completely removed gw6c. use gogoclient
svn path=/nixos/trunk/; revision=32990
This commit is contained in:
parent
769cbaf56a
commit
f68c95d1fe
|
@ -124,7 +124,6 @@
|
|||
./services/networking/gnunet.nix
|
||||
./services/networking/gogoclient.nix
|
||||
./services/networking/gvpe.nix
|
||||
./services/networking/gw6c/default.nix
|
||||
./services/networking/ifplugd.nix
|
||||
./services/networking/ircd-hybrid/default.nix
|
||||
./services/networking/nat.nix
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
#! @shell@ -e
|
||||
|
||||
# !!! use a proper Upstart job.
|
||||
|
||||
# Make sure that the environment is deterministic.
|
||||
export PATH=@coreutils@/bin
|
||||
export PATH=@coreutils@/bin:@gnugrep@/bin:@gnused@/bin:@iputils@/bin:@iputils@/sbin:@procps@/bin:@seccure@/bin
|
||||
export BASEDIR=$(dirname $(dirname $0))
|
||||
|
||||
mkdir /tmp/.gw6c || true
|
||||
touch /tmp/.gw6c/gw6c.conf
|
||||
chmod 0700 /tmp/.gw6c
|
||||
chmod 0700 /tmp/.gw6c/gw6c.conf
|
||||
seccure-decrypt -F @privkey@ -i $BASEDIR/conf/gw6c.conf > /tmp/.gw6c/gw6c.conf
|
||||
|
||||
stop ()
|
||||
{
|
||||
pkill gw6c
|
||||
}
|
||||
|
||||
ln -s /dev/net/tun /dev/tun || true;
|
||||
|
||||
if test "$1" = "start"; then
|
||||
trap 'stop ; exit ' 15
|
||||
|
||||
if test -n "@pingBefore@"; then while ! @iputils@/sbin/ping @gw6server@ -c1 -w1 ; do sleep 1; done; fi
|
||||
cd /tmp/.gw6c
|
||||
@coreutils@/bin/yes | \
|
||||
env - HOME=/tmp/.gw6c $extraEnv \
|
||||
@gw6c@/bin/gw6c -f /tmp/.gw6c/gw6c.conf 2>&1 >/var/log/gw6c.out
|
||||
while @procps@/bin/pgrep gw6c; do
|
||||
sleep @everPing@;
|
||||
@iputils@/sbin/traceroute6 $( @coreutils@/bin/cat /var/log/gw6c.log |
|
||||
@gnugrep@/bin/grep peer |
|
||||
@gnused@/bin/sed -e 's/.*with //; s/ .*//' |
|
||||
@coreutils@/bin/head -1) &
|
||||
done;
|
||||
pkill gw6c;
|
||||
exit
|
||||
fi
|
||||
|
||||
if test "$1" = "stop"; then
|
||||
env - HOME=/homeless-shelter @procps@/bin/pkill gw6c;
|
||||
fi;
|
|
@ -1,163 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.gw6c;
|
||||
|
||||
gw6cService = pkgs.stdenv.mkDerivation {
|
||||
name = "gw6c-service";
|
||||
inherit (pkgs) gw6c coreutils procps upstart iputils gnused gnugrep seccure;
|
||||
|
||||
inherit (cfg) username password keepAlive everPing;
|
||||
|
||||
gw6server = cfg.server;
|
||||
authMethod = if cfg.username == "" then "anonymous" else "any";
|
||||
gw6dir = pkgs.gw6c;
|
||||
|
||||
pingBefore = if cfg.waitPingableBroker then "true" else "";
|
||||
|
||||
pubkey = config.security.seccureKeys.public;
|
||||
privkey = config.security.seccureKeys.private;
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
mkdir -p $out/bin $out/conf
|
||||
|
||||
mkdir conf
|
||||
chmod 0700 conf
|
||||
touch conf/raw
|
||||
chmod 0700 conf/raw
|
||||
|
||||
substituteAll ${./gw6c.conf} conf/raw
|
||||
$seccure/bin/seccure-encrypt "$(cat $pubkey)" -i conf/raw -o $out/conf/gw6c.conf
|
||||
substituteAll ${./control.in} $out/bin/control
|
||||
chmod a+x $out/bin/control
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.gw6c = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Whether to enable Gateway6 client (IPv6 tunnel).
|
||||
";
|
||||
};
|
||||
|
||||
autorun = mkOption {
|
||||
default = true;
|
||||
description = "
|
||||
Switch to false to create upstart-job and configuration,
|
||||
but not run it automatically
|
||||
";
|
||||
};
|
||||
|
||||
username = mkOption {
|
||||
default = "";
|
||||
description = "
|
||||
Your Gateway6 login name, if any.
|
||||
";
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
default = "";
|
||||
description = "
|
||||
Your Gateway6 password, if any.
|
||||
";
|
||||
};
|
||||
|
||||
server = mkOption {
|
||||
default = "anon.freenet6.net";
|
||||
example = "broker.freenet6.net";
|
||||
description = "
|
||||
Used Gateway6 server.
|
||||
";
|
||||
};
|
||||
|
||||
keepAlive = mkOption {
|
||||
default = "30";
|
||||
example = "2";
|
||||
description = "
|
||||
Gateway6 keep-alive period.
|
||||
";
|
||||
};
|
||||
|
||||
everPing = mkOption {
|
||||
default = "1000000";
|
||||
example = "2";
|
||||
description = "
|
||||
Gateway6 manual ping period.
|
||||
";
|
||||
};
|
||||
|
||||
waitPingableBroker = mkOption {
|
||||
default = true;
|
||||
example = false;
|
||||
description = "
|
||||
Whether to wait until tunnel broker returns ICMP echo.
|
||||
";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
security.seccureKeys = {
|
||||
|
||||
# !!! It's not clear to me (ED) what additional security this
|
||||
# provides. Passwords shouldn't be in configuration.nix,
|
||||
# period. You could just place the password in
|
||||
# /var/blah/password or whatever.
|
||||
|
||||
public = mkOption {
|
||||
default = /var/elliptic-keys/public;
|
||||
description = "
|
||||
Public key. Make it path argument, so it is copied into store and
|
||||
hashed.
|
||||
|
||||
The key is used to encrypt Gateway 6 configuration in store, as it
|
||||
contains a password for external service. Unfortunately,
|
||||
derivation file should be protected by other means. For example,
|
||||
nix-http-export.cgi will happily export any non-derivation path,
|
||||
but not a derivation.
|
||||
";
|
||||
};
|
||||
|
||||
private = mkOption {
|
||||
default = "/var/elliptic-keys/private";
|
||||
description = "
|
||||
Private key. Make it string argument, so it is not copied into store.
|
||||
";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
jobs.gw6c =
|
||||
{ description = "Gateway6 client";
|
||||
|
||||
startOn = optionalString cfg.autorun "starting networking";
|
||||
stopOn = "stopping network-interfaces";
|
||||
|
||||
exec = "${gw6cService}/bin/control start";
|
||||
};
|
||||
|
||||
networking.enableIPv6 = true;
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -1,338 +0,0 @@
|
|||
#-----------------------------------------------------------------------------
|
||||
# $Id: gw6c.conf.in,v 1.5 2007/05/09 13:41:32 cnepveu Exp $
|
||||
#-----------------------------------------------------------------------------
|
||||
|
||||
########################## READ ME! ################################
|
||||
#
|
||||
# Welcome to the Gateway6 Client configuration file.
|
||||
# In order to use the client, you need to modify the 'userid', 'passwd' and
|
||||
# 'server' parameters below depending on which of these situations applies:
|
||||
#
|
||||
# 1. If you created a Freenet6 account, enter your userid and password below.
|
||||
# Change the server name to "broker.freenet6.net" and auth_method to 'any'.
|
||||
# 2. If you would like to use Freenet6 without creating an account,
|
||||
# do not make any modifications and close this file.
|
||||
# 3. If this software was provided by your ISP, enter the userid, password and
|
||||
# server name provided by your ISP below.
|
||||
#
|
||||
|
||||
|
||||
########################## BASIC CONFIGURATION ################################
|
||||
|
||||
#
|
||||
# User Identification and Password:
|
||||
# Specify your user name and password as provided by your ISP or Freenet6.
|
||||
# If you plan to connect anonymously, leave these values empty.
|
||||
# NOTE: Change auth_method option if you are using a username/password.
|
||||
#
|
||||
# userid=<your_userid>
|
||||
# passwd=<your_password>
|
||||
#
|
||||
userid=@username@
|
||||
passwd=@password@
|
||||
|
||||
|
||||
#
|
||||
# Gateway6 Server:
|
||||
# Specify a Gateway6 server name or IP address (provided by your ISP or
|
||||
# Freenet6). An optional port number can be added; the default port number
|
||||
# is 3653.
|
||||
#
|
||||
# Examples:
|
||||
# server=hostname # FQDN
|
||||
# server=A.B.C.D # IPv4 address
|
||||
# server=[X:X::X:X] # IPv6 address
|
||||
# server=hostname:port_number
|
||||
# server=A.B.C.D:port_number
|
||||
# server=[X:X::X:X]:port_number
|
||||
#
|
||||
# Freenet6 account holders should enter broker.freenet6.net, otherwise use
|
||||
# anon.freenet6.net. Your ISP may provide you with a different server name.
|
||||
#
|
||||
#server=anon.freenet6.net
|
||||
#server=broker.freenet6.net
|
||||
#server=broker.aarnet.net.au
|
||||
server=@gw6server@
|
||||
|
||||
#
|
||||
# Authentication Method:
|
||||
#
|
||||
# auth_method=<{anonymous}|{any|passdss-3des-1|digest-md5|plain}>
|
||||
#
|
||||
# anonymous: Sends no username or password
|
||||
#
|
||||
# any: The most secure method will be used.
|
||||
# passdss-3des-1: The password is sent encrypted.
|
||||
# digest-md5: The password is sent encrypted.
|
||||
# plain: Both username and password are sent as plain text.
|
||||
#
|
||||
# Recommended values:
|
||||
# - any: If you are authenticating a username / password.
|
||||
# - anonymous: If you are connecting anonymously.
|
||||
#
|
||||
#auth_method=anonymous
|
||||
#auth_method=any
|
||||
auth_method=@authMethod@
|
||||
|
||||
|
||||
########################## ROUTING CONFIGURATION ##############################
|
||||
# Use these parameters when you wish the client to act as a router and provide
|
||||
# IPv6 connectivity to IPv6-capable devices on your network.
|
||||
|
||||
#
|
||||
# Local Host Type:
|
||||
# Change this value to 'router' to enable IPv6 advertisements.
|
||||
#
|
||||
# host_type=<host|router>
|
||||
#
|
||||
host_type=host
|
||||
|
||||
#
|
||||
# Prefix Length:
|
||||
# Length of the requested prefix. Valid values range between 0 and 64 when
|
||||
# using V6*V4 tunnel modes, and between 0 and 32 when using V4V6 tunnel mode.
|
||||
#
|
||||
# prefixlen=<integer>
|
||||
#
|
||||
prefixlen=64
|
||||
|
||||
#
|
||||
# Advertisement Interface Prefix:
|
||||
# Name of the interface that will be configured to send router advertisements.
|
||||
# This is an interface index on Windows (ex: 4) and a name on Linux
|
||||
# and BSD (ex: eth1 or fxp1).
|
||||
#
|
||||
# if_prefix=<interface name>
|
||||
#
|
||||
if_prefix=
|
||||
|
||||
#
|
||||
# DNS Server:
|
||||
# A DNS server list to which the reverse prefix will be delegated. Servers
|
||||
# are separated by the colon(:) delimiter.
|
||||
#
|
||||
# Example: dns_server=ns1.domain:ns2.domain:ns3.domain
|
||||
#
|
||||
dns_server=
|
||||
|
||||
|
||||
######################### ADVANCED CONFIGURATION ##############################
|
||||
|
||||
#
|
||||
# Gateway6 Client Installation Directory:
|
||||
# Directory where the Gateway6 Client will be installed. This value has been
|
||||
# set during installation.
|
||||
#
|
||||
gw6_dir=@gw6dir@
|
||||
|
||||
#
|
||||
# Auto-Retry Connect and Delay:
|
||||
# The time lapse, in seconds, between each reconnection in the case of a
|
||||
# timeout.
|
||||
#
|
||||
# auto_retry_connect=<yes|no>
|
||||
# retry_delay=<integer>
|
||||
#
|
||||
# Recommended values: "yes" and 30
|
||||
#
|
||||
auto_retry_connect=yes
|
||||
retry_delay=5
|
||||
|
||||
#
|
||||
# Keepalive Feature and Message Interval:
|
||||
# Indicates if and how often the client will send data to keep the tunnel
|
||||
# active.
|
||||
#
|
||||
# keepalive=<yes|no>
|
||||
# keepalive_interval=<integer>
|
||||
#
|
||||
# Recommended values: "yes" and 30
|
||||
#
|
||||
keepalive=yes
|
||||
keepalive_interval=@keepAlive@
|
||||
|
||||
#
|
||||
# Tunnel Encapsulation Mode:
|
||||
# v6v4: IPv6-in-IPv4 tunnel.
|
||||
# v6udpv4: IPv6-in-UDP-in-IPv4 tunnel (for clients behind a NAT).
|
||||
# v6anyv4: Lets the broker choose the best mode for IPv6 tunnel.
|
||||
# v4v6: IPv4-in-IPv6 tunnel.
|
||||
#
|
||||
# Recommended value: v6anyv4
|
||||
#
|
||||
tunnel_mode=v6anyv4
|
||||
|
||||
#
|
||||
# Tunnel Interface Name:
|
||||
# The interface name assigned to the tunnel. This value is O/S dependent.
|
||||
#
|
||||
# if_tunnel_v6v4 is the tunnel interface name for v6v4 encapsulation mode
|
||||
# if_tunnel_v6udpv4 is the tunnel interface name for v6udpv4 encapsulate mode
|
||||
# if_tunnel_v4v6 is the tunnel interface name for v4v6 encapsulation mode
|
||||
#
|
||||
# Default values are set during installation.
|
||||
#
|
||||
if_tunnel_v6v4=sit1
|
||||
if_tunnel_v6udpv4=tun
|
||||
if_tunnel_v4v6=sit0
|
||||
|
||||
#
|
||||
# Local IP Address of the Client:
|
||||
# Allows you to set a specific address as the local tunnel endpoint.
|
||||
#
|
||||
# client_v4=<auto|A.B.C.D (valid ipv4 address)>
|
||||
# client_v6=<auto|X:X::X:X (valid ipv6 address)>
|
||||
# auto: The Gateway6 Client will find the local IP address endpoint.
|
||||
#
|
||||
# Recommended value: auto
|
||||
#
|
||||
client_v4=auto
|
||||
client_v6=auto
|
||||
|
||||
#
|
||||
# Script Name:
|
||||
# File name of the script to run to install the tunnel interface. The
|
||||
# scripts are located in the template directory under the client
|
||||
# installation directory.
|
||||
#
|
||||
# template=<checktunnel|freebsd|netbsd|openbsd|linux|windows|darwin|cisco|solaris>
|
||||
#
|
||||
# Default value is set during installation.
|
||||
#
|
||||
template=linux
|
||||
|
||||
#
|
||||
# Proxy client:
|
||||
# Indicates that this client will request a tunnel for another endpoint,
|
||||
# such as a Cisco router.
|
||||
#
|
||||
# proxy_client=<yes|no>
|
||||
#
|
||||
# NOTE: NAT traversal is not possible in proxy mode.
|
||||
#
|
||||
proxy_client=no
|
||||
|
||||
|
||||
############################ BROKER REDIRECTION ###############################
|
||||
|
||||
#
|
||||
# Broker List File Name:
|
||||
# The 'broker_list' directive specifies the filename where the broker
|
||||
# list received during broker redirection will be saved.
|
||||
#
|
||||
# broker_list=<file_name>
|
||||
#
|
||||
broker_list=/tmp/tsp-broker-list.txt
|
||||
|
||||
#
|
||||
# Last Server Used File Name:
|
||||
# The 'last_server' directive specifies the filename where the address of
|
||||
# the last broker to which a connection was successfully established will
|
||||
# be saved.
|
||||
#
|
||||
# last_server=<file_name>
|
||||
#
|
||||
last_server=/tmp/tsp-last-server.txt
|
||||
|
||||
#
|
||||
# Always Use Last Known Working Server:
|
||||
# The value of the 'always_use_same_server' directive determines whether the
|
||||
# client should always try to connect to the broker found in the
|
||||
# 'last_server' directive filename.
|
||||
#
|
||||
# always_use_same_server=<yes|no>
|
||||
#
|
||||
always_use_same_server=no
|
||||
|
||||
|
||||
#################################### LOGGING ##################################
|
||||
|
||||
#
|
||||
# Log Verbosity Configuration:
|
||||
# The format is 'log_<destination>=level', where possible values for
|
||||
# 'destination' are:
|
||||
#
|
||||
# - console (logging to the console [AKA stdout])
|
||||
# - stderr (logging to standard error)
|
||||
# - file (logging to a file)
|
||||
# - syslog (logging to syslog [Unix only])
|
||||
#
|
||||
# and 'level' is a digit between 0 and 3. A 'level' value of 0 disables
|
||||
# logging to the destination, while values 1 to 3 request increasing levels
|
||||
# of log verbosity and detail. If 'level' is not specified, a value of 1 is
|
||||
# assumed.
|
||||
#
|
||||
# Example:
|
||||
# log_file=3 (Maximal logging to a file)
|
||||
# log_stderr=0 (Logging to standard error disabled)
|
||||
# log_console= (Minimal logging to the console)
|
||||
#
|
||||
# - Default configuration on Windows platforms:
|
||||
#
|
||||
# log_console=0
|
||||
# log_stderr=0
|
||||
# log_file=1
|
||||
#
|
||||
# - Default configuration on Unix platforms:
|
||||
#
|
||||
# log_console=0
|
||||
# log_stderr=1
|
||||
# log_file=0
|
||||
# log_syslog=0
|
||||
#
|
||||
#log_console=
|
||||
#log_stderr=
|
||||
#log_file=
|
||||
#log_syslog=
|
||||
log_file=3
|
||||
|
||||
#
|
||||
# Log File Name:
|
||||
# When logging to file is requested using the 'log_file' directive, the name
|
||||
# and path of the file to use may be specified using this directive.
|
||||
#
|
||||
# log_filename=<file_name>
|
||||
#
|
||||
log_filename=/var/log/gw6c.log
|
||||
|
||||
#
|
||||
# Log File Rotation:
|
||||
# When logging to file is requested using the 'log_file' directive, log file
|
||||
# rotation may be enabled. When enabled, the contents of the log file will
|
||||
# be moved to a backup file just before it reaches the maximum log file size
|
||||
# specified via this directive.
|
||||
#
|
||||
# The name of the backup file is the name of the original log file with
|
||||
# '.<timestamp>' inserted before the file extension. If the file does not
|
||||
# have an extension, '.<timestamp>' is appended to the name of the original
|
||||
# log file. The timestamp specifies when the rotation occurred.
|
||||
#
|
||||
# After the contents of the log file have been moved to the backup file, the
|
||||
# original file is cleared, and logging resumes at the beginning of the file.
|
||||
#
|
||||
# log_rotation=<yes|no>
|
||||
#
|
||||
log_rotation=no
|
||||
|
||||
#
|
||||
# Log File Rotation Size:
|
||||
# The 'log_rotation_size' directive specifies the maximum size a log file may
|
||||
# reach before rotation occurs, if enabled. The value is expressed in
|
||||
# kilobytes.
|
||||
#
|
||||
# log_rotation_size=<16|32|128|1024>
|
||||
#
|
||||
log_rotation_size=32
|
||||
|
||||
#
|
||||
# Syslog Logging Facility [Unix Only]:
|
||||
# When logging to syslog is requested using the 'log_syslog' directive, the
|
||||
# facility to use may be specified using this directive.
|
||||
#
|
||||
# syslog_facility=<USER|LOCAL[0-7]>
|
||||
#
|
||||
syslog_facility=USER
|
||||
|
||||
|
||||
# end of gw6c.conf
|
||||
#------------------------------------------------------------------------------
|
Loading…
Reference in New Issue