parent
6b02ae3893
commit
fc975bcffb
@ -0,0 +1,124 @@ |
||||
{ config, stdenv, pkgs, lib, ... }: |
||||
|
||||
with lib; |
||||
|
||||
{ |
||||
options = { |
||||
services.pptpd = { |
||||
enable = mkEnableOption "enable pptpd running on startup"; |
||||
|
||||
serverIp = mkOption { |
||||
type = types.string; |
||||
description = "server ip"; |
||||
default = "10.124.124.1"; |
||||
}; |
||||
|
||||
clientIpRange = mkOption { |
||||
type = types.string; |
||||
description = "client ip range"; |
||||
default = "10.124.142.2-11"; |
||||
}; |
||||
|
||||
maxClients = mkOption { |
||||
type = types.int; |
||||
description = "maximum number of simultaneous connections"; |
||||
default = 10; |
||||
}; |
||||
|
||||
extraPptpdOptions = mkOption { |
||||
type = types.lines; |
||||
description = "extra lines for the pptpd configuration files"; |
||||
default = ""; |
||||
}; |
||||
|
||||
extraPppdOptions = mkOption { |
||||
type = types.lines; |
||||
description = "extra lines for the pppd options files"; |
||||
default = ""; |
||||
example = '' |
||||
ms-dns 8.8.8.8 |
||||
ms-dns 8.8.4.4 |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf config.services.pptpd.enable { |
||||
systemd.services.pptpd = let |
||||
cfg = config.services.pptpd; |
||||
|
||||
pptpd-conf = pkgs.writeText "pptpd.conf" '' |
||||
# Inspired from pptpd-1.4.0/samples/pptpd.conf |
||||
ppp ${ppp-pptpd-wrapped}/bin/pppd |
||||
option ${pppd-options} |
||||
pidfile /run/pptpd.pid |
||||
localip ${cfg.serverIp} |
||||
remoteip ${cfg.clientIpRange} |
||||
connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range) |
||||
|
||||
# Extra |
||||
${cfg.extraPptpdOptions} |
||||
''; |
||||
|
||||
pppd-options = pkgs.writeText "ppp-options-pptpd.conf" '' |
||||
# From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$ |
||||
name pptpd |
||||
refuse-pap |
||||
refuse-chap |
||||
refuse-mschap |
||||
require-mschap-v2 |
||||
require-mppe-128 |
||||
proxyarp |
||||
lock |
||||
nobsdcomp |
||||
novj |
||||
novjccomp |
||||
nologfd |
||||
|
||||
# Extra: |
||||
${cfg.extraPppdOptions} |
||||
''; |
||||
|
||||
ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation { |
||||
name = "ppp-pptpd-wrapped"; |
||||
phases = [ "installPhase" ]; |
||||
buildInputs = with pkgs; [ makeWrapper ]; |
||||
installPhase = '' |
||||
mkdir -p $out/bin |
||||
makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \ |
||||
--set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \ |
||||
--set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd" |
||||
''; |
||||
}; |
||||
in { |
||||
description = "pptpd server"; |
||||
|
||||
requires = [ "network-online.target" ]; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
|
||||
preStart = '' |
||||
mkdir -p -m 700 /etc/ppp-pptpd |
||||
|
||||
secrets="/etc/ppp-pptpd/chap-secrets" |
||||
|
||||
[ -f "$secrets" ] || cat > "$secrets" << EOF |
||||
# From: pptpd-1.4.0/samples/chap-secrets |
||||
# Secrets for authentication using CHAP |
||||
# client server secret IP addresses |
||||
#username pptpd password * |
||||
EOF |
||||
|
||||
chown root.root "$secrets" |
||||
chmod 600 "$secrets" |
||||
''; |
||||
|
||||
serviceConfig = { |
||||
ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}"; |
||||
KillMode = "process"; |
||||
Restart = "on-success"; |
||||
Type = "forking"; |
||||
PIDFile = "/run/pptpd.pid"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
Loading…
Reference in new issue