diff options
author | Emery Hemingway <emery@vfemail.net> | 2014-03-22 21:38:04 -0400 |
---|---|---|
committer | Emery Hemingway <emery@vfemail.net> | 2014-04-09 10:30:57 -0400 |
commit | 316e809ff869c38c78d2cd561416b5168fab9de0 (patch) | |
tree | 29d9b679811986e668fa963aa3ec40f3ef81a1d4 /nixos | |
parent | 29c0d0047faffed8055da6a7c84c0a36743f8ce0 (diff) | |
download | nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar.gz nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar.bz2 nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar.lz nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar.xz nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.tar.zst nixpkgs-316e809ff869c38c78d2cd561416b5168fab9de0.zip |
cjdns: update to 20130303
build system is now nodejs based new nixos module to start cjdns
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/cjdns.nix | 207 |
2 files changed, 208 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 86bb87e91de..94d5afdb097 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -159,6 +159,7 @@ ./services/networking/bind.nix ./services/networking/bitlbee.nix ./services/networking/btsync.nix + ./services/networking/cjdns.nix ./services/networking/connman.nix ./services/networking/cntlm.nix ./services/networking/chrony.nix diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix new file mode 100644 index 00000000000..9b715ec6384 --- /dev/null +++ b/nixos/modules/services/networking/cjdns.nix @@ -0,0 +1,207 @@ +# You may notice the commented out sections in this file, +# it would be great to configure cjdns from nix, but cjdns +# reads its configuration from stdin, including the private +# key and admin password, all nested in a JSON structure. +# +# Until a good method of storing the keys outside the nix +# store and mixing them back into a string is devised +# (without too much shell hackery), a skeleton of the +# configuration building lies commented out. + +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.cjdns; + + /* + # can't keep keys and passwords in the nix store, + # but don't want to deal with this stdin quagmire. + + cjdrouteConf = '' { + "admin": {"bind": "${cfg.admin.bind}", "password": "\${CJDNS_ADMIN}" }, + "privateKey": "\${CJDNS_KEY}", + + "interfaces": { + '' + + + optionalString (cfg.interfaces.udp.bind.address != null) '' + "UDPInterface": [ { + "bind": "${cfg.interfaces.udp.bind.address}:"'' + ${if cfg.interfaces.upd.bind.port != null + then ${toString cfg.interfaces.udp.bind.port} + else ${RANDOM} + fi) + + '' } ]'' + + + (if cfg.interfaces.eth.bind != null then '' + "ETHInterface": [ { + "bind": "${cfg.interfaces.eth.bind}", + "beacon": ${toString cfg.interfaces.eth.beacon} + } ] + '' fi ) + + '' + }, + "router": { "interface": { "type": "TUNInterface" }, }, + "security": [ { "setuser": "nobody" } ] + } + ''; + + cjdrouteConfFile = pkgs.writeText "cjdroute.conf" cjdrouteConf + */ +in + +{ + options = { + + services.cjdns = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable this option to start a instance of the + cjdns network encryption and and routing engine. + Configuration will be read from <literal>confFile</literal>. + ''; + }; + + confFile = mkOption { + default = "/etc/cjdroute.conf"; + description = '' + Configuration file to pipe to cjdroute. + ''; + }; + + /* + admin = { + bind = mkOption { + default = "127.0.0.1:11234"; + description = '' + Bind the administration port to this address and port. + ''; + }; + + passwordFile = mkOption { + example = "/root/cjdns.adminPassword"; + description = '' + File containing a password to the administration port. + ''; + }; + }; + + keyFile = mkOption { + type = types.str; + example = "/root/cjdns.key"; + description = '' + Path to a file containing a cjdns private key on a single line. + ''; + }; + + passwordsFile = mkOption { + type = types.str; + default = null; + example = "/root/cjdns.authorizedPasswords"; + description = '' + A file containing a list of json dictionaries with passwords. + For example: + {"password": "s8xf5z7znl4jt05g922n3wpk75wkypk"}, + { "name": "nice guy", + "password": "xhthk1mglz8tpjrbbvdlhyc092rhpx5"}, + {"password": "3qfxyhmrht7uwzq29pmhbdm9w4bnc8w"} + ''; + }; + + interfaces = { + udp = { + bind = { + address = mkOption { + default = "0.0.0.0"; + description = '' + Address to bind UDP tunnels to; disable by setting to null; + ''; + }; + port = mkOption { + type = types.int; + default = null; + description = '' + Port to bind UDP tunnels to. + A port will be choosen at random if this is not set. + This option is required to act as the server end of + a tunnel. + ''; + }; + }; + }; + + eth = { + bind = mkOption { + default = null; + example = "eth0"; + description = '' + Bind to this device and operate with native wire format. + ''; + }; + + beacon = mkOption { + default = 2; + description = '' + Auto-connect to other cjdns nodes on the same network. + Options: + 0 -- Disabled. + + 1 -- Accept beacons, this will cause cjdns to accept incoming + beacon messages and try connecting to the sender. + + 2 -- Accept and send beacons, this will cause cjdns to broadcast + messages on the local network which contain a randomly + generated per-session password, other nodes which have this + set to 1 or 2 will hear the beacon messages and connect + automatically. + ''; + }; + + connectTo = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Credentials for connecting look similar to UDP credientials + except they begin with the mac address, for example: + "01:02:03:04:05:06":{"password":"a","publicKey":"b"} + ''; + }; + }; + }; + */ + }; + }; + + config = mkIf config.services.cjdns.enable { + + boot.kernelModules = [ "tun" ]; + + /* + networking.firewall.allowedUDPPorts = mkIf (cfg.udp.bind.port != null) [ + cfg.udp.bind.port + ]; + */ + + systemd.services.cjdns = { + description = "encrypted networking for everybody"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + before = [ "network.target" ]; + path = [ pkgs.cjdns ]; + + serviceConfig = { + Type = "forking"; + ExecStart = '' + ${pkgs.stdenv.shell} -c "${pkgs.cjdns}/sbin/cjdroute < ${cfg.confFile}" + ''; + Restart = "on-failure"; + }; + }; + }; +} |