diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index c0c3249c60b6..5a56554dc98b 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -481,6 +481,7 @@
./services/networking/gnunet.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
+ ./services/networking/hans.nix
./services/networking/haproxy.nix
./services/networking/heyefi.nix
./services/networking/hostapd.nix
diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix
new file mode 100644
index 000000000000..56c30a6b96e1
--- /dev/null
+++ b/nixos/modules/services/networking/hans.nix
@@ -0,0 +1,145 @@
+# NixOS module for hans, ip over icmp daemon
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.hans;
+
+ hansUser = "hans";
+
+in
+{
+
+ ### configuration
+
+ options = {
+
+ services.hans = {
+ clients = mkOption {
+ default = {};
+ description = ''
+ Each attribute of this option defines a systemd service that
+ runs hans. Many or none may be defined.
+ The name of each service is
+ hans-name
+ where name is the name of the
+ corresponding attribute name.
+ '';
+ example = literalExample ''
+ {
+ foo = {
+ server = "192.0.2.1";
+ extraConfig = "-v";
+ }
+ }
+ '';
+ type = types.attrsOf (types.submodule (
+ {
+ options = {
+ server = mkOption {
+ type = types.str;
+ default = "";
+ description = "IP address of server running hans";
+ example = "192.0.2.1";
+ };
+
+ extraConfig = mkOption {
+ type = types.str;
+ default = "";
+ description = "Additional command line parameters";
+ example = "-v";
+ };
+
+ passwordFile = mkOption {
+ type = types.str;
+ default = "";
+ description = "File that containts password";
+ };
+
+ };
+ }));
+ };
+
+ server = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "enable hans server";
+ };
+
+ ip = mkOption {
+ type = types.str;
+ default = "";
+ description = "The assigned ip range";
+ example = "198.51.100.0";
+ };
+
+ respondToSystemPings = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Force hans respond to ordinary pings";
+ };
+
+ extraConfig = mkOption {
+ type = types.str;
+ default = "";
+ description = "Additional command line parameters";
+ example = "-v";
+ };
+
+ passwordFile = mkOption {
+ type = types.str;
+ default = "";
+ description = "File that containts password";
+ };
+ };
+
+ };
+ };
+
+ ### implementation
+
+ config = mkIf (cfg.server.enable || cfg.clients != {}) {
+ boot.kernel.sysctl = optionalAttrs cfg.server.respondToSystemPings {
+ "net.ipv4.icmp_echo_ignore_all" = 1;
+ };
+
+ boot.kernelModules = [ "tun" ];
+
+ systemd.services =
+ let
+ createHansClientService = name: cfg:
+ {
+ description = "hans client - ${name}";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
+ serviceConfig = {
+ RestartSec = "30s";
+ Restart = "always";
+ };
+ };
+ in
+ listToAttrs (
+ mapAttrsToList
+ (name: value: nameValuePair "hans-${name}" (createHansClientService name value))
+ cfg.clients
+ ) // {
+ hans = mkIf (cfg.server.enable) {
+ description = "hans, ip over icmp server daemon";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${optionalString cfg.server.respondToSystemPings "-r"} ${optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"}";
+ };
+ };
+
+ users.extraUsers = singleton {
+ name = hansUser;
+ description = "Hans daemon user";
+ };
+ };
+
+ meta.maintainers = with maintainers; [ gnidorah ];
+}
diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix
index 512dbd77ae4b..709c36ee54f0 100644
--- a/nixos/modules/services/networking/iodine.nix
+++ b/nixos/modules/services/networking/iodine.nix
@@ -32,7 +32,7 @@ in
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
- extraConfig = "-P mysecurepassword";
+ extraConfig = "-v";
}
}
'';
@@ -57,7 +57,13 @@ in
type = types.str;
default = "";
description = "Additional command line parameters";
- example = "-P mysecurepassword -l 192.168.1.10 -p 23";
+ example = "-l 192.168.1.10 -p 23";
+ };
+
+ passwordFile = mkOption {
+ type = types.str;
+ default = "";
+ description = "File that containts password";
};
};
}));
@@ -88,7 +94,13 @@ in
type = types.str;
default = "";
description = "Additional command line parameters";
- example = "-P mysecurepassword -l 192.168.1.10 -p 23";
+ example = "-l 192.168.1.10 -p 23";
+ };
+
+ passwordFile = mkOption {
+ type = types.str;
+ default = "";
+ description = "File that containts password";
};
};
@@ -108,10 +120,10 @@ in
description = "iodine client - ${name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
+ script = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.relay} ${cfg.server}";
serviceConfig = {
RestartSec = "30s";
Restart = "always";
- ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}";
};
};
in
@@ -124,7 +136,7 @@ in
description = "iodine, ip over dns server daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
- serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}";
+ script = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.passwordFile != "") "-P $(cat \"${cfg.passwordFile}\")"} ${cfg.server.ip} ${cfg.server.domain}";
};
};