diff --git a/system/options.nix b/system/options.nix index 70555424fa59..3a24c8dd7fcc 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1299,72 +1299,6 @@ in }; - gw6c = { - - enable = mkOption { - default = false; - description = " - Whether to enable Gateway6 client (IPv6 tunnel). - "; - }; - - autorun = mkOption { - default = true; - description = " - Switch to false to create upstart-job and configuration, - but not run it automatically - "; - }; - - username = mkOption { - default = ""; - description = " - Your Gateway6 login name, if any. - "; - }; - - password = mkOption { - default = ""; - description = " - Your Gateway6 password, if any. - "; - }; - - server = mkOption { - default = "anon.freenet6.net"; - example = "broker.freenet6.net"; - description = " - Used Gateway6 server. - "; - }; - - keepAlive = mkOption { - default = "30"; - example = "2"; - description = " - Gateway6 keep-alive period. - "; - }; - - everPing = mkOption { - default = "1000000"; - example = "2"; - description = " - Gateway6 manual ping period. - "; - }; - - waitPingableBroker = mkOption { - default = true; - example = false; - description = " - Whether to wait until tunnel broker returns ICMP echo. - "; - }; - - }; - - ircdHybrid = { enable = mkOption { @@ -1978,32 +1912,6 @@ in }; - security = { - - seccureKeys = { - public = mkOption { - default = /var/elliptic-keys/public; - description = " - Public key. Make it path argument, so it is copied into store and - hashed. - - The key is used to encrypt Gateway 6 configuration in store, as it - contains a password for external service. Unfortunately, - derivation file should be protected by other means. For example, - nix-http-export.cgi will happily export any non-derivation path, - but not a derivation. - "; - }; - private = mkOption { - default = "/var/elliptic-keys/private"; - description = " - Private key. Make it string argument, so it is not copied into store. - "; - }; - }; - - }; - nesting = { children = mkOption { @@ -2082,6 +1990,8 @@ in (import ../upstart-jobs/guest-users.nix) (import ../upstart-jobs/pulseaudio.nix) (import ../upstart-jobs/kbd.nix) + (import ../upstart-jobs/gw6c.nix) # Gateway6 + #users (import ../upstart-jobs/ldap) diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 04e4a470b0dc..6d3864f1a6f1 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -262,12 +262,6 @@ let inherit config pkgs modprobe; }) - # Gateway6 - ++ optional config.services.gw6c.enable - (import ../upstart-jobs/gw6c.nix { - inherit config pkgs; - }) - # VSFTPd server ++ optional config.services.vsftpd.enable (import ../upstart-jobs/vsftpd.nix { diff --git a/upstart-jobs/gw6c.nix b/upstart-jobs/gw6c.nix index f3332f9e8f3d..21596c22dfad 100644 --- a/upstart-jobs/gw6c.nix +++ b/upstart-jobs/gw6c.nix @@ -1,8 +1,106 @@ -{config, pkgs}: +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + gw6c = { + enable = mkOption { + default = false; + description = " + Whether to enable Gateway6 client (IPv6 tunnel). + "; + }; + + autorun = mkOption { + default = true; + description = " + Switch to false to create upstart-job and configuration, + but not run it automatically + "; + }; + + username = mkOption { + default = ""; + description = " + Your Gateway6 login name, if any. + "; + }; + + password = mkOption { + default = ""; + description = " + Your Gateway6 password, if any. + "; + }; + + server = mkOption { + default = "anon.freenet6.net"; + example = "broker.freenet6.net"; + description = " + Used Gateway6 server. + "; + }; + + keepAlive = mkOption { + default = "30"; + example = "2"; + description = " + Gateway6 keep-alive period. + "; + }; + + everPing = mkOption { + default = "1000000"; + example = "2"; + description = " + Gateway6 manual ping period. + "; + }; + + waitPingableBroker = mkOption { + default = true; + example = false; + description = " + Whether to wait until tunnel broker returns ICMP echo. + "; + }; + }; + }; + security = { + seccureKeys = { + public = mkOption { + default = /var/elliptic-keys/public; + description = " + Public key. Make it path argument, so it is copied into store and + hashed. + + The key is used to encrypt Gateway 6 configuration in store, as it + contains a password for external service. Unfortunately, + derivation file should be protected by other means. For example, + nix-http-export.cgi will happily export any non-derivation path, + but not a derivation. + "; + }; + private = mkOption { + default = "/var/elliptic-keys/private"; + description = " + Private key. Make it string argument, so it is not copied into store. + "; + }; + }; + }; + }; +in + +###### implementation + let cfg = config.services.gw6c; procps = pkgs.procps; - gw6cService = import ../services/gw6c { + gw6cService = import ../../services/gw6c { inherit (pkgs) stdenv gw6c coreutils procps upstart iputils gnused gnugrep seccureUser writeScript; @@ -17,16 +115,26 @@ let waitPingableBroker = cfg.waitPingableBroker; }; in -{ + + +mkIf config.services.gw6c.enable { + require = [ + options + ]; + + services = { + extraJobs = [{ name = "gw6c"; users = []; groups = []; - job = " -description \"Gateway6 client\" + job = '' + description \"Gateway6 client\" -start on ${ if cfg.autorun then "network-interfaces/started" else "never" } -stop on network-interfaces/stop + start on ${ if cfg.autorun then "network-interfaces/started" else "never" } + stop on network-interfaces/stop -respawn ${gw6cService}/bin/control start -"; + respawn ${gw6cService}/bin/control start + ''; + }]; + }; }