pptpd: add nixos service

2025-06-12 12:45:27 +03:00 · 2016-06-18 00:17:00 +01:00 · 2016-06-18 00:17:00 +01:00 · fc975bcffb
commit fc975bcffb
parent 6b02ae3893
2 changed files with 125 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -371,6 +371,7 @@
  ./services/networking/ostinato.nix
  ./services/networking/pdnsd.nix
  ./services/networking/polipo.nix
  ./services/networking/pptpd.nix
  ./services/networking/prayer.nix
  ./services/networking/privoxy.nix
  ./services/networking/prosody.nix
--- a/nixos/modules/services/networking/pptpd.nix
+++ b/nixos/modules/services/networking/pptpd.nix
@ -0,0 +1,124 @@
 { config, stdenv, pkgs, lib, ... }:
 with lib;
 {
  options = {
    services.pptpd = {
      enable = mkEnableOption "enable pptpd running on startup";
      serverIp = mkOption {
        type        = types.string;
        description = "server ip";
        default     = "10.124.124.1";
      };
      clientIpRange = mkOption {
        type        = types.string;
        description = "client ip range";
        default     = "10.124.142.2-11";
      };
      maxClients = mkOption {
        type        = types.int;
        description = "maximum number of simultaneous connections";
        default     = 10;
      };
      extraPptpdOptions = mkOption {
        type        = types.lines;
        description = "extra lines for the pptpd configuration files";
        default     = "";
      };
      extraPppdOptions = mkOption {
        type        = types.lines;
        description = "extra lines for the pppd options files";
        default     = "";
        example     = ''
          ms-dns 8.8.8.8
          ms-dns 8.8.4.4
        '';
      };
    };
  };
  config = mkIf config.services.pptpd.enable {
    systemd.services.pptpd = let
      cfg = config.services.pptpd;
      pptpd-conf = pkgs.writeText "pptpd.conf" ''
        # Inspired from pptpd-1.4.0/samples/pptpd.conf
        ppp ${ppp-pptpd-wrapped}/bin/pppd
        option ${pppd-options}
        pidfile /run/pptpd.pid
        localip ${cfg.serverIp}
        remoteip ${cfg.clientIpRange}
        connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
        # Extra
        ${cfg.extraPptpdOptions}
      '';
      pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
        # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
        name pptpd
        refuse-pap
        refuse-chap
        refuse-mschap
        require-mschap-v2
        require-mppe-128
        proxyarp
        lock
        nobsdcomp
        novj
        novjccomp
        nologfd
        # Extra:
        ${cfg.extraPppdOptions}
      '';
      ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
        name         = "ppp-pptpd-wrapped";
        phases       = [ "installPhase" ];
        buildInputs  = with pkgs; [ makeWrapper ];
        installPhase = ''
          mkdir -p $out/bin
          makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
            --set LD_PRELOAD    "${pkgs.libredirect}/lib/libredirect.so" \
            --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
        '';
      };
    in {
      description = "pptpd server";
      requires = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      preStart = ''
        mkdir -p -m 700 /etc/ppp-pptpd
        secrets="/etc/ppp-pptpd/chap-secrets"
        [ -f "$secrets" ] || cat > "$secrets" << EOF
        # From: pptpd-1.4.0/samples/chap-secrets
        # Secrets for authentication using CHAP
        # client	server	secret		IP addresses
        #username	pptpd	password	*
        EOF
        chown root.root "$secrets"
        chmod 600 "$secrets"
      '';
      serviceConfig = {
        ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
        KillMode  = "process";
        Restart   = "on-success";
        Type      = "forking";
        PIDFile   = "/run/pptpd.pid";
      };
    };
  };
 }