diff options
author | Andrew Dunham <andrew@du.nham.ca> | 2017-09-22 03:39:00 -0700 |
---|---|---|
committer | Robert Helgesson <robert@rycee.net> | 2017-11-02 14:39:14 +0100 |
commit | 7f921735e76076196a93fa55c234a6f1d01534a9 (patch) | |
tree | 3a9a92575b2a2b7e44ac3e73d961555f98e26f99 /nixos/modules/services/networking | |
parent | 0807f4ac66d2f5a5e2d9c1af239ab2063ac56840 (diff) | |
download | nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar.gz nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar.bz2 nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar.lz nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar.xz nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.tar.zst nixlib-7f921735e76076196a93fa55c234a6f1d01534a9.zip |
strongswan: allow configuring enabled plugins
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/strongswan.nix | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index b0eb0460b9ba..3a3f64221c42 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -32,8 +32,10 @@ let ${caConf} ''; - strongswanConf = {setup, connections, ca, secrets}: toFile "strongswan.conf" '' + strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' charon { + ${if managePlugins then "load_modular = no" else ""} + ${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} plugins { stroke { secrets_file = ${ipsecSecrets secrets} @@ -112,6 +114,25 @@ in file. ''; }; + + managePlugins = mkOption { + type = types.bool; + default = false; + description = '' + If set to true, this option will disable automatic plugin loading and + then tell strongSwan to enable the plugins specified in the + <option>enabledPlugins</option> option. + ''; + }; + + enabledPlugins = mkOption { + type = types.listOf types.str; + default = []; + description = '' + A list of additional plugins to enable if + <option>managePlugins</option> is true. + ''; + }; }; config = with cfg; mkIf enable { @@ -122,7 +143,7 @@ in wants = [ "keys.target" ]; after = [ "network-online.target" "keys.target" ]; environment = { - STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets; }; + STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; }; }; serviceConfig = { ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; |