Loading nixos/doc/manual/release-notes/rl-2305.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -111,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake. - [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable). ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -883,6 +883,7 @@ ./services/networking/iscsi/initiator.nix ./services/networking/iscsi/root-initiator.nix ./services/networking/iscsi/target.nix ./services/networking/ivpn.nix ./services/networking/iwd.nix ./services/networking/jibri/default.nix ./services/networking/jicofo.nix Loading nixos/modules/services/networking/ivpn.nix 0 → 100644 +51 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: let cfg = config.services.ivpn; in with lib; { options.services.ivpn = { enable = mkOption { type = types.bool; default = false; description = lib.mdDoc '' This option enables iVPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; }; }; config = mkIf cfg.enable { boot.kernelModules = [ "tun" ]; environment.systemPackages = with pkgs; [ ivpn ivpn-service ]; # iVPN writes to /etc/iproute2/rt_tables networking.iproute2.enable = true; networking.firewall.checkReversePath = "loose"; systemd.services.ivpn-service = { description = "iVPN daemon"; wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; after = [ "network-online.target" "NetworkManager.service" "systemd-resolved.service" ]; path = [ # Needed for mount "/run/wrappers" ]; startLimitBurst = 5; startLimitIntervalSec = 20; serviceConfig = { ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging"; Restart = "always"; RestartSec = 1; }; }; }; meta.maintainers = with maintainers; [ ataraxiasjel ]; } Loading
nixos/doc/manual/release-notes/rl-2305.section.md +2 −0 Original line number Diff line number Diff line Loading @@ -111,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake. - [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable). ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -883,6 +883,7 @@ ./services/networking/iscsi/initiator.nix ./services/networking/iscsi/root-initiator.nix ./services/networking/iscsi/target.nix ./services/networking/ivpn.nix ./services/networking/iwd.nix ./services/networking/jibri/default.nix ./services/networking/jicofo.nix Loading
nixos/modules/services/networking/ivpn.nix 0 → 100644 +51 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: let cfg = config.services.ivpn; in with lib; { options.services.ivpn = { enable = mkOption { type = types.bool; default = false; description = lib.mdDoc '' This option enables iVPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; }; }; config = mkIf cfg.enable { boot.kernelModules = [ "tun" ]; environment.systemPackages = with pkgs; [ ivpn ivpn-service ]; # iVPN writes to /etc/iproute2/rt_tables networking.iproute2.enable = true; networking.firewall.checkReversePath = "loose"; systemd.services.ivpn-service = { description = "iVPN daemon"; wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; after = [ "network-online.target" "NetworkManager.service" "systemd-resolved.service" ]; path = [ # Needed for mount "/run/wrappers" ]; startLimitBurst = 5; startLimitIntervalSec = 20; serviceConfig = { ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging"; Restart = "always"; RestartSec = 1; }; }; }; meta.maintainers = with maintainers; [ ataraxiasjel ]; }
