cjdns: update to 20130303
build system is now nodejs based new nixos module to start cjdns
This commit is contained in:
parent
29c0d0047f
commit
316e809ff8
@ -159,6 +159,7 @@
|
||||
./services/networking/bind.nix
|
||||
./services/networking/bitlbee.nix
|
||||
./services/networking/btsync.nix
|
||||
./services/networking/cjdns.nix
|
||||
./services/networking/connman.nix
|
||||
./services/networking/cntlm.nix
|
||||
./services/networking/chrony.nix
|
||||
|
207
nixos/modules/services/networking/cjdns.nix
Normal file
207
nixos/modules/services/networking/cjdns.nix
Normal file
@ -0,0 +1,207 @@
|
||||
# You may notice the commented out sections in this file,
|
||||
# it would be great to configure cjdns from nix, but cjdns
|
||||
# reads its configuration from stdin, including the private
|
||||
# key and admin password, all nested in a JSON structure.
|
||||
#
|
||||
# Until a good method of storing the keys outside the nix
|
||||
# store and mixing them back into a string is devised
|
||||
# (without too much shell hackery), a skeleton of the
|
||||
# configuration building lies commented out.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.cjdns;
|
||||
|
||||
/*
|
||||
# can't keep keys and passwords in the nix store,
|
||||
# but don't want to deal with this stdin quagmire.
|
||||
|
||||
cjdrouteConf = '' {
|
||||
"admin": {"bind": "${cfg.admin.bind}", "password": "\${CJDNS_ADMIN}" },
|
||||
"privateKey": "\${CJDNS_KEY}",
|
||||
|
||||
"interfaces": {
|
||||
''
|
||||
|
||||
+ optionalString (cfg.interfaces.udp.bind.address != null) ''
|
||||
"UDPInterface": [ {
|
||||
"bind": "${cfg.interfaces.udp.bind.address}:"''
|
||||
${if cfg.interfaces.upd.bind.port != null
|
||||
then ${toString cfg.interfaces.udp.bind.port}
|
||||
else ${RANDOM}
|
||||
fi)
|
||||
+ '' } ]''
|
||||
|
||||
+ (if cfg.interfaces.eth.bind != null then ''
|
||||
"ETHInterface": [ {
|
||||
"bind": "${cfg.interfaces.eth.bind}",
|
||||
"beacon": ${toString cfg.interfaces.eth.beacon}
|
||||
} ]
|
||||
'' fi )
|
||||
+ ''
|
||||
},
|
||||
"router": { "interface": { "type": "TUNInterface" }, },
|
||||
"security": [ { "setuser": "nobody" } ]
|
||||
}
|
||||
'';
|
||||
|
||||
cjdrouteConfFile = pkgs.writeText "cjdroute.conf" cjdrouteConf
|
||||
*/
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
services.cjdns = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable this option to start a instance of the
|
||||
cjdns network encryption and and routing engine.
|
||||
Configuration will be read from <literal>confFile</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
confFile = mkOption {
|
||||
default = "/etc/cjdroute.conf";
|
||||
description = ''
|
||||
Configuration file to pipe to cjdroute.
|
||||
'';
|
||||
};
|
||||
|
||||
/*
|
||||
admin = {
|
||||
bind = mkOption {
|
||||
default = "127.0.0.1:11234";
|
||||
description = ''
|
||||
Bind the administration port to this address and port.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
example = "/root/cjdns.adminPassword";
|
||||
description = ''
|
||||
File containing a password to the administration port.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
keyFile = mkOption {
|
||||
type = types.str;
|
||||
example = "/root/cjdns.key";
|
||||
description = ''
|
||||
Path to a file containing a cjdns private key on a single line.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordsFile = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
example = "/root/cjdns.authorizedPasswords";
|
||||
description = ''
|
||||
A file containing a list of json dictionaries with passwords.
|
||||
For example:
|
||||
{"password": "s8xf5z7znl4jt05g922n3wpk75wkypk"},
|
||||
{ "name": "nice guy",
|
||||
"password": "xhthk1mglz8tpjrbbvdlhyc092rhpx5"},
|
||||
{"password": "3qfxyhmrht7uwzq29pmhbdm9w4bnc8w"}
|
||||
'';
|
||||
};
|
||||
|
||||
interfaces = {
|
||||
udp = {
|
||||
bind = {
|
||||
address = mkOption {
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
Address to bind UDP tunnels to; disable by setting to null;
|
||||
'';
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = null;
|
||||
description = ''
|
||||
Port to bind UDP tunnels to.
|
||||
A port will be choosen at random if this is not set.
|
||||
This option is required to act as the server end of
|
||||
a tunnel.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
eth = {
|
||||
bind = mkOption {
|
||||
default = null;
|
||||
example = "eth0";
|
||||
description = ''
|
||||
Bind to this device and operate with native wire format.
|
||||
'';
|
||||
};
|
||||
|
||||
beacon = mkOption {
|
||||
default = 2;
|
||||
description = ''
|
||||
Auto-connect to other cjdns nodes on the same network.
|
||||
Options:
|
||||
0 -- Disabled.
|
||||
|
||||
1 -- Accept beacons, this will cause cjdns to accept incoming
|
||||
beacon messages and try connecting to the sender.
|
||||
|
||||
2 -- Accept and send beacons, this will cause cjdns to broadcast
|
||||
messages on the local network which contain a randomly
|
||||
generated per-session password, other nodes which have this
|
||||
set to 1 or 2 will hear the beacon messages and connect
|
||||
automatically.
|
||||
'';
|
||||
};
|
||||
|
||||
connectTo = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Credentials for connecting look similar to UDP credientials
|
||||
except they begin with the mac address, for example:
|
||||
"01:02:03:04:05:06":{"password":"a","publicKey":"b"}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.services.cjdns.enable {
|
||||
|
||||
boot.kernelModules = [ "tun" ];
|
||||
|
||||
/*
|
||||
networking.firewall.allowedUDPPorts = mkIf (cfg.udp.bind.port != null) [
|
||||
cfg.udp.bind.port
|
||||
];
|
||||
*/
|
||||
|
||||
systemd.services.cjdns = {
|
||||
description = "encrypted networking for everybody";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network.target" ];
|
||||
before = [ "network.target" ];
|
||||
path = [ pkgs.cjdns ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = ''
|
||||
${pkgs.stdenv.shell} -c "${pkgs.cjdns}/sbin/cjdroute < ${cfg.confFile}"
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
9
pkgs/tools/networking/cjdns/builder.sh
Normal file
9
pkgs/tools/networking/cjdns/builder.sh
Normal file
@ -0,0 +1,9 @@
|
||||
source $stdenv/setup
|
||||
|
||||
unpackPhase
|
||||
cd git-export
|
||||
|
||||
bash do
|
||||
|
||||
mkdir -p $out/sbin
|
||||
cp cjdroute $out/sbin
|
@ -1,31 +1,27 @@
|
||||
{ stdenv, fetchgit, cmake }:
|
||||
{ stdenv, fetchgit, nodejs, which, python27 }:
|
||||
|
||||
let
|
||||
rev = "f7b02ac0cc";
|
||||
date = "20140303";
|
||||
rev = "f11ce1fd4795b0173ac0ef18c8a6f752aa824adb";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
name = "cjdns-20130620-${stdenv.lib.strings.substring 0 7 rev}";
|
||||
name = "cjdns-${date}-${stdenv.lib.strings.substring 0 7 rev}";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://github.com/cjdelisle/cjdns.git";
|
||||
url = "git://github.com/cjdelisle/cjdns.git";
|
||||
inherit rev;
|
||||
sha256 = "1580a62yhph62nv7q2jdqrbkyk9a9g5i17snibkxyykc7rili5zq";
|
||||
sha256 = "1bxhf9f1v0slf9mz3ll6jf45mkwvwxlf3yqxx9k23kjyr1nsc8s8";
|
||||
};
|
||||
|
||||
preConfigure = ''
|
||||
sed -i -e '/toolchain.*CACHE/d' CMakeLists.txt
|
||||
'';
|
||||
buildInputs = [ which python27 nodejs];
|
||||
|
||||
doCheck = true;
|
||||
checkPhase = "ctest";
|
||||
|
||||
buildInputs = [ cmake ];
|
||||
builder = ./builder.sh;
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/cjdelisle/cjdns;
|
||||
description = "Encrypted networking for regular people";
|
||||
license = "GPLv3+";
|
||||
maintainers = with stdenv.lib.maintainers; [viric];
|
||||
platforms = with stdenv.lib.platforms; linux;
|
||||
license = stdenv.lib.licenses.gpl3;
|
||||
maintainers = with stdenv.lib.maintainers; [ viric emery ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user