UGent VPN

2021-06-21 16:03:42 +02:00 · 2021-06-21 16:03:42 +02:00 · 1cb0e4bdc7
commit 1cb0e4bdc7
parent 6fa4997d8c
8 changed files with 45 additions and 9 deletions
--- a/modules/vpn.nix
+++ b/modules/vpn.nix
@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./vpn/secret.nix
+  ];
+
+  options = {
+    chvp.vpn.ugent.enable = lib.mkOption {
+      default = false;
+      example = true;
+    };
+  };
+
+  config = lib.mkIf config.chvp.vpn.ugent.enable {
+    systemd.services = {
+      ugent-global-vpn.after = [ "network.target" ];
+      ugent-local-vpn.after = [ "network.target" ];
+    };
+    security.polkit.extraConfig = ''
+        polkit.addRule(function(action, subject) {
+            if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") {
+                return polkit.Result.YES;
+            }
+            if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") {
+                return polkit.Result.YES;
+            }
+        });
+    '';
+    age.secrets."passwords/ugent-vpn".file = ../secrets/passwords/ugent-vpn.age;
+  };
+}