2014-02-19 20:58:24 +01:00
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
|
|
|
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
|
|
|
|
;;;
|
|
|
|
;;; This file is part of GNU Guix.
|
|
|
|
;;;
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
;;; your option) any later version.
|
|
|
|
;;;
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
;;;
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
(define-module (gnu services networking)
|
|
|
|
#:use-module (gnu services)
|
2014-07-12 23:14:10 +02:00
|
|
|
#:use-module (gnu system shadow)
|
2014-02-19 20:58:24 +01:00
|
|
|
#:use-module (gnu packages admin)
|
|
|
|
#:use-module (gnu packages linux)
|
2014-07-12 23:14:10 +02:00
|
|
|
#:use-module (gnu packages tor)
|
2014-04-28 23:07:08 +02:00
|
|
|
#:use-module (guix gexp)
|
2014-02-19 20:58:24 +01:00
|
|
|
#:use-module (guix monads)
|
2014-07-12 23:14:10 +02:00
|
|
|
#:export (static-networking-service
|
|
|
|
tor-service))
|
2014-02-19 20:58:24 +01:00
|
|
|
|
|
|
|
;;; Commentary:
|
|
|
|
;;;
|
|
|
|
;;; Networking services.
|
|
|
|
;;;
|
|
|
|
;;; Code:
|
|
|
|
|
|
|
|
(define* (static-networking-service interface ip
|
|
|
|
#:key
|
|
|
|
gateway
|
2014-07-12 22:46:44 +02:00
|
|
|
(provision '(networking))
|
2014-02-19 20:58:24 +01:00
|
|
|
(name-servers '())
|
|
|
|
(inetutils inetutils)
|
|
|
|
(net-tools net-tools))
|
2014-07-11 22:57:02 +02:00
|
|
|
"Return a service that starts @var{interface} with address @var{ip}. If
|
|
|
|
@var{gateway} is true, it must be a string specifying the default network
|
|
|
|
gateway."
|
2014-02-19 20:58:24 +01:00
|
|
|
|
|
|
|
;; TODO: Eventually we should do this using Guile's networking procedures,
|
|
|
|
;; like 'configure-qemu-networking' does, but the patch that does this is
|
|
|
|
;; not yet in stock Guile.
|
2014-04-28 23:07:08 +02:00
|
|
|
(with-monad %store-monad
|
2014-02-19 20:58:24 +01:00
|
|
|
(return
|
|
|
|
(service
|
|
|
|
(documentation
|
|
|
|
(string-append "Set up networking on the '" interface
|
|
|
|
"' interface using a static IP address."))
|
2014-07-12 22:46:44 +02:00
|
|
|
(provision provision)
|
2014-04-28 23:07:08 +02:00
|
|
|
(start #~(lambda _
|
|
|
|
;; Return #t if successfully started.
|
|
|
|
(and (zero? (system* (string-append #$inetutils
|
|
|
|
"/bin/ifconfig")
|
2014-07-12 22:56:40 +02:00
|
|
|
"-i" #$interface "-A" #$ip
|
|
|
|
"-i" #$interface "--up"))
|
2014-04-28 23:07:08 +02:00
|
|
|
#$(if gateway
|
|
|
|
#~(zero? (system* (string-append #$net-tools
|
|
|
|
"/sbin/route")
|
|
|
|
"add" "-net" "default"
|
|
|
|
"gw" #$gateway))
|
|
|
|
#t)
|
|
|
|
#$(if (pair? name-servers)
|
|
|
|
#~(call-with-output-file "/etc/resolv.conf"
|
|
|
|
(lambda (port)
|
|
|
|
(display
|
|
|
|
"# Generated by 'static-networking-service'.\n"
|
|
|
|
port)
|
|
|
|
(for-each (lambda (server)
|
|
|
|
(format port "nameserver ~a~%"
|
|
|
|
server))
|
|
|
|
'#$name-servers)))
|
|
|
|
#t))))
|
|
|
|
(stop #~(lambda _
|
2014-02-19 20:58:24 +01:00
|
|
|
;; Return #f is successfully stopped.
|
2014-05-04 21:09:29 +02:00
|
|
|
(not (and (system* (string-append #$inetutils "/bin/ifconfig")
|
2014-04-28 23:07:08 +02:00
|
|
|
#$interface "down")
|
2014-07-12 22:56:40 +02:00
|
|
|
#$(if gateway
|
|
|
|
#~(system* (string-append #$net-tools
|
|
|
|
"/sbin/route")
|
|
|
|
"del" "-net" "default")
|
|
|
|
#t)))))
|
2014-04-28 23:07:08 +02:00
|
|
|
(respawn? #f)))))
|
2014-02-19 20:58:24 +01:00
|
|
|
|
2014-07-12 23:14:10 +02:00
|
|
|
(define* (tor-service #:key (tor tor))
|
|
|
|
"Return a service to run the @uref{https://torproject.org,Tor} daemon.
|
|
|
|
|
|
|
|
The daemon runs with the default settings (in particular the default exit
|
|
|
|
policy) as the @code{tor} unprivileged user."
|
|
|
|
(mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
|
|
|
|
(return
|
|
|
|
(service
|
|
|
|
(provision '(tor))
|
|
|
|
|
|
|
|
;; Tor needs at least one network interface to be up, hence the
|
|
|
|
;; dependency on 'loopback'.
|
|
|
|
(requirement '(user-processes loopback))
|
|
|
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
|
|
|
|
(stop #~(make-kill-destructor))
|
|
|
|
|
|
|
|
(user-groups (list (user-group
|
2014-07-25 00:15:46 +02:00
|
|
|
(name "tor")
|
|
|
|
(system? #t))))
|
2014-07-12 23:14:10 +02:00
|
|
|
(user-accounts (list (user-account
|
|
|
|
(name "tor")
|
|
|
|
(group "tor")
|
|
|
|
(system? #t)
|
|
|
|
(comment "Tor daemon user")
|
|
|
|
(home-directory "/var/empty")
|
|
|
|
(shell
|
|
|
|
"/run/current-system/profile/sbin/nologin"))))
|
|
|
|
|
|
|
|
(documentation "Run the Tor anonymous network overlay.")))))
|
|
|
|
|
2014-02-19 20:58:24 +01:00
|
|
|
;;; networking.scm ends here
|