diff options
author | gnidorah <gnidorah@users.noreply.github.com> | 2018-03-27 19:43:11 +0300 |
---|---|---|
committer | gnidorah <gnidorah@users.noreply.github.com> | 2018-03-27 22:25:22 +0300 |
commit | b2be363fea1016a28085de22dd386307edbe0409 (patch) | |
tree | 640da8977a797b14e50a235a39b83e661fb46897 /nixos/modules/services/networking | |
parent | d2d07a0bceb28a7bcbee5b63aa931eb3c23148a2 (diff) | |
download | nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar.gz nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar.bz2 nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar.lz nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar.xz nixlib-b2be363fea1016a28085de22dd386307edbe0409.tar.zst nixlib-b2be363fea1016a28085de22dd386307edbe0409.zip |
nixos/hans: init
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/hans.nix | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix new file mode 100644 index 000000000000..24a7edaea454 --- /dev/null +++ b/nixos/modules/services/networking/hans.nix @@ -0,0 +1,132 @@ +# NixOS module for hans, ip over icmp daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.hans; + + hansUser = "hans"; + +in +{ + + ### configuration + + options = { + + services.hans = { + clients = mkOption { + default = {}; + description = '' + Each attribute of this option defines a systemd service that + runs hans. Many or none may be defined. + The name of each service is + <literal>hans-<replaceable>name</replaceable></literal> + where <replaceable>name</replaceable> is the name of the + corresponding attribute name. + ''; + example = literalExample '' + { + foo = { + server = "192.0.2.1"; + extraConfig = "-p mysecurepassword"; + } + } + ''; + type = types.attrsOf (types.submodule ( + { + options = { + server = mkOption { + type = types.str; + default = ""; + description = "IP address of server running hans"; + example = "192.0.2.1"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-p mysecurepassword"; + }; + }; + })); + }; + + server = { + enable = mkOption { + type = types.bool; + default = false; + description = "enable hans server"; + }; + + ip = mkOption { + type = types.str; + default = ""; + description = "The assigned ip range"; + example = "198.51.100.0"; + }; + + systemPings = mkOption { + type = types.bool; + default = false; + description = "Respond to ordinary pings"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Additional command line parameters"; + example = "-p mysecurepassword"; + }; + }; + + }; + }; + + ### implementation + + config = mkIf (cfg.server.enable || cfg.clients != {}) { + boot.kernel.sysctl = optionalAttrs cfg.server.systemPings { + "net.ipv4.icmp_echo_ignore_all" = 1; + }; + + boot.kernelModules = [ "tun" ]; + + systemd.services = + let + createHansClientService = name: cfg: + { + description = "hans client - ${name}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + RestartSec = "30s"; + Restart = "always"; + ExecStart = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server}"; + }; + }; + in + listToAttrs ( + mapAttrsToList + (name: value: nameValuePair "hans-${name}" (createHansClientService name value)) + cfg.clients + ) // { + hans = mkIf (cfg.server.enable) { + description = "hans, ip over icmp server daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.systemPings "-r"}"; + }; + }; + + users.extraUsers = singleton { + name = hansUser; + description = "Hans daemon user"; + }; + }; + + meta.maintainers = with maintainers; [ gnidorah ]; +} |