diff options
| author | Marc Weber <marco-oweber@gmx.de> | 2009-05-01 17:57:07 +0000 |
|---|---|---|
| committer | Marc Weber <marco-oweber@gmx.de> | 2009-05-01 17:57:07 +0000 |
| commit | 738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6 (patch) | |
| tree | 6e8ebfbd72a3cdc462f5b312680e5487d0339384 /upstart-jobs/openvpn.nix | |
| parent | 4f2725c54abe9cce61d7ba21aebcb0bd5c64bcfc (diff) | |
| download | nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar.gz nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar.bz2 nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar.lz nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar.xz nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.tar.zst nixpkgs-738fc4e48c06a9b1d4bb3b97dc05eff1667c04c6.zip | |
adding support for openvpn daemon client and/or server
svn path=/nixos/branches/modular-nixos/; revision=15421
Diffstat (limited to 'upstart-jobs/openvpn.nix')
| -rw-r--r-- | upstart-jobs/openvpn.nix | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/upstart-jobs/openvpn.nix b/upstart-jobs/openvpn.nix new file mode 100644 index 00000000000..1e1edff902c --- /dev/null +++ b/upstart-jobs/openvpn.nix @@ -0,0 +1,130 @@ + +{pkgs, config, ...}: + +###### interface +let + inherit (pkgs.lib) mkOption mkIf; + + options = { + services = { + openvpn = { + enable = mkOption { + default = false; + description = " + Whether to enable the Secure Shell daemon, which allows secure + remote logins. + "; + }; + servers = mkOption { + example = [ + { + id = "server-simplest"; + config = '' + # Most simple configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html. + # server : + dev tun + ifconfig 10.8.0.1 10.8.0.2 + secret static.key + ''; + up = "ip route add ..!"; + down = "ip route add ..!"; + } + { + id = "client-simplest"; + config = '' + #client: + #remote myremote.mydomain + #dev tun + #ifconfig 10.8.0.2 10.8.0.1 + #secret static.key + ''; + } + { + id = "server-scalable"; + config = '' + multiple clienst + see example file found in http://openvpn.net/index.php/documentation/howto.html + ''; + } + { + id = "client-scalabe"; + config = '' dito ''; + } + ]; + default = []; + description = '' + openvpn instances to be run. Each will be put into an extra job named openvpn-{id} + + The up and down properties will be added config line up=/nix/store/xxx-up-script + automatically for you. If you define at least one of up/down + "script-security 2" will be prepended to your config. + + Don't forget to check that the all package sizes can be sent. if scp hangs or such you should set + --fragment XXX --mssfix YYY. + ''; + }; + }; + }; + }; + +###### implementation + + cfg = config.services.openvpn; + + inherit (pkgs) openvpn; + inherit (builtins) hasAttr; + + PATH="${pkgs.iptables}/sbin:${pkgs.coreutils}/bin:${pkgs.iproute}/sbin:${pkgs.nettools}/sbin"; + + makeOpenVPNJob = cfg : + let + upScript = '' + #!/bin/sh + exec &> /var/log/openvpn-${cfg.id}-up + PATH=${PATH} + ${cfg.up} + ''; + downScript = '' + #!/bin/sh + exec &> /var/log/openvpn-${cfg.id}-down + PATH=${PATH} + ${cfg.down} + ''; + configFile = pkgs.writeText "openvpn-config-${cfg.id}" '' + ${if hasAttr "up" cfg || hasAttr "down" cfg then "script-security 2" else ""} + ${cfg.config} + ${if hasAttr "up" cfg then "up ${pkgs.writeScript "openvpn-${cfg.id}-up" upScript}" else "" } + ${if hasAttr "down" cfg then "down ${pkgs.writeScript "openvpn-${cfg.id}-down" downScript}" else "" } + ''; + in { + name = "openvpn-${cfg.id}"; + + job = '' + description "OpenVPN-${cfg.id}" + + start on network-interfaces/started + stop on network-interfaces/stop + + + PATH=${pkgs.coreutils}/bin + + respawn + script + exec &> /var/log/openvpn-${cfg.id} + ${openvpn}/sbin/openvpn --config ${configFile} + end script + ''; + }; + +in + + +mkIf cfg.enable { + require = [ + options + ]; + + services = { + extraJobs = map makeOpenVPNJob cfg.servers; + }; +} |