HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
services: wpa-supplicant: Support specifying additional service dependencies.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
0f13dd2b 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
16718b67 4;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
acce0a47 8;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
9926b8f8 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
f5be5104 12;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
40557aea 13;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
3c4f5ad7 14;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
a2161c86 15;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
db4fdc04
LC		 16;;;
17;;; This file is part of GNU Guix.
18;;;
19;;; GNU Guix is free software; you can redistribute it and/or modify it
20;;; under the terms of the GNU General Public License as published by
21;;; the Free Software Foundation; either version 3 of the License, or (at
22;;; your option) any later version.
23;;;
24;;; GNU Guix is distributed in the hope that it will be useful, but
25;;; WITHOUT ANY WARRANTY; without even the implied warranty of
26;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27;;; GNU General Public License for more details.
28;;;
29;;; You should have received a copy of the GNU General Public License
30;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
31
32(define-module (gnu services networking)
33 #:use-module (gnu services)
c9436025 34 #:use-module (gnu services base)
a03943ec 35 #:use-module (gnu services configuration)
0190c1c0 36 #:use-module (gnu services shepherd)
0adfe95a 37 #:use-module (gnu services dbus)
927097ef 38 #:use-module (gnu system shadow)
6e828634 39 #:use-module (gnu system pam)
db4fdc04 40 #:use-module (gnu packages admin)
f5be5104
FP		 41 #:use-module (gnu packages base)
42 #:use-module (gnu packages bash)
76192896 43 #:use-module (gnu packages connman)
d94e81db 44 #:use-module (gnu packages freedesktop)
db4fdc04 45 #:use-module (gnu packages linux)
927097ef 46 #:use-module (gnu packages tor)
f5be5104 47 #:use-module (gnu packages usb-modeswitch)
4627a464 48 #:use-module (gnu packages messaging)
c32d02fe 49 #:use-module (gnu packages networking)
63854bcb 50 #:use-module (gnu packages ntp)
b7d0c494 51 #:use-module (gnu packages wicd)
7234ad4f 52 #:use-module (gnu packages gnome)
b5f4e686 53 #:use-module (guix gexp)
0adfe95a 54 #:use-module (guix records)
a062b6ca 55 #:use-module (guix modules)
e52b9534 56 #:use-module (guix packages)
65a67bf7 57 #:use-module (guix deprecation)
5658ae8a 58 #:use-module (rnrs enums)
6331bde7
LC		 59 #:use-module (srfi srfi-1)
60 #:use-module (srfi srfi-9)
63854bcb 61 #:use-module (srfi srfi-26)
0adfe95a 62 #:use-module (ice-9 match)
70ab130a
DM		 63 #:re-export (static-networking-service
64 static-networking-service-type)
fa0c1d61 65 #:export (%facebook-host-aliases
a023cca8 66 dhcp-client-service
39d7fdce 67 dhcp-client-service-type
f1104d90
CM		 68
69 dhcpd-service-type
70 dhcpd-configuration
71 dhcpd-configuration?
72 dhcpd-configuration-package
73 dhcpd-configuration-config-file
74 dhcpd-configuration-version
75 dhcpd-configuration-run-directory
76 dhcpd-configuration-lease-file
77 dhcpd-configuration-pid-file
78 dhcpd-configuration-interfaces
79
24e96431
 80 ntp-configuration
81 ntp-configuration?
5658ae8a
MC		 82 ntp-configuration-ntp
83 ntp-configuration-servers
84 ntp-allow-large-adjustment?
85
86 %ntp-servers
87 ntp-server
88 ntp-server-type
89 ntp-server-address
90 ntp-server-options
91
63854bcb 92 ntp-service
24e96431
 93 ntp-service-type
94
5658ae8a 95 %openntpd-servers
16718b67
EF		 96 openntpd-configuration
97 openntpd-configuration?
98 openntpd-service-type
99
9260b9d1
TD		 100 inetd-configuration
101 inetd-entry
102 inetd-service-type
103
24e96431
 104 tor-configuration
105 tor-configuration?
6331bde7 106 tor-hidden-service
4627a464 107 tor-service
24e96431
 108 tor-service-type
109
e48fcd7b 110 wicd-service-type
7234ad4f 111 wicd-service
b726096b
CB		 112
113 network-manager-configuration
114 network-manager-configuration?
115 network-manager-configuration-dns
4e37cf35 116 network-manager-configuration-vpn-plugins
b726096b
CB		 117 network-manager-service-type
118
34d60c49
MO		 119 connman-configuration
120 connman-configuration?
121 connman-service-type
122
d94e81db
DM		 123 modem-manager-configuration
124 modem-manager-configuration?
125 modem-manager-service-type
acce0a47 126
f5be5104
FP		 127 usb-modeswitch-configuration
128 usb-modeswitch-configuration?
129 usb-modeswitch-configuration-usb-modeswitch
130 usb-modeswitch-configuration-usb-modeswitch-data
131 usb-modeswitch-service-type
132
acce0a47
MB		 133 wpa-supplicant-configuration
134 wpa-supplicant-configuration?
135 wpa-supplicant-configuration-wpa-supplicant
4d060767 136 wpa-supplicant-configuration-requirement
acce0a47
MB		 137 wpa-supplicant-configuration-pid-file
138 wpa-supplicant-configuration-dbus?
139 wpa-supplicant-configuration-interface
140 wpa-supplicant-configuration-config-file
141 wpa-supplicant-configuration-extra-options
c32d02fe
SB		 142 wpa-supplicant-service-type
143
a03943ec
LC		 144 hostapd-configuration
145 hostapd-configuration?
146 hostapd-configuration-package
147 hostapd-configuration-interface
148 hostapd-configuration-ssid
149 hostapd-configuration-broadcast-ssid?
150 hostapd-configuration-channel
151 hostapd-configuration-driver
152 hostapd-service-type
153
5e7076f2
LC		 154 simulated-wifi-service-type
155
c32d02fe 156 openvswitch-service-type
9926b8f8
AI		 157 openvswitch-configuration
158
159 iptables-configuration
160 iptables-configuration?
161 iptables-configuration-iptables
162 iptables-configuration-ipv4-rules
163 iptables-configuration-ipv6-rules
3c4f5ad7
SB		 164 iptables-service-type
165
166 nftables-service-type
167 nftables-configuration
168 nftables-configuration?
169 nftables-configuration-package
170 nftables-configuration-ruleset
a2161c86
AG		 171 %default-nftables-ruleset
172
173 pagekite-service-type
174 pagekite-configuration
175 pagekite-configuration?
176 pagekite-configuration-package
177 pagekite-configuration-kitename
178 pagekite-configuration-kitesecret
179 pagekite-configuration-frontend
180 pagekite-configuration-kites
181 pagekite-configuration-extra-file))
db4fdc04
LC		 182
183;;; Commentary:
184;;;
185;;; Networking services.
186;;;
187;;; Code:
188
fa0c1d61
LC		 189(define %facebook-host-aliases
190 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
191 ;; are to block it.
192 "\
193# Block Facebook IPv4.
194127.0.0.1 www.facebook.com
195127.0.0.1 facebook.com
196127.0.0.1 login.facebook.com
197127.0.0.1 www.login.facebook.com
198127.0.0.1 fbcdn.net
199127.0.0.1 www.fbcdn.net
200127.0.0.1 fbcdn.com
201127.0.0.1 www.fbcdn.com
202127.0.0.1 static.ak.fbcdn.net
203127.0.0.1 static.ak.connect.facebook.com
204127.0.0.1 connect.facebook.net
205127.0.0.1 www.connect.facebook.net
206127.0.0.1 apps.facebook.com
207
208# Block Facebook IPv6.
209fe80::1%lo0 facebook.com
210fe80::1%lo0 login.facebook.com
211fe80::1%lo0 www.login.facebook.com
212fe80::1%lo0 fbcdn.net
213fe80::1%lo0 www.fbcdn.net
214fe80::1%lo0 fbcdn.com
215fe80::1%lo0 www.fbcdn.com
216fe80::1%lo0 static.ak.fbcdn.net
217fe80::1%lo0 static.ak.connect.facebook.com
218fe80::1%lo0 connect.facebook.net
219fe80::1%lo0 www.connect.facebook.net
220fe80::1%lo0 apps.facebook.com\n")
221
0adfe95a 222(define dhcp-client-service-type
d4053c71 223 (shepherd-service-type
00184239 224 'dhcp-client
0adfe95a
LC		 225 (lambda (dhcp)
226 (define dhclient
9e41130b 227 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 228
229 (define pid-file
230 "/var/run/dhclient.pid")
231
d4053c71 232 (shepherd-service
0adfe95a
LC		 233 (documentation "Set up networking via DHCP.")
234 (requirement '(user-processes udev))
235
236 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
237 ;; networking is unavailable, but also means that the interface is not up
238 ;; yet when 'start' completes. To wait for the interface to be ready, one
239 ;; should instead monitor udev events.
240 (provision '(networking))
241
242 (start #~(lambda _
243 ;; When invoked without any arguments, 'dhclient' discovers all
244 ;; non-loopback interfaces *that are up*. However, the relevant
245 ;; interfaces are typically down at this point. Thus we perform
246 ;; our own interface discovery here.
247 (define valid?
6c2180f5
MB		 248 (lambda (interface)
249 (and (arp-network-interface? interface)
747b7246
BW		 250 (not (loopback-network-interface? interface))
251 ;; XXX: Make sure the interfaces are up so that
252 ;; 'dhclient' can actually send/receive over them.
253 ;; Ignore those that cannot be activated.
254 (false-if-exception
255 (set-network-interface-up interface)))))
0adfe95a
LC		 256 (define ifaces
257 (filter valid? (all-network-interface-names)))
258
0adfe95a
LC		 259 (false-if-exception (delete-file #$pid-file))
260 (let ((pid (fork+exec-command
261 (cons* #$dhclient "-nw"
262 "-pf" #$pid-file ifaces))))
263 (and (zero? (cdr (waitpid pid)))
6f03b080 264 (read-pid-file #$pid-file)))))
39d7fdce
LC		 265 (stop #~(make-kill-destructor))))
266 isc-dhcp))
db4fdc04 267
65a67bf7
LC		 268(define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp))
269 dhcp-client-service-type
a023cca8
LC		 270 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
271Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 272 (service dhcp-client-service-type dhcp))
a023cca8 273
f1104d90
CM		 274(define-record-type* <dhcpd-configuration>
275 dhcpd-configuration make-dhcpd-configuration
276 dhcpd-configuration?
277 (package dhcpd-configuration-package ;<package>
278 (default isc-dhcp))
279 (config-file dhcpd-configuration-config-file ;file-like
280 (default #f))
281 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 282 (default "4"))
f1104d90
CM		 283 (run-directory dhcpd-configuration-run-directory
284 (default "/run/dhcpd"))
285 (lease-file dhcpd-configuration-lease-file
286 (default "/var/db/dhcpd.leases"))
287 (pid-file dhcpd-configuration-pid-file
288 (default "/run/dhcpd/dhcpd.pid"))
289 ;; list of strings, e.g. (list "enp0s25")
290 (interfaces dhcpd-configuration-interfaces
291 (default '())))
292
293(define dhcpd-shepherd-service
294 (match-lambda
295 (($ <dhcpd-configuration> package config-file version run-directory
296 lease-file pid-file interfaces)
297 (unless config-file
298 (error "Must supply a config-file"))
299 (list (shepherd-service
300 ;; Allow users to easily run multiple versions simultaneously.
301 (provision (list (string->symbol
302 (string-append "dhcpv" version "-daemon"))))
303 (documentation (string-append "Run the DHCPv" version " daemon"))
304 (requirement '(networking))
305 (start #~(make-forkexec-constructor
306 '(#$(file-append package "/sbin/dhcpd")
307 #$(string-append "-" version)
308 "-lf" #$lease-file
309 "-pf" #$pid-file
310 "-cf" #$config-file
311 #$@interfaces)
312 #:pid-file #$pid-file))
313 (stop #~(make-kill-destructor)))))))
314
315(define dhcpd-activation
316 (match-lambda
317 (($ <dhcpd-configuration> package config-file version run-directory
318 lease-file pid-file interfaces)
319 (with-imported-modules '((guix build utils))
320 #~(begin
321 (unless (file-exists? #$run-directory)
322 (mkdir #$run-directory))
323 ;; According to the DHCP manual (man dhcpd.leases), the lease
324 ;; database must be present for dhcpd to start successfully.
325 (unless (file-exists? #$lease-file)
326 (with-output-to-file #$lease-file
327 (lambda _ (display ""))))
328 ;; Validate the config.
0f13dd2b 329 (invoke/quiet
f1104d90
CM		 330 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
331 #$config-file))))))
332
333(define dhcpd-service-type
334 (service-type
335 (name 'dhcpd)
336 (extensions
337 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
dd0804c6
LC		 338 (service-extension activation-service-type dhcpd-activation)))
339 (description "Run a DHCP (Dynamic Host Configuration Protocol) daemon. The
340daemon is responsible for allocating IP addresses to its client.")))
f1104d90 341
0adfe95a
LC		 342\f
343;;;
344;;; NTP.
345;;;
346
5658ae8a
MC		 347(define ntp-server-types (make-enumeration
348 '(pool
349 server
350 peer
351 broadcast
352 manycastclient)))
353
354(define-record-type* <ntp-server>
355 ntp-server make-ntp-server
356 ntp-server?
357 ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration.
358 (type ntp-server-type
359 (default 'server))
360 (address ntp-server-address) ; a string
361 ;; The list of options can contain single option names or tuples in the form
362 ;; '(name value).
363 (options ntp-server-options
364 (default '())))
365
366(define (ntp-server->string ntp-server)
367 ;; Serialize the NTP server object as a string, ready to use in the NTP
368 ;; configuration file.
369 (define (flatten lst)
370 (reverse
371 (let loop ((x lst)
372 (res '()))
373 (if (list? x)
374 (fold loop res x)
97bc3cbe 375 (cons (format #f "~a" x) res)))))
5658ae8a
MC		 376
377 (match ntp-server
378 (($ <ntp-server> type address options)
379 ;; XXX: It'd be neater if fields were validated at the syntax level (for
380 ;; static ones at least). Perhaps the Guix record type could support a
381 ;; predicate property on a field?
382 (unless (enum-set-member? type ntp-server-types)
383 (error "Invalid NTP server type" type))
384 (string-join (cons* (symbol->string type)
385 address
386 (flatten options))))))
387
388(define %ntp-servers
389 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
390 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
391 ;; for this NTP pool "zone".
392 (list
393 (ntp-server
394 (type 'pool)
395 (address "0.guix.pool.ntp.org")
396 (options '("iburst"))))) ;as recommended in the ntpd manual
397
0adfe95a
LC		 398(define-record-type* <ntp-configuration>
399 ntp-configuration make-ntp-configuration
400 ntp-configuration?
401 (ntp ntp-configuration-ntp
402 (default ntp))
5658ae8a 403 (servers %ntp-configuration-servers ;list of <ntp-server> objects
64791eb7 404 (default %ntp-servers))
dc0322b5 405 (allow-large-adjustment? ntp-allow-large-adjustment?
08b4a10f 406 (default #t))) ;as recommended in the ntpd manual
0adfe95a 407
5658ae8a
MC		 408(define (ntp-configuration-servers ntp-configuration)
409 ;; A wrapper to support the deprecated form of this field.
410 (let ((ntp-servers (%ntp-configuration-servers ntp-configuration)))
411 (match ntp-servers
412 (((? string?) (? string?) ...)
413 (format (current-error-port) "warning: Defining NTP servers as strings is \
414deprecated. Please use <ntp-server> records instead.\n")
415 (map (lambda (addr)
416 (ntp-server
417 (type 'server)
418 (address addr)
419 (options '()))) ntp-servers))
420 ((($ <ntp-server>) ($ <ntp-server>) ...)
421 ntp-servers))))
422
d4053c71 423(define ntp-shepherd-service
f37ad658
MC		 424 (lambda (config)
425 (match config
426 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
427 (let ((servers (ntp-configuration-servers config)))
428 ;; TODO: Add authentication support.
429 (define config
430 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
431 (string-join (map ntp-server->string servers)
432 "\n")
433 "
63854bcb
LC		 434# Disable status queries as a workaround for CVE-2013-5211:
435# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
d4de2f9e
MC		 436restrict default kod nomodify notrap nopeer noquery limited
437restrict -6 default kod nomodify notrap nopeer noquery limited
63854bcb
LC		 438
439# Yet, allow use of the local 'ntpq'.
440restrict 127.0.0.1
5658ae8a
MC		 441restrict -6 ::1
442
443# This is required to use servers from a pool directive when using the 'nopeer'
444# option by default, as documented in the 'ntp.conf' manual.
445restrict source notrap nomodify noquery\n"))
63854bcb 446
f37ad658
MC		 447 (define ntpd.conf
448 (plain-file "ntpd.conf" config))
449
450 (list (shepherd-service
451 (provision '(ntpd))
452 (documentation "Run the Network Time Protocol (NTP) daemon.")
453 (requirement '(user-processes networking))
454 (start #~(make-forkexec-constructor
455 (list (string-append #$ntp "/bin/ntpd") "-n"
456 "-c" #$ntpd.conf "-u" "ntpd"
457 #$@(if allow-large-adjustment?
458 '("-g")
459 '()))))
460 (stop #~(make-kill-destructor)))))))))
0adfe95a
LC		 461
462(define %ntp-accounts
463 (list (user-account
464 (name "ntpd")
465 (group "nogroup")
466 (system? #t)
467 (comment "NTP daemon user")
468 (home-directory "/var/empty")
9e41130b 469 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 470
1c6c0ad0
JD		 471
472(define (ntp-service-activation config)
473 "Return the activation gexp for CONFIG."
474 (with-imported-modules '((guix build utils))
475 #~(begin
e57bd0be 476 (use-modules (guix build utils))
1c6c0ad0
JD		 477 (define %user
478 (getpw "ntpd"))
479
480 (let ((directory "/var/run/ntpd"))
481 (mkdir-p directory)
482 (chown directory (passwd:uid %user) (passwd:gid %user))))))
483
0adfe95a
LC		 484(define ntp-service-type
485 (service-type (name 'ntp)
486 (extensions
d4053c71
AK		 487 (list (service-extension shepherd-root-service-type
488 ntp-shepherd-service)
0adfe95a 489 (service-extension account-service-type
1c6c0ad0
JD		 490 (const %ntp-accounts))
491 (service-extension activation-service-type
3f0de257
LC		 492 ntp-service-activation)))
493 (description
494 "Run the @command{ntpd}, the Network Time Protocol (NTP)
495daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
64791eb7
LC		 496will keep the system clock synchronized with that of the given servers.")
497 (default-value (ntp-configuration))))
0adfe95a 498
65a67bf7
LC		 499(define-deprecated (ntp-service #:key (ntp ntp)
500 (servers %ntp-servers)
501 allow-large-adjustment?)
502 ntp-service-type
0adfe95a
LC		 503 "Return a service that runs the daemon from @var{ntp}, the
504@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 505keep the system clock synchronized with that of @var{servers}.
506@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
507make an initial adjustment of more than 1,000 seconds."
0adfe95a 508 (service ntp-service-type
dc0322b5
LC		 509 (ntp-configuration (ntp ntp)
510 (servers servers)
511 (allow-large-adjustment?
512 allow-large-adjustment?))))
0adfe95a
LC		 513
514\f
16718b67
EF		 515;;;
516;;; OpenNTPD.
517;;;
518
5658ae8a
MC		 519(define %openntpd-servers
520 (map ntp-server-address %ntp-servers))
521
16718b67
EF		 522(define-record-type* <openntpd-configuration>
523 openntpd-configuration make-openntpd-configuration
524 openntpd-configuration?
525 (openntpd openntpd-configuration-openntpd
526 (default openntpd))
527 (listen-on openntpd-listen-on
528 (default '("127.0.0.1"
529 "::1")))
530 (query-from openntpd-query-from
531 (default '()))
532 (sensor openntpd-sensor
533 (default '()))
534 (server openntpd-server
16718b67 535 (default '()))
5658ae8a
MC		 536 (servers openntpd-servers
537 (default %openntpd-servers))
16718b67
EF		 538 (constraint-from openntpd-constraint-from
539 (default '()))
540 (constraints-from openntpd-constraints-from
541 (default '()))
542 (allow-large-adjustment? openntpd-allow-large-adjustment?
543 (default #f))) ; upstream default
544
2625abc6 545(define (openntpd-configuration->string config)
ccdfae38
MC		 546
547 (define (quote-field? name)
548 (member name '("constraints from")))
549
16718b67 550 (match-record config <openntpd-configuration>
2625abc6
MC		 551 (listen-on query-from sensor server servers constraint-from
552 constraints-from)
ccdfae38 553 (string-append
2625abc6 554 (string-join
ccdfae38
MC		 555 (concatenate
556 (filter-map (lambda (field values)
557 (match values
558 (() #f) ;discard entry with filter-map
559 ((val ...) ;validate value type
560 (map (lambda (value)
561 (if (quote-field? field)
562 (format #f "~a \"~a\"" field value)
563 (format #f "~a ~a" field value)))
564 values))))
565 ;; The entry names.
566 '("listen on" "query from" "sensor" "server" "servers"
567 "constraint from" "constraints from")
568 ;; The corresponding entry values.
569 (list listen-on query-from sensor server servers
570 constraint-from constraints-from)))
571 "\n")
572 "\n"))) ;add a trailing newline
2625abc6
MC		 573
574(define (openntpd-shepherd-service config)
575 (let ((openntpd (openntpd-configuration-openntpd config))
576 (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
afd39a76
MC		 577
578 (define ntpd.conf
2625abc6 579 (plain-file "ntpd.conf" (openntpd-configuration->string config)))
afd39a76
MC		 580
581 (list (shepherd-service
582 (provision '(ntpd))
583 (documentation "Run the Network Time Protocol (NTP) daemon.")
584 (requirement '(user-processes networking))
585 (start #~(make-forkexec-constructor
586 (list (string-append #$openntpd "/sbin/ntpd")
587 "-f" #$ntpd.conf
588 "-d" ;; don't daemonize
589 #$@(if allow-large-adjustment?
590 '("-s")
591 '()))
592 ;; When ntpd is daemonized it repeatedly tries to respawn
593 ;; while running, leading shepherd to disable it. To
594 ;; prevent spamming stderr, redirect output to logfile.
595 #:log-file "/var/log/ntpd"))
596 (stop #~(make-kill-destructor))))))
16718b67
EF		 597
598(define (openntpd-service-activation config)
599 "Return the activation gexp for CONFIG."
600 (with-imported-modules '((guix build utils))
601 #~(begin
602 (use-modules (guix build utils))
603
604 (mkdir-p "/var/db")
605 (mkdir-p "/var/run")
606 (unless (file-exists? "/var/db/ntpd.drift")
607 (with-output-to-file "/var/db/ntpd.drift"
608 (lambda _
609 (format #t "0.0")))))))
610
611(define openntpd-service-type
612 (service-type (name 'openntpd)
613 (extensions
614 (list (service-extension shepherd-root-service-type
615 openntpd-shepherd-service)
616 (service-extension account-service-type
617 (const %ntp-accounts))
19f20f4f
EF		 618 (service-extension profile-service-type
619 (compose list openntpd-configuration-openntpd))
16718b67
EF		 620 (service-extension activation-service-type
621 openntpd-service-activation)))
622 (default-value (openntpd-configuration))
623 (description
624 "Run the @command{ntpd}, the Network Time Protocol (NTP)
625daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
626daemon will keep the system clock synchronized with that of the given servers.")))
627
628\f
9260b9d1
TD		 629;;;
630;;; Inetd.
631;;;
632
633(define-record-type* <inetd-configuration> inetd-configuration
634 make-inetd-configuration
635 inetd-configuration?
636 (program inetd-configuration-program ;file-like
637 (default (file-append inetutils "/libexec/inetd")))
638 (entries inetd-configuration-entries ;list of <inetd-entry>
639 (default '())))
640
641(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
642 inetd-entry?
643 (node inetd-entry-node ;string or #f
644 (default #f))
645 (name inetd-entry-name) ;string, from /etc/services
646
647 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
648 ;rdm | seqpacket
649 (protocol inetd-entry-protocol) ;string, from /etc/protocols
650
651 (wait? inetd-entry-wait? ;Boolean
652 (default #t))
653 (user inetd-entry-user) ;string
654
655 (program inetd-entry-program ;string or file-like object
656 (default "internal"))
657 (arguments inetd-entry-arguments ;list of strings or file-like objects
658 (default '())))
659
660(define (inetd-config-file entries)
661 (apply mixed-text-file "inetd.conf"
662 (map
663 (lambda (entry)
664 (let* ((node (inetd-entry-node entry))
665 (name (inetd-entry-name entry))
666 (socket
667 (if node (string-append node ":" name) name))
668 (type
669 (match (inetd-entry-socket-type entry)
670 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
671 (symbol->string (inetd-entry-socket-type entry)))))
672 (protocol (inetd-entry-protocol entry))
673 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
674 (user (inetd-entry-user entry))
675 (program (inetd-entry-program entry))
676 (args (inetd-entry-arguments entry)))
677 #~(string-append
678 (string-join
679 (list #$@(list socket type protocol wait user program) #$@args)
680 " ") "\n")))
681 entries)))
682
683(define inetd-shepherd-service
684 (match-lambda
685 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
686 (($ <inetd-configuration> program entries)
687 (list
688 (shepherd-service
689 (documentation "Run inetd.")
690 (provision '(inetd))
691 (requirement '(user-processes networking syslogd))
692 (start #~(make-forkexec-constructor
693 (list #$program #$(inetd-config-file entries))
694 #:pid-file "/var/run/inetd.pid"))
695 (stop #~(make-kill-destructor)))))))
696
697(define-public inetd-service-type
698 (service-type
699 (name 'inetd)
700 (extensions
701 (list (service-extension shepherd-root-service-type
702 inetd-shepherd-service)))
703
704 ;; The service can be extended with additional lists of entries.
705 (compose concatenate)
706 (extend (lambda (config entries)
707 (inetd-configuration
708 (inherit config)
709 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 710 entries)))))
711 (description
712 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
713for listening on Internet sockets and spawning the corresponding services on
714demand.")))
9260b9d1
TD		 715
716\f
0adfe95a
LC		 717;;;
718;;; Tor.
719;;;
720
6331bde7
LC		 721(define-record-type* <tor-configuration>
722 tor-configuration make-tor-configuration
723 tor-configuration?
724 (tor tor-configuration-tor
725 (default tor))
3d3c5650
LC		 726 (config-file tor-configuration-config-file
727 (default (plain-file "empty" "")))
6331bde7 728 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 729 (default '()))
730 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
731 (default 'tcp)))
6331bde7 732
0adfe95a
LC		 733(define %tor-accounts
734 ;; User account and groups for Tor.
735 (list (user-group (name "tor") (system? #t))
736 (user-account
737 (name "tor")
738 (group "tor")
739 (system? #t)
740 (comment "Tor daemon user")
741 (home-directory "/var/empty")
9e41130b 742 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 743
6331bde7
LC		 744(define-record-type <hidden-service>
745 (hidden-service name mapping)
746 hidden-service?
747 (name hidden-service-name) ;string
748 (mapping hidden-service-mapping)) ;list of port/address tuples
749
750(define (tor-configuration->torrc config)
751 "Return a 'torrc' file for CONFIG."
752 (match config
3bcb305b 753 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 754 (computed-file
755 "torrc"
4ee96a79
LC		 756 (with-imported-modules '((guix build utils))
757 #~(begin
758 (use-modules (guix build utils)
759 (ice-9 match))
760
761 (call-with-output-file #$output
762 (lambda (port)
763 (display "\
0975ca3f 764### These lines were generated from your system configuration:
5ee35eb7 765User tor
6629099a 766DataDirectory /var/lib/tor
5dfd80e1 767PidFile /var/run/tor/tor.pid
5ee35eb7 768Log notice syslog\n" port)
3bcb305b
CM		 769 (when (eq? 'unix '#$socks-socket-type)
770 (display "\
771SocksPort unix:/var/run/tor/socks-sock
772UnixSocksGroupWritable 1\n" port))
6331bde7 773
4ee96a79
LC		 774 (for-each (match-lambda
775 ((service (ports hosts) ...)
776 (format port "\
6629099a 777HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 778 service)
779 (for-each (lambda (tcp-port host)
780 (format port "\
6331bde7 781HiddenServicePort ~a ~a~%"
4ee96a79
LC		 782 tcp-port host))
783 ports hosts)))
784 '#$(map (match-lambda
785 (($ <hidden-service> name mapping)
786 (cons name mapping)))
787 services))
788
0975ca3f
TGR		 789 (display "\
790### End of automatically generated lines.\n\n" port)
791
4ee96a79
LC		 792 ;; Append the user's config file.
793 (call-with-input-file #$config-file
794 (lambda (input)
795 (dump-port input port)))
796 #t))))))))
6331bde7 797
d4053c71 798(define (tor-shepherd-service config)
5dfd80e1 799 "Return a <shepherd-service> running Tor."
375c6108 800 (match config
6331bde7
LC		 801 (($ <tor-configuration> tor)
802 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 803 (with-imported-modules (source-module-closure
804 '((gnu build shepherd)
805 (gnu system file-systems)))
806 (list (shepherd-service
807 (provision '(tor))
808
809 ;; Tor needs at least one network interface to be up, hence the
810 ;; dependency on 'loopback'.
811 (requirement '(user-processes loopback syslogd))
812
813 (modules '((gnu build shepherd)
814 (gnu system file-systems)))
815
816 (start #~(make-forkexec-constructor/container
817 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
818
819 #:mappings (list (file-system-mapping
820 (source "/var/lib/tor")
821 (target source)
822 (writable? #t))
823 (file-system-mapping
824 (source "/dev/log") ;for syslog
5dfd80e1
CM		 825 (target source))
826 (file-system-mapping
827 (source "/var/run/tor")
828 (target source)
829 (writable? #t)))
830 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 831 (stop #~(make-kill-destructor))
832 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 833
d973915e 834(define (tor-activation config)
5dfd80e1 835 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 836 #~(begin
837 (use-modules (guix build utils))
838
6629099a
LC		 839 (define %user
840 (getpw "tor"))
841
6331bde7 842 (define (initialize service)
6629099a
LC		 843 (let ((directory (string-append "/var/lib/tor/hidden-services/"
844 service)))
6331bde7 845 (mkdir-p directory)
6629099a 846 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 847
848 ;; The daemon bails out if we give wider permissions.
849 (chmod directory #o700)))
850
5dfd80e1
CM		 851 ;; Allow Tor to write its PID file.
852 (mkdir-p "/var/run/tor")
853 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
854 ;; Set the group permissions to rw so that if the system administrator
855 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
856 ;; of the "tor" group will be able to use the SOCKS socket.
857 (chmod "/var/run/tor" #o750)
858
859 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 860 (mkdir-p "/var/lib/tor")
861 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
862 (chmod "/var/lib/tor" #o700)
863
ba9f0db0
LC		 864 ;; Make sure /var/lib is accessible to the 'tor' user.
865 (chmod "/var/lib" #o755)
866
6331bde7
LC		 867 (for-each initialize
868 '#$(map hidden-service-name
869 (tor-configuration-hidden-services config)))))
870
0adfe95a
LC		 871(define tor-service-type
872 (service-type (name 'tor)
873 (extensions
d4053c71
AK		 874 (list (service-extension shepherd-root-service-type
875 tor-shepherd-service)
0adfe95a 876 (service-extension account-service-type
6331bde7
LC		 877 (const %tor-accounts))
878 (service-extension activation-service-type
d973915e 879 tor-activation)))
6331bde7
LC		 880
881 ;; This can be extended with hidden services.
882 (compose concatenate)
883 (extend (lambda (config services)
884 (tor-configuration
885 (inherit config)
886 (hidden-services
887 (append (tor-configuration-hidden-services config)
3d3c5650 888 services)))))
3f0de257
LC		 889 (default-value (tor-configuration))
890 (description
891 "Run the @uref{https://torproject.org, Tor} anonymous
892networking daemon.")))
63854bcb 893
84a2de36
LC		 894(define-deprecated (tor-service #:optional
895 (config-file (plain-file "empty" ""))
896 #:key (tor tor))
897 tor-service-type
375c6108
LC		 898 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
899networking daemon.
927097ef 900
375c6108 901The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 902@var{config-file}, a file-like object, with an additional @code{User tor} line
903and lines for hidden services added via @code{tor-hidden-service}. Run
904@command{man tor} for information about the configuration file."
905 (service tor-service-type
906 (tor-configuration (tor tor)
907 (config-file config-file))))
908
909(define tor-hidden-service-type
910 ;; A type that extends Tor with hidden services.
911 (service-type (name 'tor-hidden-service)
912 (extensions
3f0de257
LC		 913 (list (service-extension tor-service-type list)))
914 (description
915 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 916
917(define (tor-hidden-service name mapping)
918 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
919@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
920
921@example
922 '((22 \"127.0.0.1:22\")
923 (80 \"127.0.0.1:8080\"))
924@end example
925
926In this example, port 22 of the hidden service is mapped to local port 22, and
927port 80 is mapped to local port 8080.
928
6629099a
LC		 929This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
930the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 931service.
932
933See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
934project's documentation} for more information."
935 (service tor-hidden-service-type
936 (hidden-service name mapping)))
0adfe95a
LC		 937
938\f
0adfe95a
LC		 939;;;
940;;; Wicd.
941;;;
942
943(define %wicd-activation
944 ;; Activation gexp for Wicd.
945 #~(begin
946 (use-modules (guix build utils))
947
948 (mkdir-p "/etc/wicd")
949 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
950 (unless (file-exists? file-name)
951 (copy-file (string-append #$wicd file-name)
69323016
LC		 952 file-name)))
953
954 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
955 ;; named socket files.
956 (mkdir-p "/var/run/wpa_supplicant")
957 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 958
d4053c71
AK		 959(define (wicd-shepherd-service wicd)
960 "Return a shepherd service for WICD."
961 (list (shepherd-service
0adfe95a
LC		 962 (documentation "Run the Wicd network manager.")
963 (provision '(networking))
964 (requirement '(user-processes dbus-system loopback))
965 (start #~(make-forkexec-constructor
966 (list (string-append #$wicd "/sbin/wicd")
967 "--no-daemon")))
968 (stop #~(make-kill-destructor)))))
969
970(define wicd-service-type
971 (service-type (name 'wicd)
972 (extensions
d4053c71
AK		 973 (list (service-extension shepherd-root-service-type
974 wicd-shepherd-service)
0adfe95a
LC		 975 (service-extension dbus-root-service-type
976 list)
977 (service-extension activation-service-type
87f40011
LC		 978 (const %wicd-activation))
979
980 ;; Add Wicd to the global profile.
3f0de257
LC		 981 (service-extension profile-service-type list)))
982 (description
983 "Run @url{https://launchpad.net/wicd,Wicd}, a network
984management daemon that aims to simplify wired and wireless networking.")))
4627a464 985
b7d0c494
MW		 986(define* (wicd-service #:key (wicd wicd))
987 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 988management daemon that aims to simplify wired and wireless networking.
989
990This service adds the @var{wicd} package to the global profile, providing
991several commands to interact with the daemon and configure networking:
992@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
993and @command{wicd-curses} user interfaces."
0adfe95a 994 (service wicd-service-type wicd))
b7d0c494 995
7234ad4f 996\f
d94e81db
DM		 997;;;
998;;; ModemManager
999;;;
1000
1001(define-record-type* <modem-manager-configuration>
1002 modem-manager-configuration make-modem-manager-configuration
1003 modem-manager-configuration?
1004 (modem-manager modem-manager-configuration-modem-manager
1005 (default modem-manager)))
1006
1007\f
7234ad4f
SB		 1008;;;
1009;;; NetworkManager
1010;;;
1011
b726096b
CB		 1012(define-record-type* <network-manager-configuration>
1013 network-manager-configuration make-network-manager-configuration
1014 network-manager-configuration?
1015 (network-manager network-manager-configuration-network-manager
1016 (default network-manager))
1017 (dns network-manager-configuration-dns
94d2a250 1018 (default "default"))
4e37cf35 1019 (vpn-plugins network-manager-configuration-vpn-plugins ;list of <package>
94d2a250 1020 (default '())))
b726096b 1021
57c16c97
FP		 1022(define network-manager-activation
1023 ;; Activation gexp for NetworkManager
1024 (match-lambda
1025 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1026 #~(begin
1027 (use-modules (guix build utils))
1028 (mkdir-p "/etc/NetworkManager/system-connections")
1029 #$@(if (equal? dns "dnsmasq")
1030 ;; create directory to store dnsmasq lease file
1031 '((mkdir-p "/var/lib/misc"))
1032 '())))))
7234ad4f 1033
94d2a250
LC		 1034(define (vpn-plugin-directory plugins)
1035 "Return a directory containing PLUGINS, the NM VPN plugins."
1036 (directory-union "network-manager-vpn-plugins" plugins))
1037
e52b9534
LC		 1038(define (network-manager-accounts config)
1039 "Return the list of <user-account> and <user-group> for CONFIG."
1040 (define nologin
1041 (file-append shadow "/sbin/nologin"))
1042
1043 (define accounts
1044 (append-map (lambda (package)
1045 (map (lambda (name)
1046 (user-account (system? #t)
1047 (name name)
1048 (group "network-manager")
1049 (comment "NetworkManager helper")
1050 (home-directory "/var/empty")
1051 (create-home-directory? #f)
1052 (shell nologin)))
1053 (or (assoc-ref (package-properties package)
1054 'user-accounts)
1055 '())))
1056 (network-manager-configuration-vpn-plugins config)))
1057
1058 (match accounts
1059 (()
1060 '())
1061 (_
1062 (cons (user-group (name "network-manager") (system? #t))
1063 accounts))))
1064
94d2a250
LC		 1065(define network-manager-environment
1066 (match-lambda
1067 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1068 ;; Define this variable in the global environment such that
1069 ;; "nmcli connection import type openvpn file foo.ovpn" works.
1070 `(("NM_VPN_PLUGIN_DIR"
1071 . ,(file-append (vpn-plugin-directory vpn-plugins)
1072 "/lib/NetworkManager/VPN"))))))
1073
b726096b
CB		 1074(define network-manager-shepherd-service
1075 (match-lambda
94d2a250
LC		 1076 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1077 (let ((conf (plain-file "NetworkManager.conf"
1078 (string-append "[main]\ndns=" dns "\n")))
1079 (vpn (vpn-plugin-directory vpn-plugins)))
1080 (list (shepherd-service
1081 (documentation "Run the NetworkManager.")
1082 (provision '(networking))
1083 (requirement '(user-processes dbus-system wpa-supplicant loopback))
1084 (start #~(make-forkexec-constructor
1085 (list (string-append #$network-manager
1086 "/sbin/NetworkManager")
1087 (string-append "--config=" #$conf)
1088 "--no-daemon")
1089 #:environment-variables
1090 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
4efdede2
JL		 1091 "/lib/NetworkManager/VPN")
1092 ;; Override non-existent default users
1093 "NM_OPENVPN_USER="
1094 "NM_OPENVPN_GROUP=")))
94d2a250 1095 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 1096
1097(define network-manager-service-type
b726096b 1098 (let
40557aea 1099 ((config->packages
b726096b 1100 (match-lambda
40557aea
JL		 1101 (($ <network-manager-configuration> network-manager _ vpn-plugins)
1102 `(,network-manager ,@vpn-plugins)))))
b726096b
CB		 1103
1104 (service-type
1105 (name 'network-manager)
1106 (extensions
1107 (list (service-extension shepherd-root-service-type
1108 network-manager-shepherd-service)
40557aea
JL		 1109 (service-extension dbus-root-service-type config->packages)
1110 (service-extension polkit-service-type
1111 (compose
1112 list
1113 network-manager-configuration-network-manager))
e52b9534
LC		 1114 (service-extension account-service-type
1115 network-manager-accounts)
b726096b 1116 (service-extension activation-service-type
57c16c97 1117 network-manager-activation)
94d2a250
LC		 1118 (service-extension session-environment-service-type
1119 network-manager-environment)
b726096b 1120 ;; Add network-manager to the system profile.
40557aea 1121 (service-extension profile-service-type config->packages)))
3f0de257
LC		 1122 (default-value (network-manager-configuration))
1123 (description
1124 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
1125NetworkManager}, a network management daemon that aims to simplify wired and
1126wireless networking."))))
7234ad4f 1127
76192896
EF		 1128\f
1129;;;
1130;;; Connman
1131;;;
1132
34d60c49
MO		 1133(define-record-type* <connman-configuration>
1134 connman-configuration make-connman-configuration
1135 connman-configuration?
1136 (connman connman-configuration-connman
1137 (default connman))
1138 (disable-vpn? connman-configuration-disable-vpn?
1139 (default #f)))
1140
1141(define (connman-activation config)
1142 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1143 (with-imported-modules '((guix build utils))
1144 #~(begin
1145 (use-modules (guix build utils))
1146 (mkdir-p "/var/lib/connman/")
1147 (unless #$disable-vpn?
1148 (mkdir-p "/var/lib/connman-vpn/"))))))
1149
1150(define (connman-shepherd-service config)
76192896 1151 "Return a shepherd service for Connman"
34d60c49
MO		 1152 (and
1153 (connman-configuration? config)
1154 (let ((connman (connman-configuration-connman config))
1155 (disable-vpn? (connman-configuration-disable-vpn? config)))
1156 (list (shepherd-service
1157 (documentation "Run Connman")
1158 (provision '(networking))
1159 (requirement
1160 '(user-processes dbus-system loopback wpa-supplicant))
1161 (start #~(make-forkexec-constructor
1162 (list (string-append #$connman
1163 "/sbin/connmand")
1164 "-n" "-r"
06e5c3af
LC		 1165 #$@(if disable-vpn? '("--noplugin=vpn") '()))
1166
1167 ;; As connman(8) notes, when passing '-n', connman
1168 ;; "directs log output to the controlling terminal in
1169 ;; addition to syslog." Redirect stdout and stderr
1170 ;; to avoid spamming the console (XXX: for some reason
1171 ;; redirecting to /dev/null doesn't work.)
1172 #:log-file "/var/log/connman.log"))
34d60c49 1173 (stop #~(make-kill-destructor)))))))
76192896
EF		 1174
1175(define connman-service-type
34d60c49
MO		 1176 (let ((connman-package (compose list connman-configuration-connman)))
1177 (service-type (name 'connman)
1178 (extensions
1179 (list (service-extension shepherd-root-service-type
1180 connman-shepherd-service)
d8ac7987
EF		 1181 (service-extension polkit-service-type
1182 connman-package)
34d60c49
MO		 1183 (service-extension dbus-root-service-type
1184 connman-package)
1185 (service-extension activation-service-type
1186 connman-activation)
1187 ;; Add connman to the system profile.
1188 (service-extension profile-service-type
3f0de257 1189 connman-package)))
9b0e5146 1190 (default-value (connman-configuration))
3f0de257
LC		 1191 (description
1192 "Run @url{https://01.org/connman,Connman},
1193a network connection manager."))))
2cccbc2a
 1194
1195\f
d94e81db
DM		 1196;;;
1197;;; Modem manager
1198;;;
1199
1200(define modem-manager-service-type
1201 (let ((config->package
1202 (match-lambda
1203 (($ <modem-manager-configuration> modem-manager)
1204 (list modem-manager)))))
1205 (service-type (name 'modem-manager)
1206 (extensions
1207 (list (service-extension dbus-root-service-type
1208 config->package)
1209 (service-extension udev-service-type
1210 config->package)
1211 (service-extension polkit-service-type
1212 config->package)))
1213 (default-value (modem-manager-configuration))
1214 (description
1215 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1216ModemManager}, a modem management daemon that aims to simplify dialup
1217networking."))))
1218
1219\f
f5be5104
FP		 1220;;;
1221;;; USB_ModeSwitch
1222;;;
1223
1224(define-record-type* <usb-modeswitch-configuration>
1225 usb-modeswitch-configuration make-usb-modeswitch-configuration
1226 usb-modeswitch-configuration?
1227 (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch
1228 (default usb-modeswitch))
1229 (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data
1230 (default usb-modeswitch-data))
1231 (config-file usb-modeswitch-configuration-config-file
1232 (default #~(string-append #$usb-modeswitch:dispatcher
1233 "/etc/usb_modeswitch.conf"))))
1234
1235(define (usb-modeswitch-sh usb-modeswitch config-file)
1236 "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH,
1237modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher,
1238and wrap it to actually find the dispatcher in USB-MODESWITCH. The script
1239will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB
1240device is detected."
1241 (computed-file
1242 "usb_modeswitch-sh"
1243 (with-imported-modules '((guix build utils))
1244 #~(begin
1245 (use-modules (guix build utils))
1246 (let ((cfg-param
1247 #$(if config-file
1248 #~(string-append " --config-file=" #$config-file)
1249 "")))
1250 (mkdir #$output)
1251 (install-file (string-append #$usb-modeswitch:dispatcher
1252 "/lib/udev/usb_modeswitch")
1253 #$output)
1254
1255 ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines
1256 (substitute* (string-append #$output "/usb_modeswitch")
1257 (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right)
1258 (string-append left cfg-param right))
1259 (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right)
1260 (string-append left cfg-param right)))
1261
1262 ;; wrap-program needs bash in PATH:
1263 (putenv (string-append "PATH=" #$bash "/bin"))
1264 (wrap-program (string-append #$output "/usb_modeswitch")
1265 `("PATH" ":" = (,(string-append #$coreutils "/bin")
1266 ,(string-append
1267 #$usb-modeswitch:dispatcher
1268 "/bin")))))))))
1269
1270(define (usb-modeswitch-configuration->udev-rules config)
1271 "Build a rules file for extending udev-service-type from the rules in the
1272usb-modeswitch package specified in CONFIG. The rules file will invoke
1273usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right
1274config file."
1275 (match config
1276 (($ <usb-modeswitch-configuration> usb-modeswitch data config-file)
1277 (computed-file
1278 "usb_modeswitch.rules"
1279 (with-imported-modules '((guix build utils))
1280 #~(begin
1281 (use-modules (guix build utils))
1282 (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules"))
1283 (out (string-append #$output "/lib/udev/rules.d"))
1284 (script #$(usb-modeswitch-sh usb-modeswitch config-file)))
1285 (mkdir-p out)
1286 (chdir out)
1287 (install-file in out)
1288 (substitute* "40-usb_modeswitch.rules"
1289 (("PROGRAM=\"usb_modeswitch")
1290 (string-append "PROGRAM=\"" script "/usb_modeswitch"))
1291 (("RUN\\+=\"usb_modeswitch")
1292 (string-append "RUN+=\"" script "/usb_modeswitch"))))))))))
1293
1294(define usb-modeswitch-service-type
1295 (service-type
1296 (name 'usb-modeswitch)
1297 (extensions
1298 (list
1299 (service-extension
1300 udev-service-type
1301 (lambda (config)
1302 (let ((rules (usb-modeswitch-configuration->udev-rules config)))
1303 (list rules))))))
1304 (default-value (usb-modeswitch-configuration))
1305 (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/,
1306USB_ModeSwitch}, a mode switching tool for controlling USB devices with
1307multiple @dfn{modes}. When plugged in for the first time many USB
1308devices (primarily high-speed WAN modems) act like a flash storage containing
1309installers for Windows drivers. USB_ModeSwitch replays the sequence the
1310Windows drivers would send to switch their mode from storage to modem (or
1311whatever the thing is supposed to do).")))
1312
1313\f
2cccbc2a
 1314;;;
1315;;; WPA supplicant
1316;;;
1317
acce0a47
MB		 1318(define-record-type* <wpa-supplicant-configuration>
1319 wpa-supplicant-configuration make-wpa-supplicant-configuration
1320 wpa-supplicant-configuration?
1321 (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
1322 (default wpa-supplicant))
4d060767
MB		 1323 (requirement wpa-supplicant-configuration-requirement ;list of symbols
1324 (default '(user-processes dbus-system loopback syslogd)))
acce0a47
MB		 1325 (pid-file wpa-supplicant-configuration-pid-file ;string
1326 (default "/var/run/wpa_supplicant.pid"))
1327 (dbus? wpa-supplicant-configuration-dbus? ;Boolean
1328 (default #t))
1329 (interface wpa-supplicant-configuration-interface ;#f | string
1330 (default #f))
1331 (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
1332 (default #f))
1333 (extra-options wpa-supplicant-configuration-extra-options ;list of strings
1334 (default '())))
1335
1336(define wpa-supplicant-shepherd-service
1337 (match-lambda
4d060767
MB		 1338 (($ <wpa-supplicant-configuration> wpa-supplicant requirement pid-file dbus?
1339 interface config-file extra-options)
acce0a47
MB		 1340 (list (shepherd-service
1341 (documentation "Run the WPA supplicant daemon")
1342 (provision '(wpa-supplicant))
4d060767 1343 (requirement requirement)
acce0a47
MB		 1344 (start #~(make-forkexec-constructor
1345 (list (string-append #$wpa-supplicant
1346 "/sbin/wpa_supplicant")
1347 (string-append "-P" #$pid-file)
1348 "-B" ;run in background
177bc62d 1349 "-s" ;log to syslogd
acce0a47
MB		 1350 #$@(if dbus?
1351 #~("-u")
1352 #~())
1353 #$@(if interface
3d472b5e 1354 #~((string-append "-i" #$interface))
acce0a47
MB		 1355 #~())
1356 #$@(if config-file
3d472b5e 1357 #~((string-append "-c" #$config-file))
acce0a47
MB		 1358 #~())
1359 #$@extra-options)
1360 #:pid-file #$pid-file))
1361 (stop #~(make-kill-destructor)))))))
2cccbc2a
 1362
1363(define wpa-supplicant-service-type
acce0a47
MB		 1364 (let ((config->package
1365 (match-lambda
1366 (($ <wpa-supplicant-configuration> wpa-supplicant)
1367 (list wpa-supplicant)))))
1368 (service-type (name 'wpa-supplicant)
1369 (extensions
1370 (list (service-extension shepherd-root-service-type
1371 wpa-supplicant-shepherd-service)
1372 (service-extension dbus-root-service-type config->package)
1373 (service-extension profile-service-type config->package)))
1374 (description "Run the WPA Supplicant daemon, a service that
1375implements authentication, key negotiation and more for wireless networks.")
1376 (default-value (wpa-supplicant-configuration)))))
2cccbc2a 1377
c32d02fe 1378\f
a03943ec
LC		 1379;;;
1380;;; Hostapd.
1381;;;
1382
1383(define-record-type* <hostapd-configuration>
1384 hostapd-configuration make-hostapd-configuration
1385 hostapd-configuration?
1386 (package hostapd-configuration-package
1387 (default hostapd))
1388 (interface hostapd-configuration-interface ;string
1389 (default "wlan0"))
1390 (ssid hostapd-configuration-ssid) ;string
1391 (broadcast-ssid? hostapd-configuration-broadcast-ssid? ;Boolean
1392 (default #t))
1393 (channel hostapd-configuration-channel ;integer
1394 (default 1))
1395 (driver hostapd-configuration-driver ;string
1396 (default "nl80211"))
1397 ;; See <https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf> for a list of
1398 ;; additional options we could add.
1399 (extra-settings hostapd-configuration-extra-settings ;string
1400 (default "")))
1401
1402(define (hostapd-configuration-file config)
1403 "Return the configuration file for CONFIG, a <hostapd-configuration>."
1404 (match-record config <hostapd-configuration>
1405 (interface ssid broadcast-ssid? channel driver extra-settings)
1406 (plain-file "hostapd.conf"
1407 (string-append "\
1408# Generated from your Guix configuration.
1409
1410interface=" interface "
1411ssid=" ssid "
1412ignore_broadcast_ssid=" (if broadcast-ssid? "0" "1") "
1413channel=" (number->string channel) "\n"
1414extra-settings "\n"))))
1415
1416(define* (hostapd-shepherd-services config #:key (requirement '()))
1417 "Return Shepherd services for hostapd."
1418 (list (shepherd-service
1419 (provision '(hostapd))
1420 (requirement `(user-processes ,@requirement))
1421 (documentation "Run the hostapd WiFi access point daemon.")
1422 (start #~(make-forkexec-constructor
1423 (list #$(file-append hostapd "/sbin/hostapd")
1424 #$(hostapd-configuration-file config))
1425 #:log-file "/var/log/hostapd.log"))
1426 (stop #~(make-kill-destructor)))))
1427
1428(define hostapd-service-type
1429 (service-type
1430 (name 'hostapd)
1431 (extensions
1432 (list (service-extension shepherd-root-service-type
1433 hostapd-shepherd-services)))
1434 (description
1435 "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access
1436points and authentication servers.")))
1437
5e7076f2
LC		 1438(define (simulated-wifi-shepherd-services config)
1439 "Return Shepherd services to run hostapd with CONFIG, a
1440<hostapd-configuration>, as well as services to set up WiFi hardware
1441simulation."
1442 (append (hostapd-shepherd-services config
1443 #:requirement
1444 '(unblocked-wifi
1445 mac-simulation-module))
1446 (list (shepherd-service
1447 (provision '(unblocked-wifi))
1448 (requirement '(file-systems mac-simulation-module))
1449 (documentation
1450 "Unblock WiFi devices for use by mac80211_hwsim.")
1451 (start #~(lambda _
1452 (invoke #$(file-append util-linux "/sbin/rfkill")
1453 "unblock" "0")
1454 (invoke #$(file-append util-linux "/sbin/rfkill")
1455 "unblock" "1")))
1456 (one-shot? #t))
1457 (shepherd-service
1458 (provision '(mac-simulation-module))
1459 (requirement '(file-systems))
1460 (modules '((guix build utils)))
1461 (documentation
1462 "Load the mac80211_hwsim Linux kernel module.")
1463 (start (with-imported-modules '((guix build utils))
1464 #~(lambda _
1465 ;; XXX: We can't use 'load-linux-module*' here because it
1466 ;; expects a flat module directory.
1467 (setenv "LINUX_MODULE_DIRECTORY"
1468 "/run/booted-system/kernel/lib/modules")
1469 (invoke #$(file-append kmod "/bin/modprobe")
1470 "mac80211_hwsim"))))
1471 (one-shot? #t)))))
1472
1473(define simulated-wifi-service-type
1474 (service-type
1475 (name 'simulated-wifi)
1476 (extensions
1477 (list (service-extension shepherd-root-service-type
1478 simulated-wifi-shepherd-services)))
1479 (default-value (hostapd-configuration
1480 (interface "wlan1")
1481 (ssid "Test Network")))
1482 (description "Run hostapd to simulate WiFi connectivity.")))
1483
a03943ec 1484\f
c32d02fe
SB		 1485;;;
1486;;; Open vSwitch
1487;;;
1488
1489(define-record-type* <openvswitch-configuration>
1490 openvswitch-configuration make-openvswitch-configuration
1491 openvswitch-configuration?
1492 (package openvswitch-configuration-package
1493 (default openvswitch)))
1494
1495(define openvswitch-activation
1496 (match-lambda
1497 (($ <openvswitch-configuration> package)
1498 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1499 (with-imported-modules '((guix build utils))
1500 #~(begin
1501 (use-modules (guix build utils))
1502 (mkdir-p "/var/run/openvswitch")
1503 (mkdir-p "/var/lib/openvswitch")
1504 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1505 (unless (file-exists? conf.db)
1506 (system* #$ovsdb-tool "create" conf.db)))))))))
1507
1508(define openvswitch-shepherd-service
1509 (match-lambda
1510 (($ <openvswitch-configuration> package)
1511 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1512 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1513 (list
1514 (shepherd-service
1515 (provision '(ovsdb))
1516 (documentation "Run the Open vSwitch database server.")
1517 (start #~(make-forkexec-constructor
1518 (list #$ovsdb-server "--pidfile"
1519 "--remote=punix:/var/run/openvswitch/db.sock")
1520 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1521 (stop #~(make-kill-destructor)))
1522 (shepherd-service
1523 (provision '(vswitchd))
1524 (requirement '(ovsdb))
1525 (documentation "Run the Open vSwitch daemon.")
1526 (start #~(make-forkexec-constructor
1527 (list #$ovs-vswitchd "--pidfile")
1528 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1529 (stop #~(make-kill-destructor))))))))
1530
1531(define openvswitch-service-type
1532 (service-type
1533 (name 'openvswitch)
1534 (extensions
1535 (list (service-extension activation-service-type
1536 openvswitch-activation)
1537 (service-extension profile-service-type
1538 (compose list openvswitch-configuration-package))
1539 (service-extension shepherd-root-service-type
3f0de257
LC		 1540 openvswitch-shepherd-service)))
1541 (description
1542 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1543switch designed to enable massive network automation through programmatic
e73ded3c
MB		 1544extension.")
1545 (default-value (openvswitch-configuration))))
c32d02fe 1546
9926b8f8
AI		 1547;;;
1548;;; iptables
1549;;;
1550
1551(define %iptables-accept-all-rules
1552 (plain-file "iptables-accept-all.rules"
1553 "*filter
1554:INPUT ACCEPT
1555:FORWARD ACCEPT
1556:OUTPUT ACCEPT
1557COMMIT
1558"))
1559
1560(define-record-type* <iptables-configuration>
1561 iptables-configuration make-iptables-configuration iptables-configuration?
1562 (iptables iptables-configuration-iptables
1563 (default iptables))
1564 (ipv4-rules iptables-configuration-ipv4-rules
1565 (default %iptables-accept-all-rules))
1566 (ipv6-rules iptables-configuration-ipv6-rules
1567 (default %iptables-accept-all-rules)))
1568
1569(define iptables-shepherd-service
1570 (match-lambda
1571 (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
1572 (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
1573 (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
1574 (shepherd-service
1575 (documentation "Packet filtering framework")
1576 (provision '(iptables))
1577 (start #~(lambda _
1578 (invoke #$iptables-restore #$ipv4-rules)
1579 (invoke #$ip6tables-restore #$ipv6-rules)))
1580 (stop #~(lambda _
1581 (invoke #$iptables-restore #$%iptables-accept-all-rules)
1582 (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
1583
1584(define iptables-service-type
1585 (service-type
1586 (name 'iptables)
1587 (description
1588 "Run @command{iptables-restore}, setting up the specified rules.")
1589 (extensions
1590 (list (service-extension shepherd-root-service-type
1591 (compose list iptables-shepherd-service))))))
1592
3c4f5ad7
SB		 1593;;;
1594;;; nftables
1595;;;
1596
1597(define %default-nftables-ruleset
1598 (plain-file "nftables.conf"
1599 "# A simple and safe firewall
1600table inet filter {
1601 chain input {
1602 type filter hook input priority 0; policy drop;
1603
1604 # early drop of invalid connections
1605 ct state invalid drop
1606
1607 # allow established/related connections
1608 ct state { established, related } accept
1609
1610 # allow from loopback
1611 iifname lo accept
1612
1613 # allow icmp
1614 ip protocol icmp accept
1615 ip6 nexthdr icmpv6 accept
1616
1617 # allow ssh
1618 tcp dport ssh accept
1619
1620 # reject everything else
1621 reject with icmpx type port-unreachable
1622 }
1623 chain forward {
1624 type filter hook forward priority 0; policy drop;
1625 }
1626 chain output {
1627 type filter hook output priority 0; policy accept;
1628 }
1629}
1630"))
1631
1632(define-record-type* <nftables-configuration>
1633 nftables-configuration
1634 make-nftables-configuration
1635 nftables-configuration?
1636 (package nftables-configuration-package
1637 (default nftables))
1638 (ruleset nftables-configuration-ruleset ; file-like object
1639 (default %default-nftables-ruleset)))
1640
1641(define nftables-shepherd-service
1642 (match-lambda
1643 (($ <nftables-configuration> package ruleset)
1644 (let ((nft (file-append package "/sbin/nft")))
1645 (shepherd-service
1646 (documentation "Packet filtering and classification")
1647 (provision '(nftables))
1648 (start #~(lambda _
1649 (invoke #$nft "--file" #$ruleset)))
1650 (stop #~(lambda _
1651 (invoke #$nft "flush" "ruleset"))))))))
1652
1653(define nftables-service-type
1654 (service-type
1655 (name 'nftables)
1656 (description
1657 "Run @command{nft}, setting up the specified ruleset.")
1658 (extensions
1659 (list (service-extension shepherd-root-service-type
1660 (compose list nftables-shepherd-service))
1661 (service-extension profile-service-type
1662 (compose list nftables-configuration-package))))
1663 (default-value (nftables-configuration))))
1664
a2161c86
AG		 1665\f
1666;;;
1667;;; PageKite
1668;;;
1669
1670(define-record-type* <pagekite-configuration>
1671 pagekite-configuration
1672 make-pagekite-configuration
1673 pagekite-configuration?
1674 (package pagekite-configuration-package
1675 (default pagekite))
1676 (kitename pagekite-configuration-kitename
1677 (default #f))
1678 (kitesecret pagekite-configuration-kitesecret
1679 (default #f))
1680 (frontend pagekite-configuration-frontend
1681 (default #f))
1682 (kites pagekite-configuration-kites
1683 (default '("http:@kitename:localhost:80:@kitesecret")))
1684 (extra-file pagekite-configuration-extra-file
1685 (default #f)))
1686
1687(define (pagekite-configuration-file config)
1688 (match-record config <pagekite-configuration>
1689 (package kitename kitesecret frontend kites extra-file)
1690 (mixed-text-file "pagekite.rc"
1691 (if extra-file
1692 (string-append "optfile = " extra-file "\n")
1693 "")
1694 (if kitename
1695 (string-append "kitename = " kitename "\n")
1696 "")
1697 (if kitesecret
1698 (string-append "kitesecret = " kitesecret "\n")
1699 "")
1700 (if frontend
1701 (string-append "frontend = " frontend "\n")
1702 "defaults\n")
1703 (string-join (map (lambda (kite)
1704 (string-append "service_on = " kite))
1705 kites)
1706 "\n"
1707 'suffix))))
1708
1709(define (pagekite-shepherd-service config)
1710 (match-record config <pagekite-configuration>
1711 (package kitename kitesecret frontend kites extra-file)
1712 (with-imported-modules (source-module-closure
1713 '((gnu build shepherd)
1714 (gnu system file-systems)))
1715 (shepherd-service
1716 (documentation "Run the PageKite service.")
1717 (provision '(pagekite))
1718 (requirement '(networking))
1719 (modules '((gnu build shepherd)
1720 (gnu system file-systems)))
1721 (start #~(make-forkexec-constructor/container
1722 (list #$(file-append package "/bin/pagekite")
1723 "--clean"
1724 "--nullui"
1725 "--nocrashreport"
1726 "--runas=pagekite:pagekite"
1727 (string-append "--optfile="
1728 #$(pagekite-configuration-file config)))
1729 #:log-file "/var/log/pagekite.log"
1730 #:mappings #$(if extra-file
1731 #~(list (file-system-mapping
1732 (source #$extra-file)
1733 (target source)))
1734 #~'())))
1735 ;; SIGTERM doesn't always work for some reason.
1736 (stop #~(make-kill-destructor SIGINT))))))
1737
1738(define %pagekite-accounts
1739 (list (user-group (name "pagekite") (system? #t))
1740 (user-account
1741 (name "pagekite")
1742 (group "pagekite")
1743 (system? #t)
1744 (comment "PageKite user")
1745 (home-directory "/var/empty")
1746 (shell (file-append shadow "/sbin/nologin")))))
1747
1748(define pagekite-service-type
1749 (service-type
1750 (name 'pagekite)
1751 (default-value (pagekite-configuration))
1752 (extensions
1753 (list (service-extension shepherd-root-service-type
1754 (compose list pagekite-shepherd-service))
1755 (service-extension account-service-type
1756 (const %pagekite-accounts))))
1757 (description
1758 "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
1759local servers publicly accessible on the web, even behind NATs and firewalls.")))
1760
db4fdc04 1761;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/