etc: Spelling corrections.

* etc/apparmor.d/guix,
etc/teams/release/artifacts-manifest.scm: Fix misspellings in comments.

Change-Id: Iff757784cc82968c25004bdb430f1ae3ad44624e

etc: release: Add spare space to the release VM image.

* etc/teams/release/artifacts-manifest.scm (qcow2-for-system): Make size 20
GiB.

Fixes: #5081
Change-Id: I11f932c417efc086b99f41a8ffc1f56ee86234f9
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Merges: #5218

etc: guix-install.sh: Set XCURSOR_PATH to proper default value.

As can be seen in the Xcursor docs, the default path is
`~/.local/share/icons, ~/.icons, /usr/share/icons, /usr/share/pixmaps`,
zzz-guix.sh is currently missing the first two.

* etc/guix-install.sh (sys_create_init_profile): Add home paths to XCURSOR_PATH.

Change-Id: I4284d7648394c06b83e4eba91882b81c8a35d706
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Merges: #5231
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

etc: release: Switch to Guile declaration of artifacts.

This is a rewrite of the bash commands for generation of guix binary
tarballs and system images to Guile. I am expecting this will help us
significantly with getting the same derivations locally and from Cuirass,
instead of relying on images/tarball job specifications and trying to tweak
it locally to have the same ones.

Implements: #4347, #4348.

* etc/teams/release/artifacts-manifest.scm: Make a manifest with
release artifacts for all supported systems.
* etc/teams/release/artifacts.scm: Collect artifacts for
all supported systems into a union with proper names for
the release artifacts.
* Makefile.am (release): Use time-machine instead of pre-inst-env; Switch to
building new artifacts.scm

Change-Id: I71a6a27e6f315dd31b91c49e71dff2d09695c0dc
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

services: xorg: Return only supported packages in %default-xorg-modules.

The xorg modules are used inside of services that's thunked. So we can
make them depend on the %current-system.

* gnu/services/xorg.scm
(default-xorg-modules): New variable.
(%default-xorg-modules): Return result of (default-xorg-modules).

Change-Id: I10f722e52d598ce3e83ef3f200b3bd953bc08e17
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

guix-install.sh: Do not set GUILE_LOAD_PATH in zzz-guix.sh.

Channels from the load path will shadow channels used through time-machine or
used through any other guix than the one in ~/.config/guix/current. This is
true for all channels that are in ~/.config/guix/current except guix.  On Guix
System, /run/current-system/profile/share/guile/site/3.0 is usually in
GUILE_LOAD_PATH that typically has only Guix, so no shadowing happens in most
cases.

For using Geiser and other sw, it's possible to configure them to use "guix
repl" that's intended for this use case. This is then makes the guix being
used explicit.

It is expected that this is only a temporary solution. After a proper
solutions is found, it will be reverted.

Workaround #4819.
Reverts: 78390634d76c0c75c6e93742fa7caec965194641.

Change-Id: I36b921a758618f382af9097003415f902b27c44b
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

guix-install.sh: Install AppArmor profile.

* etc/guix-install.sh (sys_maybe_setup_apparmor): New function.
(main_install): Call it.
(sys_delete_apparmor_profiles): New function.
(main_uninstall): Call it.

Fixes #4210.
Fixes <https://issues.guix.gnu.org/71226>.

Change-Id: Ice4bf4d91a1ae438fc5654dec327f53ae9a7b888
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

etc: Add AppArmor profile for the guix command.

* etc/apparmor.d/guix: New file.
* Makefile.am (nodist_apparmor_profile_DATA): Add it.

Change-Id: I3d61238203d7663ce582717f8e4eac4c6f679928
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

etc: Add AppArmor profile for the daemon.

* .gitignore: Add etc/apparmor.d/tunables/guix.
* Makefile.am (nodist_apparmor_profile_DATA)
(nodist_apparmor_profile_tunables_DATA): Define it.
* configure.ac: Generate etc/apparmor.d/tunables/guix. Add
--with-apparmor-profile-dir option.
* etc/apparmor.d/guix-daemon: New file.
* etc/apparmor.d/tunables/guix.in: New file.
* doc/guix.texi: Document AppArmor profiles.
* gnu/packages/package-management.scm (guix): Add future changes commented.

Change-Id: Iac7df9d642383cc46a2d450c3badef31199ab041
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

guix-daemon.service.in: Make service restartable.

Currently the service cannot be restarted, because the gnu store mount makes
it read-only. So fix this by removing the mount when starting the service.

"-" to accept failures, in case the command doesn't finish successfully,
chances are, the store can be mounted as RW, so continue.
"+" to run as root

Fixes: #4744

* etc/guix-daemon.service.in
(Service)<ExecStartPre>: Stop gnu-store.mount
(Service)<ExecStartPost>: Start gnu-store.mount

Change-Id: I296f5d8805497f8a7364b68d627eb6d4fc05dbff

teams: Update team status for Hilton Chain.

* etc/teams.scm (hako): Remove teams.

Change-Id: Ib563d084e2bc2d603c7968e04bed0d222f547a0d

teams: lisp: Add manifest.

* etc/teams/lisp/lisp-manifest.scm: New file.

Change-Id: I9e23464197978bc6236eb13d42bd9bc3069bddeb
Signed-off-by: jgart <jgart@dismail.de>

etc: Add tinystar to Hare team.

* etc/teams.scm (Lilah Tascheter): New member.

Signed-off-by: jgart <jgart@dismail.de>

etc: guix-install.sh: Set XDG_DATA_DIRS.

This allows better integration of packages installed by Guix with the
foreign distro. E.g.:

1. .desktop files from applications installed by Guix can be found by
the user's desktop environment.

2. Fonts installed in ~/.guix-profile/share/fonts can be found by GUI
applications without having to install the fontconfig package, as the
the "Application Setup" section of the manual recommends.

* etc/guix-install.sh (sys_create_init_profile): Add $GUIX_PROFILE/share
to XDG_DATA_DIRS.

Change-Id: Iba74b0782ffbad64d64cc1c5889b04012963a3e0
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

etc: Add daym to python team.

* etc/teams.scm: Make daym a member of the python team.

Change-Id: I4b9e681f4fa0098a9be02bdac37060d1a0256dda

teams: Add entry for Nguyễn Gia Phong

* etc/teams.scm ("Nguyễn Gia Phong"): New member.

Change-Id: I3492513cb136e500f9798e31bd938feecaaddb48
Reviewed-by: Maxim Cournoyer <maxim@guixotic.coop>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>

teams: python: Add manifest.

* etc/teams/python/python-manifest.scm: New file.

Change-Id: I1443ec2f2e5584a47dbe580caa682093e5fa1fe3
Signed-off-by: jgart <jgart@dismail.de>

teams: hare: Fix typo in module header comment.

* etc/teams/hare/hare-manifest.scm: Fix typo in module header comment.

Change-Id: Ic8b9dfeb2ae9f7785bd56c41c7cb5c568e6b7bbb

guix-install.sh: Check for gpg keys only if downloading tarball from ftp.

* etc/guix-install.sh (main_install): Call chk_gpg_keyring only if
GUIX_BINARY_FILE_NAME is not set.

Change-Id: Ia0a7449c8798ca7d61a0f1f1e793f2bafd521c5b
Signed-off-by: npatra <nilesh@riseup.net>
Signed-off-by: Rutherther <rutherther@ditigal.xyz>

guix-install.sh: Fetch gpg keys from codeberg and public keyservers.

Instead of fetching from no longer responsive gnu.org, fetch from
Codeberg.org, falling back to public keyservers in case codeberg
is down or unresponsive.

* etc/guix-install.sh
(GPG_SIGNING_KEY): Change gnu.org user ids to codeberg usernames.
(PUBLIC_KEYSERVERS): Add variable.
(chk_gpg_keyring): Use codeberg for fetching gpgs and fallback to public
keyservers.

Change-Id: Iddcd31239e2f3460d920194d62443ff00be7c957
Signed-off-by: Rutherther <rutherther@ditigal.xyz>