1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
7 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
8 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
9 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
10 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
12 ;;; This file is part of GNU Guix.
14 ;;; GNU Guix is free software; you can redistribute it and/or modify it
15 ;;; under the terms of the GNU General Public License as published by
16 ;;; the Free Software Foundation; either version 3 of the License, or (at
17 ;;; your option) any later version.
19 ;;; GNU Guix is distributed in the hope that it will be useful, but
20 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
21 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 ;;; GNU General Public License for more details.
24 ;;; You should have received a copy of the GNU General Public License
25 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
27 (define-module (gnu services networking)
28 #:use-module (gnu services)
29 #:use-module (gnu services base)
30 #:use-module (gnu services shepherd)
31 #:use-module (gnu services dbus)
32 #:use-module (gnu system shadow)
33 #:use-module (gnu system pam)
34 #:use-module (gnu packages admin)
35 #:use-module (gnu packages connman)
36 #:use-module (gnu packages freedesktop)
37 #:use-module (gnu packages linux)
38 #:use-module (gnu packages tor)
39 #:use-module (gnu packages messaging)
40 #:use-module (gnu packages networking)
41 #:use-module (gnu packages ntp)
42 #:use-module (gnu packages wicd)
43 #:use-module (gnu packages gnome)
44 #:use-module (guix gexp)
45 #:use-module (guix records)
46 #:use-module (guix modules)
47 #:use-module (srfi srfi-1)
48 #:use-module (srfi srfi-9)
49 #:use-module (srfi srfi-26)
50 #:use-module (ice-9 match)
51 #:re-export (static-networking-service
52 static-networking-service-type)
53 #:export (%facebook-host-aliases
59 dhcpd-configuration-package
60 dhcpd-configuration-config-file
61 dhcpd-configuration-version
62 dhcpd-configuration-run-directory
63 dhcpd-configuration-lease-file
64 dhcpd-configuration-pid-file
65 dhcpd-configuration-interfaces
74 openntpd-configuration
75 openntpd-configuration?
91 network-manager-configuration
92 network-manager-configuration?
93 network-manager-configuration-dns
94 network-manager-service-type
97 connman-configuration?
100 modem-manager-configuration
101 modem-manager-configuration?
102 modem-manager-service-type
103 wpa-supplicant-service-type
105 openvswitch-service-type
106 openvswitch-configuration))
110 ;;; Networking services.
114 (define %facebook-host-aliases
115 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
118 # Block Facebook IPv4.
119 127.0.0.1 www.facebook.com
120 127.0.0.1 facebook.com
121 127.0.0.1 login.facebook.com
122 127.0.0.1 www.login.facebook.com
124 127.0.0.1 www.fbcdn.net
126 127.0.0.1 www.fbcdn.com
127 127.0.0.1 static.ak.fbcdn.net
128 127.0.0.1 static.ak.connect.facebook.com
129 127.0.0.1 connect.facebook.net
130 127.0.0.1 www.connect.facebook.net
131 127.0.0.1 apps.facebook.com
133 # Block Facebook IPv6.
134 fe80::1%lo0 facebook.com
135 fe80::1%lo0 login.facebook.com
136 fe80::1%lo0 www.login.facebook.com
137 fe80::1%lo0 fbcdn.net
138 fe80::1%lo0 www.fbcdn.net
139 fe80::1%lo0 fbcdn.com
140 fe80::1%lo0 www.fbcdn.com
141 fe80::1%lo0 static.ak.fbcdn.net
142 fe80::1%lo0 static.ak.connect.facebook.com
143 fe80::1%lo0 connect.facebook.net
144 fe80::1%lo0 www.connect.facebook.net
145 fe80::1%lo0 apps.facebook.com\n")
147 (define dhcp-client-service-type
148 (shepherd-service-type
152 (file-append dhcp "/sbin/dhclient"))
155 "/var/run/dhclient.pid")
158 (documentation "Set up networking via DHCP.")
159 (requirement '(user-processes udev))
161 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
162 ;; networking is unavailable, but also means that the interface is not up
163 ;; yet when 'start' completes. To wait for the interface to be ready, one
164 ;; should instead monitor udev events.
165 (provision '(networking))
168 ;; When invoked without any arguments, 'dhclient' discovers all
169 ;; non-loopback interfaces *that are up*. However, the relevant
170 ;; interfaces are typically down at this point. Thus we perform
171 ;; our own interface discovery here.
173 (negate loopback-network-interface?))
175 (filter valid? (all-network-interface-names)))
177 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
178 ;; actually send/receive over them.
179 (for-each set-network-interface-up ifaces)
181 (false-if-exception (delete-file #$pid-file))
182 (let ((pid (fork+exec-command
183 (cons* #$dhclient "-nw"
184 "-pf" #$pid-file ifaces))))
185 (and (zero? (cdr (waitpid pid)))
189 (call-with-input-file #$pid-file read))
191 ;; 'dhclient' returned before PID-FILE was created,
193 (let ((errno (system-error-errno args)))
198 (apply throw args))))))))))
199 (stop #~(make-kill-destructor))))))
201 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
202 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
203 Protocol (DHCP) client, on all the non-loopback network interfaces."
204 (service dhcp-client-service-type dhcp))
206 (define-record-type* <dhcpd-configuration>
207 dhcpd-configuration make-dhcpd-configuration
209 (package dhcpd-configuration-package ;<package>
211 (config-file dhcpd-configuration-config-file ;file-like
213 (version dhcpd-configuration-version ;"4", "6", or "4o6"
215 (run-directory dhcpd-configuration-run-directory
216 (default "/run/dhcpd"))
217 (lease-file dhcpd-configuration-lease-file
218 (default "/var/db/dhcpd.leases"))
219 (pid-file dhcpd-configuration-pid-file
220 (default "/run/dhcpd/dhcpd.pid"))
221 ;; list of strings, e.g. (list "enp0s25")
222 (interfaces dhcpd-configuration-interfaces
225 (define dhcpd-shepherd-service
227 (($ <dhcpd-configuration> package config-file version run-directory
228 lease-file pid-file interfaces)
230 (error "Must supply a config-file"))
231 (list (shepherd-service
232 ;; Allow users to easily run multiple versions simultaneously.
233 (provision (list (string->symbol
234 (string-append "dhcpv" version "-daemon"))))
235 (documentation (string-append "Run the DHCPv" version " daemon"))
236 (requirement '(networking))
237 (start #~(make-forkexec-constructor
238 '(#$(file-append package "/sbin/dhcpd")
239 #$(string-append "-" version)
244 #:pid-file #$pid-file))
245 (stop #~(make-kill-destructor)))))))
247 (define dhcpd-activation
249 (($ <dhcpd-configuration> package config-file version run-directory
250 lease-file pid-file interfaces)
251 (with-imported-modules '((guix build utils))
253 (unless (file-exists? #$run-directory)
254 (mkdir #$run-directory))
255 ;; According to the DHCP manual (man dhcpd.leases), the lease
256 ;; database must be present for dhcpd to start successfully.
257 (unless (file-exists? #$lease-file)
258 (with-output-to-file #$lease-file
259 (lambda _ (display ""))))
260 ;; Validate the config.
262 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
265 (define dhcpd-service-type
269 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
270 (service-extension activation-service-type dhcpd-activation)))))
273 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
274 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
275 ;; for this NTP pool "zone".
276 '("0.guix.pool.ntp.org"
277 "1.guix.pool.ntp.org"
278 "2.guix.pool.ntp.org"
279 "3.guix.pool.ntp.org"))
287 (define-record-type* <ntp-configuration>
288 ntp-configuration make-ntp-configuration
290 (ntp ntp-configuration-ntp
292 (servers ntp-configuration-servers)
293 (allow-large-adjustment? ntp-allow-large-adjustment?
296 (define ntp-shepherd-service
298 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
300 ;; TODO: Add authentication support.
302 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
303 (string-join (map (cut string-append "server " <>)
307 # Disable status queries as a workaround for CVE-2013-5211:
308 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
309 restrict default kod nomodify notrap nopeer noquery
310 restrict -6 default kod nomodify notrap nopeer noquery
312 # Yet, allow use of the local 'ntpq'.
317 (plain-file "ntpd.conf" config))
319 (list (shepherd-service
321 (documentation "Run the Network Time Protocol (NTP) daemon.")
322 (requirement '(user-processes networking))
323 (start #~(make-forkexec-constructor
324 (list (string-append #$ntp "/bin/ntpd") "-n"
325 "-c" #$ntpd.conf "-u" "ntpd"
326 #$@(if allow-large-adjustment?
329 (stop #~(make-kill-destructor))))))))
331 (define %ntp-accounts
336 (comment "NTP daemon user")
337 (home-directory "/var/empty")
338 (shell (file-append shadow "/sbin/nologin")))))
341 (define (ntp-service-activation config)
342 "Return the activation gexp for CONFIG."
343 (with-imported-modules '((guix build utils))
345 (use-modules (guix build utils))
349 (let ((directory "/var/run/ntpd"))
351 (chown directory (passwd:uid %user) (passwd:gid %user))))))
353 (define ntp-service-type
354 (service-type (name 'ntp)
356 (list (service-extension shepherd-root-service-type
357 ntp-shepherd-service)
358 (service-extension account-service-type
359 (const %ntp-accounts))
360 (service-extension activation-service-type
361 ntp-service-activation)))
363 "Run the @command{ntpd}, the Network Time Protocol (NTP)
364 daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
365 will keep the system clock synchronized with that of the given servers.")))
367 (define* (ntp-service #:key (ntp ntp)
368 (servers %ntp-servers)
369 allow-large-adjustment?)
370 "Return a service that runs the daemon from @var{ntp}, the
371 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
372 keep the system clock synchronized with that of @var{servers}.
373 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
374 make an initial adjustment of more than 1,000 seconds."
375 (service ntp-service-type
376 (ntp-configuration (ntp ntp)
378 (allow-large-adjustment?
379 allow-large-adjustment?))))
386 (define-record-type* <openntpd-configuration>
387 openntpd-configuration make-openntpd-configuration
388 openntpd-configuration?
389 (openntpd openntpd-configuration-openntpd
391 (listen-on openntpd-listen-on
392 (default '("127.0.0.1"
394 (query-from openntpd-query-from
396 (sensor openntpd-sensor
398 (server openntpd-server
399 (default %ntp-servers))
400 (servers openntpd-servers
402 (constraint-from openntpd-constraint-from
404 (constraints-from openntpd-constraints-from
406 (allow-large-adjustment? openntpd-allow-large-adjustment?
407 (default #f))) ; upstream default
409 (define (openntpd-shepherd-service config)
410 (match-record config <openntpd-configuration>
411 (openntpd listen-on query-from sensor server servers constraint-from
412 constraints-from allow-large-adjustment?)
417 (lambda (field value)
419 (map (cut string-append field <> "\n")
421 '("listen on " "query from " "sensor " "server " "servers "
423 (list listen-on query-from sensor server servers constraint-from))
424 ;; The 'constraints from' field needs to be enclosed in double quotes.
426 (map (cut string-append "constraints from \"" <> "\"\n")
430 (plain-file "ntpd.conf" config))
432 (list (shepherd-service
434 (documentation "Run the Network Time Protocol (NTP) daemon.")
435 (requirement '(user-processes networking))
436 (start #~(make-forkexec-constructor
437 (list (string-append #$openntpd "/sbin/ntpd")
439 "-d" ;; don't daemonize
440 #$@(if allow-large-adjustment?
443 ;; When ntpd is daemonized it repeatedly tries to respawn
444 ;; while running, leading shepherd to disable it. To
445 ;; prevent spamming stderr, redirect output to logfile.
446 #:log-file "/var/log/ntpd"))
447 (stop #~(make-kill-destructor)))))))
449 (define (openntpd-service-activation config)
450 "Return the activation gexp for CONFIG."
451 (with-imported-modules '((guix build utils))
453 (use-modules (guix build utils))
457 (unless (file-exists? "/var/db/ntpd.drift")
458 (with-output-to-file "/var/db/ntpd.drift"
460 (format #t "0.0")))))))
462 (define openntpd-service-type
463 (service-type (name 'openntpd)
465 (list (service-extension shepherd-root-service-type
466 openntpd-shepherd-service)
467 (service-extension account-service-type
468 (const %ntp-accounts))
469 (service-extension profile-service-type
470 (compose list openntpd-configuration-openntpd))
471 (service-extension activation-service-type
472 openntpd-service-activation)))
473 (default-value (openntpd-configuration))
475 "Run the @command{ntpd}, the Network Time Protocol (NTP)
476 daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
477 daemon will keep the system clock synchronized with that of the given servers.")))
484 (define-record-type* <inetd-configuration> inetd-configuration
485 make-inetd-configuration
487 (program inetd-configuration-program ;file-like
488 (default (file-append inetutils "/libexec/inetd")))
489 (entries inetd-configuration-entries ;list of <inetd-entry>
492 (define-record-type* <inetd-entry> inetd-entry make-inetd-entry
494 (node inetd-entry-node ;string or #f
496 (name inetd-entry-name) ;string, from /etc/services
498 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
500 (protocol inetd-entry-protocol) ;string, from /etc/protocols
502 (wait? inetd-entry-wait? ;Boolean
504 (user inetd-entry-user) ;string
506 (program inetd-entry-program ;string or file-like object
507 (default "internal"))
508 (arguments inetd-entry-arguments ;list of strings or file-like objects
511 (define (inetd-config-file entries)
512 (apply mixed-text-file "inetd.conf"
515 (let* ((node (inetd-entry-node entry))
516 (name (inetd-entry-name entry))
518 (if node (string-append node ":" name) name))
520 (match (inetd-entry-socket-type entry)
521 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
522 (symbol->string (inetd-entry-socket-type entry)))))
523 (protocol (inetd-entry-protocol entry))
524 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
525 (user (inetd-entry-user entry))
526 (program (inetd-entry-program entry))
527 (args (inetd-entry-arguments entry)))
530 (list #$@(list socket type protocol wait user program) #$@args)
534 (define inetd-shepherd-service
536 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
537 (($ <inetd-configuration> program entries)
540 (documentation "Run inetd.")
542 (requirement '(user-processes networking syslogd))
543 (start #~(make-forkexec-constructor
544 (list #$program #$(inetd-config-file entries))
545 #:pid-file "/var/run/inetd.pid"))
546 (stop #~(make-kill-destructor)))))))
548 (define-public inetd-service-type
552 (list (service-extension shepherd-root-service-type
553 inetd-shepherd-service)))
555 ;; The service can be extended with additional lists of entries.
556 (compose concatenate)
557 (extend (lambda (config entries)
560 (entries (append (inetd-configuration-entries config)
563 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
564 for listening on Internet sockets and spawning the corresponding services on
572 (define-record-type* <tor-configuration>
573 tor-configuration make-tor-configuration
575 (tor tor-configuration-tor
577 (config-file tor-configuration-config-file
578 (default (plain-file "empty" "")))
579 (hidden-services tor-configuration-hidden-services
582 (define %tor-accounts
583 ;; User account and groups for Tor.
584 (list (user-group (name "tor") (system? #t))
589 (comment "Tor daemon user")
590 (home-directory "/var/empty")
591 (shell (file-append shadow "/sbin/nologin")))))
593 (define-record-type <hidden-service>
594 (hidden-service name mapping)
596 (name hidden-service-name) ;string
597 (mapping hidden-service-mapping)) ;list of port/address tuples
599 (define (tor-configuration->torrc config)
600 "Return a 'torrc' file for CONFIG."
602 (($ <tor-configuration> tor config-file services)
605 (with-imported-modules '((guix build utils))
607 (use-modules (guix build utils)
610 (call-with-output-file #$output
613 ### These lines were generated from your system configuration:
615 DataDirectory /var/lib/tor
616 PidFile /var/run/tor/tor.pid
617 Log notice syslog\n" port)
619 (for-each (match-lambda
620 ((service (ports hosts) ...)
622 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
624 (for-each (lambda (tcp-port host)
626 HiddenServicePort ~a ~a~%"
629 '#$(map (match-lambda
630 (($ <hidden-service> name mapping)
631 (cons name mapping)))
635 ### End of automatically generated lines.\n\n" port)
637 ;; Append the user's config file.
638 (call-with-input-file #$config-file
640 (dump-port input port)))
643 (define (tor-shepherd-service config)
644 "Return a <shepherd-service> running Tor."
646 (($ <tor-configuration> tor)
647 (let ((torrc (tor-configuration->torrc config)))
648 (with-imported-modules (source-module-closure
649 '((gnu build shepherd)
650 (gnu system file-systems)))
651 (list (shepherd-service
654 ;; Tor needs at least one network interface to be up, hence the
655 ;; dependency on 'loopback'.
656 (requirement '(user-processes loopback syslogd))
658 (modules '((gnu build shepherd)
659 (gnu system file-systems)))
661 (start #~(make-forkexec-constructor/container
662 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
664 #:mappings (list (file-system-mapping
665 (source "/var/lib/tor")
669 (source "/dev/log") ;for syslog
672 (source "/var/run/tor")
675 #:pid-file "/var/run/tor/tor.pid"))
676 (stop #~(make-kill-destructor))
677 (documentation "Run the Tor anonymous network overlay."))))))))
679 (define (tor-hidden-service-activation config)
680 "Set up directories for Tor and its hidden services, if any."
682 (use-modules (guix build utils))
687 (define (initialize service)
688 (let ((directory (string-append "/var/lib/tor/hidden-services/"
691 (chown directory (passwd:uid %user) (passwd:gid %user))
693 ;; The daemon bails out if we give wider permissions.
694 (chmod directory #o700)))
696 ;; Allow Tor to write its PID file.
697 (mkdir-p "/var/run/tor")
698 (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
699 ;; Set the group permissions to rw so that if the system administrator
700 ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
701 ;; of the "tor" group will be able to use the SOCKS socket.
702 (chmod "/var/run/tor" #o750)
704 ;; Allow Tor to access the hidden services' directories.
705 (mkdir-p "/var/lib/tor")
706 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
707 (chmod "/var/lib/tor" #o700)
709 ;; Make sure /var/lib is accessible to the 'tor' user.
710 (chmod "/var/lib" #o755)
713 '#$(map hidden-service-name
714 (tor-configuration-hidden-services config)))))
716 (define tor-service-type
717 (service-type (name 'tor)
719 (list (service-extension shepherd-root-service-type
720 tor-shepherd-service)
721 (service-extension account-service-type
722 (const %tor-accounts))
723 (service-extension activation-service-type
724 tor-hidden-service-activation)))
726 ;; This can be extended with hidden services.
727 (compose concatenate)
728 (extend (lambda (config services)
732 (append (tor-configuration-hidden-services config)
734 (default-value (tor-configuration))
736 "Run the @uref{https://torproject.org, Tor} anonymous
737 networking daemon.")))
739 (define* (tor-service #:optional
740 (config-file (plain-file "empty" ""))
742 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
745 The daemon runs as the @code{tor} unprivileged user. It is passed
746 @var{config-file}, a file-like object, with an additional @code{User tor} line
747 and lines for hidden services added via @code{tor-hidden-service}. Run
748 @command{man tor} for information about the configuration file."
749 (service tor-service-type
750 (tor-configuration (tor tor)
751 (config-file config-file))))
753 (define tor-hidden-service-type
754 ;; A type that extends Tor with hidden services.
755 (service-type (name 'tor-hidden-service)
757 (list (service-extension tor-service-type list)))
759 "Define a new Tor @dfn{hidden service}.")))
761 (define (tor-hidden-service name mapping)
762 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
763 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
766 '((22 \"127.0.0.1:22\")
767 (80 \"127.0.0.1:8080\"))
770 In this example, port 22 of the hidden service is mapped to local port 22, and
771 port 80 is mapped to local port 8080.
773 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
774 the @file{hostname} file contains the @code{.onion} host name for the hidden
777 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
778 project's documentation} for more information."
779 (service tor-hidden-service-type
780 (hidden-service name mapping)))
787 (define %wicd-activation
788 ;; Activation gexp for Wicd.
790 (use-modules (guix build utils))
792 (mkdir-p "/etc/wicd")
793 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
794 (unless (file-exists? file-name)
795 (copy-file (string-append #$wicd file-name)
798 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
799 ;; named socket files.
800 (mkdir-p "/var/run/wpa_supplicant")
801 (chmod "/var/run/wpa_supplicant" #o750)))
803 (define (wicd-shepherd-service wicd)
804 "Return a shepherd service for WICD."
805 (list (shepherd-service
806 (documentation "Run the Wicd network manager.")
807 (provision '(networking))
808 (requirement '(user-processes dbus-system loopback))
809 (start #~(make-forkexec-constructor
810 (list (string-append #$wicd "/sbin/wicd")
812 (stop #~(make-kill-destructor)))))
814 (define wicd-service-type
815 (service-type (name 'wicd)
817 (list (service-extension shepherd-root-service-type
818 wicd-shepherd-service)
819 (service-extension dbus-root-service-type
821 (service-extension activation-service-type
822 (const %wicd-activation))
824 ;; Add Wicd to the global profile.
825 (service-extension profile-service-type list)))
827 "Run @url{https://launchpad.net/wicd,Wicd}, a network
828 management daemon that aims to simplify wired and wireless networking.")))
830 (define* (wicd-service #:key (wicd wicd))
831 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
832 management daemon that aims to simplify wired and wireless networking.
834 This service adds the @var{wicd} package to the global profile, providing
835 several commands to interact with the daemon and configure networking:
836 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
837 and @command{wicd-curses} user interfaces."
838 (service wicd-service-type wicd))
845 (define-record-type* <modem-manager-configuration>
846 modem-manager-configuration make-modem-manager-configuration
847 modem-manager-configuration?
848 (modem-manager modem-manager-configuration-modem-manager
849 (default modem-manager)))
856 (define-record-type* <network-manager-configuration>
857 network-manager-configuration make-network-manager-configuration
858 network-manager-configuration?
859 (network-manager network-manager-configuration-network-manager
860 (default network-manager))
861 (dns network-manager-configuration-dns
863 (vpn-plugins network-manager-vpn-plugins ;list of <package>
866 (define %network-manager-activation
867 ;; Activation gexp for NetworkManager.
869 (use-modules (guix build utils))
870 (mkdir-p "/etc/NetworkManager/system-connections")))
872 (define (vpn-plugin-directory plugins)
873 "Return a directory containing PLUGINS, the NM VPN plugins."
874 (directory-union "network-manager-vpn-plugins" plugins))
876 (define network-manager-environment
878 (($ <network-manager-configuration> network-manager dns vpn-plugins)
879 ;; Define this variable in the global environment such that
880 ;; "nmcli connection import type openvpn file foo.ovpn" works.
881 `(("NM_VPN_PLUGIN_DIR"
882 . ,(file-append (vpn-plugin-directory vpn-plugins)
883 "/lib/NetworkManager/VPN"))))))
885 (define network-manager-shepherd-service
887 (($ <network-manager-configuration> network-manager dns vpn-plugins)
888 (let ((conf (plain-file "NetworkManager.conf"
889 (string-append "[main]\ndns=" dns "\n")))
890 (vpn (vpn-plugin-directory vpn-plugins)))
891 (list (shepherd-service
892 (documentation "Run the NetworkManager.")
893 (provision '(networking))
894 (requirement '(user-processes dbus-system wpa-supplicant loopback))
895 (start #~(make-forkexec-constructor
896 (list (string-append #$network-manager
897 "/sbin/NetworkManager")
898 (string-append "--config=" #$conf)
900 #:environment-variables
901 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
902 "/lib/NetworkManager/VPN"))))
903 (stop #~(make-kill-destructor))))))))
905 (define network-manager-service-type
909 (($ <network-manager-configuration> network-manager)
910 (list network-manager)))))
913 (name 'network-manager)
915 (list (service-extension shepherd-root-service-type
916 network-manager-shepherd-service)
917 (service-extension dbus-root-service-type config->package)
918 (service-extension polkit-service-type config->package)
919 (service-extension activation-service-type
920 (const %network-manager-activation))
921 (service-extension session-environment-service-type
922 network-manager-environment)
923 ;; Add network-manager to the system profile.
924 (service-extension profile-service-type config->package)))
925 (default-value (network-manager-configuration))
927 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
928 NetworkManager}, a network management daemon that aims to simplify wired and
929 wireless networking."))))
936 (define-record-type* <connman-configuration>
937 connman-configuration make-connman-configuration
938 connman-configuration?
939 (connman connman-configuration-connman
941 (disable-vpn? connman-configuration-disable-vpn?
944 (define (connman-activation config)
945 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
946 (with-imported-modules '((guix build utils))
948 (use-modules (guix build utils))
949 (mkdir-p "/var/lib/connman/")
950 (unless #$disable-vpn?
951 (mkdir-p "/var/lib/connman-vpn/"))))))
953 (define (connman-shepherd-service config)
954 "Return a shepherd service for Connman"
956 (connman-configuration? config)
957 (let ((connman (connman-configuration-connman config))
958 (disable-vpn? (connman-configuration-disable-vpn? config)))
959 (list (shepherd-service
960 (documentation "Run Connman")
961 (provision '(networking))
963 '(user-processes dbus-system loopback wpa-supplicant))
964 (start #~(make-forkexec-constructor
965 (list (string-append #$connman
968 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
969 (stop #~(make-kill-destructor)))))))
971 (define connman-service-type
972 (let ((connman-package (compose list connman-configuration-connman)))
973 (service-type (name 'connman)
975 (list (service-extension shepherd-root-service-type
976 connman-shepherd-service)
977 (service-extension polkit-service-type
979 (service-extension dbus-root-service-type
981 (service-extension activation-service-type
983 ;; Add connman to the system profile.
984 (service-extension profile-service-type
986 (default-value (connman-configuration))
988 "Run @url{https://01.org/connman,Connman},
989 a network connection manager."))))
996 (define modem-manager-service-type
997 (let ((config->package
999 (($ <modem-manager-configuration> modem-manager)
1000 (list modem-manager)))))
1001 (service-type (name 'modem-manager)
1003 (list (service-extension dbus-root-service-type
1005 (service-extension udev-service-type
1007 (service-extension polkit-service-type
1009 (default-value (modem-manager-configuration))
1011 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
1012 ModemManager}, a modem management daemon that aims to simplify dialup
1021 (define (wpa-supplicant-shepherd-service wpa-supplicant)
1022 "Return a shepherd service for wpa_supplicant"
1023 (list (shepherd-service
1024 (documentation "Run WPA supplicant with dbus interface")
1025 (provision '(wpa-supplicant))
1026 (requirement '(user-processes dbus-system loopback))
1027 (start #~(make-forkexec-constructor
1028 (list (string-append #$wpa-supplicant
1029 "/sbin/wpa_supplicant")
1030 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1031 #:pid-file "/var/run/wpa_supplicant.pid"))
1032 (stop #~(make-kill-destructor)))))
1034 (define wpa-supplicant-service-type
1035 (service-type (name 'wpa-supplicant)
1037 (list (service-extension shepherd-root-service-type
1038 wpa-supplicant-shepherd-service)
1039 (service-extension dbus-root-service-type list)
1040 (service-extension profile-service-type list)))
1041 (default-value wpa-supplicant)))
1048 (define-record-type* <openvswitch-configuration>
1049 openvswitch-configuration make-openvswitch-configuration
1050 openvswitch-configuration?
1051 (package openvswitch-configuration-package
1052 (default openvswitch)))
1054 (define openvswitch-activation
1056 (($ <openvswitch-configuration> package)
1057 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1058 (with-imported-modules '((guix build utils))
1060 (use-modules (guix build utils))
1061 (mkdir-p "/var/run/openvswitch")
1062 (mkdir-p "/var/lib/openvswitch")
1063 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1064 (unless (file-exists? conf.db)
1065 (system* #$ovsdb-tool "create" conf.db)))))))))
1067 (define openvswitch-shepherd-service
1069 (($ <openvswitch-configuration> package)
1070 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1071 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1074 (provision '(ovsdb))
1075 (documentation "Run the Open vSwitch database server.")
1076 (start #~(make-forkexec-constructor
1077 (list #$ovsdb-server "--pidfile"
1078 "--remote=punix:/var/run/openvswitch/db.sock")
1079 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1080 (stop #~(make-kill-destructor)))
1082 (provision '(vswitchd))
1083 (requirement '(ovsdb))
1084 (documentation "Run the Open vSwitch daemon.")
1085 (start #~(make-forkexec-constructor
1086 (list #$ovs-vswitchd "--pidfile")
1087 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1088 (stop #~(make-kill-destructor))))))))
1090 (define openvswitch-service-type
1094 (list (service-extension activation-service-type
1095 openvswitch-activation)
1096 (service-extension profile-service-type
1097 (compose list openvswitch-configuration-package))
1098 (service-extension shepherd-root-service-type
1099 openvswitch-shepherd-service)))
1101 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1102 switch designed to enable massive network automation through programmatic
1105 ;;; networking.scm ends here