Merge pull request #233017 from koenw/libreswan-StateDirectory
nixos/libreswan: Use StateDirectory to setup ipsec/nss
This commit is contained in:
commit
cd02351ae0
@ -133,9 +133,6 @@ in
|
|||||||
"ipsec.d/01-nixos.conf".source = configFile;
|
"ipsec.d/01-nixos.conf".source = configFile;
|
||||||
} // policyFiles;
|
} // policyFiles;
|
||||||
|
|
||||||
# Create NSS database directory
|
|
||||||
systemd.tmpfiles.rules = [ "d /var/lib/ipsec/nss 755 root root -" ];
|
|
||||||
|
|
||||||
systemd.services.ipsec = {
|
systemd.services.ipsec = {
|
||||||
description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec";
|
description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
@ -153,6 +150,10 @@ in
|
|||||||
echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects
|
echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects
|
||||||
echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects
|
echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects
|
||||||
'';
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
StateDirectory = "ipsec/nss";
|
||||||
|
StateDirectoryMode = 0700;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user