[NixOS] Fix L2TP configuration for dfinity VPN

nixos/configuration.nix

@@ -41,8 +41,14 @@ in
 
   # Security and networking
   security.sudo.wheelNeedsPassword = false;
+
+  environment.etc."ipsec.secrets".text = ''
+    include ipsec.d/ipsec.nm-l2tp.secrets
+  '';
   networking.networkmanager = {
     enable = true;
+    enableStrongSwan = true;
+    packages = [ pkgs.networkmanager-l2tp ];
     extraConfig = ''
       [main]
       rc-manager=resolvconf
@@ -312,20 +318,7 @@ in
 
   services.locate.enable = true;
 
-  # services.lorri.enable = true;
+  services.lorri.enable = true;
-  systemd.user.services.lorri = {
-      description = "Lorri Daemon";
-      requires = [ "lorri.socket" ];
-      after = [ "lorri.socket" ];
-      path = with pkgs; [ config.nix.package gnutar gzip gitFull ];
-      serviceConfig = {
-        ExecStart = "${pkgs.lorri}/bin/lorri daemon";
-        PrivateTmp = true;
-        ProtectSystem = "strict";
-        ProtectHome = "read-only";
-        Restart = "on-failure";
-      };
-    };
 
   services.xserver = {
     exportConfiguration = true;
@@ -396,6 +389,7 @@ in
       shell = pkgs.zsh;
     };
   };
+  nix.trustedUsers = ["imalison"];
 
   system.stateVersion = "18.03";
 }

nixos/dfinity.nix

@@ -1,7 +1,10 @@
 {
   nix = {
     trustedBinaryCaches = [ https://nix.oregon.dfinity.build ];
-    binaryCachePublicKeys = [ "hydra.oregon.dfinity.build-2:KMTixHrh9DpAjF/0xU/49VEtNuGzQ71YaVIUSOLUaCM=" ];
+    binaryCachePublicKeys = [
+      "hydra.oregon.dfinity.build-2:KMTixHrh9DpAjF/0xU/49VEtNuGzQ71YaVIUSOLUaCM="
+      "cache.dfinity.systems-1:IcOn/2SVyPGOi8i3hKhQOlyiSQotiOBKwTFmyPX5YNw="
+    ];
   };
   networking.extraHosts =
   ''