[jackhill/guix/guix.git] / gnu / services / networking.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services networking)
  #:use-module (gnu services)
  #:use-module (gnu system shadow)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages tor)
  #:use-module (guix gexp)
  #:use-module (guix monads)
  #:export (static-networking-service
            tor-service))

;;; Commentary:
;;;
;;; Networking services.
;;;
;;; Code:

(define* (static-networking-service interface ip
                                    #:key
                                    gateway
                                    (provision '(networking))
                                    (name-servers '())
                                    (inetutils inetutils)
                                    (net-tools net-tools))
  "Return a service that starts @var{interface} with address @var{ip}.  If
@var{gateway} is true, it must be a string specifying the default network
gateway."

  ;; TODO: Eventually we should do this using Guile's networking procedures,
  ;; like 'configure-qemu-networking' does, but the patch that does this is
  ;; not yet in stock Guile.
  (with-monad %store-monad
    (return
     (service

      ;; Unless we're providing the loopback interface, wait for udev to be up
      ;; and running so that INTERFACE is actually usable.
      (requirement (if (memq 'loopback provision)
                       '()
                       '(udev)))

      (documentation
       "Bring up the networking interface using a static IP address.")
      (provision provision)
      (start #~(lambda _
                 ;; Return #t if successfully started.
                 (and (zero? (system* (string-append #$inetutils
                                                     "/bin/ifconfig")
                                      "-i" #$interface "-A" #$ip
                                      "-i" #$interface "--up"))
                      #$(if gateway
                            #~(zero? (system* (string-append #$net-tools
                                                             "/sbin/route")
                                              "add" "-net" "default"
                                              "gw" #$gateway))
                            #t)
                      #$(if (pair? name-servers)
                            #~(call-with-output-file "/etc/resolv.conf"
                                (lambda (port)
                                  (display
                                   "# Generated by 'static-networking-service'.\n"
                                   port)
                                  (for-each (lambda (server)
                                              (format port "nameserver ~a~%"
                                                      server))
                                            '#$name-servers)))
                            #t))))
      (stop #~(lambda _
                ;; Return #f is successfully stopped.
                (not (and (system* (string-append #$inetutils "/bin/ifconfig")
                                   #$interface "down")
                          #$(if gateway
                                #~(system* (string-append #$net-tools
                                                          "/sbin/route")
                                           "del" "-net" "default")
                                #t)))))
      (respawn? #f)))))

(define* (tor-service #:key (tor tor))
  "Return a service to run the @uref{https://torproject.org,Tor} daemon.

The daemon runs with the default settings (in particular the default exit
policy) as the @code{tor} unprivileged user."
  (mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
    (return
     (service
      (provision '(tor))

      ;; Tor needs at least one network interface to be up, hence the
      ;; dependency on 'loopback'.
      (requirement '(user-processes loopback))

      (start #~(make-forkexec-constructor
                (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
      (stop #~(make-kill-destructor))

      (user-groups   (list (user-group
                            (name "tor")
                            (system? #t))))
      (user-accounts (list (user-account
                            (name "tor")
                            (group "tor")
                            (system? #t)
                            (comment "Tor daemon user")
                            (home-directory "/var/empty")
                            (shell
                             "/run/current-system/profile/sbin/nologin"))))

      (documentation "Run the Tor anonymous network overlay.")))))

;;; networking.scm ends here
Commit	Line	Data
db4fdc04 LC	1	;;; GNU Guix --- Functional package management for GNU
	2	;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (gnu services networking)
	20	#:use-module (gnu services)
927097ef	21	#:use-module (gnu system shadow)
db4fdc04 LC	22	#:use-module (gnu packages admin)
db4fdc04 LC	23	#:use-module (gnu packages linux)
927097ef	24	#:use-module (gnu packages tor)
b5f4e686	25	#:use-module (guix gexp)
db4fdc04	26	#:use-module (guix monads)
927097ef LC	27	#:export (static-networking-service
927097ef LC	28	tor-service))
db4fdc04 LC	29
	30	;;; Commentary:
	31	;;;
	32	;;; Networking services.
	33	;;;
	34	;;; Code:
	35
	36	(define* (static-networking-service interface ip
	37	#:key
	38	gateway
4a3b3b07	39	(provision '(networking))
db4fdc04 LC	40	(name-servers '())
	41	(inetutils inetutils)
	42	(net-tools net-tools))
51da7ca0 LC	43	"Return a service that starts @var{interface} with address @var{ip}. If
	44	@var{gateway} is true, it must be a string specifying the default network
	45	gateway."
db4fdc04 LC	46
	47	;; TODO: Eventually we should do this using Guile's networking procedures,
	48	;; like 'configure-qemu-networking' does, but the patch that does this is
	49	;; not yet in stock Guile.
b5f4e686	50	(with-monad %store-monad
db4fdc04 LC	51	(return
db4fdc04 LC	52	(service
150d8e64 LC	53
	54	;; Unless we're providing the loopback interface, wait for udev to be up
	55	;; and running so that INTERFACE is actually usable.
	56	(requirement (if (memq 'loopback provision)
	57	'()
	58	'(udev)))
	59
db4fdc04	60	(documentation
150d8e64	61	"Bring up the networking interface using a static IP address.")
4a3b3b07	62	(provision provision)
b5f4e686 LC	63	(start #~(lambda _
	64	;; Return #t if successfully started.
	65	(and (zero? (system* (string-append #$inetutils
	66	"/bin/ifconfig")
8897603a LC	67	"-i" #$interface "-A" #$ip
8897603a LC	68	"-i" #$interface "--up"))
b5f4e686 LC	69	#$(if gateway
	70	#~(zero? (system* (string-append #$net-tools
	71	"/sbin/route")
	72	"add" "-net" "default"
	73	"gw" #$gateway))
	74	#t)
	75	#$(if (pair? name-servers)
	76	#~(call-with-output-file "/etc/resolv.conf"
	77	(lambda (port)
	78	(display
	79	"# Generated by 'static-networking-service'.\n"
	80	port)
	81	(for-each (lambda (server)
	82	(format port "nameserver ~a~%"
	83	server))
	84	'#$name-servers)))
	85	#t))))
	86	(stop #~(lambda _
db4fdc04	87	;; Return #f is successfully stopped.
2d49f845	88	(not (and (system* (string-append #$inetutils "/bin/ifconfig")
b5f4e686	89	#$interface "down")
8897603a LC	90	#$(if gateway
	91	#~(system* (string-append #$net-tools
	92	"/sbin/route")
	93	"del" "-net" "default")
	94	#t)))))
b5f4e686	95	(respawn? #f)))))
db4fdc04	96
927097ef LC	97	(define* (tor-service #:key (tor tor))
	98	"Return a service to run the @uref{https://torproject.org,Tor} daemon.
	99
	100	The daemon runs with the default settings (in particular the default exit
	101	policy) as the @code{tor} unprivileged user."
	102	(mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
	103	(return
	104	(service
	105	(provision '(tor))
	106
	107	;; Tor needs at least one network interface to be up, hence the
	108	;; dependency on 'loopback'.
	109	(requirement '(user-processes loopback))
	110
	111	(start #~(make-forkexec-constructor
	112	(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
	113	(stop #~(make-kill-destructor))
	114
	115	(user-groups (list (user-group
41717509 LC	116	(name "tor")
41717509 LC	117	(system? #t))))
927097ef LC	118	(user-accounts (list (user-account
	119	(name "tor")
	120	(group "tor")
	121	(system? #t)
	122	(comment "Tor daemon user")
	123	(home-directory "/var/empty")
	124	(shell
	125	"/run/current-system/profile/sbin/nologin"))))
	126
	127	(documentation "Run the Tor anonymous network overlay.")))))
	128
db4fdc04	129	;;; networking.scm ends here