# NixOS module for hans, ip over icmp daemon { config, lib, pkgs, ... }: with lib; let cfg = config.services.hans; hansUser = "hans"; in { ### configuration options = { services.hans = { clients = mkOption { default = {}; description = '' Each attribute of this option defines a systemd service that runs hans. Many or none may be defined. The name of each service is hans-name where name is the name of the corresponding attribute name. ''; example = literalExample '' { foo = { server = "192.0.2.1"; extraConfig = "-v"; } } ''; type = types.attrsOf (types.submodule ( { options = { server = mkOption { type = types.str; default = ""; description = "IP address of server running hans"; example = "192.0.2.1"; }; extraConfig = mkOption { type = types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; description = "File that containts password"; }; }; })); }; server = { enable = mkOption { type = types.bool; default = false; description = "enable hans server"; }; ip = mkOption { type = types.str; default = ""; description = "The assigned ip range"; example = "198.51.100.0"; }; respondToSystemPings = mkOption { type = types.bool; default = false; description = "Force hans respond to ordinary pings"; }; extraConfig = mkOption { type = types.str; default = ""; description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; description = "File that containts password"; }; }; }; }; ### implementation config = mkIf (cfg.server.enable || cfg.clients != {}) { boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings { "net.ipv4.icmp_echo_ignore_all" = 1; }; boot.kernelModules = [ "tun" ]; systemd.services = let createHansClientService = name: cfg: { description = "hans client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; }; }; in listToAttrs ( mapAttrsToList (name: value: nameValuePair "hans-${name}" (createHansClientService name value)) cfg.clients ) // { hans = mkIf (cfg.server.enable) { description = "hans, ip over icmp server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}"; }; }; users.users = singleton { name = hansUser; description = "Hans daemon user"; isSystemUser = true; }; }; meta.maintainers = with maintainers; [ gnidorah ]; }