pyrox.dev
1# NixOS module for iodine, ip over dns daemon
2
3{ config, lib, pkgs, ... }:
4
5with lib;
6
7let
8 cfg = config.services.iodined;
9
10 iodinedUser = "iodined";
11
12in
13
14{
15
16 ### configuration
17
18 options = {
19
20 services.iodined = {
21
22 enable = mkOption {
23 type = types.bool;
24 default = false;
25 description = "Enable iodine, ip over dns daemon";
26 };
27
28 client = mkOption {
29 type = types.bool;
30 default = false;
31 description = "Start iodine in client mode";
32 };
33
34 ip = mkOption {
35 type = types.str;
36 default = "";
37 description = "Assigned ip address or ip range";
38 example = "172.16.10.1/24";
39 };
40
41 domain = mkOption {
42 type = types.str;
43 default = "";
44 description = "Domain or subdomain of which nameservers point to us";
45 example = "tunnel.mydomain.com";
46 };
47
48 extraConfig = mkOption {
49 type = types.str;
50 default = "";
51 description = "Additional command line parameters";
52 example = "-P mysecurepassword -l 192.168.1.10 -p 23";
53 };
54
55 };
56
57 };
58
59 ### implementation
60
61 config = mkIf cfg.enable {
62 environment.systemPackages = [ pkgs.iodine ];
63 boot.kernelModules = [ "tun" ];
64
65 systemd.services.iodined = {
66 description = "iodine, ip over dns daemon";
67 after = [ "network.target" ];
68 wantedBy = [ "multi-user.target" ];
69 serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
70 };
71
72
73 users.extraUsers = singleton {
74 name = iodinedUser;
75 uid = config.ids.uids.iodined;
76 description = "Iodine daemon user";
77 };
78 users.extraGroups.iodined.gid = config.ids.gids.iodined;
79
80 assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true;
81 message = "cannot start iodined without ip set";}
82 { assertion = cfg.domain != "";
83 message = "cannot start iodined without domain name set";}];
84
85 };
86
87}