GNU bug report logs - #41080
[PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix System

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41080 in the body.
You can then email your comments to 41080 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Marcin Karpezo <sirmacik <at> wioo.waw.pl>
To: guix-patches <at> gnu.org
Cc: Marcin Karpezo <sirmacik <at> wioo.waw.pl>
Subject: [PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix
 System
Date: Mon,  4 May 2020 17:49:16 +0200

---
 doc/guix-cookbook.texi | 77 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 76 insertions(+), 1 deletion(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f58d18d47c..598084ce65 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
 @item
 Inheritance makes it easy to customize a package by inheriting from it and
 modifying only what is needed.
- 
+
 @item
 Batch processing: the whole package collection can be parsed, filtered and
 processed.  Building a headless server with all graphical interfaces stripped
@@ -1324,7 +1324,9 @@ reference.
 @menu
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Connect to Wireguard VPN:: Connecting to Wireguard VPN server on Guix System.
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
+
 @end menu
 
 @node Customizing the Kernel
@@ -1617,6 +1619,79 @@ Then you need to add the following code to a StumpWM configuration file
 (set-font (make-instance 'xft:font :family "DejaVu Sans Mono" :subfamily "Book" :size 11))
 @end lisp
 
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+@anchor{#connect-to-wireguard-vpn}
+To connect your Guix System with Wireguard VPN server you need to add
+packages @code{wireguard-linux-compat} and @code{wireguard-tools} to
+your system configuration file, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+    (append (map specification->package
+        '("wireguard-linux-compat" "wireguard-tools"))
+    %base-packages)))
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you'll find that
+standard @code{wg-quick up wg0} command will not work due to lack of
+package providing @code{resolvconf} command.
+
+@example
+~ % sudo wg-quick up wg0
+[#] ip link add wg0 type wireguard
+[#] wg setconf wg0 /dev/fd/63
+[#] ip -4 address add 10.200.200.2/24 dev wg0
+[#] ip link set mtu 1420 up dev wg0
+[#] resolvconf -a wg0 -m 0 -x
+/home/sirmacik/.guix-profile/bin/wg-quick: line 31: resolvconf: command not found
+[#] ip link delete dev wg0
+@end example
+
+Thanks to Network Manager support for Wireguard we can still connect to
+our VPN using @code{nmcli} command. Up to this point this guide assumes
+that you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system (@uref{https://guix.gnu.org/manual/en/html_node/Networking-Services.html,see Networking Services}).
+
+To import your VPN configuration execute nmcli import command:
+
+@example
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post on GNOME blogs}.
+
 @node Setting up a bind mount
 @section Setting up a bind mount
 
-- 
2.26.2

Message #10 received at 41080 <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: 41080 <at> debbugs.gnu.org
Subject: Re: [PATCH] doc: cookbook: add entry for Wireguard VPN connection on
 Guix System
Date: Mon, 11 May 2020 19:37:08 +0000

Hello Marcin,

Thank you for the patch!

> +@lisp
> +(use-modules (gnu))
> +(use-package-modules vpn)
> +
> +(operating-system
> +;; …
> +(packages
> +    (append (map specification->package
> +        '("wireguard-linux-compat" "wireguard-tools"))
> +    %base-packages)))
> +@end lisp

There is no use to put "wireguard-linux-compat" in the packages field,
instead it should be in the kernel-loadable-modules field to be
loadable by modprobe and an in the kernel-module-loader-service for
being autoloaded at boot with an entry like:
“(simple-service 'wireguard-module kernel-module-loader-service-type
    '("wireguard"))”
Also note that all the above is only necessary with a Linux-libre
kernel >5.6, after that wireguard is built into it.

https://issues.guix.info/issue/41192 should fix the wg-quick issue,
can you try it and update the documentation accordingly. About this
script can you specify that it's a “very quick and dirty bash script”
as wireguard's docs says and that it should probably be avoided except
for testing and such.

Also can you resend the patch as a git-patch instead of a plain diff,
you can find the related guidelines in the manual[0].

[0]: 
https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html#Submitting-Patches

Cheers,
- Brice

Message #13 received at 41080 <at> debbugs.gnu.org (full text, mbox):

From: Marcin Karpezo <sirmacik <at> wioo.waw.pl>
To: 41080 <at> debbugs.gnu.org
Cc: Marcin Karpezo <sirmacik <at> wioo.waw.pl>
Subject: [PATCH v2] Add wireguard connection instructions to cookbook
Date: Wed, 27 May 2020 00:07:17 +0200

* doc: cookbook: add entry for Wireguard VPN connection on Guix System
---
 doc/guix-cookbook.texi | 68 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 67 insertions(+), 1 deletion(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 8651bc4429..0e0727310a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
 @item
 Inheritance makes it easy to customize a package by inheriting from it and
 modifying only what is needed.
- 
+
 @item
 Batch processing: the whole package collection can be parsed, filtered and
 processed.  Building a headless server with all graphical interfaces stripped
@@ -1323,6 +1323,7 @@ reference.
 
 @menu
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
+* Connect to Wireguard VPN::     Connecting your Guix System to Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 @end menu
@@ -1567,6 +1568,71 @@ likely that you'll need to modify the initrd on a machine using a custom
 kernel, since certain modules which are expected to be built may not be
 available for inclusion into the initrd.
 
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+
+To connect your Guix system with Wireguard VPN server you need to add
+@code{wireguard-tools} package to your system configuration file and
+additional kernel line, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+    (append (map specification->package
+        '("wireguard-tools"))
+    %base-packages))
+ (kernel-loadable-modules (list wireguard-linux-compat))
+ ;; …
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you can either
+place your config file in @file{/etc/wireguard} and run
+@code{wg-quick up wg0} command or use NetworkManager for wireguard
+management.
+
+Thanks to Network Manager support for Wireguard we can connect to our
+VPN using @code{nmcli} command. Up to this point this guide assumes that
+you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system.
+
+To import your VPN configuration execute nmcli import command:
+
+@example shell
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example shell
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example shell
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post by thaller}.
+
 @node Customizing a Window Manager
 @section Customizing a Window Manager
 @cindex wm
-- 
2.26.2

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.