nixos/modules/services/networking/ivpn.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / ivpn.nix

at 23.11-pre 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2let
 3  cfg = config.services.ivpn;
 4in
 5with lib;
 6{
 7  options.services.ivpn = {
 8    enable = mkOption {
 9      type = types.bool;
10      default = false;
11      description = lib.mdDoc ''
12        This option enables iVPN daemon.
13        This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security.
14      '';
15    };
16  };
17
18  config = mkIf cfg.enable {
19    boot.kernelModules = [ "tun" ];
20
21    environment.systemPackages = with pkgs; [ ivpn ivpn-service ];
22
23    # iVPN writes to /etc/iproute2/rt_tables
24    networking.iproute2.enable = true;
25    networking.firewall.checkReversePath = "loose";
26
27    systemd.services.ivpn-service = {
28      description = "iVPN daemon";
29      wantedBy = [ "multi-user.target" ];
30      wants = [ "network.target" ];
31      after = [
32        "network-online.target"
33        "NetworkManager.service"
34        "systemd-resolved.service"
35      ];
36      path = [
37        # Needed for mount
38        "/run/wrappers"
39      ];
40      startLimitBurst = 5;
41      startLimitIntervalSec = 20;
42      serviceConfig = {
43        ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging";
44        Restart = "always";
45        RestartSec = 1;
46      };
47    };
48  };
49
50  meta.maintainers = with maintainers; [ ataraxiasjel ];
51}