diff options
author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-04-25 15:31:27 +0200 |
---|---|---|
committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-04-25 15:31:27 +0200 |
commit | b5114de4acaf65f0a7daebed1b45a9f97c834698 (patch) | |
tree | bde131f4eb908e5991a430493f3603bed790f61e /nixos/modules/services/networking/racoon.nix | |
parent | 4e51a466bdfa260d15fbaafe52cdccf5280f13d1 (diff) | |
download | nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar.gz nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar.bz2 nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar.lz nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar.xz nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.tar.zst nixlib-b5114de4acaf65f0a7daebed1b45a9f97c834698.zip |
nixos: add racoon ipsec IKE deamon
Diffstat (limited to 'nixos/modules/services/networking/racoon.nix')
-rw-r--r-- | nixos/modules/services/networking/racoon.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/racoon.nix b/nixos/modules/services/networking/racoon.nix new file mode 100644 index 000000000000..00986bbbd849 --- /dev/null +++ b/nixos/modules/services/networking/racoon.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.racoon; +in { + options.services.racoon = { + enable = mkEnableOption "Whether to enable racoon."; + + config = mkOption { + description = "Contents of racoon configuration file."; + default = ""; + type = types.str; + }; + + configPath = mkOption { + description = "Location of racoon config if config is not provided."; + default = "/etc/racoon/racoon.conf"; + type = types.path; + }; + }; + + config = mkIf cfg.enable { + systemd.services.racoon = { + description = "Racoon Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${ + if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config + else cfg.configPath + }"; + ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config"; + PIDFile = "/var/run/racoon.pid"; + Type = "forking"; + Restart = "always"; + }; + preStart = "rm /var/run/racoon.pid || true"; + }; + }; +} |