diff --git a/README.org b/README.org index 930ec1c..8c04110 100644 --- a/README.org +++ b/README.org @@ -117,6 +117,7 @@ Rosenthal 頻道定義如下,將其加入 =~/.config/guix/channels.scm= 以由 Binary Packages / 二進制包: + clash-bin ++ clash-meta-bin + hugo-bin + shadow-tls-bin + sing-box-bin @@ -137,4 +138,5 @@ Non-free Packages / 非自由軟件: + (home-)shadow-tls-service-type + smartdns-service-type + home-socks2http-service-type ++ tailscale-service-type + home-wakapi-service-type diff --git a/rosenthal/services/networking.scm b/rosenthal/services/networking.scm index aa3e715..ce47423 100644 --- a/rosenthal/services/networking.scm +++ b/rosenthal/services/networking.scm @@ -6,13 +6,18 @@ #:use-module (guix gexp) #:use-module (guix records) #:use-module (gnu packages dns) + #:use-module (gnu packages linux) #:use-module (gnu packages networking) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services dbus) #:use-module (gnu services shepherd) + #:use-module (rosenthal packages binaries) #:export (iwd-configuration - iwd-service-type)) + iwd-service-type + + tailscale-configuration + tailscale-service-type)) ;; ;; iwd @@ -379,3 +384,128 @@ list, power save will be disabled.")) add-iwd-package))) (default-value (iwd-configuration)) (description "Run iwd, the iNet wireless daemon."))) + + +;; +;; Tailscale +;; + + +(define-configuration tailscale-configuration + (tailscale + (file-like tailscale-bin) + "The tailscale package to use.") + + (iptables + (file-like iptables) + "The iptables package to use.") + + (log-file + (string "/dev/null") + "Path to log file.") + + (bird-socket + maybe-string + "Path of the bird UNIX socket.") + + (debug-server + maybe-string + "Listen address ([ip]:port) of optional debug server.") + + (port + (integer 0) + "UDP port to listen for WireGuard and peer-to-peer traffic; 0 means +automatically select.") + + (socket + (string "/var/run/tailscale/tailscaled.sock") + "Path of the service UNIX socket.") + + (http-proxy-server + maybe-string + "[ip]:port to run an outbound HTTP proxy (e.g. \"localhost:8080\").") + + (socks5-server + maybe-string + "[ip]:port to run a SOCKS5 server (e.g. \"localhost:1080\").") + + (state-directory + (string "/var/lib/tailscale") + "Path to directory for storage of config state, TLS certs, temporary incoming +Taildrop files, etc. If empty, it's derived from @code{state-file} when +possible.") + + (state-file + maybe-string + "Absolute path of state file; use @code{kube:} to use Kubernetes +secrets or @code{arn:aws:ssm:...} to store in AWS SSM; use 'mem:' to not store +state and register as an ephemeral node. If empty and @code{state-directory} is +provided, the default is @code{/tailscaled.state}.") + + (tunnel-interface + (string "tailscale0") + "Tunnel interface name; use @code{\"userspace-networking\"} (beta) to not use +TUN.") + + (upload-log? + (boolean #f) + "Whether to upload logs or not, technical support is also disabled when set +to #f.") + + (verbosity + (integer 0) + "Log verbosity level; 0 is default, 1 or higher are increasingly verbose.") + (no-serialization)) + +(define tailscale-shepherd-service + (match-record-lambda + (tailscale iptables log-file bird-socket debug-server port socket + http-proxy-server socks5-server state-directory state-file + tunnel-interface upload-log? verbosity) + (let ((environment + #~(list (string-append "PATH=" #$(file-append iptables "/sbin"))))) + (list (shepherd-service + (documentation "Run tailscaled") + (provision '(tailscaled)) + (requirement '(user-processes)) + (start + #~(make-forkexec-constructor + (list + #$(file-append tailscale "/bin/tailscaled") + #$@(if (maybe-value-set? bird-socket) + `("-bird-socket" ,bird-socket) + '()) + #$@(if (maybe-value-set? debug-server) + `("-debug" ,debug-server) + '()) + #$@(if upload-log? + '() + '("-no-logs-no-support")) + #$@(if (maybe-value-set? http-proxy-server) + `("-outbound-http-proxy-listen" ,http-proxy-server) + '()) + "-port" #$(number->string port) + "-socket" #$socket + #$@(if (maybe-value-set? socks5-server) + `("-socks5-server" ,socks5-server) + '()) + #$@(if (maybe-value-set? state-file) + `("-state" ,state-file) + '()) + "-statedir" #$state-directory + "-tun" #$tunnel-interface + "-verbose" #$(number->string verbosity)) + #:environment-variables #$environment + #:log-file #$log-file)) + (stop #~(make-kill-destructor))))))) + +(define tailscale-service-type + (service-type + (name 'tailscaled) + (extensions + (list (service-extension shepherd-root-service-type + tailscale-shepherd-service) + (service-extension profile-service-type + (compose list tailscale-configuration-tailscale)))) + (default-value (tailscale-configuration)) + (description "Run tailscaled.")))