From 12a25ded4ba3de9a96ff1b0953b5ce243cbe81b5 Mon Sep 17 00:00:00 2001 From: SqrtMinusOne Date: Sat, 19 Jun 2021 17:18:51 +0300 Subject: [PATCH] feat(guix): CUPS, docker, VPN --- .config/guix/manifests/emacs.scm | 2 +- .config/guix/systems/azure.scm | 8 +++- Desktop.org | 1 + Guix.org | 73 +++++++++++++++++++++++++++++++- bin/scripts/vpn-start | 25 +++++++++++ bin/scripts/vpn-stop | 15 +++++++ 6 files changed, 121 insertions(+), 3 deletions(-) create mode 100755 bin/scripts/vpn-start create mode 100755 bin/scripts/vpn-stop diff --git a/.config/guix/manifests/emacs.scm b/.config/guix/manifests/emacs.scm index 425bf5e..78ccc0c 100644 --- a/.config/guix/manifests/emacs.scm +++ b/.config/guix/manifests/emacs.scm @@ -1,5 +1,5 @@ (specifications->manifest - '("emacs" + '("emacs-native-comp" "the-silver-searcher" "ripgrep" "emacs-vterm")) diff --git a/.config/guix/systems/azure.scm b/.config/guix/systems/azure.scm index c644dc4..5c2943d 100644 --- a/.config/guix/systems/azure.scm +++ b/.config/guix/systems/azure.scm @@ -10,6 +10,8 @@ (use-modules (gnu packages xorg)) (use-modules (gnu packages wm)) (use-modules (gnu packages openbox)) +(use-modules (gnu services docker)) +(use-modules (gnu services cups)) (use-modules (srfi srfi-1)) (use-modules (guix channels)) (use-modules (guix inferior)) @@ -23,6 +25,10 @@ (service openssh-service-type) (extra-special-file "/lib64/ld-linux-x86-64.so.2" (file-append glibc "/lib/ld-linux-x86-64.so.2")) (service nix-service-type) + (service cups-service-type + (cups-configuration + (web-interface? #t))) + (service docker-service-type) (modify-services %desktop-services (network-manager-service-type config => (network-manager-configuration (inherit config) @@ -71,7 +77,7 @@ "video" "input" "tty" - ;; "docker" + "docker" "lp"))) %base-user-accounts)) diff --git a/Desktop.org b/Desktop.org index 46c29ca..d80cf5e 100644 --- a/Desktop.org +++ b/Desktop.org @@ -2036,6 +2036,7 @@ This section generates manifests for various desktop software that I'm using. | Category | Guix dependency | |----------+-----------------| | dev | conda | +| dev | docker-compose | ** Manifests #+NAME: packages #+begin_src emacs-lisp :tangle no :var category="" diff --git a/Guix.org b/Guix.org index 4c9554c..666cb0d 100644 --- a/Guix.org +++ b/Guix.org @@ -158,6 +158,8 @@ Common modules: (use-modules (gnu packages xorg)) (use-modules (gnu packages wm)) (use-modules (gnu packages openbox)) +(use-modules (gnu services docker)) +(use-modules (gnu services cups)) (use-modules (srfi srfi-1)) (use-modules (guix channels)) (use-modules (guix inferior)) @@ -216,7 +218,7 @@ User accounts. "video" "input" "tty" - ;; "docker" + "docker" "lp"))) %base-user-accounts)) @@ -239,6 +241,8 @@ Base packages, necessary right after the installation. Default services for each machine: - override the default =%desktop-services= to add OpenVPN support - add nix service +- add docker service +- add CUPS service - add a symlink to ELF interpeter to where most Linux binaries expect it #+begin_src scheme :tangle no :noweb-ref system-common (define %my-base-services @@ -246,6 +250,10 @@ Default services for each machine: (service openssh-service-type) (extra-special-file "/lib64/ld-linux-x86-64.so.2" (file-append glibc "/lib/ld-linux-x86-64.so.2")) (service nix-service-type) + (service cups-service-type + (cups-configuration + (web-interface? #t))) + (service docker-service-type) (modify-services %desktop-services (network-manager-service-type config => (network-manager-configuration (inherit config) @@ -386,6 +394,69 @@ Don't forget to install =JetBrainsMono Nerd Font=. |----------+-----------------| | system | openvpn | | system | python | +** VPN +I'm not sure how to properly spin up VPN on Guix, so here is what I'm doing now. + +I'm currently using CyberGhost VPN. =~/.vpn= folder stores its OpenVPN config, modified as follows: +- paths to =ca=, =cert= and =key= are made relative +- added =auth-user-pass= with a link to login info + +*** vpn-start +To start VPN propely, we have to use DNS given by CyberGhost to prevent DNS leaks and disabled ipv6. The thing is that the manual method requires also manual setting of the IP address and gateway. + +So this script: +- gets an active connection +- gets a device from that connection +- gets an IP from that device +- gets a gateway +- modifies the connection +- runs openvpn + +This isn't tested and probably will fail if there are multiple active connections, for instance. + +Also I'm a bit concerned with running openvpn as sudo, but I shall see if that screws me up somehow. + +#+begin_src bash :tangle ~/bin/scripts/vpn-start +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +DEVICE=$(nmcli -f connection.interface-name con show "$CONN" | awk '{ print $2 }') +IP=$(ip addr show "$DEVICE" | awk 'match($0, /.*inet (addr:)?(([0-9]*\.){3}[0-9]*\/[0-9]*).*/, ga) { print ga[2] } ') +GATEWAY=$(ip route list | awk ' /^default/ {print $3}') + +DNS_1=10.101.0.243 +DNS_2=38.132.106.139 + +echo "Connection: $CONN" +echo "Device: $DEVICE" +echo "IP: $IP" +echo "Gateway: $GATEWAY" + +nmcli con modify "$CONN" ipv4.addresses "${IP}" +nmcli con modify "$CONN" ipv4.gateway "${GATEWAY}" +nmcli con modify "$CONN" ipv4.method manual +nmcli con modify "$CONN" ipv4.ignore-auto-dns yes +nmcli con modify "$CONN" +ipv4.dns $DNS_1 +nmcli con modify "$CONN" +ipv4.dns $DNS_2 +nmcli con modify "$CONN" ipv6.method ignore +nmcli connection up "$CONN" +sudo openvpn --config ~/.vpn/openvpn.ovpn +#+end_src +*** vpn-stop +Also a script to reverse the changes. + +#+begin_src bash :tangle ~/bin/scripts/vpn-stop +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +DNS_1=10.101.0.243 +DNS_2=38.132.106.139 + +echo "Connection: $CONN" + +nmcli con modify "$CONN" ipv4.ignore-auto-dns no +nmcli con modify "$CONN" -ipv4.dns $DNS_1 +nmcli con modify "$CONN" -ipv4.dns $DNS_2 +nmcli con modify "$CONN" ipv4.method auto +nmcli con modify "$CONN" ipv6.method auto +nmcli connection up "$CONN" +#+end_src * Notes on installing software | Category | Guix dependency | Description | |----------+-----------------+----------------------------------------------------| diff --git a/bin/scripts/vpn-start b/bin/scripts/vpn-start new file mode 100755 index 0000000..62a171c --- /dev/null +++ b/bin/scripts/vpn-start @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +# [[file:../../Guix.org::*vpn-start][vpn-start:1]] +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +DEVICE=$(nmcli -f connection.interface-name con show "$CONN" | awk '{ print $2 }') +IP=$(ip addr show "$DEVICE" | awk 'match($0, /.*inet (addr:)?(([0-9]*\.){3}[0-9]*\/[0-9]*).*/, ga) { print ga[2] } ') +GATEWAY=$(ip route list | awk ' /^default/ {print $3}') + +DNS_1=10.101.0.243 +DNS_2=38.132.106.139 + +echo "Connection: $CONN" +echo "Device: $DEVICE" +echo "IP: $IP" +echo "Gateway: $GATEWAY" + +nmcli con modify "$CONN" ipv4.addresses "${IP}" +nmcli con modify "$CONN" ipv4.gateway "${GATEWAY}" +nmcli con modify "$CONN" ipv4.method manual +nmcli con modify "$CONN" ipv4.ignore-auto-dns yes +nmcli con modify "$CONN" +ipv4.dns $DNS_1 +nmcli con modify "$CONN" +ipv4.dns $DNS_2 +nmcli con modify "$CONN" ipv6.method ignore +nmcli connection up "$CONN" +sudo openvpn --config ~/.vpn/openvpn.ovpn +# vpn-start:1 ends here diff --git a/bin/scripts/vpn-stop b/bin/scripts/vpn-stop new file mode 100755 index 0000000..e4f86b6 --- /dev/null +++ b/bin/scripts/vpn-stop @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +# [[file:../../Guix.org::*vpn-stop][vpn-stop:1]] +CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME)" | sed 's/ *$//g') +DNS_1=10.101.0.243 +DNS_2=38.132.106.139 + +echo "Connection: $CONN" + +nmcli con modify "$CONN" ipv4.ignore-auto-dns no +nmcli con modify "$CONN" -ipv4.dns $DNS_1 +nmcli con modify "$CONN" -ipv4.dns $DNS_2 +nmcli con modify "$CONN" ipv4.method auto +nmcli con modify "$CONN" ipv6.method auto +nmcli connection up "$CONN" +# vpn-stop:1 ends here