1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il>
5 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
6 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
7 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
8 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
10 ;;; This file is part of GNU Guix.
12 ;;; GNU Guix is free software; you can redistribute it and/or modify it
13 ;;; under the terms of the GNU General Public License as published by
14 ;;; the Free Software Foundation; either version 3 of the License, or (at
15 ;;; your option) any later version.
17 ;;; GNU Guix is distributed in the hope that it will be useful, but
18 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;;; GNU General Public License for more details.
22 ;;; You should have received a copy of the GNU General Public License
23 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
25 (define-module (gnu services networking)
26 #:use-module (gnu services)
27 #:use-module (gnu services shepherd)
28 #:use-module (gnu services dbus)
29 #:use-module (gnu system shadow)
30 #:use-module (gnu system pam)
31 #:use-module (gnu packages admin)
32 #:use-module (gnu packages connman)
33 #:use-module (gnu packages linux)
34 #:use-module (gnu packages tor)
35 #:use-module (gnu packages messaging)
36 #:use-module (gnu packages networking)
37 #:use-module (gnu packages ntp)
38 #:use-module (gnu packages wicd)
39 #:use-module (gnu packages gnome)
40 #:use-module (guix gexp)
41 #:use-module (guix records)
42 #:use-module (guix modules)
43 #:use-module (srfi srfi-1)
44 #:use-module (srfi srfi-9)
45 #:use-module (srfi srfi-26)
46 #:use-module (ice-9 match)
47 #:export (%facebook-host-aliases
51 static-networking-interface
53 static-networking-netmask
54 static-networking-gateway
55 static-networking-requirement
57 static-networking-service
58 static-networking-service-type
67 openntpd-configuration
68 openntpd-configuration?
84 network-manager-configuration
85 network-manager-configuration?
86 network-manager-configuration-dns
87 network-manager-service-type
90 connman-configuration?
93 wpa-supplicant-service-type
95 openvswitch-service-type
96 openvswitch-configuration))
100 ;;; Networking services.
104 (define %facebook-host-aliases
105 ;; This is the list of known Facebook hosts to be added to /etc/hosts if you
108 # Block Facebook IPv4.
109 127.0.0.1 www.facebook.com
110 127.0.0.1 facebook.com
111 127.0.0.1 login.facebook.com
112 127.0.0.1 www.login.facebook.com
114 127.0.0.1 www.fbcdn.net
116 127.0.0.1 www.fbcdn.com
117 127.0.0.1 static.ak.fbcdn.net
118 127.0.0.1 static.ak.connect.facebook.com
119 127.0.0.1 connect.facebook.net
120 127.0.0.1 www.connect.facebook.net
121 127.0.0.1 apps.facebook.com
123 # Block Facebook IPv6.
124 fe80::1%lo0 facebook.com
125 fe80::1%lo0 login.facebook.com
126 fe80::1%lo0 www.login.facebook.com
127 fe80::1%lo0 fbcdn.net
128 fe80::1%lo0 www.fbcdn.net
129 fe80::1%lo0 fbcdn.com
130 fe80::1%lo0 www.fbcdn.com
131 fe80::1%lo0 static.ak.fbcdn.net
132 fe80::1%lo0 static.ak.connect.facebook.com
133 fe80::1%lo0 connect.facebook.net
134 fe80::1%lo0 www.connect.facebook.net
135 fe80::1%lo0 apps.facebook.com\n")
138 (define-record-type* <static-networking>
139 static-networking make-static-networking
141 (interface static-networking-interface)
142 (ip static-networking-ip)
143 (netmask static-networking-netmask
145 (gateway static-networking-gateway ;FIXME: doesn't belong here
147 (provision static-networking-provision
149 (requirement static-networking-requirement
151 (name-servers static-networking-name-servers ;FIXME: doesn't belong here
154 (define static-networking-shepherd-service
156 (($ <static-networking> interface ip netmask gateway provision
157 requirement name-servers)
158 (let ((loopback? (and provision (memq 'loopback provision))))
162 "Bring up the networking interface using a static IP address.")
163 (requirement requirement)
164 (provision (or provision
165 (list (symbol-append 'networking-
166 (string->symbol interface)))))
169 ;; Return #t if successfully started.
170 (let* ((addr (inet-pton AF_INET #$ip))
171 (sockaddr (make-socket-address AF_INET addr 0))
173 (inet-pton AF_INET #$netmask)))
175 (make-socket-address AF_INET
177 (gateway (and #$gateway
178 (inet-pton AF_INET #$gateway)))
179 (gatewayaddr (and gateway
180 (make-socket-address AF_INET
182 (configure-network-interface #$interface sockaddr
189 (let ((sock (socket AF_INET SOCK_DGRAM 0)))
190 (add-network-route/gateway sock gatewayaddr)
191 (close-port sock))))))
193 ;; Return #f is successfully stopped.
194 (let ((sock (socket AF_INET SOCK_STREAM 0)))
196 (delete-network-route sock
198 AF_INET INADDR_ANY 0)))
199 (set-network-interface-flags sock #$interface 0)
204 (define (static-networking-etc-files interfaces)
205 "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
206 (match (delete-duplicates
207 (append-map static-networking-name-servers
212 (let ((content (string-join
213 (map (cut string-append "nameserver " <>)
217 ,(plain-file "resolv.conf"
219 # Generated by 'static-networking-service'.\n"
222 (define (static-networking-shepherd-services interfaces)
223 "Return the list of Shepherd services to bring up INTERFACES, a list of
224 <static-networking> objects."
225 (define (loopback? service)
226 (memq 'loopback (shepherd-service-provision service)))
228 (let ((services (map static-networking-shepherd-service interfaces)))
229 (match (remove loopback? services)
231 ;; There's no interface other than 'loopback', so we assume that the
232 ;; 'networking' service will be provided by dhclient or similar.
235 ;; Assume we're providing all the interfaces, and thus, provide a
236 ;; 'networking' service.
237 (cons (shepherd-service
238 (provision '(networking))
239 (requirement (append-map shepherd-service-provision
243 (documentation "Bring up all the networking interfaces."))
246 (define static-networking-service-type
247 ;; The service type for statically-defined network interfaces.
248 (service-type (name 'static-networking)
251 (service-extension shepherd-root-service-type
252 static-networking-shepherd-services)
253 (service-extension etc-service-type
254 static-networking-etc-files)))
255 (compose concatenate)
258 "Turn up the specified network interfaces upon startup,
259 with the given IP address, gateway, netmask, and so on. The value for
260 services of this type is a list of @code{static-networking} objects, one per
261 network interface.")))
263 (define* (static-networking-service interface ip
265 netmask gateway provision
266 ;; Most interfaces require udev to be usable.
267 (requirement '(udev))
269 "Return a service that starts @var{interface} with address @var{ip}. If
270 @var{netmask} is true, use it as the network mask. If @var{gateway} is true,
271 it must be a string specifying the default network gateway.
273 This procedure can be called several times, one for each network
274 interface of interest. Behind the scenes what it does is extend
275 @code{static-networking-service-type} with additional network interfaces
277 (simple-service 'static-network-interface
278 static-networking-service-type
279 (list (static-networking (interface interface) (ip ip)
280 (netmask netmask) (gateway gateway)
281 (provision provision)
282 (requirement requirement)
283 (name-servers name-servers)))))
285 (define dhcp-client-service-type
286 (shepherd-service-type
290 (file-append dhcp "/sbin/dhclient"))
293 "/var/run/dhclient.pid")
296 (documentation "Set up networking via DHCP.")
297 (requirement '(user-processes udev))
299 ;; XXX: Running with '-nw' ("no wait") avoids blocking for a minute when
300 ;; networking is unavailable, but also means that the interface is not up
301 ;; yet when 'start' completes. To wait for the interface to be ready, one
302 ;; should instead monitor udev events.
303 (provision '(networking))
306 ;; When invoked without any arguments, 'dhclient' discovers all
307 ;; non-loopback interfaces *that are up*. However, the relevant
308 ;; interfaces are typically down at this point. Thus we perform
309 ;; our own interface discovery here.
311 (negate loopback-network-interface?))
313 (filter valid? (all-network-interface-names)))
315 ;; XXX: Make sure the interfaces are up so that 'dhclient' can
316 ;; actually send/receive over them.
317 (for-each set-network-interface-up ifaces)
319 (false-if-exception (delete-file #$pid-file))
320 (let ((pid (fork+exec-command
321 (cons* #$dhclient "-nw"
322 "-pf" #$pid-file ifaces))))
323 (and (zero? (cdr (waitpid pid)))
327 (call-with-input-file #$pid-file read))
329 ;; 'dhclient' returned before PID-FILE was created,
331 (let ((errno (system-error-errno args)))
336 (apply throw args))))))))))
337 (stop #~(make-kill-destructor))))))
339 (define* (dhcp-client-service #:key (dhcp isc-dhcp))
340 "Return a service that runs @var{dhcp}, a Dynamic Host Configuration
341 Protocol (DHCP) client, on all the non-loopback network interfaces."
342 (service dhcp-client-service-type dhcp))
345 ;; Default set of NTP servers. These URLs are managed by the NTP Pool project.
346 ;; Within Guix, Leo Famulari <leo@famulari.name> is the administrative contact
347 ;; for this NTP pool "zone".
348 '("0.guix.pool.ntp.org"
349 "1.guix.pool.ntp.org"
350 "2.guix.pool.ntp.org"
351 "3.guix.pool.ntp.org"))
359 (define-record-type* <ntp-configuration>
360 ntp-configuration make-ntp-configuration
362 (ntp ntp-configuration-ntp
364 (servers ntp-configuration-servers)
365 (allow-large-adjustment? ntp-allow-large-adjustment?
368 (define ntp-shepherd-service
370 (($ <ntp-configuration> ntp servers allow-large-adjustment?)
372 ;; TODO: Add authentication support.
374 (string-append "driftfile /var/run/ntpd/ntp.drift\n"
375 (string-join (map (cut string-append "server " <>)
379 # Disable status queries as a workaround for CVE-2013-5211:
380 # <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
381 restrict default kod nomodify notrap nopeer noquery
382 restrict -6 default kod nomodify notrap nopeer noquery
384 # Yet, allow use of the local 'ntpq'.
389 (plain-file "ntpd.conf" config))
391 (list (shepherd-service
393 (documentation "Run the Network Time Protocol (NTP) daemon.")
394 (requirement '(user-processes networking))
395 (start #~(make-forkexec-constructor
396 (list (string-append #$ntp "/bin/ntpd") "-n"
397 "-c" #$ntpd.conf "-u" "ntpd"
398 #$@(if allow-large-adjustment?
401 (stop #~(make-kill-destructor))))))))
403 (define %ntp-accounts
408 (comment "NTP daemon user")
409 (home-directory "/var/empty")
410 (shell (file-append shadow "/sbin/nologin")))))
413 (define (ntp-service-activation config)
414 "Return the activation gexp for CONFIG."
415 (with-imported-modules '((guix build utils))
417 (use-modules (guix build utils))
421 (let ((directory "/var/run/ntpd"))
423 (chown directory (passwd:uid %user) (passwd:gid %user))))))
425 (define ntp-service-type
426 (service-type (name 'ntp)
428 (list (service-extension shepherd-root-service-type
429 ntp-shepherd-service)
430 (service-extension account-service-type
431 (const %ntp-accounts))
432 (service-extension activation-service-type
433 ntp-service-activation)))
435 "Run the @command{ntpd}, the Network Time Protocol (NTP)
436 daemon of the @uref{http://www.ntp.org, Network Time Foundation}. The daemon
437 will keep the system clock synchronized with that of the given servers.")))
439 (define* (ntp-service #:key (ntp ntp)
440 (servers %ntp-servers)
441 allow-large-adjustment?)
442 "Return a service that runs the daemon from @var{ntp}, the
443 @uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
444 keep the system clock synchronized with that of @var{servers}.
445 @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to
446 make an initial adjustment of more than 1,000 seconds."
447 (service ntp-service-type
448 (ntp-configuration (ntp ntp)
450 (allow-large-adjustment?
451 allow-large-adjustment?))))
458 (define-record-type* <openntpd-configuration>
459 openntpd-configuration make-openntpd-configuration
460 openntpd-configuration?
461 (openntpd openntpd-configuration-openntpd
463 (listen-on openntpd-listen-on
464 (default '("127.0.0.1"
466 (query-from openntpd-query-from
468 (sensor openntpd-sensor
470 (server openntpd-server
471 (default %ntp-servers))
472 (servers openntpd-servers
474 (constraint-from openntpd-constraint-from
476 (constraints-from openntpd-constraints-from
478 (allow-large-adjustment? openntpd-allow-large-adjustment?
479 (default #f))) ; upstream default
481 (define (openntpd-shepherd-service config)
482 (match-record config <openntpd-configuration>
483 (openntpd listen-on query-from sensor server servers constraint-from
484 constraints-from allow-large-adjustment?)
489 (lambda (field value)
491 (map (cut string-append field <> "\n")
493 '("listen on " "query from " "sensor " "server " "servers "
495 (list listen-on query-from sensor server servers constraint-from))
496 ;; The 'constraints from' field needs to be enclosed in double quotes.
498 (map (cut string-append "constraints from \"" <> "\"\n")
502 (plain-file "ntpd.conf" config))
504 (list (shepherd-service
506 (documentation "Run the Network Time Protocol (NTP) daemon.")
507 (requirement '(user-processes networking))
508 (start #~(make-forkexec-constructor
509 (list (string-append #$openntpd "/sbin/ntpd")
511 "-d" ;; don't daemonize
512 #$@(if allow-large-adjustment?
515 ;; When ntpd is daemonized it repeatedly tries to respawn
516 ;; while running, leading shepherd to disable it. To
517 ;; prevent spamming stderr, redirect output to logfile.
518 #:log-file "/var/log/ntpd"))
519 (stop #~(make-kill-destructor)))))))
521 (define (openntpd-service-activation config)
522 "Return the activation gexp for CONFIG."
523 (with-imported-modules '((guix build utils))
525 (use-modules (guix build utils))
529 (unless (file-exists? "/var/db/ntpd.drift")
530 (with-output-to-file "/var/db/ntpd.drift"
532 (format #t "0.0")))))))
534 (define openntpd-service-type
535 (service-type (name 'openntpd)
537 (list (service-extension shepherd-root-service-type
538 openntpd-shepherd-service)
539 (service-extension account-service-type
540 (const %ntp-accounts))
541 (service-extension activation-service-type
542 openntpd-service-activation)))
543 (default-value (openntpd-configuration))
545 "Run the @command{ntpd}, the Network Time Protocol (NTP)
546 daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The
547 daemon will keep the system clock synchronized with that of the given servers.")))
554 (define-record-type* <inetd-configuration> inetd-configuration
555 make-inetd-configuration
557 (program inetd-configuration-program ;file-like
558 (default (file-append inetutils "/libexec/inetd")))
559 (entries inetd-configuration-entries ;list of <inetd-entry>
562 (define-record-type* <inetd-entry> inetd-entry make-inetd-entry
564 (node inetd-entry-node ;string or #f
566 (name inetd-entry-name) ;string, from /etc/services
568 (socket-type inetd-entry-socket-type) ;stream | dgram | raw |
570 (protocol inetd-entry-protocol) ;string, from /etc/protocols
572 (wait? inetd-entry-wait? ;Boolean
574 (user inetd-entry-user) ;string
576 (program inetd-entry-program ;string or file-like object
577 (default "internal"))
578 (arguments inetd-entry-arguments ;list of strings or file-like objects
581 (define (inetd-config-file entries)
582 (apply mixed-text-file "inetd.conf"
585 (let* ((node (inetd-entry-node entry))
586 (name (inetd-entry-name entry))
588 (if node (string-append node ":" name) name))
590 (match (inetd-entry-socket-type entry)
591 ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
592 (symbol->string (inetd-entry-socket-type entry)))))
593 (protocol (inetd-entry-protocol entry))
594 (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
595 (user (inetd-entry-user entry))
596 (program (inetd-entry-program entry))
597 (args (inetd-entry-arguments entry)))
600 (list #$@(list socket type protocol wait user program) #$@args)
604 (define inetd-shepherd-service
606 (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
607 (($ <inetd-configuration> program entries)
610 (documentation "Run inetd.")
612 (requirement '(user-processes networking syslogd))
613 (start #~(make-forkexec-constructor
614 (list #$program #$(inetd-config-file entries))
615 #:pid-file "/var/run/inetd.pid"))
616 (stop #~(make-kill-destructor)))))))
618 (define-public inetd-service-type
622 (list (service-extension shepherd-root-service-type
623 inetd-shepherd-service)))
625 ;; The service can be extended with additional lists of entries.
626 (compose concatenate)
627 (extend (lambda (config entries)
630 (entries (append (inetd-configuration-entries config)
633 "Start @command{inetd}, the @dfn{Internet superserver}. It is responsible
634 for listening on Internet sockets and spawning the corresponding services on
642 (define-record-type* <tor-configuration>
643 tor-configuration make-tor-configuration
645 (tor tor-configuration-tor
647 (config-file tor-configuration-config-file
648 (default (plain-file "empty" "")))
649 (hidden-services tor-configuration-hidden-services
652 (define %tor-accounts
653 ;; User account and groups for Tor.
654 (list (user-group (name "tor") (system? #t))
659 (comment "Tor daemon user")
660 (home-directory "/var/empty")
661 (shell (file-append shadow "/sbin/nologin")))))
663 (define-record-type <hidden-service>
664 (hidden-service name mapping)
666 (name hidden-service-name) ;string
667 (mapping hidden-service-mapping)) ;list of port/address tuples
669 (define (tor-configuration->torrc config)
670 "Return a 'torrc' file for CONFIG."
672 (($ <tor-configuration> tor config-file services)
675 (with-imported-modules '((guix build utils))
677 (use-modules (guix build utils)
680 (call-with-output-file #$output
683 # The beginning was automatically added.
685 DataDirectory /var/lib/tor
686 Log notice syslog\n" port)
688 (for-each (match-lambda
689 ((service (ports hosts) ...)
691 HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
693 (for-each (lambda (tcp-port host)
695 HiddenServicePort ~a ~a~%"
698 '#$(map (match-lambda
699 (($ <hidden-service> name mapping)
700 (cons name mapping)))
703 ;; Append the user's config file.
704 (call-with-input-file #$config-file
706 (dump-port input port)))
709 (define (tor-shepherd-service config)
710 "Return a <shepherd-service> running TOR."
712 (($ <tor-configuration> tor)
713 (let ((torrc (tor-configuration->torrc config)))
714 (with-imported-modules (source-module-closure
715 '((gnu build shepherd)
716 (gnu system file-systems)))
717 (list (shepherd-service
720 ;; Tor needs at least one network interface to be up, hence the
721 ;; dependency on 'loopback'.
722 (requirement '(user-processes loopback syslogd))
724 (modules '((gnu build shepherd)
725 (gnu system file-systems)))
727 (start #~(make-forkexec-constructor/container
728 (list #$(file-append tor "/bin/tor") "-f" #$torrc)
730 #:mappings (list (file-system-mapping
731 (source "/var/lib/tor")
735 (source "/dev/log") ;for syslog
737 (stop #~(make-kill-destructor))
738 (documentation "Run the Tor anonymous network overlay."))))))))
740 (define (tor-hidden-service-activation config)
741 "Return the activation gexp for SERVICES, a list of hidden services."
743 (use-modules (guix build utils))
748 (define (initialize service)
749 (let ((directory (string-append "/var/lib/tor/hidden-services/"
752 (chown directory (passwd:uid %user) (passwd:gid %user))
754 ;; The daemon bails out if we give wider permissions.
755 (chmod directory #o700)))
757 (mkdir-p "/var/lib/tor")
758 (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
759 (chmod "/var/lib/tor" #o700)
761 ;; Make sure /var/lib is accessible to the 'tor' user.
762 (chmod "/var/lib" #o755)
765 '#$(map hidden-service-name
766 (tor-configuration-hidden-services config)))))
768 (define tor-service-type
769 (service-type (name 'tor)
771 (list (service-extension shepherd-root-service-type
772 tor-shepherd-service)
773 (service-extension account-service-type
774 (const %tor-accounts))
775 (service-extension activation-service-type
776 tor-hidden-service-activation)))
778 ;; This can be extended with hidden services.
779 (compose concatenate)
780 (extend (lambda (config services)
784 (append (tor-configuration-hidden-services config)
786 (default-value (tor-configuration))
788 "Run the @uref{https://torproject.org, Tor} anonymous
789 networking daemon.")))
791 (define* (tor-service #:optional
792 (config-file (plain-file "empty" ""))
794 "Return a service to run the @uref{https://torproject.org, Tor} anonymous
797 The daemon runs as the @code{tor} unprivileged user. It is passed
798 @var{config-file}, a file-like object, with an additional @code{User tor} line
799 and lines for hidden services added via @code{tor-hidden-service}. Run
800 @command{man tor} for information about the configuration file."
801 (service tor-service-type
802 (tor-configuration (tor tor)
803 (config-file config-file))))
805 (define tor-hidden-service-type
806 ;; A type that extends Tor with hidden services.
807 (service-type (name 'tor-hidden-service)
809 (list (service-extension tor-service-type list)))
811 "Define a new Tor @dfn{hidden service}.")))
813 (define (tor-hidden-service name mapping)
814 "Define a new Tor @dfn{hidden service} called @var{name} and implementing
815 @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
818 '((22 \"127.0.0.1:22\")
819 (80 \"127.0.0.1:8080\"))
822 In this example, port 22 of the hidden service is mapped to local port 22, and
823 port 80 is mapped to local port 8080.
825 This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
826 the @file{hostname} file contains the @code{.onion} host name for the hidden
829 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
830 project's documentation} for more information."
831 (service tor-hidden-service-type
832 (hidden-service name mapping)))
839 (define %wicd-activation
840 ;; Activation gexp for Wicd.
842 (use-modules (guix build utils))
844 (mkdir-p "/etc/wicd")
845 (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
846 (unless (file-exists? file-name)
847 (copy-file (string-append #$wicd file-name)
850 ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
851 ;; named socket files.
852 (mkdir-p "/var/run/wpa_supplicant")
853 (chmod "/var/run/wpa_supplicant" #o750)))
855 (define (wicd-shepherd-service wicd)
856 "Return a shepherd service for WICD."
857 (list (shepherd-service
858 (documentation "Run the Wicd network manager.")
859 (provision '(networking))
860 (requirement '(user-processes dbus-system loopback))
861 (start #~(make-forkexec-constructor
862 (list (string-append #$wicd "/sbin/wicd")
864 (stop #~(make-kill-destructor)))))
866 (define wicd-service-type
867 (service-type (name 'wicd)
869 (list (service-extension shepherd-root-service-type
870 wicd-shepherd-service)
871 (service-extension dbus-root-service-type
873 (service-extension activation-service-type
874 (const %wicd-activation))
876 ;; Add Wicd to the global profile.
877 (service-extension profile-service-type list)))
879 "Run @url{https://launchpad.net/wicd,Wicd}, a network
880 management daemon that aims to simplify wired and wireless networking.")))
882 (define* (wicd-service #:key (wicd wicd))
883 "Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
884 management daemon that aims to simplify wired and wireless networking.
886 This service adds the @var{wicd} package to the global profile, providing
887 several commands to interact with the daemon and configure networking:
888 @command{wicd-client}, a graphical user interface, and the @command{wicd-cli}
889 and @command{wicd-curses} user interfaces."
890 (service wicd-service-type wicd))
897 (define-record-type* <network-manager-configuration>
898 network-manager-configuration make-network-manager-configuration
899 network-manager-configuration?
900 (network-manager network-manager-configuration-network-manager
901 (default network-manager))
902 (dns network-manager-configuration-dns
904 (vpn-plugins network-manager-vpn-plugins ;list of <package>
907 (define %network-manager-activation
908 ;; Activation gexp for NetworkManager.
910 (use-modules (guix build utils))
911 (mkdir-p "/etc/NetworkManager/system-connections")))
913 (define (vpn-plugin-directory plugins)
914 "Return a directory containing PLUGINS, the NM VPN plugins."
915 (directory-union "network-manager-vpn-plugins" plugins))
917 (define network-manager-environment
919 (($ <network-manager-configuration> network-manager dns vpn-plugins)
920 ;; Define this variable in the global environment such that
921 ;; "nmcli connection import type openvpn file foo.ovpn" works.
922 `(("NM_VPN_PLUGIN_DIR"
923 . ,(file-append (vpn-plugin-directory vpn-plugins)
924 "/lib/NetworkManager/VPN"))))))
926 (define network-manager-shepherd-service
928 (($ <network-manager-configuration> network-manager dns vpn-plugins)
929 (let ((conf (plain-file "NetworkManager.conf"
930 (string-append "[main]\ndns=" dns "\n")))
931 (vpn (vpn-plugin-directory vpn-plugins)))
932 (list (shepherd-service
933 (documentation "Run the NetworkManager.")
934 (provision '(networking))
935 (requirement '(user-processes dbus-system wpa-supplicant loopback))
936 (start #~(make-forkexec-constructor
937 (list (string-append #$network-manager
938 "/sbin/NetworkManager")
939 (string-append "--config=" #$conf)
941 #:environment-variables
942 (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn
943 "/lib/NetworkManager/VPN"))))
944 (stop #~(make-kill-destructor))))))))
946 (define network-manager-service-type
950 (($ <network-manager-configuration> network-manager)
951 (list network-manager)))))
954 (name 'network-manager)
956 (list (service-extension shepherd-root-service-type
957 network-manager-shepherd-service)
958 (service-extension dbus-root-service-type config->package)
959 (service-extension polkit-service-type config->package)
960 (service-extension activation-service-type
961 (const %network-manager-activation))
962 (service-extension session-environment-service-type
963 network-manager-environment)
964 ;; Add network-manager to the system profile.
965 (service-extension profile-service-type config->package)))
966 (default-value (network-manager-configuration))
968 "Run @uref{https://wiki.gnome.org/Projects/NetworkManager,
969 NetworkManager}, a network management daemon that aims to simplify wired and
970 wireless networking."))))
977 (define-record-type* <connman-configuration>
978 connman-configuration make-connman-configuration
979 connman-configuration?
980 (connman connman-configuration-connman
982 (disable-vpn? connman-configuration-disable-vpn?
985 (define (connman-activation config)
986 (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
987 (with-imported-modules '((guix build utils))
989 (use-modules (guix build utils))
990 (mkdir-p "/var/lib/connman/")
991 (unless #$disable-vpn?
992 (mkdir-p "/var/lib/connman-vpn/"))))))
994 (define (connman-shepherd-service config)
995 "Return a shepherd service for Connman"
997 (connman-configuration? config)
998 (let ((connman (connman-configuration-connman config))
999 (disable-vpn? (connman-configuration-disable-vpn? config)))
1000 (list (shepherd-service
1001 (documentation "Run Connman")
1002 (provision '(networking))
1004 '(user-processes dbus-system loopback wpa-supplicant))
1005 (start #~(make-forkexec-constructor
1006 (list (string-append #$connman
1009 #$@(if disable-vpn? '("--noplugin=vpn") '()))))
1010 (stop #~(make-kill-destructor)))))))
1012 (define connman-service-type
1013 (let ((connman-package (compose list connman-configuration-connman)))
1014 (service-type (name 'connman)
1016 (list (service-extension shepherd-root-service-type
1017 connman-shepherd-service)
1018 (service-extension dbus-root-service-type
1020 (service-extension activation-service-type
1022 ;; Add connman to the system profile.
1023 (service-extension profile-service-type
1026 "Run @url{https://01.org/connman,Connman},
1027 a network connection manager."))))
1035 (define (wpa-supplicant-shepherd-service wpa-supplicant)
1036 "Return a shepherd service for wpa_supplicant"
1037 (list (shepherd-service
1038 (documentation "Run WPA supplicant with dbus interface")
1039 (provision '(wpa-supplicant))
1040 (requirement '(user-processes dbus-system loopback))
1041 (start #~(make-forkexec-constructor
1042 (list (string-append #$wpa-supplicant
1043 "/sbin/wpa_supplicant")
1044 "-u" "-B" "-P/var/run/wpa_supplicant.pid")
1045 #:pid-file "/var/run/wpa_supplicant.pid"))
1046 (stop #~(make-kill-destructor)))))
1048 (define wpa-supplicant-service-type
1049 (service-type (name 'wpa-supplicant)
1051 (list (service-extension shepherd-root-service-type
1052 wpa-supplicant-shepherd-service)
1053 (service-extension dbus-root-service-type list)
1054 (service-extension profile-service-type list)))
1055 (default-value wpa-supplicant)))
1062 (define-record-type* <openvswitch-configuration>
1063 openvswitch-configuration make-openvswitch-configuration
1064 openvswitch-configuration?
1065 (package openvswitch-configuration-package
1066 (default openvswitch)))
1068 (define openvswitch-activation
1070 (($ <openvswitch-configuration> package)
1071 (let ((ovsdb-tool (file-append package "/bin/ovsdb-tool")))
1072 (with-imported-modules '((guix build utils))
1074 (use-modules (guix build utils))
1075 (mkdir-p "/var/run/openvswitch")
1076 (mkdir-p "/var/lib/openvswitch")
1077 (let ((conf.db "/var/lib/openvswitch/conf.db"))
1078 (unless (file-exists? conf.db)
1079 (system* #$ovsdb-tool "create" conf.db)))))))))
1081 (define openvswitch-shepherd-service
1083 (($ <openvswitch-configuration> package)
1084 (let ((ovsdb-server (file-append package "/sbin/ovsdb-server"))
1085 (ovs-vswitchd (file-append package "/sbin/ovs-vswitchd")))
1088 (provision '(ovsdb))
1089 (documentation "Run the Open vSwitch database server.")
1090 (start #~(make-forkexec-constructor
1091 (list #$ovsdb-server "--pidfile"
1092 "--remote=punix:/var/run/openvswitch/db.sock")
1093 #:pid-file "/var/run/openvswitch/ovsdb-server.pid"))
1094 (stop #~(make-kill-destructor)))
1096 (provision '(vswitchd))
1097 (requirement '(ovsdb))
1098 (documentation "Run the Open vSwitch daemon.")
1099 (start #~(make-forkexec-constructor
1100 (list #$ovs-vswitchd "--pidfile")
1101 #:pid-file "/var/run/openvswitch/ovs-vswitchd.pid"))
1102 (stop #~(make-kill-destructor))))))))
1104 (define openvswitch-service-type
1108 (list (service-extension activation-service-type
1109 openvswitch-activation)
1110 (service-extension profile-service-type
1111 (compose list openvswitch-configuration-package))
1112 (service-extension shepherd-root-service-type
1113 openvswitch-shepherd-service)))
1115 "Run @uref{http://www.openvswitch.org, Open vSwitch}, a multilayer virtual
1116 switch designed to enable massive network automation through programmatic
1119 ;;; networking.scm ends here