HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: Add r-semver.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
0f13dd2b 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
16718b67 4;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
acce0a47 8;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
9926b8f8 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
f5be5104 12;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
40557aea 13;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
3c4f5ad7 14;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
a2161c86 15;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
ef20acae 16;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
db4fdc04
LC		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu services networking)
34 #:use-module (gnu services)
c9436025 35 #:use-module (gnu services base)
a03943ec 36 #:use-module (gnu services configuration)
ef20acae 37 #:use-module (gnu services linux)
0190c1c0 38 #:use-module (gnu services shepherd)
0adfe95a 39 #:use-module (gnu services dbus)
927097ef 40 #:use-module (gnu system shadow)
6e828634 41 #:use-module (gnu system pam)
db4fdc04 42 #:use-module (gnu packages admin)
f5be5104
FP		 43 #:use-module (gnu packages base)
44 #:use-module (gnu packages bash)
76192896 45 #:use-module (gnu packages connman)
d94e81db 46 #:use-module (gnu packages freedesktop)
db4fdc04 47 #:use-module (gnu packages linux)
927097ef 48 #:use-module (gnu packages tor)
f5be5104 49 #:use-module (gnu packages usb-modeswitch)
4627a464 50 #:use-module (gnu packages messaging)
c32d02fe 51 #:use-module (gnu packages networking)
63854bcb 52 #:use-module (gnu packages ntp)
b7d0c494 53 #:use-module (gnu packages wicd)
7234ad4f 54 #:use-module (gnu packages gnome)
b5f4e686 55 #:use-module (guix gexp)
0adfe95a 56 #:use-module (guix records)
a062b6ca 57 #:use-module (guix modules)
e52b9534 58 #:use-module (guix packages)
65a67bf7 59 #:use-module (guix deprecation)
5658ae8a 60 #:use-module (rnrs enums)
6331bde7
LC		 61 #:use-module (srfi srfi-1)
62 #:use-module (srfi srfi-9)
63854bcb 63 #:use-module (srfi srfi-26)
0adfe95a 64 #:use-module (ice-9 match)
70ab130a
DM		 65 #:re-export (static-networking-service
66 static-networking-service-type)
fa0c1d61 67 #:export (%facebook-host-aliases
a023cca8 68 dhcp-client-service
39d7fdce 69 dhcp-client-service-type
f1104d90
CM		 70
71 dhcpd-service-type
72 dhcpd-configuration
73 dhcpd-configuration?
74 dhcpd-configuration-package
75 dhcpd-configuration-config-file
76 dhcpd-configuration-version
77 dhcpd-configuration-run-directory
78 dhcpd-configuration-lease-file
79 dhcpd-configuration-pid-file
80 dhcpd-configuration-interfaces
81
24e96431
 82 ntp-configuration
83 ntp-configuration?
5658ae8a
MC		 84 ntp-configuration-ntp
85 ntp-configuration-servers
86 ntp-allow-large-adjustment?
87
88 %ntp-servers
89 ntp-server
90 ntp-server-type
91 ntp-server-address
92 ntp-server-options
93
63854bcb 94 ntp-service
24e96431
 95 ntp-service-type
96
5658ae8a 97 %openntpd-servers
16718b67
EF		 98 openntpd-configuration
99 openntpd-configuration?
100 openntpd-service-type
101
9260b9d1
TD		 102 inetd-configuration
103 inetd-entry
104 inetd-service-type
105
24e96431
 106 tor-configuration
107 tor-configuration?
6331bde7 108 tor-hidden-service
4627a464 109 tor-service
24e96431
 110 tor-service-type
111
e48fcd7b 112 wicd-service-type
7234ad4f 113 wicd-service
b726096b
CB		 114
115 network-manager-configuration
116 network-manager-configuration?
117 network-manager-configuration-dns
4e37cf35 118 network-manager-configuration-vpn-plugins
b726096b
CB		 119 network-manager-service-type
120
34d60c49
MO		 121 connman-configuration
122 connman-configuration?
123 connman-service-type
124
d94e81db
DM		 125 modem-manager-configuration
126 modem-manager-configuration?
127 modem-manager-service-type
acce0a47 128
f5be5104
FP		 129 usb-modeswitch-configuration
130 usb-modeswitch-configuration?
131 usb-modeswitch-configuration-usb-modeswitch
132 usb-modeswitch-configuration-usb-modeswitch-data
133 usb-modeswitch-service-type
134
acce0a47
MB		 135 wpa-supplicant-configuration
136 wpa-supplicant-configuration?
137 wpa-supplicant-configuration-wpa-supplicant
4d060767 138 wpa-supplicant-configuration-requirement
acce0a47
MB		 139 wpa-supplicant-configuration-pid-file
140 wpa-supplicant-configuration-dbus?
141 wpa-supplicant-configuration-interface
142 wpa-supplicant-configuration-config-file
143 wpa-supplicant-configuration-extra-options
c32d02fe
SB		 144 wpa-supplicant-service-type
145
a03943ec
LC		 146 hostapd-configuration
147 hostapd-configuration?
148 hostapd-configuration-package
149 hostapd-configuration-interface
150 hostapd-configuration-ssid
151 hostapd-configuration-broadcast-ssid?
152 hostapd-configuration-channel
153 hostapd-configuration-driver
154 hostapd-service-type
155
5e7076f2
LC		 156 simulated-wifi-service-type
157
c32d02fe 158 openvswitch-service-type
9926b8f8
AI		 159 openvswitch-configuration
160
161 iptables-configuration
162 iptables-configuration?
163 iptables-configuration-iptables
164 iptables-configuration-ipv4-rules
165 iptables-configuration-ipv6-rules
3c4f5ad7
SB		 166 iptables-service-type
167
168 nftables-service-type
169 nftables-configuration
170 nftables-configuration?
171 nftables-configuration-package
172 nftables-configuration-ruleset
a2161c86
AG		 173 %default-nftables-ruleset
174
175 pagekite-service-type
176 pagekite-configuration
177 pagekite-configuration?
178 pagekite-configuration-package
179 pagekite-configuration-kitename
180 pagekite-configuration-kitesecret
181 pagekite-configuration-frontend
182 pagekite-configuration-kites
183 pagekite-configuration-extra-file))
db4fdc04
LC		 184
185;;; Commentary:
186;;;
187;;; Networking services.
188;;;
189;;; Code:
190
fa0c1d61
LC		 191(define %facebook-host-aliases
192 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
193 ;; are to block it.
194 "\
195# Block Facebook IPv4.
196127.0.0.1 www.facebook.com
197127.0.0.1 facebook.com
198127.0.0.1 login.facebook.com
199127.0.0.1 www.login.facebook.com
200127.0.0.1 fbcdn.net
201127.0.0.1 www.fbcdn.net
202127.0.0.1 fbcdn.com
203127.0.0.1 www.fbcdn.com
204127.0.0.1 static.ak.fbcdn.net
205127.0.0.1 static.ak.connect.facebook.com
206127.0.0.1 connect.facebook.net
207127.0.0.1 www.connect.facebook.net
208127.0.0.1 apps.facebook.com
209
210# Block Facebook IPv6.
211fe80::1%lo0 facebook.com
212fe80::1%lo0 login.facebook.com
213fe80::1%lo0 www.login.facebook.com
214fe80::1%lo0 fbcdn.net
215fe80::1%lo0 www.fbcdn.net
216fe80::1%lo0 fbcdn.com
217fe80::1%lo0 www.fbcdn.com
218fe80::1%lo0 static.ak.fbcdn.net
219fe80::1%lo0 static.ak.connect.facebook.com
220fe80::1%lo0 connect.facebook.net
221fe80::1%lo0 www.connect.facebook.net
222fe80::1%lo0 apps.facebook.com\n")
223
0adfe95a 224(define dhcp-client-service-type
d4053c71 225 (shepherd-service-type
00184239 226 'dhcp-client
0adfe95a
LC		 227 (lambda (dhcp)
228 (define dhclient
9e41130b 229 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 230
231 (define pid-file
232 "/var/run/dhclient.pid")
233
d4053c71 234 (shepherd-service
0adfe95a
LC		 235 (documentation "Set up networking via DHCP.")
236 (requirement '(user-processes udev))
237
238 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
239 ;; networking is unavailable, but also means that the interface is not up
240 ;; yet when 'start' completes. To wait for the interface to be ready, one
241 ;; should instead monitor udev events.
242 (provision '(networking))
243
244 (start #~(lambda _
245 ;; When invoked without any arguments, 'dhclient' discovers all
246 ;; non-loopback interfaces *that are up*. However, the relevant
247 ;; interfaces are typically down at this point. Thus we perform
248 ;; our own interface discovery here.
249 (define valid?
6c2180f5
MB		 250 (lambda (interface)
251 (and (arp-network-interface? interface)
747b7246
BW		 252 (not (loopback-network-interface? interface))
253 ;; XXX: Make sure the interfaces are up so that
254 ;; 'dhclient' can actually send/receive over them.
255 ;; Ignore those that cannot be activated.
256 (false-if-exception
257 (set-network-interface-up interface)))))
0adfe95a
LC		 258 (define ifaces
259 (filter valid? (all-network-interface-names)))
260
0adfe95a
LC		 261 (false-if-exception (delete-file #$pid-file))
262 (let ((pid (fork+exec-command
263 (cons* #$dhclient "-nw"
264 "-pf" #$pid-file ifaces))))
265 (and (zero? (cdr (waitpid pid)))
6f03b080 266 (read-pid-file #$pid-file)))))
39d7fdce
LC		 267 (stop #~(make-kill-destructor))))
268 isc-dhcp))
db4fdc04 269
65a67bf7
LC		 270(define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp))
271 dhcp-client-service-type
a023cca8
LC		 272 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
273Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 274 (service dhcp-client-service-type dhcp))
a023cca8 275
f1104d90
CM		 276(define-record-type* <dhcpd-configuration>
277 dhcpd-configuration make-dhcpd-configuration
278 dhcpd-configuration?
279 (package dhcpd-configuration-package ;<package>
280 (default isc-dhcp))
281 (config-file dhcpd-configuration-config-file ;file-like
282 (default #f))
283 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 284 (default "4"))
f1104d90
CM		 285 (run-directory dhcpd-configuration-run-directory
286 (default "/run/dhcpd"))
287 (lease-file dhcpd-configuration-lease-file
288 (default "/var/db/dhcpd.leases"))
289 (pid-file dhcpd-configuration-pid-file
290 (default "/run/dhcpd/dhcpd.pid"))
291 ;; list of strings, e.g. (list "enp0s25")
292 (interfaces dhcpd-configuration-interfaces
293 (default '())))
294
295(define dhcpd-shepherd-service
296 (match-lambda
297 (($ <dhcpd-configuration> package config-file version run-directory
298 lease-file pid-file interfaces)
299 (unless config-file
300 (error "Must supply a config-file"))
301 (list (shepherd-service
302 ;; Allow users to easily run multiple versions simultaneously.
303 (provision (list (string->symbol
304 (string-append "dhcpv" version "-daemon"))))
305 (documentation (string-append "Run the DHCPv" version " daemon"))
306 (requirement '(networking))
307 (start #~(make-forkexec-constructor
308 '(#$(file-append package "/sbin/dhcpd")
309 #$(string-append "-" version)
310 "-lf" #$lease-file
311 "-pf" #$pid-file
312 "-cf" #$config-file
313 #$@interfaces)
314 #:pid-file #$pid-file))
315 (stop #~(make-kill-destructor)))))))
316
317(define dhcpd-activation
318 (match-lambda
319 (($ <dhcpd-configuration> package config-file version run-directory
320 lease-file pid-file interfaces)
321 (with-imported-modules '((guix build utils))
322 #~(begin
323 (unless (file-exists? #$run-directory)
324 (mkdir #$run-directory))
325 ;; According to the DHCP manual (man dhcpd.leases), the lease
326 ;; database must be present for dhcpd to start successfully.
327 (unless (file-exists? #$lease-file)
328 (with-output-to-file #$lease-file
329 (lambda _ (display ""))))
330 ;; Validate the config.
0f13dd2b 331 (invoke/quiet
f1104d90
CM		 332 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
333 #$config-file))))))
334
335(define dhcpd-service-type
336 (service-type
337 (name 'dhcpd)
338 (extensions
339 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
dd0804c6
LC		 340 (service-extension activation-service-type dhcpd-activation)))
341 (description "Run a DHCP (Dynamic Host Configuration Protocol) daemon. The
342daemon is responsible for allocating IP addresses to its client.")))
f1104d90 343
0adfe95a
LC		 344\f
345;;;
346;;; NTP.
347;;;
348
5658ae8a
MC		 349(define ntp-server-types (make-enumeration
350 '(pool
351 server
352 peer
353 broadcast
354 manycastclient)))
355
356(define-record-type* <ntp-server>
357 ntp-server make-ntp-server
358 ntp-server?
359 ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration.
360 (type ntp-server-type
361 (default 'server))
362 (address ntp-server-address) ; a string
363 ;; The list of options can contain single option names or tuples in the form
364 ;; '(name value).
365 (options ntp-server-options
366 (default '())))
367
368(define (ntp-server->string ntp-server)
369 ;; Serialize the NTP server object as a string, ready to use in the NTP
370 ;; configuration file.
371 (define (flatten lst)
372 (reverse
373 (let loop ((x lst)
374 (res '()))
375 (if (list? x)
376 (fold loop res x)
97bc3cbe 377 (cons (format #f "~a" x) res)))))
5658ae8a
MC		 378
379 (match ntp-server
380 (($ <ntp-server> type address options)
381 ;; XXX: It'd be neater if fields were validated at the syntax level (for
382 ;; static ones at least). Perhaps the Guix record type could support a
383 ;; predicate property on a field?
384 (unless (enum-set-member? type ntp-server-types)
385 (error "Invalid NTP server type" type))
386 (string-join (cons* (symbol->string type)
387 address
388 (flatten options))))))
389
390(define %ntp-servers
391 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
392 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
393 ;; for this NTP pool "zone".
394 (list
395 (ntp-server
396 (type 'pool)
397 (address "0.guix.pool.ntp.org")
398 (options '("iburst"))))) ;as recommended in the ntpd manual
399
0adfe95a
LC		 400(define-record-type* <ntp-configuration>
401 ntp-configuration make-ntp-configuration
402 ntp-configuration?
403 (ntp ntp-configuration-ntp
404 (default ntp))
5658ae8a 405 (servers %ntp-configuration-servers ;list of <ntp-server> objects
64791eb7 406 (default %ntp-servers))
dc0322b5 407 (allow-large-adjustment? ntp-allow-large-adjustment?
08b4a10f 408 (default #t))) ;as recommended in the ntpd manual
0adfe95a 409
5658ae8a
MC		 410(define (ntp-configuration-servers ntp-configuration)
411 ;; A wrapper to support the deprecated form of this field.
412 (let ((ntp-servers (%ntp-configuration-servers ntp-configuration)))
413 (match ntp-servers
414 (((? string?) (? string?) ...)
415 (format (current-error-port) "warning: Defining NTP servers as strings is \
416deprecated. Please use <ntp-server> records instead.\n")
417 (map (lambda (addr)
418 (ntp-server
419 (type 'server)
420 (address addr)
421 (options '()))) ntp-servers))
422 ((($ <ntp-server>) ($ <ntp-server>) ...)
423 ntp-servers))))
424
d4053c71 425(define ntp-shepherd-service
f37ad658
MC		 426 (lambda (config)
427 (match config
428 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
429 (let ((servers (ntp-configuration-servers config)))
430 ;; TODO: Add authentication support.
431 (define config
432 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
433 (string-join (map ntp-server->string servers)
434 "\n")
435 "
63854bcb
LC		 436# Disable status queries as a workaround for CVE-2013-5211:
437# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
d4de2f9e
MC		 438restrict default kod nomodify notrap nopeer noquery limited
439restrict -6 default kod nomodify notrap nopeer noquery limited
63854bcb
LC		 440
441# Yet, allow use of the local 'ntpq'.
442restrict 127.0.0.1
5658ae8a
MC		 443restrict -6 ::1
444
445# This is required to use servers from a pool directive when using the 'nopeer'
446# option by default, as documented in the 'ntp.conf' manual.
447restrict source notrap nomodify noquery\n"))
63854bcb 448
f37ad658
MC		 449 (define ntpd.conf
450 (plain-file "ntpd.conf" config))
451
452 (list (shepherd-service
453 (provision '(ntpd))
454 (documentation "Run the Network Time Protocol (NTP) daemon.")
455 (requirement '(user-processes networking))
456 (start #~(make-forkexec-constructor
457 (list (string-append #$ntp "/bin/ntpd") "-n"
458 "-c" #$ntpd.conf "-u" "ntpd"
459 #$@(if allow-large-adjustment?
460 '("-g")
461 '()))))
462 (stop #~(make-kill-destructor)))))))))
0adfe95a
LC		 463
464(define %ntp-accounts
465 (list (user-account
466 (name "ntpd")
467 (group "nogroup")
468 (system? #t)
469 (comment "NTP daemon user")
470 (home-directory "/var/empty")
9e41130b 471 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 472
1c6c0ad0
JD		 473
474(define (ntp-service-activation config)
475 "Return the activation gexp for CONFIG."
476 (with-imported-modules '((guix build utils))
477 #~(begin
e57bd0be 478 (use-modules (guix build utils))
1c6c0ad0
JD		 479 (define %user
480 (getpw "ntpd"))
481
482 (let ((directory "/var/run/ntpd"))
483 (mkdir-p directory)
484 (chown directory (passwd:uid %user) (passwd:gid %user))))))
485
0adfe95a
LC		 486(define ntp-service-type
487 (service-type (name 'ntp)
488 (extensions
d4053c71
AK		 489 (list (service-extension shepherd-root-service-type
490 ntp-shepherd-service)
0adfe95a 491 (service-extension account-service-type
1c6c0ad0
JD		 492 (const %ntp-accounts))
493 (service-extension activation-service-type
3f0de257
LC		 494 ntp-service-activation)))
495 (description
496 "Run the @command{ntpd}, the Network Time Protocol (NTP)
497daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
64791eb7
LC		 498will keep the system clock synchronized with that of the given servers.")
499 (default-value (ntp-configuration))))
0adfe95a 500
65a67bf7
LC		 501(define-deprecated (ntp-service #:key (ntp ntp)
502 (servers %ntp-servers)
503 allow-large-adjustment?)
504 ntp-service-type
0adfe95a
LC		 505 "Return a service that runs the daemon from @var{ntp}, the
506@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 507keep the system clock synchronized with that of @var{servers}.
508@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
509make an initial adjustment of more than 1,000 seconds."
0adfe95a 510 (service ntp-service-type
dc0322b5
LC		 511 (ntp-configuration (ntp ntp)
512 (servers servers)
513 (allow-large-adjustment?
514 allow-large-adjustment?))))
0adfe95a
LC		 515
516\f
16718b67
EF		 517;;;
518;;; OpenNTPD.
519;;;
520
5658ae8a
MC		 521(define %openntpd-servers
522 (map ntp-server-address %ntp-servers))
523
16718b67
EF		 524(define-record-type* <openntpd-configuration>
525 openntpd-configuration make-openntpd-configuration
526 openntpd-configuration?
527 (openntpd openntpd-configuration-openntpd
528 (default openntpd))
529 (listen-on openntpd-listen-on
530 (default '("127.0.0.1"
531 "::1")))
532 (query-from openntpd-query-from
533 (default '()))
534 (sensor openntpd-sensor
535 (default '()))
536 (server openntpd-server
16718b67 537 (default '()))
5658ae8a
MC		 538 (servers openntpd-servers
539 (default %openntpd-servers))
16718b67
EF		 540 (constraint-from openntpd-constraint-from
541 (default '()))
542 (constraints-from openntpd-constraints-from
543 (default '()))
544 (allow-large-adjustment? openntpd-allow-large-adjustment?
545 (default #f))) ; upstream default
546
2625abc6 547(define (openntpd-configuration->string config)
ccdfae38
MC		 548
549 (define (quote-field? name)
550 (member name '("constraints from")))
551
16718b67 552 (match-record config <openntpd-configuration>
2625abc6
MC		 553 (listen-on query-from sensor server servers constraint-from
554 constraints-from)
ccdfae38 555 (string-append
2625abc6 556 (string-join
ccdfae38
MC		 557 (concatenate
558 (filter-map (lambda (field values)
559 (match values
560 (() #f) ;discard entry with filter-map
561 ((val ...) ;validate value type
562 (map (lambda (value)
563 (if (quote-field? field)
564 (format #f "~a \"~a\"" field value)
565 (format #f "~a ~a" field value)))
566 values))))
567 ;; The entry names.
568 '("listen on" "query from" "sensor" "server" "servers"
569 "constraint from" "constraints from")
570 ;; The corresponding entry values.
571 (list listen-on query-from sensor server servers
572 constraint-from constraints-from)))
573 "\n")
574 "\n"))) ;add a trailing newline
2625abc6
MC		 575
576(define (openntpd-shepherd-service config)
577 (let ((openntpd (openntpd-configuration-openntpd config))
578 (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
afd39a76
MC		 579
580 (define ntpd.conf
2625abc6 581 (plain-file "ntpd.conf" (openntpd-configuration->string config)))
afd39a76
MC		 582
583 (list (shepherd-service
584 (provision '(ntpd))
585 (documentation "Run the Network Time Protocol (NTP) daemon.")
586 (requirement '(user-processes networking))
587 (start #~(make-forkexec-constructor
588 (list (string-append #$openntpd "/sbin/ntpd")
589 "-f" #$ntpd.conf
590 "-d" ;; don't daemonize
591 #$@(if allow-large-adjustment?
592 '("-s")
593 '()))
594 ;; When ntpd is daemonized it repeatedly tries to respawn
595 ;; while running, leading shepherd to disable it. To
596 ;; prevent spamming stderr, redirect output to logfile.
597 #:log-file "/var/log/ntpd"))
598 (stop #~(make-kill-destructor))))))
16718b67
EF		 599
600(define (openntpd-service-activation config)
601 "Return the activation gexp for CONFIG."
602 (with-imported-modules '((guix build utils))
603 #~(begin
604 (use-modules (guix build utils))
605
606 (mkdir-p "/var/db")
607 (mkdir-p "/var/run")
608 (unless (file-exists? "/var/db/ntpd.drift")
609 (with-output-to-file "/var/db/ntpd.drift"
610 (lambda _
611 (format #t "0.0")))))))
612
613(define openntpd-service-type
614 (service-type (name 'openntpd)
615 (extensions
616 (list (service-extension shepherd-root-service-type
617 openntpd-shepherd-service)
618 (service-extension account-service-type
619 (const %ntp-accounts))
19f20f4f
EF		 620 (service-extension profile-service-type
621 (compose list openntpd-configuration-openntpd))
16718b67
EF		 622 (service-extension activation-service-type
623 openntpd-service-activation)))
624 (default-value (openntpd-configuration))
625 (description
626 "Run the @command{ntpd}, the Network Time Protocol (NTP)
627daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
628daemon will keep the system clock synchronized with that of the given servers.")))
629
630\f
9260b9d1
TD		 631;;;
632;;; Inetd.
633;;;
634
635(define-record-type* <inetd-configuration> inetd-configuration
636 make-inetd-configuration
637 inetd-configuration?
638 (program inetd-configuration-program ;file-like
639 (default (file-append inetutils "/libexec/inetd")))
640 (entries inetd-configuration-entries ;list of <inetd-entry>
641 (default '())))
642
643(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
644 inetd-entry?
645 (node inetd-entry-node ;string or #f
646 (default #f))
647 (name inetd-entry-name) ;string, from /etc/services
648
649 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
650 ;rdm | seqpacket
651 (protocol inetd-entry-protocol) ;string, from /etc/protocols
652
653 (wait? inetd-entry-wait? ;Boolean
654 (default #t))
655 (user inetd-entry-user) ;string
656
657 (program inetd-entry-program ;string or file-like object
658 (default "internal"))
659 (arguments inetd-entry-arguments ;list of strings or file-like objects
660 (default '())))
661
662(define (inetd-config-file entries)
663 (apply mixed-text-file "inetd.conf"
664 (map
665 (lambda (entry)
666 (let* ((node (inetd-entry-node entry))
667 (name (inetd-entry-name entry))
668 (socket
669 (if node (string-append node ":" name) name))
670 (type
671 (match (inetd-entry-socket-type entry)
672 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
673 (symbol->string (inetd-entry-socket-type entry)))))
674 (protocol (inetd-entry-protocol entry))
675 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
676 (user (inetd-entry-user entry))
677 (program (inetd-entry-program entry))
678 (args (inetd-entry-arguments entry)))
679 #~(string-append
680 (string-join
681 (list #$@(list socket type protocol wait user program) #$@args)
682 " ") "\n")))
683 entries)))
684
685(define inetd-shepherd-service
686 (match-lambda
687 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
688 (($ <inetd-configuration> program entries)
689 (list
690 (shepherd-service
691 (documentation "Run inetd.")
692 (provision '(inetd))
693 (requirement '(user-processes networking syslogd))
694 (start #~(make-forkexec-constructor
695 (list #$program #$(inetd-config-file entries))
696 #:pid-file "/var/run/inetd.pid"))
697 (stop #~(make-kill-destructor)))))))
698
699(define-public inetd-service-type
700 (service-type
701 (name 'inetd)
702 (extensions
703 (list (service-extension shepherd-root-service-type
704 inetd-shepherd-service)))
705
706 ;; The service can be extended with additional lists of entries.
707 (compose concatenate)
708 (extend (lambda (config entries)
709 (inetd-configuration
710 (inherit config)
711 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 712 entries)))))
713 (description
714 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
715for listening on Internet sockets and spawning the corresponding services on
716demand.")))
9260b9d1
TD		 717
718\f
0adfe95a
LC		 719;;;
720;;; Tor.
721;;;
722
6331bde7
LC		 723(define-record-type* <tor-configuration>
724 tor-configuration make-tor-configuration
725 tor-configuration?
726 (tor tor-configuration-tor
727 (default tor))
3d3c5650
LC		 728 (config-file tor-configuration-config-file
729 (default (plain-file "empty" "")))
6331bde7 730 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 731 (default '()))
732 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
733 (default 'tcp)))
6331bde7 734
0adfe95a
LC		 735(define %tor-accounts
736 ;; User account and groups for Tor.
737 (list (user-group (name "tor") (system? #t))
738 (user-account
739 (name "tor")
740 (group "tor")
741 (system? #t)
742 (comment "Tor daemon user")
743 (home-directory "/var/empty")
9e41130b 744 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 745
6331bde7
LC		 746(define-record-type <hidden-service>
747 (hidden-service name mapping)
748 hidden-service?
749 (name hidden-service-name) ;string
750 (mapping hidden-service-mapping)) ;list of port/address tuples
751
752(define (tor-configuration->torrc config)
753 "Return a 'torrc' file for CONFIG."
754 (match config
3bcb305b 755 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 756 (computed-file
757 "torrc"
4ee96a79
LC		 758 (with-imported-modules '((guix build utils))
759 #~(begin
760 (use-modules (guix build utils)
761 (ice-9 match))
762
763 (call-with-output-file #$output
764 (lambda (port)
765 (display "\
0975ca3f 766### These lines were generated from your system configuration:
5ee35eb7 767User tor
6629099a 768DataDirectory /var/lib/tor
5dfd80e1 769PidFile /var/run/tor/tor.pid
5ee35eb7 770Log notice syslog\n" port)
3bcb305b
CM		 771 (when (eq? 'unix '#$socks-socket-type)
772 (display "\
773SocksPort unix:/var/run/tor/socks-sock
774UnixSocksGroupWritable 1\n" port))
6331bde7 775
4ee96a79
LC		 776 (for-each (match-lambda
777 ((service (ports hosts) ...)
778 (format port "\
6629099a 779HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 780 service)
781 (for-each (lambda (tcp-port host)
782 (format port "\
6331bde7 783HiddenServicePort ~a ~a~%"
4ee96a79
LC		 784 tcp-port host))
785 ports hosts)))
786 '#$(map (match-lambda
787 (($ <hidden-service> name mapping)
788 (cons name mapping)))
789 services))
790
0975ca3f
TGR		 791 (display "\
792### End of automatically generated lines.\n\n" port)
793
4ee96a79
LC		 794 ;; Append the user's config file.
795 (call-with-input-file #$config-file
796 (lambda (input)
797 (dump-port input port)))
798 #t))))))))
6331bde7 799
d4053c71 800(define (tor-shepherd-service config)
5dfd80e1 801 "Return a <shepherd-service> running Tor."
375c6108 802 (match config
6331bde7
LC		 803 (($ <tor-configuration> tor)
804 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 805 (with-imported-modules (source-module-closure
806 '((gnu build shepherd)
807 (gnu system file-systems)))
808 (list (shepherd-service
809 (provision '(tor))
810
811 ;; Tor needs at least one network interface to be up, hence the
812 ;; dependency on 'loopback'.
813 (requirement '(user-processes loopback syslogd))
814
815 (modules '((gnu build shepherd)
816 (gnu system file-systems)))
817
818 (start #~(make-forkexec-constructor/container
819 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
820
821 #:mappings (list (file-system-mapping
822 (source "/var/lib/tor")
823 (target source)
824 (writable? #t))
825 (file-system-mapping
826 (source "/dev/log") ;for syslog
5dfd80e1
CM		 827 (target source))
828 (file-system-mapping
829 (source "/var/run/tor")
830 (target source)
831 (writable? #t)))
832 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 833 (stop #~(make-kill-destructor))
834 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 835
d973915e 836(define (tor-activation config)
5dfd80e1 837 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 838 #~(begin
839 (use-modules (guix build utils))
840
6629099a
LC		 841 (define %user
842 (getpw "tor"))
843
6331bde7 844 (define (initialize service)
6629099a
LC		 845 (let ((directory (string-append "/var/lib/tor/hidden-services/"
846 service)))
6331bde7 847 (mkdir-p directory)
6629099a 848 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 849
850 ;; The daemon bails out if we give wider permissions.
851 (chmod directory #o700)))
852
5dfd80e1
CM		 853 ;; Allow Tor to write its PID file.
854 (mkdir-p "/var/run/tor")
855 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
856 ;; Set the group permissions to rw so that if the system administrator
857 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
858 ;; of the "tor" group will be able to use the SOCKS socket.
859 (chmod "/var/run/tor" #o750)
860
861 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 862 (mkdir-p "/var/lib/tor")
863 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
864 (chmod "/var/lib/tor" #o700)
865
ba9f0db0
LC		 866 ;; Make sure /var/lib is accessible to the 'tor' user.
867 (chmod "/var/lib" #o755)
868
6331bde7
LC		 869 (for-each initialize
870 '#$(map hidden-service-name
871 (tor-configuration-hidden-services config)))))
872
0adfe95a
LC		 873(define tor-service-type
874 (service-type (name 'tor)
875 (extensions
d4053c71
AK		 876 (list (service-extension shepherd-root-service-type
877 tor-shepherd-service)
0adfe95a 878 (service-extension account-service-type
6331bde7
LC		 879 (const %tor-accounts))
880 (service-extension activation-service-type
d973915e 881 tor-activation)))
6331bde7
LC		 882
883 ;; This can be extended with hidden services.
884 (compose concatenate)
885 (extend (lambda (config services)
886 (tor-configuration
887 (inherit config)
888 (hidden-services
889 (append (tor-configuration-hidden-services config)
3d3c5650 890 services)))))
3f0de257
LC		 891 (default-value (tor-configuration))
892 (description
893 "Run the @uref{https://torproject.org, Tor} anonymous
894networking daemon.")))
63854bcb 895
84a2de36
LC		 896(define-deprecated (tor-service #:optional
897 (config-file (plain-file "empty" ""))
898 #:key (tor tor))
899 tor-service-type
375c6108
LC		 900 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
901networking daemon.
927097ef 902
375c6108 903The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 904@var{config-file}, a file-like object, with an additional @code{User tor} line
905and lines for hidden services added via @code{tor-hidden-service}. Run
906@command{man tor} for information about the configuration file."
907 (service tor-service-type
908 (tor-configuration (tor tor)
909 (config-file config-file))))
910
911(define tor-hidden-service-type
912 ;; A type that extends Tor with hidden services.
913 (service-type (name 'tor-hidden-service)
914 (extensions
3f0de257
LC		 915 (list (service-extension tor-service-type list)))
916 (description
917 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 918
919(define (tor-hidden-service name mapping)
920 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
921@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
922
923@example
924 '((22 \"127.0.0.1:22\")
925 (80 \"127.0.0.1:8080\"))
926@end example
927
928In this example, port 22 of the hidden service is mapped to local port 22, and
929port 80 is mapped to local port 8080.
930
6629099a
LC		 931This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
932the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 933service.
934
935See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
936project's documentation} for more information."
937 (service tor-hidden-service-type
938 (hidden-service name mapping)))
0adfe95a
LC		 939
940\f
0adfe95a
LC		 941;;;
942;;; Wicd.
943;;;
944
945(define %wicd-activation
946 ;; Activation gexp for Wicd.
947 #~(begin
948 (use-modules (guix build utils))
949
950 (mkdir-p "/etc/wicd")
951 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
952 (unless (file-exists? file-name)
953 (copy-file (string-append #$wicd file-name)
69323016
LC		 954 file-name)))
955
956 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
957 ;; named socket files.
958 (mkdir-p "/var/run/wpa_supplicant")
959 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 960
d4053c71
AK		 961(define (wicd-shepherd-service wicd)
962 "Return a shepherd service for WICD."
963 (list (shepherd-service
0adfe95a
LC		 964 (documentation "Run the Wicd network manager.")
965 (provision '(networking))
966 (requirement '(user-processes dbus-system loopback))
967 (start #~(make-forkexec-constructor
968 (list (string-append #$wicd "/sbin/wicd")
969 "--no-daemon")))
970 (stop #~(make-kill-destructor)))))
971
972(define wicd-service-type
973 (service-type (name 'wicd)
974 (extensions
d4053c71
AK		 975 (list (service-extension shepherd-root-service-type
976 wicd-shepherd-service)
0adfe95a
LC		 977 (service-extension dbus-root-service-type
978 list)
979 (service-extension activation-service-type
87f40011
LC		 980 (const %wicd-activation))
981
982 ;; Add Wicd to the global profile.
3f0de257
LC		 983 (service-extension profile-service-type list)))
984 (description
985 "Run @url{https://launchpad.net/wicd,Wicd}, a network
986management daemon that aims to simplify wired and wireless networking.")))
4627a464 987
b7d0c494
MW		 988(define* (wicd-service #:key (wicd wicd))
989 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 990management daemon that aims to simplify wired and wireless networking.
991
992This service adds the @var{wicd} package to the global profile, providing
993several commands to interact with the daemon and configure networking:
994@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
995and @command{wicd-curses} user interfaces."
0adfe95a 996 (service wicd-service-type wicd))
b7d0c494 997
7234ad4f 998\f
d94e81db
DM		 999;;;
1000;;; ModemManager
1001;;;
1002
1003(define-record-type* <modem-manager-configuration>
1004 modem-manager-configuration make-modem-manager-configuration
1005 modem-manager-configuration?
1006 (modem-manager modem-manager-configuration-modem-manager
1007 (default modem-manager)))
1008
1009\f
7234ad4f
SB		 1010;;;
1011;;; NetworkManager
1012;;;
1013
b726096b
CB		 1014(define-record-type* <network-manager-configuration>
1015 network-manager-configuration make-network-manager-configuration
1016 network-manager-configuration?
1017 (network-manager network-manager-configuration-network-manager
1018 (default network-manager))
1019 (dns network-manager-configuration-dns
94d2a250 1020 (default "default"))
4e37cf35 1021 (vpn-plugins network-manager-configuration-vpn-plugins ;list of <package>
94d2a250 1022 (default '())))
b726096b 1023
57c16c97
FP		 1024(define network-manager-activation
1025 ;; Activation gexp for NetworkManager
1026 (match-lambda
1027 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1028 #~(begin
1029 (use-modules (guix build utils))
1030 (mkdir-p "/etc/NetworkManager/system-connections")
1031 #$@(if (equal? dns "dnsmasq")
1032 ;; create directory to store dnsmasq lease file
1033 '((mkdir-p "/var/lib/misc"))
1034 '())))))
7234ad4f 1035
94d2a250
LC		 1036(define (vpn-plugin-directory plugins)
1037 "Return a directory containing PLUGINS, the NM VPN plugins."
1038 (directory-union "network-manager-vpn-plugins" plugins))
1039
e52b9534
LC		 1040(define (network-manager-accounts config)
1041 "Return the list of <user-account> and <user-group> for CONFIG."
1042 (define nologin
1043 (file-append shadow "/sbin/nologin"))
1044
1045 (define accounts
1046 (append-map (lambda (package)
1047 (map (lambda (name)
1048 (user-account (system? #t)
1049 (name name)
1050 (group "network-manager")
1051 (comment "NetworkManager helper")
1052 (home-directory "/var/empty")
1053 (create-home-directory? #f)
1054 (shell nologin)))
1055 (or (assoc-ref (package-properties package)
1056 'user-accounts)
1057 '())))
1058 (network-manager-configuration-vpn-plugins config)))
1059
1060 (match accounts
1061 (()
1062 '())
1063 (_
1064 (cons (user-group (name "network-manager") (system? #t))
1065 accounts))))
1066
94d2a250
LC		 1067(define network-manager-environment
1068 (match-lambda
1069 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1070 ;; Define this variable in the global environment such that
1071 ;; "nmcli connection import type openvpn file foo.ovpn" works.
1072 `(("NM_VPN_PLUGIN_DIR"
1073 . ,(file-append (vpn-plugin-directory vpn-plugins)
1074 "/lib/NetworkManager/VPN"))))))
1075
b726096b
CB		 1076(define network-manager-shepherd-service
1077 (match-lambda
94d2a250
LC		 1078 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1079 (let ((conf (plain-file "NetworkManager.conf"
1080 (string-append "[main]\ndns=" dns "\n")))
1081 (vpn (vpn-plugin-directory vpn-plugins)))
1082 (list (shepherd-service
1083 (documentation "Run the NetworkManager.")
1084 (provision '(networking))
1085 (requirement '(user-processes dbus-system wpa-supplicant loopback))
1086 (start #~(make-forkexec-constructor
1087 (list (string-append #$network-manager
1088 "/sbin/NetworkManager")
1089 (string-append "--config=" #$conf)
1090 "--no-daemon")
1091 #:environment-variables
1092 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
4efdede2
JL		 1093 "/lib/NetworkManager/VPN")
1094 ;; Override non-existent default users
1095 "NM_OPENVPN_USER="
1096 "NM_OPENVPN_GROUP=")))
94d2a250 1097 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 1098
1099(define network-manager-service-type
b726096b 1100 (let
40557aea 1101 ((config->packages
b726096b 1102 (match-lambda
40557aea
JL		 1103 (($ <network-manager-configuration> network-manager _ vpn-plugins)
1104 `(,network-manager ,@vpn-plugins)))))
b726096b
CB		 1105
1106 (service-type
1107 (name 'network-manager)
1108 (extensions
1109 (list (service-extension shepherd-root-service-type
1110 network-manager-shepherd-service)
40557aea
JL		 1111 (service-extension dbus-root-service-type config->packages)
1112 (service-extension polkit-service-type
1113 (compose
1114 list
1115 network-manager-configuration-network-manager))
e52b9534
LC		 1116 (service-extension account-service-type
1117 network-manager-accounts)
b726096b 1118 (service-extension activation-service-type
57c16c97 1119 network-manager-activation)
94d2a250
LC		 1120 (service-extension session-environment-service-type
1121 network-manager-environment)
b726096b 1122 ;; Add network-manager to the system profile.
40557aea 1123 (service-extension profile-service-type config->packages)))
3f0de257
LC		 1124 (default-value (network-manager-configuration))
1125 (description
1126 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
1127NetworkManager}, a network management daemon that aims to simplify wired and
1128wireless networking."))))
7234ad4f 1129
76192896
EF		 1130\f
1131;;;
1132;;; Connman
1133;;;
1134
34d60c49
MO		 1135(define-record-type* <connman-configuration>
1136 connman-configuration make-connman-configuration
1137 connman-configuration?
1138 (connman connman-configuration-connman
1139 (default connman))
1140 (disable-vpn? connman-configuration-disable-vpn?
1141 (default #f)))
1142
1143(define (connman-activation config)
1144 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1145 (with-imported-modules '((guix build utils))
1146 #~(begin
1147 (use-modules (guix build utils))
1148 (mkdir-p "/var/lib/connman/")
1149 (unless #$disable-vpn?
1150 (mkdir-p "/var/lib/connman-vpn/"))))))
1151
1152(define (connman-shepherd-service config)
76192896 1153 "Return a shepherd service for Connman"
34d60c49
MO		 1154 (and
1155 (connman-configuration? config)
1156 (let ((connman (connman-configuration-connman config))
1157 (disable-vpn? (connman-configuration-disable-vpn? config)))
1158 (list (shepherd-service
1159 (documentation "Run Connman")
1160 (provision '(networking))
1161 (requirement
1162 '(user-processes dbus-system loopback wpa-supplicant))
1163 (start #~(make-forkexec-constructor
1164 (list (string-append #$connman
1165 "/sbin/connmand")
1166 "-n" "-r"
06e5c3af
LC		 1167 #$@(if disable-vpn? '("--noplugin=vpn") '()))
1168
1169 ;; As connman(8) notes, when passing '-n', connman
1170 ;; "directs log output to the controlling terminal in
1171 ;; addition to syslog." Redirect stdout and stderr
1172 ;; to avoid spamming the console (XXX: for some reason
1173 ;; redirecting to /dev/null doesn't work.)
1174 #:log-file "/var/log/connman.log"))
34d60c49 1175 (stop #~(make-kill-destructor)))))))
76192896
EF		 1176
1177(define connman-service-type
34d60c49
MO		 1178 (let ((connman-package (compose list connman-configuration-connman)))
1179 (service-type (name 'connman)
1180 (extensions
1181 (list (service-extension shepherd-root-service-type
1182 connman-shepherd-service)
d8ac7987
EF		 1183 (service-extension polkit-service-type
1184 connman-package)
34d60c49
MO		 1185 (service-extension dbus-root-service-type
1186 connman-package)
1187 (service-extension activation-service-type
1188 connman-activation)
1189 ;; Add connman to the system profile.
1190 (service-extension profile-service-type
3f0de257 1191 connman-package)))
9b0e5146 1192 (default-value (connman-configuration))
3f0de257
LC		 1193 (description
1194 "Run @url{https://01.org/connman,Connman},
1195a network connection manager."))))
2cccbc2a
 1196
1197\f
d94e81db
DM		 1198;;;
1199;;; Modem manager
1200;;;
1201
1202(define modem-manager-service-type
1203 (let ((config->package
1204 (match-lambda
1205 (($ <modem-manager-configuration> modem-manager)
1206 (list modem-manager)))))
1207 (service-type (name 'modem-manager)
1208 (extensions
1209 (list (service-extension dbus-root-service-type
1210 config->package)
1211 (service-extension udev-service-type
1212 config->package)
1213 (service-extension polkit-service-type
1214 config->package)))
1215 (default-value (modem-manager-configuration))
1216 (description
1217 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1218ModemManager}, a modem management daemon that aims to simplify dialup
1219networking."))))
1220
1221\f
f5be5104
FP		 1222;;;
1223;;; USB_ModeSwitch
1224;;;
1225
1226(define-record-type* <usb-modeswitch-configuration>
1227 usb-modeswitch-configuration make-usb-modeswitch-configuration
1228 usb-modeswitch-configuration?
1229 (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch
1230 (default usb-modeswitch))
1231 (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data
1232 (default usb-modeswitch-data))
1233 (config-file usb-modeswitch-configuration-config-file
1234 (default #~(string-append #$usb-modeswitch:dispatcher
1235 "/etc/usb_modeswitch.conf"))))
1236
1237(define (usb-modeswitch-sh usb-modeswitch config-file)
1238 "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH,
1239modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher,
1240and wrap it to actually find the dispatcher in USB-MODESWITCH. The script
1241will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB
1242device is detected."
1243 (computed-file
1244 "usb_modeswitch-sh"
1245 (with-imported-modules '((guix build utils))
1246 #~(begin
1247 (use-modules (guix build utils))
1248 (let ((cfg-param
1249 #$(if config-file
1250 #~(string-append " --config-file=" #$config-file)
1251 "")))
1252 (mkdir #$output)
1253 (install-file (string-append #$usb-modeswitch:dispatcher
1254 "/lib/udev/usb_modeswitch")
1255 #$output)
1256
1257 ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines
1258 (substitute* (string-append #$output "/usb_modeswitch")
1259 (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right)
1260 (string-append left cfg-param right))
1261 (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right)
1262 (string-append left cfg-param right)))
1263
1264 ;; wrap-program needs bash in PATH:
1265 (putenv (string-append "PATH=" #$bash "/bin"))
1266 (wrap-program (string-append #$output "/usb_modeswitch")
1267 `("PATH" ":" = (,(string-append #$coreutils "/bin")
1268 ,(string-append
1269 #$usb-modeswitch:dispatcher
1270 "/bin")))))))))
1271
1272(define (usb-modeswitch-configuration->udev-rules config)
1273 "Build a rules file for extending udev-service-type from the rules in the
1274usb-modeswitch package specified in CONFIG. The rules file will invoke
1275usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right
1276config file."
1277 (match config
1278 (($ <usb-modeswitch-configuration> usb-modeswitch data config-file)
1279 (computed-file
1280 "usb_modeswitch.rules"
1281 (with-imported-modules '((guix build utils))
1282 #~(begin
1283 (use-modules (guix build utils))
1284 (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules"))
1285 (out (string-append #$output "/lib/udev/rules.d"))
1286 (script #$(usb-modeswitch-sh usb-modeswitch config-file)))
1287 (mkdir-p out)
1288 (chdir out)
1289 (install-file in out)
1290 (substitute* "40-usb_modeswitch.rules"
1291 (("PROGRAM=\"usb_modeswitch")
1292 (string-append "PROGRAM=\"" script "/usb_modeswitch"))
1293 (("RUN\\+=\"usb_modeswitch")
1294 (string-append "RUN+=\"" script "/usb_modeswitch"))))))))))
1295
1296(define usb-modeswitch-service-type
1297 (service-type
1298 (name 'usb-modeswitch)
1299 (extensions
1300 (list
1301 (service-extension
1302 udev-service-type
1303 (lambda (config)
1304 (let ((rules (usb-modeswitch-configuration->udev-rules config)))
1305 (list rules))))))
1306 (default-value (usb-modeswitch-configuration))
1307 (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/,
1308USB_ModeSwitch}, a mode switching tool for controlling USB devices with
1309multiple @dfn{modes}. When plugged in for the first time many USB
1310devices (primarily high-speed WAN modems) act like a flash storage containing
1311installers for Windows drivers. USB_ModeSwitch replays the sequence the
1312Windows drivers would send to switch their mode from storage to modem (or
1313whatever the thing is supposed to do).")))
1314
1315\f
2cccbc2a
 1316;;;
1317;;; WPA supplicant
1318;;;
1319
acce0a47
MB		 1320(define-record-type* <wpa-supplicant-configuration>
1321 wpa-supplicant-configuration make-wpa-supplicant-configuration
1322 wpa-supplicant-configuration?
1323 (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
1324 (default wpa-supplicant))
4d060767
MB		 1325 (requirement wpa-supplicant-configuration-requirement ;list of symbols
1326 (default '(user-processes dbus-system loopback syslogd)))
acce0a47
MB		 1327 (pid-file wpa-supplicant-configuration-pid-file ;string
1328 (default "/var/run/wpa_supplicant.pid"))
1329 (dbus? wpa-supplicant-configuration-dbus? ;Boolean
1330 (default #t))
1331 (interface wpa-supplicant-configuration-interface ;#f | string
1332 (default #f))
1333 (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
1334 (default #f))
1335 (extra-options wpa-supplicant-configuration-extra-options ;list of strings
1336 (default '())))
1337
1338(define wpa-supplicant-shepherd-service
1339 (match-lambda
4d060767
MB		 1340 (($ <wpa-supplicant-configuration> wpa-supplicant requirement pid-file dbus?
1341 interface config-file extra-options)
acce0a47
MB		 1342 (list (shepherd-service
1343 (documentation "Run the WPA supplicant daemon")
1344 (provision '(wpa-supplicant))
4d060767 1345 (requirement requirement)
acce0a47
MB		 1346 (start #~(make-forkexec-constructor
1347 (list (string-append #$wpa-supplicant
1348 "/sbin/wpa_supplicant")
1349 (string-append "-P" #$pid-file)
1350 "-B" ;run in background
177bc62d 1351 "-s" ;log to syslogd
acce0a47
MB		 1352 #$@(if dbus?
1353 #~("-u")
1354 #~())
1355 #$@(if interface
3d472b5e 1356 #~((string-append "-i" #$interface))
acce0a47
MB		 1357 #~())
1358 #$@(if config-file
3d472b5e 1359 #~((string-append "-c" #$config-file))
acce0a47
MB		 1360 #~())
1361 #$@extra-options)
1362 #:pid-file #$pid-file))
1363 (stop #~(make-kill-destructor)))))))
2cccbc2a
 1364
1365(define wpa-supplicant-service-type
acce0a47
MB		 1366 (let ((config->package
1367 (match-lambda
1368 (($ <wpa-supplicant-configuration> wpa-supplicant)
1369 (list wpa-supplicant)))))
1370 (service-type (name 'wpa-supplicant)
1371 (extensions
1372 (list (service-extension shepherd-root-service-type
1373 wpa-supplicant-shepherd-service)
1374 (service-extension dbus-root-service-type config->package)
1375 (service-extension profile-service-type config->package)))
1376 (description "Run the WPA Supplicant daemon, a service that
1377implements authentication, key negotiation and more for wireless networks.")
1378 (default-value (wpa-supplicant-configuration)))))
2cccbc2a 1379
c32d02fe 1380\f
a03943ec
LC		 1381;;;
1382;;; Hostapd.
1383;;;
1384
1385(define-record-type* <hostapd-configuration>
1386 hostapd-configuration make-hostapd-configuration
1387 hostapd-configuration?
1388 (package hostapd-configuration-package
1389 (default hostapd))
1390 (interface hostapd-configuration-interface ;string
1391 (default "wlan0"))
1392 (ssid hostapd-configuration-ssid) ;string
1393 (broadcast-ssid? hostapd-configuration-broadcast-ssid? ;Boolean
1394 (default #t))
1395 (channel hostapd-configuration-channel ;integer
1396 (default 1))
1397 (driver hostapd-configuration-driver ;string
1398 (default "nl80211"))
1399 ;; See <https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf> for a list of
1400 ;; additional options we could add.
1401 (extra-settings hostapd-configuration-extra-settings ;string
1402 (default "")))
1403
1404(define (hostapd-configuration-file config)
1405 "Return the configuration file for CONFIG, a <hostapd-configuration>."
1406 (match-record config <hostapd-configuration>
1407 (interface ssid broadcast-ssid? channel driver extra-settings)
1408 (plain-file "hostapd.conf"
1409 (string-append "\
1410# Generated from your Guix configuration.
1411
1412interface=" interface "
1413ssid=" ssid "
1414ignore_broadcast_ssid=" (if broadcast-ssid? "0" "1") "
1415channel=" (number->string channel) "\n"
1416extra-settings "\n"))))
1417
1418(define* (hostapd-shepherd-services config #:key (requirement '()))
1419 "Return Shepherd services for hostapd."
1420 (list (shepherd-service
1421 (provision '(hostapd))
1422 (requirement `(user-processes ,@requirement))
1423 (documentation "Run the hostapd WiFi access point daemon.")
1424 (start #~(make-forkexec-constructor
1425 (list #$(file-append hostapd "/sbin/hostapd")
1426 #$(hostapd-configuration-file config))
1427 #:log-file "/var/log/hostapd.log"))
1428 (stop #~(make-kill-destructor)))))
1429
1430(define hostapd-service-type
1431 (service-type
1432 (name 'hostapd)
1433 (extensions
1434 (list (service-extension shepherd-root-service-type
1435 hostapd-shepherd-services)))
1436 (description
1437 "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access
1438points and authentication servers.")))
1439
5e7076f2
LC		 1440(define (simulated-wifi-shepherd-services config)
1441 "Return Shepherd services to run hostapd with CONFIG, a
1442<hostapd-configuration>, as well as services to set up WiFi hardware
1443simulation."
1444 (append (hostapd-shepherd-services config
1445 #:requirement
1446 '(unblocked-wifi
ef20acae 1447 kernel-module-loader))
5e7076f2
LC		 1448 (list (shepherd-service
1449 (provision '(unblocked-wifi))
ef20acae 1450 (requirement '(file-systems kernel-module-loader))
5e7076f2
LC		 1451 (documentation
1452 "Unblock WiFi devices for use by mac80211_hwsim.")
1453 (start #~(lambda _
1454 (invoke #$(file-append util-linux "/sbin/rfkill")
1455 "unblock" "0")
1456 (invoke #$(file-append util-linux "/sbin/rfkill")
1457 "unblock" "1")))
5e7076f2
LC		 1458 (one-shot? #t)))))
1459
1460(define simulated-wifi-service-type
1461 (service-type
1462 (name 'simulated-wifi)
1463 (extensions
1464 (list (service-extension shepherd-root-service-type
ef20acae
BW		 1465 simulated-wifi-shepherd-services)
1466 (service-extension kernel-module-loader-service-type
1467 (const '("mac80211_hwsim")))))
5e7076f2
LC		 1468 (default-value (hostapd-configuration
1469 (interface "wlan1")
1470 (ssid "Test Network")))
1471 (description "Run hostapd to simulate WiFi connectivity.")))
1472
a03943ec 1473\f
c32d02fe
SB		 1474;;;
1475;;; Open vSwitch
1476;;;
1477
1478(define-record-type* <openvswitch-configuration>
1479 openvswitch-configuration make-openvswitch-configuration
1480 openvswitch-configuration?
1481 (package openvswitch-configuration-package
1482 (default openvswitch)))
1483
1484(define openvswitch-activation
1485 (match-lambda
1486 (($ <openvswitch-configuration> package)
1487 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1488 (with-imported-modules '((guix build utils))
1489 #~(begin
1490 (use-modules (guix build utils))
1491 (mkdir-p "/var/run/openvswitch")
1492 (mkdir-p "/var/lib/openvswitch")
1493 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1494 (unless (file-exists? conf.db)
1495 (system* #$ovsdb-tool "create" conf.db)))))))))
1496
1497(define openvswitch-shepherd-service
1498 (match-lambda
1499 (($ <openvswitch-configuration> package)
1500 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1501 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1502 (list
1503 (shepherd-service
1504 (provision '(ovsdb))
1505 (documentation "Run the Open vSwitch database server.")
1506 (start #~(make-forkexec-constructor
1507 (list #$ovsdb-server "--pidfile"
1508 "--remote=punix:/var/run/openvswitch/db.sock")
1509 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1510 (stop #~(make-kill-destructor)))
1511 (shepherd-service
1512 (provision '(vswitchd))
1513 (requirement '(ovsdb))
1514 (documentation "Run the Open vSwitch daemon.")
1515 (start #~(make-forkexec-constructor
1516 (list #$ovs-vswitchd "--pidfile")
1517 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1518 (stop #~(make-kill-destructor))))))))
1519
1520(define openvswitch-service-type
1521 (service-type
1522 (name 'openvswitch)
1523 (extensions
1524 (list (service-extension activation-service-type
1525 openvswitch-activation)
1526 (service-extension profile-service-type
1527 (compose list openvswitch-configuration-package))
1528 (service-extension shepherd-root-service-type
3f0de257
LC		 1529 openvswitch-shepherd-service)))
1530 (description
1531 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1532switch designed to enable massive network automation through programmatic
e73ded3c
MB		 1533extension.")
1534 (default-value (openvswitch-configuration))))
c32d02fe 1535
9926b8f8
AI		 1536;;;
1537;;; iptables
1538;;;
1539
1540(define %iptables-accept-all-rules
1541 (plain-file "iptables-accept-all.rules"
1542 "*filter
1543:INPUT ACCEPT
1544:FORWARD ACCEPT
1545:OUTPUT ACCEPT
1546COMMIT
1547"))
1548
1549(define-record-type* <iptables-configuration>
1550 iptables-configuration make-iptables-configuration iptables-configuration?
1551 (iptables iptables-configuration-iptables
1552 (default iptables))
1553 (ipv4-rules iptables-configuration-ipv4-rules
1554 (default %iptables-accept-all-rules))
1555 (ipv6-rules iptables-configuration-ipv6-rules
1556 (default %iptables-accept-all-rules)))
1557
1558(define iptables-shepherd-service
1559 (match-lambda
1560 (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
1561 (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
1562 (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
1563 (shepherd-service
1564 (documentation "Packet filtering framework")
1565 (provision '(iptables))
1566 (start #~(lambda _
1567 (invoke #$iptables-restore #$ipv4-rules)
1568 (invoke #$ip6tables-restore #$ipv6-rules)))
1569 (stop #~(lambda _
1570 (invoke #$iptables-restore #$%iptables-accept-all-rules)
1571 (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
1572
1573(define iptables-service-type
1574 (service-type
1575 (name 'iptables)
1576 (description
1577 "Run @command{iptables-restore}, setting up the specified rules.")
1578 (extensions
1579 (list (service-extension shepherd-root-service-type
1580 (compose list iptables-shepherd-service))))))
1581
3c4f5ad7
SB		 1582;;;
1583;;; nftables
1584;;;
1585
1586(define %default-nftables-ruleset
1587 (plain-file "nftables.conf"
1588 "# A simple and safe firewall
1589table inet filter {
1590 chain input {
1591 type filter hook input priority 0; policy drop;
1592
1593 # early drop of invalid connections
1594 ct state invalid drop
1595
1596 # allow established/related connections
1597 ct state { established, related } accept
1598
1599 # allow from loopback
1600 iifname lo accept
1601
1602 # allow icmp
1603 ip protocol icmp accept
1604 ip6 nexthdr icmpv6 accept
1605
1606 # allow ssh
1607 tcp dport ssh accept
1608
1609 # reject everything else
1610 reject with icmpx type port-unreachable
1611 }
1612 chain forward {
1613 type filter hook forward priority 0; policy drop;
1614 }
1615 chain output {
1616 type filter hook output priority 0; policy accept;
1617 }
1618}
1619"))
1620
1621(define-record-type* <nftables-configuration>
1622 nftables-configuration
1623 make-nftables-configuration
1624 nftables-configuration?
1625 (package nftables-configuration-package
1626 (default nftables))
1627 (ruleset nftables-configuration-ruleset ; file-like object
1628 (default %default-nftables-ruleset)))
1629
1630(define nftables-shepherd-service
1631 (match-lambda
1632 (($ <nftables-configuration> package ruleset)
1633 (let ((nft (file-append package "/sbin/nft")))
1634 (shepherd-service
1635 (documentation "Packet filtering and classification")
1636 (provision '(nftables))
1637 (start #~(lambda _
1638 (invoke #$nft "--file" #$ruleset)))
1639 (stop #~(lambda _
1640 (invoke #$nft "flush" "ruleset"))))))))
1641
1642(define nftables-service-type
1643 (service-type
1644 (name 'nftables)
1645 (description
1646 "Run @command{nft}, setting up the specified ruleset.")
1647 (extensions
1648 (list (service-extension shepherd-root-service-type
1649 (compose list nftables-shepherd-service))
1650 (service-extension profile-service-type
1651 (compose list nftables-configuration-package))))
1652 (default-value (nftables-configuration))))
1653
a2161c86
AG		 1654\f
1655;;;
1656;;; PageKite
1657;;;
1658
1659(define-record-type* <pagekite-configuration>
1660 pagekite-configuration
1661 make-pagekite-configuration
1662 pagekite-configuration?
1663 (package pagekite-configuration-package
1664 (default pagekite))
1665 (kitename pagekite-configuration-kitename
1666 (default #f))
1667 (kitesecret pagekite-configuration-kitesecret
1668 (default #f))
1669 (frontend pagekite-configuration-frontend
1670 (default #f))
1671 (kites pagekite-configuration-kites
1672 (default '("http:@kitename:localhost:80:@kitesecret")))
1673 (extra-file pagekite-configuration-extra-file
1674 (default #f)))
1675
1676(define (pagekite-configuration-file config)
1677 (match-record config <pagekite-configuration>
1678 (package kitename kitesecret frontend kites extra-file)
1679 (mixed-text-file "pagekite.rc"
1680 (if extra-file
1681 (string-append "optfile = " extra-file "\n")
1682 "")
1683 (if kitename
1684 (string-append "kitename = " kitename "\n")
1685 "")
1686 (if kitesecret
1687 (string-append "kitesecret = " kitesecret "\n")
1688 "")
1689 (if frontend
1690 (string-append "frontend = " frontend "\n")
1691 "defaults\n")
1692 (string-join (map (lambda (kite)
1693 (string-append "service_on = " kite))
1694 kites)
1695 "\n"
1696 'suffix))))
1697
1698(define (pagekite-shepherd-service config)
1699 (match-record config <pagekite-configuration>
1700 (package kitename kitesecret frontend kites extra-file)
1701 (with-imported-modules (source-module-closure
1702 '((gnu build shepherd)
1703 (gnu system file-systems)))
1704 (shepherd-service
1705 (documentation "Run the PageKite service.")
1706 (provision '(pagekite))
1707 (requirement '(networking))
1708 (modules '((gnu build shepherd)
1709 (gnu system file-systems)))
1710 (start #~(make-forkexec-constructor/container
1711 (list #$(file-append package "/bin/pagekite")
1712 "--clean"
1713 "--nullui"
1714 "--nocrashreport"
1715 "--runas=pagekite:pagekite"
1716 (string-append "--optfile="
1717 #$(pagekite-configuration-file config)))
1718 #:log-file "/var/log/pagekite.log"
1719 #:mappings #$(if extra-file
1720 #~(list (file-system-mapping
1721 (source #$extra-file)
1722 (target source)))
1723 #~'())))
1724 ;; SIGTERM doesn't always work for some reason.
1725 (stop #~(make-kill-destructor SIGINT))))))
1726
1727(define %pagekite-accounts
1728 (list (user-group (name "pagekite") (system? #t))
1729 (user-account
1730 (name "pagekite")
1731 (group "pagekite")
1732 (system? #t)
1733 (comment "PageKite user")
1734 (home-directory "/var/empty")
1735 (shell (file-append shadow "/sbin/nologin")))))
1736
1737(define pagekite-service-type
1738 (service-type
1739 (name 'pagekite)
1740 (default-value (pagekite-configuration))
1741 (extensions
1742 (list (service-extension shepherd-root-service-type
1743 (compose list pagekite-shepherd-service))
1744 (service-extension account-service-type
1745 (const %pagekite-accounts))))
1746 (description
1747 "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
1748local servers publicly accessible on the web, even behind NATs and firewalls.")))
1749
db4fdc04 1750;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/