aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi75
-rw-r--r--gnu/services/ssh.scm106
2 files changed, 180 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 0020739aec..812d08a8ef 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -79,6 +79,7 @@ Copyright @copyright{} 2020 Naga Malleswari@*
Copyright @copyright{} 2020 Brice Waegeneire@*
Copyright @copyright{} 2020 R Veera Kumar@*
Copyright @copyright{} 2020 Pierre Langlois@*
+Copyright @copyright{} 2020 pinoaffe@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -14390,6 +14391,80 @@ Whether to enable password-based authentication.
@end table
@end deftp
+@cindex AutoSSH
+@deffn {Scheme Variable} autossh-service-type
+This is the type for the @uref{https://www.harding.motd.ca/autossh,
+AutoSSH} program that runs a copy of @code{ssh} and monitors it,
+restarting it as necessary should it die or stop passing traffic.
+AutoSSH can be run manually from the commandline by passing arguments to
+the binary @code{autossh} from the package @code{autossh}, but it can
+also be run as a guix service. This latter usecase is documented here.
+
+AutoSSH can be used to forward local traffic to a remote machine using an SSH tunnel,
+and it respects the @file{~/.ssh/config} of the user it is run as.
+
+For example, to specify a service running autossh as the user @code{pino}
+and forwarding all local connections to port @code{8081} to @code{remote:8081}
+using an SSH tunnel, add this call to the operating system's @code{services} field:
+
+@lisp
+(service autossh-service-type
+ (autossh-configuration
+ (user "pino")
+ (ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.net"))))
+@end lisp
+@end deffn
+
+@deftp {Data Type} autossh-configuration
+This data type represents the configuration of an AutoSSH service.
+
+@table @asis
+
+@item @code{user} (default @code{"autossh"})
+The user as which the AutoSSH service is to be run.
+This assumes that the specified user exists.
+
+@item @code{poll} (default @code{600})
+Specifies the connection poll time in seconds.
+
+@item @code{first-poll} (default @code{#f})
+Specifies how long autossh waits before the first connection test in seconds.
+After this first test, polling is resumed at the pace defined in @code{poll}.
+When set to @code{#f}, the first poll is not treated specially and
+will also use the connection poll specified in @code{poll}
+
+@item @code{gate-time} (default @code{30})
+Specifies (in seconds) how long an SSH connection must be active
+before it is considered successful.
+
+@item @code{log-level} (default @code{1})
+The log level, corresponding to the levels used by syslog
+(so @code{0} is the most silent while @code{7} is the chattiest.)
+
+@item @code{max-start} (default @code{#f})
+The maximum number of times SSH may be (re)started before AutoSSH exits.
+When set to @code{#f}, no maximum is configured and AutoSSH may restart indefinitely.
+
+@item @code{message} (default @code{""})
+The message to append to the echo message sent when testing connections.
+
+@item @code{port} (default @code{"0"})
+The ports used for monitoring the connection. When set to @code{"0"},
+monitoring is disabled. When set to @code{"n"} where @code{n} is a positive integer,
+ports @code{n} and @code{n+1} are used for monitoring the connection, such that
+port @code{n} is the base monitoring port and @code{n+1} is the echo port.
+When set to @code{"n:m"} where @code{n} and @code{m} are positive integers,
+the ports @code{n} and @code{n+1} are used for monitoring the connection, such
+that port @code{n} is the base monitoring port and @code{m} is the echo port.
+
+@item @code{ssh-options} (default @code{'()})
+The list of commandline arguments to pass to ssh when it is run.
+Options @code{-f} and @code{-M ....} are reserved for AutoSSH
+and may cause undefined behaviour.
+
+@end table
+@end deftp
+
@defvr {Scheme Variable} %facebook-host-aliases
This variable contains a string for use in @file{/etc/hosts}
(@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..ced21c0742 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 pinoaffe <pinoaffe@airmail.cc>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -45,7 +46,11 @@
dropbear-configuration
dropbear-configuration?
dropbear-service-type
- dropbear-service))
+ dropbear-service
+
+ autossh-configuration
+ autossh-configuration?
+ autossh-service-type))
;;; Commentary:
;;;
@@ -628,4 +633,103 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
object."
(service dropbear-service-type config))
+
+;;;
+;;; AutoSSH.
+;;;
+
+
+(define-record-type* <autossh-configuration>
+ autossh-configuration make-autossh-configuration
+ autossh-configuration?
+ (user autossh-configuration-user
+ (default "autossh"))
+ (poll autossh-configuration-poll
+ (default 600))
+ (first-poll autossh-configuration-first-poll
+ (default #f))
+ (gate-time autossh-configuration-gate-time
+ (default 30))
+ (log-level autossh-configuration-log-level
+ (default 1))
+ (max-start autossh-configuration-max-start
+ (default #f))
+ (message autossh-configuration-message
+ (default ""))
+ (port autossh-configuration-port
+ (default "0"))
+ (ssh-options autossh-configuration-ssh-options
+ (default '())))
+
+(define (autossh-file-name config file)
+ "Return a path in /var/run/autossh/ that is writable
+ by @code{user} from @code{config}."
+ (string-append "/var/run/autossh/"
+ (autossh-configuration-user config)
+ "/" file))
+
+(define (autossh-shepherd-service config)
+ (shepherd-service
+ (documentation "Automatically set up ssh connections (and keep them alive).")
+ (provision '(autossh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append autossh "/bin/autossh")
+ #$@(autossh-configuration-ssh-options config))
+ #:user #$(autossh-configuration-user config)
+ #:group (passwd:gid (getpw #$(autossh-configuration-user config)))
+ #:pid-file #$(autossh-file-name config "pid")
+ #:log-file #$(autossh-file-name config "log")
+ #:environment-variables
+ '(#$(string-append "AUTOSSH_PIDFILE="
+ (autossh-file-name config "pid"))
+ #$(string-append "AUTOSSH_LOGFILE="
+ (autossh-file-name config "log"))
+ #$(string-append "AUTOSSH_POLL="
+ (number->string
+ (autossh-configuration-poll config)))
+ #$(string-append "AUTOSSH_FIRST_POLL="
+ (number->string
+ (or
+ (autossh-configuration-first-poll config)
+ (autossh-configuration-poll config))))
+ #$(string-append "AUTOSSH_GATETIME="
+ (number->string
+ (autossh-configuration-gate-time config)))
+ #$(string-append "AUTOSSH_LOGLEVEL="
+ (number->string
+ (autossh-configuration-log-level config)))
+ #$(string-append "AUTOSSH_MAXSTART="
+ (number->string
+ (or (autossh-configuration-max-start config)
+ -1)))
+ #$(string-append "AUTOSSH_MESSAGE="
+ (autossh-configuration-message config))
+ #$(string-append "AUTOSSH_PORT="
+ (autossh-configuration-port config)))))
+ (stop #~(make-kill-destructor))))
+
+(define (autossh-service-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (define %user
+ (getpw #$(autossh-configuration-user config)))
+ (let* ((directory #$(autossh-file-name config ""))
+ (log (string-append directory "/log")))
+ (mkdir-p directory)
+ (chown directory (passwd:uid %user) (passwd:gid %user))
+ (call-with-output-file log (const #t))
+ (chown log (passwd:uid %user) (passwd:gid %user))))))
+
+(define autossh-service-type
+ (service-type
+ (name 'autossh)
+ (description "Automatically set up ssh connections (and keep them alive).")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list autossh-shepherd-service))
+ (service-extension activation-service-type
+ autossh-service-activation)))
+ (default-value (autossh-configuration))))
+
;;; ssh.scm ends here