1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
8 ;;; This file is part of GNU Guix.
10 ;;; GNU Guix is free software; you can redistribute it and/or modify it
11 ;;; under the terms of the GNU General Public License as published by
12 ;;; the Free Software Foundation; either version 3 of the License, or (at
13 ;;; your option) any later version.
15 ;;; GNU Guix is distributed in the hope that it will be useful, but
16 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;;; GNU General Public License for more details.
20 ;;; You should have received a copy of the GNU General Public License
21 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
23 (define-module (gnu services networking)
24 #:use-module (gnu services)
25 #:use-module (gnu services shepherd)
26 #:use-module (gnu services dbus)
27 #:use-module (gnu system shadow)
28 #:use-module (gnu system pam)
29 #:use-module (gnu packages admin)
30 #:use-module (gnu packages connman)
31 #:use-module (gnu packages linux)
32 #:use-module (gnu packages tor)
33 #:use-module (gnu packages messaging)
34 #:use-module (gnu packages networking)
35 #:use-module (gnu packages ntp)
36 #:use-module (gnu packages wicd)
37 #:use-module (gnu packages gnome)
38 #:use-module (guix gexp)
39 #:use-module (guix records)
40 #:use-module (guix modules)
41 #:use-module (srfi srfi-1)
42 #:use-module (srfi srfi-9)
43 #:use-module (srfi srfi-26)
44 #:use-module (ice-9 match)
45 #:export (%facebook-host-aliases
49 static-networking-interface
51 static-networking-netmask
52 static-networking-gateway
54 static-networking-service
55 static-networking-service-type
71 bitlbee-configuration?
78 network-manager-configuration
79 network-manager-configuration?
80 network-manager-configuration-dns
81 network-manager-service-type
84 wpa-supplicant-service-type
86 openvswitch-service-type
87 openvswitch-configuration))
91 ;;; Networking services.
95 (define %facebook-host-aliases
96 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
99 # Block Facebook IPv4.
100 127.0.0.1 www.facebook.com
101 127.0.0.1 facebook.com
102 127.0.0.1 login.facebook.com
103 127.0.0.1 www.login.facebook.com
105 127.0.0.1 www.fbcdn.net
107 127.0.0.1 www.fbcdn.com
108 127.0.0.1 static.ak.fbcdn.net
109 127.0.0.1 static.ak.connect.facebook.com
110 127.0.0.1 connect.facebook.net
111 127.0.0.1 www.connect.facebook.net
112 127.0.0.1 apps.facebook.com
114 # Block Facebook IPv6.
115 fe80::1%lo0 facebook.com
116 fe80::1%lo0 login.facebook.com
117 fe80::1%lo0 www.login.facebook.com
118 fe80::1%lo0 fbcdn.net
119 fe80::1%lo0 www.fbcdn.net
120 fe80::1%lo0 fbcdn.com
121 fe80::1%lo0 www.fbcdn.com
122 fe80::1%lo0 static.ak.fbcdn.net
123 fe80::1%lo0 static.ak.connect.facebook.com
124 fe80::1%lo0 connect.facebook.net
125 fe80::1%lo0 www.connect.facebook.net
126 fe80::1%lo0 apps.facebook.com\n")
129 (define-record-type* <static-networking>
130 static-networking make-static-networking
132 (interface static-networking-interface)
133 (ip static-networking-ip)
134 (netmask static-networking-netmask
136 (gateway static-networking-gateway ;FIXME: doesn't belong here
138 (provision static-networking-provision
140 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
143 (define static-networking-shepherd-service
145 (($ <static-networking> interface ip netmask gateway provision
147 (let ((loopback? (and provision (memq 'loopback provision))))
150 ;; Unless we're providing the loopback interface, wait for udev to be up
151 ;; and running so that INTERFACE is actually usable.
152 (requirement (if loopback? '() '(udev)))
155 "Bring up the networking interface using a static IP address.")
156 (provision (or provision
157 (list (symbol-append 'networking-
158 (string->symbol interface)))))
161 ;; Return #t if successfully started.
162 (let* ((addr (inet-pton AF_INET #$ip))
163 (sockaddr (make-socket-address AF_INET addr 0))
165 (inet-pton AF_INET #$netmask)))
167 (make-socket-address AF_INET
169 (gateway (and #$gateway
170 (inet-pton AF_INET #$gateway)))
171 (gatewayaddr (and gateway
172 (make-socket-address AF_INET
174 (configure-network-interface #$interface sockaddr
181 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
182 (add-network-route/gateway sock gatewayaddr)
183 (close-port sock))))))
185 ;; Return #f is successfully stopped.
186 (let ((sock (socket AF_INET SOCK_STREAM 0)))
188 (delete-network-route sock
190 AF_INET INADDR_ANY 0)))
191 (set-network-interface-flags sock #$interface 0)
196 (define (static-networking-etc-files interfaces)
197 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
198 (match (delete-duplicates
199 (append-map static-networking-name-servers
204 (let ((content (string-join
205 (map (cut string-append "nameserver " <>)
209 ,(plain-file "resolv.conf"
211 # Generated by 'static-networking-service'.\n"
214 (define (static-networking-shepherd-services interfaces)
215 "Return the list of Shepherd services to bring up INTERFACES, a list of
216 <static-networking> objects."
217 (define (loopback? service)
218 (memq 'loopback (shepherd-service-provision service)))
220 (let ((services (map static-networking-shepherd-service interfaces)))
221 (match (remove loopback? services)
223 ;; There's no interface other than 'loopback', so we assume that the
224 ;; 'networking' service will be provided by dhclient or similar.
227 ;; Assume we're providing all the interfaces, and thus, provide a
228 ;; 'networking' service.
229 (cons (shepherd-service
230 (provision '(networking))
231 (requirement (append-map shepherd-service-provision
235 (documentation "Bring up all the networking interfaces."))
238 (define static-networking-service-type
239 ;; The service type for statically-defined network interfaces.
240 (service-type (name 'static-networking)
243 (service-extension shepherd-root-service-type
244 static-networking-shepherd-services)
245 (service-extension etc-service-type
246 static-networking-etc-files)))
247 (compose concatenate)
250 (define* (static-networking-service interface ip
252 netmask gateway provision
254 "Return a service that starts @var{interface} with address @var{ip}. If
255 @var{netmask} is true, use it as the network mask. If @var{gateway} is true,
256 it must be a string specifying the default network gateway.
258 This procedure can be called several times, one for each network
259 interface of interest. Behind the scenes what it does is extend
260 @code{static-networking-service-type} with additional network interfaces
262 (simple-service 'static-network-interface
263 static-networking-service-type
264 (list (static-networking (interface interface) (ip ip)
265 (netmask netmask) (gateway gateway)
266 (provision provision)
267 (name-servers name-servers)))))
269 (define dhcp-client-service-type
270 (shepherd-service-type
274 (file-append dhcp "/sbin/dhclient"))
277 "/var/run/dhclient.pid")
280 (documentation "Set up networking via DHCP.")
281 (requirement '(user-processes udev))
283 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
284 ;; networking is unavailable, but also means that the interface is not up
285 ;; yet when 'start' completes. To wait for the interface to be ready, one
286 ;; should instead monitor udev events.
287 (provision '(networking))
290 ;; When invoked without any arguments, 'dhclient' discovers all
291 ;; non-loopback interfaces *that are up*. However, the relevant
292 ;; interfaces are typically down at this point. Thus we perform
293 ;; our own interface discovery here.
295 (negate loopback-network-interface?))
297 (filter valid? (all-network-interface-names)))
299 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
300 ;; actually send/receive over them.
301 (for-each set-network-interface-up ifaces)
303 (false-if-exception (delete-file #$pid-file))
304 (let ((pid (fork+exec-command
305 (cons* #$dhclient "-nw"
306 "-pf" #$pid-file ifaces))))
307 (and (zero? (cdr (waitpid pid)))
311 (call-with-input-file #$pid-file read))
313 ;; 'dhclient' returned before PID-FILE was created,
315 (let ((errno (system-error-errno args)))
320 (apply throw args))))))))))
321 (stop #~(make-kill-destructor))))))
323 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
324 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
325 Protocol (DHCP) client, on all the non-loopback network interfaces."
326 (service dhcp-client-service-type dhcp))
329 ;; Default set of NTP servers.
340 (define-record-type* <ntp-configuration>
341 ntp-configuration make-ntp-configuration
343 (ntp ntp-configuration-ntp
345 (servers ntp-configuration-servers)
346 (allow-large-adjustment? ntp-allow-large-adjustment?
349 (define ntp-shepherd-service
351 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
353 ;; TODO: Add authentication support.
355 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
356 (string-join (map (cut string-append "server " <>)
360 # Disable status queries as a workaround for CVE-2013-5211:
361 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
362 restrict default kod nomodify notrap nopeer noquery
363 restrict -6 default kod nomodify notrap nopeer noquery
365 # Yet, allow use of the local 'ntpq'.
370 (plain-file "ntpd.conf" config))
372 (list (shepherd-service
374 (documentation "Run the Network Time Protocol (NTP) daemon.")
375 (requirement '(user-processes networking))
376 (start #~(make-forkexec-constructor
377 (list (string-append #$ntp "/bin/ntpd") "-n"
378 "-c" #$ntpd.conf "-u" "ntpd"
379 #$@(if allow-large-adjustment?
382 (stop #~(make-kill-destructor))))))))
384 (define %ntp-accounts
389 (comment "NTP daemon user")
390 (home-directory "/var/empty")
391 (shell (file-append shadow "/sbin/nologin")))))
394 (define (ntp-service-activation config)
395 "Return the activation gexp for CONFIG."
396 (with-imported-modules '((guix build utils))
398 (use-modules (guix build utils))
402 (let ((directory "/var/run/ntpd"))
404 (chown directory (passwd:uid %user) (passwd:gid %user))))))
406 (define ntp-service-type
407 (service-type (name 'ntp)
409 (list (service-extension shepherd-root-service-type
410 ntp-shepherd-service)
411 (service-extension account-service-type
412 (const %ntp-accounts))
413 (service-extension activation-service-type
414 ntp-service-activation)))))
416 (define* (ntp-service #:key (ntp ntp)
417 (servers %ntp-servers)
418 allow-large-adjustment?)
419 "Return a service that runs the daemon from @var{ntp}, the
420 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
421 keep the system clock synchronized with that of @var{servers}.
422 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
423 make an initial adjustment of more than 1,000 seconds."
424 (service ntp-service-type
425 (ntp-configuration (ntp ntp)
427 (allow-large-adjustment?
428 allow-large-adjustment?))))
435 (define-record-type* <tor-configuration>
436 tor-configuration make-tor-configuration
438 (tor tor-configuration-tor
440 (config-file tor-configuration-config-file)
441 (hidden-services tor-configuration-hidden-services
444 (define %tor-accounts
445 ;; User account and groups for Tor.
446 (list (user-group (name "tor") (system? #t))
451 (comment "Tor daemon user")
452 (home-directory "/var/empty")
453 (shell (file-append shadow "/sbin/nologin")))))
455 (define-record-type <hidden-service>
456 (hidden-service name mapping)
458 (name hidden-service-name) ;string
459 (mapping hidden-service-mapping)) ;list of port/address tuples
461 (define (tor-configuration->torrc config)
462 "Return a 'torrc' file for CONFIG."
464 (($ <tor-configuration> tor config-file services)
467 (with-imported-modules '((guix build utils))
469 (use-modules (guix build utils)
472 (call-with-output-file #$output
475 # The beginning was automatically added.
477 DataDirectory /var/lib/tor
478 Log notice syslog\n" port)
480 (for-each (match-lambda
481 ((service (ports hosts) ...)
483 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
485 (for-each (lambda (tcp-port host)
487 HiddenServicePort ~a ~a~%"
490 '#$(map (match-lambda
491 (($ <hidden-service> name mapping)
492 (cons name mapping)))
495 ;; Append the user's config file.
496 (call-with-input-file #$config-file
498 (dump-port input port)))
501 (define (tor-shepherd-service config)
502 "Return a <shepherd-service> running TOR."
504 (($ <tor-configuration> tor)
505 (let ((torrc (tor-configuration->torrc config)))
506 (list (shepherd-service
509 ;; Tor needs at least one network interface to be up, hence the
510 ;; dependency on 'loopback'.
511 (requirement '(user-processes loopback syslogd))
513 (start #~(make-forkexec-constructor
514 (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
515 (stop #~(make-kill-destructor))
516 (documentation "Run the Tor anonymous network overlay.")))))))
518 (define (tor-hidden-service-activation config)
519 "Return the activation gexp for SERVICES, a list of hidden services."
521 (use-modules (guix build utils))
526 (define (initialize service)
527 (let ((directory (string-append "/var/lib/tor/hidden-services/"
530 (chown directory (passwd:uid %user) (passwd:gid %user))
532 ;; The daemon bails out if we give wider permissions.
533 (chmod directory #o700)))
535 (mkdir-p "/var/lib/tor")
536 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
537 (chmod "/var/lib/tor" #o700)
539 ;; Make sure /var/lib is accessible to the 'tor' user.
540 (chmod "/var/lib" #o755)
543 '#$(map hidden-service-name
544 (tor-configuration-hidden-services config)))))
546 (define tor-service-type
547 (service-type (name 'tor)
549 (list (service-extension shepherd-root-service-type
550 tor-shepherd-service)
551 (service-extension account-service-type
552 (const %tor-accounts))
553 (service-extension activation-service-type
554 tor-hidden-service-activation)))
556 ;; This can be extended with hidden services.
557 (compose concatenate)
558 (extend (lambda (config services)
562 (append (tor-configuration-hidden-services config)
565 (define* (tor-service #:optional
566 (config-file (plain-file "empty" ""))
568 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
571 The daemon runs as the @code{tor} unprivileged user. It is passed
572 @var{config-file}, a file-like object, with an additional @code{User tor} line
573 and lines for hidden services added via @code{tor-hidden-service}. Run
574 @command{man tor} for information about the configuration file."
575 (service tor-service-type
576 (tor-configuration (tor tor)
577 (config-file config-file))))
579 (define tor-hidden-service-type
580 ;; A type that extends Tor with hidden services.
581 (service-type (name 'tor-hidden-service)
583 (list (service-extension tor-service-type list)))))
585 (define (tor-hidden-service name mapping)
586 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
587 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
590 '((22 \"127.0.0.1:22\")
591 (80 \"127.0.0.1:8080\"))
594 In this example, port 22 of the hidden service is mapped to local port 22, and
595 port 80 is mapped to local port 8080.
597 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
598 the @file{hostname} file contains the @code{.onion} host name for the hidden
601 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
602 project's documentation} for more information."
603 (service tor-hidden-service-type
604 (hidden-service name mapping)))
611 (define-record-type* <bitlbee-configuration>
612 bitlbee-configuration make-bitlbee-configuration
613 bitlbee-configuration?
614 (bitlbee bitlbee-configuration-bitlbee
616 (interface bitlbee-configuration-interface)
617 (port bitlbee-configuration-port)
618 (extra-settings bitlbee-configuration-extra-settings))
620 (define bitlbee-shepherd-service
622 (($ <bitlbee-configuration> bitlbee interface port extra-settings)
623 (let ((conf (plain-file "bitlbee.conf"
627 ConfigDir = /var/lib/bitlbee
628 DaemonInterface = " interface "
629 DaemonPort = " (number->string port) "
632 (with-imported-modules (source-module-closure
633 '((gnu build shepherd)
634 (gnu system file-systems)))
635 (list (shepherd-service
636 (provision '(bitlbee))
638 ;; Note: If networking is not up, then /etc/resolv.conf
639 ;; doesn't get mapped in the container, hence the dependency
641 (requirement '(user-processes networking))
643 (modules '((gnu build shepherd)
644 (gnu system file-systems)))
645 (start #~(make-forkexec-constructor/container
646 (list #$(file-append bitlbee "/sbin/bitlbee")
647 "-n" "-F" "-u" "bitlbee" "-c" #$conf)
649 #:pid-file "/var/run/bitlbee.pid"
650 #:mappings (list (file-system-mapping
651 (source "/var/lib/bitlbee")
654 (stop #~(make-kill-destructor)))))))))
656 (define %bitlbee-accounts
657 ;; User group and account to run BitlBee.
658 (list (user-group (name "bitlbee") (system? #t))
663 (comment "BitlBee daemon user")
664 (home-directory "/var/empty")
665 (shell (file-append shadow "/sbin/nologin")))))
667 (define %bitlbee-activation
668 ;; Activation gexp for BitlBee.
670 (use-modules (guix build utils))
672 ;; This directory is used to store OTR data.
673 (mkdir-p "/var/lib/bitlbee")
674 (let ((user (getpwnam "bitlbee")))
675 (chown "/var/lib/bitlbee"
676 (passwd:uid user) (passwd:gid user)))))
678 (define bitlbee-service-type
679 (service-type (name 'bitlbee)
681 (list (service-extension shepherd-root-service-type
682 bitlbee-shepherd-service)
683 (service-extension account-service-type
684 (const %bitlbee-accounts))
685 (service-extension activation-service-type
686 (const %bitlbee-activation))))))
688 (define* (bitlbee-service #:key (bitlbee bitlbee)
689 (interface "127.0.0.1") (port 6667)
691 "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
692 acts as a gateway between IRC and chat networks.
694 The daemon will listen to the interface corresponding to the IP address
695 specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only
696 local clients can connect, whereas @code{0.0.0.0} means that connections can
697 come from any networking interface.
699 In addition, @var{extra-settings} specifies a string to append to the
701 (service bitlbee-service-type
702 (bitlbee-configuration
704 (interface interface) (port port)
705 (extra-settings extra-settings))))
712 (define %wicd-activation
713 ;; Activation gexp for Wicd.
715 (use-modules (guix build utils))
717 (mkdir-p "/etc/wicd")
718 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
719 (unless (file-exists? file-name)
720 (copy-file (string-append #$wicd file-name)
723 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
724 ;; named socket files.
725 (mkdir-p "/var/run/wpa_supplicant")
726 (chmod "/var/run/wpa_supplicant" #o750)))
728 (define (wicd-shepherd-service wicd)
729 "Return a shepherd service for WICD."
730 (list (shepherd-service
731 (documentation "Run the Wicd network manager.")
732 (provision '(networking))
733 (requirement '(user-processes dbus-system loopback))
734 (start #~(make-forkexec-constructor
735 (list (string-append #$wicd "/sbin/wicd")
737 (stop #~(make-kill-destructor)))))
739 (define wicd-service-type
740 (service-type (name 'wicd)
742 (list (service-extension shepherd-root-service-type
743 wicd-shepherd-service)
744 (service-extension dbus-root-service-type
746 (service-extension activation-service-type
747 (const %wicd-activation))
749 ;; Add Wicd to the global profile.
750 (service-extension profile-service-type list)))))
752 (define* (wicd-service #:key (wicd wicd))
753 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
754 management daemon that aims to simplify wired and wireless networking.
756 This service adds the @var{wicd} package to the global profile, providing
757 several commands to interact with the daemon and configure networking:
758 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
759 and @command{wicd-curses} user interfaces."
760 (service wicd-service-type wicd))
767 (define-record-type* <network-manager-configuration>
768 network-manager-configuration make-network-manager-configuration
769 network-manager-configuration?
770 (network-manager network-manager-configuration-network-manager
771 (default network-manager))
772 (dns network-manager-configuration-dns
773 (default "default")))
775 (define %network-manager-activation
776 ;; Activation gexp for NetworkManager.
778 (use-modules (guix build utils))
779 (mkdir-p "/etc/NetworkManager/system-connections")))
781 (define network-manager-shepherd-service
783 (($ <network-manager-configuration> network-manager dns)
785 ((conf (plain-file "NetworkManager.conf"
790 (list (shepherd-service
791 (documentation "Run the NetworkManager.")
792 (provision '(networking))
793 (requirement '(user-processes dbus-system wpa-supplicant loopback))
794 (start #~(make-forkexec-constructor
795 (list (string-append #$network-manager
796 "/sbin/NetworkManager")
797 (string-append "--config=" #$conf)
799 (stop #~(make-kill-destructor))))))))
801 (define network-manager-service-type
805 (($ <network-manager-configuration> network-manager)
806 (list network-manager)))))
809 (name 'network-manager)
811 (list (service-extension shepherd-root-service-type
812 network-manager-shepherd-service)
813 (service-extension dbus-root-service-type config->package)
814 (service-extension polkit-service-type config->package)
815 (service-extension activation-service-type
816 (const %network-manager-activation))
817 ;; Add network-manager to the system profile.
818 (service-extension profile-service-type config->package))))))
825 (define %connman-activation
826 ;; Activation gexp for Connman.
828 (use-modules (guix build utils))
829 (mkdir-p "/var/lib/connman/")
830 (mkdir-p "/var/lib/connman-vpn/")))
832 (define (connman-shepherd-service connman)
833 "Return a shepherd service for Connman"
834 (list (shepherd-service
835 (documentation "Run Connman")
836 (provision '(networking))
837 (requirement '(user-processes dbus-system loopback wpa-supplicant))
838 (start #~(make-forkexec-constructor
839 (list (string-append #$connman
842 (stop #~(make-kill-destructor)))))
844 (define connman-service-type
845 (service-type (name 'connman)
847 (list (service-extension shepherd-root-service-type
848 connman-shepherd-service)
849 (service-extension dbus-root-service-type list)
850 (service-extension activation-service-type
851 (const %connman-activation))
852 ;; Add connman to the system profile.
853 (service-extension profile-service-type list)))))
855 (define* (connman-service #:key (connman connman))
856 "Return a service that runs @url{https://01.org/connman,Connman}, a network
859 This service adds the @var{connman} package to the global profile, providing
860 several the @command{connmanctl} command to interact with the daemon and
861 configure networking."
862 (service connman-service-type connman))
871 (define (wpa-supplicant-shepherd-service wpa-supplicant)
872 "Return a shepherd service for wpa_supplicant"
873 (list (shepherd-service
874 (documentation "Run WPA supplicant with dbus interface")
875 (provision '(wpa-supplicant))
876 (requirement '(user-processes dbus-system loopback))
877 (start #~(make-forkexec-constructor
878 (list (string-append #$wpa-supplicant
879 "/sbin/wpa_supplicant")
880 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
881 #:pid-file "/var/run/wpa_supplicant.pid"))
882 (stop #~(make-kill-destructor)))))
884 (define wpa-supplicant-service-type
885 (service-type (name 'wpa-supplicant)
887 (list (service-extension shepherd-root-service-type
888 wpa-supplicant-shepherd-service)
889 (service-extension dbus-root-service-type list)
890 (service-extension profile-service-type list)))))
897 (define-record-type* <openvswitch-configuration>
898 openvswitch-configuration make-openvswitch-configuration
899 openvswitch-configuration?
900 (package openvswitch-configuration-package
901 (default openvswitch)))
903 (define openvswitch-activation
905 (($ <openvswitch-configuration> package)
906 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
907 (with-imported-modules '((guix build utils))
909 (use-modules (guix build utils))
910 (mkdir-p "/var/run/openvswitch")
911 (mkdir-p "/var/lib/openvswitch")
912 (let ((conf.db "/var/lib/openvswitch/conf.db"))
913 (unless (file-exists? conf.db)
914 (system* #$ovsdb-tool "create" conf.db)))))))))
916 (define openvswitch-shepherd-service
918 (($ <openvswitch-configuration> package)
919 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
920 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
924 (documentation "Run the Open vSwitch database server.")
925 (start #~(make-forkexec-constructor
926 (list #$ovsdb-server "--pidfile"
927 "--remote=punix:/var/run/openvswitch/db.sock")
928 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
929 (stop #~(make-kill-destructor)))
931 (provision '(vswitchd))
932 (requirement '(ovsdb))
933 (documentation "Run the Open vSwitch daemon.")
934 (start #~(make-forkexec-constructor
935 (list #$ovs-vswitchd "--pidfile")
936 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
937 (stop #~(make-kill-destructor))))))))
939 (define openvswitch-service-type
943 (list (service-extension activation-service-type
944 openvswitch-activation)
945 (service-extension profile-service-type
946 (compose list openvswitch-configuration-package))
947 (service-extension shepherd-root-service-type
948 openvswitch-shepherd-service)))))
950 ;;; networking.scm ends here