Commit | Line | Data |
---|---|---|
db4fdc04 | 1 | ;;; GNU Guix --- Functional package management for GNU |
69323016 | 2 | ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> |
b7d0c494 | 3 | ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> |
76192896 | 4 | ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> |
1c6c0ad0 | 5 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
e57bd0be | 6 | ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> |
9260b9d1 | 7 | ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> |
db4fdc04 LC |
8 | ;;; |
9 | ;;; This file is part of GNU Guix. | |
10 | ;;; | |
11 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
12 | ;;; under the terms of the GNU General Public License as published by | |
13 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
14 | ;;; your option) any later version. | |
15 | ;;; | |
16 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
17 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ;;; GNU General Public License for more details. | |
20 | ;;; | |
21 | ;;; You should have received a copy of the GNU General Public License | |
22 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
23 | ||
24 | (define-module (gnu services networking) | |
25 | #:use-module (gnu services) | |
0190c1c0 | 26 | #:use-module (gnu services shepherd) |
0adfe95a | 27 | #:use-module (gnu services dbus) |
927097ef | 28 | #:use-module (gnu system shadow) |
6e828634 | 29 | #:use-module (gnu system pam) |
db4fdc04 | 30 | #:use-module (gnu packages admin) |
76192896 | 31 | #:use-module (gnu packages connman) |
db4fdc04 | 32 | #:use-module (gnu packages linux) |
927097ef | 33 | #:use-module (gnu packages tor) |
4627a464 | 34 | #:use-module (gnu packages messaging) |
c32d02fe | 35 | #:use-module (gnu packages networking) |
63854bcb | 36 | #:use-module (gnu packages ntp) |
b7d0c494 | 37 | #:use-module (gnu packages wicd) |
7234ad4f | 38 | #:use-module (gnu packages gnome) |
b5f4e686 | 39 | #:use-module (guix gexp) |
0adfe95a | 40 | #:use-module (guix records) |
a062b6ca | 41 | #:use-module (guix modules) |
6331bde7 LC |
42 | #:use-module (srfi srfi-1) |
43 | #:use-module (srfi srfi-9) | |
63854bcb | 44 | #:use-module (srfi srfi-26) |
0adfe95a | 45 | #:use-module (ice-9 match) |
fa0c1d61 | 46 | #:export (%facebook-host-aliases |
24e96431 | 47 | static-networking |
8de3e4b3 LC |
48 | |
49 | static-networking? | |
50 | static-networking-interface | |
51 | static-networking-ip | |
52 | static-networking-netmask | |
53 | static-networking-gateway | |
54 | ||
fa0c1d61 | 55 | static-networking-service |
24e96431 | 56 | static-networking-service-type |
a023cca8 | 57 | dhcp-client-service |
63854bcb | 58 | %ntp-servers |
24e96431 TČ |
59 | |
60 | ntp-configuration | |
61 | ntp-configuration? | |
63854bcb | 62 | ntp-service |
24e96431 TČ |
63 | ntp-service-type |
64 | ||
9260b9d1 TD |
65 | inetd-configuration |
66 | inetd-entry | |
67 | inetd-service-type | |
68 | ||
24e96431 TČ |
69 | tor-configuration |
70 | tor-configuration? | |
6331bde7 | 71 | tor-hidden-service |
4627a464 | 72 | tor-service |
24e96431 TČ |
73 | tor-service-type |
74 | ||
75 | bitlbee-configuration | |
76 | bitlbee-configuration? | |
b7d0c494 | 77 | bitlbee-service |
24e96431 TČ |
78 | bitlbee-service-type |
79 | ||
e48fcd7b | 80 | wicd-service-type |
7234ad4f | 81 | wicd-service |
b726096b CB |
82 | |
83 | network-manager-configuration | |
84 | network-manager-configuration? | |
85 | network-manager-configuration-dns | |
86 | network-manager-service-type | |
87 | ||
34d60c49 MO |
88 | connman-configuration |
89 | connman-configuration? | |
90 | connman-service-type | |
91 | ||
c32d02fe SB |
92 | wpa-supplicant-service-type |
93 | ||
94 | openvswitch-service-type | |
95 | openvswitch-configuration)) | |
db4fdc04 LC |
96 | |
97 | ;;; Commentary: | |
98 | ;;; | |
99 | ;;; Networking services. | |
100 | ;;; | |
101 | ;;; Code: | |
102 | ||
fa0c1d61 LC |
103 | (define %facebook-host-aliases |
104 | ;; This is the list of known Facebook hosts to be added to /etc/hosts if you | |
105 | ;; are to block it. | |
106 | "\ | |
107 | # Block Facebook IPv4. | |
108 | 127.0.0.1 www.facebook.com | |
109 | 127.0.0.1 facebook.com | |
110 | 127.0.0.1 login.facebook.com | |
111 | 127.0.0.1 www.login.facebook.com | |
112 | 127.0.0.1 fbcdn.net | |
113 | 127.0.0.1 www.fbcdn.net | |
114 | 127.0.0.1 fbcdn.com | |
115 | 127.0.0.1 www.fbcdn.com | |
116 | 127.0.0.1 static.ak.fbcdn.net | |
117 | 127.0.0.1 static.ak.connect.facebook.com | |
118 | 127.0.0.1 connect.facebook.net | |
119 | 127.0.0.1 www.connect.facebook.net | |
120 | 127.0.0.1 apps.facebook.com | |
121 | ||
122 | # Block Facebook IPv6. | |
123 | fe80::1%lo0 facebook.com | |
124 | fe80::1%lo0 login.facebook.com | |
125 | fe80::1%lo0 www.login.facebook.com | |
126 | fe80::1%lo0 fbcdn.net | |
127 | fe80::1%lo0 www.fbcdn.net | |
128 | fe80::1%lo0 fbcdn.com | |
129 | fe80::1%lo0 www.fbcdn.com | |
130 | fe80::1%lo0 static.ak.fbcdn.net | |
131 | fe80::1%lo0 static.ak.connect.facebook.com | |
132 | fe80::1%lo0 connect.facebook.net | |
133 | fe80::1%lo0 www.connect.facebook.net | |
134 | fe80::1%lo0 apps.facebook.com\n") | |
135 | ||
136 | ||
0adfe95a LC |
137 | (define-record-type* <static-networking> |
138 | static-networking make-static-networking | |
139 | static-networking? | |
140 | (interface static-networking-interface) | |
141 | (ip static-networking-ip) | |
1f9803c2 LC |
142 | (netmask static-networking-netmask |
143 | (default #f)) | |
8de3e4b3 LC |
144 | (gateway static-networking-gateway ;FIXME: doesn't belong here |
145 | (default #f)) | |
146 | (provision static-networking-provision | |
147 | (default #f)) | |
148 | (name-servers static-networking-name-servers ;FIXME: doesn't belong here | |
149 | (default '()))) | |
150 | ||
151 | (define static-networking-shepherd-service | |
152 | (match-lambda | |
153 | (($ <static-networking> interface ip netmask gateway provision | |
154 | name-servers) | |
155 | (let ((loopback? (and provision (memq 'loopback provision)))) | |
156 | (shepherd-service | |
157 | ||
158 | ;; Unless we're providing the loopback interface, wait for udev to be up | |
159 | ;; and running so that INTERFACE is actually usable. | |
160 | (requirement (if loopback? '() '(udev))) | |
161 | ||
162 | (documentation | |
163 | "Bring up the networking interface using a static IP address.") | |
164 | (provision (or provision | |
165 | (list (symbol-append 'networking- | |
166 | (string->symbol interface))))) | |
167 | ||
168 | (start #~(lambda _ | |
169 | ;; Return #t if successfully started. | |
170 | (let* ((addr (inet-pton AF_INET #$ip)) | |
171 | (sockaddr (make-socket-address AF_INET addr 0)) | |
172 | (mask (and #$netmask | |
173 | (inet-pton AF_INET #$netmask))) | |
174 | (maskaddr (and mask | |
175 | (make-socket-address AF_INET | |
176 | mask 0))) | |
177 | (gateway (and #$gateway | |
178 | (inet-pton AF_INET #$gateway))) | |
179 | (gatewayaddr (and gateway | |
180 | (make-socket-address AF_INET | |
181 | gateway 0)))) | |
182 | (configure-network-interface #$interface sockaddr | |
183 | (logior IFF_UP | |
184 | #$(if loopback? | |
185 | #~IFF_LOOPBACK | |
186 | 0)) | |
187 | #:netmask maskaddr) | |
188 | (when gateway | |
189 | (let ((sock (socket AF_INET SOCK_DGRAM 0))) | |
190 | (add-network-route/gateway sock gatewayaddr) | |
191 | (close-port sock)))))) | |
192 | (stop #~(lambda _ | |
193 | ;; Return #f is successfully stopped. | |
194 | (let ((sock (socket AF_INET SOCK_STREAM 0))) | |
195 | (when #$gateway | |
196 | (delete-network-route sock | |
197 | (make-socket-address | |
198 | AF_INET INADDR_ANY 0))) | |
199 | (set-network-interface-flags sock #$interface 0) | |
200 | (close-port sock) | |
201 | #f))) | |
202 | (respawn? #f)))))) | |
203 | ||
204 | (define (static-networking-etc-files interfaces) | |
205 | "Return a /etc/resolv.conf entry for INTERFACES or the empty list." | |
206 | (match (delete-duplicates | |
207 | (append-map static-networking-name-servers | |
208 | interfaces)) | |
209 | (() | |
210 | '()) | |
211 | ((name-servers ...) | |
212 | (let ((content (string-join | |
213 | (map (cut string-append "nameserver " <>) | |
214 | name-servers) | |
215 | "\n" 'suffix))) | |
216 | `(("resolv.conf" | |
217 | ,(plain-file "resolv.conf" | |
218 | (string-append "\ | |
219 | # Generated by 'static-networking-service'.\n" | |
220 | content)))))))) | |
221 | ||
222 | (define (static-networking-shepherd-services interfaces) | |
223 | "Return the list of Shepherd services to bring up INTERFACES, a list of | |
224 | <static-networking> objects." | |
225 | (define (loopback? service) | |
226 | (memq 'loopback (shepherd-service-provision service))) | |
227 | ||
228 | (let ((services (map static-networking-shepherd-service interfaces))) | |
229 | (match (remove loopback? services) | |
230 | (() | |
231 | ;; There's no interface other than 'loopback', so we assume that the | |
232 | ;; 'networking' service will be provided by dhclient or similar. | |
233 | services) | |
234 | ((non-loopback ...) | |
235 | ;; Assume we're providing all the interfaces, and thus, provide a | |
236 | ;; 'networking' service. | |
237 | (cons (shepherd-service | |
238 | (provision '(networking)) | |
239 | (requirement (append-map shepherd-service-provision | |
240 | services)) | |
241 | (start #~(const #t)) | |
242 | (stop #~(const #f)) | |
243 | (documentation "Bring up all the networking interfaces.")) | |
244 | services))))) | |
0adfe95a LC |
245 | |
246 | (define static-networking-service-type | |
8de3e4b3 LC |
247 | ;; The service type for statically-defined network interfaces. |
248 | (service-type (name 'static-networking) | |
249 | (extensions | |
250 | (list | |
251 | (service-extension shepherd-root-service-type | |
252 | static-networking-shepherd-services) | |
253 | (service-extension etc-service-type | |
254 | static-networking-etc-files))) | |
255 | (compose concatenate) | |
3f0de257 LC |
256 | (extend append) |
257 | (description | |
258 | "Turn up the specified network interfaces upon startup, | |
259 | with the given IP address, gateway, netmask, and so on. The value for | |
260 | services of this type is a list of @code{static-networking} objects, one per | |
261 | network interface."))) | |
0adfe95a | 262 | |
db4fdc04 LC |
263 | (define* (static-networking-service interface ip |
264 | #:key | |
8de3e4b3 | 265 | netmask gateway provision |
b3131e23 | 266 | (name-servers '())) |
51da7ca0 | 267 | "Return a service that starts @var{interface} with address @var{ip}. If |
1f9803c2 | 268 | @var{netmask} is true, use it as the network mask. If @var{gateway} is true, |
8de3e4b3 LC |
269 | it must be a string specifying the default network gateway. |
270 | ||
271 | This procedure can be called several times, one for each network | |
272 | interface of interest. Behind the scenes what it does is extend | |
273 | @code{static-networking-service-type} with additional network interfaces | |
274 | to handle." | |
275 | (simple-service 'static-network-interface | |
276 | static-networking-service-type | |
277 | (list (static-networking (interface interface) (ip ip) | |
278 | (netmask netmask) (gateway gateway) | |
279 | (provision provision) | |
280 | (name-servers name-servers))))) | |
0adfe95a LC |
281 | |
282 | (define dhcp-client-service-type | |
d4053c71 | 283 | (shepherd-service-type |
00184239 | 284 | 'dhcp-client |
0adfe95a LC |
285 | (lambda (dhcp) |
286 | (define dhclient | |
9e41130b | 287 | (file-append dhcp "/sbin/dhclient")) |
0adfe95a LC |
288 | |
289 | (define pid-file | |
290 | "/var/run/dhclient.pid") | |
291 | ||
d4053c71 | 292 | (shepherd-service |
0adfe95a LC |
293 | (documentation "Set up networking via DHCP.") |
294 | (requirement '(user-processes udev)) | |
295 | ||
296 | ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when | |
297 | ;; networking is unavailable, but also means that the interface is not up | |
298 | ;; yet when 'start' completes. To wait for the interface to be ready, one | |
299 | ;; should instead monitor udev events. | |
300 | (provision '(networking)) | |
301 | ||
302 | (start #~(lambda _ | |
303 | ;; When invoked without any arguments, 'dhclient' discovers all | |
304 | ;; non-loopback interfaces *that are up*. However, the relevant | |
305 | ;; interfaces are typically down at this point. Thus we perform | |
306 | ;; our own interface discovery here. | |
307 | (define valid? | |
308 | (negate loopback-network-interface?)) | |
309 | (define ifaces | |
310 | (filter valid? (all-network-interface-names))) | |
311 | ||
312 | ;; XXX: Make sure the interfaces are up so that 'dhclient' can | |
313 | ;; actually send/receive over them. | |
314 | (for-each set-network-interface-up ifaces) | |
315 | ||
316 | (false-if-exception (delete-file #$pid-file)) | |
317 | (let ((pid (fork+exec-command | |
318 | (cons* #$dhclient "-nw" | |
319 | "-pf" #$pid-file ifaces)))) | |
320 | (and (zero? (cdr (waitpid pid))) | |
321 | (let loop () | |
322 | (catch 'system-error | |
323 | (lambda () | |
324 | (call-with-input-file #$pid-file read)) | |
325 | (lambda args | |
326 | ;; 'dhclient' returned before PID-FILE was created, | |
327 | ;; so try again. | |
328 | (let ((errno (system-error-errno args))) | |
329 | (if (= ENOENT errno) | |
330 | (begin | |
331 | (sleep 1) | |
332 | (loop)) | |
333 | (apply throw args)))))))))) | |
334 | (stop #~(make-kill-destructor)))))) | |
db4fdc04 | 335 | |
a023cca8 LC |
336 | (define* (dhcp-client-service #:key (dhcp isc-dhcp)) |
337 | "Return a service that runs @var{dhcp}, a Dynamic Host Configuration | |
338 | Protocol (DHCP) client, on all the non-loopback network interfaces." | |
0adfe95a | 339 | (service dhcp-client-service-type dhcp)) |
a023cca8 | 340 | |
63854bcb | 341 | (define %ntp-servers |
57f57a7b LF |
342 | ;; Default set of NTP servers. These URLs are managed by the NTP Pool project. |
343 | ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact | |
344 | ;; for this NTP pool "zone". | |
345 | '("0.guix.pool.ntp.org" | |
346 | "1.guix.pool.ntp.org" | |
347 | "2.guix.pool.ntp.org" | |
348 | "3.guix.pool.ntp.org")) | |
63854bcb | 349 | |
0adfe95a LC |
350 | \f |
351 | ;;; | |
352 | ;;; NTP. | |
353 | ;;; | |
354 | ||
355 | ;; TODO: Export. | |
356 | (define-record-type* <ntp-configuration> | |
357 | ntp-configuration make-ntp-configuration | |
358 | ntp-configuration? | |
359 | (ntp ntp-configuration-ntp | |
360 | (default ntp)) | |
dc0322b5 LC |
361 | (servers ntp-configuration-servers) |
362 | (allow-large-adjustment? ntp-allow-large-adjustment? | |
363 | (default #f))) | |
0adfe95a | 364 | |
d4053c71 | 365 | (define ntp-shepherd-service |
0adfe95a | 366 | (match-lambda |
dc0322b5 | 367 | (($ <ntp-configuration> ntp servers allow-large-adjustment?) |
0adfe95a LC |
368 | (let () |
369 | ;; TODO: Add authentication support. | |
370 | (define config | |
1c6c0ad0 | 371 | (string-append "driftfile /var/run/ntpd/ntp.drift\n" |
0adfe95a LC |
372 | (string-join (map (cut string-append "server " <>) |
373 | servers) | |
374 | "\n") | |
375 | " | |
63854bcb LC |
376 | # Disable status queries as a workaround for CVE-2013-5211: |
377 | # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. | |
378 | restrict default kod nomodify notrap nopeer noquery | |
379 | restrict -6 default kod nomodify notrap nopeer noquery | |
380 | ||
381 | # Yet, allow use of the local 'ntpq'. | |
382 | restrict 127.0.0.1 | |
383 | restrict -6 ::1\n")) | |
384 | ||
0adfe95a LC |
385 | (define ntpd.conf |
386 | (plain-file "ntpd.conf" config)) | |
387 | ||
d4053c71 | 388 | (list (shepherd-service |
0adfe95a LC |
389 | (provision '(ntpd)) |
390 | (documentation "Run the Network Time Protocol (NTP) daemon.") | |
391 | (requirement '(user-processes networking)) | |
392 | (start #~(make-forkexec-constructor | |
393 | (list (string-append #$ntp "/bin/ntpd") "-n" | |
dc0322b5 LC |
394 | "-c" #$ntpd.conf "-u" "ntpd" |
395 | #$@(if allow-large-adjustment? | |
396 | '("-g") | |
397 | '())))) | |
0adfe95a LC |
398 | (stop #~(make-kill-destructor)))))))) |
399 | ||
400 | (define %ntp-accounts | |
401 | (list (user-account | |
402 | (name "ntpd") | |
403 | (group "nogroup") | |
404 | (system? #t) | |
405 | (comment "NTP daemon user") | |
406 | (home-directory "/var/empty") | |
9e41130b | 407 | (shell (file-append shadow "/sbin/nologin"))))) |
0adfe95a | 408 | |
1c6c0ad0 JD |
409 | |
410 | (define (ntp-service-activation config) | |
411 | "Return the activation gexp for CONFIG." | |
412 | (with-imported-modules '((guix build utils)) | |
413 | #~(begin | |
e57bd0be | 414 | (use-modules (guix build utils)) |
1c6c0ad0 JD |
415 | (define %user |
416 | (getpw "ntpd")) | |
417 | ||
418 | (let ((directory "/var/run/ntpd")) | |
419 | (mkdir-p directory) | |
420 | (chown directory (passwd:uid %user) (passwd:gid %user)))))) | |
421 | ||
0adfe95a LC |
422 | (define ntp-service-type |
423 | (service-type (name 'ntp) | |
424 | (extensions | |
d4053c71 AK |
425 | (list (service-extension shepherd-root-service-type |
426 | ntp-shepherd-service) | |
0adfe95a | 427 | (service-extension account-service-type |
1c6c0ad0 JD |
428 | (const %ntp-accounts)) |
429 | (service-extension activation-service-type | |
3f0de257 LC |
430 | ntp-service-activation))) |
431 | (description | |
432 | "Run the @command{ntpd}, the Network Time Protocol (NTP) | |
433 | daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon | |
434 | will keep the system clock synchronized with that of the given servers."))) | |
0adfe95a LC |
435 | |
436 | (define* (ntp-service #:key (ntp ntp) | |
dc0322b5 LC |
437 | (servers %ntp-servers) |
438 | allow-large-adjustment?) | |
0adfe95a LC |
439 | "Return a service that runs the daemon from @var{ntp}, the |
440 | @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will | |
dc0322b5 LC |
441 | keep the system clock synchronized with that of @var{servers}. |
442 | @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to | |
443 | make an initial adjustment of more than 1,000 seconds." | |
0adfe95a | 444 | (service ntp-service-type |
dc0322b5 LC |
445 | (ntp-configuration (ntp ntp) |
446 | (servers servers) | |
447 | (allow-large-adjustment? | |
448 | allow-large-adjustment?)))) | |
0adfe95a LC |
449 | |
450 | \f | |
9260b9d1 TD |
451 | ;;; |
452 | ;;; Inetd. | |
453 | ;;; | |
454 | ||
455 | (define-record-type* <inetd-configuration> inetd-configuration | |
456 | make-inetd-configuration | |
457 | inetd-configuration? | |
458 | (program inetd-configuration-program ;file-like | |
459 | (default (file-append inetutils "/libexec/inetd"))) | |
460 | (entries inetd-configuration-entries ;list of <inetd-entry> | |
461 | (default '()))) | |
462 | ||
463 | (define-record-type* <inetd-entry> inetd-entry make-inetd-entry | |
464 | inetd-entry? | |
465 | (node inetd-entry-node ;string or #f | |
466 | (default #f)) | |
467 | (name inetd-entry-name) ;string, from /etc/services | |
468 | ||
469 | (socket-type inetd-entry-socket-type) ;stream | dgram | raw | | |
470 | ;rdm | seqpacket | |
471 | (protocol inetd-entry-protocol) ;string, from /etc/protocols | |
472 | ||
473 | (wait? inetd-entry-wait? ;Boolean | |
474 | (default #t)) | |
475 | (user inetd-entry-user) ;string | |
476 | ||
477 | (program inetd-entry-program ;string or file-like object | |
478 | (default "internal")) | |
479 | (arguments inetd-entry-arguments ;list of strings or file-like objects | |
480 | (default '()))) | |
481 | ||
482 | (define (inetd-config-file entries) | |
483 | (apply mixed-text-file "inetd.conf" | |
484 | (map | |
485 | (lambda (entry) | |
486 | (let* ((node (inetd-entry-node entry)) | |
487 | (name (inetd-entry-name entry)) | |
488 | (socket | |
489 | (if node (string-append node ":" name) name)) | |
490 | (type | |
491 | (match (inetd-entry-socket-type entry) | |
492 | ((or 'stream 'dgram 'raw 'rdm 'seqpacket) | |
493 | (symbol->string (inetd-entry-socket-type entry))))) | |
494 | (protocol (inetd-entry-protocol entry)) | |
495 | (wait (if (inetd-entry-wait? entry) "wait" "nowait")) | |
496 | (user (inetd-entry-user entry)) | |
497 | (program (inetd-entry-program entry)) | |
498 | (args (inetd-entry-arguments entry))) | |
499 | #~(string-append | |
500 | (string-join | |
501 | (list #$@(list socket type protocol wait user program) #$@args) | |
502 | " ") "\n"))) | |
503 | entries))) | |
504 | ||
505 | (define inetd-shepherd-service | |
506 | (match-lambda | |
507 | (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing | |
508 | (($ <inetd-configuration> program entries) | |
509 | (list | |
510 | (shepherd-service | |
511 | (documentation "Run inetd.") | |
512 | (provision '(inetd)) | |
513 | (requirement '(user-processes networking syslogd)) | |
514 | (start #~(make-forkexec-constructor | |
515 | (list #$program #$(inetd-config-file entries)) | |
516 | #:pid-file "/var/run/inetd.pid")) | |
517 | (stop #~(make-kill-destructor))))))) | |
518 | ||
519 | (define-public inetd-service-type | |
520 | (service-type | |
521 | (name 'inetd) | |
522 | (extensions | |
523 | (list (service-extension shepherd-root-service-type | |
524 | inetd-shepherd-service))) | |
525 | ||
526 | ;; The service can be extended with additional lists of entries. | |
527 | (compose concatenate) | |
528 | (extend (lambda (config entries) | |
529 | (inetd-configuration | |
530 | (inherit config) | |
531 | (entries (append (inetd-configuration-entries config) | |
3f0de257 LC |
532 | entries))))) |
533 | (description | |
534 | "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible | |
535 | for listening on Internet sockets and spawning the corresponding services on | |
536 | demand."))) | |
9260b9d1 TD |
537 | |
538 | \f | |
0adfe95a LC |
539 | ;;; |
540 | ;;; Tor. | |
541 | ;;; | |
542 | ||
6331bde7 LC |
543 | (define-record-type* <tor-configuration> |
544 | tor-configuration make-tor-configuration | |
545 | tor-configuration? | |
546 | (tor tor-configuration-tor | |
547 | (default tor)) | |
3d3c5650 LC |
548 | (config-file tor-configuration-config-file |
549 | (default (plain-file "empty" ""))) | |
6331bde7 LC |
550 | (hidden-services tor-configuration-hidden-services |
551 | (default '()))) | |
552 | ||
0adfe95a LC |
553 | (define %tor-accounts |
554 | ;; User account and groups for Tor. | |
555 | (list (user-group (name "tor") (system? #t)) | |
556 | (user-account | |
557 | (name "tor") | |
558 | (group "tor") | |
559 | (system? #t) | |
560 | (comment "Tor daemon user") | |
561 | (home-directory "/var/empty") | |
9e41130b | 562 | (shell (file-append shadow "/sbin/nologin"))))) |
0adfe95a | 563 | |
6331bde7 LC |
564 | (define-record-type <hidden-service> |
565 | (hidden-service name mapping) | |
566 | hidden-service? | |
567 | (name hidden-service-name) ;string | |
568 | (mapping hidden-service-mapping)) ;list of port/address tuples | |
569 | ||
570 | (define (tor-configuration->torrc config) | |
571 | "Return a 'torrc' file for CONFIG." | |
572 | (match config | |
573 | (($ <tor-configuration> tor config-file services) | |
574 | (computed-file | |
575 | "torrc" | |
4ee96a79 LC |
576 | (with-imported-modules '((guix build utils)) |
577 | #~(begin | |
578 | (use-modules (guix build utils) | |
579 | (ice-9 match)) | |
580 | ||
581 | (call-with-output-file #$output | |
582 | (lambda (port) | |
583 | (display "\ | |
6331bde7 | 584 | # The beginning was automatically added. |
5ee35eb7 | 585 | User tor |
6629099a | 586 | DataDirectory /var/lib/tor |
5ee35eb7 | 587 | Log notice syslog\n" port) |
6331bde7 | 588 | |
4ee96a79 LC |
589 | (for-each (match-lambda |
590 | ((service (ports hosts) ...) | |
591 | (format port "\ | |
6629099a | 592 | HiddenServiceDir /var/lib/tor/hidden-services/~a~%" |
4ee96a79 LC |
593 | service) |
594 | (for-each (lambda (tcp-port host) | |
595 | (format port "\ | |
6331bde7 | 596 | HiddenServicePort ~a ~a~%" |
4ee96a79 LC |
597 | tcp-port host)) |
598 | ports hosts))) | |
599 | '#$(map (match-lambda | |
600 | (($ <hidden-service> name mapping) | |
601 | (cons name mapping))) | |
602 | services)) | |
603 | ||
604 | ;; Append the user's config file. | |
605 | (call-with-input-file #$config-file | |
606 | (lambda (input) | |
607 | (dump-port input port))) | |
608 | #t)))))))) | |
6331bde7 | 609 | |
d4053c71 AK |
610 | (define (tor-shepherd-service config) |
611 | "Return a <shepherd-service> running TOR." | |
375c6108 | 612 | (match config |
6331bde7 LC |
613 | (($ <tor-configuration> tor) |
614 | (let ((torrc (tor-configuration->torrc config))) | |
ee295346 LC |
615 | (with-imported-modules (source-module-closure |
616 | '((gnu build shepherd) | |
617 | (gnu system file-systems))) | |
618 | (list (shepherd-service | |
619 | (provision '(tor)) | |
620 | ||
621 | ;; Tor needs at least one network interface to be up, hence the | |
622 | ;; dependency on 'loopback'. | |
623 | (requirement '(user-processes loopback syslogd)) | |
624 | ||
625 | (modules '((gnu build shepherd) | |
626 | (gnu system file-systems))) | |
627 | ||
628 | (start #~(make-forkexec-constructor/container | |
629 | (list #$(file-append tor "/bin/tor") "-f" #$torrc) | |
630 | ||
631 | #:mappings (list (file-system-mapping | |
632 | (source "/var/lib/tor") | |
633 | (target source) | |
634 | (writable? #t)) | |
635 | (file-system-mapping | |
636 | (source "/dev/log") ;for syslog | |
637 | (target source))))) | |
638 | (stop #~(make-kill-destructor)) | |
639 | (documentation "Run the Tor anonymous network overlay.")))))))) | |
0adfe95a | 640 | |
6331bde7 LC |
641 | (define (tor-hidden-service-activation config) |
642 | "Return the activation gexp for SERVICES, a list of hidden services." | |
643 | #~(begin | |
644 | (use-modules (guix build utils)) | |
645 | ||
6629099a LC |
646 | (define %user |
647 | (getpw "tor")) | |
648 | ||
6331bde7 | 649 | (define (initialize service) |
6629099a LC |
650 | (let ((directory (string-append "/var/lib/tor/hidden-services/" |
651 | service))) | |
6331bde7 | 652 | (mkdir-p directory) |
6629099a | 653 | (chown directory (passwd:uid %user) (passwd:gid %user)) |
6331bde7 LC |
654 | |
655 | ;; The daemon bails out if we give wider permissions. | |
656 | (chmod directory #o700))) | |
657 | ||
6629099a LC |
658 | (mkdir-p "/var/lib/tor") |
659 | (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) | |
660 | (chmod "/var/lib/tor" #o700) | |
661 | ||
ba9f0db0 LC |
662 | ;; Make sure /var/lib is accessible to the 'tor' user. |
663 | (chmod "/var/lib" #o755) | |
664 | ||
6331bde7 LC |
665 | (for-each initialize |
666 | '#$(map hidden-service-name | |
667 | (tor-configuration-hidden-services config))))) | |
668 | ||
0adfe95a LC |
669 | (define tor-service-type |
670 | (service-type (name 'tor) | |
671 | (extensions | |
d4053c71 AK |
672 | (list (service-extension shepherd-root-service-type |
673 | tor-shepherd-service) | |
0adfe95a | 674 | (service-extension account-service-type |
6331bde7 LC |
675 | (const %tor-accounts)) |
676 | (service-extension activation-service-type | |
677 | tor-hidden-service-activation))) | |
678 | ||
679 | ;; This can be extended with hidden services. | |
680 | (compose concatenate) | |
681 | (extend (lambda (config services) | |
682 | (tor-configuration | |
683 | (inherit config) | |
684 | (hidden-services | |
685 | (append (tor-configuration-hidden-services config) | |
3d3c5650 | 686 | services))))) |
3f0de257 LC |
687 | (default-value (tor-configuration)) |
688 | (description | |
689 | "Run the @uref{https://torproject.org, Tor} anonymous | |
690 | networking daemon."))) | |
63854bcb | 691 | |
375c6108 LC |
692 | (define* (tor-service #:optional |
693 | (config-file (plain-file "empty" "")) | |
694 | #:key (tor tor)) | |
695 | "Return a service to run the @uref{https://torproject.org, Tor} anonymous | |
696 | networking daemon. | |
927097ef | 697 | |
375c6108 | 698 | The daemon runs as the @code{tor} unprivileged user. It is passed |
6331bde7 LC |
699 | @var{config-file}, a file-like object, with an additional @code{User tor} line |
700 | and lines for hidden services added via @code{tor-hidden-service}. Run | |
701 | @command{man tor} for information about the configuration file." | |
702 | (service tor-service-type | |
703 | (tor-configuration (tor tor) | |
704 | (config-file config-file)))) | |
705 | ||
706 | (define tor-hidden-service-type | |
707 | ;; A type that extends Tor with hidden services. | |
708 | (service-type (name 'tor-hidden-service) | |
709 | (extensions | |
3f0de257 LC |
710 | (list (service-extension tor-service-type list))) |
711 | (description | |
712 | "Define a new Tor @dfn{hidden service}."))) | |
6331bde7 LC |
713 | |
714 | (define (tor-hidden-service name mapping) | |
715 | "Define a new Tor @dfn{hidden service} called @var{name} and implementing | |
716 | @var{mapping}. @var{mapping} is a list of port/host tuples, such as: | |
717 | ||
718 | @example | |
719 | '((22 \"127.0.0.1:22\") | |
720 | (80 \"127.0.0.1:8080\")) | |
721 | @end example | |
722 | ||
723 | In this example, port 22 of the hidden service is mapped to local port 22, and | |
724 | port 80 is mapped to local port 8080. | |
725 | ||
6629099a LC |
726 | This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where |
727 | the @file{hostname} file contains the @code{.onion} host name for the hidden | |
6331bde7 LC |
728 | service. |
729 | ||
730 | See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor | |
731 | project's documentation} for more information." | |
732 | (service tor-hidden-service-type | |
733 | (hidden-service name mapping))) | |
0adfe95a LC |
734 | |
735 | \f | |
736 | ;;; | |
737 | ;;; BitlBee. | |
738 | ;;; | |
739 | ||
740 | (define-record-type* <bitlbee-configuration> | |
741 | bitlbee-configuration make-bitlbee-configuration | |
742 | bitlbee-configuration? | |
743 | (bitlbee bitlbee-configuration-bitlbee | |
744 | (default bitlbee)) | |
3d3c5650 LC |
745 | (interface bitlbee-configuration-interface |
746 | (default "127.0.0.1")) | |
747 | (port bitlbee-configuration-port | |
748 | (default 6667)) | |
749 | (extra-settings bitlbee-configuration-extra-settings | |
750 | (default ""))) | |
0adfe95a | 751 | |
d4053c71 | 752 | (define bitlbee-shepherd-service |
0adfe95a LC |
753 | (match-lambda |
754 | (($ <bitlbee-configuration> bitlbee interface port extra-settings) | |
755 | (let ((conf (plain-file "bitlbee.conf" | |
756 | (string-append " | |
757 | [settings] | |
758 | User = bitlbee | |
759 | ConfigDir = /var/lib/bitlbee | |
760 | DaemonInterface = " interface " | |
761 | DaemonPort = " (number->string port) " | |
762 | " extra-settings)))) | |
763 | ||
a062b6ca LC |
764 | (with-imported-modules (source-module-closure |
765 | '((gnu build shepherd) | |
766 | (gnu system file-systems))) | |
767 | (list (shepherd-service | |
768 | (provision '(bitlbee)) | |
769 | ||
770 | ;; Note: If networking is not up, then /etc/resolv.conf | |
771 | ;; doesn't get mapped in the container, hence the dependency | |
772 | ;; on 'networking'. | |
773 | (requirement '(user-processes networking)) | |
774 | ||
775 | (modules '((gnu build shepherd) | |
776 | (gnu system file-systems))) | |
777 | (start #~(make-forkexec-constructor/container | |
778 | (list #$(file-append bitlbee "/sbin/bitlbee") | |
779 | "-n" "-F" "-u" "bitlbee" "-c" #$conf) | |
780 | ||
781 | #:pid-file "/var/run/bitlbee.pid" | |
782 | #:mappings (list (file-system-mapping | |
783 | (source "/var/lib/bitlbee") | |
784 | (target source) | |
785 | (writable? #t))))) | |
786 | (stop #~(make-kill-destructor))))))))) | |
0adfe95a LC |
787 | |
788 | (define %bitlbee-accounts | |
789 | ;; User group and account to run BitlBee. | |
790 | (list (user-group (name "bitlbee") (system? #t)) | |
791 | (user-account | |
792 | (name "bitlbee") | |
793 | (group "bitlbee") | |
794 | (system? #t) | |
795 | (comment "BitlBee daemon user") | |
796 | (home-directory "/var/empty") | |
9e41130b | 797 | (shell (file-append shadow "/sbin/nologin"))))) |
0adfe95a LC |
798 | |
799 | (define %bitlbee-activation | |
800 | ;; Activation gexp for BitlBee. | |
801 | #~(begin | |
802 | (use-modules (guix build utils)) | |
803 | ||
804 | ;; This directory is used to store OTR data. | |
805 | (mkdir-p "/var/lib/bitlbee") | |
806 | (let ((user (getpwnam "bitlbee"))) | |
807 | (chown "/var/lib/bitlbee" | |
808 | (passwd:uid user) (passwd:gid user))))) | |
809 | ||
810 | (define bitlbee-service-type | |
811 | (service-type (name 'bitlbee) | |
812 | (extensions | |
d4053c71 AK |
813 | (list (service-extension shepherd-root-service-type |
814 | bitlbee-shepherd-service) | |
0adfe95a LC |
815 | (service-extension account-service-type |
816 | (const %bitlbee-accounts)) | |
817 | (service-extension activation-service-type | |
3d3c5650 | 818 | (const %bitlbee-activation)))) |
3f0de257 LC |
819 | (default-value (bitlbee-configuration)) |
820 | (description | |
821 | "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as | |
822 | a gateway between IRC and chat networks."))) | |
927097ef | 823 | |
4627a464 LC |
824 | (define* (bitlbee-service #:key (bitlbee bitlbee) |
825 | (interface "127.0.0.1") (port 6667) | |
826 | (extra-settings "")) | |
827 | "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that | |
828 | acts as a gateway between IRC and chat networks. | |
829 | ||
830 | The daemon will listen to the interface corresponding to the IP address | |
831 | specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only | |
832 | local clients can connect, whereas @code{0.0.0.0} means that connections can | |
833 | come from any networking interface. | |
834 | ||
835 | In addition, @var{extra-settings} specifies a string to append to the | |
836 | configuration file." | |
0adfe95a LC |
837 | (service bitlbee-service-type |
838 | (bitlbee-configuration | |
839 | (bitlbee bitlbee) | |
840 | (interface interface) (port port) | |
841 | (extra-settings extra-settings)))) | |
842 | ||
843 | \f | |
844 | ;;; | |
845 | ;;; Wicd. | |
846 | ;;; | |
847 | ||
848 | (define %wicd-activation | |
849 | ;; Activation gexp for Wicd. | |
850 | #~(begin | |
851 | (use-modules (guix build utils)) | |
852 | ||
853 | (mkdir-p "/etc/wicd") | |
854 | (let ((file-name "/etc/wicd/dhclient.conf.template.default")) | |
855 | (unless (file-exists? file-name) | |
856 | (copy-file (string-append #$wicd file-name) | |
69323016 LC |
857 | file-name))) |
858 | ||
859 | ;; Wicd invokes 'wpa_supplicant', which needs this directory for its | |
860 | ;; named socket files. | |
861 | (mkdir-p "/var/run/wpa_supplicant") | |
862 | (chmod "/var/run/wpa_supplicant" #o750))) | |
0adfe95a | 863 | |
d4053c71 AK |
864 | (define (wicd-shepherd-service wicd) |
865 | "Return a shepherd service for WICD." | |
866 | (list (shepherd-service | |
0adfe95a LC |
867 | (documentation "Run the Wicd network manager.") |
868 | (provision '(networking)) | |
869 | (requirement '(user-processes dbus-system loopback)) | |
870 | (start #~(make-forkexec-constructor | |
871 | (list (string-append #$wicd "/sbin/wicd") | |
872 | "--no-daemon"))) | |
873 | (stop #~(make-kill-destructor))))) | |
874 | ||
875 | (define wicd-service-type | |
876 | (service-type (name 'wicd) | |
877 | (extensions | |
d4053c71 AK |
878 | (list (service-extension shepherd-root-service-type |
879 | wicd-shepherd-service) | |
0adfe95a LC |
880 | (service-extension dbus-root-service-type |
881 | list) | |
882 | (service-extension activation-service-type | |
87f40011 LC |
883 | (const %wicd-activation)) |
884 | ||
885 | ;; Add Wicd to the global profile. | |
3f0de257 LC |
886 | (service-extension profile-service-type list))) |
887 | (description | |
888 | "Run @url{https://launchpad.net/wicd,Wicd}, a network | |
889 | management daemon that aims to simplify wired and wireless networking."))) | |
4627a464 | 890 | |
b7d0c494 MW |
891 | (define* (wicd-service #:key (wicd wicd)) |
892 | "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network | |
87f40011 LC |
893 | management daemon that aims to simplify wired and wireless networking. |
894 | ||
895 | This service adds the @var{wicd} package to the global profile, providing | |
896 | several commands to interact with the daemon and configure networking: | |
897 | @command{wicd-client}, a graphical user interface, and the @command{wicd-cli} | |
898 | and @command{wicd-curses} user interfaces." | |
0adfe95a | 899 | (service wicd-service-type wicd)) |
b7d0c494 | 900 | |
7234ad4f SB |
901 | \f |
902 | ;;; | |
903 | ;;; NetworkManager | |
904 | ;;; | |
905 | ||
b726096b CB |
906 | (define-record-type* <network-manager-configuration> |
907 | network-manager-configuration make-network-manager-configuration | |
908 | network-manager-configuration? | |
909 | (network-manager network-manager-configuration-network-manager | |
910 | (default network-manager)) | |
911 | (dns network-manager-configuration-dns | |
94d2a250 LC |
912 | (default "default")) |
913 | (vpn-plugins network-manager-vpn-plugins ;list of <package> | |
914 | (default '()))) | |
b726096b | 915 | |
7234ad4f SB |
916 | (define %network-manager-activation |
917 | ;; Activation gexp for NetworkManager. | |
918 | #~(begin | |
919 | (use-modules (guix build utils)) | |
920 | (mkdir-p "/etc/NetworkManager/system-connections"))) | |
921 | ||
94d2a250 LC |
922 | (define (vpn-plugin-directory plugins) |
923 | "Return a directory containing PLUGINS, the NM VPN plugins." | |
924 | (directory-union "network-manager-vpn-plugins" plugins)) | |
925 | ||
926 | (define network-manager-environment | |
927 | (match-lambda | |
928 | (($ <network-manager-configuration> network-manager dns vpn-plugins) | |
929 | ;; Define this variable in the global environment such that | |
930 | ;; "nmcli connection import type openvpn file foo.ovpn" works. | |
931 | `(("NM_VPN_PLUGIN_DIR" | |
932 | . ,(file-append (vpn-plugin-directory vpn-plugins) | |
933 | "/lib/NetworkManager/VPN")))))) | |
934 | ||
b726096b CB |
935 | (define network-manager-shepherd-service |
936 | (match-lambda | |
94d2a250 LC |
937 | (($ <network-manager-configuration> network-manager dns vpn-plugins) |
938 | (let ((conf (plain-file "NetworkManager.conf" | |
939 | (string-append "[main]\ndns=" dns "\n"))) | |
940 | (vpn (vpn-plugin-directory vpn-plugins))) | |
941 | (list (shepherd-service | |
942 | (documentation "Run the NetworkManager.") | |
943 | (provision '(networking)) | |
944 | (requirement '(user-processes dbus-system wpa-supplicant loopback)) | |
945 | (start #~(make-forkexec-constructor | |
946 | (list (string-append #$network-manager | |
947 | "/sbin/NetworkManager") | |
948 | (string-append "--config=" #$conf) | |
949 | "--no-daemon") | |
950 | #:environment-variables | |
951 | (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn | |
952 | "/lib/NetworkManager/VPN")))) | |
953 | (stop #~(make-kill-destructor)))))))) | |
7234ad4f SB |
954 | |
955 | (define network-manager-service-type | |
b726096b CB |
956 | (let |
957 | ((config->package | |
958 | (match-lambda | |
959 | (($ <network-manager-configuration> network-manager) | |
960 | (list network-manager))))) | |
961 | ||
962 | (service-type | |
963 | (name 'network-manager) | |
964 | (extensions | |
965 | (list (service-extension shepherd-root-service-type | |
966 | network-manager-shepherd-service) | |
967 | (service-extension dbus-root-service-type config->package) | |
968 | (service-extension polkit-service-type config->package) | |
969 | (service-extension activation-service-type | |
970 | (const %network-manager-activation)) | |
94d2a250 LC |
971 | (service-extension session-environment-service-type |
972 | network-manager-environment) | |
b726096b | 973 | ;; Add network-manager to the system profile. |
44fa0dbe | 974 | (service-extension profile-service-type config->package))) |
3f0de257 LC |
975 | (default-value (network-manager-configuration)) |
976 | (description | |
977 | "Run @uref{https://wiki.gnome.org/Projects/NetworkManager, | |
978 | NetworkManager}, a network management daemon that aims to simplify wired and | |
979 | wireless networking.")))) | |
7234ad4f | 980 | |
76192896 EF |
981 | \f |
982 | ;;; | |
983 | ;;; Connman | |
984 | ;;; | |
985 | ||
34d60c49 MO |
986 | (define-record-type* <connman-configuration> |
987 | connman-configuration make-connman-configuration | |
988 | connman-configuration? | |
989 | (connman connman-configuration-connman | |
990 | (default connman)) | |
991 | (disable-vpn? connman-configuration-disable-vpn? | |
992 | (default #f))) | |
993 | ||
994 | (define (connman-activation config) | |
995 | (let ((disable-vpn? (connman-configuration-disable-vpn? config))) | |
996 | (with-imported-modules '((guix build utils)) | |
997 | #~(begin | |
998 | (use-modules (guix build utils)) | |
999 | (mkdir-p "/var/lib/connman/") | |
1000 | (unless #$disable-vpn? | |
1001 | (mkdir-p "/var/lib/connman-vpn/")))))) | |
1002 | ||
1003 | (define (connman-shepherd-service config) | |
76192896 | 1004 | "Return a shepherd service for Connman" |
34d60c49 MO |
1005 | (and |
1006 | (connman-configuration? config) | |
1007 | (let ((connman (connman-configuration-connman config)) | |
1008 | (disable-vpn? (connman-configuration-disable-vpn? config))) | |
1009 | (list (shepherd-service | |
1010 | (documentation "Run Connman") | |
1011 | (provision '(networking)) | |
1012 | (requirement | |
1013 | '(user-processes dbus-system loopback wpa-supplicant)) | |
1014 | (start #~(make-forkexec-constructor | |
1015 | (list (string-append #$connman | |
1016 | "/sbin/connmand") | |
1017 | "-n" "-r" | |
1018 | #$@(if disable-vpn? '("--noplugin=vpn") '())))) | |
1019 | (stop #~(make-kill-destructor))))))) | |
76192896 EF |
1020 | |
1021 | (define connman-service-type | |
34d60c49 MO |
1022 | (let ((connman-package (compose list connman-configuration-connman))) |
1023 | (service-type (name 'connman) | |
1024 | (extensions | |
1025 | (list (service-extension shepherd-root-service-type | |
1026 | connman-shepherd-service) | |
1027 | (service-extension dbus-root-service-type | |
1028 | connman-package) | |
1029 | (service-extension activation-service-type | |
1030 | connman-activation) | |
1031 | ;; Add connman to the system profile. | |
1032 | (service-extension profile-service-type | |
3f0de257 LC |
1033 | connman-package))) |
1034 | (description | |
1035 | "Run @url{https://01.org/connman,Connman}, | |
1036 | a network connection manager.")))) | |
2cccbc2a TČ |
1037 | |
1038 | \f | |
1039 | ;;; | |
1040 | ;;; WPA supplicant | |
1041 | ;;; | |
1042 | ||
1043 | ||
1044 | (define (wpa-supplicant-shepherd-service wpa-supplicant) | |
1045 | "Return a shepherd service for wpa_supplicant" | |
1046 | (list (shepherd-service | |
1047 | (documentation "Run WPA supplicant with dbus interface") | |
1048 | (provision '(wpa-supplicant)) | |
1049 | (requirement '(user-processes dbus-system loopback)) | |
1050 | (start #~(make-forkexec-constructor | |
1051 | (list (string-append #$wpa-supplicant | |
1052 | "/sbin/wpa_supplicant") | |
1053 | "-u" "-B" "-P/var/run/wpa_supplicant.pid") | |
1054 | #:pid-file "/var/run/wpa_supplicant.pid")) | |
1055 | (stop #~(make-kill-destructor))))) | |
1056 | ||
1057 | (define wpa-supplicant-service-type | |
1058 | (service-type (name 'wpa-supplicant) | |
1059 | (extensions | |
1060 | (list (service-extension shepherd-root-service-type | |
1061 | wpa-supplicant-shepherd-service) | |
1062 | (service-extension dbus-root-service-type list) | |
3d3c5650 LC |
1063 | (service-extension profile-service-type list))) |
1064 | (default-value wpa-supplicant))) | |
2cccbc2a | 1065 | |
c32d02fe SB |
1066 | \f |
1067 | ;;; | |
1068 | ;;; Open vSwitch | |
1069 | ;;; | |
1070 | ||
1071 | (define-record-type* <openvswitch-configuration> | |
1072 | openvswitch-configuration make-openvswitch-configuration | |
1073 | openvswitch-configuration? | |
1074 | (package openvswitch-configuration-package | |
1075 | (default openvswitch))) | |
1076 | ||
1077 | (define openvswitch-activation | |
1078 | (match-lambda | |
1079 | (($ <openvswitch-configuration> package) | |
1080 | (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool"))) | |
1081 | (with-imported-modules '((guix build utils)) | |
1082 | #~(begin | |
1083 | (use-modules (guix build utils)) | |
1084 | (mkdir-p "/var/run/openvswitch") | |
1085 | (mkdir-p "/var/lib/openvswitch") | |
1086 | (let ((conf.db "/var/lib/openvswitch/conf.db")) | |
1087 | (unless (file-exists? conf.db) | |
1088 | (system* #$ovsdb-tool "create" conf.db))))))))) | |
1089 | ||
1090 | (define openvswitch-shepherd-service | |
1091 | (match-lambda | |
1092 | (($ <openvswitch-configuration> package) | |
1093 | (let ((ovsdb-server (file-append package "/sbin/ovsdb-server")) | |
1094 | (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd"))) | |
1095 | (list | |
1096 | (shepherd-service | |
1097 | (provision '(ovsdb)) | |
1098 | (documentation "Run the Open vSwitch database server.") | |
1099 | (start #~(make-forkexec-constructor | |
1100 | (list #$ovsdb-server "--pidfile" | |
1101 | "--remote=punix:/var/run/openvswitch/db.sock") | |
1102 | #:pid-file "/var/run/openvswitch/ovsdb-server.pid")) | |
1103 | (stop #~(make-kill-destructor))) | |
1104 | (shepherd-service | |
1105 | (provision '(vswitchd)) | |
1106 | (requirement '(ovsdb)) | |
1107 | (documentation "Run the Open vSwitch daemon.") | |
1108 | (start #~(make-forkexec-constructor | |
1109 | (list #$ovs-vswitchd "--pidfile") | |
1110 | #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid")) | |
1111 | (stop #~(make-kill-destructor)))))))) | |
1112 | ||
1113 | (define openvswitch-service-type | |
1114 | (service-type | |
1115 | (name 'openvswitch) | |
1116 | (extensions | |
1117 | (list (service-extension activation-service-type | |
1118 | openvswitch-activation) | |
1119 | (service-extension profile-service-type | |
1120 | (compose list openvswitch-configuration-package)) | |
1121 | (service-extension shepherd-root-service-type | |
3f0de257 LC |
1122 | openvswitch-shepherd-service))) |
1123 | (description | |
1124 | "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual | |
1125 | switch designed to enable massive network automation through programmatic | |
1126 | extension."))) | |
c32d02fe | 1127 | |
db4fdc04 | 1128 | ;;; networking.scm ends here |