1 { config, pkgs, lib, ... }:
8 enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon";
12 description = "The server-side IP address.";
13 default = "10.124.124.1";
16 clientIpRange = mkOption {
18 description = "The range from which client IPs are drawn.";
19 default = "10.124.124.2-11";
22 maxClients = mkOption {
24 description = "The maximum number of simultaneous connections.";
28 extraPptpdOptions = mkOption {
30 description = "Adds extra lines to the pptpd configuration file.";
34 extraPppdOptions = mkOption {
36 description = "Adds extra lines to the pppd options file.";
46 config = mkIf config.services.pptpd.enable {
47 systemd.services.pptpd = let
48 cfg = config.services.pptpd;
50 pptpd-conf = pkgs.writeText "pptpd.conf" ''
51 # Inspired from pptpd-1.4.0/samples/pptpd.conf
52 ppp ${ppp-pptpd-wrapped}/bin/pppd
53 option ${pppd-options}
54 pidfile /run/pptpd.pid
55 localip ${cfg.serverIp}
56 remoteip ${cfg.clientIpRange}
57 connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
60 ${cfg.extraPptpdOptions}
63 pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
64 # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
79 ${cfg.extraPppdOptions}
82 ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
83 name = "ppp-pptpd-wrapped";
84 phases = [ "installPhase" ];
85 nativeBuildInputs = with pkgs; [ makeWrapper ];
88 makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
89 --set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
90 --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
94 description = "pptpd server";
96 requires = [ "network-online.target" ];
97 wantedBy = [ "multi-user.target" ];
100 mkdir -p -m 700 /etc/ppp-pptpd
102 secrets="/etc/ppp-pptpd/chap-secrets"
104 [ -f "$secrets" ] || cat > "$secrets" << EOF
105 # From: pptpd-1.4.0/samples/chap-secrets
106 # Secrets for authentication using CHAP
107 # client server secret IP addresses
108 #username pptpd password *
111 chown root:root "$secrets"
116 ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
117 KillMode = "process";
118 Restart = "on-success";
120 PIDFile = "/run/pptpd.pid";