Loading nixos/modules/services/networking/networkmanager.nix +6 −0 Original line number Diff line number Diff line Loading @@ -514,6 +514,12 @@ in environment.etc = { "NetworkManager/NetworkManager.conf".source = configFile; # The networkmanager-l2tp plugin expects /etc/ipsec.secrets to include /etc/ipsec.d/ipsec.nm-l2tp.secrets; # see https://github.com/NixOS/nixpkgs/issues/64965 "ipsec.secrets".text = '' include ipsec.d/ipsec.nm-l2tp.secrets ''; } // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { Loading nixos/modules/services/networking/strongswan.nix +8 −11 Original line number Diff line number Diff line Loading @@ -3,14 +3,12 @@ let inherit (builtins) toFile; inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList inherit (lib) concatMapStrings concatStringsSep mapAttrsToList mkIf mkEnableOption mkOption types literalExpression optionalString; cfg = config.services.strongswan; ipsecSecrets = secrets: toFile "ipsec.secrets" ( concatMapStringsSep "\n" (f: "include ${f}") secrets ); ipsecSecrets = secrets: concatMapStrings (f: "include ${f}\n") secrets; ipsecConf = {setup, connections, ca}: let Loading Loading @@ -138,16 +136,12 @@ in }; config = with cfg; let secretsFile = ipsecSecrets cfg.secrets; in mkIf enable config = with cfg; mkIf enable { # here we should use the default strongswan ipsec.secrets and # append to it (default one is empty so not a pb for now) environment.etc."ipsec.secrets".source = secretsFile; environment.etc."ipsec.secrets".text = ipsecSecrets cfg.secrets; systemd.services.strongswan = { description = "strongSwan IPSec Service"; Loading @@ -156,7 +150,10 @@ in wants = [ "network-online.target" ]; after = [ "network-online.target" ]; environment = { STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; }; STRONGSWAN_CONF = strongswanConf { inherit setup connections ca managePlugins enabledPlugins; secretsFile = "/etc/ipsec.secrets"; }; }; serviceConfig = { ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; Loading Loading
nixos/modules/services/networking/networkmanager.nix +6 −0 Original line number Diff line number Diff line Loading @@ -514,6 +514,12 @@ in environment.etc = { "NetworkManager/NetworkManager.conf".source = configFile; # The networkmanager-l2tp plugin expects /etc/ipsec.secrets to include /etc/ipsec.d/ipsec.nm-l2tp.secrets; # see https://github.com/NixOS/nixpkgs/issues/64965 "ipsec.secrets".text = '' include ipsec.d/ipsec.nm-l2tp.secrets ''; } // builtins.listToAttrs (map (pkg: nameValuePair "NetworkManager/${pkg.networkManagerPlugin}" { Loading
nixos/modules/services/networking/strongswan.nix +8 −11 Original line number Diff line number Diff line Loading @@ -3,14 +3,12 @@ let inherit (builtins) toFile; inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList inherit (lib) concatMapStrings concatStringsSep mapAttrsToList mkIf mkEnableOption mkOption types literalExpression optionalString; cfg = config.services.strongswan; ipsecSecrets = secrets: toFile "ipsec.secrets" ( concatMapStringsSep "\n" (f: "include ${f}") secrets ); ipsecSecrets = secrets: concatMapStrings (f: "include ${f}\n") secrets; ipsecConf = {setup, connections, ca}: let Loading Loading @@ -138,16 +136,12 @@ in }; config = with cfg; let secretsFile = ipsecSecrets cfg.secrets; in mkIf enable config = with cfg; mkIf enable { # here we should use the default strongswan ipsec.secrets and # append to it (default one is empty so not a pb for now) environment.etc."ipsec.secrets".source = secretsFile; environment.etc."ipsec.secrets".text = ipsecSecrets cfg.secrets; systemd.services.strongswan = { description = "strongSwan IPSec Service"; Loading @@ -156,7 +150,10 @@ in wants = [ "network-online.target" ]; after = [ "network-online.target" ]; environment = { STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; }; STRONGSWAN_CONF = strongswanConf { inherit setup connections ca managePlugins enabledPlugins; secretsFile = "/etc/ipsec.secrets"; }; }; serviceConfig = { ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; Loading
