commit
14e66c1659
@ -481,6 +481,7 @@
|
||||
./services/networking/gnunet.nix
|
||||
./services/networking/gogoclient.nix
|
||||
./services/networking/gvpe.nix
|
||||
./services/networking/hans.nix
|
||||
./services/networking/haproxy.nix
|
||||
./services/networking/heyefi.nix
|
||||
./services/networking/hostapd.nix
|
||||
|
145
nixos/modules/services/networking/hans.nix
Normal file
145
nixos/modules/services/networking/hans.nix
Normal file
@ -0,0 +1,145 @@
|
||||
# NixOS module for hans, ip over icmp daemon
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.hans;
|
||||
|
||||
hansUser = "hans";
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
### configuration
|
||||
|
||||
options = {
|
||||
|
||||
services.hans = {
|
||||
clients = mkOption {
|
||||
default = {};
|
||||
description = ''
|
||||
Each attribute of this option defines a systemd service that
|
||||
runs hans. Many or none may be defined.
|
||||
The name of each service is
|
||||
<literal>hans-<replaceable>name</replaceable></literal>
|
||||
where <replaceable>name</replaceable> is the name of the
|
||||
corresponding attribute name.
|
||||
'';
|
||||
example = literalExample ''
|
||||
{
|
||||
foo = {
|
||||
server = "192.0.2.1";
|
||||
extraConfig = "-v";
|
||||
}
|
||||
}
|
||||
'';
|
||||
type = types.attrsOf (types.submodule (
|
||||
{
|
||||
options = {
|
||||
server = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "IP address of server running hans";
|
||||
example = "192.0.2.1";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Additional command line parameters";
|
||||
example = "-v";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "File that containts password";
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
server = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "enable hans server";
|
||||
};
|
||||
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "The assigned ip range";
|
||||
example = "198.51.100.0";
|
||||
};
|
||||
|
||||
respondToSystemPings = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Force hans respond to ordinary pings";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Additional command line parameters";
|
||||
example = "-v";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "File that containts password";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
### implementation
|
||||
|
||||
config = mkIf (cfg.server.enable || cfg.clients != {}) {
|
||||
boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings {
|
||||
"net.ipv4.icmp_echo_ignore_all" = 1;
|
||||
};
|
||||
|
||||
boot.kernelModules = [ "tun" ];
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
createHansClientService = name: cfg:
|
||||
{
|
||||
description = "hans client - ${name}";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
|
||||
serviceConfig = {
|
||||
RestartSec = "30s";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
in
|
||||
listToAttrs (
|
||||
mapAttrsToList
|
||||
(name: value: nameValuePair "hans-${name}" (createHansClientService name value))
|
||||
cfg.clients
|
||||
) // {
|
||||
hans = mkIf (cfg.server.enable) {
|
||||
description = "hans, ip over icmp server daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
name = hansUser;
|
||||
description = "Hans daemon user";
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ gnidorah ];
|
||||
}
|
@ -32,7 +32,7 @@ in
|
||||
foo = {
|
||||
server = "tunnel.mdomain.com";
|
||||
relay = "8.8.8.8";
|
||||
extraConfig = "-P mysecurepassword";
|
||||
extraConfig = "-v";
|
||||
}
|
||||
}
|
||||
'';
|
||||
@ -57,7 +57,13 @@ in
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Additional command line parameters";
|
||||
example = "-P mysecurepassword -l 192.168.1.10 -p 23";
|
||||
example = "-l 192.168.1.10 -p 23";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "File that containts password";
|
||||
};
|
||||
};
|
||||
}));
|
||||
@ -88,7 +94,13 @@ in
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Additional command line parameters";
|
||||
example = "-P mysecurepassword -l 192.168.1.10 -p 23";
|
||||
example = "-l 192.168.1.10 -p 23";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "File that containts password";
|
||||
};
|
||||
};
|
||||
|
||||
@ -108,10 +120,10 @@ in
|
||||
description = "iodine client - ${name}";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.relay} ${cfg.server}";
|
||||
serviceConfig = {
|
||||
RestartSec = "30s";
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}";
|
||||
};
|
||||
};
|
||||
in
|
||||
@ -124,7 +136,7 @@ in
|
||||
description = "iodine, ip over dns server daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}";
|
||||
script = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.server.ip} ${cfg.server.domain}";
|
||||
};
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user