nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 23:22:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert "gw6c" and its security options (untested)

Browse Source 
svn path=/nixos/branches/fix-style/; revision=14364
This commit is contained in:
Marc Weber 2009-03-06 12:25:48 +00:00
parent f889d6215e
commit 028b515a6e
3 changed files with 119 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
system/options.nix
View File

@ -1299,72 +1299,6 @@ in
};
gw6c = {
enable = mkOption {
default = false;
description = "
Whether to enable Gateway6 client (IPv6 tunnel).
";
};
autorun = mkOption {
default = true;
description = "
Switch to false to create upstart-job and configuration,
but not run it automatically
";
};
username = mkOption {
default = "";
description = "
Your Gateway6 login name, if any.
";
};
password = mkOption {
default = "";
description = "
Your Gateway6 password, if any.
";
};
server = mkOption {
default = "anon.freenet6.net";
example = "broker.freenet6.net";
description = "
Used Gateway6 server.
";
};
keepAlive = mkOption {
default = "30";
example = "2";
description = "
Gateway6 keep-alive period.
";
};
everPing = mkOption {
default = "1000000";
example = "2";
description = "
Gateway6 manual ping period.
";
};
waitPingableBroker = mkOption {
default = true;
example = false;
description = "
Whether to wait until tunnel broker returns ICMP echo.
";
};
};
ircdHybrid = {
enable = mkOption {
@ -1978,32 +1912,6 @@ in
};
security = {
seccureKeys = {
public = mkOption {
default = /var/elliptic-keys/public;
description = "
Public key. Make it path argument, so it is copied into store and
hashed.
The key is used to encrypt Gateway 6 configuration in store, as it
contains a password for external service. Unfortunately,
derivation file should be protected by other means. For example,
nix-http-export.cgi will happily export any non-derivation path,
but not a derivation.
";
};
private = mkOption {
default = "/var/elliptic-keys/private";
description = "
Private key. Make it string argument, so it is not copied into store.
";
};
};
};
nesting = {
children = mkOption {
@ -2082,6 +1990,8 @@ in
(import ../upstart-jobs/guest-users.nix)
(import ../upstart-jobs/pulseaudio.nix)
(import ../upstart-jobs/kbd.nix)
(import ../upstart-jobs/gw6c.nix) # Gateway6
#users
(import ../upstart-jobs/ldap)

6
upstart-jobs/default.nix
View File

@ -262,12 +262,6 @@ let
inherit config pkgs modprobe;
})
# Gateway6
++ optional config.services.gw6c.enable
(import ../upstart-jobs/gw6c.nix {
inherit config pkgs;
})
# VSFTPd server
++ optional config.services.vsftpd.enable
(import ../upstart-jobs/vsftpd.nix {

126
upstart-jobs/gw6c.nix
View File

@ -1,8 +1,106 @@
{config, pkgs}:
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
gw6c = {
enable = mkOption {
default = false;
description = "
Whether to enable Gateway6 client (IPv6 tunnel).
";
};
autorun = mkOption {
default = true;
description = "
Switch to false to create upstart-job and configuration,
but not run it automatically
";
};
username = mkOption {
default = "";
description = "
Your Gateway6 login name, if any.
";
};
password = mkOption {
default = "";
description = "
Your Gateway6 password, if any.
";
};
server = mkOption {
default = "anon.freenet6.net";
example = "broker.freenet6.net";
description = "
Used Gateway6 server.
";
};
keepAlive = mkOption {
default = "30";
example = "2";
description = "
Gateway6 keep-alive period.
";
};
everPing = mkOption {
default = "1000000";
example = "2";
description = "
Gateway6 manual ping period.
";
};
waitPingableBroker = mkOption {
default = true;
example = false;
description = "
Whether to wait until tunnel broker returns ICMP echo.
";
};
};
};
security = {
seccureKeys = {
public = mkOption {
default = /var/elliptic-keys/public;
description = "
Public key. Make it path argument, so it is copied into store and
hashed.
The key is used to encrypt Gateway 6 configuration in store, as it
contains a password for external service. Unfortunately,
derivation file should be protected by other means. For example,
nix-http-export.cgi will happily export any non-derivation path,
but not a derivation.
";
};
private = mkOption {
default = "/var/elliptic-keys/private";
description = "
Private key. Make it string argument, so it is not copied into store.
";
};
};
};
};
in
###### implementation
let
cfg = config.services.gw6c;
procps = pkgs.procps;
gw6cService = import ../services/gw6c {
gw6cService = import ../../services/gw6c {
inherit (pkgs) stdenv gw6c coreutils
procps upstart iputils gnused
gnugrep seccureUser writeScript;
@ -17,16 +115,26 @@ let
waitPingableBroker = cfg.waitPingableBroker;
};
in
{
mkIf config.services.gw6c.enable {
require = [
options
];
services = {
extraJobs = [{
name = "gw6c";
users = [];
groups = [];
job = "
description \"Gateway6 client\"
job = ''
description \"Gateway6 client\"
start on ${ if cfg.autorun then "network-interfaces/started" else "never" }
stop on network-interfaces/stop
start on ${ if cfg.autorun then "network-interfaces/started" else "never" }
stop on network-interfaces/stop
respawn ${gw6cService}/bin/control start
";
respawn ${gw6cService}/bin/control start
'';
}];
};
}