HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'master' into core-updates
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
69323016 2;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
16718b67 4;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
db8ed7ce 8;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
db4fdc04
LC		 11;;;
12;;; This file is part of GNU Guix.
13;;;
14;;; GNU Guix is free software; you can redistribute it and/or modify it
15;;; under the terms of the GNU General Public License as published by
16;;; the Free Software Foundation; either version 3 of the License, or (at
17;;; your option) any later version.
18;;;
19;;; GNU Guix is distributed in the hope that it will be useful, but
20;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22;;; GNU General Public License for more details.
23;;;
24;;; You should have received a copy of the GNU General Public License
25;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26
27(define-module (gnu services networking)
28 #:use-module (gnu services)
c9436025 29 #:use-module (gnu services base)
0190c1c0 30 #:use-module (gnu services shepherd)
0adfe95a 31 #:use-module (gnu services dbus)
927097ef 32 #:use-module (gnu system shadow)
6e828634 33 #:use-module (gnu system pam)
db4fdc04 34 #:use-module (gnu packages admin)
76192896 35 #:use-module (gnu packages connman)
d94e81db 36 #:use-module (gnu packages freedesktop)
db4fdc04 37 #:use-module (gnu packages linux)
927097ef 38 #:use-module (gnu packages tor)
4627a464 39 #:use-module (gnu packages messaging)
c32d02fe 40 #:use-module (gnu packages networking)
63854bcb 41 #:use-module (gnu packages ntp)
b7d0c494 42 #:use-module (gnu packages wicd)
7234ad4f 43 #:use-module (gnu packages gnome)
b5f4e686 44 #:use-module (guix gexp)
0adfe95a 45 #:use-module (guix records)
a062b6ca 46 #:use-module (guix modules)
6331bde7
LC		 47 #:use-module (srfi srfi-1)
48 #:use-module (srfi srfi-9)
63854bcb 49 #:use-module (srfi srfi-26)
0adfe95a 50 #:use-module (ice-9 match)
70ab130a
DM		 51 #:re-export (static-networking-service
52 static-networking-service-type)
fa0c1d61 53 #:export (%facebook-host-aliases
a023cca8 54 dhcp-client-service
f1104d90
CM		 55
56 dhcpd-service-type
57 dhcpd-configuration
58 dhcpd-configuration?
59 dhcpd-configuration-package
60 dhcpd-configuration-config-file
61 dhcpd-configuration-version
62 dhcpd-configuration-run-directory
63 dhcpd-configuration-lease-file
64 dhcpd-configuration-pid-file
65 dhcpd-configuration-interfaces
66
63854bcb 67 %ntp-servers
24e96431
 68
69 ntp-configuration
70 ntp-configuration?
63854bcb 71 ntp-service
24e96431
 72 ntp-service-type
73
16718b67
EF		 74 openntpd-configuration
75 openntpd-configuration?
76 openntpd-service-type
77
9260b9d1
TD		 78 inetd-configuration
79 inetd-entry
80 inetd-service-type
81
24e96431
 82 tor-configuration
83 tor-configuration?
6331bde7 84 tor-hidden-service
4627a464 85 tor-service
24e96431
 86 tor-service-type
87
e48fcd7b 88 wicd-service-type
7234ad4f 89 wicd-service
b726096b
CB		 90
91 network-manager-configuration
92 network-manager-configuration?
93 network-manager-configuration-dns
94 network-manager-service-type
95
34d60c49
MO		 96 connman-configuration
97 connman-configuration?
98 connman-service-type
99
d94e81db
DM		 100 modem-manager-configuration
101 modem-manager-configuration?
102 modem-manager-service-type
c32d02fe
SB		 103 wpa-supplicant-service-type
104
105 openvswitch-service-type
106 openvswitch-configuration))
db4fdc04
LC		 107
108;;; Commentary:
109;;;
110;;; Networking services.
111;;;
112;;; Code:
113
fa0c1d61
LC		 114(define %facebook-host-aliases
115 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
116 ;; are to block it.
117 "\
118# Block Facebook IPv4.
119127.0.0.1 www.facebook.com
120127.0.0.1 facebook.com
121127.0.0.1 login.facebook.com
122127.0.0.1 www.login.facebook.com
123127.0.0.1 fbcdn.net
124127.0.0.1 www.fbcdn.net
125127.0.0.1 fbcdn.com
126127.0.0.1 www.fbcdn.com
127127.0.0.1 static.ak.fbcdn.net
128127.0.0.1 static.ak.connect.facebook.com
129127.0.0.1 connect.facebook.net
130127.0.0.1 www.connect.facebook.net
131127.0.0.1 apps.facebook.com
132
133# Block Facebook IPv6.
134fe80::1%lo0 facebook.com
135fe80::1%lo0 login.facebook.com
136fe80::1%lo0 www.login.facebook.com
137fe80::1%lo0 fbcdn.net
138fe80::1%lo0 www.fbcdn.net
139fe80::1%lo0 fbcdn.com
140fe80::1%lo0 www.fbcdn.com
141fe80::1%lo0 static.ak.fbcdn.net
142fe80::1%lo0 static.ak.connect.facebook.com
143fe80::1%lo0 connect.facebook.net
144fe80::1%lo0 www.connect.facebook.net
145fe80::1%lo0 apps.facebook.com\n")
146
0adfe95a 147(define dhcp-client-service-type
d4053c71 148 (shepherd-service-type
00184239 149 'dhcp-client
0adfe95a
LC		 150 (lambda (dhcp)
151 (define dhclient
9e41130b 152 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 153
154 (define pid-file
155 "/var/run/dhclient.pid")
156
d4053c71 157 (shepherd-service
0adfe95a
LC		 158 (documentation "Set up networking via DHCP.")
159 (requirement '(user-processes udev))
160
161 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
162 ;; networking is unavailable, but also means that the interface is not up
163 ;; yet when 'start' completes. To wait for the interface to be ready, one
164 ;; should instead monitor udev events.
165 (provision '(networking))
166
167 (start #~(lambda _
168 ;; When invoked without any arguments, 'dhclient' discovers all
169 ;; non-loopback interfaces *that are up*. However, the relevant
170 ;; interfaces are typically down at this point. Thus we perform
171 ;; our own interface discovery here.
172 (define valid?
173 (negate loopback-network-interface?))
174 (define ifaces
175 (filter valid? (all-network-interface-names)))
176
177 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
178 ;; actually send/receive over them.
179 (for-each set-network-interface-up ifaces)
180
181 (false-if-exception (delete-file #$pid-file))
182 (let ((pid (fork+exec-command
183 (cons* #$dhclient "-nw"
184 "-pf" #$pid-file ifaces))))
185 (and (zero? (cdr (waitpid pid)))
186 (let loop ()
187 (catch 'system-error
188 (lambda ()
189 (call-with-input-file #$pid-file read))
190 (lambda args
191 ;; 'dhclient' returned before PID-FILE was created,
192 ;; so try again.
193 (let ((errno (system-error-errno args)))
194 (if (= ENOENT errno)
195 (begin
196 (sleep 1)
197 (loop))
198 (apply throw args))))))))))
199 (stop #~(make-kill-destructor))))))
db4fdc04 200
a023cca8
LC		 201(define* (dhcp-client-service #:key (dhcp isc-dhcp))
202 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
203Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 204 (service dhcp-client-service-type dhcp))
a023cca8 205
f1104d90
CM		 206(define-record-type* <dhcpd-configuration>
207 dhcpd-configuration make-dhcpd-configuration
208 dhcpd-configuration?
209 (package dhcpd-configuration-package ;<package>
210 (default isc-dhcp))
211 (config-file dhcpd-configuration-config-file ;file-like
212 (default #f))
213 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 214 (default "4"))
f1104d90
CM		 215 (run-directory dhcpd-configuration-run-directory
216 (default "/run/dhcpd"))
217 (lease-file dhcpd-configuration-lease-file
218 (default "/var/db/dhcpd.leases"))
219 (pid-file dhcpd-configuration-pid-file
220 (default "/run/dhcpd/dhcpd.pid"))
221 ;; list of strings, e.g. (list "enp0s25")
222 (interfaces dhcpd-configuration-interfaces
223 (default '())))
224
225(define dhcpd-shepherd-service
226 (match-lambda
227 (($ <dhcpd-configuration> package config-file version run-directory
228 lease-file pid-file interfaces)
229 (unless config-file
230 (error "Must supply a config-file"))
231 (list (shepherd-service
232 ;; Allow users to easily run multiple versions simultaneously.
233 (provision (list (string->symbol
234 (string-append "dhcpv" version "-daemon"))))
235 (documentation (string-append "Run the DHCPv" version " daemon"))
236 (requirement '(networking))
237 (start #~(make-forkexec-constructor
238 '(#$(file-append package "/sbin/dhcpd")
239 #$(string-append "-" version)
240 "-lf" #$lease-file
241 "-pf" #$pid-file
242 "-cf" #$config-file
243 #$@interfaces)
244 #:pid-file #$pid-file))
245 (stop #~(make-kill-destructor)))))))
246
247(define dhcpd-activation
248 (match-lambda
249 (($ <dhcpd-configuration> package config-file version run-directory
250 lease-file pid-file interfaces)
251 (with-imported-modules '((guix build utils))
252 #~(begin
253 (unless (file-exists? #$run-directory)
254 (mkdir #$run-directory))
255 ;; According to the DHCP manual (man dhcpd.leases), the lease
256 ;; database must be present for dhcpd to start successfully.
257 (unless (file-exists? #$lease-file)
258 (with-output-to-file #$lease-file
259 (lambda _ (display ""))))
260 ;; Validate the config.
261 (invoke
262 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
263 #$config-file))))))
264
265(define dhcpd-service-type
266 (service-type
267 (name 'dhcpd)
268 (extensions
269 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
270 (service-extension activation-service-type dhcpd-activation)))))
271
63854bcb 272(define %ntp-servers
57f57a7b
LF		 273 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
274 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
275 ;; for this NTP pool "zone".
276 '("0.guix.pool.ntp.org"
277 "1.guix.pool.ntp.org"
278 "2.guix.pool.ntp.org"
279 "3.guix.pool.ntp.org"))
63854bcb 280
0adfe95a
LC		 281\f
282;;;
283;;; NTP.
284;;;
285
286;; TODO: Export.
287(define-record-type* <ntp-configuration>
288 ntp-configuration make-ntp-configuration
289 ntp-configuration?
290 (ntp ntp-configuration-ntp
291 (default ntp))
dc0322b5
LC		 292 (servers ntp-configuration-servers)
293 (allow-large-adjustment? ntp-allow-large-adjustment?
294 (default #f)))
0adfe95a 295
d4053c71 296(define ntp-shepherd-service
0adfe95a 297 (match-lambda
dc0322b5 298 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
0adfe95a
LC		 299 (let ()
300 ;; TODO: Add authentication support.
301 (define config
1c6c0ad0 302 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
0adfe95a
LC		 303 (string-join (map (cut string-append "server " <>)
304 servers)
305 "\n")
306 "
63854bcb
LC		 307# Disable status queries as a workaround for CVE-2013-5211:
308# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
309restrict default kod nomodify notrap nopeer noquery
310restrict -6 default kod nomodify notrap nopeer noquery
311
312# Yet, allow use of the local 'ntpq'.
313restrict 127.0.0.1
314restrict -6 ::1\n"))
315
0adfe95a
LC		 316 (define ntpd.conf
317 (plain-file "ntpd.conf" config))
318
d4053c71 319 (list (shepherd-service
0adfe95a
LC		 320 (provision '(ntpd))
321 (documentation "Run the Network Time Protocol (NTP) daemon.")
322 (requirement '(user-processes networking))
323 (start #~(make-forkexec-constructor
324 (list (string-append #$ntp "/bin/ntpd") "-n"
dc0322b5
LC		 325 "-c" #$ntpd.conf "-u" "ntpd"
326 #$@(if allow-large-adjustment?
327 '("-g")
328 '()))))
0adfe95a
LC		 329 (stop #~(make-kill-destructor))))))))
330
331(define %ntp-accounts
332 (list (user-account
333 (name "ntpd")
334 (group "nogroup")
335 (system? #t)
336 (comment "NTP daemon user")
337 (home-directory "/var/empty")
9e41130b 338 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 339
1c6c0ad0
JD		 340
341(define (ntp-service-activation config)
342 "Return the activation gexp for CONFIG."
343 (with-imported-modules '((guix build utils))
344 #~(begin
e57bd0be 345 (use-modules (guix build utils))
1c6c0ad0
JD		 346 (define %user
347 (getpw "ntpd"))
348
349 (let ((directory "/var/run/ntpd"))
350 (mkdir-p directory)
351 (chown directory (passwd:uid %user) (passwd:gid %user))))))
352
0adfe95a
LC		 353(define ntp-service-type
354 (service-type (name 'ntp)
355 (extensions
d4053c71
AK		 356 (list (service-extension shepherd-root-service-type
357 ntp-shepherd-service)
0adfe95a 358 (service-extension account-service-type
1c6c0ad0
JD		 359 (const %ntp-accounts))
360 (service-extension activation-service-type
3f0de257
LC		 361 ntp-service-activation)))
362 (description
363 "Run the @command{ntpd}, the Network Time Protocol (NTP)
364daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
365will keep the system clock synchronized with that of the given servers.")))
0adfe95a
LC		 366
367(define* (ntp-service #:key (ntp ntp)
dc0322b5
LC		 368 (servers %ntp-servers)
369 allow-large-adjustment?)
0adfe95a
LC		 370 "Return a service that runs the daemon from @var{ntp}, the
371@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 372keep the system clock synchronized with that of @var{servers}.
373@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
374make an initial adjustment of more than 1,000 seconds."
0adfe95a 375 (service ntp-service-type
dc0322b5
LC		 376 (ntp-configuration (ntp ntp)
377 (servers servers)
378 (allow-large-adjustment?
379 allow-large-adjustment?))))
0adfe95a
LC		 380
381\f
16718b67
EF		 382;;;
383;;; OpenNTPD.
384;;;
385
386(define-record-type* <openntpd-configuration>
387 openntpd-configuration make-openntpd-configuration
388 openntpd-configuration?
389 (openntpd openntpd-configuration-openntpd
390 (default openntpd))
391 (listen-on openntpd-listen-on
392 (default '("127.0.0.1"
393 "::1")))
394 (query-from openntpd-query-from
395 (default '()))
396 (sensor openntpd-sensor
397 (default '()))
398 (server openntpd-server
399 (default %ntp-servers))
400 (servers openntpd-servers
401 (default '()))
402 (constraint-from openntpd-constraint-from
403 (default '()))
404 (constraints-from openntpd-constraints-from
405 (default '()))
406 (allow-large-adjustment? openntpd-allow-large-adjustment?
407 (default #f))) ; upstream default
408
409(define (openntpd-shepherd-service config)
410 (match-record config <openntpd-configuration>
411 (openntpd listen-on query-from sensor server servers constraint-from
412 constraints-from allow-large-adjustment?)
413 (let ()
414 (define config
415 (string-join
416 (filter-map
417 (lambda (field value)
418 (string-join
419 (map (cut string-append field <> "\n")
420 value)))
421 '("listen on " "query from " "sensor " "server " "servers "
422 "constraint from ")
423 (list listen-on query-from sensor server servers constraint-from))
424 ;; The 'constraints from' field needs to be enclosed in double quotes.
425 (string-join
426 (map (cut string-append "constraints from \"" <> "\"\n")
427 constraints-from))))
428
429 (define ntpd.conf
430 (plain-file "ntpd.conf" config))
431
432 (list (shepherd-service
433 (provision '(ntpd))
434 (documentation "Run the Network Time Protocol (NTP) daemon.")
435 (requirement '(user-processes networking))
436 (start #~(make-forkexec-constructor
437 (list (string-append #$openntpd "/sbin/ntpd")
438 "-f" #$ntpd.conf
439 "-d" ;; don't daemonize
440 #$@(if allow-large-adjustment?
441 '("-s")
442 '()))
443 ;; When ntpd is daemonized it repeatedly tries to respawn
444 ;; while running, leading shepherd to disable it. To
445 ;; prevent spamming stderr, redirect output to logfile.
446 #:log-file "/var/log/ntpd"))
447 (stop #~(make-kill-destructor)))))))
448
449(define (openntpd-service-activation config)
450 "Return the activation gexp for CONFIG."
451 (with-imported-modules '((guix build utils))
452 #~(begin
453 (use-modules (guix build utils))
454
455 (mkdir-p "/var/db")
456 (mkdir-p "/var/run")
457 (unless (file-exists? "/var/db/ntpd.drift")
458 (with-output-to-file "/var/db/ntpd.drift"
459 (lambda _
460 (format #t "0.0")))))))
461
462(define openntpd-service-type
463 (service-type (name 'openntpd)
464 (extensions
465 (list (service-extension shepherd-root-service-type
466 openntpd-shepherd-service)
467 (service-extension account-service-type
468 (const %ntp-accounts))
19f20f4f
EF		 469 (service-extension profile-service-type
470 (compose list openntpd-configuration-openntpd))
16718b67
EF		 471 (service-extension activation-service-type
472 openntpd-service-activation)))
473 (default-value (openntpd-configuration))
474 (description
475 "Run the @command{ntpd}, the Network Time Protocol (NTP)
476daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
477daemon will keep the system clock synchronized with that of the given servers.")))
478
479\f
9260b9d1
TD		 480;;;
481;;; Inetd.
482;;;
483
484(define-record-type* <inetd-configuration> inetd-configuration
485 make-inetd-configuration
486 inetd-configuration?
487 (program inetd-configuration-program ;file-like
488 (default (file-append inetutils "/libexec/inetd")))
489 (entries inetd-configuration-entries ;list of <inetd-entry>
490 (default '())))
491
492(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
493 inetd-entry?
494 (node inetd-entry-node ;string or #f
495 (default #f))
496 (name inetd-entry-name) ;string, from /etc/services
497
498 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
499 ;rdm | seqpacket
500 (protocol inetd-entry-protocol) ;string, from /etc/protocols
501
502 (wait? inetd-entry-wait? ;Boolean
503 (default #t))
504 (user inetd-entry-user) ;string
505
506 (program inetd-entry-program ;string or file-like object
507 (default "internal"))
508 (arguments inetd-entry-arguments ;list of strings or file-like objects
509 (default '())))
510
511(define (inetd-config-file entries)
512 (apply mixed-text-file "inetd.conf"
513 (map
514 (lambda (entry)
515 (let* ((node (inetd-entry-node entry))
516 (name (inetd-entry-name entry))
517 (socket
518 (if node (string-append node ":" name) name))
519 (type
520 (match (inetd-entry-socket-type entry)
521 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
522 (symbol->string (inetd-entry-socket-type entry)))))
523 (protocol (inetd-entry-protocol entry))
524 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
525 (user (inetd-entry-user entry))
526 (program (inetd-entry-program entry))
527 (args (inetd-entry-arguments entry)))
528 #~(string-append
529 (string-join
530 (list #$@(list socket type protocol wait user program) #$@args)
531 " ") "\n")))
532 entries)))
533
534(define inetd-shepherd-service
535 (match-lambda
536 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
537 (($ <inetd-configuration> program entries)
538 (list
539 (shepherd-service
540 (documentation "Run inetd.")
541 (provision '(inetd))
542 (requirement '(user-processes networking syslogd))
543 (start #~(make-forkexec-constructor
544 (list #$program #$(inetd-config-file entries))
545 #:pid-file "/var/run/inetd.pid"))
546 (stop #~(make-kill-destructor)))))))
547
548(define-public inetd-service-type
549 (service-type
550 (name 'inetd)
551 (extensions
552 (list (service-extension shepherd-root-service-type
553 inetd-shepherd-service)))
554
555 ;; The service can be extended with additional lists of entries.
556 (compose concatenate)
557 (extend (lambda (config entries)
558 (inetd-configuration
559 (inherit config)
560 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 561 entries)))))
562 (description
563 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
564for listening on Internet sockets and spawning the corresponding services on
565demand.")))
9260b9d1
TD		 566
567\f
0adfe95a
LC		 568;;;
569;;; Tor.
570;;;
571
6331bde7
LC		 572(define-record-type* <tor-configuration>
573 tor-configuration make-tor-configuration
574 tor-configuration?
575 (tor tor-configuration-tor
576 (default tor))
3d3c5650
LC		 577 (config-file tor-configuration-config-file
578 (default (plain-file "empty" "")))
6331bde7 579 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 580 (default '()))
581 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
582 (default 'tcp)))
6331bde7 583
0adfe95a
LC		 584(define %tor-accounts
585 ;; User account and groups for Tor.
586 (list (user-group (name "tor") (system? #t))
587 (user-account
588 (name "tor")
589 (group "tor")
590 (system? #t)
591 (comment "Tor daemon user")
592 (home-directory "/var/empty")
9e41130b 593 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 594
6331bde7
LC		 595(define-record-type <hidden-service>
596 (hidden-service name mapping)
597 hidden-service?
598 (name hidden-service-name) ;string
599 (mapping hidden-service-mapping)) ;list of port/address tuples
600
601(define (tor-configuration->torrc config)
602 "Return a 'torrc' file for CONFIG."
603 (match config
3bcb305b 604 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 605 (computed-file
606 "torrc"
4ee96a79
LC		 607 (with-imported-modules '((guix build utils))
608 #~(begin
609 (use-modules (guix build utils)
610 (ice-9 match))
611
612 (call-with-output-file #$output
613 (lambda (port)
614 (display "\
0975ca3f 615### These lines were generated from your system configuration:
5ee35eb7 616User tor
6629099a 617DataDirectory /var/lib/tor
5dfd80e1 618PidFile /var/run/tor/tor.pid
5ee35eb7 619Log notice syslog\n" port)
3bcb305b
CM		 620 (when (eq? 'unix '#$socks-socket-type)
621 (display "\
622SocksPort unix:/var/run/tor/socks-sock
623UnixSocksGroupWritable 1\n" port))
6331bde7 624
4ee96a79
LC		 625 (for-each (match-lambda
626 ((service (ports hosts) ...)
627 (format port "\
6629099a 628HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 629 service)
630 (for-each (lambda (tcp-port host)
631 (format port "\
6331bde7 632HiddenServicePort ~a ~a~%"
4ee96a79
LC		 633 tcp-port host))
634 ports hosts)))
635 '#$(map (match-lambda
636 (($ <hidden-service> name mapping)
637 (cons name mapping)))
638 services))
639
0975ca3f
TGR		 640 (display "\
641### End of automatically generated lines.\n\n" port)
642
4ee96a79
LC		 643 ;; Append the user's config file.
644 (call-with-input-file #$config-file
645 (lambda (input)
646 (dump-port input port)))
647 #t))))))))
6331bde7 648
d4053c71 649(define (tor-shepherd-service config)
5dfd80e1 650 "Return a <shepherd-service> running Tor."
375c6108 651 (match config
6331bde7
LC		 652 (($ <tor-configuration> tor)
653 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 654 (with-imported-modules (source-module-closure
655 '((gnu build shepherd)
656 (gnu system file-systems)))
657 (list (shepherd-service
658 (provision '(tor))
659
660 ;; Tor needs at least one network interface to be up, hence the
661 ;; dependency on 'loopback'.
662 (requirement '(user-processes loopback syslogd))
663
664 (modules '((gnu build shepherd)
665 (gnu system file-systems)))
666
667 (start #~(make-forkexec-constructor/container
668 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
669
670 #:mappings (list (file-system-mapping
671 (source "/var/lib/tor")
672 (target source)
673 (writable? #t))
674 (file-system-mapping
675 (source "/dev/log") ;for syslog
5dfd80e1
CM		 676 (target source))
677 (file-system-mapping
678 (source "/var/run/tor")
679 (target source)
680 (writable? #t)))
681 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 682 (stop #~(make-kill-destructor))
683 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 684
d973915e 685(define (tor-activation config)
5dfd80e1 686 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 687 #~(begin
688 (use-modules (guix build utils))
689
6629099a
LC		 690 (define %user
691 (getpw "tor"))
692
6331bde7 693 (define (initialize service)
6629099a
LC		 694 (let ((directory (string-append "/var/lib/tor/hidden-services/"
695 service)))
6331bde7 696 (mkdir-p directory)
6629099a 697 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 698
699 ;; The daemon bails out if we give wider permissions.
700 (chmod directory #o700)))
701
5dfd80e1
CM		 702 ;; Allow Tor to write its PID file.
703 (mkdir-p "/var/run/tor")
704 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
705 ;; Set the group permissions to rw so that if the system administrator
706 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
707 ;; of the "tor" group will be able to use the SOCKS socket.
708 (chmod "/var/run/tor" #o750)
709
710 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 711 (mkdir-p "/var/lib/tor")
712 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
713 (chmod "/var/lib/tor" #o700)
714
ba9f0db0
LC		 715 ;; Make sure /var/lib is accessible to the 'tor' user.
716 (chmod "/var/lib" #o755)
717
6331bde7
LC		 718 (for-each initialize
719 '#$(map hidden-service-name
720 (tor-configuration-hidden-services config)))))
721
0adfe95a
LC		 722(define tor-service-type
723 (service-type (name 'tor)
724 (extensions
d4053c71
AK		 725 (list (service-extension shepherd-root-service-type
726 tor-shepherd-service)
0adfe95a 727 (service-extension account-service-type
6331bde7
LC		 728 (const %tor-accounts))
729 (service-extension activation-service-type
d973915e 730 tor-activation)))
6331bde7
LC		 731
732 ;; This can be extended with hidden services.
733 (compose concatenate)
734 (extend (lambda (config services)
735 (tor-configuration
736 (inherit config)
737 (hidden-services
738 (append (tor-configuration-hidden-services config)
3d3c5650 739 services)))))
3f0de257
LC		 740 (default-value (tor-configuration))
741 (description
742 "Run the @uref{https://torproject.org, Tor} anonymous
743networking daemon.")))
63854bcb 744
375c6108
LC		 745(define* (tor-service #:optional
746 (config-file (plain-file "empty" ""))
747 #:key (tor tor))
748 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
749networking daemon.
927097ef 750
375c6108 751The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 752@var{config-file}, a file-like object, with an additional @code{User tor} line
753and lines for hidden services added via @code{tor-hidden-service}. Run
754@command{man tor} for information about the configuration file."
755 (service tor-service-type
756 (tor-configuration (tor tor)
757 (config-file config-file))))
758
759(define tor-hidden-service-type
760 ;; A type that extends Tor with hidden services.
761 (service-type (name 'tor-hidden-service)
762 (extensions
3f0de257
LC		 763 (list (service-extension tor-service-type list)))
764 (description
765 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 766
767(define (tor-hidden-service name mapping)
768 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
769@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
770
771@example
772 '((22 \"127.0.0.1:22\")
773 (80 \"127.0.0.1:8080\"))
774@end example
775
776In this example, port 22 of the hidden service is mapped to local port 22, and
777port 80 is mapped to local port 8080.
778
6629099a
LC		 779This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
780the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 781service.
782
783See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
784project's documentation} for more information."
785 (service tor-hidden-service-type
786 (hidden-service name mapping)))
0adfe95a
LC		 787
788\f
0adfe95a
LC		 789;;;
790;;; Wicd.
791;;;
792
793(define %wicd-activation
794 ;; Activation gexp for Wicd.
795 #~(begin
796 (use-modules (guix build utils))
797
798 (mkdir-p "/etc/wicd")
799 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
800 (unless (file-exists? file-name)
801 (copy-file (string-append #$wicd file-name)
69323016
LC		 802 file-name)))
803
804 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
805 ;; named socket files.
806 (mkdir-p "/var/run/wpa_supplicant")
807 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 808
d4053c71
AK		 809(define (wicd-shepherd-service wicd)
810 "Return a shepherd service for WICD."
811 (list (shepherd-service
0adfe95a
LC		 812 (documentation "Run the Wicd network manager.")
813 (provision '(networking))
814 (requirement '(user-processes dbus-system loopback))
815 (start #~(make-forkexec-constructor
816 (list (string-append #$wicd "/sbin/wicd")
817 "--no-daemon")))
818 (stop #~(make-kill-destructor)))))
819
820(define wicd-service-type
821 (service-type (name 'wicd)
822 (extensions
d4053c71
AK		 823 (list (service-extension shepherd-root-service-type
824 wicd-shepherd-service)
0adfe95a
LC		 825 (service-extension dbus-root-service-type
826 list)
827 (service-extension activation-service-type
87f40011
LC		 828 (const %wicd-activation))
829
830 ;; Add Wicd to the global profile.
3f0de257
LC		 831 (service-extension profile-service-type list)))
832 (description
833 "Run @url{https://launchpad.net/wicd,Wicd}, a network
834management daemon that aims to simplify wired and wireless networking.")))
4627a464 835
b7d0c494
MW		 836(define* (wicd-service #:key (wicd wicd))
837 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 838management daemon that aims to simplify wired and wireless networking.
839
840This service adds the @var{wicd} package to the global profile, providing
841several commands to interact with the daemon and configure networking:
842@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
843and @command{wicd-curses} user interfaces."
0adfe95a 844 (service wicd-service-type wicd))
b7d0c494 845
7234ad4f 846\f
d94e81db
DM		 847;;;
848;;; ModemManager
849;;;
850
851(define-record-type* <modem-manager-configuration>
852 modem-manager-configuration make-modem-manager-configuration
853 modem-manager-configuration?
854 (modem-manager modem-manager-configuration-modem-manager
855 (default modem-manager)))
856
857\f
7234ad4f
SB		 858;;;
859;;; NetworkManager
860;;;
861
b726096b
CB		 862(define-record-type* <network-manager-configuration>
863 network-manager-configuration make-network-manager-configuration
864 network-manager-configuration?
865 (network-manager network-manager-configuration-network-manager
866 (default network-manager))
867 (dns network-manager-configuration-dns
94d2a250
LC		 868 (default "default"))
869 (vpn-plugins network-manager-vpn-plugins ;list of <package>
870 (default '())))
b726096b 871
7234ad4f
SB		 872(define %network-manager-activation
873 ;; Activation gexp for NetworkManager.
874 #~(begin
875 (use-modules (guix build utils))
876 (mkdir-p "/etc/NetworkManager/system-connections")))
877
94d2a250
LC		 878(define (vpn-plugin-directory plugins)
879 "Return a directory containing PLUGINS, the NM VPN plugins."
880 (directory-union "network-manager-vpn-plugins" plugins))
881
882(define network-manager-environment
883 (match-lambda
884 (($ <network-manager-configuration> network-manager dns vpn-plugins)
885 ;; Define this variable in the global environment such that
886 ;; "nmcli connection import type openvpn file foo.ovpn" works.
887 `(("NM_VPN_PLUGIN_DIR"
888 . ,(file-append (vpn-plugin-directory vpn-plugins)
889 "/lib/NetworkManager/VPN"))))))
890
b726096b
CB		 891(define network-manager-shepherd-service
892 (match-lambda
94d2a250
LC		 893 (($ <network-manager-configuration> network-manager dns vpn-plugins)
894 (let ((conf (plain-file "NetworkManager.conf"
895 (string-append "[main]\ndns=" dns "\n")))
896 (vpn (vpn-plugin-directory vpn-plugins)))
897 (list (shepherd-service
898 (documentation "Run the NetworkManager.")
899 (provision '(networking))
900 (requirement '(user-processes dbus-system wpa-supplicant loopback))
901 (start #~(make-forkexec-constructor
902 (list (string-append #$network-manager
903 "/sbin/NetworkManager")
904 (string-append "--config=" #$conf)
905 "--no-daemon")
906 #:environment-variables
907 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
908 "/lib/NetworkManager/VPN"))))
909 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 910
911(define network-manager-service-type
b726096b
CB		 912 (let
913 ((config->package
914 (match-lambda
915 (($ <network-manager-configuration> network-manager)
916 (list network-manager)))))
917
918 (service-type
919 (name 'network-manager)
920 (extensions
921 (list (service-extension shepherd-root-service-type
922 network-manager-shepherd-service)
923 (service-extension dbus-root-service-type config->package)
924 (service-extension polkit-service-type config->package)
925 (service-extension activation-service-type
926 (const %network-manager-activation))
94d2a250
LC		 927 (service-extension session-environment-service-type
928 network-manager-environment)
b726096b 929 ;; Add network-manager to the system profile.
44fa0dbe 930 (service-extension profile-service-type config->package)))
3f0de257
LC		 931 (default-value (network-manager-configuration))
932 (description
933 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
934NetworkManager}, a network management daemon that aims to simplify wired and
935wireless networking."))))
7234ad4f 936
76192896
EF		 937\f
938;;;
939;;; Connman
940;;;
941
34d60c49
MO		 942(define-record-type* <connman-configuration>
943 connman-configuration make-connman-configuration
944 connman-configuration?
945 (connman connman-configuration-connman
946 (default connman))
947 (disable-vpn? connman-configuration-disable-vpn?
948 (default #f)))
949
950(define (connman-activation config)
951 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
952 (with-imported-modules '((guix build utils))
953 #~(begin
954 (use-modules (guix build utils))
955 (mkdir-p "/var/lib/connman/")
956 (unless #$disable-vpn?
957 (mkdir-p "/var/lib/connman-vpn/"))))))
958
959(define (connman-shepherd-service config)
76192896 960 "Return a shepherd service for Connman"
34d60c49
MO		 961 (and
962 (connman-configuration? config)
963 (let ((connman (connman-configuration-connman config))
964 (disable-vpn? (connman-configuration-disable-vpn? config)))
965 (list (shepherd-service
966 (documentation "Run Connman")
967 (provision '(networking))
968 (requirement
969 '(user-processes dbus-system loopback wpa-supplicant))
970 (start #~(make-forkexec-constructor
971 (list (string-append #$connman
972 "/sbin/connmand")
973 "-n" "-r"
974 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
975 (stop #~(make-kill-destructor)))))))
76192896
EF		 976
977(define connman-service-type
34d60c49
MO		 978 (let ((connman-package (compose list connman-configuration-connman)))
979 (service-type (name 'connman)
980 (extensions
981 (list (service-extension shepherd-root-service-type
982 connman-shepherd-service)
d8ac7987
EF		 983 (service-extension polkit-service-type
984 connman-package)
34d60c49
MO		 985 (service-extension dbus-root-service-type
986 connman-package)
987 (service-extension activation-service-type
988 connman-activation)
989 ;; Add connman to the system profile.
990 (service-extension profile-service-type
3f0de257 991 connman-package)))
9b0e5146 992 (default-value (connman-configuration))
3f0de257
LC		 993 (description
994 "Run @url{https://01.org/connman,Connman},
995a network connection manager."))))
2cccbc2a
 996
997\f
d94e81db
DM		 998;;;
999;;; Modem manager
1000;;;
1001
1002(define modem-manager-service-type
1003 (let ((config->package
1004 (match-lambda
1005 (($ <modem-manager-configuration> modem-manager)
1006 (list modem-manager)))))
1007 (service-type (name 'modem-manager)
1008 (extensions
1009 (list (service-extension dbus-root-service-type
1010 config->package)
1011 (service-extension udev-service-type
1012 config->package)
1013 (service-extension polkit-service-type
1014 config->package)))
1015 (default-value (modem-manager-configuration))
1016 (description
1017 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1018ModemManager}, a modem management daemon that aims to simplify dialup
1019networking."))))
1020
1021\f
2cccbc2a
 1022;;;
1023;;; WPA supplicant
1024;;;
1025
1026
1027(define (wpa-supplicant-shepherd-service wpa-supplicant)
1028 "Return a shepherd service for wpa_supplicant"
1029 (list (shepherd-service
1030 (documentation "Run WPA supplicant with dbus interface")
1031 (provision '(wpa-supplicant))
1032 (requirement '(user-processes dbus-system loopback))
1033 (start #~(make-forkexec-constructor
1034 (list (string-append #$wpa-supplicant
1035 "/sbin/wpa_supplicant")
1036 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1037 #:pid-file "/var/run/wpa_supplicant.pid"))
1038 (stop #~(make-kill-destructor)))))
1039
1040(define wpa-supplicant-service-type
1041 (service-type (name 'wpa-supplicant)
1042 (extensions
1043 (list (service-extension shepherd-root-service-type
1044 wpa-supplicant-shepherd-service)
1045 (service-extension dbus-root-service-type list)
3d3c5650
LC		 1046 (service-extension profile-service-type list)))
1047 (default-value wpa-supplicant)))
2cccbc2a 1048
c32d02fe
SB		 1049\f
1050;;;
1051;;; Open vSwitch
1052;;;
1053
1054(define-record-type* <openvswitch-configuration>
1055 openvswitch-configuration make-openvswitch-configuration
1056 openvswitch-configuration?
1057 (package openvswitch-configuration-package
1058 (default openvswitch)))
1059
1060(define openvswitch-activation
1061 (match-lambda
1062 (($ <openvswitch-configuration> package)
1063 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1064 (with-imported-modules '((guix build utils))
1065 #~(begin
1066 (use-modules (guix build utils))
1067 (mkdir-p "/var/run/openvswitch")
1068 (mkdir-p "/var/lib/openvswitch")
1069 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1070 (unless (file-exists? conf.db)
1071 (system* #$ovsdb-tool "create" conf.db)))))))))
1072
1073(define openvswitch-shepherd-service
1074 (match-lambda
1075 (($ <openvswitch-configuration> package)
1076 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1077 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1078 (list
1079 (shepherd-service
1080 (provision '(ovsdb))
1081 (documentation "Run the Open vSwitch database server.")
1082 (start #~(make-forkexec-constructor
1083 (list #$ovsdb-server "--pidfile"
1084 "--remote=punix:/var/run/openvswitch/db.sock")
1085 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1086 (stop #~(make-kill-destructor)))
1087 (shepherd-service
1088 (provision '(vswitchd))
1089 (requirement '(ovsdb))
1090 (documentation "Run the Open vSwitch daemon.")
1091 (start #~(make-forkexec-constructor
1092 (list #$ovs-vswitchd "--pidfile")
1093 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1094 (stop #~(make-kill-destructor))))))))
1095
1096(define openvswitch-service-type
1097 (service-type
1098 (name 'openvswitch)
1099 (extensions
1100 (list (service-extension activation-service-type
1101 openvswitch-activation)
1102 (service-extension profile-service-type
1103 (compose list openvswitch-configuration-package))
1104 (service-extension shepherd-root-service-type
3f0de257
LC		 1105 openvswitch-shepherd-service)))
1106 (description
1107 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1108switch designed to enable massive network automation through programmatic
1109extension.")))
c32d02fe 1110
db4fdc04 1111;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/