From 257326915bbd5aa865153e8374a35fdbe37c8308 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 27 Apr 2011 14:03:46 +0000 Subject: [PATCH] * gw6c: don't depend on the services tree. svn path=/nixos/trunk/; revision=26995 --- modules/module-list.nix | 2 +- modules/services/networking/gw6c/control.in | 42 +++ .../networking/{gw6c.nix => gw6c/default.nix} | 44 ++- modules/services/networking/gw6c/gw6c.conf | 338 ++++++++++++++++++ 4 files changed, 411 insertions(+), 15 deletions(-) create mode 100644 modules/services/networking/gw6c/control.in rename modules/services/networking/{gw6c.nix => gw6c/default.nix} (76%) create mode 100755 modules/services/networking/gw6c/gw6c.conf diff --git a/modules/module-list.nix b/modules/module-list.nix index cf0940b49f1..d2cd2e4637b 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -101,7 +101,7 @@ ./services/networking/git-daemon.nix ./services/networking/gnunet.nix ./services/networking/gvpe.nix - ./services/networking/gw6c.nix + ./services/networking/gw6c/default.nix ./services/networking/ifplugd.nix #./services/networking/ircd-hybrid.nix ./services/networking/nat.nix diff --git a/modules/services/networking/gw6c/control.in b/modules/services/networking/gw6c/control.in new file mode 100644 index 00000000000..6193fbeccc4 --- /dev/null +++ b/modules/services/networking/gw6c/control.in @@ -0,0 +1,42 @@ +#! @shell@ -e + +# Make sure that the environment is deterministic. +export PATH=@coreutils@/bin +export PATH=@coreutils@/bin:@gnugrep@/bin:@gnused@/bin:@iputils@/bin:@iputils@/sbin:@procps@/bin:@seccure@/bin +export BASEDIR=$(dirname $(dirname $0)) + + mkdir /tmp/.gw6c || true + touch /tmp/.gw6c/gw6c.conf + chmod 0700 /tmp/.gw6c + chmod 0700 /tmp/.gw6c/gw6c.conf + seccure-decrypt -F @privkey@ -i $BASEDIR/conf/gw6c.conf > /tmp/.gw6c/gw6c.conf + +stop () +{ + pkill gw6c +} + +ln -s /dev/net/tun /dev/tun || true; + +if test "$1" = "start"; then + trap 'stop ; exit ' 15 + + if test -n "@pingBefore@"; then while ! @iputils@/bin/ping @gw6server@ -c1 -w1 ; do sleep 1; done; fi + cd /tmp/.gw6c + @coreutils@/bin/yes | \ + env - HOME=/tmp/.gw6c $extraEnv \ + @gw6c@/bin/gw6c -f /tmp/.gw6c/gw6c.conf 2>&1 >/var/log/gw6c.out + while @procps@/bin/pgrep gw6c; do + sleep @everPing@; + @iputils@/sbin/traceroute6 $( @coreutils@/bin/cat /var/log/gw6c.log | + @gnugrep@/bin/grep peer | + @gnused@/bin/sed -e 's/.*with //; s/ .*//' | + @coreutils@/bin/head -1) & + done; + pkill gw6c; + exit +fi + +if test "$1" = "stop"; then + env - HOME=/homeless-shelter @procps@/bin/pkill gw6c; +fi; diff --git a/modules/services/networking/gw6c.nix b/modules/services/networking/gw6c/default.nix similarity index 76% rename from modules/services/networking/gw6c.nix rename to modules/services/networking/gw6c/default.nix index fba9d440ad2..a566679d789 100644 --- a/modules/services/networking/gw6c.nix +++ b/modules/services/networking/gw6c/default.nix @@ -6,21 +6,37 @@ let cfg = config.services.gw6c; - # !!! Move this from the services tree to the nixos tree. - gw6cService = import /etc/nixos/services/gw6c { - inherit (pkgs) stdenv gw6c coreutils - procps iputils gnused - gnugrep seccure writeScript; - upstart = config.system.build.upstart; - username = cfg.username; - password = cfg.password; - server = cfg.server; - keepAlive = cfg.keepAlive; - everPing = cfg.everPing; - seccureKeys = config.security.seccureKeys; - waitPingableBroker = cfg.waitPingableBroker; + gw6cService = pkgs.stdenv.mkDerivation { + name = "gw6c-service"; + inherit (pkgs) gw6c coreutils procps upstart iputils gnused gnugrep seccure; + + inherit (cfg) username password keepAlive everPing; + + gw6server = cfg.server; + authMethod = if cfg.username == "" then "anonymous" else "any"; + gw6dir = pkgs.gw6c; + + pingBefore = if cfg.waitPingableBroker then "true" else ""; + + pubkey = config.security.seccureKeys.public; + privkey = config.security.seccureKeys.private; + + buildCommand = + '' + mkdir -p $out/bin $out/conf + + mkdir conf + chmod 0700 conf + touch conf/raw + chmod 0700 conf/raw + + substituteAll ${./gw6c.conf} conf/raw + $seccure/bin/seccure-encrypt "$(cat $pubkey)" -i conf/raw -o $out/conf/gw6c.conf + substituteAll ${./control.in} $out/bin/control + chmod a+x $out/bin/control + ''; }; - + in { diff --git a/modules/services/networking/gw6c/gw6c.conf b/modules/services/networking/gw6c/gw6c.conf new file mode 100755 index 00000000000..943b9170c7d --- /dev/null +++ b/modules/services/networking/gw6c/gw6c.conf @@ -0,0 +1,338 @@ +#----------------------------------------------------------------------------- +# $Id: gw6c.conf.in,v 1.5 2007/05/09 13:41:32 cnepveu Exp $ +#----------------------------------------------------------------------------- + +########################## READ ME! ################################ +# +# Welcome to the Gateway6 Client configuration file. +# In order to use the client, you need to modify the 'userid', 'passwd' and +# 'server' parameters below depending on which of these situations applies: +# +# 1. If you created a Freenet6 account, enter your userid and password below. +# Change the server name to "broker.freenet6.net" and auth_method to 'any'. +# 2. If you would like to use Freenet6 without creating an account, +# do not make any modifications and close this file. +# 3. If this software was provided by your ISP, enter the userid, password and +# server name provided by your ISP below. +# + + +########################## BASIC CONFIGURATION ################################ + +# +# User Identification and Password: +# Specify your user name and password as provided by your ISP or Freenet6. +# If you plan to connect anonymously, leave these values empty. +# NOTE: Change auth_method option if you are using a username/password. +# +# userid= +# passwd= +# +userid=@username@ +passwd=@password@ + + +# +# Gateway6 Server: +# Specify a Gateway6 server name or IP address (provided by your ISP or +# Freenet6). An optional port number can be added; the default port number +# is 3653. +# +# Examples: +# server=hostname # FQDN +# server=A.B.C.D # IPv4 address +# server=[X:X::X:X] # IPv6 address +# server=hostname:port_number +# server=A.B.C.D:port_number +# server=[X:X::X:X]:port_number +# +# Freenet6 account holders should enter broker.freenet6.net, otherwise use +# anon.freenet6.net. Your ISP may provide you with a different server name. +# +#server=anon.freenet6.net +#server=broker.freenet6.net +#server=broker.aarnet.net.au +server=@gw6server@ + +# +# Authentication Method: +# +# auth_method=<{anonymous}|{any|passdss-3des-1|digest-md5|plain}> +# +# anonymous: Sends no username or password +# +# any: The most secure method will be used. +# passdss-3des-1: The password is sent encrypted. +# digest-md5: The password is sent encrypted. +# plain: Both username and password are sent as plain text. +# +# Recommended values: +# - any: If you are authenticating a username / password. +# - anonymous: If you are connecting anonymously. +# +#auth_method=anonymous +#auth_method=any +auth_method=@authMethod@ + + +########################## ROUTING CONFIGURATION ############################## +# Use these parameters when you wish the client to act as a router and provide +# IPv6 connectivity to IPv6-capable devices on your network. + +# +# Local Host Type: +# Change this value to 'router' to enable IPv6 advertisements. +# +# host_type= +# +host_type=host + +# +# Prefix Length: +# Length of the requested prefix. Valid values range between 0 and 64 when +# using V6*V4 tunnel modes, and between 0 and 32 when using V4V6 tunnel mode. +# +# prefixlen= +# +prefixlen=64 + +# +# Advertisement Interface Prefix: +# Name of the interface that will be configured to send router advertisements. +# This is an interface index on Windows (ex: 4) and a name on Linux +# and BSD (ex: eth1 or fxp1). +# +# if_prefix= +# +if_prefix= + +# +# DNS Server: +# A DNS server list to which the reverse prefix will be delegated. Servers +# are separated by the colon(:) delimiter. +# +# Example: dns_server=ns1.domain:ns2.domain:ns3.domain +# +dns_server= + + +######################### ADVANCED CONFIGURATION ############################## + +# +# Gateway6 Client Installation Directory: +# Directory where the Gateway6 Client will be installed. This value has been +# set during installation. +# +gw6_dir=@gw6dir@ + +# +# Auto-Retry Connect and Delay: +# The time lapse, in seconds, between each reconnection in the case of a +# timeout. +# +# auto_retry_connect= +# retry_delay= +# +# Recommended values: "yes" and 30 +# +auto_retry_connect=yes +retry_delay=5 + +# +# Keepalive Feature and Message Interval: +# Indicates if and how often the client will send data to keep the tunnel +# active. +# +# keepalive= +# keepalive_interval= +# +# Recommended values: "yes" and 30 +# +keepalive=yes +keepalive_interval=@keepAlive@ + +# +# Tunnel Encapsulation Mode: +# v6v4: IPv6-in-IPv4 tunnel. +# v6udpv4: IPv6-in-UDP-in-IPv4 tunnel (for clients behind a NAT). +# v6anyv4: Lets the broker choose the best mode for IPv6 tunnel. +# v4v6: IPv4-in-IPv6 tunnel. +# +# Recommended value: v6anyv4 +# +tunnel_mode=v6anyv4 + +# +# Tunnel Interface Name: +# The interface name assigned to the tunnel. This value is O/S dependent. +# +# if_tunnel_v6v4 is the tunnel interface name for v6v4 encapsulation mode +# if_tunnel_v6udpv4 is the tunnel interface name for v6udpv4 encapsulate mode +# if_tunnel_v4v6 is the tunnel interface name for v4v6 encapsulation mode +# +# Default values are set during installation. +# +if_tunnel_v6v4=sit1 +if_tunnel_v6udpv4=tun +if_tunnel_v4v6=sit0 + +# +# Local IP Address of the Client: +# Allows you to set a specific address as the local tunnel endpoint. +# +# client_v4= +# client_v6= +# auto: The Gateway6 Client will find the local IP address endpoint. +# +# Recommended value: auto +# +client_v4=auto +client_v6=auto + +# +# Script Name: +# File name of the script to run to install the tunnel interface. The +# scripts are located in the template directory under the client +# installation directory. +# +# template= +# +# Default value is set during installation. +# +template=linux + +# +# Proxy client: +# Indicates that this client will request a tunnel for another endpoint, +# such as a Cisco router. +# +# proxy_client= +# +# NOTE: NAT traversal is not possible in proxy mode. +# +proxy_client=no + + +############################ BROKER REDIRECTION ############################### + +# +# Broker List File Name: +# The 'broker_list' directive specifies the filename where the broker +# list received during broker redirection will be saved. +# +# broker_list= +# +broker_list=/tmp/tsp-broker-list.txt + +# +# Last Server Used File Name: +# The 'last_server' directive specifies the filename where the address of +# the last broker to which a connection was successfully established will +# be saved. +# +# last_server= +# +last_server=/tmp/tsp-last-server.txt + +# +# Always Use Last Known Working Server: +# The value of the 'always_use_same_server' directive determines whether the +# client should always try to connect to the broker found in the +# 'last_server' directive filename. +# +# always_use_same_server= +# +always_use_same_server=no + + +#################################### LOGGING ################################## + +# +# Log Verbosity Configuration: +# The format is 'log_=level', where possible values for +# 'destination' are: +# +# - console (logging to the console [AKA stdout]) +# - stderr (logging to standard error) +# - file (logging to a file) +# - syslog (logging to syslog [Unix only]) +# +# and 'level' is a digit between 0 and 3. A 'level' value of 0 disables +# logging to the destination, while values 1 to 3 request increasing levels +# of log verbosity and detail. If 'level' is not specified, a value of 1 is +# assumed. +# +# Example: +# log_file=3 (Maximal logging to a file) +# log_stderr=0 (Logging to standard error disabled) +# log_console= (Minimal logging to the console) +# +# - Default configuration on Windows platforms: +# +# log_console=0 +# log_stderr=0 +# log_file=1 +# +# - Default configuration on Unix platforms: +# +# log_console=0 +# log_stderr=1 +# log_file=0 +# log_syslog=0 +# +#log_console= +#log_stderr= +#log_file= +#log_syslog= +log_file=3 + +# +# Log File Name: +# When logging to file is requested using the 'log_file' directive, the name +# and path of the file to use may be specified using this directive. +# +# log_filename= +# +log_filename=/var/log/gw6c.log + +# +# Log File Rotation: +# When logging to file is requested using the 'log_file' directive, log file +# rotation may be enabled. When enabled, the contents of the log file will +# be moved to a backup file just before it reaches the maximum log file size +# specified via this directive. +# +# The name of the backup file is the name of the original log file with +# '.' inserted before the file extension. If the file does not +# have an extension, '.' is appended to the name of the original +# log file. The timestamp specifies when the rotation occurred. +# +# After the contents of the log file have been moved to the backup file, the +# original file is cleared, and logging resumes at the beginning of the file. +# +# log_rotation= +# +log_rotation=yes + +# +# Log File Rotation Size: +# The 'log_rotation_size' directive specifies the maximum size a log file may +# reach before rotation occurs, if enabled. The value is expressed in +# kilobytes. +# +# log_rotation_size=<16|32|128|1024> +# +log_rotation_size=32 + +# +# Syslog Logging Facility [Unix Only]: +# When logging to syslog is requested using the 'log_syslog' directive, the +# facility to use may be specified using this directive. +# +# syslog_facility= +# +syslog_facility=USER + + +# end of gw6c.conf +#------------------------------------------------------------------------------