pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.racoon;
7in {
8 options.services.racoon = {
9 enable = mkEnableOption "racoon";
10
11 config = mkOption {
12 description = "Contents of racoon configuration file.";
13 default = "";
14 type = types.str;
15 };
16
17 configPath = mkOption {
18 description = "Location of racoon config if config is not provided.";
19 default = "/etc/racoon/racoon.conf";
20 type = types.path;
21 };
22 };
23
24 config = mkIf cfg.enable {
25 systemd.services.racoon = {
26 description = "Racoon Daemon";
27 wantedBy = [ "multi-user.target" ];
28 after = [ "network.target" ];
29 serviceConfig = {
30 ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${
31 if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config
32 else cfg.configPath
33 }";
34 ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config";
35 PIDFile = "/var/run/racoon.pid";
36 Type = "forking";
37 Restart = "always";
38 };
39 preStart = ''
40 rm /var/run/racoon.pid || true
41 mkdir -p /var/racoon
42 '';
43 };
44 };
45}