125 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			125 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, stdenv, pkgs, lib, ... }:
 | |
| 
 | |
| with lib;
 | |
| 
 | |
| {
 | |
|   options = {
 | |
|     services.pptpd = {
 | |
|       enable = mkEnableOption "Whether pptpd should be run on startup.";
 | |
| 
 | |
|       serverIp = mkOption {
 | |
|         type        = types.string;
 | |
|         description = "The server-side IP address.";
 | |
|         default     = "10.124.124.1";
 | |
|       };
 | |
| 
 | |
|       clientIpRange = mkOption {
 | |
|         type        = types.string;
 | |
|         description = "The range from which client IPs are drawn.";
 | |
|         default     = "10.124.124.2-11";
 | |
|       };
 | |
| 
 | |
|       maxClients = mkOption {
 | |
|         type        = types.int;
 | |
|         description = "The maximum number of simultaneous connections.";
 | |
|         default     = 10;
 | |
|       };
 | |
| 
 | |
|       extraPptpdOptions = mkOption {
 | |
|         type        = types.lines;
 | |
|         description = "Adds extra lines to the pptpd configuration file.";
 | |
|         default     = "";
 | |
|       };
 | |
| 
 | |
|       extraPppdOptions = mkOption {
 | |
|         type        = types.lines;
 | |
|         description = "Adds extra lines to the pppd options file.";
 | |
|         default     = "";
 | |
|         example     = ''
 | |
|           ms-dns 8.8.8.8
 | |
|           ms-dns 8.8.4.4
 | |
|         '';
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   config = mkIf config.services.pptpd.enable {
 | |
|     systemd.services.pptpd = let
 | |
|       cfg = config.services.pptpd;
 | |
| 
 | |
|       pptpd-conf = pkgs.writeText "pptpd.conf" ''
 | |
|         # Inspired from pptpd-1.4.0/samples/pptpd.conf
 | |
|         ppp ${ppp-pptpd-wrapped}/bin/pppd
 | |
|         option ${pppd-options}
 | |
|         pidfile /run/pptpd.pid
 | |
|         localip ${cfg.serverIp}
 | |
|         remoteip ${cfg.clientIpRange}
 | |
|         connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
 | |
| 
 | |
|         # Extra
 | |
|         ${cfg.extraPptpdOptions}
 | |
|       '';
 | |
| 
 | |
|       pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
 | |
|         # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
 | |
|         name pptpd
 | |
|         refuse-pap
 | |
|         refuse-chap
 | |
|         refuse-mschap
 | |
|         require-mschap-v2
 | |
|         require-mppe-128
 | |
|         proxyarp
 | |
|         lock
 | |
|         nobsdcomp
 | |
|         novj
 | |
|         novjccomp
 | |
|         nologfd
 | |
| 
 | |
|         # Extra:
 | |
|         ${cfg.extraPppdOptions}
 | |
|       '';
 | |
| 
 | |
|       ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
 | |
|         name         = "ppp-pptpd-wrapped";
 | |
|         phases       = [ "installPhase" ];
 | |
|         buildInputs  = with pkgs; [ makeWrapper ];
 | |
|         installPhase = ''
 | |
|           mkdir -p $out/bin
 | |
|           makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
 | |
|             --set LD_PRELOAD    "${pkgs.libredirect}/lib/libredirect.so" \
 | |
|             --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
 | |
|         '';
 | |
|       };
 | |
|     in {
 | |
|       description = "pptpd server";
 | |
| 
 | |
|       requires = [ "network-online.target" ];
 | |
|       wantedBy = [ "multi-user.target" ];
 | |
| 
 | |
|       preStart = ''
 | |
|         mkdir -p -m 700 /etc/ppp-pptpd
 | |
| 
 | |
|         secrets="/etc/ppp-pptpd/chap-secrets"
 | |
| 
 | |
|         [ -f "$secrets" ] || cat > "$secrets" << EOF
 | |
|         # From: pptpd-1.4.0/samples/chap-secrets
 | |
|         # Secrets for authentication using CHAP
 | |
|         # client	server	secret		IP addresses
 | |
|         #username	pptpd	password	*
 | |
|         EOF
 | |
| 
 | |
|         chown root.root "$secrets"
 | |
|         chmod 600 "$secrets"
 | |
|       '';
 | |
| 
 | |
|       serviceConfig = {
 | |
|         ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
 | |
|         KillMode  = "process";
 | |
|         Restart   = "on-success";
 | |
|         Type      = "forking";
 | |
|         PIDFile   = "/run/pptpd.pid";
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| }
 | 
