[jackhill/guix/guix.git] / gnu / services / networking.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu services networking)
  #:use-module (gnu services)
  #:use-module (gnu services dmd)
  #:use-module (gnu services dbus)
  #:use-module (gnu system shadow)
  #:use-module (gnu system pam)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages tor)
  #:use-module (gnu packages messaging)
  #:use-module (gnu packages ntp)
  #:use-module (gnu packages wicd)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (srfi srfi-26)
  #:use-module (ice-9 match)
  #:export (%facebook-host-aliases
            static-networking-service
            dhcp-client-service
            %ntp-servers
            ntp-service
            tor-service
            bitlbee-service
            wicd-service))

;;; Commentary:
;;;
;;; Networking services.
;;;
;;; Code:

(define %facebook-host-aliases
  ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
  ;; are to block it.
  "\
# Block Facebook IPv4.
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
127.0.0.1   www.login.facebook.com
127.0.0.1   fbcdn.net
127.0.0.1   www.fbcdn.net
127.0.0.1   fbcdn.com
127.0.0.1   www.fbcdn.com
127.0.0.1   static.ak.fbcdn.net
127.0.0.1   static.ak.connect.facebook.com
127.0.0.1   connect.facebook.net
127.0.0.1   www.connect.facebook.net
127.0.0.1   apps.facebook.com

# Block Facebook IPv6.
fe80::1%lo0 facebook.com
fe80::1%lo0 login.facebook.com
fe80::1%lo0 www.login.facebook.com
fe80::1%lo0 fbcdn.net
fe80::1%lo0 www.fbcdn.net
fe80::1%lo0 fbcdn.com
fe80::1%lo0 www.fbcdn.com
fe80::1%lo0 static.ak.fbcdn.net
fe80::1%lo0 static.ak.connect.facebook.com
fe80::1%lo0 connect.facebook.net
fe80::1%lo0 www.connect.facebook.net
fe80::1%lo0 apps.facebook.com\n")


(define-record-type* <static-networking>
  static-networking make-static-networking
  static-networking?
  (interface static-networking-interface)
  (ip static-networking-ip)
  (gateway static-networking-gateway)
  (provision static-networking-provision)
  (name-servers static-networking-name-servers)
  (net-tools static-networking-net-tools))

(define static-networking-service-type
  (dmd-service-type
   'static-networking
   (match-lambda
     (($ <static-networking> interface ip gateway provision
                             name-servers net-tools)
      (let ((loopback? (memq 'loopback provision)))

        ;; TODO: Eventually replace 'route' with bindings for the appropriate
        ;; ioctls.
        (dmd-service

         ;; Unless we're providing the loopback interface, wait for udev to be up
         ;; and running so that INTERFACE is actually usable.
         (requirement (if loopback? '() '(udev)))

         (documentation
          "Bring up the networking interface using a static IP address.")
         (provision provision)
         (start #~(lambda _
                    ;; Return #t if successfully started.
                    (let* ((addr     (inet-pton AF_INET #$ip))
                           (sockaddr (make-socket-address AF_INET addr 0)))
                      (configure-network-interface #$interface sockaddr
                                                   (logior IFF_UP
                                                           #$(if loopback?
                                                                 #~IFF_LOOPBACK
                                                                 0))))
                    #$(if gateway
                          #~(zero? (system* (string-append #$net-tools
                                                           "/sbin/route")
                                            "add" "-net" "default"
                                            "gw" #$gateway))
                          #t)
                    #$(if (pair? name-servers)
                          #~(call-with-output-file "/etc/resolv.conf"
                              (lambda (port)
                                (display
                                 "# Generated by 'static-networking-service'.\n"
                                 port)
                                (for-each (lambda (server)
                                            (format port "nameserver ~a~%"
                                                    server))
                                          '#$name-servers)))
                          #t)))
         (stop #~(lambda _
                   ;; Return #f is successfully stopped.
                   (let ((sock (socket AF_INET SOCK_STREAM 0)))
                     (set-network-interface-flags sock #$interface 0)
                     (close-port sock))
                   (not #$(if gateway
                              #~(system* (string-append #$net-tools
                                                        "/sbin/route")
                                         "del" "-net" "default")
                              #t))))
         (respawn? #f)))))))

(define* (static-networking-service interface ip
                                    #:key
                                    gateway
                                    (provision '(networking))
                                    (name-servers '())
                                    (net-tools net-tools))
  "Return a service that starts @var{interface} with address @var{ip}.  If
@var{gateway} is true, it must be a string specifying the default network
gateway."
  (service static-networking-service-type
           (static-networking (interface interface) (ip ip)
                              (gateway gateway)
                              (provision provision)
                              (name-servers name-servers)
                              (net-tools net-tools))))

(define dhcp-client-service-type
  (dmd-service-type
   'dhcp-client
   (lambda (dhcp)
     (define dhclient
       #~(string-append #$dhcp "/sbin/dhclient"))

     (define pid-file
       "/var/run/dhclient.pid")

     (dmd-service
      (documentation "Set up networking via DHCP.")
      (requirement '(user-processes udev))

      ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
      ;; networking is unavailable, but also means that the interface is not up
      ;; yet when 'start' completes.  To wait for the interface to be ready, one
      ;; should instead monitor udev events.
      (provision '(networking))

      (start #~(lambda _
                 ;; When invoked without any arguments, 'dhclient' discovers all
                 ;; non-loopback interfaces *that are up*.  However, the relevant
                 ;; interfaces are typically down at this point.  Thus we perform
                 ;; our own interface discovery here.
                 (define valid?
                   (negate loopback-network-interface?))
                 (define ifaces
                   (filter valid? (all-network-interface-names)))

                 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
                 ;; actually send/receive over them.
                 (for-each set-network-interface-up ifaces)

                 (false-if-exception (delete-file #$pid-file))
                 (let ((pid (fork+exec-command
                             (cons* #$dhclient "-nw"
                                    "-pf" #$pid-file ifaces))))
                   (and (zero? (cdr (waitpid pid)))
                        (let loop ()
                          (catch 'system-error
                            (lambda ()
                              (call-with-input-file #$pid-file read))
                            (lambda args
                              ;; 'dhclient' returned before PID-FILE was created,
                              ;; so try again.
                              (let ((errno (system-error-errno args)))
                                (if (= ENOENT errno)
                                    (begin
                                      (sleep 1)
                                      (loop))
                                    (apply throw args))))))))))
      (stop #~(make-kill-destructor))))))

(define* (dhcp-client-service #:key (dhcp isc-dhcp))
  "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
Protocol (DHCP) client, on all the non-loopback network interfaces."
  (service dhcp-client-service-type dhcp))

(define %ntp-servers
  ;; Default set of NTP servers.
  '("0.pool.ntp.org"
    "1.pool.ntp.org"
    "2.pool.ntp.org"))

\f
;;;
;;; NTP.
;;;

;; TODO: Export.
(define-record-type* <ntp-configuration>
  ntp-configuration make-ntp-configuration
  ntp-configuration?
  (ntp      ntp-configuration-ntp
            (default ntp))
  (servers  ntp-configuration-servers))

(define ntp-dmd-service
  (match-lambda
    (($ <ntp-configuration> ntp servers)
     (let ()
       ;; TODO: Add authentication support.
       (define config
         (string-append "driftfile /var/run/ntp.drift\n"
                        (string-join (map (cut string-append "server " <>)
                                          servers)
                                     "\n")
                        "
# Disable status queries as a workaround for CVE-2013-5211:
# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Yet, allow use of the local 'ntpq'.
restrict 127.0.0.1
restrict -6 ::1\n"))

       (define ntpd.conf
         (plain-file "ntpd.conf" config))

       (list (dmd-service
              (provision '(ntpd))
              (documentation "Run the Network Time Protocol (NTP) daemon.")
              (requirement '(user-processes networking))
              (start #~(make-forkexec-constructor
                        (list (string-append #$ntp "/bin/ntpd") "-n"
                              "-c" #$ntpd.conf "-u" "ntpd")))
              (stop #~(make-kill-destructor))))))))

(define %ntp-accounts
  (list (user-account
         (name "ntpd")
         (group "nogroup")
         (system? #t)
         (comment "NTP daemon user")
         (home-directory "/var/empty")
         (shell #~(string-append #$shadow "/sbin/nologin")))))

(define ntp-service-type
  (service-type (name 'ntp)
                (extensions
                 (list (service-extension dmd-root-service-type
                                          ntp-dmd-service)
                       (service-extension account-service-type
                                          (const %ntp-accounts))))))

(define* (ntp-service #:key (ntp ntp)
                      (servers %ntp-servers))
  "Return a service that runs the daemon from @var{ntp}, the
@uref{http://www.ntp.org, Network Time Protocol package}.  The daemon will
keep the system clock synchronized with that of @var{servers}."
  (service ntp-service-type
           (ntp-configuration (ntp ntp) (servers servers))))

\f
;;;
;;; Tor.
;;;

(define %tor-accounts
  ;; User account and groups for Tor.
  (list (user-group (name "tor") (system? #t))
        (user-account
         (name "tor")
         (group "tor")
         (system? #t)
         (comment "Tor daemon user")
         (home-directory "/var/empty")
         (shell #~(string-append #$shadow "/sbin/nologin")))))

(define (tor-dmd-service config)
  "Return a <dmd-service> running TOR."
  (match config
    ((tor config-file)
     (let ((torrc (computed-file "torrc"
                                 #~(begin
                                     (use-modules (guix build utils))
                                     (call-with-output-file #$output
                                       (lambda (port)
                                         (display "\
User tor  # automatically added\n" port)
                                         (call-with-input-file #$config-file
                                           (lambda (input)
                                             (dump-port input port)))
                                         #t)))
                                 #:modules '((guix build utils)))))
       (list (dmd-service
              (provision '(tor))

              ;; Tor needs at least one network interface to be up, hence the
              ;; dependency on 'loopback'.
              (requirement '(user-processes loopback))

              (start #~(make-forkexec-constructor
                        (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
              (stop #~(make-kill-destructor))
              (documentation "Run the Tor anonymous network overlay.")))))))

(define tor-service-type
  (service-type (name 'tor)
                (extensions
                 (list (service-extension dmd-root-service-type
                                          tor-dmd-service)
                       (service-extension account-service-type
                                          (const %tor-accounts))))))

(define* (tor-service #:optional
                      (config-file (plain-file "empty" ""))
                      #:key (tor tor))
  "Return a service to run the @uref{https://torproject.org, Tor} anonymous
networking daemon.

The daemon runs as the @code{tor} unprivileged user.  It is passed
@var{config-file}, a file-like object, with an additional @code{User tor}
line.  Run @command{man tor} for information about the configuration file."
  (service tor-service-type (list tor config-file)))

\f
;;;
;;; BitlBee.
;;;

(define-record-type* <bitlbee-configuration>
  bitlbee-configuration make-bitlbee-configuration
  bitlbee-configuration?
  (bitlbee bitlbee-configuration-bitlbee
           (default bitlbee))
  (interface bitlbee-configuration-interface)
  (port bitlbee-configuration-port)
  (extra-settings bitlbee-configuration-extra-settings))

(define bitlbee-dmd-service
  (match-lambda
    (($ <bitlbee-configuration> bitlbee interface port extra-settings)
     (let ((conf (plain-file "bitlbee.conf"
                             (string-append "
  [settings]
  User = bitlbee
  ConfigDir = /var/lib/bitlbee
  DaemonInterface = " interface "
  DaemonPort = " (number->string port) "
" extra-settings))))

       (list (dmd-service
              (provision '(bitlbee))
              (requirement '(user-processes loopback))
              (start #~(make-forkexec-constructor
                        (list (string-append #$bitlbee "/sbin/bitlbee")
                              "-n" "-F" "-u" "bitlbee" "-c" #$conf)))
              (stop  #~(make-kill-destructor))))))))

(define %bitlbee-accounts
  ;; User group and account to run BitlBee.
  (list (user-group (name "bitlbee") (system? #t))
        (user-account
         (name "bitlbee")
         (group "bitlbee")
         (system? #t)
         (comment "BitlBee daemon user")
         (home-directory "/var/empty")
         (shell #~(string-append #$shadow "/sbin/nologin")))))

(define %bitlbee-activation
  ;; Activation gexp for BitlBee.
  #~(begin
      (use-modules (guix build utils))

      ;; This directory is used to store OTR data.
      (mkdir-p "/var/lib/bitlbee")
      (let ((user (getpwnam "bitlbee")))
        (chown "/var/lib/bitlbee"
               (passwd:uid user) (passwd:gid user)))))

(define bitlbee-service-type
  (service-type (name 'bitlbee)
                (extensions
                 (list (service-extension dmd-root-service-type
                                          bitlbee-dmd-service)
                       (service-extension account-service-type
                                          (const %bitlbee-accounts))
                       (service-extension activation-service-type
                                          (const %bitlbee-activation))))))

(define* (bitlbee-service #:key (bitlbee bitlbee)
                          (interface "127.0.0.1") (port 6667)
                          (extra-settings ""))
  "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
acts as a gateway between IRC and chat networks.

The daemon will listen to the interface corresponding to the IP address
specified in @var{interface}, on @var{port}.  @code{127.0.0.1} means that only
local clients can connect, whereas @code{0.0.0.0} means that connections can
come from any networking interface.

In addition, @var{extra-settings} specifies a string to append to the
configuration file."
  (service bitlbee-service-type
           (bitlbee-configuration
            (bitlbee bitlbee)
            (interface interface) (port port)
            (extra-settings extra-settings))))

\f
;;;
;;; Wicd.
;;;

(define %wicd-activation
  ;; Activation gexp for Wicd.
  #~(begin
      (use-modules (guix build utils))

      (mkdir-p "/etc/wicd")
      (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
        (unless (file-exists? file-name)
          (copy-file (string-append #$wicd file-name)
                     file-name)))))

(define (wicd-dmd-service wicd)
  "Return a dmd service for WICD."
  (list (dmd-service
         (documentation "Run the Wicd network manager.")
         (provision '(networking))
         (requirement '(user-processes dbus-system loopback))
         (start #~(make-forkexec-constructor
                   (list (string-append #$wicd "/sbin/wicd")
                         "--no-daemon")))
         (stop #~(make-kill-destructor)))))

(define wicd-service-type
  (service-type (name 'wicd)
                (extensions
                 (list (service-extension dmd-root-service-type
                                          wicd-dmd-service)
                       (service-extension dbus-root-service-type
                                          list)
                       (service-extension activation-service-type
                                          (const %wicd-activation))

                       ;; Add Wicd to the global profile.
                       (service-extension profile-service-type list)))))

(define* (wicd-service #:key (wicd wicd))
  "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
management daemon that aims to simplify wired and wireless networking.

This service adds the @var{wicd} package to the global profile, providing
several commands to interact with the daemon and configure networking:
@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
and @command{wicd-curses} user interfaces."
  (service wicd-service-type wicd))

;;; networking.scm ends here
Commit	Line	Data
db4fdc04	1	;;; GNU Guix --- Functional package management for GNU
e87f0591	2	;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
b7d0c494	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
db4fdc04 LC	4	;;;
	5	;;; This file is part of GNU Guix.
	6	;;;
	7	;;; GNU Guix is free software; you can redistribute it and/or modify it
	8	;;; under the terms of the GNU General Public License as published by
	9	;;; the Free Software Foundation; either version 3 of the License, or (at
	10	;;; your option) any later version.
	11	;;;
	12	;;; GNU Guix is distributed in the hope that it will be useful, but
	13	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	14	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	;;; GNU General Public License for more details.
	16	;;;
	17	;;; You should have received a copy of the GNU General Public License
	18	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	19
	20	(define-module (gnu services networking)
	21	#:use-module (gnu services)
0adfe95a LC	22	#:use-module (gnu services dmd)
0adfe95a LC	23	#:use-module (gnu services dbus)
927097ef	24	#:use-module (gnu system shadow)
6e828634	25	#:use-module (gnu system pam)
db4fdc04 LC	26	#:use-module (gnu packages admin)
db4fdc04 LC	27	#:use-module (gnu packages linux)
927097ef	28	#:use-module (gnu packages tor)
4627a464	29	#:use-module (gnu packages messaging)
63854bcb	30	#:use-module (gnu packages ntp)
b7d0c494	31	#:use-module (gnu packages wicd)
b5f4e686	32	#:use-module (guix gexp)
0adfe95a	33	#:use-module (guix records)
63854bcb	34	#:use-module (srfi srfi-26)
0adfe95a	35	#:use-module (ice-9 match)
fa0c1d61 LC	36	#:export (%facebook-host-aliases
fa0c1d61 LC	37	static-networking-service
a023cca8	38	dhcp-client-service
63854bcb LC	39	%ntp-servers
63854bcb LC	40	ntp-service
4627a464	41	tor-service
b7d0c494 MW	42	bitlbee-service
b7d0c494 MW	43	wicd-service))
db4fdc04 LC	44
	45	;;; Commentary:
	46	;;;
	47	;;; Networking services.
	48	;;;
	49	;;; Code:
	50
fa0c1d61 LC	51	(define %facebook-host-aliases
	52	;; This is the list of known Facebook hosts to be added to /etc/hosts if you
	53	;; are to block it.
	54	"\
	55	# Block Facebook IPv4.
	56	127.0.0.1 www.facebook.com
	57	127.0.0.1 facebook.com
	58	127.0.0.1 login.facebook.com
	59	127.0.0.1 www.login.facebook.com
	60	127.0.0.1 fbcdn.net
	61	127.0.0.1 www.fbcdn.net
	62	127.0.0.1 fbcdn.com
	63	127.0.0.1 www.fbcdn.com
	64	127.0.0.1 static.ak.fbcdn.net
	65	127.0.0.1 static.ak.connect.facebook.com
	66	127.0.0.1 connect.facebook.net
	67	127.0.0.1 www.connect.facebook.net
	68	127.0.0.1 apps.facebook.com
	69
	70	# Block Facebook IPv6.
	71	fe80::1%lo0 facebook.com
	72	fe80::1%lo0 login.facebook.com
	73	fe80::1%lo0 www.login.facebook.com
	74	fe80::1%lo0 fbcdn.net
	75	fe80::1%lo0 www.fbcdn.net
	76	fe80::1%lo0 fbcdn.com
	77	fe80::1%lo0 www.fbcdn.com
	78	fe80::1%lo0 static.ak.fbcdn.net
	79	fe80::1%lo0 static.ak.connect.facebook.com
	80	fe80::1%lo0 connect.facebook.net
	81	fe80::1%lo0 www.connect.facebook.net
	82	fe80::1%lo0 apps.facebook.com\n")
	83
	84
0adfe95a LC	85	(define-record-type* <static-networking>
	86	static-networking make-static-networking
	87	static-networking?
	88	(interface static-networking-interface)
	89	(ip static-networking-ip)
	90	(gateway static-networking-gateway)
	91	(provision static-networking-provision)
	92	(name-servers static-networking-name-servers)
	93	(net-tools static-networking-net-tools))
	94
	95	(define static-networking-service-type
	96	(dmd-service-type
00184239	97	'static-networking
0adfe95a LC	98	(match-lambda
	99	(($ <static-networking> interface ip gateway provision
	100	name-servers net-tools)
	101	(let ((loopback? (memq 'loopback provision)))
	102
	103	;; TODO: Eventually replace 'route' with bindings for the appropriate
	104	;; ioctls.
	105	(dmd-service
	106
	107	;; Unless we're providing the loopback interface, wait for udev to be up
	108	;; and running so that INTERFACE is actually usable.
	109	(requirement (if loopback? '() '(udev)))
	110
	111	(documentation
	112	"Bring up the networking interface using a static IP address.")
	113	(provision provision)
	114	(start #~(lambda _
	115	;; Return #t if successfully started.
	116	(let* ((addr (inet-pton AF_INET #$ip))
	117	(sockaddr (make-socket-address AF_INET addr 0)))
	118	(configure-network-interface #$interface sockaddr
	119	(logior IFF_UP
	120	#$(if loopback?
	121	#~IFF_LOOPBACK
	122	0))))
	123	#$(if gateway
	124	#~(zero? (system* (string-append #$net-tools
	125	"/sbin/route")
	126	"add" "-net" "default"
	127	"gw" #$gateway))
	128	#t)
	129	#$(if (pair? name-servers)
	130	#~(call-with-output-file "/etc/resolv.conf"
	131	(lambda (port)
	132	(display
	133	"# Generated by 'static-networking-service'.\n"
	134	port)
	135	(for-each (lambda (server)
	136	(format port "nameserver ~a~%"
	137	server))
	138	'#$name-servers)))
	139	#t)))
	140	(stop #~(lambda _
	141	;; Return #f is successfully stopped.
	142	(let ((sock (socket AF_INET SOCK_STREAM 0)))
	143	(set-network-interface-flags sock #$interface 0)
	144	(close-port sock))
	145	(not #$(if gateway
	146	#~(system* (string-append #$net-tools
	147	"/sbin/route")
	148	"del" "-net" "default")
	149	#t))))
	150	(respawn? #f)))))))
	151
db4fdc04 LC	152	(define* (static-networking-service interface ip
	153	#:key
	154	gateway
4a3b3b07	155	(provision '(networking))
db4fdc04	156	(name-servers '())
db4fdc04	157	(net-tools net-tools))
51da7ca0 LC	158	"Return a service that starts @var{interface} with address @var{ip}. If
	159	@var{gateway} is true, it must be a string specifying the default network
	160	gateway."
0adfe95a LC	161	(service static-networking-service-type
	162	(static-networking (interface interface) (ip ip)
	163	(gateway gateway)
	164	(provision provision)
	165	(name-servers name-servers)
	166	(net-tools net-tools))))
	167
	168	(define dhcp-client-service-type
	169	(dmd-service-type
00184239	170	'dhcp-client
0adfe95a LC	171	(lambda (dhcp)
	172	(define dhclient
	173	#~(string-append #$dhcp "/sbin/dhclient"))
	174
	175	(define pid-file
	176	"/var/run/dhclient.pid")
	177
	178	(dmd-service
	179	(documentation "Set up networking via DHCP.")
	180	(requirement '(user-processes udev))
	181
	182	;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
	183	;; networking is unavailable, but also means that the interface is not up
	184	;; yet when 'start' completes. To wait for the interface to be ready, one
	185	;; should instead monitor udev events.
	186	(provision '(networking))
	187
	188	(start #~(lambda _
	189	;; When invoked without any arguments, 'dhclient' discovers all
	190	;; non-loopback interfaces that are up. However, the relevant
	191	;; interfaces are typically down at this point. Thus we perform
	192	;; our own interface discovery here.
	193	(define valid?
	194	(negate loopback-network-interface?))
	195	(define ifaces
	196	(filter valid? (all-network-interface-names)))
	197
	198	;; XXX: Make sure the interfaces are up so that 'dhclient' can
	199	;; actually send/receive over them.
	200	(for-each set-network-interface-up ifaces)
	201
	202	(false-if-exception (delete-file #$pid-file))
	203	(let ((pid (fork+exec-command
	204	(cons* #$dhclient "-nw"
	205	"-pf" #$pid-file ifaces))))
	206	(and (zero? (cdr (waitpid pid)))
	207	(let loop ()
	208	(catch 'system-error
	209	(lambda ()
	210	(call-with-input-file #$pid-file read))
	211	(lambda args
	212	;; 'dhclient' returned before PID-FILE was created,
	213	;; so try again.
	214	(let ((errno (system-error-errno args)))
	215	(if (= ENOENT errno)
	216	(begin
	217	(sleep 1)
	218	(loop))
	219	(apply throw args))))))))))
	220	(stop #~(make-kill-destructor))))))
db4fdc04	221
a023cca8 LC	222	(define* (dhcp-client-service #:key (dhcp isc-dhcp))
	223	"Return a service that runs @var{dhcp}, a Dynamic Host Configuration
	224	Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a	225	(service dhcp-client-service-type dhcp))
a023cca8	226
63854bcb LC	227	(define %ntp-servers
	228	;; Default set of NTP servers.
	229	'("0.pool.ntp.org"
	230	"1.pool.ntp.org"
	231	"2.pool.ntp.org"))
	232
0adfe95a LC	233	\f
	234	;;;
	235	;;; NTP.
	236	;;;
	237
	238	;; TODO: Export.
	239	(define-record-type* <ntp-configuration>
	240	ntp-configuration make-ntp-configuration
	241	ntp-configuration?
	242	(ntp ntp-configuration-ntp
	243	(default ntp))
	244	(servers ntp-configuration-servers))
	245
	246	(define ntp-dmd-service
	247	(match-lambda
	248	(($ <ntp-configuration> ntp servers)
	249	(let ()
	250	;; TODO: Add authentication support.
	251	(define config
	252	(string-append "driftfile /var/run/ntp.drift\n"
	253	(string-join (map (cut string-append "server " <>)
	254	servers)
	255	"\n")
	256	"
63854bcb LC	257	# Disable status queries as a workaround for CVE-2013-5211:
	258	# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
	259	restrict default kod nomodify notrap nopeer noquery
	260	restrict -6 default kod nomodify notrap nopeer noquery
	261
	262	# Yet, allow use of the local 'ntpq'.
	263	restrict 127.0.0.1
	264	restrict -6 ::1\n"))
	265
0adfe95a LC	266	(define ntpd.conf
	267	(plain-file "ntpd.conf" config))
	268
	269	(list (dmd-service
	270	(provision '(ntpd))
	271	(documentation "Run the Network Time Protocol (NTP) daemon.")
	272	(requirement '(user-processes networking))
	273	(start #~(make-forkexec-constructor
	274	(list (string-append #$ntp "/bin/ntpd") "-n"
	275	"-c" #$ntpd.conf "-u" "ntpd")))
	276	(stop #~(make-kill-destructor))))))))
	277
	278	(define %ntp-accounts
	279	(list (user-account
	280	(name "ntpd")
	281	(group "nogroup")
	282	(system? #t)
	283	(comment "NTP daemon user")
	284	(home-directory "/var/empty")
	285	(shell #~(string-append #$shadow "/sbin/nologin")))))
	286
	287	(define ntp-service-type
	288	(service-type (name 'ntp)
	289	(extensions
	290	(list (service-extension dmd-root-service-type
	291	ntp-dmd-service)
	292	(service-extension account-service-type
	293	(const %ntp-accounts))))))
	294
	295	(define* (ntp-service #:key (ntp ntp)
	296	(servers %ntp-servers))
	297	"Return a service that runs the daemon from @var{ntp}, the
	298	@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
	299	keep the system clock synchronized with that of @var{servers}."
	300	(service ntp-service-type
	301	(ntp-configuration (ntp ntp) (servers servers))))
	302
	303	\f
	304	;;;
	305	;;; Tor.
	306	;;;
	307
	308	(define %tor-accounts
	309	;; User account and groups for Tor.
	310	(list (user-group (name "tor") (system? #t))
	311	(user-account
	312	(name "tor")
	313	(group "tor")
	314	(system? #t)
	315	(comment "Tor daemon user")
	316	(home-directory "/var/empty")
	317	(shell #~(string-append #$shadow "/sbin/nologin")))))
	318
375c6108	319	(define (tor-dmd-service config)
0adfe95a	320	"Return a <dmd-service> running TOR."
375c6108 LC	321	(match config
	322	((tor config-file)
	323	(let ((torrc (computed-file "torrc"
	324	#~(begin
	325	(use-modules (guix build utils))
	326	(call-with-output-file #$output
	327	(lambda (port)
	328	(display "\
	329	User tor # automatically added\n" port)
	330	(call-with-input-file #$config-file
	331	(lambda (input)
	332	(dump-port input port)))
	333	#t)))
	334	#:modules '((guix build utils)))))
	335	(list (dmd-service
	336	(provision '(tor))
0adfe95a	337
375c6108 LC	338	;; Tor needs at least one network interface to be up, hence the
	339	;; dependency on 'loopback'.
	340	(requirement '(user-processes loopback))
0adfe95a	341
375c6108 LC	342	(start #~(make-forkexec-constructor
	343	(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
	344	(stop #~(make-kill-destructor))
	345	(documentation "Run the Tor anonymous network overlay.")))))))
0adfe95a LC	346
	347	(define tor-service-type
	348	(service-type (name 'tor)
	349	(extensions
	350	(list (service-extension dmd-root-service-type
	351	tor-dmd-service)
	352	(service-extension account-service-type
	353	(const %tor-accounts))))))
63854bcb	354
375c6108 LC	355	(define* (tor-service #:optional
	356	(config-file (plain-file "empty" ""))
	357	#:key (tor tor))
	358	"Return a service to run the @uref{https://torproject.org, Tor} anonymous
	359	networking daemon.
927097ef	360
375c6108 LC	361	The daemon runs as the @code{tor} unprivileged user. It is passed
	362	@var{config-file}, a file-like object, with an additional @code{User tor}
	363	line. Run @command{man tor} for information about the configuration file."
	364	(service tor-service-type (list tor config-file)))
0adfe95a LC	365
	366	\f
	367	;;;
	368	;;; BitlBee.
	369	;;;
	370
	371	(define-record-type* <bitlbee-configuration>
	372	bitlbee-configuration make-bitlbee-configuration
	373	bitlbee-configuration?
	374	(bitlbee bitlbee-configuration-bitlbee
	375	(default bitlbee))
	376	(interface bitlbee-configuration-interface)
	377	(port bitlbee-configuration-port)
	378	(extra-settings bitlbee-configuration-extra-settings))
	379
	380	(define bitlbee-dmd-service
	381	(match-lambda
	382	(($ <bitlbee-configuration> bitlbee interface port extra-settings)
	383	(let ((conf (plain-file "bitlbee.conf"
	384	(string-append "
	385	[settings]
	386	User = bitlbee
	387	ConfigDir = /var/lib/bitlbee
	388	DaemonInterface = " interface "
	389	DaemonPort = " (number->string port) "
	390	" extra-settings))))
	391
	392	(list (dmd-service
	393	(provision '(bitlbee))
	394	(requirement '(user-processes loopback))
	395	(start #~(make-forkexec-constructor
	396	(list (string-append #$bitlbee "/sbin/bitlbee")
	397	"-n" "-F" "-u" "bitlbee" "-c" #$conf)))
	398	(stop #~(make-kill-destructor))))))))
	399
	400	(define %bitlbee-accounts
	401	;; User group and account to run BitlBee.
	402	(list (user-group (name "bitlbee") (system? #t))
	403	(user-account
	404	(name "bitlbee")
	405	(group "bitlbee")
	406	(system? #t)
	407	(comment "BitlBee daemon user")
	408	(home-directory "/var/empty")
	409	(shell #~(string-append #$shadow "/sbin/nologin")))))
	410
	411	(define %bitlbee-activation
	412	;; Activation gexp for BitlBee.
	413	#~(begin
	414	(use-modules (guix build utils))
	415
	416	;; This directory is used to store OTR data.
	417	(mkdir-p "/var/lib/bitlbee")
	418	(let ((user (getpwnam "bitlbee")))
	419	(chown "/var/lib/bitlbee"
	420	(passwd:uid user) (passwd:gid user)))))
	421
	422	(define bitlbee-service-type
	423	(service-type (name 'bitlbee)
	424	(extensions
	425	(list (service-extension dmd-root-service-type
	426	bitlbee-dmd-service)
	427	(service-extension account-service-type
	428	(const %bitlbee-accounts))
429	(service-extension activation-service-type
430	(const %bitlbee-activation))))))
927097ef	431
4627a464 LC	432	(define* (bitlbee-service #:key (bitlbee bitlbee)
	433	(interface "127.0.0.1") (port 6667)
	434	(extra-settings ""))
	435	"Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
	436	acts as a gateway between IRC and chat networks.
	437
	438	The daemon will listen to the interface corresponding to the IP address
	439	specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only
	440	local clients can connect, whereas @code{0.0.0.0} means that connections can
	441	come from any networking interface.
	442
	443	In addition, @var{extra-settings} specifies a string to append to the
	444	configuration file."
0adfe95a LC	445	(service bitlbee-service-type
	446	(bitlbee-configuration
	447	(bitlbee bitlbee)
	448	(interface interface) (port port)
	449	(extra-settings extra-settings))))
	450
	451	\f
	452	;;;
	453	;;; Wicd.
	454	;;;
	455
	456	(define %wicd-activation
	457	;; Activation gexp for Wicd.
	458	#~(begin
	459	(use-modules (guix build utils))
	460
	461	(mkdir-p "/etc/wicd")
	462	(let ((file-name "/etc/wicd/dhclient.conf.template.default"))
	463	(unless (file-exists? file-name)
	464	(copy-file (string-append #$wicd file-name)
	465	file-name)))))
	466
	467	(define (wicd-dmd-service wicd)
	468	"Return a dmd service for WICD."
	469	(list (dmd-service
	470	(documentation "Run the Wicd network manager.")
	471	(provision '(networking))
	472	(requirement '(user-processes dbus-system loopback))
	473	(start #~(make-forkexec-constructor
	474	(list (string-append #$wicd "/sbin/wicd")
	475	"--no-daemon")))
	476	(stop #~(make-kill-destructor)))))
	477
	478	(define wicd-service-type
	479	(service-type (name 'wicd)
	480	(extensions
	481	(list (service-extension dmd-root-service-type
	482	wicd-dmd-service)
	483	(service-extension dbus-root-service-type
	484	list)
	485	(service-extension activation-service-type
87f40011 LC	486	(const %wicd-activation))
	487
	488	;; Add Wicd to the global profile.
	489	(service-extension profile-service-type list)))))
4627a464	490
b7d0c494 MW	491	(define* (wicd-service #:key (wicd wicd))
b7d0c494 MW	492	"Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011 LC	493	management daemon that aims to simplify wired and wireless networking.
	494
	495	This service adds the @var{wicd} package to the global profile, providing
	496	several commands to interact with the daemon and configure networking:
	497	@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
	498	and @command{wicd-curses} user interfaces."
0adfe95a	499	(service wicd-service-type wicd))
b7d0c494	500
db4fdc04	501	;;; networking.scm ends here