From 27a8cada791d3de1fd1c6992221ab485d9e4a349 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 22 Apr 2014 13:08:00 +0200 Subject: [PATCH] openvpn: Add systemd startup notification This causes OpenVPN services to reach the "active" state when the VPN connection is up (i.e., after OpenVPN prints "Initialization Sequence Completed"). This allows units to be ordered correctly after openvpn-* units, and makes systemctl present a password prompt: $ start openvpn-foo Enter Private Key Password: ************* (I first tried to implement this by calling "systemd-notify --ready" from the "up" script, but systemd-notify is not reliable.) --- nixos/modules/services/networking/openvpn.nix | 1 + pkgs/tools/networking/openvpn/default.nix | 10 +++++++-- .../networking/openvpn/systemd-notify.patch | 22 +++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 pkgs/tools/networking/openvpn/systemd-notify.patch diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index e3998b1e5b28..9dc88e61865d 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -56,6 +56,7 @@ let serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}"; serviceConfig.Restart = "always"; + serviceConfig.Type = "notify"; }; in diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix index 1717b38a90a9..0ce22b7800ef 100644 --- a/pkgs/tools/networking/openvpn/default.nix +++ b/pkgs/tools/networking/openvpn/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, iproute, lzo, openssl, pam }: +{ stdenv, fetchurl, iproute, lzo, openssl, pam, systemd }: + +with stdenv.lib; stdenv.mkDerivation rec { name = "openvpn-2.3.3"; @@ -8,7 +10,9 @@ stdenv.mkDerivation rec { sha256 = "04xiwim56sb1vis93k9hhm1s29jdrlq7i2fa07jncnhh653d29gh"; }; - buildInputs = [ iproute lzo openssl pam ]; + patches = optional stdenv.isLinux ./systemd-notify.patch; + + buildInputs = [ iproute lzo openssl pam ] ++ optional stdenv.isLinux systemd; configureFlags = '' --enable-password-save @@ -31,6 +35,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + NIX_LDFLAGS = optionalString stdenv.isLinux "-lsystemd-daemon"; # hacky + meta = { description = "A robust and highly flexible tunneling application"; homepage = http://openvpn.net/; diff --git a/pkgs/tools/networking/openvpn/systemd-notify.patch b/pkgs/tools/networking/openvpn/systemd-notify.patch new file mode 100644 index 000000000000..9291f7a46642 --- /dev/null +++ b/pkgs/tools/networking/openvpn/systemd-notify.patch @@ -0,0 +1,22 @@ +diff -ru -x '*~' openvpn-2.3.1-orig/src/openvpn/init.c openvpn-2.3.1/src/openvpn/init.c +--- openvpn-2.3.1-orig/src/openvpn/init.c 2013-03-20 09:28:14.000000000 +0100 ++++ openvpn-2.3.1/src/openvpn/init.c 2014-04-22 13:02:21.351026640 +0200 +@@ -48,6 +48,8 @@ + + #include "occ-inline.h" + ++#include ++ + static struct context *static_context; /* GLOBAL */ + + /* +@@ -1241,6 +1243,9 @@ + { + static const char message[] = "Initialization Sequence Completed"; + ++ /* Tell systemd we're ready. */ ++ sd_notify(0, "READY=1"); ++ + /* If we delayed UID/GID downgrade or chroot, do it now */ + do_uid_gid_chroot (c, true); +