diff options
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/cjdns.nix | 51 | ||||
-rw-r--r-- | nixos/modules/services/networking/dante.nix | 61 | ||||
-rw-r--r-- | nixos/modules/services/networking/flannel.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/hostapd.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/nntp-proxy.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/nsd.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/quassel.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 |
8 files changed, 88 insertions, 43 deletions
diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index 7e981183353d..f50dae2ab7be 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -19,30 +19,21 @@ let type = types.str; description = "Public key at the opposite end of the tunnel."; }; - hostname = mkOption { - default = ""; - example = "foobar.hype"; - type = types.str; - description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; - }; }; }; - # Additional /etc/hosts entries for peers with an associated hostname - cjdnsExtraHosts = import (pkgs.runCommand "cjdns-hosts" {} - # Generate a builder that produces an output usable as a Nix string value - '' - exec >$out - echo \'\' - ${concatStringsSep "\n" (mapAttrsToList (k: v: - optionalString (v.hostname != "") - "echo $(${pkgs.cjdns}/bin/publictoip6 ${v.publicKey}) ${v.hostname}") - (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo))} - echo \'\' - ''); - - parseModules = x: - x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; }; + # check for the required attributes, otherwise + # permit attributes not undefined here + checkPeers = x: + x // { + connectTo = mapAttrs + (name: value: + if !hasAttr "publicKey" value then abort "cjdns peer ${name} missing a publicKey" else + if !hasAttr "password" value then abort "cjdns peer ${name} missing a password" else + value + ) + x.connectTo; + }; # would be nice to merge 'cfg' with a //, # but the json nesting is wacky. @@ -53,8 +44,8 @@ let }; authorizedPasswords = map (p: { password = p; }) cfg.authorizedPasswords; interfaces = { - ETHInterface = if (cfg.ETHInterface.bind != "") then [ (parseModules cfg.ETHInterface) ] else [ ]; - UDPInterface = if (cfg.UDPInterface.bind != "") then [ (parseModules cfg.UDPInterface) ] else [ ]; + ETHInterface = if (cfg.ETHInterface.bind != "") then [ (checkPeers cfg.ETHInterface) ] else [ ]; + UDPInterface = if (cfg.UDPInterface.bind != "") then [ (checkPeers cfg.UDPInterface) ] else [ ]; }; privateKey = "@CJDNS_PRIVATE_KEY@"; @@ -134,12 +125,12 @@ in ''; }; connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + type = types.attrsOf (types.attrsOf types.str); default = { }; example = { "192.168.1.1:27313" = { - hostname = "homer.hype"; - password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; + user = "foobar"; + password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; }; }; @@ -179,12 +170,12 @@ in }; connectTo = mkOption { - type = types.attrsOf ( types.submodule ( connectToSubmodule ) ); + type = types.attrsOf (types.attrsOf types.str); default = { }; example = { "01:02:03:04:05:06" = { - hostname = "homer.hype"; - password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; + user = "foobar"; + password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; }; }; @@ -254,8 +245,6 @@ in }; }; - networking.extraHosts = cjdnsExtraHosts; - assertions = [ { assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile != null ); message = "Neither cjdns.ETHInterface.bind nor cjdns.UDPInterface.bind defined."; diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix new file mode 100644 index 000000000000..8f4e15223ab0 --- /dev/null +++ b/nixos/modules/services/networking/dante.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.services.dante; + confFile = pkgs.writeText "dante-sockd.conf" '' + user.privileged: root + user.unprivileged: dante + + ${cfg.config} + ''; +in + +{ + meta = { + maintainers = with maintainers; [ arobyn ]; + }; + + options = { + services.dante = { + enable = mkEnableOption "Dante SOCKS proxy"; + + config = mkOption { + default = null; + type = types.str; + description = '' + Contents of Dante's configuration file + NOTE: user.privileged/user.unprivileged are set by the service + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.config != null; + message = "please provide Dante configuration file contents"; + } + ]; + + users.users.dante = { + description = "Dante SOCKS proxy daemon user"; + isSystemUser = true; + group = "dante"; + }; + users.groups.dante = {}; + + systemd.services.dante = { + description = "Dante SOCKS v4 and v5 compatible proxy server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.dante}/bin/sockd -f ${confFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix index 28b6c4f657dd..ca47a18bc1f6 100644 --- a/nixos/modules/services/networking/flannel.nix +++ b/nixos/modules/services/networking/flannel.nix @@ -20,6 +20,7 @@ in { description = "Package to use for flannel"; type = types.package; default = pkgs.flannel.bin; + defaultText = "pkgs.flannel.bin"; }; publicIp = mkOption { diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 51f95af48029..fd4545e88e2d 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -86,7 +86,7 @@ in hwMode = mkOption { default = "g"; - type = types.string; + type = types.enum [ "a" "b" "g" ]; description = '' Operation mode. (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g). @@ -152,9 +152,6 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = (cfg.hwMode == "a" || cfg.hwMode == "b" || cfg.hwMode == "g"); - message = "hwMode must be a/b/g"; - } { assertion = (cfg.channel >= 1 && cfg.channel <= 13); message = "channel must be between 1 and 13"; }]; diff --git a/nixos/modules/services/networking/nntp-proxy.nix b/nixos/modules/services/networking/nntp-proxy.nix index dca8ccac7627..7eebecb23b00 100644 --- a/nixos/modules/services/networking/nntp-proxy.nix +++ b/nixos/modules/services/networking/nntp-proxy.nix @@ -148,11 +148,11 @@ in }; verbosity = mkOption { - type = types.str; + type = types.enum [ "error" "warning" "notice" "info" "debug" ]; default = "info"; example = "error"; description = '' - Verbosity level (error, warning, notice, info, debug) + Verbosity level ''; }; diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index ccfd219620cf..481e267f6c38 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -345,12 +345,10 @@ let }; rrlWhitelist = mkOption { - type = types.listOf types.str; + type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]); default = []; description = '' Whitelists the given rrl-types. - The RRL classification types are: nxdomain, error, referral, any, - rrsig, wildcard, nodata, dnskey, positive, all ''; }; diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index 3f0906fdb80d..edcc12170b20 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -26,10 +26,11 @@ in package = mkOption { type = types.package; default = pkgs.kde4.quasselDaemon; + defaultText = "pkgs.kde4.quasselDaemon"; description = '' The package of the quassel daemon. ''; - example = pkgs.quasselDaemon; + example = literalExample "pkgs.quasselDaemon"; }; interfaces = mkOption { diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 81941ce1cfb6..073391ffdbbc 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -228,8 +228,6 @@ in config = mkIf cfg.enable { - programs.ssh.setXAuthLocation = mkForce cfg.forwardX11; - users.extraUsers.sshd = { isSystemUser = true; description = "SSH privilege separation user"; |