From unknown Tue Jun 17 20:17:22 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#41803 <41803@debbugs.gnu.org> To: bug#41803 <41803@debbugs.gnu.org> Subject: Status: [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Reply-To: bug#41803 <41803@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:17:22 +0000 retitle 41803 [PATCH] Yggdrasil package and accompanying shepherd service (= mesh network) reassign 41803 guix-patches submitter 41803 raingloom severity 41803 normal tag 41803 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 11 09:57:49 2020 Received: (at submit) by debbugs.gnu.org; 11 Jun 2020 13:57:50 +0000 Received: from localhost ([127.0.0.1]:37610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjNiB-000367-2V for submit@debbugs.gnu.org; Thu, 11 Jun 2020 09:57:49 -0400 Received: from lists.gnu.org ([209.51.188.17]:56400) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjNi4-00035o-Nd for submit@debbugs.gnu.org; Thu, 11 Jun 2020 09:57:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51402) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jjNi4-0001Uv-D1 for guix-patches@gnu.org; Thu, 11 Jun 2020 09:57:36 -0400 Received: from mx1.riseup.net ([198.252.153.129]:52732) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jjNhz-0001a8-TB for guix-patches@gnu.org; Thu, 11 Jun 2020 09:57:36 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49jQQy3RtZzFf2V for ; Thu, 11 Jun 2020 06:57:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1591883850; bh=+Dz23O9J7I5QO2ayHJdAfZ2KWP62WpK3zwI0dT2LZ6s=; h=Date:From:To:Subject:From; b=ark/c41gJzUEDORfNihR+PJaW5KsyXb3NNRcTwO8B5bObzWTnTyv3yspc38TByMym sD9VNp5ef974BBEcNERTBI4ZoYBNxYc406ZWZSmVs4p6YcwGzgx6V4G3kFdfNq/346 a/01uqZ4YAiy6TmkrM061fjuG64NIMzRXqNSa7/c= X-Riseup-User-ID: 6419B8FEDDB26BE44BC7F72BEB2246DCF65D41DCF8D9945D4D8AD143E5E33D04 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49jQQx5PtkzJqp2 for ; Thu, 11 Jun 2020 06:57:29 -0700 (PDT) Date: Thu, 11 Jun 2020 15:56:56 +0200 From: raingloom To: Guix Patches Subject: [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20200611155656.7ece9c24@riseup.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/82n_6_DI0gmRaaIem+Pg+fT" Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/11 09:57:29 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline from: https://yggdrasil-network.github.io/ "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted IPv6 network." I spent the last few days packaging it and now it's in a state where I think it's usable. The configuration can include private keys, so that part should NOT go in the operating system config, because it would get stored in the world-readable Guix store. Nix works around this by merging the generated config with a JSON file and sending it to yggdrasil over its stdin. I chose not to do that because I couldn't figure out how to open a service's stdin and because I think the way I did it is much more elegant in the long run. The package is lightly patched to take not one but two config files, and it simply merges them internally. The patch is completely backwards compatible and unobtrusive. It took me about an hour to write and debug and most of that was just figuring out Go's syntax and type system. I will try to get upstream to accept it, or implement similar functionality. Still TODO: documenting the service as an info page. The gist of using it is: 1. look at example operating system 2. see yggdrasil -genconf -json for config options (3.) optional: save output as /etc/yggdrasil-secret.conf (4.) chmod 600 /etc/yggdrasil-secret.conf (5.) delete everything but the signing and encryption keys 6. add peers as needed, or set autoconf? to #t to connect through a local peer It seems to work fine. I could connect to open peers from one machine and another one could auto-configure itself to connect through the first one over the LAN. It's pretty nifty. --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-go-golang-org-x-sys-update-to-05986578812163b266.patch >From e40f06bd1c11569d84cc00b92b0cf3ca4f989d9a Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 12:52:00 +0200 Subject: [PATCH 1/5] gnu: go-golang-org-x-sys: update to 05986578812163b26672dabd9b425240ae2bb0ad --- gnu/packages/golang.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index d95e195ba5..de76b99039 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -723,8 +723,8 @@ processing.") (license license:bsd-3)))) (define-public go-golang-org-x-sys - (let ((commit "c709ea063b76879dc9915358f55d4d77c16ab6d5") - (revision "6")) + (let ((commit "05986578812163b26672dabd9b425240ae2bb0ad") + (revision "7")) (package (name "go-golang-org-x-sys") (version (git-version "0.0.0" revision commit)) @@ -736,7 +736,7 @@ processing.") (file-name (git-file-name name version)) (sha256 (base32 - "15nq53a6kcqchng4j0d1pjw0m6hny6126nhjdwqw5n9dzh6a226d")))) + "1q2rxb6z5l6pmlckjsz2l0b8lw7bqgk6frhzbmi1dv0y5irb2ka7")))) (build-system go-build-system) (arguments `(#:import-path "golang.org/x/sys" -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-add-yggdrasil-dependencies.patch >From a58a33740676b04af07143cca15d02403ee5fdab Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 15:27:28 +0200 Subject: [PATCH 2/5] gnu: add yggdrasil dependencies * gnu/packages/golang.scm: (go-github-com-arceliar-phony) (go-github-com-cheggaaa-pb) (go-github-com-gologme-log) (go-github-com-hashicorp-go-syslog) (go-github-com-hjson-hjson-go) (go-github-com-mitchellh-mapstructure) (go-golang-zx2c4-com-wireguard) (go-github-com-kardianos-minwinsvc): New public variables. --- gnu/packages/golang.scm | 208 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index de76b99039..1753770ba2 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -3784,3 +3784,211 @@ used by other processes.") Porter2 stemmer}. It is written completely using finite state machines to do suffix comparison, rather than the string-based or tree-based approaches.") (license license:asl2.0)))) + +(define-public go-github-com-arceliar-phony + (let ((commit "d0c68492aca0bd4b5c5c8e0452c9b4c8af923eaf") + (revision "0")) + (package + (name "go-github-com-arceliar-phony") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/Arceliar/phony") + (commit commit))) + (sha256 + (base32 + "0876y0hlb1zh8hn0pxrb5zfdadvaqmqwlr66p19yl2a76galz992")))) + (arguments + '(#:import-path "github.com/Arceliar/phony")) + (build-system go-build-system) + (home-page "https://github.com/Arceliar/phony") + (synopsis "A very minimal actor model library") + (description "Phony is a very minimal actor model library for Go, +inspired by the causal messaging system in the Pony programming language") + (license license:expat)))) + +(define-public go-github-com-cheggaaa-pb + (package + (name "go-github-com-cheggaaa-pb") + (version "3.0.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/cheggaaa/pb/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0xhsv9yf3fz918ay6w0d87jnb3hk9vxvi16jk172kqq26x7jixd0")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/cheggaaa/pb/")) + (propagated-inputs + `(("go-github-com-fatih-color" ,go-github-com-fatih-color) + ("go-github-com-mattn-go-colorable" ,go-github-com-mattn-go-colorable) + ("go-github.com-mattn-go-runewidth" ,go-github.com-mattn-go-runewidth) + ("go-golang-org-x-sys" ,go-golang-org-x-sys))) + (native-inputs + `(("go-github-com-mattn-go-isatty" ,go-github-com-mattn-go-isatty))) + (home-page "https://github.com/cheggaaa/pb/") + (synopsis "Console progress bar for Golang") + (description "") + (license license:bsd-3))) + +(define-public go-github-com-gologme-log + (package + (name "go-github-com-gologme-log") + (version "1.2.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/gologme/log") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0shjbf52xh57bx6xka7h00yjvldjl5wwnim530xxbaragqj0cg8f")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/gologme/log")) + (home-page "https://github.com/gologme/log/") + (synopsis + "A fork of the golang built in log package to add support for levels") + (description "This package is a drop in replacement for the built-in Go log +package. All the functionality of the built-in package still exists and is +unchanged. In addition, this package contains a series of small enhancements +and additions.") + ;; TODO: does this even qualify as a license? the LICENSE file is empty + ;; all it has is this paragraph in the README + ;; "This is free software, licensed under the same BSD license that the + ;; original Go log package was licensed." + (license license:bsd-3))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.0.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0q340mddapq0lxrdrzkjnw7xdwdn1lzifcf564wrmj8rggh7rl81")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + +(define-public go-github-com-mitchellh-mapstructure + (package + (name "go-github-com-mitchellh-mapstructure") + (version "1.3.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mitchellh/mapstructure") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0l3qyskfx9bwh0b17zv8yk15rrdhjmj482jsp09f9bp0d4g9k87j")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/mitchellh/mapstructure")) + (home-page "https://github.com/mitchellh/mapstructure/") + (synopsis + "Go library for decoding generic map values to and from native Go structures") + (description + "Mapstructure is a Go library for decoding generic map values to structures +and vice versa, while providing helpful error handling. +This library is most useful when decoding values from some data stream +(JSON, Gob, etc.) where you don't quite know the structure of the underlying +data until you read a part of it.") + (license license:expat))) + +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (let ((commit "cad6b2b879b0970e4245a20ebf1a81a756e2bb70") + (revision "0")) + (package + (name "go-github-com-kardianos-minwinsvc") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit commit))) + (sha256 + (base32 + "000fk0b1ff7m6dd2n3am1l39hzl6nsl1a9p7zmq78qn6h3glabdl")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "A minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib)))) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-add-yggdrasil-package-at-version-0.3.14-plus-pat.patch >From cba3078cded2a7fd1b60cf0ec57e7e26a2e84c10 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 15:32:56 +0200 Subject: [PATCH 3/5] gnu: add yggdrasil package at version 0.3.14 (plus patch) * gnu/packages/networking.scm: (yggdrasil): New public variable. (gnu packages golang): New dependency. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk: (yggdrasil-extra-config.patch): Added to patches. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 83 ++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 +++++++++++++++++++ 3 files changed, 170 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index 76d6b5deba..f6a3842957 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1622,6 +1622,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 11344216aa..a93c89d5a8 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -92,6 +92,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages gtk) #:use-module (gnu packages image) #:use-module (gnu packages libevent) @@ -3192,3 +3193,85 @@ CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. @code{lldpd} is an implementation of LLDP. It also supports some proprietary protocols.") (license license:isc))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.14") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (sha256 + (base32 + "0vncf39gqr5hzjn948jlchppf7451a6rcvr962ng97sjdy8mplrw")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" + c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis "An experiment in scalable routing as an encrypted IPv6 overlay network") + (description "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows +pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. +Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License version 3 + ;; ("LGPL3"), the copyright holders of this Library give you permission to + ;; convey to a third party a Combined Work that links statically or dynamically + ;; to this Library without providing any Minimal Corresponding Source or + ;; Minimal Application Code as set out in 4d or providing the installation + ;; information set out in section 4e, provided that you comply with the other + ;; provisions of LGPL3 and provided that you meet, for the Application the + ;; terms and conditions of the license(s) which apply to the Application. + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..e3502eb644 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ } + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-services-Add-new-service-for-yggdrasil-network.patch >From 9c0dc50704663207023c671b1116f070a445104c Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 4/5] gnu: services: Add new service for yggdrasil network. * gnu/services/networking.scm: (yggdrasil-service-type yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New public variables. ( yggdrasil-configuration-file yggdrasil-shepherd-service %yggdrasil-accounts): New private variables ((json),(srfi srfi-43)): New dependencies. --- gnu/services/networking.scm | 113 +++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d6b0aee357..ddb8e9a17c 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -59,7 +59,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -178,7 +180,15 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-package + yggdrasil-configuration-auto-conf + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to)) ;;; Commentary: ;;; @@ -1756,4 +1766,105 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log")) + (stop #~(make-kill-destructor))))) + +;; TODO: somehow chown the socket. might be better to fix upstream? +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)))))) + ;;; networking.scm ends here -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-system-add-example-with-yggdrasil.patch >From d2d9ad6c3402924edd6090ffcad50e2c9d2bd448 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:16:42 +0200 Subject: [PATCH 5/5] gnu: system: add example with yggdrasil * gnu/system/examples/yggdrasil.tmpl: New file. --- gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..244a899bd0 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,61 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel" + "audio" "video"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen yggdrasil htop %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose one from https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- 2.26.2 --MP_/82n_6_DI0gmRaaIem+Pg+fT-- From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 13 21:36:33 2020 Received: (at 41803) by debbugs.gnu.org; 14 Jun 2020 01:36:34 +0000 Received: from localhost ([127.0.0.1]:42668 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkHZZ-0001fy-PF for submit@debbugs.gnu.org; Sat, 13 Jun 2020 21:36:33 -0400 Received: from mx1.riseup.net ([198.252.153.129]:45874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkHZW-0001fn-Rn for 41803@debbugs.gnu.org; Sat, 13 Jun 2020 21:36:32 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49kxrY72q9zFdyb for <41803@debbugs.gnu.org>; Sat, 13 Jun 2020 18:36:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1592098590; bh=UZv58SuowjJh2wMVEpmBKmkOmYwlgDfAmdBH/NRai30=; h=Date:From:To:Subject:From; b=scw+8ehpqaVzUpYULZPBpyGqHW8KbA6yJj9vYVCB4Lhpe0Ot6tnktVXboHdX3bQMX SgNS6NsTMffTUOZAiG5ZWWQSRKfx4BaZo+MQ0OVE73slQnmTx9XtrPkDJqDsTJqKaA PZSdLgHpusTtBLruaeBw8nYJ8hERUhujSNn3+1o0= X-Riseup-User-ID: 703293F1D651237AC99843D29A33C072D309ADDD62135E6A656127368992F031 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49kxrY1vYgzJqlT for <41803@debbugs.gnu.org>; Sat, 13 Jun 2020 18:36:28 -0700 (PDT) Date: Sun, 14 Jun 2020 03:35:47 +0200 From: raingloom To: 41803@debbugs.gnu.org Subject: [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20200614033547.01691604@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Bump. Could someone look at this? From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 11 18:12:18 2020 Received: (at 41803) by debbugs.gnu.org; 11 Jul 2020 22:12:18 +0000 Received: from localhost ([127.0.0.1]:45015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1juNjF-0004LL-Rg for submit@debbugs.gnu.org; Sat, 11 Jul 2020 18:12:18 -0400 Received: from lepiller.eu ([89.234.186.109]:42308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1juNjD-0004LC-UJ for 41803@debbugs.gnu.org; Sat, 11 Jul 2020 18:12:16 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 8f234531; Sat, 11 Jul 2020 22:12:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=dkim; bh=DRHwTj+06JQl jgvoFBlGcpPR2lIun8tK8Di8g8EFPhI=; b=PCr1cO9lFWmF4d8KxGvyje4bpLgJ 8M6sFhBKVAjDVtHz68/cAZ3zX+lsl9kYxJ1XJDEBZ9P+GeK6AlnEhZAoMSoAzgsj YqTSMIf4sbNOTSHyyvCFUiDwSTPxm4JYQN5DpuiCLHagC7Ldk9XxqClM7DmBj55z oOJ24jnCKQeWYHop5ilUGSa2hh119g8a1LnxJsXjrOWbs0hZMqX1zWOJVl46g2Z/ 59qyQuU5mrBZFMnBGMRr7e+B+Nl5hDGsJqr7vCeiZnnIsdScauFLAuw6Ws43ovkj jBbbfelcLkAqg+hBiumhDT9ETNQLnb+iSb/X9EbQ/B9Jev2fGt/NePvnSw== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id d8a0930c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sat, 11 Jul 2020 22:12:13 +0000 (UTC) Date: Sun, 12 Jul 2020 00:12:06 +0200 From: Julien Lepiller To: raingloom Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20200712001206.760aee62@tachikoma.lepiller.eu> In-Reply-To: <20200611155656.7ece9c24@riseup.net> References: <20200611155656.7ece9c24@riseup.net> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41803 Cc: 41803@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le Thu, 11 Jun 2020 15:56:56 +0200, raingloom a =C3=A9crit : > from: https://yggdrasil-network.github.io/ > "Yggdrasil is an early-stage implementation of a fully end-to-end > encrypted IPv6 network." >=20 > I spent the last few days packaging it and now it's in a state where I > think it's usable. >=20 > The configuration can include private keys, so that part should NOT go > in the operating system config, because it would get stored in the > world-readable Guix store. Nix works around this by merging the > generated config with a JSON file and sending it to yggdrasil over its > stdin. >=20 > I chose not to do that because I couldn't figure out how to open a > service's stdin and because I think the way I did it is much more > elegant in the long run. >=20 > The package is lightly patched to take not one but two config files, > and it simply merges them internally. The patch is completely > backwards compatible and unobtrusive. It took me about an hour to > write and debug and most of that was just figuring out Go's syntax > and type system. I will try to get upstream to accept it, or > implement similar functionality. >=20 > Still TODO: > documenting the service as an info page. >=20 > The gist of using it is: > 1. look at example operating system > 2. see yggdrasil -genconf -json for config options > (3.) optional: save output as /etc/yggdrasil-secret.conf > (4.) chmod 600 /etc/yggdrasil-secret.conf > (5.) delete everything but the signing and encryption keys > 6. add peers as needed, or set autoconf? to #t to connect through a > local peer >=20 > It seems to work fine. I could connect to open peers from one > machine and another one could auto-configure itself to connect through > the first one over the LAN. It's pretty nifty. Hi, this is more of a quick review. First patch LGTM. You should split every package you add in the second patch in separate patches. Also the commit message should say "new variable", no need to say it's public. You left a comment about the license for go-github-com-gologme-log. Have you contacted upstream to tell them about that, what was their reaction? I think the fact that the readme says bsd implies the intention is that it is free software, but better safe than sorry. Otherwise, these packages lgtm. In the third patch again, the commit message should say "new variable". You should not use the past tense either, so "Add it". Is the licenes lgpl3, or lgpl3+? Not a go programmer, so I'm not reading the patch, but I'm trusting you that it works :) For the fourth patch, I don't think you need to list new private variables in the commit message, nor new dependencies. Only list public variables, as "New variables". As you noted, could you add something about it to the manual? In the system example, should Yggdrasil really be installed in the system profile? If so, I think you can add a profile-service-type extension to the service so the package is automatically available. Then you don't need to specify the package in the os configuration, and it ensures you install the same package (declared in the service configuration) for the service and in the system. Thanks for working on this! From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 13 12:53:55 2020 Received: (at 41803) by debbugs.gnu.org; 13 Jul 2020 16:53:55 +0000 Received: from localhost ([127.0.0.1]:49106 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jv1i7-0006Oq-55 for submit@debbugs.gnu.org; Mon, 13 Jul 2020 12:53:55 -0400 Received: from mx1.riseup.net ([198.252.153.129]:50042) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jv1i2-0006Oe-Ci for 41803@debbugs.gnu.org; Mon, 13 Jul 2020 12:53:46 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4B58qT220CzFcd0 for <41803@debbugs.gnu.org>; Mon, 13 Jul 2020 09:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1594659221; bh=rcddmRvCdG8Zr/qRDWG/QNzWhLWBcxHtBz82KaIa75w=; h=Date:From:To:Subject:In-Reply-To:References:From; b=aWBN9zogo0pM/HgWX7BkjC8lLg4i2B9TrHGkV8s3qjfDN6Lcza42W7CHWjlld2zTY EayqoS/btc+tO5CueHpmBOuQE/auKsNL8zQaYzelQNiIww6IOA0DrE98KSpfpOZqM4 krfllNo1VzeNO/f6fuOQBbxKnqx1seswkiH52JxE= X-Riseup-User-ID: 3FD205943F486A4F92594887D8142BE9D1D18AD31B31793E93324CC6F67DD801 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4B58qS3wXwzJn7K for <41803@debbugs.gnu.org>; Mon, 13 Jul 2020 09:53:40 -0700 (PDT) Date: Mon, 13 Jul 2020 16:23:30 +0200 From: raingloom To: 41803@debbugs.gnu.org Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20200713162330.79213853@riseup.net> In-Reply-To: <20200712001206.760aee62@tachikoma.lepiller.eu> References: <20200611155656.7ece9c24@riseup.net> <20200712001206.760aee62@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/c9VKTLvN0NVelvWX/Tjs6+u" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sun, 12 Jul 2020 00:12:06 +0200 Julien Lepiller wrote: > > Hi, > > this is more of a quick review. > > First patch LGTM. > > You should split every package you add in the second patch in separate > patches. Also the commit message should say "new variable", no need to > say it's public. Done! > You left a comment about the license for go-github-com-gologme-log. > Have you contacted upstream to tell them about that, what was their > reaction? I think the fact that the readme says bsd implies the > intention is that it is free software, but better safe than sorry. Heck, I forgot to do that, but I have contacted them yesterday and they fixed it. > Otherwise, these packages lgtm. > > In the third patch again, the commit message should say "new > variable". You should not use the past tense either, so "Add it". > > Is the licenes lgpl3, or lgpl3+? Looks like (custom) lgpl3. The readme says so and I couldn't find anything to indicate that a later version would also be acceptable. > Not a go programmer, so I'm not reading the patch, but I'm trusting > you that it works :) > > For the fourth patch, I don't think you need to list new private > variables in the commit message, nor new dependencies. Only list > public variables, as "New variables". > > As you noted, could you add something about it to the manual? On it, but I've never used texinfo, so this might take a while. Gonna send it in a later mail. > In the system example, should Yggdrasil really be installed in the > system profile? If so, I think you can add a profile-service-type > extension to the service so the package is automatically available. > Then you don't need to specify the package in the os configuration, > and it ensures you install the same package (declared in the service > configuration) for the service and in the system. Technically it can be used without it, but yggdrasilctl is a useful tool. I added it with the profile-service-type extension and removed it from the packages field in the example. > Thanks for working on this! UwU --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-go-golang-org-x-sys-update-to-05986578812163b266.patch >From 2eb7385753610d2bf2998ea094e417091abf3e53 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 12:52:00 +0200 Subject: [PATCH 01/10] gnu: go-golang-org-x-sys: update to 05986578812163b26672dabd9b425240ae2bb0ad --- gnu/packages/golang.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 2c31632db6..8043a162b2 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -740,8 +740,8 @@ processing.") (license license:bsd-3)))) (define-public go-golang-org-x-sys - (let ((commit "c709ea063b76879dc9915358f55d4d77c16ab6d5") - (revision "6")) + (let ((commit "05986578812163b26672dabd9b425240ae2bb0ad") + (revision "7")) (package (name "go-golang-org-x-sys") (version (git-version "0.0.0" revision commit)) @@ -753,7 +753,7 @@ processing.") (file-name (git-file-name name version)) (sha256 (base32 - "15nq53a6kcqchng4j0d1pjw0m6hny6126nhjdwqw5n9dzh6a226d")))) + "1q2rxb6z5l6pmlckjsz2l0b8lw7bqgk6frhzbmi1dv0y5irb2ka7")))) (build-system go-build-system) (arguments `(#:import-path "golang.org/x/sys" -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-Add-go-github-com-arceliar-phony.patch >From 87e8150b1249f911e1d948ed22f85c2ca807d786 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:15:28 +0200 Subject: [PATCH 02/10] gnu: Add go-github-com-arceliar-phony * gnu/packages/golang.scm (go-github-com-arceliar-phony): New variable. --- gnu/packages/golang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 8043a162b2..7b27fe8265 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4263,3 +4263,27 @@ used by other processes.") Porter2 stemmer}. It is written completely using finite state machines to do suffix comparison, rather than the string-based or tree-based approaches.") (license license:asl2.0)))) + +(define-public go-github-com-arceliar-phony + (let ((commit "d0c68492aca0bd4b5c5c8e0452c9b4c8af923eaf") + (revision "0")) + (package + (name "go-github-com-arceliar-phony") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/Arceliar/phony") + (commit commit))) + (sha256 + (base32 + "0876y0hlb1zh8hn0pxrb5zfdadvaqmqwlr66p19yl2a76galz992")))) + (arguments + '(#:import-path "github.com/Arceliar/phony")) + (build-system go-build-system) + (home-page "https://github.com/Arceliar/phony") + (synopsis "A very minimal actor model library") + (description "Phony is a very minimal actor model library for Go, +inspired by the causal messaging system in the Pony programming language") + (license license:expat)))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-Add-go-github-com-cheggaaa-pb-at-version-3.0.4.patch >From 6fe6ebab4e380639d7f6862c7acc1f677581d318 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:21:11 +0200 Subject: [PATCH 03/10] gnu: Add go-github-com-cheggaaa-pb at version 3.0.4 * gnu/packages/golang.scm (go-github-com-cheggaaa-pb): New variable. --- gnu/packages/golang.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 7b27fe8265..57aea6ddef 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4287,3 +4287,31 @@ suffix comparison, rather than the string-based or tree-based approaches.") (description "Phony is a very minimal actor model library for Go, inspired by the causal messaging system in the Pony programming language") (license license:expat)))) + +(define-public go-github-com-cheggaaa-pb + (package + (name "go-github-com-cheggaaa-pb") + (version "3.0.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/cheggaaa/pb/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0xhsv9yf3fz918ay6w0d87jnb3hk9vxvi16jk172kqq26x7jixd0")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/cheggaaa/pb/")) + (propagated-inputs + `(("go-github-com-fatih-color" ,go-github-com-fatih-color) + ("go-github-com-mattn-go-colorable" ,go-github-com-mattn-go-colorable) + ("go-github.com-mattn-go-runewidth" ,go-github.com-mattn-go-runewidth) + ("go-golang-org-x-sys" ,go-golang-org-x-sys))) + (native-inputs + `(("go-github-com-mattn-go-isatty" ,go-github-com-mattn-go-isatty))) + (home-page "https://github.com/cheggaaa/pb/") + (synopsis "Console progress bar for Golang") + (description "") + (license license:bsd-3))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-Add-go-github-com-gologme-log-at-version-1.2.0.patch >From ea456cd7bcb301ca3fd850248b6bd9eda9e9bad1 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:22:46 +0200 Subject: [PATCH 04/10] gnu: Add go-github-com-gologme-log at version 1.2.0 * gnu/packages/golang.scm (go-github-com-gologme-log): New variable. See comment about license. --- gnu/packages/golang.scm | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 57aea6ddef..7f8e08446a 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4315,3 +4315,33 @@ inspired by the causal messaging system in the Pony programming language") (synopsis "Console progress bar for Golang") (description "") (license license:bsd-3))) + +(define-public go-github-com-gologme-log + (package + (name "go-github-com-gologme-log") + (version "1.2.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/gologme/log") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0shjbf52xh57bx6xka7h00yjvldjl5wwnim530xxbaragqj0cg8f")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/gologme/log")) + (home-page "https://github.com/gologme/log/") + (synopsis + "A fork of the golang built in log package to add support for levels") + (description "This package is a drop in replacement for the built-in Go log +package. All the functionality of the built-in package still exists and is +unchanged. In addition, this package contains a series of small enhancements +and additions.") + ;; TODO: does this even qualify as a license? the LICENSE file is empty + ;; all it has is this paragraph in the README + ;; "This is free software, licensed under the same BSD license that the + ;; original Go log package was licensed." + ;; Relevant issue: https://github.com/gologme/log/issues/2 + (license license:bsd-3))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-Add-go-github-com-hashicorp-go-syslog-at-version.patch >From 8162850815d8385e5c6ba88f6d7e4c9affd65dd2 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:26:00 +0200 Subject: [PATCH 05/10] gnu: Add go-github-com-hashicorp-go-syslog at version 1.0.0 * gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable. --- gnu/packages/golang.scm | 71 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 7f8e08446a..2e964cf961 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4345,3 +4345,74 @@ and additions.") ;; original Go log package was licensed." ;; Relevant issue: https://github.com/gologme/log/issues/2 (license license:bsd-3))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.0.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0q340mddapq0lxrdrzkjnw7xdwdn1lzifcf564wrmj8rggh7rl81")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + +(define-public go-github-com-mitchellh-mapstructure + (package + (name "go-github-com-mitchellh-mapstructure") + (version "1.3.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mitchellh/mapstructure") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0l3qyskfx9bwh0b17zv8yk15rrdhjmj482jsp09f9bp0d4g9k87j")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/mitchellh/mapstructure")) + (home-page "https://github.com/mitchellh/mapstructure/") + (synopsis + "Go library for decoding generic map values to and from native Go structures") + (description + "Mapstructure is a Go library for decoding generic map values to structures +and vice versa, while providing helpful error handling. +This library is most useful when decoding values from some data stream +(JSON, Gob, etc.) where you don't quite know the structure of the underlying +data until you read a part of it.") + (license license:expat))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0006-gnu-Add-go-golang-zx2c4-com-wireguard-at-version-0.0.patch >From fef2fe8108383db2f77f01c1ad505357db46fb7a Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:27:01 +0200 Subject: [PATCH 06/10] gnu: Add go-golang-zx2c4-com-wireguard at version 0.0.20200320 * gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable. --- gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 2e964cf961..a3d984d864 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4416,3 +4416,32 @@ This library is most useful when decoding values from some data stream (JSON, Gob, etc.) where you don't quite know the structure of the underlying data until you read a part of it.") (license license:expat))) + +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0007-gnu-Add-go-github-com-kardianos-minwinsvc.patch >From cb9255fd2a8f5c6f4aa9f899a00575d7141c2b87 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:28:15 +0200 Subject: [PATCH 07/10] gnu: Add go-github-com-kardianos-minwinsvc. * gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable. --- gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index a3d984d864..d69474fcf9 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -4445,3 +4445,30 @@ data until you read a part of it.") (synopsis "This is an implementation of WireGuard in Go") (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (let ((commit "cad6b2b879b0970e4245a20ebf1a81a756e2bb70") + (revision "0")) + (package + (name "go-github-com-kardianos-minwinsvc") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit commit))) + (sha256 + (base32 + "000fk0b1ff7m6dd2n3am1l39hzl6nsl1a9p7zmq78qn6h3glabdl")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "A minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib)))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0008-gnu-Add-yggdrasil-at-version-0.3.14-plus-patch.patch >From 57768e73adb7fa4717d5a82901f4cc61da478554 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 03:52:56 +0200 Subject: [PATCH 08/10] gnu: Add yggdrasil at version 0.3.14 (plus patch) * gnu/packages/networking.scm: (yggdrasil): New variable. (gnu packages golang): New dependency. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk: (yggdrasil-extra-config.patch): Add to patches. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 90 +++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 ++++++++++++++++++ 3 files changed, 177 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index 57a1d0df84..2228a1407a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1643,6 +1643,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 53599fe191..467e3ee260 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -95,6 +95,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages gtk) #:use-module (gnu packages image) #:use-module (gnu packages libevent) @@ -3381,3 +3382,92 @@ hashcash stamps efficiently. This package contains a command-line tool for computing and verifying hashcash stamps.") (license license:public-domain))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.14") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (sha256 + (base32 + "0vncf39gqr5hzjn948jlchppf7451a6rcvr962ng97sjdy8mplrw")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" + c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis "An experiment in scalable routing as an encrypted IPv6 overlay network") + (description "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows +pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. +Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License version 3 + ;; ("LGPL3"), the copyright holders of this Library give you permission to + ;; convey to a third party a Combined Work that links statically or dynamically + ;; to this Library without providing any Minimal Corresponding Source or + ;; Minimal Application Code as set out in 4d or providing the installation + ;; information set out in section 4e, provided that you comply with the other + ;; provisions of LGPL3 and provided that you meet, for the Application the + ;; terms and conditions of the license(s) which apply to the Application. + ;; Except as stated in this special exception, the provisions of LGPL3 will + ;; continue to comply in full to this Library. If you modify this Library, you + ;; may apply this exception to your version of this Library, but you are not + ;; obliged to do so. If you do not wish to do so, delete this exception + ;; statement from your version. This exception does not (and cannot) modify any + ;; license terms which apply to the Application, with which you must still + ;; comply + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..e3502eb644 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ } + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0009-gnu-services-Add-new-service-for-yggdrasil-network.patch >From 796058952afc293354873484bc092211966e0108 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 09/10] gnu: services: Add new service for yggdrasil network. * gnu/services/networking.scm: (yggdrasil-service-type yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New variables. ((json),(srfi srfi-43)): New dependencies. --- gnu/services/networking.scm | 115 +++++++++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 353fdce2bb..ce86df0d58 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,15 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-package + yggdrasil-configuration-auto-conf + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to)) ;;; Commentary: ;;; @@ -1747,4 +1757,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log")) + (stop #~(make-kill-destructor))))) + +;; TODO: somehow chown the socket. might be better to fix upstream? +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0010-gnu-system-add-example-with-yggdrasil.patch >From 1f947b42acdf2aa20ae0421081c959a8faebaacf Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:16:42 +0200 Subject: [PATCH 10/10] gnu: system: add example with yggdrasil * gnu/system/examples/yggdrasil.tmpl: New file. --- gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..be222e9223 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,61 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel" + "audio" "video"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose one from https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- 2.27.0 --MP_/c9VKTLvN0NVelvWX/Tjs6+u-- From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 03 14:00:02 2020 Received: (at 41803) by debbugs.gnu.org; 3 Sep 2020 18:00:02 +0000 Received: from localhost ([127.0.0.1]:36102 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDtWb-00063M-UB for submit@debbugs.gnu.org; Thu, 03 Sep 2020 14:00:02 -0400 Received: from mx1.riseup.net ([198.252.153.129]:34850) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDtWX-000639-0t for 41803@debbugs.gnu.org; Thu, 03 Sep 2020 13:59:52 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4Bj7ql5s5YzFfT3 for <41803@debbugs.gnu.org>; Thu, 3 Sep 2020 10:59:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1599155988; bh=P06imSApNpZI5pBf+m+Ec7vSBePPQDngONiLp4ORPRc=; h=Date:From:To:Subject:In-Reply-To:References:From; b=enScnjubS4t+lwUJH/46d6iEuDLbYJ5k/6cECupYSoohDCEpC0eJRpdnGBHHa1rzG yhBumHg+UEaWexEggnGN6u2Wvl7GP53Sq+CyhftY+sp8P6UdyNxkSyrPGrAM15Enkm +2meaIX/hsRa4Sn6ad56kAcyeRO7w958xbc1f/Us= X-Riseup-User-ID: 9D978BCD757AD7464293262E1EFFF6750A74F0FD348BE52F5DB4756718452E7C Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4Bj7ql0XnmzJpn8 for <41803@debbugs.gnu.org>; Thu, 3 Sep 2020 10:59:46 -0700 (PDT) Date: Thu, 3 Sep 2020 19:59:47 +0200 From: raingloom To: 41803@debbugs.gnu.org Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20200903195947.7b4e10c8@riseup.net> In-Reply-To: <20200713162330.79213853@riseup.net> References: <20200611155656.7ece9c24@riseup.net> <20200712001206.760aee62@tachikoma.lepiller.eu> <20200713162330.79213853@riseup.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/Wl=IKdukqcsY93U59+ZcRzB" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline On Mon, 13 Jul 2020 16:23:30 +0200 raingloom wrote: > On Sun, 12 Jul 2020 00:12:06 +0200 > Julien Lepiller wrote: > > As you noted, could you add something about it to the manual? > > On it, but I've never used texinfo, so this might take a while. Gonna > send it in a later mail. > Finally got around to documenting it. Also exported all the accessors for the service. Is it mergeable in this form? ps.: i'm not sure if i should include all patches or only the ones i changed. to be safe i rebased it again on the current main branch and attached all patches. --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-go-golang-org-x-sys-update-to-05986578812163b266.patch >From 0fe7ec1dec27c206b1a6d854067a4319d67ea1e7 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 30 May 2020 12:52:00 +0200 Subject: [PATCH 01/11] gnu: go-golang-org-x-sys: update to 05986578812163b26672dabd9b425240ae2bb0ad --- gnu/packages/golang.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 78bf4fff87..91f0db02a9 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -741,8 +741,8 @@ processing.") (license license:bsd-3)))) (define-public go-golang-org-x-sys - (let ((commit "c709ea063b76879dc9915358f55d4d77c16ab6d5") - (revision "6")) + (let ((commit "05986578812163b26672dabd9b425240ae2bb0ad") + (revision "7")) (package (name "go-golang-org-x-sys") (version (git-version "0.0.0" revision commit)) @@ -754,7 +754,7 @@ processing.") (file-name (git-file-name name version)) (sha256 (base32 - "15nq53a6kcqchng4j0d1pjw0m6hny6126nhjdwqw5n9dzh6a226d")))) + "1q2rxb6z5l6pmlckjsz2l0b8lw7bqgk6frhzbmi1dv0y5irb2ka7")))) (build-system go-build-system) (arguments `(#:import-path "golang.org/x/sys" -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-Add-go-github-com-arceliar-phony.patch >From 7a93c6168e69fddeafcdf237bb66eb6a121b7ffe Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:15:28 +0200 Subject: [PATCH 02/11] gnu: Add go-github-com-arceliar-phony * gnu/packages/golang.scm (go-github-com-arceliar-phony): New variable. --- gnu/packages/golang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 91f0db02a9..b843652459 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5631,3 +5631,27 @@ Included are the following: except that it adds convenience functions that use the fmt package to format error messages.") (license license:bsd-3))) + +(define-public go-github-com-arceliar-phony + (let ((commit "d0c68492aca0bd4b5c5c8e0452c9b4c8af923eaf") + (revision "0")) + (package + (name "go-github-com-arceliar-phony") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/Arceliar/phony") + (commit commit))) + (sha256 + (base32 + "0876y0hlb1zh8hn0pxrb5zfdadvaqmqwlr66p19yl2a76galz992")))) + (arguments + '(#:import-path "github.com/Arceliar/phony")) + (build-system go-build-system) + (home-page "https://github.com/Arceliar/phony") + (synopsis "A very minimal actor model library") + (description "Phony is a very minimal actor model library for Go, +inspired by the causal messaging system in the Pony programming language") + (license license:expat)))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-Add-go-github-com-cheggaaa-pb-at-version-3.0.4.patch >From 48c9c437d18e6c3d5f4dd82cc93f3331c23f7ce4 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:21:11 +0200 Subject: [PATCH 03/11] gnu: Add go-github-com-cheggaaa-pb at version 3.0.4 * gnu/packages/golang.scm (go-github-com-cheggaaa-pb): New variable. --- gnu/packages/golang.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index b843652459..7aacaa7bc1 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5655,3 +5655,31 @@ error messages.") (description "Phony is a very minimal actor model library for Go, inspired by the causal messaging system in the Pony programming language") (license license:expat)))) + +(define-public go-github-com-cheggaaa-pb + (package + (name "go-github-com-cheggaaa-pb") + (version "3.0.4") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/cheggaaa/pb/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0xhsv9yf3fz918ay6w0d87jnb3hk9vxvi16jk172kqq26x7jixd0")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/cheggaaa/pb/")) + (propagated-inputs + `(("go-github-com-fatih-color" ,go-github-com-fatih-color) + ("go-github-com-mattn-go-colorable" ,go-github-com-mattn-go-colorable) + ("go-github.com-mattn-go-runewidth" ,go-github.com-mattn-go-runewidth) + ("go-golang-org-x-sys" ,go-golang-org-x-sys))) + (native-inputs + `(("go-github-com-mattn-go-isatty" ,go-github-com-mattn-go-isatty))) + (home-page "https://github.com/cheggaaa/pb/") + (synopsis "Console progress bar for Golang") + (description "") + (license license:bsd-3))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-Add-go-github-com-gologme-log-at-version-1.2.0.patch >From d9e586f4548ed85b0a557e9f527cf59e180f877f Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:22:46 +0200 Subject: [PATCH 04/11] gnu: Add go-github-com-gologme-log at version 1.2.0 * gnu/packages/golang.scm (go-github-com-gologme-log): New variable. See comment about license. --- gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 7aacaa7bc1..38654de97a 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5683,3 +5683,30 @@ inspired by the causal messaging system in the Pony programming language") (synopsis "Console progress bar for Golang") (description "") (license license:bsd-3))) + +(define-public go-github-com-gologme-log + ;; this is the same as v1.2.0, only the LICENSE file changed + (let ((commit "720ba0b3ccf0a91bc6018c9967a2479f93f56a55")) + (package + (name "go-github-com-gologme-log") + (version "1.2.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/gologme/log") + (commit commit))) + (sha256 + (base32 + "0z3gs5ngv2jszp42ypp3ai0pn410v3b2m674g73ma7vsbn2yjk1n")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/gologme/log")) + (home-page "https://github.com/gologme/log/") + (synopsis + "A fork of the golang built in log package to add support for levels") + (description "This package is a drop in replacement for the built-in Go log +package. All the functionality of the built-in package still exists and is +unchanged. In addition, this package contains a series of small enhancements +and additions.") + (license license:bsd-3)))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-Add-go-github-com-hashicorp-go-syslog-at-version.patch >From f0915d5917399a4ed0549c7b346738c759653531 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 16:14:35 +0200 Subject: [PATCH 05/11] gnu: Add go-github-com-hashicorp-go-syslog at version 1.0.0 * gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable. --- gnu/packages/golang.scm | 71 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 38654de97a..97db5c7b7b 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5710,3 +5710,74 @@ package. All the functionality of the built-in package still exists and is unchanged. In addition, this package contains a series of small enhancements and additions.") (license license:bsd-3)))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.0.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0q340mddapq0lxrdrzkjnw7xdwdn1lzifcf564wrmj8rggh7rl81")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + +(define-public go-github-com-mitchellh-mapstructure + (package + (name "go-github-com-mitchellh-mapstructure") + (version "1.3.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mitchellh/mapstructure") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0l3qyskfx9bwh0b17zv8yk15rrdhjmj482jsp09f9bp0d4g9k87j")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/mitchellh/mapstructure")) + (home-page "https://github.com/mitchellh/mapstructure/") + (synopsis + "Go library for decoding generic map values to and from native Go structures") + (description + "Mapstructure is a Go library for decoding generic map values to structures +and vice versa, while providing helpful error handling. +This library is most useful when decoding values from some data stream +(JSON, Gob, etc.) where you don't quite know the structure of the underlying +data until you read a part of it.") + (license license:expat))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0006-gnu-Add-go-golang-zx2c4-com-wireguard-at-version-0.0.patch >From 713cb77af81843dd3d582363177b68091a1d8310 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:27:01 +0200 Subject: [PATCH 06/11] gnu: Add go-golang-zx2c4-com-wireguard at version 0.0.20200320 * gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable. --- gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 97db5c7b7b..961600ad8f 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5781,3 +5781,32 @@ This library is most useful when decoding values from some data stream (JSON, Gob, etc.) where you don't quite know the structure of the underlying data until you read a part of it.") (license license:expat))) + +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0007-gnu-Add-go-github-com-kardianos-minwinsvc.patch >From 63cf4ec66588027516b9d69e989f29daefb3176b Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:28:15 +0200 Subject: [PATCH 07/11] gnu: Add go-github-com-kardianos-minwinsvc. * gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable. --- gnu/packages/golang.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 961600ad8f..744ddadaa1 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5810,3 +5810,30 @@ data until you read a part of it.") (synopsis "This is an implementation of WireGuard in Go") (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (let ((commit "cad6b2b879b0970e4245a20ebf1a81a756e2bb70") + (revision "0")) + (package + (name "go-github-com-kardianos-minwinsvc") + (version (git-version "0.0.0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit commit))) + (sha256 + (base32 + "000fk0b1ff7m6dd2n3am1l39hzl6nsl1a9p7zmq78qn6h3glabdl")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "A minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib)))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0008-gnu-Add-yggdrasil-at-version-0.3.14-plus-patch.patch >From 30422b88c3a0a9add8bf073d5d5d3501cd34a17b Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 03:52:56 +0200 Subject: [PATCH 08/11] gnu: Add yggdrasil at version 0.3.14 (plus patch) * gnu/packages/networking.scm: (yggdrasil): New variable. (gnu packages golang): New dependency. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk: (yggdrasil-extra-config.patch): Add to patches. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 90 +++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 ++++++++++++++++++ 3 files changed, 177 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index d2753f52ae..2aca0c7a17 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1687,6 +1687,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8b18de6121..4ba59762a4 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -95,6 +95,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages graphviz) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -3762,3 +3763,92 @@ hashcash stamps efficiently. This package contains a command-line tool for computing and verifying hashcash stamps.") (license license:public-domain))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.14") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (sha256 + (base32 + "0vncf39gqr5hzjn948jlchppf7451a6rcvr962ng97sjdy8mplrw")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" + c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis "An experiment in scalable routing as an encrypted IPv6 overlay network") + (description "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows +pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. +Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License version 3 + ;; ("LGPL3"), the copyright holders of this Library give you permission to + ;; convey to a third party a Combined Work that links statically or dynamically + ;; to this Library without providing any Minimal Corresponding Source or + ;; Minimal Application Code as set out in 4d or providing the installation + ;; information set out in section 4e, provided that you comply with the other + ;; provisions of LGPL3 and provided that you meet, for the Application the + ;; terms and conditions of the license(s) which apply to the Application. + ;; Except as stated in this special exception, the provisions of LGPL3 will + ;; continue to comply in full to this Library. If you modify this Library, you + ;; may apply this exception to your version of this Library, but you are not + ;; obliged to do so. If you do not wish to do so, delete this exception + ;; statement from your version. This exception does not (and cannot) modify any + ;; license terms which apply to the Application, with which you must still + ;; comply + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..e3502eb644 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ } + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0009-gnu-services-Add-new-service-for-yggdrasil-network.patch >From 3d345ae585338e087db0cb106e2c2d8af44cf78f Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 09/11] gnu: services: Add new service for yggdrasil network. * gnu/services/networking.scm: (yggdrasil-service-type yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New variables. --- gnu/services/networking.scm | 117 +++++++++++++++++++++++++++++++++++- 1 file changed, 116 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index e45b116218..c37f6449d5 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) ;;; Commentary: ;;; @@ -1748,4 +1760,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewalls."))) + +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log")) + (stop #~(make-kill-destructor))))) + +;; TODO: somehow chown the socket. might be better to fix upstream? +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package)))))) + ;;; networking.scm ends here -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0010-gnu-system-add-example-with-yggdrasil.patch >From 26a591e6a1483acd713b44bed6b0cd53ab50c4c5 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:16:42 +0200 Subject: [PATCH 10/11] gnu: system: add example with yggdrasil * gnu/system/examples/yggdrasil.tmpl: New file. --- gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl new file mode 100644 index 0000000000..be222e9223 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,61 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + + ;; This is where user accounts are specified. The "root" + ;; account is implicit, and is initially created with the + ;; empty password. + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + + ;; Adding the account to the "wheel" group + ;; makes it a sudoer. Adding it to "audio" + ;; and "video" allows the user to play sound + ;; and access the webcam. + (supplementary-groups '("wheel" + "audio" "video"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose one from https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0011-doc-document-Yggdrasil-service.patch >From f9bf4bd3af7ef114b54d67155bc3a568194d8f5e Mon Sep 17 00:00:00 2001 From: your friendly localhost admin Date: Thu, 3 Sep 2020 19:43:44 +0200 Subject: [PATCH 11/11] doc: document Yggdrasil service * doc/guix.texi (yggdrasil-service-type, yggdrasil-configuration): Newly documented. --- doc/guix.texi | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index d3f0f729ec..308dedfcb3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -80,6 +80,7 @@ Copyright @copyright{} 2020 Brice Waegeneire@* Copyright @copyright{} 2020 R Veera Kumar@* Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* +Copyright @copyright{} 2020 raingloom@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -15324,6 +15325,59 @@ Use this to add additional options and manage shared secrets out-of-band. @end table @end deftp +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.github.io/, Yggdrasil network}, an early-stage implementation of a fully end-to-end encrypted IPv6 network. +Pass it a value of @code{yggdrasil-configuration} to connect it to public peers and/or local peers. + +Here is an example using public peers and private configuration from @file{/etc/yggdrasil-private.conf} (the default value for @code{config-file}). +See below for which options should go to @code{json-config} and which to @code{config-file}. + +@lisp +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) + (json-config + ;; choose one from https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))))) +@end lisp +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. Note that these settings are stored in the Guix store, which is readable to all users. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with @file{/etc/yggdrasil-private.conf}. +Do not store sensitive data (like private keys) in this. +See the output of @code{yggdrasil -genconf} for a quick overview of valid keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to automatically configure an address and join through local peers. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to @file{/var/log/yggdrasil.log}. +The alternative is @code{'syslog}. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys should be stored, which are necessary to specify if you don't want a randomized address after each restart. +Use @code{"/dev/null"} if you don't need it. +Options defined in this file take precedence over @code{json-config}. +Use the output of @code{yggdrasil -genconf} as a starting point. You most likely only need these keys: +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades -- 2.28.0 --MP_/Wl=IKdukqcsY93U59+ZcRzB-- From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 07 18:15:35 2020 Received: (at 41803) by debbugs.gnu.org; 7 Oct 2020 22:15:35 +0000 Received: from localhost ([127.0.0.1]:58293 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQHih-0005mk-CS for submit@debbugs.gnu.org; Wed, 07 Oct 2020 18:15:35 -0400 Received: from mx1.riseup.net ([198.252.153.129]:39772) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kQHie-0005ma-RR for 41803@debbugs.gnu.org; Wed, 07 Oct 2020 18:15:34 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4C67v80KQ2zFf2H for <41803@debbugs.gnu.org>; Wed, 7 Oct 2020 15:15:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1602108932; bh=ltnCgSYgbyGNOD2Y6mSI2ZrbDgcF48Ex7G4X/vjnqdU=; h=Date:From:To:Subject:In-Reply-To:References:From; b=XPl1w1C6XNgYAb3v3/U/ID0Gd7wkCMa22EsvRS92mQVaYJy4VPo07kn/zxjf9nh4k Scvetia/6F/Wzr0wYPeR82M6b1XyDsnxmLgB7w9PhZ9RdbZ8OlAwaCAyeicg2voL7q Mxn4ajXAxoNENCM7vJHhUP6uz+QdyLCooHc1+xMM= X-Riseup-User-ID: 097617DDB94BED58BB82771B019F3F980793E833E3DDA3FA852CBF703D679E27 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4C67v73bm3zJnQL for <41803@debbugs.gnu.org>; Wed, 7 Oct 2020 15:15:31 -0700 (PDT) Date: Thu, 8 Oct 2020 00:15:52 +0200 From: raingloom To: 41803@debbugs.gnu.org Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20201008001552.2d51fbbe@riseup.net> In-Reply-To: <20200713162330.79213853@riseup.net> References: <20200611155656.7ece9c24@riseup.net> <20200712001206.760aee62@tachikoma.lepiller.eu> <20200713162330.79213853@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Mon, 13 Jul 2020 16:23:30 +0200 raingloom wrote: > On Sun, 12 Jul 2020 00:12:06 +0200 > Julien Lepiller wrote: > > > > > Hi, > > > > this is more of a quick review. > > > > First patch LGTM. > > > > You should split every package you add in the second patch in > > separate patches. Also the commit message should say "new > > variable", no need to say it's public. > > Done! > > > You left a comment about the license for go-github-com-gologme-log. > > Have you contacted upstream to tell them about that, what was their > > reaction? I think the fact that the readme says bsd implies the > > intention is that it is free software, but better safe than sorry. > > Heck, I forgot to do that, but I have contacted them yesterday and > they fixed it. > > > Otherwise, these packages lgtm. > > > > In the third patch again, the commit message should say "new > > variable". You should not use the past tense either, so "Add it". > > > > Is the licenes lgpl3, or lgpl3+? > > Looks like (custom) lgpl3. The readme says so and I couldn't find > anything to indicate that a later version would also be acceptable. > > > Not a go programmer, so I'm not reading the patch, but I'm trusting > > you that it works :) > > > > For the fourth patch, I don't think you need to list new private > > variables in the commit message, nor new dependencies. Only list > > public variables, as "New variables". > > > > As you noted, could you add something about it to the manual? > > On it, but I've never used texinfo, so this might take a while. Gonna > send it in a later mail. > > > In the system example, should Yggdrasil really be installed in the > > system profile? If so, I think you can add a profile-service-type > > extension to the service so the package is automatically available. > > Then you don't need to specify the package in the os configuration, > > and it ensures you install the same package (declared in the service > > configuration) for the service and in the system. > > Technically it can be used without it, but yggdrasilctl is a useful > tool. I added it with the profile-service-type extension and removed > it from the packages field in the example. > > > Thanks for working on this! > > UwU Bump. Could someone please test this? Others have expressed interest in usin Yggdrasil with Guix, so I really think these patches would be useful. New versions of the packages are already coming out though, so if necessary I could send a new patch series with the updated versions. From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 13 19:10:05 2020 Received: (at 41803) by debbugs.gnu.org; 13 Oct 2020 23:10:05 +0000 Received: from localhost ([127.0.0.1]:49195 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kSTQj-0006SH-CL for submit@debbugs.gnu.org; Tue, 13 Oct 2020 19:10:05 -0400 Received: from lepiller.eu ([89.234.186.109]:46084) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kSTQd-0006Rg-Tf for 41803@debbugs.gnu.org; Tue, 13 Oct 2020 19:10:03 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id c6a64154 for <41803@debbugs.gnu.org>; Tue, 13 Oct 2020 23:09:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=dkim; bh=/iDuHF2+0qjEOkUMEVvegzYPO 7tVPEQbZdZmS4fER2Q=; b=S8HqF6Tl2819SSNUMTBhNT1NPKbFigX5IubvFak5h PNUggdhNR3a1urWiT897/bpiAYBmEXgVrWck6y4iREhqfTOhhoybBIC6McqZW+NJ lLd7aKiS3YzVN3WSb2c1NGrv3R+BQawQLoegnH5sCC06gXmB1ztBlg4vRCfM3Jgb 95BYGKMPN3snOFEIK2TI1IALD+kIgqKTFyWSyPVthxR0HSrIRZPBavHTMYtZv6Ee x7c5N3j97jPCxnppBONytLxoMxuCQXrJ6/knGQ/eGSm5XHJqXjL5viR1b/cH4Db4 mPuK3rE/Ldc5TUKqXJ8/kcYkYlJHmu0Jc6QizKcx8AR6g== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id f2223411 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <41803@debbugs.gnu.org>; Tue, 13 Oct 2020 23:09:54 +0000 (UTC) Date: Wed, 14 Oct 2020 01:09:42 +0200 From: Julien Lepiller To: 41803@debbugs.gnu.org Subject: [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20201014010942.59e16051@tachikoma> X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, I went ahead and pushed your first four patches with changes. I'll need you to work a bit more before I can push the rest. I've added a copyright line for you in golang.scm. For the rest of the packages, could you split all your patches into one patch per package? For each package, please run "guix lint" and fix any issue (except for archival, you can't do anything about it). This includes: using (file-name (git-file-name name version)) inside the origin record, making sure the synopsis doesn't start with "A", and the description ends with a full stop. I also changed you commit messages: don't include the version number for added packages and add a full stop at the end of messages. For yggdrasil, please grep for dist_PATCH_DATA in the git log, you'll find examples of good commit messages :) For the service, changes to the documentation are usually made in the same patch, so could you please merge your last three patches? I don't know if we can use guile-json directly in a service definition without causing troubles for people who have different versions of guile-json in their profile already. I'll have to ask people who are more knowledgeable than me! To chown the socket, you'll need an activation service type (if the socket survives restarts of yggdrasil), or to change the start action of the shepherd service type. Your changes to the documentation look good, but incomplete. Could you rebase and send updated patches for the rest of this series? Thank you! From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 28 20:21:20 2020 Received: (at 41803) by debbugs.gnu.org; 29 Oct 2020 00:21:20 +0000 Received: from localhost ([127.0.0.1]:51290 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXvgn-0001eE-Hh for submit@debbugs.gnu.org; Wed, 28 Oct 2020 20:21:20 -0400 Received: from mx1.riseup.net ([198.252.153.129]:53844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXvgi-0001e3-NX for 41803@debbugs.gnu.org; Wed, 28 Oct 2020 20:21:12 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4CM5hK4LFDzFpPG for <41803@debbugs.gnu.org>; Wed, 28 Oct 2020 17:21:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1603930865; bh=p2EB4+xR6SgU6IofiY7xXhlC8xaDXGokJCSSJBAJcH4=; h=Date:From:To:Subject:In-Reply-To:References:From; b=JLVOJ78Wp3Esnld1N+jvWhcB48Jo5rLtTvor5ZxJIhxxACEJkvMTgr+XpYObhIO0p h6ZPny0CvF78tR2eyYmpkkbbgtKYThXuEWO8jxzI7SrUV4DhwbNVXA3j4MZdSuMHY9 wgvf3UylOAKpGbHRbzOzMYvIYFTNCGN/6Vs+0t6Q= X-Riseup-User-ID: 28410FAEDD765FB476B464F6910DC85F769413800278FF391D541315C920C881 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4CM5hJ3RGpzJqlD for <41803@debbugs.gnu.org>; Wed, 28 Oct 2020 17:20:59 -0700 (PDT) Date: Thu, 29 Oct 2020 01:20:56 +0100 From: raingloom To: 41803@debbugs.gnu.org Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20201029012056.058afac6@riseup.net> In-Reply-To: <20200712001206.760aee62@tachikoma.lepiller.eu> References: <20200611155656.7ece9c24@riseup.net> <20200712001206.760aee62@tachikoma.lepiller.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/98Sm_XalvNYk.umDJ.lxZ9l" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline I didn't get the last reply for some reason, only saw it on the issue tracker. Would be nice if i could import it somehow, but the issue tracker GUI doesn't seem to have an option for that. In any case, thanks for the feedback! ^u^ Attached is an improved patch list. I'm pretty sure I incorporated all feedback, except for the guile-json part. I have no idea how it'd pose any issue in practice and if it does, that seems like a deeper design issue. Reimplementing JSON encoding because Guix can't find its libraries doesn't seem like the right solution in any scenario. The docs were indeed lacking, I added a more information and fixed some plain badly written parts. The solution to the socket ownership issue turned out to be much simpler: Shepherd has a #:group option. One issue I encountered while guix lint-ing the packages is that it and refresh could both identify what the new release is but refresh --update seemingly never worked. Not sure what's up with that. --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-Added-go-github-com-hashicorp-go-syslog.patch >From ae338395cbd8b8a1a3347b8d39cf6f660ac47dcc Mon Sep 17 00:00:00 2001 From: raingloom Date: Fri, 23 Oct 2020 02:02:20 +0200 Subject: [PATCH 1/6] gnu: Added go-github-com-hashicorp-go-syslog. * gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable. --- gnu/packages/golang.scm | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index bf99fd2d07..6518c5b1b9 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5821,3 +5821,26 @@ log package. All the functionality of the built-in package still exists and is unchanged. This package contains a series of small enhancements and additions.") (license license:bsd-3)))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + -- 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-Added-go-github-com-hjson-hjson-go.patch >From fcae37f77fd2db01d61bd5162c854de0de7bdba7 Mon Sep 17 00:00:00 2001 From: raingloom Date: Fri, 23 Oct 2020 02:03:41 +0200 Subject: [PATCH 2/6] gnu: Added go-github-com-hjson-hjson-go. * gnu/packages/golang.scm (go-github-com-hjson-hjson-go): New variable. --- gnu/packages/golang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 6518c5b1b9..bc65f3ed32 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5844,3 +5844,27 @@ additions.") (description "A very simple wrapper around log/syslog") (license license:expat))) +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.1.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1dfdiahimg6z9idg8jiqxwnlwjnmasbjccx8gnag49cz4yfqskaz")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + -- 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-Added-go-golang-zx2c4-com-wireguard.patch >From fb4e950f98f5cf5feb96d0935ec92cc0f77cef67 Mon Sep 17 00:00:00 2001 From: raingloom Date: Mon, 13 Jul 2020 04:27:01 +0200 Subject: [PATCH 3/6] gnu: Added go-golang-zx2c4-com-wireguard. * gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable. --- gnu/packages/golang.scm | 56 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index bc65f3ed32..7450021d33 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5868,3 +5868,59 @@ It's intended to be used like a user interface for humans, to read and edit before passing the JSON data to the machine.") (license license:expat))) +(define-public go-github-com-mitchellh-mapstructure + (package + (name "go-github-com-mitchellh-mapstructure") + (version "1.3.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/mitchellh/mapstructure") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0l3qyskfx9bwh0b17zv8yk15rrdhjmj482jsp09f9bp0d4g9k87j")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/mitchellh/mapstructure")) + (home-page "https://github.com/mitchellh/mapstructure/") + (synopsis + "Go library for decoding generic map values to and from native Go structures") + (description + "Mapstructure is a Go library for decoding generic map values to structures +and vice versa, while providing helpful error handling. +This library is most useful when decoding values from some data stream +(JSON, Gob, etc.) where you don't quite know the structure of the underlying +data until you read a part of it.") + (license license:expat))) + +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) -- 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-Add-go-github-com-kardianos-minwinsvc.patch >From f7d450d046fa9218b4afb8a7b1d525e735207dfa Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:56:53 +0200 Subject: [PATCH 4/6] gnu: Add go-github-com-kardianos-minwinsvc. * gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable. --- gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 7450021d33..26acf4f8d5 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5924,3 +5924,29 @@ data until you read a part of it.") (synopsis "This is an implementation of WireGuard in Go") (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (package + (name "go-github-com-kardianos-minwinsvc") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0z941cxymkjcsj3p5l3g4wm2da3smz7iyqk2wbs5y8lmxd4kfzd8")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "Minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib))) -- 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-Added-yggdrasil.patch >From 90e99a9b55a5de78c86bf7ae1ca7e66871101cfb Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:57:57 +0200 Subject: [PATCH 5/6] gnu: Added yggdrasil. * gnu/packages/networking.scm (yggdrasil): New variable. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk (dist_PATCH_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 94 +++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 +++++++++++++++++ 3 files changed, 181 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index d41b65957e..def871050c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1710,6 +1710,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 2d714082ca..0ac50bcd34 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -97,6 +97,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages graphviz) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -3808,3 +3809,96 @@ stamps.") client and server. It allows you to use remote block devices over a TCP/IP network.") (license license:gpl2))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.15") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0gk7gy8yq5nrnblv4imxzzm2hac4ri0hlw19ajfbc1zll5kj32gf")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke + "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis + "Experiment in scalable routing as an encrypted IPv6 overlay network") + (description + "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple +platforms and allows pretty much any IPv6-capable application to communicate +securely with other Yggdrasil nodes. Yggdrasil does not require you to have +IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License + ;; version 3 ("LGPL3"), the copyright holders of this Library give you + ;; permission to convey to a third party a Combined Work that links + ;; statically or dynamically to this Library without providing any Minimal + ;; Corresponding Source or Minimal Application Code as set out in 4d or + ;; providing the installation information set out in section 4e, provided + ;; that you comply with the other provisions of LGPL3 and provided that you + ;; meet, for the Application the terms and conditions of the license(s) + ;; which apply to the Application. Except as stated in this special + ;; exception, the provisions of LGPL3 will continue to comply in full to + ;; this Library. If you modify this Library, you may apply this exception + ;; to your version of this Library, but you are not obliged to do so. If + ;; you do not wish to do so, delete this exception statement from your + ;; version. This exception does not (and cannot) modify any license terms + ;; which apply to the Application, with which you must still comply + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..c21ca29a84 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { if len(conf)>0 { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ }} + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0006-services-Added-yggdrasil-service-type.patch =46rom 225f912a89a75d896b952bdf13fb658ecf9e4e57 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 6/6] services: Added yggdrasil-service-type. * gnu/services/networking.scm: (yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New procedures. (yggdrasil-service-type): New variable. * doc/guix.texi: Document it. * gnu/system/examples/yggdrasil.tmpl: Provide example. --- doc/guix.texi | 81 ++++++++++++++++++++ gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++- gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++ 3 files changed, 257 insertions(+), 1 deletion(-) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/doc/guix.texi b/doc/guix.texi index d22bd41bbb..680808b28d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -81,6 +81,7 @@ Copyright @copyright{} 2020 R Veera Kumar@* Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* +Copyright @copyright{} 2020 raingloom@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -16208,6 +16209,86 @@ Use this to add additional options and manage shar= ed secrets out-of-band. @end table @end deftp =20 +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.git= hub.io/, Yggdrasil network}, an early-stage implementation of a fully end-t= o-end encrypted IPv6 network. + +@quotation +Yggdrasil provides name-independent routing with cryptographically generat= ed addresses. Static addressing means you can keep the same address as long= as you want, even if you move to a new location, or generate a new address= (by generating new keys) whenever you want. +@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html} +@end quotation + +Pass it a value of @code{yggdrasil-configuration} to connect it to public = peers and/or local peers. + +Here is an example using public peers and a static address. The static sig= ning and encryption keys are defined in @file{/etc/yggdrasil-private.conf} = (the default value for @code{config-file}). + +@lisp +;; part of the operating-system declaration +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) ;; use only the public peers + (json-config + ;; choose one from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + ;; /etc/yggdrasil-private.conf is the default value for con= fig-file + )) +@end lisp +@example +# sample content for /etc/yggdrasil-private.conf +@{ + # Your public encryption key. Your peers may ask you for this to put + # into their AllowedEncryptionPublicKeys configuration. + EncryptionPublicKey: 378dc5... + + # Your private encryption key. DO NOT share this with anyone! + EncryptionPrivateKey: 0777... + + # Your public signing key. You should not ordinarily need to share + # this with anyone. + SigningPublicKey: e1664... + + # Your private signing key. DO NOT share this with anyone! + SigningPrivateKey: 0589d... +@} +@end example +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with @file{/etc/ygg= drasil-private.conf}. +Note that these settings are stored in the Guix store, which is readable t= o all users. @strong{Do not store your private keys in it.} +See the output of @code{yggdrasil -genconf} for a quick overview of valid = keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP= and peer with IPv6 neighbors. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to @file{= /var/log/yggdrasil.log}. +The alternative is @code{'syslog}, which sends output to the running syslo= g service. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys sh= ould be stored, which are necessary to specify if you don't want a randomiz= ed address after each restart. +Use @code{#f} to disable. +Options defined in this file take precedence over @code{json-config}. +Use the output of @code{yggdrasil -genconf} as a starting point. To config= ure a static address, delete everything except these options: +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) =20 ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewal= ls."))) =20 +=0C +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package= )))))) + ;;; networking.scm ends here diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdr= asil.tmpl new file mode 100644 index 0000000000..16e0f24de9 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,60 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + ;; adding her to the yggdrasil group means she can use + ;; yggdrasilctl to modify the configuration + (supplementary-groups '("wheel" "yggdrasil"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh + ;; using your Yggdrasil IPv6 address from another machine running Yggdra= sil. + ;; Alternatively, the client can sit behind a router that has Yggdrasil. + ;; That file is specifically _not_ handled by Guix, because we don't wan= t its + ;; contents to sit in the world-readable /gnu/store. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose a few from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + (config-file #f))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) --=20 2.28.0 --MP_/98Sm_XalvNYk.umDJ.lxZ9l-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 05 09:44:26 2020 Received: (at 41803) by debbugs.gnu.org; 5 Nov 2020 14:44:26 +0000 Received: from localhost ([127.0.0.1]:52176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kagUu-0004oX-7e for submit@debbugs.gnu.org; Thu, 05 Nov 2020 09:44:26 -0500 Received: from mx1.riseup.net ([198.252.153.129]:60200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kagUp-0004oM-7Z for 41803@debbugs.gnu.org; Thu, 05 Nov 2020 09:44:19 -0500 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4CRmW02cMrzFfWB for <41803@debbugs.gnu.org>; Thu, 5 Nov 2020 06:44:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1604587452; bh=1VOVbfQzgrNr4Q9ShMm9ZsuhAk4kkHNDW0KBN68C5so=; h=Date:From:To:Subject:From; b=MdmPJ+aR8Heyhg4VUtU10S+4DMPETKDxYW9L+YKAelg0K/rVd6VZ1gfEAZaLwsEtm pr6WgcgRRwkOf2Lby7hWpSD+re8oiQfRF3Bne0yUbrm6nZWycvNL8lztiYtuqOJ3YX 33h3oL6Bc6T6wUEQEzS4K0ErkNRcQLIoV9yRPg+I= X-Riseup-User-ID: DF3A0E694E4C75C73A177B1DF1BECFECD855153DB4A2DF7DECBC40634E81D2B3 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4CRmVy4bPczJnWV for <41803@debbugs.gnu.org>; Thu, 5 Nov 2020 06:44:08 -0800 (PST) Date: Thu, 5 Nov 2020 15:43:41 +0100 From: raingloom To: 41803@debbugs.gnu.org Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20201105154341.174e5029@riseup.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/qu0ScTRWio3i=wVPkhrpUGr" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41803 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Final version, hopefully. Slight upgrade to system example to make testing easier. (added curl to packages) --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-Added-go-github-com-hashicorp-go-syslog.patch >From 2b13fad52d5aeb4c5d2b700cd906b53c98b239ec Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 29 Oct 2020 17:10:25 +0100 Subject: [PATCH 1/6] gnu: Added go-github-com-hashicorp-go-syslog. * gnu/packages/golang.scm (go-github-com-hashicorp-go-syslog): New variable. --- gnu/packages/golang.scm | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 6ba735c4a2..f9fffadd9d 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5933,3 +5933,26 @@ tests.") (description "This package provides SCSS compiler support for Go applications.") (license license:expat))) + +(define-public go-github-com-hashicorp-go-syslog + (package + (name "go-github-com-hashicorp-go-syslog") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/go-syslog") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "09vccqggz212cg0jir6vv708d6mx0f9w5bxrcdah3h6chgmal6v1")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hashicorp/go-syslog")) + (home-page "https://github.com/hashicorp/go-syslog") + (synopsis "Golang syslog wrapper, cross-compile friendly") + (description "A very simple wrapper around log/syslog") + (license license:expat))) + -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-Added-go-github-com-hjson-hjson-go.patch >From fda7a7767a6c4d18d2b520a77e0e77b32052052f Mon Sep 17 00:00:00 2001 From: raingloom Date: Fri, 23 Oct 2020 02:03:41 +0200 Subject: [PATCH 2/6] gnu: Added go-github-com-hjson-hjson-go. * gnu/packages/golang.scm (go-github-com-hjson-hjson-go): New variable. --- gnu/packages/golang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index f9fffadd9d..4f937baa03 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5956,3 +5956,27 @@ tests.") (description "A very simple wrapper around log/syslog") (license license:expat))) +(define-public go-github-com-hjson-hjson-go + (package + (name "go-github-com-hjson-hjson-go") + (version "3.1.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hjson/hjson-go") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1dfdiahimg6z9idg8jiqxwnlwjnmasbjccx8gnag49cz4yfqskaz")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/hjson/hjson-go")) + (home-page "https://hjson.org/") + (synopsis "Human JSON implementation for Go") + (description "Hjson is a syntax extension to JSON. +It's intended to be used like a user interface for humans, to read and edit +before passing the JSON data to the machine.") + (license license:expat))) + -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0003-gnu-Added-go-golang-zx2c4-com-wireguard.patch >From c9538dcf9c8235093b003491f0a542736877ec0c Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 5 Nov 2020 14:48:39 +0100 Subject: [PATCH 3/6] gnu: Added go-golang-zx2c4-com-wireguard. * gnu/packages/golang.scm (go-golang-zx2c4-com-wireguard): New variable. --- gnu/packages/golang.scm | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 4f937baa03..f478aeda91 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -5980,3 +5980,32 @@ It's intended to be used like a user interface for humans, to read and edit before passing the JSON data to the machine.") (license license:expat))) +(define-public go-golang-zx2c4-com-wireguard + (package + (name "go-golang-zx2c4-com-wireguard") + (version "0.0.20200320") + (source + (origin + (method git-fetch) + ;; NOTE: module URL is a redirect + ;; target: git.zx2c4.com/wireguard-go + ;; source: golang.zx2c4.com/wireguard + (uri (git-reference + (url "https://git.zx2c4.com/wireguard-go/") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0fy4qsss3i3pkq1rpgjds4aipbwlh1dr9hbbf7jn2a1c63kfks0r")))) + (build-system go-build-system) + (arguments + '(#:import-path "golang.zx2c4.com/wireguard")) + (propagated-inputs + `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-text" ,go-golang-org-x-text))) + (home-page "https://git.zx2c4.com/wireguard") + (synopsis "This is an implementation of WireGuard in Go") + (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") + (license license:expat))) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0004-gnu-Add-go-github-com-kardianos-minwinsvc.patch >From 4ef72e6c67df5178fb0f21b1f465492232ddc169 Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:56:53 +0200 Subject: [PATCH 4/6] gnu: Add go-github-com-kardianos-minwinsvc. * gnu/packages/golang.scm (go-github-com-kardianos-minwinsvc): New variable. --- gnu/packages/golang.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index f478aeda91..524638d212 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -6009,3 +6009,29 @@ before passing the JSON data to the machine.") (synopsis "This is an implementation of WireGuard in Go") (description "Go Implementation of [WireGuard](https://www.wireguard.com/)") (license license:expat))) + +(define-public go-github-com-kardianos-minwinsvc + (package + (name "go-github-com-kardianos-minwinsvc") + (version "1.0.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/kardianos/minwinsvc") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0z941cxymkjcsj3p5l3g4wm2da3smz7iyqk2wbs5y8lmxd4kfzd8")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/kardianos/minwinsvc")) + (home-page "https://github.com/kardianos/minwinsvc/") + ;; some packages (Yggdrasil) need it to compile + ;; it's a tiny package and it's easier to bundle it than to patch it out + (synopsis "Minimal windows only service stub for Go") + (description "Go programs designed to run from most *nix style operating +systems can import this package to enable running programs as services without +modifying them.") + (license license:zlib))) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0005-gnu-Added-yggdrasil.patch >From cc491ae855c8f98c6605b1af32061c45ecfdb80c Mon Sep 17 00:00:00 2001 From: raingloom Date: Sat, 17 Oct 2020 20:57:57 +0200 Subject: [PATCH 5/6] gnu: Added yggdrasil. * gnu/packages/networking.scm (yggdrasil): New variable. * gnu/packages/patches/yggdrasil-extra-config.patch: New file. * gnu/local.mk (dist_PATCH_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 94 +++++++++++++++++++ .../patches/yggdrasil-extra-config.patch | 86 +++++++++++++++++ 3 files changed, 181 insertions(+) create mode 100644 gnu/packages/patches/yggdrasil-extra-config.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2a994bd3b9..619eab061d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1724,6 +1724,7 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ + %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index cf1909ff28..ef746c4897 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -97,6 +97,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages golang) #:use-module (gnu packages graphviz) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -3813,3 +3814,96 @@ stamps.") client and server. It allows you to use remote block devices over a TCP/IP network.") (license license:gpl2))) + +(define-public yggdrasil + (package + (name "yggdrasil") + (version "0.3.15") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/yggdrasil-network/yggdrasil-go") + (commit (string-append "v" version)) + (recursive? #t))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0gk7gy8yq5nrnblv4imxzzm2hac4ri0hlw19ajfbc1zll5kj32gf")) + (patches (search-patches "yggdrasil-extra-config.patch")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/yggdrasil-network/yggdrasil-go" + ;; TODO: figure out how tests are run + #:tests? #f + #:install-source? #f + #:phases (modify-phases %standard-phases + (replace 'build + (lambda _ + (for-each + (lambda (c) + (invoke + "go" "build" "-v" "-ldflags=-s -w" + (string-append + "github.com/yggdrasil-network/yggdrasil-go/cmd/" c))) + (list "yggdrasil" "yggdrasilctl")) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (doc (string-append out "/share/doc/yggdrasil/"))) + (mkdir-p bin) + (for-each + (lambda (f) + (install-file f bin)) + (list "yggdrasil" "yggdrasilctl")) + (mkdir-p doc) + (copy-recursively + (string-append + "src/github.com/yggdrasil-network/yggdrasil-go/" + "doc/yggdrasil-network.github.io") + doc))))))) + ;; https://github.com/kardianos/minwinsvc is windows only + (propagated-inputs + `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) + ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) + ("go-github-com-gologme-log" ,go-github-com-gologme-log) + ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) + ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) + ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + ("go-github-com-mitchellh-mapstructure" + ,go-github-com-mitchellh-mapstructure) + ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) + ("go-netlink" ,go-netlink) + ("go-netns" ,go-netns))) + (home-page "https://yggdrasil-network.github.io/blog.html") + (synopsis + "Experiment in scalable routing as an encrypted IPv6 overlay network") + (description + "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted +IPv6 network. It is lightweight, self-arranging, supported on multiple +platforms and allows pretty much any IPv6-capable application to communicate +securely with other Yggdrasil nodes. Yggdrasil does not require you to have +IPv6 Internet connectivity - it also works over IPv4.") + (license + ;; As a special exception to the GNU Lesser General Public License + ;; version 3 ("LGPL3"), the copyright holders of this Library give you + ;; permission to convey to a third party a Combined Work that links + ;; statically or dynamically to this Library without providing any Minimal + ;; Corresponding Source or Minimal Application Code as set out in 4d or + ;; providing the installation information set out in section 4e, provided + ;; that you comply with the other provisions of LGPL3 and provided that you + ;; meet, for the Application the terms and conditions of the license(s) + ;; which apply to the Application. Except as stated in this special + ;; exception, the provisions of LGPL3 will continue to comply in full to + ;; this Library. If you modify this Library, you may apply this exception + ;; to your version of this Library, but you are not obliged to do so. If + ;; you do not wish to do so, delete this exception statement from your + ;; version. This exception does not (and cannot) modify any license terms + ;; which apply to the Application, with which you must still comply + license:lgpl3))) diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch new file mode 100644 index 0000000000..c21ca29a84 --- /dev/null +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -0,0 +1,86 @@ +diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go +index 813e950..08d35cc 100644 +--- a/cmd/yggdrasil/main.go ++++ b/cmd/yggdrasil/main.go +@@ -40,11 +40,12 @@ type node struct { + admin module.Module // admin.AdminSocket + } + +-func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { ++func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { + // Use a configuration file. If -useconf, the configuration will be read + // from stdin. If -useconffile, the configuration will be read from the + // filesystem. + var conf []byte ++ var extraconf []byte + var err error + if *useconffile != "" { + // Read the file from the filesystem +@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err != nil { + panic(err) + } ++ if *extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(*extraconffile); ++ } ++ if err != nil { ++ panic(err) ++ } ++ // Generate a new configuration - this gives us a set of sane defaults - ++ // then parse the configuration we loaded above on top of it. The effect ++ // of this is that any configuration item that is missing from the provided ++ // configuration will use a sane default. ++ cfg := config.GenerateConfig() ++ var confs [2][]byte ++ confs[0]=conf ++ confs[1]=extraconf ++ for _, conf := range confs { if len(conf)>0 { + // If there's a byte order mark - which Windows 10 is now incredibly fond of + // throwing everywhere when it's converting things into UTF-16 for the hell + // of it - remove it and decode back down into UTF-8. This is necessary +@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + panic(err) + } + } +- // Generate a new configuration - this gives us a set of sane defaults - +- // then parse the configuration we loaded above on top of it. The effect +- // of this is that any configuration item that is missing from the provided +- // configuration will use a sane default. +- cfg := config.GenerateConfig() + var dat map[string]interface{} + if err := hjson.Unmarshal(conf, &dat); err != nil { + panic(err) +@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config + if err = mapstructure.Decode(dat, &cfg); err != nil { + panic(err) + } ++ }} + return cfg + } + +@@ -164,6 +176,7 @@ func main() { + genconf := flag.Bool("genconf", false, "print a new config to stdout") + useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") + useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") ++ extraconffile := flag.String("extraconffile", "", "extra (usually private) HJSON/JSON config from specified file path") + normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") + confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") + autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -187,7 +200,7 @@ func main() { + cfg = config.GenerateConfig() + case *useconffile != "" || *useconf: + // Read the configuration from either stdin or from the filesystem +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + // If the -normaliseconf option was specified then remarshal the above + // configuration and print it back to stdout. This lets the user update + // their configuration file with newly mapped names (like above) or to +@@ -332,7 +345,7 @@ func main() { + goto exit + case _ = <-r: + if *useconffile != "" { +- cfg = readConfig(useconf, useconffile, normaliseconf) ++ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) + logger.Infoln("Reloading configuration from", *useconffile) + n.core.UpdateConfig(cfg) + n.tuntap.UpdateConfig(cfg) -- 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0006-services-Added-yggdrasil-service-type.patch =46rom d7fd649df7902e7eabe8a7d0aa3ab156e4898b71 Mon Sep 17 00:00:00 2001 From: raingloom Date: Thu, 11 Jun 2020 14:09:57 +0200 Subject: [PATCH 6/6] services: Added yggdrasil-service-type. * gnu/services/networking.scm: (yggdrasil-configuration yggdrasil-configuration? yggdrasil-configuration-package yggdrasil-configuration-auto-conf yggdrasil-configuration-log-level yggdrasil-configuration-log-to): New procedures. (yggdrasil-service-type): New variable. * doc/guix.texi: Document it. * gnu/system/examples/yggdrasil.tmpl: Provide example. --- doc/guix.texi | 81 ++++++++++++++++++++ gnu/services/networking.scm | 117 ++++++++++++++++++++++++++++- gnu/system/examples/yggdrasil.tmpl | 60 +++++++++++++++ 3 files changed, 257 insertions(+), 1 deletion(-) create mode 100644 gnu/system/examples/yggdrasil.tmpl diff --git a/doc/guix.texi b/doc/guix.texi index b7f1bc1f00..e099f5ce43 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -82,6 +82,7 @@ Copyright @copyright{} 2020 Pierre Langlois@* Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 Andr=C3=A9 Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* +Copyright @copyright{} 2020 raingloom@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -16848,6 +16849,86 @@ Use this to add additional options and manage shar= ed secrets out-of-band. @end table @end deftp =20 +@defvr {Scheme Variable} yggdrasil-service-type +The service type for connecting to the @uref{https://yggdrasil-network.git= hub.io/, Yggdrasil network}, an early-stage implementation of a fully end-t= o-end encrypted IPv6 network. + +@quotation +Yggdrasil provides name-independent routing with cryptographically generat= ed addresses. Static addressing means you can keep the same address as long= as you want, even if you move to a new location, or generate a new address= (by generating new keys) whenever you want. +@uref{https://yggdrasil-network.github.io/2018/07/28/addressing.html} +@end quotation + +Pass it a value of @code{yggdrasil-configuration} to connect it to public = peers and/or local peers. + +Here is an example using public peers and a static address. The static sig= ning and encryption keys are defined in @file{/etc/yggdrasil-private.conf} = (the default value for @code{config-file}). + +@lisp +;; part of the operating-system declaration +(service yggdrasil-service-type + (yggdrasil-configuration + (autoconf? #f) ;; use only the public peers + (json-config + ;; choose one from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + ;; /etc/yggdrasil-private.conf is the default value for con= fig-file + )) +@end lisp +@example +# sample content for /etc/yggdrasil-private.conf +@{ + # Your public encryption key. Your peers may ask you for this to put + # into their AllowedEncryptionPublicKeys configuration. + EncryptionPublicKey: 378dc5... + + # Your private encryption key. DO NOT share this with anyone! + EncryptionPrivateKey: 0777... + + # Your public signing key. You should not ordinarily need to share + # this with anyone. + SigningPublicKey: e1664... + + # Your private signing key. DO NOT share this with anyone! + SigningPrivateKey: 0589d... +@} +@end example +@end defvr + +@deftp {Data Type} yggdrasil-configuration +Data type representing the configuration of Yggdrasil. + +@table @asis +@item @code{package} (default: @code{yggdrasil}) +Package object of Yggdrasil. + +@item @code{json-config} (default: @code{'()}) +Contents of @file{/etc/yggdrasil.conf}. Will be merged with @file{/etc/ygg= drasil-private.conf}. +Note that these settings are stored in the Guix store, which is readable t= o all users. @strong{Do not store your private keys in it.} +See the output of @code{yggdrasil -genconf} for a quick overview of valid = keys and their default values. + +@item @code{autoconf?} (default: @code{#f}) +Whether to use automatic mode. Enabling it makes Yggdrasil use adynamic IP= and peer with IPv6 neighbors. + +@item @code{log-level} (default: @code{'info}) +How much detail to include in logs. Use @code{'debug} for more detail. + +@item @code{log-to} (default: @code{'stdout}) +Where to send logs. By default, the service logs standard output to @file{= /var/log/yggdrasil.log}. +The alternative is @code{'syslog}, which sends output to the running syslo= g service. + +@item @code{config-file} (default: @code{"/etc/yggdrasil-private.conf"}) +What HJSON file to load sensitive data from. This is where private keys sh= ould be stored, which are necessary to specify if you don't want a randomiz= ed address after each restart. +Use @code{#f} to disable. +Options defined in this file take precedence over @code{json-config}. +Use the output of @code{yggdrasil -genconf} as a starting point. To config= ure a static address, delete everything except these options: +@itemize +@item @code{EncryptionPublicKey} +@item @code{EncryptionPrivateKey} +@item @code{SigningPublicKey} +@item @code{SigningPrivateKey} +@end itemize +@end table +@end deftp + @node Unattended Upgrades @subsection Unattended Upgrades =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 64f54e787f..9ec0f6a9ca 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -61,7 +61,9 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-43) #:use-module (ice-9 match) + #:use-module (json) #:re-export (static-networking-service static-networking-service-type) #:export (%facebook-host-aliases @@ -180,7 +182,17 @@ pagekite-configuration-kitesecret pagekite-configuration-frontend pagekite-configuration-kites - pagekite-configuration-extra-file)) + pagekite-configuration-extra-file + + yggdrasil-service-type + yggdrasil-configuration + yggdrasil-configuration? + yggdrasil-configuration-autoconf? + yggdrasil-configuration-config-file + yggdrasil-configuration-log-level + yggdrasil-configuration-log-to + yggdrasil-configuration-json-config + yggdrasil-configuration-package)) =20 ;;; Commentary: ;;; @@ -1750,4 +1762,107 @@ table inet filter { "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make local servers publicly accessible on the web, even behind NATs and firewal= ls."))) =20 +=0C +;;; +;;; Yggdrasil +;;; + +(define-record-type* + yggdrasil-configuration + make-yggdrasil-configuration + yggdrasil-configuration? + (package yggdrasil-configuration-package + (default yggdrasil)) + (json-config yggdrasil-configuration-json-config + (default '())) + (config-file yggdrasil-config-file + (default "/etc/yggdrasil-private.conf")) + (autoconf? yggdrasil-configuration-autoconf? + (default #f)) + (log-level yggdrasil-configuration-log-level + (default 'info)) + (log-to yggdrasil-configuration-log-to + (default 'stdout))) + +(define (yggdrasil-configuration-file config) + (define (scm->yggdrasil-json x) + (define key-value? + dotted-list?) + (define (param->camel str) + (string-concatenate + (map + string-capitalize + (string-split str (cut eqv? <> #\-))))) + (cond + ((key-value? x) + (let ((k (car x)) + (v (cdr x))) + (cons + (if (symbol? k) + (param->camel (symbol->string k)) + k) + v))) + ((list? x) (map scm->yggdrasil-json x)) + ((vector? x) (vector-map scm->yggdrasil-json x)) + (else x))) + (computed-file + "yggdrasil.conf" + #~(call-with-output-file #$output + (lambda (port) + ;; it's HJSON, so comments are a-okay + (display "# Generated by yggdrasil-service\n" port) + (display #$(scm->json-string + (scm->yggdrasil-json + (yggdrasil-configuration-json-config config))) + port))))) + +(define (yggdrasil-shepherd-service config) + "Return a for yggdrasil with CONFIG." + (define yggdrasil-command + #~(append + (list (string-append + #$(yggdrasil-configuration-package config) + "/bin/yggdrasil") + "-useconffile" + #$(yggdrasil-configuration-file config)) + (if #$(yggdrasil-configuration-autoconf? config) + '("-autoconf") + '()) + (let ((extraconf #$(yggdrasil-config-file config))) + (if extraconf + (list "-extraconffile" extraconf) + '())) + (list "-loglevel" + #$(symbol->string + (yggdrasil-configuration-log-level config)) + "-logto" + #$(symbol->string + (yggdrasil-configuration-log-to config))))) + (list (shepherd-service + (documentation "Connect to the Yggdrasil mesh network") + (provision '(yggdrasil)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + #$yggdrasil-command + #:log-file "/var/log/yggdrasil.log" + #:group "yggdrasil")) + (stop #~(make-kill-destructor))))) + +(define %yggdrasil-accounts + (list (user-group (name "yggdrasil") (system? #t)))) + +(define yggdrasil-service-type + (service-type + (name 'yggdrasil) + (description + "Connect to the Yggdrasil mesh network. +See yggdrasil -genconf for config options.") + (extensions + (list (service-extension shepherd-root-service-type + yggdrasil-shepherd-service) + (service-extension account-service-type + (const %yggdrasil-accounts)) + (service-extension profile-service-type + (compose list yggdrasil-configuration-package= )))))) + ;;; networking.scm ends here diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdr= asil.tmpl new file mode 100644 index 0000000000..be80bf4de9 --- /dev/null +++ b/gnu/system/examples/yggdrasil.tmpl @@ -0,0 +1,60 @@ +;; This is an operating system configuration template +;; for a "bare bones" setup, with no X11 display server. + +(use-modules (gnu)) +(use-service-modules networking ssh) +(use-package-modules admin curl networking screen) + +(operating-system + (host-name "ruby-guard-5545") + (timezone "Europe/Budapest") + (locale "en_US.utf8") + + ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the + ;; target hard disk, and "my-root" is the label of the target + ;; root file system. + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sdX"))) + (file-systems (cons (file-system + (device (file-system-label "my-root")) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (cons (user-account + (name "alice") + (comment "Bob's sister") + (group "users") + ;; adding her to the yggdrasil group means she can use + ;; yggdrasilctl to modify the configuration + (supplementary-groups '("wheel" "yggdrasil"))) + %base-user-accounts)) + + ;; Globally-installed packages. + (packages (cons* screen curl %base-packages)) + + ;; Add services to the baseline: a DHCP client and + ;; an SSH server. + ;; If you add an /etc/yggdrasil-private.conf, you can log in to ssh + ;; using your Yggdrasil IPv6 address from another machine running Yggdra= sil. + ;; Alternatively, the client can sit behind a router that has Yggdrasil. + ;; That file is specifically _not_ handled by Guix, because we don't wan= t its + ;; contents to sit in the world-readable /gnu/store. + (services + (append + (list + (service dhcp-client-service-type) + (service yggdrasil-service-type + (yggdrasil-configuration + (log-to 'stdout) + (log-level 'debug) + (autoconf? #f) + (json-config + ;; choose a few from + ;; https://github.com/yggdrasil-network/public-peers + '((peers . #("tcp://1.2.3.4:1337")))) + (config-file #f))) + (service openssh-service-type + (openssh-configuration + (port-number 2222)))) + %base-services))) --=20 2.28.0 --MP_/qu0ScTRWio3i=wVPkhrpUGr-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 05 12:48:25 2020 Received: (at 41803-done) by debbugs.gnu.org; 5 Nov 2020 17:48:25 +0000 Received: from localhost ([127.0.0.1]:54039 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kajN3-0001Tr-AV for submit@debbugs.gnu.org; Thu, 05 Nov 2020 12:48:25 -0500 Received: from lepiller.eu ([89.234.186.109]:52636) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kajN1-0001Th-Ay for 41803-done@debbugs.gnu.org; Thu, 05 Nov 2020 12:48:24 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 70b212b4; Thu, 5 Nov 2020 17:48:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=dkim; bh=rL+WahKRV3N7 p5d/12soixUmsvYccsLlaWR8lFrMUek=; b=e1OBtAeL3NEP6r1vtOJPhEb5w6b5 xK9qCWD39eu0+5Y6gUGJODqANY90Muy0qYqU/AiwzPBpUQS7dT2P9V8Cv7l4OZZL V92MG8SU12cJG5qfePrDyWKfLASNZN3rClx70kZQUHF5dsEybUpU/Jz1uQBOvCT9 EVd/NNz2yZA7lEWLcg8dam0xQBfGQxk/bbar/K57j/9WriH76aTpTSERWoG4Soxm Y5UxxJ4krajJzPFztKce8o9imJoDTq4u+LA9iyX8XVsOUMnpF/t6506KHgsYzyhU Z6DXwNKpBafvWU2yPZ7rpQeaLxUvR+6P8n5wOTgPhf8ZlXPsehYE0L1Ibg== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id d84ab36b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 5 Nov 2020 17:48:15 +0000 (UTC) Date: Thu, 5 Nov 2020 18:48:08 +0100 From: Julien Lepiller To: raingloom Subject: Re: [bug#41803] [PATCH] Yggdrasil package and accompanying shepherd service (mesh network) Message-ID: <20201105184808.5464dea4@tachikoma.lepiller.eu> In-Reply-To: <20201105154341.174e5029@riseup.net> References: <20200611155656.7ece9c24@riseup.net> <20201105154341.174e5029@riseup.net> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 41803-done Cc: 41803-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le Thu, 5 Nov 2020 15:43:41 +0100, raingloom a =C3=A9crit : > Final version, hopefully. > Slight upgrade to system example to make testing easier. (added curl > to packages) Thank you, finally pushed as 336c9f0a81c9bc0ed0a2d3e0d050a677806c07c0 to fe1cd098d2b83737e96f19438612291f5a9316e4. I had to change a few things: the commit messages need to be written in present tense (Added -> Add). I added some line breaks in the manual and double spacing before periods. I changed the synopsis and description of one or two packages to match our standards. From unknown Tue Jun 17 20:17:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 04 Dec 2020 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator