Next: , Previous: , Up: Servicios   [Contents][Index]


11.10.4 Networking Setup

The (gnu services networking) module provides services to configure network interfaces and set up networking on your machine. Those services provide different ways for you to set up your machine: by declaring a static network configuration, by running a Dynamic Host Configuration Protocol (DHCP) client, or by running daemons such as NetworkManager and Connman that automate the whole process, automatically adapt to connectivity changes, and provide a high-level user interface.

On a laptop, NetworkManager and Connman are by far the most convenient options, which is why the default desktop services include NetworkManager (see %desktop-services). For a server, or for a virtual machine or a container, static network configuration or a simple DHCP client are often more appropriate.

This section describes the various network setup services available, starting with static network configuration.

Variable: static-networking-service-type

This is the type for statically-configured network interfaces. Its value must be a list of static-networking records. Each of them declares a set of addresses, routes, and links, as shown below.

Here is the simplest configuration, with only one network interface controller (NIC) and only IPv4 connectivity:

;; Static networking for one NIC, IPv4-only.
(service static-networking-service-type
         (list (static-networking
                (addresses
                 (list (network-address
                        (device "eno1")
                        (value "10.0.2.15/24"))))
                (routes
                 (list (network-route
                        (destination "default")
                        (gateway "10.0.2.2"))))
                (name-servers '("10.0.2.3")))))

The snippet above can be added to the services field of your operating system configuration (see Uso de la configuración del sistema). It will configure your machine to have 10.0.2.15 as its IP address, with a 24-bit netmask for the local network—meaning that any 10.0.2.x address is on the local area network (LAN). Traffic to addresses outside the local network is routed via 10.0.2.2. Host names are resolved by sending domain name system (DNS) queries to 10.0.2.3.

Data Type: static-networking

This is the data type representing a static network configuration.

As an example, here is how you would declare the configuration of a machine with a single network interface controller (NIC) available as eno1, and with one IPv4 and one IPv6 address:

;; Network configuration for one NIC, IPv4 + IPv6.
(static-networking
 (addresses (list (network-address
                   (device "eno1")
                   (value "10.0.2.15/24"))
                  (network-address
                   (device "eno1")
                   (value "2001:123:4567:101::1/64"))))
 (routes (list (network-route
                (destination "default")
                (gateway "10.0.2.2"))
               (network-route
                (destination "default")
                (gateway "2020:321:4567:42::1"))))
 (name-servers '("10.0.2.3")))

If you are familiar with the ip command of the iproute2 package found on Linux-based systems, the declaration above is equivalent to typing:

ip address add 10.0.2.15/24 dev eno1
ip address add 2001:123:4567:101::1/64 dev eno1
ip route add default via inet 10.0.2.2
ip route add default via inet6 2020:321:4567:42::1

Run man 8 ip for more info. Venerable GNU/Linux users will certainly know how to do it with ifconfig and route, but we’ll spare you that.

The available fields of this data type are as follows:

addresses
links (default: '())
routes (default: '())

The list of network-address, network-link, and network-route records for this network (see below).

name-servers (default: '())

The list of IP addresses (strings) of domain name servers. These IP addresses go to /etc/resolv.conf.

provision (default: '(networking))

If true, this should be a list of symbols for the Shepherd service corresponding to this network configuration.

requirement (default '())

The list of Shepherd services depended on.

Data Type: network-address

This is the data type representing the IP address of a network interface.

device

The name of the network interface for this address—e.g., "eno1".

value

The actual IP address and network mask, in CIDR (Classless Inter-Domain Routing) notation, as a string.

For example, "10.0.2.15/24" denotes IPv4 address 10.0.2.15 on a 24-bit sub-network—all 10.0.2.x addresses are on the same local network.

ipv6?

Whether value denotes an IPv6 address. By default this is automatically determined.

Data Type: network-route

This is the data type representing a network route.

destination

The route destination (a string), either an IP address and network mask or "default" to denote the default route.

source (default: #f)

The route source.

device (predeterminado: #f)

The device used for this route—e.g., "eno2".

ipv6? (default: auto)

Whether this is an IPv6 route. By default this is automatically determined based on destination or gateway.

gateway (default: #f)

IP address (a string) through which traffic is routed.

Data type for a network link (see Link in Guile-Netlink Manual). During startup, network links are employed to construct or modify existing or virtual ethernet links. These ethernet links can be identified by their name or mac-address. If there is a need to create virtual interface, name and type fields are required.

name

The name of the link—e.g., "v0p0" (default: #f).

type

A symbol denoting the type of the link—e.g., 'veth (default: #f).

mac-address

The mac-address of the link—e.g., "98:11:22:33:44:55" (default: #f).

arguments

List of arguments for this type of link.

Consider a scenario where a server equipped with a network interface which has multiple ports. These ports are connected to a switch, which supports link aggregation (also known as bonding or NIC teaming). The switch uses port channels to consolidate multiple physical interfaces into one logical interface to provide higher bandwidth, load balancing, and link redundancy. When a port is added to a LAG (or link aggregation group), it inherits the properties of the port-channel. Some of these properties are VLAN membership, trunk status, and so on.

VLAN (or virtual local area network) is a logical network that is isolated from other VLANs on the same physical network. This can be used to segregate traffic, improve security, and simplify network management.

With all that in mind let’s configure our static network for the server. We will bond two existing interfaces together using 802.3ad schema and on top of it, build a VLAN interface with id 1055. We assign a static ip to our new VLAN interface.

(static-networking
 (links (list (network-link
               (name "bond0")
               (type 'bond)
               (arguments '((mode . "802.3ad")
                            (miimon . 100)
                            (lacp-active . "on")
                            (lacp-rate . "fast"))))

              (network-link
               (mac-address "98:11:22:33:44:55")
               (arguments '((master . "bond0"))))

              (network-link
               (mac-address "98:11:22:33:44:56")
               (arguments '((master . "bond0"))))

              (network-link
               (name "bond0.1055")
               (type 'vlan)
               (arguments '((id . 1055)
                            (link . "bond0"))))))
 (addresses (list (network-address
                   (value "192.168.1.4/24")
                   (device "bond0.1055")))))
Variable: %loopback-static-networking

This is the static-networking record representing the “loopback device”, lo, for IP addresses 127.0.0.1 and ::1, and providing the loopback Shepherd service.

Variable: %qemu-static-networking

This is the static-networking record representing network setup when using QEMU’s user-mode network stack on eth0 (see Using the user mode network stack in QEMU Documentation).

Variable: dhcp-client-service-type

This is the type of services that run dhcp, a Dynamic Host Configuration Protocol (DHCP) client.

Data Type: dhcp-client-configuration

Data type representing the configuration of the DHCP client service.

package (predeterminado: isc-dhcp)

DHCP client package to use.

interfaces (default: 'all)

Either 'all or the list of interface names that the DHCP client should listen on—e.g., '("eno1").

When set to 'all, the DHCP client listens on all the available non-loopback interfaces that can be activated. Otherwise the DHCP client listens only on the specified interfaces.

shepherd-requirement (default: '())
shepherd-provision (default: '(networking))

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

Likewise, shepherd-provision is a list of Shepherd service names (symbols) provided by this service. You might want to change the default value if you intend to run several DHCP clients, only one of which provides the networking Shepherd service.

Variable: network-manager-service-type

Este es el tipo de servicio para el servicio NetworkManager. El valor para este tipo de servicio es un registro network-manager-configuration.

Este servicio es parte de %desktop-services (see Servicios de escritorio).

Tipo de datos: network-manager-configuration

Tipo de datos que representa la configuración de NetworkManager.

network-manager (predeterminado: network-manager)

El paquete de NetworkManager usado.

shepherd-requirement (default: '(wpa-supplicant))

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

dns (predeterminado: "default")

Modo de procesamiento para DNS, que afecta la manera en la que NetworkManager usa el archivo de configuración resolv.conf.

default

NetworkManager actualizará resolv.conf para reflejar los servidores de nombres proporcionados por las conexiones activas actualmente.

dnsmasq

NetworkManager ejecutará dnsmasq como una caché local del servicio de nombres, mediante un reenvío condicional si se encuentra conectada a una VPN, y actualiza posteriormente resolv.conf para apuntar al servidor de nombres local.

Con esta configuración puede compartir su conexión de red. Por ejemplo, cuando desee compartir su conexión de red a otro equipo a través de un cable Ethernet, puede abrir nm-connection-editor y configurar el método de la conexión cableada para IPv4 y IPv6 “Compartida con otros equipos” y restablecer la conexión (o reiniciar).

También puede configurar una conexión anfitrión-invitado a las máquinas virtuales de QEMU (see Instalación de Guix en una máquina virtual). Con una conexión anfitrión-invitado puede, por ejemplo, acceder a un servidor web que se ejecute en la máquina virtual (see Servicios Web) desde un navegador web en su sistema anfitrión, o conectarse a la máquina virtual a través de SSH (see openssh-service-type). Para configurar una conexión anfitrión-invitado, ejecute esta orden una única vez:

nmcli connection add type tun \
 connection.interface-name tap0 \
 tun.mode tap tun.owner $(id -u) \
 ipv4.method shared \
 ipv4.addresses 172.28.112.1/24

Cada vez que arranque su máquina virtual de QEMU (see Ejecución de Guix en una máquina virtual), proporcione -nic tap,ifname=tap0,script=no,downscript=no a qemu-system-....

none

NetworkManager no modificará resolv.conf.

vpn-plugins (predeterminados: '())

Esta es la lista de módulos disponibles para redes privadas virtuales (VPN). Un ejemplo es el paquete network-manager-openvpn, que permite a NetworkManager la gestión de redes VPN a través de OpenVPN.

Variable: connman-service-type

Este es el tipo de servicio para la ejecución de Connman, un gestor de conexiones de red.

Su valor debe ser un registro connman-configuration como en este ejemplo:

Véase a continuación más detalles sobre connman-configuration.

Tipo de datos: connman-configuration

Tipo de datos que representa la configuración de connman.

connman (predeterminado: connman)

El paquete connman usado.

shepherd-requirement (default: '())

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

disable-vpn? (predeterminado: #f)

Cuando es verdadero, desactiva el módulo vpn de connman.

general-configuration (default: (connman-general-configuration))

Configuration serialized to main.conf and passed as --config to connmand.

Data Type: connman-general-configuration

Available connman-general-configuration fields are:

input-request-timeout (type: maybe-number)

Set input request timeout. Default is 120 seconds. The request for inputs like passphrase will timeout after certain amount of time. Use this setting to increase the value in case of different user interface designs.

browser-launch-timeout (type: maybe-number)

Set browser launch timeout. Default is 300 seconds. The request for launching a browser for portal pages will timeout after certain amount of time. Use this setting to increase the value in case of different user interface designs.

background-scanning? (type: maybe-boolean)

Enable background scanning. Default is true. If wifi is disconnected, the background scanning will follow a simple back off mechanism from 3s up to 5 minutes. Then, it will stay in 5 minutes unless user specifically asks for scanning through a D-Bus call. If so, the mechanism will start again from 3s. This feature activates also the background scanning while being connected, which is required for roaming on wifi. When background-scanning? is false, ConnMan will not perform any scan regardless of wifi is connected or not, unless it is requested by the user through a D-Bus call.

use-gateways-as-timeservers? (type: maybe-boolean)

Assume that service gateways also function as timeservers. Default is false.

fallback-timeservers (type: maybe-list)

List of Fallback timeservers. These timeservers are used for NTP sync when there are no timeservers set by the user or by the service, and when use-gateways-as-timeservers? is #f. These can contain a mixed combination of fully qualified domain names, IPv4 and IPv6 addresses.

fallback-nameservers (type: maybe-list)

List of fallback nameservers appended to the list of nameservers given by the service. The nameserver entries must be in numeric format, host names are ignored.

default-auto-connect-technologies (type: maybe-list)

List of technologies that are marked autoconnectable by default. The default value for this entry when empty is "ethernet", "wifi", "cellular". Services that are automatically connected must have been set up and saved to storage beforehand.

default-favourite-technologies (type: maybe-list)

List of technologies that are marked favorite by default. The default value for this entry when empty is "ethernet". Connects to services from this technology even if not setup and saved to storage.

always-connected-technologies (type: maybe-list)

List of technologies which are always connected regardless of preferred-technologies setting (auto-connect? #t). The default value is empty and this feature is disabled unless explicitly enabled.

preferred-technologies (type: maybe-list)

List of preferred technologies from the most preferred one to the least preferred one. Services of the listed technology type will be tried one by one in the order given, until one of them gets connected or they are all tried. A service of a preferred technology type in state ’ready’ will get the default route when compared to another preferred type further down the list with state ’ready’ or with a non-preferred type; a service of a preferred technology type in state ’online’ will get the default route when compared to either a non-preferred type or a preferred type further down in the list.

network-interface-blacklist (type: maybe-list)

List of blacklisted network interfaces. Found interfaces will be compared to the list and will not be handled by ConnMan, if their first characters match any of the list entries. Default value is "vmnet", "vboxnet", "virbr", "ifb".

allow-hostname-updates? (type: maybe-boolean)

Allow ConnMan to change the system hostname. This can happen for example if we receive DHCP hostname option. Default value is #t.

allow-domainname-updates? (type: maybe-boolean)

Allow connman to change the system domainname. This can happen for example if we receive DHCP domainname option. Default value is #t.

single-connected-technology? (type: maybe-boolean)

Keep only a single connected technology at any time. When a new service is connected by the user or a better one is found according to preferred-technologies, the new service is kept connected and all the other previously connected services are disconnected. With this setting it does not matter whether the previously connected services are in ’online’ or ’ready’ states, the newly connected service is the only one that will be kept connected. A service connected by the user will be used until going out of network coverage. With this setting enabled applications will notice more network breaks than normal. Note this options can’t be used with VPNs. Default value is #f.

tethering-technologies (type: maybe-list)

List of technologies that are allowed to enable tethering. The default value is "wifi", "bluetooth", "gadget". Only those technologies listed here are used for tethering. If one wants to tether ethernet, then add "ethernet" in the list. Note that if ethernet tethering is enabled, then a DHCP server is started on all ethernet interfaces. Tethered ethernet should never be connected to corporate or home network as it will disrupt normal operation of these networks. Due to this ethernet is not tethered by default. Do not activate ethernet tethering unless you really know what you are doing.

persistent-tethering-mode? (type: maybe-boolean)

Restore earlier tethering status when returning from offline mode, re-enabling a technology, and after restarts and reboots. Default value is #f.

enable-6to4? (type: maybe-boolean)

Automatically enable anycast 6to4 if possible. This is not recommended, as the use of 6to4 will generally lead to a severe degradation of connection quality. See RFC6343. Default value is #f (as recommended by RFC6343 section 4.1).

vendor-class-id (type: maybe-string)

Set DHCP option 60 (Vendor Class ID) to the given string. This option can be used by DHCP servers to identify specific clients without having to rely on MAC address ranges, etc.

enable-online-check? (type: maybe-boolean)

Enable or disable use of HTTP GET as an online status check. When a service is in a READY state, and is selected as default, ConnMan will issue an HTTP GET request to verify that end-to-end connectivity is successful. Only then the service will be transitioned to ONLINE state. If this setting is false, the default service will remain in READY state. Default value is #t.

online-check-ipv4-url (type: maybe-string)

IPv4 URL used during the online status check. Please refer to the README for more detailed information. Default value is http://ipv4.connman.net/online/status.html.

online-check-ipv6-url (type: maybe-string)

IPv6 URL used during the online status check. Please refer to the README for more detailed information. Default value is http://ipv6.connman.net/online/status.html.

online-check-initial-interval (type: maybe-number)

Range of intervals between two online check requests. Please refer to the README for more detailed information. Default value is ‘1’.

online-check-max-interval (type: maybe-number)

Range of intervals between two online check requests. Please refer to the README for more detailed information. Default value is ‘1’.

enable-online-to-ready-transition? (type: maybe-boolean)

WARNING: This is an experimental feature. In addition to enable-online-check setting, enable or disable use of HTTP GET to detect the loss of end-to-end connectivity. If this setting is #f, when the default service transitions to ONLINE state, the HTTP GET request is no more called until next cycle, initiated by a transition of the default service to DISCONNECT state. If this setting is #t, the HTTP GET request keeps being called to guarantee that end-to-end connectivity is still successful. If not, the default service will transition to READY state, enabling another service to become the default one, in replacement. Default value is #f.

auto-connect-roaming-services? (type: maybe-boolean)

Automatically connect roaming services. This is not recommended unless you know you won’t have any billing problem. Default value is #f.

address-conflict-detection? (type: maybe-boolean)

Enable or disable the implementation of IPv4 address conflict detection according to RFC5227. ConnMan will send probe ARP packets to see if an IPv4 address is already in use before assigning the address to an interface. If an address conflict occurs for a statically configured address, an IPv4LL address will be chosen instead (according to RFC3927). If an address conflict occurs for an address offered via DHCP, ConnMan sends a DHCP DECLINE once and for the second conflict resorts to finding an IPv4LL address. Default value is #f.

localtime (type: maybe-string)

Path to localtime file. Defaults to /etc/localtime.

regulatory-domain-follows-timezone? (type: maybe-boolean)

Enable regulatory domain to be changed along timezone changes. With this option set to true each time the timezone changes the first present ISO3166 country code is read from /usr/share/zoneinfo/zone1970.tab and set as regulatory domain value. Default value is #f.

resolv-conf (type: maybe-string)

Path to resolv.conf file. If the file does not exist, but intermediate directories exist, it will be created. If this option is not set, it tries to write into /var/run/connman/resolv.conf if it fails (/var/run/connman does not exist or is not writeable). If you do not want to update resolv.conf, you can set /dev/null.

Variable: wpa-supplicant-service-type

Este es el tipo de servicio para la ejecución de WPA supplicant, un daemon de identificación necesario para la identificación en redes WiFi o ethernet cifradas.

Tipo de datos: wpa-supplicant-configuration

Tipo de datos que representa la configuración de WPA Supplicant.

Toma los siguientes parámetros:

wpa-supplicant (predeterminado: wpa-supplicant)

El paquete de WPA Supplicant usado.

requirement (predeterminados: '(user-processes loopback syslogd)

Lista de servicios que deben iniciarse antes del arranque de WPA Supplicant.

dbus? (predeterminado: #t)

Si se escuchan o no peticiones en D-Bus.

pid-file (predeterminado: "/var/run/wpa_supplicant.pid")

Dónde se almacena el archivo con el PID.

interface (predeterminado: #f)

En caso de proporcionarse un valor, debe especificar el nombre de la interfaz de red que WPA supplicant controlará.

config-file (predeterminado: #f)

Archivo de configuración opcional usado.

extra-options (predeterminadas: '())

Lista de parámetros adicionales a pasar al daemon en la línea de órdenes.

Some networking devices such as modems require special care, and this is what the services below focus on.

Variable: modem-manager-service-type

This is the service type for the ModemManager service. The value for this service type is a modem-manager-configuration record.

Este servicio es parte de %desktop-services (see Servicios de escritorio).

Tipo de datos: modem-manager-configuration

Tipo de datos que representa la configuración de ModemManager.

modem-manager (predeterminado: modem-manager)

El paquete de ModemManager usado.

Variable: usb-modeswitch-service-type

This is the service type for the USB_ModeSwitch service. The value for this service type is a usb-modeswitch-configuration record.

Cuando se conectan, algunos modem USB (y otros dispositivos USB) se presentan inicialmente como medios de almacenamiento de sólo-lectura y no como un modem. Deben cambiar de modo antes de poder usarse. El tipo de servicio USB_ModeSwitch instala reglas de udev para cambiar automáticamente de modo cuando se conecten estos dispositivos.

Este servicio es parte de %desktop-services (see Servicios de escritorio).

Tipo de datos: usb-modeswitch-configuration

Tipo de datos que representa la configuración de USB_ModeSwitch.

usb-modeswitch (predeterminado: usb-modeswitch)

El paquete USB_ModeSwitch que proporciona los binarios para el cambio de modo.

usb-modeswitch-data (predeterminado: usb-modeswitch-data)

El paquete que proporciona los datos de dispositivos y las reglas de udev usadas por USB_ModeSwitch.

config-file (predeterminado: #~(string-append #$usb-modeswitch:dispatcher "/etc/usb_modeswitch.conf"))

Archivo de configuración usado para el gestor de eventos (dispatcher) de USB_ModeSwitch. De manera predeterminada se usa el archivo que viene con USB_ModeSwitch, que deshabilita el registro en /var/log junto a otras configuraciones. Si se proporciona #f no se usa ningún archivo de configuración.


Next: Servicios de red, Previous: Rotación del registro de mensajes, Up: Servicios   [Contents][Index]