pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / ivpn.nix
at 25.11-pre 1.4 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.ivpn; 9in 10{ 11 options.services.ivpn = { 12 enable = lib.mkOption { 13 type = lib.types.bool; 14 default = false; 15 description = '' 16 This option enables iVPN daemon. 17 This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. 18 ''; 19 }; 20 }; 21 22 config = lib.mkIf cfg.enable { 23 boot.kernelModules = [ "tun" ]; 24 25 environment.systemPackages = with pkgs; [ 26 ivpn 27 ivpn-service 28 ]; 29 30 # iVPN writes to /etc/iproute2/rt_tables 31 networking.iproute2.enable = true; 32 networking.firewall.checkReversePath = "loose"; 33 34 systemd.services.ivpn-service = { 35 description = "iVPN daemon"; 36 wantedBy = [ "multi-user.target" ]; 37 wants = [ 38 "network.target" 39 "network-online.target" 40 ]; 41 after = [ 42 "network-online.target" 43 "NetworkManager.service" 44 "systemd-resolved.service" 45 ]; 46 path = [ 47 # Needed for mount 48 "/run/wrappers" 49 ]; 50 startLimitBurst = 5; 51 startLimitIntervalSec = 20; 52 serviceConfig = { 53 ExecStart = "${pkgs.ivpn-service}/bin/ivpn-service --logging"; 54 Restart = "always"; 55 RestartSec = 1; 56 }; 57 }; 58 }; 59 60 meta.maintainers = with lib.maintainers; [ ataraxiasjel ]; 61}