2009-03-06 13:25:48 +01:00
|
|
|
{pkgs, config, ...}:
|
|
|
|
|
|
|
|
###### interface
|
|
|
|
let
|
|
|
|
inherit (pkgs.lib) mkOption mkIf;
|
|
|
|
|
|
|
|
options = {
|
|
|
|
services = {
|
|
|
|
gw6c = {
|
|
|
|
enable = mkOption {
|
|
|
|
default = false;
|
|
|
|
description = "
|
|
|
|
Whether to enable Gateway6 client (IPv6 tunnel).
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
autorun = mkOption {
|
|
|
|
default = true;
|
|
|
|
description = "
|
|
|
|
Switch to false to create upstart-job and configuration,
|
|
|
|
but not run it automatically
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
username = mkOption {
|
|
|
|
default = "";
|
|
|
|
description = "
|
|
|
|
Your Gateway6 login name, if any.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
password = mkOption {
|
|
|
|
default = "";
|
|
|
|
description = "
|
|
|
|
Your Gateway6 password, if any.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
server = mkOption {
|
|
|
|
default = "anon.freenet6.net";
|
|
|
|
example = "broker.freenet6.net";
|
|
|
|
description = "
|
|
|
|
Used Gateway6 server.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
keepAlive = mkOption {
|
|
|
|
default = "30";
|
|
|
|
example = "2";
|
|
|
|
description = "
|
|
|
|
Gateway6 keep-alive period.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
everPing = mkOption {
|
|
|
|
default = "1000000";
|
|
|
|
example = "2";
|
|
|
|
description = "
|
|
|
|
Gateway6 manual ping period.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
|
|
|
waitPingableBroker = mkOption {
|
|
|
|
default = true;
|
|
|
|
example = false;
|
|
|
|
description = "
|
|
|
|
Whether to wait until tunnel broker returns ICMP echo.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
security = {
|
|
|
|
seccureKeys = {
|
|
|
|
public = mkOption {
|
|
|
|
default = /var/elliptic-keys/public;
|
|
|
|
description = "
|
|
|
|
Public key. Make it path argument, so it is copied into store and
|
|
|
|
hashed.
|
|
|
|
|
|
|
|
The key is used to encrypt Gateway 6 configuration in store, as it
|
|
|
|
contains a password for external service. Unfortunately,
|
|
|
|
derivation file should be protected by other means. For example,
|
|
|
|
nix-http-export.cgi will happily export any non-derivation path,
|
|
|
|
but not a derivation.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
private = mkOption {
|
|
|
|
default = "/var/elliptic-keys/private";
|
|
|
|
description = "
|
|
|
|
Private key. Make it string argument, so it is not copied into store.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
2007-07-09 13:21:04 +02:00
|
|
|
let
|
2008-07-23 16:13:27 +02:00
|
|
|
cfg = config.services.gw6c;
|
|
|
|
procps = pkgs.procps;
|
2009-03-06 13:25:48 +01:00
|
|
|
gw6cService = import ../../services/gw6c {
|
2008-07-23 16:13:27 +02:00
|
|
|
inherit (pkgs) stdenv gw6c coreutils
|
|
|
|
procps upstart iputils gnused
|
2009-05-18 13:36:01 +02:00
|
|
|
gnugrep seccure writeScript;
|
2008-07-23 16:13:27 +02:00
|
|
|
username = cfg.username;
|
|
|
|
password = cfg.password;
|
|
|
|
server = cfg.server;
|
|
|
|
keepAlive = cfg.keepAlive;
|
|
|
|
everPing = cfg.everPing;
|
2008-03-04 17:06:33 +01:00
|
|
|
|
2008-07-23 16:13:27 +02:00
|
|
|
seccureKeys = config.security.seccureKeys;
|
2008-04-08 23:41:01 +02:00
|
|
|
|
2008-07-23 16:13:27 +02:00
|
|
|
waitPingableBroker = cfg.waitPingableBroker;
|
|
|
|
};
|
2007-07-09 13:21:04 +02:00
|
|
|
in
|
2009-03-06 13:25:48 +01:00
|
|
|
|
|
|
|
|
|
|
|
mkIf config.services.gw6c.enable {
|
|
|
|
require = [
|
|
|
|
options
|
|
|
|
];
|
|
|
|
|
|
|
|
services = {
|
|
|
|
extraJobs = [{
|
2008-07-23 16:13:27 +02:00
|
|
|
name = "gw6c";
|
|
|
|
users = [];
|
|
|
|
groups = [];
|
2009-03-06 13:25:48 +01:00
|
|
|
job = ''
|
|
|
|
description \"Gateway6 client\"
|
2007-07-09 13:21:04 +02:00
|
|
|
|
2009-03-06 13:25:48 +01:00
|
|
|
start on ${ if cfg.autorun then "network-interfaces/started" else "never" }
|
|
|
|
stop on network-interfaces/stop
|
2007-07-09 13:21:04 +02:00
|
|
|
|
2009-03-06 13:25:48 +01:00
|
|
|
respawn ${gw6cService}/bin/control start
|
|
|
|
'';
|
|
|
|
}];
|
|
|
|
};
|
2007-07-09 13:21:04 +02:00
|
|
|
}
|