colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #233017 from koenw/libreswan-StateDirectory

Browse Source 
nixos/libreswan: Use StateDirectory to setup ipsec/nss
This commit is contained in:
Michele Guerini Rocco 2024-02-14 14:36:43 +01:00 committed by GitHub
commit cd02351ae0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/networking/libreswan.nix
View File

@ -133,9 +133,6 @@ in
"ipsec.d/01-nixos.conf".source = configFile;
} // policyFiles;
# Create NSS database directory
systemd.tmpfiles.rules = [ "d /var/lib/ipsec/nss 755 root root -" ];
systemd.services.ipsec = {
description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec";
wantedBy = [ "multi-user.target" ];
@ -153,6 +150,10 @@ in
echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects
echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects
'';
serviceConfig = {
StateDirectory = "ipsec/nss";
StateDirectoryMode = 0700;
};
};
};