|
3 | 3 | let |
4 | 4 |
|
5 | 5 | inherit (builtins) toFile; |
6 | | - inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList |
| 6 | + inherit (lib) concatMapStrings concatStringsSep mapAttrsToList |
7 | 7 | mkIf mkEnableOption mkOption types literalExpression optionalString; |
8 | 8 |
|
9 | 9 | cfg = config.services.strongswan; |
10 | 10 |
|
11 | | - ipsecSecrets = secrets: toFile "ipsec.secrets" ( |
12 | | - concatMapStringsSep "\n" (f: "include ${f}") secrets |
13 | | - ); |
| 11 | + ipsecSecrets = secrets: concatMapStrings (f: "include ${f}\n") secrets; |
14 | 12 |
|
15 | 13 | ipsecConf = {setup, connections, ca}: |
16 | 14 | let |
|
138 | 136 | }; |
139 | 137 |
|
140 | 138 |
|
141 | | - config = with cfg; |
142 | | - let |
143 | | - secretsFile = ipsecSecrets cfg.secrets; |
144 | | - in |
145 | | - mkIf enable |
| 139 | + config = with cfg; mkIf enable |
146 | 140 | { |
147 | 141 |
|
148 | 142 | # here we should use the default strongswan ipsec.secrets and |
149 | 143 | # append to it (default one is empty so not a pb for now) |
150 | | - environment.etc."ipsec.secrets".source = secretsFile; |
| 144 | + environment.etc."ipsec.secrets".text = ipsecSecrets cfg.secrets; |
151 | 145 |
|
152 | 146 | systemd.services.strongswan = { |
153 | 147 | description = "strongSwan IPSec Service"; |
|
156 | 150 | wants = [ "network-online.target" ]; |
157 | 151 | after = [ "network-online.target" ]; |
158 | 152 | environment = { |
159 | | - STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; }; |
| 153 | + STRONGSWAN_CONF = strongswanConf { |
| 154 | + inherit setup connections ca managePlugins enabledPlugins; |
| 155 | + secretsFile = "/etc/ipsec.secrets"; |
| 156 | + }; |
160 | 157 | }; |
161 | 158 | serviceConfig = { |
162 | 159 | ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; |
|
0 commit comments