Commit | Line | Data |
---|---|---|
db4fdc04 | 1 | ;;; GNU Guix --- Functional package management for GNU |
65a67bf7 | 2 | ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> |
b7d0c494 | 3 | ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> |
16718b67 | 4 | ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il> |
1c6c0ad0 | 5 | ;;; Copyright © 2016 John Darrington <jmd@gnu.org> |
e57bd0be | 6 | ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> |
9260b9d1 | 7 | ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> |
acce0a47 | 8 | ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> |
0975ca3f | 9 | ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
5dfd80e1 | 10 | ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com> |
9926b8f8 | 11 | ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> |
f5be5104 | 12 | ;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de> |
40557aea | 13 | ;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com> |
db4fdc04 LC |
14 | ;;; |
15 | ;;; This file is part of GNU Guix. | |
16 | ;;; | |
17 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
18 | ;;; under the terms of the GNU General Public License as published by | |
19 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
20 | ;;; your option) any later version. | |
21 | ;;; | |
22 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
23 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
24 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
25 | ;;; GNU General Public License for more details. | |
26 | ;;; | |
27 | ;;; You should have received a copy of the GNU General Public License | |
28 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
29 | ||
30 | (define-module (gnu services networking) | |
31 | #:use-module (gnu services) | |
c9436025 | 32 | #:use-module (gnu services base) |
0190c1c0 | 33 | #:use-module (gnu services shepherd) |
0adfe95a | 34 | #:use-module (gnu services dbus) |
927097ef | 35 | #:use-module (gnu system shadow) |
6e828634 | 36 | #:use-module (gnu system pam) |
db4fdc04 | 37 | #:use-module (gnu packages admin) |
f5be5104 FP |
38 | #:use-module (gnu packages base) |
39 | #:use-module (gnu packages bash) | |
76192896 | 40 | #:use-module (gnu packages connman) |
d94e81db | 41 | #:use-module (gnu packages freedesktop) |
db4fdc04 | 42 | #:use-module (gnu packages linux) |
927097ef | 43 | #:use-module (gnu packages tor) |
f5be5104 | 44 | #:use-module (gnu packages usb-modeswitch) |
4627a464 | 45 | #:use-module (gnu packages messaging) |
c32d02fe | 46 | #:use-module (gnu packages networking) |
63854bcb | 47 | #:use-module (gnu packages ntp) |
b7d0c494 | 48 | #:use-module (gnu packages wicd) |
7234ad4f | 49 | #:use-module (gnu packages gnome) |
b5f4e686 | 50 | #:use-module (guix gexp) |
0adfe95a | 51 | #:use-module (guix records) |
a062b6ca | 52 | #:use-module (guix modules) |
65a67bf7 | 53 | #:use-module (guix deprecation) |
5658ae8a | 54 | #:use-module (rnrs enums) |
6331bde7 LC |
55 | #:use-module (srfi srfi-1) |
56 | #:use-module (srfi srfi-9) | |
63854bcb | 57 | #:use-module (srfi srfi-26) |
0adfe95a | 58 | #:use-module (ice-9 match) |
70ab130a DM |
59 | #:re-export (static-networking-service |
60 | static-networking-service-type) | |
fa0c1d61 | 61 | #:export (%facebook-host-aliases |
a023cca8 | 62 | dhcp-client-service |
39d7fdce | 63 | dhcp-client-service-type |
f1104d90 CM |
64 | |
65 | dhcpd-service-type | |
66 | dhcpd-configuration | |
67 | dhcpd-configuration? | |
68 | dhcpd-configuration-package | |
69 | dhcpd-configuration-config-file | |
70 | dhcpd-configuration-version | |
71 | dhcpd-configuration-run-directory | |
72 | dhcpd-configuration-lease-file | |
73 | dhcpd-configuration-pid-file | |
74 | dhcpd-configuration-interfaces | |
75 | ||
24e96431 TČ |
76 | ntp-configuration |
77 | ntp-configuration? | |
5658ae8a MC |
78 | ntp-configuration-ntp |
79 | ntp-configuration-servers | |
80 | ntp-allow-large-adjustment? | |
81 | ||
82 | %ntp-servers | |
83 | ntp-server | |
84 | ntp-server-type | |
85 | ntp-server-address | |
86 | ntp-server-options | |
87 | ||
63854bcb | 88 | ntp-service |
24e96431 TČ |
89 | ntp-service-type |
90 | ||
5658ae8a | 91 | %openntpd-servers |
16718b67 EF |
92 | openntpd-configuration |
93 | openntpd-configuration? | |
94 | openntpd-service-type | |
95 | ||
9260b9d1 TD |
96 | inetd-configuration |
97 | inetd-entry | |
98 | inetd-service-type | |
99 | ||
24e96431 TČ |
100 | tor-configuration |
101 | tor-configuration? | |
6331bde7 | 102 | tor-hidden-service |
4627a464 | 103 | tor-service |
24e96431 TČ |
104 | tor-service-type |
105 | ||
e48fcd7b | 106 | wicd-service-type |
7234ad4f | 107 | wicd-service |
b726096b CB |
108 | |
109 | network-manager-configuration | |
110 | network-manager-configuration? | |
111 | network-manager-configuration-dns | |
112 | network-manager-service-type | |
113 | ||
34d60c49 MO |
114 | connman-configuration |
115 | connman-configuration? | |
116 | connman-service-type | |
117 | ||
d94e81db DM |
118 | modem-manager-configuration |
119 | modem-manager-configuration? | |
120 | modem-manager-service-type | |
acce0a47 | 121 | |
f5be5104 FP |
122 | usb-modeswitch-configuration |
123 | usb-modeswitch-configuration? | |
124 | usb-modeswitch-configuration-usb-modeswitch | |
125 | usb-modeswitch-configuration-usb-modeswitch-data | |
126 | usb-modeswitch-service-type | |
127 | ||
acce0a47 MB |
128 | <wpa-supplicant-configuration> |
129 | wpa-supplicant-configuration | |
130 | wpa-supplicant-configuration? | |
131 | wpa-supplicant-configuration-wpa-supplicant | |
132 | wpa-supplicant-configuration-pid-file | |
133 | wpa-supplicant-configuration-dbus? | |
134 | wpa-supplicant-configuration-interface | |
135 | wpa-supplicant-configuration-config-file | |
136 | wpa-supplicant-configuration-extra-options | |
c32d02fe SB |
137 | wpa-supplicant-service-type |
138 | ||
139 | openvswitch-service-type | |
9926b8f8 AI |
140 | openvswitch-configuration |
141 | ||
142 | iptables-configuration | |
143 | iptables-configuration? | |
144 | iptables-configuration-iptables | |
145 | iptables-configuration-ipv4-rules | |
146 | iptables-configuration-ipv6-rules | |
147 | iptables-service-type)) | |
db4fdc04 LC |
148 | |
149 | ;;; Commentary: | |
150 | ;;; | |
151 | ;;; Networking services. | |
152 | ;;; | |
153 | ;;; Code: | |
154 | ||
fa0c1d61 LC |
155 | (define %facebook-host-aliases |
156 | ;; This is the list of known Facebook hosts to be added to /etc/hosts if you | |
157 | ;; are to block it. | |
158 | "\ | |
159 | # Block Facebook IPv4. | |
160 | 127.0.0.1 www.facebook.com | |
161 | 127.0.0.1 facebook.com | |
162 | 127.0.0.1 login.facebook.com | |
163 | 127.0.0.1 www.login.facebook.com | |
164 | 127.0.0.1 fbcdn.net | |
165 | 127.0.0.1 www.fbcdn.net | |
166 | 127.0.0.1 fbcdn.com | |
167 | 127.0.0.1 www.fbcdn.com | |
168 | 127.0.0.1 static.ak.fbcdn.net | |
169 | 127.0.0.1 static.ak.connect.facebook.com | |
170 | 127.0.0.1 connect.facebook.net | |
171 | 127.0.0.1 www.connect.facebook.net | |
172 | 127.0.0.1 apps.facebook.com | |
173 | ||
174 | # Block Facebook IPv6. | |
175 | fe80::1%lo0 facebook.com | |
176 | fe80::1%lo0 login.facebook.com | |
177 | fe80::1%lo0 www.login.facebook.com | |
178 | fe80::1%lo0 fbcdn.net | |
179 | fe80::1%lo0 www.fbcdn.net | |
180 | fe80::1%lo0 fbcdn.com | |
181 | fe80::1%lo0 www.fbcdn.com | |
182 | fe80::1%lo0 static.ak.fbcdn.net | |
183 | fe80::1%lo0 static.ak.connect.facebook.com | |
184 | fe80::1%lo0 connect.facebook.net | |
185 | fe80::1%lo0 www.connect.facebook.net | |
186 | fe80::1%lo0 apps.facebook.com\n") | |
187 | ||
0adfe95a | 188 | (define dhcp-client-service-type |
d4053c71 | 189 | (shepherd-service-type |
00184239 | 190 | 'dhcp-client |
0adfe95a LC |
191 | (lambda (dhcp) |
192 | (define dhclient | |
9e41130b | 193 | (file-append dhcp "/sbin/dhclient")) |
0adfe95a LC |
194 | |
195 | (define pid-file | |
196 | "/var/run/dhclient.pid") | |
197 | ||
d4053c71 | 198 | (shepherd-service |
0adfe95a LC |
199 | (documentation "Set up networking via DHCP.") |
200 | (requirement '(user-processes udev)) | |
201 | ||
202 | ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when | |
203 | ;; networking is unavailable, but also means that the interface is not up | |
204 | ;; yet when 'start' completes. To wait for the interface to be ready, one | |
205 | ;; should instead monitor udev events. | |
206 | (provision '(networking)) | |
207 | ||
208 | (start #~(lambda _ | |
209 | ;; When invoked without any arguments, 'dhclient' discovers all | |
210 | ;; non-loopback interfaces *that are up*. However, the relevant | |
211 | ;; interfaces are typically down at this point. Thus we perform | |
212 | ;; our own interface discovery here. | |
213 | (define valid? | |
6c2180f5 MB |
214 | (lambda (interface) |
215 | (and (arp-network-interface? interface) | |
216 | (not (loopback-network-interface? interface))))) | |
0adfe95a LC |
217 | (define ifaces |
218 | (filter valid? (all-network-interface-names))) | |
219 | ||
220 | ;; XXX: Make sure the interfaces are up so that 'dhclient' can | |
221 | ;; actually send/receive over them. | |
222 | (for-each set-network-interface-up ifaces) | |
223 | ||
224 | (false-if-exception (delete-file #$pid-file)) | |
225 | (let ((pid (fork+exec-command | |
226 | (cons* #$dhclient "-nw" | |
227 | "-pf" #$pid-file ifaces)))) | |
228 | (and (zero? (cdr (waitpid pid))) | |
6f03b080 | 229 | (read-pid-file #$pid-file))))) |
39d7fdce LC |
230 | (stop #~(make-kill-destructor)))) |
231 | isc-dhcp)) | |
db4fdc04 | 232 | |
65a67bf7 LC |
233 | (define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp)) |
234 | dhcp-client-service-type | |
a023cca8 LC |
235 | "Return a service that runs @var{dhcp}, a Dynamic Host Configuration |
236 | Protocol (DHCP) client, on all the non-loopback network interfaces." | |
0adfe95a | 237 | (service dhcp-client-service-type dhcp)) |
a023cca8 | 238 | |
f1104d90 CM |
239 | (define-record-type* <dhcpd-configuration> |
240 | dhcpd-configuration make-dhcpd-configuration | |
241 | dhcpd-configuration? | |
242 | (package dhcpd-configuration-package ;<package> | |
243 | (default isc-dhcp)) | |
244 | (config-file dhcpd-configuration-config-file ;file-like | |
245 | (default #f)) | |
246 | (version dhcpd-configuration-version ;"4", "6", or "4o6" | |
a654d3de | 247 | (default "4")) |
f1104d90 CM |
248 | (run-directory dhcpd-configuration-run-directory |
249 | (default "/run/dhcpd")) | |
250 | (lease-file dhcpd-configuration-lease-file | |
251 | (default "/var/db/dhcpd.leases")) | |
252 | (pid-file dhcpd-configuration-pid-file | |
253 | (default "/run/dhcpd/dhcpd.pid")) | |
254 | ;; list of strings, e.g. (list "enp0s25") | |
255 | (interfaces dhcpd-configuration-interfaces | |
256 | (default '()))) | |
257 | ||
258 | (define dhcpd-shepherd-service | |
259 | (match-lambda | |
260 | (($ <dhcpd-configuration> package config-file version run-directory | |
261 | lease-file pid-file interfaces) | |
262 | (unless config-file | |
263 | (error "Must supply a config-file")) | |
264 | (list (shepherd-service | |
265 | ;; Allow users to easily run multiple versions simultaneously. | |
266 | (provision (list (string->symbol | |
267 | (string-append "dhcpv" version "-daemon")))) | |
268 | (documentation (string-append "Run the DHCPv" version " daemon")) | |
269 | (requirement '(networking)) | |
270 | (start #~(make-forkexec-constructor | |
271 | '(#$(file-append package "/sbin/dhcpd") | |
272 | #$(string-append "-" version) | |
273 | "-lf" #$lease-file | |
274 | "-pf" #$pid-file | |
275 | "-cf" #$config-file | |
276 | #$@interfaces) | |
277 | #:pid-file #$pid-file)) | |
278 | (stop #~(make-kill-destructor))))))) | |
279 | ||
280 | (define dhcpd-activation | |
281 | (match-lambda | |
282 | (($ <dhcpd-configuration> package config-file version run-directory | |
283 | lease-file pid-file interfaces) | |
284 | (with-imported-modules '((guix build utils)) | |
285 | #~(begin | |
286 | (unless (file-exists? #$run-directory) | |
287 | (mkdir #$run-directory)) | |
288 | ;; According to the DHCP manual (man dhcpd.leases), the lease | |
289 | ;; database must be present for dhcpd to start successfully. | |
290 | (unless (file-exists? #$lease-file) | |
291 | (with-output-to-file #$lease-file | |
292 | (lambda _ (display "")))) | |
293 | ;; Validate the config. | |
294 | (invoke | |
295 | #$(file-append package "/sbin/dhcpd") "-t" "-cf" | |
296 | #$config-file)))))) | |
297 | ||
298 | (define dhcpd-service-type | |
299 | (service-type | |
300 | (name 'dhcpd) | |
301 | (extensions | |
302 | (list (service-extension shepherd-root-service-type dhcpd-shepherd-service) | |
303 | (service-extension activation-service-type dhcpd-activation))))) | |
304 | ||
0adfe95a LC |
305 | \f |
306 | ;;; | |
307 | ;;; NTP. | |
308 | ;;; | |
309 | ||
5658ae8a MC |
310 | (define ntp-server-types (make-enumeration |
311 | '(pool | |
312 | server | |
313 | peer | |
314 | broadcast | |
315 | manycastclient))) | |
316 | ||
317 | (define-record-type* <ntp-server> | |
318 | ntp-server make-ntp-server | |
319 | ntp-server? | |
320 | ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration. | |
321 | (type ntp-server-type | |
322 | (default 'server)) | |
323 | (address ntp-server-address) ; a string | |
324 | ;; The list of options can contain single option names or tuples in the form | |
325 | ;; '(name value). | |
326 | (options ntp-server-options | |
327 | (default '()))) | |
328 | ||
329 | (define (ntp-server->string ntp-server) | |
330 | ;; Serialize the NTP server object as a string, ready to use in the NTP | |
331 | ;; configuration file. | |
332 | (define (flatten lst) | |
333 | (reverse | |
334 | (let loop ((x lst) | |
335 | (res '())) | |
336 | (if (list? x) | |
337 | (fold loop res x) | |
338 | (cons (format #f "~s" x) res))))) | |
339 | ||
340 | (match ntp-server | |
341 | (($ <ntp-server> type address options) | |
342 | ;; XXX: It'd be neater if fields were validated at the syntax level (for | |
343 | ;; static ones at least). Perhaps the Guix record type could support a | |
344 | ;; predicate property on a field? | |
345 | (unless (enum-set-member? type ntp-server-types) | |
346 | (error "Invalid NTP server type" type)) | |
347 | (string-join (cons* (symbol->string type) | |
348 | address | |
349 | (flatten options)))))) | |
350 | ||
351 | (define %ntp-servers | |
352 | ;; Default set of NTP servers. These URLs are managed by the NTP Pool project. | |
353 | ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact | |
354 | ;; for this NTP pool "zone". | |
355 | (list | |
356 | (ntp-server | |
357 | (type 'pool) | |
358 | (address "0.guix.pool.ntp.org") | |
359 | (options '("iburst"))))) ;as recommended in the ntpd manual | |
360 | ||
0adfe95a LC |
361 | (define-record-type* <ntp-configuration> |
362 | ntp-configuration make-ntp-configuration | |
363 | ntp-configuration? | |
364 | (ntp ntp-configuration-ntp | |
365 | (default ntp)) | |
5658ae8a | 366 | (servers %ntp-configuration-servers ;list of <ntp-server> objects |
64791eb7 | 367 | (default %ntp-servers)) |
dc0322b5 | 368 | (allow-large-adjustment? ntp-allow-large-adjustment? |
08b4a10f | 369 | (default #t))) ;as recommended in the ntpd manual |
0adfe95a | 370 | |
5658ae8a MC |
371 | (define (ntp-configuration-servers ntp-configuration) |
372 | ;; A wrapper to support the deprecated form of this field. | |
373 | (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) | |
374 | (match ntp-servers | |
375 | (((? string?) (? string?) ...) | |
376 | (format (current-error-port) "warning: Defining NTP servers as strings is \ | |
377 | deprecated. Please use <ntp-server> records instead.\n") | |
378 | (map (lambda (addr) | |
379 | (ntp-server | |
380 | (type 'server) | |
381 | (address addr) | |
382 | (options '()))) ntp-servers)) | |
383 | ((($ <ntp-server>) ($ <ntp-server>) ...) | |
384 | ntp-servers)))) | |
385 | ||
d4053c71 | 386 | (define ntp-shepherd-service |
0adfe95a | 387 | (match-lambda |
dc0322b5 | 388 | (($ <ntp-configuration> ntp servers allow-large-adjustment?) |
0adfe95a LC |
389 | (let () |
390 | ;; TODO: Add authentication support. | |
391 | (define config | |
1c6c0ad0 | 392 | (string-append "driftfile /var/run/ntpd/ntp.drift\n" |
5658ae8a | 393 | (string-join (map ntp-server->string servers) |
0adfe95a LC |
394 | "\n") |
395 | " | |
63854bcb LC |
396 | # Disable status queries as a workaround for CVE-2013-5211: |
397 | # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. | |
d4de2f9e MC |
398 | restrict default kod nomodify notrap nopeer noquery limited |
399 | restrict -6 default kod nomodify notrap nopeer noquery limited | |
63854bcb LC |
400 | |
401 | # Yet, allow use of the local 'ntpq'. | |
402 | restrict 127.0.0.1 | |
5658ae8a MC |
403 | restrict -6 ::1 |
404 | ||
405 | # This is required to use servers from a pool directive when using the 'nopeer' | |
406 | # option by default, as documented in the 'ntp.conf' manual. | |
407 | restrict source notrap nomodify noquery\n")) | |
63854bcb | 408 | |
0adfe95a LC |
409 | (define ntpd.conf |
410 | (plain-file "ntpd.conf" config)) | |
411 | ||
d4053c71 | 412 | (list (shepherd-service |
0adfe95a LC |
413 | (provision '(ntpd)) |
414 | (documentation "Run the Network Time Protocol (NTP) daemon.") | |
415 | (requirement '(user-processes networking)) | |
416 | (start #~(make-forkexec-constructor | |
417 | (list (string-append #$ntp "/bin/ntpd") "-n" | |
dc0322b5 LC |
418 | "-c" #$ntpd.conf "-u" "ntpd" |
419 | #$@(if allow-large-adjustment? | |
420 | '("-g") | |
421 | '())))) | |
0adfe95a LC |
422 | (stop #~(make-kill-destructor)))))))) |
423 | ||
424 | (define %ntp-accounts | |
425 | (list (user-account | |
426 | (name "ntpd") | |
427 | (group "nogroup") | |
428 | (system? #t) | |
429 | (comment "NTP daemon user") | |
430 | (home-directory "/var/empty") | |
9e41130b | 431 | (shell (file-append shadow "/sbin/nologin"))))) |
0adfe95a | 432 | |
1c6c0ad0 JD |
433 | |
434 | (define (ntp-service-activation config) | |
435 | "Return the activation gexp for CONFIG." | |
436 | (with-imported-modules '((guix build utils)) | |
437 | #~(begin | |
e57bd0be | 438 | (use-modules (guix build utils)) |
1c6c0ad0 JD |
439 | (define %user |
440 | (getpw "ntpd")) | |
441 | ||
442 | (let ((directory "/var/run/ntpd")) | |
443 | (mkdir-p directory) | |
444 | (chown directory (passwd:uid %user) (passwd:gid %user)))))) | |
445 | ||
0adfe95a LC |
446 | (define ntp-service-type |
447 | (service-type (name 'ntp) | |
448 | (extensions | |
d4053c71 AK |
449 | (list (service-extension shepherd-root-service-type |
450 | ntp-shepherd-service) | |
0adfe95a | 451 | (service-extension account-service-type |
1c6c0ad0 JD |
452 | (const %ntp-accounts)) |
453 | (service-extension activation-service-type | |
3f0de257 LC |
454 | ntp-service-activation))) |
455 | (description | |
456 | "Run the @command{ntpd}, the Network Time Protocol (NTP) | |
457 | daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon | |
64791eb7 LC |
458 | will keep the system clock synchronized with that of the given servers.") |
459 | (default-value (ntp-configuration)))) | |
0adfe95a | 460 | |
65a67bf7 LC |
461 | (define-deprecated (ntp-service #:key (ntp ntp) |
462 | (servers %ntp-servers) | |
463 | allow-large-adjustment?) | |
464 | ntp-service-type | |
0adfe95a LC |
465 | "Return a service that runs the daemon from @var{ntp}, the |
466 | @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will | |
dc0322b5 LC |
467 | keep the system clock synchronized with that of @var{servers}. |
468 | @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to | |
469 | make an initial adjustment of more than 1,000 seconds." | |
0adfe95a | 470 | (service ntp-service-type |
dc0322b5 LC |
471 | (ntp-configuration (ntp ntp) |
472 | (servers servers) | |
473 | (allow-large-adjustment? | |
474 | allow-large-adjustment?)))) | |
0adfe95a LC |
475 | |
476 | \f | |
16718b67 EF |
477 | ;;; |
478 | ;;; OpenNTPD. | |
479 | ;;; | |
480 | ||
5658ae8a MC |
481 | (define %openntpd-servers |
482 | (map ntp-server-address %ntp-servers)) | |
483 | ||
16718b67 EF |
484 | (define-record-type* <openntpd-configuration> |
485 | openntpd-configuration make-openntpd-configuration | |
486 | openntpd-configuration? | |
487 | (openntpd openntpd-configuration-openntpd | |
488 | (default openntpd)) | |
489 | (listen-on openntpd-listen-on | |
490 | (default '("127.0.0.1" | |
491 | "::1"))) | |
492 | (query-from openntpd-query-from | |
493 | (default '())) | |
494 | (sensor openntpd-sensor | |
495 | (default '())) | |
496 | (server openntpd-server | |
16718b67 | 497 | (default '())) |
5658ae8a MC |
498 | (servers openntpd-servers |
499 | (default %openntpd-servers)) | |
16718b67 EF |
500 | (constraint-from openntpd-constraint-from |
501 | (default '())) | |
502 | (constraints-from openntpd-constraints-from | |
503 | (default '())) | |
504 | (allow-large-adjustment? openntpd-allow-large-adjustment? | |
505 | (default #f))) ; upstream default | |
506 | ||
507 | (define (openntpd-shepherd-service config) | |
508 | (match-record config <openntpd-configuration> | |
509 | (openntpd listen-on query-from sensor server servers constraint-from | |
510 | constraints-from allow-large-adjustment?) | |
511 | (let () | |
512 | (define config | |
513 | (string-join | |
514 | (filter-map | |
515 | (lambda (field value) | |
516 | (string-join | |
517 | (map (cut string-append field <> "\n") | |
518 | value))) | |
519 | '("listen on " "query from " "sensor " "server " "servers " | |
520 | "constraint from ") | |
521 | (list listen-on query-from sensor server servers constraint-from)) | |
522 | ;; The 'constraints from' field needs to be enclosed in double quotes. | |
523 | (string-join | |
524 | (map (cut string-append "constraints from \"" <> "\"\n") | |
525 | constraints-from)))) | |
526 | ||
527 | (define ntpd.conf | |
528 | (plain-file "ntpd.conf" config)) | |
529 | ||
530 | (list (shepherd-service | |
531 | (provision '(ntpd)) | |
532 | (documentation "Run the Network Time Protocol (NTP) daemon.") | |
533 | (requirement '(user-processes networking)) | |
534 | (start #~(make-forkexec-constructor | |
535 | (list (string-append #$openntpd "/sbin/ntpd") | |
536 | "-f" #$ntpd.conf | |
537 | "-d" ;; don't daemonize | |
538 | #$@(if allow-large-adjustment? | |
539 | '("-s") | |
540 | '())) | |
541 | ;; When ntpd is daemonized it repeatedly tries to respawn | |
542 | ;; while running, leading shepherd to disable it. To | |
543 | ;; prevent spamming stderr, redirect output to logfile. | |
544 | #:log-file "/var/log/ntpd")) | |
545 | (stop #~(make-kill-destructor))))))) | |
546 | ||
547 | (define (openntpd-service-activation config) | |
548 | "Return the activation gexp for CONFIG." | |
549 | (with-imported-modules '((guix build utils)) | |
550 | #~(begin | |
551 | (use-modules (guix build utils)) | |
552 | ||
553 | (mkdir-p "/var/db") | |
554 | (mkdir-p "/var/run") | |
555 | (unless (file-exists? "/var/db/ntpd.drift") | |
556 | (with-output-to-file "/var/db/ntpd.drift" | |
557 | (lambda _ | |
558 | (format #t "0.0"))))))) | |
559 | ||
560 | (define openntpd-service-type | |
561 | (service-type (name 'openntpd) | |
562 | (extensions | |
563 | (list (service-extension shepherd-root-service-type | |
564 | openntpd-shepherd-service) | |
565 | (service-extension account-service-type | |
566 | (const %ntp-accounts)) | |
19f20f4f EF |
567 | (service-extension profile-service-type |
568 | (compose list openntpd-configuration-openntpd)) | |
16718b67 EF |
569 | (service-extension activation-service-type |
570 | openntpd-service-activation))) | |
571 | (default-value (openntpd-configuration)) | |
572 | (description | |
573 | "Run the @command{ntpd}, the Network Time Protocol (NTP) | |
574 | daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The | |
575 | daemon will keep the system clock synchronized with that of the given servers."))) | |
576 | ||
577 | \f | |
9260b9d1 TD |
578 | ;;; |
579 | ;;; Inetd. | |
580 | ;;; | |
581 | ||
582 | (define-record-type* <inetd-configuration> inetd-configuration | |
583 | make-inetd-configuration | |
584 | inetd-configuration? | |
585 | (program inetd-configuration-program ;file-like | |
586 | (default (file-append inetutils "/libexec/inetd"))) | |
587 | (entries inetd-configuration-entries ;list of <inetd-entry> | |
588 | (default '()))) | |
589 | ||
590 | (define-record-type* <inetd-entry> inetd-entry make-inetd-entry | |
591 | inetd-entry? | |
592 | (node inetd-entry-node ;string or #f | |
593 | (default #f)) | |
594 | (name inetd-entry-name) ;string, from /etc/services | |
595 | ||
596 | (socket-type inetd-entry-socket-type) ;stream | dgram | raw | | |
597 | ;rdm | seqpacket | |
598 | (protocol inetd-entry-protocol) ;string, from /etc/protocols | |
599 | ||
600 | (wait? inetd-entry-wait? ;Boolean | |
601 | (default #t)) | |
602 | (user inetd-entry-user) ;string | |
603 | ||
604 | (program inetd-entry-program ;string or file-like object | |
605 | (default "internal")) | |
606 | (arguments inetd-entry-arguments ;list of strings or file-like objects | |
607 | (default '()))) | |
608 | ||
609 | (define (inetd-config-file entries) | |
610 | (apply mixed-text-file "inetd.conf" | |
611 | (map | |
612 | (lambda (entry) | |
613 | (let* ((node (inetd-entry-node entry)) | |
614 | (name (inetd-entry-name entry)) | |
615 | (socket | |
616 | (if node (string-append node ":" name) name)) | |
617 | (type | |
618 | (match (inetd-entry-socket-type entry) | |
619 | ((or 'stream 'dgram 'raw 'rdm 'seqpacket) | |
620 | (symbol->string (inetd-entry-socket-type entry))))) | |
621 | (protocol (inetd-entry-protocol entry)) | |
622 | (wait (if (inetd-entry-wait? entry) "wait" "nowait")) | |
623 | (user (inetd-entry-user entry)) | |
624 | (program (inetd-entry-program entry)) | |
625 | (args (inetd-entry-arguments entry))) | |
626 | #~(string-append | |
627 | (string-join | |
628 | (list #$@(list socket type protocol wait user program) #$@args) | |
629 | " ") "\n"))) | |
630 | entries))) | |
631 | ||
632 | (define inetd-shepherd-service | |
633 | (match-lambda | |
634 | (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing | |
635 | (($ <inetd-configuration> program entries) | |
636 | (list | |
637 | (shepherd-service | |
638 | (documentation "Run inetd.") | |
639 | (provision '(inetd)) | |
640 | (requirement '(user-processes networking syslogd)) | |
641 | (start #~(make-forkexec-constructor | |
642 | (list #$program #$(inetd-config-file entries)) | |
643 | #:pid-file "/var/run/inetd.pid")) | |
644 | (stop #~(make-kill-destructor))))))) | |
645 | ||
646 | (define-public inetd-service-type | |
647 | (service-type | |
648 | (name 'inetd) | |
649 | (extensions | |
650 | (list (service-extension shepherd-root-service-type | |
651 | inetd-shepherd-service))) | |
652 | ||
653 | ;; The service can be extended with additional lists of entries. | |
654 | (compose concatenate) | |
655 | (extend (lambda (config entries) | |
656 | (inetd-configuration | |
657 | (inherit config) | |
658 | (entries (append (inetd-configuration-entries config) | |
3f0de257 LC |
659 | entries))))) |
660 | (description | |
661 | "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible | |
662 | for listening on Internet sockets and spawning the corresponding services on | |
663 | demand."))) | |
9260b9d1 TD |
664 | |
665 | \f | |
0adfe95a LC |
666 | ;;; |
667 | ;;; Tor. | |
668 | ;;; | |
669 | ||
6331bde7 LC |
670 | (define-record-type* <tor-configuration> |
671 | tor-configuration make-tor-configuration | |
672 | tor-configuration? | |
673 | (tor tor-configuration-tor | |
674 | (default tor)) | |
3d3c5650 LC |
675 | (config-file tor-configuration-config-file |
676 | (default (plain-file "empty" ""))) | |
6331bde7 | 677 | (hidden-services tor-configuration-hidden-services |
3bcb305b CM |
678 | (default '())) |
679 | (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix | |
680 | (default 'tcp))) | |
6331bde7 | 681 | |
0adfe95a LC |
682 | (define %tor-accounts |
683 | ;; User account and groups for Tor. | |
684 | (list (user-group (name "tor") (system? #t)) | |
685 | (user-account | |
686 | (name "tor") | |
687 | (group "tor") | |
688 | (system? #t) | |
689 | (comment "Tor daemon user") | |
690 | (home-directory "/var/empty") | |
9e41130b | 691 | (shell (file-append shadow "/sbin/nologin"))))) |
0adfe95a | 692 | |
6331bde7 LC |
693 | (define-record-type <hidden-service> |
694 | (hidden-service name mapping) | |
695 | hidden-service? | |
696 | (name hidden-service-name) ;string | |
697 | (mapping hidden-service-mapping)) ;list of port/address tuples | |
698 | ||
699 | (define (tor-configuration->torrc config) | |
700 | "Return a 'torrc' file for CONFIG." | |
701 | (match config | |
3bcb305b | 702 | (($ <tor-configuration> tor config-file services socks-socket-type) |
6331bde7 LC |
703 | (computed-file |
704 | "torrc" | |
4ee96a79 LC |
705 | (with-imported-modules '((guix build utils)) |
706 | #~(begin | |
707 | (use-modules (guix build utils) | |
708 | (ice-9 match)) | |
709 | ||
710 | (call-with-output-file #$output | |
711 | (lambda (port) | |
712 | (display "\ | |
0975ca3f | 713 | ### These lines were generated from your system configuration: |
5ee35eb7 | 714 | User tor |
6629099a | 715 | DataDirectory /var/lib/tor |
5dfd80e1 | 716 | PidFile /var/run/tor/tor.pid |
5ee35eb7 | 717 | Log notice syslog\n" port) |
3bcb305b CM |
718 | (when (eq? 'unix '#$socks-socket-type) |
719 | (display "\ | |
720 | SocksPort unix:/var/run/tor/socks-sock | |
721 | UnixSocksGroupWritable 1\n" port)) | |
6331bde7 | 722 | |
4ee96a79 LC |
723 | (for-each (match-lambda |
724 | ((service (ports hosts) ...) | |
725 | (format port "\ | |
6629099a | 726 | HiddenServiceDir /var/lib/tor/hidden-services/~a~%" |
4ee96a79 LC |
727 | service) |
728 | (for-each (lambda (tcp-port host) | |
729 | (format port "\ | |
6331bde7 | 730 | HiddenServicePort ~a ~a~%" |
4ee96a79 LC |
731 | tcp-port host)) |
732 | ports hosts))) | |
733 | '#$(map (match-lambda | |
734 | (($ <hidden-service> name mapping) | |
735 | (cons name mapping))) | |
736 | services)) | |
737 | ||
0975ca3f TGR |
738 | (display "\ |
739 | ### End of automatically generated lines.\n\n" port) | |
740 | ||
4ee96a79 LC |
741 | ;; Append the user's config file. |
742 | (call-with-input-file #$config-file | |
743 | (lambda (input) | |
744 | (dump-port input port))) | |
745 | #t)))))))) | |
6331bde7 | 746 | |
d4053c71 | 747 | (define (tor-shepherd-service config) |
5dfd80e1 | 748 | "Return a <shepherd-service> running Tor." |
375c6108 | 749 | (match config |
6331bde7 LC |
750 | (($ <tor-configuration> tor) |
751 | (let ((torrc (tor-configuration->torrc config))) | |
ee295346 LC |
752 | (with-imported-modules (source-module-closure |
753 | '((gnu build shepherd) | |
754 | (gnu system file-systems))) | |
755 | (list (shepherd-service | |
756 | (provision '(tor)) | |
757 | ||
758 | ;; Tor needs at least one network interface to be up, hence the | |
759 | ;; dependency on 'loopback'. | |
760 | (requirement '(user-processes loopback syslogd)) | |
761 | ||
762 | (modules '((gnu build shepherd) | |
763 | (gnu system file-systems))) | |
764 | ||
765 | (start #~(make-forkexec-constructor/container | |
766 | (list #$(file-append tor "/bin/tor") "-f" #$torrc) | |
767 | ||
768 | #:mappings (list (file-system-mapping | |
769 | (source "/var/lib/tor") | |
770 | (target source) | |
771 | (writable? #t)) | |
772 | (file-system-mapping | |
773 | (source "/dev/log") ;for syslog | |
5dfd80e1 CM |
774 | (target source)) |
775 | (file-system-mapping | |
776 | (source "/var/run/tor") | |
777 | (target source) | |
778 | (writable? #t))) | |
779 | #:pid-file "/var/run/tor/tor.pid")) | |
ee295346 LC |
780 | (stop #~(make-kill-destructor)) |
781 | (documentation "Run the Tor anonymous network overlay.")))))))) | |
0adfe95a | 782 | |
d973915e | 783 | (define (tor-activation config) |
5dfd80e1 | 784 | "Set up directories for Tor and its hidden services, if any." |
6331bde7 LC |
785 | #~(begin |
786 | (use-modules (guix build utils)) | |
787 | ||
6629099a LC |
788 | (define %user |
789 | (getpw "tor")) | |
790 | ||
6331bde7 | 791 | (define (initialize service) |
6629099a LC |
792 | (let ((directory (string-append "/var/lib/tor/hidden-services/" |
793 | service))) | |
6331bde7 | 794 | (mkdir-p directory) |
6629099a | 795 | (chown directory (passwd:uid %user) (passwd:gid %user)) |
6331bde7 LC |
796 | |
797 | ;; The daemon bails out if we give wider permissions. | |
798 | (chmod directory #o700))) | |
799 | ||
5dfd80e1 CM |
800 | ;; Allow Tor to write its PID file. |
801 | (mkdir-p "/var/run/tor") | |
802 | (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user)) | |
803 | ;; Set the group permissions to rw so that if the system administrator | |
804 | ;; has specified UnixSocksGroupWritable=1 in their torrc file, members | |
805 | ;; of the "tor" group will be able to use the SOCKS socket. | |
806 | (chmod "/var/run/tor" #o750) | |
807 | ||
808 | ;; Allow Tor to access the hidden services' directories. | |
6629099a LC |
809 | (mkdir-p "/var/lib/tor") |
810 | (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) | |
811 | (chmod "/var/lib/tor" #o700) | |
812 | ||
ba9f0db0 LC |
813 | ;; Make sure /var/lib is accessible to the 'tor' user. |
814 | (chmod "/var/lib" #o755) | |
815 | ||
6331bde7 LC |
816 | (for-each initialize |
817 | '#$(map hidden-service-name | |
818 | (tor-configuration-hidden-services config))))) | |
819 | ||
0adfe95a LC |
820 | (define tor-service-type |
821 | (service-type (name 'tor) | |
822 | (extensions | |
d4053c71 AK |
823 | (list (service-extension shepherd-root-service-type |
824 | tor-shepherd-service) | |
0adfe95a | 825 | (service-extension account-service-type |
6331bde7 LC |
826 | (const %tor-accounts)) |
827 | (service-extension activation-service-type | |
d973915e | 828 | tor-activation))) |
6331bde7 LC |
829 | |
830 | ;; This can be extended with hidden services. | |
831 | (compose concatenate) | |
832 | (extend (lambda (config services) | |
833 | (tor-configuration | |
834 | (inherit config) | |
835 | (hidden-services | |
836 | (append (tor-configuration-hidden-services config) | |
3d3c5650 | 837 | services))))) |
3f0de257 LC |
838 | (default-value (tor-configuration)) |
839 | (description | |
840 | "Run the @uref{https://torproject.org, Tor} anonymous | |
841 | networking daemon."))) | |
63854bcb | 842 | |
84a2de36 LC |
843 | (define-deprecated (tor-service #:optional |
844 | (config-file (plain-file "empty" "")) | |
845 | #:key (tor tor)) | |
846 | tor-service-type | |
375c6108 LC |
847 | "Return a service to run the @uref{https://torproject.org, Tor} anonymous |
848 | networking daemon. | |
927097ef | 849 | |
375c6108 | 850 | The daemon runs as the @code{tor} unprivileged user. It is passed |
6331bde7 LC |
851 | @var{config-file}, a file-like object, with an additional @code{User tor} line |
852 | and lines for hidden services added via @code{tor-hidden-service}. Run | |
853 | @command{man tor} for information about the configuration file." | |
854 | (service tor-service-type | |
855 | (tor-configuration (tor tor) | |
856 | (config-file config-file)))) | |
857 | ||
858 | (define tor-hidden-service-type | |
859 | ;; A type that extends Tor with hidden services. | |
860 | (service-type (name 'tor-hidden-service) | |
861 | (extensions | |
3f0de257 LC |
862 | (list (service-extension tor-service-type list))) |
863 | (description | |
864 | "Define a new Tor @dfn{hidden service}."))) | |
6331bde7 LC |
865 | |
866 | (define (tor-hidden-service name mapping) | |
867 | "Define a new Tor @dfn{hidden service} called @var{name} and implementing | |
868 | @var{mapping}. @var{mapping} is a list of port/host tuples, such as: | |
869 | ||
870 | @example | |
871 | '((22 \"127.0.0.1:22\") | |
872 | (80 \"127.0.0.1:8080\")) | |
873 | @end example | |
874 | ||
875 | In this example, port 22 of the hidden service is mapped to local port 22, and | |
876 | port 80 is mapped to local port 8080. | |
877 | ||
6629099a LC |
878 | This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where |
879 | the @file{hostname} file contains the @code{.onion} host name for the hidden | |
6331bde7 LC |
880 | service. |
881 | ||
882 | See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor | |
883 | project's documentation} for more information." | |
884 | (service tor-hidden-service-type | |
885 | (hidden-service name mapping))) | |
0adfe95a LC |
886 | |
887 | \f | |
0adfe95a LC |
888 | ;;; |
889 | ;;; Wicd. | |
890 | ;;; | |
891 | ||
892 | (define %wicd-activation | |
893 | ;; Activation gexp for Wicd. | |
894 | #~(begin | |
895 | (use-modules (guix build utils)) | |
896 | ||
897 | (mkdir-p "/etc/wicd") | |
898 | (let ((file-name "/etc/wicd/dhclient.conf.template.default")) | |
899 | (unless (file-exists? file-name) | |
900 | (copy-file (string-append #$wicd file-name) | |
69323016 LC |
901 | file-name))) |
902 | ||
903 | ;; Wicd invokes 'wpa_supplicant', which needs this directory for its | |
904 | ;; named socket files. | |
905 | (mkdir-p "/var/run/wpa_supplicant") | |
906 | (chmod "/var/run/wpa_supplicant" #o750))) | |
0adfe95a | 907 | |
d4053c71 AK |
908 | (define (wicd-shepherd-service wicd) |
909 | "Return a shepherd service for WICD." | |
910 | (list (shepherd-service | |
0adfe95a LC |
911 | (documentation "Run the Wicd network manager.") |
912 | (provision '(networking)) | |
913 | (requirement '(user-processes dbus-system loopback)) | |
914 | (start #~(make-forkexec-constructor | |
915 | (list (string-append #$wicd "/sbin/wicd") | |
916 | "--no-daemon"))) | |
917 | (stop #~(make-kill-destructor))))) | |
918 | ||
919 | (define wicd-service-type | |
920 | (service-type (name 'wicd) | |
921 | (extensions | |
d4053c71 AK |
922 | (list (service-extension shepherd-root-service-type |
923 | wicd-shepherd-service) | |
0adfe95a LC |
924 | (service-extension dbus-root-service-type |
925 | list) | |
926 | (service-extension activation-service-type | |
87f40011 LC |
927 | (const %wicd-activation)) |
928 | ||
929 | ;; Add Wicd to the global profile. | |
3f0de257 LC |
930 | (service-extension profile-service-type list))) |
931 | (description | |
932 | "Run @url{https://launchpad.net/wicd,Wicd}, a network | |
933 | management daemon that aims to simplify wired and wireless networking."))) | |
4627a464 | 934 | |
b7d0c494 MW |
935 | (define* (wicd-service #:key (wicd wicd)) |
936 | "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network | |
87f40011 LC |
937 | management daemon that aims to simplify wired and wireless networking. |
938 | ||
939 | This service adds the @var{wicd} package to the global profile, providing | |
940 | several commands to interact with the daemon and configure networking: | |
941 | @command{wicd-client}, a graphical user interface, and the @command{wicd-cli} | |
942 | and @command{wicd-curses} user interfaces." | |
0adfe95a | 943 | (service wicd-service-type wicd)) |
b7d0c494 | 944 | |
7234ad4f | 945 | \f |
d94e81db DM |
946 | ;;; |
947 | ;;; ModemManager | |
948 | ;;; | |
949 | ||
950 | (define-record-type* <modem-manager-configuration> | |
951 | modem-manager-configuration make-modem-manager-configuration | |
952 | modem-manager-configuration? | |
953 | (modem-manager modem-manager-configuration-modem-manager | |
954 | (default modem-manager))) | |
955 | ||
956 | \f | |
7234ad4f SB |
957 | ;;; |
958 | ;;; NetworkManager | |
959 | ;;; | |
960 | ||
b726096b CB |
961 | (define-record-type* <network-manager-configuration> |
962 | network-manager-configuration make-network-manager-configuration | |
963 | network-manager-configuration? | |
964 | (network-manager network-manager-configuration-network-manager | |
965 | (default network-manager)) | |
966 | (dns network-manager-configuration-dns | |
94d2a250 LC |
967 | (default "default")) |
968 | (vpn-plugins network-manager-vpn-plugins ;list of <package> | |
969 | (default '()))) | |
b726096b | 970 | |
57c16c97 FP |
971 | (define network-manager-activation |
972 | ;; Activation gexp for NetworkManager | |
973 | (match-lambda | |
974 | (($ <network-manager-configuration> network-manager dns vpn-plugins) | |
975 | #~(begin | |
976 | (use-modules (guix build utils)) | |
977 | (mkdir-p "/etc/NetworkManager/system-connections") | |
978 | #$@(if (equal? dns "dnsmasq") | |
979 | ;; create directory to store dnsmasq lease file | |
980 | '((mkdir-p "/var/lib/misc")) | |
981 | '()))))) | |
7234ad4f | 982 | |
94d2a250 LC |
983 | (define (vpn-plugin-directory plugins) |
984 | "Return a directory containing PLUGINS, the NM VPN plugins." | |
985 | (directory-union "network-manager-vpn-plugins" plugins)) | |
986 | ||
987 | (define network-manager-environment | |
988 | (match-lambda | |
989 | (($ <network-manager-configuration> network-manager dns vpn-plugins) | |
990 | ;; Define this variable in the global environment such that | |
991 | ;; "nmcli connection import type openvpn file foo.ovpn" works. | |
992 | `(("NM_VPN_PLUGIN_DIR" | |
993 | . ,(file-append (vpn-plugin-directory vpn-plugins) | |
994 | "/lib/NetworkManager/VPN")))))) | |
995 | ||
b726096b CB |
996 | (define network-manager-shepherd-service |
997 | (match-lambda | |
94d2a250 LC |
998 | (($ <network-manager-configuration> network-manager dns vpn-plugins) |
999 | (let ((conf (plain-file "NetworkManager.conf" | |
1000 | (string-append "[main]\ndns=" dns "\n"))) | |
1001 | (vpn (vpn-plugin-directory vpn-plugins))) | |
1002 | (list (shepherd-service | |
1003 | (documentation "Run the NetworkManager.") | |
1004 | (provision '(networking)) | |
1005 | (requirement '(user-processes dbus-system wpa-supplicant loopback)) | |
1006 | (start #~(make-forkexec-constructor | |
1007 | (list (string-append #$network-manager | |
1008 | "/sbin/NetworkManager") | |
1009 | (string-append "--config=" #$conf) | |
1010 | "--no-daemon") | |
1011 | #:environment-variables | |
1012 | (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn | |
4efdede2 JL |
1013 | "/lib/NetworkManager/VPN") |
1014 | ;; Override non-existent default users | |
1015 | "NM_OPENVPN_USER=" | |
1016 | "NM_OPENVPN_GROUP="))) | |
94d2a250 | 1017 | (stop #~(make-kill-destructor)))))))) |
7234ad4f SB |
1018 | |
1019 | (define network-manager-service-type | |
b726096b | 1020 | (let |
40557aea | 1021 | ((config->packages |
b726096b | 1022 | (match-lambda |
40557aea JL |
1023 | (($ <network-manager-configuration> network-manager _ vpn-plugins) |
1024 | `(,network-manager ,@vpn-plugins))))) | |
b726096b CB |
1025 | |
1026 | (service-type | |
1027 | (name 'network-manager) | |
1028 | (extensions | |
1029 | (list (service-extension shepherd-root-service-type | |
1030 | network-manager-shepherd-service) | |
40557aea JL |
1031 | (service-extension dbus-root-service-type config->packages) |
1032 | (service-extension polkit-service-type | |
1033 | (compose | |
1034 | list | |
1035 | network-manager-configuration-network-manager)) | |
b726096b | 1036 | (service-extension activation-service-type |
57c16c97 | 1037 | network-manager-activation) |
94d2a250 LC |
1038 | (service-extension session-environment-service-type |
1039 | network-manager-environment) | |
b726096b | 1040 | ;; Add network-manager to the system profile. |
40557aea | 1041 | (service-extension profile-service-type config->packages))) |
3f0de257 LC |
1042 | (default-value (network-manager-configuration)) |
1043 | (description | |
1044 | "Run @uref{https://wiki.gnome.org/Projects/NetworkManager, | |
1045 | NetworkManager}, a network management daemon that aims to simplify wired and | |
1046 | wireless networking.")))) | |
7234ad4f | 1047 | |
76192896 EF |
1048 | \f |
1049 | ;;; | |
1050 | ;;; Connman | |
1051 | ;;; | |
1052 | ||
34d60c49 MO |
1053 | (define-record-type* <connman-configuration> |
1054 | connman-configuration make-connman-configuration | |
1055 | connman-configuration? | |
1056 | (connman connman-configuration-connman | |
1057 | (default connman)) | |
1058 | (disable-vpn? connman-configuration-disable-vpn? | |
1059 | (default #f))) | |
1060 | ||
1061 | (define (connman-activation config) | |
1062 | (let ((disable-vpn? (connman-configuration-disable-vpn? config))) | |
1063 | (with-imported-modules '((guix build utils)) | |
1064 | #~(begin | |
1065 | (use-modules (guix build utils)) | |
1066 | (mkdir-p "/var/lib/connman/") | |
1067 | (unless #$disable-vpn? | |
1068 | (mkdir-p "/var/lib/connman-vpn/")))))) | |
1069 | ||
1070 | (define (connman-shepherd-service config) | |
76192896 | 1071 | "Return a shepherd service for Connman" |
34d60c49 MO |
1072 | (and |
1073 | (connman-configuration? config) | |
1074 | (let ((connman (connman-configuration-connman config)) | |
1075 | (disable-vpn? (connman-configuration-disable-vpn? config))) | |
1076 | (list (shepherd-service | |
1077 | (documentation "Run Connman") | |
1078 | (provision '(networking)) | |
1079 | (requirement | |
1080 | '(user-processes dbus-system loopback wpa-supplicant)) | |
1081 | (start #~(make-forkexec-constructor | |
1082 | (list (string-append #$connman | |
1083 | "/sbin/connmand") | |
1084 | "-n" "-r" | |
06e5c3af LC |
1085 | #$@(if disable-vpn? '("--noplugin=vpn") '())) |
1086 | ||
1087 | ;; As connman(8) notes, when passing '-n', connman | |
1088 | ;; "directs log output to the controlling terminal in | |
1089 | ;; addition to syslog." Redirect stdout and stderr | |
1090 | ;; to avoid spamming the console (XXX: for some reason | |
1091 | ;; redirecting to /dev/null doesn't work.) | |
1092 | #:log-file "/var/log/connman.log")) | |
34d60c49 | 1093 | (stop #~(make-kill-destructor))))))) |
76192896 EF |
1094 | |
1095 | (define connman-service-type | |
34d60c49 MO |
1096 | (let ((connman-package (compose list connman-configuration-connman))) |
1097 | (service-type (name 'connman) | |
1098 | (extensions | |
1099 | (list (service-extension shepherd-root-service-type | |
1100 | connman-shepherd-service) | |
d8ac7987 EF |
1101 | (service-extension polkit-service-type |
1102 | connman-package) | |
34d60c49 MO |
1103 | (service-extension dbus-root-service-type |
1104 | connman-package) | |
1105 | (service-extension activation-service-type | |
1106 | connman-activation) | |
1107 | ;; Add connman to the system profile. | |
1108 | (service-extension profile-service-type | |
3f0de257 | 1109 | connman-package))) |
9b0e5146 | 1110 | (default-value (connman-configuration)) |
3f0de257 LC |
1111 | (description |
1112 | "Run @url{https://01.org/connman,Connman}, | |
1113 | a network connection manager.")))) | |
2cccbc2a TČ |
1114 | |
1115 | \f | |
d94e81db DM |
1116 | ;;; |
1117 | ;;; Modem manager | |
1118 | ;;; | |
1119 | ||
1120 | (define modem-manager-service-type | |
1121 | (let ((config->package | |
1122 | (match-lambda | |
1123 | (($ <modem-manager-configuration> modem-manager) | |
1124 | (list modem-manager))))) | |
1125 | (service-type (name 'modem-manager) | |
1126 | (extensions | |
1127 | (list (service-extension dbus-root-service-type | |
1128 | config->package) | |
1129 | (service-extension udev-service-type | |
1130 | config->package) | |
1131 | (service-extension polkit-service-type | |
1132 | config->package))) | |
1133 | (default-value (modem-manager-configuration)) | |
1134 | (description | |
1135 | "Run @uref{https://wiki.gnome.org/Projects/ModemManager, | |
1136 | ModemManager}, a modem management daemon that aims to simplify dialup | |
1137 | networking.")))) | |
1138 | ||
1139 | \f | |
f5be5104 FP |
1140 | ;;; |
1141 | ;;; USB_ModeSwitch | |
1142 | ;;; | |
1143 | ||
1144 | (define-record-type* <usb-modeswitch-configuration> | |
1145 | usb-modeswitch-configuration make-usb-modeswitch-configuration | |
1146 | usb-modeswitch-configuration? | |
1147 | (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch | |
1148 | (default usb-modeswitch)) | |
1149 | (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data | |
1150 | (default usb-modeswitch-data)) | |
1151 | (config-file usb-modeswitch-configuration-config-file | |
1152 | (default #~(string-append #$usb-modeswitch:dispatcher | |
1153 | "/etc/usb_modeswitch.conf")))) | |
1154 | ||
1155 | (define (usb-modeswitch-sh usb-modeswitch config-file) | |
1156 | "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH, | |
1157 | modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher, | |
1158 | and wrap it to actually find the dispatcher in USB-MODESWITCH. The script | |
1159 | will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB | |
1160 | device is detected." | |
1161 | (computed-file | |
1162 | "usb_modeswitch-sh" | |
1163 | (with-imported-modules '((guix build utils)) | |
1164 | #~(begin | |
1165 | (use-modules (guix build utils)) | |
1166 | (let ((cfg-param | |
1167 | #$(if config-file | |
1168 | #~(string-append " --config-file=" #$config-file) | |
1169 | ""))) | |
1170 | (mkdir #$output) | |
1171 | (install-file (string-append #$usb-modeswitch:dispatcher | |
1172 | "/lib/udev/usb_modeswitch") | |
1173 | #$output) | |
1174 | ||
1175 | ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines | |
1176 | (substitute* (string-append #$output "/usb_modeswitch") | |
1177 | (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right) | |
1178 | (string-append left cfg-param right)) | |
1179 | (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right) | |
1180 | (string-append left cfg-param right))) | |
1181 | ||
1182 | ;; wrap-program needs bash in PATH: | |
1183 | (putenv (string-append "PATH=" #$bash "/bin")) | |
1184 | (wrap-program (string-append #$output "/usb_modeswitch") | |
1185 | `("PATH" ":" = (,(string-append #$coreutils "/bin") | |
1186 | ,(string-append | |
1187 | #$usb-modeswitch:dispatcher | |
1188 | "/bin"))))))))) | |
1189 | ||
1190 | (define (usb-modeswitch-configuration->udev-rules config) | |
1191 | "Build a rules file for extending udev-service-type from the rules in the | |
1192 | usb-modeswitch package specified in CONFIG. The rules file will invoke | |
1193 | usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right | |
1194 | config file." | |
1195 | (match config | |
1196 | (($ <usb-modeswitch-configuration> usb-modeswitch data config-file) | |
1197 | (computed-file | |
1198 | "usb_modeswitch.rules" | |
1199 | (with-imported-modules '((guix build utils)) | |
1200 | #~(begin | |
1201 | (use-modules (guix build utils)) | |
1202 | (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules")) | |
1203 | (out (string-append #$output "/lib/udev/rules.d")) | |
1204 | (script #$(usb-modeswitch-sh usb-modeswitch config-file))) | |
1205 | (mkdir-p out) | |
1206 | (chdir out) | |
1207 | (install-file in out) | |
1208 | (substitute* "40-usb_modeswitch.rules" | |
1209 | (("PROGRAM=\"usb_modeswitch") | |
1210 | (string-append "PROGRAM=\"" script "/usb_modeswitch")) | |
1211 | (("RUN\\+=\"usb_modeswitch") | |
1212 | (string-append "RUN+=\"" script "/usb_modeswitch")))))))))) | |
1213 | ||
1214 | (define usb-modeswitch-service-type | |
1215 | (service-type | |
1216 | (name 'usb-modeswitch) | |
1217 | (extensions | |
1218 | (list | |
1219 | (service-extension | |
1220 | udev-service-type | |
1221 | (lambda (config) | |
1222 | (let ((rules (usb-modeswitch-configuration->udev-rules config))) | |
1223 | (list rules)))))) | |
1224 | (default-value (usb-modeswitch-configuration)) | |
1225 | (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/, | |
1226 | USB_ModeSwitch}, a mode switching tool for controlling USB devices with | |
1227 | multiple @dfn{modes}. When plugged in for the first time many USB | |
1228 | devices (primarily high-speed WAN modems) act like a flash storage containing | |
1229 | installers for Windows drivers. USB_ModeSwitch replays the sequence the | |
1230 | Windows drivers would send to switch their mode from storage to modem (or | |
1231 | whatever the thing is supposed to do)."))) | |
1232 | ||
1233 | \f | |
2cccbc2a TČ |
1234 | ;;; |
1235 | ;;; WPA supplicant | |
1236 | ;;; | |
1237 | ||
acce0a47 MB |
1238 | (define-record-type* <wpa-supplicant-configuration> |
1239 | wpa-supplicant-configuration make-wpa-supplicant-configuration | |
1240 | wpa-supplicant-configuration? | |
1241 | (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package> | |
1242 | (default wpa-supplicant)) | |
1243 | (pid-file wpa-supplicant-configuration-pid-file ;string | |
1244 | (default "/var/run/wpa_supplicant.pid")) | |
1245 | (dbus? wpa-supplicant-configuration-dbus? ;Boolean | |
1246 | (default #t)) | |
1247 | (interface wpa-supplicant-configuration-interface ;#f | string | |
1248 | (default #f)) | |
1249 | (config-file wpa-supplicant-configuration-config-file ;#f | <file-like> | |
1250 | (default #f)) | |
1251 | (extra-options wpa-supplicant-configuration-extra-options ;list of strings | |
1252 | (default '()))) | |
1253 | ||
1254 | (define wpa-supplicant-shepherd-service | |
1255 | (match-lambda | |
1256 | (($ <wpa-supplicant-configuration> wpa-supplicant pid-file dbus? interface | |
1257 | config-file extra-options) | |
1258 | (list (shepherd-service | |
1259 | (documentation "Run the WPA supplicant daemon") | |
1260 | (provision '(wpa-supplicant)) | |
177bc62d | 1261 | (requirement '(user-processes dbus-system loopback syslogd)) |
acce0a47 MB |
1262 | (start #~(make-forkexec-constructor |
1263 | (list (string-append #$wpa-supplicant | |
1264 | "/sbin/wpa_supplicant") | |
1265 | (string-append "-P" #$pid-file) | |
1266 | "-B" ;run in background | |
177bc62d | 1267 | "-s" ;log to syslogd |
acce0a47 MB |
1268 | #$@(if dbus? |
1269 | #~("-u") | |
1270 | #~()) | |
1271 | #$@(if interface | |
3d472b5e | 1272 | #~((string-append "-i" #$interface)) |
acce0a47 MB |
1273 | #~()) |
1274 | #$@(if config-file | |
3d472b5e | 1275 | #~((string-append "-c" #$config-file)) |
acce0a47 MB |
1276 | #~()) |
1277 | #$@extra-options) | |
1278 | #:pid-file #$pid-file)) | |
1279 | (stop #~(make-kill-destructor))))))) | |
2cccbc2a TČ |
1280 | |
1281 | (define wpa-supplicant-service-type | |
acce0a47 MB |
1282 | (let ((config->package |
1283 | (match-lambda | |
1284 | (($ <wpa-supplicant-configuration> wpa-supplicant) | |
1285 | (list wpa-supplicant))))) | |
1286 | (service-type (name 'wpa-supplicant) | |
1287 | (extensions | |
1288 | (list (service-extension shepherd-root-service-type | |
1289 | wpa-supplicant-shepherd-service) | |
1290 | (service-extension dbus-root-service-type config->package) | |
1291 | (service-extension profile-service-type config->package))) | |
1292 | (description "Run the WPA Supplicant daemon, a service that | |
1293 | implements authentication, key negotiation and more for wireless networks.") | |
1294 | (default-value (wpa-supplicant-configuration))))) | |
2cccbc2a | 1295 | |
c32d02fe SB |
1296 | \f |
1297 | ;;; | |
1298 | ;;; Open vSwitch | |
1299 | ;;; | |
1300 | ||
1301 | (define-record-type* <openvswitch-configuration> | |
1302 | openvswitch-configuration make-openvswitch-configuration | |
1303 | openvswitch-configuration? | |
1304 | (package openvswitch-configuration-package | |
1305 | (default openvswitch))) | |
1306 | ||
1307 | (define openvswitch-activation | |
1308 | (match-lambda | |
1309 | (($ <openvswitch-configuration> package) | |
1310 | (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool"))) | |
1311 | (with-imported-modules '((guix build utils)) | |
1312 | #~(begin | |
1313 | (use-modules (guix build utils)) | |
1314 | (mkdir-p "/var/run/openvswitch") | |
1315 | (mkdir-p "/var/lib/openvswitch") | |
1316 | (let ((conf.db "/var/lib/openvswitch/conf.db")) | |
1317 | (unless (file-exists? conf.db) | |
1318 | (system* #$ovsdb-tool "create" conf.db))))))))) | |
1319 | ||
1320 | (define openvswitch-shepherd-service | |
1321 | (match-lambda | |
1322 | (($ <openvswitch-configuration> package) | |
1323 | (let ((ovsdb-server (file-append package "/sbin/ovsdb-server")) | |
1324 | (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd"))) | |
1325 | (list | |
1326 | (shepherd-service | |
1327 | (provision '(ovsdb)) | |
1328 | (documentation "Run the Open vSwitch database server.") | |
1329 | (start #~(make-forkexec-constructor | |
1330 | (list #$ovsdb-server "--pidfile" | |
1331 | "--remote=punix:/var/run/openvswitch/db.sock") | |
1332 | #:pid-file "/var/run/openvswitch/ovsdb-server.pid")) | |
1333 | (stop #~(make-kill-destructor))) | |
1334 | (shepherd-service | |
1335 | (provision '(vswitchd)) | |
1336 | (requirement '(ovsdb)) | |
1337 | (documentation "Run the Open vSwitch daemon.") | |
1338 | (start #~(make-forkexec-constructor | |
1339 | (list #$ovs-vswitchd "--pidfile") | |
1340 | #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid")) | |
1341 | (stop #~(make-kill-destructor)))))))) | |
1342 | ||
1343 | (define openvswitch-service-type | |
1344 | (service-type | |
1345 | (name 'openvswitch) | |
1346 | (extensions | |
1347 | (list (service-extension activation-service-type | |
1348 | openvswitch-activation) | |
1349 | (service-extension profile-service-type | |
1350 | (compose list openvswitch-configuration-package)) | |
1351 | (service-extension shepherd-root-service-type | |
3f0de257 LC |
1352 | openvswitch-shepherd-service))) |
1353 | (description | |
1354 | "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual | |
1355 | switch designed to enable massive network automation through programmatic | |
e73ded3c MB |
1356 | extension.") |
1357 | (default-value (openvswitch-configuration)))) | |
c32d02fe | 1358 | |
9926b8f8 AI |
1359 | ;;; |
1360 | ;;; iptables | |
1361 | ;;; | |
1362 | ||
1363 | (define %iptables-accept-all-rules | |
1364 | (plain-file "iptables-accept-all.rules" | |
1365 | "*filter | |
1366 | :INPUT ACCEPT | |
1367 | :FORWARD ACCEPT | |
1368 | :OUTPUT ACCEPT | |
1369 | COMMIT | |
1370 | ")) | |
1371 | ||
1372 | (define-record-type* <iptables-configuration> | |
1373 | iptables-configuration make-iptables-configuration iptables-configuration? | |
1374 | (iptables iptables-configuration-iptables | |
1375 | (default iptables)) | |
1376 | (ipv4-rules iptables-configuration-ipv4-rules | |
1377 | (default %iptables-accept-all-rules)) | |
1378 | (ipv6-rules iptables-configuration-ipv6-rules | |
1379 | (default %iptables-accept-all-rules))) | |
1380 | ||
1381 | (define iptables-shepherd-service | |
1382 | (match-lambda | |
1383 | (($ <iptables-configuration> iptables ipv4-rules ipv6-rules) | |
1384 | (let ((iptables-restore (file-append iptables "/sbin/iptables-restore")) | |
1385 | (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore"))) | |
1386 | (shepherd-service | |
1387 | (documentation "Packet filtering framework") | |
1388 | (provision '(iptables)) | |
1389 | (start #~(lambda _ | |
1390 | (invoke #$iptables-restore #$ipv4-rules) | |
1391 | (invoke #$ip6tables-restore #$ipv6-rules))) | |
1392 | (stop #~(lambda _ | |
1393 | (invoke #$iptables-restore #$%iptables-accept-all-rules) | |
1394 | (invoke #$ip6tables-restore #$%iptables-accept-all-rules)))))))) | |
1395 | ||
1396 | (define iptables-service-type | |
1397 | (service-type | |
1398 | (name 'iptables) | |
1399 | (description | |
1400 | "Run @command{iptables-restore}, setting up the specified rules.") | |
1401 | (extensions | |
1402 | (list (service-extension shepherd-root-service-type | |
1403 | (compose list iptables-shepherd-service)))))) | |
1404 | ||
db4fdc04 | 1405 | ;;; networking.scm ends here |