From 49bb9fdc7fad6e45c7d85fd3c29c8b06833bfe97 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Tue, 14 Apr 2020 23:51:01 -0700 Subject: [PATCH] [NixOS] Fix L2TP configuration for dfinity VPN --- nixos/configuration.nix | 22 ++++++++-------------- nixos/dfinity.nix | 5 ++++- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/nixos/configuration.nix b/nixos/configuration.nix index fde688cf..873d331c 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -41,8 +41,14 @@ in # Security and networking security.sudo.wheelNeedsPassword = false; + + environment.etc."ipsec.secrets".text = '' + include ipsec.d/ipsec.nm-l2tp.secrets + ''; networking.networkmanager = { enable = true; + enableStrongSwan = true; + packages = [ pkgs.networkmanager-l2tp ]; extraConfig = '' [main] rc-manager=resolvconf @@ -312,20 +318,7 @@ in services.locate.enable = true; - # services.lorri.enable = true; - systemd.user.services.lorri = { - description = "Lorri Daemon"; - requires = [ "lorri.socket" ]; - after = [ "lorri.socket" ]; - path = with pkgs; [ config.nix.package gnutar gzip gitFull ]; - serviceConfig = { - ExecStart = "${pkgs.lorri}/bin/lorri daemon"; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = "read-only"; - Restart = "on-failure"; - }; - }; + services.lorri.enable = true; services.xserver = { exportConfiguration = true; @@ -396,6 +389,7 @@ in shell = pkgs.zsh; }; }; + nix.trustedUsers = ["imalison"]; system.stateVersion = "18.03"; } diff --git a/nixos/dfinity.nix b/nixos/dfinity.nix index 3b69d20a..12b44797 100644 --- a/nixos/dfinity.nix +++ b/nixos/dfinity.nix @@ -1,7 +1,10 @@ { nix = { trustedBinaryCaches = [ https://nix.oregon.dfinity.build ]; - binaryCachePublicKeys = [ "hydra.oregon.dfinity.build-2:KMTixHrh9DpAjF/0xU/49VEtNuGzQ71YaVIUSOLUaCM=" ]; + binaryCachePublicKeys = [ + "hydra.oregon.dfinity.build-2:KMTixHrh9DpAjF/0xU/49VEtNuGzQ71YaVIUSOLUaCM=" + "cache.dfinity.systems-1:IcOn/2SVyPGOi8i3hKhQOlyiSQotiOBKwTFmyPX5YNw=" + ]; }; networking.extraHosts = ''