mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
gnu: Add AutoSSH service.
* gnu/services/ssh.scm (<autossh-configuration>): New record type. (autossh-service-type): New variable. (autossh-service-activation, autossh-file-name): New procedures. * doc/guix.texi (Networking Services): Document this. Signed-off-by: Oleg Pykhalov <go.wigust@gmail.com>
This commit is contained in:
parent
4c4ae8b595
commit
051f3254cd
2 changed files with 180 additions and 1 deletions
|
@ -79,6 +79,7 @@ Copyright @copyright{} 2020 Naga Malleswari@*
|
||||||
Copyright @copyright{} 2020 Brice Waegeneire@*
|
Copyright @copyright{} 2020 Brice Waegeneire@*
|
||||||
Copyright @copyright{} 2020 R Veera Kumar@*
|
Copyright @copyright{} 2020 R Veera Kumar@*
|
||||||
Copyright @copyright{} 2020 Pierre Langlois@*
|
Copyright @copyright{} 2020 Pierre Langlois@*
|
||||||
|
Copyright @copyright{} 2020 pinoaffe@*
|
||||||
|
|
||||||
Permission is granted to copy, distribute and/or modify this document
|
Permission is granted to copy, distribute and/or modify this document
|
||||||
under the terms of the GNU Free Documentation License, Version 1.3 or
|
under the terms of the GNU Free Documentation License, Version 1.3 or
|
||||||
|
@ -14390,6 +14391,80 @@ Whether to enable password-based authentication.
|
||||||
@end table
|
@end table
|
||||||
@end deftp
|
@end deftp
|
||||||
|
|
||||||
|
@cindex AutoSSH
|
||||||
|
@deffn {Scheme Variable} autossh-service-type
|
||||||
|
This is the type for the @uref{https://www.harding.motd.ca/autossh,
|
||||||
|
AutoSSH} program that runs a copy of @code{ssh} and monitors it,
|
||||||
|
restarting it as necessary should it die or stop passing traffic.
|
||||||
|
AutoSSH can be run manually from the commandline by passing arguments to
|
||||||
|
the binary @code{autossh} from the package @code{autossh}, but it can
|
||||||
|
also be run as a guix service. This latter usecase is documented here.
|
||||||
|
|
||||||
|
AutoSSH can be used to forward local traffic to a remote machine using an SSH tunnel,
|
||||||
|
and it respects the @file{~/.ssh/config} of the user it is run as.
|
||||||
|
|
||||||
|
For example, to specify a service running autossh as the user @code{pino}
|
||||||
|
and forwarding all local connections to port @code{8081} to @code{remote:8081}
|
||||||
|
using an SSH tunnel, add this call to the operating system's @code{services} field:
|
||||||
|
|
||||||
|
@lisp
|
||||||
|
(service autossh-service-type
|
||||||
|
(autossh-configuration
|
||||||
|
(user "pino")
|
||||||
|
(ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.net"))))
|
||||||
|
@end lisp
|
||||||
|
@end deffn
|
||||||
|
|
||||||
|
@deftp {Data Type} autossh-configuration
|
||||||
|
This data type represents the configuration of an AutoSSH service.
|
||||||
|
|
||||||
|
@table @asis
|
||||||
|
|
||||||
|
@item @code{user} (default @code{"autossh"})
|
||||||
|
The user as which the AutoSSH service is to be run.
|
||||||
|
This assumes that the specified user exists.
|
||||||
|
|
||||||
|
@item @code{poll} (default @code{600})
|
||||||
|
Specifies the connection poll time in seconds.
|
||||||
|
|
||||||
|
@item @code{first-poll} (default @code{#f})
|
||||||
|
Specifies how long autossh waits before the first connection test in seconds.
|
||||||
|
After this first test, polling is resumed at the pace defined in @code{poll}.
|
||||||
|
When set to @code{#f}, the first poll is not treated specially and
|
||||||
|
will also use the connection poll specified in @code{poll}
|
||||||
|
|
||||||
|
@item @code{gate-time} (default @code{30})
|
||||||
|
Specifies (in seconds) how long an SSH connection must be active
|
||||||
|
before it is considered successful.
|
||||||
|
|
||||||
|
@item @code{log-level} (default @code{1})
|
||||||
|
The log level, corresponding to the levels used by syslog
|
||||||
|
(so @code{0} is the most silent while @code{7} is the chattiest.)
|
||||||
|
|
||||||
|
@item @code{max-start} (default @code{#f})
|
||||||
|
The maximum number of times SSH may be (re)started before AutoSSH exits.
|
||||||
|
When set to @code{#f}, no maximum is configured and AutoSSH may restart indefinitely.
|
||||||
|
|
||||||
|
@item @code{message} (default @code{""})
|
||||||
|
The message to append to the echo message sent when testing connections.
|
||||||
|
|
||||||
|
@item @code{port} (default @code{"0"})
|
||||||
|
The ports used for monitoring the connection. When set to @code{"0"},
|
||||||
|
monitoring is disabled. When set to @code{"n"} where @code{n} is a positive integer,
|
||||||
|
ports @code{n} and @code{n+1} are used for monitoring the connection, such that
|
||||||
|
port @code{n} is the base monitoring port and @code{n+1} is the echo port.
|
||||||
|
When set to @code{"n:m"} where @code{n} and @code{m} are positive integers,
|
||||||
|
the ports @code{n} and @code{n+1} are used for monitoring the connection, such
|
||||||
|
that port @code{n} is the base monitoring port and @code{m} is the echo port.
|
||||||
|
|
||||||
|
@item @code{ssh-options} (default @code{'()})
|
||||||
|
The list of commandline arguments to pass to ssh when it is run.
|
||||||
|
Options @code{-f} and @code{-M ....} are reserved for AutoSSH
|
||||||
|
and may cause undefined behaviour.
|
||||||
|
|
||||||
|
@end table
|
||||||
|
@end deftp
|
||||||
|
|
||||||
@defvr {Scheme Variable} %facebook-host-aliases
|
@defvr {Scheme Variable} %facebook-host-aliases
|
||||||
This variable contains a string for use in @file{/etc/hosts}
|
This variable contains a string for use in @file{/etc/hosts}
|
||||||
(@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each
|
(@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
|
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
|
||||||
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
|
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
|
||||||
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
|
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
|
||||||
|
;;; Copyright © 2020 pinoaffe <pinoaffe@airmail.cc>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -45,7 +46,11 @@ (define-module (gnu services ssh)
|
||||||
dropbear-configuration
|
dropbear-configuration
|
||||||
dropbear-configuration?
|
dropbear-configuration?
|
||||||
dropbear-service-type
|
dropbear-service-type
|
||||||
dropbear-service))
|
dropbear-service
|
||||||
|
|
||||||
|
autossh-configuration
|
||||||
|
autossh-configuration?
|
||||||
|
autossh-service-type))
|
||||||
|
|
||||||
;;; Commentary:
|
;;; Commentary:
|
||||||
;;;
|
;;;
|
||||||
|
@ -628,4 +633,103 @@ (define* (dropbear-service #:optional (config (dropbear-configuration)))
|
||||||
object."
|
object."
|
||||||
(service dropbear-service-type config))
|
(service dropbear-service-type config))
|
||||||
|
|
||||||
|
|
||||||
|
;;;
|
||||||
|
;;; AutoSSH.
|
||||||
|
;;;
|
||||||
|
|
||||||
|
|
||||||
|
(define-record-type* <autossh-configuration>
|
||||||
|
autossh-configuration make-autossh-configuration
|
||||||
|
autossh-configuration?
|
||||||
|
(user autossh-configuration-user
|
||||||
|
(default "autossh"))
|
||||||
|
(poll autossh-configuration-poll
|
||||||
|
(default 600))
|
||||||
|
(first-poll autossh-configuration-first-poll
|
||||||
|
(default #f))
|
||||||
|
(gate-time autossh-configuration-gate-time
|
||||||
|
(default 30))
|
||||||
|
(log-level autossh-configuration-log-level
|
||||||
|
(default 1))
|
||||||
|
(max-start autossh-configuration-max-start
|
||||||
|
(default #f))
|
||||||
|
(message autossh-configuration-message
|
||||||
|
(default ""))
|
||||||
|
(port autossh-configuration-port
|
||||||
|
(default "0"))
|
||||||
|
(ssh-options autossh-configuration-ssh-options
|
||||||
|
(default '())))
|
||||||
|
|
||||||
|
(define (autossh-file-name config file)
|
||||||
|
"Return a path in /var/run/autossh/ that is writable
|
||||||
|
by @code{user} from @code{config}."
|
||||||
|
(string-append "/var/run/autossh/"
|
||||||
|
(autossh-configuration-user config)
|
||||||
|
"/" file))
|
||||||
|
|
||||||
|
(define (autossh-shepherd-service config)
|
||||||
|
(shepherd-service
|
||||||
|
(documentation "Automatically set up ssh connections (and keep them alive).")
|
||||||
|
(provision '(autossh))
|
||||||
|
(start #~(make-forkexec-constructor
|
||||||
|
(list #$(file-append autossh "/bin/autossh")
|
||||||
|
#$@(autossh-configuration-ssh-options config))
|
||||||
|
#:user #$(autossh-configuration-user config)
|
||||||
|
#:group (passwd:gid (getpw #$(autossh-configuration-user config)))
|
||||||
|
#:pid-file #$(autossh-file-name config "pid")
|
||||||
|
#:log-file #$(autossh-file-name config "log")
|
||||||
|
#:environment-variables
|
||||||
|
'(#$(string-append "AUTOSSH_PIDFILE="
|
||||||
|
(autossh-file-name config "pid"))
|
||||||
|
#$(string-append "AUTOSSH_LOGFILE="
|
||||||
|
(autossh-file-name config "log"))
|
||||||
|
#$(string-append "AUTOSSH_POLL="
|
||||||
|
(number->string
|
||||||
|
(autossh-configuration-poll config)))
|
||||||
|
#$(string-append "AUTOSSH_FIRST_POLL="
|
||||||
|
(number->string
|
||||||
|
(or
|
||||||
|
(autossh-configuration-first-poll config)
|
||||||
|
(autossh-configuration-poll config))))
|
||||||
|
#$(string-append "AUTOSSH_GATETIME="
|
||||||
|
(number->string
|
||||||
|
(autossh-configuration-gate-time config)))
|
||||||
|
#$(string-append "AUTOSSH_LOGLEVEL="
|
||||||
|
(number->string
|
||||||
|
(autossh-configuration-log-level config)))
|
||||||
|
#$(string-append "AUTOSSH_MAXSTART="
|
||||||
|
(number->string
|
||||||
|
(or (autossh-configuration-max-start config)
|
||||||
|
-1)))
|
||||||
|
#$(string-append "AUTOSSH_MESSAGE="
|
||||||
|
(autossh-configuration-message config))
|
||||||
|
#$(string-append "AUTOSSH_PORT="
|
||||||
|
(autossh-configuration-port config)))))
|
||||||
|
(stop #~(make-kill-destructor))))
|
||||||
|
|
||||||
|
(define (autossh-service-activation config)
|
||||||
|
(with-imported-modules '((guix build utils))
|
||||||
|
#~(begin
|
||||||
|
(use-modules (guix build utils))
|
||||||
|
(define %user
|
||||||
|
(getpw #$(autossh-configuration-user config)))
|
||||||
|
(let* ((directory #$(autossh-file-name config ""))
|
||||||
|
(log (string-append directory "/log")))
|
||||||
|
(mkdir-p directory)
|
||||||
|
(chown directory (passwd:uid %user) (passwd:gid %user))
|
||||||
|
(call-with-output-file log (const #t))
|
||||||
|
(chown log (passwd:uid %user) (passwd:gid %user))))))
|
||||||
|
|
||||||
|
(define autossh-service-type
|
||||||
|
(service-type
|
||||||
|
(name 'autossh)
|
||||||
|
(description "Automatically set up ssh connections (and keep them alive).")
|
||||||
|
(extensions
|
||||||
|
(list (service-extension shepherd-root-service-type
|
||||||
|
(compose list autossh-shepherd-service))
|
||||||
|
(service-extension activation-service-type
|
||||||
|
autossh-service-activation)))
|
||||||
|
(default-value (autossh-configuration))))
|
||||||
|
|
||||||
;;; ssh.scm ends here
|
;;; ssh.scm ends here
|
||||||
|
|
Loading…
Reference in a new issue