diff mbox series

[bug#67657] services: connman: Add 'connman-general-configuration'.

Message ID 11f2fc968e9101842886f398465cf3b808730d7d.1701857973.git.mail@muradm.net
State New
Headers show
Series [bug#67657] services: connman: Add 'connman-general-configuration'. | expand

Commit Message

muradm Dec. 6, 2023, 10:19 a.m. UTC 
For me connman in default configuration causes conflict with docker
generated virtual veth* interfaces. Currently connman has no
main.conf as specified in man 5 connman.conf which would allow
setting NetworkInterfaceBalcklist and other useful options.

This patch adds connman-general-configuration, serializes it and
passes to connmad with --config= flag.

All configuration fields are 'maybe-*' deliberately. This will not
disturb current users. This will not require supporting configuration
changes for connmand.

* gnu/services/networking.scm:
(<connman-general-configuration>): New configuration record
to represent main.conf for connmand.
(<connman-configuration>)[general-configuration]: New field.
(connman-shepherd-service): Honor it.
*doc/guix.texi (Networking Services): Add generated configuration.

Change-Id: I2a3f808a101548aa35aa833cb91d43d746a18533
---
 doc/guix.texi               | 201 ++++++++++++++++++++++++++++
 gnu/services/networking.scm | 252 +++++++++++++++++++++++++++++++++++-
 2 files changed, 450 insertions(+), 3 deletions(-)


base-commit: 8c294e43eb0b0ea61da7c0570872e0908f64c8ed

Comments

Bruno Victal Dec. 16, 2023, 10:25 p.m. UTC | #1 
Hi muradm,

On 2023-12-06 10:19, muradm wrote:
> +   "Enable background scanning.  Default is true.  If wifi is disconnected, the
> +background scanning will follow a simple backoff mechanism from 3s up to 5

'back off'

> +   "List of Fallback timeservers.  These timeservers are used for NTP sync
> +when there are no timeservers set by the user or by the service, and when
> +use-gateways-as-timeservers? is @code{#f}.  These can contain a mixed

@code{use-gateways-as-timeservers?}

> +  (default-auto-connect-technologies
> +   maybe-list
> +   "List of technologies that are marked autoconnectable by default.  The
> +default value for this entry when empty is ethernet,wifi,cellular.  Services

Perhaps @code{ethernet}, @code{wifi} and @code{cellular}? Or put this in
lisp list syntax. (*)

> +that are automatically connected must have been set up and saved to
> +storage beforehand.")
> +  (default-favourite-technologies
> +   maybe-list
> +   "List of technologies that are marked favorite by default.  The default
> +value for this entry when empty is ethernet.  Connects to services from

See (*).

> +this technology even if not setup and saved to storage.")
> +  (always-connected-technologies
> +   maybe-list
> +   "List of technoolgies which are always connected regardless of
> +preferred-technologies setting (auto-connect? @code{#t}).  The default value

@code{(auto-connect? #t)}.

> +  (network-interface-blacklist
> +   maybe-list
> +   "List of blacklisted network interfaces.  Found interfaces will be
> +compared to the list and will not be handled by ConnMan, if their first
> +characters match any of the list entries.  Default value is
> +vmnet,vboxnet,virbr,ifb,veth.")

See (*).

> +  (tethering-technologies
> +   maybe-list
> +   "List of technologies that are allowed to enable tethering.  The
> +default value is wifi,bluetooth,gadget.

See (*).

> +here are used for tethering.  If one wants to tether ethernet, then add
> +\"ethernet\" in the list.  NOTE that if ethernet tethering is enabled,

… @samp{\"ethernet\"} to the list.

> +in READY state.  Default value is @code{#t}.")
> +  (online-check-ipv4-url
> +   maybe-string
> +   "IPv4 URL used during the online status check.  Please refer to
> +the README for more detailed  information.  Default value is
> +http://ipv4.connman.net/online/status.html.")

@url{http://ipv4.connman.net/online/status.html}. (**)

> +  (online-check-ipv6-url
> +   maybe-string
> +   "IPv6 URL used during the online status check.  Please refer to
> +the README for more detailed  information.  Default value is
> +http://ipv6.connman.net/online/status.html.")

See (**).

> +  (online-check-initial-interval
> +   maybe-number
> +   "Range of intervals between two online check requests.  Please
> +refer to the README for more detailed information.  Default values is 1.")

[…]

> +  (online-check-max-interval
> +   maybe-number
> +   "Range of intervals between two online check requests.  Please
> +refer to the README for more detailed information.  Default values is 1.")

Default values is @samp{1}.

> +  (enable-online-to-ready-transition?
> +   maybe-boolean
> +   "WARNING: Experimental feature!!! In addition to enable-online-check

@code{enable-online-check}

> +service to DISCONNECT state.  If this setting is @code{#t}, the HTTP GET
> +request keeps beeing called to guarantee that end-to-end connectivity

'being'.

> +  (localtime
> +   maybe-string
> +   "Path to localtime file.  Defaults to /etc/localtime.")

@file{/etc/localtime}

> +  (regdom-follows-timezone?
> +   maybe-boolean
> +   "Enable regdomain to be changed along timezone changes. With
> +this option set to true each time the timezone changes the first
> +present ISO3166 country code is being read from
> +/usr/share/zoneinfo/zone1970.tab and set as regdom value.  Default
> +value is @code{#f}.")

@file{/usr/share/zoneinfo/zone1970.tab}.

Perhaps expand 'regdom' as 'regulatory domain'? Likewise for the field
name. (i.e. regulatory-domain-follows-timezone?)
You can perform the field name readjustment by using a custom serializer:

--8<---------------cut here---------------start------------->8---
(regulatory-domain-follows-timezone?
 maybe-boolean
 "Allow the regulatory domain to be changed along timezone changes. With
 this option set to true each time the timezone changes the first
 present ISO3166 country code is being read from
 @file{/usr/share/zoneinfo/zone1970.tab} and set as the regulatory domain value.
 Default value is @code{#f}."
 (serializer
  (lambda (_ value)
   (connman-general-configuration-serialize-boolean "regdom-follows-timezone" value))))
--8<---------------cut here---------------end--------------->8---

> +  (resolv-conf
> +   maybe-string
> +   "Path to resolv.conf file.  If the file does not exist, but
> +intermediate directories exist, it will be created.  If this option
> +is not set, it tries to write into /var/run/connman/resolv.conf if
> +it fails (/var/run/connman does not exist or is not writeable).  If
> +you do not want to update resolv.conf, you can set /dev/null.")

Wrap the paths with @file{…}.

> +
> +;; ,in (gnu services networking) (connman-general-configuration-generate-doc)
> +(define (connman-general-configuration-generate-doc)
> +  (configuration->documentation 'connman-general-configuration))

This isn't needed.
muradm Dec. 17, 2023, 12:52 p.m. UTC | #2 
Bruno Victal <mirai@makinata.eu> writes:

Hi Bruno,

Updated all your suggestions. Basically I was copying contents of
man page and wanted to keep it as is as much as possible.

For Regdom, I solved it in different way.

ConnMan is GPL2, isn't it? Why it is considered as "not free"?

Thanks in advance,
muradm

> [[PGP Signed Part:Undecided]]
> Hi muradm,
>
> On 2023-12-06 10:19, muradm wrote:
>> +   "Enable background scanning.  Default is true.  If wifi is 
>> disconnected, the
>> +background scanning will follow a simple backoff mechanism 
>> from 3s up to 5
>
> 'back off'
>
>> +   "List of Fallback timeservers.  These timeservers are used 
>> for NTP sync
>> +when there are no timeservers set by the user or by the 
>> service, and when
>> +use-gateways-as-timeservers? is @code{#f}.  These can contain 
>> a mixed
>
> @code{use-gateways-as-timeservers?}
>
>> +  (default-auto-connect-technologies
>> +   maybe-list
>> +   "List of technologies that are marked autoconnectable by 
>> default.  The
>> +default value for this entry when empty is 
>> ethernet,wifi,cellular.  Services
>
> Perhaps @code{ethernet}, @code{wifi} and @code{cellular}? Or put 
> this in
> lisp list syntax. (*)
>
>> +that are automatically connected must have been set up and 
>> saved to
>> +storage beforehand.")
>> +  (default-favourite-technologies
>> +   maybe-list
>> +   "List of technologies that are marked favorite by default. 
>> The default
>> +value for this entry when empty is ethernet.  Connects to 
>> services from
>
> See (*).
>
>> +this technology even if not setup and saved to storage.")
>> +  (always-connected-technologies
>> +   maybe-list
>> +   "List of technoolgies which are always connected regardless 
>> of
>> +preferred-technologies setting (auto-connect? @code{#t}).  The 
>> default value
>
> @code{(auto-connect? #t)}.
>
>> +  (network-interface-blacklist
>> +   maybe-list
>> +   "List of blacklisted network interfaces.  Found interfaces 
>> will be
>> +compared to the list and will not be handled by ConnMan, if 
>> their first
>> +characters match any of the list entries.  Default value is
>> +vmnet,vboxnet,virbr,ifb,veth.")
>
> See (*).
>
>> +  (tethering-technologies
>> +   maybe-list
>> +   "List of technologies that are allowed to enable tethering. 
>> The
>> +default value is wifi,bluetooth,gadget.
>
> See (*).
>
>> +here are used for tethering.  If one wants to tether ethernet, 
>> then add
>> +\"ethernet\" in the list.  NOTE that if ethernet tethering is 
>> enabled,
>
> … @samp{\"ethernet\"} to the list.
>
>> +in READY state.  Default value is @code{#t}.")
>> +  (online-check-ipv4-url
>> +   maybe-string
>> +   "IPv4 URL used during the online status check.  Please 
>> refer to
>> +the README for more detailed  information.  Default value is
>> +http://ipv4.connman.net/online/status.html.")
>
> @url{http://ipv4.connman.net/online/status.html}. (**)
>
>> +  (online-check-ipv6-url
>> +   maybe-string
>> +   "IPv6 URL used during the online status check.  Please 
>> refer to
>> +the README for more detailed  information.  Default value is
>> +http://ipv6.connman.net/online/status.html.")
>
> See (**).
>
>> +  (online-check-initial-interval
>> +   maybe-number
>> +   "Range of intervals between two online check requests. 
>> Please
>> +refer to the README for more detailed information.  Default 
>> values is 1.")
>
> […]
>
>> +  (online-check-max-interval
>> +   maybe-number
>> +   "Range of intervals between two online check requests. 
>> Please
>> +refer to the README for more detailed information.  Default 
>> values is 1.")
>
> Default values is @samp{1}.
>
>> +  (enable-online-to-ready-transition?
>> +   maybe-boolean
>> +   "WARNING: Experimental feature!!! In addition to 
>> enable-online-check
>
> @code{enable-online-check}
>
>> +service to DISCONNECT state.  If this setting is @code{#t}, 
>> the HTTP GET
>> +request keeps beeing called to guarantee that end-to-end 
>> connectivity
>
> 'being'.
>
>> +  (localtime
>> +   maybe-string
>> +   "Path to localtime file.  Defaults to /etc/localtime.")
>
> @file{/etc/localtime}
>
>> +  (regdom-follows-timezone?
>> +   maybe-boolean
>> +   "Enable regdomain to be changed along timezone changes. 
>> With
>> +this option set to true each time the timezone changes the 
>> first
>> +present ISO3166 country code is being read from
>> +/usr/share/zoneinfo/zone1970.tab and set as regdom value. 
>> Default
>> +value is @code{#f}.")
>
> @file{/usr/share/zoneinfo/zone1970.tab}.
>
> Perhaps expand 'regdom' as 'regulatory domain'? Likewise for the 
> field
> name. (i.e. regulatory-domain-follows-timezone?)
> You can perform the field name readjustment by using a custom 
> serializer:
>
> (regulatory-domain-follows-timezone?
>  maybe-boolean
>  "Allow the regulatory domain to be changed along timezone 
>  changes. With
>  this option set to true each time the timezone changes the 
>  first
>  present ISO3166 country code is being read from
>  @file{/usr/share/zoneinfo/zone1970.tab} and set as the 
>  regulatory domain value.
>  Default value is @code{#f}."
>  (serializer
>   (lambda (_ value)
>    (connman-general-configuration-serialize-boolean 
>    "regdom-follows-timezone" value))))
>
>> +  (resolv-conf
>> +   maybe-string
>> +   "Path to resolv.conf file.  If the file does not exist, but
>> +intermediate directories exist, it will be created.  If this 
>> option
>> +is not set, it tries to write into 
>> /var/run/connman/resolv.conf if
>> +it fails (/var/run/connman does not exist or is not 
>> writeable).  If
>> +you do not want to update resolv.conf, you can set 
>> /dev/null.")
>
> Wrap the paths with @file{…}.
>
>> +
>> +;; ,in (gnu services networking) 
>> (connman-general-configuration-generate-doc)
>> +(define (connman-general-configuration-generate-doc)
>> +  (configuration->documentation 
>> 'connman-general-configuration))
>
> This isn't needed.
diff mbox series

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index 7dde9b727b..cb1613955b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20784,7 +20784,208 @@  Networking Setup
 @item @code{disable-vpn?} (default: @code{#f})
 When true, disable connman's vpn plugin.
 
+@item @code{general-configuration} (default: @code{(connman-general-configuration)})
+Configuration serialized to @file{main.conf} and passed as @option{--config}
+to @command{connmand}.
+
+@end table
+@end deftp
+
+@deftp {Data Type} connman-general-configuration
+Available @code{connman-general-configuration} fields are:
+
+@table @asis
+@item @code{input-request-timeout} (type: maybe-number)
+Set input request timeout.  Default is 120 seconds.  The request for
+inputs like passphrase will timeout after certain amount of time.  Use
+this setting to increase the value in case of different user interface
+designs.
+
+@item @code{browser-launch-timeout} (type: maybe-number)
+Set browser launch timeout.  Default is 300 seconds.  The request for
+launching a browser for portal pages will timeout after certain amount
+of time.  Use this setting to increase the value in case of different
+user interface designs.
+
+@item @code{background-scanning?} (type: maybe-boolean)
+Enable background scanning.  Default is true.  If wifi is disconnected,
+the background scanning will follow a simple backoff mechanism from 3s
+up to 5 minutes.  Then, it will stay in 5 minutes unless user
+specifically asks for scanning through a D-Bus call.  If so, the
+mechanism will start again from 3s.  This feature activates also the
+background scanning while being connected, which is required for roaming
+on wifi.  When background-scanning? is false, ConnMan will not perform
+any scan regardless of wifi is connected or not, unless it is requested
+by the user through a D-Bus call.
+
+@item @code{use-gateways-as-timeservers?} (type: maybe-boolean)
+Assume that service gateways also function as timeservers.  Default is
+false.
+
+@item @code{fallback-timeservers} (type: maybe-list)
+List of Fallback timeservers.  These timeservers are used for NTP sync
+when there are no timeservers set by the user or by the service, and
+when use-gateways-as-timeservers? is @code{#f}.  These can contain a
+mixed combination of fully qualified domain names, IPv4 and IPv6
+addresses.
+
+@item @code{fallback-nameservers} (type: maybe-list)
+List of fallback nameservers appended to the list of nameservers given
+by the service.  The nameserver entries must be in numeric format, host
+names are ignored.
+
+@item @code{default-auto-connect-technologies} (type: maybe-list)
+List of technologies that are marked autoconnectable by default.  The
+default value for this entry when empty is ethernet,wifi,cellular.
+Services that are automatically connected must have been set up and
+saved to storage beforehand.
+
+@item @code{default-favourite-technologies} (type: maybe-list)
+List of technologies that are marked favorite by default.  The default
+value for this entry when empty is ethernet.  Connects to services from
+this technology even if not setup and saved to storage.
+
+@item @code{always-connected-technologies} (type: maybe-list)
+List of technoolgies which are always connected regardless of
+preferred-technologies setting (auto-connect? @code{#t}).  The default
+value is empty and this feature is disabled unless explicitly enabled.
+
+@item @code{preferred-technologies} (type: maybe-list)
+List of preferred technologies from the most preferred one to the least
+preferred one.  Services of the listed technology type will be tried one
+by one in the order given, until one of them gets connected or they are
+all tried.  A service of a preferred technology type in state 'ready'
+will get the default route when compared to another preferred type
+further down the list with state 'ready' or with a non-preferred type; a
+service of a preferred technology type in state 'online' will get the
+default route when compared to either a non-preferred type or a
+preferred type further down in the list.
+
+@item @code{network-interface-blacklist} (type: maybe-list)
+List of blacklisted network interfaces.  Found interfaces will be
+compared to the list and will not be handled by ConnMan, if their first
+characters match any of the list entries.  Default value is
+vmnet,vboxnet,virbr,ifb,veth.
+
+@item @code{allow-hostname-updates?} (type: maybe-boolean)
+Allow ConnMan to change the system hostname.  This can happen for
+example if we receive DHCP hostname option.  Default value is @code{#t}.
+
+@item @code{allow-domainname-updates?} (type: maybe-boolean)
+Allow connman to change the system domainname.  This can happen for
+example if we receive DHCP domainname option.  Default value is
+@code{#t}.
+
+@item @code{single-connected-technology?} (type: maybe-boolean)
+Keep only a single connected technology at any time.  When a new service
+is connected by the user or a better one is found according to
+preferred-technologies, the new service is kept connected and all the
+other previously connected services are disconnected.  With this setting
+it does not matter whether the previously connected services are in
+'online' or 'ready' states, the newly connected service is the only one
+that will be kept connected.  A service connected by the user will be
+used until going out of network coverage.  With this setting enabled
+applications will notice more network breaks than normal.  Note this
+options can't be used with VPNs.  Default value is @code{#f}.
+
+@item @code{tethering-technologies} (type: maybe-list)
+List of technologies that are allowed to enable tethering.  The default
+value is wifi,bluetooth,gadget.  Only those technologies listed here are
+used for tethering.  If one wants to tether ethernet, then add
+"ethernet" in the list.  NOTE that if ethernet tethering is enabled,
+then a DHCP server is started on all ethernet interfaces.  Tethered
+ethernet should never be connected to corporate or home network as it
+will disrupt normal operation of these networks.  Due to this ethernet
+is not tethered by default.  Do not activate ethernet tethering unless
+you really know what you are doing.
+
+@item @code{persistent-tethering-mode?} (type: maybe-boolean)
+Restore earlier tethering status when returning from offline mode,
+re-enabling a technology, and after restarts and reboots.  Default value
+is @code{#f}.
+
+@item @code{enable-6to4?} (type: maybe-boolean)
+Automatically enable anycast 6to4 if possible.  This is not recommended,
+as the use of 6to4 will generally lead to a severe degradation of
+connection quality.  See RFC6343.  Default value is @code{#f} (as
+recommended by RFC6343 section 4.1).
+
+@item @code{vendor-class-id} (type: maybe-string)
+Set DHCP option 60 (Vendor Class ID) to the given string.  This option
+can be used by DHCP servers to identify specific clients without having
+to rely on MAC address ranges, etc.
+
+@item @code{enable-online-check?} (type: maybe-boolean)
+Enable or disable use of HTTP GET as an online status check.  When a
+service is in a READY state, and is selected as default, ConnMan will
+issue an HTTP GET request to verify that end-to-end connectivity is
+successful.  Only then the service will be transitioned to ONLINE state.
+If this setting is false, the default service will remain in READY
+state.  Default value is @code{#t}.
+
+@item @code{online-check-ipv4-url} (type: maybe-string)
+IPv4 URL used during the online status check.  Please refer to the
+README for more detailed information.  Default value is
+http://ipv4.connman.net/online/status.html.
+
+@item @code{online-check-ipv6-url} (type: maybe-string)
+IPv6 URL used during the online status check.  Please refer to the
+README for more detailed information.  Default value is
+http://ipv6.connman.net/online/status.html.
+
+@item @code{online-check-initial-interval} (type: maybe-number)
+Range of intervals between two online check requests.  Please refer to
+the README for more detailed information.  Default values is 1.
+
+@item @code{online-check-max-interval} (type: maybe-number)
+Range of intervals between two online check requests.  Please refer to
+the README for more detailed information.  Default values is 1.
+
+@item @code{enable-online-to-ready-transition?} (type: maybe-boolean)
+WARNING: Experimental feature!!! In addition to enable-online-check
+setting, enable or disable use of HTTP GET to detect the loss of
+end-to-end connectivity.  If this setting is @code{#f}, when the default
+service transitions to ONLINE state, the HTTP GET request is no more
+called until next cycle, initiated by a transition of the default
+service to DISCONNECT state.  If this setting is @code{#t}, the HTTP GET
+request keeps beeing called to guarantee that end-to-end connectivity is
+still successful.  If not, the default service will transition to READY
+state, enabling another service to become the default one, in
+replacement.  Default value is @code{#f}.
+
+@item @code{auto-connect-roaming-services?} (type: maybe-boolean)
+Automatically connect roaming services.  This is not recommended unless
+you know you won't have any billing problem.  Default value is
+@code{#f}.
+
+@item @code{address-conflict-detection?} (type: maybe-boolean)
+Enable or disable the implementation of IPv4 address conflict detection
+according to RFC5227.  ConnMan will send probe ARP packets to see if an
+IPv4 address is already in use before assigning the address to an
+interface.  If an address conflict occurs for a statically configured
+address, an IPv4LL address will be chosen instead (according to
+RFC3927).  If an address conflict occurs for an address offered via
+DHCP, ConnMan send a DHCP DECLINE once and for the second conflict
+resort to finding an IPv4LL address.  Default value is @code{#f}.
+
+@item @code{localtime} (type: maybe-string)
+Path to localtime file.  Defaults to /etc/localtime.
+
+@item @code{regdom-follows-timezone?} (type: maybe-boolean)
+Enable regdomain to be changed along timezone changes.  With this option
+set to true each time the timezone changes the first present ISO3166
+country code is being read from /usr/share/zoneinfo/zone1970.tab and set
+as regdom value.  Default value is @code{#f}.
+
+@item @code{resolv-conf} (type: maybe-string)
+Path to resolv.conf file.  If the file does not exist, but intermediate
+directories exist, it will be created.  If this option is not set, it
+tries to write into /var/run/connman/resolv.conf if it fails
+(/var/run/connman does not exist or is not writeable).  If you do not
+want to update resolv.conf, you can set /dev/null.
+
 @end table
+
 @end deftp
 
 @cindex WPA Supplicant
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 0508a4282c..13c03cbd4f 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -21,6 +21,7 @@ 
 ;;; Copyright © 2022, 2023 Andrew Tropin <andrew@trop.in>
 ;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
 ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2023 muradm <mail@muradm.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -78,6 +79,7 @@  (define-module (gnu services networking)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-43)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 string-fun)
   #:use-module (json)
   #:re-export (static-networking-service
                static-networking-service-type)
@@ -171,6 +173,8 @@  (define-module (gnu services networking)
             network-manager-configuration-vpn-plugins
             network-manager-service-type
 
+            connman-general-configuration
+            connman-general-configuration?
             connman-configuration
             connman-configuration?
             connman-configuration-connman
@@ -1326,6 +1330,238 @@  (define network-manager-service-type
 ;;; Connman
 ;;;
 
+(define (connman-general-configuration-field-name field-name)
+  (let* ((str->camel (lambda (s)
+                       (string-concatenate
+                        (map string-capitalize (string-split s #\-)))))
+         (str (if (symbol? field-name)
+                  (str->camel (symbol->string field-name))
+                  field-name)))
+    (cond
+     ((string-suffix? "?" str) (connman-general-configuration-field-name
+                                (string-drop-right str 1)))
+     ((string-contains str "Url") (connman-general-configuration-field-name
+                                   (string-replace-substring str "Url" "URL")))
+     ((string-contains str "Ip") (connman-general-configuration-field-name
+                                  (string-replace-substring str "Ip" "IP")))
+     ((string-contains str "6To4") (connman-general-configuration-field-name
+                                    (string-replace-substring str "6To4" "6to4")))
+     (#t str))))
+
+(define (connman-general-configuration-serialize-string field-name value)
+  (let ((param (connman-general-configuration-field-name field-name)))
+    #~(string-append #$param " = " #$value "\n")))
+
+(define (connman-general-configuration-serialize-number field-name value)
+  (connman-general-configuration-serialize-string
+   field-name (number->string value)))
+
+(define (connman-general-configuration-serialize-list field-name value)
+  (connman-general-configuration-serialize-string
+   field-name (string-join value ",")))
+
+(define (connman-general-configuration-serialize-boolean field-name value)
+  (connman-general-configuration-serialize-string
+   field-name (if value "true" "false")))
+
+(define-maybe boolean (prefix connman-general-configuration-))
+(define-maybe number (prefix connman-general-configuration-))
+(define-maybe string (prefix connman-general-configuration-))
+(define-maybe list (prefix connman-general-configuration-))
+
+(define-configuration connman-general-configuration
+  (input-request-timeout
+   maybe-number
+   "Set input request timeout.  Default is 120 seconds.  The request for inputs
+like passphrase will timeout after certain amount of time.  Use this setting to
+increase the value in case of different user interface designs.")
+  (browser-launch-timeout
+   maybe-number
+   "Set browser launch timeout.  Default is 300 seconds.  The request for
+launching a browser for portal pages will timeout after certain  amount  of
+time.  Use this setting to increase the value in case of different user
+interface designs.")
+  (background-scanning?
+   maybe-boolean
+   "Enable background scanning.  Default is true.  If wifi is disconnected, the
+background scanning will follow a simple backoff mechanism from 3s up to 5
+minutes.  Then, it will stay in 5 minutes unless user specifically asks for
+scanning through a D-Bus call.  If so, the mechanism will start again from
+3s.  This feature activates also the background scanning while being connected,
+which is required for roaming on wifi.  When background-scanning? is false,
+ConnMan will not perform any scan regardless of wifi is connected or not,
+unless it is requested by the user through a D-Bus call.")
+  (use-gateways-as-timeservers?
+   maybe-boolean
+   "Assume that service gateways also function as timeservers.  Default is false.")
+  (fallback-timeservers
+   maybe-list
+   "List of Fallback timeservers.  These timeservers are used for NTP sync
+when there are no timeservers set by the user or by the service, and when
+use-gateways-as-timeservers? is @code{#f}.  These can contain a mixed
+combination of fully qualified domain names, IPv4 and IPv6 addresses.")
+  (fallback-nameservers
+   maybe-list
+   "List of fallback nameservers appended to the list of nameservers given
+by the service.  The nameserver entries must be in numeric format,
+host names are ignored.")
+  (default-auto-connect-technologies
+   maybe-list
+   "List of technologies that are marked autoconnectable by default.  The
+default value for this entry when empty is ethernet,wifi,cellular.  Services
+that are automatically connected must have been set up and saved to
+storage beforehand.")
+  (default-favourite-technologies
+   maybe-list
+   "List of technologies that are marked favorite by default.  The default
+value for this entry when empty is ethernet.  Connects to services from
+this technology even if not setup and saved to storage.")
+  (always-connected-technologies
+   maybe-list
+   "List of technoolgies which are always connected regardless of
+preferred-technologies setting (auto-connect? @code{#t}).  The default value
+is empty and this feature is disabled unless explicitly enabled.")
+  (preferred-technologies
+   maybe-list
+   "List of preferred technologies from the most preferred one to the least
+preferred one.  Services of the listed technology type will be tried one by
+one in the order given, until one of them gets connected or they are all
+tried.  A service of a preferred technology type in state 'ready' will get
+the default route when compared to another preferred type further down the
+list with state 'ready' or with a non-preferred type; a service of a
+preferred technology type in state 'online' will get the default route when
+compared to either a non-preferred type or a preferred type further down
+in the list.")
+  (network-interface-blacklist
+   maybe-list
+   "List of blacklisted network interfaces.  Found interfaces will be
+compared to the list and will not be handled by ConnMan, if their first
+characters match any of the list entries.  Default value is
+vmnet,vboxnet,virbr,ifb,veth.")
+  (allow-hostname-updates?
+   maybe-boolean
+   "Allow ConnMan to change the system hostname.  This can happen for
+example if we receive DHCP hostname option.  Default value is @code{#t}.")
+  (allow-domainname-updates?
+   maybe-boolean
+   "Allow connman to change the system domainname.  This can happen for
+example if we receive DHCP domainname option.  Default value is @code{#t}.")
+  (single-connected-technology?
+   maybe-boolean
+   "Keep only a single connected technology at any time.  When a new
+service is connected by the user or a better one is found according to
+preferred-technologies, the new service is kept connected  and all the
+other previously connected services are disconnected.  With this setting
+it does not matter whether the previously connected services are
+in 'online' or 'ready' states, the newly connected service is the only
+one that will be kept connected.  A service connected by the user will
+be used until going out of network coverage.  With this setting enabled
+applications will notice more network breaks than normal.  Note this
+options can't be used with VPNs.  Default value is @code{#f}.")
+  (tethering-technologies
+   maybe-list
+   "List of technologies that are allowed to enable tethering.  The
+default value is wifi,bluetooth,gadget.  Only those technologies listed
+here are used for tethering.  If one wants to tether ethernet, then add
+\"ethernet\" in the list.  NOTE that if ethernet tethering is enabled,
+then a DHCP server is started on all ethernet interfaces.  Tethered
+ethernet should never be connected to corporate or home network as it
+will disrupt normal operation of these networks.  Due to this ethernet
+is not tethered by default.  Do not activate ethernet tethering unless
+you really know what you are doing.")
+  (persistent-tethering-mode?
+   maybe-boolean
+   "Restore earlier tethering status when returning from offline mode,
+re-enabling a technology, and after restarts and reboots.  Default
+value is @code{#f}.")
+  (enable-6to4?
+   maybe-boolean
+   "Automatically enable anycast 6to4 if possible.  This is not
+recommended, as the use of 6to4 will generally lead to a severe
+degradation of connection quality.  See RFC6343.  Default value
+is @code{#f} (as recommended by RFC6343 section 4.1).")
+  (vendor-class-id
+   maybe-string
+   "Set DHCP option 60 (Vendor Class ID) to the given string.  This
+option can be used by DHCP servers to identify specific clients
+without having to rely on MAC address ranges, etc.")
+  (enable-online-check?
+   maybe-boolean
+   "Enable or disable use of HTTP GET as an online status check.  When
+a service is in a READY state, and is selected as default, ConnMan will
+issue an HTTP GET request to verify that end-to-end connectivity is
+successful.  Only then the service will be transitioned to ONLINE
+state.  If this setting is false, the default service will remain
+in READY state.  Default value is @code{#t}.")
+  (online-check-ipv4-url
+   maybe-string
+   "IPv4 URL used during the online status check.  Please refer to
+the README for more detailed  information.  Default value is
+http://ipv4.connman.net/online/status.html.")
+  (online-check-ipv6-url
+   maybe-string
+   "IPv6 URL used during the online status check.  Please refer to
+the README for more detailed  information.  Default value is
+http://ipv6.connman.net/online/status.html.")
+  (online-check-initial-interval
+   maybe-number
+   "Range of intervals between two online check requests.  Please
+refer to the README for more detailed information.  Default values is 1.")
+  (online-check-max-interval
+   maybe-number
+   "Range of intervals between two online check requests.  Please
+refer to the README for more detailed information.  Default values is 1.")
+  (enable-online-to-ready-transition?
+   maybe-boolean
+   "WARNING: Experimental feature!!! In addition to enable-online-check
+setting, enable or disable use of HTTP GET to detect the loss of
+end-to-end connectivity.  If this setting is @code{#f}, when the default
+service transitions to ONLINE state, the HTTP GET request is no more
+called until next cycle, initiated by a transition of the default
+service to DISCONNECT state.  If this setting is @code{#t}, the HTTP GET
+request keeps beeing called to guarantee that end-to-end connectivity
+is still successful.  If not, the default service will transition
+to READY state, enabling another service to become the default one,
+in replacement.  Default value is @code{#f}.")
+  (auto-connect-roaming-services?
+   maybe-boolean
+   "Automatically connect roaming services.  This is not recommended
+unless you know you won't have any billing problem.  Default value
+is @code{#f}.")
+  (address-conflict-detection?
+   maybe-boolean
+   "Enable or disable the implementation of IPv4 address conflict
+detection according to RFC5227.  ConnMan will send probe ARP packets
+to see if an IPv4 address is already in use before assigning the
+address to an interface.  If an address conflict occurs for a
+statically configured address, an IPv4LL address will be chosen
+instead (according to RFC3927).  If an address conflict occurs for
+an address offered via DHCP, ConnMan send a DHCP DECLINE once
+and for the second conflict resort to finding an IPv4LL
+address.  Default value is @code{#f}.")
+  (localtime
+   maybe-string
+   "Path to localtime file.  Defaults to /etc/localtime.")
+  (regdom-follows-timezone?
+   maybe-boolean
+   "Enable regdomain to be changed along timezone changes. With
+this option set to true each time the timezone changes the first
+present ISO3166 country code is being read from
+/usr/share/zoneinfo/zone1970.tab and set as regdom value.  Default
+value is @code{#f}.")
+  (resolv-conf
+   maybe-string
+   "Path to resolv.conf file.  If the file does not exist, but
+intermediate directories exist, it will be created.  If this option
+is not set, it tries to write into /var/run/connman/resolv.conf if
+it fails (/var/run/connman does not exist or is not writeable).  If
+you do not want to update resolv.conf, you can set /dev/null.")
+  (prefix connman-general-configuration-))
+
+;; ,in (gnu services networking) (connman-general-configuration-generate-doc)
+(define (connman-general-configuration-generate-doc)
+  (configuration->documentation 'connman-general-configuration))
+
 (define-record-type* <connman-configuration>
   connman-configuration make-connman-configuration
   connman-configuration?
@@ -1337,7 +1573,9 @@  (define-record-type* <connman-configuration>
                 (default #f))
   (iwd?         connman-configuration-iwd?
                 (default #f)
-                (sanitize warn-iwd?-field-deprecation)))
+                (sanitize warn-iwd?-field-deprecation))
+  (general-configuration connman-configuration-general-configuration
+                         (default (connman-general-configuration))))
 
 (define (connman-activation config)
   (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
@@ -1350,10 +1588,17 @@  (define (connman-activation config)
 
 (define (connman-shepherd-service config)
   (match-record config <connman-configuration> (connman shepherd-requirement
-                                                disable-vpn? iwd?)
+                                                disable-vpn? iwd?
+                                                general-configuration)
     (let ((iwd? (or iwd?  ; TODO: deprecated field, remove later.
                     (and shepherd-requirement
-                         (memq 'iwd shepherd-requirement)))))
+                         (memq 'iwd shepherd-requirement))))
+          (config (mixed-text-file
+                   "main.conf"
+                   "[General]\n"
+                   (serialize-configuration
+                    general-configuration
+                    connman-general-configuration-fields))))
       (list (shepherd-service
              (documentation "Run Connman")
              (provision '(connman networking))
@@ -1365,6 +1610,7 @@  (define (connman-shepherd-service config)
              (start #~(make-forkexec-constructor
                        (list (string-append #$connman
                                             "/sbin/connmand")
+                             (string-append "--config=" #$config)
                              "--nodaemon"
                              "--nodnsproxy"
                              #$@(if disable-vpn? '("--noplugin=vpn") '())