1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
7 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
9 ;;; This file is part of GNU Guix.
11 ;;; GNU Guix is free software; you can redistribute it and/or modify it
12 ;;; under the terms of the GNU General Public License as published by
13 ;;; the Free Software Foundation; either version 3 of the License, or (at
14 ;;; your option) any later version.
16 ;;; GNU Guix is distributed in the hope that it will be useful, but
17 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;;; GNU General Public License for more details.
21 ;;; You should have received a copy of the GNU General Public License
22 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
24 (define-module (gnu services networking)
25 #:use-module (gnu services)
26 #:use-module (gnu services shepherd)
27 #:use-module (gnu services dbus)
28 #:use-module (gnu system shadow)
29 #:use-module (gnu system pam)
30 #:use-module (gnu packages admin)
31 #:use-module (gnu packages connman)
32 #:use-module (gnu packages linux)
33 #:use-module (gnu packages tor)
34 #:use-module (gnu packages messaging)
35 #:use-module (gnu packages networking)
36 #:use-module (gnu packages ntp)
37 #:use-module (gnu packages wicd)
38 #:use-module (gnu packages gnome)
39 #:use-module (guix gexp)
40 #:use-module (guix records)
41 #:use-module (guix modules)
42 #:use-module (srfi srfi-1)
43 #:use-module (srfi srfi-9)
44 #:use-module (srfi srfi-26)
45 #:use-module (ice-9 match)
46 #:export (%facebook-host-aliases
50 static-networking-interface
52 static-networking-netmask
53 static-networking-gateway
55 static-networking-service
56 static-networking-service-type
76 bitlbee-configuration?
83 network-manager-configuration
84 network-manager-configuration?
85 network-manager-configuration-dns
86 network-manager-service-type
89 connman-configuration?
92 wpa-supplicant-service-type
94 openvswitch-service-type
95 openvswitch-configuration))
99 ;;; Networking services.
103 (define %facebook-host-aliases
104 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
107 # Block Facebook IPv4.
108 127.0.0.1 www.facebook.com
109 127.0.0.1 facebook.com
110 127.0.0.1 login.facebook.com
111 127.0.0.1 www.login.facebook.com
113 127.0.0.1 www.fbcdn.net
115 127.0.0.1 www.fbcdn.com
116 127.0.0.1 static.ak.fbcdn.net
117 127.0.0.1 static.ak.connect.facebook.com
118 127.0.0.1 connect.facebook.net
119 127.0.0.1 www.connect.facebook.net
120 127.0.0.1 apps.facebook.com
122 # Block Facebook IPv6.
123 fe80::1%lo0 facebook.com
124 fe80::1%lo0 login.facebook.com
125 fe80::1%lo0 www.login.facebook.com
126 fe80::1%lo0 fbcdn.net
127 fe80::1%lo0 www.fbcdn.net
128 fe80::1%lo0 fbcdn.com
129 fe80::1%lo0 www.fbcdn.com
130 fe80::1%lo0 static.ak.fbcdn.net
131 fe80::1%lo0 static.ak.connect.facebook.com
132 fe80::1%lo0 connect.facebook.net
133 fe80::1%lo0 www.connect.facebook.net
134 fe80::1%lo0 apps.facebook.com\n")
137 (define-record-type* <static-networking>
138 static-networking make-static-networking
140 (interface static-networking-interface)
141 (ip static-networking-ip)
142 (netmask static-networking-netmask
144 (gateway static-networking-gateway ;FIXME: doesn't belong here
146 (provision static-networking-provision
148 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
151 (define static-networking-shepherd-service
153 (($ <static-networking> interface ip netmask gateway provision
155 (let ((loopback? (and provision (memq 'loopback provision))))
158 ;; Unless we're providing the loopback interface, wait for udev to be up
159 ;; and running so that INTERFACE is actually usable.
160 (requirement (if loopback? '() '(udev)))
163 "Bring up the networking interface using a static IP address.")
164 (provision (or provision
165 (list (symbol-append 'networking-
166 (string->symbol interface)))))
169 ;; Return #t if successfully started.
170 (let* ((addr (inet-pton AF_INET #$ip))
171 (sockaddr (make-socket-address AF_INET addr 0))
173 (inet-pton AF_INET #$netmask)))
175 (make-socket-address AF_INET
177 (gateway (and #$gateway
178 (inet-pton AF_INET #$gateway)))
179 (gatewayaddr (and gateway
180 (make-socket-address AF_INET
182 (configure-network-interface #$interface sockaddr
189 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
190 (add-network-route/gateway sock gatewayaddr)
191 (close-port sock))))))
193 ;; Return #f is successfully stopped.
194 (let ((sock (socket AF_INET SOCK_STREAM 0)))
196 (delete-network-route sock
198 AF_INET INADDR_ANY 0)))
199 (set-network-interface-flags sock #$interface 0)
204 (define (static-networking-etc-files interfaces)
205 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
206 (match (delete-duplicates
207 (append-map static-networking-name-servers
212 (let ((content (string-join
213 (map (cut string-append "nameserver " <>)
217 ,(plain-file "resolv.conf"
219 # Generated by 'static-networking-service'.\n"
222 (define (static-networking-shepherd-services interfaces)
223 "Return the list of Shepherd services to bring up INTERFACES, a list of
224 <static-networking> objects."
225 (define (loopback? service)
226 (memq 'loopback (shepherd-service-provision service)))
228 (let ((services (map static-networking-shepherd-service interfaces)))
229 (match (remove loopback? services)
231 ;; There's no interface other than 'loopback', so we assume that the
232 ;; 'networking' service will be provided by dhclient or similar.
235 ;; Assume we're providing all the interfaces, and thus, provide a
236 ;; 'networking' service.
237 (cons (shepherd-service
238 (provision '(networking))
239 (requirement (append-map shepherd-service-provision
243 (documentation "Bring up all the networking interfaces."))
246 (define static-networking-service-type
247 ;; The service type for statically-defined network interfaces.
248 (service-type (name 'static-networking)
251 (service-extension shepherd-root-service-type
252 static-networking-shepherd-services)
253 (service-extension etc-service-type
254 static-networking-etc-files)))
255 (compose concatenate)
258 "Turn up the specified network interfaces upon startup,
259 with the given IP address, gateway, netmask, and so on. The value for
260 services of this type is a list of @code{static-networking} objects, one per
261 network interface.")))
263 (define* (static-networking-service interface ip
265 netmask gateway provision
267 "Return a service that starts @var{interface} with address @var{ip}. If
268 @var{netmask} is true, use it as the network mask. If @var{gateway} is true,
269 it must be a string specifying the default network gateway.
271 This procedure can be called several times, one for each network
272 interface of interest. Behind the scenes what it does is extend
273 @code{static-networking-service-type} with additional network interfaces
275 (simple-service 'static-network-interface
276 static-networking-service-type
277 (list (static-networking (interface interface) (ip ip)
278 (netmask netmask) (gateway gateway)
279 (provision provision)
280 (name-servers name-servers)))))
282 (define dhcp-client-service-type
283 (shepherd-service-type
287 (file-append dhcp "/sbin/dhclient"))
290 "/var/run/dhclient.pid")
293 (documentation "Set up networking via DHCP.")
294 (requirement '(user-processes udev))
296 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
297 ;; networking is unavailable, but also means that the interface is not up
298 ;; yet when 'start' completes. To wait for the interface to be ready, one
299 ;; should instead monitor udev events.
300 (provision '(networking))
303 ;; When invoked without any arguments, 'dhclient' discovers all
304 ;; non-loopback interfaces *that are up*. However, the relevant
305 ;; interfaces are typically down at this point. Thus we perform
306 ;; our own interface discovery here.
308 (negate loopback-network-interface?))
310 (filter valid? (all-network-interface-names)))
312 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
313 ;; actually send/receive over them.
314 (for-each set-network-interface-up ifaces)
316 (false-if-exception (delete-file #$pid-file))
317 (let ((pid (fork+exec-command
318 (cons* #$dhclient "-nw"
319 "-pf" #$pid-file ifaces))))
320 (and (zero? (cdr (waitpid pid)))
324 (call-with-input-file #$pid-file read))
326 ;; 'dhclient' returned before PID-FILE was created,
328 (let ((errno (system-error-errno args)))
333 (apply throw args))))))))))
334 (stop #~(make-kill-destructor))))))
336 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
337 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
338 Protocol (DHCP) client, on all the non-loopback network interfaces."
339 (service dhcp-client-service-type dhcp))
342 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
343 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
344 ;; for this NTP pool "zone".
345 '("0.guix.pool.ntp.org"
346 "1.guix.pool.ntp.org"
347 "2.guix.pool.ntp.org"
348 "3.guix.pool.ntp.org"))
356 (define-record-type* <ntp-configuration>
357 ntp-configuration make-ntp-configuration
359 (ntp ntp-configuration-ntp
361 (servers ntp-configuration-servers)
362 (allow-large-adjustment? ntp-allow-large-adjustment?
365 (define ntp-shepherd-service
367 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
369 ;; TODO: Add authentication support.
371 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
372 (string-join (map (cut string-append "server " <>)
376 # Disable status queries as a workaround for CVE-2013-5211:
377 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
378 restrict default kod nomodify notrap nopeer noquery
379 restrict -6 default kod nomodify notrap nopeer noquery
381 # Yet, allow use of the local 'ntpq'.
386 (plain-file "ntpd.conf" config))
388 (list (shepherd-service
390 (documentation "Run the Network Time Protocol (NTP) daemon.")
391 (requirement '(user-processes networking))
392 (start #~(make-forkexec-constructor
393 (list (string-append #$ntp "/bin/ntpd") "-n"
394 "-c" #$ntpd.conf "-u" "ntpd"
395 #$@(if allow-large-adjustment?
398 (stop #~(make-kill-destructor))))))))
400 (define %ntp-accounts
405 (comment "NTP daemon user")
406 (home-directory "/var/empty")
407 (shell (file-append shadow "/sbin/nologin")))))
410 (define (ntp-service-activation config)
411 "Return the activation gexp for CONFIG."
412 (with-imported-modules '((guix build utils))
414 (use-modules (guix build utils))
418 (let ((directory "/var/run/ntpd"))
420 (chown directory (passwd:uid %user) (passwd:gid %user))))))
422 (define ntp-service-type
423 (service-type (name 'ntp)
425 (list (service-extension shepherd-root-service-type
426 ntp-shepherd-service)
427 (service-extension account-service-type
428 (const %ntp-accounts))
429 (service-extension activation-service-type
430 ntp-service-activation)))
432 "Run the @command{ntpd}, the Network Time Protocol (NTP)
433 daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
434 will keep the system clock synchronized with that of the given servers.")))
436 (define* (ntp-service #:key (ntp ntp)
437 (servers %ntp-servers)
438 allow-large-adjustment?)
439 "Return a service that runs the daemon from @var{ntp}, the
440 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
441 keep the system clock synchronized with that of @var{servers}.
442 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
443 make an initial adjustment of more than 1,000 seconds."
444 (service ntp-service-type
445 (ntp-configuration (ntp ntp)
447 (allow-large-adjustment?
448 allow-large-adjustment?))))
455 (define-record-type* <inetd-configuration> inetd-configuration
456 make-inetd-configuration
458 (program inetd-configuration-program ;file-like
459 (default (file-append inetutils "/libexec/inetd")))
460 (entries inetd-configuration-entries ;list of <inetd-entry>
463 (define-record-type* <inetd-entry> inetd-entry make-inetd-entry
465 (node inetd-entry-node ;string or #f
467 (name inetd-entry-name) ;string, from /etc/services
469 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
471 (protocol inetd-entry-protocol) ;string, from /etc/protocols
473 (wait? inetd-entry-wait? ;Boolean
475 (user inetd-entry-user) ;string
477 (program inetd-entry-program ;string or file-like object
478 (default "internal"))
479 (arguments inetd-entry-arguments ;list of strings or file-like objects
482 (define (inetd-config-file entries)
483 (apply mixed-text-file "inetd.conf"
486 (let* ((node (inetd-entry-node entry))
487 (name (inetd-entry-name entry))
489 (if node (string-append node ":" name) name))
491 (match (inetd-entry-socket-type entry)
492 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
493 (symbol->string (inetd-entry-socket-type entry)))))
494 (protocol (inetd-entry-protocol entry))
495 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
496 (user (inetd-entry-user entry))
497 (program (inetd-entry-program entry))
498 (args (inetd-entry-arguments entry)))
501 (list #$@(list socket type protocol wait user program) #$@args)
505 (define inetd-shepherd-service
507 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
508 (($ <inetd-configuration> program entries)
511 (documentation "Run inetd.")
513 (requirement '(user-processes networking syslogd))
514 (start #~(make-forkexec-constructor
515 (list #$program #$(inetd-config-file entries))
516 #:pid-file "/var/run/inetd.pid"))
517 (stop #~(make-kill-destructor)))))))
519 (define-public inetd-service-type
523 (list (service-extension shepherd-root-service-type
524 inetd-shepherd-service)))
526 ;; The service can be extended with additional lists of entries.
527 (compose concatenate)
528 (extend (lambda (config entries)
531 (entries (append (inetd-configuration-entries config)
534 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
535 for listening on Internet sockets and spawning the corresponding services on
543 (define-record-type* <tor-configuration>
544 tor-configuration make-tor-configuration
546 (tor tor-configuration-tor
548 (config-file tor-configuration-config-file
549 (default (plain-file "empty" "")))
550 (hidden-services tor-configuration-hidden-services
553 (define %tor-accounts
554 ;; User account and groups for Tor.
555 (list (user-group (name "tor") (system? #t))
560 (comment "Tor daemon user")
561 (home-directory "/var/empty")
562 (shell (file-append shadow "/sbin/nologin")))))
564 (define-record-type <hidden-service>
565 (hidden-service name mapping)
567 (name hidden-service-name) ;string
568 (mapping hidden-service-mapping)) ;list of port/address tuples
570 (define (tor-configuration->torrc config)
571 "Return a 'torrc' file for CONFIG."
573 (($ <tor-configuration> tor config-file services)
576 (with-imported-modules '((guix build utils))
578 (use-modules (guix build utils)
581 (call-with-output-file #$output
584 # The beginning was automatically added.
586 DataDirectory /var/lib/tor
587 Log notice syslog\n" port)
589 (for-each (match-lambda
590 ((service (ports hosts) ...)
592 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
594 (for-each (lambda (tcp-port host)
596 HiddenServicePort ~a ~a~%"
599 '#$(map (match-lambda
600 (($ <hidden-service> name mapping)
601 (cons name mapping)))
604 ;; Append the user's config file.
605 (call-with-input-file #$config-file
607 (dump-port input port)))
610 (define (tor-shepherd-service config)
611 "Return a <shepherd-service> running TOR."
613 (($ <tor-configuration> tor)
614 (let ((torrc (tor-configuration->torrc config)))
615 (with-imported-modules (source-module-closure
616 '((gnu build shepherd)
617 (gnu system file-systems)))
618 (list (shepherd-service
621 ;; Tor needs at least one network interface to be up, hence the
622 ;; dependency on 'loopback'.
623 (requirement '(user-processes loopback syslogd))
625 (modules '((gnu build shepherd)
626 (gnu system file-systems)))
628 (start #~(make-forkexec-constructor/container
629 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
631 #:mappings (list (file-system-mapping
632 (source "/var/lib/tor")
636 (source "/dev/log") ;for syslog
638 (stop #~(make-kill-destructor))
639 (documentation "Run the Tor anonymous network overlay."))))))))
641 (define (tor-hidden-service-activation config)
642 "Return the activation gexp for SERVICES, a list of hidden services."
644 (use-modules (guix build utils))
649 (define (initialize service)
650 (let ((directory (string-append "/var/lib/tor/hidden-services/"
653 (chown directory (passwd:uid %user) (passwd:gid %user))
655 ;; The daemon bails out if we give wider permissions.
656 (chmod directory #o700)))
658 (mkdir-p "/var/lib/tor")
659 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
660 (chmod "/var/lib/tor" #o700)
662 ;; Make sure /var/lib is accessible to the 'tor' user.
663 (chmod "/var/lib" #o755)
666 '#$(map hidden-service-name
667 (tor-configuration-hidden-services config)))))
669 (define tor-service-type
670 (service-type (name 'tor)
672 (list (service-extension shepherd-root-service-type
673 tor-shepherd-service)
674 (service-extension account-service-type
675 (const %tor-accounts))
676 (service-extension activation-service-type
677 tor-hidden-service-activation)))
679 ;; This can be extended with hidden services.
680 (compose concatenate)
681 (extend (lambda (config services)
685 (append (tor-configuration-hidden-services config)
687 (default-value (tor-configuration))
689 "Run the @uref{https://torproject.org, Tor} anonymous
690 networking daemon.")))
692 (define* (tor-service #:optional
693 (config-file (plain-file "empty" ""))
695 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
698 The daemon runs as the @code{tor} unprivileged user. It is passed
699 @var{config-file}, a file-like object, with an additional @code{User tor} line
700 and lines for hidden services added via @code{tor-hidden-service}. Run
701 @command{man tor} for information about the configuration file."
702 (service tor-service-type
703 (tor-configuration (tor tor)
704 (config-file config-file))))
706 (define tor-hidden-service-type
707 ;; A type that extends Tor with hidden services.
708 (service-type (name 'tor-hidden-service)
710 (list (service-extension tor-service-type list)))
712 "Define a new Tor @dfn{hidden service}.")))
714 (define (tor-hidden-service name mapping)
715 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
716 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
719 '((22 \"127.0.0.1:22\")
720 (80 \"127.0.0.1:8080\"))
723 In this example, port 22 of the hidden service is mapped to local port 22, and
724 port 80 is mapped to local port 8080.
726 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
727 the @file{hostname} file contains the @code{.onion} host name for the hidden
730 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
731 project's documentation} for more information."
732 (service tor-hidden-service-type
733 (hidden-service name mapping)))
740 (define-record-type* <bitlbee-configuration>
741 bitlbee-configuration make-bitlbee-configuration
742 bitlbee-configuration?
743 (bitlbee bitlbee-configuration-bitlbee
745 (interface bitlbee-configuration-interface
746 (default "127.0.0.1"))
747 (port bitlbee-configuration-port
749 (extra-settings bitlbee-configuration-extra-settings
752 (define bitlbee-shepherd-service
754 (($ <bitlbee-configuration> bitlbee interface port extra-settings)
755 (let ((conf (plain-file "bitlbee.conf"
759 ConfigDir = /var/lib/bitlbee
760 DaemonInterface = " interface "
761 DaemonPort = " (number->string port) "
764 (with-imported-modules (source-module-closure
765 '((gnu build shepherd)
766 (gnu system file-systems)))
767 (list (shepherd-service
768 (provision '(bitlbee))
770 ;; Note: If networking is not up, then /etc/resolv.conf
771 ;; doesn't get mapped in the container, hence the dependency
773 (requirement '(user-processes networking))
775 (modules '((gnu build shepherd)
776 (gnu system file-systems)))
777 (start #~(make-forkexec-constructor/container
778 (list #$(file-append bitlbee "/sbin/bitlbee")
779 "-n" "-F" "-u" "bitlbee" "-c" #$conf)
781 #:pid-file "/var/run/bitlbee.pid"
782 #:mappings (list (file-system-mapping
783 (source "/var/lib/bitlbee")
786 (stop #~(make-kill-destructor)))))))))
788 (define %bitlbee-accounts
789 ;; User group and account to run BitlBee.
790 (list (user-group (name "bitlbee") (system? #t))
795 (comment "BitlBee daemon user")
796 (home-directory "/var/empty")
797 (shell (file-append shadow "/sbin/nologin")))))
799 (define %bitlbee-activation
800 ;; Activation gexp for BitlBee.
802 (use-modules (guix build utils))
804 ;; This directory is used to store OTR data.
805 (mkdir-p "/var/lib/bitlbee")
806 (let ((user (getpwnam "bitlbee")))
807 (chown "/var/lib/bitlbee"
808 (passwd:uid user) (passwd:gid user)))))
810 (define bitlbee-service-type
811 (service-type (name 'bitlbee)
813 (list (service-extension shepherd-root-service-type
814 bitlbee-shepherd-service)
815 (service-extension account-service-type
816 (const %bitlbee-accounts))
817 (service-extension activation-service-type
818 (const %bitlbee-activation))))
819 (default-value (bitlbee-configuration))
821 "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as
822 a gateway between IRC and chat networks.")))
824 (define* (bitlbee-service #:key (bitlbee bitlbee)
825 (interface "127.0.0.1") (port 6667)
827 "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
828 acts as a gateway between IRC and chat networks.
830 The daemon will listen to the interface corresponding to the IP address
831 specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only
832 local clients can connect, whereas @code{0.0.0.0} means that connections can
833 come from any networking interface.
835 In addition, @var{extra-settings} specifies a string to append to the
837 (service bitlbee-service-type
838 (bitlbee-configuration
840 (interface interface) (port port)
841 (extra-settings extra-settings))))
848 (define %wicd-activation
849 ;; Activation gexp for Wicd.
851 (use-modules (guix build utils))
853 (mkdir-p "/etc/wicd")
854 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
855 (unless (file-exists? file-name)
856 (copy-file (string-append #$wicd file-name)
859 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
860 ;; named socket files.
861 (mkdir-p "/var/run/wpa_supplicant")
862 (chmod "/var/run/wpa_supplicant" #o750)))
864 (define (wicd-shepherd-service wicd)
865 "Return a shepherd service for WICD."
866 (list (shepherd-service
867 (documentation "Run the Wicd network manager.")
868 (provision '(networking))
869 (requirement '(user-processes dbus-system loopback))
870 (start #~(make-forkexec-constructor
871 (list (string-append #$wicd "/sbin/wicd")
873 (stop #~(make-kill-destructor)))))
875 (define wicd-service-type
876 (service-type (name 'wicd)
878 (list (service-extension shepherd-root-service-type
879 wicd-shepherd-service)
880 (service-extension dbus-root-service-type
882 (service-extension activation-service-type
883 (const %wicd-activation))
885 ;; Add Wicd to the global profile.
886 (service-extension profile-service-type list)))
888 "Run @url{https://launchpad.net/wicd,Wicd}, a network
889 management daemon that aims to simplify wired and wireless networking.")))
891 (define* (wicd-service #:key (wicd wicd))
892 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
893 management daemon that aims to simplify wired and wireless networking.
895 This service adds the @var{wicd} package to the global profile, providing
896 several commands to interact with the daemon and configure networking:
897 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
898 and @command{wicd-curses} user interfaces."
899 (service wicd-service-type wicd))
906 (define-record-type* <network-manager-configuration>
907 network-manager-configuration make-network-manager-configuration
908 network-manager-configuration?
909 (network-manager network-manager-configuration-network-manager
910 (default network-manager))
911 (dns network-manager-configuration-dns
913 (vpn-plugins network-manager-vpn-plugins ;list of <package>
916 (define %network-manager-activation
917 ;; Activation gexp for NetworkManager.
919 (use-modules (guix build utils))
920 (mkdir-p "/etc/NetworkManager/system-connections")))
922 (define (vpn-plugin-directory plugins)
923 "Return a directory containing PLUGINS, the NM VPN plugins."
924 (directory-union "network-manager-vpn-plugins" plugins))
926 (define network-manager-environment
928 (($ <network-manager-configuration> network-manager dns vpn-plugins)
929 ;; Define this variable in the global environment such that
930 ;; "nmcli connection import type openvpn file foo.ovpn" works.
931 `(("NM_VPN_PLUGIN_DIR"
932 . ,(file-append (vpn-plugin-directory vpn-plugins)
933 "/lib/NetworkManager/VPN"))))))
935 (define network-manager-shepherd-service
937 (($ <network-manager-configuration> network-manager dns vpn-plugins)
938 (let ((conf (plain-file "NetworkManager.conf"
939 (string-append "[main]\ndns=" dns "\n")))
940 (vpn (vpn-plugin-directory vpn-plugins)))
941 (list (shepherd-service
942 (documentation "Run the NetworkManager.")
943 (provision '(networking))
944 (requirement '(user-processes dbus-system wpa-supplicant loopback))
945 (start #~(make-forkexec-constructor
946 (list (string-append #$network-manager
947 "/sbin/NetworkManager")
948 (string-append "--config=" #$conf)
950 #:environment-variables
951 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
952 "/lib/NetworkManager/VPN"))))
953 (stop #~(make-kill-destructor))))))))
955 (define network-manager-service-type
959 (($ <network-manager-configuration> network-manager)
960 (list network-manager)))))
963 (name 'network-manager)
965 (list (service-extension shepherd-root-service-type
966 network-manager-shepherd-service)
967 (service-extension dbus-root-service-type config->package)
968 (service-extension polkit-service-type config->package)
969 (service-extension activation-service-type
970 (const %network-manager-activation))
971 (service-extension session-environment-service-type
972 network-manager-environment)
973 ;; Add network-manager to the system profile.
974 (service-extension profile-service-type config->package)))
975 (default-value (network-manager-configuration))
977 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
978 NetworkManager}, a network management daemon that aims to simplify wired and
979 wireless networking."))))
986 (define-record-type* <connman-configuration>
987 connman-configuration make-connman-configuration
988 connman-configuration?
989 (connman connman-configuration-connman
991 (disable-vpn? connman-configuration-disable-vpn?
994 (define (connman-activation config)
995 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
996 (with-imported-modules '((guix build utils))
998 (use-modules (guix build utils))
999 (mkdir-p "/var/lib/connman/")
1000 (unless #$disable-vpn?
1001 (mkdir-p "/var/lib/connman-vpn/"))))))
1003 (define (connman-shepherd-service config)
1004 "Return a shepherd service for Connman"
1006 (connman-configuration? config)
1007 (let ((connman (connman-configuration-connman config))
1008 (disable-vpn? (connman-configuration-disable-vpn? config)))
1009 (list (shepherd-service
1010 (documentation "Run Connman")
1011 (provision '(networking))
1013 '(user-processes dbus-system loopback wpa-supplicant))
1014 (start #~(make-forkexec-constructor
1015 (list (string-append #$connman
1018 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
1019 (stop #~(make-kill-destructor)))))))
1021 (define connman-service-type
1022 (let ((connman-package (compose list connman-configuration-connman)))
1023 (service-type (name 'connman)
1025 (list (service-extension shepherd-root-service-type
1026 connman-shepherd-service)
1027 (service-extension dbus-root-service-type
1029 (service-extension activation-service-type
1031 ;; Add connman to the system profile.
1032 (service-extension profile-service-type
1035 "Run @url{https://01.org/connman,Connman},
1036 a network connection manager."))))
1044 (define (wpa-supplicant-shepherd-service wpa-supplicant)
1045 "Return a shepherd service for wpa_supplicant"
1046 (list (shepherd-service
1047 (documentation "Run WPA supplicant with dbus interface")
1048 (provision '(wpa-supplicant))
1049 (requirement '(user-processes dbus-system loopback))
1050 (start #~(make-forkexec-constructor
1051 (list (string-append #$wpa-supplicant
1052 "/sbin/wpa_supplicant")
1053 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1054 #:pid-file "/var/run/wpa_supplicant.pid"))
1055 (stop #~(make-kill-destructor)))))
1057 (define wpa-supplicant-service-type
1058 (service-type (name 'wpa-supplicant)
1060 (list (service-extension shepherd-root-service-type
1061 wpa-supplicant-shepherd-service)
1062 (service-extension dbus-root-service-type list)
1063 (service-extension profile-service-type list)))
1064 (default-value wpa-supplicant)))
1071 (define-record-type* <openvswitch-configuration>
1072 openvswitch-configuration make-openvswitch-configuration
1073 openvswitch-configuration?
1074 (package openvswitch-configuration-package
1075 (default openvswitch)))
1077 (define openvswitch-activation
1079 (($ <openvswitch-configuration> package)
1080 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1081 (with-imported-modules '((guix build utils))
1083 (use-modules (guix build utils))
1084 (mkdir-p "/var/run/openvswitch")
1085 (mkdir-p "/var/lib/openvswitch")
1086 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1087 (unless (file-exists? conf.db)
1088 (system* #$ovsdb-tool "create" conf.db)))))))))
1090 (define openvswitch-shepherd-service
1092 (($ <openvswitch-configuration> package)
1093 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1094 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1097 (provision '(ovsdb))
1098 (documentation "Run the Open vSwitch database server.")
1099 (start #~(make-forkexec-constructor
1100 (list #$ovsdb-server "--pidfile"
1101 "--remote=punix:/var/run/openvswitch/db.sock")
1102 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1103 (stop #~(make-kill-destructor)))
1105 (provision '(vswitchd))
1106 (requirement '(ovsdb))
1107 (documentation "Run the Open vSwitch daemon.")
1108 (start #~(make-forkexec-constructor
1109 (list #$ovs-vswitchd "--pidfile")
1110 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1111 (stop #~(make-kill-destructor))))))))
1113 (define openvswitch-service-type
1117 (list (service-extension activation-service-type
1118 openvswitch-activation)
1119 (service-extension profile-service-type
1120 (compose list openvswitch-configuration-package))
1121 (service-extension shepherd-root-service-type
1122 openvswitch-shepherd-service)))
1124 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1125 switch designed to enable massive network automation through programmatic
1128 ;;; networking.scm ends here