diff options
author | Matthew Justin Bauer <mjbauer95@gmail.com> | 2018-04-23 11:42:09 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 11:42:09 -0500 |
commit | 14e66c1659c1832bb868f62c87438193654f6c48 (patch) | |
tree | 81ddf4fef6292d13040f3520734afe3913b35f8b /nixos/modules/services/networking | |
parent | f836bd6fb86eb130ae0f2290aac32290ae4e3dce (diff) | |
parent | 30a56d72db90914272d023eb5ede7fb5d8c842fb (diff) | |
download | nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar.gz nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar.bz2 nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar.lz nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar.xz nixlib-14e66c1659c1832bb868f62c87438193654f6c48.tar.zst nixlib-14e66c1659c1832bb868f62c87438193654f6c48.zip |
Merge pull request #36734 from gnidorah/hans
nixos/hans: init
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/hans.nix | 145 | ||||
-rw-r--r-- | nixos/modules/services/networking/iodine.nix | 22 |
2 files changed, 162 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix new file mode 100644 index 000000000000..56c30a6b96e1 --- /dev/null +++ b/nixos/modules/services/networking/hans.nix @@ -0,0 +1,145 @@ +# NixOS module for hans, ip over icmp daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.hans; + + hansUser = "hans"; + +in +{ + + ### configuration + + options = { + + services.hans = { + clients = mkOption { + default = {}; + description = '' + Each attribute of this option defines a systemd service that + runs hans. Many or none may be defined. + The name of each service is + <literal>hans-<replaceable>name</replaceable></literal> + where <replaceable>name</replaceable> is the name of the + corresponding attribute name. + ''; + example = literalExample '' + { + foo = { + server = "192.0.2.1"; + extraConfig = "-v"; + } + } + ''; + type = types.attrsOf (types.submodule ( + { + options = { + server = mkOption { + type = types.str; + default = ""; + description = "IP address of server running hans"; + example = "192.0.2.1"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-v"; + }; + + passwordFile = mkOption { + type = types.str; + default = ""; + description = "File that containts password"; + }; + + }; + })); + }; + + server = { + enable = mkOption { + type = types.bool; + default = false; + description = "enable hans server"; + }; + + ip = mkOption { + type = types.str; + default = ""; + description = "The assigned ip range"; + example = "198.51.100.0"; + }; + + respondToSystemPings = mkOption { + type = types.bool; + default = false; + description = "Force hans respond to ordinary pings"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-v"; + }; + + passwordFile = mkOption { + type = types.str; + default = ""; + description = "File that containts password"; + }; + }; + + }; + }; + + ### implementation + + config = mkIf (cfg.server.enable || cfg.clients != {}) { + boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings { + "net.ipv4.icmp_echo_ignore_all" = 1; + }; + + boot.kernelModules = [ "tun" ]; + + systemd.services = + let + createHansClientService = name: cfg: + { + description = "hans client - ${name}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; + serviceConfig = { + RestartSec = "30s"; + Restart = "always"; + }; + }; + in + listToAttrs ( + mapAttrsToList + (name: value: nameValuePair "hans-${name}" (createHansClientService name value)) + cfg.clients + ) // { + hans = mkIf (cfg.server.enable) { + description = "hans, ip over icmp server daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; + }; + }; + + users.extraUsers = singleton { + name = hansUser; + description = "Hans daemon user"; + }; + }; + + meta.maintainers = with maintainers; [ gnidorah ]; +} diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix index 512dbd77ae4b..709c36ee54f0 100644 --- a/nixos/modules/services/networking/iodine.nix +++ b/nixos/modules/services/networking/iodine.nix @@ -32,7 +32,7 @@ in foo = { server = "tunnel.mdomain.com"; relay = "8.8.8.8"; - extraConfig = "-P mysecurepassword"; + extraConfig = "-v"; } } ''; @@ -57,7 +57,13 @@ in type = types.str; default = ""; description = "Additional command line parameters"; - example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + example = "-l 192.168.1.10 -p 23"; + }; + + passwordFile = mkOption { + type = types.str; + default = ""; + description = "File that containts password"; }; }; })); @@ -88,7 +94,13 @@ in type = types.str; default = ""; description = "Additional command line parameters"; - example = "-P mysecurepassword -l 192.168.1.10 -p 23"; + example = "-l 192.168.1.10 -p 23"; + }; + + passwordFile = mkOption { + type = types.str; + default = ""; + description = "File that containts password"; }; }; @@ -108,10 +120,10 @@ in description = "iodine client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + script = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.relay} ${cfg.server}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; - ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}"; }; }; in @@ -124,7 +136,7 @@ in description = "iodine, ip over dns server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}"; + script = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.server.ip} ${cfg.server.domain}"; }; }; |