprecate the 'urandom-seed-service' procedure.

* gnu/services/base.scm (urandom-seed-service-type)[default-value]: New
field.
(urandom-seed-service): Mark as deprecated.
(%base-services): Use URANDOM-SEED-SERVICE-TYPE directly.
* gnu/services/base.scm (%base-services):
* doc/guix.texi (Base Services): Document 'urandom-seed-service-type'
instead of 'urandom-seed-service'.

services: urandom-seed: Become a dependency of 'user-processes'.

This ensures that 'urandom-seed' is started before programs that rely on
sources of randomness.

Fixes <https://bugs.gnu.org/29773>.
Reported by Leo Famulari <leo@famulari.name>.

* gnu/services/base.scm (urandom-seed-shepherd-service): Change
'requirement' to (file-systems).
(urandom-seed-service-type): Extend USER-PROCESSES-SERVICE-TYPE.

services: 'user-processes-service-type' can now be extended.

* gnu/services/base.scm (user-processes-shepherd-service): New
procedure, taken from former 'user-processes-service-type'.  Add
REQUIREMENTS argument; remove GRACE-DELAY argument.
(user-processes-service-type): Redefine in terms of 'service-type'.
(user-processes-service): Remove.
(file-system-service-type): Extend USER-PROCESSES-SERVICE-TYPE.
* gnu/system.scm (essential-services): Use USER-PROCESSES-SERVICE-TYPE
directly.

services: urandom-seed: Try using a HWRNG to seed the Linux CRNG at boot.

* gnu/services/base.scm (urandom-seed-shepherd-service): Try to read from
'/dev/hwrng' at boot, as a supplement to any saved random seed.
* doc/guix.texi (Base Services): Document the new feature.

services: nginx: Allow to add raw content to the server blocks.

* doc/guix.texi (Web Services): Document 'raw-content'.
* gnu/services/web.scm (<nginx-server-configuration>)[raw-content]: New field.
(emit-nginx-server-config): Add it.

services: nginx: Replace 'http-port' and 'https-port' with 'listen'.

* doc/guix.texi (Web Services, Version Control Services): Update accordingly.
* gnu/services/certbot.scm (certbot-nginx-server-configurations): Likewise.
* gnu/services/version-control.scm (%cgit-configuration-nginx): Likewise.
* gnu/services/web.scm (<nginx-server-configuration>,
emit-nginx-server-config): Likewise.
* gnu/tests/version-control.scm (%cgit-configuration-nginx,
%git-nginx-configuration): Likewise.
* gnu/tests/web.scm (%nginx-servers, %php-fpm-nginx-server-blocks): Likewise.

services: certbot: Fix certbot renewal job.

Quote the list of hosts, to avoid generating a broken job definition.

* gnu/services/certbot.scm (certbot-renewal-jobs): Quote the hosts when
  passing them in to the job gexp.

services: base: Use make-static-device-nodes.

Fixes <https://bugs.gnu.org/22050>.

* gnu/services/base.scm (udev-shepherd-service): Use make-static-device-nodes.

gnu: services: Add php-fpm.

* gnu/services/web.scm (<php-fpm-configuration>,
  <php-fpm-process-manager-configuration>): New record types.
  (php-fpm-configuration?,
   php-fpm-process-manager-configuration?,
   php-fpm-service-type,
   nginx-php-location): New procedures.
* doc/guix.texi (Web-Services): Document php-fpm service.
* gnu/tests/web.scm: Add php-fpm system test.

Signed-off-by: Christopher Baines <mail@cbaines.net>

services: web: Switch nginx related functions to use match-record.

As this is less prone to mistakes than match.

* gnu/services/web.scm (default-nginx-config, nginx-activation,
  nginx-shepherd-service): Switch from using match-lambda to match-record.

services: web: Add support for configuring the nginx server names hash.

The nginx service can fail to start if the server names hash bucket size is
too small, which can happen on some systems, and when using QEMU, depending on
the CPU.

* gnu/services/web.scm (<nginx-configuration>): Add
  server-names-hash-bucket-size and server-names-hash-bucket-max-size.
  (default-nginx-config): Add support for the new hash bucket size parameters.
  (nginx-service, nginx-activation): Pass the new hash bucket size parameters
  through to the default-nginx-config procedure.
* doc/guix.texi (Web Services): Document the new hash bucket size parameters.

services: web: Remove default certificate and key files for nginx.

If nginx is configured with a ssl-certificate file, and ssl-certificate-key,
it will fail to start unless these exist. To avoid this happening, change the
default to #f.

* gnu/services/web.scm (<nginx-server-configuration>)
  [ssl-certificate,ssl-certificate-key]: Set the defaults to #f.
* gnu/tests/web.scm (%nginx-servers): Remove redundant
  nginx-server-configuration fields.
* doc/guix.texi (Web Services): Update examples and documentation.

web: Don't error about missing ssl related files.

Erroring here prevents doing things like building a system using nginx on a
different machine from where it's intended to be deployed, or creating
containers and VMs that use the ssl-certificate parts of the nginx
configuration, without also getting these files to exist.

* gnu/services/web.scm (emit-nginx-server-config): Don't error on missing ssl
  related files.

Merge branch 'version-0.14.0'

services: console-font: Use 'tcsetattr' instead of invoking 'unicode_start'.

This is more robust, faster, and incidentally gets rid of remaining
"error in the finalization thread: Bad file descriptor" messages.

* gnu/services/base.scm (unicode-start): Rewrite to use 'tcgetattr' and
'tcsetattr'.
(console-font-shepherd-services)[start]: Add 'loop' to check whether
DEVICE is ready.  Tolerate EX_OSERR return from 'setfont'.
[modules]: New field.

install: Don't start sshd by default.

Reported by Christopher Baines <mail@cbaines.net>
at <https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00058.html>.

* gnu/services/ssh.scm (<openssh-configuration>)[%auto-start?]: New
field.
(openssh-shepherd-service): Honor it.
* gnu/system/install.scm (%installation-services): Set '%auto-start?' to
 #f for openssh-service-type.

maint: Add 'berlin.guixsd.org.pub'.

* bayfront.guixsd.org.pub: Rename to...
* berlin.guixsd.org.pub: ... this.
* Makefile.am (dist_pkgdata_DATA): Adjust accordingly.
* gnu/services/base.scm (%default-authorized-guix-keys): Likewise.