beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c0bf5fabf41fa941b6712aff83e2a0d95100a5f
dev/modules/optionnals/openfortivpn.nix

112 lines
3.3 KiB
Nix
Raw Blame History

{
config,
pkgs,
...
}:
let
openfortivpn-addroute = pkgs.writeShellScript "openfortivpn-addroute.sh" ''
sleep 2
${pkgs.iproute2}/bin/ip route add 172.16.0.0/12 dev ppp0
${pkgs.iproute2}/bin/ip route del default
${pkgs.iproute2}/bin/ip route add default via 192.168.0.254
${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
search ville.besancon
nameserver 172.18.96.1
nameserver 172.18.96.2
EOF
'';
openfortivpn-delroute = pkgs.writeShellScript "openfortivpn-delroute.sh" ''
sleep 2
${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
nameserver 10.0.0.1
nameserver 2001:41d0:303:20da::1
nameserver 217.182.138.218
nameserver 9.9.9.9
EOF
'';
myMount = description: what: where: {
inherit description what where;
type = "cifs";
options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
};
myAutoMount = description: where: {
inherit description where;
requires = [ "network-online.target" ];
after = [ "network-online.service" ];
wantedBy = [ "multi-user.target" ];
automountConfig = {
TimeoutIdleSec = 30;
};
};
in
{
sops = {
secrets = {
"ldap_GBM/username" = { };
"ldap_GBM/password" = { };
"ldap_GBM/domain" = { };
"openfortivpn/host" = { };
"openfortivpn/port" = { };
};
templates = {
"openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
};
"gbmshares-secrets" = {
content = ''
username=${config.sops.placeholder."ldap_GBM/username"}
password=${config.sops.placeholder."ldap_GBM/password"}
domain=${config.sops.placeholder."ldap_GBM/domain"}
'';
mode = "0600";
owner = "root";
};
};
};
environment.systemPackages = [
pkgs.openfortivpn
pkgs.cifs-utils
];
systemd.services."openfortivpn" = {
enable = true;
#wantedBy = lib.mkForce [ ];
unitConfig = {
Description = "OpenFortiVPN";
After = "network-online.target";
Wants = "network-online.target systemd-networkd-wait-online.service";
Documentation = [
"man:openfortivpn(1) https://github.com/adrienverge/openfortivpn#readme https://github.com/adrienverge/openfortivpn/wiki"
];
};
serviceConfig = {
Type = "notify";
PrivateTmp = "true";
ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn --no-dns -c ${config.sops.templates."openfortivpn.conf".path}";
ExecStartPost = "${openfortivpn-addroute}";
ExecStopPost = "${openfortivpn-delroute}";
Restart = "on-failure";
#OOMScoreAdjust = "-100";
};
};
systemd.mounts = [
(myMount "GBM Perso" "//vf-mc2-sfic06.ville.besancon/usr_s$/SALVIJER/Mes Documents"
"/gbmshares/perso"
)
(myMount "GBM Services" "//vf-mc2-sfic06.ville.besancon/08TIC" "/gbmshares/services")
];
systemd.automounts = [
(myAutoMount "GBM Perso automount" "/gbmshares/perso")
(myAutoMount "GBM Services automount" "/gbmshares/services")
];
}
Reference in New Issue View Git Blame Copy Permalink