From fe4f4de1c92714aa9a2add7ffb3ca83a861d6d4e Mon Sep 17 00:00:00 2001
From: Matthieu Coudron <mattator@gmail.com>
Date: Tue, 31 Oct 2017 20:14:00 +0900
Subject: strongswan module: make it work with ipsec l2tp

l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.

Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.

Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
---
 nixos/modules/services/networking/networkmanager.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nixos/modules/services/networking/networkmanager.nix')

diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 62afbf32c2f6..a5ca6cc74cf5 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -335,6 +335,7 @@ in {
 
       preStart = ''
         mkdir -m 700 -p /etc/NetworkManager/system-connections
+        mkdir -m 700 -p /etc/ipsec.d
         mkdir -m 755 -p ${stateDirs}
       '';
     };
-- 
cgit 1.4.1