From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id qFMgAg0QpF9/VwAA0tVLHw (envelope-from ) for ; Thu, 05 Nov 2020 14:45:33 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id ABOGOQwQpF/uOAAAbx9fmQ (envelope-from ) for ; Thu, 05 Nov 2020 14:45:32 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0FA489404DF for ; Thu, 5 Nov 2020 14:45:32 +0000 (UTC) Received: from localhost ([::1]:40166 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kagW2-0008RE-M7 for larch@yhetil.org; Thu, 05 Nov 2020 09:45:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:46814) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kagVa-0008OO-Tg for guix-patches@gnu.org; Thu, 05 Nov 2020 09:45:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:40630) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kagVa-0001nB-Iw for guix-patches@gnu.org; Thu, 05 Nov 2020 09:45:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kagVa-0004pn-Hm for guix-patches@gnu.org; Thu, 05 Nov 2020 09:45:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) References: <20200611155656.7ece9c24@riseup.net> In-Reply-To: <20200611155656.7ece9c24@riseup.net> Resent-From: raingloom Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 05 Nov 2020 14:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41803 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41803@debbugs.gnu.org Received: via spool by 41803-submit@debbugs.gnu.org id=B41803.160458746618520 (code B ref 41803); Thu, 05 Nov 2020 14:45:02 +0000 Received: (at 41803) by debbugs.gnu.org; 5 Nov 2020 14:44:26 +0000 Received: from localhost ([127.0.0.1]:52176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kagUu-0004oX-7e for submit@debbugs.gnu.org; Thu, 05 Nov 2020 09:44:26 -0500 Received: from mx1.riseup.net ([198.252.153.129]:60200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kagUp-0004oM-7Z for 41803@debbugs.gnu.org; Thu, 05 Nov 2020 09:44:19 -0500 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4CRmW02cMrzFfWB for <41803@debbugs.gnu.org>; Thu, 5 Nov 2020 06:44:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1604587452; bh=1VOVbfQzgrNr4Q9ShMm9ZsuhAk4kkHNDW0KBN68C5so=; h=Date:From:To:Subject:From; b=MdmPJ+aR8Heyhg4VUtU10S+4DMPETKDxYW9L+YKAelg0K/rVd6VZ1gfEAZaLwsEtm pr6WgcgRRwkOf2Lby7hWpSD+re8oiQfRF3Bne0yUbrm6nZWycvNL8lztiYtuqOJ3YX 33h3oL6Bc6T6wUEQEzS4K0ErkNRcQLIoV9yRPg+I= X-Riseup-User-ID: DF3A0E694E4C75C73A177B1DF1BECFECD855153DB4A2DF7DECBC40634E81D2B3 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4CRmVy4bPczJnWV for <41803@debbugs.gnu.org>; Thu, 5 Nov 2020 06:44:08 -0800 (PST) Date: Thu, 5 Nov 2020 15:43:41 +0100 From: raingloom Message-ID: <20201105154341.174e5029@riseup.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/qu0ScTRWio3i=wVPkhrpUGr" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=riseup.net header.s=squak header.b=MdmPJ+aR; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: 2T0aO6HcY59k --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Final version, hopefully. Slight upgrade to system example to make testing easier. (added curl to packages) --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-Added-go-github-com-hashicorp-go-syslog.patch >From 2b13fad52d5aeb4c5d2b700cd906b53c98b239ec Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 29 Oct 2020 17:10:25 +0100 Subject: [PATCH 1/6] gnu: Added go-github-com-hashicorp-go-syslog. * gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable. --- gnu/packages/golang.scm | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 6ba735c4a2..f9fffadd9d 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5933,3 +5933,26 @@ tests.") (description "This package provides SCSS compiler support for Go applications.") (license license:expat))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-Added-go-github-com-hjson-hjson-go.patch >From fda7a7767a6c4d18d2b520a77e0e77b32052052f Mon Sep 17 00:00:00 2001 From: raingloom Date: Fri, 23 Oct 2020 02:03:41 +0200 Subject: [PATCH 2/6] gnu: Added go-github-com-hjson-hjson-go. * gnu/packages/golang.scm (go-github-com-hjson-hjson-go): New variable. --- gnu/packages/golang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index f9fffadd9d..4f937baa03 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5956,3 +5956,27 @@ tests.") (description "A very simple wrapper around log/syslog") (license license:expat))) +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.1.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1dfdiahimg6z9idg8jiqxwnlwjnmasbjccx8gnag49cz4yfqskaz")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-Added-go-golang-zx2c4-com-wireguard.patch >From c9538dcf9c8235093b003491f0a542736877ec0c Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 5 Nov 2020 14:48:39 +0100 Subject: [PATCH 3/6] gnu: Added go-golang-zx2c4-com-wireguard. * gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable. --- gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 4f937baa03..f478aeda91 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5980,3 +5980,32 @@ It's intended to be used like a user interface for humans, to read and edit before passing the JSON data to the machine.") (license license:expat))) +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-Add-go-github-com-kardianos-minwinsvc.patch >From 4ef72e6c67df5178fb0f21b1f465492232ddc169 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:56:53 +0200 Subject: [PATCH 4/6] gnu: Add go-github-com-kardianos-minwinsvc. * gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable. --- gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index f478aeda91..524638d212 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -6009,3 +6009,29 @@ before passing the JSON data to the machine.") (synopsis "This is an implementation of WireGuard in Go") (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (package + (name "go-github-com-kardianos-minwinsvc") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0z941cxymkjcsj3p5l3g4wm2da3smz7iyqk2wbs5y8lmxd4kfzd8")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "Minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib))) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-Added-yggdrasil.patch >From cc491ae855c8f98c6605b1af32061c45ecfdb80c Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:57:57 +0200 Subject: [PATCH 5/6] gnu: Added yggdrasil. * gnu/packages/networking.scm (yggdrasil): New variable. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk (dist_PATCH_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 94 +++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 +++++++++++++++++ 3 files changed, 181 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2a994bd3b9..619eab061d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1724,6 +1724,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index cf1909ff28..ef746c4897 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -97,6 +97,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages graphviz) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -3813,3 +3814,96 @@ stamps.") client and server. It allows you to use remote block devices over a TCP/IP network.") (license license:gpl2))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.15") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0gk7gy8yq5nrnblv4imxzzm2hac4ri0hlw19ajfbc1zll5kj32gf")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke + "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis + "Experiment in scalable routing as an encrypted IPv6 overlay network") + (description + "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple +platforms and allows pretty much any IPv6-capable application to communicate +securely with other Yggdrasil nodes. Yggdrasil does not require you to have +IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License + ;; version 3 ("LGPL3"), the copyright holders of this Library give you + ;; permission to convey to a third party a Combined Work that links + ;; statically or dynamically to this Library without providing any Minimal + ;; Corresponding Source or Minimal Application Code as set out in 4d or + ;; providing the installation information set out in section 4e, provided + ;; that you comply with the other provisions of LGPL3 and provided that you + ;; meet, for the Application the terms and conditions of the license(s) + ;; which apply to the Application. Except as stated in this special + ;; exception, the provisions of LGPL3 will continue to comply in full to + ;; this Library. If you modify this Library, you may apply this exception + ;; to your version of this Library, but you are not obliged to do so. If + ;; you do not wish to do so, delete this exception statement from your + ;; version. This exception does not (and cannot) modify any license terms + ;; which apply to the Application, with which you must still comply + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..c21ca29a84 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { if len(conf)>0 { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ }} + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0006-services-Added-yggdrasil-service-type.patch =46rom d7fd649df7902e7eabe8a7d0aa3ab156e4898b71 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 6/6] services: Added yggdrasil-service-type. * gnu/services/networking.scm: (yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New procedures. (yggdrasil-service-type): New variable. * doc/guix.texi: Document it. * gnu/system/examples/yggdrasil.tmpl: Provide example. --- doc/guix.texi | 81 ++++++++++++++++++++ gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++- gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++ 3 files changed, 257 insertions(+), 1 deletion(-) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/doc/guix.texi b/doc/guix.texi index b7f1bc1f00..e099f5ce43 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -82,6 +82,7 @@ Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* +Copyright @copyright{} 2020 raingloom@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -16848,6 +16849,86 @@ Use this to add additional options and manage shar= ed secrets out-of-band. @end table @end deftp =20 +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.git= hub.io/, Yggdrasil network}, an early-stage implementation of a fully end-t= o-end encrypted IPv6 network. + +@quotation +Yggdrasil provides name-independent routing with cryptographically generat= ed addresses. Static addressing means you can keep the same address as long= as you want, even if you move to a new location, or generate a new address= (by generating new keys) whenever you want. +@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html} +@end quotation + +Pass it a value of @code{yggdrasil-configuration} to connect it to public = peers and/or local peers. + +Here is an example using public peers and a static address. The static sig= ning and encryption keys are defined in @file{/etc/yggdrasil-private.conf} = (the default value for @code{config-file}). + +@lisp +;; part of the operating-system declaration +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) ;; use only the public peers + (json-config + ;; choose one from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + ;; /etc/yggdrasil-private.conf is the default value for con= fig-file + )) +@end lisp +@example +# sample content for /etc/yggdrasil-private.conf +@{ + # Your public encryption key. Your peers may ask you for this to put + # into their AllowedEncryptionPublicKeys configuration. + EncryptionPublicKey: 378dc5... + + # Your private encryption key. DO NOT share this with anyone! + EncryptionPrivateKey: 0777... + + # Your public signing key. You should not ordinarily need to share + # this with anyone. + SigningPublicKey: e1664... + + # Your private signing key. DO NOT share this with anyone! + SigningPrivateKey: 0589d... +@} +@end example +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with @file{/etc/ygg= drasil-private.conf}. +Note that these settings are stored in the Guix store, which is readable t= o all users. @strong{Do not store your private keys in it.} +See the output of @code{yggdrasil -genconf} for a quick overview of valid = keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP= and peer with IPv6 neighbors. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to @file{= /var/log/yggdrasil.log}. +The alternative is @code{'syslog}, which sends output to the running syslo= g service. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys sh= ould be stored, which are necessary to specify if you don't want a randomiz= ed address after each restart. +Use @code{#f} to disable. +Options defined in this file take precedence over @code{json-config}. +Use the output of @code{yggdrasil -genconf} as a starting point. To config= ure a static address, delete everything except these options: +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) =20 ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewal= ls."))) =20 +=0C +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package= )))))) + ;;; networking.scm ends here diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdr= asil.tmpl new file mode 100644 index 0000000000..be80bf4de9 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,60 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin curl networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + ;; adding her to the yggdrasil group means she can use + ;; yggdrasilctl to modify the configuration + (supplementary-groups '("wheel" "yggdrasil"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen curl %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh + ;; using your Yggdrasil IPv6 address from another machine running Yggdra= sil. + ;; Alternatively, the client can sit behind a router that has Yggdrasil. + ;; That file is specifically _not_ handled by Guix, because we don't wan= t its + ;; contents to sit in the world-readable /gnu/store. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose a few from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + (config-file #f))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) --=20 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr--