Merge pull request #33890 from lschuermann/openvpn-auth-user-pass

openvpn: add option to store credentials
This commit is contained in:
Jörg Thalheim 2018-01-16 08:18:51 +00:00 committed by GitHub
commit c4d37f1460
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -50,6 +50,11 @@ let
"up ${pkgs.writeScript "openvpn-${name}-up" upScript}"}
${optionalString (cfg.down != "" || cfg.updateResolvConf)
"down ${pkgs.writeScript "openvpn-${name}-down" downScript}"}
${optionalString (cfg.authUserPass != null)
"auth-user-pass ${pkgs.writeText "openvpn-credentials-${name}" ''
${cfg.authUserPass.username}
${cfg.authUserPass.password}
''}"}
'';
in {
@ -161,6 +166,29 @@ in
'';
};
authUserPass = mkOption {
default = null;
description = ''
This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method.
WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store!
'';
type = types.nullOr (types.submodule {
options = {
username = mkOption {
description = "The username to store inside the credentials file.";
type = types.string;
};
password = mkOption {
description = "The password to store inside the credentials file.";
type = types.string;
};
};
});
};
};
});