toxvpn: init at 20151111

(Authored by @cleverca22)

3 files changed, 59 insertions, 0 deletions

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 149062a6b332..d421167c859c 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -268,6 +268,7 @@
       sniproxy = 244;
       nzbget = 245;
       mosquitto = 246;
+      toxvpn = 247;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -506,6 +507,7 @@
       sniproxy = 244;
       nzbget = 245;
       mosquitto = 246;
+      #toxvpn = 247; # unused
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index be41b5ebcdd7..487dc8a6d392 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -398,6 +398,7 @@
   ./services/networking/tftpd.nix
   ./services/networking/tlsdated.nix
   ./services/networking/tox-bootstrapd.nix
+  ./services/networking/toxvpn.nix
   ./services/networking/tvheadend.nix
   ./services/networking/unbound.nix
   ./services/networking/unifi.nix
diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix
new file mode 100644
index 000000000000..8c7ad9b91649
--- /dev/null
+++ b/nixos/modules/services/networking/toxvpn.nix
@@ -0,0 +1,56 @@
+{ config, stdenv, pkgs, lib, ... }:
+
+with lib;
+
+{
+  options = {
+    services.toxvpn = {
+      enable = mkOption {
+        type        = types.bool;
+        default     = false;
+        description = "enable toxvpn running on startup";
+      };
+
+      localip = mkOption {
+        type        = types.string;
+        default     = "10.123.123.1";
+        description = "your ip on the vpn";
+      };
+
+      port = mkOption {
+        type        = types.int;
+        default     = 33445;
+        description = "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT";
+      };
+    };
+  };
+
+  config = mkIf config.services.toxvpn.enable {
+    systemd.services.toxvpn = {
+      description = "toxvpn daemon";
+
+      requires = [ "network-online.target" ]; # consider replacing by NetworkManager-wait-online.service
+      wantedBy = [ "multi-user.target" ];
+
+      preStart = ''
+        mkdir -p /run/toxvpn || true
+        chown toxvpn /run/toxvpn
+      '';
+
+      serviceConfig = {
+        ExecStart = "${pkgs.toxvpn}/bin/toxvpn -i ${config.services.toxvpn.localip} -l /run/toxvpn/control -u toxvpn -p ${toString config.services.toxvpn.port}";
+        KillMode  = "process";
+        Restart   = "on-success";
+        Type      = "notify";
+      };
+    };
+
+    users.extraUsers = {
+      toxvpn = {
+        uid        = config.ids.uids.toxvpn;
+        home       = "/var/lib/toxvpn";
+        createHome = true;
+      };
+    };
+  };
+}