HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
services: 'references-file' depends on Guile-Gcrypt.
[jackhill/guix/guix.git] / gnu / services / networking.scm
CommitLineData
db4fdc04 1;;; GNU Guix --- Functional package management for GNU
0f13dd2b 2;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
b7d0c494 3;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
0ba3a38b 4;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
1c6c0ad0 5;;; Copyright © 2016 John Darrington <jmd@gnu.org>
e57bd0be 6;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
9260b9d1 7;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
acce0a47 8;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
0975ca3f 9;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
5dfd80e1 10;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
9926b8f8 11;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
f5be5104 12;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
40557aea 13;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
3c4f5ad7 14;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
a2161c86 15;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
ef20acae 16;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
db4fdc04
LC		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu services networking)
34 #:use-module (gnu services)
c9436025 35 #:use-module (gnu services base)
a03943ec 36 #:use-module (gnu services configuration)
ef20acae 37 #:use-module (gnu services linux)
0190c1c0 38 #:use-module (gnu services shepherd)
0adfe95a 39 #:use-module (gnu services dbus)
927097ef 40 #:use-module (gnu system shadow)
6e828634 41 #:use-module (gnu system pam)
db4fdc04 42 #:use-module (gnu packages admin)
f5be5104
FP		 43 #:use-module (gnu packages base)
44 #:use-module (gnu packages bash)
76192896 45 #:use-module (gnu packages connman)
d94e81db 46 #:use-module (gnu packages freedesktop)
db4fdc04 47 #:use-module (gnu packages linux)
927097ef 48 #:use-module (gnu packages tor)
f5be5104 49 #:use-module (gnu packages usb-modeswitch)
4627a464 50 #:use-module (gnu packages messaging)
c32d02fe 51 #:use-module (gnu packages networking)
63854bcb 52 #:use-module (gnu packages ntp)
b7d0c494 53 #:use-module (gnu packages wicd)
7234ad4f 54 #:use-module (gnu packages gnome)
b5f4e686 55 #:use-module (guix gexp)
0adfe95a 56 #:use-module (guix records)
a062b6ca 57 #:use-module (guix modules)
e52b9534 58 #:use-module (guix packages)
65a67bf7 59 #:use-module (guix deprecation)
5658ae8a 60 #:use-module (rnrs enums)
6331bde7
LC		 61 #:use-module (srfi srfi-1)
62 #:use-module (srfi srfi-9)
63854bcb 63 #:use-module (srfi srfi-26)
fe1cd098 64 #:use-module (srfi srfi-43)
0adfe95a 65 #:use-module (ice-9 match)
fe1cd098 66 #:use-module (json)
70ab130a
DM		 67 #:re-export (static-networking-service
68 static-networking-service-type)
fa0c1d61 69 #:export (%facebook-host-aliases
a023cca8 70 dhcp-client-service
39d7fdce 71 dhcp-client-service-type
f1104d90
CM		 72
73 dhcpd-service-type
74 dhcpd-configuration
75 dhcpd-configuration?
76 dhcpd-configuration-package
77 dhcpd-configuration-config-file
78 dhcpd-configuration-version
79 dhcpd-configuration-run-directory
80 dhcpd-configuration-lease-file
81 dhcpd-configuration-pid-file
82 dhcpd-configuration-interfaces
83
24e96431
 84 ntp-configuration
85 ntp-configuration?
5658ae8a
MC		 86 ntp-configuration-ntp
87 ntp-configuration-servers
88 ntp-allow-large-adjustment?
89
90 %ntp-servers
91 ntp-server
92 ntp-server-type
93 ntp-server-address
94 ntp-server-options
95
63854bcb 96 ntp-service
24e96431
 97 ntp-service-type
98
5658ae8a 99 %openntpd-servers
16718b67
EF		 100 openntpd-configuration
101 openntpd-configuration?
102 openntpd-service-type
103
9260b9d1
TD		 104 inetd-configuration
105 inetd-entry
106 inetd-service-type
107
24e96431
 108 tor-configuration
109 tor-configuration?
6331bde7 110 tor-hidden-service
4627a464 111 tor-service
24e96431
 112 tor-service-type
113
e48fcd7b 114 wicd-service-type
7234ad4f 115 wicd-service
b726096b
CB		 116
117 network-manager-configuration
118 network-manager-configuration?
119 network-manager-configuration-dns
4e37cf35 120 network-manager-configuration-vpn-plugins
b726096b
CB		 121 network-manager-service-type
122
34d60c49
MO		 123 connman-configuration
124 connman-configuration?
125 connman-service-type
126
d94e81db
DM		 127 modem-manager-configuration
128 modem-manager-configuration?
129 modem-manager-service-type
acce0a47 130
f5be5104
FP		 131 usb-modeswitch-configuration
132 usb-modeswitch-configuration?
133 usb-modeswitch-configuration-usb-modeswitch
134 usb-modeswitch-configuration-usb-modeswitch-data
135 usb-modeswitch-service-type
136
acce0a47
MB		 137 wpa-supplicant-configuration
138 wpa-supplicant-configuration?
139 wpa-supplicant-configuration-wpa-supplicant
4d060767 140 wpa-supplicant-configuration-requirement
acce0a47
MB		 141 wpa-supplicant-configuration-pid-file
142 wpa-supplicant-configuration-dbus?
143 wpa-supplicant-configuration-interface
144 wpa-supplicant-configuration-config-file
145 wpa-supplicant-configuration-extra-options
c32d02fe
SB		 146 wpa-supplicant-service-type
147
a03943ec
LC		 148 hostapd-configuration
149 hostapd-configuration?
150 hostapd-configuration-package
151 hostapd-configuration-interface
152 hostapd-configuration-ssid
153 hostapd-configuration-broadcast-ssid?
154 hostapd-configuration-channel
155 hostapd-configuration-driver
156 hostapd-service-type
157
5e7076f2
LC		 158 simulated-wifi-service-type
159
c32d02fe 160 openvswitch-service-type
9926b8f8
AI		 161 openvswitch-configuration
162
163 iptables-configuration
164 iptables-configuration?
165 iptables-configuration-iptables
166 iptables-configuration-ipv4-rules
167 iptables-configuration-ipv6-rules
3c4f5ad7
SB		 168 iptables-service-type
169
170 nftables-service-type
171 nftables-configuration
172 nftables-configuration?
173 nftables-configuration-package
174 nftables-configuration-ruleset
a2161c86
AG		 175 %default-nftables-ruleset
176
177 pagekite-service-type
178 pagekite-configuration
179 pagekite-configuration?
180 pagekite-configuration-package
181 pagekite-configuration-kitename
182 pagekite-configuration-kitesecret
183 pagekite-configuration-frontend
184 pagekite-configuration-kites
fe1cd098 185 pagekite-configuration-extra-file
186
187 yggdrasil-service-type
188 yggdrasil-configuration
189 yggdrasil-configuration?
190 yggdrasil-configuration-autoconf?
191 yggdrasil-configuration-config-file
192 yggdrasil-configuration-log-level
193 yggdrasil-configuration-log-to
194 yggdrasil-configuration-json-config
195 yggdrasil-configuration-package))
db4fdc04
LC		 196
197;;; Commentary:
198;;;
199;;; Networking services.
200;;;
201;;; Code:
202
fa0c1d61
LC		 203(define %facebook-host-aliases
204 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
205 ;; are to block it.
206 "\
207# Block Facebook IPv4.
208127.0.0.1 www.facebook.com
209127.0.0.1 facebook.com
210127.0.0.1 login.facebook.com
211127.0.0.1 www.login.facebook.com
212127.0.0.1 fbcdn.net
213127.0.0.1 www.fbcdn.net
214127.0.0.1 fbcdn.com
215127.0.0.1 www.fbcdn.com
216127.0.0.1 static.ak.fbcdn.net
217127.0.0.1 static.ak.connect.facebook.com
218127.0.0.1 connect.facebook.net
219127.0.0.1 www.connect.facebook.net
220127.0.0.1 apps.facebook.com
221
222# Block Facebook IPv6.
223fe80::1%lo0 facebook.com
224fe80::1%lo0 login.facebook.com
225fe80::1%lo0 www.login.facebook.com
226fe80::1%lo0 fbcdn.net
227fe80::1%lo0 www.fbcdn.net
228fe80::1%lo0 fbcdn.com
229fe80::1%lo0 www.fbcdn.com
230fe80::1%lo0 static.ak.fbcdn.net
231fe80::1%lo0 static.ak.connect.facebook.com
232fe80::1%lo0 connect.facebook.net
233fe80::1%lo0 www.connect.facebook.net
234fe80::1%lo0 apps.facebook.com\n")
235
0adfe95a 236(define dhcp-client-service-type
d4053c71 237 (shepherd-service-type
00184239 238 'dhcp-client
0adfe95a
LC		 239 (lambda (dhcp)
240 (define dhclient
9e41130b 241 (file-append dhcp "/sbin/dhclient"))
0adfe95a
LC		 242
243 (define pid-file
244 "/var/run/dhclient.pid")
245
d4053c71 246 (shepherd-service
0adfe95a
LC		 247 (documentation "Set up networking via DHCP.")
248 (requirement '(user-processes udev))
249
250 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
251 ;; networking is unavailable, but also means that the interface is not up
252 ;; yet when 'start' completes. To wait for the interface to be ready, one
253 ;; should instead monitor udev events.
254 (provision '(networking))
255
256 (start #~(lambda _
257 ;; When invoked without any arguments, 'dhclient' discovers all
258 ;; non-loopback interfaces *that are up*. However, the relevant
259 ;; interfaces are typically down at this point. Thus we perform
260 ;; our own interface discovery here.
261 (define valid?
6c2180f5
MB		 262 (lambda (interface)
263 (and (arp-network-interface? interface)
747b7246
BW		 264 (not (loopback-network-interface? interface))
265 ;; XXX: Make sure the interfaces are up so that
266 ;; 'dhclient' can actually send/receive over them.
267 ;; Ignore those that cannot be activated.
268 (false-if-exception
269 (set-network-interface-up interface)))))
0adfe95a
LC		 270 (define ifaces
271 (filter valid? (all-network-interface-names)))
272
0adfe95a
LC		 273 (false-if-exception (delete-file #$pid-file))
274 (let ((pid (fork+exec-command
275 (cons* #$dhclient "-nw"
276 "-pf" #$pid-file ifaces))))
277 (and (zero? (cdr (waitpid pid)))
6f03b080 278 (read-pid-file #$pid-file)))))
39d7fdce
LC		 279 (stop #~(make-kill-destructor))))
280 isc-dhcp))
db4fdc04 281
65a67bf7
LC		 282(define-deprecated (dhcp-client-service #:key (dhcp isc-dhcp))
283 dhcp-client-service-type
a023cca8
LC		 284 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
285Protocol (DHCP) client, on all the non-loopback network interfaces."
0adfe95a 286 (service dhcp-client-service-type dhcp))
a023cca8 287
f1104d90
CM		 288(define-record-type* <dhcpd-configuration>
289 dhcpd-configuration make-dhcpd-configuration
290 dhcpd-configuration?
291 (package dhcpd-configuration-package ;<package>
292 (default isc-dhcp))
293 (config-file dhcpd-configuration-config-file ;file-like
294 (default #f))
295 (version dhcpd-configuration-version ;"4", "6", or "4o6"
a654d3de 296 (default "4"))
f1104d90
CM		 297 (run-directory dhcpd-configuration-run-directory
298 (default "/run/dhcpd"))
299 (lease-file dhcpd-configuration-lease-file
300 (default "/var/db/dhcpd.leases"))
301 (pid-file dhcpd-configuration-pid-file
302 (default "/run/dhcpd/dhcpd.pid"))
303 ;; list of strings, e.g. (list "enp0s25")
304 (interfaces dhcpd-configuration-interfaces
305 (default '())))
306
307(define dhcpd-shepherd-service
308 (match-lambda
309 (($ <dhcpd-configuration> package config-file version run-directory
310 lease-file pid-file interfaces)
311 (unless config-file
312 (error "Must supply a config-file"))
313 (list (shepherd-service
314 ;; Allow users to easily run multiple versions simultaneously.
315 (provision (list (string->symbol
316 (string-append "dhcpv" version "-daemon"))))
317 (documentation (string-append "Run the DHCPv" version " daemon"))
318 (requirement '(networking))
319 (start #~(make-forkexec-constructor
320 '(#$(file-append package "/sbin/dhcpd")
321 #$(string-append "-" version)
322 "-lf" #$lease-file
323 "-pf" #$pid-file
324 "-cf" #$config-file
325 #$@interfaces)
326 #:pid-file #$pid-file))
327 (stop #~(make-kill-destructor)))))))
328
329(define dhcpd-activation
330 (match-lambda
331 (($ <dhcpd-configuration> package config-file version run-directory
332 lease-file pid-file interfaces)
333 (with-imported-modules '((guix build utils))
334 #~(begin
335 (unless (file-exists? #$run-directory)
336 (mkdir #$run-directory))
337 ;; According to the DHCP manual (man dhcpd.leases), the lease
338 ;; database must be present for dhcpd to start successfully.
339 (unless (file-exists? #$lease-file)
340 (with-output-to-file #$lease-file
341 (lambda _ (display ""))))
342 ;; Validate the config.
0f13dd2b 343 (invoke/quiet
f1104d90
CM		 344 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
345 #$config-file))))))
346
347(define dhcpd-service-type
348 (service-type
349 (name 'dhcpd)
350 (extensions
351 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
dd0804c6
LC		 352 (service-extension activation-service-type dhcpd-activation)))
353 (description "Run a DHCP (Dynamic Host Configuration Protocol) daemon. The
354daemon is responsible for allocating IP addresses to its client.")))
f1104d90 355
0adfe95a
LC		 356\f
357;;;
358;;; NTP.
359;;;
360
5658ae8a
MC		 361(define ntp-server-types (make-enumeration
362 '(pool
363 server
364 peer
365 broadcast
366 manycastclient)))
367
368(define-record-type* <ntp-server>
369 ntp-server make-ntp-server
370 ntp-server?
371 ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeration.
372 (type ntp-server-type
373 (default 'server))
374 (address ntp-server-address) ; a string
375 ;; The list of options can contain single option names or tuples in the form
376 ;; '(name value).
377 (options ntp-server-options
378 (default '())))
379
380(define (ntp-server->string ntp-server)
381 ;; Serialize the NTP server object as a string, ready to use in the NTP
382 ;; configuration file.
383 (define (flatten lst)
384 (reverse
385 (let loop ((x lst)
386 (res '()))
387 (if (list? x)
388 (fold loop res x)
97bc3cbe 389 (cons (format #f "~a" x) res)))))
5658ae8a
MC		 390
391 (match ntp-server
392 (($ <ntp-server> type address options)
393 ;; XXX: It'd be neater if fields were validated at the syntax level (for
394 ;; static ones at least). Perhaps the Guix record type could support a
395 ;; predicate property on a field?
396 (unless (enum-set-member? type ntp-server-types)
397 (error "Invalid NTP server type" type))
398 (string-join (cons* (symbol->string type)
399 address
400 (flatten options))))))
401
402(define %ntp-servers
403 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
404 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
405 ;; for this NTP pool "zone".
406 (list
407 (ntp-server
408 (type 'pool)
409 (address "0.guix.pool.ntp.org")
410 (options '("iburst"))))) ;as recommended in the ntpd manual
411
0adfe95a
LC		 412(define-record-type* <ntp-configuration>
413 ntp-configuration make-ntp-configuration
414 ntp-configuration?
415 (ntp ntp-configuration-ntp
416 (default ntp))
5658ae8a 417 (servers %ntp-configuration-servers ;list of <ntp-server> objects
64791eb7 418 (default %ntp-servers))
dc0322b5 419 (allow-large-adjustment? ntp-allow-large-adjustment?
08b4a10f 420 (default #t))) ;as recommended in the ntpd manual
0adfe95a 421
5658ae8a
MC		 422(define (ntp-configuration-servers ntp-configuration)
423 ;; A wrapper to support the deprecated form of this field.
424 (let ((ntp-servers (%ntp-configuration-servers ntp-configuration)))
425 (match ntp-servers
426 (((? string?) (? string?) ...)
427 (format (current-error-port) "warning: Defining NTP servers as strings is \
428deprecated. Please use <ntp-server> records instead.\n")
429 (map (lambda (addr)
430 (ntp-server
431 (type 'server)
432 (address addr)
433 (options '()))) ntp-servers))
434 ((($ <ntp-server>) ($ <ntp-server>) ...)
435 ntp-servers))))
436
d4053c71 437(define ntp-shepherd-service
f37ad658
MC		 438 (lambda (config)
439 (match config
440 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
441 (let ((servers (ntp-configuration-servers config)))
442 ;; TODO: Add authentication support.
443 (define config
444 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
445 (string-join (map ntp-server->string servers)
446 "\n")
447 "
63854bcb
LC		 448# Disable status queries as a workaround for CVE-2013-5211:
449# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
d4de2f9e
MC		 450restrict default kod nomodify notrap nopeer noquery limited
451restrict -6 default kod nomodify notrap nopeer noquery limited
63854bcb
LC		 452
453# Yet, allow use of the local 'ntpq'.
454restrict 127.0.0.1
5658ae8a
MC		 455restrict -6 ::1
456
457# This is required to use servers from a pool directive when using the 'nopeer'
458# option by default, as documented in the 'ntp.conf' manual.
459restrict source notrap nomodify noquery\n"))
63854bcb 460
f37ad658
MC		 461 (define ntpd.conf
462 (plain-file "ntpd.conf" config))
463
464 (list (shepherd-service
465 (provision '(ntpd))
466 (documentation "Run the Network Time Protocol (NTP) daemon.")
467 (requirement '(user-processes networking))
468 (start #~(make-forkexec-constructor
469 (list (string-append #$ntp "/bin/ntpd") "-n"
470 "-c" #$ntpd.conf "-u" "ntpd"
471 #$@(if allow-large-adjustment?
472 '("-g")
473 '()))))
474 (stop #~(make-kill-destructor)))))))))
0adfe95a
LC		 475
476(define %ntp-accounts
477 (list (user-account
478 (name "ntpd")
479 (group "nogroup")
480 (system? #t)
481 (comment "NTP daemon user")
482 (home-directory "/var/empty")
9e41130b 483 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 484
1c6c0ad0
JD		 485
486(define (ntp-service-activation config)
487 "Return the activation gexp for CONFIG."
488 (with-imported-modules '((guix build utils))
489 #~(begin
e57bd0be 490 (use-modules (guix build utils))
1c6c0ad0
JD		 491 (define %user
492 (getpw "ntpd"))
493
494 (let ((directory "/var/run/ntpd"))
495 (mkdir-p directory)
496 (chown directory (passwd:uid %user) (passwd:gid %user))))))
497
0adfe95a
LC		 498(define ntp-service-type
499 (service-type (name 'ntp)
500 (extensions
d4053c71
AK		 501 (list (service-extension shepherd-root-service-type
502 ntp-shepherd-service)
0adfe95a 503 (service-extension account-service-type
1c6c0ad0
JD		 504 (const %ntp-accounts))
505 (service-extension activation-service-type
3f0de257
LC		 506 ntp-service-activation)))
507 (description
508 "Run the @command{ntpd}, the Network Time Protocol (NTP)
509daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
64791eb7
LC		 510will keep the system clock synchronized with that of the given servers.")
511 (default-value (ntp-configuration))))
0adfe95a 512
65a67bf7
LC		 513(define-deprecated (ntp-service #:key (ntp ntp)
514 (servers %ntp-servers)
515 allow-large-adjustment?)
516 ntp-service-type
0adfe95a
LC		 517 "Return a service that runs the daemon from @var{ntp}, the
518@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
dc0322b5
LC		 519keep the system clock synchronized with that of @var{servers}.
520@var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
521make an initial adjustment of more than 1,000 seconds."
0adfe95a 522 (service ntp-service-type
dc0322b5
LC		 523 (ntp-configuration (ntp ntp)
524 (servers servers)
525 (allow-large-adjustment?
526 allow-large-adjustment?))))
0adfe95a
LC		 527
528\f
16718b67
EF		 529;;;
530;;; OpenNTPD.
531;;;
532
5658ae8a
MC		 533(define %openntpd-servers
534 (map ntp-server-address %ntp-servers))
535
16718b67
EF		 536(define-record-type* <openntpd-configuration>
537 openntpd-configuration make-openntpd-configuration
538 openntpd-configuration?
539 (openntpd openntpd-configuration-openntpd
540 (default openntpd))
541 (listen-on openntpd-listen-on
542 (default '("127.0.0.1"
543 "::1")))
544 (query-from openntpd-query-from
545 (default '()))
546 (sensor openntpd-sensor
547 (default '()))
548 (server openntpd-server
16718b67 549 (default '()))
5658ae8a
MC		 550 (servers openntpd-servers
551 (default %openntpd-servers))
16718b67
EF		 552 (constraint-from openntpd-constraint-from
553 (default '()))
554 (constraints-from openntpd-constraints-from
555 (default '()))
556 (allow-large-adjustment? openntpd-allow-large-adjustment?
557 (default #f))) ; upstream default
558
2625abc6 559(define (openntpd-configuration->string config)
ccdfae38
MC		 560
561 (define (quote-field? name)
562 (member name '("constraints from")))
563
16718b67 564 (match-record config <openntpd-configuration>
2625abc6
MC		 565 (listen-on query-from sensor server servers constraint-from
566 constraints-from)
ccdfae38 567 (string-append
2625abc6 568 (string-join
ccdfae38
MC		 569 (concatenate
570 (filter-map (lambda (field values)
571 (match values
572 (() #f) ;discard entry with filter-map
573 ((val ...) ;validate value type
574 (map (lambda (value)
575 (if (quote-field? field)
576 (format #f "~a \"~a\"" field value)
577 (format #f "~a ~a" field value)))
578 values))))
579 ;; The entry names.
580 '("listen on" "query from" "sensor" "server" "servers"
581 "constraint from" "constraints from")
582 ;; The corresponding entry values.
583 (list listen-on query-from sensor server servers
584 constraint-from constraints-from)))
585 "\n")
586 "\n"))) ;add a trailing newline
2625abc6
MC		 587
588(define (openntpd-shepherd-service config)
589 (let ((openntpd (openntpd-configuration-openntpd config))
590 (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
afd39a76
MC		 591
592 (define ntpd.conf
2625abc6 593 (plain-file "ntpd.conf" (openntpd-configuration->string config)))
afd39a76
MC		 594
595 (list (shepherd-service
596 (provision '(ntpd))
597 (documentation "Run the Network Time Protocol (NTP) daemon.")
598 (requirement '(user-processes networking))
599 (start #~(make-forkexec-constructor
600 (list (string-append #$openntpd "/sbin/ntpd")
601 "-f" #$ntpd.conf
602 "-d" ;; don't daemonize
603 #$@(if allow-large-adjustment?
604 '("-s")
605 '()))
606 ;; When ntpd is daemonized it repeatedly tries to respawn
607 ;; while running, leading shepherd to disable it. To
608 ;; prevent spamming stderr, redirect output to logfile.
609 #:log-file "/var/log/ntpd"))
610 (stop #~(make-kill-destructor))))))
16718b67
EF		 611
612(define (openntpd-service-activation config)
613 "Return the activation gexp for CONFIG."
614 (with-imported-modules '((guix build utils))
615 #~(begin
616 (use-modules (guix build utils))
617
618 (mkdir-p "/var/db")
619 (mkdir-p "/var/run")
620 (unless (file-exists? "/var/db/ntpd.drift")
621 (with-output-to-file "/var/db/ntpd.drift"
622 (lambda _
623 (format #t "0.0")))))))
624
625(define openntpd-service-type
626 (service-type (name 'openntpd)
627 (extensions
628 (list (service-extension shepherd-root-service-type
629 openntpd-shepherd-service)
630 (service-extension account-service-type
631 (const %ntp-accounts))
19f20f4f
EF		 632 (service-extension profile-service-type
633 (compose list openntpd-configuration-openntpd))
16718b67
EF		 634 (service-extension activation-service-type
635 openntpd-service-activation)))
636 (default-value (openntpd-configuration))
637 (description
638 "Run the @command{ntpd}, the Network Time Protocol (NTP)
639daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
640daemon will keep the system clock synchronized with that of the given servers.")))
641
642\f
9260b9d1
TD		 643;;;
644;;; Inetd.
645;;;
646
647(define-record-type* <inetd-configuration> inetd-configuration
648 make-inetd-configuration
649 inetd-configuration?
650 (program inetd-configuration-program ;file-like
651 (default (file-append inetutils "/libexec/inetd")))
652 (entries inetd-configuration-entries ;list of <inetd-entry>
653 (default '())))
654
655(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
656 inetd-entry?
657 (node inetd-entry-node ;string or #f
658 (default #f))
659 (name inetd-entry-name) ;string, from /etc/services
660
661 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
662 ;rdm | seqpacket
663 (protocol inetd-entry-protocol) ;string, from /etc/protocols
664
665 (wait? inetd-entry-wait? ;Boolean
666 (default #t))
667 (user inetd-entry-user) ;string
668
669 (program inetd-entry-program ;string or file-like object
670 (default "internal"))
671 (arguments inetd-entry-arguments ;list of strings or file-like objects
672 (default '())))
673
674(define (inetd-config-file entries)
675 (apply mixed-text-file "inetd.conf"
676 (map
677 (lambda (entry)
678 (let* ((node (inetd-entry-node entry))
679 (name (inetd-entry-name entry))
680 (socket
681 (if node (string-append node ":" name) name))
682 (type
683 (match (inetd-entry-socket-type entry)
684 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
685 (symbol->string (inetd-entry-socket-type entry)))))
686 (protocol (inetd-entry-protocol entry))
687 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
688 (user (inetd-entry-user entry))
689 (program (inetd-entry-program entry))
690 (args (inetd-entry-arguments entry)))
691 #~(string-append
692 (string-join
693 (list #$@(list socket type protocol wait user program) #$@args)
694 " ") "\n")))
695 entries)))
696
697(define inetd-shepherd-service
698 (match-lambda
699 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
700 (($ <inetd-configuration> program entries)
701 (list
702 (shepherd-service
703 (documentation "Run inetd.")
704 (provision '(inetd))
705 (requirement '(user-processes networking syslogd))
706 (start #~(make-forkexec-constructor
707 (list #$program #$(inetd-config-file entries))
708 #:pid-file "/var/run/inetd.pid"))
709 (stop #~(make-kill-destructor)))))))
710
711(define-public inetd-service-type
712 (service-type
713 (name 'inetd)
714 (extensions
715 (list (service-extension shepherd-root-service-type
716 inetd-shepherd-service)))
717
718 ;; The service can be extended with additional lists of entries.
719 (compose concatenate)
720 (extend (lambda (config entries)
721 (inetd-configuration
722 (inherit config)
723 (entries (append (inetd-configuration-entries config)
3f0de257
LC		 724 entries)))))
725 (description
726 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
727for listening on Internet sockets and spawning the corresponding services on
728demand.")))
9260b9d1
TD		 729
730\f
0adfe95a
LC		 731;;;
732;;; Tor.
733;;;
734
6331bde7
LC		 735(define-record-type* <tor-configuration>
736 tor-configuration make-tor-configuration
737 tor-configuration?
738 (tor tor-configuration-tor
739 (default tor))
3d3c5650
LC		 740 (config-file tor-configuration-config-file
741 (default (plain-file "empty" "")))
6331bde7 742 (hidden-services tor-configuration-hidden-services
3bcb305b
CM		 743 (default '()))
744 (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
745 (default 'tcp)))
6331bde7 746
0adfe95a
LC		 747(define %tor-accounts
748 ;; User account and groups for Tor.
749 (list (user-group (name "tor") (system? #t))
750 (user-account
751 (name "tor")
752 (group "tor")
753 (system? #t)
754 (comment "Tor daemon user")
755 (home-directory "/var/empty")
9e41130b 756 (shell (file-append shadow "/sbin/nologin")))))
0adfe95a 757
6331bde7
LC		 758(define-record-type <hidden-service>
759 (hidden-service name mapping)
760 hidden-service?
761 (name hidden-service-name) ;string
762 (mapping hidden-service-mapping)) ;list of port/address tuples
763
764(define (tor-configuration->torrc config)
765 "Return a 'torrc' file for CONFIG."
766 (match config
3bcb305b 767 (($ <tor-configuration> tor config-file services socks-socket-type)
6331bde7
LC		 768 (computed-file
769 "torrc"
4ee96a79
LC		 770 (with-imported-modules '((guix build utils))
771 #~(begin
772 (use-modules (guix build utils)
773 (ice-9 match))
774
775 (call-with-output-file #$output
776 (lambda (port)
777 (display "\
0975ca3f 778### These lines were generated from your system configuration:
5ee35eb7 779User tor
6629099a 780DataDirectory /var/lib/tor
5dfd80e1 781PidFile /var/run/tor/tor.pid
5ee35eb7 782Log notice syslog\n" port)
3bcb305b
CM		 783 (when (eq? 'unix '#$socks-socket-type)
784 (display "\
785SocksPort unix:/var/run/tor/socks-sock
786UnixSocksGroupWritable 1\n" port))
6331bde7 787
4ee96a79
LC		 788 (for-each (match-lambda
789 ((service (ports hosts) ...)
790 (format port "\
6629099a 791HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
4ee96a79
LC		 792 service)
793 (for-each (lambda (tcp-port host)
794 (format port "\
6331bde7 795HiddenServicePort ~a ~a~%"
4ee96a79
LC		 796 tcp-port host))
797 ports hosts)))
798 '#$(map (match-lambda
799 (($ <hidden-service> name mapping)
800 (cons name mapping)))
801 services))
802
0975ca3f
TGR		 803 (display "\
804### End of automatically generated lines.\n\n" port)
805
4ee96a79
LC		 806 ;; Append the user's config file.
807 (call-with-input-file #$config-file
808 (lambda (input)
809 (dump-port input port)))
810 #t))))))))
6331bde7 811
d4053c71 812(define (tor-shepherd-service config)
5dfd80e1 813 "Return a <shepherd-service> running Tor."
375c6108 814 (match config
6331bde7
LC		 815 (($ <tor-configuration> tor)
816 (let ((torrc (tor-configuration->torrc config)))
ee295346
LC		 817 (with-imported-modules (source-module-closure
818 '((gnu build shepherd)
819 (gnu system file-systems)))
820 (list (shepherd-service
821 (provision '(tor))
822
823 ;; Tor needs at least one network interface to be up, hence the
824 ;; dependency on 'loopback'.
825 (requirement '(user-processes loopback syslogd))
826
827 (modules '((gnu build shepherd)
828 (gnu system file-systems)))
829
830 (start #~(make-forkexec-constructor/container
831 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
832
833 #:mappings (list (file-system-mapping
834 (source "/var/lib/tor")
835 (target source)
836 (writable? #t))
837 (file-system-mapping
838 (source "/dev/log") ;for syslog
5dfd80e1
CM		 839 (target source))
840 (file-system-mapping
841 (source "/var/run/tor")
842 (target source)
843 (writable? #t)))
844 #:pid-file "/var/run/tor/tor.pid"))
ee295346
LC		 845 (stop #~(make-kill-destructor))
846 (documentation "Run the Tor anonymous network overlay."))))))))
0adfe95a 847
d973915e 848(define (tor-activation config)
5dfd80e1 849 "Set up directories for Tor and its hidden services, if any."
6331bde7
LC		 850 #~(begin
851 (use-modules (guix build utils))
852
6629099a
LC		 853 (define %user
854 (getpw "tor"))
855
6331bde7 856 (define (initialize service)
6629099a
LC		 857 (let ((directory (string-append "/var/lib/tor/hidden-services/"
858 service)))
6331bde7 859 (mkdir-p directory)
6629099a 860 (chown directory (passwd:uid %user) (passwd:gid %user))
6331bde7
LC		 861
862 ;; The daemon bails out if we give wider permissions.
863 (chmod directory #o700)))
864
5dfd80e1
CM		 865 ;; Allow Tor to write its PID file.
866 (mkdir-p "/var/run/tor")
867 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
868 ;; Set the group permissions to rw so that if the system administrator
869 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
870 ;; of the "tor" group will be able to use the SOCKS socket.
871 (chmod "/var/run/tor" #o750)
872
873 ;; Allow Tor to access the hidden services' directories.
6629099a
LC		 874 (mkdir-p "/var/lib/tor")
875 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
876 (chmod "/var/lib/tor" #o700)
877
ba9f0db0
LC		 878 ;; Make sure /var/lib is accessible to the 'tor' user.
879 (chmod "/var/lib" #o755)
880
6331bde7
LC		 881 (for-each initialize
882 '#$(map hidden-service-name
883 (tor-configuration-hidden-services config)))))
884
0adfe95a
LC		 885(define tor-service-type
886 (service-type (name 'tor)
887 (extensions
d4053c71
AK		 888 (list (service-extension shepherd-root-service-type
889 tor-shepherd-service)
0adfe95a 890 (service-extension account-service-type
6331bde7
LC		 891 (const %tor-accounts))
892 (service-extension activation-service-type
d973915e 893 tor-activation)))
6331bde7
LC		 894
895 ;; This can be extended with hidden services.
896 (compose concatenate)
897 (extend (lambda (config services)
898 (tor-configuration
899 (inherit config)
900 (hidden-services
901 (append (tor-configuration-hidden-services config)
3d3c5650 902 services)))))
3f0de257
LC		 903 (default-value (tor-configuration))
904 (description
905 "Run the @uref{https://torproject.org, Tor} anonymous
906networking daemon.")))
63854bcb 907
84a2de36
LC		 908(define-deprecated (tor-service #:optional
909 (config-file (plain-file "empty" ""))
910 #:key (tor tor))
911 tor-service-type
375c6108
LC		 912 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
913networking daemon.
927097ef 914
375c6108 915The daemon runs as the @code{tor} unprivileged user. It is passed
6331bde7
LC		 916@var{config-file}, a file-like object, with an additional @code{User tor} line
917and lines for hidden services added via @code{tor-hidden-service}. Run
918@command{man tor} for information about the configuration file."
919 (service tor-service-type
920 (tor-configuration (tor tor)
921 (config-file config-file))))
922
923(define tor-hidden-service-type
924 ;; A type that extends Tor with hidden services.
925 (service-type (name 'tor-hidden-service)
926 (extensions
3f0de257
LC		 927 (list (service-extension tor-service-type list)))
928 (description
929 "Define a new Tor @dfn{hidden service}.")))
6331bde7
LC		 930
931(define (tor-hidden-service name mapping)
932 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
933@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
934
935@example
936 '((22 \"127.0.0.1:22\")
937 (80 \"127.0.0.1:8080\"))
938@end example
939
940In this example, port 22 of the hidden service is mapped to local port 22, and
941port 80 is mapped to local port 8080.
942
6629099a
LC		 943This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
944the @file{hostname} file contains the @code{.onion} host name for the hidden
6331bde7
LC		 945service.
946
947See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
948project's documentation} for more information."
949 (service tor-hidden-service-type
950 (hidden-service name mapping)))
0adfe95a
LC		 951
952\f
0adfe95a
LC		 953;;;
954;;; Wicd.
955;;;
956
957(define %wicd-activation
958 ;; Activation gexp for Wicd.
959 #~(begin
960 (use-modules (guix build utils))
961
962 (mkdir-p "/etc/wicd")
963 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
964 (unless (file-exists? file-name)
965 (copy-file (string-append #$wicd file-name)
69323016
LC		 966 file-name)))
967
968 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
969 ;; named socket files.
970 (mkdir-p "/var/run/wpa_supplicant")
971 (chmod "/var/run/wpa_supplicant" #o750)))
0adfe95a 972
d4053c71
AK		 973(define (wicd-shepherd-service wicd)
974 "Return a shepherd service for WICD."
975 (list (shepherd-service
0adfe95a
LC		 976 (documentation "Run the Wicd network manager.")
977 (provision '(networking))
978 (requirement '(user-processes dbus-system loopback))
979 (start #~(make-forkexec-constructor
980 (list (string-append #$wicd "/sbin/wicd")
981 "--no-daemon")))
982 (stop #~(make-kill-destructor)))))
983
984(define wicd-service-type
985 (service-type (name 'wicd)
986 (extensions
d4053c71
AK		 987 (list (service-extension shepherd-root-service-type
988 wicd-shepherd-service)
0adfe95a
LC		 989 (service-extension dbus-root-service-type
990 list)
991 (service-extension activation-service-type
87f40011
LC		 992 (const %wicd-activation))
993
994 ;; Add Wicd to the global profile.
3f0de257
LC		 995 (service-extension profile-service-type list)))
996 (description
997 "Run @url{https://launchpad.net/wicd,Wicd}, a network
998management daemon that aims to simplify wired and wireless networking.")))
4627a464 999
b7d0c494
MW		 1000(define* (wicd-service #:key (wicd wicd))
1001 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
87f40011
LC		 1002management daemon that aims to simplify wired and wireless networking.
1003
1004This service adds the @var{wicd} package to the global profile, providing
1005several commands to interact with the daemon and configure networking:
1006@command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
1007and @command{wicd-curses} user interfaces."
0adfe95a 1008 (service wicd-service-type wicd))
b7d0c494 1009
7234ad4f 1010\f
d94e81db
DM		 1011;;;
1012;;; ModemManager
1013;;;
1014
1015(define-record-type* <modem-manager-configuration>
1016 modem-manager-configuration make-modem-manager-configuration
1017 modem-manager-configuration?
1018 (modem-manager modem-manager-configuration-modem-manager
1019 (default modem-manager)))
1020
1021\f
7234ad4f
SB		 1022;;;
1023;;; NetworkManager
1024;;;
1025
b726096b
CB		 1026(define-record-type* <network-manager-configuration>
1027 network-manager-configuration make-network-manager-configuration
1028 network-manager-configuration?
1029 (network-manager network-manager-configuration-network-manager
1030 (default network-manager))
1031 (dns network-manager-configuration-dns
94d2a250 1032 (default "default"))
4e37cf35 1033 (vpn-plugins network-manager-configuration-vpn-plugins ;list of <package>
94d2a250 1034 (default '())))
b726096b 1035
57c16c97
FP		 1036(define network-manager-activation
1037 ;; Activation gexp for NetworkManager
1038 (match-lambda
1039 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1040 #~(begin
1041 (use-modules (guix build utils))
1042 (mkdir-p "/etc/NetworkManager/system-connections")
1043 #$@(if (equal? dns "dnsmasq")
1044 ;; create directory to store dnsmasq lease file
1045 '((mkdir-p "/var/lib/misc"))
1046 '())))))
7234ad4f 1047
94d2a250
LC		 1048(define (vpn-plugin-directory plugins)
1049 "Return a directory containing PLUGINS, the NM VPN plugins."
1050 (directory-union "network-manager-vpn-plugins" plugins))
1051
e52b9534
LC		 1052(define (network-manager-accounts config)
1053 "Return the list of <user-account> and <user-group> for CONFIG."
1054 (define nologin
1055 (file-append shadow "/sbin/nologin"))
1056
1057 (define accounts
1058 (append-map (lambda (package)
1059 (map (lambda (name)
1060 (user-account (system? #t)
1061 (name name)
1062 (group "network-manager")
1063 (comment "NetworkManager helper")
1064 (home-directory "/var/empty")
1065 (create-home-directory? #f)
1066 (shell nologin)))
1067 (or (assoc-ref (package-properties package)
1068 'user-accounts)
1069 '())))
1070 (network-manager-configuration-vpn-plugins config)))
1071
1072 (match accounts
1073 (()
1074 '())
1075 (_
1076 (cons (user-group (name "network-manager") (system? #t))
1077 accounts))))
1078
94d2a250
LC		 1079(define network-manager-environment
1080 (match-lambda
1081 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1082 ;; Define this variable in the global environment such that
1083 ;; "nmcli connection import type openvpn file foo.ovpn" works.
1084 `(("NM_VPN_PLUGIN_DIR"
1085 . ,(file-append (vpn-plugin-directory vpn-plugins)
1086 "/lib/NetworkManager/VPN"))))))
1087
b726096b
CB		 1088(define network-manager-shepherd-service
1089 (match-lambda
94d2a250
LC		 1090 (($ <network-manager-configuration> network-manager dns vpn-plugins)
1091 (let ((conf (plain-file "NetworkManager.conf"
1092 (string-append "[main]\ndns=" dns "\n")))
1093 (vpn (vpn-plugin-directory vpn-plugins)))
1094 (list (shepherd-service
1095 (documentation "Run the NetworkManager.")
1096 (provision '(networking))
1097 (requirement '(user-processes dbus-system wpa-supplicant loopback))
1098 (start #~(make-forkexec-constructor
1099 (list (string-append #$network-manager
1100 "/sbin/NetworkManager")
1101 (string-append "--config=" #$conf)
1102 "--no-daemon")
1103 #:environment-variables
1104 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
4efdede2
JL		 1105 "/lib/NetworkManager/VPN")
1106 ;; Override non-existent default users
1107 "NM_OPENVPN_USER="
1108 "NM_OPENVPN_GROUP=")))
94d2a250 1109 (stop #~(make-kill-destructor))))))))
7234ad4f
SB		 1110
1111(define network-manager-service-type
b726096b 1112 (let
40557aea 1113 ((config->packages
b726096b 1114 (match-lambda
40557aea
JL		 1115 (($ <network-manager-configuration> network-manager _ vpn-plugins)
1116 `(,network-manager ,@vpn-plugins)))))
b726096b
CB		 1117
1118 (service-type
1119 (name 'network-manager)
1120 (extensions
1121 (list (service-extension shepherd-root-service-type
1122 network-manager-shepherd-service)
40557aea
JL		 1123 (service-extension dbus-root-service-type config->packages)
1124 (service-extension polkit-service-type
1125 (compose
1126 list
1127 network-manager-configuration-network-manager))
e52b9534
LC		 1128 (service-extension account-service-type
1129 network-manager-accounts)
b726096b 1130 (service-extension activation-service-type
57c16c97 1131 network-manager-activation)
94d2a250
LC		 1132 (service-extension session-environment-service-type
1133 network-manager-environment)
b726096b 1134 ;; Add network-manager to the system profile.
40557aea 1135 (service-extension profile-service-type config->packages)))
3f0de257
LC		 1136 (default-value (network-manager-configuration))
1137 (description
1138 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
1139NetworkManager}, a network management daemon that aims to simplify wired and
1140wireless networking."))))
7234ad4f 1141
76192896
EF		 1142\f
1143;;;
1144;;; Connman
1145;;;
1146
34d60c49
MO		 1147(define-record-type* <connman-configuration>
1148 connman-configuration make-connman-configuration
1149 connman-configuration?
1150 (connman connman-configuration-connman
1151 (default connman))
1152 (disable-vpn? connman-configuration-disable-vpn?
1153 (default #f)))
1154
1155(define (connman-activation config)
1156 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1157 (with-imported-modules '((guix build utils))
1158 #~(begin
1159 (use-modules (guix build utils))
1160 (mkdir-p "/var/lib/connman/")
1161 (unless #$disable-vpn?
1162 (mkdir-p "/var/lib/connman-vpn/"))))))
1163
1164(define (connman-shepherd-service config)
76192896 1165 "Return a shepherd service for Connman"
34d60c49
MO		 1166 (and
1167 (connman-configuration? config)
1168 (let ((connman (connman-configuration-connman config))
1169 (disable-vpn? (connman-configuration-disable-vpn? config)))
1170 (list (shepherd-service
1171 (documentation "Run Connman")
1172 (provision '(networking))
1173 (requirement
1174 '(user-processes dbus-system loopback wpa-supplicant))
1175 (start #~(make-forkexec-constructor
1176 (list (string-append #$connman
1177 "/sbin/connmand")
0ba3a38b
EF		 1178 "--nodaemon"
1179 "--nodnsproxy"
06e5c3af
LC		 1180 #$@(if disable-vpn? '("--noplugin=vpn") '()))
1181
1182 ;; As connman(8) notes, when passing '-n', connman
1183 ;; "directs log output to the controlling terminal in
1184 ;; addition to syslog." Redirect stdout and stderr
1185 ;; to avoid spamming the console (XXX: for some reason
1186 ;; redirecting to /dev/null doesn't work.)
1187 #:log-file "/var/log/connman.log"))
34d60c49 1188 (stop #~(make-kill-destructor)))))))
76192896
EF		 1189
1190(define connman-service-type
34d60c49
MO		 1191 (let ((connman-package (compose list connman-configuration-connman)))
1192 (service-type (name 'connman)
1193 (extensions
1194 (list (service-extension shepherd-root-service-type
1195 connman-shepherd-service)
d8ac7987
EF		 1196 (service-extension polkit-service-type
1197 connman-package)
34d60c49
MO		 1198 (service-extension dbus-root-service-type
1199 connman-package)
1200 (service-extension activation-service-type
1201 connman-activation)
1202 ;; Add connman to the system profile.
1203 (service-extension profile-service-type
3f0de257 1204 connman-package)))
9b0e5146 1205 (default-value (connman-configuration))
3f0de257
LC		 1206 (description
1207 "Run @url{https://01.org/connman,Connman},
1208a network connection manager."))))
2cccbc2a
 1209
1210\f
d94e81db
DM		 1211;;;
1212;;; Modem manager
1213;;;
1214
1215(define modem-manager-service-type
1216 (let ((config->package
1217 (match-lambda
1218 (($ <modem-manager-configuration> modem-manager)
1219 (list modem-manager)))))
1220 (service-type (name 'modem-manager)
1221 (extensions
1222 (list (service-extension dbus-root-service-type
1223 config->package)
1224 (service-extension udev-service-type
1225 config->package)
1226 (service-extension polkit-service-type
1227 config->package)))
1228 (default-value (modem-manager-configuration))
1229 (description
1230 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1231ModemManager}, a modem management daemon that aims to simplify dialup
1232networking."))))
1233
1234\f
f5be5104
FP		 1235;;;
1236;;; USB_ModeSwitch
1237;;;
1238
1239(define-record-type* <usb-modeswitch-configuration>
1240 usb-modeswitch-configuration make-usb-modeswitch-configuration
1241 usb-modeswitch-configuration?
1242 (usb-modeswitch usb-modeswitch-configuration-usb-modeswitch
1243 (default usb-modeswitch))
1244 (usb-modeswitch-data usb-modeswitch-configuration-usb-modeswitch-data
1245 (default usb-modeswitch-data))
1246 (config-file usb-modeswitch-configuration-config-file
1247 (default #~(string-append #$usb-modeswitch:dispatcher
1248 "/etc/usb_modeswitch.conf"))))
1249
1250(define (usb-modeswitch-sh usb-modeswitch config-file)
1251 "Build a copy of usb_modeswitch.sh located in package USB-MODESWITCH,
1252modified to pass the CONFIG-FILE in its calls to usb_modeswitch_dispatcher,
1253and wrap it to actually find the dispatcher in USB-MODESWITCH. The script
1254will be run by USB_ModeSwitch’s udev rules file when a modeswitchable USB
1255device is detected."
1256 (computed-file
1257 "usb_modeswitch-sh"
1258 (with-imported-modules '((guix build utils))
1259 #~(begin
1260 (use-modules (guix build utils))
1261 (let ((cfg-param
1262 #$(if config-file
1263 #~(string-append " --config-file=" #$config-file)
1264 "")))
1265 (mkdir #$output)
1266 (install-file (string-append #$usb-modeswitch:dispatcher
1267 "/lib/udev/usb_modeswitch")
1268 #$output)
1269
1270 ;; insert CFG-PARAM into usb_modeswitch_dispatcher command-lines
1271 (substitute* (string-append #$output "/usb_modeswitch")
1272 (("(exec usb_modeswitch_dispatcher .*)( 2>>)" _ left right)
1273 (string-append left cfg-param right))
1274 (("(exec usb_modeswitch_dispatcher .*)( &)" _ left right)
1275 (string-append left cfg-param right)))
1276
1277 ;; wrap-program needs bash in PATH:
1278 (putenv (string-append "PATH=" #$bash "/bin"))
1279 (wrap-program (string-append #$output "/usb_modeswitch")
1280 `("PATH" ":" = (,(string-append #$coreutils "/bin")
1281 ,(string-append
1282 #$usb-modeswitch:dispatcher
1283 "/bin")))))))))
1284
1285(define (usb-modeswitch-configuration->udev-rules config)
1286 "Build a rules file for extending udev-service-type from the rules in the
1287usb-modeswitch package specified in CONFIG. The rules file will invoke
1288usb_modeswitch.sh from the usb-modeswitch package, modified to pass the right
1289config file."
1290 (match config
1291 (($ <usb-modeswitch-configuration> usb-modeswitch data config-file)
1292 (computed-file
1293 "usb_modeswitch.rules"
1294 (with-imported-modules '((guix build utils))
1295 #~(begin
1296 (use-modules (guix build utils))
1297 (let ((in (string-append #$data "/udev/40-usb_modeswitch.rules"))
1298 (out (string-append #$output "/lib/udev/rules.d"))
1299 (script #$(usb-modeswitch-sh usb-modeswitch config-file)))
1300 (mkdir-p out)
1301 (chdir out)
1302 (install-file in out)
1303 (substitute* "40-usb_modeswitch.rules"
1304 (("PROGRAM=\"usb_modeswitch")
1305 (string-append "PROGRAM=\"" script "/usb_modeswitch"))
1306 (("RUN\\+=\"usb_modeswitch")
1307 (string-append "RUN+=\"" script "/usb_modeswitch"))))))))))
1308
1309(define usb-modeswitch-service-type
1310 (service-type
1311 (name 'usb-modeswitch)
1312 (extensions
1313 (list
1314 (service-extension
1315 udev-service-type
1316 (lambda (config)
1317 (let ((rules (usb-modeswitch-configuration->udev-rules config)))
1318 (list rules))))))
1319 (default-value (usb-modeswitch-configuration))
1320 (description "Run @uref{http://www.draisberghof.de/usb_modeswitch/,
1321USB_ModeSwitch}, a mode switching tool for controlling USB devices with
1322multiple @dfn{modes}. When plugged in for the first time many USB
1323devices (primarily high-speed WAN modems) act like a flash storage containing
1324installers for Windows drivers. USB_ModeSwitch replays the sequence the
1325Windows drivers would send to switch their mode from storage to modem (or
1326whatever the thing is supposed to do).")))
1327
1328\f
2cccbc2a
 1329;;;
1330;;; WPA supplicant
1331;;;
1332
acce0a47
MB		 1333(define-record-type* <wpa-supplicant-configuration>
1334 wpa-supplicant-configuration make-wpa-supplicant-configuration
1335 wpa-supplicant-configuration?
1336 (wpa-supplicant wpa-supplicant-configuration-wpa-supplicant ;<package>
1337 (default wpa-supplicant))
4d060767 1338 (requirement wpa-supplicant-configuration-requirement ;list of symbols
d48b17ad 1339 (default '(user-processes loopback syslogd)))
acce0a47
MB		 1340 (pid-file wpa-supplicant-configuration-pid-file ;string
1341 (default "/var/run/wpa_supplicant.pid"))
1342 (dbus? wpa-supplicant-configuration-dbus? ;Boolean
1343 (default #t))
1344 (interface wpa-supplicant-configuration-interface ;#f | string
1345 (default #f))
1346 (config-file wpa-supplicant-configuration-config-file ;#f | <file-like>
1347 (default #f))
1348 (extra-options wpa-supplicant-configuration-extra-options ;list of strings
1349 (default '())))
1350
1351(define wpa-supplicant-shepherd-service
1352 (match-lambda
4d060767
MB		 1353 (($ <wpa-supplicant-configuration> wpa-supplicant requirement pid-file dbus?
1354 interface config-file extra-options)
acce0a47
MB		 1355 (list (shepherd-service
1356 (documentation "Run the WPA supplicant daemon")
1357 (provision '(wpa-supplicant))
d48b17ad
MB		 1358 (requirement (if dbus?
1359 (cons 'dbus-system requirement)
1360 requirement))
acce0a47
MB		 1361 (start #~(make-forkexec-constructor
1362 (list (string-append #$wpa-supplicant
1363 "/sbin/wpa_supplicant")
1364 (string-append "-P" #$pid-file)
1365 "-B" ;run in background
177bc62d 1366 "-s" ;log to syslogd
acce0a47
MB		 1367 #$@(if dbus?
1368 #~("-u")
1369 #~())
1370 #$@(if interface
3d472b5e 1371 #~((string-append "-i" #$interface))
acce0a47
MB		 1372 #~())
1373 #$@(if config-file
3d472b5e 1374 #~((string-append "-c" #$config-file))
acce0a47
MB		 1375 #~())
1376 #$@extra-options)
1377 #:pid-file #$pid-file))
1378 (stop #~(make-kill-destructor)))))))
2cccbc2a
 1379
1380(define wpa-supplicant-service-type
acce0a47
MB		 1381 (let ((config->package
1382 (match-lambda
1383 (($ <wpa-supplicant-configuration> wpa-supplicant)
1384 (list wpa-supplicant)))))
1385 (service-type (name 'wpa-supplicant)
1386 (extensions
1387 (list (service-extension shepherd-root-service-type
1388 wpa-supplicant-shepherd-service)
1389 (service-extension dbus-root-service-type config->package)
1390 (service-extension profile-service-type config->package)))
1391 (description "Run the WPA Supplicant daemon, a service that
1392implements authentication, key negotiation and more for wireless networks.")
1393 (default-value (wpa-supplicant-configuration)))))
2cccbc2a 1394
c32d02fe 1395\f
a03943ec
LC		 1396;;;
1397;;; Hostapd.
1398;;;
1399
1400(define-record-type* <hostapd-configuration>
1401 hostapd-configuration make-hostapd-configuration
1402 hostapd-configuration?
1403 (package hostapd-configuration-package
1404 (default hostapd))
1405 (interface hostapd-configuration-interface ;string
1406 (default "wlan0"))
1407 (ssid hostapd-configuration-ssid) ;string
1408 (broadcast-ssid? hostapd-configuration-broadcast-ssid? ;Boolean
1409 (default #t))
1410 (channel hostapd-configuration-channel ;integer
1411 (default 1))
1412 (driver hostapd-configuration-driver ;string
1413 (default "nl80211"))
1414 ;; See <https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf> for a list of
1415 ;; additional options we could add.
1416 (extra-settings hostapd-configuration-extra-settings ;string
1417 (default "")))
1418
1419(define (hostapd-configuration-file config)
1420 "Return the configuration file for CONFIG, a <hostapd-configuration>."
1421 (match-record config <hostapd-configuration>
1422 (interface ssid broadcast-ssid? channel driver extra-settings)
1423 (plain-file "hostapd.conf"
1424 (string-append "\
1425# Generated from your Guix configuration.
1426
1427interface=" interface "
1428ssid=" ssid "
1429ignore_broadcast_ssid=" (if broadcast-ssid? "0" "1") "
1430channel=" (number->string channel) "\n"
1431extra-settings "\n"))))
1432
1433(define* (hostapd-shepherd-services config #:key (requirement '()))
1434 "Return Shepherd services for hostapd."
1435 (list (shepherd-service
1436 (provision '(hostapd))
1437 (requirement `(user-processes ,@requirement))
1438 (documentation "Run the hostapd WiFi access point daemon.")
1439 (start #~(make-forkexec-constructor
1440 (list #$(file-append hostapd "/sbin/hostapd")
1441 #$(hostapd-configuration-file config))
1442 #:log-file "/var/log/hostapd.log"))
1443 (stop #~(make-kill-destructor)))))
1444
1445(define hostapd-service-type
1446 (service-type
1447 (name 'hostapd)
1448 (extensions
1449 (list (service-extension shepherd-root-service-type
1450 hostapd-shepherd-services)))
1451 (description
1452 "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access
1453points and authentication servers.")))
1454
5e7076f2
LC		 1455(define (simulated-wifi-shepherd-services config)
1456 "Return Shepherd services to run hostapd with CONFIG, a
1457<hostapd-configuration>, as well as services to set up WiFi hardware
1458simulation."
1459 (append (hostapd-shepherd-services config
1460 #:requirement
1461 '(unblocked-wifi
ef20acae 1462 kernel-module-loader))
5e7076f2
LC		 1463 (list (shepherd-service
1464 (provision '(unblocked-wifi))
ef20acae 1465 (requirement '(file-systems kernel-module-loader))
5e7076f2
LC		 1466 (documentation
1467 "Unblock WiFi devices for use by mac80211_hwsim.")
1468 (start #~(lambda _
1469 (invoke #$(file-append util-linux "/sbin/rfkill")
1470 "unblock" "0")
1471 (invoke #$(file-append util-linux "/sbin/rfkill")
1472 "unblock" "1")))
5e7076f2
LC		 1473 (one-shot? #t)))))
1474
1475(define simulated-wifi-service-type
1476 (service-type
1477 (name 'simulated-wifi)
1478 (extensions
1479 (list (service-extension shepherd-root-service-type
ef20acae
BW		 1480 simulated-wifi-shepherd-services)
1481 (service-extension kernel-module-loader-service-type
1482 (const '("mac80211_hwsim")))))
5e7076f2
LC		 1483 (default-value (hostapd-configuration
1484 (interface "wlan1")
1485 (ssid "Test Network")))
1486 (description "Run hostapd to simulate WiFi connectivity.")))
1487
a03943ec 1488\f
c32d02fe
SB		 1489;;;
1490;;; Open vSwitch
1491;;;
1492
1493(define-record-type* <openvswitch-configuration>
1494 openvswitch-configuration make-openvswitch-configuration
1495 openvswitch-configuration?
1496 (package openvswitch-configuration-package
1497 (default openvswitch)))
1498
1499(define openvswitch-activation
1500 (match-lambda
1501 (($ <openvswitch-configuration> package)
1502 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1503 (with-imported-modules '((guix build utils))
1504 #~(begin
1505 (use-modules (guix build utils))
1506 (mkdir-p "/var/run/openvswitch")
1507 (mkdir-p "/var/lib/openvswitch")
1508 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1509 (unless (file-exists? conf.db)
1510 (system* #$ovsdb-tool "create" conf.db)))))))))
1511
1512(define openvswitch-shepherd-service
1513 (match-lambda
1514 (($ <openvswitch-configuration> package)
1515 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1516 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1517 (list
1518 (shepherd-service
1519 (provision '(ovsdb))
1520 (documentation "Run the Open vSwitch database server.")
1521 (start #~(make-forkexec-constructor
1522 (list #$ovsdb-server "--pidfile"
1523 "--remote=punix:/var/run/openvswitch/db.sock")
1524 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1525 (stop #~(make-kill-destructor)))
1526 (shepherd-service
1527 (provision '(vswitchd))
1528 (requirement '(ovsdb))
1529 (documentation "Run the Open vSwitch daemon.")
1530 (start #~(make-forkexec-constructor
1531 (list #$ovs-vswitchd "--pidfile")
1532 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1533 (stop #~(make-kill-destructor))))))))
1534
1535(define openvswitch-service-type
1536 (service-type
1537 (name 'openvswitch)
1538 (extensions
1539 (list (service-extension activation-service-type
1540 openvswitch-activation)
1541 (service-extension profile-service-type
1542 (compose list openvswitch-configuration-package))
1543 (service-extension shepherd-root-service-type
3f0de257
LC		 1544 openvswitch-shepherd-service)))
1545 (description
1546 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1547switch designed to enable massive network automation through programmatic
e73ded3c
MB		 1548extension.")
1549 (default-value (openvswitch-configuration))))
c32d02fe 1550
9926b8f8
AI		 1551;;;
1552;;; iptables
1553;;;
1554
1555(define %iptables-accept-all-rules
1556 (plain-file "iptables-accept-all.rules"
1557 "*filter
1558:INPUT ACCEPT
1559:FORWARD ACCEPT
1560:OUTPUT ACCEPT
1561COMMIT
1562"))
1563
1564(define-record-type* <iptables-configuration>
1565 iptables-configuration make-iptables-configuration iptables-configuration?
1566 (iptables iptables-configuration-iptables
1567 (default iptables))
1568 (ipv4-rules iptables-configuration-ipv4-rules
1569 (default %iptables-accept-all-rules))
1570 (ipv6-rules iptables-configuration-ipv6-rules
1571 (default %iptables-accept-all-rules)))
1572
1573(define iptables-shepherd-service
1574 (match-lambda
1575 (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
1576 (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
1577 (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
1578 (shepherd-service
1579 (documentation "Packet filtering framework")
1580 (provision '(iptables))
1581 (start #~(lambda _
1582 (invoke #$iptables-restore #$ipv4-rules)
1583 (invoke #$ip6tables-restore #$ipv6-rules)))
1584 (stop #~(lambda _
1585 (invoke #$iptables-restore #$%iptables-accept-all-rules)
1586 (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
1587
1588(define iptables-service-type
1589 (service-type
1590 (name 'iptables)
1591 (description
1592 "Run @command{iptables-restore}, setting up the specified rules.")
1593 (extensions
1594 (list (service-extension shepherd-root-service-type
1595 (compose list iptables-shepherd-service))))))
1596
3c4f5ad7
SB		 1597;;;
1598;;; nftables
1599;;;
1600
1601(define %default-nftables-ruleset
1602 (plain-file "nftables.conf"
1603 "# A simple and safe firewall
1604table inet filter {
1605 chain input {
1606 type filter hook input priority 0; policy drop;
1607
1608 # early drop of invalid connections
1609 ct state invalid drop
1610
1611 # allow established/related connections
1612 ct state { established, related } accept
1613
1614 # allow from loopback
1615 iifname lo accept
1616
1617 # allow icmp
1618 ip protocol icmp accept
1619 ip6 nexthdr icmpv6 accept
1620
1621 # allow ssh
1622 tcp dport ssh accept
1623
1624 # reject everything else
1625 reject with icmpx type port-unreachable
1626 }
1627 chain forward {
1628 type filter hook forward priority 0; policy drop;
1629 }
1630 chain output {
1631 type filter hook output priority 0; policy accept;
1632 }
1633}
1634"))
1635
1636(define-record-type* <nftables-configuration>
1637 nftables-configuration
1638 make-nftables-configuration
1639 nftables-configuration?
1640 (package nftables-configuration-package
1641 (default nftables))
1642 (ruleset nftables-configuration-ruleset ; file-like object
1643 (default %default-nftables-ruleset)))
1644
1645(define nftables-shepherd-service
1646 (match-lambda
1647 (($ <nftables-configuration> package ruleset)
1648 (let ((nft (file-append package "/sbin/nft")))
1649 (shepherd-service
1650 (documentation "Packet filtering and classification")
1651 (provision '(nftables))
1652 (start #~(lambda _
1653 (invoke #$nft "--file" #$ruleset)))
1654 (stop #~(lambda _
1655 (invoke #$nft "flush" "ruleset"))))))))
1656
1657(define nftables-service-type
1658 (service-type
1659 (name 'nftables)
1660 (description
1661 "Run @command{nft}, setting up the specified ruleset.")
1662 (extensions
1663 (list (service-extension shepherd-root-service-type
1664 (compose list nftables-shepherd-service))
1665 (service-extension profile-service-type
1666 (compose list nftables-configuration-package))))
1667 (default-value (nftables-configuration))))
1668
a2161c86
AG		 1669\f
1670;;;
1671;;; PageKite
1672;;;
1673
1674(define-record-type* <pagekite-configuration>
1675 pagekite-configuration
1676 make-pagekite-configuration
1677 pagekite-configuration?
1678 (package pagekite-configuration-package
1679 (default pagekite))
1680 (kitename pagekite-configuration-kitename
1681 (default #f))
1682 (kitesecret pagekite-configuration-kitesecret
1683 (default #f))
1684 (frontend pagekite-configuration-frontend
1685 (default #f))
1686 (kites pagekite-configuration-kites
1687 (default '("http:@kitename:localhost:80:@kitesecret")))
1688 (extra-file pagekite-configuration-extra-file
1689 (default #f)))
1690
1691(define (pagekite-configuration-file config)
1692 (match-record config <pagekite-configuration>
1693 (package kitename kitesecret frontend kites extra-file)
1694 (mixed-text-file "pagekite.rc"
1695 (if extra-file
1696 (string-append "optfile = " extra-file "\n")
1697 "")
1698 (if kitename
1699 (string-append "kitename = " kitename "\n")
1700 "")
1701 (if kitesecret
1702 (string-append "kitesecret = " kitesecret "\n")
1703 "")
1704 (if frontend
1705 (string-append "frontend = " frontend "\n")
1706 "defaults\n")
1707 (string-join (map (lambda (kite)
1708 (string-append "service_on = " kite))
1709 kites)
1710 "\n"
1711 'suffix))))
1712
1713(define (pagekite-shepherd-service config)
1714 (match-record config <pagekite-configuration>
1715 (package kitename kitesecret frontend kites extra-file)
1716 (with-imported-modules (source-module-closure
1717 '((gnu build shepherd)
1718 (gnu system file-systems)))
1719 (shepherd-service
1720 (documentation "Run the PageKite service.")
1721 (provision '(pagekite))
1722 (requirement '(networking))
1723 (modules '((gnu build shepherd)
1724 (gnu system file-systems)))
1725 (start #~(make-forkexec-constructor/container
1726 (list #$(file-append package "/bin/pagekite")
1727 "--clean"
1728 "--nullui"
1729 "--nocrashreport"
1730 "--runas=pagekite:pagekite"
1731 (string-append "--optfile="
1732 #$(pagekite-configuration-file config)))
1733 #:log-file "/var/log/pagekite.log"
1734 #:mappings #$(if extra-file
1735 #~(list (file-system-mapping
1736 (source #$extra-file)
1737 (target source)))
1738 #~'())))
1739 ;; SIGTERM doesn't always work for some reason.
1740 (stop #~(make-kill-destructor SIGINT))))))
1741
1742(define %pagekite-accounts
1743 (list (user-group (name "pagekite") (system? #t))
1744 (user-account
1745 (name "pagekite")
1746 (group "pagekite")
1747 (system? #t)
1748 (comment "PageKite user")
1749 (home-directory "/var/empty")
1750 (shell (file-append shadow "/sbin/nologin")))))
1751
1752(define pagekite-service-type
1753 (service-type
1754 (name 'pagekite)
1755 (default-value (pagekite-configuration))
1756 (extensions
1757 (list (service-extension shepherd-root-service-type
1758 (compose list pagekite-shepherd-service))
1759 (service-extension account-service-type
1760 (const %pagekite-accounts))))
1761 (description
1762 "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
1763local servers publicly accessible on the web, even behind NATs and firewalls.")))
1764
fe1cd098 1765\f
1766;;;
1767;;; Yggdrasil
1768;;;
1769
1770(define-record-type* <yggdrasil-configuration>
1771 yggdrasil-configuration
1772 make-yggdrasil-configuration
1773 yggdrasil-configuration?
1774 (package yggdrasil-configuration-package
1775 (default yggdrasil))
1776 (json-config yggdrasil-configuration-json-config
1777 (default '()))
1778 (config-file yggdrasil-config-file
1779 (default "/etc/yggdrasil-private.conf"))
1780 (autoconf? yggdrasil-configuration-autoconf?
1781 (default #f))
1782 (log-level yggdrasil-configuration-log-level
1783 (default 'info))
1784 (log-to yggdrasil-configuration-log-to
1785 (default 'stdout)))
1786
1787(define (yggdrasil-configuration-file config)
1788 (define (scm->yggdrasil-json x)
1789 (define key-value?
1790 dotted-list?)
1791 (define (param->camel str)
1792 (string-concatenate
1793 (map
1794 string-capitalize
1795 (string-split str (cut eqv? <> #\-)))))
1796 (cond
1797 ((key-value? x)
1798 (let ((k (car x))
1799 (v (cdr x)))
1800 (cons
1801 (if (symbol? k)
1802 (param->camel (symbol->string k))
1803 k)
1804 v)))
1805 ((list? x) (map scm->yggdrasil-json x))
1806 ((vector? x) (vector-map scm->yggdrasil-json x))
1807 (else x)))
1808 (computed-file
1809 "yggdrasil.conf"
1810 #~(call-with-output-file #$output
1811 (lambda (port)
1812 ;; it's HJSON, so comments are a-okay
1813 (display "# Generated by yggdrasil-service\n" port)
1814 (display #$(scm->json-string
1815 (scm->yggdrasil-json
1816 (yggdrasil-configuration-json-config config)))
1817 port)))))
1818
1819(define (yggdrasil-shepherd-service config)
1820 "Return a <shepherd-service> for yggdrasil with CONFIG."
1821 (define yggdrasil-command
1822 #~(append
1823 (list (string-append
1824 #$(yggdrasil-configuration-package config)
1825 "/bin/yggdrasil")
1826 "-useconffile"
1827 #$(yggdrasil-configuration-file config))
1828 (if #$(yggdrasil-configuration-autoconf? config)
1829 '("-autoconf")
1830 '())
1831 (let ((extraconf #$(yggdrasil-config-file config)))
1832 (if extraconf
1833 (list "-extraconffile" extraconf)
1834 '()))
1835 (list "-loglevel"
1836 #$(symbol->string
1837 (yggdrasil-configuration-log-level config))
1838 "-logto"
1839 #$(symbol->string
1840 (yggdrasil-configuration-log-to config)))))
1841 (list (shepherd-service
1842 (documentation "Connect to the Yggdrasil mesh network")
1843 (provision '(yggdrasil))
1844 (requirement '(networking))
1845 (start #~(make-forkexec-constructor
1846 #$yggdrasil-command
1847 #:log-file "/var/log/yggdrasil.log"
1848 #:group "yggdrasil"))
1849 (stop #~(make-kill-destructor)))))
1850
1851(define %yggdrasil-accounts
1852 (list (user-group (name "yggdrasil") (system? #t))))
1853
1854(define yggdrasil-service-type
1855 (service-type
1856 (name 'yggdrasil)
1857 (description
1858 "Connect to the Yggdrasil mesh network.
1859See yggdrasil -genconf for config options.")
1860 (extensions
1861 (list (service-extension shepherd-root-service-type
1862 yggdrasil-shepherd-service)
1863 (service-extension account-service-type
1864 (const %yggdrasil-accounts))
1865 (service-extension profile-service-type
1866 (compose list yggdrasil-configuration-package))))))
1867
db4fdc04 1868;;; networking.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/