openvpn service: source up/down scripts

source the up/down scripts instead of executing them to avoid loosing
access to special variables like $1

1 files changed, 13 insertions, 3 deletions

diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix
index 3fbf5a9f022..1e99a2b4450 100644
--- a/nixos/modules/services/networking/openvpn.nix
+++ b/nixos/modules/services/networking/openvpn.nix
@@ -28,9 +28,10 @@ let
           fi
         done
 
-        ${cfg.up}
         ${optionalString cfg.updateResolvConf
            "${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf"}
+
+        ${optionalString (cfg.up != "") "source ${userSuppliedUpScript}"}
       '';
 
       downScript = ''
@@ -38,6 +39,15 @@ let
         export PATH=${path}
         ${optionalString cfg.updateResolvConf
            "${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf"}
+
+        ${optionalString (cfg.down != "") "source ${userSuppliedDownScript}"}
+      '';
+
+      userSuppliedUpScript = pkgs.writeScript "openvpn-${name}-userSuppliedUpScript" ''
+        ${cfg.up}
+      '';
+
+      userSuppliedDownScript = pkgs.writeScript "openvpn-${name}-userSuppliedDownScript" ''
         ${cfg.down}
       '';
 
@@ -133,7 +143,7 @@ in
             default = "";
             type = types.lines;
             description = ''
-              Shell commands executed when the instance is starting.
+              Shell script sourced by NixOS generated script when the instance is starting.
             '';
           };
 
@@ -141,7 +151,7 @@ in
             default = "";
             type = types.lines;
             description = ''
-              Shell commands executed when the instance is shutting down.
+              Shell script sourced by NixOS generated script when the instance is shutting down.
             '';
           };