nixpkgs/nixos/modules/services/networking/hans.nix

# NixOS module for hans, ip over icmp daemon
{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.hans;

  hansUser = "hans";

in
{

  ### configuration

  options = {

    services.hans = {
      clients = lib.mkOption {
        default = { };
        description = ''
          Each attribute of this option defines a systemd service that
          runs hans. Many or none may be defined.
          The name of each service is
          `hans-«name»`
          where «name» is the name of the
          corresponding attribute name.
        '';
        example = lib.literalExpression ''
          {
            foo = {
              server = "192.0.2.1";
              extraConfig = "-v";
            }
          }
        '';
        type = lib.types.attrsOf (
          lib.types.submodule ({
            options = {
              server = lib.mkOption {
                type = lib.types.str;
                default = "";
                description = "IP address of server running hans";
                example = "192.0.2.1";
              };

              extraConfig = lib.mkOption {
                type = lib.types.str;
                default = "";
                description = "Additional command line parameters";
                example = "-v";
              };

              passwordFile = lib.mkOption {
                type = lib.types.str;
                default = "";
                description = "File that contains password";
              };

            };
          })
        );
      };

      server = {
        enable = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "enable hans server";
        };

        ip = lib.mkOption {
          type = lib.types.str;
          default = "";
          description = "The assigned ip range";
          example = "198.51.100.0";
        };

        respondToSystemPings = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Force hans respond to ordinary pings";
        };

        extraConfig = lib.mkOption {
          type = lib.types.str;
          default = "";
          description = "Additional command line parameters";
          example = "-v";
        };

        passwordFile = lib.mkOption {
          type = lib.types.str;
          default = "";
          description = "File that contains password";
        };
      };

    };
  };

  ### implementation

  config = lib.mkIf (cfg.server.enable || cfg.clients != { }) {
    boot.kernel.sysctl = lib.optionalAttrs cfg.server.respondToSystemPings {
      "net.ipv4.icmp_echo_ignore_all" = 1;
    };

    boot.kernelModules = [ "tun" ];

    systemd.services =
      let
        createHansClientService = name: cfg: {
          description = "hans client - ${name}";
          after = [ "network.target" ];
          wantedBy = [ "multi-user.target" ];
          script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${
            lib.optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"
          }";
          serviceConfig = {
            RestartSec = "30s";
            Restart = "always";
          };
        };
      in
      lib.listToAttrs (
        lib.mapAttrsToList (
          name: value: lib.nameValuePair "hans-${name}" (createHansClientService name value)
        ) cfg.clients
      )
      // {
        hans = lib.mkIf (cfg.server.enable) {
          description = "hans, ip over icmp server daemon";
          after = [ "network.target" ];
          wantedBy = [ "multi-user.target" ];
          script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${lib.optionalString cfg.server.respondToSystemPings "-r"} ${
            lib.optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"
          }";
        };
      };

    users.users.${hansUser} = {
      description = "Hans daemon user";
      isSystemUser = true;
    };
  };

  meta.maintainers = [ ];
}
nixos/hans: init 2018-03-27 19:43:11 +03:00			`# NixOS module for hans, ip over icmp daemon`
			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`cfg = config.services.hans;`

			`hansUser = "hans";`

			`in`
			`{`

			`### configuration`

			`options = {`

			`services.hans = {`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`clients = lib.mkOption {`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = { };`
			`description = ''`
			`Each attribute of this option defines a systemd service that`
			`runs hans. Many or none may be defined.`
			`The name of each service is`
nixos/*: replace <replaceable>s with «thing» we can't embed syntactic annotations of this kind in markdown code blocks without yet another extension. replaceable is rare enough to make this not much worth it, so we'll go with «thing» instead. the module system already uses this format for its placeholder names in attrsOf paths. 2022-08-03 01:57:59 +02:00			`hans-«name»`
			`where «name» is the name of the`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`corresponding attribute name.`
			`'';`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`example = lib.literalExpression ''`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`{`
			`foo = {`
			`server = "192.0.2.1";`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`extraConfig = "-v";`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`}`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`}`
			`'';`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`type = lib.types.attrsOf (`
			`lib.types.submodule ({`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`options = {`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`server = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = "";`
			`description = "IP address of server running hans";`
			`example = "192.0.2.1";`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`extraConfig = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`default = "";`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`description = "Additional command line parameters";`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`example = "-v";`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`passwordFile = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`default = "";`
nixos: fix typos 2022-12-17 19:31:14 -05:00			`description = "File that contains password";`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`};`

			`};`
			`})`
			`);`
			`};`

			`server = {`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`enable = lib.mkOption {`
			`type = lib.types.bool;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = false;`
			`description = "enable hans server";`
			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`ip = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = "";`
			`description = "The assigned ip range";`
			`example = "198.51.100.0";`
			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`respondToSystemPings = lib.mkOption {`
			`type = lib.types.bool;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = false;`
hans: rename option 2018-03-28 09:13:09 +03:00			`description = "Force hans respond to ordinary pings";`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`extraConfig = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`default = "";`
			`description = "Additional command line parameters";`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`example = "-v";`
			`};`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`passwordFile = lib.mkOption {`
			`type = lib.types.str;`
nixos/hans: passwordFile option #24288 2018-03-27 22:23:36 +03:00			`default = "";`
nixos: fix typos 2022-12-17 19:31:14 -05:00			`description = "File that contains password";`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`};`
			`};`

			`};`
			`};`

			`### implementation`

nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`config = lib.mkIf (cfg.server.enable \|\| cfg.clients != { }) {`
			`boot.kernel.sysctl = lib.optionalAttrs cfg.server.respondToSystemPings {`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`"net.ipv4.icmp_echo_ignore_all" = 1;`
			`};`

			`boot.kernelModules = [ "tun" ];`

			`systemd.services =`
			`let`
			`createHansClientService = name: cfg: {`
			`description = "hans client - ${name}";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.extraConfig} -c ${cfg.server} ${`
			`lib.optionalString (cfg.passwordFile != "") "-p $(cat \"${cfg.passwordFile}\")"`
			`}";`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`serviceConfig = {`
			`RestartSec = "30s";`
			`Restart = "always";`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`};`
			`};`
			`in`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`lib.listToAttrs (`
			`lib.mapAttrsToList (`
			`name: value: lib.nameValuePair "hans-${name}" (createHansClientService name value)`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`) cfg.clients`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`)`
			`// {`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`hans = lib.mkIf (cfg.server.enable) {`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`description = "hans, ip over icmp server daemon";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
nixos/services.hans: remove `with lib;` 2024-08-28 21:19:09 +02:00			`script = "${pkgs.hans}/bin/hans -f -u ${hansUser} ${cfg.server.extraConfig} -s ${cfg.server.ip} ${lib.optionalString cfg.server.respondToSystemPings "-r"} ${`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`lib.optionalString (cfg.server.passwordFile != "") "-p $(cat \"${cfg.server.passwordFile}\")"`
			`}";`
			`};`
			`};`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`users.users.${hansUser} = {`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`description = "Hans daemon user";`
treewide: Switch to system users 2019-10-12 22:25:28 +02:00			`isSystemUser = true;`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`};`
			`};`

treewide: remove unused with statements from maintainer lists $ find -type f -name '.nix' -print0 \| xargs -P "$(nproc)" -0 sed -i \ -e 's!with lib.maintainers; \[ \];![ ];!' \ -e 's!with maintainers; \[ *\];![ ];!' 2024-07-28 16:44:11 +02:00			`meta.maintainers = [ ];`
nixos/hans: init 2018-03-27 19:43:11 +03:00			`}`