commit 7f921735e76076196a93fa55c234a6f1d01534a9 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

strongswan: allow configuring enabled plugins

authored by Andrew Dunham and committed by Robert Helgesson 8 years ago 7f921735 0807f4ac

+23 -2

1 changed file

expand all

unified split

nixos

modules

services

networking

strongswan.nix

+23 -2

nixos/modules/services/networking/strongswan.nix

··· 32 ${caConf} 33 ''; 34 35 - strongswanConf = {setup, connections, ca, secrets}: toFile "strongswan.conf" '' 36 charon { 37 plugins { 38 stroke { 39 secrets_file = ${ipsecSecrets secrets} ··· 112 file. 113 ''; 114 }; 115 }; 116 117 config = with cfg; mkIf enable { ··· 122 wants = [ "keys.target" ]; 123 after = [ "network-online.target" "keys.target" ]; 124 environment = { 125 - STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets; }; 126 }; 127 serviceConfig = { 128 ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork";

··· 32 ${caConf} 33 ''; 34 35 + strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' 36 charon { 37 + ${if managePlugins then "load_modular = no" else ""} 38 + ${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} 39 plugins { 40 stroke { 41 secrets_file = ${ipsecSecrets secrets} ··· 114 file. 115 ''; 116 }; 117 + 118 + managePlugins = mkOption { 119 + type = types.bool; 120 + default = false; 121 + description = '' 122 + If set to true, this option will disable automatic plugin loading and 123 + then tell strongSwan to enable the plugins specified in the 124 + <option>enabledPlugins</option> option. 125 + ''; 126 + }; 127 + 128 + enabledPlugins = mkOption { 129 + type = types.listOf types.str; 130 + default = []; 131 + description = '' 132 + A list of additional plugins to enable if 133 + <option>managePlugins</option> is true. 134 + ''; 135 + }; 136 }; 137 138 config = with cfg; mkIf enable { ··· 143 wants = [ "keys.target" ]; 144 after = [ "network-online.target" "keys.target" ]; 145 environment = { 146 + STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; }; 147 }; 148 serviceConfig = { 149 ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork";