From 664592561d2d725bdd3b663f7514c82d71075ab8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edward=20Tj=C3=B6rnhammar?= Date: Fri, 20 Mar 2015 18:46:38 +0100 Subject: [PATCH] nixos: added aiccu service --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/aiccu.nix | 195 ++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 nixos/modules/services/networking/aiccu.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 7635e919d4b..28dad095761 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -233,6 +233,7 @@ ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix ./services/network-filesystems/yandex-disk.nix + ./services/networking/aiccu.nix ./services/networking/amuled.nix ./services/networking/atftpd.nix ./services/networking/avahi-daemon.nix diff --git a/nixos/modules/services/networking/aiccu.nix b/nixos/modules/services/networking/aiccu.nix new file mode 100644 index 00000000000..4301da28881 --- /dev/null +++ b/nixos/modules/services/networking/aiccu.nix @@ -0,0 +1,195 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.aiccu; + showBool = b: if b then "true" else "false"; + notNull = a: ! isNull a; + configFile = pkgs.writeText "aiccu.conf" '' + ${if notNull cfg.username then "username " + cfg.username else ""} + ${if notNull cfg.password then "password " + cfg.password else ""} + protocol ${cfg.protocol} + server ${cfg.server} + ipv6_interface ${cfg.interfaceName} + verbose ${showBool cfg.verbose} + daemonize true + automatic ${showBool cfg.automatic} + requiretls ${showBool cfg.requireTLS} + pidfile ${cfg.pidFile} + defaultroute ${showBool cfg.defaultRoute} + ${if notNull cfg.setupScript then cfg.setupScript else ""} + makebeats ${showBool cfg.makeHeartBeats} + noconfigure ${showBool cfg.noConfigure} + behindnat ${showBool cfg.behindNAT} + ${if cfg.localIPv4Override then "local_ipv4_override" else ""} + ''; + +in { + + options = { + + services.aiccu = { + + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = "Enable aiccu IPv6 over IPv4 SiXXs tunnel"; + }; + + username = mkOption { + type = with types; nullOr str; + default = null; + example = "FAB5-SIXXS"; + description = "Login credential"; + }; + + password = mkOption { + type = with types; nullOr str; + default = null; + example = "TmAkRbBEr0"; + description = "Login credential"; + }; + + protocol = mkOption { + type = types.str; + default = "tic"; + example = "tic|tsp|l2tp"; + description = "Protocol to use for setting up the tunnel"; + }; + + server = mkOption { + type = types.str; + default = "tic.sixxs.net"; + example = "enabled.ipv6server.net"; + description = "Server to use for setting up the tunnel"; + }; + + interfaceName = mkOption { + type = types.str; + default = "aiccu"; + example = "sixxs"; + description = '' + The name of the interface that will be used as a tunnel interface. + On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels + or tunX (eg tun0) for AYIYA tunnels. + ''; + }; + + tunnelID = mkOption { + type = with types; nullOr str; + default = null; + example = "T12345"; + description = "The tunnel id to use, only required when there are multiple tunnels in the list"; + }; + + verbose = mkOption { + type = types.bool; + default = false; + example = true; + description = "Be verbose?"; + }; + + automatic = mkOption { + type = types.bool; + default = true; + example = false; + description = "Automatic Login and Tunnel activation"; + }; + + requireTLS = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + When set to true, if TLS is not supported on the server + the TIC transaction will fail. + When set to false, it will try a starttls, when that is + not supported it will continue. + In any case if AICCU is build with TLS support it will + try to do a 'starttls' to the TIC server to see if that + is supported. + ''; + }; + + pidFile = mkOption { + type = types.path; + default = "/run/aiccu.pid"; + example = "/var/lib/aiccu/aiccu.pid"; + description = "Location of PID File"; + }; + + defaultRoute = mkOption { + type = types.bool; + default = true; + example = false; + description = "Add a default route"; + }; + + setupScript = mkOption { + type = with types; nullOr path; + default = null; + example = "/var/lib/aiccu/fix-subnets.sh"; + description = "Script to run after setting up the interfaces"; + }; + + makeHeartBeats = mkOption { + type = types.bool; + default = true; + example = false; + description = '' + In general you don't want to turn this off + Of course only applies to AYIYA and heartbeat tunnels not to static ones + ''; + }; + + noConfigure = mkOption { + type = types.bool; + default = false; + example = true; + description = "Don't configure anything"; + }; + + behindNAT = mkOption { + type = types.bool; + default = false; + example = true; + description = "Notify the user that a NAT-kind network is detected"; + }; + + localIPv4Override = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Overrides the IPv4 parameter received from TIC + This allows one to configure a NAT into "DMZ" mode and then + forwarding the proto-41 packets to an internal host. + + This is only needed for static proto-41 tunnels! + AYIYA and heartbeat tunnels don't require this. + ''; + }; + + }; + }; + + config = mkIf cfg.enable { + + systemd.services.aiccu = { + description = "Automatic IPv6 Connectivity Client Utility"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.aiccu}/bin/aiccu start ${configFile}"; + ExecStop = "${pkgs.aiccu}/bin/aiccu stop"; + Type = "forking"; + PIDFile = cfg.pidFile; + Restart = "no"; # aiccu startup errors are serious, do not pound the tic server or be banned. + }; + }; + + }; +}