diff options
author | Marcin Karpezo <sirmacik@wioo.waw.pl> | 2020-06-01 23:06:57 +0200 |
---|---|---|
committer | Brice Waegeneire <brice@waegenei.re> | 2020-06-02 11:31:48 +0200 |
commit | 5c3e94cdf8e3966d70be7cd7eff25c2575e25272 (patch) | |
tree | db02e26b62315383709d9ebf074ceb78149956d6 | |
parent | cb21c14b0ae1f4c9fcad4927e3b2eb0c06d7b018 (diff) | |
download | guix-5c3e94cdf8e3966d70be7cd7eff25c2575e25272.tar guix-5c3e94cdf8e3966d70be7cd7eff25c2575e25272.tar.gz |
doc: cookbook: Add entry about Wireguard VPN.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
* doc/guix-cookbook.texi (Connect to Wireguard VPN): New section.
-rw-r--r-- | doc/guix-cookbook.texi | 80 |
1 files changed, 79 insertions, 1 deletions
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 8651bc4429..5574a60857 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -327,7 +327,7 @@ package definitions. @item Inheritance makes it easy to customize a package by inheriting from it and modifying only what is needed. - + @item Batch processing: the whole package collection can be parsed, filtered and processed. Building a headless server with all graphical interfaces stripped @@ -1323,6 +1323,7 @@ reference. @menu * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. +* Connecting to Wireguard VPN:: Connecting to a Wireguard VPN. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. @end menu @@ -1567,6 +1568,83 @@ likely that you'll need to modify the initrd on a machine using a custom kernel, since certain modules which are expected to be built may not be available for inclusion into the initrd. +@node Connecting to Wireguard VPN +@section Connecting to Wireguard VPN + +To connect to a Wireguard VPN server you need the kernel module to be +loaded in memory and a package providing networking tools that support +it (e.g. @code{wireguard-tools} or @code{network-manager}). + +Here is a configuration example for Linux-Libre < 5.6, where the module +is out of tree and need to be loaded manually---following revisions of +the kernel have it built-in and so don't need such configuration: + +@lisp +(use-modules (gnu)) +(use-service-modules desktop) +(use-package-modules vpn) + +(operating-system + ;; … + (services (cons (simple-service 'wireguard-module + kernel-module-loader-service-type + '("wireguard")) + %desktop-services)) + (packages (cons wireguard-tools %base-packages)) + (kernel-loadable-modules (list wireguard-linux-compat))) +@end lisp + +After reconfiguring and restarting your system you can either use +Wireguard tools or NetworkManager to connect to a VPN server. + +@subsection Using Wireguard tools + +To test your Wireguard setup it is convenient to use @command{wg-quick}. +Just give it a configuration file @command{wg-quick up ./wg0.conf}; or +put that file in @file{/etc/wireguard} and run @command{wg-quick up wg0} +instead. + +@quotation Note +Be warned that the author described this command as a: “[…] very quick +and dirty bash script […]”. +@end quotation + +@subsection Using NetworkManager + +Thanks to NetworkManager support for Wireguard we can connect to our VPN +using @command{nmcli} command. Up to this point this guide assumes that +you're using Network Manager service provided by +@code{%desktop-services}. Ortherwise you need to adjust your services +list to load @code{network-manager-service-type} and reconfigure your +Guix system. + +To import your VPN configuration execute nmcli import command: + +@example shell +# nmcli connection import type wireguard file wg0.conf +Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added +@end example + +This will create a configuration file in +@file{/etc/NetworkManager/wg0.nmconnection}. Next connect to the +Wireguard server: + +@example shell +$ nmcli connection up wg0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) +@end example + +By default NetworkManager will connect automatically on system boot. To +change that behaviour you need to edit your config: + +@example shell +# nmcli connection modify wg0 connection.autoconnect no +@end example + +For more specific information about NetworkManager and wireguard +@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see +this post by thaller}. + @node Customizing a Window Manager @section Customizing a Window Manager @cindex wm |