movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/strongswan-swanctl: add includes option for secrets (#284742)

Browse source
This commit is contained in:
Yureka 2024-01-30 12:47:33 +01:00 committed by GitHub
parent ba5f81a6b6
commit a6c64fbd39
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/services/networking/strongswan-swanctl/module.nix
View file

@ -5,6 +5,9 @@ with (import ./param-lib.nix lib);
let let
cfg = config.services.strongswan-swanctl; cfg = config.services.strongswan-swanctl;
configFile = pkgs.writeText "swanctl.conf"
( (paramsToConf cfg.swanctl swanctlParams)
+ (concatMapStrings (i: "\ninclude ${i}") cfg.includes));
swanctlParams = import ./swanctl-params.nix lib; swanctlParams = import ./swanctl-params.nix lib;
in { in {
options.services.strongswan-swanctl = { options.services.strongswan-swanctl = {
@ -21,6 +24,13 @@ in {
}; };
swanctl = paramsToOptions swanctlParams; swanctl = paramsToOptions swanctlParams;
includes = mkOption {
type = types.listOf types.path;
default = [];
description = ''
Extra configuration files to include in the swanctl configuration. This can be used to provide secret values from outside the nix store.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -31,8 +41,7 @@ in {
} }
]; ];
environment.etc."swanctl/swanctl.conf".text = environment.etc."swanctl/swanctl.conf".source = configFile;
paramsToConf cfg.swanctl swanctlParams;
# The swanctl command complains when the following directories don't exist: # The swanctl command complains when the following directories don't exist:
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory # See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory