blob: ac1d88c7893ab9792ec34bf42a158b5aacd6270c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
{ config, lib, ... }:
let
inherit (lib) foldl attrNames head;
inherit (lib.types) int str path either listOf enum;
inherit (import ./lib.nix lib) boolean boolOr default optional;
leftright = map
(a: let n = head (attrNames a);
in {
"left${n}" = a."${n}";
"right${n}" = a."${n}";
})
[
{ allowany = optional boolean; }
{ auth = optional str; }
{ auth2 = optional str; }
{ ca = optional str; }
{ ca2 = optional str; }
{ cert = optional path; }
{ cert2 = optional path; }
{ dns = optional (either str (listOf str)); }
{ firewall = optional boolean; }
{ groups = optional (either str (listOf str)); }
{ hostaccess = optional boolean; }
{ id = optional str; }
{ id2 = optional str; }
{ policy = optional (either str (listOf str)); }
{ sendcert = optional (boolOr [ "never" "always" "ifasked" ]); }
{ sigkey = optional (either str path); }
{ sourceip = optional str; }
{ subnet = optional (either str (listOf str)); }
{ updown = optional path; }
];
conn = leftright ++ [
{ aaa_identity = optional str; }
{ aggressive = optional boolean; }
{ ah = optional (either str (listOf str)); }
{ also = optional str; }
{ authby = optional (enum [ "pubkey" "rsasig" "ecdsasig" "psk" "secret" "xauthrsasig" "xauthpsk" "never" ]); }
{ auto = optional (enum [ "ignore" "add" "route" "start" ]); }
{ closeaction = optional (enum [ "none" "clear" "hold" "restart" ]); }
{ compress = optional boolean; }
{ dpdaction = optional (enum [ "none" "clear" "hold" "restart" ]); }
{ dpddelay = optional int; }
{ dpdtimeout = optional int; }
{ eap_identity = optional str; }
{ esp = optional (either str (listOf str)); }
{ forceencaps = optional boolean; }
{ fragmentation = optional (boolOr [ "force" ]); }
{ ike = optional (either str (listOf str)); }
{ ikedscp = optional str; }
{ ikelifetime = optional int; }
{ inactivity = optional int; }
{ installpolicy = optional boolean; }
{ keyexchange = optional (enum [ "ikev1" "ikev2" ]); }
{ keyingtries = optional (either int (enum [ "%forever" ])); }
{ left = optional str; }
{ lifebytes = optional int; }
{ lifepackets = optional int; }
{ lifetime = optional int; }
{ marginbytes = optional int; }
{ marginpackets = optional int; }
{ mark = optional str; }
{ mark_in = optional str; }
{ mark_out = optional str; }
{ me_peerid = optional str; }
{ mediated_by = optional str; }
{ mediation = optional boolean; }
{ mobike = optional boolean; }
{ modeconfig = optional (enum [ "push" "pull" ]); }
{ reauth = optional boolean; }
{ rekey = optional boolean; }
{ rekeyfuzz = optional int; }
{ replay_window = optional int; }
{ reqid = optional int; }
{ right = optional str; }
{ tfc = optional (either int (enum [ "%mtu" ])); }
{ type = optional (enum [ "tunnel" "transport" "transport_proxy" "passthrough" "drop" ]); }
{ xauth = optional (enum [ "client" "server" ]); }
{ xauth_identity = optional str; }
];
in {
options = foldl (a: b: a//b) {} conn;
}
|
