pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / openvpn3.nix
at 25.11-pre 3.5 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 json = pkgs.formats.json { }; 10 cfg = config.programs.openvpn3; 11 12 inherit (lib) 13 mkEnableOption 14 mkPackageOption 15 mkOption 16 literalExpression 17 max 18 options 19 lists 20 ; 21 inherit (lib.types) bool submodule ints; 22in 23{ 24 options.programs.openvpn3 = { 25 enable = mkEnableOption "the openvpn3 client"; 26 package = mkPackageOption pkgs "openvpn3" { }; 27 netcfg = mkOption { 28 description = "Network configuration"; 29 default = { }; 30 type = submodule { 31 options = { 32 settings = mkOption { 33 description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file"; 34 default = { }; 35 type = submodule { 36 freeformType = json.type; 37 options = { 38 systemd_resolved = mkOption { 39 type = bool; 40 description = "Whether to use systemd-resolved integration"; 41 default = config.services.resolved.enable; 42 defaultText = literalExpression "config.services.resolved.enable"; 43 example = false; 44 }; 45 }; 46 }; 47 }; 48 }; 49 }; 50 }; 51 log-service = mkOption { 52 description = "Log service configuration"; 53 default = { }; 54 type = submodule { 55 options = { 56 settings = mkOption { 57 description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file"; 58 default = { }; 59 type = submodule { 60 freeformType = json.type; 61 options = { 62 journald = mkOption { 63 description = "Use systemd-journald"; 64 type = bool; 65 default = true; 66 example = false; 67 }; 68 log_dbus_details = mkOption { 69 description = "Add D-Bus details in log file/syslog"; 70 type = bool; 71 default = true; 72 example = false; 73 }; 74 log_level = mkOption { 75 description = "How verbose should the logging be"; 76 type = (ints.between 0 7) // { 77 merge = _loc: defs: lists.foldl max 0 (options.getValues defs); 78 }; 79 default = 3; 80 example = 6; 81 }; 82 timestamp = mkOption { 83 description = "Add timestamp log file"; 84 type = bool; 85 default = false; 86 example = true; 87 }; 88 }; 89 }; 90 }; 91 }; 92 }; 93 }; 94 }; 95 96 config = lib.mkIf cfg.enable { 97 services.dbus.packages = [ cfg.package ]; 98 99 users.users.openvpn = { 100 isSystemUser = true; 101 uid = config.ids.uids.openvpn; 102 group = "openvpn"; 103 }; 104 105 users.groups.openvpn = { 106 gid = config.ids.gids.openvpn; 107 }; 108 109 environment = { 110 systemPackages = [ cfg.package ]; 111 etc = { 112 "openvpn3/netcfg.json".source = json.generate "netcfg.json" cfg.netcfg.settings; 113 "openvpn3/log-service.json".source = json.generate "log-service.json" cfg.log-service.settings; 114 }; 115 }; 116 117 systemd = { 118 packages = [ cfg.package ]; 119 tmpfiles.rules = [ 120 "d /etc/openvpn3/configs 0750 openvpn openvpn - -" 121 ]; 122 }; 123 }; 124 125 meta.maintainers = with lib.maintainers; [ 126 shamilton 127 progrm_jarvis 128 ]; 129}