Brice Waegeneire <brice@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at submit) by debbugs.gnu.org; 4 May 2020 15:50:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 04 11:50:32 2020
Received: from localhost ([127.0.0.1]:33748 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1jVdMW-0005W7-9G
for submit <at> debbugs.gnu.org; Mon, 04 May 2020 11:50:32 -0400
Received: from lists.gnu.org ([209.51.188.17]:35524)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <sirmacik@HIDDEN>) id 1jVdMV-0005W0-4E
for submit <at> debbugs.gnu.org; Mon, 04 May 2020 11:50:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36074)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sirmacik@HIDDEN>)
id 1jVdMU-00080o-M5
for guix-patches@HIDDEN; Mon, 04 May 2020 11:50:30 -0400
Received: from mail.freearts.agency ([51.68.137.137]:49980)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sirmacik@HIDDEN>)
id 1jVdMS-000233-Jd
for guix-patches@HIDDEN; Mon, 04 May 2020 11:50:30 -0400
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
with ESMTPSA id 0AABF41239; Mon, 4 May 2020 17:50:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wioo.waw.pl; s=dkim;
t=1588607410;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=rRVGBSqLC3rmbGKiYmdvYs/rhNuG+BajJOtVEi5Etr8=;
b=NMJSWWDmYn3rSeT4h29B+6RL7XnnJsuaK7Inhv16Xs3+SHm2Uj26V9/yafvzouEtCt0K2E
cuwwimELx0vpwLnInlVemNYI6ZJyFUKdr9y9DNPuu9EE42pZxkVQKcxBB7/m1PFLyhE2wN
10MJibIe2AF8W28AcaH3sAyUhFv5wtv8f7PCyMFdmX+IWW33NS7wZUD31H9ZmTI9/Q7krK
wMrBOsptYBt9aibljckvK2SkBMs+YFQWPIcznoWPUOViB1pTneTuIAF7QKczM4A6zO6k1F
qbR33G1LEYjnYhZhn4p15FIRpBbQJOBBK/yYTmS2oLWzo3zROiUBpgy1w070Vw==
From: Marcin Karpezo <sirmacik@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] doc: cookbook: add entry for Wireguard VPN connection on Guix
System
Date: Mon, 4 May 2020 17:49:16 +0200
Message-Id: <20200504154915.3963-1-sirmacik@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Last-TLS-Session-Version: TLSv1.3
Received-SPF: pass client-ip=51.68.137.137; envelope-from=sirmacik@HIDDEN;
helo=mail.freearts.agency
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/04 11:50:16
X-ACL-Warn: Detected OS = Linux 3.11 and newer
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: Marcin Karpezo <sirmacik@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
---
doc/guix-cookbook.texi | 77 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f58d18d47c..598084ce65 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
@item
Inheritance makes it easy to customize a package by inheriting from it and
modifying only what is needed.
-
+
@item
Batch processing: the whole package collection can be parsed, filtered and
processed. Building a headless server with all graphical interfaces stripped
@@ -1324,7 +1324,9 @@ reference.
@menu
* Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System.
* Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
+* Connect to Wireguard VPN:: Connecting to Wireguard VPN server on Guix System.
* Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
+
@end menu
@node Customizing the Kernel
@@ -1617,6 +1619,79 @@ Then you need to add the following code to a StumpWM configuration file
(set-font (make-instance 'xft:font :family "DejaVu Sans Mono" :subfamily "Book" :size 11))
@end lisp
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+@anchor{#connect-to-wireguard-vpn}
+To connect your Guix System with Wireguard VPN server you need to add
+packages @code{wireguard-linux-compat} and @code{wireguard-tools} to
+your system configuration file, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+ (append (map specification->package
+ '("wireguard-linux-compat" "wireguard-tools"))
+ %base-packages)))
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you'll find that
+standard @code{wg-quick up wg0} command will not work due to lack of
+package providing @code{resolvconf} command.
+
+@example
+~ % sudo wg-quick up wg0
+[#] ip link add wg0 type wireguard
+[#] wg setconf wg0 /dev/fd/63
+[#] ip -4 address add 10.200.200.2/24 dev wg0
+[#] ip link set mtu 1420 up dev wg0
+[#] resolvconf -a wg0 -m 0 -x
+/home/sirmacik/.guix-profile/bin/wg-quick: line 31: resolvconf: command not found
+[#] ip link delete dev wg0
+@end example
+
+Thanks to Network Manager support for Wireguard we can still connect to
+our VPN using @code{nmcli} command. Up to this point this guide assumes
+that you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system (@uref{https://guix.gnu.org/manual/en/html_node/Networking-Services.html,see Networking Services}).
+
+To import your VPN configuration execute nmcli import command:
+
+@example
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post on GNOME blogs}.
+
@node Setting up a bind mount
@section Setting up a bind mount
--
2.26.2
Marcin Karpezo <sirmacik@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#41080; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.