| blob | 703dda99803e21f705a0c01b2188d52a75fc8605 |
1 { config, pkgs, lib, ... }:
3 with lib;
5 {
6 options = {
7 services.pptpd = {
8 enable = mkEnableOption (lib.mdDoc "pptpd, the Point-to-Point Tunneling Protocol daemon");
10 serverIp = mkOption {
11 type = types.str;
12 description = lib.mdDoc "The server-side IP address.";
13 default = "10.124.124.1";
14 };
16 clientIpRange = mkOption {
17 type = types.str;
18 description = lib.mdDoc "The range from which client IPs are drawn.";
19 default = "10.124.124.2-11";
20 };
22 maxClients = mkOption {
23 type = types.int;
24 description = lib.mdDoc "The maximum number of simultaneous connections.";
25 default = 10;
26 };
28 extraPptpdOptions = mkOption {
29 type = types.lines;
30 description = lib.mdDoc "Adds extra lines to the pptpd configuration file.";
31 default = "";
32 };
34 extraPppdOptions = mkOption {
35 type = types.lines;
36 description = lib.mdDoc "Adds extra lines to the pppd options file.";
37 default = "";
38 example = ''
39 ms-dns 8.8.8.8
40 ms-dns 8.8.4.4
41 '';
42 };
43 };
44 };
46 config = mkIf config.services.pptpd.enable {
47 systemd.services.pptpd = let
48 cfg = config.services.pptpd;
50 pptpd-conf = pkgs.writeText "pptpd.conf" ''
51 # Inspired from pptpd-1.4.0/samples/pptpd.conf
52 ppp ${ppp-pptpd-wrapped}/bin/pppd
53 option ${pppd-options}
54 pidfile /run/pptpd.pid
55 localip ${cfg.serverIp}
56 remoteip ${cfg.clientIpRange}
57 connections ${toString cfg.maxClients} # (Will get harmless warning if inconsistent with IP range)
59 # Extra
60 ${cfg.extraPptpdOptions}
61 '';
63 pppd-options = pkgs.writeText "ppp-options-pptpd.conf" ''
64 # From: cat pptpd-1.4.0/samples/options.pptpd | grep -v ^# | grep -v ^$
65 name pptpd
66 refuse-pap
67 refuse-chap
68 refuse-mschap
69 require-mschap-v2
70 require-mppe-128
71 proxyarp
72 lock
73 nobsdcomp
74 novj
75 novjccomp
76 nologfd
78 # Extra:
79 ${cfg.extraPppdOptions}
80 '';
82 ppp-pptpd-wrapped = pkgs.stdenv.mkDerivation {
83 name = "ppp-pptpd-wrapped";
84 phases = [ "installPhase" ];
85 nativeBuildInputs = with pkgs; [ makeWrapper ];
86 installPhase = ''
87 mkdir -p $out/bin
88 makeWrapper ${pkgs.ppp}/bin/pppd $out/bin/pppd \
89 --set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
90 --set NIX_REDIRECTS "/etc/ppp=/etc/ppp-pptpd"
91 '';
92 };
93 in {
94 description = "pptpd server";
96 requires = [ "network-online.target" ];
97 wantedBy = [ "multi-user.target" ];
99 preStart = ''
100 mkdir -p -m 700 /etc/ppp-pptpd
102 secrets="/etc/ppp-pptpd/chap-secrets"
104 [ -f "$secrets" ] || cat > "$secrets" << EOF
105 # From: pptpd-1.4.0/samples/chap-secrets
106 # Secrets for authentication using CHAP
107 # client server secret IP addresses
108 #username pptpd password *
109 EOF
111 chown root:root "$secrets"
112 chmod 600 "$secrets"
113 '';
115 serviceConfig = {
116 ExecStart = "${pkgs.pptpd}/bin/pptpd --conf ${pptpd-conf}";
117 KillMode = "process";
118 Restart = "on-success";
119 Type = "forking";
120 PIDFile = "/run/pptpd.pid";
121 };
122 };
123 };
124 }