Getting network-manager-openconnect to work

  • Open
  • quality assurance status badge
Details
5 participants
  • Divan Santana
  • Efraim Flashner
  • Divan Santana via web
  • Ludovic Courtès
  • pelzflorian (Florian Pelz)
Owner
unassigned
Submitted by
pelzflorian (Florian Pelz)
Severity
normal
P
P
pelzflorian (Florian Pelz) wrote on 10 Sep 2019 13:21
(name . Divan Santana)(address . divan@santanas.co.za)
20190910112120.ezqnrrfffhhjvc2d@pelzflorian.localdomain
On Tue, Sep 10, 2019 at 11:57:11AM +0200, Divan Santana wrote:
Toggle quote (30 lines)
> Hi Guix,
>
> I'm glad openconnect and network-manager-openconnect are now in Guix!
>
> It would be nice to get it to work via network-manager, though I suppose
> it's not essential.
>
> Using openconnect directly works for me.
>
> $ sudo openconnect vpn.somewhere.com
>
> Trying to get it work via network-manager gives an error like so:
>
> $ sudo nmcli con up vpn-fnb --ask
> Error: openconnect failed: Could not find "openconnect" binary
> A password is required to connect to 'vpn-fnb'.
> Gateway (vpn.secrets.gateway):
>
> Even though my services configuration has this vpn-plugins set.
>
> (modify-services %desktop-services
> (network-manager-service-type
> config => (network-manager-configuration
> (inherit config)
> (dns "dnsmasq")
> (vpn-plugins (list network-manager-openconnect))
> ))
>
> Anyone else seen this?

Cc’ing bug-guix@gnu.org

I suspect something like the attached patch would help (and expand the
closure of network-manager to always include openconnect).

To test, follow section “Building from Git” from the manual or Laura’s
video 04-packaging-part-one.webm from
but after the initial clone command, do

git apply the-attached.patch

Then after make, do

sudo -E ./pre-inst-env guix system reconfigure /etc/config.scm

(or whatever your configuration file is called). I cannot test right
now and have never used openconnect. It is quite possible I made a
mistake.

Regards,
Florian
From 8de7675a2dc2c1385d312e35136f8fa9eb4f9825 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Tue, 10 Sep 2019 12:59:19 +0200
Subject: [PATCH] gnu: network-manager: Enable openconnect helper.

* gnu/packages/gnome.scm (network-manager): Add openconnect input.
Patch source to use it instead of searching /usr/bin.
---
gnu/packages/gnome.scm | 8 ++++++++
1 file changed, 8 insertions(+)

Toggle diff (28 lines)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index efe5206e53..a6ea09d8f6 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5372,6 +5372,13 @@ users.")
(("src/devices/tests/test-lldp") " ")
(("src/tests/test-route-manager-linux") " "))
#t))
+ (add-after 'unpack 'patch-source
+ (lambda* (#:key inputs #:allow-other-keys)
+ (begin
+ (substitute* "clients/common/nm-vpn-helpers.c"
+ (("\\\"/usr/sbin/openconnect\\\"")
+ (string-append openconnect "\"/bin/openconnect\"")))
+ #t)))
(add-after 'unpack 'delete-failing-tests
(lambda _
;; FIXME: These four tests fail for unknown reasons.
@@ -5434,6 +5441,7 @@ users.")
("libsoup" ,libsoup)
("modem-manager" ,modem-manager)
("newt" ,newt) ;for the 'nmtui' console interface
+ ("openconnect" ,openconnect)
("polkit" ,polkit)
("ppp" ,ppp)
("readline" ,readline)
--
2.23.0
E
E
Efraim Flashner wrote on 11 Sep 2019 09:38
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
20190911073822.GI977@E5400
Instead of adding openconnect to network-manager, would it be enough to

(substitute* "the-file"
(("/usr/sbin/openconnect") "openconnect"))


--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl14pG4ACgkQQarn3Mo9
g1HCixAAsu2F4Ft6KSMlapeBkSoInZVKvHuRG0yBS2g7zg5HbJS+7EcbzWCzjsNZ
Sr5GhWRFWTpeV+OF9zXHI3koWmshfLls81nAkOg7sQlW4mlc7kskL/0lOg8rnoz3
UgaQfu4X46FoZTR/O8C+ludKZF1A1ZbXqX4cngYsEYEMljilHjpUfcF1+fvS0Jxv
tb77UNmoq/hA8n4sq+7YXcejjrtomySEA5gMWYVgI/VqzrRuy1PDKIgfh4WbUP5m
I7r8nRz6rXR6T8TGSj/xOoMcpH3gFch5IntIrrqOw9985VWiU9UhWLspMLhMysjJ
MLbV9OpQPTRlrv6SEWCzaqPRI4XapmVbPkAKhom3GRRlZ1RrLiWVNYtDA7bIcIzl
5u6Jf4cZvQM9GWrHrfIf9Nl7GL7jW7dhYoTyJ+LsTtsNHCuXbWFxGEHc6tHCYzhM
Z2nnDnOiMWdXTsP9izx5gzbROwXV5SRxMtKDtj8R5nAk6jcQ8l+BWeihNaYdB3wD
kumIu6PWKZEtLTjAdPXp2LbtGNJpx3+/MxR0lLDyRQdoTFsPrTIN4QBBXv7Ifxi2
5Ds7MzfDxDwVu8EnfFT9KninkqndT6ygCkqDsamDME6g4ji1COS3EmrrJsEBXuMo
78T8/dxnq5FnBpPlSw8zXlBmXWbPjaQb3AGQ6DbMtLBSmWJDLh8=
=sDHh
-----END PGP SIGNATURE-----


P
P
pelzflorian (Florian Pelz) wrote on 11 Sep 2019 13:39
(name . Efraim Flashner)(address . efraim@flashner.co.il)
20190911113946.5mxaxerhjkuejtel@pelzflorian.localdomain
On Wed, Sep 11, 2019 at 10:38:22AM +0300, Efraim Flashner wrote:
Toggle quote (7 lines)
> Instead of adding openconnect to network-manager, would it be enough to
>
> (substitute* "the-file"
> (("/usr/sbin/openconnect") "openconnect"))
>
>

No, at least the comment documenting nm_utils_file_search_in_paths says:

/**
* nm_utils_file_search_in_paths:
* […]
* @try_first: (allow-none): a custom path to try first before searching.
* It is silently ignored if it is empty or not an absolute path.
* […]

I do not know if my patch works though.

Regards,
Florian
L
L
Ludovic Courtès wrote on 11 Sep 2019 22:46
Re: Getting network-manager-openconnect to work
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
874l1ipnlr.fsf@gnu.org
Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

Toggle quote (35 lines)
> From 8de7675a2dc2c1385d312e35136f8fa9eb4f9825 Mon Sep 17 00:00:00 2001
> From: Florian Pelz <pelzflorian@pelzflorian.de>
> Date: Tue, 10 Sep 2019 12:59:19 +0200
> Subject: [PATCH] gnu: network-manager: Enable openconnect helper.
>
> * gnu/packages/gnome.scm (network-manager): Add openconnect input.
> Patch source to use it instead of searching /usr/bin.
> ---
> gnu/packages/gnome.scm | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
> index efe5206e53..a6ea09d8f6 100644
> --- a/gnu/packages/gnome.scm
> +++ b/gnu/packages/gnome.scm
> @@ -5372,6 +5372,13 @@ users.")
> (("src/devices/tests/test-lldp") " ")
> (("src/tests/test-route-manager-linux") " "))
> #t))
> + (add-after 'unpack 'patch-source
> + (lambda* (#:key inputs #:allow-other-keys)
> + (begin
> + (substitute* "clients/common/nm-vpn-helpers.c"
> + (("\\\"/usr/sbin/openconnect\\\"")
> + (string-append openconnect "\"/bin/openconnect\"")))
> + #t)))
> (add-after 'unpack 'delete-failing-tests
> (lambda _
> ;; FIXME: These four tests fail for unknown reasons.
> @@ -5434,6 +5441,7 @@ users.")
> ("libsoup" ,libsoup)
> ("modem-manager" ,modem-manager)
> ("newt" ,newt) ;for the 'nmtui' console interface
> + ("openconnect" ,openconnect)

Something I don’t get: why does NM itself know about openconnect?

There’s a network-manager-openconnect plugin, so I would expect
everything openconnect to happen there. Do you know why it’s not that
way?

Thanks,
Ludo’.
P
P
pelzflorian (Florian Pelz) wrote on 12 Sep 2019 07:34
(name . Ludovic Courtès)(address . ludo@gnu.org)
20190912053411.bscrrsv6flzy7lgu@pelzflorian.localdomain
On Wed, Sep 11, 2019 at 10:46:56PM +0200, Ludovic Courtès wrote:
Toggle quote (9 lines)
> Something I don’t get: why does NM itself know about openconnect?
>
> There’s a network-manager-openconnect plugin, so I would expect
> everything openconnect to happen there. Do you know why it’s not that
> way?
>
> Thanks,
> Ludo’.

I don’t know. The patch addresses (if it works) a function called
nm_vpn_openconnect_authenticate_helper within the code for
NetworkManager clients like nmtui, probably also nm-connection-editor,
that calls openconnect --authenticate.

Perhaps the network manager service could symlink the openconnect
binary to the plugins directory when used and NetworkManager could be
made to look there, but it would be nice to know if the current patch
works.

Regards,
Florian
P
P
pelzflorian (Florian Pelz) wrote on 16 Sep 2019 13:53
Re: bug#37369: Getting network-manager-openconnect to work
(name . Divan Santana)(address . divan@santanas.co.za)
20190916115334.ee53neu23p7f4g5x@pelzflorian.localdomain
On Tue, Sep 10, 2019 at 01:21:20PM +0200, pelzflorian (Florian Pelz) wrote:
Toggle quote (4 lines)
> I suspect something like the attached patch would help (and expand the
> closure of network-manager to always include openconnect).
>

Sorry, my old patch did not even build. A friend lent me her
AnyConnect credentials so I can test. I will test now and send a
working patch.

Regards,
Florian
L
L
Ludovic Courtès wrote on 16 Sep 2019 17:57
Re: Getting network-manager-openconnect to work
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
87y2yo5j40.fsf@gnu.org
Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

Toggle quote (15 lines)
> On Wed, Sep 11, 2019 at 10:46:56PM +0200, Ludovic Courtès wrote:
>> Something I don’t get: why does NM itself know about openconnect?
>>
>> There’s a network-manager-openconnect plugin, so I would expect
>> everything openconnect to happen there. Do you know why it’s not that
>> way?
>>
>> Thanks,
>> Ludo’.
>
> I don’t know. The patch addresses (if it works) a function called
> nm_vpn_openconnect_authenticate_helper within the code for
> NetworkManager clients like nmtui, probably also nm-connection-editor,
> that calls openconnect --authenticate.

So I guess we first need someone to tell us whether the patch “works”,
as you wrote, right? :-)

Ludo’.
P
P
pelzflorian (Florian Pelz) wrote on 16 Sep 2019 18:06
(name . Ludovic Courtès)(address . ludo@gnu.org)
20190916160635.dzx2ikvzi3kagtrc@pelzflorian.localdomain
On Mon, Sep 16, 2019 at 05:57:51PM +0200, Ludovic Courtès wrote:
Toggle quote (5 lines)
> So I guess we first need someone to tell us whether the patch “works”,
> as you wrote, right? :-)
>
> Ludo’.

Currently I have built the attached patch, but NetworkManager
segfaults when connecting, and I try to debug why.

Regards,
Florian
From 1efadd4619f397429d5fae024b46cd8100870c42 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Mon, 16 Sep 2019 15:27:01 +0200
Subject: [PATCH] gnu: network-manager: Enable openconnect helper.

* gnu/packages/gnome.scm (network-manager): Add openconnect input.
Patch source to use it instead of searching /usr/bin.
---
gnu/packages/gnome.scm | 8 ++++++++
1 file changed, 8 insertions(+)

Toggle diff (28 lines)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 5dc18b3bb5..a8ba00965d 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5374,6 +5374,13 @@ users.")
(("src/devices/tests/test-lldp") " ")
(("src/tests/test-route-manager-linux") " "))
#t))
+ (add-after 'unpack 'patch-source
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((openconnect (assoc-ref inputs "openconnect")))
+ (substitute* "clients/common/nm-vpn-helpers.c"
+ (("\\\"/usr/sbin/openconnect\\\"")
+ (string-append "\"" openconnect "/sbin/openconnect\"")))
+ #t)))
(add-after 'unpack 'delete-failing-tests
(lambda _
;; FIXME: These four tests fail for unknown reasons.
@@ -5436,6 +5443,7 @@ users.")
("libsoup" ,libsoup)
("modem-manager" ,modem-manager)
("newt" ,newt) ;for the 'nmtui' console interface
+ ("openconnect" ,openconnect)
("polkit" ,polkit)
("ppp" ,ppp)
("readline" ,readline)
--
2.23.0
P
P
pelzflorian (Florian Pelz) wrote on 27 Sep 2019 18:37
Re: bug#37369: Getting network-manager-openconnect to work
(name . Ludovic Courtès)(address . ludo@gnu.org)
20190927163735.c4cjjuh4r6i6de3c@pelzflorian.localdomain
Hello!

There might be a workaround:

NetworkManager stopped segfaulting for me after I “edited” the
openconnect VPN connection in nm-connection-editor without making any
changes to the connection. Apparently this fixed get_secrets_done_cb
being passed what GDB calls an “<incomplete type>” as the connection
and crashing in nm_connection_get_setting_by_name. I need to repeat
this nm-connection-editor editing after every reboot.

Does editing the VPN connection in nm-connection-editor fix the
problem for you, Divan Santana?

No patch at all is required for me. nmtui works fine without the patch.

This issue is not present in Arch Linux using the more recent
NetworkManager 1.20.2. I have not yet attempted to upgrade Guix’
NetworkManager to a more recent version.

Regards,
Florian
D
D
Divan Santana wrote on 28 Sep 2019 16:00
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
87h84wttae.fsf@santanas.co.za
pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

Toggle quote (14 lines)
> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection. Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name. I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

I'll let you know.


Toggle quote (5 lines)
> No patch at all is required for me. nmtui works fine without the patch.

> This issue is not present in Arch Linux using the more recent
> NetworkManager 1.20.2. I have not yet attempted to upgrade Guix’
> NetworkManager to a more recent version.
D
D
Divan Santana wrote on 28 Sep 2019 16:16
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
87ftkgtsjb.fsf@santanas.co.za
pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

Toggle quote (14 lines)
> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection. Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name. I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

So firstly I can't edit the connection as my user, without sudo. Not
sure if I need to be in some group to do that?

I then edited something like so:

ds@swift ~ $ sudo nm-connection-editor
Password:

(nm-connection-editor:1990): Gtk-WARNING **: 16:01:57.175: Could not find the icon 'pan-down-symbolic-ltr'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:

(nm-connection-editor:1990): Gtk-WARNING **: 16:02:01.028: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
GLib-GIO-Message: 16:02:08.131: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.

Once I edited the connection and tried to connect it still fails for me
like this:

ds@swift ~ $ sudo nmcli con up vpn-example --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'vpn-example'.
Gateway (vpn.secrets.gateway): ^Cds@swift ~ $

On arch, with the same connection file, it works on CLI with above
command.

I then tried starting nm-applet and then running:

ds@swift ~ $ sudo nmcli con up vpn-example

It then brings up the GUI and shows me a certificate for remote
gateway. Asks me to select my group and enter username and password. So
it appears like it's working. It then fails to auth for some reason.

Sep 28 16:07:16 localhost NetworkManager[506]: <info> [1569679636.8722] vpn-connection[0x1cae420,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0578] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10)
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0847] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0860] keyfile: add connection in-memory (3a679fd7-0450-43ef-8e48-63850b1f0798,"tun0")
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0871] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0878] device (tun0): Activation: starting connection 'tun0' (3a679fd7-0450-43ef-8e48-63850b1f0798)
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0882] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0886] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0888] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0889] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0891] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.0893] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost nscd: 464 monitored file `/etc/resolv.conf` was written to
Sep 28 16:11:33 localhost NetworkManager[506]: <info> [1569679893.1084] device (tun0): Activation: successful, device activated.
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 11 tun0 10.7.246.164:123
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 12 tun0 [fe80::60db:5ddd:b445:60e9%11]:123
Sep 28 16:11:36 localhost nscd: 464 monitored file `/etc/resolv.conf` was moved into place, adding watch
Sep 28 16:11:47 localhost NetworkManager[506]: <info> [1569679907.3367] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #11 tun0, 10.7.246.164#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #12 tun0, fe80::60db:5ddd:b445:60e9%11#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:12:02 localhost NetworkManager[506]: <info> [1569679922.9339] audit: op="connection-activate" uuid="ed432bd4-9078-493d-a9c3-fb7ac4199917" name="vpn-example" pid=2986 uid=1000 result="success"
Sep 28 16:12:02 localhost NetworkManager[506]: <info> [1569679922.9371] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Started the VPN service, PID 2992
Sep 28 16:12:02 localhost NetworkManager[506]: <info> [1569679922.9439] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Saw the service appear; activating connection
Sep 28 16:12:13 localhost ntpd[507]: Soliciting pool server 196.10.54.57
Sep 28 16:12:28 localhost NetworkManager[506]: <info> [1569679948.1291] settings-connection[0x1b091c0,ed432bd4-9078-493d-a9c3-fb7ac4199917]: write: successfully commited (keyfile: update /etc/NetworkManager/system-connections/vpn-example (ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example"))
Sep 28 16:12:28 localhost NetworkManager[506]: <error> [1569679948.1318] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: final secrets request failed to provide sufficient secrets
Sep 28 16:12:28 localhost NetworkManager[506]: <info> [1569679948.1343] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0102] error requesting auth for org.freedesktop.NetworkManager.wifi.share.protected: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0107] error requesting auth for org.freedesktop.NetworkManager.wifi.share.open: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0110] error requesting auth for org.freedesktop.NetworkManager.settings.modify.system: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0114] error requesting auth for org.freedesktop.NetworkManager.settings.modify.own: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0118] error requesting auth for org.freedesktop.NetworkManager.settings.modify.hostname: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0120] error requesting auth for org.freedesktop.NetworkManager.settings.modify.global-dns: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0124] error requesting auth for org.freedesktop.NetworkManager.reload: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0127] error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0130] error requesting auth for org.freedesktop.NetworkManager.enable-disable-statistics: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn> [1569679966.0133] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectivity-check: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
P
P
pelzflorian (Florian Pelz) wrote on 28 Sep 2019 17:34
(name . Divan Santana)(address . divan@santanas.co.za)
20190928153443.r4kbd3tninivufq6@pelzflorian.localdomain
For me, before editing the connection, NetworkManager crashed with a
segfault and restarted after attempting to connect with a faulty VPN
connection. The same may be what happens to you.

However, I can add a new connection with gnome-control-center or
nm-connection-editor (without using any “connection file”; GNOME asks
me for the sudo password though) and then I fill in the gateway field.
I can then use for example nmtui to activate the connection.

I noticed I have openconnect in my config.scm’s system packages, but I
believe it is not relevant.

I use:

(network-manager-service-type config =>
(network-manager-configuration
(inherit config)
(dns "dnsmasq")
(vpn-plugins (list network-manager-openconnect))))

dnsmasq is probably not required, but I do not know.

Regards,
Florian
P
P
pelzflorian (Florian Pelz) wrote on 28 Sep 2019 18:47
(name . Divan Santana)(address . divan@santanas.co.za)
20190928164704.vtky5rof6wtlu5cu@pelzflorian.localdomain
On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
Toggle quote (4 lines)
> So firstly I can't edit the connection as my user, without sudo. Not
> sure if I need to be in some group to do that?
>

P.S. I use

(users (cons (user-account
(name "florian")
(comment "Florian Pelz")
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video"
"httpd" "kvm"))
(home-directory "/home/florian"))
%base-user-accounts))

which is the default when installing Guix with the GNOME desktop plus
unrelated httpd and kvm.
netdev group seems relevant.

Regards,
Florian
P
P
pelzflorian (Florian Pelz) wrote on 29 Sep 2019 09:54
(name . Divan Santana)(address . divan@santanas.co.za)
20190929075425.4yuz27fhm5jwvujm@pelzflorian.localdomain
Regarding openconnect, no workarounds are necessary anymore for me on
core-updates, which uses a more recent network-manager@1.14.4 and will
soon be on Guix master.

Regards,
Florian
D
D
Divan Santana wrote on 3 Oct 2019 13:51
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)
875zl6dp3u.fsf@santanas.co.za
pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

Toggle quote (21 lines)
> On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
>> So firstly I can't edit the connection as my user, without sudo. Not
>> sure if I need to be in some group to do that?
>>
>
> P.S. I use
>
> (users (cons (user-account
> (name "florian")
> (comment "Florian Pelz")
> (group "users")
> (supplementary-groups '("wheel" "netdev"
> "audio" "video"
> "httpd" "kvm"))
> (home-directory "/home/florian"))
> %base-user-accounts))
>
> which is the default when installing Guix with the GNOME desktop plus
> unrelated httpd and kvm.
> netdev group seems relevant.

This is mine

(users (cons (user-account
(name "ds")
(comment "Divan Santana")
(group "users")
(supplementary-groups
'("adbusers" ;for adb
"wheel" "kvm" "audio" "video" "lp"
"docker"
;; "lpadmin"
"cdrom" "netdev"))
;;(shell #~(string-append #$zsh "/bin/zsh"))
(home-directory "/home/ds"))
%base-user-accounts))

Already had netdev. Seems same as yours. I'll look into it more
sometime.

Thanks
D
Getting network-manager-openconnect to work
(address . 37369@debbugs.gnu.org)
875ze4jxlo.fsf@swift.i-did-not-set--mail-host-address--so-tickle-me
Hi again,

I'm not having any luck getting network-manager-openconnect to work for
me.

For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:

Insufficient privileges

Apr 12 21:32:20 swift NetworkManager[385]: <info> [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."

$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)

Full system config is pasted below[1].

My groups appear fine. Perhaps some issue with polkit?

polkit is running though.

polkitd 864 1 0 12:33 ? 00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug

Not sure if it's the way my desktop is started with exwm.

I am able to up / down connections via "nmcli con up id" and without
sudo.

Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:

$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):

I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.

Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)

Creating a new connecting via sudo and the starting it results in the
same.

Any idea?

[1]: (trimmed slightly)

Toggle snippet (292 lines)
;; My laptop guix system configuration.

(use-modules
(gnu)
(gnu packages admin)
(gnu packages android) ;for android-udev-rules
(gnu packages certs)
(gnu packages cups)
(gnu packages gnome)
(gnu packages gnupg)
(gnu packages haskell-apps)
(gnu packages linux)
(gnu packages shells)
(gnu packages suckless)
(gnu packages virtualization)
(gnu packages wm)
(gnu packages xorg)
(gnu services avahi)
(gnu services cups)
(gnu services desktop)
(gnu services dns)
(gnu services docker)
(gnu services monitoring)
(gnu services networking)
(gnu services pm)
(gnu services shepherd)
(gnu services sound)
(gnu services ssh)
(gnu services sysctl)
(gnu services virtualization)
(gnu services xorg)
(gnu system nss)
(gnu system shadow) ;for user-group
(guix build-system trivial)
(guix download) ;for url-fetch
(guix git-download)
(guix packages) ;for origin
(nongnu packages linux)
(srfi srfi-1) ;for 'remove'
)

(define %extra-linux-modules
'("fuse" ; for sshfs
"nbd" ; to mount qcow2 images
))

(operating-system
(host-name "swift")
(timezone "Africa/Johannesburg")
(locale "en_US.utf8")
(locale-libcs (list glibc-2.28 (canonical-package glibc)))

(hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
(sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))

(kernel-arguments
(list
(string-append "resume_offset=106602496")
(string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
(string-append "net.ifnames=0")
(string-append "kvm_intel.nested=1")))

(kernel linux-4.19)
(firmware (cons* linux-firmware %base-firmware))

(initrd (lambda (fs . args)
(apply base-initrd fs
#:extra-modules %extra-linux-modules
args)))

(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
))

(mapped-devices (list (mapped-device
(source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
(target "crypt")
(type luks-device-mapping))))

(file-systems (cons* (file-system
(device "/dev/nvme0n1p1")
(type "msdos")
(mount-point "/boot/efi"))
(file-system
(device "/dev/mapper/crypt")
(mount-point "/")
(type "ext4")
;; this is breaking
;; (options "noatime,nodiratime")
(dependencies mapped-devices))
%base-file-systems))

(swap-devices '("/mnt/swapfile"))

(users (cons (user-account
(name "ds")
(comment "Divan Santana")
(group "users")
(supplementary-groups
'("adbusers" ;for adb
"wheel" "kvm" "audio" "video" "lp"
"docker"
"libvirt"
"input"
;; "lpadmin"
"cdrom" "netdev"))
(home-directory "/home/ds"))
%base-user-accounts))

(groups (cons (user-group (system? #t) (name "adbusers"))
%base-groups))

(packages
(append (map specification->package
'(
"bash-completion"
"binutils"
"bridge-utils"
"dmidecode"
"dnsmasq"
"docker"
"docker-cli"
"docker-compose"
"dosfstools"
"dtach"
"ethtool"
"font-adobe-source-code-pro"
"font-adobe-source-sans-pro"
"font-adobe-source-serif-pro"
"font-adobe100dpi"
"font-adobe75dpi"
"font-awesome"
"font-bitstream-vera"
"font-dejavu"
"font-fantasque-sans"
"font-fira-code"
"font-fira-mono"
"font-fira-sans"
"font-gnu-freefont-ttf"
"font-google-roboto"
"font-hack"
"font-inconsolata"
"font-iosevka"
"font-liberation"
"font-misc-misc"
"font-tamzen"
"font-ubuntu"
;; "font-symbola" ;; missing
"git"
;; "arc-theme" ;; fixme, should be in core only
"gnome-themes-standard" ;; fixme, should be in core only
"iptables"
"light"
"lsof"
"mlocate"
"mobile-broadband-provider-info"
"modem-manager"
"neovim"
"netcat"
"network-manager-applet"
"network-manager-openconnect"
"network-manager-vpnc"
"net-tools"
"nss" ;; FIXME: is not providing certutil
"nss-certs"
"ntfs-3g"
"openconnect"
"openssh"
"parted"
"qemu"
"rsync"
"setxkbmap"
"slock"
"usb-modeswitch"
"usb-modeswitch-data"
"udiskie"
"xcape"
"xdotool" ;; simulate keyboard/mouse presses
"xev"
"xf86-input-libinput"
"xf86-input-synaptics"
"xf86-input-wacom"
"xf86-video-fbdev"
"xinit"
"xmodmap"
"xorg-server"
"xrandr"
"xrdb"
"xsel"
"xset"
"kmonad"
"xss-lock"
"xterm"
"xf86-video-intel"
))
%base-packages))

(setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
%setuid-programs))

(services (cons*

(service openssh-service-type
(openssh-configuration
(port-number 8444)
(permit-root-login 'without-password)
))

(service tor-service-type)

(simple-service 'store-my-config
etc-service-type
`(("config.scm"
,(local-file (assoc-ref
(current-source-location)
'filename)))))

(service cups-service-type
(cups-configuration
(web-interface? #t)
(extensions
(list cups-filters hplip))))

(screen-locker-service slock "slock")

(service tlp-service-type
(tlp-configuration
;; TODO: enable autosuspend and blacklist certian
;; usb devices.
(usb-autosuspend? #f)))

(service thermald-service-type)

(service gpm-service-type)
(service docker-service-type)

(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")))

(service virtlog-service-type)

(service sysctl-service-type
(sysctl-configuration
(settings '(
("net.ipv4.ip_forward" . "1")
("vm.swappiness" . "05")
))))

(extra-special-file "/usr/bin/env"
(file-append coreutils "/bin/env"))

firewall-service

(service prometheus-node-exporter-service-type
(prometheus-node-exporter-configuration
(web-listen-address ":9100")))

(service slim-service-type
(slim-configuration
(auto-login? #t)
(default-user "ds")
;; (auto-login-session #f)
(xorg-configuration
(xorg-configuration
(drivers '("modesetting"))
))
))

(remove (lambda (service)
(eq? (service-kind service) avahi-service-type))
(remove (lambda (service)
(eq? (service-kind service) gdm-service-type))

(modify-services %desktop-services
(network-manager-service-type
config => (network-manager-configuration
(inherit config)
(dns "dnsmasq")
(vpn-plugins (list network-manager-openconnect))
))
(udev-service-type
config => (udev-configuration
(inherit config)
(rules (append (udev-configuration-rules config)
(list %backlight-udev-rule android-udev-rules kmonad)))))
(login-service-type
config => (login-configuration
(inherit config)
(motd %motd)))))))))
D
D
Divan Santana via web wrote on 4 May 2020 21:43
(no subject)
(address . 37369@debbugs.gnu.org)
7f41f4682060.1149bc60b06b9a01@guile.gnu.org
Hi again,

I'm not having any luck getting network-manager-openconnect to work for
me.

For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:

Insufficient privileges

Apr 12 21:32:20 swift NetworkManager[385]: <info> [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."

$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)

Full system config is pasted below[1].

My groups appear fine. Perhaps some issue with polkit?

polkit is running though.

polkitd 864 1 0 12:33 ? 00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug

Not sure if it's the way my desktop is started with exwm.

I am able to up / down connections via "nmcli con up id" and without
sudo.

Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:

$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):

I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.

Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)

Creating a new connecting via sudo and the starting it results in the
same.

Any idea?

[1]: (trimmed slightly)

Toggle snippet (292 lines)
;; My laptop guix system configuration.

(use-modules
(gnu)
(gnu packages admin)
(gnu packages android) ;for android-udev-rules
(gnu packages certs)
(gnu packages cups)
(gnu packages gnome)
(gnu packages gnupg)
(gnu packages haskell-apps)
(gnu packages linux)
(gnu packages shells)
(gnu packages suckless)
(gnu packages virtualization)
(gnu packages wm)
(gnu packages xorg)
(gnu services avahi)
(gnu services cups)
(gnu services desktop)
(gnu services dns)
(gnu services docker)
(gnu services monitoring)
(gnu services networking)
(gnu services pm)
(gnu services shepherd)
(gnu services sound)
(gnu services ssh)
(gnu services sysctl)
(gnu services virtualization)
(gnu services xorg)
(gnu system nss)
(gnu system shadow) ;for user-group
(guix build-system trivial)
(guix download) ;for url-fetch
(guix git-download)
(guix packages) ;for origin
(nongnu packages linux)
(srfi srfi-1) ;for 'remove'
)

(define %extra-linux-modules
'("fuse" ; for sshfs
"nbd" ; to mount qcow2 images
))

(operating-system
(host-name "swift")
(timezone "Africa/Johannesburg")
(locale "en_US.utf8")
(locale-libcs (list glibc-2.28 (canonical-package glibc)))

(hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
(sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))

(kernel-arguments
(list
(string-append "resume_offset=106602496")
(string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
(string-append "net.ifnames=0")
(string-append "kvm_intel.nested=1")))

(kernel linux-4.19)
(firmware (cons* linux-firmware %base-firmware))

(initrd (lambda (fs . args)
(apply base-initrd fs
#:extra-modules %extra-linux-modules
args)))

(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
))

(mapped-devices (list (mapped-device
(source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
(target "crypt")
(type luks-device-mapping))))

(file-systems (cons* (file-system
(device "/dev/nvme0n1p1")
(type "msdos")
(mount-point "/boot/efi"))
(file-system
(device "/dev/mapper/crypt")
(mount-point "/")
(type "ext4")
;; this is breaking
;; (options "noatime,nodiratime")
(dependencies mapped-devices))
%base-file-systems))

(swap-devices '("/mnt/swapfile"))

(users (cons (user-account
(name "ds")
(comment "Divan Santana")
(group "users")
(supplementary-groups
'("adbusers" ;for adb
"wheel" "kvm" "audio" "video" "lp"
"docker"
"libvirt"
"input"
;; "lpadmin"
"cdrom" "netdev"))
(home-directory "/home/ds"))
%base-user-accounts))

(groups (cons (user-group (system? #t) (name "adbusers"))
%base-groups))

(packages
(append (map specification->package
'(
"bash-completion"
"binutils"
"bridge-utils"
"dmidecode"
"dnsmasq"
"docker"
"docker-cli"
"docker-compose"
"dosfstools"
"dtach"
"ethtool"
"font-adobe-source-code-pro"
"font-adobe-source-sans-pro"
"font-adobe-source-serif-pro"
"font-adobe100dpi"
"font-adobe75dpi"
"font-awesome"
"font-bitstream-vera"
"font-dejavu"
"font-fantasque-sans"
"font-fira-code"
"font-fira-mono"
"font-fira-sans"
"font-gnu-freefont-ttf"
"font-google-roboto"
"font-hack"
"font-inconsolata"
"font-iosevka"
"font-liberation"
"font-misc-misc"
"font-tamzen"
"font-ubuntu"
;; "font-symbola" ;; missing
"git"
;; "arc-theme" ;; fixme, should be in core only
"gnome-themes-standard" ;; fixme, should be in core only
"iptables"
"light"
"lsof"
"mlocate"
"mobile-broadband-provider-info"
"modem-manager"
"neovim"
"netcat"
"network-manager-applet"
"network-manager-openconnect"
"network-manager-vpnc"
"net-tools"
"nss" ;; FIXME: is not providing certutil
"nss-certs"
"ntfs-3g"
"openconnect"
"openssh"
"parted"
"qemu"
"rsync"
"setxkbmap"
"slock"
"usb-modeswitch"
"usb-modeswitch-data"
"udiskie"
"xcape"
"xdotool" ;; simulate keyboard/mouse presses
"xev"
"xf86-input-libinput"
"xf86-input-synaptics"
"xf86-input-wacom"
"xf86-video-fbdev"
"xinit"
"xmodmap"
"xorg-server"
"xrandr"
"xrdb"
"xsel"
"xset"
"kmonad"
"xss-lock"
"xterm"
"xf86-video-intel"
))
%base-packages))

(setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
%setuid-programs))

(services (cons*

(service openssh-service-type
(openssh-configuration
(port-number 8444)
(permit-root-login 'without-password)
))

(service tor-service-type)

(simple-service 'store-my-config
etc-service-type
`(("config.scm"
,(local-file (assoc-ref
(current-source-location)
'filename)))))

(service cups-service-type
(cups-configuration
(web-interface? #t)
(extensions
(list cups-filters hplip))))

(screen-locker-service slock "slock")

(service tlp-service-type
(tlp-configuration
;; TODO: enable autosuspend and blacklist certian
;; usb devices.
(usb-autosuspend? #f)))

(service thermald-service-type)

(service gpm-service-type)
(service docker-service-type)

(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")))

(service virtlog-service-type)

(service sysctl-service-type
(sysctl-configuration
(settings '(
("net.ipv4.ip_forward" . "1")
("vm.swappiness" . "05")
))))

(extra-special-file "/usr/bin/env"
(file-append coreutils "/bin/env"))

firewall-service

(service prometheus-node-exporter-service-type
(prometheus-node-exporter-configuration
(web-listen-address ":9100")))

(service slim-service-type
(slim-configuration
(auto-login? #t)
(default-user "ds")
;; (auto-login-session #f)
(xorg-configuration
(xorg-configuration
(drivers '("modesetting"))
))
))

(remove (lambda (service)
(eq? (service-kind service) avahi-service-type))
(remove (lambda (service)
(eq? (service-kind service) gdm-service-type))

(modify-services %desktop-services
(network-manager-service-type
config => (network-manager-configuration
(inherit config)
(dns "dnsmasq")
(vpn-plugins (list network-manager-openconnect))
))
(udev-service-type
config => (udev-configuration
(inherit config)
(rules (append (udev-configuration-rules config)
(list %backlight-udev-rule android-udev-rules kmonad)))))
(login-service-type
config => (login-configuration
(inherit config)
(motd %motd)))))))))
?