diff options
| -rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/strongswan.nix | 23 | ||||
| -rw-r--r-- | pkgs/tools/networking/network-manager/l2tp.nix | 7 | ||||
| -rw-r--r-- | pkgs/tools/networking/strongswan/default.nix | 5 |
4 files changed, 26 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 62afbf32c2f..a5ca6cc74cf 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -335,6 +335,7 @@ in { preStart = '' mkdir -m 700 -p /etc/NetworkManager/system-connections + mkdir -m 700 -p /etc/ipsec.d mkdir -m 755 -p ${stateDirs} ''; }; diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index 3a3f64221c4..707d24b9220 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -32,13 +32,13 @@ let ${caConf} ''; - strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' + strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' charon { ${if managePlugins then "load_modular = no" else ""} ${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} plugins { stroke { - secrets_file = ${ipsecSecrets secrets} + secrets_file = ${secretsFile} } } } @@ -135,7 +135,18 @@ in }; }; - config = with cfg; mkIf enable { + + config = with cfg; + let + secretsFile = ipsecSecrets cfg.secrets; + in + mkIf enable + { + + # here we should use the default strongswan ipsec.secrets and + # append to it (default one is empty so not a pb for now) + environment.etc."ipsec.secrets".source = secretsFile; + systemd.services.strongswan = { description = "strongSwan IPSec Service"; wantedBy = [ "multi-user.target" ]; @@ -143,11 +154,15 @@ in wants = [ "keys.target" ]; after = [ "network-online.target" "keys.target" ]; environment = { - STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; }; + STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; }; }; serviceConfig = { ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; }; + preStart = '' + # with 'nopeerdns' setting, ppp writes into this folder + mkdir -m 700 -p /etc/ppp + ''; }; }; } diff --git a/pkgs/tools/networking/network-manager/l2tp.nix b/pkgs/tools/networking/network-manager/l2tp.nix index f8047abe1bd..e01197a0f75 100644 --- a/pkgs/tools/networking/network-manager/l2tp.nix +++ b/pkgs/tools/networking/network-manager/l2tp.nix @@ -41,16 +41,11 @@ stdenv.mkDerivation rec { ]; enableParallelBuilding = true; - configureFlags = [ - "--with-gnome=${if withGnome then "yes" else "no"}" - "--localstatedir=/var" - ] ; - meta = with stdenv.lib; { description = "L2TP plugin for NetworkManager"; inherit (networkmanager.meta) platforms; - homepage = http://github.com/nm-l2tp/network-manager-l2tp; + homepage = https://github.com/nm-l2tp/network-manager-l2tp; license = licenses.gpl2; maintainers = with maintainers; [ abbradar obadz ]; }; diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index eff498a174e..7c682704592 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -76,6 +76,11 @@ stdenv.mkDerivation rec { "--enable-sqlite" ] ++ optional enableNetworkManager "--enable-nm"; + postInstall = '' + # this is needed for l2tp + echo "include /etc/ipsec.secrets" >> $out/etc/ipsec.secrets + ''; + NIX_LDFLAGS = "-lgcc_s" ; meta = { |