From: raingloom <raingloom@riseup.net>
To: 41803@debbugs.gnu.org
Subject: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network)
Date: Thu, 5 Nov 2020 15:43:41 +0100 [thread overview]
Message-ID: <20201105154341.174e5029@riseup.net> (raw)
In-Reply-To: <20200611155656.7ece9c24@riseup.net>
[-- Attachment #1: Type: text/plain, Size: 108 bytes --]
Final version, hopefully.
Slight upgrade to system example to make testing easier. (added curl to
packages)
[-- Attachment #2: 0001-gnu-Added-go-github-com-hashicorp-go-syslog.patch --]
[-- Type: text/x-patch, Size: 1519 bytes --]
From 2b13fad52d5aeb4c5d2b700cd906b53c98b239ec Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Thu, 29 Oct 2020 17:10:25 +0100
Subject: [PATCH 1/6] gnu: Added go-github-com-hashicorp-go-syslog.
* gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable.
---
gnu/packages/golang.scm | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 6ba735c4a2..f9fffadd9d 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5933,3 +5933,26 @@ tests.")
(description
"This package provides SCSS compiler support for Go applications.")
(license license:expat)))
+
+(define-public go-github-com-hashicorp-go-syslog
+ (package
+ (name "go-github-com-hashicorp-go-syslog")
+ (version "1.0.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/hashicorp/go-syslog")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/hashicorp/go-syslog"))
+ (home-page "https://github.com/hashicorp/go-syslog")
+ (synopsis "Golang syslog wrapper, cross-compile friendly")
+ (description "A very simple wrapper around log/syslog")
+ (license license:expat)))
+
--
2.28.0
[-- Attachment #3: 0002-gnu-Added-go-github-com-hjson-hjson-go.patch --]
[-- Type: text/x-patch, Size: 1546 bytes --]
From fda7a7767a6c4d18d2b520a77e0e77b32052052f Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Fri, 23 Oct 2020 02:03:41 +0200
Subject: [PATCH 2/6] gnu: Added go-github-com-hjson-hjson-go.
* gnu/packages/golang.scm (go-github-com-hjson-hjson-go): New variable.
---
gnu/packages/golang.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index f9fffadd9d..4f937baa03 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5956,3 +5956,27 @@ tests.")
(description "A very simple wrapper around log/syslog")
(license license:expat)))
+(define-public go-github-com-hjson-hjson-go
+ (package
+ (name "go-github-com-hjson-hjson-go")
+ (version "3.1.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/hjson/hjson-go")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1dfdiahimg6z9idg8jiqxwnlwjnmasbjccx8gnag49cz4yfqskaz"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/hjson/hjson-go"))
+ (home-page "https://hjson.org/")
+ (synopsis "Human JSON implementation for Go")
+ (description "Hjson is a syntax extension to JSON.
+It's intended to be used like a user interface for humans, to read and edit
+before passing the JSON data to the machine.")
+ (license license:expat)))
+
--
2.28.0
[-- Attachment #4: 0003-gnu-Added-go-golang-zx2c4-com-wireguard.patch --]
[-- Type: text/x-patch, Size: 1922 bytes --]
From c9538dcf9c8235093b003491f0a542736877ec0c Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Thu, 5 Nov 2020 14:48:39 +0100
Subject: [PATCH 3/6] gnu: Added go-golang-zx2c4-com-wireguard.
* gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable.
---
gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 4f937baa03..f478aeda91 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -5980,3 +5980,32 @@ It's intended to be used like a user interface for humans, to read and edit
before passing the JSON data to the machine.")
(license license:expat)))
+(define-public go-golang-zx2c4-com-wireguard
+ (package
+ (name "go-golang-zx2c4-com-wireguard")
+ (version "0.0.20200320")
+ (source
+ (origin
+ (method git-fetch)
+ ;; NOTE: module URL is a redirect
+ ;; target: git.zx2c4.com/wireguard-go
+ ;; source: golang.zx2c4.com/wireguard
+ (uri (git-reference
+ (url "https://git.zx2c4.com/wireguard-go/")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "golang.zx2c4.com/wireguard"))
+ (propagated-inputs
+ `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-sys" ,go-golang-org-x-sys)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)))
+ (home-page "https://git.zx2c4.com/wireguard")
+ (synopsis "This is an implementation of WireGuard in Go")
+ (description "Go Implementation of [WireGuard](https://www.wireguard.com/)")
+ (license license:expat)))
--
2.28.0
[-- Attachment #5: 0004-gnu-Add-go-github-com-kardianos-minwinsvc.patch --]
[-- Type: text/x-patch, Size: 1851 bytes --]
From 4ef72e6c67df5178fb0f21b1f465492232ddc169 Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Sat, 17 Oct 2020 20:56:53 +0200
Subject: [PATCH 4/6] gnu: Add go-github-com-kardianos-minwinsvc.
* gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable.
---
gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index f478aeda91..524638d212 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -6009,3 +6009,29 @@ before passing the JSON data to the machine.")
(synopsis "This is an implementation of WireGuard in Go")
(description "Go Implementation of [WireGuard](https://www.wireguard.com/)")
(license license:expat)))
+
+(define-public go-github-com-kardianos-minwinsvc
+ (package
+ (name "go-github-com-kardianos-minwinsvc")
+ (version "1.0.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/kardianos/minwinsvc")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0z941cxymkjcsj3p5l3g4wm2da3smz7iyqk2wbs5y8lmxd4kfzd8"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/kardianos/minwinsvc"))
+ (home-page "https://github.com/kardianos/minwinsvc/")
+ ;; some packages (Yggdrasil) need it to compile
+ ;; it's a tiny package and it's easier to bundle it than to patch it out
+ (synopsis "Minimal windows only service stub for Go")
+ (description "Go programs designed to run from most *nix style operating
+systems can import this package to enable running programs as services without
+modifying them.")
+ (license license:zlib)))
--
2.28.0
[-- Attachment #6: 0005-gnu-Added-yggdrasil.patch --]
[-- Type: text/x-patch, Size: 10863 bytes --]
From cc491ae855c8f98c6605b1af32061c45ecfdb80c Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Sat, 17 Oct 2020 20:57:57 +0200
Subject: [PATCH 5/6] gnu: Added yggdrasil.
* gnu/packages/networking.scm (yggdrasil): New variable.
* gnu/packages/patches/yggdrasil-extra-config.patch: New file.
* gnu/local.mk (dist_PATCH_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/networking.scm | 94 +++++++++++++++++++
| 86 +++++++++++++++++
3 files changed, 181 insertions(+)
create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 2a994bd3b9..619eab061d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1724,6 +1724,7 @@ dist_patch_DATA = \
%D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \
%D%/packages/patches/xsane-support-ipv6.patch \
%D%/packages/patches/xsane-tighten-default-umask.patch \
+ %D%/packages/patches/yggdrasil-extra-config.patch \
%D%/packages/patches/zziplib-CVE-2018-16548.patch
MISC_DISTRO_FILES = \
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index cf1909ff28..ef746c4897 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -97,6 +97,7 @@
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
+ #:use-module (gnu packages golang)
#:use-module (gnu packages graphviz)
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages gtk)
@@ -3813,3 +3814,96 @@ stamps.")
client and server. It allows you to use remote block devices over a TCP/IP
network.")
(license license:gpl2)))
+
+(define-public yggdrasil
+ (package
+ (name "yggdrasil")
+ (version "0.3.15")
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://github.com/yggdrasil-network/yggdrasil-go")
+ (commit (string-append "v" version))
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0gk7gy8yq5nrnblv4imxzzm2hac4ri0hlw19ajfbc1zll5kj32gf"))
+ (patches (search-patches "yggdrasil-extra-config.patch"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/yggdrasil-network/yggdrasil-go"
+ ;; TODO: figure out how tests are run
+ #:tests? #f
+ #:install-source? #f
+ #:phases (modify-phases %standard-phases
+ (replace 'build
+ (lambda _
+ (for-each
+ (lambda (c)
+ (invoke
+ "go" "build" "-v" "-ldflags=-s -w"
+ (string-append
+ "github.com/yggdrasil-network/yggdrasil-go/cmd/" c)))
+ (list "yggdrasil" "yggdrasilctl"))
+ #t))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin/"))
+ (doc (string-append out "/share/doc/yggdrasil/")))
+ (mkdir-p bin)
+ (for-each
+ (lambda (f)
+ (install-file f bin))
+ (list "yggdrasil" "yggdrasilctl"))
+ (mkdir-p doc)
+ (copy-recursively
+ (string-append
+ "src/github.com/yggdrasil-network/yggdrasil-go/"
+ "doc/yggdrasil-network.github.io")
+ doc)))))))
+ ;; https://github.com/kardianos/minwinsvc is windows only
+ (propagated-inputs
+ `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony)
+ ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb)
+ ("go-github-com-gologme-log" ,go-github-com-gologme-log)
+ ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog)
+ ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go)
+ ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc)
+ ("go-github-com-mitchellh-mapstructure"
+ ,go-github-com-mitchellh-mapstructure)
+ ("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
+ ("go-golang-org-x-net" ,go-golang-org-x-net)
+ ("go-golang-org-x-text" ,go-golang-org-x-text)
+ ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard)
+ ("go-netlink" ,go-netlink)
+ ("go-netns" ,go-netns)))
+ (home-page "https://yggdrasil-network.github.io/blog.html")
+ (synopsis
+ "Experiment in scalable routing as an encrypted IPv6 overlay network")
+ (description
+ "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted
+IPv6 network. It is lightweight, self-arranging, supported on multiple
+platforms and allows pretty much any IPv6-capable application to communicate
+securely with other Yggdrasil nodes. Yggdrasil does not require you to have
+IPv6 Internet connectivity - it also works over IPv4.")
+ (license
+ ;; As a special exception to the GNU Lesser General Public License
+ ;; version 3 ("LGPL3"), the copyright holders of this Library give you
+ ;; permission to convey to a third party a Combined Work that links
+ ;; statically or dynamically to this Library without providing any Minimal
+ ;; Corresponding Source or Minimal Application Code as set out in 4d or
+ ;; providing the installation information set out in section 4e, provided
+ ;; that you comply with the other provisions of LGPL3 and provided that you
+ ;; meet, for the Application the terms and conditions of the license(s)
+ ;; which apply to the Application. Except as stated in this special
+ ;; exception, the provisions of LGPL3 will continue to comply in full to
+ ;; this Library. If you modify this Library, you may apply this exception
+ ;; to your version of this Library, but you are not obliged to do so. If
+ ;; you do not wish to do so, delete this exception statement from your
+ ;; version. This exception does not (and cannot) modify any license terms
+ ;; which apply to the Application, with which you must still comply
+ license:lgpl3)))
--git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch
new file mode 100644
index 0000000000..c21ca29a84
--- /dev/null
+++ b/gnu/packages/patches/yggdrasil-extra-config.patch
@@ -0,0 +1,86 @@
+diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go
+index 813e950..08d35cc 100644
+--- a/cmd/yggdrasil/main.go
++++ b/cmd/yggdrasil/main.go
+@@ -40,11 +40,12 @@ type node struct {
+ admin module.Module // admin.AdminSocket
+ }
+
+-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig {
++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig {
+ // Use a configuration file. If -useconf, the configuration will be read
+ // from stdin. If -useconffile, the configuration will be read from the
+ // filesystem.
+ var conf []byte
++ var extraconf []byte
+ var err error
+ if *useconffile != "" {
+ // Read the file from the filesystem
+@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
+ if err != nil {
+ panic(err)
+ }
++ if *extraconffile != "" {
++ extraconf, err = ioutil.ReadFile(*extraconffile);
++ }
++ if err != nil {
++ panic(err)
++ }
++ // Generate a new configuration - this gives us a set of sane defaults -
++ // then parse the configuration we loaded above on top of it. The effect
++ // of this is that any configuration item that is missing from the provided
++ // configuration will use a sane default.
++ cfg := config.GenerateConfig()
++ var confs [2][]byte
++ confs[0]=conf
++ confs[1]=extraconf
++ for _, conf := range confs { if len(conf)>0 {
+ // If there's a byte order mark - which Windows 10 is now incredibly fond of
+ // throwing everywhere when it's converting things into UTF-16 for the hell
+ // of it - remove it and decode back down into UTF-8. This is necessary
+@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
+ panic(err)
+ }
+ }
+- // Generate a new configuration - this gives us a set of sane defaults -
+- // then parse the configuration we loaded above on top of it. The effect
+- // of this is that any configuration item that is missing from the provided
+- // configuration will use a sane default.
+- cfg := config.GenerateConfig()
+ var dat map[string]interface{}
+ if err := hjson.Unmarshal(conf, &dat); err != nil {
+ panic(err)
+@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config
+ if err = mapstructure.Decode(dat, &cfg); err != nil {
+ panic(err)
+ }
++ }}
+ return cfg
+ }
+
+@@ -164,6 +176,7 @@ func main() {
+ genconf := flag.Bool("genconf", false, "print a new config to stdout")
+ useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin")
+ useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path")
++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path")
+ normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised")
+ confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON")
+ autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)")
+@@ -187,7 +200,7 @@ func main() {
+ cfg = config.GenerateConfig()
+ case *useconffile != "" || *useconf:
+ // Read the configuration from either stdin or from the filesystem
+- cfg = readConfig(useconf, useconffile, normaliseconf)
++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf)
+ // If the -normaliseconf option was specified then remarshal the above
+ // configuration and print it back to stdout. This lets the user update
+ // their configuration file with newly mapped names (like above) or to
+@@ -332,7 +345,7 @@ func main() {
+ goto exit
+ case _ = <-r:
+ if *useconffile != "" {
+- cfg = readConfig(useconf, useconffile, normaliseconf)
++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf)
+ logger.Infoln("Reloading configuration from", *useconffile)
+ n.core.UpdateConfig(cfg)
+ n.tuntap.UpdateConfig(cfg)
--
2.28.0
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #7: 0006-services-Added-yggdrasil-service-type.patch --]
[-- Type: text/x-patch, Size: 13063 bytes --]
From d7fd649df7902e7eabe8a7d0aa3ab156e4898b71 Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@protonmail.com>
Date: Thu, 11 Jun 2020 14:09:57 +0200
Subject: [PATCH 6/6] services: Added yggdrasil-service-type.
* gnu/services/networking.scm:
(yggdrasil-configuration
yggdrasil-configuration?
yggdrasil-configuration-package
yggdrasil-configuration-auto-conf
yggdrasil-configuration-log-level
yggdrasil-configuration-log-to): New procedures.
(yggdrasil-service-type): New variable.
* doc/guix.texi: Document it.
* gnu/system/examples/yggdrasil.tmpl: Provide example.
---
doc/guix.texi | 81 ++++++++++++++++++++
gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++-
gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++
3 files changed, 257 insertions(+), 1 deletion(-)
create mode 100644 gnu/system/examples/yggdrasil.tmpl
diff --git a/doc/guix.texi b/doc/guix.texi
index b7f1bc1f00..e099f5ce43 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -82,6 +82,7 @@ Copyright @copyright{} 2020 Pierre Langlois@*
Copyright @copyright{} 2020 pinoaffe@*
Copyright @copyright{} 2020 André Batista@*
Copyright @copyright{} 2020 Alexandru-Sergiu Marton@*
+Copyright @copyright{} 2020 raingloom@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16848,6 +16849,86 @@ Use this to add additional options and manage shared secrets out-of-band.
@end table
@end deftp
+@defvr {Scheme Variable} yggdrasil-service-type
+The service type for connecting to the @uref{https://yggdrasil-network.github.io/, Yggdrasil network}, an early-stage implementation of a fully end-to-end encrypted IPv6 network.
+
+@quotation
+Yggdrasil provides name-independent routing with cryptographically generated addresses. Static addressing means you can keep the same address as long as you want, even if you move to a new location, or generate a new address (by generating new keys) whenever you want.
+@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html}
+@end quotation
+
+Pass it a value of @code{yggdrasil-configuration} to connect it to public peers and/or local peers.
+
+Here is an example using public peers and a static address. The static signing and encryption keys are defined in @file{/etc/yggdrasil-private.conf} (the default value for @code{config-file}).
+
+@lisp
+;; part of the operating-system declaration
+(service yggdrasil-service-type
+ (yggdrasil-configuration
+ (autoconf? #f) ;; use only the public peers
+ (json-config
+ ;; choose one from
+ ;; https://github.com/yggdrasil-network/public-peers
+ '((peers . #("tcp://1.2.3.4:1337"))))
+ ;; /etc/yggdrasil-private.conf is the default value for config-file
+ ))
+@end lisp
+@example
+# sample content for /etc/yggdrasil-private.conf
+@{
+ # Your public encryption key. Your peers may ask you for this to put
+ # into their AllowedEncryptionPublicKeys configuration.
+ EncryptionPublicKey: 378dc5...
+
+ # Your private encryption key. DO NOT share this with anyone!
+ EncryptionPrivateKey: 0777...
+
+ # Your public signing key. You should not ordinarily need to share
+ # this with anyone.
+ SigningPublicKey: e1664...
+
+ # Your private signing key. DO NOT share this with anyone!
+ SigningPrivateKey: 0589d...
+@}
+@end example
+@end defvr
+
+@deftp {Data Type} yggdrasil-configuration
+Data type representing the configuration of Yggdrasil.
+
+@table @asis
+@item @code{package} (default: @code{yggdrasil})
+Package object of Yggdrasil.
+
+@item @code{json-config} (default: @code{'()})
+Contents of @file{/etc/yggdrasil.conf}. Will be merged with @file{/etc/yggdrasil-private.conf}.
+Note that these settings are stored in the Guix store, which is readable to all users. @strong{Do not store your private keys in it.}
+See the output of @code{yggdrasil -genconf} for a quick overview of valid keys and their default values.
+
+@item @code{autoconf?} (default: @code{#f})
+Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP and peer with IPv6 neighbors.
+
+@item @code{log-level} (default: @code{'info})
+How much detail to include in logs. Use @code{'debug} for more detail.
+
+@item @code{log-to} (default: @code{'stdout})
+Where to send logs. By default, the service logs standard output to @file{/var/log/yggdrasil.log}.
+The alternative is @code{'syslog}, which sends output to the running syslog service.
+
+@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"})
+What HJSON file to load sensitive data from. This is where private keys should be stored, which are necessary to specify if you don't want a randomized address after each restart.
+Use @code{#f} to disable.
+Options defined in this file take precedence over @code{json-config}.
+Use the output of @code{yggdrasil -genconf} as a starting point. To configure a static address, delete everything except these options:
+@itemize
+@item @code{EncryptionPublicKey}
+@item @code{EncryptionPrivateKey}
+@item @code{SigningPublicKey}
+@item @code{SigningPrivateKey}
+@end itemize
+@end table
+@end deftp
+
@node Unattended Upgrades
@subsection Unattended Upgrades
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 64f54e787f..9ec0f6a9ca 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -61,7 +61,9 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-43)
#:use-module (ice-9 match)
+ #:use-module (json)
#:re-export (static-networking-service
static-networking-service-type)
#:export (%facebook-host-aliases
@@ -180,7 +182,17 @@
pagekite-configuration-kitesecret
pagekite-configuration-frontend
pagekite-configuration-kites
- pagekite-configuration-extra-file))
+ pagekite-configuration-extra-file
+
+ yggdrasil-service-type
+ yggdrasil-configuration
+ yggdrasil-configuration?
+ yggdrasil-configuration-autoconf?
+ yggdrasil-configuration-config-file
+ yggdrasil-configuration-log-level
+ yggdrasil-configuration-log-to
+ yggdrasil-configuration-json-config
+ yggdrasil-configuration-package))
;;; Commentary:
;;;
@@ -1750,4 +1762,107 @@ table inet filter {
"Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
local servers publicly accessible on the web, even behind NATs and firewalls.")))
+\f
+;;;
+;;; Yggdrasil
+;;;
+
+(define-record-type* <yggdrasil-configuration>
+ yggdrasil-configuration
+ make-yggdrasil-configuration
+ yggdrasil-configuration?
+ (package yggdrasil-configuration-package
+ (default yggdrasil))
+ (json-config yggdrasil-configuration-json-config
+ (default '()))
+ (config-file yggdrasil-config-file
+ (default "/etc/yggdrasil-private.conf"))
+ (autoconf? yggdrasil-configuration-autoconf?
+ (default #f))
+ (log-level yggdrasil-configuration-log-level
+ (default 'info))
+ (log-to yggdrasil-configuration-log-to
+ (default 'stdout)))
+
+(define (yggdrasil-configuration-file config)
+ (define (scm->yggdrasil-json x)
+ (define key-value?
+ dotted-list?)
+ (define (param->camel str)
+ (string-concatenate
+ (map
+ string-capitalize
+ (string-split str (cut eqv? <> #\-)))))
+ (cond
+ ((key-value? x)
+ (let ((k (car x))
+ (v (cdr x)))
+ (cons
+ (if (symbol? k)
+ (param->camel (symbol->string k))
+ k)
+ v)))
+ ((list? x) (map scm->yggdrasil-json x))
+ ((vector? x) (vector-map scm->yggdrasil-json x))
+ (else x)))
+ (computed-file
+ "yggdrasil.conf"
+ #~(call-with-output-file #$output
+ (lambda (port)
+ ;; it's HJSON, so comments are a-okay
+ (display "# Generated by yggdrasil-service\n" port)
+ (display #$(scm->json-string
+ (scm->yggdrasil-json
+ (yggdrasil-configuration-json-config config)))
+ port)))))
+
+(define (yggdrasil-shepherd-service config)
+ "Return a <shepherd-service> for yggdrasil with CONFIG."
+ (define yggdrasil-command
+ #~(append
+ (list (string-append
+ #$(yggdrasil-configuration-package config)
+ "/bin/yggdrasil")
+ "-useconffile"
+ #$(yggdrasil-configuration-file config))
+ (if #$(yggdrasil-configuration-autoconf? config)
+ '("-autoconf")
+ '())
+ (let ((extraconf #$(yggdrasil-config-file config)))
+ (if extraconf
+ (list "-extraconffile" extraconf)
+ '()))
+ (list "-loglevel"
+ #$(symbol->string
+ (yggdrasil-configuration-log-level config))
+ "-logto"
+ #$(symbol->string
+ (yggdrasil-configuration-log-to config)))))
+ (list (shepherd-service
+ (documentation "Connect to the Yggdrasil mesh network")
+ (provision '(yggdrasil))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ #$yggdrasil-command
+ #:log-file "/var/log/yggdrasil.log"
+ #:group "yggdrasil"))
+ (stop #~(make-kill-destructor)))))
+
+(define %yggdrasil-accounts
+ (list (user-group (name "yggdrasil") (system? #t))))
+
+(define yggdrasil-service-type
+ (service-type
+ (name 'yggdrasil)
+ (description
+ "Connect to the Yggdrasil mesh network.
+See yggdrasil -genconf for config options.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ yggdrasil-shepherd-service)
+ (service-extension account-service-type
+ (const %yggdrasil-accounts))
+ (service-extension profile-service-type
+ (compose list yggdrasil-configuration-package))))))
+
;;; networking.scm ends here
diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl
new file mode 100644
index 0000000000..be80bf4de9
--- /dev/null
+++ b/gnu/system/examples/yggdrasil.tmpl
@@ -0,0 +1,60 @@
+;; This is an operating system configuration template
+;; for a "bare bones" setup, with no X11 display server.
+
+(use-modules (gnu))
+(use-service-modules networking ssh)
+(use-package-modules admin curl networking screen)
+
+(operating-system
+ (host-name "ruby-guard-5545")
+ (timezone "Europe/Budapest")
+ (locale "en_US.utf8")
+
+ ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
+ ;; target hard disk, and "my-root" is the label of the target
+ ;; root file system.
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/sdX")))
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (group "users")
+ ;; adding her to the yggdrasil group means she can use
+ ;; yggdrasilctl to modify the configuration
+ (supplementary-groups '("wheel" "yggdrasil")))
+ %base-user-accounts))
+
+ ;; Globally-installed packages.
+ (packages (cons* screen curl %base-packages))
+
+ ;; Add services to the baseline: a DHCP client and
+ ;; an SSH server.
+ ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh
+ ;; using your Yggdrasil IPv6 address from another machine running Yggdrasil.
+ ;; Alternatively, the client can sit behind a router that has Yggdrasil.
+ ;; That file is specifically _not_ handled by Guix, because we don't want its
+ ;; contents to sit in the world-readable /gnu/store.
+ (services
+ (append
+ (list
+ (service dhcp-client-service-type)
+ (service yggdrasil-service-type
+ (yggdrasil-configuration
+ (log-to 'stdout)
+ (log-level 'debug)
+ (autoconf? #f)
+ (json-config
+ ;; choose a few from
+ ;; https://github.com/yggdrasil-network/public-peers
+ '((peers . #("tcp://1.2.3.4:1337"))))
+ (config-file #f)))
+ (service openssh-service-type
+ (openssh-configuration
+ (port-number 2222))))
+ %base-services)))
--
2.28.0
next prev parent reply other threads:[~2020-11-05 14:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 13:56 [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) raingloom
2020-06-14 1:35 ` raingloom
2020-07-11 22:12 ` Julien Lepiller
2020-07-13 14:23 ` raingloom
2020-09-03 17:59 ` raingloom
2020-10-07 22:15 ` raingloom
2020-10-29 0:20 ` raingloom
2020-10-13 23:09 ` Julien Lepiller
2020-11-05 14:43 ` raingloom [this message]
2020-11-05 17:48 ` bug#41803: " Julien Lepiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201105154341.174e5029@riseup.net \
--to=raingloom@riseup.net \
--cc=41803@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.