We want to wait for both stacks to be active before declaring that network is active.
So either both default gateways must be specified or only IPv4 if IPv6 is disabled to
avoid dhcpcd for network-online.target.
network-online.target properly depends on the underlying network
management tool (e.g. NixOS static configuration scripts, dhcpcd,
NetworkManager, networkd) signalling that all interfaces are up and
appropriately configured (to whatever degree possible/required), whereas
network.target only indicates that the network management tool itself
has started.
After the systemd 237 upgrade, radvd wouldn't start anymore because the
PID file cannot be written. It seems that directories in /run has to be
explicitely defined as RuntimeDirectory now. The PID file isn't needed
due to systemd, though, so it was removed along with forking and loggia
via syslog.
This fixes the ipv6 NixOS test.
Inspired from the dhcpd service implementation
Only 2 configurations options at the moment:
- enabled
- path to config directory (defaults to /etc/raddb)
Implementation was also inspired from ArchLinux
systemd file and corrected with @dotlambda and
@fpletz help.
If you have more than 1 User with hasedPassword Option set it generates
```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```
Which ends up in only having 1 user.
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
in read-only way. If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.
Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
