[PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix System

DoneSubmitted by Marcin Karpezo.
Details
2 participants
  • Brice Waegeneire
  • Marcin Karpezo
Owner
unassigned
Severity
normal
Blocked by
M
M
Marcin Karpezo wrote on 4 May 17:49 +0200
(address . guix-patches@gnu.org)(name . Marcin Karpezo)(address . sirmacik@wioo.waw.pl)
20200504154915.3963-1-sirmacik@wioo.waw.pl
--- doc/guix-cookbook.texi | 77 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-)
Toggle diff (105 lines)diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texiindex f58d18d47c..598084ce65 100644--- a/doc/guix-cookbook.texi+++ b/doc/guix-cookbook.texi@@ -327,7 +327,7 @@ package definitions. @item Inheritance makes it easy to customize a package by inheriting from it and modifying only what is needed.- + @item Batch processing: the whole package collection can be parsed, filtered and processed. Building a headless server with all graphical interfaces stripped@@ -1324,7 +1324,9 @@ reference. @menu * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.+* Connect to Wireguard VPN:: Connecting to Wireguard VPN server on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.+ @end menu @node Customizing the Kernel@@ -1617,6 +1619,79 @@ Then you need to add the following code to a StumpWM configuration file (set-font (make-instance 'xft:font :family "DejaVu Sans Mono" :subfamily "Book" :size 11)) @end lisp +@node Connect to Wireguard VPN+@section Connect to Wireguard VPN+@anchor{#connect-to-wireguard-vpn}+To connect your Guix System with Wireguard VPN server you need to add+packages @code{wireguard-linux-compat} and @code{wireguard-tools} to+your system configuration file, e.g. @file{/etc/config.scm}.++An example configuration file will look like this:++@lisp+(use-modules (gnu))+(use-package-modules vpn)++(operating-system+;; …+(packages+ (append (map specification->package+ '("wireguard-linux-compat" "wireguard-tools"))+ %base-packages)))+@end lisp++After @code{guix system reconfigure /etc/config.scm} you'll find that+standard @code{wg-quick up wg0} command will not work due to lack of+package providing @code{resolvconf} command.++@example+~ % sudo wg-quick up wg0+[#] ip link add wg0 type wireguard+[#] wg setconf wg0 /dev/fd/63+[#] ip -4 address add 10.200.200.2/24 dev wg0+[#] ip link set mtu 1420 up dev wg0+[#] resolvconf -a wg0 -m 0 -x+/home/sirmacik/.guix-profile/bin/wg-quick: line 31: resolvconf: command not found+[#] ip link delete dev wg0+@end example++Thanks to Network Manager support for Wireguard we can still connect to+our VPN using @code{nmcli} command. Up to this point this guide assumes+that you're using Network Manager service provided by+@code{%desktop-services}. Ortherwise you need to adjust your services+list to load @code{network-manager-service-type} and reconfigure your+Guix system (@uref{https://guix.gnu.org/manual/en/html_node/Networking-Services.html,see Networking Services}).++To import your VPN configuration execute nmcli import command:++@example+~ % sudo nmcli connection import type wireguard file wg0.conf+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added+@end example++Next connect to Wireguard server++@example+~ % nmcli connection up wg0+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)+@end example++By default NM will connect automatically on system boot. To change that+behaviour you need to edit your config:++@example+~ % sudo nmcli connection edit wg0+nmcli> print connection.autoconnect+connection.autoconnect: yes+nmcli> set connection.autoconnect no+nmcli> save+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.+@end example++For more specific information about NetworkManager and wireguard+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see+this post on GNOME blogs}.+ @node Setting up a bind mount @section Setting up a bind mount -- 2.26.2
B
B
Brice Waegeneire wrote on 11 May 21:15 +0200
Blocked by #41192
(address . control@debbugs.gnu.org)
35a2f74084f3e711a8537b0f1c08a040@waegenei.re
block 41193 with 41192block 41080 with 41192quit
B
B
Brice Waegeneire wrote on 11 May 21:37 +0200
Re: [PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix System
(address . 41080@debbugs.gnu.org)
84b581259bee7a91a1c1676efc9c30d6@waegenei.re
Hello Marcin,
Thank you for the patch!
Toggle quote (12 lines)> +@lisp> +(use-modules (gnu))> +(use-package-modules vpn)> +> +(operating-system> +;; …> +(packages> + (append (map specification->package> + '("wireguard-linux-compat" "wireguard-tools"))> + %base-packages)))> +@end lisp
There is no use to put "wireguard-linux-compat" in the packages field,instead it should be in the kernel-loadable-modules field to beloadable by modprobe and an in the kernel-module-loader-service forbeing autoloaded at boot with an entry like:“(simple-service 'wireguard-module kernel-module-loader-service-type '("wireguard"))”Also note that all the above is only necessary with a Linux-librekernel >5.6, after that wireguard is built into it.
https://issues.guix.info/issue/41192should fix the wg-quick issue,can you try it and update the documentation accordingly. About thisscript can you specify that it's a “very quick and dirty bash script”as wireguard's docs says and that it should probably be avoided exceptfor testing and such.
Also can you resend the patch as a git-patch instead of a plain diff,you can find the related guidelines in the manual[0].
[0]: https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html#Submitting-Patches
Cheers,- Brice
M
M
Marcin Karpezo wrote on 27 May 00:07 +0200
[PATCH v2] Add wireguard connection instructions to cookbook
(address . 41080@debbugs.gnu.org)(name . Marcin Karpezo)(address . sirmacik@wioo.waw.pl)
20200526220717.30682-1-sirmacik@wioo.waw.pl
* doc: cookbook: add entry for Wireguard VPN connection on Guix System--- doc/guix-cookbook.texi | 68 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 1 deletion(-)
Toggle diff (95 lines)diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texiindex 8651bc4429..0e0727310a 100644--- a/doc/guix-cookbook.texi+++ b/doc/guix-cookbook.texi@@ -327,7 +327,7 @@ package definitions. @item Inheritance makes it easy to customize a package by inheriting from it and modifying only what is needed.- + @item Batch processing: the whole package collection can be parsed, filtered and processed. Building a headless server with all graphical interfaces stripped@@ -1323,6 +1323,7 @@ reference. @menu * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.+* Connect to Wireguard VPN:: Connecting your Guix System to Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. @end menu@@ -1567,6 +1568,71 @@ likely that you'll need to modify the initrd on a machine using a custom kernel, since certain modules which are expected to be built may not be available for inclusion into the initrd. +@node Connect to Wireguard VPN+@section Connect to Wireguard VPN++To connect your Guix system with Wireguard VPN server you need to add+@code{wireguard-tools} package to your system configuration file and+additional kernel line, e.g. @file{/etc/config.scm}.++An example configuration file will look like this:++@lisp+(use-modules (gnu))+(use-package-modules vpn)++(operating-system+;; …+(packages+ (append (map specification->package+ '("wireguard-tools"))+ %base-packages))+ (kernel-loadable-modules (list wireguard-linux-compat))+ ;; …+@end lisp++After @code{guix system reconfigure /etc/config.scm} you can either+place your config file in @file{/etc/wireguard} and run+@code{wg-quick up wg0} command or use NetworkManager for wireguard+management.++Thanks to Network Manager support for Wireguard we can connect to our+VPN using @code{nmcli} command. Up to this point this guide assumes that+you're using Network Manager service provided by+@code{%desktop-services}. Ortherwise you need to adjust your services+list to load @code{network-manager-service-type} and reconfigure your+Guix system.++To import your VPN configuration execute nmcli import command:++@example shell+~ % sudo nmcli connection import type wireguard file wg0.conf+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added+@end example++Next connect to Wireguard server++@example shell+~ % nmcli connection up wg0+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)+@end example++By default NM will connect automatically on system boot. To change that+behaviour you need to edit your config:++@example shell+~ % sudo nmcli connection edit wg0+nmcli> print connection.autoconnect+connection.autoconnect: yes+nmcli> set connection.autoconnect no+nmcli> save+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.+@end example++For more specific information about NetworkManager and wireguard+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see+this post by thaller}.+ @node Customizing a Window Manager @section Customizing a Window Manager @cindex wm-- 2.26.2
B
B
Brice Waegeneire wrote on 2 Jun 11:45 +0200
Close #41080
(address . control@debbugs.gnu.org)
ab79a665862cba98fc7dfc3f3b8c03d1@waegenei.re
# I edited it, pushed as 5c3e94cdf8e3966d70be7cd7eff25c2575e25272close 41080quit
?