pyrox.dev
strongswan: allow configuring enabled plugins
authored by Andrew Dunham and committed by Robert Helgesson 7f921735 0807f4ac
+23
-2
nixos/modules/services/networking/strongswan.nix
+23
-2
nixos/modules/services/networking/strongswan.nix
···
32
32
${caConf}
33
33
'';
34
34
35
-
strongswanConf = {setup, connections, ca, secrets}: toFile "strongswan.conf" ''
35
+
strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
36
36
charon {
37
+
${if managePlugins then "load_modular = no" else ""}
38
+
${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""}
37
39
plugins {
38
40
stroke {
39
41
secrets_file = ${ipsecSecrets secrets}
···
112
114
file.
113
115
'';
114
116
};
117
+
118
+
managePlugins = mkOption {
119
+
type = types.bool;
120
+
default = false;
121
+
description = ''
122
+
If set to true, this option will disable automatic plugin loading and
123
+
then tell strongSwan to enable the plugins specified in the
124
+
<option>enabledPlugins</option> option.
125
+
'';
126
+
};
127
+
128
+
enabledPlugins = mkOption {
129
+
type = types.listOf types.str;
130
+
default = [];
131
+
description = ''
132
+
A list of additional plugins to enable if
133
+
<option>managePlugins</option> is true.
134
+
'';
135
+
};
115
136
};
116
137
117
138
config = with cfg; mkIf enable {
···
122
143
wants = [ "keys.target" ];
123
144
after = [ "network-online.target" "keys.target" ];
124
145
environment = {
125
-
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets; };
146
+
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; };
126
147
};
127
148
serviceConfig = {
128
149
ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork";