| blob | b1cb37158a04389a0c862cc700fad53097bca910 |
1 # NixOS module for hans, ip over icmp daemon
2 { config, lib, pkgs, ... }:
3 let
4 cfg = config.services.hans;
6 hansUser = "hans";
8 in
9 {
11 ### configuration
13 options = {
15 services.hans = {
16 clients = lib.mkOption {
17 default = {};
18 description = ''
19 Each attribute of this option defines a systemd service that
20 runs hans. Many or none may be defined.
21 The name of each service is
22 `hans-«name»`
23 where «name» is the name of the
24 corresponding attribute name.
25 '';
26 example = lib.literalExpression ''
27 {
28 foo = {
29 server = "192.0.2.1";
30 extraConfig = "-v";
31 }
32 }
33 '';
34 type = lib.types.attrsOf (lib.types.submodule (
35 {
36 options = {
37 server = lib.mkOption {
38 type = lib.types.str;
39 default = "";
40 description = "IP address of server running hans";
41 example = "192.0.2.1";
42 };
44 extraConfig = lib.mkOption {
45 type = lib.types.str;
46 default = "";
47 description = "Additional command line parameters";
48 example = "-v";
49 };
51 passwordFile = lib.mkOption {
52 type = lib.types.str;
53 default = "";
54 description = "File that contains password";
55 };
57 };
58 }));
59 };
61 server = {
62 enable = lib.mkOption {
63 type = lib.types.bool;
64 default = false;
65 description = "enable hans server";
66 };
68 ip = lib.mkOption {
69 type = lib.types.str;
70 default = "";
71 description = "The assigned ip range";
72 example = "198.51.100.0";
73 };
75 respondToSystemPings = lib.mkOption {
76 type = lib.types.bool;
77 default = false;
78 description = "Force hans respond to ordinary pings";
79 };
81 extraConfig = lib.mkOption {
82 type = lib.types.str;
83 default = "";
84 description = "Additional command line parameters";
85 example = "-v";
86 };
88 passwordFile = lib.mkOption {
89 type = lib.types.str;
90 default = "";
91 description = "File that contains password";
92 };
93 };
95 };
96 };
98 ### implementation
100 config = lib.mkIf (cfg.server.enable || cfg.clients != {}) {
101 boot.kernel.sysctl = lib.optionalAttrs cfg.server.respondToSystemPings {
102 "net.ipv4.icmp_echo_ignore_all" = 1;
103 };
105 boot.kernelModules = [ "tun" ];
107 systemd.services =
108 let
109 createHansClientService = name: cfg:
110 {
111 description = "hans client - ${name}";
112 after = [ "network.target" ];
113 wantedBy = [ "multi-user.target" ];
114 script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${lib.optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
115 serviceConfig = {
116 RestartSec = "30s";
117 Restart = "always";
118 };
119 };
120 in
121 lib.listToAttrs (
122 lib.mapAttrsToList
123 (name: value: lib.nameValuePair "hans-${name}" (createHansClientService name value))
124 cfg.clients
125 ) // {
126 hans = lib.mkIf (cfg.server.enable) {
127 description = "hans, ip over icmp server daemon";
128 after = [ "network.target" ];
129 wantedBy = [ "multi-user.target" ];
130 script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${lib.optionalString cfg.server.respondToSystemPings "-r"} ${lib.optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}";
131 };
132 };
134 users.users.${hansUser} = {
135 description = "Hans daemon user";
136 isSystemUser = true;
137 };
138 };
140 meta.maintainers = [ ];
141 }