2018-07-20 21:56:59 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
2016-06-18 00:17:00 +01:00
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
services.pptpd = {
|
2018-10-05 07:14:45 +01:00
|
|
|
enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon";
|
2016-06-18 00:17:00 +01:00
|
|
|
|
|
|
|
serverIp = mkOption {
|
|
|
|
type = types.string;
|
2016-06-18 16:26:15 +01:00
|
|
|
description = "The server-side IP address.";
|
2016-06-18 00:17:00 +01:00
|
|
|
default = "10.124.124.1";
|
|
|
|
};
|
|
|
|
|
|
|
|
clientIpRange = mkOption {
|
|
|
|
type = types.string;
|
2016-06-18 16:26:15 +01:00
|
|
|
description = "The range from which client IPs are drawn.";
|
2016-06-20 20:54:17 +01:00
|
|
|
default = "10.124.124.2-11";
|
2016-06-18 00:17:00 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
maxClients = mkOption {
|
|
|
|
type = types.int;
|
2016-06-18 16:26:15 +01:00
|
|
|
description = "The maximum number of simultaneous connections.";
|
2016-06-18 00:17:00 +01:00
|
|
|
default = 10;
|
|
|
|
};
|
|
|
|
|
|
|
|
extraPptpdOptions = mkOption {
|
|
|
|
type = types.lines;
|
2016-06-18 16:26:15 +01:00
|
|
|
description = "Adds extra lines to the pptpd configuration file.";
|
2016-06-18 00:17:00 +01:00
|
|
|
default = "";
|
|
|
|
};
|
|
|
|
|
|
|
|
extraPppdOptions = mkOption {
|
|
|
|
type = types.lines;
|
2016-06-18 16:26:15 +01:00
|
|
|
description = "Adds extra lines to the pppd options file.";
|
2016-06-18 00:17:00 +01:00
|
|
|
default = "";
|
|
|
|
example = ''
|
|
|
|
ms-dns 8.8.8.8
|
|
|
|
ms-dns 8.8.4.4
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf config.services.pptpd.enable {
|
|
|
|
systemd.services.pptpd = let
|
|
|
|
cfg = config.services.pptpd;
|
|
|
|
|
|
|
|
pptpd-conf = pkgs.writeText "pptpd.conf" ''
|
|
|
|
# Inspired from pptpd-1.4.0/samples/pptpd.conf
|
|
|
|
ppp ${ppp-pptpd-wrapped}/bin/pppd
|
|
|
|
option ${pppd-options}
|
|
|
|
pidfile /run/pptpd.pid
|
|
|
|
localip ${cfg.serverIp}
|
|
|
|
remoteip ${cfg.clientIpRange}
|
|
|
|
connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
|
|
|
|
|
|
|
|
# Extra
|
|
|
|
${cfg.extraPptpdOptions}
|
|
|
|
'';
|
|
|
|
|
|
|
|
pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
|
|
|
|
# From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
|
|
|
|
name pptpd
|
|
|
|
refuse-pap
|
|
|
|
refuse-chap
|
|
|
|
refuse-mschap
|
|
|
|
require-mschap-v2
|
|
|
|
require-mppe-128
|
|
|
|
proxyarp
|
|
|
|
lock
|
|
|
|
nobsdcomp
|
|
|
|
novj
|
|
|
|
novjccomp
|
|
|
|
nologfd
|
|
|
|
|
|
|
|
# Extra:
|
|
|
|
${cfg.extraPppdOptions}
|
|
|
|
'';
|
|
|
|
|
|
|
|
ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
|
|
|
|
name = "ppp-pptpd-wrapped";
|
|
|
|
phases = [ "installPhase" ];
|
|
|
|
buildInputs = with pkgs; [ makeWrapper ];
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out/bin
|
|
|
|
makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
|
|
|
|
--set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
|
|
|
|
--set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
description = "pptpd server";
|
|
|
|
|
|
|
|
requires = [ "network-online.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
|
|
|
preStart = ''
|
|
|
|
mkdir -p -m 700 /etc/ppp-pptpd
|
|
|
|
|
|
|
|
secrets="/etc/ppp-pptpd/chap-secrets"
|
|
|
|
|
|
|
|
[ -f "$secrets" ] || cat > "$secrets" << EOF
|
|
|
|
# From: pptpd-1.4.0/samples/chap-secrets
|
|
|
|
# Secrets for authentication using CHAP
|
|
|
|
# client server secret IP addresses
|
|
|
|
#username pptpd password *
|
|
|
|
EOF
|
|
|
|
|
|
|
|
chown root.root "$secrets"
|
|
|
|
chmod 600 "$secrets"
|
|
|
|
'';
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
|
|
|
|
KillMode = "process";
|
|
|
|
Restart = "on-success";
|
|
|
|
Type = "forking";
|
|
|
|
PIDFile = "/run/pptpd.pid";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|