liminix/modules/ppp/l2tp.nix

{
  lib,
  liminix,
  output-template,
  serviceFns,
  svc,
  writeAshScript,
  writeText,
  xl2tpd,
} :
{ lns,
  ppp-options,
  lcpEcho,
  username,
  password,
  debug
}:
let
  inherit (liminix.services) longrun;
  inherit (lib) optional optionals escapeShellArgs concatStringsSep;
  name = "${lns}.l2tp";
  ip-up = writeAshScript "ip-up" {} ''
    . ${serviceFns} 
    (in_outputs ${name}
     echo $1 > ifname
     echo $2 > tty
     echo $3 > speed
     echo $4 > address
     echo $5 > peer-address
     echo $DNS1 > ns1
     echo $DNS2 > ns2
    )
    echo >/proc/self/fd/10
  '';
  ip6-up = writeAshScript "ip6-up" {} ''
    . ${serviceFns} 
    (in_outputs ${name}
     echo $4 > ipv6-address
     echo $5 > ipv6-peer-address
    )
    echo >/proc/self/fd/10
  '';

  literal_or_output =
    let v = o: ({
          string = builtins.toJSON;
          int = builtins.toJSON;
          lambda = (o: "output(${builtins.toJSON (o "service")}, ${builtins.toJSON (o "path")})");
        }.${builtins.typeOf o}) o;
    in  o: "{{ ${v o} }}";

  ppp-options' =
    ["+ipv6" "noauth"]
    ++ optional debug "debug"
    ++ optionals (username != null) ["name" (literal_or_output username)]
    ++ optionals (password != null) ["password" (literal_or_output password)]
    ++ optional lcpEcho.adaptive "lcp-echo-adaptive"
    ++ optionals (lcpEcho.interval != null)
      ["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
    ++ optionals (lcpEcho.failure != null)
      ["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
    ++ ppp-options
    ++ ["ip-up-script" ip-up
        "ipv6-up-script" ip6-up
        "ipparam" name
        "nodetach"
        "usepeerdns"
        "nodefaultroute"
        "logfd" "2"
       ];

  conf = writeText "xl2tpd.conf" ''
    [lac upstream]
    lns = ${lns}
    require authentication = no
    pppoptfile = /run/${name}/ppp-options
    autodial = yes
    redial = yes
    redial timeout = 1
    max redials = 2 # this gives 1 actual retry, as xl2tpd can't count
  '';
  control = "/run/${name}/control";
  service = longrun {
    inherit name;
    run = ''
      mkdir -p /run/${name}
      chmod 0700 /run/${name}
      touch ${control}
      in_outputs ${name}
      echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
      exec ${xl2tpd}/bin/xl2tpd -D -p /run/${name}/${name}.pid -c ${conf} -C ${control} 
    '';
    notification-fd = 10;
  };
in svc.secrets.subscriber.build {
  watch = [ username password ];
  inherit service;
}
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`{`
make pppoe/l2tp more consistent 2024-09-03 21:57:45 +00:00			`lib,`
			`liminix,`
			`output-template,`
			`serviceFns,`
			`svc,`
			`writeAshScript,`
			`writeText,`
			`xl2tpd,`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`} :`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`{ lns,`
			`ppp-options,`
			`lcpEcho,`
			`username,`
			`password,`
			`debug`
			`}:`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`let`
			`inherit (liminix.services) longrun;`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`inherit (lib) optional optionals escapeShellArgs concatStringsSep;`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`name = "${lns}.l2tp";`
			`ip-up = writeAshScript "ip-up" {} ''`
			`. ${serviceFns}`
			`(in_outputs ${name}`
			`echo $1 > ifname`
			`echo $2 > tty`
			`echo $3 > speed`
			`echo $4 > address`
			`echo $5 > peer-address`
			`echo $DNS1 > ns1`
			`echo $DNS2 > ns2`
			`)`
			`echo >/proc/self/fd/10`
			`'';`
			`ip6-up = writeAshScript "ip6-up" {} ''`
			`. ${serviceFns}`
			`(in_outputs ${name}`
			`echo $4 > ipv6-address`
			`echo $5 > ipv6-peer-address`
			`)`
			`echo >/proc/self/fd/10`
			`'';`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00
			`literal_or_output =`
			`let v = o: ({`
			`string = builtins.toJSON;`
			`int = builtins.toJSON;`
change output references from attrset to lambda this is so that we can distinguish a ref from a literal parameter that might be a attrset 2024-08-23 21:25:57 +00:00			`lambda = (o: "output(${builtins.toJSON (o "service")}, ${builtins.toJSON (o "path")})");`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`}.${builtins.typeOf o}) o;`
			`in o: "{{ ${v o} }}";`

			`ppp-options' =`
			`["+ipv6" "noauth"]`
			`++ optional debug "debug"`
			`++ optionals (username != null) ["name" (literal_or_output username)]`
			`++ optionals (password != null) ["password" (literal_or_output password)]`
			`++ optional lcpEcho.adaptive "lcp-echo-adaptive"`
			`++ optionals (lcpEcho.interval != null)`
			`["lcp-echo-interval" (builtins.toString lcpEcho.interval)]`
			`++ optionals (lcpEcho.failure != null)`
			`["lcp-echo-failure" (builtins.toString lcpEcho.failure)]`
			`++ ppp-options`
			`++ ["ip-up-script" ip-up`
			`"ipv6-up-script" ip6-up`
			`"ipparam" name`
			`"nodetach"`
			`"usepeerdns"`
make nodefaultroute explicit in ppp 2024-09-03 21:53:13 +00:00			`"nodefaultroute"`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`"logfd" "2"`
			`];`

add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`conf = writeText "xl2tpd.conf" ''`
			`[lac upstream]`
			`lns = ${lns}`
			`require authentication = no`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`pppoptfile = /run/${name}/ppp-options`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`autodial = yes`
make xl2tpd quit when the connections close 2024-07-08 19:29:48 +00:00			`redial = yes`
			`redial timeout = 1`
			`max redials = 2 # this gives 1 actual retry, as xl2tpd can't count`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`'';`
ppp modules: permit (mostly) same params for l2tp as pppoe this also means that l2tp can use secrets for username/password 2024-08-21 22:10:28 +00:00			`control = "/run/${name}/control";`
restart pppoe/l2tp in secrets changes 2024-08-30 19:49:27 +00:00			`service = longrun {`
			`inherit name;`
			`run = ''`
			`mkdir -p /run/${name}`
			`chmod 0700 /run/${name}`
			`touch ${control}`
			`in_outputs ${name}`
			`echo ${escapeShellArgs ppp-options'} \| ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options`
			`exec ${xl2tpd}/bin/xl2tpd -D -p /run/${name}/${name}.pid -c ${conf} -C ${control}`
			`'';`
			`notification-fd = 10;`
			`};`
			`in svc.secrets.subscriber.build {`
			`watch = [ username password ];`
			`inherit service;`
add rudimentary l2tp service module 2024-05-11 21:48:06 +00:00			`}`