diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/services/networking/xl2tpd.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-archive.tar nixpkgs-archive.tar.gz nixpkgs-archive.tar.bz2 nixpkgs-archive.tar.lz nixpkgs-archive.tar.xz nixpkgs-archive.tar.zst nixpkgs-archive.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/services/networking/xl2tpd.nix')
-rw-r--r-- | nixos/modules/services/networking/xl2tpd.nix | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/xl2tpd.nix b/nixos/modules/services/networking/xl2tpd.nix new file mode 100644 index 00000000000..7dbe51422d9 --- /dev/null +++ b/nixos/modules/services/networking/xl2tpd.nix @@ -0,0 +1,143 @@ +{ config, pkgs, lib, ... }: + +with lib; + +{ + options = { + services.xl2tpd = { + enable = mkEnableOption "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"; + + serverIp = mkOption { + type = types.str; + description = "The server-side IP address."; + default = "10.125.125.1"; + }; + + clientIpRange = mkOption { + type = types.str; + description = "The range from which client IPs are drawn."; + default = "10.125.125.2-11"; + }; + + extraXl2tpOptions = mkOption { + type = types.lines; + description = "Adds extra lines to the xl2tpd configuration file."; + default = ""; + }; + + extraPppdOptions = mkOption { + type = types.lines; + description = "Adds extra lines to the pppd options file."; + default = ""; + example = '' + ms-dns 8.8.8.8 + ms-dns 8.8.4.4 + ''; + }; + }; + }; + + config = mkIf config.services.xl2tpd.enable { + systemd.services.xl2tpd = let + cfg = config.services.xl2tpd; + + # Config files from https://help.ubuntu.com/community/L2TPServer + xl2tpd-conf = pkgs.writeText "xl2tpd.conf" '' + [global] + ipsec saref = no + + [lns default] + local ip = ${cfg.serverIp} + ip range = ${cfg.clientIpRange} + pppoptfile = ${pppd-options} + length bit = yes + + ; Extra + ${cfg.extraXl2tpOptions} + ''; + + pppd-options = pkgs.writeText "ppp-options-xl2tpd.conf" '' + refuse-pap + refuse-chap + refuse-mschap + require-mschap-v2 + # require-mppe-128 + asyncmap 0 + auth + crtscts + idle 1800 + mtu 1200 + mru 1200 + lock + hide-password + local + # debug + name xl2tpd + # proxyarp + lcp-echo-interval 30 + lcp-echo-failure 4 + + # Extra: + ${cfg.extraPppdOptions} + ''; + + xl2tpd-ppp-wrapped = pkgs.stdenv.mkDerivation { + name = "xl2tpd-ppp-wrapped"; + phases = [ "installPhase" ]; + buildInputs = with pkgs; [ makeWrapper ]; + installPhase = '' + mkdir -p $out/bin + + makeWrapper ${pkgs.ppp}/sbin/pppd $out/bin/pppd \ + --set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS "/etc/ppp=/etc/xl2tpd/ppp" + + makeWrapper ${pkgs.xl2tpd}/bin/xl2tpd $out/bin/xl2tpd \ + --set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS "${pkgs.ppp}/sbin/pppd=$out/bin/pppd" + ''; + }; + in { + description = "xl2tpd server"; + + requires = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + mkdir -p -m 700 /etc/xl2tpd + + pushd /etc/xl2tpd > /dev/null + + mkdir -p -m 700 ppp + + [ -f ppp/chap-secrets ] || cat > ppp/chap-secrets << EOF + # Secrets for authentication using CHAP + # client server secret IP addresses + #username xl2tpd password * + EOF + + chown root.root ppp/chap-secrets + chmod 600 ppp/chap-secrets + + # The documentation says this file should be present but doesn't explain why and things work even if not there: + [ -f l2tp-secrets ] || (echo -n "* * "; ${pkgs.apg}/bin/apg -n 1 -m 32 -x 32 -a 1 -M LCN) > l2tp-secrets + chown root.root l2tp-secrets + chmod 600 l2tp-secrets + + popd > /dev/null + + mkdir -p /run/xl2tpd + chown root.root /run/xl2tpd + chmod 700 /run/xl2tpd + ''; + + serviceConfig = { + ExecStart = "${xl2tpd-ppp-wrapped}/bin/xl2tpd -D -c ${xl2tpd-conf} -s /etc/xl2tpd/l2tp-secrets -p /run/xl2tpd/pid -C /run/xl2tpd/control"; + KillMode = "process"; + Restart = "on-success"; + Type = "simple"; + PIDFile = "/run/xl2tpd/pid"; + }; + }; + }; +} |