1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
7 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
8 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
10 ;;; This file is part of GNU Guix.
12 ;;; GNU Guix is free software; you can redistribute it and/or modify it
13 ;;; under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 3 of the License, or (at
15 ;;; your option) any later version.
17 ;;; GNU Guix is distributed in the hope that it will be useful, but
18 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
25 (define-module (gnu services networking)
26 #:use-module (gnu services)
27 #:use-module (gnu services shepherd)
28 #:use-module (gnu services dbus)
29 #:use-module (gnu system shadow)
30 #:use-module (gnu system pam)
31 #:use-module (gnu packages admin)
32 #:use-module (gnu packages connman)
33 #:use-module (gnu packages linux)
34 #:use-module (gnu packages tor)
35 #:use-module (gnu packages messaging)
36 #:use-module (gnu packages networking)
37 #:use-module (gnu packages ntp)
38 #:use-module (gnu packages wicd)
39 #:use-module (gnu packages gnome)
40 #:use-module (guix gexp)
41 #:use-module (guix records)
42 #:use-module (guix modules)
43 #:use-module (srfi srfi-1)
44 #:use-module (srfi srfi-9)
45 #:use-module (srfi srfi-26)
46 #:use-module (ice-9 match)
47 #:export (%facebook-host-aliases
51 static-networking-interface
53 static-networking-netmask
54 static-networking-gateway
55 static-networking-requirement
57 static-networking-service
58 static-networking-service-type
78 bitlbee-configuration?
85 network-manager-configuration
86 network-manager-configuration?
87 network-manager-configuration-dns
88 network-manager-service-type
91 connman-configuration?
94 wpa-supplicant-service-type
96 openvswitch-service-type
97 openvswitch-configuration))
101 ;;; Networking services.
105 (define %facebook-host-aliases
106 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
109 # Block Facebook IPv4.
110 127.0.0.1 www.facebook.com
111 127.0.0.1 facebook.com
112 127.0.0.1 login.facebook.com
113 127.0.0.1 www.login.facebook.com
115 127.0.0.1 www.fbcdn.net
117 127.0.0.1 www.fbcdn.com
118 127.0.0.1 static.ak.fbcdn.net
119 127.0.0.1 static.ak.connect.facebook.com
120 127.0.0.1 connect.facebook.net
121 127.0.0.1 www.connect.facebook.net
122 127.0.0.1 apps.facebook.com
124 # Block Facebook IPv6.
125 fe80::1%lo0 facebook.com
126 fe80::1%lo0 login.facebook.com
127 fe80::1%lo0 www.login.facebook.com
128 fe80::1%lo0 fbcdn.net
129 fe80::1%lo0 www.fbcdn.net
130 fe80::1%lo0 fbcdn.com
131 fe80::1%lo0 www.fbcdn.com
132 fe80::1%lo0 static.ak.fbcdn.net
133 fe80::1%lo0 static.ak.connect.facebook.com
134 fe80::1%lo0 connect.facebook.net
135 fe80::1%lo0 www.connect.facebook.net
136 fe80::1%lo0 apps.facebook.com\n")
139 (define-record-type* <static-networking>
140 static-networking make-static-networking
142 (interface static-networking-interface)
143 (ip static-networking-ip)
144 (netmask static-networking-netmask
146 (gateway static-networking-gateway ;FIXME: doesn't belong here
148 (provision static-networking-provision
150 (requirement static-networking-requirement
152 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
155 (define static-networking-shepherd-service
157 (($ <static-networking> interface ip netmask gateway provision
158 requirement name-servers)
159 (let ((loopback? (and provision (memq 'loopback provision))))
163 "Bring up the networking interface using a static IP address.")
164 (requirement requirement)
165 (provision (or provision
166 (list (symbol-append 'networking-
167 (string->symbol interface)))))
170 ;; Return #t if successfully started.
171 (let* ((addr (inet-pton AF_INET #$ip))
172 (sockaddr (make-socket-address AF_INET addr 0))
174 (inet-pton AF_INET #$netmask)))
176 (make-socket-address AF_INET
178 (gateway (and #$gateway
179 (inet-pton AF_INET #$gateway)))
180 (gatewayaddr (and gateway
181 (make-socket-address AF_INET
183 (configure-network-interface #$interface sockaddr
190 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
191 (add-network-route/gateway sock gatewayaddr)
192 (close-port sock))))))
194 ;; Return #f is successfully stopped.
195 (let ((sock (socket AF_INET SOCK_STREAM 0)))
197 (delete-network-route sock
199 AF_INET INADDR_ANY 0)))
200 (set-network-interface-flags sock #$interface 0)
205 (define (static-networking-etc-files interfaces)
206 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
207 (match (delete-duplicates
208 (append-map static-networking-name-servers
213 (let ((content (string-join
214 (map (cut string-append "nameserver " <>)
218 ,(plain-file "resolv.conf"
220 # Generated by 'static-networking-service'.\n"
223 (define (static-networking-shepherd-services interfaces)
224 "Return the list of Shepherd services to bring up INTERFACES, a list of
225 <static-networking> objects."
226 (define (loopback? service)
227 (memq 'loopback (shepherd-service-provision service)))
229 (let ((services (map static-networking-shepherd-service interfaces)))
230 (match (remove loopback? services)
232 ;; There's no interface other than 'loopback', so we assume that the
233 ;; 'networking' service will be provided by dhclient or similar.
236 ;; Assume we're providing all the interfaces, and thus, provide a
237 ;; 'networking' service.
238 (cons (shepherd-service
239 (provision '(networking))
240 (requirement (append-map shepherd-service-provision
244 (documentation "Bring up all the networking interfaces."))
247 (define static-networking-service-type
248 ;; The service type for statically-defined network interfaces.
249 (service-type (name 'static-networking)
252 (service-extension shepherd-root-service-type
253 static-networking-shepherd-services)
254 (service-extension etc-service-type
255 static-networking-etc-files)))
256 (compose concatenate)
259 "Turn up the specified network interfaces upon startup,
260 with the given IP address, gateway, netmask, and so on. The value for
261 services of this type is a list of @code{static-networking} objects, one per
262 network interface.")))
264 (define* (static-networking-service interface ip
266 netmask gateway provision
267 ;; Most interfaces require udev to be usable.
268 (requirement '(udev))
270 "Return a service that starts @var{interface} with address @var{ip}. If
271 @var{netmask} is true, use it as the network mask. If @var{gateway} is true,
272 it must be a string specifying the default network gateway.
274 This procedure can be called several times, one for each network
275 interface of interest. Behind the scenes what it does is extend
276 @code{static-networking-service-type} with additional network interfaces
278 (simple-service 'static-network-interface
279 static-networking-service-type
280 (list (static-networking (interface interface) (ip ip)
281 (netmask netmask) (gateway gateway)
282 (provision provision)
283 (requirement requirement)
284 (name-servers name-servers)))))
286 (define dhcp-client-service-type
287 (shepherd-service-type
291 (file-append dhcp "/sbin/dhclient"))
294 "/var/run/dhclient.pid")
297 (documentation "Set up networking via DHCP.")
298 (requirement '(user-processes udev))
300 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
301 ;; networking is unavailable, but also means that the interface is not up
302 ;; yet when 'start' completes. To wait for the interface to be ready, one
303 ;; should instead monitor udev events.
304 (provision '(networking))
307 ;; When invoked without any arguments, 'dhclient' discovers all
308 ;; non-loopback interfaces *that are up*. However, the relevant
309 ;; interfaces are typically down at this point. Thus we perform
310 ;; our own interface discovery here.
312 (negate loopback-network-interface?))
314 (filter valid? (all-network-interface-names)))
316 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
317 ;; actually send/receive over them.
318 (for-each set-network-interface-up ifaces)
320 (false-if-exception (delete-file #$pid-file))
321 (let ((pid (fork+exec-command
322 (cons* #$dhclient "-nw"
323 "-pf" #$pid-file ifaces))))
324 (and (zero? (cdr (waitpid pid)))
328 (call-with-input-file #$pid-file read))
330 ;; 'dhclient' returned before PID-FILE was created,
332 (let ((errno (system-error-errno args)))
337 (apply throw args))))))))))
338 (stop #~(make-kill-destructor))))))
340 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
341 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
342 Protocol (DHCP) client, on all the non-loopback network interfaces."
343 (service dhcp-client-service-type dhcp))
346 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
347 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
348 ;; for this NTP pool "zone".
349 '("0.guix.pool.ntp.org"
350 "1.guix.pool.ntp.org"
351 "2.guix.pool.ntp.org"
352 "3.guix.pool.ntp.org"))
360 (define-record-type* <ntp-configuration>
361 ntp-configuration make-ntp-configuration
363 (ntp ntp-configuration-ntp
365 (servers ntp-configuration-servers)
366 (allow-large-adjustment? ntp-allow-large-adjustment?
369 (define ntp-shepherd-service
371 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
373 ;; TODO: Add authentication support.
375 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
376 (string-join (map (cut string-append "server " <>)
380 # Disable status queries as a workaround for CVE-2013-5211:
381 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
382 restrict default kod nomodify notrap nopeer noquery
383 restrict -6 default kod nomodify notrap nopeer noquery
385 # Yet, allow use of the local 'ntpq'.
390 (plain-file "ntpd.conf" config))
392 (list (shepherd-service
394 (documentation "Run the Network Time Protocol (NTP) daemon.")
395 (requirement '(user-processes networking))
396 (start #~(make-forkexec-constructor
397 (list (string-append #$ntp "/bin/ntpd") "-n"
398 "-c" #$ntpd.conf "-u" "ntpd"
399 #$@(if allow-large-adjustment?
402 (stop #~(make-kill-destructor))))))))
404 (define %ntp-accounts
409 (comment "NTP daemon user")
410 (home-directory "/var/empty")
411 (shell (file-append shadow "/sbin/nologin")))))
414 (define (ntp-service-activation config)
415 "Return the activation gexp for CONFIG."
416 (with-imported-modules '((guix build utils))
418 (use-modules (guix build utils))
422 (let ((directory "/var/run/ntpd"))
424 (chown directory (passwd:uid %user) (passwd:gid %user))))))
426 (define ntp-service-type
427 (service-type (name 'ntp)
429 (list (service-extension shepherd-root-service-type
430 ntp-shepherd-service)
431 (service-extension account-service-type
432 (const %ntp-accounts))
433 (service-extension activation-service-type
434 ntp-service-activation)))
436 "Run the @command{ntpd}, the Network Time Protocol (NTP)
437 daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
438 will keep the system clock synchronized with that of the given servers.")))
440 (define* (ntp-service #:key (ntp ntp)
441 (servers %ntp-servers)
442 allow-large-adjustment?)
443 "Return a service that runs the daemon from @var{ntp}, the
444 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
445 keep the system clock synchronized with that of @var{servers}.
446 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
447 make an initial adjustment of more than 1,000 seconds."
448 (service ntp-service-type
449 (ntp-configuration (ntp ntp)
451 (allow-large-adjustment?
452 allow-large-adjustment?))))
459 (define-record-type* <inetd-configuration> inetd-configuration
460 make-inetd-configuration
462 (program inetd-configuration-program ;file-like
463 (default (file-append inetutils "/libexec/inetd")))
464 (entries inetd-configuration-entries ;list of <inetd-entry>
467 (define-record-type* <inetd-entry> inetd-entry make-inetd-entry
469 (node inetd-entry-node ;string or #f
471 (name inetd-entry-name) ;string, from /etc/services
473 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
475 (protocol inetd-entry-protocol) ;string, from /etc/protocols
477 (wait? inetd-entry-wait? ;Boolean
479 (user inetd-entry-user) ;string
481 (program inetd-entry-program ;string or file-like object
482 (default "internal"))
483 (arguments inetd-entry-arguments ;list of strings or file-like objects
486 (define (inetd-config-file entries)
487 (apply mixed-text-file "inetd.conf"
490 (let* ((node (inetd-entry-node entry))
491 (name (inetd-entry-name entry))
493 (if node (string-append node ":" name) name))
495 (match (inetd-entry-socket-type entry)
496 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
497 (symbol->string (inetd-entry-socket-type entry)))))
498 (protocol (inetd-entry-protocol entry))
499 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
500 (user (inetd-entry-user entry))
501 (program (inetd-entry-program entry))
502 (args (inetd-entry-arguments entry)))
505 (list #$@(list socket type protocol wait user program) #$@args)
509 (define inetd-shepherd-service
511 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
512 (($ <inetd-configuration> program entries)
515 (documentation "Run inetd.")
517 (requirement '(user-processes networking syslogd))
518 (start #~(make-forkexec-constructor
519 (list #$program #$(inetd-config-file entries))
520 #:pid-file "/var/run/inetd.pid"))
521 (stop #~(make-kill-destructor)))))))
523 (define-public inetd-service-type
527 (list (service-extension shepherd-root-service-type
528 inetd-shepherd-service)))
530 ;; The service can be extended with additional lists of entries.
531 (compose concatenate)
532 (extend (lambda (config entries)
535 (entries (append (inetd-configuration-entries config)
538 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
539 for listening on Internet sockets and spawning the corresponding services on
547 (define-record-type* <tor-configuration>
548 tor-configuration make-tor-configuration
550 (tor tor-configuration-tor
552 (config-file tor-configuration-config-file
553 (default (plain-file "empty" "")))
554 (hidden-services tor-configuration-hidden-services
557 (define %tor-accounts
558 ;; User account and groups for Tor.
559 (list (user-group (name "tor") (system? #t))
564 (comment "Tor daemon user")
565 (home-directory "/var/empty")
566 (shell (file-append shadow "/sbin/nologin")))))
568 (define-record-type <hidden-service>
569 (hidden-service name mapping)
571 (name hidden-service-name) ;string
572 (mapping hidden-service-mapping)) ;list of port/address tuples
574 (define (tor-configuration->torrc config)
575 "Return a 'torrc' file for CONFIG."
577 (($ <tor-configuration> tor config-file services)
580 (with-imported-modules '((guix build utils))
582 (use-modules (guix build utils)
585 (call-with-output-file #$output
588 # The beginning was automatically added.
590 DataDirectory /var/lib/tor
591 Log notice syslog\n" port)
593 (for-each (match-lambda
594 ((service (ports hosts) ...)
596 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
598 (for-each (lambda (tcp-port host)
600 HiddenServicePort ~a ~a~%"
603 '#$(map (match-lambda
604 (($ <hidden-service> name mapping)
605 (cons name mapping)))
608 ;; Append the user's config file.
609 (call-with-input-file #$config-file
611 (dump-port input port)))
614 (define (tor-shepherd-service config)
615 "Return a <shepherd-service> running TOR."
617 (($ <tor-configuration> tor)
618 (let ((torrc (tor-configuration->torrc config)))
619 (with-imported-modules (source-module-closure
620 '((gnu build shepherd)
621 (gnu system file-systems)))
622 (list (shepherd-service
625 ;; Tor needs at least one network interface to be up, hence the
626 ;; dependency on 'loopback'.
627 (requirement '(user-processes loopback syslogd))
629 (modules '((gnu build shepherd)
630 (gnu system file-systems)))
632 (start #~(make-forkexec-constructor/container
633 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
635 #:mappings (list (file-system-mapping
636 (source "/var/lib/tor")
640 (source "/dev/log") ;for syslog
642 (stop #~(make-kill-destructor))
643 (documentation "Run the Tor anonymous network overlay."))))))))
645 (define (tor-hidden-service-activation config)
646 "Return the activation gexp for SERVICES, a list of hidden services."
648 (use-modules (guix build utils))
653 (define (initialize service)
654 (let ((directory (string-append "/var/lib/tor/hidden-services/"
657 (chown directory (passwd:uid %user) (passwd:gid %user))
659 ;; The daemon bails out if we give wider permissions.
660 (chmod directory #o700)))
662 (mkdir-p "/var/lib/tor")
663 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
664 (chmod "/var/lib/tor" #o700)
666 ;; Make sure /var/lib is accessible to the 'tor' user.
667 (chmod "/var/lib" #o755)
670 '#$(map hidden-service-name
671 (tor-configuration-hidden-services config)))))
673 (define tor-service-type
674 (service-type (name 'tor)
676 (list (service-extension shepherd-root-service-type
677 tor-shepherd-service)
678 (service-extension account-service-type
679 (const %tor-accounts))
680 (service-extension activation-service-type
681 tor-hidden-service-activation)))
683 ;; This can be extended with hidden services.
684 (compose concatenate)
685 (extend (lambda (config services)
689 (append (tor-configuration-hidden-services config)
691 (default-value (tor-configuration))
693 "Run the @uref{https://torproject.org, Tor} anonymous
694 networking daemon.")))
696 (define* (tor-service #:optional
697 (config-file (plain-file "empty" ""))
699 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
702 The daemon runs as the @code{tor} unprivileged user. It is passed
703 @var{config-file}, a file-like object, with an additional @code{User tor} line
704 and lines for hidden services added via @code{tor-hidden-service}. Run
705 @command{man tor} for information about the configuration file."
706 (service tor-service-type
707 (tor-configuration (tor tor)
708 (config-file config-file))))
710 (define tor-hidden-service-type
711 ;; A type that extends Tor with hidden services.
712 (service-type (name 'tor-hidden-service)
714 (list (service-extension tor-service-type list)))
716 "Define a new Tor @dfn{hidden service}.")))
718 (define (tor-hidden-service name mapping)
719 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
720 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
723 '((22 \"127.0.0.1:22\")
724 (80 \"127.0.0.1:8080\"))
727 In this example, port 22 of the hidden service is mapped to local port 22, and
728 port 80 is mapped to local port 8080.
730 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
731 the @file{hostname} file contains the @code{.onion} host name for the hidden
734 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
735 project's documentation} for more information."
736 (service tor-hidden-service-type
737 (hidden-service name mapping)))
744 (define-record-type* <bitlbee-configuration>
745 bitlbee-configuration make-bitlbee-configuration
746 bitlbee-configuration?
747 (bitlbee bitlbee-configuration-bitlbee
749 (interface bitlbee-configuration-interface
750 (default "127.0.0.1"))
751 (port bitlbee-configuration-port
753 (extra-settings bitlbee-configuration-extra-settings
756 (define bitlbee-shepherd-service
758 (($ <bitlbee-configuration> bitlbee interface port extra-settings)
759 (let ((conf (plain-file "bitlbee.conf"
763 ConfigDir = /var/lib/bitlbee
764 DaemonInterface = " interface "
765 DaemonPort = " (number->string port) "
768 (with-imported-modules (source-module-closure
769 '((gnu build shepherd)
770 (gnu system file-systems)))
771 (list (shepherd-service
772 (provision '(bitlbee))
774 ;; Note: If networking is not up, then /etc/resolv.conf
775 ;; doesn't get mapped in the container, hence the dependency
777 (requirement '(user-processes networking))
779 (modules '((gnu build shepherd)
780 (gnu system file-systems)))
781 (start #~(make-forkexec-constructor/container
782 (list #$(file-append bitlbee "/sbin/bitlbee")
783 "-n" "-F" "-u" "bitlbee" "-c" #$conf)
785 #:pid-file "/var/run/bitlbee.pid"
786 #:mappings (list (file-system-mapping
787 (source "/var/lib/bitlbee")
790 (stop #~(make-kill-destructor)))))))))
792 (define %bitlbee-accounts
793 ;; User group and account to run BitlBee.
794 (list (user-group (name "bitlbee") (system? #t))
799 (comment "BitlBee daemon user")
800 (home-directory "/var/empty")
801 (shell (file-append shadow "/sbin/nologin")))))
803 (define %bitlbee-activation
804 ;; Activation gexp for BitlBee.
806 (use-modules (guix build utils))
808 ;; This directory is used to store OTR data.
809 (mkdir-p "/var/lib/bitlbee")
810 (let ((user (getpwnam "bitlbee")))
811 (chown "/var/lib/bitlbee"
812 (passwd:uid user) (passwd:gid user)))))
814 (define bitlbee-service-type
815 (service-type (name 'bitlbee)
817 (list (service-extension shepherd-root-service-type
818 bitlbee-shepherd-service)
819 (service-extension account-service-type
820 (const %bitlbee-accounts))
821 (service-extension activation-service-type
822 (const %bitlbee-activation))))
823 (default-value (bitlbee-configuration))
825 "Run @url{http://bitlbee.org,BitlBee}, a daemon that acts as
826 a gateway between IRC and chat networks.")))
828 (define* (bitlbee-service #:key (bitlbee bitlbee)
829 (interface "127.0.0.1") (port 6667)
831 "Return a service that runs @url{http://bitlbee.org,BitlBee}, a daemon that
832 acts as a gateway between IRC and chat networks.
834 The daemon will listen to the interface corresponding to the IP address
835 specified in @var{interface}, on @var{port}. @code{127.0.0.1} means that only
836 local clients can connect, whereas @code{0.0.0.0} means that connections can
837 come from any networking interface.
839 In addition, @var{extra-settings} specifies a string to append to the
841 (service bitlbee-service-type
842 (bitlbee-configuration
844 (interface interface) (port port)
845 (extra-settings extra-settings))))
852 (define %wicd-activation
853 ;; Activation gexp for Wicd.
855 (use-modules (guix build utils))
857 (mkdir-p "/etc/wicd")
858 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
859 (unless (file-exists? file-name)
860 (copy-file (string-append #$wicd file-name)
863 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
864 ;; named socket files.
865 (mkdir-p "/var/run/wpa_supplicant")
866 (chmod "/var/run/wpa_supplicant" #o750)))
868 (define (wicd-shepherd-service wicd)
869 "Return a shepherd service for WICD."
870 (list (shepherd-service
871 (documentation "Run the Wicd network manager.")
872 (provision '(networking))
873 (requirement '(user-processes dbus-system loopback))
874 (start #~(make-forkexec-constructor
875 (list (string-append #$wicd "/sbin/wicd")
877 (stop #~(make-kill-destructor)))))
879 (define wicd-service-type
880 (service-type (name 'wicd)
882 (list (service-extension shepherd-root-service-type
883 wicd-shepherd-service)
884 (service-extension dbus-root-service-type
886 (service-extension activation-service-type
887 (const %wicd-activation))
889 ;; Add Wicd to the global profile.
890 (service-extension profile-service-type list)))
892 "Run @url{https://launchpad.net/wicd,Wicd}, a network
893 management daemon that aims to simplify wired and wireless networking.")))
895 (define* (wicd-service #:key (wicd wicd))
896 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
897 management daemon that aims to simplify wired and wireless networking.
899 This service adds the @var{wicd} package to the global profile, providing
900 several commands to interact with the daemon and configure networking:
901 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
902 and @command{wicd-curses} user interfaces."
903 (service wicd-service-type wicd))
910 (define-record-type* <network-manager-configuration>
911 network-manager-configuration make-network-manager-configuration
912 network-manager-configuration?
913 (network-manager network-manager-configuration-network-manager
914 (default network-manager))
915 (dns network-manager-configuration-dns
917 (vpn-plugins network-manager-vpn-plugins ;list of <package>
920 (define %network-manager-activation
921 ;; Activation gexp for NetworkManager.
923 (use-modules (guix build utils))
924 (mkdir-p "/etc/NetworkManager/system-connections")))
926 (define (vpn-plugin-directory plugins)
927 "Return a directory containing PLUGINS, the NM VPN plugins."
928 (directory-union "network-manager-vpn-plugins" plugins))
930 (define network-manager-environment
932 (($ <network-manager-configuration> network-manager dns vpn-plugins)
933 ;; Define this variable in the global environment such that
934 ;; "nmcli connection import type openvpn file foo.ovpn" works.
935 `(("NM_VPN_PLUGIN_DIR"
936 . ,(file-append (vpn-plugin-directory vpn-plugins)
937 "/lib/NetworkManager/VPN"))))))
939 (define network-manager-shepherd-service
941 (($ <network-manager-configuration> network-manager dns vpn-plugins)
942 (let ((conf (plain-file "NetworkManager.conf"
943 (string-append "[main]\ndns=" dns "\n")))
944 (vpn (vpn-plugin-directory vpn-plugins)))
945 (list (shepherd-service
946 (documentation "Run the NetworkManager.")
947 (provision '(networking))
948 (requirement '(user-processes dbus-system wpa-supplicant loopback))
949 (start #~(make-forkexec-constructor
950 (list (string-append #$network-manager
951 "/sbin/NetworkManager")
952 (string-append "--config=" #$conf)
954 #:environment-variables
955 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
956 "/lib/NetworkManager/VPN"))))
957 (stop #~(make-kill-destructor))))))))
959 (define network-manager-service-type
963 (($ <network-manager-configuration> network-manager)
964 (list network-manager)))))
967 (name 'network-manager)
969 (list (service-extension shepherd-root-service-type
970 network-manager-shepherd-service)
971 (service-extension dbus-root-service-type config->package)
972 (service-extension polkit-service-type config->package)
973 (service-extension activation-service-type
974 (const %network-manager-activation))
975 (service-extension session-environment-service-type
976 network-manager-environment)
977 ;; Add network-manager to the system profile.
978 (service-extension profile-service-type config->package)))
979 (default-value (network-manager-configuration))
981 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
982 NetworkManager}, a network management daemon that aims to simplify wired and
983 wireless networking."))))
990 (define-record-type* <connman-configuration>
991 connman-configuration make-connman-configuration
992 connman-configuration?
993 (connman connman-configuration-connman
995 (disable-vpn? connman-configuration-disable-vpn?
998 (define (connman-activation config)
999 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
1000 (with-imported-modules '((guix build utils))
1002 (use-modules (guix build utils))
1003 (mkdir-p "/var/lib/connman/")
1004 (unless #$disable-vpn?
1005 (mkdir-p "/var/lib/connman-vpn/"))))))
1007 (define (connman-shepherd-service config)
1008 "Return a shepherd service for Connman"
1010 (connman-configuration? config)
1011 (let ((connman (connman-configuration-connman config))
1012 (disable-vpn? (connman-configuration-disable-vpn? config)))
1013 (list (shepherd-service
1014 (documentation "Run Connman")
1015 (provision '(networking))
1017 '(user-processes dbus-system loopback wpa-supplicant))
1018 (start #~(make-forkexec-constructor
1019 (list (string-append #$connman
1022 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
1023 (stop #~(make-kill-destructor)))))))
1025 (define connman-service-type
1026 (let ((connman-package (compose list connman-configuration-connman)))
1027 (service-type (name 'connman)
1029 (list (service-extension shepherd-root-service-type
1030 connman-shepherd-service)
1031 (service-extension dbus-root-service-type
1033 (service-extension activation-service-type
1035 ;; Add connman to the system profile.
1036 (service-extension profile-service-type
1039 "Run @url{https://01.org/connman,Connman},
1040 a network connection manager."))))
1048 (define (wpa-supplicant-shepherd-service wpa-supplicant)
1049 "Return a shepherd service for wpa_supplicant"
1050 (list (shepherd-service
1051 (documentation "Run WPA supplicant with dbus interface")
1052 (provision '(wpa-supplicant))
1053 (requirement '(user-processes dbus-system loopback))
1054 (start #~(make-forkexec-constructor
1055 (list (string-append #$wpa-supplicant
1056 "/sbin/wpa_supplicant")
1057 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1058 #:pid-file "/var/run/wpa_supplicant.pid"))
1059 (stop #~(make-kill-destructor)))))
1061 (define wpa-supplicant-service-type
1062 (service-type (name 'wpa-supplicant)
1064 (list (service-extension shepherd-root-service-type
1065 wpa-supplicant-shepherd-service)
1066 (service-extension dbus-root-service-type list)
1067 (service-extension profile-service-type list)))
1068 (default-value wpa-supplicant)))
1075 (define-record-type* <openvswitch-configuration>
1076 openvswitch-configuration make-openvswitch-configuration
1077 openvswitch-configuration?
1078 (package openvswitch-configuration-package
1079 (default openvswitch)))
1081 (define openvswitch-activation
1083 (($ <openvswitch-configuration> package)
1084 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1085 (with-imported-modules '((guix build utils))
1087 (use-modules (guix build utils))
1088 (mkdir-p "/var/run/openvswitch")
1089 (mkdir-p "/var/lib/openvswitch")
1090 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1091 (unless (file-exists? conf.db)
1092 (system* #$ovsdb-tool "create" conf.db)))))))))
1094 (define openvswitch-shepherd-service
1096 (($ <openvswitch-configuration> package)
1097 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1098 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1101 (provision '(ovsdb))
1102 (documentation "Run the Open vSwitch database server.")
1103 (start #~(make-forkexec-constructor
1104 (list #$ovsdb-server "--pidfile"
1105 "--remote=punix:/var/run/openvswitch/db.sock")
1106 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1107 (stop #~(make-kill-destructor)))
1109 (provision '(vswitchd))
1110 (requirement '(ovsdb))
1111 (documentation "Run the Open vSwitch daemon.")
1112 (start #~(make-forkexec-constructor
1113 (list #$ovs-vswitchd "--pidfile")
1114 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1115 (stop #~(make-kill-destructor))))))))
1117 (define openvswitch-service-type
1121 (list (service-extension activation-service-type
1122 openvswitch-activation)
1123 (service-extension profile-service-type
1124 (compose list openvswitch-configuration-package))
1125 (service-extension shepherd-root-service-type
1126 openvswitch-shepherd-service)))
1128 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1129 switch designed to enable massive network automation through programmatic
1132 ;;; networking.scm ends here