From 4a6d93dc2c9744a0b61a78cc28558517b3750b4a Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Sat, 11 May 2024 22:48:06 +0100 Subject: [PATCH] add rudimentary l2tp service module --- examples/l2tp.nix | 83 +++++++++++++++++++++++++++++++++++++++++ modules/ppp/default.nix | 15 ++++++++ modules/ppp/l2tp.nix | 63 +++++++++++++++++++++++++++++++ 3 files changed, 161 insertions(+) create mode 100644 examples/l2tp.nix create mode 100644 modules/ppp/l2tp.nix diff --git a/examples/l2tp.nix b/examples/l2tp.nix new file mode 100644 index 0000000..d604881 --- /dev/null +++ b/examples/l2tp.nix @@ -0,0 +1,83 @@ +{ + config, + pkgs, + lib, + ... +}: let + secrets = import ./extneder-secrets.nix; + rsecrets = import ./rotuer-secrets.nix; + inherit (pkgs.liminix.services) oneshot longrun bundle target; + inherit (pkgs.pseudofile) dir symlink; + inherit (pkgs) writeText dropbear ifwait serviceFns; + svc = config.system.service; +in rec { + boot = { + tftp = { + serverip = "10.0.0.1"; + ipaddr = "10.0.0.8"; + }; + }; + + imports = [ +# ../modules/wlan.nix + ../modules/network + ../modules/vlan + ../modules/ssh + ../modules/usb.nix + ../modules/watchdog + ../modules/mount + ../modules/ppp + ]; + hostname = "thing"; + + services.dhcpc = + let iface = config.hardware.networkInterfaces.lan; + in svc.network.dhcp.client.build { + interface = iface; + dependencies = [ config.services.hostname ]; + }; + + services.sshd = svc.ssh.build { }; + + services.resolvconf = oneshot rec { + dependencies = [ services.dhcpc ]; + name = "resolvconf"; + up = '' + . ${serviceFns} + ( in_outputs ${name} + for i in $(output ${services.dhcpc} dns); do + echo "nameserver $i" > resolv.conf + done + ) + ''; + }; + filesystem = dir { + etc = dir { + "resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf"; + }; + srv = dir {}; + }; + + services.l2tp = svc.l2tp.build { + lns = "l2tp.aaisp.net.uk"; + ppp-options = [ + "debug" "+ipv6" "noauth" + "name" rsecrets.l2tp.name + "password" rsecrets.l2tp.password + ]; + dependencies = [ services.defaultroute4 ]; + }; + + services.defaultroute4 = svc.network.route.build { + via = "$(output ${services.dhcpc} router)"; + target = "default"; + dependencies = [services.dhcpc]; + }; + + users.root = { + passwd = lib.mkForce secrets.root.passwd; + openssh.authorizedKeys.keys = secrets.root.keys; + }; + + +} diff --git a/modules/ppp/default.nix b/modules/ppp/default.nix index a0e716a..4806e54 100644 --- a/modules/ppp/default.nix +++ b/modules/ppp/default.nix @@ -17,6 +17,9 @@ in { system.service.pppoe = mkOption { type = liminix.lib.types.serviceDefn; }; + system.service.l2tp = mkOption { + type = liminix.lib.types.serviceDefn; + }; }; config = { system.service.pppoe = pkgs.liminix.callService ./pppoe.nix { @@ -29,6 +32,16 @@ in { description = "options supplied on ppp command line"; }; }; + system.service.l2tp = pkgs.liminix.callService ./l2tp.nix { + lns = mkOption { + type = types.str; + description = "hostname or address of the L2TP network server"; + }; + ppp-options = mkOption { + type = types.listOf types.str; + description = "options supplied on ppp command line"; + }; + }; kernel = { config = { PPP = "y"; @@ -36,6 +49,8 @@ in { PPP_DEFLATE = "y"; PPP_ASYNC = "y"; PPP_SYNC_TTY = "y"; + PPPOL2TP = "y"; + L2TP = "y"; }; }; }; diff --git a/modules/ppp/l2tp.nix b/modules/ppp/l2tp.nix new file mode 100644 index 0000000..361d032 --- /dev/null +++ b/modules/ppp/l2tp.nix @@ -0,0 +1,63 @@ +{ + liminix +, lib +, ppp +, pppoe +, writeAshScript +, writeText +, serviceFns +, xl2tpd +} : +{ lns, ppp-options }: +let + inherit (liminix.services) longrun; + name = "${lns}.l2tp"; + ip-up = writeAshScript "ip-up" {} '' + . ${serviceFns} + (in_outputs ${name} + echo $1 > ifname + echo $2 > tty + echo $3 > speed + echo $4 > address + echo $5 > peer-address + echo $DNS1 > ns1 + echo $DNS2 > ns2 + ) + echo >/proc/self/fd/10 + ''; + ip6-up = writeAshScript "ip6-up" {} '' + . ${serviceFns} + (in_outputs ${name} + echo $4 > ipv6-address + echo $5 > ipv6-peer-address + ) + echo >/proc/self/fd/10 + ''; + ppp-options' = ppp-options ++ [ + "ip-up-script" ip-up + "ipv6-up-script" ip6-up + "ipparam" name + "nodetach" + "usepeerdns" + "logfd" "2" + ]; + conf = writeText "xl2tpd.conf" '' + [lac upstream] + lns = ${lns} + require authentication = no + pppoptfile = ${writeText "ppp-options" ppp-options'} + autodial = yes + redial = yes + ''; + control = "/run/xl2tpd/control-${name}"; +in +longrun { + inherit name; + run = '' + . ${serviceFns} + mkdir -p /run/xl2tpd + touch ${control} + ${xl2tpd}/bin/xl2tpd -D -p /run/xl2tpd/${name}.pid -c ${conf} -C ${control} + ''; + notification-fd = 10; +}