From 1bdeec5d66cfeea3a5fc5d69690dd32cb32ee104 Mon Sep 17 00:00:00 2001 From: muradm Date: Sun, 17 Dec 2023 15:49:21 +0300 Subject: [PATCH] services: connman: Add 'connman-general-configuration'. Currently connman has no main.conf as specified in 'man 5 connman.conf' which would allow setting NetworkInterfaceBalcklist and other useful options. This patch adds connman-general-configuration, serializes it and passes to connmad with --config= flag. All configuration fields are 'maybe-*' deliberately, to not disturb current users and not require supporting configuration changes for connmand. * gnu/services/networking.scm (): New configuration record to represent main.conf for connmand. ()[general-configuration]: New field. (connman-shepherd-service): Honor it. *doc/guix.texi (Networking Services): Add generated configuration. Change-Id: I5d78f49e8b2d5e0b3cbd7b8b604e8a254b6397e8 Signed-off-by: Maxim Cournoyer Modified-by: Maxim Cournoyer --- doc/guix.texi | 205 +++++++++++++++++++++++++++++ gnu/services/networking.scm | 255 +++++++++++++++++++++++++++++++++++- 2 files changed, 457 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index df6ce91736..110853b98c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20949,9 +20949,214 @@ networks. @item @code{disable-vpn?} (default: @code{#f}) When true, disable connman's vpn plugin. +@item @code{general-configuration} (default: @code{(connman-general-configuration)}) +Configuration serialized to @file{main.conf} and passed as @option{--config} +to @command{connmand}. + @end table @end deftp +@c %start of fragment + +@deftp {Data Type} connman-general-configuration +Available @code{connman-general-configuration} fields are: + +@table @asis +@item @code{input-request-timeout} (type: maybe-number) +Set input request timeout. Default is 120 seconds. The request for +inputs like passphrase will timeout after certain amount of time. Use +this setting to increase the value in case of different user interface +designs. + +@item @code{browser-launch-timeout} (type: maybe-number) +Set browser launch timeout. Default is 300 seconds. The request for +launching a browser for portal pages will timeout after certain amount +of time. Use this setting to increase the value in case of different +user interface designs. + +@item @code{background-scanning?} (type: maybe-boolean) +Enable background scanning. Default is true. If wifi is disconnected, +the background scanning will follow a simple back off mechanism from 3s +up to 5 minutes. Then, it will stay in 5 minutes unless user +specifically asks for scanning through a D-Bus call. If so, the +mechanism will start again from 3s. This feature activates also the +background scanning while being connected, which is required for roaming +on wifi. When @code{background-scanning?} is false, ConnMan will not +perform any scan regardless of wifi is connected or not, unless it is +requested by the user through a D-Bus call. + +@item @code{use-gateways-as-timeservers?} (type: maybe-boolean) +Assume that service gateways also function as timeservers. Default is +false. + +@item @code{fallback-timeservers} (type: maybe-list) +List of Fallback timeservers. These timeservers are used for NTP sync +when there are no timeservers set by the user or by the service, and +when @code{use-gateways-as-timeservers?} is @code{#f}. These can +contain a mixed combination of fully qualified domain names, IPv4 and +IPv6 addresses. + +@item @code{fallback-nameservers} (type: maybe-list) +List of fallback nameservers appended to the list of nameservers given +by the service. The nameserver entries must be in numeric format, host +names are ignored. + +@item @code{default-auto-connect-technologies} (type: maybe-list) +List of technologies that are marked autoconnectable by default. The +default value for this entry when empty is @code{"ethernet"}, +@code{"wifi"}, @code{"cellular"}. Services that are automatically +connected must have been set up and saved to storage beforehand. + +@item @code{default-favourite-technologies} (type: maybe-list) +List of technologies that are marked favorite by default. The default +value for this entry when empty is @code{"ethernet"}. Connects to +services from this technology even if not setup and saved to storage. + +@item @code{always-connected-technologies} (type: maybe-list) +List of technologies which are always connected regardless of +preferred-technologies setting (@code{auto-connect?} @code{#t}). The +default value is empty and this feature is disabled unless explicitly +enabled. + +@item @code{preferred-technologies} (type: maybe-list) +List of preferred technologies from the most preferred one to the least +preferred one. Services of the listed technology type will be tried one +by one in the order given, until one of them gets connected or they are +all tried. A service of a preferred technology type in state 'ready' +will get the default route when compared to another preferred type +further down the list with state 'ready' or with a non-preferred type; a +service of a preferred technology type in state 'online' will get the +default route when compared to either a non-preferred type or a +preferred type further down in the list. + +@item @code{network-interface-blacklist} (type: maybe-list) +List of blacklisted network interfaces. Found interfaces will be +compared to the list and will not be handled by ConnMan, if their first +characters match any of the list entries. Default value is +@code{"vmnet"}, @code{"vboxnet"}, @code{"virbr"}, @code{"ifb"}. + +@item @code{allow-hostname-updates?} (type: maybe-boolean) +Allow ConnMan to change the system hostname. This can happen for +example if we receive DHCP hostname option. Default value is @code{#t}. + +@item @code{allow-domainname-updates?} (type: maybe-boolean) +Allow connman to change the system domainname. This can happen for +example if we receive DHCP domainname option. Default value is +@code{#t}. + +@item @code{single-connected-technology?} (type: maybe-boolean) +Keep only a single connected technology at any time. When a new service +is connected by the user or a better one is found according to +preferred-technologies, the new service is kept connected and all the +other previously connected services are disconnected. With this setting +it does not matter whether the previously connected services are in +'online' or 'ready' states, the newly connected service is the only one +that will be kept connected. A service connected by the user will be +used until going out of network coverage. With this setting enabled +applications will notice more network breaks than normal. Note this +options can't be used with VPNs. Default value is @code{#f}. + +@item @code{tethering-technologies} (type: maybe-list) +List of technologies that are allowed to enable tethering. The default +value is @code{"wifi"}, @code{"bluetooth"}, @code{"gadget"}. Only those +technologies listed here are used for tethering. If one wants to tether +ethernet, then add @code{"ethernet"} in the list. Note that if ethernet +tethering is enabled, then a DHCP server is started on all ethernet +interfaces. Tethered ethernet should never be connected to corporate or +home network as it will disrupt normal operation of these networks. Due +to this ethernet is not tethered by default. Do not activate ethernet +tethering unless you really know what you are doing. + +@item @code{persistent-tethering-mode?} (type: maybe-boolean) +Restore earlier tethering status when returning from offline mode, +re-enabling a technology, and after restarts and reboots. Default value +is @code{#f}. + +@item @code{enable-6to4?} (type: maybe-boolean) +Automatically enable anycast 6to4 if possible. This is not recommended, +as the use of 6to4 will generally lead to a severe degradation of +connection quality. See RFC6343. Default value is @code{#f} (as +recommended by RFC6343 section 4.1). + +@item @code{vendor-class-id} (type: maybe-string) +Set DHCP option 60 (Vendor Class ID) to the given string. This option +can be used by DHCP servers to identify specific clients without having +to rely on MAC address ranges, etc. + +@item @code{enable-online-check?} (type: maybe-boolean) +Enable or disable use of HTTP GET as an online status check. When a +service is in a READY state, and is selected as default, ConnMan will +issue an HTTP GET request to verify that end-to-end connectivity is +successful. Only then the service will be transitioned to ONLINE state. +If this setting is false, the default service will remain in READY +state. Default value is @code{#t}. + +@item @code{online-check-ipv4-url} (type: maybe-string) +IPv4 URL used during the online status check. Please refer to the +README for more detailed information. Default value is +@uref{http://ipv4.connman.net/online/status.html}. + +@item @code{online-check-ipv6-url} (type: maybe-string) +IPv6 URL used during the online status check. Please refer to the +README for more detailed information. Default value is +@uref{http://ipv6.connman.net/online/status.html}. + +@item @code{online-check-initial-interval} (type: maybe-number) +Range of intervals between two online check requests. Please refer to +the README for more detailed information. Default value is @samp{1}. + +@item @code{online-check-max-interval} (type: maybe-number) +Range of intervals between two online check requests. Please refer to +the README for more detailed information. Default value is @samp{1}. + +@item @code{enable-online-to-ready-transition?} (type: maybe-boolean) +WARNING: This is an experimental feature. In addition to +@code{enable-online-check} setting, enable or disable use of HTTP GET to +detect the loss of end-to-end connectivity. If this setting is +@code{#f}, when the default service transitions to ONLINE state, the +HTTP GET request is no more called until next cycle, initiated by a +transition of the default service to DISCONNECT state. If this setting +is @code{#t}, the HTTP GET request keeps being called to guarantee that +end-to-end connectivity is still successful. If not, the default +service will transition to READY state, enabling another service to +become the default one, in replacement. Default value is @code{#f}. + +@item @code{auto-connect-roaming-services?} (type: maybe-boolean) +Automatically connect roaming services. This is not recommended unless +you know you won't have any billing problem. Default value is +@code{#f}. + +@item @code{address-conflict-detection?} (type: maybe-boolean) +Enable or disable the implementation of IPv4 address conflict detection +according to RFC5227. ConnMan will send probe ARP packets to see if an +IPv4 address is already in use before assigning the address to an +interface. If an address conflict occurs for a statically configured +address, an IPv4LL address will be chosen instead (according to +RFC3927). If an address conflict occurs for an address offered via +DHCP, ConnMan sends a DHCP DECLINE once and for the second conflict +resorts to finding an IPv4LL address. Default value is @code{#f}. + +@item @code{localtime} (type: maybe-string) +Path to localtime file. Defaults to @file{/etc/localtime}. + +@item @code{regulatory-domain-follows-timezone?} (type: maybe-boolean) +Enable regulatory domain to be changed along timezone changes. With +this option set to true each time the timezone changes the first present +ISO3166 country code is read from +@file{/usr/share/zoneinfo/zone1970.tab} and set as regulatory domain +value. Default value is @code{#f}. + +@item @code{resolv-conf} (type: maybe-string) +Path to resolv.conf file. If the file does not exist, but intermediate +directories exist, it will be created. If this option is not set, it +tries to write into @file{/var/run/connman/resolv.conf} if it fails +(@file{/var/run/connman} does not exist or is not writeable). If you do +not want to update resolv.conf, you can set @file{/dev/null}. + +@end table + +@end deftp + @cindex WPA Supplicant @defvar wpa-supplicant-service-type This is the service type to run @url{https://w1.fi/wpa_supplicant/,WPA diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 7c114fa53c..495d049728 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -21,6 +21,7 @@ ;;; Copyright © 2022, 2023 Andrew Tropin ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2023 muradm ;;; ;;; This file is part of GNU Guix. ;;; @@ -78,6 +79,7 @@ (define-module (gnu services networking) #:use-module (srfi srfi-26) #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (ice-9 string-fun) #:use-module (json) #:re-export (static-networking-service static-networking-service-type) @@ -171,6 +173,8 @@ (define-module (gnu services networking) network-manager-configuration-vpn-plugins network-manager-service-type + connman-general-configuration + connman-general-configuration? connman-configuration connman-configuration? connman-configuration-connman @@ -1326,6 +1330,241 @@ (define network-manager-service-type ;;; Connman ;;; +(define (connman-general-configuration-field-name field-name) + (let* ((str->camel (lambda (s) + (string-concatenate + (map string-capitalize (string-split s #\-))))) + (str (if (symbol? field-name) + (str->camel (symbol->string field-name)) + field-name))) + (cond + ((string-suffix? "?" str) (connman-general-configuration-field-name + (string-drop-right str 1))) + ((string-contains str "RegulatoryDomain") (connman-general-configuration-field-name + (string-replace-substring str "RegulatoryDomain" "Regdom"))) + ((string-contains str "Url") (connman-general-configuration-field-name + (string-replace-substring str "Url" "URL"))) + ((string-contains str "Ip") (connman-general-configuration-field-name + (string-replace-substring str "Ip" "IP"))) + ((string-contains str "6To4") (connman-general-configuration-field-name + (string-replace-substring str "6To4" "6to4"))) + (#t str)))) + +(define (connman-general-configuration-serialize-string field-name value) + (let ((param (connman-general-configuration-field-name field-name))) + #~(string-append #$param " = " #$value "\n"))) + +(define (connman-general-configuration-serialize-number field-name value) + (connman-general-configuration-serialize-string + field-name (number->string value))) + +(define (connman-general-configuration-serialize-list field-name value) + (connman-general-configuration-serialize-string + field-name (string-join value ","))) + +(define (connman-general-configuration-serialize-boolean field-name value) + (connman-general-configuration-serialize-string + field-name (if value "true" "false"))) + +(define-maybe boolean (prefix connman-general-configuration-)) +(define-maybe number (prefix connman-general-configuration-)) +(define-maybe string (prefix connman-general-configuration-)) +(define-maybe list (prefix connman-general-configuration-)) + +(define-configuration connman-general-configuration + (input-request-timeout + maybe-number + "Set input request timeout. Default is 120 seconds. The request for inputs +like passphrase will timeout after certain amount of time. Use this setting to +increase the value in case of different user interface designs.") + (browser-launch-timeout + maybe-number + "Set browser launch timeout. Default is 300 seconds. The request for +launching a browser for portal pages will timeout after certain amount of +time. Use this setting to increase the value in case of different user +interface designs.") + (background-scanning? + maybe-boolean + "Enable background scanning. Default is true. If wifi is disconnected, the +background scanning will follow a simple back off mechanism from 3s up to 5 +minutes. Then, it will stay in 5 minutes unless user specifically asks for +scanning through a D-Bus call. If so, the mechanism will start again from +3s. This feature activates also the background scanning while being connected, +which is required for roaming on wifi. When @code{background-scanning?} is false, +ConnMan will not perform any scan regardless of wifi is connected or not, +unless it is requested by the user through a D-Bus call.") + (use-gateways-as-timeservers? + maybe-boolean + "Assume that service gateways also function as timeservers. Default is false.") + (fallback-timeservers + maybe-list + "List of Fallback timeservers. These timeservers are used for NTP sync +when there are no timeservers set by the user or by the service, and when +@code{use-gateways-as-timeservers?} is @code{#f}. These can contain a mixed +combination of fully qualified domain names, IPv4 and IPv6 addresses.") + (fallback-nameservers + maybe-list + "List of fallback nameservers appended to the list of nameservers given +by the service. The nameserver entries must be in numeric format, +host names are ignored.") + (default-auto-connect-technologies + maybe-list + "List of technologies that are marked autoconnectable by default. The +default value for this entry when empty is @code{\"ethernet\"}, @code{\"wifi\"}, +@code{\"cellular\"}. Services that are automatically connected must have been +set up and saved to storage beforehand.") + (default-favourite-technologies + maybe-list + "List of technologies that are marked favorite by default. The default +value for this entry when empty is @code{\"ethernet\"}. Connects to services +from this technology even if not setup and saved to storage.") + (always-connected-technologies + maybe-list + "List of technologies which are always connected regardless of +preferred-technologies setting (@code{auto-connect?} @code{#t}). The default +value is empty and this feature is disabled unless explicitly enabled.") + (preferred-technologies + maybe-list + "List of preferred technologies from the most preferred one to the least +preferred one. Services of the listed technology type will be tried one by +one in the order given, until one of them gets connected or they are all +tried. A service of a preferred technology type in state 'ready' will get +the default route when compared to another preferred type further down the +list with state 'ready' or with a non-preferred type; a service of a +preferred technology type in state 'online' will get the default route when +compared to either a non-preferred type or a preferred type further down +in the list.") + (network-interface-blacklist + maybe-list + "List of blacklisted network interfaces. Found interfaces will be +compared to the list and will not be handled by ConnMan, if their first +characters match any of the list entries. Default value is @code{\"vmnet\"}, +@code{\"vboxnet\"}, @code{\"virbr\"}, @code{\"ifb\"}.") + (allow-hostname-updates? + maybe-boolean + "Allow ConnMan to change the system hostname. This can happen for +example if we receive DHCP hostname option. Default value is @code{#t}.") + (allow-domainname-updates? + maybe-boolean + "Allow connman to change the system domainname. This can happen for +example if we receive DHCP domainname option. Default value is @code{#t}.") + (single-connected-technology? + maybe-boolean + "Keep only a single connected technology at any time. When a new +service is connected by the user or a better one is found according to +preferred-technologies, the new service is kept connected and all the +other previously connected services are disconnected. With this setting +it does not matter whether the previously connected services are +in 'online' or 'ready' states, the newly connected service is the only +one that will be kept connected. A service connected by the user will +be used until going out of network coverage. With this setting enabled +applications will notice more network breaks than normal. Note this +options can't be used with VPNs. Default value is @code{#f}.") + (tethering-technologies + maybe-list + "List of technologies that are allowed to enable tethering. The +default value is @code{\"wifi\"}, @code{\"bluetooth\"}, +@code{\"gadget\"}. Only those technologies listed here are used for +tethering. If one wants to tether ethernet, then add @code{\"ethernet\"} +in the list. Note that if ethernet tethering is enabled, then a DHCP +server is started on all ethernet interfaces. Tethered ethernet should +never be connected to corporate or home network as it will disrupt normal +operation of these networks. Due to this ethernet is not tethered by +default. Do not activate ethernet tethering unless you really know +what you are doing.") + (persistent-tethering-mode? + maybe-boolean + "Restore earlier tethering status when returning from offline mode, +re-enabling a technology, and after restarts and reboots. Default +value is @code{#f}.") + (enable-6to4? + maybe-boolean + "Automatically enable anycast 6to4 if possible. This is not +recommended, as the use of 6to4 will generally lead to a severe +degradation of connection quality. See RFC6343. Default value +is @code{#f} (as recommended by RFC6343 section 4.1).") + (vendor-class-id + maybe-string + "Set DHCP option 60 (Vendor Class ID) to the given string. This +option can be used by DHCP servers to identify specific clients +without having to rely on MAC address ranges, etc.") + (enable-online-check? + maybe-boolean + "Enable or disable use of HTTP GET as an online status check. When +a service is in a READY state, and is selected as default, ConnMan will +issue an HTTP GET request to verify that end-to-end connectivity is +successful. Only then the service will be transitioned to ONLINE +state. If this setting is false, the default service will remain +in READY state. Default value is @code{#t}.") + (online-check-ipv4-url + maybe-string + "IPv4 URL used during the online status check. Please refer to +the README for more detailed information. Default value is +@url{http://ipv4.connman.net/online/status.html}.") + (online-check-ipv6-url + maybe-string + "IPv6 URL used during the online status check. Please refer to +the README for more detailed information. Default value is +@url{http://ipv6.connman.net/online/status.html}.") + (online-check-initial-interval + maybe-number + "Range of intervals between two online check requests. Please +refer to the README for more detailed information. Default value +is @samp{1}.") + (online-check-max-interval + maybe-number + "Range of intervals between two online check requests. Please +refer to the README for more detailed information. Default value +is @samp{1}.") + (enable-online-to-ready-transition? + maybe-boolean + "WARNING: This is an experimental feature. In addition to +@code{enable-online-check} setting, enable or disable use of HTTP GET +to detect the loss of end-to-end connectivity. If this setting is +@code{#f}, when the default service transitions to ONLINE state, the +HTTP GET request is no more called until next cycle, initiated by a +transition of the default service to DISCONNECT state. If this +setting is @code{#t}, the HTTP GET request keeps being called to +guarantee that end-to-end connectivity is still successful. If not, +the default service will transition to READY state, enabling another +service to become the default one, in replacement. Default value +is @code{#f}.") + (auto-connect-roaming-services? + maybe-boolean + "Automatically connect roaming services. This is not recommended +unless you know you won't have any billing problem. Default value +is @code{#f}.") + (address-conflict-detection? + maybe-boolean + "Enable or disable the implementation of IPv4 address conflict +detection according to RFC5227. ConnMan will send probe ARP packets +to see if an IPv4 address is already in use before assigning the +address to an interface. If an address conflict occurs for a +statically configured address, an IPv4LL address will be chosen +instead (according to RFC3927). If an address conflict occurs for +an address offered via DHCP, ConnMan sends a DHCP DECLINE once +and for the second conflict resorts to finding an IPv4LL +address. Default value is @code{#f}.") + (localtime + maybe-string + "Path to localtime file. Defaults to @file{/etc/localtime}.") + (regulatory-domain-follows-timezone? + maybe-boolean + "Enable regulatory domain to be changed along timezone changes. +With this option set to true each time the timezone changes the first +present ISO3166 country code is read from +@file{/usr/share/zoneinfo/zone1970.tab} and set as regulatory domain +value. Default value is @code{#f}.") + (resolv-conf + maybe-string + "Path to resolv.conf file. If the file does not exist, but +intermediate directories exist, it will be created. If this option +is not set, it tries to write into @file{/var/run/connman/resolv.conf} +if it fails (@file{/var/run/connman} does not exist or is not +writeable). If you do not want to update resolv.conf, you can +set @file{/dev/null}.") + (prefix connman-general-configuration-)) + (define-record-type* connman-configuration make-connman-configuration connman-configuration? @@ -1337,7 +1576,9 @@ (define-record-type* (default #f)) (iwd? connman-configuration-iwd? (default #f) - (sanitize warn-iwd?-field-deprecation))) + (sanitize warn-iwd?-field-deprecation)) + (general-configuration connman-configuration-general-configuration + (default (connman-general-configuration)))) (define (connman-activation config) (let ((disable-vpn? (connman-configuration-disable-vpn? config))) @@ -1350,10 +1591,17 @@ (define (connman-activation config) (define (connman-shepherd-service config) (match-record config (connman shepherd-requirement - disable-vpn? iwd?) + disable-vpn? iwd? + general-configuration) (let ((iwd? (or iwd? ; TODO: deprecated field, remove later. (and shepherd-requirement - (memq 'iwd shepherd-requirement))))) + (memq 'iwd shepherd-requirement)))) + (config (mixed-text-file + "main.conf" + "[General]\n" + (serialize-configuration + general-configuration + connman-general-configuration-fields)))) (list (shepherd-service (documentation "Run Connman") (provision '(connman networking)) @@ -1365,6 +1613,7 @@ (define (connman-shepherd-service config) (start #~(make-forkexec-constructor (list (string-append #$connman "/sbin/connmand") + (string-append "--config=" #$config) "--nodaemon" "--nodnsproxy" #$@(if disable-vpn? '("--noplugin=vpn") '())