diff mbox series

[bug#41803] Yggdrasil package and accompanying shepherd service (mesh network)

Message ID 20200611155656.7ece9c24@riseup.net
State Accepted
Headers show
Series [bug#41803] Yggdrasil package and accompanying shepherd service (mesh network) | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch fail View Laminar job

Commit Message

Csepp June 11, 2020, 1:56 p.m. UTC
from: https://yggdrasil-network.github.io/
"Yggdrasil is an early-stage implementation of a fully end-to-end
encrypted IPv6 network."

I spent the last few days packaging it and now it's in a state where I
think it's usable.

The configuration can include private keys, so that part should NOT go
in the operating system config, because it would get stored in the
world-readable Guix store. Nix works around this by merging the
generated config with a JSON file and sending it to yggdrasil over its
stdin.

I chose not to do that because I couldn't figure out how to open a
service's stdin and because I think the way I did it is much more
elegant in the long run.

The package is lightly patched to take not one but two config files,
and it simply merges them internally. The patch is completely backwards
compatible and unobtrusive. It took me about an hour to write and debug
and most of that was just figuring out Go's syntax and type system.
I will try to get upstream to accept it, or implement similar
functionality.

Still TODO:
documenting the service as an info page.

The gist of using it is:
1. look at example operating system
2. see yggdrasil -genconf -json for config options
(3.) optional: save output as /etc/yggdrasil-secret.conf
(4.) chmod 600 /etc/yggdrasil-secret.conf
(5.) delete everything but the signing and encryption keys
6. add peers as needed, or set autoconf? to #t to connect through a
local peer

It seems to work fine. I could connect to open peers from one
machine and another one could auto-configure itself to connect through
the first one over the LAN. It's pretty nifty.

Comments

Csepp June 14, 2020, 1:35 a.m. UTC | #1
Bump.

Could someone look at this?
Julien Lepiller July 11, 2020, 10:12 p.m. UTC | #2
Le Thu, 11 Jun 2020 15:56:56 +0200,
raingloom <raingloom@riseup.net> a écrit :

> from: https://yggdrasil-network.github.io/
> "Yggdrasil is an early-stage implementation of a fully end-to-end
> encrypted IPv6 network."
> 
> I spent the last few days packaging it and now it's in a state where I
> think it's usable.
> 
> The configuration can include private keys, so that part should NOT go
> in the operating system config, because it would get stored in the
> world-readable Guix store. Nix works around this by merging the
> generated config with a JSON file and sending it to yggdrasil over its
> stdin.
> 
> I chose not to do that because I couldn't figure out how to open a
> service's stdin and because I think the way I did it is much more
> elegant in the long run.
> 
> The package is lightly patched to take not one but two config files,
> and it simply merges them internally. The patch is completely
> backwards compatible and unobtrusive. It took me about an hour to
> write and debug and most of that was just figuring out Go's syntax
> and type system. I will try to get upstream to accept it, or
> implement similar functionality.
> 
> Still TODO:
> documenting the service as an info page.
> 
> The gist of using it is:
> 1. look at example operating system
> 2. see yggdrasil -genconf -json for config options
> (3.) optional: save output as /etc/yggdrasil-secret.conf
> (4.) chmod 600 /etc/yggdrasil-secret.conf
> (5.) delete everything but the signing and encryption keys
> 6. add peers as needed, or set autoconf? to #t to connect through a
> local peer
> 
> It seems to work fine. I could connect to open peers from one
> machine and another one could auto-configure itself to connect through
> the first one over the LAN. It's pretty nifty.

Hi,

this is more of a quick review.

First patch LGTM.

You should split every package you add in the second patch in separate
patches. Also the commit message should say "new variable", no need to
say it's public.

You left a comment about the license for go-github-com-gologme-log.
Have you contacted upstream to tell them about that, what was their
reaction? I think the fact that the readme says bsd implies the
intention is that it is free software, but better safe than sorry.

Otherwise, these packages lgtm.

In the third patch again, the commit message should say "new variable".
You should not use the past tense either, so "Add it".

Is the licenes lgpl3, or lgpl3+?

Not a go programmer, so I'm not reading the patch, but I'm trusting you
that it works :)

For the fourth patch, I don't think you need to list new private
variables in the commit message, nor new dependencies. Only list public
variables, as "New variables".

As you noted, could you add something about it to the manual?

In the system example, should Yggdrasil really be installed in the
system profile? If so, I think you can add a profile-service-type
extension to the service so the package is automatically available. Then
you don't need to specify the package in the os configuration, and it
ensures you install the same package (declared in the service
configuration) for the service and in the system.

Thanks for working on this!
Julien Lepiller Oct. 13, 2020, 11:09 p.m. UTC | #3
Hi,

I went ahead and pushed your first four patches with changes. I'll need
you to work a bit more before I can push the rest.

I've added a copyright line for you in golang.scm.

For the rest of the packages, could you split all your patches into
one patch per package?  For each package, please run "guix lint" and
fix any issue (except for archival, you can't do anything about it).
This includes: using (file-name (git-file-name name version)) inside
the origin record, making sure the synopsis doesn't start with "A", and
the description ends with a full stop.

I also changed you commit messages: don't include the version number
for added packages and add a full stop at the end of messages.

For yggdrasil, please grep for dist_PATCH_DATA in the git log, you'll
find examples of good commit messages :)

For the service, changes to the documentation are usually made in the
same patch, so could you please merge your last three patches? I don't
know if we can use guile-json directly in a service definition without
causing troubles for people who have different versions of guile-json
in their profile already. I'll have to ask people who are more
knowledgeable than me!

To chown the socket, you'll need an activation service type (if the
socket survives restarts of yggdrasil), or to change the start action
of the shepherd service type.

Your changes to the documentation look good, but incomplete.

Could you rebase and send updated patches for the rest of this series?

Thank you!
diff mbox series

Patch

From d2d9ad6c3402924edd6090ffcad50e2c9d2bd448 Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@protonmail.com>
Date: Thu, 11 Jun 2020 14:16:42 +0200
Subject: [PATCH 5/5] gnu: system: add example with yggdrasil

* gnu/system/examples/yggdrasil.tmpl: New file.
---
 gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 gnu/system/examples/yggdrasil.tmpl

diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl
new file mode 100644
index 0000000000..244a899bd0
--- /dev/null
+++ b/gnu/system/examples/yggdrasil.tmpl
@@ -0,0 +1,61 @@ 
+;; This is an operating system configuration template
+;; for a "bare bones" setup, with no X11 display server.
+
+(use-modules (gnu))
+(use-service-modules networking ssh)
+(use-package-modules admin networking screen)
+
+(operating-system
+  (host-name "ruby-guard-5545")
+  (timezone "Europe/Budapest")
+  (locale "en_US.utf8")
+
+  ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
+  ;; target hard disk, and "my-root" is the label of the target
+  ;; root file system.
+  (bootloader (bootloader-configuration
+                (bootloader grub-bootloader)
+                (target "/dev/sdX")))
+  (file-systems (cons (file-system
+                        (device (file-system-label "my-root"))
+                        (mount-point "/")
+                        (type "ext4"))
+                      %base-file-systems))
+
+  ;; This is where user accounts are specified.  The "root"
+  ;; account is implicit, and is initially created with the
+  ;; empty password.
+  (users (cons (user-account
+                (name "alice")
+                (comment "Bob's sister")
+                (group "users")
+
+                ;; Adding the account to the "wheel" group
+                ;; makes it a sudoer.  Adding it to "audio"
+                ;; and "video" allows the user to play sound
+                ;; and access the webcam.
+                (supplementary-groups '("wheel"
+                                        "audio" "video")))
+               %base-user-accounts))
+
+  ;; Globally-installed packages.
+  (packages (cons* screen yggdrasil htop %base-packages))
+
+  ;; Add services to the baseline: a DHCP client and
+  ;; an SSH server.
+  (services
+   (append
+    (list
+     (service dhcp-client-service-type)
+     (service yggdrasil-service-type
+              (yggdrasil-configuration
+               (log-to 'stdout)
+               (log-level 'debug)
+               (autoconf? #f)
+               (json-config
+               ;; choose one from https://github.com/yggdrasil-network/public-peers
+                '((peers . #("tcp://1.2.3.4:1337"))))))
+     (service openssh-service-type
+              (openssh-configuration
+               (port-number 2222))))
+    %base-services)))
-- 
2.26.2