pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #242371 from jfly/add-openvpn3-systemd-resolved-support

authored by Janik and committed by GitHub 96896946 1f588ca8

+26 -4
unified split
+2
nixos/doc/manual/release-notes/rl-2311.section.md
··· 324 325 - The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively. 326 327 - `services.fail2ban.jails` can now be configured with attribute sets defining settings and filters instead of lines. The stringed options `daemonConfig` and `extraSettings` have respectively been replaced by `daemonSettings` and `jails.DEFAULT.settings` which use attribute sets. 328 329 - The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).
··· 324 325 - The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively. 326 327 + - `pkgs.openvpn3` now optionally supports systemd-resolved. `programs.openvpn3` will automatically enable systemd-resolved support if `config.services.resolved.enable` is enabled. 328 + 329 - `services.fail2ban.jails` can now be configured with attribute sets defining settings and filters instead of lines. The stringed options `daemonConfig` and `extraSettings` have respectively been replaced by `daemonSettings` and `jails.DEFAULT.settings` which use attribute sets. 330 331 - The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).
+16 -4
nixos/modules/programs/openvpn3.nix
··· 8 { 9 options.programs.openvpn3 = { 10 enable = mkEnableOption (lib.mdDoc "the openvpn3 client"); 11 }; 12 13 config = mkIf cfg.enable { 14 - services.dbus.packages = with pkgs; [ 15 - openvpn3 16 ]; 17 18 users.users.openvpn = { ··· 25 gid = config.ids.gids.openvpn; 26 }; 27 28 - environment.systemPackages = with pkgs; [ 29 - openvpn3 30 ]; 31 }; 32
··· 8 { 9 options.programs.openvpn3 = { 10 enable = mkEnableOption (lib.mdDoc "the openvpn3 client"); 11 + package = mkOption { 12 + type = types.package; 13 + default = pkgs.openvpn3.override { 14 + enableSystemdResolved = config.services.resolved.enable; 15 + }; 16 + defaultText = literalExpression ''pkgs.openvpn3.override { 17 + enableSystemdResolved = config.services.resolved.enable; 18 + }''; 19 + description = lib.mdDoc '' 20 + Which package to use for `openvpn3`. 21 + ''; 22 + }; 23 }; 24 25 config = mkIf cfg.enable { 26 + services.dbus.packages = [ 27 + cfg.package 28 ]; 29 30 users.users.openvpn = { ··· 37 gid = config.ids.gids.openvpn; 38 }; 39 40 + environment.systemPackages = [ 41 + cfg.package 42 ]; 43 }; 44
+8
pkgs/tools/networking/openvpn3/default.nix
··· 15 , pkg-config 16 , protobuf 17 , python3 18 , tinyxml-2 19 , wrapGAppsHook 20 }: ··· 80 openssl 81 protobuf 82 tinyxml-2 83 ]; 84 85 # runtime deps ··· 101 "--enable-addons-aws" 102 "--disable-selinux-build" 103 "--disable-build-test-progs" 104 ]; 105 106 NIX_LDFLAGS = "-lpthread";
··· 15 , pkg-config 16 , protobuf 17 , python3 18 + , systemd 19 + , enableSystemdResolved ? false 20 , tinyxml-2 21 , wrapGAppsHook 22 }: ··· 82 openssl 83 protobuf 84 tinyxml-2 85 + ] ++ lib.optionals enableSystemdResolved [ 86 + systemd 87 ]; 88 89 # runtime deps ··· 105 "--enable-addons-aws" 106 "--disable-selinux-build" 107 "--disable-build-test-progs" 108 + ] ++ lib.optionals enableSystemdResolved [ 109 + # This defaults to --resolv-conf /etc/resolv.conf. See 110 + # https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434 111 + "DEFAULT_DNS_RESOLVER=--systemd-resolved" 112 ]; 113 114 NIX_LDFLAGS = "-lpthread";