cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #242371 from jfly/add-openvpn3-systemd-resolved-support

Browse source
This commit is contained in:
Janik 2023-10-13 19:58:37 +02:00 committed by GitHub
commit 96896946dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -324,6 +324,8 @@
- The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively. - The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively.
- `pkgs.openvpn3` now optionally supports systemd-resolved. `programs.openvpn3` will automatically enable systemd-resolved support if `config.services.resolved.enable` is enabled.
- `services.fail2ban.jails` can now be configured with attribute sets defining settings and filters instead of lines. The stringed options `daemonConfig` and `extraSettings` have respectively been replaced by `daemonSettings` and `jails.DEFAULT.settings` which use attribute sets. - `services.fail2ban.jails` can now be configured with attribute sets defining settings and filters instead of lines. The stringed options `daemonConfig` and `extraSettings` have respectively been replaced by `daemonSettings` and `jails.DEFAULT.settings` which use attribute sets.
- The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod). - The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).

20
nixos/modules/programs/openvpn3.nix
View file

@ -8,11 +8,23 @@ in
{ {
options.programs.openvpn3 = { options.programs.openvpn3 = {
enable = mkEnableOption (lib.mdDoc "the openvpn3 client"); enable = mkEnableOption (lib.mdDoc "the openvpn3 client");
package = mkOption {
type = types.package;
default = pkgs.openvpn3.override {
enableSystemdResolved = config.services.resolved.enable;
};
defaultText = literalExpression ''pkgs.openvpn3.override {
enableSystemdResolved = config.services.resolved.enable;
}'';
description = lib.mdDoc ''
Which package to use for `openvpn3`.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.dbus.packages = with pkgs; [ services.dbus.packages = [
openvpn3 cfg.package
]; ];
users.users.openvpn = { users.users.openvpn = {
@ -25,8 +37,8 @@ in
gid = config.ids.gids.openvpn; gid = config.ids.gids.openvpn;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = [
openvpn3 cfg.package
]; ];
}; };

8
pkgs/tools/networking/openvpn3/default.nix
View file

@ -15,6 +15,8 @@
, pkg-config , pkg-config
, protobuf , protobuf
, python3 , python3
, systemd
, enableSystemdResolved ? false
, tinyxml-2 , tinyxml-2
, wrapGAppsHook , wrapGAppsHook
}: }:
@ -80,6 +82,8 @@ stdenv.mkDerivation rec {
openssl openssl
protobuf protobuf
tinyxml-2 tinyxml-2
] ++ lib.optionals enableSystemdResolved [
systemd
]; ];
# runtime deps # runtime deps
@ -101,6 +105,10 @@ stdenv.mkDerivation rec {
"--enable-addons-aws" "--enable-addons-aws"
"--disable-selinux-build" "--disable-selinux-build"
"--disable-build-test-progs" "--disable-build-test-progs"
] ++ lib.optionals enableSystemdResolved [
# This defaults to --resolv-conf /etc/resolv.conf. See
# https://github.com/OpenVPN/openvpn3-linux/blob/v20/configure.ac#L434
"DEFAULT_DNS_RESOLVER=--systemd-resolved"
]; ];
NIX_LDFLAGS = "-lpthread"; NIX_LDFLAGS = "-lpthread";