philipp/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
nixpkgs/modules/services/networking/openvpn.nix
Eelco Dolstra e91d882a94 * Converted modules that were still using the old (concrete syntax) 
style of declaring Upstart jobs.  While at it, converted them to the
  current NixOS module style and improved some option descriptions.
  Hopefully I didn't break too much :-)

svn path=/nixos/trunk/; revision=17761
2009-10-12 16:36:19 +00:00

129 lines
3.2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.openvpn;
inherit (pkgs) openvpn;
PATH = "${pkgs.iptables}/sbin:${pkgs.coreutils}/bin:${pkgs.iproute}/sbin:${pkgs.nettools}/sbin";
makeOpenVPNJob = cfg :
let
upScript = ''
#!/bin/sh
exec &> /var/log/openvpn-${cfg.id}-up
PATH=${PATH}
${cfg.up}
'';
downScript = ''
#!/bin/sh
exec &> /var/log/openvpn-${cfg.id}-down
PATH=${PATH}
${cfg.down}
'';
configFile = pkgs.writeText "openvpn-config-${cfg.id}"
''
${if cfg ? up || cfg ? down then "script-security 2" else ""}
${cfg.config}
${if cfg ? up then "up ${pkgs.writeScript "openvpn-${cfg.id}-up" upScript}" else "" }
${if cfg ? down then "down ${pkgs.writeScript "openvpn-${cfg.id}-down" downScript}" else "" }
'';
in {
description = "OpenVPN-${cfg.id}";
startOn = "network-interfaces/started";
stopOn = "network-interfaces/stop";
environment = { PATH = "${pkgs.coreutils}/bin"; };
script =
''
exec &> /var/log/openvpn-${cfg.id}
${config.system.sbin.modprobe} tun || true
${openvpn}/sbin/openvpn --config ${configFile}
'';
};
in
{
###### interface
options = {
services.openvpn = {
enable = mkOption {
default = false;
description = "Whether to enable OpenVPN.";
};
servers = mkOption {
example = [
{
id = "server-simplest";
config = ''
# Most simple configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
# server :
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key
'';
up = "ip route add ..!";
down = "ip route add ..!";
}
{
id = "client-simplest";
config = ''
#client:
#remote myremote.mydomain
#dev tun
#ifconfig 10.8.0.2 10.8.0.1
#secret static.key
'';
}
{
id = "server-scalable";
config = ''
multiple clienst
see example file found in http://openvpn.net/index.php/documentation/howto.html
'';
}
{
id = "client-scalabe";
config = '' dito '';
}
];
default = [];
# !!! clean up this description please
description = ''
openvpn instances to be run. Each will be put into an extra job named openvpn-{id}
The up and down properties will be added config line up=/nix/store/xxx-up-script
automatically for you. If you define at least one of up/down
"script-security 2" will be prepended to your config.
Don't forget to check that the all package sizes can be sent. if scp hangs or such you should set
--fragment XXX --mssfix YYY.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
jobAttrs = listToAttrs (map (c: nameValuePair "openvpn-${cfg.id}" (makeOpenVPNJob c)) cfg.servers);
};
}
Reference in a new issue View git blame Copy permalink