* (pre-)creation of tunnel network interfaces
@ 2016-02-25 22:44 Danny Milosavljevic
2016-02-26 11:47 ` Alex Kost
0 siblings, 1 reply; 3+ messages in thread
From: Danny Milosavljevic @ 2016-02-25 22:44 UTC (permalink / raw)
To: guix-devel
Hi,
I'm using openconnect to connect to a few VPNs.
Most of openconnect actually doesn't require root.
In order to avoid root, I'd like to pre-create the tunnel interfaces.
This would be done by
# ip tuntap add vpn0 mode tun user dannym
^ ^--- this is the user that is allowed to use the tunnel later
---- the new tunnel interface
How do I specify this in a system config?
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: (pre-)creation of tunnel network interfaces
2016-02-25 22:44 (pre-)creation of tunnel network interfaces Danny Milosavljevic
@ 2016-02-26 11:47 ` Alex Kost
2016-02-26 23:28 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Alex Kost @ 2016-02-26 11:47 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 643 bytes --]
Danny Milosavljevic (2016-02-26 01:44 +0300) wrote:
> Hi,
>
> I'm using openconnect to connect to a few VPNs.
>
> Most of openconnect actually doesn't require root.
> In order to avoid root, I'd like to pre-create the tunnel interfaces.
>
> This would be done by
>
> # ip tuntap add vpn0 mode tun user dannym
> ^ ^--- this is the user that is allowed to use the tunnel later
> ---- the new tunnel interface
>
> How do I specify this in a system config?
By adding a service that starts this command to your operating-system
declaration. It would be something like this (not tested!):
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: vpn-tunnel-system.scm --]
[-- Type: text/x-scheme, Size: 1268 bytes --]
(use-modules
(ice-9 match)
(gnu)
(gnu packages linux) ; for iproute
(gnu services)
(gnu services shepherd)
(guix records))
(define-record-type* <vpn-tunnel>
vpn-tunnel make-vpn-tunnel
vpn-tunnel?
(interface-name vpn-tunnel-interface-name)
(user-name vpn-tunnel-user-name))
(define vpn-tunnel-service-type
(shepherd-service-type
'vpn-tunnel
(match-lambda
(($ <vpn-tunnel> interface user)
(let ((ip #~(string-append #$iproute "/sbin/ip")))
(shepherd-service
(documentation "Create tunnel interface.")
(provision '(vpn-tunnel))
(requirement '(networking))
(start
#~(lambda _
;; Return #t if successfully started.
(zero? (system* #$ip "tuntap" "add" #$interface
"mode" "tun"
"user" #$user))))
(respawn? #f)))))))
(define (vpn-tunnel-service interface-name user-name)
"Return a service that ..."
(service vpn-tunnel-service-type
(vpn-tunnel (interface-name interface-name)
(user-name user-name))))
(operating-system
;; ...
(services (cons* (vpn-tunnel-service "vpn0" "dannym")
;; ...
%desktop-services)))
[-- Attachment #3: Type: text/plain, Size: 10 bytes --]
--
Alex
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-26 23:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-25 22:44 (pre-)creation of tunnel network interfaces Danny Milosavljevic
2016-02-26 11:47 ` Alex Kost
2016-02-26 23:28 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.