HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: gajim: Add python2-axolotl to inputs.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
69323016 2;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
76192896 4;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
db4fdc04
LC		 8;;;
9;;; This file is part of GNU Guix.
10;;;
11;;; GNU Guix is free software; you can redistribute it and/or modify it
12;;; under the terms of the GNU General Public License as published by
13;;; the Free Software Foundation; either version 3 of the License, or (at
14;;; your option) any later version.
15;;;
16;;; GNU Guix is distributed in the hope that it will be useful, but
17;;; WITHOUT ANY WARRANTY; without even the implied warranty of
18;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19;;; GNU General Public License for more details.
20;;;
21;;; You should have received a copy of the GNU General Public License
22;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
23
24(define-module (gnu services networking)
25 #:use-module (gnu services)
0190c1c0 26 #:use-module (gnu services shepherd)
0adfe95a 27 #:use-module (gnu services dbus)
927097ef 28 #:use-module (gnu system shadow)
6e828634 29 #:use-module (gnu system pam)
db4fdc04 30 #:use-module (gnu packages admin)
76192896 31 #:use-module (gnu packages connman)
db4fdc04 32 #:use-module (gnu packages linux)
927097ef 33 #:use-module (gnu packages tor)
4627a464 34 #:use-module (gnu packages messaging)
c32d02fe 35 #:use-module (gnu packages networking)
63854bcb 36 #:use-module (gnu packages ntp)
b7d0c494 37 #:use-module (gnu packages wicd)
7234ad4f 38 #:use-module (gnu packages gnome)
b5f4e686 39 #:use-module (guix gexp)
0adfe95a 40 #:use-module (guix records)
a062b6ca 41 #:use-module (guix modules)
6331bde7
LC		 42 #:use-module (srfi srfi-1)
43 #:use-module (srfi srfi-9)
63854bcb 44 #:use-module (srfi srfi-26)
0adfe95a 45 #:use-module (ice-9 match)
fa0c1d61 46 #:export (%facebook-host-aliases
24e96431 47 static-networking
8de3e4b3
LC		 48
49 static-networking?
50 static-networking-interface
51 static-networking-ip
52 static-networking-netmask
53 static-networking-gateway
54
fa0c1d61 55 static-networking-service
24e96431 56 static-networking-service-type
a023cca8 57 dhcp-client-service
63854bcb 58 %ntp-servers
24e96431
 59
60 ntp-configuration
61 ntp-configuration?
63854bcb 62 ntp-service
24e96431
 63 ntp-service-type
64
9260b9d1
TD		 65 inetd-configuration
66 inetd-entry
67 inetd-service-type
68
24e96431
 69 tor-configuration
70 tor-configuration?
6331bde7 71 tor-hidden-service
4627a464 72 tor-service
24e96431
 73 tor-service-type
74
75 bitlbee-configuration
76 bitlbee-configuration?
b7d0c494 77 bitlbee-service
24e96431
 78 bitlbee-service-type
79
e48fcd7b 80 wicd-service-type
7234ad4f 81 wicd-service
b726096b
CB		 82
83 network-manager-configuration
84 network-manager-configuration?
85 network-manager-configuration-dns
86 network-manager-service-type
87
34d60c49
MO		 88 connman-configuration
89 connman-configuration?
90 connman-service-type
91
c32d02fe
SB		 92 wpa-supplicant-service-type
93
94 openvswitch-service-type
95 openvswitch-configuration))
db4fdc04
LC		 96
97;;; Commentary:
98;;;
99;;; Networking services.
100;;;
101;;; Code:
102
fa0c1d61
LC		 103(define %facebook-host-aliases
104 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
105 ;; are to block it.
106 "\
107# Block Facebook IPv4.
108127.0.0.1 www.facebook.com
109127.0.0.1 facebook.com
110127.0.0.1 login.facebook.com
111127.0.0.1 www.login.facebook.com
112127.0.0.1 fbcdn.net
113127.0.0.1 www.fbcdn.net
114127.0.0.1 fbcdn.com
115127.0.0.1 www.fbcdn.com
116127.0.0.1 static.ak.fbcdn.net
117127.0.0.1 static.ak.connect.facebook.com
118127.0.0.1 connect.facebook.net
119127.0.0.1 www.connect.facebook.net
120127.0.0.1 apps.facebook.com
121
122# Block Facebook IPv6.
123fe80::1%lo0 facebook.com
124fe80::1%lo0 login.facebook.com
125fe80::1%lo0 www.login.facebook.com
126fe80::1%lo0 fbcdn.net
127fe80::1%lo0 www.fbcdn.net
128fe80::1%lo0 fbcdn.com
129fe80::1%lo0 www.fbcdn.com
130fe80::1%lo0 static.ak.fbcdn.net
131fe80::1%lo0 static.ak.connect.facebook.com
132fe80::1%lo0 connect.facebook.net
133fe80::1%lo0 www.connect.facebook.net
134fe80::1%lo0 apps.facebook.com\n")
135
136
0adfe95a
LC		 137(define-record-type* <static-networking>
138 static-networking make-static-networking
139 static-networking?
140 (interface static-networking-interface)
141 (ip static-networking-ip)
1f9803c2
LC		 142 (netmask static-networking-netmask
143 (default #f))
8de3e4b3
LC		 144 (gateway static-networking-gateway ;FIXME: doesn't belong here
145 (default #f))
146 (provision static-networking-provision
147 (default #f))
148 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
149 (default '())))
150
151(define static-networking-shepherd-service
152 (match-lambda
153 (($ <static-networking> interface ip netmask gateway provision
154 name-servers)
155 (let ((loopback? (and provision (memq 'loopback provision))))
156 (shepherd-service
157
158 ;; Unless we're providing the loopback interface, wait for udev to be up
159 ;; and running so that INTERFACE is actually usable.
160 (requirement (if loopback? '() '(udev)))
161
162 (documentation
163 "Bring up the networking interface using a static IP address.")
164 (provision (or provision
165 (list (symbol-append 'networking-
166 (string->symbol interface)))))
167
168 (start #~(lambda _
169 ;; Return #t if successfully started.
170 (let* ((addr (inet-pton AF_INET #$ip))
171 (sockaddr (make-socket-address AF_INET addr 0))
172 (mask (and #$netmask
173 (inet-pton AF_INET #$netmask)))
174 (maskaddr (and mask
175 (make-socket-address AF_INET
176 mask 0)))
177 (gateway (and #$gateway
178 (inet-pton AF_INET #$gateway)))
179 (gatewayaddr (and gateway
180 (make-socket-address AF_INET
181 gateway 0))))
182 (configure-network-interface #$interface sockaddr
183 (logior IFF_UP
184 #$(if loopback?
185 #~IFF_LOOPBACK
186 0))
187 #:netmask maskaddr)
188 (when gateway
189 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
190 (add-network-route/gateway sock gatewayaddr)
191 (close-port sock))))))
192 (stop #~(lambda _
193 ;; Return #f is successfully stopped.
194 (let ((sock (socket AF_INET SOCK_STREAM 0)))
195 (when #$gateway
196 (delete-network-route sock
197 (make-socket-address
198 AF_INET INADDR_ANY 0)))
199 (set-network-interface-flags sock #$interface 0)
200 (close-port sock)
201 #f)))
202 (respawn? #f))))))
203
204(define (static-networking-etc-files interfaces)
205 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
206 (match (delete-duplicates
207 (append-map static-networking-name-servers
208 interfaces))
209 (()
210 '())
211 ((name-servers ...)
212 (let ((content (string-join
213 (map (cut string-append "nameserver " <>)
214 name-servers)
215 "\n" 'suffix)))
216 `(("resolv.conf"
217 ,(plain-file "resolv.conf"
218 (string-append "\
219# Generated by 'static-networking-service'.\n"
220 content))))))))
221
222(define (static-networking-shepherd-services interfaces)
223 "Return the list of Shepherd services to bring up INTERFACES, a list of
224<static-networking> objects."
225 (define (loopback? service)
226 (memq 'loopback (shepherd-service-provision service)))
227
228 (let ((services (map static-networking-shepherd-service interfaces)))
229 (match (remove loopback? services)
230 (()
231 ;; There's no interface other than 'loopback', so we assume that the
232 ;; 'networking' service will be provided by dhclient or similar.
233 services)
234 ((non-loopback ...)
235 ;; Assume we're providing all the interfaces, and thus, provide a
236 ;; 'networking' service.
237 (cons (shepherd-service
238 (provision '(networking))
239 (requirement (append-map shepherd-service-provision
240 services))
241 (start #~(const #t))
242 (stop #~(const #f))
243 (documentation "Bring up all the networking interfaces."))
244 services)))))
0adfe95a
LC		 245
246(define static-networking-service-type
8de3e4b3
LC		 247 ;; The service type for statically-defined network interfaces.
248 (service-type (name 'static-networking)
249 (extensions
250 (list
251 (service-extension shepherd-root-service-type
252 static-networking-shepherd-services)
253 (service-extension etc-service-type
254 static-networking-etc-files)))
255 (compose concatenate)
3f0de257
LC		 256 (extend append)
257 (description
258 "Turn up the specified network interfaces upon startup,
259with the given IP address, gateway, netmask, and so on. The value for
260services of this type is a list of @code{static-networking} objects, one per
261network interface.")))
0adfe95a 262
db4fdc04
LC		 263(define* (static-networking-service interface ip
264 #:key
8de3e4b3 265 netmask gateway provision
b3131e23 266 (name-servers '()))
51da7ca0 267 "Return a service that starts @var{interface} with address @var{ip}. If
1f9803c2 268@var{netmask} is true, use it as the network mask. If @var{gateway} is true,
8de3e4b3
LC		 269it must be a string specifying the default network gateway.
270
271This procedure can be called several times, one for each network
272interface of interest. Behind the scenes what it does is extend
273@code{static-networking-service-type} with additional network interfaces
274to handle."
275 (simple-service 'static-network-interface
276 static-networking-service-type
277 (list (static-networking (interface interface) (ip ip)
278 (netmask netmask) (gateway gateway)
279 (provision provision)
280 (name-servers name-servers)))))
0adfe95a
LC		 281
282(define dhcp-client-service-type
d4053c71 283 (shepherd-service-type
00184239 284 'dhcp-client
0adfe95a
LC		 285 (lambda (dhcp)
286 (define dhclient
9e41130b 287 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 288
289 (define pid-file
290 "/var/run/dhclient.pid")
291
d4053c71 292 (shepherd-service
0adfe95a
LC		 293 (documentation "Set up networking via DHCP.")
294 (requirement '(user-processes udev))
295
296 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
297 ;; networking is unavailable, but also means that the interface is not up
298 ;; yet when 'start' completes. To wait for the interface to be ready, one
299 ;; should instead monitor udev events.
300 (provision '(networking))
301
302 (start #~(lambda _
303 ;; When invoked without any arguments, 'dhclient' discovers all
304 ;; non-loopback interfaces *that are up*. However, the relevant
305 ;; interfaces are typically down at this point. Thus we perform
306 ;; our own interface discovery here.
307 (define valid?
308 (negate loopback-network-interface?))
309 (define ifaces
310 (filter valid? (all-network-interface-names)))
311
312 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
313 ;; actually send/receive over them.
314 (for-each set-network-interface-up ifaces)
315
316 (false-if-exception (delete-file #$pid-file))
317 (let ((pid (fork+exec-command
318 (cons* #$dhclient "-nw"
319 "-pf" #$pid-file ifaces))))
320 (and (zero? (cdr (waitpid pid)))
321 (let loop ()
322 (catch 'system-error
323 (lambda ()
324 (call-with-input-file #$pid-file read))
325 (lambda args
326 ;; 'dhclient' returned before PID-FILE was created,
327 ;; so try again.
328 (let ((errno (system-error-errno args)))
329 (if (= ENOENT errno)
330 (begin
331 (sleep 1)
332 (loop))
333 (apply throw args))))))))))
334 (stop #~(make-kill-destructor))))))
db4fdc04 335
a023cca8
LC		 336(define* (dhcp-client-service #:key (dhcp isc-dhcp))
337 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
338Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 339 (service dhcp-client-service-type dhcp))
a023cca8 340
63854bcb 341(define %ntp-servers
57f57a7b
LF		 342 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
343 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
344 ;; for this NTP pool "zone".
345 '("0.guix.pool.ntp.org"
346 "1.guix.pool.ntp.org"
347 "2.guix.pool.ntp.org"
348 "3.guix.pool.ntp.org"))
63854bcb 349
0adfe95a
LC		 350\f
351;;;
352;;; NTP.
353;;;
354
355;; TODO: Export.
356(define-record-type* <ntp-configuration>
357 ntp-configuration make-ntp-configuration
358 ntp-configuration?
359 (ntp ntp-configuration-ntp
360 (default ntp))
dc0322b5
LC		 361 (servers ntp-configuration-servers)
362 (allow-large-adjustment? ntp-allow-large-adjustment?
363 (default #f)))
0adfe95a 364
d4053c71 365(define ntp-shepherd-service
0adfe95a 366 (match-lambda
dc0322b5 367 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
0adfe95a
LC		 368 (let ()
369 ;; TODO: Add authentication support.
370 (define config
1c6c0ad0 371 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
0adfe95a
LC		 372 (string-join (map (cut string-append "server " <>)
373 servers)
374 "\n")
375 "
63854bcb
LC		 376# Disable status queries as a workaround for CVE-2013-5211:
377# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
378restrict default kod nomodify notrap nopeer noquery
379restrict -6 default kod nomodify notrap nopeer noquery
380
381# Yet, allow use of the local 'ntpq'.
382restrict 127.0.0.1
383restrict -6 ::1\n"))
384
0adfe95a
LC		 385 (define ntpd.conf
386 (plain-file "ntpd.conf" config))
387
d4053c71 388 (list (shepherd-service
0adfe95a
LC		 389 (provision '(ntpd))
390 (documentation "Run the Network Time Protocol (NTP) daemon.")
391 (requirement '(user-processes networking))
392 (start #~(make-forkexec-constructor
393 (list (string-append #$ntp "/bin/ntpd") "-n"
dc0322b5
LC		 394 "-c" #$ntpd.conf "-u" "ntpd"
395 #$@(if allow-large-adjustment?
396 '("-g")
397 '()))))
0adfe95a
LC		 398 (stop #~(make-kill-destructor))))))))
399
400(define %ntp-accounts
401 (list (user-account
402 (name "ntpd")
403 (group "nogroup")
404 (system? #t)
405 (comment "NTP daemon user")
406 (home-directory "/var/empty")
9e41130b 407 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 408
1c6c0ad0
JD		 409
410(define (ntp-service-activation config)
411 "Return the activation gexp for CONFIG."
412 (with-imported-modules '((guix build utils))
413 #~(begin
e57bd0be 414 (use-modules (guix build utils))
1c6c0ad0
JD		 415 (define %user
416 (getpw "ntpd"))
417
418 (let ((directory "/var/run/ntpd"))
419 (mkdir-p directory)
420 (chown directory (passwd:uid %user) (passwd:gid %user))))))
421
0adfe95a
LC		 422(define ntp-service-type
423 (service-type (name 'ntp)
424 (extensions
d4053c71
AK		 425 (list (service-extension shepherd-root-service-type
426 ntp-shepherd-service)
0adfe95a 427 (service-extension account-service-type
1c6c0ad0
JD		 428 (const %ntp-accounts))
429 (service-extension activation-service-type
3f0de257
LC		 430 ntp-service-activation)))
431 (description
432 "Run the @command{ntpd}, the Network Time Protocol (NTP)
433daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
434will keep the system clock synchronized with that of the given servers.")))
0adfe95a
LC		 435
436(define* (ntp-service #:key (ntp ntp)
dc0322b5
LC		 437 (servers %ntp-servers)
438 allow-large-adjustment?)
0adfe95a
LC		 439 "Return a service that runs the daemon from @var{ntp}, the
440@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 441keep the system clock synchronized with that of @var{servers}.
442@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
443make an initial adjustment of more than 1,000 seconds."
0adfe95a 444 (service ntp-service-type
dc0322b5
LC		 445 (ntp-configuration (ntp ntp)
446 (servers servers)
447 (allow-large-adjustment?
448 allow-large-adjustment?))))
0adfe95a
LC		 449
450\f
9260b9d1
TD		 451;;;
452;;; Inetd.
453;;;
454
455(define-record-type* <inetd-configuration> inetd-configuration
456 make-inetd-configuration
457 inetd-configuration?
458 (program inetd-configuration-program ;file-like
459 (default (file-append inetutils "/libexec/inetd")))
460 (entries inetd-configuration-entries ;list of <inetd-entry>
461 (default '())))
462
463(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
464 inetd-entry?
465 (node inetd-entry-node ;string or #f
466 (default #f))
467 (name inetd-entry-name) ;string, from /etc/services
468
469 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
470 ;rdm | seqpacket
471 (protocol inetd-entry-protocol) ;string, from /etc/protocols
472
473 (wait? inetd-entry-wait? ;Boolean
474 (default #t))
475 (user inetd-entry-user) ;string
476
477 (program inetd-entry-program ;string or file-like object
478 (default "internal"))
479 (arguments inetd-entry-arguments ;list of strings or file-like objects
480 (default '())))
481
482(define (inetd-config-file entries)
483 (apply mixed-text-file "inetd.conf"
484 (map
485 (lambda (entry)
486 (let* ((node (inetd-entry-node entry))
487 (name (inetd-entry-name entry))
488 (socket
489 (if node (string-append node ":" name) name))
490 (type
491 (match (inetd-entry-socket-type entry)
492 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
493 (symbol->string (inetd-entry-socket-type entry)))))
494 (protocol (inetd-entry-protocol entry))
495 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
496 (user (inetd-entry-user entry))
497 (program (inetd-entry-program entry))
498 (args (inetd-entry-arguments entry)))
499 #~(string-append
500 (string-join
501 (list #$@(list socket type protocol wait user program) #$@args)
502 " ") "\n")))
503 entries)))
504
505(define inetd-shepherd-service
506 (match-lambda
507 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
508 (($ <inetd-configuration> program entries)
509 (list
510 (shepherd-service
511 (documentation "Run inetd.")
512 (provision '(inetd))
513 (requirement '(user-processes networking syslogd))
514 (start #~(make-forkexec-constructor
515 (list #$program #$(inetd-config-file entries))
516 #:pid-file "/var/run/inetd.pid"))
517 (stop #~(make-kill-destructor)))))))
518
519(define-public inetd-service-type
520 (service-type
521 (name 'inetd)
522 (extensions
523 (list (service-extension shepherd-root-service-type
524 inetd-shepherd-service)))
525
526 ;; The service can be extended with additional lists of entries.
527 (compose concatenate)
528 (extend (lambda (config entries)
529 (inetd-configuration
530 (inherit config)
531 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 532 entries)))))
533 (description
534 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
535for listening on Internet sockets and spawning the corresponding services on
536demand.")))
9260b9d1
TD		 537
538\f
0adfe95a
LC		 539;;;
540;;; Tor.
541;;;
542
6331bde7
LC		 543(define-record-type* <tor-configuration>
544 tor-configuration make-tor-configuration
545 tor-configuration?
546 (tor tor-configuration-tor
547 (default tor))
3d3c5650
LC		 548 (config-file tor-configuration-config-file
549 (default (plain-file "empty" "")))
6331bde7
LC		 550 (hidden-services tor-configuration-hidden-services
551 (default '())))
552
0adfe95a
LC		 553(define %tor-accounts
554 ;; User account and groups for Tor.
555 (list (user-group (name "tor") (system? #t))
556 (user-account
557 (name "tor")
558 (group "tor")
559 (system? #t)
560 (comment "Tor daemon user")
561 (home-directory "/var/empty")
9e41130b 562 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 563
6331bde7
LC		 564(define-record-type <hidden-service>
565 (hidden-service name mapping)
566 hidden-service?
567 (name hidden-service-name) ;string
568 (mapping hidden-service-mapping)) ;list of port/address tuples
569
570(define (tor-configuration->torrc config)
571 "Return a 'torrc' file for CONFIG."
572 (match config
573 (($ <tor-configuration> tor config-file services)
574 (computed-file
575 "torrc"
4ee96a79
LC		 576 (with-imported-modules '((guix build utils))
577 #~(begin
578 (use-modules (guix build utils)
579 (ice-9 match))
580
581 (call-with-output-file #$output
582 (lambda (port)
583 (display "\
6331bde7 584# The beginning was automatically added.
5ee35eb7 585User tor
6629099a 586DataDirectory /var/lib/tor
5ee35eb7 587Log notice syslog\n" port)
6331bde7 588
4ee96a79
LC		 589 (for-each (match-lambda
590 ((service (ports hosts) ...)
591 (format port "\
6629099a 592HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 593 service)
594 (for-each (lambda (tcp-port host)
595 (format port "\
6331bde7 596HiddenServicePort ~a ~a~%"
4ee96a79
LC		 597 tcp-port host))
598 ports hosts)))
599 '#$(map (match-lambda
600 (($ <hidden-service> name mapping)
601 (cons name mapping)))
602 services))
603
604 ;; Append the user's config file.
605 (call-with-input-file #$config-file
606 (lambda (input)
607 (dump-port input port)))
608 #t))))))))
6331bde7 609
d4053c71
AK		 610(define (tor-shepherd-service config)
611 "Return a <shepherd-service> running TOR."
375c6108 612 (match config
6331bde7
LC		 613 (($ <tor-configuration> tor)
614 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 615 (with-imported-modules (source-module-closure
616 '((gnu build shepherd)
617 (gnu system file-systems)))
618 (list (shepherd-service
619 (provision '(tor))
620
621 ;; Tor needs at least one network interface to be up, hence the
622 ;; dependency on 'loopback'.
623 (requirement '(user-processes loopback syslogd))
624
625 (modules '((gnu build shepherd)
626 (gnu system file-systems)))
627
628 (start #~(make-forkexec-constructor/container
629 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
630
631 #:mappings (list (file-system-mapping
632 (source "/var/lib/tor")
633 (target source)
634 (writable? #t))
635 (file-system-mapping
636 (source "/dev/log") ;for syslog
637 (target source)))))
638 (stop #~(make-kill-destructor))
639 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 640
6331bde7
LC		 641(define (tor-hidden-service-activation config)
642 "Return the activation gexp for SERVICES, a list of hidden services."
643 #~(begin
644 (use-modules (guix build utils))
645
6629099a
LC		 646 (define %user
647 (getpw "tor"))
648
6331bde7 649 (define (initialize service)
6629099a
LC		 650 (let ((directory (string-append "/var/lib/tor/hidden-services/"
651 service)))
6331bde7 652 (mkdir-p directory)
6629099a 653 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 654
655 ;; The daemon bails out if we give wider permissions.
656 (chmod directory #o700)))
657
6629099a
LC		 658 (mkdir-p "/var/lib/tor")
659 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
660 (chmod "/var/lib/tor" #o700)
661
ba9f0db0
LC		 662 ;; Make sure /var/lib is accessible to the 'tor' user.
663 (chmod "/var/lib" #o755)
664
6331bde7
LC		 665 (for-each initialize
666 '#$(map hidden-service-name
667 (tor-configuration-hidden-services config)))))
668
0adfe95a
LC		 669(define tor-service-type
670 (service-type (name 'tor)
671 (extensions
d4053c71
AK		 672 (list (service-extension shepherd-root-service-type
673 tor-shepherd-service)
0adfe95a 674 (service-extension account-service-type
6331bde7
LC		 675 (const %tor-accounts))
676 (service-extension activation-service-type
677 tor-hidden-service-activation)))
678
679 ;; This can be extended with hidden services.
680 (compose concatenate)
681 (extend (lambda (config services)
682 (tor-configuration
683 (inherit config)
684 (hidden-services
685 (append (tor-configuration-hidden-services config)
3d3c5650 686 services)))))
3f0de257
LC		 687 (default-value (tor-configuration))
688 (description
689 "Run the @uref{https://torproject.org, Tor} anonymous
690networking daemon.")))
63854bcb 691
375c6108
LC		 692(define* (tor-service #:optional
693 (config-file (plain-file "empty" ""))
694 #:key (tor tor))
695 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
696networking daemon.
927097ef 697
375c6108 698The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 699@var{config-file}, a file-like object, with an additional @code{User tor} line
700and lines for hidden services added via @code{tor-hidden-service}. Run
701@command{man tor} for information about the configuration file."
702 (service tor-service-type
703 (tor-configuration (tor tor)
704 (config-file config-file))))
705
706(define tor-hidden-service-type
707 ;; A type that extends Tor with hidden services.
708 (service-type (name 'tor-hidden-service)
709 (extensions
3f0de257
LC		 710 (list (service-extension tor-service-type list)))
711 (description
712 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 713
714(define (tor-hidden-service name mapping)
715 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
716@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
717
718@example
719 '((22 \"127.0.0.1:22\")
720 (80 \"127.0.0.1:8080\"))
721@end example
722
723In this example, port 22 of the hidden service is mapped to local port 22, and
724port 80 is mapped to local port 8080.
725
6629099a
LC		 726This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
727the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 728service.
729
730See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
731project's documentation} for more information."
732 (service tor-hidden-service-type
733 (hidden-service name mapping)))
0adfe95a
LC		 734
735\f
736;;;
737;;; BitlBee.
738;;;
739
740(define-record-type* <bitlbee-configuration>
741 bitlbee-configuration make-bitlbee-configuration
742 bitlbee-configuration?
743 (bitlbee bitlbee-configuration-bitlbee
744 (default bitlbee))
3d3c5650
LC		 745 (interface bitlbee-configuration-interface
746 (default "127.0.0.1"))
747 (port bitlbee-configuration-port
748 (default 6667))
749 (extra-settings bitlbee-configuration-extra-settings
750 (default "")))
0adfe95a 751
d4053c71 752(define bitlbee-shepherd-service
0adfe95a
LC		 753 (match-lambda
754 (($ <bitlbee-configuration> bitlbee interface port extra-settings)
755 (let ((conf (plain-file "bitlbee.conf"
756 (string-append "
757 [settings]
758 User = bitlbee
759 ConfigDir = /var/lib/bitlbee
760 DaemonInterface = " interface "
761 DaemonPort = " (number->string port) "
762" extra-settings))))
763
a062b6ca
LC		 764 (with-imported-modules (source-module-closure
765 '((gnu build shepherd)
766 (gnu system file-systems)))
767 (list (shepherd-service
768 (provision '(bitlbee))
769
770 ;; Note: If networking is not up, then /etc/resolv.conf
771 ;; doesn't get mapped in the container, hence the dependency
772 ;; on 'networking'.
773 (requirement '(user-processes networking))
774
775 (modules '((gnu build shepherd)
776 (gnu system file-systems)))
777 (start #~(make-forkexec-constructor/container
778 (list #$(file-append bitlbee "/sbin/bitlbee")
779 "-n" "-F" "-u" "bitlbee" "-c" #$conf)
780
781 #:pid-file "/var/run/bitlbee.pid"
782 #:mappings (list (file-system-mapping
783 (source "/var/lib/bitlbee")
784 (target source)
785 (writable? #t)))))
786 (stop #~(make-kill-destructor)))))))))
0adfe95a
LC		 787
788(define %bitlbee-accounts
789 ;; User group and account to run BitlBee.
790 (list (user-group (name "bitlbee") (system? #t))
791 (user-account
792 (name "bitlbee")
793 (group "bitlbee")
794 (system? #t)
795 (comment "BitlBee daemon user")
796 (home-directory "/var/empty")
9e41130b 797 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a
LC		 798
799(define %bitlbee-activation
800 ;; Activation gexp for BitlBee.
801 #~(begin
802 (use-modules (guix build utils))
803
804 ;; This directory is used to store OTR data.
805 (mkdir-p "/var/lib/bitlbee")
806 (let ((user (getpwnam "bitlbee")))
807 (chown "/var/lib/bitlbee"
808 (passwd:uid user) (passwd:gid user)))))
809
810(define bitlbee-service-type
811 (service-type (name 'bitlbee)
812 (extensions
d4053c71
AK		 813 (list (service-extension shepherd-root-service-type
814 bitlbee-shepherd-service)
0adfe95a
LC		 815 (service-extension account-service-type
816 (const %bitlbee-accounts))
817 (service-extension activation-service-type
3d3c5650 818 (const %bitlbee-activation))))
3f0de257
LC		 819 (default-value (bitlbee-configuration))
820 (description
821 "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as
822a gateway between IRC and chat networks.")))
927097ef 823
4627a464
LC		 824(define* (bitlbee-service #:key (bitlbee bitlbee)
825 (interface "127.0.0.1") (port 6667)
826 (extra-settings ""))
827 "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
828acts as a gateway between IRC and chat networks.
829
830The daemon will listen to the interface corresponding to the IP address
831specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only
832local clients can connect, whereas @code{0.0.0.0} means that connections can
833come from any networking interface.
834
835In addition, @var{extra-settings} specifies a string to append to the
836configuration file."
0adfe95a
LC		 837 (service bitlbee-service-type
838 (bitlbee-configuration
839 (bitlbee bitlbee)
840 (interface interface) (port port)
841 (extra-settings extra-settings))))
842
843\f
844;;;
845;;; Wicd.
846;;;
847
848(define %wicd-activation
849 ;; Activation gexp for Wicd.
850 #~(begin
851 (use-modules (guix build utils))
852
853 (mkdir-p "/etc/wicd")
854 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
855 (unless (file-exists? file-name)
856 (copy-file (string-append #$wicd file-name)
69323016
LC		 857 file-name)))
858
859 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
860 ;; named socket files.
861 (mkdir-p "/var/run/wpa_supplicant")
862 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 863
d4053c71
AK		 864(define (wicd-shepherd-service wicd)
865 "Return a shepherd service for WICD."
866 (list (shepherd-service
0adfe95a
LC		 867 (documentation "Run the Wicd network manager.")
868 (provision '(networking))
869 (requirement '(user-processes dbus-system loopback))
870 (start #~(make-forkexec-constructor
871 (list (string-append #$wicd "/sbin/wicd")
872 "--no-daemon")))
873 (stop #~(make-kill-destructor)))))
874
875(define wicd-service-type
876 (service-type (name 'wicd)
877 (extensions
d4053c71
AK		 878 (list (service-extension shepherd-root-service-type
879 wicd-shepherd-service)
0adfe95a
LC		 880 (service-extension dbus-root-service-type
881 list)
882 (service-extension activation-service-type
87f40011
LC		 883 (const %wicd-activation))
884
885 ;; Add Wicd to the global profile.
3f0de257
LC		 886 (service-extension profile-service-type list)))
887 (description
888 "Run @url{https://launchpad.net/wicd,Wicd}, a network
889management daemon that aims to simplify wired and wireless networking.")))
4627a464 890
b7d0c494
MW		 891(define* (wicd-service #:key (wicd wicd))
892 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 893management daemon that aims to simplify wired and wireless networking.
894
895This service adds the @var{wicd} package to the global profile, providing
896several commands to interact with the daemon and configure networking:
897@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
898and @command{wicd-curses} user interfaces."
0adfe95a 899 (service wicd-service-type wicd))
b7d0c494 900
7234ad4f
SB		 901\f
902;;;
903;;; NetworkManager
904;;;
905
b726096b
CB		 906(define-record-type* <network-manager-configuration>
907 network-manager-configuration make-network-manager-configuration
908 network-manager-configuration?
909 (network-manager network-manager-configuration-network-manager
910 (default network-manager))
911 (dns network-manager-configuration-dns
94d2a250
LC		 912 (default "default"))
913 (vpn-plugins network-manager-vpn-plugins ;list of <package>
914 (default '())))
b726096b 915
7234ad4f
SB		 916(define %network-manager-activation
917 ;; Activation gexp for NetworkManager.
918 #~(begin
919 (use-modules (guix build utils))
920 (mkdir-p "/etc/NetworkManager/system-connections")))
921
94d2a250
LC		 922(define (vpn-plugin-directory plugins)
923 "Return a directory containing PLUGINS, the NM VPN plugins."
924 (directory-union "network-manager-vpn-plugins" plugins))
925
926(define network-manager-environment
927 (match-lambda
928 (($ <network-manager-configuration> network-manager dns vpn-plugins)
929 ;; Define this variable in the global environment such that
930 ;; "nmcli connection import type openvpn file foo.ovpn" works.
931 `(("NM_VPN_PLUGIN_DIR"
932 . ,(file-append (vpn-plugin-directory vpn-plugins)
933 "/lib/NetworkManager/VPN"))))))
934
b726096b
CB		 935(define network-manager-shepherd-service
936 (match-lambda
94d2a250
LC		 937 (($ <network-manager-configuration> network-manager dns vpn-plugins)
938 (let ((conf (plain-file "NetworkManager.conf"
939 (string-append "[main]\ndns=" dns "\n")))
940 (vpn (vpn-plugin-directory vpn-plugins)))
941 (list (shepherd-service
942 (documentation "Run the NetworkManager.")
943 (provision '(networking))
944 (requirement '(user-processes dbus-system wpa-supplicant loopback))
945 (start #~(make-forkexec-constructor
946 (list (string-append #$network-manager
947 "/sbin/NetworkManager")
948 (string-append "--config=" #$conf)
949 "--no-daemon")
950 #:environment-variables
951 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
952 "/lib/NetworkManager/VPN"))))
953 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 954
955(define network-manager-service-type
b726096b
CB		 956 (let
957 ((config->package
958 (match-lambda
959 (($ <network-manager-configuration> network-manager)
960 (list network-manager)))))
961
962 (service-type
963 (name 'network-manager)
964 (extensions
965 (list (service-extension shepherd-root-service-type
966 network-manager-shepherd-service)
967 (service-extension dbus-root-service-type config->package)
968 (service-extension polkit-service-type config->package)
969 (service-extension activation-service-type
970 (const %network-manager-activation))
94d2a250
LC		 971 (service-extension session-environment-service-type
972 network-manager-environment)
b726096b 973 ;; Add network-manager to the system profile.
44fa0dbe 974 (service-extension profile-service-type config->package)))
3f0de257
LC		 975 (default-value (network-manager-configuration))
976 (description
977 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
978NetworkManager}, a network management daemon that aims to simplify wired and
979wireless networking."))))
7234ad4f 980
76192896
EF		 981\f
982;;;
983;;; Connman
984;;;
985
34d60c49
MO		 986(define-record-type* <connman-configuration>
987 connman-configuration make-connman-configuration
988 connman-configuration?
989 (connman connman-configuration-connman
990 (default connman))
991 (disable-vpn? connman-configuration-disable-vpn?
992 (default #f)))
993
994(define (connman-activation config)
995 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
996 (with-imported-modules '((guix build utils))
997 #~(begin
998 (use-modules (guix build utils))
999 (mkdir-p "/var/lib/connman/")
1000 (unless #$disable-vpn?
1001 (mkdir-p "/var/lib/connman-vpn/"))))))
1002
1003(define (connman-shepherd-service config)
76192896 1004 "Return a shepherd service for Connman"
34d60c49
MO		 1005 (and
1006 (connman-configuration? config)
1007 (let ((connman (connman-configuration-connman config))
1008 (disable-vpn? (connman-configuration-disable-vpn? config)))
1009 (list (shepherd-service
1010 (documentation "Run Connman")
1011 (provision '(networking))
1012 (requirement
1013 '(user-processes dbus-system loopback wpa-supplicant))
1014 (start #~(make-forkexec-constructor
1015 (list (string-append #$connman
1016 "/sbin/connmand")
1017 "-n" "-r"
1018 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
1019 (stop #~(make-kill-destructor)))))))
76192896
EF		 1020
1021(define connman-service-type
34d60c49
MO		 1022 (let ((connman-package (compose list connman-configuration-connman)))
1023 (service-type (name 'connman)
1024 (extensions
1025 (list (service-extension shepherd-root-service-type
1026 connman-shepherd-service)
1027 (service-extension dbus-root-service-type
1028 connman-package)
1029 (service-extension activation-service-type
1030 connman-activation)
1031 ;; Add connman to the system profile.
1032 (service-extension profile-service-type
3f0de257
LC		 1033 connman-package)))
1034 (description
1035 "Run @url{https://01.org/connman,Connman},
1036a network connection manager."))))
2cccbc2a
 1037
1038\f
1039;;;
1040;;; WPA supplicant
1041;;;
1042
1043
1044(define (wpa-supplicant-shepherd-service wpa-supplicant)
1045 "Return a shepherd service for wpa_supplicant"
1046 (list (shepherd-service
1047 (documentation "Run WPA supplicant with dbus interface")
1048 (provision '(wpa-supplicant))
1049 (requirement '(user-processes dbus-system loopback))
1050 (start #~(make-forkexec-constructor
1051 (list (string-append #$wpa-supplicant
1052 "/sbin/wpa_supplicant")
1053 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1054 #:pid-file "/var/run/wpa_supplicant.pid"))
1055 (stop #~(make-kill-destructor)))))
1056
1057(define wpa-supplicant-service-type
1058 (service-type (name 'wpa-supplicant)
1059 (extensions
1060 (list (service-extension shepherd-root-service-type
1061 wpa-supplicant-shepherd-service)
1062 (service-extension dbus-root-service-type list)
3d3c5650
LC		 1063 (service-extension profile-service-type list)))
1064 (default-value wpa-supplicant)))
2cccbc2a 1065
c32d02fe
SB		 1066\f
1067;;;
1068;;; Open vSwitch
1069;;;
1070
1071(define-record-type* <openvswitch-configuration>
1072 openvswitch-configuration make-openvswitch-configuration
1073 openvswitch-configuration?
1074 (package openvswitch-configuration-package
1075 (default openvswitch)))
1076
1077(define openvswitch-activation
1078 (match-lambda
1079 (($ <openvswitch-configuration> package)
1080 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1081 (with-imported-modules '((guix build utils))
1082 #~(begin
1083 (use-modules (guix build utils))
1084 (mkdir-p "/var/run/openvswitch")
1085 (mkdir-p "/var/lib/openvswitch")
1086 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1087 (unless (file-exists? conf.db)
1088 (system* #$ovsdb-tool "create" conf.db)))))))))
1089
1090(define openvswitch-shepherd-service
1091 (match-lambda
1092 (($ <openvswitch-configuration> package)
1093 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1094 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1095 (list
1096 (shepherd-service
1097 (provision '(ovsdb))
1098 (documentation "Run the Open vSwitch database server.")
1099 (start #~(make-forkexec-constructor
1100 (list #$ovsdb-server "--pidfile"
1101 "--remote=punix:/var/run/openvswitch/db.sock")
1102 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1103 (stop #~(make-kill-destructor)))
1104 (shepherd-service
1105 (provision '(vswitchd))
1106 (requirement '(ovsdb))
1107 (documentation "Run the Open vSwitch daemon.")
1108 (start #~(make-forkexec-constructor
1109 (list #$ovs-vswitchd "--pidfile")
1110 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1111 (stop #~(make-kill-destructor))))))))
1112
1113(define openvswitch-service-type
1114 (service-type
1115 (name 'openvswitch)
1116 (extensions
1117 (list (service-extension activation-service-type
1118 openvswitch-activation)
1119 (service-extension profile-service-type
1120 (compose list openvswitch-configuration-package))
1121 (service-extension shepherd-root-service-type
3f0de257
LC		 1122 openvswitch-shepherd-service)))
1123 (description
1124 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1125switch designed to enable massive network automation through programmatic
1126extension.")))
c32d02fe 1127
db4fdc04 1128;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/