1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
7 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
8 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
9 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
11 ;;; This file is part of GNU Guix.
13 ;;; GNU Guix is free software; you can redistribute it and/or modify it
14 ;;; under the terms of the GNU General Public License as published by
15 ;;; the Free Software Foundation; either version 3 of the License, or (at
16 ;;; your option) any later version.
18 ;;; GNU Guix is distributed in the hope that it will be useful, but
19 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
20 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ;;; GNU General Public License for more details.
23 ;;; You should have received a copy of the GNU General Public License
24 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
26 (define-module (gnu services networking)
27 #:use-module (gnu services)
28 #:use-module (gnu services base)
29 #:use-module (gnu services shepherd)
30 #:use-module (gnu services dbus)
31 #:use-module (gnu system shadow)
32 #:use-module (gnu system pam)
33 #:use-module (gnu packages admin)
34 #:use-module (gnu packages connman)
35 #:use-module (gnu packages freedesktop)
36 #:use-module (gnu packages linux)
37 #:use-module (gnu packages tor)
38 #:use-module (gnu packages messaging)
39 #:use-module (gnu packages networking)
40 #:use-module (gnu packages ntp)
41 #:use-module (gnu packages wicd)
42 #:use-module (gnu packages gnome)
43 #:use-module (guix gexp)
44 #:use-module (guix records)
45 #:use-module (guix modules)
46 #:use-module (srfi srfi-1)
47 #:use-module (srfi srfi-9)
48 #:use-module (srfi srfi-26)
49 #:use-module (ice-9 match)
50 #:re-export (static-networking-service
51 static-networking-service-type)
52 #:export (%facebook-host-aliases
58 dhcpd-configuration-package
59 dhcpd-configuration-config-file
60 dhcpd-configuration-version
61 dhcpd-configuration-run-directory
62 dhcpd-configuration-lease-file
63 dhcpd-configuration-pid-file
64 dhcpd-configuration-interfaces
73 openntpd-configuration
74 openntpd-configuration?
90 network-manager-configuration
91 network-manager-configuration?
92 network-manager-configuration-dns
93 network-manager-service-type
96 connman-configuration?
99 modem-manager-configuration
100 modem-manager-configuration?
101 modem-manager-service-type
102 wpa-supplicant-service-type
104 openvswitch-service-type
105 openvswitch-configuration))
109 ;;; Networking services.
113 (define %facebook-host-aliases
114 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
117 # Block Facebook IPv4.
118 127.0.0.1 www.facebook.com
119 127.0.0.1 facebook.com
120 127.0.0.1 login.facebook.com
121 127.0.0.1 www.login.facebook.com
123 127.0.0.1 www.fbcdn.net
125 127.0.0.1 www.fbcdn.com
126 127.0.0.1 static.ak.fbcdn.net
127 127.0.0.1 static.ak.connect.facebook.com
128 127.0.0.1 connect.facebook.net
129 127.0.0.1 www.connect.facebook.net
130 127.0.0.1 apps.facebook.com
132 # Block Facebook IPv6.
133 fe80::1%lo0 facebook.com
134 fe80::1%lo0 login.facebook.com
135 fe80::1%lo0 www.login.facebook.com
136 fe80::1%lo0 fbcdn.net
137 fe80::1%lo0 www.fbcdn.net
138 fe80::1%lo0 fbcdn.com
139 fe80::1%lo0 www.fbcdn.com
140 fe80::1%lo0 static.ak.fbcdn.net
141 fe80::1%lo0 static.ak.connect.facebook.com
142 fe80::1%lo0 connect.facebook.net
143 fe80::1%lo0 www.connect.facebook.net
144 fe80::1%lo0 apps.facebook.com\n")
146 (define dhcp-client-service-type
147 (shepherd-service-type
151 (file-append dhcp "/sbin/dhclient"))
154 "/var/run/dhclient.pid")
157 (documentation "Set up networking via DHCP.")
158 (requirement '(user-processes udev))
160 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
161 ;; networking is unavailable, but also means that the interface is not up
162 ;; yet when 'start' completes. To wait for the interface to be ready, one
163 ;; should instead monitor udev events.
164 (provision '(networking))
167 ;; When invoked without any arguments, 'dhclient' discovers all
168 ;; non-loopback interfaces *that are up*. However, the relevant
169 ;; interfaces are typically down at this point. Thus we perform
170 ;; our own interface discovery here.
172 (negate loopback-network-interface?))
174 (filter valid? (all-network-interface-names)))
176 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
177 ;; actually send/receive over them.
178 (for-each set-network-interface-up ifaces)
180 (false-if-exception (delete-file #$pid-file))
181 (let ((pid (fork+exec-command
182 (cons* #$dhclient "-nw"
183 "-pf" #$pid-file ifaces))))
184 (and (zero? (cdr (waitpid pid)))
188 (call-with-input-file #$pid-file read))
190 ;; 'dhclient' returned before PID-FILE was created,
192 (let ((errno (system-error-errno args)))
197 (apply throw args))))))))))
198 (stop #~(make-kill-destructor))))))
200 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
201 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
202 Protocol (DHCP) client, on all the non-loopback network interfaces."
203 (service dhcp-client-service-type dhcp))
205 (define-record-type* <dhcpd-configuration>
206 dhcpd-configuration make-dhcpd-configuration
208 (package dhcpd-configuration-package ;<package>
210 (config-file dhcpd-configuration-config-file ;file-like
212 (version dhcpd-configuration-version ;"4", "6", or "4o6"
214 (run-directory dhcpd-configuration-run-directory
215 (default "/run/dhcpd"))
216 (lease-file dhcpd-configuration-lease-file
217 (default "/var/db/dhcpd.leases"))
218 (pid-file dhcpd-configuration-pid-file
219 (default "/run/dhcpd/dhcpd.pid"))
220 ;; list of strings, e.g. (list "enp0s25")
221 (interfaces dhcpd-configuration-interfaces
224 (define dhcpd-shepherd-service
226 (($ <dhcpd-configuration> package config-file version run-directory
227 lease-file pid-file interfaces)
229 (error "Must supply a config-file"))
230 (list (shepherd-service
231 ;; Allow users to easily run multiple versions simultaneously.
232 (provision (list (string->symbol
233 (string-append "dhcpv" version "-daemon"))))
234 (documentation (string-append "Run the DHCPv" version " daemon"))
235 (requirement '(networking))
236 (start #~(make-forkexec-constructor
237 '(#$(file-append package "/sbin/dhcpd")
238 #$(string-append "-" version)
243 #:pid-file #$pid-file))
244 (stop #~(make-kill-destructor)))))))
246 (define dhcpd-activation
248 (($ <dhcpd-configuration> package config-file version run-directory
249 lease-file pid-file interfaces)
250 (with-imported-modules '((guix build utils))
252 (unless (file-exists? #$run-directory)
253 (mkdir #$run-directory))
254 ;; According to the DHCP manual (man dhcpd.leases), the lease
255 ;; database must be present for dhcpd to start successfully.
256 (unless (file-exists? #$lease-file)
257 (with-output-to-file #$lease-file
258 (lambda _ (display ""))))
259 ;; Validate the config.
261 #$(file-append package "/sbin/dhcpd") "-t" "-cf"
264 (define dhcpd-service-type
268 (list (service-extension shepherd-root-service-type dhcpd-shepherd-service)
269 (service-extension activation-service-type dhcpd-activation)))))
272 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
273 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
274 ;; for this NTP pool "zone".
275 '("0.guix.pool.ntp.org"
276 "1.guix.pool.ntp.org"
277 "2.guix.pool.ntp.org"
278 "3.guix.pool.ntp.org"))
286 (define-record-type* <ntp-configuration>
287 ntp-configuration make-ntp-configuration
289 (ntp ntp-configuration-ntp
291 (servers ntp-configuration-servers)
292 (allow-large-adjustment? ntp-allow-large-adjustment?
295 (define ntp-shepherd-service
297 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
299 ;; TODO: Add authentication support.
301 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
302 (string-join (map (cut string-append "server " <>)
306 # Disable status queries as a workaround for CVE-2013-5211:
307 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
308 restrict default kod nomodify notrap nopeer noquery
309 restrict -6 default kod nomodify notrap nopeer noquery
311 # Yet, allow use of the local 'ntpq'.
316 (plain-file "ntpd.conf" config))
318 (list (shepherd-service
320 (documentation "Run the Network Time Protocol (NTP) daemon.")
321 (requirement '(user-processes networking))
322 (start #~(make-forkexec-constructor
323 (list (string-append #$ntp "/bin/ntpd") "-n"
324 "-c" #$ntpd.conf "-u" "ntpd"
325 #$@(if allow-large-adjustment?
328 (stop #~(make-kill-destructor))))))))
330 (define %ntp-accounts
335 (comment "NTP daemon user")
336 (home-directory "/var/empty")
337 (shell (file-append shadow "/sbin/nologin")))))
340 (define (ntp-service-activation config)
341 "Return the activation gexp for CONFIG."
342 (with-imported-modules '((guix build utils))
344 (use-modules (guix build utils))
348 (let ((directory "/var/run/ntpd"))
350 (chown directory (passwd:uid %user) (passwd:gid %user))))))
352 (define ntp-service-type
353 (service-type (name 'ntp)
355 (list (service-extension shepherd-root-service-type
356 ntp-shepherd-service)
357 (service-extension account-service-type
358 (const %ntp-accounts))
359 (service-extension activation-service-type
360 ntp-service-activation)))
362 "Run the @command{ntpd}, the Network Time Protocol (NTP)
363 daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
364 will keep the system clock synchronized with that of the given servers.")))
366 (define* (ntp-service #:key (ntp ntp)
367 (servers %ntp-servers)
368 allow-large-adjustment?)
369 "Return a service that runs the daemon from @var{ntp}, the
370 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
371 keep the system clock synchronized with that of @var{servers}.
372 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
373 make an initial adjustment of more than 1,000 seconds."
374 (service ntp-service-type
375 (ntp-configuration (ntp ntp)
377 (allow-large-adjustment?
378 allow-large-adjustment?))))
385 (define-record-type* <openntpd-configuration>
386 openntpd-configuration make-openntpd-configuration
387 openntpd-configuration?
388 (openntpd openntpd-configuration-openntpd
390 (listen-on openntpd-listen-on
391 (default '("127.0.0.1"
393 (query-from openntpd-query-from
395 (sensor openntpd-sensor
397 (server openntpd-server
398 (default %ntp-servers))
399 (servers openntpd-servers
401 (constraint-from openntpd-constraint-from
403 (constraints-from openntpd-constraints-from
405 (allow-large-adjustment? openntpd-allow-large-adjustment?
406 (default #f))) ; upstream default
408 (define (openntpd-shepherd-service config)
409 (match-record config <openntpd-configuration>
410 (openntpd listen-on query-from sensor server servers constraint-from
411 constraints-from allow-large-adjustment?)
416 (lambda (field value)
418 (map (cut string-append field <> "\n")
420 '("listen on " "query from " "sensor " "server " "servers "
422 (list listen-on query-from sensor server servers constraint-from))
423 ;; The 'constraints from' field needs to be enclosed in double quotes.
425 (map (cut string-append "constraints from \"" <> "\"\n")
429 (plain-file "ntpd.conf" config))
431 (list (shepherd-service
433 (documentation "Run the Network Time Protocol (NTP) daemon.")
434 (requirement '(user-processes networking))
435 (start #~(make-forkexec-constructor
436 (list (string-append #$openntpd "/sbin/ntpd")
438 "-d" ;; don't daemonize
439 #$@(if allow-large-adjustment?
442 ;; When ntpd is daemonized it repeatedly tries to respawn
443 ;; while running, leading shepherd to disable it. To
444 ;; prevent spamming stderr, redirect output to logfile.
445 #:log-file "/var/log/ntpd"))
446 (stop #~(make-kill-destructor)))))))
448 (define (openntpd-service-activation config)
449 "Return the activation gexp for CONFIG."
450 (with-imported-modules '((guix build utils))
452 (use-modules (guix build utils))
456 (unless (file-exists? "/var/db/ntpd.drift")
457 (with-output-to-file "/var/db/ntpd.drift"
459 (format #t "0.0")))))))
461 (define openntpd-service-type
462 (service-type (name 'openntpd)
464 (list (service-extension shepherd-root-service-type
465 openntpd-shepherd-service)
466 (service-extension account-service-type
467 (const %ntp-accounts))
468 (service-extension profile-service-type
469 (compose list openntpd-configuration-openntpd))
470 (service-extension activation-service-type
471 openntpd-service-activation)))
472 (default-value (openntpd-configuration))
474 "Run the @command{ntpd}, the Network Time Protocol (NTP)
475 daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
476 daemon will keep the system clock synchronized with that of the given servers.")))
483 (define-record-type* <inetd-configuration> inetd-configuration
484 make-inetd-configuration
486 (program inetd-configuration-program ;file-like
487 (default (file-append inetutils "/libexec/inetd")))
488 (entries inetd-configuration-entries ;list of <inetd-entry>
491 (define-record-type* <inetd-entry> inetd-entry make-inetd-entry
493 (node inetd-entry-node ;string or #f
495 (name inetd-entry-name) ;string, from /etc/services
497 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
499 (protocol inetd-entry-protocol) ;string, from /etc/protocols
501 (wait? inetd-entry-wait? ;Boolean
503 (user inetd-entry-user) ;string
505 (program inetd-entry-program ;string or file-like object
506 (default "internal"))
507 (arguments inetd-entry-arguments ;list of strings or file-like objects
510 (define (inetd-config-file entries)
511 (apply mixed-text-file "inetd.conf"
514 (let* ((node (inetd-entry-node entry))
515 (name (inetd-entry-name entry))
517 (if node (string-append node ":" name) name))
519 (match (inetd-entry-socket-type entry)
520 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
521 (symbol->string (inetd-entry-socket-type entry)))))
522 (protocol (inetd-entry-protocol entry))
523 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
524 (user (inetd-entry-user entry))
525 (program (inetd-entry-program entry))
526 (args (inetd-entry-arguments entry)))
529 (list #$@(list socket type protocol wait user program) #$@args)
533 (define inetd-shepherd-service
535 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
536 (($ <inetd-configuration> program entries)
539 (documentation "Run inetd.")
541 (requirement '(user-processes networking syslogd))
542 (start #~(make-forkexec-constructor
543 (list #$program #$(inetd-config-file entries))
544 #:pid-file "/var/run/inetd.pid"))
545 (stop #~(make-kill-destructor)))))))
547 (define-public inetd-service-type
551 (list (service-extension shepherd-root-service-type
552 inetd-shepherd-service)))
554 ;; The service can be extended with additional lists of entries.
555 (compose concatenate)
556 (extend (lambda (config entries)
559 (entries (append (inetd-configuration-entries config)
562 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
563 for listening on Internet sockets and spawning the corresponding services on
571 (define-record-type* <tor-configuration>
572 tor-configuration make-tor-configuration
574 (tor tor-configuration-tor
576 (config-file tor-configuration-config-file
577 (default (plain-file "empty" "")))
578 (hidden-services tor-configuration-hidden-services
581 (define %tor-accounts
582 ;; User account and groups for Tor.
583 (list (user-group (name "tor") (system? #t))
588 (comment "Tor daemon user")
589 (home-directory "/var/empty")
590 (shell (file-append shadow "/sbin/nologin")))))
592 (define-record-type <hidden-service>
593 (hidden-service name mapping)
595 (name hidden-service-name) ;string
596 (mapping hidden-service-mapping)) ;list of port/address tuples
598 (define (tor-configuration->torrc config)
599 "Return a 'torrc' file for CONFIG."
601 (($ <tor-configuration> tor config-file services)
604 (with-imported-modules '((guix build utils))
606 (use-modules (guix build utils)
609 (call-with-output-file #$output
612 ### These lines were generated from your system configuration:
614 DataDirectory /var/lib/tor
615 Log notice syslog\n" port)
617 (for-each (match-lambda
618 ((service (ports hosts) ...)
620 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
622 (for-each (lambda (tcp-port host)
624 HiddenServicePort ~a ~a~%"
627 '#$(map (match-lambda
628 (($ <hidden-service> name mapping)
629 (cons name mapping)))
633 ### End of automatically generated lines.\n\n" port)
635 ;; Append the user's config file.
636 (call-with-input-file #$config-file
638 (dump-port input port)))
641 (define (tor-shepherd-service config)
642 "Return a <shepherd-service> running TOR."
644 (($ <tor-configuration> tor)
645 (let ((torrc (tor-configuration->torrc config)))
646 (with-imported-modules (source-module-closure
647 '((gnu build shepherd)
648 (gnu system file-systems)))
649 (list (shepherd-service
652 ;; Tor needs at least one network interface to be up, hence the
653 ;; dependency on 'loopback'.
654 (requirement '(user-processes loopback syslogd))
656 (modules '((gnu build shepherd)
657 (gnu system file-systems)))
659 (start #~(make-forkexec-constructor/container
660 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
662 #:mappings (list (file-system-mapping
663 (source "/var/lib/tor")
667 (source "/dev/log") ;for syslog
669 (stop #~(make-kill-destructor))
670 (documentation "Run the Tor anonymous network overlay."))))))))
672 (define (tor-hidden-service-activation config)
673 "Return the activation gexp for SERVICES, a list of hidden services."
675 (use-modules (guix build utils))
680 (define (initialize service)
681 (let ((directory (string-append "/var/lib/tor/hidden-services/"
684 (chown directory (passwd:uid %user) (passwd:gid %user))
686 ;; The daemon bails out if we give wider permissions.
687 (chmod directory #o700)))
689 (mkdir-p "/var/lib/tor")
690 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
691 (chmod "/var/lib/tor" #o700)
693 ;; Make sure /var/lib is accessible to the 'tor' user.
694 (chmod "/var/lib" #o755)
697 '#$(map hidden-service-name
698 (tor-configuration-hidden-services config)))))
700 (define tor-service-type
701 (service-type (name 'tor)
703 (list (service-extension shepherd-root-service-type
704 tor-shepherd-service)
705 (service-extension account-service-type
706 (const %tor-accounts))
707 (service-extension activation-service-type
708 tor-hidden-service-activation)))
710 ;; This can be extended with hidden services.
711 (compose concatenate)
712 (extend (lambda (config services)
716 (append (tor-configuration-hidden-services config)
718 (default-value (tor-configuration))
720 "Run the @uref{https://torproject.org, Tor} anonymous
721 networking daemon.")))
723 (define* (tor-service #:optional
724 (config-file (plain-file "empty" ""))
726 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
729 The daemon runs as the @code{tor} unprivileged user. It is passed
730 @var{config-file}, a file-like object, with an additional @code{User tor} line
731 and lines for hidden services added via @code{tor-hidden-service}. Run
732 @command{man tor} for information about the configuration file."
733 (service tor-service-type
734 (tor-configuration (tor tor)
735 (config-file config-file))))
737 (define tor-hidden-service-type
738 ;; A type that extends Tor with hidden services.
739 (service-type (name 'tor-hidden-service)
741 (list (service-extension tor-service-type list)))
743 "Define a new Tor @dfn{hidden service}.")))
745 (define (tor-hidden-service name mapping)
746 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
747 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
750 '((22 \"127.0.0.1:22\")
751 (80 \"127.0.0.1:8080\"))
754 In this example, port 22 of the hidden service is mapped to local port 22, and
755 port 80 is mapped to local port 8080.
757 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
758 the @file{hostname} file contains the @code{.onion} host name for the hidden
761 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
762 project's documentation} for more information."
763 (service tor-hidden-service-type
764 (hidden-service name mapping)))
771 (define %wicd-activation
772 ;; Activation gexp for Wicd.
774 (use-modules (guix build utils))
776 (mkdir-p "/etc/wicd")
777 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
778 (unless (file-exists? file-name)
779 (copy-file (string-append #$wicd file-name)
782 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
783 ;; named socket files.
784 (mkdir-p "/var/run/wpa_supplicant")
785 (chmod "/var/run/wpa_supplicant" #o750)))
787 (define (wicd-shepherd-service wicd)
788 "Return a shepherd service for WICD."
789 (list (shepherd-service
790 (documentation "Run the Wicd network manager.")
791 (provision '(networking))
792 (requirement '(user-processes dbus-system loopback))
793 (start #~(make-forkexec-constructor
794 (list (string-append #$wicd "/sbin/wicd")
796 (stop #~(make-kill-destructor)))))
798 (define wicd-service-type
799 (service-type (name 'wicd)
801 (list (service-extension shepherd-root-service-type
802 wicd-shepherd-service)
803 (service-extension dbus-root-service-type
805 (service-extension activation-service-type
806 (const %wicd-activation))
808 ;; Add Wicd to the global profile.
809 (service-extension profile-service-type list)))
811 "Run @url{https://launchpad.net/wicd,Wicd}, a network
812 management daemon that aims to simplify wired and wireless networking.")))
814 (define* (wicd-service #:key (wicd wicd))
815 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
816 management daemon that aims to simplify wired and wireless networking.
818 This service adds the @var{wicd} package to the global profile, providing
819 several commands to interact with the daemon and configure networking:
820 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
821 and @command{wicd-curses} user interfaces."
822 (service wicd-service-type wicd))
829 (define-record-type* <modem-manager-configuration>
830 modem-manager-configuration make-modem-manager-configuration
831 modem-manager-configuration?
832 (modem-manager modem-manager-configuration-modem-manager
833 (default modem-manager)))
840 (define-record-type* <network-manager-configuration>
841 network-manager-configuration make-network-manager-configuration
842 network-manager-configuration?
843 (network-manager network-manager-configuration-network-manager
844 (default network-manager))
845 (dns network-manager-configuration-dns
847 (vpn-plugins network-manager-vpn-plugins ;list of <package>
850 (define %network-manager-activation
851 ;; Activation gexp for NetworkManager.
853 (use-modules (guix build utils))
854 (mkdir-p "/etc/NetworkManager/system-connections")))
856 (define (vpn-plugin-directory plugins)
857 "Return a directory containing PLUGINS, the NM VPN plugins."
858 (directory-union "network-manager-vpn-plugins" plugins))
860 (define network-manager-environment
862 (($ <network-manager-configuration> network-manager dns vpn-plugins)
863 ;; Define this variable in the global environment such that
864 ;; "nmcli connection import type openvpn file foo.ovpn" works.
865 `(("NM_VPN_PLUGIN_DIR"
866 . ,(file-append (vpn-plugin-directory vpn-plugins)
867 "/lib/NetworkManager/VPN"))))))
869 (define network-manager-shepherd-service
871 (($ <network-manager-configuration> network-manager dns vpn-plugins)
872 (let ((conf (plain-file "NetworkManager.conf"
873 (string-append "[main]\ndns=" dns "\n")))
874 (vpn (vpn-plugin-directory vpn-plugins)))
875 (list (shepherd-service
876 (documentation "Run the NetworkManager.")
877 (provision '(networking))
878 (requirement '(user-processes dbus-system wpa-supplicant loopback))
879 (start #~(make-forkexec-constructor
880 (list (string-append #$network-manager
881 "/sbin/NetworkManager")
882 (string-append "--config=" #$conf)
884 #:environment-variables
885 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
886 "/lib/NetworkManager/VPN"))))
887 (stop #~(make-kill-destructor))))))))
889 (define network-manager-service-type
893 (($ <network-manager-configuration> network-manager)
894 (list network-manager)))))
897 (name 'network-manager)
899 (list (service-extension shepherd-root-service-type
900 network-manager-shepherd-service)
901 (service-extension dbus-root-service-type config->package)
902 (service-extension polkit-service-type config->package)
903 (service-extension activation-service-type
904 (const %network-manager-activation))
905 (service-extension session-environment-service-type
906 network-manager-environment)
907 ;; Add network-manager to the system profile.
908 (service-extension profile-service-type config->package)))
909 (default-value (network-manager-configuration))
911 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
912 NetworkManager}, a network management daemon that aims to simplify wired and
913 wireless networking."))))
920 (define-record-type* <connman-configuration>
921 connman-configuration make-connman-configuration
922 connman-configuration?
923 (connman connman-configuration-connman
925 (disable-vpn? connman-configuration-disable-vpn?
928 (define (connman-activation config)
929 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
930 (with-imported-modules '((guix build utils))
932 (use-modules (guix build utils))
933 (mkdir-p "/var/lib/connman/")
934 (unless #$disable-vpn?
935 (mkdir-p "/var/lib/connman-vpn/"))))))
937 (define (connman-shepherd-service config)
938 "Return a shepherd service for Connman"
940 (connman-configuration? config)
941 (let ((connman (connman-configuration-connman config))
942 (disable-vpn? (connman-configuration-disable-vpn? config)))
943 (list (shepherd-service
944 (documentation "Run Connman")
945 (provision '(networking))
947 '(user-processes dbus-system loopback wpa-supplicant))
948 (start #~(make-forkexec-constructor
949 (list (string-append #$connman
952 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
953 (stop #~(make-kill-destructor)))))))
955 (define connman-service-type
956 (let ((connman-package (compose list connman-configuration-connman)))
957 (service-type (name 'connman)
959 (list (service-extension shepherd-root-service-type
960 connman-shepherd-service)
961 (service-extension polkit-service-type
963 (service-extension dbus-root-service-type
965 (service-extension activation-service-type
967 ;; Add connman to the system profile.
968 (service-extension profile-service-type
970 (default-value (connman-configuration))
972 "Run @url{https://01.org/connman,Connman},
973 a network connection manager."))))
980 (define modem-manager-service-type
981 (let ((config->package
983 (($ <modem-manager-configuration> modem-manager)
984 (list modem-manager)))))
985 (service-type (name 'modem-manager)
987 (list (service-extension dbus-root-service-type
989 (service-extension udev-service-type
991 (service-extension polkit-service-type
993 (default-value (modem-manager-configuration))
995 "Run @uref{https://wiki.gnome.org/Projects/ModemManager,
996 ModemManager}, a modem management daemon that aims to simplify dialup
1005 (define (wpa-supplicant-shepherd-service wpa-supplicant)
1006 "Return a shepherd service for wpa_supplicant"
1007 (list (shepherd-service
1008 (documentation "Run WPA supplicant with dbus interface")
1009 (provision '(wpa-supplicant))
1010 (requirement '(user-processes dbus-system loopback))
1011 (start #~(make-forkexec-constructor
1012 (list (string-append #$wpa-supplicant
1013 "/sbin/wpa_supplicant")
1014 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1015 #:pid-file "/var/run/wpa_supplicant.pid"))
1016 (stop #~(make-kill-destructor)))))
1018 (define wpa-supplicant-service-type
1019 (service-type (name 'wpa-supplicant)
1021 (list (service-extension shepherd-root-service-type
1022 wpa-supplicant-shepherd-service)
1023 (service-extension dbus-root-service-type list)
1024 (service-extension profile-service-type list)))
1025 (default-value wpa-supplicant)))
1032 (define-record-type* <openvswitch-configuration>
1033 openvswitch-configuration make-openvswitch-configuration
1034 openvswitch-configuration?
1035 (package openvswitch-configuration-package
1036 (default openvswitch)))
1038 (define openvswitch-activation
1040 (($ <openvswitch-configuration> package)
1041 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1042 (with-imported-modules '((guix build utils))
1044 (use-modules (guix build utils))
1045 (mkdir-p "/var/run/openvswitch")
1046 (mkdir-p "/var/lib/openvswitch")
1047 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1048 (unless (file-exists? conf.db)
1049 (system* #$ovsdb-tool "create" conf.db)))))))))
1051 (define openvswitch-shepherd-service
1053 (($ <openvswitch-configuration> package)
1054 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1055 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1058 (provision '(ovsdb))
1059 (documentation "Run the Open vSwitch database server.")
1060 (start #~(make-forkexec-constructor
1061 (list #$ovsdb-server "--pidfile"
1062 "--remote=punix:/var/run/openvswitch/db.sock")
1063 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1064 (stop #~(make-kill-destructor)))
1066 (provision '(vswitchd))
1067 (requirement '(ovsdb))
1068 (documentation "Run the Open vSwitch daemon.")
1069 (start #~(make-forkexec-constructor
1070 (list #$ovs-vswitchd "--pidfile")
1071 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1072 (stop #~(make-kill-destructor))))))))
1074 (define openvswitch-service-type
1078 (list (service-extension activation-service-type
1079 openvswitch-activation)
1080 (service-extension profile-service-type
1081 (compose list openvswitch-configuration-package))
1082 (service-extension shepherd-root-service-type
1083 openvswitch-shepherd-service)))
1085 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1086 switch designed to enable massive network automation through programmatic
1089 ;;; networking.scm ends here