depot/third_party/nixpkgs/nixos/modules/programs/openvpn3.nix

129 lines
3.4 KiB
Nix

{
config,
lib,
pkgs,
...
}:
let
json = pkgs.formats.json { };
cfg = config.programs.openvpn3;
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
literalExpression
max
options
lists
;
inherit (lib.types) bool submodule ints;
in
{
options.programs.openvpn3 = {
enable = mkEnableOption "the openvpn3 client";
package = mkPackageOption pkgs "openvpn3" { };
netcfg = mkOption {
description = "Network configuration";
default = { };
type = submodule {
options = {
settings = mkOption {
description = "Options stored in {file}`/etc/openvpn3/netcfg.json` configuration file";
default = { };
type = submodule {
freeformType = json.type;
options = {
systemd_resolved = mkOption {
type = bool;
description = "Whether to use systemd-resolved integration";
default = config.services.resolved.enable;
defaultText = literalExpression "config.services.resolved.enable";
example = false;
};
};
};
};
};
};
};
log-service = mkOption {
description = "Log service configuration";
default = { };
type = submodule {
options = {
settings = mkOption {
description = "Options stored in {file}`/etc/openvpn3/log-service.json` configuration file";
default = { };
type = submodule {
freeformType = json.type;
options = {
journald = mkOption {
description = "Use systemd-journald";
type = bool;
default = true;
example = false;
};
log_dbus_details = mkOption {
description = "Add D-Bus details in log file/syslog";
type = bool;
default = true;
example = false;
};
log_level = mkOption {
description = "How verbose should the logging be";
type = (ints.between 0 7) // {
merge = _loc: defs: lists.foldl max 0 (options.getValues defs);
};
default = 3;
example = 6;
};
timestamp = mkOption {
description = "Add timestamp log file";
type = bool;
default = false;
example = true;
};
};
};
};
};
};
};
};
config = lib.mkIf cfg.enable {
services.dbus.packages = [ cfg.package ];
users.users.openvpn = {
isSystemUser = true;
uid = config.ids.uids.openvpn;
group = "openvpn";
};
users.groups.openvpn = {
gid = config.ids.gids.openvpn;
};
environment = {
systemPackages = [ cfg.package ];
etc = {
"openvpn3/netcfg.json".source = json.generate "netcfg.json" cfg.netcfg.settings;
"openvpn3/log-service.json".source = json.generate "log-service.json" cfg.log-service.settings;
};
};
systemd = {
packages = [ cfg.package ];
tmpfiles.rules = [
"d /etc/openvpn3/configs 0750 openvpn openvpn - -"
];
};
};
meta.maintainers = with lib.maintainers; [
shamilton
progrm_jarvis
];
}