From patchwork Mon Jun 26 21:59:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruno Victal X-Patchwork-Id: 51376 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C4FD827BBE9; Mon, 26 Jun 2023 23:02:21 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2EF1527BBE2 for ; Mon, 26 Jun 2023 23:02:19 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qDuGq-0005WJ-Jv; Mon, 26 Jun 2023 18:01:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qDuGj-00052L-Um for guix-patches@gnu.org; Mon, 26 Jun 2023 18:01:10 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qDuGf-0005XK-Sm for guix-patches@gnu.org; Mon, 26 Jun 2023 18:01:07 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qDuGf-0008TP-OT for guix-patches@gnu.org; Mon, 26 Jun 2023 18:01:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63985] [PATCH v3 08/11] services: NetworkManager: Use define-configuration and generic-ini. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 26 Jun 2023 22:01:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63985 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63985@debbugs.gnu.org Cc: Bruno Victal Received: via spool by 63985-submit@debbugs.gnu.org id=B63985.168781684832477 (code B ref 63985); Mon, 26 Jun 2023 22:01:05 +0000 Received: (at 63985) by debbugs.gnu.org; 26 Jun 2023 22:00:48 +0000 Received: from localhost ([127.0.0.1]:47192 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qDuGN-0008RZ-LZ for submit@debbugs.gnu.org; Mon, 26 Jun 2023 18:00:48 -0400 Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:37982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qDuGE-0008R9-GU for 63985@debbugs.gnu.org; Mon, 26 Jun 2023 18:00:39 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv1.myservices.hosting (Postfix) with ESMTP id 00A4220E27 for <63985@debbugs.gnu.org>; Tue, 27 Jun 2023 00:00:31 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 245D98009B; Tue, 27 Jun 2023 00:00:26 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aBm-A5OjAj0H; Tue, 27 Jun 2023 00:00:25 +0200 (CEST) Received: from guix-nuc.home.arpa (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 691588009A; Tue, 27 Jun 2023 00:00:25 +0200 (CEST) From: Bruno Victal Date: Mon, 26 Jun 2023 22:59:34 +0100 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/networking.scm (): Define with define-configuration. (warn-iwd?-field-deprecation): Use regular define. (network-manager-accounts): Use match-record. (network-manager-environment): Subsume logic from vpn-plugin-directory. (network-manager-shepherd-service): Subsume logic from network-manager-activation. (vpn-plugin-directory, network-manager-activation): Remove. (network-manager-service-type): Adjust to changes listed above. --- gnu/services/networking.scm | 199 +++++++++++++++++++++++------------- 1 file changed, 127 insertions(+), 72 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 5657b141d9..a4d3affa6c 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -41,6 +41,7 @@ (define-module (gnu services networking) #:use-module (gnu services) #:use-module (gnu services base) #:use-module (gnu services configuration) + #:use-module (gnu services configuration generic-ini) #:use-module (gnu services linux) #:use-module (gnu services shepherd) #:use-module (gnu services dbus) @@ -1157,92 +1158,145 @@ (define-record-type* ;;; ;; TODO: deprecated field, remove later. -(define-with-syntax-properties (warn-iwd?-field-deprecation - (value properties)) +(define (warn-iwd?-field-deprecation value) (when value - (warning (source-properties->location properties) - (G_ "the 'iwd?' field is deprecated, please use \ + (warning (G_ "the 'iwd?' field is deprecated, please use \ 'shepherd-requirement' field instead~%"))) value) -(define-record-type* - network-manager-configuration make-network-manager-configuration - network-manager-configuration? - (network-manager network-manager-configuration-network-manager - (default network-manager)) - (shepherd-requirement network-manager-configuration-shepherd-requirement - (default '(wpa-supplicant))) - (dns network-manager-configuration-dns - (default "default")) - (vpn-plugins network-manager-configuration-vpn-plugins ;list of file-like - (default '())) - (iwd? network-manager-configuration-iwd? ; TODO: deprecated field, remove. - (default #f) - (sanitize warn-iwd?-field-deprecation))) +(define-configuration network-manager-configuration + (network-manager + (package network-manager) + "The NetworkManager package to use." + empty-serializer) + + (shepherd-requirement + (list-of-symbols '(wpa-supplicant)) + "This option can be used to provide a list of symbols naming Shepherd +services that this service will depend on, such as @code{'wpa-supplicant} or +@code{'iwd} if you require authenticated access for encrypted WiFi or Ethernet +networks." + empty-serializer) + + (dns + (string "default") + "Processing mode for DNS, which affects how NetworkManager uses the +@code{resolv.conf} configuration file. + +@table @samp +@item default +NetworkManager will update @code{resolv.conf} to reflect the nameservers +provided by currently active connections. + +@item dnsmasq +NetworkManager will run @code{dnsmasq} as a local caching nameserver, using a +@dfn{conditional forwarding} configuration if you are connected to a VPN, and +then update @code{resolv.conf} to point to the local nameserver. + +With this setting, you can share your network connection. For example when +you want to share your network connection to another laptop @i{via} an +Ethernet cable, you can open @command{nm-connection-editor} and configure the +Wired connection's method for IPv4 and IPv6 to be ``Shared to other computers'' +and reestablish the connection (or reboot). + +You can also set up a @dfn{host-to-guest connection} to QEMU VMs +(@pxref{Installing Guix in a VM}). With a host-to-guest connection, you can +e.g.@: access a Web server running on the VM (@pxref{Web Services}) from a Web +browser on your host system, or connect to the VM @i{via} SSH +(@pxref{Networking Services, @code{openssh-service-type}}). To set up a +host-to-guest connection, run this command once: -(define (network-manager-activation config) - ;; Activation gexp for NetworkManager - (match-record config - (network-manager dns vpn-plugins) - #~(begin - (use-modules (guix build utils)) - (mkdir-p "/etc/NetworkManager/system-connections") - #$@(if (equal? dns "dnsmasq") - ;; create directory to store dnsmasq lease file - '((mkdir-p "/var/lib/misc")) - '())))) +@example +nmcli connection add type tun \ + connection.interface-name tap0 \ + tun.mode tap tun.owner $(id -u) \ + ipv4.method shared \ + ipv4.addresses 172.28.112.1/24 +@end example -(define (vpn-plugin-directory plugins) - "Return a directory containing PLUGINS, the NM VPN plugins." - (directory-union "network-manager-vpn-plugins" plugins)) +Then each time you launch your QEMU VM (@pxref{Running Guix in a VM}), pass +@option{-nic tap,ifname=tap0,script=no,downscript=no} to +@command{qemu-system-...}. + +@item none +NetworkManager will not modify @code{resolv.conf}. +@end table" + (serializer-options '(#:section main))) + + (vpn-plugins + (list-of-packages '()) + "This is the list of available plugins for virtual private networks +(VPNs). An example of this is the @code{network-manager-openvpn} +package, which allows NetworkManager to manage VPNs @i{via} OpenVPN." + empty-serializer) + + ;; Deprecated options + (iwd? + (boolean #f) + "Deprecated." + (sanitizer warn-iwd?-field-deprecation) + (serializer-options '(#:section device)) + (serializer + (lambda (_ value . rest) + (let ((value (if value "iwd" "wpa_supplicant"))) + (apply generic-ini-serialize-string + 'wifi.backend value rest))))) + + (prefix generic-ini-)) + +(define (network-manager-serialize-configuration config) + (mixed-text-file + "NetworkManager.conf" + (serialize-ini-configuration config + network-manager-configuration-fields))) (define (network-manager-accounts config) "Return the list of and for CONFIG." - (define nologin - (file-append shadow "/sbin/nologin")) - - (define accounts - (append-map (lambda (package) - (map (lambda (name) - (user-account (system? #t) - (name name) - (group "network-manager") - (comment "NetworkManager helper") - (home-directory "/var/empty") - (create-home-directory? #f) - (shell nologin))) - (or (assoc-ref (package-properties package) - 'user-accounts) - '()))) - (network-manager-configuration-vpn-plugins config))) - - (match accounts - (() - '()) - (_ - (cons (user-group (name "network-manager") (system? #t)) - accounts)))) + (match-record config + (vpn-plugins) + (let* ((nologin (file-append shadow "/sbin/nologin")) + (accounts + (append-map (lambda (package) + (map (lambda (name) + (user-account + (system? #t) + (name name) + (group "network-manager") + (comment "NetworkManager helper") + (home-directory "/var/empty") + (create-home-directory? #f) + (shell nologin))) + (or (assoc-ref (package-properties package) + 'user-accounts) + '()))) + vpn-plugins))) + (cond + ((null? accounts) '()) + (else (cons (user-group (name "network-manager") + (system? #t)) + accounts)))))) (define (network-manager-environment config) + "Define NM_VPN_PLUGIN_DIR variable in the global environment such that +\"nmcli connection import type openvpn file foo.ovpn\" works." (match-record config - (network-manager dns vpn-plugins) - ;; Define this variable in the global environment such that - ;; "nmcli connection import type openvpn file foo.ovpn" works. - `(("NM_VPN_PLUGIN_DIR" - . ,(file-append (vpn-plugin-directory vpn-plugins) - "/lib/NetworkManager/VPN"))))) + (vpn-plugins) + (let ((plugin-union (directory-union "network-manager-vpn-plugins" + vpn-plugins))) + `(("NM_VPN_PLUGIN_DIR" . ,(file-append plugin-union + "/lib/NetworkManager/VPN")))))) (define (network-manager-shepherd-service config) (match-record config - (network-manager shepherd-requirement dns vpn-plugins iwd?) + (network-manager shepherd-requirement dns iwd?) (let* ((iwd? (or iwd? ; TODO: deprecated field, remove later. (and shepherd-requirement (memq 'iwd shepherd-requirement)))) - (conf (plain-file "NetworkManager.conf" - (string-append - "[main]\ndns=" dns "\n" - (if iwd? "[device]\nwifi.backend=iwd\n" "")))) - (vpn (vpn-plugin-directory vpn-plugins))) + (conf (network-manager-serialize-configuration config)) + (vpn-plugin-env (map (match-lambda + ((key . value) + #~(string-append #$key "=" #$value))) + (network-manager-environment config)))) (list (shepherd-service (documentation "Run the NetworkManager.") (provision '(NetworkManager networking)) @@ -1254,6 +1308,10 @@ (define (network-manager-shepherd-service config) (actions (list (shepherd-configuration-action conf))) (start #~(lambda _ + (mkdir-p "/etc/NetworkManager/system-connections") + ;; Create directory to store dnsmasq lease file. + #$@(if (equal? dns "dnsmasq") + '((mkdir-p "/var/lib/misc")) '()) (let ((pid (fork+exec-command (list #$(file-append network-manager @@ -1261,8 +1319,7 @@ (define (network-manager-shepherd-service config) (string-append "--config=" #$conf) "--no-daemon") #:environment-variables - (list (string-append "NM_VPN_PLUGIN_DIR=" #$vpn - "/lib/NetworkManager/VPN") + (list #$@vpn-plugin-env ;; Override non-existent default users "NM_OPENVPN_USER=" "NM_OPENVPN_GROUP=" @@ -1301,8 +1358,6 @@ (define network-manager-service-type network-manager-configuration-network-manager)) (service-extension account-service-type network-manager-accounts) - (service-extension activation-service-type - network-manager-activation) (service-extension session-environment-service-type network-manager-environment) ;; Add network-manager to the system profile.