HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
services: ntp: Support different NTP server types and options.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
65a67bf7 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
16718b67 4;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
acce0a47 8;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
9926b8f8 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
f5be5104 12;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
40557aea 13;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
db4fdc04
LC		 14;;;
15;;; This file is part of GNU Guix.
16;;;
17;;; GNU Guix is free software; you can redistribute it and/or modify it
18;;; under the terms of the GNU General Public License as published by
19;;; the Free Software Foundation; either version 3 of the License, or (at
20;;; your option) any later version.
21;;;
22;;; GNU Guix is distributed in the hope that it will be useful, but
23;;; WITHOUT ANY WARRANTY; without even the implied warranty of
24;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25;;; GNU General Public License for more details.
26;;;
27;;; You should have received a copy of the GNU General Public License
28;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
29
30(define-module (gnu services networking)
31 #:use-module (gnu services)
c9436025 32 #:use-module (gnu services base)
0190c1c0 33 #:use-module (gnu services shepherd)
0adfe95a 34 #:use-module (gnu services dbus)
927097ef 35 #:use-module (gnu system shadow)
6e828634 36 #:use-module (gnu system pam)
db4fdc04 37 #:use-module (gnu packages admin)
f5be5104
FP		 38 #:use-module (gnu packages base)
39 #:use-module (gnu packages bash)
76192896 40 #:use-module (gnu packages connman)
d94e81db 41 #:use-module (gnu packages freedesktop)
db4fdc04 42 #:use-module (gnu packages linux)
927097ef 43 #:use-module (gnu packages tor)
f5be5104 44 #:use-module (gnu packages usb-modeswitch)
4627a464 45 #:use-module (gnu packages messaging)
c32d02fe 46 #:use-module (gnu packages networking)
63854bcb 47 #:use-module (gnu packages ntp)
b7d0c494 48 #:use-module (gnu packages wicd)
7234ad4f 49 #:use-module (gnu packages gnome)
b5f4e686 50 #:use-module (guix gexp)
0adfe95a 51 #:use-module (guix records)
a062b6ca 52 #:use-module (guix modules)
65a67bf7 53 #:use-module (guix deprecation)
5658ae8a 54 #:use-module (rnrs enums)
6331bde7
LC		 55 #:use-module (srfi srfi-1)
56 #:use-module (srfi srfi-9)
63854bcb 57 #:use-module (srfi srfi-26)
0adfe95a 58 #:use-module (ice-9 match)
70ab130a
DM		 59 #:re-export (static-networking-service
60 static-networking-service-type)
fa0c1d61 61 #:export (%facebook-host-aliases
a023cca8 62 dhcp-client-service
39d7fdce 63 dhcp-client-service-type
f1104d90
CM		 64
65 dhcpd-service-type
66 dhcpd-configuration
67 dhcpd-configuration?
68 dhcpd-configuration-package
69 dhcpd-configuration-config-file
70 dhcpd-configuration-version
71 dhcpd-configuration-run-directory
72 dhcpd-configuration-lease-file
73 dhcpd-configuration-pid-file
74 dhcpd-configuration-interfaces
75
24e96431
 76 ntp-configuration
77 ntp-configuration?
5658ae8a
MC		 78 ntp-configuration-ntp
79 ntp-configuration-servers
80 ntp-allow-large-adjustment?
81
82 %ntp-servers
83 ntp-server
84 ntp-server-type
85 ntp-server-address
86 ntp-server-options
87
63854bcb 88 ntp-service
24e96431
 89 ntp-service-type
90
5658ae8a 91 %openntpd-servers
16718b67
EF		 92 openntpd-configuration
93 openntpd-configuration?
94 openntpd-service-type
95
9260b9d1
TD		 96 inetd-configuration
97 inetd-entry
98 inetd-service-type
99
24e96431
 100 tor-configuration
101 tor-configuration?
6331bde7 102 tor-hidden-service
4627a464 103 tor-service
24e96431
 104 tor-service-type
105
e48fcd7b 106 wicd-service-type
7234ad4f 107 wicd-service
b726096b
CB		 108
109 network-manager-configuration
110 network-manager-configuration?
111 network-manager-configuration-dns
112 network-manager-service-type
113
34d60c49
MO		 114 connman-configuration
115 connman-configuration?
116 connman-service-type
117
d94e81db
DM		 118 modem-manager-configuration
119 modem-manager-configuration?
120 modem-manager-service-type
acce0a47 121
f5be5104
FP		 122 usb-modeswitch-configuration
123 usb-modeswitch-configuration?
124 usb-modeswitch-configuration-usb-modeswitch
125 usb-modeswitch-configuration-usb-modeswitch-data
126 usb-modeswitch-service-type
127
acce0a47
MB		 128 <wpa-supplicant-configuration>
129 wpa-supplicant-configuration
130 wpa-supplicant-configuration?
131 wpa-supplicant-configuration-wpa-supplicant
132 wpa-supplicant-configuration-pid-file
133 wpa-supplicant-configuration-dbus?
134 wpa-supplicant-configuration-interface
135 wpa-supplicant-configuration-config-file
136 wpa-supplicant-configuration-extra-options
c32d02fe
SB		 137 wpa-supplicant-service-type
138
139 openvswitch-service-type
9926b8f8
AI		 140 openvswitch-configuration
141
142 iptables-configuration
143 iptables-configuration?
144 iptables-configuration-iptables
145 iptables-configuration-ipv4-rules
146 iptables-configuration-ipv6-rules
147 iptables-service-type))
db4fdc04
LC		 148
149;;; Commentary:
150;;;
151;;; Networking services.
152;;;
153;;; Code:
154
fa0c1d61
LC		 155(define %facebook-host-aliases
156 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
157 ;; are to block it.
158 "\
159# Block Facebook IPv4.
160127.0.0.1 www.facebook.com
161127.0.0.1 facebook.com
162127.0.0.1 login.facebook.com
163127.0.0.1 www.login.facebook.com
164127.0.0.1 fbcdn.net
165127.0.0.1 www.fbcdn.net
166127.0.0.1 fbcdn.com
167127.0.0.1 www.fbcdn.com
168127.0.0.1 static.ak.fbcdn.net
169127.0.0.1 static.ak.connect.facebook.com
170127.0.0.1 connect.facebook.net
171127.0.0.1 www.connect.facebook.net
172127.0.0.1 apps.facebook.com
173
174# Block Facebook IPv6.
175fe80::1%lo0 facebook.com
176fe80::1%lo0 login.facebook.com
177fe80::1%lo0 www.login.facebook.com
178fe80::1%lo0 fbcdn.net
179fe80::1%lo0 www.fbcdn.net
180fe80::1%lo0 fbcdn.com
181fe80::1%lo0 www.fbcdn.com
182fe80::1%lo0 static.ak.fbcdn.net
183fe80::1%lo0 static.ak.connect.facebook.com
184fe80::1%lo0 connect.facebook.net
185fe80::1%lo0 www.connect.facebook.net
186fe80::1%lo0 apps.facebook.com\n")
187
0adfe95a 188(define dhcp-client-service-type
d4053c71 189 (shepherd-service-type
00184239 190 'dhcp-client
0adfe95a
LC		 191 (lambda (dhcp)
192 (define dhclient
9e41130b 193 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 194
195 (define pid-file
196 "/var/run/dhclient.pid")
197
d4053c71 198 (shepherd-service
0adfe95a
LC		 199 (documentation "Set up networking via DHCP.")
200 (requirement '(user-processes udev))
201
202 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
203 ;; networking is unavailable, but also means that the interface is not up
204 ;; yet when 'start' completes. To wait for the interface to be ready, one
205 ;; should instead monitor udev events.
206 (provision '(networking))
207
208 (start #~(lambda _
209 ;; When invoked without any arguments, 'dhclient' discovers all
210 ;; non-loopback interfaces *that are up*. However, the relevant
211 ;; interfaces are typically down at this point. Thus we perform
212 ;; our own interface discovery here.
213 (define valid?
6c2180f5
MB		 214 (lambda (interface)
215 (and (arp-network-interface? interface)
216 (not (loopback-network-interface? interface)))))
0adfe95a
LC		 217 (define ifaces
218 (filter valid? (all-network-interface-names)))
219
220 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
221 ;; actually send/receive over them.
222 (for-each set-network-interface-up ifaces)
223
224 (false-if-exception (delete-file #$pid-file))
225 (let ((pid (fork+exec-command
226 (cons* #$dhclient "-nw"
227 "-pf" #$pid-file ifaces))))
228 (and (zero? (cdr (waitpid pid)))
6f03b080 229 (read-pid-file #$pid-file)))))
39d7fdce
LC		 230 (stop #~(make-kill-destructor))))
231 isc-dhcp))
db4fdc04 232
65a67bf7
LC		 233(define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp))
234 dhcp-client-service-type
a023cca8
LC		 235 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
236Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 237 (service dhcp-client-service-type dhcp))
a023cca8 238
f1104d90
CM		 239(define-record-type* <dhcpd-configuration>
240 dhcpd-configuration make-dhcpd-configuration
241 dhcpd-configuration?
242 (package dhcpd-configuration-package ;<package>
243 (default isc-dhcp))
244 (config-file dhcpd-configuration-config-file ;file-like
245 (default #f))
246 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 247 (default "4"))
f1104d90
CM		 248 (run-directory dhcpd-configuration-run-directory
249 (default "/run/dhcpd"))
250 (lease-file dhcpd-configuration-lease-file
251 (default "/var/db/dhcpd.leases"))
252 (pid-file dhcpd-configuration-pid-file
253 (default "/run/dhcpd/dhcpd.pid"))
254 ;; list of strings, e.g. (list "enp0s25")
255 (interfaces dhcpd-configuration-interfaces
256 (default '())))
257
258(define dhcpd-shepherd-service
259 (match-lambda
260 (($ <dhcpd-configuration> package config-file version run-directory
261 lease-file pid-file interfaces)
262 (unless config-file
263 (error "Must supply a config-file"))
264 (list (shepherd-service
265 ;; Allow users to easily run multiple versions simultaneously.
266 (provision (list (string->symbol
267 (string-append "dhcpv" version "-daemon"))))
268 (documentation (string-append "Run the DHCPv" version " daemon"))
269 (requirement '(networking))
270 (start #~(make-forkexec-constructor
271 '(#$(file-append package "/sbin/dhcpd")
272 #$(string-append "-" version)
273 "-lf" #$lease-file
274 "-pf" #$pid-file
275 "-cf" #$config-file
276 #$@interfaces)
277 #:pid-file #$pid-file))
278 (stop #~(make-kill-destructor)))))))
279
280(define dhcpd-activation
281 (match-lambda
282 (($ <dhcpd-configuration> package config-file version run-directory
283 lease-file pid-file interfaces)
284 (with-imported-modules '((guix build utils))
285 #~(begin
286 (unless (file-exists? #$run-directory)
287 (mkdir #$run-directory))
288 ;; According to the DHCP manual (man dhcpd.leases), the lease
289 ;; database must be present for dhcpd to start successfully.
290 (unless (file-exists? #$lease-file)
291 (with-output-to-file #$lease-file
292 (lambda _ (display ""))))
293 ;; Validate the config.
294 (invoke
295 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
296 #$config-file))))))
297
298(define dhcpd-service-type
299 (service-type
300 (name 'dhcpd)
301 (extensions
302 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
303 (service-extension activation-service-type dhcpd-activation)))))
304
0adfe95a
LC		 305\f
306;;;
307;;; NTP.
308;;;
309
5658ae8a
MC		 310(define ntp-server-types (make-enumeration
311 '(pool
312 server
313 peer
314 broadcast
315 manycastclient)))
316
317(define-record-type* <ntp-server>
318 ntp-server make-ntp-server
319 ntp-server?
320 ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration.
321 (type ntp-server-type
322 (default 'server))
323 (address ntp-server-address) ; a string
324 ;; The list of options can contain single option names or tuples in the form
325 ;; '(name value).
326 (options ntp-server-options
327 (default '())))
328
329(define (ntp-server->string ntp-server)
330 ;; Serialize the NTP server object as a string, ready to use in the NTP
331 ;; configuration file.
332 (define (flatten lst)
333 (reverse
334 (let loop ((x lst)
335 (res '()))
336 (if (list? x)
337 (fold loop res x)
338 (cons (format #f "~s" x) res)))))
339
340 (match ntp-server
341 (($ <ntp-server> type address options)
342 ;; XXX: It'd be neater if fields were validated at the syntax level (for
343 ;; static ones at least). Perhaps the Guix record type could support a
344 ;; predicate property on a field?
345 (unless (enum-set-member? type ntp-server-types)
346 (error "Invalid NTP server type" type))
347 (string-join (cons* (symbol->string type)
348 address
349 (flatten options))))))
350
351(define %ntp-servers
352 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
353 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
354 ;; for this NTP pool "zone".
355 (list
356 (ntp-server
357 (type 'pool)
358 (address "0.guix.pool.ntp.org")
359 (options '("iburst"))))) ;as recommended in the ntpd manual
360
0adfe95a
LC		 361(define-record-type* <ntp-configuration>
362 ntp-configuration make-ntp-configuration
363 ntp-configuration?
364 (ntp ntp-configuration-ntp
365 (default ntp))
5658ae8a 366 (servers %ntp-configuration-servers ;list of <ntp-server> objects
64791eb7 367 (default %ntp-servers))
dc0322b5 368 (allow-large-adjustment? ntp-allow-large-adjustment?
08b4a10f 369 (default #t))) ;as recommended in the ntpd manual
0adfe95a 370
5658ae8a
MC		 371(define (ntp-configuration-servers ntp-configuration)
372 ;; A wrapper to support the deprecated form of this field.
373 (let ((ntp-servers (%ntp-configuration-servers ntp-configuration)))
374 (match ntp-servers
375 (((? string?) (? string?) ...)
376 (format (current-error-port) "warning: Defining NTP servers as strings is \
377deprecated. Please use <ntp-server> records instead.\n")
378 (map (lambda (addr)
379 (ntp-server
380 (type 'server)
381 (address addr)
382 (options '()))) ntp-servers))
383 ((($ <ntp-server>) ($ <ntp-server>) ...)
384 ntp-servers))))
385
d4053c71 386(define ntp-shepherd-service
0adfe95a 387 (match-lambda
dc0322b5 388 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
0adfe95a
LC		 389 (let ()
390 ;; TODO: Add authentication support.
391 (define config
1c6c0ad0 392 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
5658ae8a 393 (string-join (map ntp-server->string servers)
0adfe95a
LC		 394 "\n")
395 "
63854bcb
LC		 396# Disable status queries as a workaround for CVE-2013-5211:
397# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
d4de2f9e
MC		 398restrict default kod nomodify notrap nopeer noquery limited
399restrict -6 default kod nomodify notrap nopeer noquery limited
63854bcb
LC		 400
401# Yet, allow use of the local 'ntpq'.
402restrict 127.0.0.1
5658ae8a
MC		 403restrict -6 ::1
404
405# This is required to use servers from a pool directive when using the 'nopeer'
406# option by default, as documented in the 'ntp.conf' manual.
407restrict source notrap nomodify noquery\n"))
63854bcb 408
0adfe95a
LC		 409 (define ntpd.conf
410 (plain-file "ntpd.conf" config))
411
d4053c71 412 (list (shepherd-service
0adfe95a
LC		 413 (provision '(ntpd))
414 (documentation "Run the Network Time Protocol (NTP) daemon.")
415 (requirement '(user-processes networking))
416 (start #~(make-forkexec-constructor
417 (list (string-append #$ntp "/bin/ntpd") "-n"
dc0322b5
LC		 418 "-c" #$ntpd.conf "-u" "ntpd"
419 #$@(if allow-large-adjustment?
420 '("-g")
421 '()))))
0adfe95a
LC		 422 (stop #~(make-kill-destructor))))))))
423
424(define %ntp-accounts
425 (list (user-account
426 (name "ntpd")
427 (group "nogroup")
428 (system? #t)
429 (comment "NTP daemon user")
430 (home-directory "/var/empty")
9e41130b 431 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 432
1c6c0ad0
JD		 433
434(define (ntp-service-activation config)
435 "Return the activation gexp for CONFIG."
436 (with-imported-modules '((guix build utils))
437 #~(begin
e57bd0be 438 (use-modules (guix build utils))
1c6c0ad0
JD		 439 (define %user
440 (getpw "ntpd"))
441
442 (let ((directory "/var/run/ntpd"))
443 (mkdir-p directory)
444 (chown directory (passwd:uid %user) (passwd:gid %user))))))
445
0adfe95a
LC		 446(define ntp-service-type
447 (service-type (name 'ntp)
448 (extensions
d4053c71
AK		 449 (list (service-extension shepherd-root-service-type
450 ntp-shepherd-service)
0adfe95a 451 (service-extension account-service-type
1c6c0ad0
JD		 452 (const %ntp-accounts))
453 (service-extension activation-service-type
3f0de257
LC		 454 ntp-service-activation)))
455 (description
456 "Run the @command{ntpd}, the Network Time Protocol (NTP)
457daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
64791eb7
LC		 458will keep the system clock synchronized with that of the given servers.")
459 (default-value (ntp-configuration))))
0adfe95a 460
65a67bf7
LC		 461(define-deprecated (ntp-service #:key (ntp ntp)
462 (servers %ntp-servers)
463 allow-large-adjustment?)
464 ntp-service-type
0adfe95a
LC		 465 "Return a service that runs the daemon from @var{ntp}, the
466@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 467keep the system clock synchronized with that of @var{servers}.
468@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
469make an initial adjustment of more than 1,000 seconds."
0adfe95a 470 (service ntp-service-type
dc0322b5
LC		 471 (ntp-configuration (ntp ntp)
472 (servers servers)
473 (allow-large-adjustment?
474 allow-large-adjustment?))))
0adfe95a
LC		 475
476\f
16718b67
EF		 477;;;
478;;; OpenNTPD.
479;;;
480
5658ae8a
MC		 481(define %openntpd-servers
482 (map ntp-server-address %ntp-servers))
483
16718b67
EF		 484(define-record-type* <openntpd-configuration>
485 openntpd-configuration make-openntpd-configuration
486 openntpd-configuration?
487 (openntpd openntpd-configuration-openntpd
488 (default openntpd))
489 (listen-on openntpd-listen-on
490 (default '("127.0.0.1"
491 "::1")))
492 (query-from openntpd-query-from
493 (default '()))
494 (sensor openntpd-sensor
495 (default '()))
496 (server openntpd-server
16718b67 497 (default '()))
5658ae8a
MC		 498 (servers openntpd-servers
499 (default %openntpd-servers))
16718b67
EF		 500 (constraint-from openntpd-constraint-from
501 (default '()))
502 (constraints-from openntpd-constraints-from
503 (default '()))
504 (allow-large-adjustment? openntpd-allow-large-adjustment?
505 (default #f))) ; upstream default
506
507(define (openntpd-shepherd-service config)
508 (match-record config <openntpd-configuration>
509 (openntpd listen-on query-from sensor server servers constraint-from
510 constraints-from allow-large-adjustment?)
511 (let ()
512 (define config
513 (string-join
514 (filter-map
515 (lambda (field value)
516 (string-join
517 (map (cut string-append field <> "\n")
518 value)))
519 '("listen on " "query from " "sensor " "server " "servers "
520 "constraint from ")
521 (list listen-on query-from sensor server servers constraint-from))
522 ;; The 'constraints from' field needs to be enclosed in double quotes.
523 (string-join
524 (map (cut string-append "constraints from \"" <> "\"\n")
525 constraints-from))))
526
527 (define ntpd.conf
528 (plain-file "ntpd.conf" config))
529
530 (list (shepherd-service
531 (provision '(ntpd))
532 (documentation "Run the Network Time Protocol (NTP) daemon.")
533 (requirement '(user-processes networking))
534 (start #~(make-forkexec-constructor
535 (list (string-append #$openntpd "/sbin/ntpd")
536 "-f" #$ntpd.conf
537 "-d" ;; don't daemonize
538 #$@(if allow-large-adjustment?
539 '("-s")
540 '()))
541 ;; When ntpd is daemonized it repeatedly tries to respawn
542 ;; while running, leading shepherd to disable it. To
543 ;; prevent spamming stderr, redirect output to logfile.
544 #:log-file "/var/log/ntpd"))
545 (stop #~(make-kill-destructor)))))))
546
547(define (openntpd-service-activation config)
548 "Return the activation gexp for CONFIG."
549 (with-imported-modules '((guix build utils))
550 #~(begin
551 (use-modules (guix build utils))
552
553 (mkdir-p "/var/db")
554 (mkdir-p "/var/run")
555 (unless (file-exists? "/var/db/ntpd.drift")
556 (with-output-to-file "/var/db/ntpd.drift"
557 (lambda _
558 (format #t "0.0")))))))
559
560(define openntpd-service-type
561 (service-type (name 'openntpd)
562 (extensions
563 (list (service-extension shepherd-root-service-type
564 openntpd-shepherd-service)
565 (service-extension account-service-type
566 (const %ntp-accounts))
19f20f4f
EF		 567 (service-extension profile-service-type
568 (compose list openntpd-configuration-openntpd))
16718b67
EF		 569 (service-extension activation-service-type
570 openntpd-service-activation)))
571 (default-value (openntpd-configuration))
572 (description
573 "Run the @command{ntpd}, the Network Time Protocol (NTP)
574daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
575daemon will keep the system clock synchronized with that of the given servers.")))
576
577\f
9260b9d1
TD		 578;;;
579;;; Inetd.
580;;;
581
582(define-record-type* <inetd-configuration> inetd-configuration
583 make-inetd-configuration
584 inetd-configuration?
585 (program inetd-configuration-program ;file-like
586 (default (file-append inetutils "/libexec/inetd")))
587 (entries inetd-configuration-entries ;list of <inetd-entry>
588 (default '())))
589
590(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
591 inetd-entry?
592 (node inetd-entry-node ;string or #f
593 (default #f))
594 (name inetd-entry-name) ;string, from /etc/services
595
596 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
597 ;rdm | seqpacket
598 (protocol inetd-entry-protocol) ;string, from /etc/protocols
599
600 (wait? inetd-entry-wait? ;Boolean
601 (default #t))
602 (user inetd-entry-user) ;string
603
604 (program inetd-entry-program ;string or file-like object
605 (default "internal"))
606 (arguments inetd-entry-arguments ;list of strings or file-like objects
607 (default '())))
608
609(define (inetd-config-file entries)
610 (apply mixed-text-file "inetd.conf"
611 (map
612 (lambda (entry)
613 (let* ((node (inetd-entry-node entry))
614 (name (inetd-entry-name entry))
615 (socket
616 (if node (string-append node ":" name) name))
617 (type
618 (match (inetd-entry-socket-type entry)
619 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
620 (symbol->string (inetd-entry-socket-type entry)))))
621 (protocol (inetd-entry-protocol entry))
622 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
623 (user (inetd-entry-user entry))
624 (program (inetd-entry-program entry))
625 (args (inetd-entry-arguments entry)))
626 #~(string-append
627 (string-join
628 (list #$@(list socket type protocol wait user program) #$@args)
629 " ") "\n")))
630 entries)))
631
632(define inetd-shepherd-service
633 (match-lambda
634 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
635 (($ <inetd-configuration> program entries)
636 (list
637 (shepherd-service
638 (documentation "Run inetd.")
639 (provision '(inetd))
640 (requirement '(user-processes networking syslogd))
641 (start #~(make-forkexec-constructor
642 (list #$program #$(inetd-config-file entries))
643 #:pid-file "/var/run/inetd.pid"))
644 (stop #~(make-kill-destructor)))))))
645
646(define-public inetd-service-type
647 (service-type
648 (name 'inetd)
649 (extensions
650 (list (service-extension shepherd-root-service-type
651 inetd-shepherd-service)))
652
653 ;; The service can be extended with additional lists of entries.
654 (compose concatenate)
655 (extend (lambda (config entries)
656 (inetd-configuration
657 (inherit config)
658 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 659 entries)))))
660 (description
661 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
662for listening on Internet sockets and spawning the corresponding services on
663demand.")))
9260b9d1
TD		 664
665\f
0adfe95a
LC		 666;;;
667;;; Tor.
668;;;
669
6331bde7
LC		 670(define-record-type* <tor-configuration>
671 tor-configuration make-tor-configuration
672 tor-configuration?
673 (tor tor-configuration-tor
674 (default tor))
3d3c5650
LC		 675 (config-file tor-configuration-config-file
676 (default (plain-file "empty" "")))
6331bde7 677 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 678 (default '()))
679 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
680 (default 'tcp)))
6331bde7 681
0adfe95a
LC		 682(define %tor-accounts
683 ;; User account and groups for Tor.
684 (list (user-group (name "tor") (system? #t))
685 (user-account
686 (name "tor")
687 (group "tor")
688 (system? #t)
689 (comment "Tor daemon user")
690 (home-directory "/var/empty")
9e41130b 691 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 692
6331bde7
LC		 693(define-record-type <hidden-service>
694 (hidden-service name mapping)
695 hidden-service?
696 (name hidden-service-name) ;string
697 (mapping hidden-service-mapping)) ;list of port/address tuples
698
699(define (tor-configuration->torrc config)
700 "Return a 'torrc' file for CONFIG."
701 (match config
3bcb305b 702 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 703 (computed-file
704 "torrc"
4ee96a79
LC		 705 (with-imported-modules '((guix build utils))
706 #~(begin
707 (use-modules (guix build utils)
708 (ice-9 match))
709
710 (call-with-output-file #$output
711 (lambda (port)
712 (display "\
0975ca3f 713### These lines were generated from your system configuration:
5ee35eb7 714User tor
6629099a 715DataDirectory /var/lib/tor
5dfd80e1 716PidFile /var/run/tor/tor.pid
5ee35eb7 717Log notice syslog\n" port)
3bcb305b
CM		 718 (when (eq? 'unix '#$socks-socket-type)
719 (display "\
720SocksPort unix:/var/run/tor/socks-sock
721UnixSocksGroupWritable 1\n" port))
6331bde7 722
4ee96a79
LC		 723 (for-each (match-lambda
724 ((service (ports hosts) ...)
725 (format port "\
6629099a 726HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 727 service)
728 (for-each (lambda (tcp-port host)
729 (format port "\
6331bde7 730HiddenServicePort ~a ~a~%"
4ee96a79
LC		 731 tcp-port host))
732 ports hosts)))
733 '#$(map (match-lambda
734 (($ <hidden-service> name mapping)
735 (cons name mapping)))
736 services))
737
0975ca3f
TGR		 738 (display "\
739### End of automatically generated lines.\n\n" port)
740
4ee96a79
LC		 741 ;; Append the user's config file.
742 (call-with-input-file #$config-file
743 (lambda (input)
744 (dump-port input port)))
745 #t))))))))
6331bde7 746
d4053c71 747(define (tor-shepherd-service config)
5dfd80e1 748 "Return a <shepherd-service> running Tor."
375c6108 749 (match config
6331bde7
LC		 750 (($ <tor-configuration> tor)
751 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 752 (with-imported-modules (source-module-closure
753 '((gnu build shepherd)
754 (gnu system file-systems)))
755 (list (shepherd-service
756 (provision '(tor))
757
758 ;; Tor needs at least one network interface to be up, hence the
759 ;; dependency on 'loopback'.
760 (requirement '(user-processes loopback syslogd))
761
762 (modules '((gnu build shepherd)
763 (gnu system file-systems)))
764
765 (start #~(make-forkexec-constructor/container
766 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
767
768 #:mappings (list (file-system-mapping
769 (source "/var/lib/tor")
770 (target source)
771 (writable? #t))
772 (file-system-mapping
773 (source "/dev/log") ;for syslog
5dfd80e1
CM		 774 (target source))
775 (file-system-mapping
776 (source "/var/run/tor")
777 (target source)
778 (writable? #t)))
779 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 780 (stop #~(make-kill-destructor))
781 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 782
d973915e 783(define (tor-activation config)
5dfd80e1 784 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 785 #~(begin
786 (use-modules (guix build utils))
787
6629099a
LC		 788 (define %user
789 (getpw "tor"))
790
6331bde7 791 (define (initialize service)
6629099a
LC		 792 (let ((directory (string-append "/var/lib/tor/hidden-services/"
793 service)))
6331bde7 794 (mkdir-p directory)
6629099a 795 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 796
797 ;; The daemon bails out if we give wider permissions.
798 (chmod directory #o700)))
799
5dfd80e1
CM		 800 ;; Allow Tor to write its PID file.
801 (mkdir-p "/var/run/tor")
802 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
803 ;; Set the group permissions to rw so that if the system administrator
804 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
805 ;; of the "tor" group will be able to use the SOCKS socket.
806 (chmod "/var/run/tor" #o750)
807
808 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 809 (mkdir-p "/var/lib/tor")
810 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
811 (chmod "/var/lib/tor" #o700)
812
ba9f0db0
LC		 813 ;; Make sure /var/lib is accessible to the 'tor' user.
814 (chmod "/var/lib" #o755)
815
6331bde7
LC		 816 (for-each initialize
817 '#$(map hidden-service-name
818 (tor-configuration-hidden-services config)))))
819
0adfe95a
LC		 820(define tor-service-type
821 (service-type (name 'tor)
822 (extensions
d4053c71
AK		 823 (list (service-extension shepherd-root-service-type
824 tor-shepherd-service)
0adfe95a 825 (service-extension account-service-type
6331bde7
LC		 826 (const %tor-accounts))
827 (service-extension activation-service-type
d973915e 828 tor-activation)))
6331bde7
LC		 829
830 ;; This can be extended with hidden services.
831 (compose concatenate)
832 (extend (lambda (config services)
833 (tor-configuration
834 (inherit config)
835 (hidden-services
836 (append (tor-configuration-hidden-services config)
3d3c5650 837 services)))))
3f0de257
LC		 838 (default-value (tor-configuration))
839 (description
840 "Run the @uref{https://torproject.org, Tor} anonymous
841networking daemon.")))
63854bcb 842
84a2de36
LC		 843(define-deprecated (tor-service #:optional
844 (config-file (plain-file "empty" ""))
845 #:key (tor tor))
846 tor-service-type
375c6108
LC		 847 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
848networking daemon.
927097ef 849
375c6108 850The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 851@var{config-file}, a file-like object, with an additional @code{User tor} line
852and lines for hidden services added via @code{tor-hidden-service}. Run
853@command{man tor} for information about the configuration file."
854 (service tor-service-type
855 (tor-configuration (tor tor)
856 (config-file config-file))))
857
858(define tor-hidden-service-type
859 ;; A type that extends Tor with hidden services.
860 (service-type (name 'tor-hidden-service)
861 (extensions
3f0de257
LC		 862 (list (service-extension tor-service-type list)))
863 (description
864 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 865
866(define (tor-hidden-service name mapping)
867 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
868@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
869
870@example
871 '((22 \"127.0.0.1:22\")
872 (80 \"127.0.0.1:8080\"))
873@end example
874
875In this example, port 22 of the hidden service is mapped to local port 22, and
876port 80 is mapped to local port 8080.
877
6629099a
LC		 878This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
879the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 880service.
881
882See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
883project's documentation} for more information."
884 (service tor-hidden-service-type
885 (hidden-service name mapping)))
0adfe95a
LC		 886
887\f
0adfe95a
LC		 888;;;
889;;; Wicd.
890;;;
891
892(define %wicd-activation
893 ;; Activation gexp for Wicd.
894 #~(begin
895 (use-modules (guix build utils))
896
897 (mkdir-p "/etc/wicd")
898 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
899 (unless (file-exists? file-name)
900 (copy-file (string-append #$wicd file-name)
69323016
LC		 901 file-name)))
902
903 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
904 ;; named socket files.
905 (mkdir-p "/var/run/wpa_supplicant")
906 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 907
d4053c71
AK		 908(define (wicd-shepherd-service wicd)
909 "Return a shepherd service for WICD."
910 (list (shepherd-service
0adfe95a
LC		 911 (documentation "Run the Wicd network manager.")
912 (provision '(networking))
913 (requirement '(user-processes dbus-system loopback))
914 (start #~(make-forkexec-constructor
915 (list (string-append #$wicd "/sbin/wicd")
916 "--no-daemon")))
917 (stop #~(make-kill-destructor)))))
918
919(define wicd-service-type
920 (service-type (name 'wicd)
921 (extensions
d4053c71
AK		 922 (list (service-extension shepherd-root-service-type
923 wicd-shepherd-service)
0adfe95a
LC		 924 (service-extension dbus-root-service-type
925 list)
926 (service-extension activation-service-type
87f40011
LC		 927 (const %wicd-activation))
928
929 ;; Add Wicd to the global profile.
3f0de257
LC		 930 (service-extension profile-service-type list)))
931 (description
932 "Run @url{https://launchpad.net/wicd,Wicd}, a network
933management daemon that aims to simplify wired and wireless networking.")))
4627a464 934
b7d0c494
MW		 935(define* (wicd-service #:key (wicd wicd))
936 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 937management daemon that aims to simplify wired and wireless networking.
938
939This service adds the @var{wicd} package to the global profile, providing
940several commands to interact with the daemon and configure networking:
941@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
942and @command{wicd-curses} user interfaces."
0adfe95a 943 (service wicd-service-type wicd))
b7d0c494 944
7234ad4f 945\f
d94e81db
DM		 946;;;
947;;; ModemManager
948;;;
949
950(define-record-type* <modem-manager-configuration>
951 modem-manager-configuration make-modem-manager-configuration
952 modem-manager-configuration?
953 (modem-manager modem-manager-configuration-modem-manager
954 (default modem-manager)))
955
956\f
7234ad4f
SB		 957;;;
958;;; NetworkManager
959;;;
960
b726096b
CB		 961(define-record-type* <network-manager-configuration>
962 network-manager-configuration make-network-manager-configuration
963 network-manager-configuration?
964 (network-manager network-manager-configuration-network-manager
965 (default network-manager))
966 (dns network-manager-configuration-dns
94d2a250
LC		 967 (default "default"))
968 (vpn-plugins network-manager-vpn-plugins ;list of <package>
969 (default '())))
b726096b 970
57c16c97
FP		 971(define network-manager-activation
972 ;; Activation gexp for NetworkManager
973 (match-lambda
974 (($ <network-manager-configuration> network-manager dns vpn-plugins)
975 #~(begin
976 (use-modules (guix build utils))
977 (mkdir-p "/etc/NetworkManager/system-connections")
978 #$@(if (equal? dns "dnsmasq")
979 ;; create directory to store dnsmasq lease file
980 '((mkdir-p "/var/lib/misc"))
981 '())))))
7234ad4f 982
94d2a250
LC		 983(define (vpn-plugin-directory plugins)
984 "Return a directory containing PLUGINS, the NM VPN plugins."
985 (directory-union "network-manager-vpn-plugins" plugins))
986
987(define network-manager-environment
988 (match-lambda
989 (($ <network-manager-configuration> network-manager dns vpn-plugins)
990 ;; Define this variable in the global environment such that
991 ;; "nmcli connection import type openvpn file foo.ovpn" works.
992 `(("NM_VPN_PLUGIN_DIR"
993 . ,(file-append (vpn-plugin-directory vpn-plugins)
994 "/lib/NetworkManager/VPN"))))))
995
b726096b
CB		 996(define network-manager-shepherd-service
997 (match-lambda
94d2a250
LC		 998 (($ <network-manager-configuration> network-manager dns vpn-plugins)
999 (let ((conf (plain-file "NetworkManager.conf"
1000 (string-append "[main]\ndns=" dns "\n")))
1001 (vpn (vpn-plugin-directory vpn-plugins)))
1002 (list (shepherd-service
1003 (documentation "Run the NetworkManager.")
1004 (provision '(networking))
1005 (requirement '(user-processes dbus-system wpa-supplicant loopback))
1006 (start #~(make-forkexec-constructor
1007 (list (string-append #$network-manager
1008 "/sbin/NetworkManager")
1009 (string-append "--config=" #$conf)
1010 "--no-daemon")
1011 #:environment-variables
1012 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
4efdede2
JL		 1013 "/lib/NetworkManager/VPN")
1014 ;; Override non-existent default users
1015 "NM_OPENVPN_USER="
1016 "NM_OPENVPN_GROUP=")))
94d2a250 1017 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 1018
1019(define network-manager-service-type
b726096b 1020 (let
40557aea 1021 ((config->packages
b726096b 1022 (match-lambda
40557aea
JL		 1023 (($ <network-manager-configuration> network-manager _ vpn-plugins)
1024 `(,network-manager ,@vpn-plugins)))))
b726096b
CB		 1025
1026 (service-type
1027 (name 'network-manager)
1028 (extensions
1029 (list (service-extension shepherd-root-service-type
1030 network-manager-shepherd-service)
40557aea
JL		 1031 (service-extension dbus-root-service-type config->packages)
1032 (service-extension polkit-service-type
1033 (compose
1034 list
1035 network-manager-configuration-network-manager))
b726096b 1036 (service-extension activation-service-type
57c16c97 1037 network-manager-activation)
94d2a250
LC		 1038 (service-extension session-environment-service-type
1039 network-manager-environment)
b726096b 1040 ;; Add network-manager to the system profile.
40557aea 1041 (service-extension profile-service-type config->packages)))
3f0de257
LC		 1042 (default-value (network-manager-configuration))
1043 (description
1044 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
1045NetworkManager}, a network management daemon that aims to simplify wired and
1046wireless networking."))))
7234ad4f 1047
76192896
EF		 1048\f
1049;;;
1050;;; Connman
1051;;;
1052
34d60c49
MO		 1053(define-record-type* <connman-configuration>
1054 connman-configuration make-connman-configuration
1055 connman-configuration?
1056 (connman connman-configuration-connman
1057 (default connman))
1058 (disable-vpn? connman-configuration-disable-vpn?
1059 (default #f)))
1060
1061(define (connman-activation config)
1062 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1063 (with-imported-modules '((guix build utils))
1064 #~(begin
1065 (use-modules (guix build utils))
1066 (mkdir-p "/var/lib/connman/")
1067 (unless #$disable-vpn?
1068 (mkdir-p "/var/lib/connman-vpn/"))))))
1069
1070(define (connman-shepherd-service config)
76192896 1071 "Return a shepherd service for Connman"
34d60c49
MO		 1072 (and
1073 (connman-configuration? config)
1074 (let ((connman (connman-configuration-connman config))
1075 (disable-vpn? (connman-configuration-disable-vpn? config)))
1076 (list (shepherd-service
1077 (documentation "Run Connman")
1078 (provision '(networking))
1079 (requirement
1080 '(user-processes dbus-system loopback wpa-supplicant))
1081 (start #~(make-forkexec-constructor
1082 (list (string-append #$connman
1083 "/sbin/connmand")
1084 "-n" "-r"
06e5c3af
LC		 1085 #$@(if disable-vpn? '("--noplugin=vpn") '()))
1086
1087 ;; As connman(8) notes, when passing '-n', connman
1088 ;; "directs log output to the controlling terminal in
1089 ;; addition to syslog." Redirect stdout and stderr
1090 ;; to avoid spamming the console (XXX: for some reason
1091 ;; redirecting to /dev/null doesn't work.)
1092 #:log-file "/var/log/connman.log"))
34d60c49 1093 (stop #~(make-kill-destructor)))))))
76192896
EF		 1094
1095(define connman-service-type
34d60c49
MO		 1096 (let ((connman-package (compose list connman-configuration-connman)))
1097 (service-type (name 'connman)
1098 (extensions
1099 (list (service-extension shepherd-root-service-type
1100 connman-shepherd-service)
d8ac7987
EF		 1101 (service-extension polkit-service-type
1102 connman-package)
34d60c49
MO		 1103 (service-extension dbus-root-service-type
1104 connman-package)
1105 (service-extension activation-service-type
1106 connman-activation)
1107 ;; Add connman to the system profile.
1108 (service-extension profile-service-type
3f0de257 1109 connman-package)))
9b0e5146 1110 (default-value (connman-configuration))
3f0de257
LC		 1111 (description
1112 "Run @url{https://01.org/connman,Connman},
1113a network connection manager."))))
2cccbc2a
 1114
1115\f
d94e81db
DM		 1116;;;
1117;;; Modem manager
1118;;;
1119
1120(define modem-manager-service-type
1121 (let ((config->package
1122 (match-lambda
1123 (($ <modem-manager-configuration> modem-manager)
1124 (list modem-manager)))))
1125 (service-type (name 'modem-manager)
1126 (extensions
1127 (list (service-extension dbus-root-service-type
1128 config->package)
1129 (service-extension udev-service-type
1130 config->package)
1131 (service-extension polkit-service-type
1132 config->package)))
1133 (default-value (modem-manager-configuration))
1134 (description
1135 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1136ModemManager}, a modem management daemon that aims to simplify dialup
1137networking."))))
1138
1139\f
f5be5104
FP		 1140;;;
1141;;; USB_ModeSwitch
1142;;;
1143
1144(define-record-type* <usb-modeswitch-configuration>
1145 usb-modeswitch-configuration make-usb-modeswitch-configuration
1146 usb-modeswitch-configuration?
1147 (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch
1148 (default usb-modeswitch))
1149 (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data
1150 (default usb-modeswitch-data))
1151 (config-file usb-modeswitch-configuration-config-file
1152 (default #~(string-append #$usb-modeswitch:dispatcher
1153 "/etc/usb_modeswitch.conf"))))
1154
1155(define (usb-modeswitch-sh usb-modeswitch config-file)
1156 "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH,
1157modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher,
1158and wrap it to actually find the dispatcher in USB-MODESWITCH. The script
1159will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB
1160device is detected."
1161 (computed-file
1162 "usb_modeswitch-sh"
1163 (with-imported-modules '((guix build utils))
1164 #~(begin
1165 (use-modules (guix build utils))
1166 (let ((cfg-param
1167 #$(if config-file
1168 #~(string-append " --config-file=" #$config-file)
1169 "")))
1170 (mkdir #$output)
1171 (install-file (string-append #$usb-modeswitch:dispatcher
1172 "/lib/udev/usb_modeswitch")
1173 #$output)
1174
1175 ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines
1176 (substitute* (string-append #$output "/usb_modeswitch")
1177 (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right)
1178 (string-append left cfg-param right))
1179 (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right)
1180 (string-append left cfg-param right)))
1181
1182 ;; wrap-program needs bash in PATH:
1183 (putenv (string-append "PATH=" #$bash "/bin"))
1184 (wrap-program (string-append #$output "/usb_modeswitch")
1185 `("PATH" ":" = (,(string-append #$coreutils "/bin")
1186 ,(string-append
1187 #$usb-modeswitch:dispatcher
1188 "/bin")))))))))
1189
1190(define (usb-modeswitch-configuration->udev-rules config)
1191 "Build a rules file for extending udev-service-type from the rules in the
1192usb-modeswitch package specified in CONFIG. The rules file will invoke
1193usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right
1194config file."
1195 (match config
1196 (($ <usb-modeswitch-configuration> usb-modeswitch data config-file)
1197 (computed-file
1198 "usb_modeswitch.rules"
1199 (with-imported-modules '((guix build utils))
1200 #~(begin
1201 (use-modules (guix build utils))
1202 (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules"))
1203 (out (string-append #$output "/lib/udev/rules.d"))
1204 (script #$(usb-modeswitch-sh usb-modeswitch config-file)))
1205 (mkdir-p out)
1206 (chdir out)
1207 (install-file in out)
1208 (substitute* "40-usb_modeswitch.rules"
1209 (("PROGRAM=\"usb_modeswitch")
1210 (string-append "PROGRAM=\"" script "/usb_modeswitch"))
1211 (("RUN\\+=\"usb_modeswitch")
1212 (string-append "RUN+=\"" script "/usb_modeswitch"))))))))))
1213
1214(define usb-modeswitch-service-type
1215 (service-type
1216 (name 'usb-modeswitch)
1217 (extensions
1218 (list
1219 (service-extension
1220 udev-service-type
1221 (lambda (config)
1222 (let ((rules (usb-modeswitch-configuration->udev-rules config)))
1223 (list rules))))))
1224 (default-value (usb-modeswitch-configuration))
1225 (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/,
1226USB_ModeSwitch}, a mode switching tool for controlling USB devices with
1227multiple @dfn{modes}. When plugged in for the first time many USB
1228devices (primarily high-speed WAN modems) act like a flash storage containing
1229installers for Windows drivers. USB_ModeSwitch replays the sequence the
1230Windows drivers would send to switch their mode from storage to modem (or
1231whatever the thing is supposed to do).")))
1232
1233\f
2cccbc2a
 1234;;;
1235;;; WPA supplicant
1236;;;
1237
acce0a47
MB		 1238(define-record-type* <wpa-supplicant-configuration>
1239 wpa-supplicant-configuration make-wpa-supplicant-configuration
1240 wpa-supplicant-configuration?
1241 (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
1242 (default wpa-supplicant))
1243 (pid-file wpa-supplicant-configuration-pid-file ;string
1244 (default "/var/run/wpa_supplicant.pid"))
1245 (dbus? wpa-supplicant-configuration-dbus? ;Boolean
1246 (default #t))
1247 (interface wpa-supplicant-configuration-interface ;#f | string
1248 (default #f))
1249 (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
1250 (default #f))
1251 (extra-options wpa-supplicant-configuration-extra-options ;list of strings
1252 (default '())))
1253
1254(define wpa-supplicant-shepherd-service
1255 (match-lambda
1256 (($ <wpa-supplicant-configuration> wpa-supplicant pid-file dbus? interface
1257 config-file extra-options)
1258 (list (shepherd-service
1259 (documentation "Run the WPA supplicant daemon")
1260 (provision '(wpa-supplicant))
177bc62d 1261 (requirement '(user-processes dbus-system loopback syslogd))
acce0a47
MB		 1262 (start #~(make-forkexec-constructor
1263 (list (string-append #$wpa-supplicant
1264 "/sbin/wpa_supplicant")
1265 (string-append "-P" #$pid-file)
1266 "-B" ;run in background
177bc62d 1267 "-s" ;log to syslogd
acce0a47
MB		 1268 #$@(if dbus?
1269 #~("-u")
1270 #~())
1271 #$@(if interface
3d472b5e 1272 #~((string-append "-i" #$interface))
acce0a47
MB		 1273 #~())
1274 #$@(if config-file
3d472b5e 1275 #~((string-append "-c" #$config-file))
acce0a47
MB		 1276 #~())
1277 #$@extra-options)
1278 #:pid-file #$pid-file))
1279 (stop #~(make-kill-destructor)))))))
2cccbc2a
 1280
1281(define wpa-supplicant-service-type
acce0a47
MB		 1282 (let ((config->package
1283 (match-lambda
1284 (($ <wpa-supplicant-configuration> wpa-supplicant)
1285 (list wpa-supplicant)))))
1286 (service-type (name 'wpa-supplicant)
1287 (extensions
1288 (list (service-extension shepherd-root-service-type
1289 wpa-supplicant-shepherd-service)
1290 (service-extension dbus-root-service-type config->package)
1291 (service-extension profile-service-type config->package)))
1292 (description "Run the WPA Supplicant daemon, a service that
1293implements authentication, key negotiation and more for wireless networks.")
1294 (default-value (wpa-supplicant-configuration)))))
2cccbc2a 1295
c32d02fe
SB		 1296\f
1297;;;
1298;;; Open vSwitch
1299;;;
1300
1301(define-record-type* <openvswitch-configuration>
1302 openvswitch-configuration make-openvswitch-configuration
1303 openvswitch-configuration?
1304 (package openvswitch-configuration-package
1305 (default openvswitch)))
1306
1307(define openvswitch-activation
1308 (match-lambda
1309 (($ <openvswitch-configuration> package)
1310 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1311 (with-imported-modules '((guix build utils))
1312 #~(begin
1313 (use-modules (guix build utils))
1314 (mkdir-p "/var/run/openvswitch")
1315 (mkdir-p "/var/lib/openvswitch")
1316 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1317 (unless (file-exists? conf.db)
1318 (system* #$ovsdb-tool "create" conf.db)))))))))
1319
1320(define openvswitch-shepherd-service
1321 (match-lambda
1322 (($ <openvswitch-configuration> package)
1323 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1324 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1325 (list
1326 (shepherd-service
1327 (provision '(ovsdb))
1328 (documentation "Run the Open vSwitch database server.")
1329 (start #~(make-forkexec-constructor
1330 (list #$ovsdb-server "--pidfile"
1331 "--remote=punix:/var/run/openvswitch/db.sock")
1332 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1333 (stop #~(make-kill-destructor)))
1334 (shepherd-service
1335 (provision '(vswitchd))
1336 (requirement '(ovsdb))
1337 (documentation "Run the Open vSwitch daemon.")
1338 (start #~(make-forkexec-constructor
1339 (list #$ovs-vswitchd "--pidfile")
1340 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1341 (stop #~(make-kill-destructor))))))))
1342
1343(define openvswitch-service-type
1344 (service-type
1345 (name 'openvswitch)
1346 (extensions
1347 (list (service-extension activation-service-type
1348 openvswitch-activation)
1349 (service-extension profile-service-type
1350 (compose list openvswitch-configuration-package))
1351 (service-extension shepherd-root-service-type
3f0de257
LC		 1352 openvswitch-shepherd-service)))
1353 (description
1354 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1355switch designed to enable massive network automation through programmatic
e73ded3c
MB		 1356extension.")
1357 (default-value (openvswitch-configuration))))
c32d02fe 1358
9926b8f8
AI		 1359;;;
1360;;; iptables
1361;;;
1362
1363(define %iptables-accept-all-rules
1364 (plain-file "iptables-accept-all.rules"
1365 "*filter
1366:INPUT ACCEPT
1367:FORWARD ACCEPT
1368:OUTPUT ACCEPT
1369COMMIT
1370"))
1371
1372(define-record-type* <iptables-configuration>
1373 iptables-configuration make-iptables-configuration iptables-configuration?
1374 (iptables iptables-configuration-iptables
1375 (default iptables))
1376 (ipv4-rules iptables-configuration-ipv4-rules
1377 (default %iptables-accept-all-rules))
1378 (ipv6-rules iptables-configuration-ipv6-rules
1379 (default %iptables-accept-all-rules)))
1380
1381(define iptables-shepherd-service
1382 (match-lambda
1383 (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
1384 (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
1385 (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
1386 (shepherd-service
1387 (documentation "Packet filtering framework")
1388 (provision '(iptables))
1389 (start #~(lambda _
1390 (invoke #$iptables-restore #$ipv4-rules)
1391 (invoke #$ip6tables-restore #$ipv6-rules)))
1392 (stop #~(lambda _
1393 (invoke #$iptables-restore #$%iptables-accept-all-rules)
1394 (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
1395
1396(define iptables-service-type
1397 (service-type
1398 (name 'iptables)
1399 (description
1400 "Run @command{iptables-restore}, setting up the specified rules.")
1401 (extensions
1402 (list (service-extension shepherd-root-service-type
1403 (compose list iptables-shepherd-service))))))
1404
db4fdc04 1405;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/