public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services/networking/softether.nix
Maximilian Bosch 56a7bc05e1
nixos/treewide: drop dependencies to keys.target 
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00

164 lines
4.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.softether;
package = cfg.package.override { dataDir = cfg.dataDir; };
in
{
###### interface
options = {
services.softether = {
enable = mkEnableOption "SoftEther VPN services";
package = mkOption {
type = types.package;
default = pkgs.softether;
defaultText = "pkgs.softether";
description = ''
softether derivation to use.
'';
};
vpnserver.enable = mkEnableOption "SoftEther VPN Server";
vpnbridge.enable = mkEnableOption "SoftEther VPN Bridge";
vpnclient = {
enable = mkEnableOption "SoftEther VPN Client";
up = mkOption {
type = types.lines;
default = "";
description = ''
Shell commands executed when the Virtual Network Adapter(s) is/are starting.
'';
};
down = mkOption {
type = types.lines;
default = "";
description = ''
Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.
'';
};
};
dataDir = mkOption {
type = types.string;
default = "/var/lib/softether";
description = ''
Data directory for SoftEther VPN.
'';
};
};
};
###### implementation
config = mkIf cfg.enable (
mkMerge [{
environment.systemPackages = [ package ];
systemd.services."softether-init" = {
description = "SoftEther VPN services initial task";
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = false;
};
script = ''
for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then
${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d
install -m0600 ${package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
fi
done
rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
'';
};
}
(mkIf (cfg.vpnserver.enable) {
systemd.services.vpnserver = {
description = "SoftEther VPN Server";
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${package}/bin/vpnserver start";
ExecStop = "${package}/bin/vpnserver stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
'';
};
})
(mkIf (cfg.vpnbridge.enable) {
systemd.services.vpnbridge = {
description = "SoftEther VPN Bridge";
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${package}/bin/vpnbridge start";
ExecStop = "${package}/bin/vpnbridge stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
'';
};
})
(mkIf (cfg.vpnclient.enable) {
systemd.services.vpnclient = {
description = "SoftEther VPN Client";
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${package}/bin/vpnclient start";
ExecStop = "${package}/bin/vpnclient stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
'';
postStart = ''
sleep 1
${cfg.vpnclient.up}
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient
sleep 1
${cfg.vpnclient.down}
'';
};
boot.kernelModules = [ "tun" ];
})
]);
}
Reference in New Issue View Git Blame Copy Permalink