(name . Guix Patches)(address . guix-patches@gnu.org)
"Yggdrasil is an early-stage implementation of a fully end-to-end
encrypted IPv6 network."
I spent the last few days packaging it and now it's in a state where I
think it's usable.
The configuration can include private keys, so that part should NOT go
in the operating system config, because it would get stored in the
world-readable Guix store. Nix works around this by merging the
generated config with a JSON file and sending it to yggdrasil over its
stdin.
I chose not to do that because I couldn't figure out how to open a
service's stdin and because I think the way I did it is much more
elegant in the long run.
The package is lightly patched to take not one but two config files,
and it simply merges them internally. The patch is completely backwards
compatible and unobtrusive. It took me about an hour to write and debug
and most of that was just figuring out Go's syntax and type system.
I will try to get upstream to accept it, or implement similar
functionality.
Still TODO:
documenting the service as an info page.
The gist of using it is:
1. look at example operating system
2. see yggdrasil -genconf -json for config options
(3.) optional: save output as /etc/yggdrasil-secret.conf
(4.) chmod 600 /etc/yggdrasil-secret.conf
(5.) delete everything but the signing and encryption keys
6. add peers as needed, or set autoconf? to #t to connect through a
local peer
It seems to work fine. I could connect to open peers from one
machine and another one could auto-configure itself to connect through
the first one over the LAN. It's pretty nifty.
From e40f06bd1c11569d84cc00b92b0cf3ca4f989d9a Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@riseup.net>
Date: Sat, 30 May 2020 12:52:00 +0200
Subject: [PATCH 1/5] gnu: go-golang-org-x-sys: update to
05986578812163b26672dabd9b425240ae2bb0ad
---
gnu/packages/golang.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Toggle diff (26 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index d95e195ba5..de76b99039 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -723,8 +723,8 @@ processing.")
(license license:bsd-3))))
(define-public go-golang-org-x-sys
- (let ((commit "c709ea063b76879dc9915358f55d4d77c16ab6d5")
- (revision "6"))
+ (let ((commit "05986578812163b26672dabd9b425240ae2bb0ad")
+ (revision "7"))
(package
(name "go-golang-org-x-sys")
(version (git-version "0.0.0" revision commit))
@@ -736,7 +736,7 @@ processing.")
(file-name (git-file-name name version))
(sha256
(base32
- "15nq53a6kcqchng4j0d1pjw0m6hny6126nhjdwqw5n9dzh6a226d"))))
+ "1q2rxb6z5l6pmlckjsz2l0b8lw7bqgk6frhzbmi1dv0y5irb2ka7"))))
(build-system go-build-system)
(arguments
`(#:import-path "golang.org/x/sys"
--
2.26.2
From d2d9ad6c3402924edd6090ffcad50e2c9d2bd448 Mon Sep 17 00:00:00 2001
From: raingloom <raingloom@protonmail.com>
Date: Thu, 11 Jun 2020 14:16:42 +0200
Subject: [PATCH 5/5] gnu: system: add example with yggdrasil
* gnu/system/examples/yggdrasil.tmpl: New file.
---
gnu/system/examples/yggdrasil.tmpl | 61 ++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
create mode 100644 gnu/system/examples/yggdrasil.tmpl
Toggle diff (69 lines)
diff --git a/gnu/system/examples/yggdrasil.tmpl b/gnu/system/examples/yggdrasil.tmpl
new file mode 100644
index 0000000000..244a899bd0
--- /dev/null
+++ b/gnu/system/examples/yggdrasil.tmpl
@@ -0,0 +1,61 @@
+;; This is an operating system configuration template
+;; for a "bare bones" setup, with no X11 display server.
+
+(use-modules (gnu))
+(use-service-modules networking ssh)
+(use-package-modules admin networking screen)
+
+(operating-system
+ (host-name "ruby-guard-5545")
+ (timezone "Europe/Budapest")
+ (locale "en_US.utf8")
+
+ ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
+ ;; target hard disk, and "my-root" is the label of the target
+ ;; root file system.
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/sdX")))
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+
+ ;; This is where user accounts are specified. The "root"
+ ;; account is implicit, and is initially created with the
+ ;; empty password.
+ (users (cons (user-account
+ (name "alice")
+ (comment "Bob's sister")
+ (group "users")
+
+ ;; Adding the account to the "wheel" group
+ ;; makes it a sudoer. Adding it to "audio"
+ ;; and "video" allows the user to play sound
+ ;; and access the webcam.
+ (supplementary-groups '("wheel"
+ "audio" "video")))
+ %base-user-accounts))
+
+ ;; Globally-installed packages.
+ (packages (cons* screen yggdrasil htop %base-packages))
+
+ ;; Add services to the baseline: a DHCP client and
+ ;; an SSH server.
+ (services
+ (append
+ (list
+ (service dhcp-client-service-type)
+ (service yggdrasil-service-type
+ (yggdrasil-configuration
+ (log-to 'stdout)
+ (log-level 'debug)
+ (autoconf? #f)
+ (json-config
+ ;; choose one from https://github.com/yggdrasil-network/public-peers
+ '((peers . #("tcp://1.2.3.4:1337"))))))
+ (service openssh-service-type
+ (openssh-configuration
+ (port-number 2222))))
+ %base-services)))
--
2.26.2