Loading nixos/modules/services/networking/libreswan.nix +20 −23 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let cfg = config.services.libreswan; Loading @@ -11,14 +8,14 @@ let trim = chars: str: let nonchars = filter (x : !(elem x.value chars)) (imap0 (i: v: {ind = i; value = v;}) (stringToCharacters str)); nonchars = lib.filter (x : !(lib.elem x.value chars)) (lib.imap0 (i: v: {ind = i; value = v;}) (lib.stringToCharacters str)); in lib.optionalString (nonchars != [ ]) (substring (head nonchars).ind (add 1 (sub (last nonchars).ind (head nonchars).ind)) str); indent = str: concatStrings (concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (splitString "\n" str)); (lib.substring (lib.head nonchars).ind (lib.add 1 (lib.sub (lib.last nonchars).ind (lib.head nonchars).ind)) str); indent = str: lib.concatStrings (lib.concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (lib.splitString "\n" str)); configText = indent (toString cfg.configSetup); connectionText = concatStrings (mapAttrsToList (n: v: connectionText = lib.concatStrings (lib.mapAttrsToList (n: v: '' conn ${n} ${indent v} Loading @@ -32,7 +29,7 @@ let ${connectionText} ''; policyFiles = mapAttrs' (name: text: policyFiles = lib.mapAttrs' (name: text: { name = "ipsec.d/policies/${name}"; value.source = pkgs.writeText "ipsec-policy-${name}" text; }) cfg.policies; Loading @@ -47,10 +44,10 @@ in services.libreswan = { enable = mkEnableOption "Libreswan IPsec service"; enable = lib.mkEnableOption "Libreswan IPsec service"; configSetup = mkOption { type = types.lines; configSetup = lib.mkOption { type = lib.types.lines; default = '' protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 Loading @@ -63,10 +60,10 @@ in description = "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; }; connections = mkOption { type = types.attrsOf types.lines; connections = lib.mkOption { type = lib.types.attrsOf lib.types.lines; default = {}; example = literalExpression '' example = lib.literalExpression '' { myconnection = ''' auto=add left=%defaultroute Loading @@ -82,10 +79,10 @@ in description = "A set of connections to define for the Libreswan IPsec service"; }; policies = mkOption { type = types.attrsOf types.lines; policies = lib.mkOption { type = lib.types.attrsOf lib.types.lines; default = {}; example = literalExpression '' example = lib.literalExpression '' { private-or-clear = ''' # Attempt opportunistic IPsec for the entire Internet 0.0.0.0/0 Loading @@ -102,8 +99,8 @@ in ''; }; disableRedirects = mkOption { type = types.bool; disableRedirects = lib.mkOption { type = lib.types.bool; default = true; description = '' Whether to disable send and accept redirects for all network interfaces. Loading @@ -119,7 +116,7 @@ in ###### implementation config = mkIf cfg.enable { config = lib.mkIf cfg.enable { # Install package, systemd units, etc. environment.systemPackages = [ pkgs.libreswan pkgs.iproute2 ]; Loading @@ -136,7 +133,7 @@ in systemd.services.ipsec = { description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec"; wantedBy = [ "multi-user.target" ]; restartTriggers = [ configFile ] ++ mapAttrsToList (n: v: v.source) policyFiles; restartTriggers = [ configFile ] ++ lib.mapAttrsToList (n: v: v.source) policyFiles; path = with pkgs; [ libreswan iproute2 Loading @@ -145,7 +142,7 @@ in iptables nettools ]; preStart = optionalString cfg.disableRedirects '' preStart = lib.optionalString cfg.disableRedirects '' # Disable send/receive redirects echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects Loading Loading
nixos/modules/services/networking/libreswan.nix +20 −23 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let cfg = config.services.libreswan; Loading @@ -11,14 +8,14 @@ let trim = chars: str: let nonchars = filter (x : !(elem x.value chars)) (imap0 (i: v: {ind = i; value = v;}) (stringToCharacters str)); nonchars = lib.filter (x : !(lib.elem x.value chars)) (lib.imap0 (i: v: {ind = i; value = v;}) (lib.stringToCharacters str)); in lib.optionalString (nonchars != [ ]) (substring (head nonchars).ind (add 1 (sub (last nonchars).ind (head nonchars).ind)) str); indent = str: concatStrings (concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (splitString "\n" str)); (lib.substring (lib.head nonchars).ind (lib.add 1 (lib.sub (lib.last nonchars).ind (lib.head nonchars).ind)) str); indent = str: lib.concatStrings (lib.concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (lib.splitString "\n" str)); configText = indent (toString cfg.configSetup); connectionText = concatStrings (mapAttrsToList (n: v: connectionText = lib.concatStrings (lib.mapAttrsToList (n: v: '' conn ${n} ${indent v} Loading @@ -32,7 +29,7 @@ let ${connectionText} ''; policyFiles = mapAttrs' (name: text: policyFiles = lib.mapAttrs' (name: text: { name = "ipsec.d/policies/${name}"; value.source = pkgs.writeText "ipsec-policy-${name}" text; }) cfg.policies; Loading @@ -47,10 +44,10 @@ in services.libreswan = { enable = mkEnableOption "Libreswan IPsec service"; enable = lib.mkEnableOption "Libreswan IPsec service"; configSetup = mkOption { type = types.lines; configSetup = lib.mkOption { type = lib.types.lines; default = '' protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 Loading @@ -63,10 +60,10 @@ in description = "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; }; connections = mkOption { type = types.attrsOf types.lines; connections = lib.mkOption { type = lib.types.attrsOf lib.types.lines; default = {}; example = literalExpression '' example = lib.literalExpression '' { myconnection = ''' auto=add left=%defaultroute Loading @@ -82,10 +79,10 @@ in description = "A set of connections to define for the Libreswan IPsec service"; }; policies = mkOption { type = types.attrsOf types.lines; policies = lib.mkOption { type = lib.types.attrsOf lib.types.lines; default = {}; example = literalExpression '' example = lib.literalExpression '' { private-or-clear = ''' # Attempt opportunistic IPsec for the entire Internet 0.0.0.0/0 Loading @@ -102,8 +99,8 @@ in ''; }; disableRedirects = mkOption { type = types.bool; disableRedirects = lib.mkOption { type = lib.types.bool; default = true; description = '' Whether to disable send and accept redirects for all network interfaces. Loading @@ -119,7 +116,7 @@ in ###### implementation config = mkIf cfg.enable { config = lib.mkIf cfg.enable { # Install package, systemd units, etc. environment.systemPackages = [ pkgs.libreswan pkgs.iproute2 ]; Loading @@ -136,7 +133,7 @@ in systemd.services.ipsec = { description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec"; wantedBy = [ "multi-user.target" ]; restartTriggers = [ configFile ] ++ mapAttrsToList (n: v: v.source) policyFiles; restartTriggers = [ configFile ] ++ lib.mapAttrsToList (n: v: v.source) policyFiles; path = with pkgs; [ libreswan iproute2 Loading @@ -145,7 +142,7 @@ in iptables nettools ]; preStart = optionalString cfg.disableRedirects '' preStart = lib.optionalString cfg.disableRedirects '' # Disable send/receive redirects echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects Loading
