GNU bug report logs -
#41080
[PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix System
Previous Next
Reported by: Marcin Karpezo <sirmacik <at> wioo.waw.pl>
Date: Mon, 4 May 2020 15:51:02 UTC
Severity: normal
Tags: patch
Done: Brice Waegeneire <brice <at> waegenei.re>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41080 in the body.
You can then email your comments to 41080 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#41080
; Package
guix-patches
.
(Mon, 04 May 2020 15:51:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marcin Karpezo <sirmacik <at> wioo.waw.pl>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Mon, 04 May 2020 15:51:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
---
doc/guix-cookbook.texi | 77 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f58d18d47c..598084ce65 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
@item
Inheritance makes it easy to customize a package by inheriting from it and
modifying only what is needed.
-
+
@item
Batch processing: the whole package collection can be parsed, filtered and
processed. Building a headless server with all graphical interfaces stripped
@@ -1324,7 +1324,9 @@ reference.
@menu
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Connect to Wireguard VPN:: Connecting to Wireguard VPN server on Guix System.
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
+
@end menu
@node Customizing the Kernel
@@ -1617,6 +1619,79 @@ Then you need to add the following code to a StumpWM configuration file
(set-font (make-instance 'xft:font :family "DejaVu Sans Mono" :subfamily "Book" :size 11))
@end lisp
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+@anchor{#connect-to-wireguard-vpn}
+To connect your Guix System with Wireguard VPN server you need to add
+packages @code{wireguard-linux-compat} and @code{wireguard-tools} to
+your system configuration file, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+ (append (map specification->package
+ '("wireguard-linux-compat" "wireguard-tools"))
+ %base-packages)))
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you'll find that
+standard @code{wg-quick up wg0} command will not work due to lack of
+package providing @code{resolvconf} command.
+
+@example
+~ % sudo wg-quick up wg0
+[#] ip link add wg0 type wireguard
+[#] wg setconf wg0 /dev/fd/63
+[#] ip -4 address add 10.200.200.2/24 dev wg0
+[#] ip link set mtu 1420 up dev wg0
+[#] resolvconf -a wg0 -m 0 -x
+/home/sirmacik/.guix-profile/bin/wg-quick: line 31: resolvconf: command not found
+[#] ip link delete dev wg0
+@end example
+
+Thanks to Network Manager support for Wireguard we can still connect to
+our VPN using @code{nmcli} command. Up to this point this guide assumes
+that you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system (@uref{https://guix.gnu.org/manual/en/html_node/Networking-Services.html,see Networking Services}).
+
+To import your VPN configuration execute nmcli import command:
+
+@example
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post on GNOME blogs}.
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.26.2
Added blocking bug(s) 41192
Request was from
Brice Waegeneire <brice <at> waegenei.re>
to
control <at> debbugs.gnu.org
.
(Mon, 11 May 2020 19:16:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#41080
; Package
guix-patches
.
(Mon, 11 May 2020 19:38:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 41080 <at> debbugs.gnu.org (full text, mbox):
Hello Marcin,
Thank you for the patch!
> +@lisp
> +(use-modules (gnu))
> +(use-package-modules vpn)
> +
> +(operating-system
> +;; …
> +(packages
> + (append (map specification->package
> + '("wireguard-linux-compat" "wireguard-tools"))
> + %base-packages)))
> +@end lisp
There is no use to put "wireguard-linux-compat" in the packages field,
instead it should be in the kernel-loadable-modules field to be
loadable by modprobe and an in the kernel-module-loader-service for
being autoloaded at boot with an entry like:
“(simple-service 'wireguard-module kernel-module-loader-service-type
'("wireguard"))”
Also note that all the above is only necessary with a Linux-libre
kernel >5.6, after that wireguard is built into it.
https://issues.guix.info/issue/41192 should fix the wg-quick issue,
can you try it and update the documentation accordingly. About this
script can you specify that it's a “very quick and dirty bash script”
as wireguard's docs says and that it should probably be avoided except
for testing and such.
Also can you resend the patch as a git-patch instead of a plain diff,
you can find the related guidelines in the manual[0].
[0]:
https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html#Submitting-Patches
Cheers,
- Brice
Information forwarded
to
guix-patches <at> gnu.org
:
bug#41080
; Package
guix-patches
.
(Tue, 26 May 2020 22:08:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 41080 <at> debbugs.gnu.org (full text, mbox):
* doc: cookbook: add entry for Wireguard VPN connection on Guix System
---
doc/guix-cookbook.texi | 68 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 67 insertions(+), 1 deletion(-)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 8651bc4429..0e0727310a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
@item
Inheritance makes it easy to customize a package by inheriting from it and
modifying only what is needed.
-
+
@item
Batch processing: the whole package collection can be parsed, filtered and
processed. Building a headless server with all graphical interfaces stripped
@@ -1323,6 +1323,7 @@ reference.
@menu
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
+* Connect to Wireguard VPN:: Connecting your Guix System to Wireguard VPN.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
@end menu
@@ -1567,6 +1568,71 @@ likely that you'll need to modify the initrd on a machine using a custom
kernel, since certain modules which are expected to be built may not be
available for inclusion into the initrd.
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+
+To connect your Guix system with Wireguard VPN server you need to add
+@code{wireguard-tools} package to your system configuration file and
+additional kernel line, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+ (append (map specification->package
+ '("wireguard-tools"))
+ %base-packages))
+ (kernel-loadable-modules (list wireguard-linux-compat))
+ ;; …
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you can either
+place your config file in @file{/etc/wireguard} and run
+@code{wg-quick up wg0} command or use NetworkManager for wireguard
+management.
+
+Thanks to Network Manager support for Wireguard we can connect to our
+VPN using @code{nmcli} command. Up to this point this guide assumes that
+you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system.
+
+To import your VPN configuration execute nmcli import command:
+
+@example shell
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example shell
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example shell
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post by thaller}.
+
@node Customizing a Window Manager
@section Customizing a Window Manager
@cindex wm
--
2.26.2
bug closed, send any further explanations to
41080 <at> debbugs.gnu.org and Marcin Karpezo <sirmacik <at> wioo.waw.pl>
Request was from
Brice Waegeneire <brice <at> waegenei.re>
to
control <at> debbugs.gnu.org
.
(Tue, 02 Jun 2020 09:46:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 30 Jun 2020 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 14 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.