nixos/openvpn3: Add support for systemd-resolved
I noticed that openvpn3 is been clobbering my `/etc/resolv.conf` file. I dug around a bit, and it turns out that upstream actually does have support for systemd-resolved. I think it makes sense for us to automatically enable that feature if the system is configured to use systemd-resolved. I opted to not change the default behavior of `pkgs.openvpn3`, but can easily be convinced to change that if folks think I should.
This commit is contained in:
parent
8b6e86b473
commit
7ee5699496
3 changed files with 26 additions and 4 deletions
|
@ -320,6 +320,8 @@
|
|||
|
||||
- The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively.
|
||||
|
||||
- `pkgs.openvpn3` now optionally supports systemd-resolved. `programs.openvpn3` will automatically enable systemd-resolved support if `config.services.resolved.enable` is enabled.
|
||||
|
||||
- `services.fail2ban.jails` can now be configured with attribute sets defining settings and filters instead of lines. The stringed options `daemonConfig` and `extraSettings` have respectively been replaced by `daemonSettings` and `jails.DEFAULT.settings` which use attribute sets.
|
||||
|
||||
- The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).
|
||||
|
|
|
@ -8,11 +8,23 @@ in
|
|||
{
|
||||
options.programs.openvpn3 = {
|
||||
enable = mkEnableOption (lib.mdDoc "the openvpn3 client");
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.openvpn3.override {
|
||||
enableSystemdResolved = config.services.resolved.enable;
|
||||
};
|
||||
defaultText = literalExpression ''pkgs.openvpn3.override {
|
||||
enableSystemdResolved = config.services.resolved.enable;
|
||||
}'';
|
||||
description = lib.mdDoc ''
|
||||
Which package to use for `openvpn3`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.dbus.packages = with pkgs; [
|
||||
openvpn3
|
||||
services.dbus.packages = [
|
||||
cfg.package
|
||||
];
|
||||
|
||||
users.users.openvpn = {
|
||||
|
@ -25,8 +37,8 @@ in
|
|||
gid = config.ids.gids.openvpn;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
openvpn3
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -15,6 +15,8 @@
|
|||
, pkg-config
|
||||
, protobuf
|
||||
, python3
|
||||
, systemd
|
||||
, enableSystemdResolved ? false
|
||||
, tinyxml-2
|
||||
, wrapGAppsHook
|
||||
}:
|
||||
|
@ -80,6 +82,8 @@ stdenv.mkDerivation rec {
|
|||
openssl
|
||||
protobuf
|
||||
tinyxml-2
|
||||
] ++ lib.optionals enableSystemdResolved [
|
||||
systemd
|
||||
];
|
||||
|
||||
# runtime deps
|
||||
|
@ -101,6 +105,10 @@ stdenv.mkDerivation rec {
|
|||
"--enable-addons-aws"
|
||||
"--disable-selinux-build"
|
||||
"--disable-build-test-progs"
|
||||
] ++ lib.optionals enableSystemdResolved [
|
||||
# This defaults to --resolv-conf /etc/resolv.conf. See
|
||||
# https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
|
||||
"DEFAULT_DNS_RESOLVER=--systemd-resolved"
|
||||
];
|
||||
|
||||
NIX_LDFLAGS = "-lpthread";
|
||||
|
|
Loading…
Reference in a new issue