Commit | Line | Data |
---|---|---|
db4fdc04 | 1 | ;;; GNU Guix --- Functional package management for GNU |
4ee96a79 | 2 | ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> |
b7d0c494 | 3 | ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> |
76192896 | 4 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
db4fdc04 LC |
5 | ;;; |
6 | ;;; This file is part of GNU Guix. | |
7 | ;;; | |
8 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
9 | ;;; under the terms of the GNU General Public License as published by | |
10 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
11 | ;;; your option) any later version. | |
12 | ;;; | |
13 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
14 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | ;;; GNU General Public License for more details. | |
17 | ;;; | |
18 | ;;; You should have received a copy of the GNU General Public License | |
19 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
20 | ||
21 | (define-module (gnu services networking) | |
22 | #:use-module (gnu services) | |
0190c1c0 | 23 | #:use-module (gnu services shepherd) |
0adfe95a | 24 | #:use-module (gnu services dbus) |
927097ef | 25 | #:use-module (gnu system shadow) |
6e828634 | 26 | #:use-module (gnu system pam) |
db4fdc04 | 27 | #:use-module (gnu packages admin) |
76192896 | 28 | #:use-module (gnu packages connman) |
db4fdc04 | 29 | #:use-module (gnu packages linux) |
927097ef | 30 | #:use-module (gnu packages tor) |
4627a464 | 31 | #:use-module (gnu packages messaging) |
63854bcb | 32 | #:use-module (gnu packages ntp) |
b7d0c494 | 33 | #:use-module (gnu packages wicd) |
7234ad4f | 34 | #:use-module (gnu packages gnome) |
b5f4e686 | 35 | #:use-module (guix gexp) |
0adfe95a | 36 | #:use-module (guix records) |
6331bde7 LC |
37 | #:use-module (srfi srfi-1) |
38 | #:use-module (srfi srfi-9) | |
63854bcb | 39 | #:use-module (srfi srfi-26) |
0adfe95a | 40 | #:use-module (ice-9 match) |
fa0c1d61 | 41 | #:export (%facebook-host-aliases |
24e96431 | 42 | static-networking |
fa0c1d61 | 43 | static-networking-service |
24e96431 | 44 | static-networking-service-type |
a023cca8 | 45 | dhcp-client-service |
63854bcb | 46 | %ntp-servers |
24e96431 TČ |
47 | |
48 | ntp-configuration | |
49 | ntp-configuration? | |
63854bcb | 50 | ntp-service |
24e96431 TČ |
51 | ntp-service-type |
52 | ||
53 | tor-configuration | |
54 | tor-configuration? | |
6331bde7 | 55 | tor-hidden-service |
4627a464 | 56 | tor-service |
24e96431 TČ |
57 | tor-service-type |
58 | ||
59 | bitlbee-configuration | |
60 | bitlbee-configuration? | |
b7d0c494 | 61 | bitlbee-service |
24e96431 TČ |
62 | bitlbee-service-type |
63 | ||
7234ad4f | 64 | wicd-service |
76192896 EF |
65 | network-manager-service |
66 | connman-service)) | |
db4fdc04 LC |
67 | |
68 | ;;; Commentary: | |
69 | ;;; | |
70 | ;;; Networking services. | |
71 | ;;; | |
72 | ;;; Code: | |
73 | ||
fa0c1d61 LC |
74 | (define %facebook-host-aliases |
75 | ;; This is the list of known Facebook hosts to be added to /etc/hosts if you | |
76 | ;; are to block it. | |
77 | "\ | |
78 | # Block Facebook IPv4. | |
79 | 127.0.0.1 www.facebook.com | |
80 | 127.0.0.1 facebook.com | |
81 | 127.0.0.1 login.facebook.com | |
82 | 127.0.0.1 www.login.facebook.com | |
83 | 127.0.0.1 fbcdn.net | |
84 | 127.0.0.1 www.fbcdn.net | |
85 | 127.0.0.1 fbcdn.com | |
86 | 127.0.0.1 www.fbcdn.com | |
87 | 127.0.0.1 static.ak.fbcdn.net | |
88 | 127.0.0.1 static.ak.connect.facebook.com | |
89 | 127.0.0.1 connect.facebook.net | |
90 | 127.0.0.1 www.connect.facebook.net | |
91 | 127.0.0.1 apps.facebook.com | |
92 | ||
93 | # Block Facebook IPv6. | |
94 | fe80::1%lo0 facebook.com | |
95 | fe80::1%lo0 login.facebook.com | |
96 | fe80::1%lo0 www.login.facebook.com | |
97 | fe80::1%lo0 fbcdn.net | |
98 | fe80::1%lo0 www.fbcdn.net | |
99 | fe80::1%lo0 fbcdn.com | |
100 | fe80::1%lo0 www.fbcdn.com | |
101 | fe80::1%lo0 static.ak.fbcdn.net | |
102 | fe80::1%lo0 static.ak.connect.facebook.com | |
103 | fe80::1%lo0 connect.facebook.net | |
104 | fe80::1%lo0 www.connect.facebook.net | |
105 | fe80::1%lo0 apps.facebook.com\n") | |
106 | ||
107 | ||
0adfe95a LC |
108 | (define-record-type* <static-networking> |
109 | static-networking make-static-networking | |
110 | static-networking? | |
111 | (interface static-networking-interface) | |
112 | (ip static-networking-ip) | |
113 | (gateway static-networking-gateway) | |
114 | (provision static-networking-provision) | |
115 | (name-servers static-networking-name-servers) | |
116 | (net-tools static-networking-net-tools)) | |
117 | ||
118 | (define static-networking-service-type | |
d4053c71 | 119 | (shepherd-service-type |
00184239 | 120 | 'static-networking |
0adfe95a LC |
121 | (match-lambda |
122 | (($ <static-networking> interface ip gateway provision | |
123 | name-servers net-tools) | |
124 | (let ((loopback? (memq 'loopback provision))) | |
125 | ||
126 | ;; TODO: Eventually replace 'route' with bindings for the appropriate | |
127 | ;; ioctls. | |
d4053c71 | 128 | (shepherd-service |
0adfe95a LC |
129 | |
130 | ;; Unless we're providing the loopback interface, wait for udev to be up | |
131 | ;; and running so that INTERFACE is actually usable. | |
132 | (requirement (if loopback? '() '(udev))) | |
133 | ||
134 | (documentation | |
135 | "Bring up the networking interface using a static IP address.") | |
136 | (provision provision) | |
137 | (start #~(lambda _ | |
138 | ;; Return #t if successfully started. | |
139 | (let* ((addr (inet-pton AF_INET #$ip)) | |
140 | (sockaddr (make-socket-address AF_INET addr 0))) | |
141 | (configure-network-interface #$interface sockaddr | |
142 | (logior IFF_UP | |
143 | #$(if loopback? | |
144 | #~IFF_LOOPBACK | |
145 | 0)))) | |
146 | #$(if gateway | |
147 | #~(zero? (system* (string-append #$net-tools | |
148 | "/sbin/route") | |
149 | "add" "-net" "default" | |
150 | "gw" #$gateway)) | |
151 | #t) | |
152 | #$(if (pair? name-servers) | |
153 | #~(call-with-output-file "/etc/resolv.conf" | |
154 | (lambda (port) | |
155 | (display | |
156 | "# Generated by 'static-networking-service'.\n" | |
157 | port) | |
158 | (for-each (lambda (server) | |
159 | (format port "nameserver ~a~%" | |
160 | server)) | |
161 | '#$name-servers))) | |
162 | #t))) | |
163 | (stop #~(lambda _ | |
164 | ;; Return #f is successfully stopped. | |
165 | (let ((sock (socket AF_INET SOCK_STREAM 0))) | |
166 | (set-network-interface-flags sock #$interface 0) | |
167 | (close-port sock)) | |
168 | (not #$(if gateway | |
169 | #~(system* (string-append #$net-tools | |
170 | "/sbin/route") | |
171 | "del" "-net" "default") | |
172 | #t)))) | |
173 | (respawn? #f))))))) | |
174 | ||
db4fdc04 LC |
175 | (define* (static-networking-service interface ip |
176 | #:key | |
177 | gateway | |
4a3b3b07 | 178 | (provision '(networking)) |
db4fdc04 | 179 | (name-servers '()) |
db4fdc04 | 180 | (net-tools net-tools)) |
51da7ca0 LC |
181 | "Return a service that starts @var{interface} with address @var{ip}. If |
182 | @var{gateway} is true, it must be a string specifying the default network | |
183 | gateway." | |
0adfe95a LC |
184 | (service static-networking-service-type |
185 | (static-networking (interface interface) (ip ip) | |
186 | (gateway gateway) | |
187 | (provision provision) | |
188 | (name-servers name-servers) | |
189 | (net-tools net-tools)))) | |
190 | ||
191 | (define dhcp-client-service-type | |
d4053c71 | 192 | (shepherd-service-type |
00184239 | 193 | 'dhcp-client |
0adfe95a LC |
194 | (lambda (dhcp) |
195 | (define dhclient | |
196 | #~(string-append #$dhcp "/sbin/dhclient")) | |
197 | ||
198 | (define pid-file | |
199 | "/var/run/dhclient.pid") | |
200 | ||
d4053c71 | 201 | (shepherd-service |
0adfe95a LC |
202 | (documentation "Set up networking via DHCP.") |
203 | (requirement '(user-processes udev)) | |
204 | ||
205 | ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when | |
206 | ;; networking is unavailable, but also means that the interface is not up | |
207 | ;; yet when 'start' completes. To wait for the interface to be ready, one | |
208 | ;; should instead monitor udev events. | |
209 | (provision '(networking)) | |
210 | ||
211 | (start #~(lambda _ | |
212 | ;; When invoked without any arguments, 'dhclient' discovers all | |
213 | ;; non-loopback interfaces *that are up*. However, the relevant | |
214 | ;; interfaces are typically down at this point. Thus we perform | |
215 | ;; our own interface discovery here. | |
216 | (define valid? | |
217 | (negate loopback-network-interface?)) | |
218 | (define ifaces | |
219 | (filter valid? (all-network-interface-names))) | |
220 | ||
221 | ;; XXX: Make sure the interfaces are up so that 'dhclient' can | |
222 | ;; actually send/receive over them. | |
223 | (for-each set-network-interface-up ifaces) | |
224 | ||
225 | (false-if-exception (delete-file #$pid-file)) | |
226 | (let ((pid (fork+exec-command | |
227 | (cons* #$dhclient "-nw" | |
228 | "-pf" #$pid-file ifaces)))) | |
229 | (and (zero? (cdr (waitpid pid))) | |
230 | (let loop () | |
231 | (catch 'system-error | |
232 | (lambda () | |
233 | (call-with-input-file #$pid-file read)) | |
234 | (lambda args | |
235 | ;; 'dhclient' returned before PID-FILE was created, | |
236 | ;; so try again. | |
237 | (let ((errno (system-error-errno args))) | |
238 | (if (= ENOENT errno) | |
239 | (begin | |
240 | (sleep 1) | |
241 | (loop)) | |
242 | (apply throw args)))))))))) | |
243 | (stop #~(make-kill-destructor)))))) | |
db4fdc04 | 244 | |
a023cca8 LC |
245 | (define* (dhcp-client-service #:key (dhcp isc-dhcp)) |
246 | "Return a service that runs @var{dhcp}, a Dynamic Host Configuration | |
247 | Protocol (DHCP) client, on all the non-loopback network interfaces." | |
0adfe95a | 248 | (service dhcp-client-service-type dhcp)) |
a023cca8 | 249 | |
63854bcb LC |
250 | (define %ntp-servers |
251 | ;; Default set of NTP servers. | |
252 | '("0.pool.ntp.org" | |
253 | "1.pool.ntp.org" | |
254 | "2.pool.ntp.org")) | |
255 | ||
0adfe95a LC |
256 | \f |
257 | ;;; | |
258 | ;;; NTP. | |
259 | ;;; | |
260 | ||
261 | ;; TODO: Export. | |
262 | (define-record-type* <ntp-configuration> | |
263 | ntp-configuration make-ntp-configuration | |
264 | ntp-configuration? | |
265 | (ntp ntp-configuration-ntp | |
266 | (default ntp)) | |
267 | (servers ntp-configuration-servers)) | |
268 | ||
d4053c71 | 269 | (define ntp-shepherd-service |
0adfe95a LC |
270 | (match-lambda |
271 | (($ <ntp-configuration> ntp servers) | |
272 | (let () | |
273 | ;; TODO: Add authentication support. | |
274 | (define config | |
275 | (string-append "driftfile /var/run/ntp.drift\n" | |
276 | (string-join (map (cut string-append "server " <>) | |
277 | servers) | |
278 | "\n") | |
279 | " | |
63854bcb LC |
280 | # Disable status queries as a workaround for CVE-2013-5211: |
281 | # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. | |
282 | restrict default kod nomodify notrap nopeer noquery | |
283 | restrict -6 default kod nomodify notrap nopeer noquery | |
284 | ||
285 | # Yet, allow use of the local 'ntpq'. | |
286 | restrict 127.0.0.1 | |
287 | restrict -6 ::1\n")) | |
288 | ||
0adfe95a LC |
289 | (define ntpd.conf |
290 | (plain-file "ntpd.conf" config)) | |
291 | ||
d4053c71 | 292 | (list (shepherd-service |
0adfe95a LC |
293 | (provision '(ntpd)) |
294 | (documentation "Run the Network Time Protocol (NTP) daemon.") | |
295 | (requirement '(user-processes networking)) | |
296 | (start #~(make-forkexec-constructor | |
297 | (list (string-append #$ntp "/bin/ntpd") "-n" | |
298 | "-c" #$ntpd.conf "-u" "ntpd"))) | |
299 | (stop #~(make-kill-destructor)))))))) | |
300 | ||
301 | (define %ntp-accounts | |
302 | (list (user-account | |
303 | (name "ntpd") | |
304 | (group "nogroup") | |
305 | (system? #t) | |
306 | (comment "NTP daemon user") | |
307 | (home-directory "/var/empty") | |
308 | (shell #~(string-append #$shadow "/sbin/nologin"))))) | |
309 | ||
310 | (define ntp-service-type | |
311 | (service-type (name 'ntp) | |
312 | (extensions | |
d4053c71 AK |
313 | (list (service-extension shepherd-root-service-type |
314 | ntp-shepherd-service) | |
0adfe95a LC |
315 | (service-extension account-service-type |
316 | (const %ntp-accounts)))))) | |
317 | ||
318 | (define* (ntp-service #:key (ntp ntp) | |
319 | (servers %ntp-servers)) | |
320 | "Return a service that runs the daemon from @var{ntp}, the | |
321 | @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will | |
322 | keep the system clock synchronized with that of @var{servers}." | |
323 | (service ntp-service-type | |
324 | (ntp-configuration (ntp ntp) (servers servers)))) | |
325 | ||
326 | \f | |
327 | ;;; | |
328 | ;;; Tor. | |
329 | ;;; | |
330 | ||
6331bde7 LC |
331 | (define-record-type* <tor-configuration> |
332 | tor-configuration make-tor-configuration | |
333 | tor-configuration? | |
334 | (tor tor-configuration-tor | |
335 | (default tor)) | |
336 | (config-file tor-configuration-config-file) | |
337 | (hidden-services tor-configuration-hidden-services | |
338 | (default '()))) | |
339 | ||
0adfe95a LC |
340 | (define %tor-accounts |
341 | ;; User account and groups for Tor. | |
342 | (list (user-group (name "tor") (system? #t)) | |
343 | (user-account | |
344 | (name "tor") | |
345 | (group "tor") | |
346 | (system? #t) | |
347 | (comment "Tor daemon user") | |
348 | (home-directory "/var/empty") | |
349 | (shell #~(string-append #$shadow "/sbin/nologin"))))) | |
350 | ||
6331bde7 LC |
351 | (define-record-type <hidden-service> |
352 | (hidden-service name mapping) | |
353 | hidden-service? | |
354 | (name hidden-service-name) ;string | |
355 | (mapping hidden-service-mapping)) ;list of port/address tuples | |
356 | ||
357 | (define (tor-configuration->torrc config) | |
358 | "Return a 'torrc' file for CONFIG." | |
359 | (match config | |
360 | (($ <tor-configuration> tor config-file services) | |
361 | (computed-file | |
362 | "torrc" | |
4ee96a79 LC |
363 | (with-imported-modules '((guix build utils)) |
364 | #~(begin | |
365 | (use-modules (guix build utils) | |
366 | (ice-9 match)) | |
367 | ||
368 | (call-with-output-file #$output | |
369 | (lambda (port) | |
370 | (display "\ | |
6331bde7 | 371 | # The beginning was automatically added. |
5ee35eb7 | 372 | User tor |
6629099a | 373 | DataDirectory /var/lib/tor |
5ee35eb7 | 374 | Log notice syslog\n" port) |
6331bde7 | 375 | |
4ee96a79 LC |
376 | (for-each (match-lambda |
377 | ((service (ports hosts) ...) | |
378 | (format port "\ | |
6629099a | 379 | HiddenServiceDir /var/lib/tor/hidden-services/~a~%" |
4ee96a79 LC |
380 | service) |
381 | (for-each (lambda (tcp-port host) | |
382 | (format port "\ | |
6331bde7 | 383 | HiddenServicePort ~a ~a~%" |
4ee96a79 LC |
384 | tcp-port host)) |
385 | ports hosts))) | |
386 | '#$(map (match-lambda | |
387 | (($ <hidden-service> name mapping) | |
388 | (cons name mapping))) | |
389 | services)) | |
390 | ||
391 | ;; Append the user's config file. | |
392 | (call-with-input-file #$config-file | |
393 | (lambda (input) | |
394 | (dump-port input port))) | |
395 | #t)))))))) | |
6331bde7 | 396 | |
d4053c71 AK |
397 | (define (tor-shepherd-service config) |
398 | "Return a <shepherd-service> running TOR." | |
375c6108 | 399 | (match config |
6331bde7 LC |
400 | (($ <tor-configuration> tor) |
401 | (let ((torrc (tor-configuration->torrc config))) | |
d4053c71 | 402 | (list (shepherd-service |
375c6108 | 403 | (provision '(tor)) |
0adfe95a | 404 | |
375c6108 LC |
405 | ;; Tor needs at least one network interface to be up, hence the |
406 | ;; dependency on 'loopback'. | |
5ee35eb7 | 407 | (requirement '(user-processes loopback syslogd)) |
0adfe95a | 408 | |
375c6108 LC |
409 | (start #~(make-forkexec-constructor |
410 | (list (string-append #$tor "/bin/tor") "-f" #$torrc))) | |
411 | (stop #~(make-kill-destructor)) | |
412 | (documentation "Run the Tor anonymous network overlay."))))))) | |
0adfe95a | 413 | |
6331bde7 LC |
414 | (define (tor-hidden-service-activation config) |
415 | "Return the activation gexp for SERVICES, a list of hidden services." | |
416 | #~(begin | |
417 | (use-modules (guix build utils)) | |
418 | ||
6629099a LC |
419 | (define %user |
420 | (getpw "tor")) | |
421 | ||
6331bde7 | 422 | (define (initialize service) |
6629099a LC |
423 | (let ((directory (string-append "/var/lib/tor/hidden-services/" |
424 | service))) | |
6331bde7 | 425 | (mkdir-p directory) |
6629099a | 426 | (chown directory (passwd:uid %user) (passwd:gid %user)) |
6331bde7 LC |
427 | |
428 | ;; The daemon bails out if we give wider permissions. | |
429 | (chmod directory #o700))) | |
430 | ||
6629099a LC |
431 | (mkdir-p "/var/lib/tor") |
432 | (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) | |
433 | (chmod "/var/lib/tor" #o700) | |
434 | ||
6331bde7 LC |
435 | (for-each initialize |
436 | '#$(map hidden-service-name | |
437 | (tor-configuration-hidden-services config))))) | |
438 | ||
0adfe95a LC |
439 | (define tor-service-type |
440 | (service-type (name 'tor) | |
441 | (extensions | |
d4053c71 AK |
442 | (list (service-extension shepherd-root-service-type |
443 | tor-shepherd-service) | |
0adfe95a | 444 | (service-extension account-service-type |
6331bde7 LC |
445 | (const %tor-accounts)) |
446 | (service-extension activation-service-type | |
447 | tor-hidden-service-activation))) | |
448 | ||
449 | ;; This can be extended with hidden services. | |
450 | (compose concatenate) | |
451 | (extend (lambda (config services) | |
452 | (tor-configuration | |
453 | (inherit config) | |
454 | (hidden-services | |
455 | (append (tor-configuration-hidden-services config) | |
456 | services))))))) | |
63854bcb | 457 | |
375c6108 LC |
458 | (define* (tor-service #:optional |
459 | (config-file (plain-file "empty" "")) | |
460 | #:key (tor tor)) | |
461 | "Return a service to run the @uref{https://torproject.org, Tor} anonymous | |
462 | networking daemon. | |
927097ef | 463 | |
375c6108 | 464 | The daemon runs as the @code{tor} unprivileged user. It is passed |
6331bde7 LC |
465 | @var{config-file}, a file-like object, with an additional @code{User tor} line |
466 | and lines for hidden services added via @code{tor-hidden-service}. Run | |
467 | @command{man tor} for information about the configuration file." | |
468 | (service tor-service-type | |
469 | (tor-configuration (tor tor) | |
470 | (config-file config-file)))) | |
471 | ||
472 | (define tor-hidden-service-type | |
473 | ;; A type that extends Tor with hidden services. | |
474 | (service-type (name 'tor-hidden-service) | |
475 | (extensions | |
476 | (list (service-extension tor-service-type list))))) | |
477 | ||
478 | (define (tor-hidden-service name mapping) | |
479 | "Define a new Tor @dfn{hidden service} called @var{name} and implementing | |
480 | @var{mapping}. @var{mapping} is a list of port/host tuples, such as: | |
481 | ||
482 | @example | |
483 | '((22 \"127.0.0.1:22\") | |
484 | (80 \"127.0.0.1:8080\")) | |
485 | @end example | |
486 | ||
487 | In this example, port 22 of the hidden service is mapped to local port 22, and | |
488 | port 80 is mapped to local port 8080. | |
489 | ||
6629099a LC |
490 | This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where |
491 | the @file{hostname} file contains the @code{.onion} host name for the hidden | |
6331bde7 LC |
492 | service. |
493 | ||
494 | See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor | |
495 | project's documentation} for more information." | |
496 | (service tor-hidden-service-type | |
497 | (hidden-service name mapping))) | |
0adfe95a LC |
498 | |
499 | \f | |
500 | ;;; | |
501 | ;;; BitlBee. | |
502 | ;;; | |
503 | ||
504 | (define-record-type* <bitlbee-configuration> | |
505 | bitlbee-configuration make-bitlbee-configuration | |
506 | bitlbee-configuration? | |
507 | (bitlbee bitlbee-configuration-bitlbee | |
508 | (default bitlbee)) | |
509 | (interface bitlbee-configuration-interface) | |
510 | (port bitlbee-configuration-port) | |
511 | (extra-settings bitlbee-configuration-extra-settings)) | |
512 | ||
d4053c71 | 513 | (define bitlbee-shepherd-service |
0adfe95a LC |
514 | (match-lambda |
515 | (($ <bitlbee-configuration> bitlbee interface port extra-settings) | |
516 | (let ((conf (plain-file "bitlbee.conf" | |
517 | (string-append " | |
518 | [settings] | |
519 | User = bitlbee | |
520 | ConfigDir = /var/lib/bitlbee | |
521 | DaemonInterface = " interface " | |
522 | DaemonPort = " (number->string port) " | |
523 | " extra-settings)))) | |
524 | ||
d4053c71 | 525 | (list (shepherd-service |
0adfe95a LC |
526 | (provision '(bitlbee)) |
527 | (requirement '(user-processes loopback)) | |
528 | (start #~(make-forkexec-constructor | |
529 | (list (string-append #$bitlbee "/sbin/bitlbee") | |
530 | "-n" "-F" "-u" "bitlbee" "-c" #$conf))) | |
531 | (stop #~(make-kill-destructor)))))))) | |
532 | ||
533 | (define %bitlbee-accounts | |
534 | ;; User group and account to run BitlBee. | |
535 | (list (user-group (name "bitlbee") (system? #t)) | |
536 | (user-account | |
537 | (name "bitlbee") | |
538 | (group "bitlbee") | |
539 | (system? #t) | |
540 | (comment "BitlBee daemon user") | |
541 | (home-directory "/var/empty") | |
542 | (shell #~(string-append #$shadow "/sbin/nologin"))))) | |
543 | ||
544 | (define %bitlbee-activation | |
545 | ;; Activation gexp for BitlBee. | |
546 | #~(begin | |
547 | (use-modules (guix build utils)) | |
548 | ||
549 | ;; This directory is used to store OTR data. | |
550 | (mkdir-p "/var/lib/bitlbee") | |
551 | (let ((user (getpwnam "bitlbee"))) | |
552 | (chown "/var/lib/bitlbee" | |
553 | (passwd:uid user) (passwd:gid user))))) | |
554 | ||
555 | (define bitlbee-service-type | |
556 | (service-type (name 'bitlbee) | |
557 | (extensions | |
d4053c71 AK |
558 | (list (service-extension shepherd-root-service-type |
559 | bitlbee-shepherd-service) | |
0adfe95a LC |
560 | (service-extension account-service-type |
561 | (const %bitlbee-accounts)) | |
562 | (service-extension activation-service-type | |
563 | (const %bitlbee-activation)))))) | |
927097ef | 564 | |
4627a464 LC |
565 | (define* (bitlbee-service #:key (bitlbee bitlbee) |
566 | (interface "127.0.0.1") (port 6667) | |
567 | (extra-settings "")) | |
568 | "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that | |
569 | acts as a gateway between IRC and chat networks. | |
570 | ||
571 | The daemon will listen to the interface corresponding to the IP address | |
572 | specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only | |
573 | local clients can connect, whereas @code{0.0.0.0} means that connections can | |
574 | come from any networking interface. | |
575 | ||
576 | In addition, @var{extra-settings} specifies a string to append to the | |
577 | configuration file." | |
0adfe95a LC |
578 | (service bitlbee-service-type |
579 | (bitlbee-configuration | |
580 | (bitlbee bitlbee) | |
581 | (interface interface) (port port) | |
582 | (extra-settings extra-settings)))) | |
583 | ||
584 | \f | |
585 | ;;; | |
586 | ;;; Wicd. | |
587 | ;;; | |
588 | ||
589 | (define %wicd-activation | |
590 | ;; Activation gexp for Wicd. | |
591 | #~(begin | |
592 | (use-modules (guix build utils)) | |
593 | ||
594 | (mkdir-p "/etc/wicd") | |
595 | (let ((file-name "/etc/wicd/dhclient.conf.template.default")) | |
596 | (unless (file-exists? file-name) | |
597 | (copy-file (string-append #$wicd file-name) | |
598 | file-name))))) | |
599 | ||
d4053c71 AK |
600 | (define (wicd-shepherd-service wicd) |
601 | "Return a shepherd service for WICD." | |
602 | (list (shepherd-service | |
0adfe95a LC |
603 | (documentation "Run the Wicd network manager.") |
604 | (provision '(networking)) | |
605 | (requirement '(user-processes dbus-system loopback)) | |
606 | (start #~(make-forkexec-constructor | |
607 | (list (string-append #$wicd "/sbin/wicd") | |
608 | "--no-daemon"))) | |
609 | (stop #~(make-kill-destructor))))) | |
610 | ||
611 | (define wicd-service-type | |
612 | (service-type (name 'wicd) | |
613 | (extensions | |
d4053c71 AK |
614 | (list (service-extension shepherd-root-service-type |
615 | wicd-shepherd-service) | |
0adfe95a LC |
616 | (service-extension dbus-root-service-type |
617 | list) | |
618 | (service-extension activation-service-type | |
87f40011 LC |
619 | (const %wicd-activation)) |
620 | ||
621 | ;; Add Wicd to the global profile. | |
622 | (service-extension profile-service-type list))))) | |
4627a464 | 623 | |
b7d0c494 MW |
624 | (define* (wicd-service #:key (wicd wicd)) |
625 | "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network | |
87f40011 LC |
626 | management daemon that aims to simplify wired and wireless networking. |
627 | ||
628 | This service adds the @var{wicd} package to the global profile, providing | |
629 | several commands to interact with the daemon and configure networking: | |
630 | @command{wicd-client}, a graphical user interface, and the @command{wicd-cli} | |
631 | and @command{wicd-curses} user interfaces." | |
0adfe95a | 632 | (service wicd-service-type wicd)) |
b7d0c494 | 633 | |
7234ad4f SB |
634 | \f |
635 | ;;; | |
636 | ;;; NetworkManager | |
637 | ;;; | |
638 | ||
639 | (define %network-manager-activation | |
640 | ;; Activation gexp for NetworkManager. | |
641 | #~(begin | |
642 | (use-modules (guix build utils)) | |
643 | (mkdir-p "/etc/NetworkManager/system-connections"))) | |
644 | ||
d4053c71 AK |
645 | (define (network-manager-shepherd-service network-manager) |
646 | "Return a shepherd service for NETWORK-MANAGER." | |
647 | (list (shepherd-service | |
7234ad4f SB |
648 | (documentation "Run the NetworkManager.") |
649 | (provision '(networking)) | |
650 | (requirement '(user-processes dbus-system loopback)) | |
651 | (start #~(make-forkexec-constructor | |
652 | (list (string-append #$network-manager | |
653 | "/sbin/NetworkManager") | |
654 | "--no-daemon"))) | |
655 | (stop #~(make-kill-destructor))))) | |
656 | ||
657 | (define network-manager-service-type | |
658 | (service-type (name 'network-manager) | |
659 | (extensions | |
d4053c71 AK |
660 | (list (service-extension shepherd-root-service-type |
661 | network-manager-shepherd-service) | |
7234ad4f SB |
662 | (service-extension dbus-root-service-type list) |
663 | (service-extension activation-service-type | |
664 | (const %network-manager-activation)) | |
665 | ;; Add network-manager to the system profile. | |
666 | (service-extension profile-service-type list))))) | |
667 | ||
668 | (define* (network-manager-service #:key (network-manager network-manager)) | |
669 | "Return a service that runs NetworkManager, a network connection manager | |
670 | that attempting to keep active network connectivity when available." | |
671 | (service network-manager-service-type network-manager)) | |
672 | ||
76192896 EF |
673 | \f |
674 | ;;; | |
675 | ;;; Connman | |
676 | ;;; | |
677 | ||
678 | (define %connman-activation | |
679 | ;; Activation gexp for Connman. | |
680 | #~(begin | |
681 | (use-modules (guix build utils)) | |
682 | (mkdir-p "/var/lib/connman/") | |
683 | (mkdir-p "/var/lib/connman-vpn/"))) | |
684 | ||
685 | (define (connman-shepherd-service connman) | |
686 | "Return a shepherd service for Connman" | |
687 | (list (shepherd-service | |
688 | (documentation "Run Connman") | |
689 | (provision '(networking)) | |
690 | (requirement '(user-processes dbus-system loopback)) | |
691 | (start #~(make-forkexec-constructor | |
692 | (list (string-append #$connman | |
693 | "/sbin/connmand") | |
694 | "-n" "-r"))) | |
695 | (stop #~(make-kill-destructor))))) | |
696 | ||
697 | (define connman-service-type | |
698 | (service-type (name 'connman) | |
699 | (extensions | |
700 | (list (service-extension shepherd-root-service-type | |
701 | connman-shepherd-service) | |
702 | (service-extension dbus-root-service-type list) | |
703 | (service-extension activation-service-type | |
704 | (const %connman-activation)) | |
705 | ;; Add connman to the system profile. | |
706 | (service-extension profile-service-type list))))) | |
707 | ||
708 | (define* (connman-service #:key (connman connman)) | |
709 | "Return a service that runs @url{https://01.org/connman,Connman}, a network | |
710 | connection manager. | |
711 | ||
712 | This service adds the @var{connman} package to the global profile, providing | |
713 | several the @command{connmanctl} command to interact with the daemon and | |
714 | configure networking." | |
715 | (service connman-service-type connman)) | |
716 | ||
db4fdc04 | 717 | ;;; networking.scm ends here |