nixos/modules/services/networking/pptpd.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / pptpd.nix
at 23.11-pre 3.5 kB view raw
  1{ config, pkgs, lib, ... }:
  2
  3with lib;
  4
  5{
  6  options = {
  7    services.pptpd = {
  8      enable = mkEnableOption (lib.mdDoc "pptpd, the Point-to-Point Tunneling Protocol daemon");
  9
 10      serverIp = mkOption {
 11        type        = types.str;
 12        description = lib.mdDoc "The server-side IP address.";
 13        default     = "10.124.124.1";
 14      };
 15
 16      clientIpRange = mkOption {
 17        type        = types.str;
 18        description = lib.mdDoc "The range from which client IPs are drawn.";
 19        default     = "10.124.124.2-11";
 20      };
 21
 22      maxClients = mkOption {
 23        type        = types.int;
 24        description = lib.mdDoc "The maximum number of simultaneous connections.";
 25        default     = 10;
 26      };
 27
 28      extraPptpdOptions = mkOption {
 29        type        = types.lines;
 30        description = lib.mdDoc "Adds extra lines to the pptpd configuration file.";
 31        default     = "";
 32      };
 33
 34      extraPppdOptions = mkOption {
 35        type        = types.lines;
 36        description = lib.mdDoc "Adds extra lines to the pppd options file.";
 37        default     = "";
 38        example     = ''
 39          ms-dns 8.8.8.8
 40          ms-dns 8.8.4.4
 41        '';
 42      };
 43    };
 44  };
 45
 46  config = mkIf config.services.pptpd.enable {
 47    systemd.services.pptpd = let
 48      cfg = config.services.pptpd;
 49
 50      pptpd-conf = pkgs.writeText "pptpd.conf" ''
 51        # Inspired from pptpd-1.4.0/samples/pptpd.conf
 52        ppp ${ppp-pptpd-wrapped}/bin/pppd
 53        option ${pppd-options}
 54        pidfile /run/pptpd.pid
 55        localip ${cfg.serverIp}
 56        remoteip ${cfg.clientIpRange}
 57        connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
 58
 59        # Extra
 60        ${cfg.extraPptpdOptions}
 61      '';
 62
 63      pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
 64        # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
 65        name pptpd
 66        refuse-pap
 67        refuse-chap
 68        refuse-mschap
 69        require-mschap-v2
 70        require-mppe-128
 71        proxyarp
 72        lock
 73        nobsdcomp
 74        novj
 75        novjccomp
 76        nologfd
 77
 78        # Extra:
 79        ${cfg.extraPppdOptions}
 80      '';
 81
 82      ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
 83        name         = "ppp-pptpd-wrapped";
 84        phases       = [ "installPhase" ];
 85        nativeBuildInputs  = with pkgs; [ makeWrapper ];
 86        installPhase = ''
 87          mkdir -p $out/bin
 88          makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
 89            --set LD_PRELOAD    "${pkgs.libredirect}/lib/libredirect.so" \
 90            --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
 91        '';
 92      };
 93    in {
 94      description = "pptpd server";
 95
 96      requires = [ "network-online.target" ];
 97      wantedBy = [ "multi-user.target" ];
 98
 99      preStart = ''
100        mkdir -p -m 700 /etc/ppp-pptpd
101
102        secrets="/etc/ppp-pptpd/chap-secrets"
103
104        [ -f "$secrets" ] || cat > "$secrets" << EOF
105        # From: pptpd-1.4.0/samples/chap-secrets
106        # Secrets for authentication using CHAP
107        # client	server	secret		IP addresses
108        #username	pptpd	password	*
109        EOF
110
111        chown root:root "$secrets"
112        chmod 600 "$secrets"
113      '';
114
115      serviceConfig = {
116        ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
117        KillMode  = "process";
118        Restart   = "on-success";
119        Type      = "forking";
120        PIDFile   = "/run/pptpd.pid";
121      };
122    };
123  };
124}