Next: , Previous: , Up: Сервисы   [Contents][Index]


11.10.4 Networking Setup

The (gnu services networking) module provides services to configure network interfaces and set up networking on your machine. Those services provide different ways for you to set up your machine: by declaring a static network configuration, by running a Dynamic Host Configuration Protocol (DHCP) client, or by running daemons such as NetworkManager and Connman that automate the whole process, automatically adapt to connectivity changes, and provide a high-level user interface.

On a laptop, NetworkManager and Connman are by far the most convenient options, which is why the default desktop services include NetworkManager (see %desktop-services). For a server, or for a virtual machine or a container, static network configuration or a simple DHCP client are often more appropriate.

This section describes the various network setup services available, starting with static network configuration.

Variable: static-networking-service-type

This is the type for statically-configured network interfaces. Its value must be a list of static-networking records. Each of them declares a set of addresses, routes, and links, as shown below.

Here is the simplest configuration, with only one network interface controller (NIC) and only IPv4 connectivity:

;; Static networking for one NIC, IPv4-only.
(service static-networking-service-type
         (list (static-networking
                (addresses
                 (list (network-address
                        (device "eno1")
                        (value "10.0.2.15/24"))))
                (routes
                 (list (network-route
                        (destination "default")
                        (gateway "10.0.2.2"))))
                (name-servers '("10.0.2.3")))))

The snippet above can be added to the services field of your operating system configuration (see Использование системы конфигурации). It will configure your machine to have 10.0.2.15 as its IP address, with a 24-bit netmask for the local network—meaning that any 10.0.2.x address is on the local area network (LAN). Traffic to addresses outside the local network is routed via 10.0.2.2. Host names are resolved by sending domain name system (DNS) queries to 10.0.2.3.

Data Type: static-networking

This is the data type representing a static network configuration.

As an example, here is how you would declare the configuration of a machine with a single network interface controller (NIC) available as eno1, and with one IPv4 and one IPv6 address:

;; Network configuration for one NIC, IPv4 + IPv6.
(static-networking
 (addresses (list (network-address
                   (device "eno1")
                   (value "10.0.2.15/24"))
                  (network-address
                   (device "eno1")
                   (value "2001:123:4567:101::1/64"))))
 (routes (list (network-route
                (destination "default")
                (gateway "10.0.2.2"))
               (network-route
                (destination "default")
                (gateway "2020:321:4567:42::1"))))
 (name-servers '("10.0.2.3")))

If you are familiar with the ip command of the iproute2 package found on Linux-based systems, the declaration above is equivalent to typing:

ip address add 10.0.2.15/24 dev eno1
ip address add 2001:123:4567:101::1/64 dev eno1
ip route add default via inet 10.0.2.2
ip route add default via inet6 2020:321:4567:42::1

Run man 8 ip for more info. Venerable GNU/Linux users will certainly know how to do it with ifconfig and route, but we’ll spare you that.

Доступные поля этого типа данных следующие:

addresses
links (default: '())
routes (default: '())

The list of network-address, network-link, and network-route records for this network (see below).

name-servers (default: '())

The list of IP addresses (strings) of domain name servers. These IP addresses go to /etc/resolv.conf.

provision (default: '(networking))

If true, this should be a list of symbols for the Shepherd service corresponding to this network configuration.

requirement (default '())

The list of Shepherd services depended on.

Data Type: network-address

This is the data type representing the IP address of a network interface.

device

The name of the network interface for this address—e.g., "eno1".

value

The actual IP address and network mask, in CIDR (Classless Inter-Domain Routing) notation, as a string.

For example, "10.0.2.15/24" denotes IPv4 address 10.0.2.15 on a 24-bit sub-network—all 10.0.2.x addresses are on the same local network.

ipv6?

Whether value denotes an IPv6 address. By default this is automatically determined.

Data Type: network-route

This is the data type representing a network route.

destination

The route destination (a string), either an IP address and network mask or "default" to denote the default route.

source (default: #f)

The route source.

device (default: #f)

The device used for this route—e.g., "eno2".

ipv6? (default: auto)

Whether this is an IPv6 route. By default this is automatically determined based on destination or gateway.

gateway (default: #f)

IP address (a string) through which traffic is routed.

Data type for a network link (see Link in Guile-Netlink Manual). During startup, network links are employed to construct or modify existing or virtual ethernet links. These ethernet links can be identified by their name or mac-address. If there is a need to create virtual interface, name and type fields are required.

name

The name of the link—e.g., "v0p0" (default: #f).

type

A symbol denoting the type of the link—e.g., 'veth (default: #f).

mac-address

The mac-address of the link—e.g., "98:11:22:33:44:55" (default: #f).

arguments

List of arguments for this type of link.

Consider a scenario where a server equipped with a network interface which has multiple ports. These ports are connected to a switch, which supports link aggregation (also known as bonding or NIC teaming). The switch uses port channels to consolidate multiple physical interfaces into one logical interface to provide higher bandwidth, load balancing, and link redundancy. When a port is added to a LAG (or link aggregation group), it inherits the properties of the port-channel. Some of these properties are VLAN membership, trunk status, and so on.

VLAN (or virtual local area network) is a logical network that is isolated from other VLANs on the same physical network. This can be used to segregate traffic, improve security, and simplify network management.

With all that in mind let’s configure our static network for the server. We will bond two existing interfaces together using 802.3ad schema and on top of it, build a VLAN interface with id 1055. We assign a static ip to our new VLAN interface.

(static-networking
 (links (list (network-link
               (name "bond0")
               (type 'bond)
               (arguments '((mode . "802.3ad")
                            (miimon . 100)
                            (lacp-active . "on")
                            (lacp-rate . "fast"))))

              (network-link
               (mac-address "98:11:22:33:44:55")
               (arguments '((master . "bond0"))))

              (network-link
               (mac-address "98:11:22:33:44:56")
               (arguments '((master . "bond0"))))

              (network-link
               (name "bond0.1055")
               (type 'vlan)
               (arguments '((id . 1055)
                            (link . "bond0"))))))
 (addresses (list (network-address
                   (value "192.168.1.4/24")
                   (device "bond0.1055")))))
Variable: %loopback-static-networking

This is the static-networking record representing the “loopback device”, lo, for IP addresses 127.0.0.1 and ::1, and providing the loopback Shepherd service.

Variable: %qemu-static-networking

This is the static-networking record representing network setup when using QEMU’s user-mode network stack on eth0 (see Using the user mode network stack in QEMU Documentation).

Variable: dhcp-client-service-type

This is the type of services that run dhclient, the ISC Dynamic Host Configuration Protocol (DHCP) client.

Data Type: dhcp-client-configuration

Data type representing the configuration of the ISC DHCP client service.

package (default: isc-dhcp)

The ISC DHCP client package to use.

interfaces (default: 'all)

Either 'all or the list of interface names that the ISC DHCP client should listen on—e.g., '("eno1").

When set to 'all, the ISC DHCP client listens on all the available non-loopback interfaces that can be activated. Otherwise the ISC DHCP client listens only on the specified interfaces.

config-file (default: #f)

The configuration file for the ISC DHCP client.

version (default: "4")

The DHCP protocol version to use, as a string. Accepted values are "4" or "6" for DHCPv4 or DHCPv6, respectively, as well as "4o6", for DHCPv4 over DHCPv6 (as specified by RFC 7341).

shepherd-requirement (default: '())
shepherd-provision (default: '(networking))

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

Likewise, shepherd-provision is a list of Shepherd service names (symbols) provided by this service. You might want to change the default value if you intend to run several ISC DHCP clients, only one of which provides the networking Shepherd service.

Variable: network-manager-service-type

This is the service type for the NetworkManager service. The value for this service type is a network-manager-configuration record.

This service is part of %desktop-services (see Сервисы рабочего стола).

Data Type: network-manager-configuration

Data type representing the configuration of NetworkManager.

network-manager (default: network-manager)

The NetworkManager package to use.

shepherd-requirement (default: '(wpa-supplicant))

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

dns (default: "default")

Processing mode for DNS, which affects how NetworkManager uses the resolv.conf configuration file.

default

NetworkManager will update resolv.conf to reflect the nameservers provided by currently active connections.

dnsmasq

NetworkManager will run dnsmasq as a local caching nameserver, using a conditional forwarding configuration if you are connected to a VPN, and then update resolv.conf to point to the local nameserver.

With this setting, you can share your network connection. For example when you want to share your network connection to another laptop via an Ethernet cable, you can open nm-connection-editor and configure the Wired connection’s method for IPv4 and IPv6 to be “Shared to other computers” and reestablish the connection (or reboot).

You can also set up a host-to-guest connection to QEMU VMs (see Установка Guix на виртуальную машину (VM)). With a host-to-guest connection, you can e.g. access a Web server running on the VM (see Веб-сервисы) from a Web browser on your host system, or connect to the VM via SSH (see openssh-service-type). To set up a host-to-guest connection, run this command once:

nmcli connection add type tun \
 connection.interface-name tap0 \
 tun.mode tap tun.owner $(id -u) \
 ipv4.method shared \
 ipv4.addresses 172.28.112.1/24

Then each time you launch your QEMU VM (see Running Guix in a Virtual Machine), pass -nic tap,ifname=tap0,script=no,downscript=no to qemu-system-....

none

NetworkManager will not modify resolv.conf.

vpn-plugins (default: '())

This is the list of available plugins for virtual private networks (VPNs). An example of this is the network-manager-openvpn package, which allows NetworkManager to manage VPNs via OpenVPN.

Variable: connman-service-type

This is the service type to run Connman, a network connection manager.

Its value must be a connman-configuration record as in this example:

See below for details about connman-configuration.

Data Type: connman-configuration

Data Type representing the configuration of connman.

connman (default: connman)

The connman package to use.

shepherd-requirement (default: '())

This option can be used to provide a list of symbols naming Shepherd services that this service will depend on, such as 'wpa-supplicant or 'iwd if you require authenticated access for encrypted WiFi or Ethernet networks.

disable-vpn? (default: #f)

When true, disable connman’s vpn plugin.

general-configuration (default: (connman-general-configuration))

Configuration serialized to main.conf and passed as --config to connmand.

Data Type: connman-general-configuration

Available connman-general-configuration fields are:

input-request-timeout (type: maybe-number)

Set input request timeout. Default is 120 seconds. The request for inputs like passphrase will timeout after certain amount of time. Use this setting to increase the value in case of different user interface designs.

browser-launch-timeout (type: maybe-number)

Set browser launch timeout. Default is 300 seconds. The request for launching a browser for portal pages will timeout after certain amount of time. Use this setting to increase the value in case of different user interface designs.

background-scanning? (type: maybe-boolean)

Enable background scanning. Default is true. If wifi is disconnected, the background scanning will follow a simple back off mechanism from 3s up to 5 minutes. Then, it will stay in 5 minutes unless user specifically asks for scanning through a D-Bus call. If so, the mechanism will start again from 3s. This feature activates also the background scanning while being connected, which is required for roaming on wifi. When background-scanning? is false, ConnMan will not perform any scan regardless of wifi is connected or not, unless it is requested by the user through a D-Bus call.

use-gateways-as-timeservers? (type: maybe-boolean)

Assume that service gateways also function as timeservers. Default is false.

fallback-timeservers (type: maybe-list)

List of Fallback timeservers. These timeservers are used for NTP sync when there are no timeservers set by the user or by the service, and when use-gateways-as-timeservers? is #f. These can contain a mixed combination of fully qualified domain names, IPv4 and IPv6 addresses.

fallback-nameservers (type: maybe-list)

List of fallback nameservers appended to the list of nameservers given by the service. The nameserver entries must be in numeric format, host names are ignored.

default-auto-connect-technologies (type: maybe-list)

List of technologies that are marked autoconnectable by default. The default value for this entry when empty is "ethernet", "wifi", "cellular". Services that are automatically connected must have been set up and saved to storage beforehand.

default-favourite-technologies (type: maybe-list)

List of technologies that are marked favorite by default. The default value for this entry when empty is "ethernet". Connects to services from this technology even if not setup and saved to storage.

always-connected-technologies (type: maybe-list)

List of technologies which are always connected regardless of preferred-technologies setting (auto-connect? #t). The default value is empty and this feature is disabled unless explicitly enabled.

preferred-technologies (type: maybe-list)

List of preferred technologies from the most preferred one to the least preferred one. Services of the listed technology type will be tried one by one in the order given, until one of them gets connected or they are all tried. A service of a preferred technology type in state ’ready’ will get the default route when compared to another preferred type further down the list with state ’ready’ or with a non-preferred type; a service of a preferred technology type in state ’online’ will get the default route when compared to either a non-preferred type or a preferred type further down in the list.

network-interface-blacklist (type: maybe-list)

List of blacklisted network interfaces. Found interfaces will be compared to the list and will not be handled by ConnMan, if their first characters match any of the list entries. Default value is "vmnet", "vboxnet", "virbr", "ifb".

allow-hostname-updates? (type: maybe-boolean)

Allow ConnMan to change the system hostname. This can happen for example if we receive DHCP hostname option. Default value is #t.

allow-domainname-updates? (type: maybe-boolean)

Allow connman to change the system domainname. This can happen for example if we receive DHCP domainname option. Default value is #t.

single-connected-technology? (type: maybe-boolean)

Keep only a single connected technology at any time. When a new service is connected by the user or a better one is found according to preferred-technologies, the new service is kept connected and all the other previously connected services are disconnected. With this setting it does not matter whether the previously connected services are in ’online’ or ’ready’ states, the newly connected service is the only one that will be kept connected. A service connected by the user will be used until going out of network coverage. With this setting enabled applications will notice more network breaks than normal. Note this options can’t be used with VPNs. Default value is #f.

tethering-technologies (type: maybe-list)

List of technologies that are allowed to enable tethering. The default value is "wifi", "bluetooth", "gadget". Only those technologies listed here are used for tethering. If one wants to tether ethernet, then add "ethernet" in the list. Note that if ethernet tethering is enabled, then a DHCP server is started on all ethernet interfaces. Tethered ethernet should never be connected to corporate or home network as it will disrupt normal operation of these networks. Due to this ethernet is not tethered by default. Do not activate ethernet tethering unless you really know what you are doing.

persistent-tethering-mode? (type: maybe-boolean)

Restore earlier tethering status when returning from offline mode, re-enabling a technology, and after restarts and reboots. Default value is #f.

enable-6to4? (type: maybe-boolean)

Automatically enable anycast 6to4 if possible. This is not recommended, as the use of 6to4 will generally lead to a severe degradation of connection quality. See RFC6343. Default value is #f (as recommended by RFC6343 section 4.1).

vendor-class-id (type: maybe-string)

Set DHCP option 60 (Vendor Class ID) to the given string. This option can be used by DHCP servers to identify specific clients without having to rely on MAC address ranges, etc.

enable-online-check? (type: maybe-boolean)

Enable or disable use of HTTP GET as an online status check. When a service is in a READY state, and is selected as default, ConnMan will issue an HTTP GET request to verify that end-to-end connectivity is successful. Only then the service will be transitioned to ONLINE state. If this setting is false, the default service will remain in READY state. Default value is #t.

online-check-ipv4-url (type: maybe-string)

IPv4 URL used during the online status check. Please refer to the README for more detailed information. Default value is http://ipv4.connman.net/online/status.html.

online-check-ipv6-url (type: maybe-string)

IPv6 URL used during the online status check. Please refer to the README for more detailed information. Default value is http://ipv6.connman.net/online/status.html.

online-check-initial-interval (type: maybe-number)

Range of intervals between two online check requests. Please refer to the README for more detailed information. Default value is ‘1’.

online-check-max-interval (type: maybe-number)

Range of intervals between two online check requests. Please refer to the README for more detailed information. Default value is ‘1’.

enable-online-to-ready-transition? (type: maybe-boolean)

WARNING: This is an experimental feature. In addition to enable-online-check setting, enable or disable use of HTTP GET to detect the loss of end-to-end connectivity. If this setting is #f, when the default service transitions to ONLINE state, the HTTP GET request is no more called until next cycle, initiated by a transition of the default service to DISCONNECT state. If this setting is #t, the HTTP GET request keeps being called to guarantee that end-to-end connectivity is still successful. If not, the default service will transition to READY state, enabling another service to become the default one, in replacement. Default value is #f.

auto-connect-roaming-services? (type: maybe-boolean)

Automatically connect roaming services. This is not recommended unless you know you won’t have any billing problem. Default value is #f.

address-conflict-detection? (type: maybe-boolean)

Enable or disable the implementation of IPv4 address conflict detection according to RFC5227. ConnMan will send probe ARP packets to see if an IPv4 address is already in use before assigning the address to an interface. If an address conflict occurs for a statically configured address, an IPv4LL address will be chosen instead (according to RFC3927). If an address conflict occurs for an address offered via DHCP, ConnMan sends a DHCP DECLINE once and for the second conflict resorts to finding an IPv4LL address. Default value is #f.

localtime (type: maybe-string)

Path to localtime file. Defaults to /etc/localtime.

regulatory-domain-follows-timezone? (type: maybe-boolean)

Enable regulatory domain to be changed along timezone changes. With this option set to true each time the timezone changes the first present ISO3166 country code is read from /usr/share/zoneinfo/zone1970.tab and set as regulatory domain value. Default value is #f.

resolv-conf (type: maybe-string)

Path to resolv.conf file. If the file does not exist, but intermediate directories exist, it will be created. If this option is not set, it tries to write into /var/run/connman/resolv.conf if it fails (/var/run/connman does not exist or is not writeable). If you do not want to update resolv.conf, you can set /dev/null.

Variable: wpa-supplicant-service-type

This is the service type to run WPA supplicant, an authentication daemon required to authenticate against encrypted WiFi or ethernet networks.

Data Type: wpa-supplicant-configuration

Data type representing the configuration of WPA Supplicant.

It takes the following parameters:

wpa-supplicant (default: wpa-supplicant)

The WPA Supplicant package to use.

features (default: '())

List of services that should be started before WPA Supplicant starts.

dbus? (default: #t)

Whether to listen for requests on D-Bus.

pid-file (default: "/var/run/wpa_supplicant.pid")

Where to store the PID file.

interface (default: #f)

If this is set, it must specify the name of a network interface that WPA supplicant will control.

config-file (default: #f)

Optional configuration file to use.

extra-options (default: '())

List of additional command-line arguments to pass to the daemon.

Some networking devices such as modems require special care, and this is what the services below focus on.

Variable: modem-manager-service-type

This is the service type for the ModemManager service. The value for this service type is a modem-manager-configuration record.

This service is part of %desktop-services (see Сервисы рабочего стола).

Data Type: modem-manager-configuration

Data type representing the configuration of ModemManager.

modem-manager (default: modem-manager)

The ModemManager package to use.

Variable: usb-modeswitch-service-type

This is the service type for the USB_ModeSwitch service. The value for this service type is a usb-modeswitch-configuration record.

When plugged in, some USB modems (and other USB devices) initially present themselves as a read-only storage medium and not as a modem. They need to be modeswitched before they are usable. The USB_ModeSwitch service type installs udev rules to automatically modeswitch these devices when they are plugged in.

This service is part of %desktop-services (see Сервисы рабочего стола).

Data Type: usb-modeswitch-configuration

Data type representing the configuration of USB_ModeSwitch.

port (default: 22)

The USB_ModeSwitch package providing the binaries for modeswitching.

port (default: 22)

The package providing the device data and udev rules file used by USB_ModeSwitch.

config-file (default: #~(string-append #$usb-modeswitch:dispatcher "/etc/usb_modeswitch.conf"))

Which config file to use for the USB_ModeSwitch dispatcher. By default the config file shipped with USB_ModeSwitch is used which disables logging to /var/log among other default settings. If set to #f, no config file is used.


Next: Сервисы сети, Previous: Ротация логов, Up: Сервисы   [Contents][Index]