27 lines
453 B
Nix
27 lines
453 B
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib) getExe;
|
|
inherit (config.sops) secrets;
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
"openfortivpn" = { };
|
|
};
|
|
|
|
systemd.services.openfortivpn = {
|
|
script = ''
|
|
${getExe pkgs.openfortivpn} -c "$CREDENTIALS_DIRECTORY/config" --set-dns=1 --use-resolvconf=1
|
|
'';
|
|
serviceConfig = {
|
|
Restart = "no";
|
|
LoadCredential = [
|
|
"config:${secrets."openfortivpn".path}"
|
|
];
|
|
};
|
|
};
|
|
}
|