From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id iRcaIts+sF7JDQAA0tVLHw (envelope-from ) for ; Mon, 04 May 2020 16:12:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id yGgHJ+U+sF6neQAAB5/wlQ (envelope-from ) for ; Mon, 04 May 2020 16:12:21 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BE5A1945971 for ; Mon, 4 May 2020 15:57:06 +0000 (UTC) Received: from localhost ([::1]:49214 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jVdSs-0007r9-8D for larch@yhetil.org; Mon, 04 May 2020 11:57:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37540) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jVdSo-0007ql-MU for guix-patches@gnu.org; Mon, 04 May 2020 11:57:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50451) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jVdSo-00058J-Da for guix-patches@gnu.org; Mon, 04 May 2020 11:57:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jVdSo-0005gM-CG for guix-patches@gnu.org; Mon, 04 May 2020 11:57:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41018] [PATCH v2] gnu: Add AutoSSH service. References: <20200502111908.26a8e396@airmail.cc> In-Reply-To: <20200502111908.26a8e396@airmail.cc> Resent-From: pinoaffe Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 04 May 2020 15:57:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41018 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41018@debbugs.gnu.org Received: via spool by 41018-submit@debbugs.gnu.org id=B41018.158860779021795 (code B ref 41018); Mon, 04 May 2020 15:57:02 +0000 Received: (at 41018) by debbugs.gnu.org; 4 May 2020 15:56:30 +0000 Received: from localhost ([127.0.0.1]:33764 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jVdSI-0005fT-6L for submit@debbugs.gnu.org; Mon, 04 May 2020 11:56:30 -0400 Received: from mail.cock.li ([37.120.193.124]:36310) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jVdSC-0005fA-Ph for 41018@debbugs.gnu.org; Mon, 04 May 2020 11:56:29 -0400 Date: Mon, 4 May 2020 17:56:16 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=airmail.cc; s=mail; t=1588607778; bh=G89uGr71TApeu1cLaFs42POK+PvDv/oshsHcwF6fbvY=; h=Date:From:To:Subject:From; b=Knas1g8koeRJKHq9TjgB1d2/VzhWr8Cu4XAo0jCwHkR+Cajm2R5VepbezS+b8MHrV ZJsZavqEUSPJEVqAIuSvNfd8swvAgy79T/q8XqMwLRI7BDee3x5k3wCB3J/W14aBjC FCXg0oLm2uOcwGKMicRwCQIgAHYXQBD77h4d2Tx9zAmScOIlqzsdSx4h9GgarhVuU7 EeWZb569brJud3ewV00F16F9WQ+LaHpx6gOPmDsJOb9j0C2zPyYrGFKRgXUErW+1xK iIwtyqpwNQ8elSdVvjx3dB8B0yCI23bEATjAkUeLbwnNj5+q8itLTpESk091eOOBsG dnX1dHY3ArABw== From: pinoaffe Message-ID: <20200504175616.2bbdb2ec@airmail.cc> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: -0.01 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=airmail.cc header.s=mail header.b=Knas1g8k; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Scan-Result: default: False [-0.01 / 13.00]; GENERIC_REPUTATION(0.00)[-0.49492176232115]; DWL_DNSWL_BLOCKED(0.00)[2001:470:142::17:from]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.13), country: US(-0.00), ip: 2001:470:142::17(-0.49)]; TO_DN_NONE(0.00)[]; R_DKIM_REJECT(1.00)[airmail.cc:s=mail]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; DKIM_TRACE(0.00)[airmail.cc:-]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; FROM_NEQ_ENVFROM(0.00)[pinoaffe@airmail.cc,guix-patches-bounces@gnu.org]; ARC_NA(0.00)[]; URIBL_BLOCKED(0.00)[lassieur.org:email,elephly.net:email,airmail.cc:email,lepiller.eu:email]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[airmail.cc]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; DNSWL_BLOCKED(0.00)[2001:470:142::17:from]; RCVD_COUNT_SEVEN(0.00)[7]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: We751dTnnkRZ * doc/guix.texi: Add documentation. * gnu/services/ssh.scm (): New record type. (mpd-service-type): New service type. --- doc/guix.texi | 75 +++++++++++++++++++++++++++++ gnu/services/ssh.scm | 112 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 186 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index c571010bc8..f88859c584 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -78,6 +78,7 @@ Copyright @copyright{} 2020 Jack Hill@* Copyright @copyright{} 2020 Naga Malleswari@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 R Veera Kumar@* +Copyright @copyright{} 2020 pinoaffe@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -14378,6 +14379,80 @@ Whether to enable password-based authentication. @end table @end deftp =20 +@deffn {Scheme Procedure} autossh-service [@var{config}] +Run the AutoSSH service with the given @var{config}, +a @code{} object. + +AutoSSH is a program that runs a copy of @code{ssh} and monitors it, +restarting it as necessary should it die or stop passing traffic. +AutoSSH can be run manually from the commandline by passing arguments +to the binary @code{autossh} from the package @code{autossh}, +but it can also be run as a guix service. This latter usecase is documente= d here. + +AutoSSH can be used to forward local traffic to a remote machine using an = SSH tunnel, +and it respects the @file{~/.ssh/config} of the user it is run as. + +For example, to specify a service running autossh as the user @code{pino} +and forwarding all local connections to port @code{8081} to @code{remote:8= 081} +using an SSH tunnel, add this call to the operating system's @code{service= s} field: + +@lisp +(autossh (autossh-configuration + (user "pino") + (ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.= net")))) +@end lisp +@end deffn + +@deftp {Data Type} autossh-configuration +This data type represents the configuration of an AutoSSH service. + +@table @asis + +@item @code{user} (default @code{"autossh"}) +The user as which the AutoSSH service is to be run. +This assumes that the specified user exists. + +@item @code{poll} (default @code{600}) +Specifies the connection poll time in seconds. + +@item @code{first-poll} (default @code{#f}) +Specifies how long autossh waits before the first connection test in secon= ds. +After this first test, polling is resumed at the pace defined in @code{pol= l}. +When set to @code{#f}, the first poll is not treated specially and +will also use the connection poll specified in @code{poll} + +@item @code{gate-time} (default @code{30}) +Specifies (in seconds) how long an SSH connection must be active +before it is considered successful. + +@item @code{log-level} (default @code{1}) +The log level, corresponding to the levels used by syslog +(so @code{0} is the most silent while @code{7} is the chattiest.) + +@item @code{max-start} (default @code{#f}) +The maximum number of times SSH may be (re)started before AutoSSH exits. +When set to @code{#f}, no maximum is configured and AutoSSH may restart in= definitely. + +@item @code{message} (default @code{""}) +The message to append to the echo message sent when testing connections. + +@item @code{port} (default @code{"0"}) +The ports used for monitoring the connection. When set to @code{"0"}, +monitoring is disabled. When set to @code{"n"} where @code{n} is a positiv= e integer, +ports @code{n} and @code{n+1} are used for monitoring the connection, such= that +port @code{n} is the base monitoring port and @code{n+1} is the echo port. +When set to @code{"n:m"} where @code{n} and @code{m} are positive integers, +the ports @code{n} and @code{n+1} are used for monitoring the connection, = such +that port @code{n} is the base monitoring port and @code{m} is the echo po= rt. + +@item @code{ssh-options} (default @code{'()}) +The list of commandline arguments to pass to ssh when it is run. +Options @code{-f} and @code{-M ....} are reserved for AutoSSH +and may cause undefined behaviour. + +@end table +@end deftp + @defvr {Scheme Variable} %facebook-host-aliases This variable contains a string for use in @file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index d2dbb8f80d..c111437b1a 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -4,6 +4,7 @@ ;;; Copyright =C2=A9 2016 Julien Lepiller ;;; Copyright =C2=A9 2017 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Ricardo Wurmus +;;; Copyright =C2=A9 2020 pinoaffe ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,12 @@ dropbear-configuration dropbear-configuration? dropbear-service-type - dropbear-service)) + dropbear-service + + autossh-configuration + autossh-configuration? + autossh-service-type + autossh-service)) =20 ;;; Commentary: ;;; @@ -628,4 +634,108 @@ daemon} with the given @var{