Packets for local host IP ranges should be coming only over lo. If that is
not the case, we should drop them. Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.
* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.
This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.
* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/62409>.
* gnu/services/networking.scm (network-manager-shepherd-service): Set the
LINUX_MODULE_DIRECTORY environment variable.
* gnu/services/networking.scm (connman-shepherd-service): Make 'networking a
virtual service and set 'connman as its canonical name.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
According to the semantics in [1], 'networking should be a "virtual service"
and NetworkManager its canonical-name. This does not influence
existing services and they should continue to use the 'networking symbol.
One visible change is that 'herd status' doesn't show 'networking' anymore,
instead listing 'NetworkManager' in its place but both symbols are can be used
to start and stop the same service.
Note: Though the symbol NetworkManager doesn't really conform with the overall kebab-case
used throughout Guix, this is intentional as we really want to make it clear that
that the symbol NetworkManager really refers to the software called NetworkManager,
since it's a canonical name here. (rather than risk misleading the user to interpret
the symbol network-manager as a symbol for some unspecific network management software)
[1]: https://www.gnu.org/software/shepherd/manual/html_node/Jump-Start.html
* gnu/services/networking.scm (network-manager-shepherd-service): Make 'networking a
virtual service and set 'NetworkManager as its canonical name.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is similar to its NetworkManager-wait-online.service systemd counterpart,
with the main difference being that we handle it all in 'networking symbol, rather than
introduce a new 'networking-online symbol. (see discussion #47253)
As a result of this change, with opensmtpd-service-type as an example,
manual 'herd restart smtpd' after system bootups are no longer required
when opensmtpd is configured with a smtpd.conf containing non-loopback interfaces.
(this issue is described in more detail at #60300)
Fixes <https://issues.guix.gnu.org/60300>.
* gnu/services/networking.scm (network-manager-shepherd-service): Await for
NetworkManager to finish starting up.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (<connman-configuration>)
[iwd?]: Use helper to warn deprecated field.
(connman-shepherd-service): Make iwd? a local variable independent from
the deprecated field.
* doc/guix.texi (Networking Setup): Remove mention of iwd? field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (warn-iwd?-field-deprecation): New procedure,
helper for deprecated field.
(<network-manager-configuration>)[iwd?]: Use helper to warn deprecated field.
(network-manager-shepherd-service): Make iwd? a local variable independent
from the deprecated field.
* doc/guix.texi (Networking Setup): Remove mention of iwd? field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Note: This also makes wpa-supplicant an optional requirement.
* gnu/services/networking.scm (<network-manager-configuration>)
[shepherd-requirement]: New field.
(network-manager-shepherd-service): Honor it.
(network-manager-configuration-shepherd-requirement): Export accessor.
* doc/guix.texi (Networking Setup): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Deprecates %facebook-host-aliases in favour of using
hosts-service-type service extensions.
* gnu/services/networking.scm
(block-facebook-hosts-service-type): New variable.
(%facebook-host-aliases): Deprecate variable.
* doc/guix.texi: Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (network-manager-configuration)[iwd?]: New
field.
(network-manager-shepherd-service): Add iwd to requirements if needed.
* doc/guix.texi: Add information about iwd? option.
* gnu/services/networking.scm (dhcp-client-configuration): New record
configuration.
(dhcp-client-shepherd-service): Implement a shepher service. Provide a
deprication message for legacy configurations.
(dhcp-client-service-type): Use dhcp-client-shepherd-service.
* doc/guix.texi (Networking Setup): Update.
* po/guix/POTFILES.in: Add 'gnu/services/networking.scm'.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/home/services/ssh.scm (serialize-address-family): Use the public API of
the maybe infrastructure.
* gnu/services/file-sharing.scm (serialize-maybe-string): Use maybe-value.
(serialize-maybe-file-object): Use maybe-value-set?.
* gnu/services/getmail.scm (getmail-retriever-configuration): Don't use
internals in unset field declarations.
(getmail-destination-configuration): Ditto.
* gnu/services/messaging.scm (raw-content?): Use maybe-value-set?.
(prosody-configuration): Use %unset-value.
* gnu/services/telephony.scm (jami-shepherd-services): Use maybe-value-set?.
(archive-name->username): Use maybe-value-set?.
* tests/services/configuration.scm ("maybe type, no default"): Use
%unset-value.
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Fixes <https://issues.guix.gnu.org/56799>.
This partially reverts 8cb1a49a39.
Rationale: *unspecified* cannot be serialized thus used as a G-Expression
input, which is problematic/inconvenient when using deeply nested records. As
an example, jami-service-type was broken when using partially defined
<jami-account> records.
* gnu/services/configuration.scm (define-maybe-helper): Check against the
'unset symbol.
(normalize-field-type+def): Adjust value to 'unset.
(define-configuration-helper): Use 'unset as the default value thunk.
* gnu/services/file-sharing.scm (serialize-maybe-string): Check against the
'unset symbol.
(serialize-maybe-file-object): Likewise.
* gnu/services/messaging.scm (define-all-configurations): Use 'unset as
value.
(raw-content?): Check against 'unset symbol.
(prosody-configuration)[http-max-content-size]: Default to 'unset.
[http-external-url]: Likewise.
[mod-muc]: Likewise.
[raw-content]: Likewise.
* gnu/services/networking.scm (opendht-configuration): Adjust documentation.
* gnu/services/telephony.scm (jami-shepherd-services): Replace *undefined*
with the 'unset symbol.
* tests/services/configuration.scm ("maybe type, no default"): Check against
the 'unset symbol.
* doc/guix.texi: Regenerate the opendht-configuration,
openvpn-client-configuration and openvpn-server-configuration documentation.
The service uses syslog and additionally shepherd 0.9 captures its
stdout/stderr, so there's no point in passing #:log-file.
* gnu/services/networking.scm (tor-shepherd-service): Remove #:log-file
argument to 'make-forkexec-constructor'.
(%tor-log-rotation): Remove.
(tor-service-type): Remove ROTTLOG-SERVICE-TYPE extension.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
Use *unspecified* as a marker for field values that have not been set.
Rationale: 'disabled may easily clash with user values for boolean fields, is
confusing (i.e. its meaning is *not* boolean false, but unspecified) and it
also passes silently through the symbol? predicate of a field of type symbol.
* gnu/services/configuration.scm (configuration-missing-default-value):
Renamed from configuration-no-default-value.
(define-maybe-helper): Use *unspecified* instead of 'disabled, and make
the default value optional.
* gnu/home/services/desktop.scm (home-redshift-configuration):
Change (maybe-xyz 'disabled) to maybe-xyz.
* gnu/services/authentication.scm (nslcd-configuration): Likewise.
* gnu/services/cgit.scm (repository-cgit-configuration): Likewise.
* gnu/services/file-sharing.scm (serialize-maybe-string)
(serialize-maybe-file-object): Use 'unspecified?' instead of (eq? val
'disabled).
* gnu/services/messaging.scm (raw-content?): Likewise.
(ssl-configuration): Change (maybe-xyz 'disabled) to maybe-xyz.
(prosody-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration):
Likewise.
* gnu/services/messaging.scm (define-all-configurations):
Use *unspecified* instead of 'disabled'.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-account): Likewise.
(jami-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
* tests/services/configuration.scm ("maybe type, no default")
("maybe type, with default"): New tests.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This adds a simple log rotation extension to every networking service that
specifies a #:log-file in its Shepherd service, which should prevent some logs
from accumulating indefinitely.
* gnu/services/networking.scm (%ntp-log-rotation): New variable.
(ntp-service-type): Extend 'rottlog-service-type'.
(openntpd-shepherd-service): Change #:log-file argument to "/var/log/ntpd.log".
(openntpd-service-type): Extend 'rottlog-service-type'.
(%tor-log-rotation): New variable.
(tor-service-type): Extend 'rottlog-service-type'.
(%connman-log-rotation): New variable.
(connman-service-type): Extend 'rottlog-service-type'.
(%hostapd-log-rotation): New variable.
(hostapd-service-type): Extend 'rottlog-service-type'.
(%pagekite-log-rotation): New variable.
(pagekite-service-type): Extend 'rottlog-service-type'.
(%yggdrasil-log-rotation): New variable.
(yggdrasil-service-type): Extend 'rottlog-service-type'.
(%ipfs-log-rotation): New variable.
(ipfs-service-type): Extend 'rottlog-service-type'.
(%keepalived-log-rotation): New variable.
(keepalived-service-type): Extend 'rottlog-service-type'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/networking.scm (opendht-configuration->command-line-arguments):
Use 'least-authority-wrapper'.
(opendht-shepherd-service): Use 'make-forkexec-constructor'.
Fixes <https://issues.guix.gnu.org/48521>.
The problem was caused by the 'file-system-mapping' record not being in scope.
* gnu/services/networking.scm (opendht-shepherd-service): Import the (gnu
system file-systems) module.
[requirement]: Depend on networking, to avoid spurious output.
[modules]: New field.
[start] <group>: New argument.
* gnu/services/networking.scm (maybe-number?, maybe-string?): New procedures.
(<opendht-configuration>): New configuration record.
(%opendht-accounts): New variable.
(opendht-configuration->command-line-arguments): New procedure.
(opendht-shepherd-service, opendht-service-type): New variables.
* doc/guix.texi (Networking Services): Document the new service.
