services: connman: Add 'connman-general-configuration'.

Currently connman has no main.conf as specified in 'man 5 connman.conf' which
would allow setting NetworkInterfaceBalcklist and other useful options.

This patch adds connman-general-configuration, serializes it and
passes to connmad with --config= flag.

All configuration fields are 'maybe-*' deliberately, to not disturb current
users and not require supporting configuration changes for connmand.

* gnu/services/networking.scm (<connman-general-configuration>): New
configuration record to represent main.conf for connmand.
(<connman-configuration>)[general-configuration]: New field.
(connman-shepherd-service): Honor it.
*doc/guix.texi (Networking Services): Add generated configuration.

Change-Id: I5d78f49e8b2d5e0b3cbd7b8b604e8a254b6397e8
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit is contained in:
muradm 2023-12-17 15:49:21 +03:00 committed by Maxim Cournoyer
parent 2b04ebaa74
commit 1bdeec5d66
No known key found for this signature in database
GPG key ID: 1260E46482E63562
2 changed files with 457 additions and 3 deletions

View file

@ -20949,9 +20949,214 @@ networks.
@item @code{disable-vpn?} (default: @code{#f}) @item @code{disable-vpn?} (default: @code{#f})
When true, disable connman's vpn plugin. When true, disable connman's vpn plugin.
@item @code{general-configuration} (default: @code{(connman-general-configuration)})
Configuration serialized to @file{main.conf} and passed as @option{--config}
to @command{connmand}.
@end table @end table
@end deftp @end deftp
@c %start of fragment
@deftp {Data Type} connman-general-configuration
Available @code{connman-general-configuration} fields are:
@table @asis
@item @code{input-request-timeout} (type: maybe-number)
Set input request timeout. Default is 120 seconds. The request for
inputs like passphrase will timeout after certain amount of time. Use
this setting to increase the value in case of different user interface
designs.
@item @code{browser-launch-timeout} (type: maybe-number)
Set browser launch timeout. Default is 300 seconds. The request for
launching a browser for portal pages will timeout after certain amount
of time. Use this setting to increase the value in case of different
user interface designs.
@item @code{background-scanning?} (type: maybe-boolean)
Enable background scanning. Default is true. If wifi is disconnected,
the background scanning will follow a simple back off mechanism from 3s
up to 5 minutes. Then, it will stay in 5 minutes unless user
specifically asks for scanning through a D-Bus call. If so, the
mechanism will start again from 3s. This feature activates also the
background scanning while being connected, which is required for roaming
on wifi. When @code{background-scanning?} is false, ConnMan will not
perform any scan regardless of wifi is connected or not, unless it is
requested by the user through a D-Bus call.
@item @code{use-gateways-as-timeservers?} (type: maybe-boolean)
Assume that service gateways also function as timeservers. Default is
false.
@item @code{fallback-timeservers} (type: maybe-list)
List of Fallback timeservers. These timeservers are used for NTP sync
when there are no timeservers set by the user or by the service, and
when @code{use-gateways-as-timeservers?} is @code{#f}. These can
contain a mixed combination of fully qualified domain names, IPv4 and
IPv6 addresses.
@item @code{fallback-nameservers} (type: maybe-list)
List of fallback nameservers appended to the list of nameservers given
by the service. The nameserver entries must be in numeric format, host
names are ignored.
@item @code{default-auto-connect-technologies} (type: maybe-list)
List of technologies that are marked autoconnectable by default. The
default value for this entry when empty is @code{"ethernet"},
@code{"wifi"}, @code{"cellular"}. Services that are automatically
connected must have been set up and saved to storage beforehand.
@item @code{default-favourite-technologies} (type: maybe-list)
List of technologies that are marked favorite by default. The default
value for this entry when empty is @code{"ethernet"}. Connects to
services from this technology even if not setup and saved to storage.
@item @code{always-connected-technologies} (type: maybe-list)
List of technologies which are always connected regardless of
preferred-technologies setting (@code{auto-connect?} @code{#t}). The
default value is empty and this feature is disabled unless explicitly
enabled.
@item @code{preferred-technologies} (type: maybe-list)
List of preferred technologies from the most preferred one to the least
preferred one. Services of the listed technology type will be tried one
by one in the order given, until one of them gets connected or they are
all tried. A service of a preferred technology type in state 'ready'
will get the default route when compared to another preferred type
further down the list with state 'ready' or with a non-preferred type; a
service of a preferred technology type in state 'online' will get the
default route when compared to either a non-preferred type or a
preferred type further down in the list.
@item @code{network-interface-blacklist} (type: maybe-list)
List of blacklisted network interfaces. Found interfaces will be
compared to the list and will not be handled by ConnMan, if their first
characters match any of the list entries. Default value is
@code{"vmnet"}, @code{"vboxnet"}, @code{"virbr"}, @code{"ifb"}.
@item @code{allow-hostname-updates?} (type: maybe-boolean)
Allow ConnMan to change the system hostname. This can happen for
example if we receive DHCP hostname option. Default value is @code{#t}.
@item @code{allow-domainname-updates?} (type: maybe-boolean)
Allow connman to change the system domainname. This can happen for
example if we receive DHCP domainname option. Default value is
@code{#t}.
@item @code{single-connected-technology?} (type: maybe-boolean)
Keep only a single connected technology at any time. When a new service
is connected by the user or a better one is found according to
preferred-technologies, the new service is kept connected and all the
other previously connected services are disconnected. With this setting
it does not matter whether the previously connected services are in
'online' or 'ready' states, the newly connected service is the only one
that will be kept connected. A service connected by the user will be
used until going out of network coverage. With this setting enabled
applications will notice more network breaks than normal. Note this
options can't be used with VPNs. Default value is @code{#f}.
@item @code{tethering-technologies} (type: maybe-list)
List of technologies that are allowed to enable tethering. The default
value is @code{"wifi"}, @code{"bluetooth"}, @code{"gadget"}. Only those
technologies listed here are used for tethering. If one wants to tether
ethernet, then add @code{"ethernet"} in the list. Note that if ethernet
tethering is enabled, then a DHCP server is started on all ethernet
interfaces. Tethered ethernet should never be connected to corporate or
home network as it will disrupt normal operation of these networks. Due
to this ethernet is not tethered by default. Do not activate ethernet
tethering unless you really know what you are doing.
@item @code{persistent-tethering-mode?} (type: maybe-boolean)
Restore earlier tethering status when returning from offline mode,
re-enabling a technology, and after restarts and reboots. Default value
is @code{#f}.
@item @code{enable-6to4?} (type: maybe-boolean)
Automatically enable anycast 6to4 if possible. This is not recommended,
as the use of 6to4 will generally lead to a severe degradation of
connection quality. See RFC6343. Default value is @code{#f} (as
recommended by RFC6343 section 4.1).
@item @code{vendor-class-id} (type: maybe-string)
Set DHCP option 60 (Vendor Class ID) to the given string. This option
can be used by DHCP servers to identify specific clients without having
to rely on MAC address ranges, etc.
@item @code{enable-online-check?} (type: maybe-boolean)
Enable or disable use of HTTP GET as an online status check. When a
service is in a READY state, and is selected as default, ConnMan will
issue an HTTP GET request to verify that end-to-end connectivity is
successful. Only then the service will be transitioned to ONLINE state.
If this setting is false, the default service will remain in READY
state. Default value is @code{#t}.
@item @code{online-check-ipv4-url} (type: maybe-string)
IPv4 URL used during the online status check. Please refer to the
README for more detailed information. Default value is
@uref{http://ipv4.connman.net/online/status.html}.
@item @code{online-check-ipv6-url} (type: maybe-string)
IPv6 URL used during the online status check. Please refer to the
README for more detailed information. Default value is
@uref{http://ipv6.connman.net/online/status.html}.
@item @code{online-check-initial-interval} (type: maybe-number)
Range of intervals between two online check requests. Please refer to
the README for more detailed information. Default value is @samp{1}.
@item @code{online-check-max-interval} (type: maybe-number)
Range of intervals between two online check requests. Please refer to
the README for more detailed information. Default value is @samp{1}.
@item @code{enable-online-to-ready-transition?} (type: maybe-boolean)
WARNING: This is an experimental feature. In addition to
@code{enable-online-check} setting, enable or disable use of HTTP GET to
detect the loss of end-to-end connectivity. If this setting is
@code{#f}, when the default service transitions to ONLINE state, the
HTTP GET request is no more called until next cycle, initiated by a
transition of the default service to DISCONNECT state. If this setting
is @code{#t}, the HTTP GET request keeps being called to guarantee that
end-to-end connectivity is still successful. If not, the default
service will transition to READY state, enabling another service to
become the default one, in replacement. Default value is @code{#f}.
@item @code{auto-connect-roaming-services?} (type: maybe-boolean)
Automatically connect roaming services. This is not recommended unless
you know you won't have any billing problem. Default value is
@code{#f}.
@item @code{address-conflict-detection?} (type: maybe-boolean)
Enable or disable the implementation of IPv4 address conflict detection
according to RFC5227. ConnMan will send probe ARP packets to see if an
IPv4 address is already in use before assigning the address to an
interface. If an address conflict occurs for a statically configured
address, an IPv4LL address will be chosen instead (according to
RFC3927). If an address conflict occurs for an address offered via
DHCP, ConnMan sends a DHCP DECLINE once and for the second conflict
resorts to finding an IPv4LL address. Default value is @code{#f}.
@item @code{localtime} (type: maybe-string)
Path to localtime file. Defaults to @file{/etc/localtime}.
@item @code{regulatory-domain-follows-timezone?} (type: maybe-boolean)
Enable regulatory domain to be changed along timezone changes. With
this option set to true each time the timezone changes the first present
ISO3166 country code is read from
@file{/usr/share/zoneinfo/zone1970.tab} and set as regulatory domain
value. Default value is @code{#f}.
@item @code{resolv-conf} (type: maybe-string)
Path to resolv.conf file. If the file does not exist, but intermediate
directories exist, it will be created. If this option is not set, it
tries to write into @file{/var/run/connman/resolv.conf} if it fails
(@file{/var/run/connman} does not exist or is not writeable). If you do
not want to update resolv.conf, you can set @file{/dev/null}.
@end table
@end deftp
@cindex WPA Supplicant @cindex WPA Supplicant
@defvar wpa-supplicant-service-type @defvar wpa-supplicant-service-type
This is the service type to run @url{https://w1.fi/wpa_supplicant/,WPA This is the service type to run @url{https://w1.fi/wpa_supplicant/,WPA

View file

@ -21,6 +21,7 @@
;;; Copyright © 2022, 2023 Andrew Tropin <andrew@trop.in> ;;; Copyright © 2022, 2023 Andrew Tropin <andrew@trop.in>
;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net> ;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu> ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 muradm <mail@muradm.net>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -78,6 +79,7 @@ (define-module (gnu services networking)
#:use-module (srfi srfi-26) #:use-module (srfi srfi-26)
#:use-module (srfi srfi-43) #:use-module (srfi srfi-43)
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:use-module (ice-9 string-fun)
#:use-module (json) #:use-module (json)
#:re-export (static-networking-service #:re-export (static-networking-service
static-networking-service-type) static-networking-service-type)
@ -171,6 +173,8 @@ (define-module (gnu services networking)
network-manager-configuration-vpn-plugins network-manager-configuration-vpn-plugins
network-manager-service-type network-manager-service-type
connman-general-configuration
connman-general-configuration?
connman-configuration connman-configuration
connman-configuration? connman-configuration?
connman-configuration-connman connman-configuration-connman
@ -1326,6 +1330,241 @@ (define network-manager-service-type
;;; Connman ;;; Connman
;;; ;;;
(define (connman-general-configuration-field-name field-name)
(let* ((str->camel (lambda (s)
(string-concatenate
(map string-capitalize (string-split s #\-)))))
(str (if (symbol? field-name)
(str->camel (symbol->string field-name))
field-name)))
(cond
((string-suffix? "?" str) (connman-general-configuration-field-name
(string-drop-right str 1)))
((string-contains str "RegulatoryDomain") (connman-general-configuration-field-name
(string-replace-substring str "RegulatoryDomain" "Regdom")))
((string-contains str "Url") (connman-general-configuration-field-name
(string-replace-substring str "Url" "URL")))
((string-contains str "Ip") (connman-general-configuration-field-name
(string-replace-substring str "Ip" "IP")))
((string-contains str "6To4") (connman-general-configuration-field-name
(string-replace-substring str "6To4" "6to4")))
(#t str))))
(define (connman-general-configuration-serialize-string field-name value)
(let ((param (connman-general-configuration-field-name field-name)))
#~(string-append #$param " = " #$value "\n")))
(define (connman-general-configuration-serialize-number field-name value)
(connman-general-configuration-serialize-string
field-name (number->string value)))
(define (connman-general-configuration-serialize-list field-name value)
(connman-general-configuration-serialize-string
field-name (string-join value ",")))
(define (connman-general-configuration-serialize-boolean field-name value)
(connman-general-configuration-serialize-string
field-name (if value "true" "false")))
(define-maybe boolean (prefix connman-general-configuration-))
(define-maybe number (prefix connman-general-configuration-))
(define-maybe string (prefix connman-general-configuration-))
(define-maybe list (prefix connman-general-configuration-))
(define-configuration connman-general-configuration
(input-request-timeout
maybe-number
"Set input request timeout. Default is 120 seconds. The request for inputs
like passphrase will timeout after certain amount of time. Use this setting to
increase the value in case of different user interface designs.")
(browser-launch-timeout
maybe-number
"Set browser launch timeout. Default is 300 seconds. The request for
launching a browser for portal pages will timeout after certain amount of
time. Use this setting to increase the value in case of different user
interface designs.")
(background-scanning?
maybe-boolean
"Enable background scanning. Default is true. If wifi is disconnected, the
background scanning will follow a simple back off mechanism from 3s up to 5
minutes. Then, it will stay in 5 minutes unless user specifically asks for
scanning through a D-Bus call. If so, the mechanism will start again from
3s. This feature activates also the background scanning while being connected,
which is required for roaming on wifi. When @code{background-scanning?} is false,
ConnMan will not perform any scan regardless of wifi is connected or not,
unless it is requested by the user through a D-Bus call.")
(use-gateways-as-timeservers?
maybe-boolean
"Assume that service gateways also function as timeservers. Default is false.")
(fallback-timeservers
maybe-list
"List of Fallback timeservers. These timeservers are used for NTP sync
when there are no timeservers set by the user or by the service, and when
@code{use-gateways-as-timeservers?} is @code{#f}. These can contain a mixed
combination of fully qualified domain names, IPv4 and IPv6 addresses.")
(fallback-nameservers
maybe-list
"List of fallback nameservers appended to the list of nameservers given
by the service. The nameserver entries must be in numeric format,
host names are ignored.")
(default-auto-connect-technologies
maybe-list
"List of technologies that are marked autoconnectable by default. The
default value for this entry when empty is @code{\"ethernet\"}, @code{\"wifi\"},
@code{\"cellular\"}. Services that are automatically connected must have been
set up and saved to storage beforehand.")
(default-favourite-technologies
maybe-list
"List of technologies that are marked favorite by default. The default
value for this entry when empty is @code{\"ethernet\"}. Connects to services
from this technology even if not setup and saved to storage.")
(always-connected-technologies
maybe-list
"List of technologies which are always connected regardless of
preferred-technologies setting (@code{auto-connect?} @code{#t}). The default
value is empty and this feature is disabled unless explicitly enabled.")
(preferred-technologies
maybe-list
"List of preferred technologies from the most preferred one to the least
preferred one. Services of the listed technology type will be tried one by
one in the order given, until one of them gets connected or they are all
tried. A service of a preferred technology type in state 'ready' will get
the default route when compared to another preferred type further down the
list with state 'ready' or with a non-preferred type; a service of a
preferred technology type in state 'online' will get the default route when
compared to either a non-preferred type or a preferred type further down
in the list.")
(network-interface-blacklist
maybe-list
"List of blacklisted network interfaces. Found interfaces will be
compared to the list and will not be handled by ConnMan, if their first
characters match any of the list entries. Default value is @code{\"vmnet\"},
@code{\"vboxnet\"}, @code{\"virbr\"}, @code{\"ifb\"}.")
(allow-hostname-updates?
maybe-boolean
"Allow ConnMan to change the system hostname. This can happen for
example if we receive DHCP hostname option. Default value is @code{#t}.")
(allow-domainname-updates?
maybe-boolean
"Allow connman to change the system domainname. This can happen for
example if we receive DHCP domainname option. Default value is @code{#t}.")
(single-connected-technology?
maybe-boolean
"Keep only a single connected technology at any time. When a new
service is connected by the user or a better one is found according to
preferred-technologies, the new service is kept connected and all the
other previously connected services are disconnected. With this setting
it does not matter whether the previously connected services are
in 'online' or 'ready' states, the newly connected service is the only
one that will be kept connected. A service connected by the user will
be used until going out of network coverage. With this setting enabled
applications will notice more network breaks than normal. Note this
options can't be used with VPNs. Default value is @code{#f}.")
(tethering-technologies
maybe-list
"List of technologies that are allowed to enable tethering. The
default value is @code{\"wifi\"}, @code{\"bluetooth\"},
@code{\"gadget\"}. Only those technologies listed here are used for
tethering. If one wants to tether ethernet, then add @code{\"ethernet\"}
in the list. Note that if ethernet tethering is enabled, then a DHCP
server is started on all ethernet interfaces. Tethered ethernet should
never be connected to corporate or home network as it will disrupt normal
operation of these networks. Due to this ethernet is not tethered by
default. Do not activate ethernet tethering unless you really know
what you are doing.")
(persistent-tethering-mode?
maybe-boolean
"Restore earlier tethering status when returning from offline mode,
re-enabling a technology, and after restarts and reboots. Default
value is @code{#f}.")
(enable-6to4?
maybe-boolean
"Automatically enable anycast 6to4 if possible. This is not
recommended, as the use of 6to4 will generally lead to a severe
degradation of connection quality. See RFC6343. Default value
is @code{#f} (as recommended by RFC6343 section 4.1).")
(vendor-class-id
maybe-string
"Set DHCP option 60 (Vendor Class ID) to the given string. This
option can be used by DHCP servers to identify specific clients
without having to rely on MAC address ranges, etc.")
(enable-online-check?
maybe-boolean
"Enable or disable use of HTTP GET as an online status check. When
a service is in a READY state, and is selected as default, ConnMan will
issue an HTTP GET request to verify that end-to-end connectivity is
successful. Only then the service will be transitioned to ONLINE
state. If this setting is false, the default service will remain
in READY state. Default value is @code{#t}.")
(online-check-ipv4-url
maybe-string
"IPv4 URL used during the online status check. Please refer to
the README for more detailed information. Default value is
@url{http://ipv4.connman.net/online/status.html}.")
(online-check-ipv6-url
maybe-string
"IPv6 URL used during the online status check. Please refer to
the README for more detailed information. Default value is
@url{http://ipv6.connman.net/online/status.html}.")
(online-check-initial-interval
maybe-number
"Range of intervals between two online check requests. Please
refer to the README for more detailed information. Default value
is @samp{1}.")
(online-check-max-interval
maybe-number
"Range of intervals between two online check requests. Please
refer to the README for more detailed information. Default value
is @samp{1}.")
(enable-online-to-ready-transition?
maybe-boolean
"WARNING: This is an experimental feature. In addition to
@code{enable-online-check} setting, enable or disable use of HTTP GET
to detect the loss of end-to-end connectivity. If this setting is
@code{#f}, when the default service transitions to ONLINE state, the
HTTP GET request is no more called until next cycle, initiated by a
transition of the default service to DISCONNECT state. If this
setting is @code{#t}, the HTTP GET request keeps being called to
guarantee that end-to-end connectivity is still successful. If not,
the default service will transition to READY state, enabling another
service to become the default one, in replacement. Default value
is @code{#f}.")
(auto-connect-roaming-services?
maybe-boolean
"Automatically connect roaming services. This is not recommended
unless you know you won't have any billing problem. Default value
is @code{#f}.")
(address-conflict-detection?
maybe-boolean
"Enable or disable the implementation of IPv4 address conflict
detection according to RFC5227. ConnMan will send probe ARP packets
to see if an IPv4 address is already in use before assigning the
address to an interface. If an address conflict occurs for a
statically configured address, an IPv4LL address will be chosen
instead (according to RFC3927). If an address conflict occurs for
an address offered via DHCP, ConnMan sends a DHCP DECLINE once
and for the second conflict resorts to finding an IPv4LL
address. Default value is @code{#f}.")
(localtime
maybe-string
"Path to localtime file. Defaults to @file{/etc/localtime}.")
(regulatory-domain-follows-timezone?
maybe-boolean
"Enable regulatory domain to be changed along timezone changes.
With this option set to true each time the timezone changes the first
present ISO3166 country code is read from
@file{/usr/share/zoneinfo/zone1970.tab} and set as regulatory domain
value. Default value is @code{#f}.")
(resolv-conf
maybe-string
"Path to resolv.conf file. If the file does not exist, but
intermediate directories exist, it will be created. If this option
is not set, it tries to write into @file{/var/run/connman/resolv.conf}
if it fails (@file{/var/run/connman} does not exist or is not
writeable). If you do not want to update resolv.conf, you can
set @file{/dev/null}.")
(prefix connman-general-configuration-))
(define-record-type* <connman-configuration> (define-record-type* <connman-configuration>
connman-configuration make-connman-configuration connman-configuration make-connman-configuration
connman-configuration? connman-configuration?
@ -1337,7 +1576,9 @@ (define-record-type* <connman-configuration>
(default #f)) (default #f))
(iwd? connman-configuration-iwd? (iwd? connman-configuration-iwd?
(default #f) (default #f)
(sanitize warn-iwd?-field-deprecation))) (sanitize warn-iwd?-field-deprecation))
(general-configuration connman-configuration-general-configuration
(default (connman-general-configuration))))
(define (connman-activation config) (define (connman-activation config)
(let ((disable-vpn? (connman-configuration-disable-vpn? config))) (let ((disable-vpn? (connman-configuration-disable-vpn? config)))
@ -1350,10 +1591,17 @@ (define (connman-activation config)
(define (connman-shepherd-service config) (define (connman-shepherd-service config)
(match-record config <connman-configuration> (connman shepherd-requirement (match-record config <connman-configuration> (connman shepherd-requirement
disable-vpn? iwd?) disable-vpn? iwd?
general-configuration)
(let ((iwd? (or iwd? ; TODO: deprecated field, remove later. (let ((iwd? (or iwd? ; TODO: deprecated field, remove later.
(and shepherd-requirement (and shepherd-requirement
(memq 'iwd shepherd-requirement))))) (memq 'iwd shepherd-requirement))))
(config (mixed-text-file
"main.conf"
"[General]\n"
(serialize-configuration
general-configuration
connman-general-configuration-fields))))
(list (shepherd-service (list (shepherd-service
(documentation "Run Connman") (documentation "Run Connman")
(provision '(connman networking)) (provision '(connman networking))
@ -1365,6 +1613,7 @@ (define (connman-shepherd-service config)
(start #~(make-forkexec-constructor (start #~(make-forkexec-constructor
(list (string-append #$connman (list (string-append #$connman
"/sbin/connmand") "/sbin/connmand")
(string-append "--config=" #$config)
"--nodaemon" "--nodaemon"
"--nodnsproxy" "--nodnsproxy"
#$@(if disable-vpn? '("--noplugin=vpn") '()) #$@(if disable-vpn? '("--noplugin=vpn") '())