adding support for openvpn daemon client and/or server
svn path=/nixos/branches/modular-nixos/; revision=15421
This commit is contained in:
parent
4f2725c54a
commit
738fc4e48c
@ -487,6 +487,7 @@ in
|
||||
(import ../upstart-jobs/tty-backgrounds.nix)
|
||||
|
||||
(import ../upstart-jobs/synergy.nix)
|
||||
(import ../upstart-jobs/openvpn.nix)
|
||||
|
||||
(import ../upstart-jobs/nfs-kernel.nix)
|
||||
(import ../upstart-jobs/autofs.nix)
|
||||
|
130
upstart-jobs/openvpn.nix
Normal file
130
upstart-jobs/openvpn.nix
Normal file
@ -0,0 +1,130 @@
|
||||
|
||||
{pkgs, config, ...}:
|
||||
|
||||
###### interface
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf;
|
||||
|
||||
options = {
|
||||
services = {
|
||||
openvpn = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Whether to enable the Secure Shell daemon, which allows secure
|
||||
remote logins.
|
||||
";
|
||||
};
|
||||
servers = mkOption {
|
||||
example = [
|
||||
{
|
||||
id = "server-simplest";
|
||||
config = ''
|
||||
# Most simple configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
|
||||
# server :
|
||||
dev tun
|
||||
ifconfig 10.8.0.1 10.8.0.2
|
||||
secret static.key
|
||||
'';
|
||||
up = "ip route add ..!";
|
||||
down = "ip route add ..!";
|
||||
}
|
||||
{
|
||||
id = "client-simplest";
|
||||
config = ''
|
||||
#client:
|
||||
#remote myremote.mydomain
|
||||
#dev tun
|
||||
#ifconfig 10.8.0.2 10.8.0.1
|
||||
#secret static.key
|
||||
'';
|
||||
}
|
||||
{
|
||||
id = "server-scalable";
|
||||
config = ''
|
||||
multiple clienst
|
||||
see example file found in http://openvpn.net/index.php/documentation/howto.html
|
||||
'';
|
||||
}
|
||||
{
|
||||
id = "client-scalabe";
|
||||
config = '' dito '';
|
||||
}
|
||||
];
|
||||
default = [];
|
||||
description = ''
|
||||
openvpn instances to be run. Each will be put into an extra job named openvpn-{id}
|
||||
|
||||
The up and down properties will be added config line up=/nix/store/xxx-up-script
|
||||
automatically for you. If you define at least one of up/down
|
||||
"script-security 2" will be prepended to your config.
|
||||
|
||||
Don't forget to check that the all package sizes can be sent. if scp hangs or such you should set
|
||||
--fragment XXX --mssfix YYY.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
cfg = config.services.openvpn;
|
||||
|
||||
inherit (pkgs) openvpn;
|
||||
inherit (builtins) hasAttr;
|
||||
|
||||
PATH="${pkgs.iptables}/sbin:${pkgs.coreutils}/bin:${pkgs.iproute}/sbin:${pkgs.nettools}/sbin";
|
||||
|
||||
makeOpenVPNJob = cfg :
|
||||
let
|
||||
upScript = ''
|
||||
#!/bin/sh
|
||||
exec &> /var/log/openvpn-${cfg.id}-up
|
||||
PATH=${PATH}
|
||||
${cfg.up}
|
||||
'';
|
||||
downScript = ''
|
||||
#!/bin/sh
|
||||
exec &> /var/log/openvpn-${cfg.id}-down
|
||||
PATH=${PATH}
|
||||
${cfg.down}
|
||||
'';
|
||||
configFile = pkgs.writeText "openvpn-config-${cfg.id}" ''
|
||||
${if hasAttr "up" cfg || hasAttr "down" cfg then "script-security 2" else ""}
|
||||
${cfg.config}
|
||||
${if hasAttr "up" cfg then "up ${pkgs.writeScript "openvpn-${cfg.id}-up" upScript}" else "" }
|
||||
${if hasAttr "down" cfg then "down ${pkgs.writeScript "openvpn-${cfg.id}-down" downScript}" else "" }
|
||||
'';
|
||||
in {
|
||||
name = "openvpn-${cfg.id}";
|
||||
|
||||
job = ''
|
||||
description "OpenVPN-${cfg.id}"
|
||||
|
||||
start on network-interfaces/started
|
||||
stop on network-interfaces/stop
|
||||
|
||||
|
||||
PATH=${pkgs.coreutils}/bin
|
||||
|
||||
respawn
|
||||
script
|
||||
exec &> /var/log/openvpn-${cfg.id}
|
||||
${openvpn}/sbin/openvpn --config ${configFile}
|
||||
end script
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
|
||||
mkIf cfg.enable {
|
||||
require = [
|
||||
options
|
||||
];
|
||||
|
||||
services = {
|
||||
extraJobs = map makeOpenVPNJob cfg.servers;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user