pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / openvpn3.nix
at master 3.6 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 json = pkgs.formats.json { }; 10 cfg = config.programs.openvpn3; 11 12 inherit (lib) 13 mkEnableOption 14 mkPackageOption 15 mkOption 16 literalExpression 17 max 18 options 19 lists 20 ; 21 inherit (lib.types) 22 bool 23 submodule 24 ints 25 attrsOf 26 ; 27in 28{ 29 options.programs.openvpn3 = { 30 enable = mkEnableOption "the openvpn3 client"; 31 package = mkPackageOption pkgs "openvpn3" { }; 32 netcfg = mkOption { 33 description = "Network configuration"; 34 default = { }; 35 type = submodule { 36 options = { 37 settings = mkOption { 38 description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file"; 39 default = { }; 40 type = submodule { 41 freeformType = attrsOf json.type; 42 options = { 43 systemd_resolved = mkOption { 44 type = bool; 45 description = "Whether to use systemd-resolved integration"; 46 default = config.services.resolved.enable; 47 defaultText = literalExpression "config.services.resolved.enable"; 48 example = false; 49 }; 50 }; 51 }; 52 }; 53 }; 54 }; 55 }; 56 log-service = mkOption { 57 description = "Log service configuration"; 58 default = { }; 59 type = submodule { 60 options = { 61 settings = mkOption { 62 description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file"; 63 default = { }; 64 type = submodule { 65 freeformType = attrsOf json.type; 66 options = { 67 journald = mkOption { 68 description = "Use systemd-journald"; 69 type = bool; 70 default = true; 71 example = false; 72 }; 73 log_dbus_details = mkOption { 74 description = "Add D-Bus details in log file/syslog"; 75 type = bool; 76 default = true; 77 example = false; 78 }; 79 log_level = mkOption { 80 description = "How verbose should the logging be"; 81 type = (ints.between 0 7) // { 82 merge = _loc: defs: lists.foldl max 0 (options.getValues defs); 83 }; 84 default = 3; 85 example = 6; 86 }; 87 timestamp = mkOption { 88 description = "Add timestamp log file"; 89 type = bool; 90 default = false; 91 example = true; 92 }; 93 }; 94 }; 95 }; 96 }; 97 }; 98 }; 99 }; 100 101 config = lib.mkIf cfg.enable { 102 services.dbus.packages = [ cfg.package ]; 103 104 users.users.openvpn = { 105 isSystemUser = true; 106 uid = config.ids.uids.openvpn; 107 group = "openvpn"; 108 }; 109 110 users.groups.openvpn = { 111 gid = config.ids.gids.openvpn; 112 }; 113 114 environment = { 115 systemPackages = [ cfg.package ]; 116 etc = { 117 "openvpn3/netcfg.json".source = json.generate "netcfg.json" cfg.netcfg.settings; 118 "openvpn3/log-service.json".source = json.generate "log-service.json" cfg.log-service.settings; 119 }; 120 }; 121 122 systemd = { 123 packages = [ cfg.package ]; 124 tmpfiles.rules = [ 125 "d /etc/openvpn3/configs 0750 openvpn openvpn - -" 126 ]; 127 }; 128 }; 129 130 meta.maintainers = with lib.maintainers; [ 131 shamilton 132 progrm_jarvis 133 ]; 134}