(gnu services networking) module provides services to configure
the network interface.
Return a service that runs dhcp, a Dynamic Host Configuration Protocol (DHCP) client, on all the non-loopback network interfaces.
This is the type for statically-configured network interfaces.
Return a service that starts interface with address ip. If netmask is true, use it as the network mask. If gateway is true, it must be a string specifying the default network gateway.
This procedure can be called several times, one for each network
interface of interest. Behind the scenes what it does is extend
static-networking-service-type with additional network interfaces
Return a service that runs Wicd, a network management daemon that aims to simplify wired and wireless networking.
This service adds the wicd package to the global profile, providing
several commands to interact with the daemon and configure networking:
wicd-client, a graphical user interface, and the
wicd-curses user interfaces.
This is the service type for the
service. The value for this service type is a
Data type representing the configuration of NetworkManager.
The NetworkManager package to use.
Processing mode for DNS, which affects how NetworkManager uses the
resolv.conf configuration file.
NetworkManager will update
resolv.conf to reflect the nameservers
provided by currently active connections.
NetworkManager will run
dnsmasq as a local caching nameserver,
using a "split DNS" configuration if you are connected to a VPN, and
resolv.conf to point to the local nameserver.
NetworkManager will not modify
This is the service type to run Connman, a network connection manager.
Its value must be an
connman-configuration record as in this example:
(service connman-service-type (connman-configuration (disable-vpn? #t)))
See below for details about
Data Type representing the configuration of connman.
The connman package to use.
When true, enable connman’s vpn plugin.
This is the service type to run WPA supplicant, an authentication daemon required to authenticate against encrypted WiFi or ethernet networks. It is configured to listen for requests on D-Bus.
The value of this service is the
wpa-supplicant package to use.
Thus, it can be instantiated like this:
(use-modules (gnu services networking)) (service wpa-supplicant-service-type)
Return a service that runs the daemon from ntp, the
Network Time Protocol package. The daemon will
keep the system clock synchronized with that of servers.
allow-large-adjustment? determines whether
ntpd is allowed to
make an initial adjustment of more than 1,000 seconds.
List of host names used as the default NTP servers.
This service runs the
inetd (see inetd invocation in GNU Inetutils) daemon.
inetd listens for
connections on internet sockets, and lazily starts the specified server
program when a connection is made on one of these sockets.
The value of this service is an
inetd-configuration object. The
following example configures the
inetd daemon to provide the
echo service, as well as an smtp service which
forwards smtp traffic over ssh to a server
smtp-server behind a
(service inetd-service-type (inetd-configuration (entries (list (inetd-entry (name "echo") (socket-type 'stream) (protocol "tcp") (wait? #f) (user "root")) (inetd-entry (node "127.0.0.1") (name "smtp") (socket-type 'stream) (protocol "tcp") (wait? #f) (user "root") (program (file-append openssh "/bin/ssh")) (arguments '("ssh" "-qT" "-i" "/path/to/ssh_key" "-W" "smtp-server:25" "user@hostname")))))
See below for more details about
Data type representing the configuration of
(file-append inetutils "/libexec/inetd"))
inetd executable to use.
A list of
inetd service entries. Each entry should be created
Data type representing an entry in the
Each entry corresponds to a socket where
inetd will listen for
Optional string, a comma-separated list of local addresses
inetd should use when listening for this service.
See Configuration file in GNU Inetutils for a complete
description of all options.
A string, the name must correspond to an entry in
A string, must correspond to an entry in
inetd should wait for the server to exit before
listening to new service requests.
A string containing the user (and, optionally, group) name of the user
as whom the server should run. The group name can be specified in a
suffix, separated by a colon or period, i.e.
The server program which will serve the requests, or
inetd should use a built-in service.
A list strings or file-like objects, which are the server program’s
arguments, starting with the zeroth argument, i.e. the name of the
program itself. For
inetd’s internal services, this entry
See Configuration file in GNU Inetutils for a more detailed discussion of each configuration field.
Return a service to run the Tor anonymous networking daemon.
The daemon runs as the
tor unprivileged user. It is passed
config-file, a file-like object, with an additional
User tor line
and lines for hidden services added via
man tor for information about the configuration file.
Define a new Tor hidden service called name and implementing mapping. mapping is a list of port/host tuples, such as:
'((22 "127.0.0.1:22") (80 "127.0.0.1:8080"))
In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080.
This creates a /var/lib/tor/hidden-services/name directory, where
the hostname file contains the
.onion host name for the hidden
See the Tor project’s documentation for more information.
Return a service that runs BitlBee, a daemon that acts as a gateway between IRC and chat networks.
The daemon will listen to the interface corresponding to the IP address
specified in interface, on port.
127.0.0.1 means that only
local clients can connect, whereas
0.0.0.0 means that connections can
come from any networking interface.
In addition, extra-settings specifies a string to append to the configuration file.
(gnu services ssh) provides the following services.
lshd program from lsh to listen on port port-number.
host-key must designate a file containing the host key, and readable
only by root.
When daemonic? is true,
lshd will detach from the
controlling terminal and log its output to syslogd, unless one sets
syslog-output? to false. Obviously, it also makes lsh-service
depend on existence of syslogd service. When pid-file? is true,
lshd writes its PID to the file called pid-file.
When initialize? is true, automatically create the seed and host key upon service activation if they do not exist yet. This may take long and require interaction.
When initialize? is false, it is up to the user to initialize the randomness generator (see lsh-make-seed in LSH Manual), and to create a key pair with the private key stored in file host-key (see lshd basics in LSH Manual).
When interfaces is empty, lshd listens for connections on all the network interfaces; otherwise, interfaces must be a list of host names or addresses.
allow-empty-passwords? specifies whether to accept log-ins with empty passwords, and root-login? specifies whether to accept log-ins as root.
The other options should be self-descriptive.
This is the type for the OpenSSH secure
sshd. Its value must be an
openssh-configuration record as in this example:
(service openssh-service-type (openssh-configuration (x11-forwarding? #t) (permit-root-login 'without-password)))
See below for details about
This is the configuration record for OpenSSH’s
Name of the file where
sshd writes its PID.
TCP port on which
sshd listens for incoming connections.
This field determines whether and when to allow logins as root. If
#f, root logins are disallowed; if
#t, they are allowed.
If it’s the symbol
'without-password, then root logins are
permitted but not with password-based authentication.
When true, users with empty passwords may log in. When false, they may not.
When true, users may log in with their password. When false, they have other authentication methods.
When true, users may log in using public key authentication. When false, users have to use other authentication method.
Authorized public keys are stored in ~/.ssh/authorized_keys. This is used only by protocol version 2.
When true, forwarding of X11 graphical client connections is
enabled—in other words,
ssh options -X and
-Y will work.
Specifies whether challenge response authentication is allowed (e.g. via PAM).
Enables the Pluggable Authentication Module interface. If set to
#t, this will enable PAM authentication using
password-authentication?, in addition to PAM account and session
module processing for all authentication types.
Because PAM challenge response authentication usually serves an
equivalent role to password authentication, you should disable either
sshd should print the date and time of the
last user login when a user logs in interactively.
Configures external subsystems (e.g. file transfer daemon).
This is a list of two-element lists, each of which containing the subsystem name and a command (with optional arguments) to execute upon subsystem request.
internal-sftp implements an in-process SFTP
server. Alternately, one can specify the
(service openssh-service-type (openssh-configuration (subsystems '(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
Run the Dropbear SSH
daemon with the given config, a
For example, to specify a Dropbear service listening on port 1234, add
this call to the operating system’s
(dropbear-service (dropbear-configuration (port-number 1234)))
This data type represents the configuration of a Dropbear SSH daemon.
The Dropbear package to use.
The TCP port where the daemon waits for incoming connections.
Whether to enable syslog output.
File name of the daemon’s PID file.
Whether to allow
Whether to allow empty passwords.
Whether to enable password-based authentication.
This variable contains a string for use in /etc/hosts
(see Host Names in The GNU C Library Reference Manual). Each
line contains a entry that maps a known server name of the Facebook
www.facebook.com—to the local
127.0.0.1 or its IPv6 equivalent,
This variable is typically used in the
hosts-file field of an
operating-system declaration (see /etc/hosts):
(use-modules (gnu) (guix)) (operating-system (host-name "mymachine") ;; ... (hosts-file ;; Create a /etc/hosts file with aliases for "localhost" ;; and "mymachine", as well as for Facebook servers. (plain-file "hosts" (string-append (local-host-aliases host-name) %facebook-host-aliases))))
This mechanism can prevent programs running locally, such as Web browsers, from accessing Facebook.
(gnu services avahi) provides the following definition.
Return a service that runs
avahi-daemon, a system-wide
mDNS/DNS-SD responder that allows for service discovery and
"zero-configuration" host name lookups (see http://avahi.org/), and
extends the name service cache daemon (nscd) so that it can resolve
.local host names using
add the avahi package to the system profile so that commands such as
avahi-browse are directly usable.
If host-name is different from
#f, use that as the host name to
publish for this machine; otherwise, use the machine’s actual host name.
When publish? is true, publishing of host names and services is allowed; in particular, avahi-daemon will publish the machine’s host name and IP address via mDNS on the local network.
When wide-area? is true, DNS-SD over unicast DNS is enabled.
Boolean values ipv4? and ipv6? determine whether to use IPv4/IPv6 sockets.
This is the type of the Open vSwitch
service, whose value should be an
Data type representing the configuration of Open vSwitch, a multilayer virtual switch which is designed to enable massive network automation through programmatic extension.
Package object of the Open vSwitch.