diff options
| author | Joachim F <joachifm@users.noreply.github.com> | 2016-10-28 13:01:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-28 13:01:58 +0200 |
| commit | 1da6dd3eeeb5487ee56a84db1800272f62599c0f (patch) | |
| tree | 0bf7fec16585309decf0cd6b41e030049ca5b49c /nixos/modules/services | |
| parent | cb2de9354f6d5bf3fddc0579e5e1480036b15436 (diff) | |
| parent | 8180922d236c53b5e09cfe1b63f6c12977bb2803 (diff) | |
| download | nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar.gz nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar.bz2 nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar.lz nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar.xz nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.tar.zst nixlib-1da6dd3eeeb5487ee56a84db1800272f62599c0f.zip | |
Merge pull request #19875 from joachifm/cjdns-for-upstream
Cjdns module enhancments
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/networking/cjdns-hosts.sh | 11 | ||||
| -rw-r--r-- | nixos/modules/services/networking/cjdns.nix | 55 |
2 files changed, 28 insertions, 38 deletions
diff --git a/nixos/modules/services/networking/cjdns-hosts.sh b/nixos/modules/services/networking/cjdns-hosts.sh deleted file mode 100644 index 8a2b47e52143..000000000000 --- a/nixos/modules/services/networking/cjdns-hosts.sh +++ /dev/null @@ -1,11 +0,0 @@ -pubs=($pubs) -hosts=($hosts) - -lines="''\n" -for ((i = 0; i < ${#pubs[*]}; i++)); do - addr=$($cjdns/bin/publictoip6 ${pubs[i]}) - lines="${lines}$addr ${hosts[i]}\n" -done -lines="${lines}''" - -echo -ne $lines > $out diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index cb00139c5f1c..5e15e40ea0c1 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -28,21 +28,18 @@ let }; }; - peers = mapAttrsToList (n: v: v) (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo); - - pubs = toString (map (p: if p.hostname == "" then "" else p.publicKey) peers); - hosts = toString (map (p: if p.hostname == "" then "" else p.hostname) peers); - - cjdnsHosts = - if hosts != "" then - import (pkgs.stdenv.mkDerivation { - name = "cjdns-hosts"; - builder = ./cjdns-hosts.sh; - - inherit (pkgs) cjdns; - inherit pubs hosts; - }) - else ""; + # Additional /etc/hosts entries for peers with an associated hostname + cjdnsExtraHosts = import (pkgs.runCommand "cjdns-hosts" {} + # Generate a builder that produces an output usable as a Nix string value + '' + exec >$out + echo \'\' + ${concatStringsSep "\n" (mapAttrsToList (k: v: + optionalString (v.hostname != "") + "echo $(${pkgs.cjdns}/bin/publictoip6 ${x.key}) ${x.host}") + (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} + echo \'\' + ''); parseModules = x: x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; @@ -95,8 +92,8 @@ in }; confFile = mkOption { - type = types.str; - default = ""; + type = types.nullOr types.path; + default = null; example = "/etc/cjdroute.conf"; description = '' Ignore all other cjdns options and load configuration from this file. @@ -112,14 +109,14 @@ in "49275fut6tmzu354pq70sr5b95qq0vj" ]; description = '' - Any remote cjdns nodes that offer these passwords on + Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node. ''; }; - + admin = { bind = mkOption { - type = types.string; + type = types.str; default = "127.0.0.1:11234"; description = '' Bind the administration port to this address and port. @@ -129,7 +126,7 @@ in UDPInterface = { bind = mkOption { - type = types.string; + type = types.str; default = ""; example = "192.168.1.32:43211"; description = '' @@ -154,6 +151,7 @@ in ETHInterface = { bind = mkOption { + type = types.str; default = ""; example = "eth0"; description = @@ -201,7 +199,7 @@ in }; - config = mkIf config.services.cjdns.enable { + config = mkIf cfg.enable { boot.kernelModules = [ "tun" ]; @@ -212,7 +210,7 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = if cfg.confFile != "" then "" else '' + preStart = if cfg.confFile != null then "" else '' [ -e /etc/cjdns.keys ] && source /etc/cjdns.keys if [ -z "$CJDNS_PRIVATE_KEY" ]; then @@ -228,13 +226,13 @@ in fi if [ -z "$CJDNS_ADMIN_PASSWORD" ]; then - echo "CJDNS_ADMIN_PASSWORD=$(${pkgs.coreutils}/bin/head -c 96 /dev/urandom | ${pkgs.coreutils}/bin/tr -dc A-Za-z0-9)" \ + echo "CJDNS_ADMIN_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 96)" \ >> /etc/cjdns.keys fi ''; script = ( - if cfg.confFile != "" then "${pkg}/bin/cjdroute < ${cfg.confFile}" else + if cfg.confFile != null then "${pkg}/bin/cjdroute < ${cfg.confFile}" else '' source /etc/cjdns.keys echo '${cjdrouteConf}' | sed \ @@ -247,13 +245,16 @@ in serviceConfig = { Type = "forking"; Restart = "on-failure"; + + ProtectHome = true; + PrivateTmp = true; }; }; - networking.extraHosts = "${cjdnsHosts}"; + networking.extraHosts = cjdnsExtraHosts; assertions = [ - { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != "" ); + { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != null ); message = "Neither cjdns.ETHInterface.bind nor cjdns.UDPInterface.bind defined."; } { assertion = config.networking.enableIPv6; |