strongswan module: make it work with ipsec l2tp

l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.

Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.

Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.

2 files changed, 6 insertions, 6 deletions

diff --git a/pkgs/tools/networking/network-manager/l2tp.nix b/pkgs/tools/networking/network-manager/l2tp.nix
index f8047abe1bd..e01197a0f75 100644
--- a/pkgs/tools/networking/network-manager/l2tp.nix
+++ b/pkgs/tools/networking/network-manager/l2tp.nix
@@ -41,16 +41,11 @@ stdenv.mkDerivation rec {
   ];
 
   enableParallelBuilding = true;
-  configureFlags = [
-    "--with-gnome=${if withGnome then "yes" else "no"}"
-    "--localstatedir=/var"
-  ] ;
-
 
   meta = with stdenv.lib; {
     description = "L2TP plugin for NetworkManager";
     inherit (networkmanager.meta) platforms;
-    homepage = http://github.com/nm-l2tp/network-manager-l2tp;
+    homepage = https://github.com/nm-l2tp/network-manager-l2tp;
     license = licenses.gpl2;
     maintainers = with maintainers; [ abbradar obadz ];
   };
diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index eff498a174e..7c682704592 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -76,6 +76,11 @@ stdenv.mkDerivation rec {
          "--enable-sqlite" ]
     ++ optional enableNetworkManager "--enable-nm";
 
+  postInstall = ''
+    # this is needed for l2tp
+    echo "include /etc/ipsec.secrets" >> $out/etc/ipsec.secrets
+  '';
+
   NIX_LDFLAGS = "-lgcc_s" ;
 
   meta = {