raboof/liminix
1
0
Fork 0
forked from dan/liminix
Code Pull Requests Activity

ppp modules: permit (mostly) same params for l2tp as pppoe

Browse Source 
this also means that l2tp can use secrets for username/password
This commit is contained in:
Daniel Barlow 2024-08-21 23:10:28 +01:00
parent 531cb113be
commit a6128955e7
3 changed files with 95 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
modules/ppp/default.nix
View File

@ -1,12 +1,18 @@
## PPP ## PPP
## === ## ===
## ##
## A PPPoE (PPP over Ethernet) configuration to address the case where ## ``ppoe`` (PPP over Ethernet) provides a service to address the case
## your Liminix device is connected to an upstream network using ## where your Liminix device is connected to an upstream network using
## PPPoE. This is typical for UK broadband connections where the ## PPPoE. This is typical for UK broadband connections where the
## physical connection is made by OpenReach ("Fibre To The X") and ## physical connection is made by OpenReach ("Fibre To The X") and
## common in some other localities as well: ask your ISP if this is ## common in some other localities as well: check with your ISP if this is
## you. ## you.
##
## ``l2tp`` (Layer 2 Tunelling Protocol) provides a service that
## tunnels PPP over the Internet. This may be used by some ISPs in
## conjunction with a DHCP uplink, or other more creative forms of
## network connection
{ lib, pkgs, config, ...}: { lib, pkgs, config, ...}:
let let
@ -34,11 +40,13 @@ in {
description = "ethernet interface to run PPPoE over"; description = "ethernet interface to run PPPoE over";
}; };
username = mkOption { username = mkOption {
type = liminix.lib.types.replacable; type = types.nullOr liminix.lib.types.replacable;
default = null;
description = "username"; description = "username";
}; };
password = mkOption { password = mkOption {
type = liminix.lib.types.replacable; type = types.nullOr liminix.lib.types.replacable;
default = null;
description = "password"; description = "password";
}; };
lcpEcho = { lcpEcho = {
@ -74,6 +82,38 @@ in {
type = types.str; type = types.str;
description = "hostname or address of the L2TP network server"; description = "hostname or address of the L2TP network server";
}; };
username = mkOption {
type = types.nullOr liminix.lib.types.replacable;
default = null;
description = "username";
};
password = mkOption {
type = types.nullOr liminix.lib.types.replacable;
default = null;
description = "password";
};
lcpEcho = {
adaptive = mkOption {
description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
type = types.bool;
default = true;
};
interval = mkOption {
type = types.nullOr types.int;
default = 3;
description = "send an LCP echo-request frame to the peer every n seconds";
};
failure = mkOption {
type = types.nullOr types.int;
default = 3;
description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
};
};
debug = mkOption {
description = "log the contents of all control packets sent or received";
default = false;
type = types.bool;
};
ppp-options = mkOption { ppp-options = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = "options supplied on ppp command line"; description = "options supplied on ppp command line";

63
modules/ppp/l2tp.nix
View File

@ -1,15 +1,22 @@
{ {
liminix liminix
, lib
, output-template
, writeAshScript , writeAshScript
, writeText , writeText
, serviceFns , serviceFns
, xl2tpd , xl2tpd
} : } :
{ lns, ppp-options }: { lns,
ppp-options,
lcpEcho,
username,
password,
debug
}:
let let
inherit (liminix.services) longrun; inherit (liminix.services) longrun;
lcp-echo-interval = 4; inherit (lib) optional optionals escapeShellArgs concatStringsSep;
lcp-echo-failure = 3;
name = "${lns}.l2tp"; name = "${lns}.l2tp";
ip-up = writeAshScript "ip-up" {} '' ip-up = writeAshScript "ip-up" {} ''
. ${serviceFns} . ${serviceFns}
@ -32,35 +39,55 @@ let
) )
echo >/proc/self/fd/10 echo >/proc/self/fd/10
''; '';
ppp-options' = ppp-options ++ [
"ip-up-script" ip-up literal_or_output =
"ipv6-up-script" ip6-up let v = o: ({
"ipparam" name string = builtins.toJSON;
"nodetach" int = builtins.toJSON;
"usepeerdns" set = (o: "output(${builtins.toJSON o.service}, ${builtins.toJSON o.path})");
"lcp-echo-interval" (builtins.toString lcp-echo-interval) }.${builtins.typeOf o}) o;
"lcp-echo-failure" (builtins.toString lcp-echo-failure) in o: "{{ ${v o} }}";
"logfd" "2"
]; ppp-options' =
["+ipv6" "noauth"]
++ optional debug "debug"
++ optionals (username != null) ["name" (literal_or_output username)]
++ optionals (password != null) ["password" (literal_or_output password)]
++ optional lcpEcho.adaptive "lcp-echo-adaptive"
++ optionals (lcpEcho.interval != null)
["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
++ optionals (lcpEcho.failure != null)
["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
++ ppp-options
++ ["ip-up-script" ip-up
"ipv6-up-script" ip6-up
"ipparam" name
"nodetach"
"usepeerdns"
"logfd" "2"
];
conf = writeText "xl2tpd.conf" '' conf = writeText "xl2tpd.conf" ''
[lac upstream] [lac upstream]
lns = ${lns} lns = ${lns}
require authentication = no require authentication = no
pppoptfile = ${writeText "ppp-options" ppp-options'} pppoptfile = /run/${name}/ppp-options
autodial = yes autodial = yes
redial = yes redial = yes
redial timeout = 1 redial timeout = 1
max redials = 2 # this gives 1 actual retry, as xl2tpd can't count max redials = 2 # this gives 1 actual retry, as xl2tpd can't count
''; '';
control = "/run/xl2tpd/control-${name}"; control = "/run/${name}/control";
in in
longrun { longrun {
inherit name; inherit name;
run = '' run = ''
mkdir -p /run/xl2tpd mkdir -p /run/${name}
chmod 0700 /run/${name}
touch ${control} touch ${control}
in_outputs $name in_outputs ${name}
exec ${xl2tpd}/bin/xl2tpd -D -p /run/xl2tpd/${name}.pid -c ${conf} -C ${control} echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
exec ${xl2tpd}/bin/xl2tpd -D -p /run/${name}/${name}.pid -c ${conf} -C ${control}
''; '';
notification-fd = 10; notification-fd = 10;
} }

10
modules/ppp/pppoe.nix
View File

@ -47,7 +47,8 @@ let
set = (o: "output(${builtins.toJSON o.service}, ${builtins.toJSON o.path})"); set = (o: "output(${builtins.toJSON o.service}, ${builtins.toJSON o.path})");
}.${builtins.typeOf o}) o; }.${builtins.typeOf o}) o;
in o: "{{ ${v o} }}"; in o: "{{ ${v o} }}";
ppp-options' = ["+ipv6" "noauth"] ppp-options' =
["+ipv6" "noauth"]
++ optional debug "debug" ++ optional debug "debug"
++ optionals (username != null) ["name" (literal_or_output username)] ++ optionals (username != null) ["name" (literal_or_output username)]
++ optionals (password != null) ["password" (literal_or_output password)] ++ optionals (password != null) ["password" (literal_or_output password)]
@ -69,12 +70,11 @@ in
longrun { longrun {
inherit name; inherit name;
run = '' run = ''
. ${serviceFns}
mkdir -p /run/${name} mkdir -p /run/${name}
chmod 0700 /run/${name} chmod 0700 /run/${name}
echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/${name}.conf in_outputs ${name}
echo Starting pppoe, pppd pid is $$ echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt} -I $(output ${interface} ifname)" file /run/${name}/${name}.conf exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt} -I $(output ${interface} ifname)" file /run/${name}/ppp-options
''; '';
notification-fd = 10; notification-fd = 10;
timeout-up = if lcpEcho.failure != null timeout-up = if lcpEcho.failure != null