public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openvpn was broken by jobAttrs. fixed

Browse Source 
svn path=/nixos/trunk/; revision=17940
This commit is contained in:
Marc Weber 2009-10-23 11:30:54 +00:00
parent ac5bc4a68a
commit 4f006e49bf
1 changed files with 88 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
modules/services/networking/openvpn.nix
View File

@ -10,29 +10,29 @@ let
PATH = "${pkgs.iptables}/sbin:${pkgs.coreutils}/bin:${pkgs.iproute}/sbin:${pkgs.nettools}/sbin"; PATH = "${pkgs.iptables}/sbin:${pkgs.coreutils}/bin:${pkgs.iproute}/sbin:${pkgs.nettools}/sbin";
makeOpenVPNJob = cfg : makeOpenVPNJob = cfg : name:
let let
upScript = '' upScript = ''
#!/bin/sh #!/bin/sh
exec &> /var/log/openvpn-${cfg.id}-up exec &> /var/log/openvpn-${name}-up
PATH=${PATH} PATH=${PATH}
${cfg.up} ${cfg.up}
''; '';
downScript = '' downScript = ''
#!/bin/sh #!/bin/sh
exec &> /var/log/openvpn-${cfg.id}-down exec &> /var/log/openvpn-${name}-down
PATH=${PATH} PATH=${PATH}
${cfg.down} ${cfg.down}
''; '';
configFile = pkgs.writeText "openvpn-config-${cfg.id}" configFile = pkgs.writeText "openvpn-config-${name}"
'' ''
${if cfg ? up || cfg ? down then "script-security 2" else ""} ${if cfg.up != "" || cfg.down != "" then "script-security 2" else ""}
${cfg.config} ${cfg.config}
${if cfg ? up then "up ${pkgs.writeScript "openvpn-${cfg.id}-up" upScript}" else "" } ${if cfg.up != "" then "up ${pkgs.writeScript "openvpn-${name}-up" upScript}" else "" }
${if cfg ? down then "down ${pkgs.writeScript "openvpn-${cfg.id}-down" downScript}" else "" } ${if cfg.down != "" then "down ${pkgs.writeScript "openvpn-${name}-down" downScript}" else "" }
''; '';
in { in {
description = "OpenVPN-${cfg.id}"; description = "OpenVPN-${name}";
startOn = "network-interfaces/started"; startOn = "network-interfaces/started";
stopOn = "network-interfaces/stop"; stopOn = "network-interfaces/stop";
@ -41,12 +41,39 @@ let
script = script =
'' ''
exec &> /var/log/openvpn-${cfg.id} exec &> /var/log/openvpn-${name}
${config.system.sbin.modprobe} tun || true ${config.system.sbin.modprobe} tun || true
${openvpn}/sbin/openvpn --config ${configFile} ${openvpn}/sbin/openvpn --config ${configFile}
''; '';
}; };
openvpnInstanceOptions = {
config = mkOption {
type = types.string;
description = ''
config of this openvpn instance
'';
};
up = mkOption {
default = "";
type = types.string;
description = ''
script which is run when server instance starts up succesfully.
Use it to setup firewall and routing
'';
};
down = mkOption {
default = "";
type = types.string;
description = ''
script which is run when server instance shuts down
Usually this reverts what up has done
'';
};
};
in in
{ {
@ -62,56 +89,64 @@ in
description = "Whether to enable OpenVPN."; description = "Whether to enable OpenVPN.";
}; };
servers = mkOption { servers = mkOption {
example = [
{ default = {};
id = "server-simplest";
config = '' example = {
# Most simple configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html. mostSimple = {
# server : config = ''
dev tun # Most simple configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
ifconfig 10.8.0.1 10.8.0.2 # server :
secret static.key dev tun
''; ifconfig 10.8.0.1 10.8.0.2
up = "ip route add ..!"; secret static.key
down = "ip route add ..!"; '';
} up = "ip route add ..!";
{ down = "ip route add ..!";
id = "client-simplest"; };
config = '' clientMostSimple = {
#client: config = ''
#remote myremote.mydomain #client:
#dev tun #remote myremote.mydomain
#ifconfig 10.8.0.2 10.8.0.1 #dev tun
#secret static.key #ifconfig 10.8.0.2 10.8.0.1
''; #secret static.key
} '';
{ };
id = "server-scalable"; serverScalable = {
config = '' config = ''
multiple clienst multiple clienst
see example file found in http://openvpn.net/index.php/documentation/howto.html see example file found in http://openvpn.net/index.php/documentation/howto.html
''; '';
} };
{ };
id = "client-scalabe";
config = '' dito '';
}
];
default = [];
# !!! clean up this description please # !!! clean up this description please
description = '' description = ''
openvpn instances to be run. Each will be put into an extra job named openvpn-{id} You can define multiple openvpn instances.
The up and down properties will be added config line up=/nix/store/xxx-up-script The id of an instance is given by the attribute name.
automatically for you. If you define at least one of up/down
"script-security 2" will be prepended to your config.
Don't forget to check that the all package sizes can be sent. if scp hangs or such you should set Each instance will result in a new job file.
--fragment XXX --mssfix YYY.
Additionally you can specify the up/ down scripts by setting
the up down properties.
Config lines up=/nix/store/xxx-up-script down=...
will be appended to your configuration file automatically
If you define at least one of up/down "script-security 2" will be
prepended to your config otherwise you scripts aren't run by openvpn
Don't forget to check that the all package sizes can be sent. For
examlpe if scp hangs you should set --fragment XXX --mssfix YYY.
''; '';
type = types.attrsOf types.optionSet;
options = [ openvpnInstanceOptions ];
}; };
}; };
}; };
@ -120,9 +155,7 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
jobs = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers);
jobs = listToAttrs (map (c: nameValuePair "openvpn-${cfg.id}" (makeOpenVPNJob c)) cfg.servers);
}; };
} }