From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id OeSEHHIWsV5aNAAA0tVLHw (envelope-from ) for ; Tue, 05 May 2020 07:32:02 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id +Nv7L3wWsV6cGwAAB5/wlQ (envelope-from ) for ; Tue, 05 May 2020 07:32:12 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3042294456F for ; Tue, 5 May 2020 07:32:11 +0000 (UTC) Received: from localhost ([::1]:38586 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jVs3m-0008OC-5k for larch@yhetil.org; Tue, 05 May 2020 03:32:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50590) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jVs3e-0008Mj-Ox for guix-patches@gnu.org; Tue, 05 May 2020 03:32:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51344) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jVs3e-0002ER-F1 for guix-patches@gnu.org; Tue, 05 May 2020 03:32:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jVs3e-0003fQ-Ao for guix-patches@gnu.org; Tue, 05 May 2020 03:32:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41018] [PATCH v2 try 2] gnu: Add AutoSSH service. References: <20200502111908.26a8e396@airmail.cc> In-Reply-To: <20200502111908.26a8e396@airmail.cc> Resent-From: pinoaffe Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 05 May 2020 07:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41018 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41018@debbugs.gnu.org Received: via spool by 41018-submit@debbugs.gnu.org id=B41018.158866388614049 (code B ref 41018); Tue, 05 May 2020 07:32:02 +0000 Received: (at 41018) by debbugs.gnu.org; 5 May 2020 07:31:26 +0000 Received: from localhost ([127.0.0.1]:34657 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jVs33-0003eW-FT for submit@debbugs.gnu.org; Tue, 05 May 2020 03:31:26 -0400 Received: from mail.cock.li ([37.120.193.124]:33052) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jVs31-0003eF-8i for 41018@debbugs.gnu.org; Tue, 05 May 2020 03:31:24 -0400 Date: Tue, 5 May 2020 09:31:11 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=airmail.cc; s=mail; t=1588663874; bh=+Tq4HrfaGBZuEEor5kxkfBj4bTjFZjcMaGhbyZDf8uE=; h=Date:From:To:Subject:From; b=SCy2awilSTzNLiF0Sw1g6xzrr/5Tt/g+c13tb7U11DpSRCo6OhnjOyri5KQTi6OI1 kA4cOOzF8m6U8I+x6ptRBZFgY71igE7e4co4SPFiOBtO6jXwlGR8Sl37PZqNtiMNxh f6p2iGh8X7xl5SUXgCuTyug3XkNOy1PZSwJZx3q0nlKRnmAuc4nf5MNjNKBb1n+uBE mtyVZnxKJBxOXIwo7RKbPqdewnHIVNAf55F/3LyiBpqZ7smro+W7UufRkky71FMKRS 1myK7FXLCU9hY8zDOl66+tLDvJ/54JoxJn0+4hc8vhVyKv+Z1Zfo5MvO0G28HDtH98 YPBsVw7kt6Zfg== From: pinoaffe Message-ID: <20200505093111.4e16fbec@airmail.cc> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: -0.01 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=airmail.cc header.s=mail header.b=SCy2awil; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Scan-Result: default: False [-0.01 / 13.00]; GENERIC_REPUTATION(0.00)[-0.49522540621786]; DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.13), country: US(-0.00), ip: 2001:470:142::17(-0.50)]; TO_DN_NONE(0.00)[]; R_DKIM_REJECT(1.00)[airmail.cc:s=mail]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; DKIM_TRACE(0.00)[airmail.cc:-]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; FROM_NEQ_ENVFROM(0.00)[pinoaffe@airmail.cc,guix-patches-bounces@gnu.org]; ARC_NA(0.00)[]; URIBL_BLOCKED(0.00)[lepiller.eu:email,airmail.cc:email,lassieur.org:email,elephly.net:email]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[airmail.cc]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_SEVEN(0.00)[7]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: UXeY4VkLW0In * doc/guix.texi: Add documentation. * gnu/services/ssh.scm (): New record type. (mpd-service-type): New service type. --- doc/guix.texi | 75 +++++++++++++++++++++++++++++ gnu/services/ssh.scm | 112 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 186 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index c571010bc8..f88859c584 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -78,6 +78,7 @@ Copyright @copyright{} 2020 Jack Hill@* Copyright @copyright{} 2020 Naga Malleswari@* Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 R Veera Kumar@* +Copyright @copyright{} 2020 pinoaffe@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -14378,6 +14379,80 @@ Whether to enable password-based authentication. @end table @end deftp =20 +@deffn {Scheme Procedure} autossh-service [@var{config}] +Run the AutoSSH service with the given @var{config}, +a @code{} object. + +AutoSSH is a program that runs a copy of @code{ssh} and monitors it, +restarting it as necessary should it die or stop passing traffic. +AutoSSH can be run manually from the commandline by passing arguments +to the binary @code{autossh} from the package @code{autossh}, +but it can also be run as a guix service. This latter usecase is documente= d here. + +AutoSSH can be used to forward local traffic to a remote machine using an = SSH tunnel, +and it respects the @file{~/.ssh/config} of the user it is run as. + +For example, to specify a service running autossh as the user @code{pino} +and forwarding all local connections to port @code{8081} to @code{remote:8= 081} +using an SSH tunnel, add this call to the operating system's @code{service= s} field: + +@lisp +(autossh (autossh-configuration + (user "pino") + (ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.= net")))) +@end lisp +@end deffn + +@deftp {Data Type} autossh-configuration +This data type represents the configuration of an AutoSSH service. + +@table @asis + +@item @code{user} (default @code{"autossh"}) +The user as which the AutoSSH service is to be run. +This assumes that the specified user exists. + +@item @code{poll} (default @code{600}) +Specifies the connection poll time in seconds. + +@item @code{first-poll} (default @code{#f}) +Specifies how long autossh waits before the first connection test in secon= ds. +After this first test, polling is resumed at the pace defined in @code{pol= l}. +When set to @code{#f}, the first poll is not treated specially and +will also use the connection poll specified in @code{poll} + +@item @code{gate-time} (default @code{30}) +Specifies (in seconds) how long an SSH connection must be active +before it is considered successful. + +@item @code{log-level} (default @code{1}) +The log level, corresponding to the levels used by syslog +(so @code{0} is the most silent while @code{7} is the chattiest.) + +@item @code{max-start} (default @code{#f}) +The maximum number of times SSH may be (re)started before AutoSSH exits. +When set to @code{#f}, no maximum is configured and AutoSSH may restart in= definitely. + +@item @code{message} (default @code{""}) +The message to append to the echo message sent when testing connections. + +@item @code{port} (default @code{"0"}) +The ports used for monitoring the connection. When set to @code{"0"}, +monitoring is disabled. When set to @code{"n"} where @code{n} is a positiv= e integer, +ports @code{n} and @code{n+1} are used for monitoring the connection, such= that +port @code{n} is the base monitoring port and @code{n+1} is the echo port. +When set to @code{"n:m"} where @code{n} and @code{m} are positive integers, +the ports @code{n} and @code{n+1} are used for monitoring the connection, = such +that port @code{n} is the base monitoring port and @code{m} is the echo po= rt. + +@item @code{ssh-options} (default @code{'()}) +The list of commandline arguments to pass to ssh when it is run. +Options @code{-f} and @code{-M ....} are reserved for AutoSSH +and may cause undefined behaviour. + +@end table +@end deftp + @defvr {Scheme Variable} %facebook-host-aliases This variable contains a string for use in @file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index d2dbb8f80d..c111437b1a 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -4,6 +4,7 @@ ;;; Copyright =C2=A9 2016 Julien Lepiller ;;; Copyright =C2=A9 2017 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Ricardo Wurmus +;;; Copyright =C2=A9 2020 pinoaffe ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,12 @@ dropbear-configuration dropbear-configuration? dropbear-service-type - dropbear-service)) + dropbear-service + + autossh-configuration + autossh-configuration? + autossh-service-type + autossh-service)) =20 ;;; Commentary: ;;; @@ -628,4 +634,108 @@ daemon} with the given @var{config}, a @code{} object." (service dropbear-service-type config)) =20 +=0C +;;; +;;; AutoSSH. +;;; + + +(define-record-type* + autossh-configuration make-autossh-configuration + autossh-configuration? + (user autossh-configuration-user + (default "autossh")) + (poll autossh-configuration-poll + (default 600)) + (first-poll autossh-configuration-first-poll + (default #f)) + (gate-time autossh-configuration-gate-time + (default 30)) + (log-level autossh-configuration-log-level + (default 1)) + (max-start autossh-configuration-max-start + (default #f)) + (message autossh-configuration-message + (default "")) + (port autossh-configuration-port + (default "0")) + (ssh-options autossh-configuration-ssh-options + (default '()))) + +(define (autossh-file-name config file) + "Return a path in /var/run/autossh/ that is writable + by @code{user} from @code{config}." + (string-append "/var/run/autossh/" + (autossh-configuration-user config) + "/" file)) + +(define (autossh-shepherd-service config) + (shepherd-service + (documentation "Automatically set up ssh connections (and keep them ali= ve).") + (provision '(autossh)) + (start #~(make-forkexec-constructor + (list #$(file-append autossh "/bin/autossh") + #$@(autossh-configuration-ssh-options config)) + #:user #$(autossh-configuration-user config) + #:group (passwd:gid (getpw #$(autossh-configuration-user conf= ig))) + #:pid-file #$(autossh-file-name config "pid") + #:log-file #$(autossh-file-name config "log") + #:environment-variables + '(#$(string-append "AUTOSSH_PIDFILE=3D" + (autossh-file-name config "pid")) + #$(string-append "AUTOSSH_LOGFILE=3D" + (autossh-file-name config "log")) + #$(string-append "AUTOSSH_POLL=3D" + (number->string + (autossh-configuration-poll config))) + #$(string-append "AUTOSSH_FIRST_POLL=3D" + (number->string + (or + (autossh-configuration-first-poll config) + (autossh-configuration-poll config)))) + #$(string-append "AUTOSSH_GATETIME=3D" + (number->string + (autossh-configuration-gate-time config))) + #$(string-append "AUTOSSH_LOGLEVEL=3D" + (number->string + (autossh-configuration-log-level config))) + #$(string-append "AUTOSSH_MAXSTART=3D" + (number->string + (or (autossh-configuration-max-start conf= ig) + -1))) + #$(string-append "AUTOSSH_MESSAGE=3D" + (autossh-configuration-message config)) + #$(string-append "AUTOSSH_PORT=3D" + (autossh-configuration-port config))))) + (stop #~(make-kill-destructor)))) + +(define (autossh-service-activation config) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (define %user + (getpw #$(autossh-configuration-user config))) + (let* ((directory #$(autossh-file-name config "")) + (log (string-append directory "/log"))) + (mkdir-p directory) + (chown directory (passwd:uid %user) (passwd:gid %user)) + (call-with-output-file log (const #t)) + (chown log (passwd:uid %user) (passwd:gid %user)))))) + +(define autossh-service-type + (service-type + (name 'autossh) + (description "Automatically set up ssh connections (and keep them alive= ).") + (extensions + (list (service-extension shepherd-root-service-type + (compose list autossh-shepherd-service)) + (service-extension activation-service-type + autossh-service-activation))) + (default-value (autossh-configuration)))) + +(define* (autossh-service #:optional (config (autossh-configuration))) + "Run autossh with the given @var{config}, a @code{} +object." + (service autossh-service-type config)) + ;;; ssh.scm ends here --=20 2.26.2