ppp modules: permit (mostly) same params for l2tp as pppoe
this also means that l2tp can use secrets for username/password
This commit is contained in:
Daniel Barlow
@@ -1,15 +1,22 @@
|
||||
{
|
||||
liminix
|
||||
, lib
|
||||
, output-template
|
||||
, writeAshScript
|
||||
, writeText
|
||||
, serviceFns
|
||||
, xl2tpd
|
||||
} :
|
||||
{ lns, ppp-options }:
|
||||
{ lns,
|
||||
ppp-options,
|
||||
lcpEcho,
|
||||
username,
|
||||
password,
|
||||
debug
|
||||
}:
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
lcp-echo-interval = 4;
|
||||
lcp-echo-failure = 3;
|
||||
inherit (lib) optional optionals escapeShellArgs concatStringsSep;
|
||||
name = "${lns}.l2tp";
|
||||
ip-up = writeAshScript "ip-up" {} ''
|
||||
. ${serviceFns}
|
||||
@@ -32,35 +39,55 @@ let
|
||||
)
|
||||
echo >/proc/self/fd/10
|
||||
'';
|
||||
ppp-options' = ppp-options ++ [
|
||||
"ip-up-script" ip-up
|
||||
"ipv6-up-script" ip6-up
|
||||
"ipparam" name
|
||||
"nodetach"
|
||||
"usepeerdns"
|
||||
"lcp-echo-interval" (builtins.toString lcp-echo-interval)
|
||||
"lcp-echo-failure" (builtins.toString lcp-echo-failure)
|
||||
"logfd" "2"
|
||||
];
|
||||
|
||||
literal_or_output =
|
||||
let v = o: ({
|
||||
string = builtins.toJSON;
|
||||
int = builtins.toJSON;
|
||||
set = (o: "output(${builtins.toJSON o.service}, ${builtins.toJSON o.path})");
|
||||
}.${builtins.typeOf o}) o;
|
||||
in o: "{{ ${v o} }}";
|
||||
|
||||
ppp-options' =
|
||||
["+ipv6" "noauth"]
|
||||
++ optional debug "debug"
|
||||
++ optionals (username != null) ["name" (literal_or_output username)]
|
||||
++ optionals (password != null) ["password" (literal_or_output password)]
|
||||
++ optional lcpEcho.adaptive "lcp-echo-adaptive"
|
||||
++ optionals (lcpEcho.interval != null)
|
||||
["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
|
||||
++ optionals (lcpEcho.failure != null)
|
||||
["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
|
||||
++ ppp-options
|
||||
++ ["ip-up-script" ip-up
|
||||
"ipv6-up-script" ip6-up
|
||||
"ipparam" name
|
||||
"nodetach"
|
||||
"usepeerdns"
|
||||
"logfd" "2"
|
||||
];
|
||||
|
||||
conf = writeText "xl2tpd.conf" ''
|
||||
[lac upstream]
|
||||
lns = ${lns}
|
||||
require authentication = no
|
||||
pppoptfile = ${writeText "ppp-options" ppp-options'}
|
||||
pppoptfile = /run/${name}/ppp-options
|
||||
autodial = yes
|
||||
redial = yes
|
||||
redial timeout = 1
|
||||
max redials = 2 # this gives 1 actual retry, as xl2tpd can't count
|
||||
'';
|
||||
control = "/run/xl2tpd/control-${name}";
|
||||
control = "/run/${name}/control";
|
||||
in
|
||||
longrun {
|
||||
inherit name;
|
||||
run = ''
|
||||
mkdir -p /run/xl2tpd
|
||||
mkdir -p /run/${name}
|
||||
chmod 0700 /run/${name}
|
||||
touch ${control}
|
||||
in_outputs $name
|
||||
exec ${xl2tpd}/bin/xl2tpd -D -p /run/xl2tpd/${name}.pid -c ${conf} -C ${control}
|
||||
in_outputs ${name}
|
||||
echo ${escapeShellArgs ppp-options'} | ${output-template}/bin/output-template '{{' '}}' > /run/${name}/ppp-options
|
||||
exec ${xl2tpd}/bin/xl2tpd -D -p /run/${name}/${name}.pid -c ${conf} -C ${control}
|
||||
'';
|
||||
notification-fd = 10;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user