services: dnsmasq: Add TFTP configuration fields.

* gnu/services/dns.scm (<dnsmasq-configuration>): Add TFTP configuration fields. (dnsmasq-shepherd-service): Use them. * doc/guix.texi (DNS Services): Document them.

services: dnsmasq: Add TFTP configuration fields.
34d1c0a0 · Danny Milosavljevic · 3e34f899 · 34d1c0a0 · 34d1c0a0
Unverified Commit 34d1c0a0 authored 4 years ago by Danny Milosavljevic
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23363,6 +23363,60 @@ disables caching.
 @item @code{negative-cache?} (default: @code{#t})
 When false, disable negative caching.
+@item @code{tftp-enable?} (default: @code{#f})
+Whether to enable the built-in TFTP server.
+@item @code{tftp-no-fail?} (default: @code{#f})
+If true, does not fail dnsmasq if the TFTP server could not start up.
+@item @code{tftp-single-port?} (default: @code{#f})
+Whether to use only one single port for TFTP.
+@item @code{tftp-secure?} (default: @code{#f})
+If true, only files owned by the user running the dnsmasq process are accessible.
+If dnsmasq is being run as root, different rules apply:
+@code{tftp-secure?} has no effect, but only files which have the
+world-readable bit set are accessible.
+@item @code{tftp-max} (default: @code{#f})
+If set, sets the maximal number of concurrent connections allowed.
+@item @code{tftp-mtu} (default: @code{#f})
+If set, sets the MTU for TFTP packets to that value.
+@item @code{tftp-no-blocksize?} (default: @code{#f})
+If true, stops the TFTP server from negotiating the blocksize with a client.
+@item @code{tftp-lowercase?} (default: @code{#f})
+Whether to convert all filenames in TFTP requests to lowercase.
+@item @code{tftp-port-range} (default: @code{#f})
+If set, fixes the dynamical ports (one per client) to the given range
+(@code{"<start>,<end>"}).
+@item @code{tftp-root} (default: @code{/var/empty,lo})
+Look for files to transfer using TFTP relative to the given directory.
+When this is set, TFTP paths which include ".." are rejected, to stop clients
+getting outside the specified root. Absolute paths (starting with /) are
+allowed, but they must be within the tftp-root. If the optional interface
+argument is given, the directory is only used for TFTP requests via that
+interface.
+@item @code{tftp-unique-root} (default: @code{#f})
+If set, add the IP or hardware address of the TFTP client as a path component
+on the end of the TFTP-root.  Only valid if a TFTP root is set and the
+directory exists.  Defaults to adding IP address (in standard dotted-quad
+format).
+For instance, if --tftp-root is "/tftp" and client 1.2.3.4 requests file
+"myfile" then the effective path will be "/tftp/1.2.3.4/myfile" if
+/tftp/1.2.3.4 exists or /tftp/myfile otherwise. When "=mac" is specified
+it will append the MAC address instead, using lowercase zero padded digits
+separated by dashes, e.g.: 01-02-03-04-aa-bb Note that resolving MAC
+addresses is only possible if the client is in the local network or obtained
+a DHCP lease from dnsmasq.
 @end table
 @end deftp
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -757,7 +757,29 @@ (define-record-type* <dnsmasq-configuration>
  (cache-size       dnsmasq-configuration-cache-size
                    (default 150))      ;integer
  (negative-cache?  dnsmasq-configuration-negative-cache?
-                    (default #t)))      ;boolean
+                    (default #t))      ;boolean
+  (tftp-enable?     dnsmasq-configuration-tftp-enable?
+                    (default #f))       ;boolean
+  (tftp-no-fail?    dnsmasq-configuration-tftp-no-fail?
+                    (default #f))       ;boolean
+  (tftp-single-port? dnsmasq-configuration-tftp-single-port?
+                    (default #f))       ;boolean
+  (tftp-secure?     dnsmasq-tftp-secure?
+                    (default #f))       ;boolean
+  (tftp-max         dnsmasq-tftp-max
+                    (default #f))       ;integer
+  (tftp-mtu         dnsmasq-tftp-mtu
+                    (default #f))       ;integer
+  (tftp-no-blocksize? dnsmasq-tftp-no-blocksize?
+                      (default #f))     ;boolean
+  (tftp-lowercase?  dnsmasq-tftp-lowercase?
+                    (default #f))       ;boolean
+  (tftp-port-range  dnsmasq-tftp-port-range
+                    (default #f))       ;string
+  (tftp-root        dnsmasq-tftp-root
+                    (default "/var/empty,lo")) ;string
+  (tftp-unique-root dnsmasq-tftp-unique-root
+                    (default #f)))      ;"" or "ip" or "mac"
 (define dnsmasq-shepherd-service
  (match-lambda
@@ -765,7 +787,12 @@ (define dnsmasq-shepherd-service
                                no-hosts?
                                port local-service? listen-addresses
                                resolv-file no-resolv? servers
-                                addresses cache-size negative-cache?)
+                                addresses cache-size negative-cache?
+                                tftp-enable? tftp-no-fail?
+                                tftp-single-port? tftp-secure?
+                                tftp-max tftp-mtu tftp-no-blocksize?
+                                tftp-lowercase? tftp-port-range
+                                tftp-root tftp-unique-root)
     (shepherd-service
      (provision '(dnsmasq))
      (requirement '(networking))
@@ -794,7 +821,44 @@ (define dnsmasq-shepherd-service
                  #$(format #f "--cache-size=~a" cache-size)
                  #$@(if negative-cache?
                         '()
-                         '("--no-negcache")))
+                         '("--no-negcache"))
+                  #$@(if tftp-enable?
+                         '("--enable-tftp")
+                         '())
+                  #$@(if tftp-no-fail?
+                         '("--tftp-no-fail")
+                         '())
+                  #$@(if tftp-single-port?
+                         '("--tftp-single-port")
+                         '())
+                  #$@(if tftp-secure?
+                         '("--tftp-secure?")
+                         '())
+                  #$@(if tftp-max
+                         (list (format #f "--tftp-max=~a" tftp-max))
+                         '())
+                  #$@(if tftp-mtu
+                         (list (format #f "--tftp-mtu=~a" tftp-mtu))
+                         '())
+                  #$@(if tftp-no-blocksize?
+                         '("--tftp-no-blocksize")
+                         '())
+                  #$@(if tftp-lowercase?
+                         '("--tftp-lowercase")
+                         '())
+                  #$@(if tftp-port-range
+                         (list (format #f "--tftp-port-range=~a"
+                                          tftp-port-range))
+                         '())
+                  #$@(if tftp-root
+                         (list (format #f "--tftp-root=~a" tftp-root))
+                         '())
+                  #$@(if tftp-unique-root
+                         (list
+                          (if (> (length tftp-unique-root) 0)
+                              (format #f "--tftp-unique-root=~a" tftp-unique-root)
+                              (format #f "--tftp-unique-root")))
+                         '()))
                #:pid-file "/run/dnsmasq.pid"))
      (stop #~(make-kill-destructor))))))