HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: plantuml: Update to 1.2020.16.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
0f13dd2b 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
0ba3a38b 4;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
acce0a47 8;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
9926b8f8 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
f5be5104 12;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
40557aea 13;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
3c4f5ad7 14;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
a2161c86 15;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
ef20acae 16;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
db4fdc04
LC		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu services networking)
34 #:use-module (gnu services)
c9436025 35 #:use-module (gnu services base)
a03943ec 36 #:use-module (gnu services configuration)
ef20acae 37 #:use-module (gnu services linux)
0190c1c0 38 #:use-module (gnu services shepherd)
0adfe95a 39 #:use-module (gnu services dbus)
927097ef 40 #:use-module (gnu system shadow)
6e828634 41 #:use-module (gnu system pam)
db4fdc04 42 #:use-module (gnu packages admin)
f5be5104
FP		 43 #:use-module (gnu packages base)
44 #:use-module (gnu packages bash)
76192896 45 #:use-module (gnu packages connman)
d94e81db 46 #:use-module (gnu packages freedesktop)
db4fdc04 47 #:use-module (gnu packages linux)
927097ef 48 #:use-module (gnu packages tor)
f5be5104 49 #:use-module (gnu packages usb-modeswitch)
4627a464 50 #:use-module (gnu packages messaging)
c32d02fe 51 #:use-module (gnu packages networking)
63854bcb 52 #:use-module (gnu packages ntp)
b7d0c494 53 #:use-module (gnu packages wicd)
7234ad4f 54 #:use-module (gnu packages gnome)
b5f4e686 55 #:use-module (guix gexp)
0adfe95a 56 #:use-module (guix records)
a062b6ca 57 #:use-module (guix modules)
e52b9534 58 #:use-module (guix packages)
65a67bf7 59 #:use-module (guix deprecation)
5658ae8a 60 #:use-module (rnrs enums)
6331bde7
LC		 61 #:use-module (srfi srfi-1)
62 #:use-module (srfi srfi-9)
63854bcb 63 #:use-module (srfi srfi-26)
0adfe95a 64 #:use-module (ice-9 match)
70ab130a
DM		 65 #:re-export (static-networking-service
66 static-networking-service-type)
fa0c1d61 67 #:export (%facebook-host-aliases
a023cca8 68 dhcp-client-service
39d7fdce 69 dhcp-client-service-type
f1104d90
CM		 70
71 dhcpd-service-type
72 dhcpd-configuration
73 dhcpd-configuration?
74 dhcpd-configuration-package
75 dhcpd-configuration-config-file
76 dhcpd-configuration-version
77 dhcpd-configuration-run-directory
78 dhcpd-configuration-lease-file
79 dhcpd-configuration-pid-file
80 dhcpd-configuration-interfaces
81
24e96431
 82 ntp-configuration
83 ntp-configuration?
5658ae8a
MC		 84 ntp-configuration-ntp
85 ntp-configuration-servers
86 ntp-allow-large-adjustment?
87
88 %ntp-servers
89 ntp-server
90 ntp-server-type
91 ntp-server-address
92 ntp-server-options
93
63854bcb 94 ntp-service
24e96431
 95 ntp-service-type
96
5658ae8a 97 %openntpd-servers
16718b67
EF		 98 openntpd-configuration
99 openntpd-configuration?
100 openntpd-service-type
101
9260b9d1
TD		 102 inetd-configuration
103 inetd-entry
104 inetd-service-type
105
24e96431
 106 tor-configuration
107 tor-configuration?
6331bde7 108 tor-hidden-service
4627a464 109 tor-service
24e96431
 110 tor-service-type
111
e48fcd7b 112 wicd-service-type
7234ad4f 113 wicd-service
b726096b
CB		 114
115 network-manager-configuration
116 network-manager-configuration?
117 network-manager-configuration-dns
4e37cf35 118 network-manager-configuration-vpn-plugins
b726096b
CB		 119 network-manager-service-type
120
34d60c49
MO		 121 connman-configuration
122 connman-configuration?
123 connman-service-type
124
d94e81db
DM		 125 modem-manager-configuration
126 modem-manager-configuration?
127 modem-manager-service-type
acce0a47 128
f5be5104
FP		 129 usb-modeswitch-configuration
130 usb-modeswitch-configuration?
131 usb-modeswitch-configuration-usb-modeswitch
132 usb-modeswitch-configuration-usb-modeswitch-data
133 usb-modeswitch-service-type
134
acce0a47
MB		 135 wpa-supplicant-configuration
136 wpa-supplicant-configuration?
137 wpa-supplicant-configuration-wpa-supplicant
4d060767 138 wpa-supplicant-configuration-requirement
acce0a47
MB		 139 wpa-supplicant-configuration-pid-file
140 wpa-supplicant-configuration-dbus?
141 wpa-supplicant-configuration-interface
142 wpa-supplicant-configuration-config-file
143 wpa-supplicant-configuration-extra-options
c32d02fe
SB		 144 wpa-supplicant-service-type
145
a03943ec
LC		 146 hostapd-configuration
147 hostapd-configuration?
148 hostapd-configuration-package
149 hostapd-configuration-interface
150 hostapd-configuration-ssid
151 hostapd-configuration-broadcast-ssid?
152 hostapd-configuration-channel
153 hostapd-configuration-driver
154 hostapd-service-type
155
5e7076f2
LC		 156 simulated-wifi-service-type
157
c32d02fe 158 openvswitch-service-type
9926b8f8
AI		 159 openvswitch-configuration
160
161 iptables-configuration
162 iptables-configuration?
163 iptables-configuration-iptables
164 iptables-configuration-ipv4-rules
165 iptables-configuration-ipv6-rules
3c4f5ad7
SB		 166 iptables-service-type
167
168 nftables-service-type
169 nftables-configuration
170 nftables-configuration?
171 nftables-configuration-package
172 nftables-configuration-ruleset
a2161c86
AG		 173 %default-nftables-ruleset
174
175 pagekite-service-type
176 pagekite-configuration
177 pagekite-configuration?
178 pagekite-configuration-package
179 pagekite-configuration-kitename
180 pagekite-configuration-kitesecret
181 pagekite-configuration-frontend
182 pagekite-configuration-kites
183 pagekite-configuration-extra-file))
db4fdc04
LC		 184
185;;; Commentary:
186;;;
187;;; Networking services.
188;;;
189;;; Code:
190
fa0c1d61
LC		 191(define %facebook-host-aliases
192 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
193 ;; are to block it.
194 "\
195# Block Facebook IPv4.
196127.0.0.1 www.facebook.com
197127.0.0.1 facebook.com
198127.0.0.1 login.facebook.com
199127.0.0.1 www.login.facebook.com
200127.0.0.1 fbcdn.net
201127.0.0.1 www.fbcdn.net
202127.0.0.1 fbcdn.com
203127.0.0.1 www.fbcdn.com
204127.0.0.1 static.ak.fbcdn.net
205127.0.0.1 static.ak.connect.facebook.com
206127.0.0.1 connect.facebook.net
207127.0.0.1 www.connect.facebook.net
208127.0.0.1 apps.facebook.com
209
210# Block Facebook IPv6.
211fe80::1%lo0 facebook.com
212fe80::1%lo0 login.facebook.com
213fe80::1%lo0 www.login.facebook.com
214fe80::1%lo0 fbcdn.net
215fe80::1%lo0 www.fbcdn.net
216fe80::1%lo0 fbcdn.com
217fe80::1%lo0 www.fbcdn.com
218fe80::1%lo0 static.ak.fbcdn.net
219fe80::1%lo0 static.ak.connect.facebook.com
220fe80::1%lo0 connect.facebook.net
221fe80::1%lo0 www.connect.facebook.net
222fe80::1%lo0 apps.facebook.com\n")
223
0adfe95a 224(define dhcp-client-service-type
d4053c71 225 (shepherd-service-type
00184239 226 'dhcp-client
0adfe95a
LC		 227 (lambda (dhcp)
228 (define dhclient
9e41130b 229 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 230
231 (define pid-file
232 "/var/run/dhclient.pid")
233
d4053c71 234 (shepherd-service
0adfe95a
LC		 235 (documentation "Set up networking via DHCP.")
236 (requirement '(user-processes udev))
237
238 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
239 ;; networking is unavailable, but also means that the interface is not up
240 ;; yet when 'start' completes. To wait for the interface to be ready, one
241 ;; should instead monitor udev events.
242 (provision '(networking))
243
244 (start #~(lambda _
245 ;; When invoked without any arguments, 'dhclient' discovers all
246 ;; non-loopback interfaces *that are up*. However, the relevant
247 ;; interfaces are typically down at this point. Thus we perform
248 ;; our own interface discovery here.
249 (define valid?
6c2180f5
MB		 250 (lambda (interface)
251 (and (arp-network-interface? interface)
747b7246
BW		 252 (not (loopback-network-interface? interface))
253 ;; XXX: Make sure the interfaces are up so that
254 ;; 'dhclient' can actually send/receive over them.
255 ;; Ignore those that cannot be activated.
256 (false-if-exception
257 (set-network-interface-up interface)))))
0adfe95a
LC		 258 (define ifaces
259 (filter valid? (all-network-interface-names)))
260
0adfe95a
LC		 261 (false-if-exception (delete-file #$pid-file))
262 (let ((pid (fork+exec-command
263 (cons* #$dhclient "-nw"
264 "-pf" #$pid-file ifaces))))
265 (and (zero? (cdr (waitpid pid)))
6f03b080 266 (read-pid-file #$pid-file)))))
39d7fdce
LC		 267 (stop #~(make-kill-destructor))))
268 isc-dhcp))
db4fdc04 269
65a67bf7
LC		 270(define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp))
271 dhcp-client-service-type
a023cca8
LC		 272 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
273Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 274 (service dhcp-client-service-type dhcp))
a023cca8 275
f1104d90
CM		 276(define-record-type* <dhcpd-configuration>
277 dhcpd-configuration make-dhcpd-configuration
278 dhcpd-configuration?
279 (package dhcpd-configuration-package ;<package>
280 (default isc-dhcp))
281 (config-file dhcpd-configuration-config-file ;file-like
282 (default #f))
283 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 284 (default "4"))
f1104d90
CM		 285 (run-directory dhcpd-configuration-run-directory
286 (default "/run/dhcpd"))
287 (lease-file dhcpd-configuration-lease-file
288 (default "/var/db/dhcpd.leases"))
289 (pid-file dhcpd-configuration-pid-file
290 (default "/run/dhcpd/dhcpd.pid"))
291 ;; list of strings, e.g. (list "enp0s25")
292 (interfaces dhcpd-configuration-interfaces
293 (default '())))
294
295(define dhcpd-shepherd-service
296 (match-lambda
297 (($ <dhcpd-configuration> package config-file version run-directory
298 lease-file pid-file interfaces)
299 (unless config-file
300 (error "Must supply a config-file"))
301 (list (shepherd-service
302 ;; Allow users to easily run multiple versions simultaneously.
303 (provision (list (string->symbol
304 (string-append "dhcpv" version "-daemon"))))
305 (documentation (string-append "Run the DHCPv" version " daemon"))
306 (requirement '(networking))
307 (start #~(make-forkexec-constructor
308 '(#$(file-append package "/sbin/dhcpd")
309 #$(string-append "-" version)
310 "-lf" #$lease-file
311 "-pf" #$pid-file
312 "-cf" #$config-file
313 #$@interfaces)
314 #:pid-file #$pid-file))
315 (stop #~(make-kill-destructor)))))))
316
317(define dhcpd-activation
318 (match-lambda
319 (($ <dhcpd-configuration> package config-file version run-directory
320 lease-file pid-file interfaces)
321 (with-imported-modules '((guix build utils))
322 #~(begin
323 (unless (file-exists? #$run-directory)
324 (mkdir #$run-directory))
325 ;; According to the DHCP manual (man dhcpd.leases), the lease
326 ;; database must be present for dhcpd to start successfully.
327 (unless (file-exists? #$lease-file)
328 (with-output-to-file #$lease-file
329 (lambda _ (display ""))))
330 ;; Validate the config.
0f13dd2b 331 (invoke/quiet
f1104d90
CM		 332 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
333 #$config-file))))))
334
335(define dhcpd-service-type
336 (service-type
337 (name 'dhcpd)
338 (extensions
339 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
dd0804c6
LC		 340 (service-extension activation-service-type dhcpd-activation)))
341 (description "Run a DHCP (Dynamic Host Configuration Protocol) daemon. The
342daemon is responsible for allocating IP addresses to its client.")))
f1104d90 343
0adfe95a
LC		 344\f
345;;;
346;;; NTP.
347;;;
348
5658ae8a
MC		 349(define ntp-server-types (make-enumeration
350 '(pool
351 server
352 peer
353 broadcast
354 manycastclient)))
355
356(define-record-type* <ntp-server>
357 ntp-server make-ntp-server
358 ntp-server?
359 ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration.
360 (type ntp-server-type
361 (default 'server))
362 (address ntp-server-address) ; a string
363 ;; The list of options can contain single option names or tuples in the form
364 ;; '(name value).
365 (options ntp-server-options
366 (default '())))
367
368(define (ntp-server->string ntp-server)
369 ;; Serialize the NTP server object as a string, ready to use in the NTP
370 ;; configuration file.
371 (define (flatten lst)
372 (reverse
373 (let loop ((x lst)
374 (res '()))
375 (if (list? x)
376 (fold loop res x)
97bc3cbe 377 (cons (format #f "~a" x) res)))))
5658ae8a
MC		 378
379 (match ntp-server
380 (($ <ntp-server> type address options)
381 ;; XXX: It'd be neater if fields were validated at the syntax level (for
382 ;; static ones at least). Perhaps the Guix record type could support a
383 ;; predicate property on a field?
384 (unless (enum-set-member? type ntp-server-types)
385 (error "Invalid NTP server type" type))
386 (string-join (cons* (symbol->string type)
387 address
388 (flatten options))))))
389
390(define %ntp-servers
391 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
392 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
393 ;; for this NTP pool "zone".
394 (list
395 (ntp-server
396 (type 'pool)
397 (address "0.guix.pool.ntp.org")
398 (options '("iburst"))))) ;as recommended in the ntpd manual
399
0adfe95a
LC		 400(define-record-type* <ntp-configuration>
401 ntp-configuration make-ntp-configuration
402 ntp-configuration?
403 (ntp ntp-configuration-ntp
404 (default ntp))
5658ae8a 405 (servers %ntp-configuration-servers ;list of <ntp-server> objects
64791eb7 406 (default %ntp-servers))
dc0322b5 407 (allow-large-adjustment? ntp-allow-large-adjustment?
08b4a10f 408 (default #t))) ;as recommended in the ntpd manual
0adfe95a 409
5658ae8a
MC		 410(define (ntp-configuration-servers ntp-configuration)
411 ;; A wrapper to support the deprecated form of this field.
412 (let ((ntp-servers (%ntp-configuration-servers ntp-configuration)))
413 (match ntp-servers
414 (((? string?) (? string?) ...)
415 (format (current-error-port) "warning: Defining NTP servers as strings is \
416deprecated. Please use <ntp-server> records instead.\n")
417 (map (lambda (addr)
418 (ntp-server
419 (type 'server)
420 (address addr)
421 (options '()))) ntp-servers))
422 ((($ <ntp-server>) ($ <ntp-server>) ...)
423 ntp-servers))))
424
d4053c71 425(define ntp-shepherd-service
f37ad658
MC		 426 (lambda (config)
427 (match config
428 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
429 (let ((servers (ntp-configuration-servers config)))
430 ;; TODO: Add authentication support.
431 (define config
432 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
433 (string-join (map ntp-server->string servers)
434 "\n")
435 "
63854bcb
LC		 436# Disable status queries as a workaround for CVE-2013-5211:
437# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
d4de2f9e
MC		 438restrict default kod nomodify notrap nopeer noquery limited
439restrict -6 default kod nomodify notrap nopeer noquery limited
63854bcb
LC		 440
441# Yet, allow use of the local 'ntpq'.
442restrict 127.0.0.1
5658ae8a
MC		 443restrict -6 ::1
444
445# This is required to use servers from a pool directive when using the 'nopeer'
446# option by default, as documented in the 'ntp.conf' manual.
447restrict source notrap nomodify noquery\n"))
63854bcb 448
f37ad658
MC		 449 (define ntpd.conf
450 (plain-file "ntpd.conf" config))
451
452 (list (shepherd-service
453 (provision '(ntpd))
454 (documentation "Run the Network Time Protocol (NTP) daemon.")
455 (requirement '(user-processes networking))
456 (start #~(make-forkexec-constructor
457 (list (string-append #$ntp "/bin/ntpd") "-n"
458 "-c" #$ntpd.conf "-u" "ntpd"
459 #$@(if allow-large-adjustment?
460 '("-g")
461 '()))))
462 (stop #~(make-kill-destructor)))))))))
0adfe95a
LC		 463
464(define %ntp-accounts
465 (list (user-account
466 (name "ntpd")
467 (group "nogroup")
468 (system? #t)
469 (comment "NTP daemon user")
470 (home-directory "/var/empty")
9e41130b 471 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 472
1c6c0ad0
JD		 473
474(define (ntp-service-activation config)
475 "Return the activation gexp for CONFIG."
476 (with-imported-modules '((guix build utils))
477 #~(begin
e57bd0be 478 (use-modules (guix build utils))
1c6c0ad0
JD		 479 (define %user
480 (getpw "ntpd"))
481
482 (let ((directory "/var/run/ntpd"))
483 (mkdir-p directory)
484 (chown directory (passwd:uid %user) (passwd:gid %user))))))
485
0adfe95a
LC		 486(define ntp-service-type
487 (service-type (name 'ntp)
488 (extensions
d4053c71
AK		 489 (list (service-extension shepherd-root-service-type
490 ntp-shepherd-service)
0adfe95a 491 (service-extension account-service-type
1c6c0ad0
JD		 492 (const %ntp-accounts))
493 (service-extension activation-service-type
3f0de257
LC		 494 ntp-service-activation)))
495 (description
496 "Run the @command{ntpd}, the Network Time Protocol (NTP)
497daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
64791eb7
LC		 498will keep the system clock synchronized with that of the given servers.")
499 (default-value (ntp-configuration))))
0adfe95a 500
65a67bf7
LC		 501(define-deprecated (ntp-service #:key (ntp ntp)
502 (servers %ntp-servers)
503 allow-large-adjustment?)
504 ntp-service-type
0adfe95a
LC		 505 "Return a service that runs the daemon from @var{ntp}, the
506@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 507keep the system clock synchronized with that of @var{servers}.
508@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
509make an initial adjustment of more than 1,000 seconds."
0adfe95a 510 (service ntp-service-type
dc0322b5
LC		 511 (ntp-configuration (ntp ntp)
512 (servers servers)
513 (allow-large-adjustment?
514 allow-large-adjustment?))))
0adfe95a
LC		 515
516\f
16718b67
EF		 517;;;
518;;; OpenNTPD.
519;;;
520
5658ae8a
MC		 521(define %openntpd-servers
522 (map ntp-server-address %ntp-servers))
523
16718b67
EF		 524(define-record-type* <openntpd-configuration>
525 openntpd-configuration make-openntpd-configuration
526 openntpd-configuration?
527 (openntpd openntpd-configuration-openntpd
528 (default openntpd))
529 (listen-on openntpd-listen-on
530 (default '("127.0.0.1"
531 "::1")))
532 (query-from openntpd-query-from
533 (default '()))
534 (sensor openntpd-sensor
535 (default '()))
536 (server openntpd-server
16718b67 537 (default '()))
5658ae8a
MC		 538 (servers openntpd-servers
539 (default %openntpd-servers))
16718b67
EF		 540 (constraint-from openntpd-constraint-from
541 (default '()))
542 (constraints-from openntpd-constraints-from
543 (default '()))
544 (allow-large-adjustment? openntpd-allow-large-adjustment?
545 (default #f))) ; upstream default
546
2625abc6 547(define (openntpd-configuration->string config)
ccdfae38
MC		 548
549 (define (quote-field? name)
550 (member name '("constraints from")))
551
16718b67 552 (match-record config <openntpd-configuration>
2625abc6
MC		 553 (listen-on query-from sensor server servers constraint-from
554 constraints-from)
ccdfae38 555 (string-append
2625abc6 556 (string-join
ccdfae38
MC		 557 (concatenate
558 (filter-map (lambda (field values)
559 (match values
560 (() #f) ;discard entry with filter-map
561 ((val ...) ;validate value type
562 (map (lambda (value)
563 (if (quote-field? field)
564 (format #f "~a \"~a\"" field value)
565 (format #f "~a ~a" field value)))
566 values))))
567 ;; The entry names.
568 '("listen on" "query from" "sensor" "server" "servers"
569 "constraint from" "constraints from")
570 ;; The corresponding entry values.
571 (list listen-on query-from sensor server servers
572 constraint-from constraints-from)))
573 "\n")
574 "\n"))) ;add a trailing newline
2625abc6
MC		 575
576(define (openntpd-shepherd-service config)
577 (let ((openntpd (openntpd-configuration-openntpd config))
578 (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
afd39a76
MC		 579
580 (define ntpd.conf
2625abc6 581 (plain-file "ntpd.conf" (openntpd-configuration->string config)))
afd39a76
MC		 582
583 (list (shepherd-service
584 (provision '(ntpd))
585 (documentation "Run the Network Time Protocol (NTP) daemon.")
586 (requirement '(user-processes networking))
587 (start #~(make-forkexec-constructor
588 (list (string-append #$openntpd "/sbin/ntpd")
589 "-f" #$ntpd.conf
590 "-d" ;; don't daemonize
591 #$@(if allow-large-adjustment?
592 '("-s")
593 '()))
594 ;; When ntpd is daemonized it repeatedly tries to respawn
595 ;; while running, leading shepherd to disable it. To
596 ;; prevent spamming stderr, redirect output to logfile.
597 #:log-file "/var/log/ntpd"))
598 (stop #~(make-kill-destructor))))))
16718b67
EF		 599
600(define (openntpd-service-activation config)
601 "Return the activation gexp for CONFIG."
602 (with-imported-modules '((guix build utils))
603 #~(begin
604 (use-modules (guix build utils))
605
606 (mkdir-p "/var/db")
607 (mkdir-p "/var/run")
608 (unless (file-exists? "/var/db/ntpd.drift")
609 (with-output-to-file "/var/db/ntpd.drift"
610 (lambda _
611 (format #t "0.0")))))))
612
613(define openntpd-service-type
614 (service-type (name 'openntpd)
615 (extensions
616 (list (service-extension shepherd-root-service-type
617 openntpd-shepherd-service)
618 (service-extension account-service-type
619 (const %ntp-accounts))
19f20f4f
EF		 620 (service-extension profile-service-type
621 (compose list openntpd-configuration-openntpd))
16718b67
EF		 622 (service-extension activation-service-type
623 openntpd-service-activation)))
624 (default-value (openntpd-configuration))
625 (description
626 "Run the @command{ntpd}, the Network Time Protocol (NTP)
627daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
628daemon will keep the system clock synchronized with that of the given servers.")))
629
630\f
9260b9d1
TD		 631;;;
632;;; Inetd.
633;;;
634
635(define-record-type* <inetd-configuration> inetd-configuration
636 make-inetd-configuration
637 inetd-configuration?
638 (program inetd-configuration-program ;file-like
639 (default (file-append inetutils "/libexec/inetd")))
640 (entries inetd-configuration-entries ;list of <inetd-entry>
641 (default '())))
642
643(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
644 inetd-entry?
645 (node inetd-entry-node ;string or #f
646 (default #f))
647 (name inetd-entry-name) ;string, from /etc/services
648
649 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
650 ;rdm | seqpacket
651 (protocol inetd-entry-protocol) ;string, from /etc/protocols
652
653 (wait? inetd-entry-wait? ;Boolean
654 (default #t))
655 (user inetd-entry-user) ;string
656
657 (program inetd-entry-program ;string or file-like object
658 (default "internal"))
659 (arguments inetd-entry-arguments ;list of strings or file-like objects
660 (default '())))
661
662(define (inetd-config-file entries)
663 (apply mixed-text-file "inetd.conf"
664 (map
665 (lambda (entry)
666 (let* ((node (inetd-entry-node entry))
667 (name (inetd-entry-name entry))
668 (socket
669 (if node (string-append node ":" name) name))
670 (type
671 (match (inetd-entry-socket-type entry)
672 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
673 (symbol->string (inetd-entry-socket-type entry)))))
674 (protocol (inetd-entry-protocol entry))
675 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
676 (user (inetd-entry-user entry))
677 (program (inetd-entry-program entry))
678 (args (inetd-entry-arguments entry)))
679 #~(string-append
680 (string-join
681 (list #$@(list socket type protocol wait user program) #$@args)
682 " ") "\n")))
683 entries)))
684
685(define inetd-shepherd-service
686 (match-lambda
687 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
688 (($ <inetd-configuration> program entries)
689 (list
690 (shepherd-service
691 (documentation "Run inetd.")
692 (provision '(inetd))
693 (requirement '(user-processes networking syslogd))
694 (start #~(make-forkexec-constructor
695 (list #$program #$(inetd-config-file entries))
696 #:pid-file "/var/run/inetd.pid"))
697 (stop #~(make-kill-destructor)))))))
698
699(define-public inetd-service-type
700 (service-type
701 (name 'inetd)
702 (extensions
703 (list (service-extension shepherd-root-service-type
704 inetd-shepherd-service)))
705
706 ;; The service can be extended with additional lists of entries.
707 (compose concatenate)
708 (extend (lambda (config entries)
709 (inetd-configuration
710 (inherit config)
711 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 712 entries)))))
713 (description
714 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
715for listening on Internet sockets and spawning the corresponding services on
716demand.")))
9260b9d1
TD		 717
718\f
0adfe95a
LC		 719;;;
720;;; Tor.
721;;;
722
6331bde7
LC		 723(define-record-type* <tor-configuration>
724 tor-configuration make-tor-configuration
725 tor-configuration?
726 (tor tor-configuration-tor
727 (default tor))
3d3c5650
LC		 728 (config-file tor-configuration-config-file
729 (default (plain-file "empty" "")))
6331bde7 730 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 731 (default '()))
732 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
733 (default 'tcp)))
6331bde7 734
0adfe95a
LC		 735(define %tor-accounts
736 ;; User account and groups for Tor.
737 (list (user-group (name "tor") (system? #t))
738 (user-account
739 (name "tor")
740 (group "tor")
741 (system? #t)
742 (comment "Tor daemon user")
743 (home-directory "/var/empty")
9e41130b 744 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 745
6331bde7
LC		 746(define-record-type <hidden-service>
747 (hidden-service name mapping)
748 hidden-service?
749 (name hidden-service-name) ;string
750 (mapping hidden-service-mapping)) ;list of port/address tuples
751
752(define (tor-configuration->torrc config)
753 "Return a 'torrc' file for CONFIG."
754 (match config
3bcb305b 755 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 756 (computed-file
757 "torrc"
4ee96a79
LC		 758 (with-imported-modules '((guix build utils))
759 #~(begin
760 (use-modules (guix build utils)
761 (ice-9 match))
762
763 (call-with-output-file #$output
764 (lambda (port)
765 (display "\
0975ca3f 766### These lines were generated from your system configuration:
5ee35eb7 767User tor
6629099a 768DataDirectory /var/lib/tor
5dfd80e1 769PidFile /var/run/tor/tor.pid
5ee35eb7 770Log notice syslog\n" port)
3bcb305b
CM		 771 (when (eq? 'unix '#$socks-socket-type)
772 (display "\
773SocksPort unix:/var/run/tor/socks-sock
774UnixSocksGroupWritable 1\n" port))
6331bde7 775
4ee96a79
LC		 776 (for-each (match-lambda
777 ((service (ports hosts) ...)
778 (format port "\
6629099a 779HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 780 service)
781 (for-each (lambda (tcp-port host)
782 (format port "\
6331bde7 783HiddenServicePort ~a ~a~%"
4ee96a79
LC		 784 tcp-port host))
785 ports hosts)))
786 '#$(map (match-lambda
787 (($ <hidden-service> name mapping)
788 (cons name mapping)))
789 services))
790
0975ca3f
TGR		 791 (display "\
792### End of automatically generated lines.\n\n" port)
793
4ee96a79
LC		 794 ;; Append the user's config file.
795 (call-with-input-file #$config-file
796 (lambda (input)
797 (dump-port input port)))
798 #t))))))))
6331bde7 799
d4053c71 800(define (tor-shepherd-service config)
5dfd80e1 801 "Return a <shepherd-service> running Tor."
375c6108 802 (match config
6331bde7
LC		 803 (($ <tor-configuration> tor)
804 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 805 (with-imported-modules (source-module-closure
806 '((gnu build shepherd)
807 (gnu system file-systems)))
808 (list (shepherd-service
809 (provision '(tor))
810
811 ;; Tor needs at least one network interface to be up, hence the
812 ;; dependency on 'loopback'.
813 (requirement '(user-processes loopback syslogd))
814
815 (modules '((gnu build shepherd)
816 (gnu system file-systems)))
817
818 (start #~(make-forkexec-constructor/container
819 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
820
821 #:mappings (list (file-system-mapping
822 (source "/var/lib/tor")
823 (target source)
824 (writable? #t))
825 (file-system-mapping
826 (source "/dev/log") ;for syslog
5dfd80e1
CM		 827 (target source))
828 (file-system-mapping
829 (source "/var/run/tor")
830 (target source)
831 (writable? #t)))
832 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 833 (stop #~(make-kill-destructor))
834 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 835
d973915e 836(define (tor-activation config)
5dfd80e1 837 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 838 #~(begin
839 (use-modules (guix build utils))
840
6629099a
LC		 841 (define %user
842 (getpw "tor"))
843
6331bde7 844 (define (initialize service)
6629099a
LC		 845 (let ((directory (string-append "/var/lib/tor/hidden-services/"
846 service)))
6331bde7 847 (mkdir-p directory)
6629099a 848 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 849
850 ;; The daemon bails out if we give wider permissions.
851 (chmod directory #o700)))
852
5dfd80e1
CM		 853 ;; Allow Tor to write its PID file.
854 (mkdir-p "/var/run/tor")
855 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
856 ;; Set the group permissions to rw so that if the system administrator
857 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
858 ;; of the "tor" group will be able to use the SOCKS socket.
859 (chmod "/var/run/tor" #o750)
860
861 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 862 (mkdir-p "/var/lib/tor")
863 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
864 (chmod "/var/lib/tor" #o700)
865
ba9f0db0
LC		 866 ;; Make sure /var/lib is accessible to the 'tor' user.
867 (chmod "/var/lib" #o755)
868
6331bde7
LC		 869 (for-each initialize
870 '#$(map hidden-service-name
871 (tor-configuration-hidden-services config)))))
872
0adfe95a
LC		 873(define tor-service-type
874 (service-type (name 'tor)
875 (extensions
d4053c71
AK		 876 (list (service-extension shepherd-root-service-type
877 tor-shepherd-service)
0adfe95a 878 (service-extension account-service-type
6331bde7
LC		 879 (const %tor-accounts))
880 (service-extension activation-service-type
d973915e 881 tor-activation)))
6331bde7
LC		 882
883 ;; This can be extended with hidden services.
884 (compose concatenate)
885 (extend (lambda (config services)
886 (tor-configuration
887 (inherit config)
888 (hidden-services
889 (append (tor-configuration-hidden-services config)
3d3c5650 890 services)))))
3f0de257
LC		 891 (default-value (tor-configuration))
892 (description
893 "Run the @uref{https://torproject.org, Tor} anonymous
894networking daemon.")))
63854bcb 895
84a2de36
LC		 896(define-deprecated (tor-service #:optional
897 (config-file (plain-file "empty" ""))
898 #:key (tor tor))
899 tor-service-type
375c6108
LC		 900 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
901networking daemon.
927097ef 902
375c6108 903The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 904@var{config-file}, a file-like object, with an additional @code{User tor} line
905and lines for hidden services added via @code{tor-hidden-service}. Run
906@command{man tor} for information about the configuration file."
907 (service tor-service-type
908 (tor-configuration (tor tor)
909 (config-file config-file))))
910
911(define tor-hidden-service-type
912 ;; A type that extends Tor with hidden services.
913 (service-type (name 'tor-hidden-service)
914 (extensions
3f0de257
LC		 915 (list (service-extension tor-service-type list)))
916 (description
917 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 918
919(define (tor-hidden-service name mapping)
920 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
921@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
922
923@example
924 '((22 \"127.0.0.1:22\")
925 (80 \"127.0.0.1:8080\"))
926@end example
927
928In this example, port 22 of the hidden service is mapped to local port 22, and
929port 80 is mapped to local port 8080.
930
6629099a
LC		 931This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
932the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 933service.
934
935See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
936project's documentation} for more information."
937 (service tor-hidden-service-type
938 (hidden-service name mapping)))
0adfe95a
LC		 939
940\f
0adfe95a
LC		 941;;;
942;;; Wicd.
943;;;
944
945(define %wicd-activation
946 ;; Activation gexp for Wicd.
947 #~(begin
948 (use-modules (guix build utils))
949
950 (mkdir-p "/etc/wicd")
951 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
952 (unless (file-exists? file-name)
953 (copy-file (string-append #$wicd file-name)
69323016
LC		 954 file-name)))
955
956 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
957 ;; named socket files.
958 (mkdir-p "/var/run/wpa_supplicant")
959 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 960
d4053c71
AK		 961(define (wicd-shepherd-service wicd)
962 "Return a shepherd service for WICD."
963 (list (shepherd-service
0adfe95a
LC		 964 (documentation "Run the Wicd network manager.")
965 (provision '(networking))
966 (requirement '(user-processes dbus-system loopback))
967 (start #~(make-forkexec-constructor
968 (list (string-append #$wicd "/sbin/wicd")
969 "--no-daemon")))
970 (stop #~(make-kill-destructor)))))
971
972(define wicd-service-type
973 (service-type (name 'wicd)
974 (extensions
d4053c71
AK		 975 (list (service-extension shepherd-root-service-type
976 wicd-shepherd-service)
0adfe95a
LC		 977 (service-extension dbus-root-service-type
978 list)
979 (service-extension activation-service-type
87f40011
LC		 980 (const %wicd-activation))
981
982 ;; Add Wicd to the global profile.
3f0de257
LC		 983 (service-extension profile-service-type list)))
984 (description
985 "Run @url{https://launchpad.net/wicd,Wicd}, a network
986management daemon that aims to simplify wired and wireless networking.")))
4627a464 987
b7d0c494
MW		 988(define* (wicd-service #:key (wicd wicd))
989 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 990management daemon that aims to simplify wired and wireless networking.
991
992This service adds the @var{wicd} package to the global profile, providing
993several commands to interact with the daemon and configure networking:
994@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
995and @command{wicd-curses} user interfaces."
0adfe95a 996 (service wicd-service-type wicd))
b7d0c494 997
7234ad4f 998\f
d94e81db
DM		 999;;;
1000;;; ModemManager
1001;;;
1002
1003(define-record-type* <modem-manager-configuration>
1004 modem-manager-configuration make-modem-manager-configuration
1005 modem-manager-configuration?
1006 (modem-manager modem-manager-configuration-modem-manager
1007 (default modem-manager)))
1008
1009\f
7234ad4f
SB		 1010;;;
1011;;; NetworkManager
1012;;;
1013
b726096b
CB		 1014(define-record-type* <network-manager-configuration>
1015 network-manager-configuration make-network-manager-configuration
1016 network-manager-configuration?
1017 (network-manager network-manager-configuration-network-manager
1018 (default network-manager))
1019 (dns network-manager-configuration-dns
94d2a250 1020 (default "default"))
4e37cf35 1021 (vpn-plugins network-manager-configuration-vpn-plugins ;list of <package>
94d2a250 1022 (default '())))
b726096b 1023
57c16c97
FP		 1024(define network-manager-activation
1025 ;; Activation gexp for NetworkManager
1026 (match-lambda
1027 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1028 #~(begin
1029 (use-modules (guix build utils))
1030 (mkdir-p "/etc/NetworkManager/system-connections")
1031 #$@(if (equal? dns "dnsmasq")
1032 ;; create directory to store dnsmasq lease file
1033 '((mkdir-p "/var/lib/misc"))
1034 '())))))
7234ad4f 1035
94d2a250
LC		 1036(define (vpn-plugin-directory plugins)
1037 "Return a directory containing PLUGINS, the NM VPN plugins."
1038 (directory-union "network-manager-vpn-plugins" plugins))
1039
e52b9534
LC		 1040(define (network-manager-accounts config)
1041 "Return the list of <user-account> and <user-group> for CONFIG."
1042 (define nologin
1043 (file-append shadow "/sbin/nologin"))
1044
1045 (define accounts
1046 (append-map (lambda (package)
1047 (map (lambda (name)
1048 (user-account (system? #t)
1049 (name name)
1050 (group "network-manager")
1051 (comment "NetworkManager helper")
1052 (home-directory "/var/empty")
1053 (create-home-directory? #f)
1054 (shell nologin)))
1055 (or (assoc-ref (package-properties package)
1056 'user-accounts)
1057 '())))
1058 (network-manager-configuration-vpn-plugins config)))
1059
1060 (match accounts
1061 (()
1062 '())
1063 (_
1064 (cons (user-group (name "network-manager") (system? #t))
1065 accounts))))
1066
94d2a250
LC		 1067(define network-manager-environment
1068 (match-lambda
1069 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1070 ;; Define this variable in the global environment such that
1071 ;; "nmcli connection import type openvpn file foo.ovpn" works.
1072 `(("NM_VPN_PLUGIN_DIR"
1073 . ,(file-append (vpn-plugin-directory vpn-plugins)
1074 "/lib/NetworkManager/VPN"))))))
1075
b726096b
CB		 1076(define network-manager-shepherd-service
1077 (match-lambda
94d2a250
LC		 1078 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1079 (let ((conf (plain-file "NetworkManager.conf"
1080 (string-append "[main]\ndns=" dns "\n")))
1081 (vpn (vpn-plugin-directory vpn-plugins)))
1082 (list (shepherd-service
1083 (documentation "Run the NetworkManager.")
1084 (provision '(networking))
1085 (requirement '(user-processes dbus-system wpa-supplicant loopback))
1086 (start #~(make-forkexec-constructor
1087 (list (string-append #$network-manager
1088 "/sbin/NetworkManager")
1089 (string-append "--config=" #$conf)
1090 "--no-daemon")
1091 #:environment-variables
1092 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
4efdede2
JL		 1093 "/lib/NetworkManager/VPN")
1094 ;; Override non-existent default users
1095 "NM_OPENVPN_USER="
1096 "NM_OPENVPN_GROUP=")))
94d2a250 1097 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 1098
1099(define network-manager-service-type
b726096b 1100 (let
40557aea 1101 ((config->packages
b726096b 1102 (match-lambda
40557aea
JL		 1103 (($ <network-manager-configuration> network-manager _ vpn-plugins)
1104 `(,network-manager ,@vpn-plugins)))))
b726096b
CB		 1105
1106 (service-type
1107 (name 'network-manager)
1108 (extensions
1109 (list (service-extension shepherd-root-service-type
1110 network-manager-shepherd-service)
40557aea
JL		 1111 (service-extension dbus-root-service-type config->packages)
1112 (service-extension polkit-service-type
1113 (compose
1114 list
1115 network-manager-configuration-network-manager))
e52b9534
LC		 1116 (service-extension account-service-type
1117 network-manager-accounts)
b726096b 1118 (service-extension activation-service-type
57c16c97 1119 network-manager-activation)
94d2a250
LC		 1120 (service-extension session-environment-service-type
1121 network-manager-environment)
b726096b 1122 ;; Add network-manager to the system profile.
40557aea 1123 (service-extension profile-service-type config->packages)))
3f0de257
LC		 1124 (default-value (network-manager-configuration))
1125 (description
1126 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
1127NetworkManager}, a network management daemon that aims to simplify wired and
1128wireless networking."))))
7234ad4f 1129
76192896
EF		 1130\f
1131;;;
1132;;; Connman
1133;;;
1134
34d60c49
MO		 1135(define-record-type* <connman-configuration>
1136 connman-configuration make-connman-configuration
1137 connman-configuration?
1138 (connman connman-configuration-connman
1139 (default connman))
1140 (disable-vpn? connman-configuration-disable-vpn?
1141 (default #f)))
1142
1143(define (connman-activation config)
1144 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1145 (with-imported-modules '((guix build utils))
1146 #~(begin
1147 (use-modules (guix build utils))
1148 (mkdir-p "/var/lib/connman/")
1149 (unless #$disable-vpn?
1150 (mkdir-p "/var/lib/connman-vpn/"))))))
1151
1152(define (connman-shepherd-service config)
76192896 1153 "Return a shepherd service for Connman"
34d60c49
MO		 1154 (and
1155 (connman-configuration? config)
1156 (let ((connman (connman-configuration-connman config))
1157 (disable-vpn? (connman-configuration-disable-vpn? config)))
1158 (list (shepherd-service
1159 (documentation "Run Connman")
1160 (provision '(networking))
1161 (requirement
1162 '(user-processes dbus-system loopback wpa-supplicant))
1163 (start #~(make-forkexec-constructor
1164 (list (string-append #$connman
1165 "/sbin/connmand")
0ba3a38b
EF		 1166 "--nodaemon"
1167 "--nodnsproxy"
06e5c3af
LC		 1168 #$@(if disable-vpn? '("--noplugin=vpn") '()))
1169
1170 ;; As connman(8) notes, when passing '-n', connman
1171 ;; "directs log output to the controlling terminal in
1172 ;; addition to syslog." Redirect stdout and stderr
1173 ;; to avoid spamming the console (XXX: for some reason
1174 ;; redirecting to /dev/null doesn't work.)
1175 #:log-file "/var/log/connman.log"))
34d60c49 1176 (stop #~(make-kill-destructor)))))))
76192896
EF		 1177
1178(define connman-service-type
34d60c49
MO		 1179 (let ((connman-package (compose list connman-configuration-connman)))
1180 (service-type (name 'connman)
1181 (extensions
1182 (list (service-extension shepherd-root-service-type
1183 connman-shepherd-service)
d8ac7987
EF		 1184 (service-extension polkit-service-type
1185 connman-package)
34d60c49
MO		 1186 (service-extension dbus-root-service-type
1187 connman-package)
1188 (service-extension activation-service-type
1189 connman-activation)
1190 ;; Add connman to the system profile.
1191 (service-extension profile-service-type
3f0de257 1192 connman-package)))
9b0e5146 1193 (default-value (connman-configuration))
3f0de257
LC		 1194 (description
1195 "Run @url{https://01.org/connman,Connman},
1196a network connection manager."))))
2cccbc2a
 1197
1198\f
d94e81db
DM		 1199;;;
1200;;; Modem manager
1201;;;
1202
1203(define modem-manager-service-type
1204 (let ((config->package
1205 (match-lambda
1206 (($ <modem-manager-configuration> modem-manager)
1207 (list modem-manager)))))
1208 (service-type (name 'modem-manager)
1209 (extensions
1210 (list (service-extension dbus-root-service-type
1211 config->package)
1212 (service-extension udev-service-type
1213 config->package)
1214 (service-extension polkit-service-type
1215 config->package)))
1216 (default-value (modem-manager-configuration))
1217 (description
1218 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1219ModemManager}, a modem management daemon that aims to simplify dialup
1220networking."))))
1221
1222\f
f5be5104
FP		 1223;;;
1224;;; USB_ModeSwitch
1225;;;
1226
1227(define-record-type* <usb-modeswitch-configuration>
1228 usb-modeswitch-configuration make-usb-modeswitch-configuration
1229 usb-modeswitch-configuration?
1230 (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch
1231 (default usb-modeswitch))
1232 (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data
1233 (default usb-modeswitch-data))
1234 (config-file usb-modeswitch-configuration-config-file
1235 (default #~(string-append #$usb-modeswitch:dispatcher
1236 "/etc/usb_modeswitch.conf"))))
1237
1238(define (usb-modeswitch-sh usb-modeswitch config-file)
1239 "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH,
1240modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher,
1241and wrap it to actually find the dispatcher in USB-MODESWITCH. The script
1242will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB
1243device is detected."
1244 (computed-file
1245 "usb_modeswitch-sh"
1246 (with-imported-modules '((guix build utils))
1247 #~(begin
1248 (use-modules (guix build utils))
1249 (let ((cfg-param
1250 #$(if config-file
1251 #~(string-append " --config-file=" #$config-file)
1252 "")))
1253 (mkdir #$output)
1254 (install-file (string-append #$usb-modeswitch:dispatcher
1255 "/lib/udev/usb_modeswitch")
1256 #$output)
1257
1258 ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines
1259 (substitute* (string-append #$output "/usb_modeswitch")
1260 (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right)
1261 (string-append left cfg-param right))
1262 (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right)
1263 (string-append left cfg-param right)))
1264
1265 ;; wrap-program needs bash in PATH:
1266 (putenv (string-append "PATH=" #$bash "/bin"))
1267 (wrap-program (string-append #$output "/usb_modeswitch")
1268 `("PATH" ":" = (,(string-append #$coreutils "/bin")
1269 ,(string-append
1270 #$usb-modeswitch:dispatcher
1271 "/bin")))))))))
1272
1273(define (usb-modeswitch-configuration->udev-rules config)
1274 "Build a rules file for extending udev-service-type from the rules in the
1275usb-modeswitch package specified in CONFIG. The rules file will invoke
1276usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right
1277config file."
1278 (match config
1279 (($ <usb-modeswitch-configuration> usb-modeswitch data config-file)
1280 (computed-file
1281 "usb_modeswitch.rules"
1282 (with-imported-modules '((guix build utils))
1283 #~(begin
1284 (use-modules (guix build utils))
1285 (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules"))
1286 (out (string-append #$output "/lib/udev/rules.d"))
1287 (script #$(usb-modeswitch-sh usb-modeswitch config-file)))
1288 (mkdir-p out)
1289 (chdir out)
1290 (install-file in out)
1291 (substitute* "40-usb_modeswitch.rules"
1292 (("PROGRAM=\"usb_modeswitch")
1293 (string-append "PROGRAM=\"" script "/usb_modeswitch"))
1294 (("RUN\\+=\"usb_modeswitch")
1295 (string-append "RUN+=\"" script "/usb_modeswitch"))))))))))
1296
1297(define usb-modeswitch-service-type
1298 (service-type
1299 (name 'usb-modeswitch)
1300 (extensions
1301 (list
1302 (service-extension
1303 udev-service-type
1304 (lambda (config)
1305 (let ((rules (usb-modeswitch-configuration->udev-rules config)))
1306 (list rules))))))
1307 (default-value (usb-modeswitch-configuration))
1308 (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/,
1309USB_ModeSwitch}, a mode switching tool for controlling USB devices with
1310multiple @dfn{modes}. When plugged in for the first time many USB
1311devices (primarily high-speed WAN modems) act like a flash storage containing
1312installers for Windows drivers. USB_ModeSwitch replays the sequence the
1313Windows drivers would send to switch their mode from storage to modem (or
1314whatever the thing is supposed to do).")))
1315
1316\f
2cccbc2a
 1317;;;
1318;;; WPA supplicant
1319;;;
1320
acce0a47
MB		 1321(define-record-type* <wpa-supplicant-configuration>
1322 wpa-supplicant-configuration make-wpa-supplicant-configuration
1323 wpa-supplicant-configuration?
1324 (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
1325 (default wpa-supplicant))
4d060767
MB		 1326 (requirement wpa-supplicant-configuration-requirement ;list of symbols
1327 (default '(user-processes dbus-system loopback syslogd)))
acce0a47
MB		 1328 (pid-file wpa-supplicant-configuration-pid-file ;string
1329 (default "/var/run/wpa_supplicant.pid"))
1330 (dbus? wpa-supplicant-configuration-dbus? ;Boolean
1331 (default #t))
1332 (interface wpa-supplicant-configuration-interface ;#f | string
1333 (default #f))
1334 (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
1335 (default #f))
1336 (extra-options wpa-supplicant-configuration-extra-options ;list of strings
1337 (default '())))
1338
1339(define wpa-supplicant-shepherd-service
1340 (match-lambda
4d060767
MB		 1341 (($ <wpa-supplicant-configuration> wpa-supplicant requirement pid-file dbus?
1342 interface config-file extra-options)
acce0a47
MB		 1343 (list (shepherd-service
1344 (documentation "Run the WPA supplicant daemon")
1345 (provision '(wpa-supplicant))
4d060767 1346 (requirement requirement)
acce0a47
MB		 1347 (start #~(make-forkexec-constructor
1348 (list (string-append #$wpa-supplicant
1349 "/sbin/wpa_supplicant")
1350 (string-append "-P" #$pid-file)
1351 "-B" ;run in background
177bc62d 1352 "-s" ;log to syslogd
acce0a47
MB		 1353 #$@(if dbus?
1354 #~("-u")
1355 #~())
1356 #$@(if interface
3d472b5e 1357 #~((string-append "-i" #$interface))
acce0a47
MB		 1358 #~())
1359 #$@(if config-file
3d472b5e 1360 #~((string-append "-c" #$config-file))
acce0a47
MB		 1361 #~())
1362 #$@extra-options)
1363 #:pid-file #$pid-file))
1364 (stop #~(make-kill-destructor)))))))
2cccbc2a
 1365
1366(define wpa-supplicant-service-type
acce0a47
MB		 1367 (let ((config->package
1368 (match-lambda
1369 (($ <wpa-supplicant-configuration> wpa-supplicant)
1370 (list wpa-supplicant)))))
1371 (service-type (name 'wpa-supplicant)
1372 (extensions
1373 (list (service-extension shepherd-root-service-type
1374 wpa-supplicant-shepherd-service)
1375 (service-extension dbus-root-service-type config->package)
1376 (service-extension profile-service-type config->package)))
1377 (description "Run the WPA Supplicant daemon, a service that
1378implements authentication, key negotiation and more for wireless networks.")
1379 (default-value (wpa-supplicant-configuration)))))
2cccbc2a 1380
c32d02fe 1381\f
a03943ec
LC		 1382;;;
1383;;; Hostapd.
1384;;;
1385
1386(define-record-type* <hostapd-configuration>
1387 hostapd-configuration make-hostapd-configuration
1388 hostapd-configuration?
1389 (package hostapd-configuration-package
1390 (default hostapd))
1391 (interface hostapd-configuration-interface ;string
1392 (default "wlan0"))
1393 (ssid hostapd-configuration-ssid) ;string
1394 (broadcast-ssid? hostapd-configuration-broadcast-ssid? ;Boolean
1395 (default #t))
1396 (channel hostapd-configuration-channel ;integer
1397 (default 1))
1398 (driver hostapd-configuration-driver ;string
1399 (default "nl80211"))
1400 ;; See <https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf> for a list of
1401 ;; additional options we could add.
1402 (extra-settings hostapd-configuration-extra-settings ;string
1403 (default "")))
1404
1405(define (hostapd-configuration-file config)
1406 "Return the configuration file for CONFIG, a <hostapd-configuration>."
1407 (match-record config <hostapd-configuration>
1408 (interface ssid broadcast-ssid? channel driver extra-settings)
1409 (plain-file "hostapd.conf"
1410 (string-append "\
1411# Generated from your Guix configuration.
1412
1413interface=" interface "
1414ssid=" ssid "
1415ignore_broadcast_ssid=" (if broadcast-ssid? "0" "1") "
1416channel=" (number->string channel) "\n"
1417extra-settings "\n"))))
1418
1419(define* (hostapd-shepherd-services config #:key (requirement '()))
1420 "Return Shepherd services for hostapd."
1421 (list (shepherd-service
1422 (provision '(hostapd))
1423 (requirement `(user-processes ,@requirement))
1424 (documentation "Run the hostapd WiFi access point daemon.")
1425 (start #~(make-forkexec-constructor
1426 (list #$(file-append hostapd "/sbin/hostapd")
1427 #$(hostapd-configuration-file config))
1428 #:log-file "/var/log/hostapd.log"))
1429 (stop #~(make-kill-destructor)))))
1430
1431(define hostapd-service-type
1432 (service-type
1433 (name 'hostapd)
1434 (extensions
1435 (list (service-extension shepherd-root-service-type
1436 hostapd-shepherd-services)))
1437 (description
1438 "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access
1439points and authentication servers.")))
1440
5e7076f2
LC		 1441(define (simulated-wifi-shepherd-services config)
1442 "Return Shepherd services to run hostapd with CONFIG, a
1443<hostapd-configuration>, as well as services to set up WiFi hardware
1444simulation."
1445 (append (hostapd-shepherd-services config
1446 #:requirement
1447 '(unblocked-wifi
ef20acae 1448 kernel-module-loader))
5e7076f2
LC		 1449 (list (shepherd-service
1450 (provision '(unblocked-wifi))
ef20acae 1451 (requirement '(file-systems kernel-module-loader))
5e7076f2
LC		 1452 (documentation
1453 "Unblock WiFi devices for use by mac80211_hwsim.")
1454 (start #~(lambda _
1455 (invoke #$(file-append util-linux "/sbin/rfkill")
1456 "unblock" "0")
1457 (invoke #$(file-append util-linux "/sbin/rfkill")
1458 "unblock" "1")))
5e7076f2
LC		 1459 (one-shot? #t)))))
1460
1461(define simulated-wifi-service-type
1462 (service-type
1463 (name 'simulated-wifi)
1464 (extensions
1465 (list (service-extension shepherd-root-service-type
ef20acae
BW		 1466 simulated-wifi-shepherd-services)
1467 (service-extension kernel-module-loader-service-type
1468 (const '("mac80211_hwsim")))))
5e7076f2
LC		 1469 (default-value (hostapd-configuration
1470 (interface "wlan1")
1471 (ssid "Test Network")))
1472 (description "Run hostapd to simulate WiFi connectivity.")))
1473
a03943ec 1474\f
c32d02fe
SB		 1475;;;
1476;;; Open vSwitch
1477;;;
1478
1479(define-record-type* <openvswitch-configuration>
1480 openvswitch-configuration make-openvswitch-configuration
1481 openvswitch-configuration?
1482 (package openvswitch-configuration-package
1483 (default openvswitch)))
1484
1485(define openvswitch-activation
1486 (match-lambda
1487 (($ <openvswitch-configuration> package)
1488 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1489 (with-imported-modules '((guix build utils))
1490 #~(begin
1491 (use-modules (guix build utils))
1492 (mkdir-p "/var/run/openvswitch")
1493 (mkdir-p "/var/lib/openvswitch")
1494 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1495 (unless (file-exists? conf.db)
1496 (system* #$ovsdb-tool "create" conf.db)))))))))
1497
1498(define openvswitch-shepherd-service
1499 (match-lambda
1500 (($ <openvswitch-configuration> package)
1501 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1502 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1503 (list
1504 (shepherd-service
1505 (provision '(ovsdb))
1506 (documentation "Run the Open vSwitch database server.")
1507 (start #~(make-forkexec-constructor
1508 (list #$ovsdb-server "--pidfile"
1509 "--remote=punix:/var/run/openvswitch/db.sock")
1510 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1511 (stop #~(make-kill-destructor)))
1512 (shepherd-service
1513 (provision '(vswitchd))
1514 (requirement '(ovsdb))
1515 (documentation "Run the Open vSwitch daemon.")
1516 (start #~(make-forkexec-constructor
1517 (list #$ovs-vswitchd "--pidfile")
1518 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1519 (stop #~(make-kill-destructor))))))))
1520
1521(define openvswitch-service-type
1522 (service-type
1523 (name 'openvswitch)
1524 (extensions
1525 (list (service-extension activation-service-type
1526 openvswitch-activation)
1527 (service-extension profile-service-type
1528 (compose list openvswitch-configuration-package))
1529 (service-extension shepherd-root-service-type
3f0de257
LC		 1530 openvswitch-shepherd-service)))
1531 (description
1532 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1533switch designed to enable massive network automation through programmatic
e73ded3c
MB		 1534extension.")
1535 (default-value (openvswitch-configuration))))
c32d02fe 1536
9926b8f8
AI		 1537;;;
1538;;; iptables
1539;;;
1540
1541(define %iptables-accept-all-rules
1542 (plain-file "iptables-accept-all.rules"
1543 "*filter
1544:INPUT ACCEPT
1545:FORWARD ACCEPT
1546:OUTPUT ACCEPT
1547COMMIT
1548"))
1549
1550(define-record-type* <iptables-configuration>
1551 iptables-configuration make-iptables-configuration iptables-configuration?
1552 (iptables iptables-configuration-iptables
1553 (default iptables))
1554 (ipv4-rules iptables-configuration-ipv4-rules
1555 (default %iptables-accept-all-rules))
1556 (ipv6-rules iptables-configuration-ipv6-rules
1557 (default %iptables-accept-all-rules)))
1558
1559(define iptables-shepherd-service
1560 (match-lambda
1561 (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
1562 (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
1563 (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
1564 (shepherd-service
1565 (documentation "Packet filtering framework")
1566 (provision '(iptables))
1567 (start #~(lambda _
1568 (invoke #$iptables-restore #$ipv4-rules)
1569 (invoke #$ip6tables-restore #$ipv6-rules)))
1570 (stop #~(lambda _
1571 (invoke #$iptables-restore #$%iptables-accept-all-rules)
1572 (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
1573
1574(define iptables-service-type
1575 (service-type
1576 (name 'iptables)
1577 (description
1578 "Run @command{iptables-restore}, setting up the specified rules.")
1579 (extensions
1580 (list (service-extension shepherd-root-service-type
1581 (compose list iptables-shepherd-service))))))
1582
3c4f5ad7
SB		 1583;;;
1584;;; nftables
1585;;;
1586
1587(define %default-nftables-ruleset
1588 (plain-file "nftables.conf"
1589 "# A simple and safe firewall
1590table inet filter {
1591 chain input {
1592 type filter hook input priority 0; policy drop;
1593
1594 # early drop of invalid connections
1595 ct state invalid drop
1596
1597 # allow established/related connections
1598 ct state { established, related } accept
1599
1600 # allow from loopback
1601 iifname lo accept
1602
1603 # allow icmp
1604 ip protocol icmp accept
1605 ip6 nexthdr icmpv6 accept
1606
1607 # allow ssh
1608 tcp dport ssh accept
1609
1610 # reject everything else
1611 reject with icmpx type port-unreachable
1612 }
1613 chain forward {
1614 type filter hook forward priority 0; policy drop;
1615 }
1616 chain output {
1617 type filter hook output priority 0; policy accept;
1618 }
1619}
1620"))
1621
1622(define-record-type* <nftables-configuration>
1623 nftables-configuration
1624 make-nftables-configuration
1625 nftables-configuration?
1626 (package nftables-configuration-package
1627 (default nftables))
1628 (ruleset nftables-configuration-ruleset ; file-like object
1629 (default %default-nftables-ruleset)))
1630
1631(define nftables-shepherd-service
1632 (match-lambda
1633 (($ <nftables-configuration> package ruleset)
1634 (let ((nft (file-append package "/sbin/nft")))
1635 (shepherd-service
1636 (documentation "Packet filtering and classification")
1637 (provision '(nftables))
1638 (start #~(lambda _
1639 (invoke #$nft "--file" #$ruleset)))
1640 (stop #~(lambda _
1641 (invoke #$nft "flush" "ruleset"))))))))
1642
1643(define nftables-service-type
1644 (service-type
1645 (name 'nftables)
1646 (description
1647 "Run @command{nft}, setting up the specified ruleset.")
1648 (extensions
1649 (list (service-extension shepherd-root-service-type
1650 (compose list nftables-shepherd-service))
1651 (service-extension profile-service-type
1652 (compose list nftables-configuration-package))))
1653 (default-value (nftables-configuration))))
1654
a2161c86
AG		 1655\f
1656;;;
1657;;; PageKite
1658;;;
1659
1660(define-record-type* <pagekite-configuration>
1661 pagekite-configuration
1662 make-pagekite-configuration
1663 pagekite-configuration?
1664 (package pagekite-configuration-package
1665 (default pagekite))
1666 (kitename pagekite-configuration-kitename
1667 (default #f))
1668 (kitesecret pagekite-configuration-kitesecret
1669 (default #f))
1670 (frontend pagekite-configuration-frontend
1671 (default #f))
1672 (kites pagekite-configuration-kites
1673 (default '("http:@kitename:localhost:80:@kitesecret")))
1674 (extra-file pagekite-configuration-extra-file
1675 (default #f)))
1676
1677(define (pagekite-configuration-file config)
1678 (match-record config <pagekite-configuration>
1679 (package kitename kitesecret frontend kites extra-file)
1680 (mixed-text-file "pagekite.rc"
1681 (if extra-file
1682 (string-append "optfile = " extra-file "\n")
1683 "")
1684 (if kitename
1685 (string-append "kitename = " kitename "\n")
1686 "")
1687 (if kitesecret
1688 (string-append "kitesecret = " kitesecret "\n")
1689 "")
1690 (if frontend
1691 (string-append "frontend = " frontend "\n")
1692 "defaults\n")
1693 (string-join (map (lambda (kite)
1694 (string-append "service_on = " kite))
1695 kites)
1696 "\n"
1697 'suffix))))
1698
1699(define (pagekite-shepherd-service config)
1700 (match-record config <pagekite-configuration>
1701 (package kitename kitesecret frontend kites extra-file)
1702 (with-imported-modules (source-module-closure
1703 '((gnu build shepherd)
1704 (gnu system file-systems)))
1705 (shepherd-service
1706 (documentation "Run the PageKite service.")
1707 (provision '(pagekite))
1708 (requirement '(networking))
1709 (modules '((gnu build shepherd)
1710 (gnu system file-systems)))
1711 (start #~(make-forkexec-constructor/container
1712 (list #$(file-append package "/bin/pagekite")
1713 "--clean"
1714 "--nullui"
1715 "--nocrashreport"
1716 "--runas=pagekite:pagekite"
1717 (string-append "--optfile="
1718 #$(pagekite-configuration-file config)))
1719 #:log-file "/var/log/pagekite.log"
1720 #:mappings #$(if extra-file
1721 #~(list (file-system-mapping
1722 (source #$extra-file)
1723 (target source)))
1724 #~'())))
1725 ;; SIGTERM doesn't always work for some reason.
1726 (stop #~(make-kill-destructor SIGINT))))))
1727
1728(define %pagekite-accounts
1729 (list (user-group (name "pagekite") (system? #t))
1730 (user-account
1731 (name "pagekite")
1732 (group "pagekite")
1733 (system? #t)
1734 (comment "PageKite user")
1735 (home-directory "/var/empty")
1736 (shell (file-append shadow "/sbin/nologin")))))
1737
1738(define pagekite-service-type
1739 (service-type
1740 (name 'pagekite)
1741 (default-value (pagekite-configuration))
1742 (extensions
1743 (list (service-extension shepherd-root-service-type
1744 (compose list pagekite-shepherd-service))
1745 (service-extension account-service-type
1746 (const %pagekite-accounts))))
1747 (description
1748 "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
1749local servers publicly accessible on the web, even behind NATs and firewalls.")))
1750
db4fdc04 1751;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/