nixos/modules/services/networking/pptpd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / pptpd.nix
at 25.11-pre 3.4 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}:
  7
  8with lib;
  9
 10{
 11  options = {
 12    services.pptpd = {
 13      enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon";
 14
 15      serverIp = mkOption {
 16        type = types.str;
 17        description = "The server-side IP address.";
 18        default = "10.124.124.1";
 19      };
 20
 21      clientIpRange = mkOption {
 22        type = types.str;
 23        description = "The range from which client IPs are drawn.";
 24        default = "10.124.124.2-11";
 25      };
 26
 27      maxClients = mkOption {
 28        type = types.int;
 29        description = "The maximum number of simultaneous connections.";
 30        default = 10;
 31      };
 32
 33      extraPptpdOptions = mkOption {
 34        type = types.lines;
 35        description = "Adds extra lines to the pptpd configuration file.";
 36        default = "";
 37      };
 38
 39      extraPppdOptions = mkOption {
 40        type = types.lines;
 41        description = "Adds extra lines to the pppd options file.";
 42        default = "";
 43        example = ''
 44          ms-dns 8.8.8.8
 45          ms-dns 8.8.4.4
 46        '';
 47      };
 48    };
 49  };
 50
 51  config = mkIf config.services.pptpd.enable {
 52    systemd.services.pptpd =
 53      let
 54        cfg = config.services.pptpd;
 55
 56        pptpd-conf = pkgs.writeText "pptpd.conf" ''
 57          # Inspired from pptpd-1.4.0/samples/pptpd.conf
 58          ppp ${ppp-pptpd-wrapped}/bin/pppd
 59          option ${pppd-options}
 60          pidfile /run/pptpd.pid
 61          localip ${cfg.serverIp}
 62          remoteip ${cfg.clientIpRange}
 63          connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
 64
 65          # Extra
 66          ${cfg.extraPptpdOptions}
 67        '';
 68
 69        pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
 70          # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
 71          name pptpd
 72          refuse-pap
 73          refuse-chap
 74          refuse-mschap
 75          require-mschap-v2
 76          require-mppe-128
 77          proxyarp
 78          lock
 79          nobsdcomp
 80          novj
 81          novjccomp
 82          nologfd
 83
 84          # Extra:
 85          ${cfg.extraPppdOptions}
 86        '';
 87
 88        ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
 89          name = "ppp-pptpd-wrapped";
 90          phases = [ "installPhase" ];
 91          nativeBuildInputs = with pkgs; [ makeWrapper ];
 92          installPhase = ''
 93            mkdir -p $out/bin
 94            makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
 95              --set LD_PRELOAD    "${pkgs.libredirect}/lib/libredirect.so" \
 96              --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
 97          '';
 98        };
 99      in
100      {
101        description = "pptpd server";
102
103        requires = [ "network-online.target" ];
104        wantedBy = [ "multi-user.target" ];
105
106        preStart = ''
107          mkdir -p -m 700 /etc/ppp-pptpd
108
109          secrets="/etc/ppp-pptpd/chap-secrets"
110
111          [ -f "$secrets" ] || install -m 600 -o root -g root /dev/stdin "$secrets" << EOF
112          # From: pptpd-1.4.0/samples/chap-secrets
113          # Secrets for authentication using CHAP
114          # client	server	secret		IP addresses
115          #username	pptpd	password	*
116          EOF
117        '';
118
119        serviceConfig = {
120          ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
121          KillMode = "process";
122          Restart = "on-success";
123          Type = "forking";
124          PIDFile = "/run/pptpd.pid";
125        };
126      };
127  };
128}