From b5114de4acaf65f0a7daebed1b45a9f97c834698 Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Sat, 25 Apr 2015 15:31:27 +0200 Subject: [PATCH] nixos: add racoon ipsec IKE deamon --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/racoon.nix | 42 ++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 nixos/modules/services/networking/racoon.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 17717c5988dc..ebc77ba776a8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -293,6 +293,7 @@ ./services/networking/privoxy.nix ./services/networking/prosody.nix ./services/networking/quassel.nix + ./services/networking/racoon.nix ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix diff --git a/nixos/modules/services/networking/racoon.nix b/nixos/modules/services/networking/racoon.nix new file mode 100644 index 000000000000..00986bbbd849 --- /dev/null +++ b/nixos/modules/services/networking/racoon.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.racoon; +in { + options.services.racoon = { + enable = mkEnableOption "Whether to enable racoon."; + + config = mkOption { + description = "Contents of racoon configuration file."; + default = ""; + type = types.str; + }; + + configPath = mkOption { + description = "Location of racoon config if config is not provided."; + default = "/etc/racoon/racoon.conf"; + type = types.path; + }; + }; + + config = mkIf cfg.enable { + systemd.services.racoon = { + description = "Racoon Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${ + if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config + else cfg.configPath + }"; + ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config"; + PIDFile = "/var/run/racoon.pid"; + Type = "forking"; + Restart = "always"; + }; + preStart = "rm /var/run/racoon.pid || true"; + }; + }; +}