| blob | ffb2ee841c64d7ab22263828683e16e3c4d640cf |
1 # NixOS module for hans, ip over icmp daemon
3 { config, lib, pkgs, ... }:
5 with lib;
7 let
8 cfg = config.services.hans;
10 hansUser = "hans";
12 in
13 {
15 ### configuration
17 options = {
19 services.hans = {
20 clients = mkOption {
21 default = {};
22 description = lib.mdDoc ''
23 Each attribute of this option defines a systemd service that
24 runs hans. Many or none may be defined.
25 The name of each service is
26 `hans-«name»`
27 where «name» is the name of the
28 corresponding attribute name.
29 '';
30 example = literalExpression ''
31 {
32 foo = {
33 server = "192.0.2.1";
34 extraConfig = "-v";
35 }
36 }
37 '';
38 type = types.attrsOf (types.submodule (
39 {
40 options = {
41 server = mkOption {
42 type = types.str;
43 default = "";
44 description = lib.mdDoc "IP address of server running hans";
45 example = "192.0.2.1";
46 };
48 extraConfig = mkOption {
49 type = types.str;
50 default = "";
51 description = lib.mdDoc "Additional command line parameters";
52 example = "-v";
53 };
55 passwordFile = mkOption {
56 type = types.str;
57 default = "";
58 description = lib.mdDoc "File that containts password";
59 };
61 };
62 }));
63 };
65 server = {
66 enable = mkOption {
67 type = types.bool;
68 default = false;
69 description = lib.mdDoc "enable hans server";
70 };
72 ip = mkOption {
73 type = types.str;
74 default = "";
75 description = lib.mdDoc "The assigned ip range";
76 example = "198.51.100.0";
77 };
79 respondToSystemPings = mkOption {
80 type = types.bool;
81 default = false;
82 description = lib.mdDoc "Force hans respond to ordinary pings";
83 };
85 extraConfig = mkOption {
86 type = types.str;
87 default = "";
88 description = lib.mdDoc "Additional command line parameters";
89 example = "-v";
90 };
92 passwordFile = mkOption {
93 type = types.str;
94 default = "";
95 description = lib.mdDoc "File that containts password";
96 };
97 };
99 };
100 };
102 ### implementation
104 config = mkIf (cfg.server.enable || cfg.clients != {}) {
105 boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings {
106 "net.ipv4.icmp_echo_ignore_all" = 1;
107 };
109 boot.kernelModules = [ "tun" ];
111 systemd.services =
112 let
113 createHansClientService = name: cfg:
114 {
115 description = "hans client - ${name}";
116 after = [ "network.target" ];
117 wantedBy = [ "multi-user.target" ];
118 script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
119 serviceConfig = {
120 RestartSec = "30s";
121 Restart = "always";
122 };
123 };
124 in
125 listToAttrs (
126 mapAttrsToList
127 (name: value: nameValuePair "hans-${name}" (createHansClientService name value))
128 cfg.clients
129 ) // {
130 hans = mkIf (cfg.server.enable) {
131 description = "hans, ip over icmp server daemon";
132 after = [ "network.target" ];
133 wantedBy = [ "multi-user.target" ];
134 script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"}";
135 };
136 };
138 users.users.${hansUser} = {
139 description = "Hans daemon user";
140 isSystemUser = true;
141 };
142 };
144 meta.maintainers = with maintainers; [ ];
145 }