From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id gLCTDoE7rV5BYgAA0tVLHw (envelope-from ) for ; Sat, 02 May 2020 09:21:05 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id nTXoG4s7rV4aCgAAbx9fmQ (envelope-from ) for ; Sat, 02 May 2020 09:21:15 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A4A1294269D for ; Sat, 2 May 2020 09:21:12 +0000 (UTC) Received: from localhost ([::1]:56870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUoKe-0006vn-R2 for larch@yhetil.org; Sat, 02 May 2020 05:21:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58782) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jUoKW-0006tJ-F1 for guix-patches@gnu.org; Sat, 02 May 2020 05:21:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jUoKU-0000t4-R1 for guix-patches@gnu.org; Sat, 02 May 2020 05:21:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39698) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jUoKU-0000su-EC for guix-patches@gnu.org; Sat, 02 May 2020 05:21:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jUoKU-0002k7-AW for guix-patches@gnu.org; Sat, 02 May 2020 05:21:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41018] [PATCH] gnu: Add AutoSSH service. Resent-From: pinoaffe Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 02 May 2020 09:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41018 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41018@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.158841120510450 (code B ref -1); Sat, 02 May 2020 09:21:02 +0000 Received: (at submit) by debbugs.gnu.org; 2 May 2020 09:20:05 +0000 Received: from localhost ([127.0.0.1]:51243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUoJV-0002hw-OY for submit@debbugs.gnu.org; Sat, 02 May 2020 05:20:05 -0400 Received: from lists.gnu.org ([209.51.188.17]:59844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jUoJT-0002ho-Ku for submit@debbugs.gnu.org; Sat, 02 May 2020 05:20:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jUoJS-0005of-Nr for guix-patches@gnu.org; Sat, 02 May 2020 05:19:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jUoJQ-0007tv-Ql for guix-patches@gnu.org; Sat, 02 May 2020 05:19:57 -0400 Received: from mail.cock.li ([37.120.193.124]:50974) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jUoJO-0007gu-Oz for guix-patches@gnu.org; Sat, 02 May 2020 05:19:56 -0400 Date: Sat, 2 May 2020 11:19:46 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=airmail.cc; s=mail; t=1588411188; bh=alxBGBGVxXIyyhuyJbiK972waDBEcrDBjo7Dw2LUWn4=; h=Date:From:To:Subject:From; b=H367O5pWgYsLIsGq3IzH2GpMjKAtoENKrbGVP5cFeFezgqrItU68Uq7bUKfU+UZGh +a0jp95RxGnggET8Y7Bm8Zm4k8l0vALiEfYjA/x196hFqMD1eLJXz3hMk2tj0KNhBg 11XtgzoxGZThuTcoX9KvOC2Qz+INBmwulF4EU8CKDj9uZhaCWgWWMdmEiG7NCZ3IBq kswnKxL1M4DQ8T56Zr4H+sFTFcMm1uPQzo5igYSOy0MsXu1NLRJ4LffgokPnmu0DHw N6ESuDf7KfppMTpqyXbUdGLazPo6xgNaOugJgrjqxH9tmvgzqMPFUehAczgNpZRhcA fdErbzjm6RKWQ== From: pinoaffe Message-ID: <20200502111908.26a8e396@airmail.cc> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Received-SPF: permerror client-ip=37.120.193.124; envelope-from=pinoaffe@airmail.cc; helo=mail.cock.li X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/02 05:19:48 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: -0.01 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=airmail.cc header.s=mail header.b=H367O5pW; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Scan-Result: default: False [-0.01 / 13.00]; GENERIC_REPUTATION(0.00)[-0.49485510979368]; DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.15), country: US(-0.00), ip: 2001:470:142::17(-0.49)]; TO_DN_NONE(0.00)[]; R_DKIM_REJECT(1.00)[airmail.cc:s=mail]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; DKIM_TRACE(0.00)[airmail.cc:-]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; FROM_NEQ_ENVFROM(0.00)[pinoaffe@airmail.cc,guix-patches-bounces@gnu.org]; ARC_NA(0.00)[]; URIBL_BLOCKED(0.00)[lepiller.eu:email,airmail.cc:email,elephly.net:email,lassieur.org:email]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[airmail.cc]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_SEVEN(0.00)[11]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: IzghoA1lblRF * doc/guix.texi: Add documentation. * gnu/services/ssh.scm (): New record type. (mpd-service-type): New service type. --- doc/guix.texi | 75 +++++++++++++++++++++++++++++ gnu/services/ssh.scm | 109 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 183 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index c571010bc8..f88859c584 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -78,6 +78,7 @@ Copyright @copyright{} 2020 Jack Hill@* Copyright @copyright{} 2020 Naga Malleswari@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 R Veera Kumar@* +Copyright @copyright{} 2020 pinoaffe@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -14378,6 +14379,80 @@ Whether to enable password-based authentication. @end table @end deftp =20 +@deffn {Scheme Procedure} autossh-service [@var{config}] +Run the AutoSSH service with the given @var{config}, +a @code{} object. + +AutoSSH is a program that runs a copy of @code{ssh} and monitors it, +restarting it as necessary should it die or stop passing traffic. +AutoSSH can be run manually from the commandline by passing arguments +to the binary @code{autossh} from the package @code{autossh}, +but it can also be run as a guix service. This latter usecase is documente= d here. + +AutoSSH can be used to forward local traffic to a remote machine using an = SSH tunnel, +and it respects the @file{~/.ssh/config} of the user it is run as. + +For example, to specify a service running autossh as the user @code{pino} +and forwarding all local connections to port @code{8081} to @code{remote:8= 081} +using an SSH tunnel, add this call to the operating system's @code{service= s} field: + +@lisp +(autossh (autossh-configuration + (user "pino") + (ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.= net")))) +@end lisp +@end deffn + +@deftp {Data Type} autossh-configuration +This data type represents the configuration of an AutoSSH service. + +@table @asis + +@item @code{user} (default @code{"autossh"}) +The user as which the AutoSSH service is to be run. +This assumes that the specified user exists. + +@item @code{poll} (default @code{600}) +Specifies the connection poll time in seconds. + +@item @code{first-poll} (default @code{#f}) +Specifies how long autossh waits before the first connection test in secon= ds. +After this first test, polling is resumed at the pace defined in @code{pol= l}. +When set to @code{#f}, the first poll is not treated specially and +will also use the connection poll specified in @code{poll} + +@item @code{gate-time} (default @code{30}) +Specifies (in seconds) how long an SSH connection must be active +before it is considered successful. + +@item @code{log-level} (default @code{1}) +The log level, corresponding to the levels used by syslog +(so @code{0} is the most silent while @code{7} is the chattiest.) + +@item @code{max-start} (default @code{#f}) +The maximum number of times SSH may be (re)started before AutoSSH exits. +When set to @code{#f}, no maximum is configured and AutoSSH may restart in= definitely. + +@item @code{message} (default @code{""}) +The message to append to the echo message sent when testing connections. + +@item @code{port} (default @code{"0"}) +The ports used for monitoring the connection. When set to @code{"0"}, +monitoring is disabled. When set to @code{"n"} where @code{n} is a positiv= e integer, +ports @code{n} and @code{n+1} are used for monitoring the connection, such= that +port @code{n} is the base monitoring port and @code{n+1} is the echo port. +When set to @code{"n:m"} where @code{n} and @code{m} are positive integers, +the ports @code{n} and @code{n+1} are used for monitoring the connection, = such +that port @code{n} is the base monitoring port and @code{m} is the echo po= rt. + +@item @code{ssh-options} (default @code{'()}) +The list of commandline arguments to pass to ssh when it is run. +Options @code{-f} and @code{-M ....} are reserved for AutoSSH +and may cause undefined behaviour. + +@end table +@end deftp + @defvr {Scheme Variable} %facebook-host-aliases This variable contains a string for use in @file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index d2dbb8f80d..ec0150b3a2 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -4,6 +4,7 @@ ;;; Copyright =C2=A9 2016 Julien Lepiller ;;; Copyright =C2=A9 2017 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Ricardo Wurmus +;;; Copyright =C2=A9 2020 pinoaffe ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,12 @@ dropbear-configuration dropbear-configuration? dropbear-service-type - dropbear-service)) + dropbear-service + + autossh-configuration + autossh-configuration? + autossh-service-type + autossh-service)) =20 ;;; Commentary: ;;; @@ -628,4 +634,105 @@ daemon} with the given @var{config}, a @code{} object." (service dropbear-service-type config)) =20 +=0C +;;; +;;; AutoSSH. +;;; + + +(define-record-type* + autossh-configuration make-autossh-configuration + autossh-configuration? + (user autossh-configuration-user + (default "autossh")) + (poll autossh-configuration-poll + (default 600)) + (first-poll autossh-configuration-first-poll + (default #f)) + (gate-time autossh-configuration-gate-time + (default 30)) + (log-level autossh-configuration-log-level + (default 1)) + (max-start autossh-configuration-max-start + (default #f)) + (message autossh-configuration-message + (default "")) + (port autossh-configuration-port + (default "0")) + (ssh-options autossh-configuration-ssh-options + (default '()))) + +(define (autossh-file-name config file) + "Return a path in /var/run/autossh/ that is writable + by @code{user} from @code{config}." + (string-append "/var/run/autossh/" + (autossh-configuration-user config) + "/" file)) + +(define (autossh-shepherd-service config) + (shepherd-service + (documentation "Automatically set up ssh connections (and keep them ali= ve).") + (provision '(autossh)) + (start #~(make-forkexec-constructor + (list #$(file-append autossh "/bin/autossh") + #$@(autossh-configuration-ssh-options config)) + #:user #$(autossh-configuration-user config) + #:group (passwd:gid (getpw #$(autossh-configuration-user conf= ig))) + #:pid-file #$(autossh-file-name config "pid") + #:log-file #$(autossh-file-name config "log") + #:environment-variables + '(#$(string-append "AUTOSSH_PIDFILE=3D" + (autossh-file-name config "pid")) + #$(string-append "AUTOSSH_LOGFILE=3D" + (autossh-file-name config "log")) + #$(string-append "AUTOSSH_POLL=3D" + (number->string + (autossh-configuration-poll config))) + #$(string-append "AUTOSSH_FIRST_POLL=3D" + (number->string + (or + (autossh-configuration-first-poll config) + (autossh-configuration-poll config)))) + #$(string-append "AUTOSSH_GATETIME=3D" + (number->string + (autossh-configuration-gate-time config))) + #$(string-append "AUTOSSH_LOGLEVEL=3D" + (number->string + (autossh-configuration-log-level config))) + #$(string-append "AUTOSSH_MAXSTART=3D" + (number->string + (or (autossh-configuration-max-start conf= ig) + -1))) + #$(string-append "AUTOSSH_MESSAGE=3D" + (autossh-configuration-message config)) + #$(string-append "AUTOSSH_PORT=3D" + (autossh-configuration-port config))))) + (stop #~(make-kill-destructor)))) + +(define (autossh-service-activation config) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (define %user + (getpw #$(autossh-configuration-user config))) + (let ((directory #$(autossh-file-name config ""))) + (mkdir-p directory) + (chown directory (passwd:uid %user) (passwd:gid %user)))))) + +(define autossh-service-type + (service-type + (name 'autossh) + (description "Automatically set up ssh connections (and keep them alive= ).") + (extensions + (list (service-extension shepherd-root-service-type + (compose list autossh-shepherd-service)) + (service-extension activation-service-type + autossh-service-activation))) + (default-value (autossh-configuration)))) + +(define* (autossh-service #:optional (config (autossh-configuration))) + "Run autossh with the given @var{config}, a @code{} +object." + (service autossh-service-type config)) + ;;; ssh.scm ends here --=20 2.26.2