pptpd: add nixos service
This commit is contained in:
parent
6b02ae3893
commit
fc975bcffb
@ -371,6 +371,7 @@
|
||||
./services/networking/ostinato.nix
|
||||
./services/networking/pdnsd.nix
|
||||
./services/networking/polipo.nix
|
||||
./services/networking/pptpd.nix
|
||||
./services/networking/prayer.nix
|
||||
./services/networking/privoxy.nix
|
||||
./services/networking/prosody.nix
|
||||
|
124
nixos/modules/services/networking/pptpd.nix
Normal file
124
nixos/modules/services/networking/pptpd.nix
Normal file
@ -0,0 +1,124 @@
|
||||
{ config, stdenv, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
services.pptpd = {
|
||||
enable = mkEnableOption "enable pptpd running on startup";
|
||||
|
||||
serverIp = mkOption {
|
||||
type = types.string;
|
||||
description = "server ip";
|
||||
default = "10.124.124.1";
|
||||
};
|
||||
|
||||
clientIpRange = mkOption {
|
||||
type = types.string;
|
||||
description = "client ip range";
|
||||
default = "10.124.142.2-11";
|
||||
};
|
||||
|
||||
maxClients = mkOption {
|
||||
type = types.int;
|
||||
description = "maximum number of simultaneous connections";
|
||||
default = 10;
|
||||
};
|
||||
|
||||
extraPptpdOptions = mkOption {
|
||||
type = types.lines;
|
||||
description = "extra lines for the pptpd configuration files";
|
||||
default = "";
|
||||
};
|
||||
|
||||
extraPppdOptions = mkOption {
|
||||
type = types.lines;
|
||||
description = "extra lines for the pppd options files";
|
||||
default = "";
|
||||
example = ''
|
||||
ms-dns 8.8.8.8
|
||||
ms-dns 8.8.4.4
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.services.pptpd.enable {
|
||||
systemd.services.pptpd = let
|
||||
cfg = config.services.pptpd;
|
||||
|
||||
pptpd-conf = pkgs.writeText "pptpd.conf" ''
|
||||
# Inspired from pptpd-1.4.0/samples/pptpd.conf
|
||||
ppp ${ppp-pptpd-wrapped}/bin/pppd
|
||||
option ${pppd-options}
|
||||
pidfile /run/pptpd.pid
|
||||
localip ${cfg.serverIp}
|
||||
remoteip ${cfg.clientIpRange}
|
||||
connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
|
||||
|
||||
# Extra
|
||||
${cfg.extraPptpdOptions}
|
||||
'';
|
||||
|
||||
pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
|
||||
# From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
|
||||
name pptpd
|
||||
refuse-pap
|
||||
refuse-chap
|
||||
refuse-mschap
|
||||
require-mschap-v2
|
||||
require-mppe-128
|
||||
proxyarp
|
||||
lock
|
||||
nobsdcomp
|
||||
novj
|
||||
novjccomp
|
||||
nologfd
|
||||
|
||||
# Extra:
|
||||
${cfg.extraPppdOptions}
|
||||
'';
|
||||
|
||||
ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
|
||||
name = "ppp-pptpd-wrapped";
|
||||
phases = [ "installPhase" ];
|
||||
buildInputs = with pkgs; [ makeWrapper ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
|
||||
--set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
|
||||
--set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
|
||||
'';
|
||||
};
|
||||
in {
|
||||
description = "pptpd server";
|
||||
|
||||
requires = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart = ''
|
||||
mkdir -p -m 700 /etc/ppp-pptpd
|
||||
|
||||
secrets="/etc/ppp-pptpd/chap-secrets"
|
||||
|
||||
[ -f "$secrets" ] || cat > "$secrets" << EOF
|
||||
# From: pptpd-1.4.0/samples/chap-secrets
|
||||
# Secrets for authentication using CHAP
|
||||
# client server secret IP addresses
|
||||
#username pptpd password *
|
||||
EOF
|
||||
|
||||
chown root.root "$secrets"
|
||||
chmod 600 "$secrets"
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
|
||||
KillMode = "process";
|
||||
Restart = "on-success";
|
||||
Type = "forking";
|
||||
PIDFile = "/run/pptpd.pid";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user