diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2018-01-16 08:18:51 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-16 08:18:51 +0000 |
commit | c4d37f146086054b44b1609a5a4f5cfed32e4bb0 (patch) | |
tree | bd788cbaef67f59891716edd23e01262faf0d143 /nixos | |
parent | c53f1518f87bdff9177eba76ecbae373b82bc03d (diff) | |
parent | 22e83d26673160bc7ad6f5a36b9ee01373806cd8 (diff) |
Merge pull request #33890 from lschuermann/openvpn-auth-user-pass
openvpn: add option to store credentials
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/openvpn.nix | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index 3fbf5a9f0227a..7a96b673c51e0 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -50,6 +50,11 @@ let "up ${pkgs.writeScript "openvpn-${name}-up" upScript}"} ${optionalString (cfg.down != "" || cfg.updateResolvConf) "down ${pkgs.writeScript "openvpn-${name}-down" downScript}"} + ${optionalString (cfg.authUserPass != null) + "auth-user-pass ${pkgs.writeText "openvpn-credentials-${name}" '' + ${cfg.authUserPass.username} + ${cfg.authUserPass.password} + ''}"} ''; in { @@ -161,6 +166,29 @@ in ''; }; + authUserPass = mkOption { + default = null; + description = '' + This option can be used to store the username / password credentials + with the "auth-user-pass" authentication method. + + WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store! + ''; + type = types.nullOr (types.submodule { + + options = { + username = mkOption { + description = "The username to store inside the credentials file."; + type = types.string; + }; + + password = mkOption { + description = "The password to store inside the credentials file."; + type = types.string; + }; + }; + }); + }; }; }); |