From 8f54586ce5700346b2a496eef67bac7e642a3bbe Mon Sep 17 00:00:00 2001 From: Marcin Karpezo Date: Mon, 4 May 2020 17:49:16 +0200 Subject: doc: cookbook: add entry for Wireguard VPN connection on Guix System --- doc/guix-cookbook.texi | 77 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index f58d18d47c..598084ce65 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -327,7 +327,7 @@ package definitions. @item Inheritance makes it easy to customize a package by inheriting from it and modifying only what is needed. - + @item Batch processing: the whole package collection can be parsed, filtered and processed. Building a headless server with all graphical interfaces stripped @@ -1324,7 +1324,9 @@ reference. @menu * Customizing the Kernel:: Creating and using a custom Linux kernel on Guix System. * Customizing a Window Manager:: Handle customization of a Window manager on Guix System. +* Connect to Wireguard VPN:: Connecting to Wireguard VPN server on Guix System. * Setting up a bind mount:: Setting up a bind mount in the file-systems definition. + @end menu @node Customizing the Kernel @@ -1617,6 +1619,79 @@ Then you need to add the following code to a StumpWM configuration file (set-font (make-instance 'xft:font :family "DejaVu Sans Mono" :subfamily "Book" :size 11)) @end lisp +@node Connect to Wireguard VPN +@section Connect to Wireguard VPN +@anchor{#connect-to-wireguard-vpn} +To connect your Guix System with Wireguard VPN server you need to add +packages @code{wireguard-linux-compat} and @code{wireguard-tools} to +your system configuration file, e.g. @file{/etc/config.scm}. + +An example configuration file will look like this: + +@lisp +(use-modules (gnu)) +(use-package-modules vpn) + +(operating-system +;; … +(packages + (append (map specification->package + '("wireguard-linux-compat" "wireguard-tools")) + %base-packages))) +@end lisp + +After @code{guix system reconfigure /etc/config.scm} you'll find that +standard @code{wg-quick up wg0} command will not work due to lack of +package providing @code{resolvconf} command. + +@example +~ % sudo wg-quick up wg0 +[#] ip link add wg0 type wireguard +[#] wg setconf wg0 /dev/fd/63 +[#] ip -4 address add 10.200.200.2/24 dev wg0 +[#] ip link set mtu 1420 up dev wg0 +[#] resolvconf -a wg0 -m 0 -x +/home/sirmacik/.guix-profile/bin/wg-quick: line 31: resolvconf: command not found +[#] ip link delete dev wg0 +@end example + +Thanks to Network Manager support for Wireguard we can still connect to +our VPN using @code{nmcli} command. Up to this point this guide assumes +that you're using Network Manager service provided by +@code{%desktop-services}. Ortherwise you need to adjust your services +list to load @code{network-manager-service-type} and reconfigure your +Guix system (@uref{https://guix.gnu.org/manual/en/html_node/Networking-Services.html,see Networking Services}). + +To import your VPN configuration execute nmcli import command: + +@example +~ % sudo nmcli connection import type wireguard file wg0.conf +Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added +@end example + +Next connect to Wireguard server + +@example +~ % nmcli connection up wg0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) +@end example + +By default NM will connect automatically on system boot. To change that +behaviour you need to edit your config: + +@example +~ % sudo nmcli connection edit wg0 +nmcli> print connection.autoconnect +connection.autoconnect: yes +nmcli> set connection.autoconnect no +nmcli> save +Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated. +@end example + +For more specific information about NetworkManager and wireguard +@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see +this post on GNOME blogs}. + @node Setting up a bind mount @section Setting up a bind mount -- cgit v1.2.3